import openssl-0.9.8j

79 files changed, 3434 insertions, 606 deletions

diff --git a/src/lib/libcrypto/camellia/Makefile b/src/lib/libcrypto/camellia/Makefile
index 1579de5ce5..dfb12951fd 100644
--- a/src/lib/libcrypto/camellia/Makefile
+++ b/src/lib/libcrypto/camellia/Makefile
@@ -41,7 +41,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
diff --git a/src/lib/libcrypto/cms/Makefile b/src/lib/libcrypto/cms/Makefile
index e39c310b6c..1c137e0cff 100644
--- a/src/lib/libcrypto/cms/Makefile
+++ b/src/lib/libcrypto/cms/Makefile
@@ -37,7 +37,7 @@ test:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
diff --git a/src/lib/libcrypto/ecdh/Makefile b/src/lib/libcrypto/ecdh/Makefile
index 95aa69fea5..7a7b618eeb 100644
--- a/src/lib/libcrypto/ecdh/Makefile
+++ b/src/lib/libcrypto/ecdh/Makefile
@@ -34,7 +34,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
@@ -84,20 +84,31 @@ ech_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 ech_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 ech_err.o: ech_err.c
 ech_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-ech_key.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-ech_key.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-ech_key.o: ../../include/openssl/engine.h ../../include/openssl/opensslconf.h
-ech_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-ech_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-ech_key.o: ../../include/openssl/symhacks.h ech_key.c ech_locl.h
+ech_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+ech_key.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ech_key.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+ech_key.o: ../../include/openssl/engine.h ../../include/openssl/evp.h
+ech_key.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+ech_key.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ech_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+ech_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+ech_key.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+ech_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ech_key.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+ech_key.o: ech_key.c ech_locl.h
 ech_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-ech_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-ech_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+ech_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+ech_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ech_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 ech_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-ech_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ech_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+ech_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+ech_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 ech_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-ech_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-ech_lib.o: ../../include/openssl/symhacks.h ech_lib.c ech_locl.h
+ech_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+ech_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ech_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+ech_lib.o: ../../include/openssl/x509_vfy.h ech_lib.c ech_locl.h
 ech_ossl.o: ../../e_os.h ../../include/openssl/asn1.h
 ech_ossl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 ech_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
diff --git a/src/lib/libcrypto/ecdsa/Makefile b/src/lib/libcrypto/ecdsa/Makefile
index 16a93cd3ae..4865f3c8d6 100644
--- a/src/lib/libcrypto/ecdsa/Makefile
+++ b/src/lib/libcrypto/ecdsa/Makefile
@@ -34,7 +34,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
@@ -92,13 +92,18 @@ ecs_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 ecs_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 ecs_err.o: ecs_err.c
 ecs_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-ecs_lib.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
-ecs_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ecs_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+ecs_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ecs_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 ecs_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
-ecs_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+ecs_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+ecs_lib.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+ecs_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 ecs_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-ecs_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+ecs_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+ecs_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 ecs_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ecs_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 ecs_lib.o: ecs_lib.c ecs_locl.h
 ecs_ossl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 ecs_ossl.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
@@ -110,16 +115,28 @@ ecs_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 ecs_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 ecs_ossl.o: ../../include/openssl/symhacks.h ecs_locl.h ecs_ossl.c
 ecs_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-ecs_sign.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-ecs_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h
-ecs_sign.o: ../../include/openssl/engine.h ../../include/openssl/opensslconf.h
+ecs_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+ecs_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ecs_sign.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+ecs_sign.o: ../../include/openssl/engine.h ../../include/openssl/evp.h
+ecs_sign.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+ecs_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ecs_sign.o: ../../include/openssl/opensslconf.h
 ecs_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-ecs_sign.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-ecs_sign.o: ../../include/openssl/symhacks.h ecs_locl.h ecs_sign.c
+ecs_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+ecs_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ecs_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+ecs_sign.o: ../../include/openssl/x509_vfy.h ecs_locl.h ecs_sign.c
 ecs_vrf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-ecs_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-ecs_vrf.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h
-ecs_vrf.o: ../../include/openssl/engine.h ../../include/openssl/opensslconf.h
-ecs_vrf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-ecs_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-ecs_vrf.o: ../../include/openssl/symhacks.h ecs_locl.h ecs_vrf.c
+ecs_vrf.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+ecs_vrf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ecs_vrf.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+ecs_vrf.o: ../../include/openssl/engine.h ../../include/openssl/evp.h
+ecs_vrf.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+ecs_vrf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ecs_vrf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+ecs_vrf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+ecs_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+ecs_vrf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ecs_vrf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+ecs_vrf.o: ecs_locl.h ecs_vrf.c
diff --git a/src/lib/libcrypto/fips_err.h b/src/lib/libcrypto/fips_err.h
new file mode 100644
index 0000000000..b328616858
--- /dev/null
+++ b/src/lib/libcrypto/fips_err.h
@@ -0,0 +1,137 @@
+/* crypto/fips_err.h */
+/* ====================================================================
+ * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/fips.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_FIPS,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_FIPS,0,reason)
+
+static ERR_STRING_DATA FIPS_str_functs[]=
+        {
+{ERR_FUNC(FIPS_F_DH_BUILTIN_GENPARAMS), "DH_BUILTIN_GENPARAMS"},
+{ERR_FUNC(FIPS_F_DSA_BUILTIN_PARAMGEN), "DSA_BUILTIN_PARAMGEN"},
+{ERR_FUNC(FIPS_F_DSA_DO_SIGN),  "DSA_do_sign"},
+{ERR_FUNC(FIPS_F_DSA_DO_VERIFY),        "DSA_do_verify"},
+{ERR_FUNC(FIPS_F_EVP_CIPHERINIT_EX),    "EVP_CipherInit_ex"},
+{ERR_FUNC(FIPS_F_EVP_DIGESTINIT_EX),    "EVP_DigestInit_ex"},
+{ERR_FUNC(FIPS_F_FIPS_CHECK_DSA),       "FIPS_CHECK_DSA"},
+{ERR_FUNC(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT),        "FIPS_CHECK_INCORE_FINGERPRINT"},
+{ERR_FUNC(FIPS_F_FIPS_CHECK_RSA),       "FIPS_CHECK_RSA"},
+{ERR_FUNC(FIPS_F_FIPS_DSA_CHECK),       "FIPS_DSA_CHECK"},
+{ERR_FUNC(FIPS_F_FIPS_MODE_SET),        "FIPS_mode_set"},
+{ERR_FUNC(FIPS_F_FIPS_PKEY_SIGNATURE_TEST),     "fips_pkey_signature_test"},
+{ERR_FUNC(FIPS_F_FIPS_SELFTEST_AES),    "FIPS_selftest_aes"},
+{ERR_FUNC(FIPS_F_FIPS_SELFTEST_DES),    "FIPS_selftest_des"},
+{ERR_FUNC(FIPS_F_FIPS_SELFTEST_DSA),    "FIPS_selftest_dsa"},
+{ERR_FUNC(FIPS_F_FIPS_SELFTEST_HMAC),   "FIPS_selftest_hmac"},
+{ERR_FUNC(FIPS_F_FIPS_SELFTEST_RNG),    "FIPS_selftest_rng"},
+{ERR_FUNC(FIPS_F_FIPS_SELFTEST_SHA1),   "FIPS_selftest_sha1"},
+{ERR_FUNC(FIPS_F_HASH_FINAL),   "HASH_FINAL"},
+{ERR_FUNC(FIPS_F_RSA_BUILTIN_KEYGEN),   "RSA_BUILTIN_KEYGEN"},
+{ERR_FUNC(FIPS_F_RSA_EAY_PRIVATE_DECRYPT),      "RSA_EAY_PRIVATE_DECRYPT"},
+{ERR_FUNC(FIPS_F_RSA_EAY_PRIVATE_ENCRYPT),      "RSA_EAY_PRIVATE_ENCRYPT"},
+{ERR_FUNC(FIPS_F_RSA_EAY_PUBLIC_DECRYPT),       "RSA_EAY_PUBLIC_DECRYPT"},
+{ERR_FUNC(FIPS_F_RSA_EAY_PUBLIC_ENCRYPT),       "RSA_EAY_PUBLIC_ENCRYPT"},
+{ERR_FUNC(FIPS_F_RSA_X931_GENERATE_KEY_EX),     "RSA_X931_generate_key_ex"},
+{ERR_FUNC(FIPS_F_SSLEAY_RAND_BYTES),    "SSLEAY_RAND_BYTES"},
+{0,NULL}
+        };
+
+static ERR_STRING_DATA FIPS_str_reasons[]=
+        {
+{ERR_REASON(FIPS_R_CANNOT_READ_EXE)      ,"cannot read exe"},
+{ERR_REASON(FIPS_R_CANNOT_READ_EXE_DIGEST),"cannot read exe digest"},
+{ERR_REASON(FIPS_R_CONTRADICTING_EVIDENCE),"contradicting evidence"},
+{ERR_REASON(FIPS_R_EXE_DIGEST_DOES_NOT_MATCH),"exe digest does not match"},
+{ERR_REASON(FIPS_R_FINGERPRINT_DOES_NOT_MATCH),"fingerprint does not match"},
+{ERR_REASON(FIPS_R_FINGERPRINT_DOES_NOT_MATCH_NONPIC_RELOCATED),"fingerprint does not match nonpic relocated"},
+{ERR_REASON(FIPS_R_FINGERPRINT_DOES_NOT_MATCH_SEGMENT_ALIASING),"fingerprint does not match segment aliasing"},
+{ERR_REASON(FIPS_R_FIPS_MODE_ALREADY_SET),"fips mode already set"},
+{ERR_REASON(FIPS_R_FIPS_SELFTEST_FAILED) ,"fips selftest failed"},
+{ERR_REASON(FIPS_R_INVALID_KEY_LENGTH)   ,"invalid key length"},
+{ERR_REASON(FIPS_R_KEY_TOO_SHORT)        ,"key too short"},
+{ERR_REASON(FIPS_R_NON_FIPS_METHOD)      ,"non fips method"},
+{ERR_REASON(FIPS_R_PAIRWISE_TEST_FAILED) ,"pairwise test failed"},
+{ERR_REASON(FIPS_R_RSA_DECRYPT_ERROR)    ,"rsa decrypt error"},
+{ERR_REASON(FIPS_R_RSA_ENCRYPT_ERROR)    ,"rsa encrypt error"},
+{ERR_REASON(FIPS_R_SELFTEST_FAILED)      ,"selftest failed"},
+{ERR_REASON(FIPS_R_TEST_FAILURE)         ,"test failure"},
+{ERR_REASON(FIPS_R_UNSUPPORTED_PLATFORM) ,"unsupported platform"},
+{0,NULL}
+        };
+
+#endif
+
+void ERR_load_FIPS_strings(void)
+        {
+#ifndef OPENSSL_NO_ERR
+
+        if (ERR_func_error_string(FIPS_str_functs[0].error) == NULL)
+                {
+                ERR_load_strings(0,FIPS_str_functs);
+                ERR_load_strings(0,FIPS_str_reasons);
+                }
+#endif
+        }
diff --git a/src/lib/libcrypto/jpake/Makefile b/src/lib/libcrypto/jpake/Makefile
new file mode 100644
index 0000000000..a4a1402f2e
--- /dev/null
+++ b/src/lib/libcrypto/jpake/Makefile
@@ -0,0 +1,64 @@
+DIR=jpake
+TOP=../..
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+LIB=$(TOP)/libcrypto.a
+LIBOBJ=jpake.o jpake_err.o
+LIBSRC=jpake.c jpake_err.c
+
+EXHEADER=jpake.h
+TEST=jpaketest.c
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.s *.o *.obj des lib tags core .pure .nfs* *.old *.bak fluff
+
+jpaketest: top jpaketest.c $(LIB)
+        $(CC) $(CFLAGS) -Wall -Werror -g -o jpaketest jpaketest.c $(LIB)
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+jpake.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+jpake.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+jpake.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+jpake.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+jpake.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+jpake.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+jpake.o: ../../include/openssl/symhacks.h jpake.c jpake.h
+jpake_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+jpake_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+jpake_err.o: ../../include/openssl/err.h ../../include/openssl/jpake.h
+jpake_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+jpake_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+jpake_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+jpake_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+jpake_err.o: jpake_err.c
diff --git a/src/lib/libcrypto/jpake/jpake.c b/src/lib/libcrypto/jpake/jpake.c
new file mode 100644
index 0000000000..577b7ef375
--- /dev/null
+++ b/src/lib/libcrypto/jpake/jpake.c
@@ -0,0 +1,483 @@
+#include "jpake.h"
+
+#include <openssl/crypto.h>
+#include <openssl/sha.h>
+#include <openssl/err.h>
+#include <memory.h>
+#include <assert.h>
+
+/*
+ * In the definition, (xa, xb, xc, xd) are Alice's (x1, x2, x3, x4) or
+ * Bob's (x3, x4, x1, x2). If you see what I mean.
+ */
+
+typedef struct
+    {
+    char *name;  /* Must be unique */
+    char *peer_name;
+    BIGNUM *p;
+    BIGNUM *g;
+    BIGNUM *q;
+    BIGNUM *gxc; /* Alice's g^{x3} or Bob's g^{x1} */
+    BIGNUM *gxd; /* Alice's g^{x4} or Bob's g^{x2} */
+    } JPAKE_CTX_PUBLIC;
+
+struct JPAKE_CTX
+    {
+    JPAKE_CTX_PUBLIC p;
+    BIGNUM *secret;   /* The shared secret */
+    BN_CTX *ctx;
+    BIGNUM *xa;       /* Alice's x1 or Bob's x3 */
+    BIGNUM *xb;       /* Alice's x2 or Bob's x4 */
+    BIGNUM *key;      /* The calculated (shared) key */
+    };
+
+static void JPAKE_ZKP_init(JPAKE_ZKP *zkp)
+    {
+    zkp->gr = BN_new();
+    zkp->b = BN_new();
+    }
+
+static void JPAKE_ZKP_release(JPAKE_ZKP *zkp)
+    {
+    BN_free(zkp->b);
+    BN_free(zkp->gr);
+    }
+
+/* Two birds with one stone - make the global name as expected */
+#define JPAKE_STEP_PART_init    JPAKE_STEP2_init
+#define JPAKE_STEP_PART_release JPAKE_STEP2_release
+
+void JPAKE_STEP_PART_init(JPAKE_STEP_PART *p)
+    {
+    p->gx = BN_new();
+    JPAKE_ZKP_init(&p->zkpx);
+    }
+
+void JPAKE_STEP_PART_release(JPAKE_STEP_PART *p)
+    {
+    JPAKE_ZKP_release(&p->zkpx);
+    BN_free(p->gx);
+    }
+
+void JPAKE_STEP1_init(JPAKE_STEP1 *s1)
+    {
+    JPAKE_STEP_PART_init(&s1->p1);
+    JPAKE_STEP_PART_init(&s1->p2);
+    }
+
+void JPAKE_STEP1_release(JPAKE_STEP1 *s1)
+    {
+    JPAKE_STEP_PART_release(&s1->p2);
+    JPAKE_STEP_PART_release(&s1->p1);
+    }
+
+static void JPAKE_CTX_init(JPAKE_CTX *ctx, const char *name,
+                           const char *peer_name, const BIGNUM *p,
+                           const BIGNUM *g, const BIGNUM *q,
+                           const BIGNUM *secret)
+    {
+    ctx->p.name = OPENSSL_strdup(name);
+    ctx->p.peer_name = OPENSSL_strdup(peer_name);
+    ctx->p.p = BN_dup(p);
+    ctx->p.g = BN_dup(g);
+    ctx->p.q = BN_dup(q);
+    ctx->secret = BN_dup(secret);
+
+    ctx->p.gxc = BN_new();
+    ctx->p.gxd = BN_new();
+
+    ctx->xa = BN_new();
+    ctx->xb = BN_new();
+    ctx->key = BN_new();
+    ctx->ctx = BN_CTX_new();
+    }
+    
+static void JPAKE_CTX_release(JPAKE_CTX *ctx)
+    {
+    BN_CTX_free(ctx->ctx);
+    BN_clear_free(ctx->key);
+    BN_clear_free(ctx->xb);
+    BN_clear_free(ctx->xa);
+
+    BN_free(ctx->p.gxd);
+    BN_free(ctx->p.gxc);
+
+    BN_clear_free(ctx->secret);
+    BN_free(ctx->p.q);
+    BN_free(ctx->p.g);
+    BN_free(ctx->p.p);
+    OPENSSL_free(ctx->p.peer_name);
+    OPENSSL_free(ctx->p.name);
+
+    memset(ctx, '\0', sizeof *ctx);
+    }
+    
+JPAKE_CTX *JPAKE_CTX_new(const char *name, const char *peer_name,
+                         const BIGNUM *p, const BIGNUM *g, const BIGNUM *q,
+                         const BIGNUM *secret)
+    {
+    JPAKE_CTX *ctx = OPENSSL_malloc(sizeof *ctx);
+
+    JPAKE_CTX_init(ctx, name, peer_name, p, g, q, secret);
+
+    return ctx;
+    }
+
+void JPAKE_CTX_free(JPAKE_CTX *ctx)
+    {
+    JPAKE_CTX_release(ctx);
+    OPENSSL_free(ctx);
+    }
+
+static void hashlength(SHA_CTX *sha, size_t l)
+    {
+    unsigned char b[2];
+
+    assert(l <= 0xffff);
+    b[0] = l >> 8;
+    b[1] = l&0xff;
+    SHA1_Update(sha, b, 2);
+    }
+
+static void hashstring(SHA_CTX *sha, const char *string)
+    {
+    size_t l = strlen(string);
+
+    hashlength(sha, l);
+    SHA1_Update(sha, string, l);
+    }
+
+static void hashbn(SHA_CTX *sha, const BIGNUM *bn)
+    {
+    size_t l = BN_num_bytes(bn);
+    unsigned char *bin = OPENSSL_malloc(l);
+
+    hashlength(sha, l);
+    BN_bn2bin(bn, bin);
+    SHA1_Update(sha, bin, l);
+    OPENSSL_free(bin);
+    }
+
+/* h=hash(g, g^r, g^x, name) */
+static void zkp_hash(BIGNUM *h, const BIGNUM *zkpg, const JPAKE_STEP_PART *p,
+                     const char *proof_name)
+    {
+    unsigned char md[SHA_DIGEST_LENGTH];
+    SHA_CTX sha;
+
+   /*
+    * XXX: hash should not allow moving of the boundaries - Java code
+    * is flawed in this respect. Length encoding seems simplest.
+    */
+    SHA1_Init(&sha);
+    hashbn(&sha, zkpg);
+    assert(!BN_is_zero(p->zkpx.gr));
+    hashbn(&sha, p->zkpx.gr);
+    hashbn(&sha, p->gx);
+    hashstring(&sha, proof_name);
+    SHA1_Final(md, &sha);
+    BN_bin2bn(md, SHA_DIGEST_LENGTH, h);
+    }
+
+/*
+ * Prove knowledge of x
+ * Note that p->gx has already been calculated
+ */
+static void generate_zkp(JPAKE_STEP_PART *p, const BIGNUM *x,
+                         const BIGNUM *zkpg, JPAKE_CTX *ctx)
+    {
+    BIGNUM *r = BN_new();
+    BIGNUM *h = BN_new();
+    BIGNUM *t = BN_new();
+
+   /*
+    * r in [0,q)
+    * XXX: Java chooses r in [0, 2^160) - i.e. distribution not uniform
+    */
+    BN_rand_range(r, ctx->p.q);
+   /* g^r */
+    BN_mod_exp(p->zkpx.gr, zkpg, r, ctx->p.p, ctx->ctx);
+
+   /* h=hash... */
+    zkp_hash(h, zkpg, p, ctx->p.name);
+
+   /* b = r - x*h */
+    BN_mod_mul(t, x, h, ctx->p.q, ctx->ctx);
+    BN_mod_sub(p->zkpx.b, r, t, ctx->p.q, ctx->ctx);
+
+   /* cleanup */
+    BN_free(t);
+    BN_free(h);
+    BN_free(r);
+    }
+
+static int verify_zkp(const JPAKE_STEP_PART *p, const BIGNUM *zkpg,
+                      JPAKE_CTX *ctx)
+    {
+    BIGNUM *h = BN_new();
+    BIGNUM *t1 = BN_new();
+    BIGNUM *t2 = BN_new();
+    BIGNUM *t3 = BN_new();
+    int ret = 0;
+
+    zkp_hash(h, zkpg, p, ctx->p.peer_name);
+
+   /* t1 = g^b */
+    BN_mod_exp(t1, zkpg, p->zkpx.b, ctx->p.p, ctx->ctx);
+   /* t2 = (g^x)^h = g^{hx} */
+    BN_mod_exp(t2, p->gx, h, ctx->p.p, ctx->ctx);
+   /* t3 = t1 * t2 = g^{hx} * g^b = g^{hx+b} = g^r (allegedly) */
+    BN_mod_mul(t3, t1, t2, ctx->p.p, ctx->ctx);
+
+   /* verify t3 == g^r */
+    if(BN_cmp(t3, p->zkpx.gr) == 0)
+        ret = 1;
+    else
+        JPAKEerr(JPAKE_F_VERIFY_ZKP, JPAKE_R_ZKP_VERIFY_FAILED);
+
+   /* cleanup */
+    BN_free(t3);
+    BN_free(t2);
+    BN_free(t1);
+    BN_free(h);
+
+    return ret;
+    }    
+
+static void generate_step_part(JPAKE_STEP_PART *p, const BIGNUM *x,
+                               const BIGNUM *g, JPAKE_CTX *ctx)
+    {
+    BN_mod_exp(p->gx, g, x, ctx->p.p, ctx->ctx);
+    generate_zkp(p, x, g, ctx);
+    }
+
+/* Generate each party's random numbers. xa is in [0, q), xb is in [1, q). */
+static void genrand(JPAKE_CTX *ctx)
+    {
+    BIGNUM *qm1;
+
+   /* xa in [0, q) */
+    BN_rand_range(ctx->xa, ctx->p.q);
+
+   /* q-1 */
+    qm1 = BN_new();
+    BN_copy(qm1, ctx->p.q);
+    BN_sub_word(qm1, 1);
+
+   /* ... and xb in [0, q-1) */
+    BN_rand_range(ctx->xb, qm1);
+   /* [1, q) */
+    BN_add_word(ctx->xb, 1);
+
+   /* cleanup */
+    BN_free(qm1);
+    }
+
+int JPAKE_STEP1_generate(JPAKE_STEP1 *send, JPAKE_CTX *ctx)
+    {
+    genrand(ctx);
+    generate_step_part(&send->p1, ctx->xa, ctx->p.g, ctx);
+    generate_step_part(&send->p2, ctx->xb, ctx->p.g, ctx);
+
+    return 1;
+    }
+
+int JPAKE_STEP1_process(JPAKE_CTX *ctx, const JPAKE_STEP1 *received)
+    {
+   /* verify their ZKP(xc) */
+    if(!verify_zkp(&received->p1, ctx->p.g, ctx))
+        {
+        JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_VERIFY_X3_FAILED);
+        return 0;
+        }
+
+   /* verify their ZKP(xd) */
+    if(!verify_zkp(&received->p2, ctx->p.g, ctx))
+        {
+        JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_VERIFY_X4_FAILED);
+        return 0;
+        }
+
+   /* g^xd != 1 */
+    if(BN_is_one(received->p2.gx))
+        {
+        JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_G_TO_THE_X4_IS_ONE);
+        return 0;
+        }
+
+   /* Save the bits we need for later */
+    BN_copy(ctx->p.gxc, received->p1.gx);
+    BN_copy(ctx->p.gxd, received->p2.gx);
+
+    return 1;
+    }
+
+
+int JPAKE_STEP2_generate(JPAKE_STEP2 *send, JPAKE_CTX *ctx)
+    {
+    BIGNUM *t1 = BN_new();
+    BIGNUM *t2 = BN_new();
+
+   /*
+    * X = g^{(xa + xc + xd) * xb * s}
+    * t1 = g^xa
+    */
+    BN_mod_exp(t1, ctx->p.g, ctx->xa, ctx->p.p, ctx->ctx);
+   /* t2 = t1 * g^{xc} = g^{xa} * g^{xc} = g^{xa + xc} */
+    BN_mod_mul(t2, t1, ctx->p.gxc, ctx->p.p, ctx->ctx);
+   /* t1 = t2 * g^{xd} = g^{xa + xc + xd} */
+    BN_mod_mul(t1, t2, ctx->p.gxd, ctx->p.p, ctx->ctx);
+   /* t2 = xb * s */
+    BN_mod_mul(t2, ctx->xb, ctx->secret, ctx->p.q, ctx->ctx);
+
+   /*
+    * ZKP(xb * s)
+    * XXX: this is kinda funky, because we're using
+    *
+    * g' = g^{xa + xc + xd}
+    *
+    * as the generator, which means X is g'^{xb * s}
+    * X = t1^{t2} = t1^{xb * s} = g^{(xa + xc + xd) * xb * s}
+    */
+    generate_step_part(send, t2, t1, ctx);
+
+   /* cleanup */
+    BN_free(t1);
+    BN_free(t2);
+
+    return 1;
+    }
+
+/* gx = g^{xc + xa + xb} * xd * s */
+static int compute_key(JPAKE_CTX *ctx, const BIGNUM *gx)
+    {
+    BIGNUM *t1 = BN_new();
+    BIGNUM *t2 = BN_new();
+    BIGNUM *t3 = BN_new();
+
+   /*
+    * K = (gx/g^{xb * xd * s})^{xb}
+    *   = (g^{(xc + xa + xb) * xd * s - xb * xd *s})^{xb}
+    *   = (g^{(xa + xc) * xd * s})^{xb}
+    *   = g^{(xa + xc) * xb * xd * s}
+    * [which is the same regardless of who calculates it]
+    */
+
+   /* t1 = (g^{xd})^{xb} = g^{xb * xd} */
+    BN_mod_exp(t1, ctx->p.gxd, ctx->xb, ctx->p.p, ctx->ctx);
+   /* t2 = -s = q-s */
+    BN_sub(t2, ctx->p.q, ctx->secret);
+   /* t3 = t1^t2 = g^{-xb * xd * s} */
+    BN_mod_exp(t3, t1, t2, ctx->p.p, ctx->ctx);
+   /* t1 = gx * t3 = X/g^{xb * xd * s} */
+    BN_mod_mul(t1, gx, t3, ctx->p.p, ctx->ctx);
+   /* K = t1^{xb} */
+    BN_mod_exp(ctx->key, t1, ctx->xb, ctx->p.p, ctx->ctx);
+
+   /* cleanup */
+    BN_free(t3);
+    BN_free(t2);
+    BN_free(t1);
+
+    return 1;
+    }
+
+int JPAKE_STEP2_process(JPAKE_CTX *ctx, const JPAKE_STEP2 *received)
+    {
+    BIGNUM *t1 = BN_new();
+    BIGNUM *t2 = BN_new();
+    int ret = 0;
+
+   /*
+    * g' = g^{xc + xa + xb} [from our POV]
+    * t1 = xa + xb
+    */
+    BN_mod_add(t1, ctx->xa, ctx->xb, ctx->p.q, ctx->ctx);
+   /* t2 = g^{t1} = g^{xa+xb} */
+    BN_mod_exp(t2, ctx->p.g, t1, ctx->p.p, ctx->ctx);
+   /* t1 = g^{xc} * t2 = g^{xc + xa + xb} */
+    BN_mod_mul(t1, ctx->p.gxc, t2, ctx->p.p, ctx->ctx);
+
+    if(verify_zkp(received, t1, ctx))
+        ret = 1;
+    else
+        JPAKEerr(JPAKE_F_JPAKE_STEP2_PROCESS, JPAKE_R_VERIFY_B_FAILED);
+
+    compute_key(ctx, received->gx);
+
+   /* cleanup */
+    BN_free(t2);
+    BN_free(t1);
+
+    return ret;
+    }
+
+static void quickhashbn(unsigned char *md, const BIGNUM *bn)
+    {
+    SHA_CTX sha;
+
+    SHA1_Init(&sha);
+    hashbn(&sha, bn);
+    SHA1_Final(md, &sha);
+    }
+
+void JPAKE_STEP3A_init(JPAKE_STEP3A *s3a)
+    {}
+
+int JPAKE_STEP3A_generate(JPAKE_STEP3A *send, JPAKE_CTX *ctx)
+    {
+    quickhashbn(send->hhk, ctx->key);
+    SHA1(send->hhk, sizeof send->hhk, send->hhk);
+
+    return 1;
+    }
+
+int JPAKE_STEP3A_process(JPAKE_CTX *ctx, const JPAKE_STEP3A *received)
+    {
+    unsigned char hhk[SHA_DIGEST_LENGTH];
+
+    quickhashbn(hhk, ctx->key);
+    SHA1(hhk, sizeof hhk, hhk);
+    if(memcmp(hhk, received->hhk, sizeof hhk))
+        {
+        JPAKEerr(JPAKE_F_JPAKE_STEP3A_PROCESS, JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH);
+        return 0;
+        }
+    return 1;
+    }
+
+void JPAKE_STEP3A_release(JPAKE_STEP3A *s3a)
+    {}
+
+void JPAKE_STEP3B_init(JPAKE_STEP3B *s3b)
+    {}
+
+int JPAKE_STEP3B_generate(JPAKE_STEP3B *send, JPAKE_CTX *ctx)
+    {
+    quickhashbn(send->hk, ctx->key);
+
+    return 1;
+    }
+
+int JPAKE_STEP3B_process(JPAKE_CTX *ctx, const JPAKE_STEP3B *received)
+    {
+    unsigned char hk[SHA_DIGEST_LENGTH];
+
+    quickhashbn(hk, ctx->key);
+    if(memcmp(hk, received->hk, sizeof hk))
+        {
+        JPAKEerr(JPAKE_F_JPAKE_STEP3B_PROCESS, JPAKE_R_HASH_OF_KEY_MISMATCH);
+        return 0;
+        }
+    return 1;
+    }
+
+void JPAKE_STEP3B_release(JPAKE_STEP3B *s3b)
+    {}
+
+const BIGNUM *JPAKE_get_shared_key(JPAKE_CTX *ctx)
+    {
+    return ctx->key;
+    }
+
diff --git a/src/lib/libcrypto/jpake/jpake.h b/src/lib/libcrypto/jpake/jpake.h
new file mode 100644
index 0000000000..693ea188cb
--- /dev/null
+++ b/src/lib/libcrypto/jpake/jpake.h
@@ -0,0 +1,129 @@
+/*
+ * Implement J-PAKE, as described in
+ * http://grouper.ieee.org/groups/1363/Research/contributions/hao-ryan-2008.pdf
+ * 
+ * With hints from http://www.cl.cam.ac.uk/~fh240/software/JPAKE2.java.
+ */
+
+#ifndef HEADER_JPAKE_H
+#define HEADER_JPAKE_H
+
+#include <openssl/opensslconf.h>
+
+#ifdef OPENSSL_NO_JPAKE
+#error JPAKE is disabled.
+#endif
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#include <openssl/bn.h>
+#include <openssl/sha.h>
+
+typedef struct JPAKE_CTX JPAKE_CTX;
+
+/* Note that "g" in the ZKPs is not necessarily the J-PAKE g. */
+typedef struct
+    {
+    BIGNUM *gr; /* g^r (r random) */
+    BIGNUM *b;  /* b = r - x*h, h=hash(g, g^r, g^x, name) */
+    } JPAKE_ZKP;
+
+typedef struct
+    {
+    BIGNUM *gx;       /* g^x in step 1, g^(xa + xc + xd) * xb * s in step 2 */
+    JPAKE_ZKP zkpx;   /* ZKP(x) or ZKP(xb * s) */
+    } JPAKE_STEP_PART;
+
+typedef struct
+    {
+    JPAKE_STEP_PART p1;   /* g^x3, ZKP(x3) or g^x1, ZKP(x1) */
+    JPAKE_STEP_PART p2;   /* g^x4, ZKP(x4) or g^x2, ZKP(x2) */
+    } JPAKE_STEP1;
+
+typedef JPAKE_STEP_PART JPAKE_STEP2;
+
+typedef struct
+    {
+    unsigned char hhk[SHA_DIGEST_LENGTH];
+    } JPAKE_STEP3A;
+
+typedef struct
+    {
+    unsigned char hk[SHA_DIGEST_LENGTH];
+    } JPAKE_STEP3B;
+
+/* Parameters are copied */
+JPAKE_CTX *JPAKE_CTX_new(const char *name, const char *peer_name,
+                         const BIGNUM *p, const BIGNUM *g, const BIGNUM *q,
+                         const BIGNUM *secret);
+void JPAKE_CTX_free(JPAKE_CTX *ctx);
+
+/*
+ * Note that JPAKE_STEP1 can be used multiple times before release
+ * without another init.
+ */
+void JPAKE_STEP1_init(JPAKE_STEP1 *s1);
+int JPAKE_STEP1_generate(JPAKE_STEP1 *send, JPAKE_CTX *ctx);
+int JPAKE_STEP1_process(JPAKE_CTX *ctx, const JPAKE_STEP1 *received);
+void JPAKE_STEP1_release(JPAKE_STEP1 *s1);
+
+/*
+ * Note that JPAKE_STEP2 can be used multiple times before release
+ * without another init.
+ */
+void JPAKE_STEP2_init(JPAKE_STEP2 *s2);
+int JPAKE_STEP2_generate(JPAKE_STEP2 *send, JPAKE_CTX *ctx);
+int JPAKE_STEP2_process(JPAKE_CTX *ctx, const JPAKE_STEP2 *received);
+void JPAKE_STEP2_release(JPAKE_STEP2 *s2);
+
+/*
+ * Optionally verify the shared key. If the shared secrets do not
+ * match, the two ends will disagree about the shared key, but
+ * otherwise the protocol will succeed.
+ */
+void JPAKE_STEP3A_init(JPAKE_STEP3A *s3a);
+int JPAKE_STEP3A_generate(JPAKE_STEP3A *send, JPAKE_CTX *ctx);
+int JPAKE_STEP3A_process(JPAKE_CTX *ctx, const JPAKE_STEP3A *received);
+void JPAKE_STEP3A_release(JPAKE_STEP3A *s3a);
+
+void JPAKE_STEP3B_init(JPAKE_STEP3B *s3b);
+int JPAKE_STEP3B_generate(JPAKE_STEP3B *send, JPAKE_CTX *ctx);
+int JPAKE_STEP3B_process(JPAKE_CTX *ctx, const JPAKE_STEP3B *received);
+void JPAKE_STEP3B_release(JPAKE_STEP3B *s3b);
+
+/*
+ * the return value belongs to the library and will be released when
+ * ctx is released, and will change when a new handshake is performed.
+ */
+const BIGNUM *JPAKE_get_shared_key(JPAKE_CTX *ctx);
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_JPAKE_strings(void);
+
+/* Error codes for the JPAKE functions. */
+
+/* Function codes. */
+#define JPAKE_F_JPAKE_STEP1_PROCESS                      101
+#define JPAKE_F_JPAKE_STEP2_PROCESS                      102
+#define JPAKE_F_JPAKE_STEP3A_PROCESS                     103
+#define JPAKE_F_JPAKE_STEP3B_PROCESS                     104
+#define JPAKE_F_VERIFY_ZKP                               100
+
+/* Reason codes. */
+#define JPAKE_R_G_TO_THE_X4_IS_ONE                       105
+#define JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH             106
+#define JPAKE_R_HASH_OF_KEY_MISMATCH                     107
+#define JPAKE_R_VERIFY_B_FAILED                          102
+#define JPAKE_R_VERIFY_X3_FAILED                         103
+#define JPAKE_R_VERIFY_X4_FAILED                         104
+#define JPAKE_R_ZKP_VERIFY_FAILED                        100
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libcrypto/jpake/jpake_err.c b/src/lib/libcrypto/jpake/jpake_err.c
new file mode 100644
index 0000000000..1b95067967
--- /dev/null
+++ b/src/lib/libcrypto/jpake/jpake_err.c
@@ -0,0 +1,105 @@
+/* crypto/jpake/jpake_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/jpake.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_JPAKE,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_JPAKE,0,reason)
+
+static ERR_STRING_DATA JPAKE_str_functs[]=
+        {
+{ERR_FUNC(JPAKE_F_JPAKE_STEP1_PROCESS), "JPAKE_STEP1_process"},
+{ERR_FUNC(JPAKE_F_JPAKE_STEP2_PROCESS), "JPAKE_STEP2_process"},
+{ERR_FUNC(JPAKE_F_JPAKE_STEP3A_PROCESS),        "JPAKE_STEP3A_process"},
+{ERR_FUNC(JPAKE_F_JPAKE_STEP3B_PROCESS),        "JPAKE_STEP3B_process"},
+{ERR_FUNC(JPAKE_F_VERIFY_ZKP),  "VERIFY_ZKP"},
+{0,NULL}
+        };
+
+static ERR_STRING_DATA JPAKE_str_reasons[]=
+        {
+{ERR_REASON(JPAKE_R_G_TO_THE_X4_IS_ONE)  ,"g to the x4 is one"},
+{ERR_REASON(JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH),"hash of hash of key mismatch"},
+{ERR_REASON(JPAKE_R_HASH_OF_KEY_MISMATCH),"hash of key mismatch"},
+{ERR_REASON(JPAKE_R_VERIFY_B_FAILED)     ,"verify b failed"},
+{ERR_REASON(JPAKE_R_VERIFY_X3_FAILED)    ,"verify x3 failed"},
+{ERR_REASON(JPAKE_R_VERIFY_X4_FAILED)    ,"verify x4 failed"},
+{ERR_REASON(JPAKE_R_ZKP_VERIFY_FAILED)   ,"zkp verify failed"},
+{0,NULL}
+        };
+
+#endif
+
+void ERR_load_JPAKE_strings(void)
+        {
+#ifndef OPENSSL_NO_ERR
+
+        if (ERR_func_error_string(JPAKE_str_functs[0].error) == NULL)
+                {
+                ERR_load_strings(0,JPAKE_str_functs);
+                ERR_load_strings(0,JPAKE_str_reasons);
+                }
+#endif
+        }
diff --git a/src/lib/libcrypto/jpake/jpaketest.c b/src/lib/libcrypto/jpake/jpaketest.c
new file mode 100644
index 0000000000..792fc49eb4
--- /dev/null
+++ b/src/lib/libcrypto/jpake/jpaketest.c
@@ -0,0 +1,192 @@
+#include <openssl/opensslconf.h>
+
+#ifdef OPENSSL_NO_JPAKE
+
+#include <stdio.h>
+
+int main(int argc, char *argv[])
+{
+    printf("No J-PAKE support\n");
+    return(0);
+}
+
+#else
+
+#include <openssl/jpake.h>
+#include <openssl/err.h>
+
+static void showbn(const char *name, const BIGNUM *bn)
+    {
+    fputs(name, stdout);
+    fputs(" = ", stdout);
+    BN_print_fp(stdout, bn);
+    putc('\n', stdout);
+    }
+
+static int run_jpake(JPAKE_CTX *alice, JPAKE_CTX *bob)
+    {
+    JPAKE_STEP1 alice_s1;
+    JPAKE_STEP1 bob_s1;
+    JPAKE_STEP2 alice_s2;
+    JPAKE_STEP2 bob_s2;
+    JPAKE_STEP3A alice_s3a;
+    JPAKE_STEP3B bob_s3b;
+
+   /* Alice -> Bob: step 1 */
+    puts("A->B s1");
+    JPAKE_STEP1_init(&alice_s1);
+    JPAKE_STEP1_generate(&alice_s1, alice);
+    if(!JPAKE_STEP1_process(bob, &alice_s1))
+        {
+        printf("Bob fails to process Alice's step 1\n");
+        ERR_print_errors_fp(stdout);
+        return 1;
+        }
+    JPAKE_STEP1_release(&alice_s1);
+
+   /* Bob -> Alice: step 1 */
+    puts("B->A s1");
+    JPAKE_STEP1_init(&bob_s1);
+    JPAKE_STEP1_generate(&bob_s1, bob);
+    if(!JPAKE_STEP1_process(alice, &bob_s1))
+        {
+        printf("Alice fails to process Bob's step 1\n");
+        ERR_print_errors_fp(stdout);
+        return 2;
+        }
+    JPAKE_STEP1_release(&bob_s1);
+
+   /* Alice -> Bob: step 2 */
+    puts("A->B s2");
+    JPAKE_STEP2_init(&alice_s2);
+    JPAKE_STEP2_generate(&alice_s2, alice);
+    if(!JPAKE_STEP2_process(bob, &alice_s2))
+        {
+        printf("Bob fails to process Alice's step 2\n");
+        ERR_print_errors_fp(stdout);
+        return 3;
+        }
+    JPAKE_STEP2_release(&alice_s2);
+
+   /* Bob -> Alice: step 2 */
+    puts("B->A s2");
+    JPAKE_STEP2_init(&bob_s2);
+    JPAKE_STEP2_generate(&bob_s2, bob);
+    if(!JPAKE_STEP2_process(alice, &bob_s2))
+        {
+        printf("Alice fails to process Bob's step 2\n");
+        ERR_print_errors_fp(stdout);
+        return 4;
+        }
+    JPAKE_STEP2_release(&bob_s2);
+
+    showbn("Alice's key", JPAKE_get_shared_key(alice));
+    showbn("Bob's key  ", JPAKE_get_shared_key(bob));
+
+   /* Alice -> Bob: step 3a */
+    puts("A->B s3a");
+    JPAKE_STEP3A_init(&alice_s3a);
+    JPAKE_STEP3A_generate(&alice_s3a, alice);
+    if(!JPAKE_STEP3A_process(bob, &alice_s3a))
+        {
+        printf("Bob fails to process Alice's step 3a\n");
+        ERR_print_errors_fp(stdout);
+        return 5;
+        }
+    JPAKE_STEP3A_release(&alice_s3a);
+    
+   /* Bob -> Alice: step 3b */
+    puts("B->A s3b");
+    JPAKE_STEP3B_init(&bob_s3b);
+    JPAKE_STEP3B_generate(&bob_s3b, bob);
+    if(!JPAKE_STEP3B_process(alice, &bob_s3b))
+        {
+        printf("Alice fails to process Bob's step 3b\n");
+        ERR_print_errors_fp(stdout);
+        return 6;
+        }
+    JPAKE_STEP3B_release(&bob_s3b);
+
+    return 0;
+    }
+
+int main(int argc, char **argv)
+    {
+    JPAKE_CTX *alice;
+    JPAKE_CTX *bob;
+    BIGNUM *p = NULL;
+    BIGNUM *g = NULL;
+    BIGNUM *q = NULL;
+    BIGNUM *secret = BN_new();
+    BIO *bio_err;
+
+    bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+
+    CRYPTO_malloc_debug_init();
+    CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+    ERR_load_crypto_strings();
+
+    /*
+    BN_hex2bn(&p, "fd7f53811d75122952df4a9c2eece4e7f611b7523cef4400c31e3f80b6512669455d402251fb593d8d58fabfc5f5ba30f6cb9b556cd7813b801d346ff26660b76b9950a5a49f9fe8047b1022c24fbba9d7feb7c61bf83b57e7c6a8a6150f04fb83f6d3c51ec3023554135a169132f675f3ae2b61d72aeff22203199dd14801c7");
+    BN_hex2bn(&g, "f7e1a085d69b3ddecbbcab5c36b857b97994afbbfa3aea82f9574c0b3d0782675159578ebad4594fe67107108180b449167123e84c281613b7cf09328cc8a6e13c167a8b547c8d28e0a3ae1e2bb3a675916ea37f0bfa213562f1fb627a01243bcca4f1bea8519089a883dfe15ae59f06928b665e807b552564014c3bfecf492a");
+    BN_hex2bn(&q, "9760508f15230bccb292b982a2eb840bf0581cf5");
+    */
+    /*
+    p = BN_new();
+    BN_generate_prime(p, 1024, 1, NULL, NULL, NULL, NULL);
+    */
+   /* Use a safe prime for p (that we found earlier) */
+    BN_hex2bn(&p, "F9E5B365665EA7A05A9C534502780FEE6F1AB5BD4F49947FD036DBD7E905269AF46EF28B0FC07487EE4F5D20FB3C0AF8E700F3A2FA3414970CBED44FEDFF80CE78D800F184BB82435D137AADA2C6C16523247930A63B85661D1FC817A51ACD96168E95898A1F83A79FFB529368AA7833ABD1B0C3AEDDB14D2E1A2F71D99F763F");
+    showbn("p", p);
+    g = BN_new();
+    BN_set_word(g, 2);
+    showbn("g", g);
+    q = BN_new();
+    BN_rshift1(q, p);
+    showbn("q", q);
+
+    BN_rand(secret, 32, -1, 0);
+
+   /* A normal run, expect this to work... */
+    alice = JPAKE_CTX_new("Alice", "Bob", p, g, q, secret);
+    bob = JPAKE_CTX_new("Bob", "Alice", p, g, q, secret);
+
+    if(run_jpake(alice, bob) != 0)
+        {
+        fprintf(stderr, "Plain JPAKE run failed\n");
+        return 1;
+        }
+
+    JPAKE_CTX_free(bob);
+    JPAKE_CTX_free(alice);
+
+   /* Now give Alice and Bob different secrets */
+    alice = JPAKE_CTX_new("Alice", "Bob", p, g, q, secret);
+    BN_add_word(secret, 1);
+    bob = JPAKE_CTX_new("Bob", "Alice", p, g, q, secret);
+
+    if(run_jpake(alice, bob) != 5)
+        {
+        fprintf(stderr, "Mismatched secret JPAKE run failed\n");
+        return 1;
+        }
+
+    JPAKE_CTX_free(bob);
+    JPAKE_CTX_free(alice);
+
+    BN_free(secret);
+    BN_free(q);
+    BN_free(g);
+    BN_free(p);
+
+    CRYPTO_cleanup_all_ex_data();
+    ERR_remove_state(0);
+    ERR_free_strings();
+    CRYPTO_mem_leaks(bio_err);
+
+    return 0;
+    }
+
+#endif
diff --git a/src/lib/libcrypto/pqueue/Makefile b/src/lib/libcrypto/pqueue/Makefile
index d0c39d25ce..36bfc349aa 100644
--- a/src/lib/libcrypto/pqueue/Makefile
+++ b/src/lib/libcrypto/pqueue/Makefile
@@ -33,7 +33,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
diff --git a/src/lib/libcrypto/seed/Makefile b/src/lib/libcrypto/seed/Makefile
index f9de27b288..ffaeb84218 100644
--- a/src/lib/libcrypto/seed/Makefile
+++ b/src/lib/libcrypto/seed/Makefile
@@ -34,7 +34,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
diff --git a/src/lib/libcrypto/store/Makefile b/src/lib/libcrypto/store/Makefile
index 0dcfd7857a..c9f5d001a3 100644
--- a/src/lib/libcrypto/store/Makefile
+++ b/src/lib/libcrypto/store/Makefile
@@ -35,7 +35,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
@@ -89,14 +89,14 @@ str_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 str_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 str_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
 str_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-str_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-str_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-str_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-str_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-str_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-str_lib.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h
-str_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-str_lib.o: str_lib.c str_locl.h
+str_lib.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+str_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+str_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+str_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+str_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+str_lib.o: ../../include/openssl/stack.h ../../include/openssl/store.h
+str_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+str_lib.o: ../../include/openssl/x509_vfy.h str_lib.c str_locl.h
 str_mem.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
 str_mem.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 str_mem.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
diff --git a/src/lib/libcrypto/util/copy.pl b/src/lib/libcrypto/util/copy.pl
index e20b45530a..eba6d5815e 100644
--- a/src/lib/libcrypto/util/copy.pl
+++ b/src/lib/libcrypto/util/copy.pl
@@ -8,9 +8,16 @@ use Fcntl;
 # Perl script 'copy' comment. On Windows the built in "copy" command also
 # copies timestamps: this messes up Makefile dependencies.
 
+my $stripcr = 0;
+
 my $arg;
 
 foreach $arg (@ARGV) {
+        if ($arg eq "-stripcr")
+                {
+                $stripcr = 1;
+                next;
+                }
         $arg =~ s|\\|/|g;       # compensate for bug/feature in cygwin glob...
         foreach (glob $arg)
                 {
@@ -49,6 +56,10 @@ foreach (@filelist)
                                         || die "Can't Open $dfile";
         while (sysread IN, $buf, 10240)
                 {
+                if ($stripcr)
+                        {
+                        $buf =~ tr/\015//d;
+                        }
                 syswrite(OUT, $buf, length($buf));
                 }
         close(IN);
diff --git a/src/lib/libcrypto/x509v3/v3_addr.c b/src/lib/libcrypto/x509v3/v3_addr.c
index ed9847b307..a37f844d3c 100644
--- a/src/lib/libcrypto/x509v3/v3_addr.c
+++ b/src/lib/libcrypto/x509v3/v3_addr.c
@@ -594,10 +594,10 @@ static IPAddressOrRanges *make_prefix_or_range(IPAddrBlocks *addr,
     return NULL;
   switch (afi) {
   case IANA_AFI_IPV4:
-    sk_IPAddressOrRange_set_cmp_func(aors, v4IPAddressOrRange_cmp);
+    (void)sk_IPAddressOrRange_set_cmp_func(aors, v4IPAddressOrRange_cmp);
     break;
   case IANA_AFI_IPV6:
-    sk_IPAddressOrRange_set_cmp_func(aors, v6IPAddressOrRange_cmp);
+    (void)sk_IPAddressOrRange_set_cmp_func(aors, v6IPAddressOrRange_cmp);
     break;
   }
   f->ipAddressChoice->type = IPAddressChoice_addressesOrRanges;
@@ -854,7 +854,7 @@ static int IPAddressOrRanges_canonize(IPAddressOrRanges *aors,
       if (!make_addressRange(&merged, a_min, b_max, length))
         return 0;
       sk_IPAddressOrRange_set(aors, i, merged);
-      sk_IPAddressOrRange_delete(aors, i + 1);
+      (void)sk_IPAddressOrRange_delete(aors, i + 1);
       IPAddressOrRange_free(a);
       IPAddressOrRange_free(b);
       --i;
@@ -878,6 +878,7 @@ int v3_addr_canonize(IPAddrBlocks *addr)
                                     v3_addr_get_afi(f)))
       return 0;
   }
+  (void)sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp);
   sk_IPAddressFamily_sort(addr);
   assert(v3_addr_is_canonical(addr));
   return 1;
@@ -1122,7 +1123,7 @@ int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b)
     return 1;
   if (b == NULL || v3_addr_inherits(a) || v3_addr_inherits(b))
     return 0;
-  sk_IPAddressFamily_set_cmp_func(b, IPAddressFamily_cmp);
+  (void)sk_IPAddressFamily_set_cmp_func(b, IPAddressFamily_cmp);
   for (i = 0; i < sk_IPAddressFamily_num(a); i++) {
     IPAddressFamily *fa = sk_IPAddressFamily_value(a, i);
     int j = sk_IPAddressFamily_find(b, fa);
@@ -1183,7 +1184,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
   }
   if (!v3_addr_is_canonical(ext))
     validation_err(X509_V_ERR_INVALID_EXTENSION);
-  sk_IPAddressFamily_set_cmp_func(ext, IPAddressFamily_cmp);
+  (void)sk_IPAddressFamily_set_cmp_func(ext, IPAddressFamily_cmp);
   if ((child = sk_IPAddressFamily_dup(ext)) == NULL) {
     X509V3err(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL, ERR_R_MALLOC_FAILURE);
     ret = 0;
@@ -1209,7 +1210,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
       }
       continue;
     }
-    sk_IPAddressFamily_set_cmp_func(x->rfc3779_addr, IPAddressFamily_cmp);
+    (void)sk_IPAddressFamily_set_cmp_func(x->rfc3779_addr, IPAddressFamily_cmp);
     for (j = 0; j < sk_IPAddressFamily_num(child); j++) {
       IPAddressFamily *fc = sk_IPAddressFamily_value(child, j);
       int k = sk_IPAddressFamily_find(x->rfc3779_addr, fc);
diff --git a/src/lib/libcrypto/x509v3/v3_asid.c b/src/lib/libcrypto/x509v3/v3_asid.c
index 271930f967..abd497ed1f 100644
--- a/src/lib/libcrypto/x509v3/v3_asid.c
+++ b/src/lib/libcrypto/x509v3/v3_asid.c
@@ -466,7 +466,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
         break;
       }
       ASIdOrRange_free(b);
-      sk_ASIdOrRange_delete(choice->u.asIdsOrRanges, i + 1);
+      (void)sk_ASIdOrRange_delete(choice->u.asIdsOrRanges, i + 1);
       i--;
       continue;
     }
diff --git a/src/lib/libssl/src/Makefile.shared b/src/lib/libssl/src/Makefile.shared
index 97035a3c01..3183436ac6 100644
--- a/src/lib/libssl/src/Makefile.shared
+++ b/src/lib/libssl/src/Makefile.shared
@@ -101,15 +101,13 @@ LINK_SO=	\
     LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
     SHAREDCMD="$${SHAREDCMD:-$(CC)}"; \
     SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
-    nm -Pg $$SHOBJECTS | grep ' [BDT] ' | cut -f1 -d' ' > lib$(LIBNAME).exp; \
     LIBPATH=`for x in $$LIBDEPS; do if echo $$x | grep '^ *-L' > /dev/null 2>&1; then echo $$x | sed -e 's/^ *-L//'; fi; done | uniq`; \
     LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
     LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
     $${SHAREDCMD} $${SHAREDFLAGS} \
         -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
         $$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS \
-  ) && $(SYMLINK_SO); \
-  ( $(SET_X); rm -f lib$(LIBNAME).exp )
+  ) && $(SYMLINK_SO)
 
 SYMLINK_SO=     \
         if [ -n "$$INHIBIT_SYMLINKS" ]; then :; else \
@@ -202,8 +200,10 @@ link_app.bsd:
 # to use native NSModule(3) API and refers to dlfcn as termporary hack.
 link_o.darwin:
         @ $(CALC_VERSIONS); \
-        SHLIB=lib$(LIBNAME); \
-        SHLIB_SUFFIX=.so; \
+        SHLIB=`expr "$$THIS" : '.*/\([^/\.]*\)\.'`; \
+        SHLIB=$${SHLIB:-lib$(LIBNAME)}; \
+        SHLIB_SUFFIX=`expr "$$THIS" : '.*\(\.[^\.]*\)$$'`; \
+        SHLIB_SUFFIX=$${SHLIB_SUFFIX:-.so}; \
         ALLSYMSFLAGS='-all_load'; \
         NOALLSYMSFLAGS=''; \
         SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS)"; \
@@ -491,23 +491,23 @@ link_app.hpux:
 
 link_o.aix:
         @ $(CALC_VERSIONS); \
-        OBJECT_MODE=`expr x$(SHARED_LDFLAGS) : 'x\-[a-z]*\(64\)'` || :; \
+        OBJECT_MODE=`expr "x$(SHARED_LDFLAGS)" : 'x\-[a-z]*\(64\)'` || :; \
         OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \
         SHLIB=lib$(LIBNAME).so; \
         SHLIB_SUFFIX=; \
         ALLSYMSFLAGS=''; \
         NOALLSYMSFLAGS=''; \
-        SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-G,-bexpall,-bnolibpath,-bM:SRE'; \
+        SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-bexpall,-bnolibpath,-bM:SRE'; \
         $(LINK_SO_O);
 link_a.aix:
         @ $(CALC_VERSIONS); \
-        OBJECT_MODE=`expr x$(SHARED_LDFLAGS) : 'x\-[a-z]*\(64\)'` || : ; \
+        OBJECT_MODE=`expr "x$(SHARED_LDFLAGS)" : 'x\-[a-z]*\(64\)'` || : ; \
         OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \
         SHLIB=lib$(LIBNAME).so; \
         SHLIB_SUFFIX=; \
         ALLSYMSFLAGS='-bnogc'; \
         NOALLSYMSFLAGS=''; \
-        SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-G,-bexpall,-bnolibpath,-bM:SRE'; \
+        SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-bexpall,-bnolibpath,-bM:SRE'; \
         $(LINK_SO_A_VIA_O)
 link_app.aix:
         LDFLAGS="$(CFLAGS) -Wl,-brtl,-blibpath:$(LIBRPATH):$${LIBPATH:-/usr/lib:/lib}"; \
diff --git a/src/lib/libssl/src/crypto/aes/asm/aes-586.pl b/src/lib/libssl/src/crypto/aes/asm/aes-586.pl
index 89fa261794..3bc46a968e 100644
--- a/src/lib/libssl/src/crypto/aes/asm/aes-586.pl
+++ b/src/lib/libssl/src/crypto/aes/asm/aes-586.pl
@@ -955,8 +955,9 @@ my $mark=&DWP(60+240,"esp");	#copy of aes_key->rounds
 
     &align      (4);
     &set_label("enc_tail");
-        &push   ($key eq "edi" ? $key : "");    # push ivp
+        &mov    ($s0,$key eq "edi" ? $key : "");
         &mov    ($key,$_out);                   # load out
+        &push   ($s0);                          # push ivp
         &mov    ($s1,16);
         &sub    ($s1,$s2);
         &cmp    ($key,$acc);                    # compare with inp
diff --git a/src/lib/libssl/src/crypto/aes/asm/aes-x86_64.pl b/src/lib/libssl/src/crypto/aes/asm/aes-x86_64.pl
index 44e0bf8cae..f616f1751f 100755
--- a/src/lib/libssl/src/crypto/aes/asm/aes-x86_64.pl
+++ b/src/lib/libssl/src/crypto/aes/asm/aes-x86_64.pl
@@ -1198,19 +1198,20 @@ AES_cbc_encrypt:
         ret
 .align  4
 .Lcbc_enc_tail:
-        cmp     $inp,$out
-        je      .Lcbc_enc_in_place
+        mov     %rax,%r11
+        mov     %rcx,%r12
         mov     %r10,%rcx
         mov     $inp,%rsi
         mov     $out,%rdi
         .long   0xF689A4F3              # rep movsb
-.Lcbc_enc_in_place:
         mov     \$16,%rcx               # zero tail
         sub     %r10,%rcx
         xor     %rax,%rax
         .long   0xF689AAF3              # rep stosb
         mov     $out,$inp               # this is not a mistake!
         movq    \$16,$_len              # len=16
+        mov     %r11,%rax
+        mov     %r12,%rcx
         jmp     .Lcbc_enc_loop          # one more spin...
 #----------------------------- DECRYPT -----------------------------#
 .align  16
diff --git a/src/lib/libssl/src/crypto/asn1/asn1_gen.c b/src/lib/libssl/src/crypto/asn1/asn1_gen.c
index 26c832781e..2da38292c8 100644
--- a/src/lib/libssl/src/crypto/asn1/asn1_gen.c
+++ b/src/lib/libssl/src/crypto/asn1/asn1_gen.c
@@ -1,5 +1,5 @@
 /* asn1_gen.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2002.
  */
 /* ====================================================================
diff --git a/src/lib/libssl/src/crypto/asn1/asn_mime.c b/src/lib/libssl/src/crypto/asn1/asn_mime.c
index fe7c4ec7ab..bc80b20d63 100644
--- a/src/lib/libssl/src/crypto/asn1/asn_mime.c
+++ b/src/lib/libssl/src/crypto/asn1/asn_mime.c
@@ -526,6 +526,8 @@ int SMIME_text(BIO *in, BIO *out)
         sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
         while ((len = BIO_read(in, iobuf, sizeof(iobuf))) > 0)
                                                 BIO_write(out, iobuf, len);
+        if (len < 0)
+                return 0;
         return 1;
 }
 
diff --git a/src/lib/libssl/src/crypto/bio/bss_dgram.c b/src/lib/libssl/src/crypto/bio/bss_dgram.c
index ea2c3fff63..c3da6dc82f 100644
--- a/src/lib/libssl/src/crypto/bio/bss_dgram.c
+++ b/src/lib/libssl/src/crypto/bio/bss_dgram.c
@@ -82,7 +82,7 @@ static int dgram_new(BIO *h);
 static int dgram_free(BIO *data);
 static int dgram_clear(BIO *bio);
 
-int BIO_dgram_should_retry(int s);
+static int BIO_dgram_should_retry(int s);
 
 static BIO_METHOD methods_dgramp=
         {
@@ -345,30 +345,90 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
 
         memcpy(&(data->peer), to, sizeof(struct sockaddr));
         break;
+#if defined(SO_RCVTIMEO)
         case BIO_CTRL_DGRAM_SET_RECV_TIMEOUT:
+#ifdef OPENSSL_SYS_WINDOWS
+                {
+                struct timeval *tv = (struct timeval *)ptr;
+                int timeout = tv->tv_sec * 1000 + tv->tv_usec/1000;
+                if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
+                        (void*)&timeout, sizeof(timeout)) < 0)
+                        { perror("setsockopt"); ret = -1; }
+                }
+#else
                 if ( setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, ptr,
                         sizeof(struct timeval)) < 0)
                         { perror("setsockopt"); ret = -1; }
+#endif
                 break;
         case BIO_CTRL_DGRAM_GET_RECV_TIMEOUT:
+#ifdef OPENSSL_SYS_WINDOWS
+                {
+                int timeout, sz = sizeof(timeout);
+                struct timeval *tv = (struct timeval *)ptr;
+                if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
+                        (void*)&timeout, &sz) < 0)
+                        { perror("getsockopt"); ret = -1; }
+                else
+                        {
+                        tv->tv_sec = timeout / 1000;
+                        tv->tv_usec = (timeout % 1000) * 1000;
+                        ret = sizeof(*tv);
+                        }
+                }
+#else
                 if ( getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, 
                         ptr, (void *)&ret) < 0)
                         { perror("getsockopt"); ret = -1; }
+#endif
                 break;
+#endif
+#if defined(SO_SNDTIMEO)
         case BIO_CTRL_DGRAM_SET_SEND_TIMEOUT:
+#ifdef OPENSSL_SYS_WINDOWS
+                {
+                struct timeval *tv = (struct timeval *)ptr;
+                int timeout = tv->tv_sec * 1000 + tv->tv_usec/1000;
+                if (setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
+                        (void*)&timeout, sizeof(timeout)) < 0)
+                        { perror("setsockopt"); ret = -1; }
+                }
+#else
                 if ( setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, ptr,
                         sizeof(struct timeval)) < 0)
                         { perror("setsockopt"); ret = -1; }
+#endif
                 break;
         case BIO_CTRL_DGRAM_GET_SEND_TIMEOUT:
+#ifdef OPENSSL_SYS_WINDOWS
+                {
+                int timeout, sz = sizeof(timeout);
+                struct timeval *tv = (struct timeval *)ptr;
+                if (getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
+                        (void*)&timeout, &sz) < 0)
+                        { perror("getsockopt"); ret = -1; }
+                else
+                        {
+                        tv->tv_sec = timeout / 1000;
+                        tv->tv_usec = (timeout % 1000) * 1000;
+                        ret = sizeof(*tv);
+                        }
+                }
+#else
                 if ( getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, 
                         ptr, (void *)&ret) < 0)
                         { perror("getsockopt"); ret = -1; }
+#endif
                 break;
+#endif
         case BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP:
                 /* fall-through */
         case BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP:
+#ifdef OPENSSL_SYS_WINDOWS
+                if ( data->_errno == WSAETIMEDOUT)
+#else
                 if ( data->_errno == EAGAIN)
+#endif
                         {
                         ret = 1;
                         data->_errno = 0;
@@ -403,7 +463,7 @@ static int dgram_puts(BIO *bp, const char *str)
         return(ret);
         }
 
-int BIO_dgram_should_retry(int i)
+static int BIO_dgram_should_retry(int i)
         {
         int err;
 
diff --git a/src/lib/libssl/src/crypto/bn/bn_gf2m.c b/src/lib/libssl/src/crypto/bn/bn_gf2m.c
index 6a793857e1..306f029f27 100644
--- a/src/lib/libssl/src/crypto/bn/bn_gf2m.c
+++ b/src/lib/libssl/src/crypto/bn/bn_gf2m.c
@@ -384,7 +384,11 @@ int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[])
                 if (zz == 0) break;
                 d1 = BN_BITS2 - d0;
                 
-                if (d0) z[dN] = (z[dN] << d1) >> d1; /* clear up the top d1 bits */
+                /* clear up the top d1 bits */
+                if (d0)
+                        z[dN] = (z[dN] << d1) >> d1;
+                else
+                        z[dN] = 0;
                 z[0] ^= zz; /* reduction t^0 component */
 
                 for (k = 1; p[k] != 0; k++)
diff --git a/src/lib/libssl/src/crypto/bn/bn_nist.c b/src/lib/libssl/src/crypto/bn/bn_nist.c
index e14232fdbb..2ca5b01391 100644
--- a/src/lib/libssl/src/crypto/bn/bn_nist.c
+++ b/src/lib/libssl/src/crypto/bn/bn_nist.c
@@ -59,109 +59,266 @@
 #include "bn_lcl.h"
 #include "cryptlib.h"
 
+
 #define BN_NIST_192_TOP (192+BN_BITS2-1)/BN_BITS2
 #define BN_NIST_224_TOP (224+BN_BITS2-1)/BN_BITS2
 #define BN_NIST_256_TOP (256+BN_BITS2-1)/BN_BITS2
 #define BN_NIST_384_TOP (384+BN_BITS2-1)/BN_BITS2
 #define BN_NIST_521_TOP (521+BN_BITS2-1)/BN_BITS2
 
+/* pre-computed tables are "carry-less" values of modulus*(i+1) */
 #if BN_BITS2 == 64
-static const BN_ULONG _nist_p_192[] =
-        {0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFEULL,
-        0xFFFFFFFFFFFFFFFFULL};
-static const BN_ULONG _nist_p_224[] =
+static const BN_ULONG _nist_p_192[][BN_NIST_192_TOP] = {
+        {0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFEULL,0xFFFFFFFFFFFFFFFFULL},
+        {0xFFFFFFFFFFFFFFFEULL,0xFFFFFFFFFFFFFFFDULL,0xFFFFFFFFFFFFFFFFULL},
+        {0xFFFFFFFFFFFFFFFDULL,0xFFFFFFFFFFFFFFFCULL,0xFFFFFFFFFFFFFFFFULL}
+        };
+static const BN_ULONG _nist_p_192_sqr[] = {
+        0x0000000000000001ULL,0x0000000000000002ULL,0x0000000000000001ULL,
+        0xFFFFFFFFFFFFFFFEULL,0xFFFFFFFFFFFFFFFDULL,0xFFFFFFFFFFFFFFFFULL
+        };
+static const BN_ULONG _nist_p_224[][BN_NIST_224_TOP] = {
         {0x0000000000000001ULL,0xFFFFFFFF00000000ULL,
-        0xFFFFFFFFFFFFFFFFULL,0x00000000FFFFFFFFULL};
-static const BN_ULONG _nist_p_256[] =
+         0xFFFFFFFFFFFFFFFFULL,0x00000000FFFFFFFFULL},
+        {0x0000000000000002ULL,0xFFFFFFFE00000000ULL,
+         0xFFFFFFFFFFFFFFFFULL,0x00000001FFFFFFFFULL} /* this one is "carry-full" */
+        };
+static const BN_ULONG _nist_p_224_sqr[] = {
+        0x0000000000000001ULL,0xFFFFFFFE00000000ULL,
+        0xFFFFFFFFFFFFFFFFULL,0x0000000200000000ULL,
+        0x0000000000000000ULL,0xFFFFFFFFFFFFFFFEULL,
+        0xFFFFFFFFFFFFFFFFULL
+        };
+static const BN_ULONG _nist_p_256[][BN_NIST_256_TOP] = {
         {0xFFFFFFFFFFFFFFFFULL,0x00000000FFFFFFFFULL,
-        0x0000000000000000ULL,0xFFFFFFFF00000001ULL};
-static const BN_ULONG _nist_p_384[] =
-        {0x00000000FFFFFFFFULL,0xFFFFFFFF00000000ULL,
-        0xFFFFFFFFFFFFFFFEULL,0xFFFFFFFFFFFFFFFFULL,
-        0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL};
+         0x0000000000000000ULL,0xFFFFFFFF00000001ULL},
+        {0xFFFFFFFFFFFFFFFEULL,0x00000001FFFFFFFFULL,
+         0x0000000000000000ULL,0xFFFFFFFE00000002ULL},
+        {0xFFFFFFFFFFFFFFFDULL,0x00000002FFFFFFFFULL,
+         0x0000000000000000ULL,0xFFFFFFFD00000003ULL},
+        {0xFFFFFFFFFFFFFFFCULL,0x00000003FFFFFFFFULL,
+         0x0000000000000000ULL,0xFFFFFFFC00000004ULL},
+        {0xFFFFFFFFFFFFFFFBULL,0x00000004FFFFFFFFULL,
+         0x0000000000000000ULL,0xFFFFFFFB00000005ULL},
+        };
+static const BN_ULONG _nist_p_256_sqr[] = {
+        0x0000000000000001ULL,0xFFFFFFFE00000000ULL,
+        0xFFFFFFFFFFFFFFFFULL,0x00000001FFFFFFFEULL,
+        0x00000001FFFFFFFEULL,0x00000001FFFFFFFEULL,
+        0xFFFFFFFE00000001ULL,0xFFFFFFFE00000002ULL
+        };
+static const BN_ULONG _nist_p_384[][BN_NIST_384_TOP] = {
+        {0x00000000FFFFFFFFULL,0xFFFFFFFF00000000ULL,0xFFFFFFFFFFFFFFFEULL,
+         0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL},
+        {0x00000001FFFFFFFEULL,0xFFFFFFFE00000000ULL,0xFFFFFFFFFFFFFFFDULL,
+         0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL},
+        {0x00000002FFFFFFFDULL,0xFFFFFFFD00000000ULL,0xFFFFFFFFFFFFFFFCULL,
+         0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL},
+        {0x00000003FFFFFFFCULL,0xFFFFFFFC00000000ULL,0xFFFFFFFFFFFFFFFBULL,
+         0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL},
+        {0x00000004FFFFFFFBULL,0xFFFFFFFB00000000ULL,0xFFFFFFFFFFFFFFFAULL,
+         0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL},
+        };
+static const BN_ULONG _nist_p_384_sqr[] = {
+        0xFFFFFFFE00000001ULL,0x0000000200000000ULL,0xFFFFFFFE00000000ULL,
+        0x0000000200000000ULL,0x0000000000000001ULL,0x0000000000000000ULL,
+        0x00000001FFFFFFFEULL,0xFFFFFFFE00000000ULL,0xFFFFFFFFFFFFFFFDULL,
+        0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL
+        };
 static const BN_ULONG _nist_p_521[] =
         {0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,
         0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,
         0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,
         0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,
         0x00000000000001FFULL};
+static const BN_ULONG _nist_p_521_sqr[] = {
+        0x0000000000000001ULL,0x0000000000000000ULL,0x0000000000000000ULL,
+        0x0000000000000000ULL,0x0000000000000000ULL,0x0000000000000000ULL,
+        0x0000000000000000ULL,0x0000000000000000ULL,0xFFFFFFFFFFFFFC00ULL,
+        0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,
+        0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,
+        0xFFFFFFFFFFFFFFFFULL,0x000000000003FFFFULL
+        };
 #elif BN_BITS2 == 32
-static const BN_ULONG _nist_p_192[] = {0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFE,
-        0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF};
-static const BN_ULONG _nist_p_224[] = {0x00000001,0x00000000,0x00000000,
-        0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF};
-static const BN_ULONG _nist_p_256[] = {0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,
-        0x00000000,0x00000000,0x00000000,0x00000001,0xFFFFFFFF};
-static const BN_ULONG _nist_p_384[] = {0xFFFFFFFF,0x00000000,0x00000000,
-        0xFFFFFFFF,0xFFFFFFFE,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,
-        0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF};
+static const BN_ULONG _nist_p_192[][BN_NIST_192_TOP] = {
+        {0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFE,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF},
+        {0xFFFFFFFE,0xFFFFFFFF,0xFFFFFFFD,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF},
+        {0xFFFFFFFD,0xFFFFFFFF,0xFFFFFFFC,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}
+        };
+static const BN_ULONG _nist_p_192_sqr[] = {
+        0x00000001,0x00000000,0x00000002,0x00000000,0x00000001,0x00000000,
+        0xFFFFFFFE,0xFFFFFFFF,0xFFFFFFFD,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF
+        };
+static const BN_ULONG _nist_p_224[][BN_NIST_224_TOP] = {
+        {0x00000001,0x00000000,0x00000000,0xFFFFFFFF,
+         0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF},
+        {0x00000002,0x00000000,0x00000000,0xFFFFFFFE,
+         0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}
+        };
+static const BN_ULONG _nist_p_224_sqr[] = {
+        0x00000001,0x00000000,0x00000000,0xFFFFFFFE,
+        0xFFFFFFFF,0xFFFFFFFF,0x00000000,0x00000002,
+        0x00000000,0x00000000,0xFFFFFFFE,0xFFFFFFFF,
+        0xFFFFFFFF,0xFFFFFFFF
+        };
+static const BN_ULONG _nist_p_256[][BN_NIST_256_TOP] = {
+        {0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0x00000000,
+         0x00000000,0x00000000,0x00000001,0xFFFFFFFF},
+        {0xFFFFFFFE,0xFFFFFFFF,0xFFFFFFFF,0x00000001,
+         0x00000000,0x00000000,0x00000002,0xFFFFFFFE},
+        {0xFFFFFFFD,0xFFFFFFFF,0xFFFFFFFF,0x00000002,
+         0x00000000,0x00000000,0x00000003,0xFFFFFFFD},
+        {0xFFFFFFFC,0xFFFFFFFF,0xFFFFFFFF,0x00000003,
+         0x00000000,0x00000000,0x00000004,0xFFFFFFFC},
+        {0xFFFFFFFB,0xFFFFFFFF,0xFFFFFFFF,0x00000004,
+         0x00000000,0x00000000,0x00000005,0xFFFFFFFB},
+        };
+static const BN_ULONG _nist_p_256_sqr[] = {
+        0x00000001,0x00000000,0x00000000,0xFFFFFFFE,
+        0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFE,0x00000001,
+        0xFFFFFFFE,0x00000001,0xFFFFFFFE,0x00000001,
+        0x00000001,0xFFFFFFFE,0x00000002,0xFFFFFFFE
+        };
+static const BN_ULONG _nist_p_384[][BN_NIST_384_TOP] = {
+        {0xFFFFFFFF,0x00000000,0x00000000,0xFFFFFFFF,0xFFFFFFFE,0xFFFFFFFF,
+         0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF},
+        {0xFFFFFFFE,0x00000001,0x00000000,0xFFFFFFFE,0xFFFFFFFD,0xFFFFFFFF,
+         0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF},
+        {0xFFFFFFFD,0x00000002,0x00000000,0xFFFFFFFD,0xFFFFFFFC,0xFFFFFFFF,
+         0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF},
+        {0xFFFFFFFC,0x00000003,0x00000000,0xFFFFFFFC,0xFFFFFFFB,0xFFFFFFFF,
+         0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF},
+        {0xFFFFFFFB,0x00000004,0x00000000,0xFFFFFFFB,0xFFFFFFFA,0xFFFFFFFF,
+         0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF},
+        };
+static const BN_ULONG _nist_p_384_sqr[] = {
+        0x00000001,0xFFFFFFFE,0x00000000,0x00000002,0x00000000,0xFFFFFFFE,
+        0x00000000,0x00000002,0x00000001,0x00000000,0x00000000,0x00000000,
+        0xFFFFFFFE,0x00000001,0x00000000,0xFFFFFFFE,0xFFFFFFFD,0xFFFFFFFF,
+        0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF
+        };
 static const BN_ULONG _nist_p_521[] = {0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,
         0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,
         0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,
         0xFFFFFFFF,0x000001FF};
+static const BN_ULONG _nist_p_521_sqr[] = {
+        0x00000001,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,
+        0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,
+        0x00000000,0x00000000,0x00000000,0x00000000,0xFFFFFC00,0xFFFFFFFF,
+        0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,
+        0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,
+        0xFFFFFFFF,0xFFFFFFFF,0x0003FFFF
+        };
+#else
+#error "unsupported BN_BITS2"
 #endif
 
+
+static const BIGNUM _bignum_nist_p_192 =
+        {
+        (BN_ULONG *)_nist_p_192[0],
+        BN_NIST_192_TOP,
+        BN_NIST_192_TOP,
+        0,
+        BN_FLG_STATIC_DATA
+        };
+
+static const BIGNUM _bignum_nist_p_224 =
+        {
+        (BN_ULONG *)_nist_p_224[0],
+        BN_NIST_224_TOP,
+        BN_NIST_224_TOP,
+        0,
+        BN_FLG_STATIC_DATA
+        };
+
+static const BIGNUM _bignum_nist_p_256 =
+        {
+        (BN_ULONG *)_nist_p_256[0],
+        BN_NIST_256_TOP,
+        BN_NIST_256_TOP,
+        0,
+        BN_FLG_STATIC_DATA
+        };
+
+static const BIGNUM _bignum_nist_p_384 =
+        {
+        (BN_ULONG *)_nist_p_384[0],
+        BN_NIST_384_TOP,
+        BN_NIST_384_TOP,
+        0,
+        BN_FLG_STATIC_DATA
+        };
+
+static const BIGNUM _bignum_nist_p_521 =
+        {
+        (BN_ULONG *)_nist_p_521,
+        BN_NIST_521_TOP,
+        BN_NIST_521_TOP,
+        0,
+        BN_FLG_STATIC_DATA
+        };
+
+
 const BIGNUM *BN_get0_nist_prime_192(void)
         {
-        static BIGNUM const_nist_192 = { (BN_ULONG *)_nist_p_192,
-                BN_NIST_192_TOP, BN_NIST_192_TOP, 0, BN_FLG_STATIC_DATA };
-        return &const_nist_192;
+        return &_bignum_nist_p_192;
         }
 
 const BIGNUM *BN_get0_nist_prime_224(void)
         {
-        static BIGNUM const_nist_224 = { (BN_ULONG *)_nist_p_224,
-                BN_NIST_224_TOP, BN_NIST_224_TOP, 0, BN_FLG_STATIC_DATA };
-        return &const_nist_224;
+        return &_bignum_nist_p_224;
         }
 
 const BIGNUM *BN_get0_nist_prime_256(void)
         {
-        static BIGNUM const_nist_256 = { (BN_ULONG *)_nist_p_256,
-                BN_NIST_256_TOP, BN_NIST_256_TOP, 0, BN_FLG_STATIC_DATA };
-        return &const_nist_256;
+        return &_bignum_nist_p_256;
         }
 
 const BIGNUM *BN_get0_nist_prime_384(void)
         {
-        static BIGNUM const_nist_384 = { (BN_ULONG *)_nist_p_384,
-                BN_NIST_384_TOP, BN_NIST_384_TOP, 0, BN_FLG_STATIC_DATA };
-        return &const_nist_384;
+        return &_bignum_nist_p_384;
         }
 
 const BIGNUM *BN_get0_nist_prime_521(void)
         {
-        static BIGNUM const_nist_521 = { (BN_ULONG *)_nist_p_521,
-                BN_NIST_521_TOP, BN_NIST_521_TOP, 0, BN_FLG_STATIC_DATA };
-        return &const_nist_521;
+        return &_bignum_nist_p_521;
         }
 
-#define BN_NIST_ADD_ONE(a)      while (!(*(a)=(*(a)+1)&BN_MASK2)) ++(a);
 
 static void nist_cp_bn_0(BN_ULONG *buf, BN_ULONG *a, int top, int max)
-        {
+        {
         int i;
-        BN_ULONG *_tmp1 = (buf), *_tmp2 = (a);
-        for (i = (top); i != 0; i--)
-                *_tmp1++ = *_tmp2++;
-        for (i = (max) - (top); i != 0; i--)
-                *_tmp1++ = (BN_ULONG) 0;
-        }
+        BN_ULONG *_tmp1 = (buf), *_tmp2 = (a);
+
+#ifdef BN_DEBUG
+        OPENSSL_assert(top <= max);
+#endif
+        for (i = (top); i != 0; i--)
+                *_tmp1++ = *_tmp2++;
+        for (i = (max) - (top); i != 0; i--)
+                *_tmp1++ = (BN_ULONG) 0;
+        }
 
 static void nist_cp_bn(BN_ULONG *buf, BN_ULONG *a, int top)
-        { 
+        { 
         int i;
-        BN_ULONG *_tmp1 = (buf), *_tmp2 = (a);
-        for (i = (top); i != 0; i--)
-                *_tmp1++ = *_tmp2++;
-        }
+        BN_ULONG *_tmp1 = (buf), *_tmp2 = (a);
+        for (i = (top); i != 0; i--)
+                *_tmp1++ = *_tmp2++;
+        }
 
 #if BN_BITS2 == 64
 #define bn_cp_64(to, n, from, m)        (to)[n] = (m>=0)?((from)[m]):0;
 #define bn_64_set_0(to, n)              (to)[n] = (BN_ULONG)0;
-/* TBD */
-#define bn_cp_32(to, n, from, m)        (to)[n] = (m>=0)?((from)[m]):0;
-#define bn_32_set_0(to, n)              (to)[n] = (BN_ULONG)0;
+/*
+ * two following macros are implemented under assumption that they
+ * are called in a sequence with *ascending* n, i.e. as they are...
+ */
+#define bn_cp_32_naked(to, n, from, m)  (((n)&1)?(to[(n)/2]|=((m)&1)?(from[(m)/2]&BN_MASK2h):(from[(m)/2]<<32))\
+                                                :(to[(n)/2] =((m)&1)?(from[(m)/2]>>32):(from[(m)/2]&BN_MASK2l)))
+#define bn_32_set_0(to, n)              (((n)&1)?(to[(n)/2]&=BN_MASK2l):(to[(n)/2]=0));
+#define bn_cp_32(to,n,from,m)           ((m)>=0)?bn_cp_32_naked(to,n,from,m):bn_32_set_0(to,n)
 #else
 #define bn_cp_64(to, n, from, m) \
         { \
@@ -182,9 +339,9 @@ static void nist_cp_bn(BN_ULONG *buf, BN_ULONG *a, int top)
 
 #define nist_set_192(to, from, a1, a2, a3) \
         { \
-        if (a3 != 0) bn_cp_64(to, 0, from, (a3) - 3) else bn_64_set_0(to, 0)\
+        bn_cp_64(to, 0, from, (a3) - 3) \
         bn_cp_64(to, 1, from, (a2) - 3) \
-        if (a1 != 0) bn_cp_64(to, 2, from, (a1) - 3) else bn_64_set_0(to, 2)\
+        bn_cp_64(to, 2, from, (a1) - 3) \
         }
 
 int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
@@ -198,6 +355,16 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
                  c_d[BN_NIST_192_TOP],
                 *res;
         size_t   mask;
+        static const BIGNUM _bignum_nist_p_192_sqr = {
+                (BN_ULONG *)_nist_p_192_sqr,
+                sizeof(_nist_p_192_sqr)/sizeof(_nist_p_192_sqr[0]),
+                sizeof(_nist_p_192_sqr)/sizeof(_nist_p_192_sqr[0]),
+                0,BN_FLG_STATIC_DATA };
+
+        field = &_bignum_nist_p_192; /* just to make sure */
+
+        if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_192_sqr)>=0)
+                return BN_nnmod(r, a, field, ctx);
 
         i = BN_ucmp(field, a);
         if (i == 0)
@@ -208,9 +375,6 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
         else if (i > 0)
                 return (r == a) ? 1 : (BN_copy(r ,a) != NULL);
 
-        if (top == BN_NIST_192_TOP)
-                return BN_usub(r, a, field);
-
         if (r != a)
                 {
                 if (!bn_wexpand(r, BN_NIST_192_TOP))
@@ -224,23 +388,26 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
         nist_cp_bn_0(buf, a_d + BN_NIST_192_TOP, top - BN_NIST_192_TOP, BN_NIST_192_TOP);
 
         nist_set_192(t_d, buf, 0, 3, 3);
-        carry = bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP);
-        mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_192,BN_NIST_192_TOP);
-        mask = ~mask | (0-(size_t)carry);
-        res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
-        
+        carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP);
         nist_set_192(t_d, buf, 4, 4, 0);
-        carry = bn_add_words(r_d, res, t_d, BN_NIST_192_TOP);
-        mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_192,BN_NIST_192_TOP);
-        mask = ~mask | (0-(size_t)carry);
-        res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
-
+        carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP);
         nist_set_192(t_d, buf, 5, 5, 5)
-        carry = bn_add_words(r_d, res, t_d, BN_NIST_192_TOP);
-        mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_192,BN_NIST_192_TOP);
-        mask = ~mask | (0-(size_t)carry);
-        res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
+        carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP);
 
+        if (carry > 0)
+                carry = (int)bn_sub_words(r_d,r_d,_nist_p_192[carry-1],BN_NIST_192_TOP);
+        else
+                carry = 1;
+
+        /*
+         * we need 'if (carry==0 || result>=modulus) result-=modulus;'
+         * as comparison implies subtraction, we can write
+         * 'tmp=result-modulus; if (!carry || !borrow) result=tmp;'
+         * this is what happens below, but without explicit if:-) a.
+         */
+        mask  = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_192[0],BN_NIST_192_TOP);
+        mask &= 0-(size_t)carry;
+        res   = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask));
         nist_cp_bn(r_d, res, BN_NIST_192_TOP);
         r->top = BN_NIST_192_TOP;
         bn_correct_top(r);
@@ -248,21 +415,22 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
         return 1;
         }
 
+typedef BN_ULONG (*bn_addsub_f)(BN_ULONG *,const BN_ULONG *,const BN_ULONG *,int);
+
 #define nist_set_224(to, from, a1, a2, a3, a4, a5, a6, a7) \
         { \
-        if (a7 != 0) bn_cp_32(to, 0, from, (a7) - 7) else bn_32_set_0(to, 0)\
-        if (a6 != 0) bn_cp_32(to, 1, from, (a6) - 7) else bn_32_set_0(to, 1)\
-        if (a5 != 0) bn_cp_32(to, 2, from, (a5) - 7) else bn_32_set_0(to, 2)\
-        if (a4 != 0) bn_cp_32(to, 3, from, (a4) - 7) else bn_32_set_0(to, 3)\
-        if (a3 != 0) bn_cp_32(to, 4, from, (a3) - 7) else bn_32_set_0(to, 4)\
-        if (a2 != 0) bn_cp_32(to, 5, from, (a2) - 7) else bn_32_set_0(to, 5)\
-        if (a1 != 0) bn_cp_32(to, 6, from, (a1) - 7) else bn_32_set_0(to, 6)\
+        bn_cp_32(to, 0, from, (a7) - 7) \
+        bn_cp_32(to, 1, from, (a6) - 7) \
+        bn_cp_32(to, 2, from, (a5) - 7) \
+        bn_cp_32(to, 3, from, (a4) - 7) \
+        bn_cp_32(to, 4, from, (a3) - 7) \
+        bn_cp_32(to, 5, from, (a2) - 7) \
+        bn_cp_32(to, 6, from, (a1) - 7) \
         }
 
 int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
         BN_CTX *ctx)
         {
-#if BN_BITS2 == 32
         int     top = a->top, i;
         int     carry;
         BN_ULONG *r_d, *a_d = a->d;
@@ -271,6 +439,18 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
                  c_d[BN_NIST_224_TOP],
                 *res;
         size_t   mask;
+        union { bn_addsub_f f; size_t p; } u;
+        static const BIGNUM _bignum_nist_p_224_sqr = {
+                (BN_ULONG *)_nist_p_224_sqr,
+                sizeof(_nist_p_224_sqr)/sizeof(_nist_p_224_sqr[0]),
+                sizeof(_nist_p_224_sqr)/sizeof(_nist_p_224_sqr[0]),
+                0,BN_FLG_STATIC_DATA };
+
+
+        field = &_bignum_nist_p_224; /* just to make sure */
+
+        if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_224_sqr)>=0)
+                return BN_nnmod(r, a, field, ctx);
 
         i = BN_ucmp(field, a);
         if (i == 0)
@@ -281,9 +461,6 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
         else if (i > 0)
                 return (r == a)? 1 : (BN_copy(r ,a) != NULL);
 
-        if (top == BN_NIST_224_TOP)
-                return BN_usub(r, a, field);
-
         if (r != a)
                 {
                 if (!bn_wexpand(r, BN_NIST_224_TOP))
@@ -294,67 +471,77 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
         else
                 r_d = a_d;
 
+#if BN_BITS2==64
+        /* copy upper 256 bits of 448 bit number ... */
+        nist_cp_bn_0(t_d, a_d + (BN_NIST_224_TOP-1), top - (BN_NIST_224_TOP-1), BN_NIST_224_TOP);
+        /* ... and right shift by 32 to obtain upper 224 bits */
+        nist_set_224(buf, t_d, 14, 13, 12, 11, 10, 9, 8);
+        /* truncate lower part to 224 bits too */
+        r_d[BN_NIST_224_TOP-1] &= BN_MASK2l;
+#else
         nist_cp_bn_0(buf, a_d + BN_NIST_224_TOP, top - BN_NIST_224_TOP, BN_NIST_224_TOP);
-
+#endif
         nist_set_224(t_d, buf, 10, 9, 8, 7, 0, 0, 0);
-        carry = bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP);
-        mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_224,BN_NIST_224_TOP);
-        mask = ~mask | (0-(size_t)carry);
-        res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
-        
+        carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP);
         nist_set_224(t_d, buf, 0, 13, 12, 11, 0, 0, 0);
-        carry = bn_add_words(r_d, res, t_d, BN_NIST_224_TOP);
-        mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_224,BN_NIST_224_TOP);
-        mask = ~mask | (0-(size_t)carry);
-        res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
-
+        carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP);
         nist_set_224(t_d, buf, 13, 12, 11, 10, 9, 8, 7);
-#if BRANCH_FREE
-        carry = bn_sub_words(r_d, res, t_d, BN_NIST_224_TOP);
-        bn_add_words(c_d,r_d,_nist_p_224,BN_NIST_224_TOP);
-        mask = 0-(size_t)carry;
-        res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
-#else
-        if (bn_sub_words(r_d, res, t_d, BN_NIST_224_TOP))
-                bn_add_words(r_d,r_d,_nist_p_224,BN_NIST_224_TOP);
-#endif
+        carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP);
         nist_set_224(t_d, buf, 0, 0, 0, 0, 13, 12, 11);
-#if BRANCH_FREE
-        carry = bn_sub_words(r_d, res, t_d, BN_NIST_224_TOP);
-        bn_add_words(c_d,r_d,_nist_p_224,BN_NIST_224_TOP);
-        mask = 0-(size_t)carry;
-        res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
+        carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP);
 
-        nist_cp_bn(r_d, res, BN_NIST_224_TOP);
-#else
-        if (bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP))
-                bn_add_words(r_d,r_d,_nist_p_224,BN_NIST_224_TOP);
+#if BN_BITS2==64
+        carry = (int)(r_d[BN_NIST_224_TOP-1]>>32);
+#endif
+        u.f = bn_sub_words;
+        if (carry > 0)
+                {
+                carry = (int)bn_sub_words(r_d,r_d,_nist_p_224[carry-1],BN_NIST_224_TOP);
+#if BN_BITS2==64
+                carry=(int)(~(r_d[BN_NIST_224_TOP-1]>>32))&1;
 #endif
+                }
+        else if (carry < 0)
+                {
+                /* it's a bit more comlicated logic in this case.
+                 * if bn_add_words yields no carry, then result
+                 * has to be adjusted by unconditionally *adding*
+                 * the modulus. but if it does, then result has
+                 * to be compared to the modulus and conditionally
+                 * adjusted by *subtracting* the latter. */
+                carry = (int)bn_add_words(r_d,r_d,_nist_p_224[-carry-1],BN_NIST_224_TOP);
+                mask = 0-(size_t)carry;
+                u.p = ((size_t)bn_sub_words&mask) | ((size_t)bn_add_words&~mask);
+                }
+        else
+                carry = 1;
+
+        /* otherwise it's effectively same as in BN_nist_mod_192... */
+        mask  = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_224[0],BN_NIST_224_TOP);
+        mask &= 0-(size_t)carry;
+        res   = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask));
+        nist_cp_bn(r_d, res, BN_NIST_224_TOP);
         r->top = BN_NIST_224_TOP;
         bn_correct_top(r);
 
         return 1;
-#else   /* BN_BITS!=32 */
-        return 0;
-#endif
         }
 
 #define nist_set_256(to, from, a1, a2, a3, a4, a5, a6, a7, a8) \
         { \
-        if (a8 != 0) bn_cp_32(to, 0, from, (a8) - 8) else bn_32_set_0(to, 0)\
-        if (a7 != 0) bn_cp_32(to, 1, from, (a7) - 8) else bn_32_set_0(to, 1)\
-        if (a6 != 0) bn_cp_32(to, 2, from, (a6) - 8) else bn_32_set_0(to, 2)\
-        if (a5 != 0) bn_cp_32(to, 3, from, (a5) - 8) else bn_32_set_0(to, 3)\
-        if (a4 != 0) bn_cp_32(to, 4, from, (a4) - 8) else bn_32_set_0(to, 4)\
-        if (a3 != 0) bn_cp_32(to, 5, from, (a3) - 8) else bn_32_set_0(to, 5)\
-        if (a2 != 0) bn_cp_32(to, 6, from, (a2) - 8) else bn_32_set_0(to, 6)\
-        if (a1 != 0) bn_cp_32(to, 7, from, (a1) - 8) else bn_32_set_0(to, 7)\
+        bn_cp_32(to, 0, from, (a8) - 8) \
+        bn_cp_32(to, 1, from, (a7) - 8) \
+        bn_cp_32(to, 2, from, (a6) - 8) \
+        bn_cp_32(to, 3, from, (a5) - 8) \
+        bn_cp_32(to, 4, from, (a4) - 8) \
+        bn_cp_32(to, 5, from, (a3) - 8) \
+        bn_cp_32(to, 6, from, (a2) - 8) \
+        bn_cp_32(to, 7, from, (a1) - 8) \
         }
 
 int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
         BN_CTX *ctx)
         {
-#if BN_BITS2 == 32
         int     i, top = a->top;
         int     carry = 0;
         register BN_ULONG *a_d = a->d, *r_d;
@@ -363,6 +550,17 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
                  c_d[BN_NIST_256_TOP],
                 *res;
         size_t   mask;
+        union { bn_addsub_f f; size_t p; } u;
+        static const BIGNUM _bignum_nist_p_256_sqr = {
+                (BN_ULONG *)_nist_p_256_sqr,
+                sizeof(_nist_p_256_sqr)/sizeof(_nist_p_256_sqr[0]),
+                sizeof(_nist_p_256_sqr)/sizeof(_nist_p_256_sqr[0]),
+                0,BN_FLG_STATIC_DATA };
+
+        field = &_bignum_nist_p_256; /* just to make sure */
+
+        if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_256_sqr)>=0)
+                return BN_nnmod(r, a, field, ctx);
 
         i = BN_ucmp(field, a);
         if (i == 0)
@@ -373,9 +571,6 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
         else if (i > 0)
                 return (r == a)? 1 : (BN_copy(r ,a) != NULL);
 
-        if (top == BN_NIST_256_TOP)
-                return BN_usub(r, a, field);
-
         if (r != a)
                 {
                 if (!bn_wexpand(r, BN_NIST_256_TOP))
@@ -391,111 +586,84 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
         /*S1*/
         nist_set_256(t_d, buf, 15, 14, 13, 12, 11, 0, 0, 0);
         /*S2*/
-        nist_set_256(c_d,buf, 0, 15, 14, 13, 12, 0, 0, 0);
-        carry = bn_add_words(t_d, t_d, c_d, BN_NIST_256_TOP);
-        mask = 0-(size_t)bn_sub_words(c_d,t_d,_nist_p_256,BN_NIST_256_TOP);
-        mask = ~mask | (0-(size_t)carry);
-        res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)t_d&~mask));
-
-        carry = bn_add_words(t_d, res, res, BN_NIST_256_TOP);
-        mask = 0-(size_t)bn_sub_words(c_d,t_d,_nist_p_256,BN_NIST_256_TOP);
-        mask = ~mask | (0-(size_t)carry);
-        res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)t_d&~mask));
-
-        carry = bn_add_words(r_d, r_d, res, BN_NIST_256_TOP);
-        mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_256,BN_NIST_256_TOP);
-        mask = ~mask | (0-(size_t)carry);
-        res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
-
+        nist_set_256(c_d, buf, 0, 15, 14, 13, 12, 0, 0, 0);
+        carry = (int)bn_add_words(t_d, t_d, c_d, BN_NIST_256_TOP);
+        /* left shift */
+                {
+                register BN_ULONG *ap,t,c;
+                ap = t_d;
+                c=0;
+                for (i = BN_NIST_256_TOP; i != 0; --i)
+                        {
+                        t= *ap;
+                        *(ap++)=((t<<1)|c)&BN_MASK2;
+                        c=(t & BN_TBIT)?1:0;
+                        }
+                carry <<= 1;
+                carry  |= c;
+                }
+        carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP);
         /*S3*/
         nist_set_256(t_d, buf, 15, 14, 0, 0, 0, 10, 9, 8);
-        carry = bn_add_words(r_d, res, t_d, BN_NIST_256_TOP);
-        mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_256,BN_NIST_256_TOP);
-        mask = ~mask | (0-(size_t)carry);
-        res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
-
+        carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP);
         /*S4*/
         nist_set_256(t_d, buf, 8, 13, 15, 14, 13, 11, 10, 9);
-        carry = bn_add_words(r_d, res, t_d, BN_NIST_256_TOP);
-        mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_256,BN_NIST_256_TOP);
-        mask = ~mask | (0-(size_t)carry);
-        res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
-
+        carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP);
         /*D1*/
         nist_set_256(t_d, buf, 10, 8, 0, 0, 0, 13, 12, 11);
-#if BRANCH_FREE
-        carry = bn_sub_words(r_d, res, t_d, BN_NIST_256_TOP);
-        bn_add_words(c_d,r_d,_nist_p_256,BN_NIST_256_TOP);
-        mask = 0-(size_t)carry;
-        res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));   
-#else
-        if (bn_sub_words(r_d, res, t_d, BN_NIST_256_TOP))
-                bn_add_words(r_d,r_d,_nist_p_256,BN_NIST_256_TOP);
-#endif
+        carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP);
         /*D2*/
         nist_set_256(t_d, buf, 11, 9, 0, 0, 15, 14, 13, 12);
-#if BRANCH_FREE
-        carry = bn_sub_words(r_d, res, t_d, BN_NIST_256_TOP);
-        bn_add_words(c_d,r_d,_nist_p_256,BN_NIST_256_TOP);
-        mask = 0-(size_t)carry;
-        res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));   
-#else
-        if (bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP))
-                bn_add_words(r_d,r_d,_nist_p_256,BN_NIST_256_TOP);
-#endif
+        carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP);
         /*D3*/
         nist_set_256(t_d, buf, 12, 0, 10, 9, 8, 15, 14, 13);
-#if BRANCH_FREE
-        carry = bn_sub_words(r_d, res, t_d, BN_NIST_256_TOP);
-        bn_add_words(c_d,r_d,_nist_p_256,BN_NIST_256_TOP);
-        mask = 0-(size_t)carry;
-        res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));   
-#else
-        if (bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP))
-                bn_add_words(r_d,r_d,_nist_p_256,BN_NIST_256_TOP);
-#endif
+        carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP);
         /*D4*/
         nist_set_256(t_d, buf, 13, 0, 11, 10, 9, 0, 15, 14);
-#if BRANCH_FREE
-        carry = bn_sub_words(r_d, res, t_d, BN_NIST_256_TOP);
-        bn_add_words(c_d,r_d,_nist_p_256,BN_NIST_256_TOP);
-        mask = 0-(size_t)carry;
-        res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));   
+        carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP);
 
-        nist_cp_bn(r_d, res, BN_NIST_384_TOP);
-#else
-        if (bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP))
-                bn_add_words(r_d,r_d,_nist_p_256,BN_NIST_256_TOP);
-#endif
+        /* see BN_nist_mod_224 for explanation */
+        u.f = bn_sub_words;
+        if (carry > 0)
+                carry = (int)bn_sub_words(r_d,r_d,_nist_p_256[carry-1],BN_NIST_256_TOP);
+        else if (carry < 0)
+                {
+                carry = (int)bn_add_words(r_d,r_d,_nist_p_256[-carry-1],BN_NIST_256_TOP);
+                mask = 0-(size_t)carry;
+                u.p = ((size_t)bn_sub_words&mask) | ((size_t)bn_add_words&~mask);
+                }
+        else
+                carry = 1;
+
+        mask  = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_256[0],BN_NIST_256_TOP);
+        mask &= 0-(size_t)carry;
+        res   = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask));
+        nist_cp_bn(r_d, res, BN_NIST_256_TOP);
         r->top = BN_NIST_256_TOP;
         bn_correct_top(r);
 
         return 1;
-#else   /* BN_BITS!=32 */
-        return 0;
-#endif
         }
 
 #define nist_set_384(to,from,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,a11,a12) \
         { \
-        if (a12 != 0) bn_cp_32(to, 0, from,  (a12) - 12) else bn_32_set_0(to, 0)\
-        if (a11 != 0) bn_cp_32(to, 1, from,  (a11) - 12) else bn_32_set_0(to, 1)\
-        if (a10 != 0) bn_cp_32(to, 2, from,  (a10) - 12) else bn_32_set_0(to, 2)\
-        if (a9 != 0)  bn_cp_32(to, 3, from,  (a9) - 12)  else bn_32_set_0(to, 3)\
-        if (a8 != 0)  bn_cp_32(to, 4, from,  (a8) - 12)  else bn_32_set_0(to, 4)\
-        if (a7 != 0)  bn_cp_32(to, 5, from,  (a7) - 12)  else bn_32_set_0(to, 5)\
-        if (a6 != 0)  bn_cp_32(to, 6, from,  (a6) - 12)  else bn_32_set_0(to, 6)\
-        if (a5 != 0)  bn_cp_32(to, 7, from,  (a5) - 12)  else bn_32_set_0(to, 7)\
-        if (a4 != 0)  bn_cp_32(to, 8, from,  (a4) - 12)  else bn_32_set_0(to, 8)\
-        if (a3 != 0)  bn_cp_32(to, 9, from,  (a3) - 12)  else bn_32_set_0(to, 9)\
-        if (a2 != 0)  bn_cp_32(to, 10, from, (a2) - 12)  else bn_32_set_0(to, 10)\
-        if (a1 != 0)  bn_cp_32(to, 11, from, (a1) - 12)  else bn_32_set_0(to, 11)\
+        bn_cp_32(to, 0, from,  (a12) - 12) \
+        bn_cp_32(to, 1, from,  (a11) - 12) \
+        bn_cp_32(to, 2, from,  (a10) - 12) \
+        bn_cp_32(to, 3, from,  (a9) - 12)  \
+        bn_cp_32(to, 4, from,  (a8) - 12)  \
+        bn_cp_32(to, 5, from,  (a7) - 12)  \
+        bn_cp_32(to, 6, from,  (a6) - 12)  \
+        bn_cp_32(to, 7, from,  (a5) - 12)  \
+        bn_cp_32(to, 8, from,  (a4) - 12)  \
+        bn_cp_32(to, 9, from,  (a3) - 12)  \
+        bn_cp_32(to, 10, from, (a2) - 12)  \
+        bn_cp_32(to, 11, from, (a1) - 12)  \
         }
 
 int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
         BN_CTX *ctx)
         {
-#if BN_BITS2 == 32
         int     i, top = a->top;
         int     carry = 0;
         register BN_ULONG *r_d, *a_d = a->d;
@@ -504,6 +672,18 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
                  c_d[BN_NIST_384_TOP],
                 *res;
         size_t   mask;
+        union { bn_addsub_f f; size_t p; } u;
+        static const BIGNUM _bignum_nist_p_384_sqr = {
+                (BN_ULONG *)_nist_p_384_sqr,
+                sizeof(_nist_p_384_sqr)/sizeof(_nist_p_384_sqr[0]),
+                sizeof(_nist_p_384_sqr)/sizeof(_nist_p_384_sqr[0]),
+                0,BN_FLG_STATIC_DATA };
+
+
+        field = &_bignum_nist_p_384; /* just to make sure */
+
+        if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_384_sqr)>=0)
+                return BN_nnmod(r, a, field, ctx);
 
         i = BN_ucmp(field, a);
         if (i == 0)
@@ -514,9 +694,6 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
         else if (i > 0)
                 return (r == a)? 1 : (BN_copy(r ,a) != NULL);
 
-        if (top == BN_NIST_384_TOP)
-                return BN_usub(r, a, field);
-
         if (r != a)
                 {
                 if (!bn_wexpand(r, BN_NIST_384_TOP))
@@ -544,149 +721,116 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
                         }
                 *ap=c;
                 }
-        carry = bn_add_words(r_d+(128/BN_BITS2), r_d+(128/BN_BITS2), 
+        carry = (int)bn_add_words(r_d+(128/BN_BITS2), r_d+(128/BN_BITS2), 
                 t_d, BN_NIST_256_TOP);
-        /*
-         * we need if (result>=modulus) subtract(result,modulus);
-         * in n-bit space this can be expressed as
-         * if (carry || result>=modulus) subtract(result,modulus);
-         * the catch is that comparison implies subtraction and
-         * therefore one can write tmp=subtract(result,modulus);
-         * and then if(carry || !borrow) result=tmp; this's what
-         * happens below, but without explicit if:-) a.
-         */
-        mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP);
-        mask = ~mask | (0-(size_t)carry);
-        res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
-
         /*S2 */
-        carry = bn_add_words(r_d, res, buf, BN_NIST_384_TOP);
-        mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP);
-        mask = ~mask | (0-(size_t)carry);
-        res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
-
+        carry += (int)bn_add_words(r_d, r_d, buf, BN_NIST_384_TOP);
         /*S3*/
         nist_set_384(t_d,buf,20,19,18,17,16,15,14,13,12,23,22,21);
-        carry = bn_add_words(r_d, res, t_d, BN_NIST_384_TOP);
-        mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP);
-        mask = ~mask | (0-(size_t)carry);
-        res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
-
+        carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP);
         /*S4*/
         nist_set_384(t_d,buf,19,18,17,16,15,14,13,12,20,0,23,0);
-        carry = bn_add_words(r_d, res, t_d, BN_NIST_384_TOP);
-        mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP);
-        mask = ~mask | (0-(size_t)carry);
-        res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
-
+        carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP);
         /*S5*/
         nist_set_384(t_d, buf,0,0,0,0,23,22,21,20,0,0,0,0);
-        carry = bn_add_words(r_d, res, t_d, BN_NIST_384_TOP);
-        mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP);
-        mask = ~mask | (0-(size_t)carry);
-        res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
-
+        carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP);
         /*S6*/
         nist_set_384(t_d,buf,0,0,0,0,0,0,23,22,21,0,0,20);
-        carry = bn_add_words(r_d, res, t_d, BN_NIST_384_TOP);
-        mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP);
-        mask = ~mask | (0-(size_t)carry);
-        res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
-
+        carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP);
         /*D1*/
         nist_set_384(t_d,buf,22,21,20,19,18,17,16,15,14,13,12,23);
-#if BRANCH_FREE
-        carry = bn_sub_words(r_d, res, t_d, BN_NIST_384_TOP);
-        bn_add_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP);
-        mask = 0-(size_t)carry;
-        res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
-#else
-        if (bn_sub_words(r_d, res, t_d, BN_NIST_384_TOP))
-                bn_add_words(r_d,r_d,_nist_p_384,BN_NIST_384_TOP);
-#endif
+        carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP);
         /*D2*/
         nist_set_384(t_d,buf,0,0,0,0,0,0,0,23,22,21,20,0);
-#if BRANCH_FREE
-        carry = bn_sub_words(r_d, res, t_d, BN_NIST_384_TOP);
-        bn_add_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP);
-        mask = 0-(size_t)carry;
-        res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
-#else
-        if (bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP))
-                bn_add_words(r_d,r_d,_nist_p_384,BN_NIST_384_TOP);
-#endif
+        carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP);
         /*D3*/
         nist_set_384(t_d,buf,0,0,0,0,0,0,0,23,23,0,0,0);
-#if BRANCH_FREE
-        carry = bn_sub_words(r_d, res, t_d, BN_NIST_384_TOP);
-        bn_add_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP);
-        mask = 0-(size_t)carry;
-        res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
+        carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP);
+
+        /* see BN_nist_mod_224 for explanation */
+        u.f = bn_sub_words;
+        if (carry > 0)
+                carry = (int)bn_sub_words(r_d,r_d,_nist_p_384[carry-1],BN_NIST_384_TOP);
+        else if (carry < 0)
+                {
+                carry = (int)bn_add_words(r_d,r_d,_nist_p_384[-carry-1],BN_NIST_384_TOP);
+                mask = 0-(size_t)carry;
+                u.p = ((size_t)bn_sub_words&mask) | ((size_t)bn_add_words&~mask);
+                }
+        else
+                carry = 1;
 
+        mask  = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_384[0],BN_NIST_384_TOP);
+        mask &= 0-(size_t)carry;
+        res   = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask));
         nist_cp_bn(r_d, res, BN_NIST_384_TOP);
-#else
-        if (bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP))
-                bn_add_words(r_d,r_d,_nist_p_384,BN_NIST_384_TOP);
-#endif
         r->top = BN_NIST_384_TOP;
         bn_correct_top(r);
 
         return 1;
-#else   /* BN_BITS!=32 */
-        return 0;
-#endif
         }
 
+#define BN_NIST_521_RSHIFT      (521%BN_BITS2)
+#define BN_NIST_521_LSHIFT      (BN_BITS2-BN_NIST_521_RSHIFT)
+#define BN_NIST_521_TOP_MASK    ((BN_ULONG)BN_MASK2>>BN_NIST_521_LSHIFT)
+
 int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
         BN_CTX *ctx)
         {
-#if BN_BITS2 == 64
-#define BN_NIST_521_TOP_MASK    (BN_ULONG)0x1FF
-#elif BN_BITS2 == 32
-#define BN_NIST_521_TOP_MASK    (BN_ULONG)0x1FF
-#endif
-        int     top, ret = 0;
-        BN_ULONG *r_d;
-        BIGNUM  *tmp;
-
-        /* check whether a reduction is necessary */
-        top = a->top;
-        if (top < BN_NIST_521_TOP  || ( top == BN_NIST_521_TOP &&
-           (!(a->d[BN_NIST_521_TOP-1] & ~(BN_NIST_521_TOP_MASK)))))
-                return (r == a)? 1 : (BN_copy(r ,a) != NULL);
+        int     top = a->top, i;
+        BN_ULONG *r_d, *a_d = a->d,
+                 t_d[BN_NIST_521_TOP],
+                 val,tmp,*res;
+        size_t  mask;
+        static const BIGNUM _bignum_nist_p_521_sqr = {
+                (BN_ULONG *)_nist_p_521_sqr,
+                sizeof(_nist_p_521_sqr)/sizeof(_nist_p_521_sqr[0]),
+                sizeof(_nist_p_521_sqr)/sizeof(_nist_p_521_sqr[0]),
+                0,BN_FLG_STATIC_DATA };
 
-        BN_CTX_start(ctx);
-        tmp = BN_CTX_get(ctx);
-        if (!tmp)
-                goto err;
+        field = &_bignum_nist_p_521; /* just to make sure */
 
-        if (!bn_wexpand(tmp, BN_NIST_521_TOP))
-                goto err;
-        nist_cp_bn(tmp->d, a->d, BN_NIST_521_TOP);
+        if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_521_sqr)>=0)
+                return BN_nnmod(r, a, field, ctx);
 
-        tmp->top = BN_NIST_521_TOP;
-        tmp->d[BN_NIST_521_TOP-1]  &= BN_NIST_521_TOP_MASK;
-        bn_correct_top(tmp);
+        i = BN_ucmp(field, a);
+        if (i == 0)
+                {
+                BN_zero(r);
+                return 1;
+                }
+        else if (i > 0)
+                return (r == a)? 1 : (BN_copy(r ,a) != NULL);
 
-        if (!BN_rshift(r, a, 521))
-                goto err;
+        if (r != a)
+                {
+                if (!bn_wexpand(r,BN_NIST_521_TOP))
+                        return 0;
+                r_d = r->d;
+                nist_cp_bn(r_d,a_d, BN_NIST_521_TOP);
+                }
+        else
+                r_d = a_d;
 
-        if (!BN_uadd(r, tmp, r))
-                goto err;
-        top = r->top;
-        r_d = r->d;
-        if (top == BN_NIST_521_TOP  && 
-           (r_d[BN_NIST_521_TOP-1] & ~(BN_NIST_521_TOP_MASK)))
+        /* upper 521 bits, copy ... */
+        nist_cp_bn_0(t_d,a_d + (BN_NIST_521_TOP-1), top - (BN_NIST_521_TOP-1),BN_NIST_521_TOP);
+        /* ... and right shift */
+        for (val=t_d[0],i=0; i<BN_NIST_521_TOP-1; i++)
                 {
-                BN_NIST_ADD_ONE(r_d)
-                r->d[BN_NIST_521_TOP-1] &= BN_NIST_521_TOP_MASK; 
+                tmp = val>>BN_NIST_521_RSHIFT;
+                val = t_d[i+1];
+                t_d[i] = (tmp | val<<BN_NIST_521_LSHIFT) & BN_MASK2;
                 }
+        t_d[i] = val>>BN_NIST_521_RSHIFT;
+        /* lower 521 bits */
+        r_d[i] &= BN_NIST_521_TOP_MASK;
+
+        bn_add_words(r_d,r_d,t_d,BN_NIST_521_TOP);
+        mask = 0-(size_t)bn_sub_words(t_d,r_d,_nist_p_521,BN_NIST_521_TOP);
+        res  = (BN_ULONG *)(((size_t)t_d&~mask) | ((size_t)r_d&mask));
+        nist_cp_bn(r_d,res,BN_NIST_521_TOP);
+        r->top = BN_NIST_521_TOP;
         bn_correct_top(r);
 
-        ret = 1;
-err:
-        BN_CTX_end(ctx);
-
-        bn_check_top(r);
-        return ret;
+        return 1;
         }
diff --git a/src/lib/libssl/src/crypto/bn/bn_x931p.c b/src/lib/libssl/src/crypto/bn/bn_x931p.c
index c64410dd3a..04c5c874ec 100644
--- a/src/lib/libssl/src/crypto/bn/bn_x931p.c
+++ b/src/lib/libssl/src/crypto/bn/bn_x931p.c
@@ -1,5 +1,5 @@
 /* bn_x931p.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2005.
  */
 /* ====================================================================
@@ -59,18 +59,15 @@
 #include <stdio.h>
 #include <openssl/bn.h>
 
-#ifdef OPENSSL_FIPS
-
 /* X9.31 routines for prime derivation */
 
-
 /* X9.31 prime derivation. This is used to generate the primes pi
  * (p1, p2, q1, q2) from a parameter Xpi by checking successive odd
  * integers.
  */
 
 static int bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx,
-                        void (*cb)(int, int, void *), void *cb_arg)
+                        BN_GENCB *cb)
         {
         int i = 0;
         if (!BN_copy(pi, Xpi))
@@ -80,16 +77,14 @@ static int bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx,
         for(;;)
                 {
                 i++;
-                if (cb)
-                        cb(0, i, cb_arg);
+                BN_GENCB_call(cb, 0, i);
                 /* NB 27 MR is specificed in X9.31 */
-                if (BN_is_prime_fasttest(pi, 27, cb, ctx, cb_arg, 1))
+                if (BN_is_prime_fasttest_ex(pi, 27, ctx, 1, cb))
                         break;
                 if (!BN_add_word(pi, 2))
                         return 0;
                 }
-        if (cb)
-                cb(2, i, cb_arg);
+        BN_GENCB_call(cb, 2, i);
         return 1;
         }
 
@@ -98,10 +93,9 @@ static int bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx,
  * not NULL they will be returned too: this is needed for testing.
  */
 
-int BN_X931_derive_prime(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
-                        void (*cb)(int, int, void *), void *cb_arg,
+int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
                         const BIGNUM *Xp, const BIGNUM *Xp1, const BIGNUM *Xp2,
-                        const BIGNUM *e, BN_CTX *ctx)
+                        const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb)
         {
         int ret = 0;
 
@@ -124,10 +118,10 @@ int BN_X931_derive_prime(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
 
         pm1 = BN_CTX_get(ctx);
 
-        if (!bn_x931_derive_pi(p1, Xp1, ctx, cb, cb_arg))
+        if (!bn_x931_derive_pi(p1, Xp1, ctx, cb))
                 goto err;
 
-        if (!bn_x931_derive_pi(p2, Xp2, ctx, cb, cb_arg))
+        if (!bn_x931_derive_pi(p2, Xp2, ctx, cb))
                 goto err;
 
         if (!BN_mul(p1p2, p1, p2, ctx))
@@ -166,8 +160,7 @@ int BN_X931_derive_prime(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
         for (;;)
                 {
                 int i = 1;
-                if (cb)
-                        cb(0, i++, cb_arg);
+                BN_GENCB_call(cb, 0, i++);
                 if (!BN_copy(pm1, p))
                         goto err;
                 if (!BN_sub_word(pm1, 1))
@@ -179,14 +172,13 @@ int BN_X931_derive_prime(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
                  * offering similar or better guarantees 50 MR is considerably 
                  * better.
                  */
-                        && BN_is_prime_fasttest(p, 50, cb, ctx, cb_arg, 1))
+                        && BN_is_prime_fasttest_ex(p, 50, ctx, 1, cb))
                         break;
                 if (!BN_add(p, p, p1p2))
                         goto err;
                 }
 
-        if (cb)
-                cb(3, 0, cb_arg);
+        BN_GENCB_call(cb, 3, 0);
 
         ret = 1;
 
@@ -248,11 +240,11 @@ int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx)
  * are generated using the previous function and supplied as input.
  */
 
-int BN_X931_generate_prime(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
+int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
                         BIGNUM *Xp1, BIGNUM *Xp2,
                         const BIGNUM *Xp,
                         const BIGNUM *e, BN_CTX *ctx,
-                        void (*cb)(int, int, void *), void *cb_arg)
+                        BN_GENCB *cb)
         {
         int ret = 0;
 
@@ -266,8 +258,7 @@ int BN_X931_generate_prime(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
                 goto error;
         if (!BN_rand(Xp2, 101, 0, 0))
                 goto error;
-        if (!BN_X931_derive_prime(p, p1, p2, cb, cb_arg,
-                                                Xp, Xp1, Xp2, e, ctx))
+        if (!BN_X931_derive_prime_ex(p, p1, p2, Xp, Xp1, Xp2, e, ctx, cb))
                 goto error;
 
         ret = 1;
@@ -279,4 +270,3 @@ int BN_X931_generate_prime(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
 
         }
 
-#endif
diff --git a/src/lib/libssl/src/crypto/buffer/buf_str.c b/src/lib/libssl/src/crypto/buffer/buf_str.c
new file mode 100644
index 0000000000..28dd1e401e
--- /dev/null
+++ b/src/lib/libssl/src/crypto/buffer/buf_str.c
@@ -0,0 +1,116 @@
+/* crypto/buffer/buf_str.c */
+/* ====================================================================
+ * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+
+char *BUF_strdup(const char *str)
+        {
+        if (str == NULL) return(NULL);
+        return BUF_strndup(str, strlen(str));
+        }
+
+char *BUF_strndup(const char *str, size_t siz)
+        {
+        char *ret;
+
+        if (str == NULL) return(NULL);
+
+        ret=OPENSSL_malloc(siz+1);
+        if (ret == NULL) 
+                {
+                BUFerr(BUF_F_BUF_STRNDUP,ERR_R_MALLOC_FAILURE);
+                return(NULL);
+                }
+        BUF_strlcpy(ret,str,siz+1);
+        return(ret);
+        }
+
+void *BUF_memdup(const void *data, size_t siz)
+        {
+        void *ret;
+
+        if (data == NULL) return(NULL);
+
+        ret=OPENSSL_malloc(siz);
+        if (ret == NULL) 
+                {
+                BUFerr(BUF_F_BUF_MEMDUP,ERR_R_MALLOC_FAILURE);
+                return(NULL);
+                }
+        return memcpy(ret, data, siz);
+        }       
+
+size_t BUF_strlcpy(char *dst, const char *src, size_t size)
+        {
+        size_t l = 0;
+        for(; size > 1 && *src; size--)
+                {
+                *dst++ = *src++;
+                l++;
+                }
+        if (size)
+                *dst = '\0';
+        return l + strlen(src);
+        }
+
+size_t BUF_strlcat(char *dst, const char *src, size_t size)
+        {
+        size_t l = 0;
+        for(; size > 0 && *dst; size--, dst++)
+                l++;
+        return l + BUF_strlcpy(dst, src, size);
+        }
diff --git a/src/lib/libssl/src/crypto/camellia/Makefile b/src/lib/libssl/src/crypto/camellia/Makefile
index 1579de5ce5..dfb12951fd 100644
--- a/src/lib/libssl/src/crypto/camellia/Makefile
+++ b/src/lib/libssl/src/crypto/camellia/Makefile
@@ -41,7 +41,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
diff --git a/src/lib/libssl/src/crypto/camellia/camellia.h b/src/lib/libssl/src/crypto/camellia/camellia.h
index 3c8a359543..b8a8b6e10b 100644
--- a/src/lib/libssl/src/crypto/camellia/camellia.h
+++ b/src/lib/libssl/src/crypto/camellia/camellia.h
@@ -87,6 +87,11 @@ struct camellia_key_st
 
 typedef struct camellia_key_st CAMELLIA_KEY;
 
+#ifdef OPENSSL_FIPS
+int private_Camellia_set_key(const unsigned char *userKey, const int bits,
+        CAMELLIA_KEY *key);
+#endif
+
 int Camellia_set_key(const unsigned char *userKey, const int bits,
         CAMELLIA_KEY *key);
 
diff --git a/src/lib/libssl/src/crypto/camellia/cmll_misc.c b/src/lib/libssl/src/crypto/camellia/cmll_misc.c
index f1047b54e0..2cd7aba9bb 100644
--- a/src/lib/libssl/src/crypto/camellia/cmll_misc.c
+++ b/src/lib/libssl/src/crypto/camellia/cmll_misc.c
@@ -52,11 +52,24 @@
 #include <openssl/opensslv.h>
 #include <openssl/camellia.h>
 #include "cmll_locl.h"
+#include <openssl/crypto.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
 
 const char CAMELLIA_version[]="CAMELLIA" OPENSSL_VERSION_PTEXT;
 
 int Camellia_set_key(const unsigned char *userKey, const int bits,
         CAMELLIA_KEY *key)
+#ifdef OPENSSL_FIPS
+        {
+        if (FIPS_mode())
+                FIPS_BAD_ABORT(CAMELLIA)
+        return private_Camellia_set_key(userKey, bits, key);
+        }
+int private_Camellia_set_key(const unsigned char *userKey, const int bits,
+        CAMELLIA_KEY *key)
+#endif
         {
         if (!userKey || !key)
                 {
diff --git a/src/lib/libssl/src/crypto/cms/Makefile b/src/lib/libssl/src/crypto/cms/Makefile
index e39c310b6c..1c137e0cff 100644
--- a/src/lib/libssl/src/crypto/cms/Makefile
+++ b/src/lib/libssl/src/crypto/cms/Makefile
@@ -37,7 +37,7 @@ test:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
diff --git a/src/lib/libssl/src/crypto/cms/cms_sd.c b/src/lib/libssl/src/crypto/cms/cms_sd.c
index 591bfbec33..cdac3b870d 100644
--- a/src/lib/libssl/src/crypto/cms/cms_sd.c
+++ b/src/lib/libssl/src/crypto/cms/cms_sd.c
@@ -830,7 +830,7 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si)
         cms_fixup_mctx(&mctx, si->pkey);
         r = EVP_VerifyFinal(&mctx,
                         si->signature->data, si->signature->length, si->pkey);
-        if (!r)
+        if (r <= 0)
                 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_VERIFICATION_FAILURE);
         err:
         EVP_MD_CTX_cleanup(&mctx);
diff --git a/src/lib/libssl/src/crypto/cms/cms_smime.c b/src/lib/libssl/src/crypto/cms/cms_smime.c
index f79c504e91..b9463f9abb 100644
--- a/src/lib/libssl/src/crypto/cms/cms_smime.c
+++ b/src/lib/libssl/src/crypto/cms/cms_smime.c
@@ -68,7 +68,10 @@ static int cms_copy_content(BIO *out, BIO *in, unsigned int flags)
         if (out == NULL)
                 tmpout = BIO_new(BIO_s_null());
         else if (flags & CMS_TEXT)
+                {
                 tmpout = BIO_new(BIO_s_mem());
+                BIO_set_mem_eof_return(tmpout, 0);
+                }
         else
                 tmpout = out;
 
@@ -89,11 +92,13 @@ static int cms_copy_content(BIO *out, BIO *in, unsigned int flags)
                                 if (!BIO_get_cipher_status(in))
                                         goto err;
                                 }
+                        if (i < 0)
+                                goto err;
                         break;
                         }
                                 
-                if (tmpout)
-                        BIO_write(tmpout, buf, i);
+                if (tmpout && (BIO_write(tmpout, buf, i) != i))
+                        goto err;
         }
 
         if(flags & CMS_TEXT)
diff --git a/src/lib/libssl/src/crypto/ec/ec_key.c b/src/lib/libssl/src/crypto/ec/ec_key.c
index 3d6c900b95..12fb0e6d6d 100644
--- a/src/lib/libssl/src/crypto/ec/ec_key.c
+++ b/src/lib/libssl/src/crypto/ec/ec_key.c
@@ -296,7 +296,7 @@ int EC_KEY_check_key(const EC_KEY *eckey)
         {
         int     ok   = 0;
         BN_CTX  *ctx = NULL;
-        BIGNUM  *order  = NULL;
+        const BIGNUM    *order  = NULL;
         EC_POINT *point = NULL;
 
         if (!eckey || !eckey->group || !eckey->pub_key)
@@ -307,8 +307,6 @@ int EC_KEY_check_key(const EC_KEY *eckey)
         
         if ((ctx = BN_CTX_new()) == NULL)
                 goto err;
-        if ((order = BN_new()) == NULL)
-                goto err;
         if ((point = EC_POINT_new(eckey->group)) == NULL)
                 goto err;
 
@@ -319,17 +317,13 @@ int EC_KEY_check_key(const EC_KEY *eckey)
                 goto err;
                 }
         /* testing whether pub_key * order is the point at infinity */
-        if (!EC_GROUP_get_order(eckey->group, order, ctx))
+        order = &eckey->group->order;
+        if (BN_is_zero(order))
                 {
                 ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_INVALID_GROUP_ORDER);
                 goto err;
                 }
-        if (!EC_POINT_copy(point, eckey->pub_key))
-                {
-                ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_EC_LIB);
-                goto err;
-                }
-        if (!EC_POINT_mul(eckey->group, point, order, NULL, NULL, ctx))
+        if (!EC_POINT_mul(eckey->group, point, NULL, eckey->pub_key, order, ctx))
                 {
                 ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_EC_LIB);
                 goto err;
@@ -366,8 +360,6 @@ int EC_KEY_check_key(const EC_KEY *eckey)
 err:
         if (ctx   != NULL)
                 BN_CTX_free(ctx);
-        if (order != NULL)
-                BN_free(order);
         if (point != NULL)
                 EC_POINT_free(point);
         return(ok);
diff --git a/src/lib/libssl/src/crypto/ecdh/Makefile b/src/lib/libssl/src/crypto/ecdh/Makefile
index 95aa69fea5..7a7b618eeb 100644
--- a/src/lib/libssl/src/crypto/ecdh/Makefile
+++ b/src/lib/libssl/src/crypto/ecdh/Makefile
@@ -34,7 +34,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
@@ -84,20 +84,31 @@ ech_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 ech_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 ech_err.o: ech_err.c
 ech_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-ech_key.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-ech_key.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-ech_key.o: ../../include/openssl/engine.h ../../include/openssl/opensslconf.h
-ech_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-ech_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-ech_key.o: ../../include/openssl/symhacks.h ech_key.c ech_locl.h
+ech_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+ech_key.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ech_key.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+ech_key.o: ../../include/openssl/engine.h ../../include/openssl/evp.h
+ech_key.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+ech_key.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ech_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+ech_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+ech_key.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+ech_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ech_key.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+ech_key.o: ech_key.c ech_locl.h
 ech_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-ech_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-ech_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+ech_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+ech_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ech_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 ech_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-ech_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ech_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+ech_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+ech_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 ech_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-ech_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-ech_lib.o: ../../include/openssl/symhacks.h ech_lib.c ech_locl.h
+ech_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+ech_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ech_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+ech_lib.o: ../../include/openssl/x509_vfy.h ech_lib.c ech_locl.h
 ech_ossl.o: ../../e_os.h ../../include/openssl/asn1.h
 ech_ossl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 ech_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
diff --git a/src/lib/libssl/src/crypto/ecdsa/Makefile b/src/lib/libssl/src/crypto/ecdsa/Makefile
index 16a93cd3ae..4865f3c8d6 100644
--- a/src/lib/libssl/src/crypto/ecdsa/Makefile
+++ b/src/lib/libssl/src/crypto/ecdsa/Makefile
@@ -34,7 +34,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
@@ -92,13 +92,18 @@ ecs_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 ecs_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 ecs_err.o: ecs_err.c
 ecs_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-ecs_lib.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
-ecs_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ecs_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+ecs_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ecs_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 ecs_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
-ecs_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+ecs_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+ecs_lib.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+ecs_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 ecs_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-ecs_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+ecs_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+ecs_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 ecs_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ecs_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 ecs_lib.o: ecs_lib.c ecs_locl.h
 ecs_ossl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 ecs_ossl.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
@@ -110,16 +115,28 @@ ecs_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 ecs_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 ecs_ossl.o: ../../include/openssl/symhacks.h ecs_locl.h ecs_ossl.c
 ecs_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-ecs_sign.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-ecs_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h
-ecs_sign.o: ../../include/openssl/engine.h ../../include/openssl/opensslconf.h
+ecs_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+ecs_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ecs_sign.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+ecs_sign.o: ../../include/openssl/engine.h ../../include/openssl/evp.h
+ecs_sign.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+ecs_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ecs_sign.o: ../../include/openssl/opensslconf.h
 ecs_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-ecs_sign.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-ecs_sign.o: ../../include/openssl/symhacks.h ecs_locl.h ecs_sign.c
+ecs_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+ecs_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ecs_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+ecs_sign.o: ../../include/openssl/x509_vfy.h ecs_locl.h ecs_sign.c
 ecs_vrf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-ecs_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-ecs_vrf.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h
-ecs_vrf.o: ../../include/openssl/engine.h ../../include/openssl/opensslconf.h
-ecs_vrf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-ecs_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-ecs_vrf.o: ../../include/openssl/symhacks.h ecs_locl.h ecs_vrf.c
+ecs_vrf.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+ecs_vrf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ecs_vrf.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+ecs_vrf.o: ../../include/openssl/engine.h ../../include/openssl/evp.h
+ecs_vrf.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+ecs_vrf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ecs_vrf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+ecs_vrf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+ecs_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+ecs_vrf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ecs_vrf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+ecs_vrf.o: ecs_locl.h ecs_vrf.c
diff --git a/src/lib/libssl/src/crypto/evp/e_camellia.c b/src/lib/libssl/src/crypto/evp/e_camellia.c
index a7b40d1c60..365d397164 100644
--- a/src/lib/libssl/src/crypto/evp/e_camellia.c
+++ b/src/lib/libssl/src/crypto/evp/e_camellia.c
@@ -93,7 +93,7 @@ IMPLEMENT_BLOCK_CIPHER(camellia_256, ks, Camellia, EVP_CAMELLIA_KEY,
         EVP_CIPHER_get_asn1_iv,
         NULL)
 
-#define IMPLEMENT_CAMELLIA_CFBR(ksize,cbits)    IMPLEMENT_CFBR(camellia,Camellia,EVP_CAMELLIA_KEY,ks,ksize,cbits,16)
+#define IMPLEMENT_CAMELLIA_CFBR(ksize,cbits)    IMPLEMENT_CFBR(camellia,Camellia,EVP_CAMELLIA_KEY,ks,ksize,cbits,16,0)
 
 IMPLEMENT_CAMELLIA_CFBR(128,1)
 IMPLEMENT_CAMELLIA_CFBR(192,1)
diff --git a/src/lib/libssl/src/crypto/fips_err.h b/src/lib/libssl/src/crypto/fips_err.h
new file mode 100644
index 0000000000..b328616858
--- /dev/null
+++ b/src/lib/libssl/src/crypto/fips_err.h
@@ -0,0 +1,137 @@
+/* crypto/fips_err.h */
+/* ====================================================================
+ * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/fips.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_FIPS,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_FIPS,0,reason)
+
+static ERR_STRING_DATA FIPS_str_functs[]=
+        {
+{ERR_FUNC(FIPS_F_DH_BUILTIN_GENPARAMS), "DH_BUILTIN_GENPARAMS"},
+{ERR_FUNC(FIPS_F_DSA_BUILTIN_PARAMGEN), "DSA_BUILTIN_PARAMGEN"},
+{ERR_FUNC(FIPS_F_DSA_DO_SIGN),  "DSA_do_sign"},
+{ERR_FUNC(FIPS_F_DSA_DO_VERIFY),        "DSA_do_verify"},
+{ERR_FUNC(FIPS_F_EVP_CIPHERINIT_EX),    "EVP_CipherInit_ex"},
+{ERR_FUNC(FIPS_F_EVP_DIGESTINIT_EX),    "EVP_DigestInit_ex"},
+{ERR_FUNC(FIPS_F_FIPS_CHECK_DSA),       "FIPS_CHECK_DSA"},
+{ERR_FUNC(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT),        "FIPS_CHECK_INCORE_FINGERPRINT"},
+{ERR_FUNC(FIPS_F_FIPS_CHECK_RSA),       "FIPS_CHECK_RSA"},
+{ERR_FUNC(FIPS_F_FIPS_DSA_CHECK),       "FIPS_DSA_CHECK"},
+{ERR_FUNC(FIPS_F_FIPS_MODE_SET),        "FIPS_mode_set"},
+{ERR_FUNC(FIPS_F_FIPS_PKEY_SIGNATURE_TEST),     "fips_pkey_signature_test"},
+{ERR_FUNC(FIPS_F_FIPS_SELFTEST_AES),    "FIPS_selftest_aes"},
+{ERR_FUNC(FIPS_F_FIPS_SELFTEST_DES),    "FIPS_selftest_des"},
+{ERR_FUNC(FIPS_F_FIPS_SELFTEST_DSA),    "FIPS_selftest_dsa"},
+{ERR_FUNC(FIPS_F_FIPS_SELFTEST_HMAC),   "FIPS_selftest_hmac"},
+{ERR_FUNC(FIPS_F_FIPS_SELFTEST_RNG),    "FIPS_selftest_rng"},
+{ERR_FUNC(FIPS_F_FIPS_SELFTEST_SHA1),   "FIPS_selftest_sha1"},
+{ERR_FUNC(FIPS_F_HASH_FINAL),   "HASH_FINAL"},
+{ERR_FUNC(FIPS_F_RSA_BUILTIN_KEYGEN),   "RSA_BUILTIN_KEYGEN"},
+{ERR_FUNC(FIPS_F_RSA_EAY_PRIVATE_DECRYPT),      "RSA_EAY_PRIVATE_DECRYPT"},
+{ERR_FUNC(FIPS_F_RSA_EAY_PRIVATE_ENCRYPT),      "RSA_EAY_PRIVATE_ENCRYPT"},
+{ERR_FUNC(FIPS_F_RSA_EAY_PUBLIC_DECRYPT),       "RSA_EAY_PUBLIC_DECRYPT"},
+{ERR_FUNC(FIPS_F_RSA_EAY_PUBLIC_ENCRYPT),       "RSA_EAY_PUBLIC_ENCRYPT"},
+{ERR_FUNC(FIPS_F_RSA_X931_GENERATE_KEY_EX),     "RSA_X931_generate_key_ex"},
+{ERR_FUNC(FIPS_F_SSLEAY_RAND_BYTES),    "SSLEAY_RAND_BYTES"},
+{0,NULL}
+        };
+
+static ERR_STRING_DATA FIPS_str_reasons[]=
+        {
+{ERR_REASON(FIPS_R_CANNOT_READ_EXE)      ,"cannot read exe"},
+{ERR_REASON(FIPS_R_CANNOT_READ_EXE_DIGEST),"cannot read exe digest"},
+{ERR_REASON(FIPS_R_CONTRADICTING_EVIDENCE),"contradicting evidence"},
+{ERR_REASON(FIPS_R_EXE_DIGEST_DOES_NOT_MATCH),"exe digest does not match"},
+{ERR_REASON(FIPS_R_FINGERPRINT_DOES_NOT_MATCH),"fingerprint does not match"},
+{ERR_REASON(FIPS_R_FINGERPRINT_DOES_NOT_MATCH_NONPIC_RELOCATED),"fingerprint does not match nonpic relocated"},
+{ERR_REASON(FIPS_R_FINGERPRINT_DOES_NOT_MATCH_SEGMENT_ALIASING),"fingerprint does not match segment aliasing"},
+{ERR_REASON(FIPS_R_FIPS_MODE_ALREADY_SET),"fips mode already set"},
+{ERR_REASON(FIPS_R_FIPS_SELFTEST_FAILED) ,"fips selftest failed"},
+{ERR_REASON(FIPS_R_INVALID_KEY_LENGTH)   ,"invalid key length"},
+{ERR_REASON(FIPS_R_KEY_TOO_SHORT)        ,"key too short"},
+{ERR_REASON(FIPS_R_NON_FIPS_METHOD)      ,"non fips method"},
+{ERR_REASON(FIPS_R_PAIRWISE_TEST_FAILED) ,"pairwise test failed"},
+{ERR_REASON(FIPS_R_RSA_DECRYPT_ERROR)    ,"rsa decrypt error"},
+{ERR_REASON(FIPS_R_RSA_ENCRYPT_ERROR)    ,"rsa encrypt error"},
+{ERR_REASON(FIPS_R_SELFTEST_FAILED)      ,"selftest failed"},
+{ERR_REASON(FIPS_R_TEST_FAILURE)         ,"test failure"},
+{ERR_REASON(FIPS_R_UNSUPPORTED_PLATFORM) ,"unsupported platform"},
+{0,NULL}
+        };
+
+#endif
+
+void ERR_load_FIPS_strings(void)
+        {
+#ifndef OPENSSL_NO_ERR
+
+        if (ERR_func_error_string(FIPS_str_functs[0].error) == NULL)
+                {
+                ERR_load_strings(0,FIPS_str_functs);
+                ERR_load_strings(0,FIPS_str_reasons);
+                }
+#endif
+        }
diff --git a/src/lib/libssl/src/crypto/jpake/Makefile b/src/lib/libssl/src/crypto/jpake/Makefile
new file mode 100644
index 0000000000..a4a1402f2e
--- /dev/null
+++ b/src/lib/libssl/src/crypto/jpake/Makefile
@@ -0,0 +1,64 @@
+DIR=jpake
+TOP=../..
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+LIB=$(TOP)/libcrypto.a
+LIBOBJ=jpake.o jpake_err.o
+LIBSRC=jpake.c jpake_err.c
+
+EXHEADER=jpake.h
+TEST=jpaketest.c
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.s *.o *.obj des lib tags core .pure .nfs* *.old *.bak fluff
+
+jpaketest: top jpaketest.c $(LIB)
+        $(CC) $(CFLAGS) -Wall -Werror -g -o jpaketest jpaketest.c $(LIB)
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+jpake.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+jpake.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+jpake.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+jpake.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+jpake.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+jpake.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+jpake.o: ../../include/openssl/symhacks.h jpake.c jpake.h
+jpake_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+jpake_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+jpake_err.o: ../../include/openssl/err.h ../../include/openssl/jpake.h
+jpake_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+jpake_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+jpake_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+jpake_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+jpake_err.o: jpake_err.c
diff --git a/src/lib/libssl/src/crypto/jpake/jpake.c b/src/lib/libssl/src/crypto/jpake/jpake.c
new file mode 100644
index 0000000000..577b7ef375
--- /dev/null
+++ b/src/lib/libssl/src/crypto/jpake/jpake.c
@@ -0,0 +1,483 @@
+#include "jpake.h"
+
+#include <openssl/crypto.h>
+#include <openssl/sha.h>
+#include <openssl/err.h>
+#include <memory.h>
+#include <assert.h>
+
+/*
+ * In the definition, (xa, xb, xc, xd) are Alice's (x1, x2, x3, x4) or
+ * Bob's (x3, x4, x1, x2). If you see what I mean.
+ */
+
+typedef struct
+    {
+    char *name;  /* Must be unique */
+    char *peer_name;
+    BIGNUM *p;
+    BIGNUM *g;
+    BIGNUM *q;
+    BIGNUM *gxc; /* Alice's g^{x3} or Bob's g^{x1} */
+    BIGNUM *gxd; /* Alice's g^{x4} or Bob's g^{x2} */
+    } JPAKE_CTX_PUBLIC;
+
+struct JPAKE_CTX
+    {
+    JPAKE_CTX_PUBLIC p;
+    BIGNUM *secret;   /* The shared secret */
+    BN_CTX *ctx;
+    BIGNUM *xa;       /* Alice's x1 or Bob's x3 */
+    BIGNUM *xb;       /* Alice's x2 or Bob's x4 */
+    BIGNUM *key;      /* The calculated (shared) key */
+    };
+
+static void JPAKE_ZKP_init(JPAKE_ZKP *zkp)
+    {
+    zkp->gr = BN_new();
+    zkp->b = BN_new();
+    }
+
+static void JPAKE_ZKP_release(JPAKE_ZKP *zkp)
+    {
+    BN_free(zkp->b);
+    BN_free(zkp->gr);
+    }
+
+/* Two birds with one stone - make the global name as expected */
+#define JPAKE_STEP_PART_init    JPAKE_STEP2_init
+#define JPAKE_STEP_PART_release JPAKE_STEP2_release
+
+void JPAKE_STEP_PART_init(JPAKE_STEP_PART *p)
+    {
+    p->gx = BN_new();
+    JPAKE_ZKP_init(&p->zkpx);
+    }
+
+void JPAKE_STEP_PART_release(JPAKE_STEP_PART *p)
+    {
+    JPAKE_ZKP_release(&p->zkpx);
+    BN_free(p->gx);
+    }
+
+void JPAKE_STEP1_init(JPAKE_STEP1 *s1)
+    {
+    JPAKE_STEP_PART_init(&s1->p1);
+    JPAKE_STEP_PART_init(&s1->p2);
+    }
+
+void JPAKE_STEP1_release(JPAKE_STEP1 *s1)
+    {
+    JPAKE_STEP_PART_release(&s1->p2);
+    JPAKE_STEP_PART_release(&s1->p1);
+    }
+
+static void JPAKE_CTX_init(JPAKE_CTX *ctx, const char *name,
+                           const char *peer_name, const BIGNUM *p,
+                           const BIGNUM *g, const BIGNUM *q,
+                           const BIGNUM *secret)
+    {
+    ctx->p.name = OPENSSL_strdup(name);
+    ctx->p.peer_name = OPENSSL_strdup(peer_name);
+    ctx->p.p = BN_dup(p);
+    ctx->p.g = BN_dup(g);
+    ctx->p.q = BN_dup(q);
+    ctx->secret = BN_dup(secret);
+
+    ctx->p.gxc = BN_new();
+    ctx->p.gxd = BN_new();
+
+    ctx->xa = BN_new();
+    ctx->xb = BN_new();
+    ctx->key = BN_new();
+    ctx->ctx = BN_CTX_new();
+    }
+    
+static void JPAKE_CTX_release(JPAKE_CTX *ctx)
+    {
+    BN_CTX_free(ctx->ctx);
+    BN_clear_free(ctx->key);
+    BN_clear_free(ctx->xb);
+    BN_clear_free(ctx->xa);
+
+    BN_free(ctx->p.gxd);
+    BN_free(ctx->p.gxc);
+
+    BN_clear_free(ctx->secret);
+    BN_free(ctx->p.q);
+    BN_free(ctx->p.g);
+    BN_free(ctx->p.p);
+    OPENSSL_free(ctx->p.peer_name);
+    OPENSSL_free(ctx->p.name);
+
+    memset(ctx, '\0', sizeof *ctx);
+    }
+    
+JPAKE_CTX *JPAKE_CTX_new(const char *name, const char *peer_name,
+                         const BIGNUM *p, const BIGNUM *g, const BIGNUM *q,
+                         const BIGNUM *secret)
+    {
+    JPAKE_CTX *ctx = OPENSSL_malloc(sizeof *ctx);
+
+    JPAKE_CTX_init(ctx, name, peer_name, p, g, q, secret);
+
+    return ctx;
+    }
+
+void JPAKE_CTX_free(JPAKE_CTX *ctx)
+    {
+    JPAKE_CTX_release(ctx);
+    OPENSSL_free(ctx);
+    }
+
+static void hashlength(SHA_CTX *sha, size_t l)
+    {
+    unsigned char b[2];
+
+    assert(l <= 0xffff);
+    b[0] = l >> 8;
+    b[1] = l&0xff;
+    SHA1_Update(sha, b, 2);
+    }
+
+static void hashstring(SHA_CTX *sha, const char *string)
+    {
+    size_t l = strlen(string);
+
+    hashlength(sha, l);
+    SHA1_Update(sha, string, l);
+    }
+
+static void hashbn(SHA_CTX *sha, const BIGNUM *bn)
+    {
+    size_t l = BN_num_bytes(bn);
+    unsigned char *bin = OPENSSL_malloc(l);
+
+    hashlength(sha, l);
+    BN_bn2bin(bn, bin);
+    SHA1_Update(sha, bin, l);
+    OPENSSL_free(bin);
+    }
+
+/* h=hash(g, g^r, g^x, name) */
+static void zkp_hash(BIGNUM *h, const BIGNUM *zkpg, const JPAKE_STEP_PART *p,
+                     const char *proof_name)
+    {
+    unsigned char md[SHA_DIGEST_LENGTH];
+    SHA_CTX sha;
+
+   /*
+    * XXX: hash should not allow moving of the boundaries - Java code
+    * is flawed in this respect. Length encoding seems simplest.
+    */
+    SHA1_Init(&sha);
+    hashbn(&sha, zkpg);
+    assert(!BN_is_zero(p->zkpx.gr));
+    hashbn(&sha, p->zkpx.gr);
+    hashbn(&sha, p->gx);
+    hashstring(&sha, proof_name);
+    SHA1_Final(md, &sha);
+    BN_bin2bn(md, SHA_DIGEST_LENGTH, h);
+    }
+
+/*
+ * Prove knowledge of x
+ * Note that p->gx has already been calculated
+ */
+static void generate_zkp(JPAKE_STEP_PART *p, const BIGNUM *x,
+                         const BIGNUM *zkpg, JPAKE_CTX *ctx)
+    {
+    BIGNUM *r = BN_new();
+    BIGNUM *h = BN_new();
+    BIGNUM *t = BN_new();
+
+   /*
+    * r in [0,q)
+    * XXX: Java chooses r in [0, 2^160) - i.e. distribution not uniform
+    */
+    BN_rand_range(r, ctx->p.q);
+   /* g^r */
+    BN_mod_exp(p->zkpx.gr, zkpg, r, ctx->p.p, ctx->ctx);
+
+   /* h=hash... */
+    zkp_hash(h, zkpg, p, ctx->p.name);
+
+   /* b = r - x*h */
+    BN_mod_mul(t, x, h, ctx->p.q, ctx->ctx);
+    BN_mod_sub(p->zkpx.b, r, t, ctx->p.q, ctx->ctx);
+
+   /* cleanup */
+    BN_free(t);
+    BN_free(h);
+    BN_free(r);
+    }
+
+static int verify_zkp(const JPAKE_STEP_PART *p, const BIGNUM *zkpg,
+                      JPAKE_CTX *ctx)
+    {
+    BIGNUM *h = BN_new();
+    BIGNUM *t1 = BN_new();
+    BIGNUM *t2 = BN_new();
+    BIGNUM *t3 = BN_new();
+    int ret = 0;
+
+    zkp_hash(h, zkpg, p, ctx->p.peer_name);
+
+   /* t1 = g^b */
+    BN_mod_exp(t1, zkpg, p->zkpx.b, ctx->p.p, ctx->ctx);
+   /* t2 = (g^x)^h = g^{hx} */
+    BN_mod_exp(t2, p->gx, h, ctx->p.p, ctx->ctx);
+   /* t3 = t1 * t2 = g^{hx} * g^b = g^{hx+b} = g^r (allegedly) */
+    BN_mod_mul(t3, t1, t2, ctx->p.p, ctx->ctx);
+
+   /* verify t3 == g^r */
+    if(BN_cmp(t3, p->zkpx.gr) == 0)
+        ret = 1;
+    else
+        JPAKEerr(JPAKE_F_VERIFY_ZKP, JPAKE_R_ZKP_VERIFY_FAILED);
+
+   /* cleanup */
+    BN_free(t3);
+    BN_free(t2);
+    BN_free(t1);
+    BN_free(h);
+
+    return ret;
+    }    
+
+static void generate_step_part(JPAKE_STEP_PART *p, const BIGNUM *x,
+                               const BIGNUM *g, JPAKE_CTX *ctx)
+    {
+    BN_mod_exp(p->gx, g, x, ctx->p.p, ctx->ctx);
+    generate_zkp(p, x, g, ctx);
+    }
+
+/* Generate each party's random numbers. xa is in [0, q), xb is in [1, q). */
+static void genrand(JPAKE_CTX *ctx)
+    {
+    BIGNUM *qm1;
+
+   /* xa in [0, q) */
+    BN_rand_range(ctx->xa, ctx->p.q);
+
+   /* q-1 */
+    qm1 = BN_new();
+    BN_copy(qm1, ctx->p.q);
+    BN_sub_word(qm1, 1);
+
+   /* ... and xb in [0, q-1) */
+    BN_rand_range(ctx->xb, qm1);
+   /* [1, q) */
+    BN_add_word(ctx->xb, 1);
+
+   /* cleanup */
+    BN_free(qm1);
+    }
+
+int JPAKE_STEP1_generate(JPAKE_STEP1 *send, JPAKE_CTX *ctx)
+    {
+    genrand(ctx);
+    generate_step_part(&send->p1, ctx->xa, ctx->p.g, ctx);
+    generate_step_part(&send->p2, ctx->xb, ctx->p.g, ctx);
+
+    return 1;
+    }
+
+int JPAKE_STEP1_process(JPAKE_CTX *ctx, const JPAKE_STEP1 *received)
+    {
+   /* verify their ZKP(xc) */
+    if(!verify_zkp(&received->p1, ctx->p.g, ctx))
+        {
+        JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_VERIFY_X3_FAILED);
+        return 0;
+        }
+
+   /* verify their ZKP(xd) */
+    if(!verify_zkp(&received->p2, ctx->p.g, ctx))
+        {
+        JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_VERIFY_X4_FAILED);
+        return 0;
+        }
+
+   /* g^xd != 1 */
+    if(BN_is_one(received->p2.gx))
+        {
+        JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_G_TO_THE_X4_IS_ONE);
+        return 0;
+        }
+
+   /* Save the bits we need for later */
+    BN_copy(ctx->p.gxc, received->p1.gx);
+    BN_copy(ctx->p.gxd, received->p2.gx);
+
+    return 1;
+    }
+
+
+int JPAKE_STEP2_generate(JPAKE_STEP2 *send, JPAKE_CTX *ctx)
+    {
+    BIGNUM *t1 = BN_new();
+    BIGNUM *t2 = BN_new();
+
+   /*
+    * X = g^{(xa + xc + xd) * xb * s}
+    * t1 = g^xa
+    */
+    BN_mod_exp(t1, ctx->p.g, ctx->xa, ctx->p.p, ctx->ctx);
+   /* t2 = t1 * g^{xc} = g^{xa} * g^{xc} = g^{xa + xc} */
+    BN_mod_mul(t2, t1, ctx->p.gxc, ctx->p.p, ctx->ctx);
+   /* t1 = t2 * g^{xd} = g^{xa + xc + xd} */
+    BN_mod_mul(t1, t2, ctx->p.gxd, ctx->p.p, ctx->ctx);
+   /* t2 = xb * s */
+    BN_mod_mul(t2, ctx->xb, ctx->secret, ctx->p.q, ctx->ctx);
+
+   /*
+    * ZKP(xb * s)
+    * XXX: this is kinda funky, because we're using
+    *
+    * g' = g^{xa + xc + xd}
+    *
+    * as the generator, which means X is g'^{xb * s}
+    * X = t1^{t2} = t1^{xb * s} = g^{(xa + xc + xd) * xb * s}
+    */
+    generate_step_part(send, t2, t1, ctx);
+
+   /* cleanup */
+    BN_free(t1);
+    BN_free(t2);
+
+    return 1;
+    }
+
+/* gx = g^{xc + xa + xb} * xd * s */
+static int compute_key(JPAKE_CTX *ctx, const BIGNUM *gx)
+    {
+    BIGNUM *t1 = BN_new();
+    BIGNUM *t2 = BN_new();
+    BIGNUM *t3 = BN_new();
+
+   /*
+    * K = (gx/g^{xb * xd * s})^{xb}
+    *   = (g^{(xc + xa + xb) * xd * s - xb * xd *s})^{xb}
+    *   = (g^{(xa + xc) * xd * s})^{xb}
+    *   = g^{(xa + xc) * xb * xd * s}
+    * [which is the same regardless of who calculates it]
+    */
+
+   /* t1 = (g^{xd})^{xb} = g^{xb * xd} */
+    BN_mod_exp(t1, ctx->p.gxd, ctx->xb, ctx->p.p, ctx->ctx);
+   /* t2 = -s = q-s */
+    BN_sub(t2, ctx->p.q, ctx->secret);
+   /* t3 = t1^t2 = g^{-xb * xd * s} */
+    BN_mod_exp(t3, t1, t2, ctx->p.p, ctx->ctx);
+   /* t1 = gx * t3 = X/g^{xb * xd * s} */
+    BN_mod_mul(t1, gx, t3, ctx->p.p, ctx->ctx);
+   /* K = t1^{xb} */
+    BN_mod_exp(ctx->key, t1, ctx->xb, ctx->p.p, ctx->ctx);
+
+   /* cleanup */
+    BN_free(t3);
+    BN_free(t2);
+    BN_free(t1);
+
+    return 1;
+    }
+
+int JPAKE_STEP2_process(JPAKE_CTX *ctx, const JPAKE_STEP2 *received)
+    {
+    BIGNUM *t1 = BN_new();
+    BIGNUM *t2 = BN_new();
+    int ret = 0;
+
+   /*
+    * g' = g^{xc + xa + xb} [from our POV]
+    * t1 = xa + xb
+    */
+    BN_mod_add(t1, ctx->xa, ctx->xb, ctx->p.q, ctx->ctx);
+   /* t2 = g^{t1} = g^{xa+xb} */
+    BN_mod_exp(t2, ctx->p.g, t1, ctx->p.p, ctx->ctx);
+   /* t1 = g^{xc} * t2 = g^{xc + xa + xb} */
+    BN_mod_mul(t1, ctx->p.gxc, t2, ctx->p.p, ctx->ctx);
+
+    if(verify_zkp(received, t1, ctx))
+        ret = 1;
+    else
+        JPAKEerr(JPAKE_F_JPAKE_STEP2_PROCESS, JPAKE_R_VERIFY_B_FAILED);
+
+    compute_key(ctx, received->gx);
+
+   /* cleanup */
+    BN_free(t2);
+    BN_free(t1);
+
+    return ret;
+    }
+
+static void quickhashbn(unsigned char *md, const BIGNUM *bn)
+    {
+    SHA_CTX sha;
+
+    SHA1_Init(&sha);
+    hashbn(&sha, bn);
+    SHA1_Final(md, &sha);
+    }
+
+void JPAKE_STEP3A_init(JPAKE_STEP3A *s3a)
+    {}
+
+int JPAKE_STEP3A_generate(JPAKE_STEP3A *send, JPAKE_CTX *ctx)
+    {
+    quickhashbn(send->hhk, ctx->key);
+    SHA1(send->hhk, sizeof send->hhk, send->hhk);
+
+    return 1;
+    }
+
+int JPAKE_STEP3A_process(JPAKE_CTX *ctx, const JPAKE_STEP3A *received)
+    {
+    unsigned char hhk[SHA_DIGEST_LENGTH];
+
+    quickhashbn(hhk, ctx->key);
+    SHA1(hhk, sizeof hhk, hhk);
+    if(memcmp(hhk, received->hhk, sizeof hhk))
+        {
+        JPAKEerr(JPAKE_F_JPAKE_STEP3A_PROCESS, JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH);
+        return 0;
+        }
+    return 1;
+    }
+
+void JPAKE_STEP3A_release(JPAKE_STEP3A *s3a)
+    {}
+
+void JPAKE_STEP3B_init(JPAKE_STEP3B *s3b)
+    {}
+
+int JPAKE_STEP3B_generate(JPAKE_STEP3B *send, JPAKE_CTX *ctx)
+    {
+    quickhashbn(send->hk, ctx->key);
+
+    return 1;
+    }
+
+int JPAKE_STEP3B_process(JPAKE_CTX *ctx, const JPAKE_STEP3B *received)
+    {
+    unsigned char hk[SHA_DIGEST_LENGTH];
+
+    quickhashbn(hk, ctx->key);
+    if(memcmp(hk, received->hk, sizeof hk))
+        {
+        JPAKEerr(JPAKE_F_JPAKE_STEP3B_PROCESS, JPAKE_R_HASH_OF_KEY_MISMATCH);
+        return 0;
+        }
+    return 1;
+    }
+
+void JPAKE_STEP3B_release(JPAKE_STEP3B *s3b)
+    {}
+
+const BIGNUM *JPAKE_get_shared_key(JPAKE_CTX *ctx)
+    {
+    return ctx->key;
+    }
+
diff --git a/src/lib/libssl/src/crypto/jpake/jpake.h b/src/lib/libssl/src/crypto/jpake/jpake.h
new file mode 100644
index 0000000000..693ea188cb
--- /dev/null
+++ b/src/lib/libssl/src/crypto/jpake/jpake.h
@@ -0,0 +1,129 @@
+/*
+ * Implement J-PAKE, as described in
+ * http://grouper.ieee.org/groups/1363/Research/contributions/hao-ryan-2008.pdf
+ * 
+ * With hints from http://www.cl.cam.ac.uk/~fh240/software/JPAKE2.java.
+ */
+
+#ifndef HEADER_JPAKE_H
+#define HEADER_JPAKE_H
+
+#include <openssl/opensslconf.h>
+
+#ifdef OPENSSL_NO_JPAKE
+#error JPAKE is disabled.
+#endif
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#include <openssl/bn.h>
+#include <openssl/sha.h>
+
+typedef struct JPAKE_CTX JPAKE_CTX;
+
+/* Note that "g" in the ZKPs is not necessarily the J-PAKE g. */
+typedef struct
+    {
+    BIGNUM *gr; /* g^r (r random) */
+    BIGNUM *b;  /* b = r - x*h, h=hash(g, g^r, g^x, name) */
+    } JPAKE_ZKP;
+
+typedef struct
+    {
+    BIGNUM *gx;       /* g^x in step 1, g^(xa + xc + xd) * xb * s in step 2 */
+    JPAKE_ZKP zkpx;   /* ZKP(x) or ZKP(xb * s) */
+    } JPAKE_STEP_PART;
+
+typedef struct
+    {
+    JPAKE_STEP_PART p1;   /* g^x3, ZKP(x3) or g^x1, ZKP(x1) */
+    JPAKE_STEP_PART p2;   /* g^x4, ZKP(x4) or g^x2, ZKP(x2) */
+    } JPAKE_STEP1;
+
+typedef JPAKE_STEP_PART JPAKE_STEP2;
+
+typedef struct
+    {
+    unsigned char hhk[SHA_DIGEST_LENGTH];
+    } JPAKE_STEP3A;
+
+typedef struct
+    {
+    unsigned char hk[SHA_DIGEST_LENGTH];
+    } JPAKE_STEP3B;
+
+/* Parameters are copied */
+JPAKE_CTX *JPAKE_CTX_new(const char *name, const char *peer_name,
+                         const BIGNUM *p, const BIGNUM *g, const BIGNUM *q,
+                         const BIGNUM *secret);
+void JPAKE_CTX_free(JPAKE_CTX *ctx);
+
+/*
+ * Note that JPAKE_STEP1 can be used multiple times before release
+ * without another init.
+ */
+void JPAKE_STEP1_init(JPAKE_STEP1 *s1);
+int JPAKE_STEP1_generate(JPAKE_STEP1 *send, JPAKE_CTX *ctx);
+int JPAKE_STEP1_process(JPAKE_CTX *ctx, const JPAKE_STEP1 *received);
+void JPAKE_STEP1_release(JPAKE_STEP1 *s1);
+
+/*
+ * Note that JPAKE_STEP2 can be used multiple times before release
+ * without another init.
+ */
+void JPAKE_STEP2_init(JPAKE_STEP2 *s2);
+int JPAKE_STEP2_generate(JPAKE_STEP2 *send, JPAKE_CTX *ctx);
+int JPAKE_STEP2_process(JPAKE_CTX *ctx, const JPAKE_STEP2 *received);
+void JPAKE_STEP2_release(JPAKE_STEP2 *s2);
+
+/*
+ * Optionally verify the shared key. If the shared secrets do not
+ * match, the two ends will disagree about the shared key, but
+ * otherwise the protocol will succeed.
+ */
+void JPAKE_STEP3A_init(JPAKE_STEP3A *s3a);
+int JPAKE_STEP3A_generate(JPAKE_STEP3A *send, JPAKE_CTX *ctx);
+int JPAKE_STEP3A_process(JPAKE_CTX *ctx, const JPAKE_STEP3A *received);
+void JPAKE_STEP3A_release(JPAKE_STEP3A *s3a);
+
+void JPAKE_STEP3B_init(JPAKE_STEP3B *s3b);
+int JPAKE_STEP3B_generate(JPAKE_STEP3B *send, JPAKE_CTX *ctx);
+int JPAKE_STEP3B_process(JPAKE_CTX *ctx, const JPAKE_STEP3B *received);
+void JPAKE_STEP3B_release(JPAKE_STEP3B *s3b);
+
+/*
+ * the return value belongs to the library and will be released when
+ * ctx is released, and will change when a new handshake is performed.
+ */
+const BIGNUM *JPAKE_get_shared_key(JPAKE_CTX *ctx);
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_JPAKE_strings(void);
+
+/* Error codes for the JPAKE functions. */
+
+/* Function codes. */
+#define JPAKE_F_JPAKE_STEP1_PROCESS                      101
+#define JPAKE_F_JPAKE_STEP2_PROCESS                      102
+#define JPAKE_F_JPAKE_STEP3A_PROCESS                     103
+#define JPAKE_F_JPAKE_STEP3B_PROCESS                     104
+#define JPAKE_F_VERIFY_ZKP                               100
+
+/* Reason codes. */
+#define JPAKE_R_G_TO_THE_X4_IS_ONE                       105
+#define JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH             106
+#define JPAKE_R_HASH_OF_KEY_MISMATCH                     107
+#define JPAKE_R_VERIFY_B_FAILED                          102
+#define JPAKE_R_VERIFY_X3_FAILED                         103
+#define JPAKE_R_VERIFY_X4_FAILED                         104
+#define JPAKE_R_ZKP_VERIFY_FAILED                        100
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libssl/src/crypto/jpake/jpake_err.c b/src/lib/libssl/src/crypto/jpake/jpake_err.c
new file mode 100644
index 0000000000..1b95067967
--- /dev/null
+++ b/src/lib/libssl/src/crypto/jpake/jpake_err.c
@@ -0,0 +1,105 @@
+/* crypto/jpake/jpake_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/jpake.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_JPAKE,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_JPAKE,0,reason)
+
+static ERR_STRING_DATA JPAKE_str_functs[]=
+        {
+{ERR_FUNC(JPAKE_F_JPAKE_STEP1_PROCESS), "JPAKE_STEP1_process"},
+{ERR_FUNC(JPAKE_F_JPAKE_STEP2_PROCESS), "JPAKE_STEP2_process"},
+{ERR_FUNC(JPAKE_F_JPAKE_STEP3A_PROCESS),        "JPAKE_STEP3A_process"},
+{ERR_FUNC(JPAKE_F_JPAKE_STEP3B_PROCESS),        "JPAKE_STEP3B_process"},
+{ERR_FUNC(JPAKE_F_VERIFY_ZKP),  "VERIFY_ZKP"},
+{0,NULL}
+        };
+
+static ERR_STRING_DATA JPAKE_str_reasons[]=
+        {
+{ERR_REASON(JPAKE_R_G_TO_THE_X4_IS_ONE)  ,"g to the x4 is one"},
+{ERR_REASON(JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH),"hash of hash of key mismatch"},
+{ERR_REASON(JPAKE_R_HASH_OF_KEY_MISMATCH),"hash of key mismatch"},
+{ERR_REASON(JPAKE_R_VERIFY_B_FAILED)     ,"verify b failed"},
+{ERR_REASON(JPAKE_R_VERIFY_X3_FAILED)    ,"verify x3 failed"},
+{ERR_REASON(JPAKE_R_VERIFY_X4_FAILED)    ,"verify x4 failed"},
+{ERR_REASON(JPAKE_R_ZKP_VERIFY_FAILED)   ,"zkp verify failed"},
+{0,NULL}
+        };
+
+#endif
+
+void ERR_load_JPAKE_strings(void)
+        {
+#ifndef OPENSSL_NO_ERR
+
+        if (ERR_func_error_string(JPAKE_str_functs[0].error) == NULL)
+                {
+                ERR_load_strings(0,JPAKE_str_functs);
+                ERR_load_strings(0,JPAKE_str_reasons);
+                }
+#endif
+        }
diff --git a/src/lib/libssl/src/crypto/jpake/jpaketest.c b/src/lib/libssl/src/crypto/jpake/jpaketest.c
new file mode 100644
index 0000000000..792fc49eb4
--- /dev/null
+++ b/src/lib/libssl/src/crypto/jpake/jpaketest.c
@@ -0,0 +1,192 @@
+#include <openssl/opensslconf.h>
+
+#ifdef OPENSSL_NO_JPAKE
+
+#include <stdio.h>
+
+int main(int argc, char *argv[])
+{
+    printf("No J-PAKE support\n");
+    return(0);
+}
+
+#else
+
+#include <openssl/jpake.h>
+#include <openssl/err.h>
+
+static void showbn(const char *name, const BIGNUM *bn)
+    {
+    fputs(name, stdout);
+    fputs(" = ", stdout);
+    BN_print_fp(stdout, bn);
+    putc('\n', stdout);
+    }
+
+static int run_jpake(JPAKE_CTX *alice, JPAKE_CTX *bob)
+    {
+    JPAKE_STEP1 alice_s1;
+    JPAKE_STEP1 bob_s1;
+    JPAKE_STEP2 alice_s2;
+    JPAKE_STEP2 bob_s2;
+    JPAKE_STEP3A alice_s3a;
+    JPAKE_STEP3B bob_s3b;
+
+   /* Alice -> Bob: step 1 */
+    puts("A->B s1");
+    JPAKE_STEP1_init(&alice_s1);
+    JPAKE_STEP1_generate(&alice_s1, alice);
+    if(!JPAKE_STEP1_process(bob, &alice_s1))
+        {
+        printf("Bob fails to process Alice's step 1\n");
+        ERR_print_errors_fp(stdout);
+        return 1;
+        }
+    JPAKE_STEP1_release(&alice_s1);
+
+   /* Bob -> Alice: step 1 */
+    puts("B->A s1");
+    JPAKE_STEP1_init(&bob_s1);
+    JPAKE_STEP1_generate(&bob_s1, bob);
+    if(!JPAKE_STEP1_process(alice, &bob_s1))
+        {
+        printf("Alice fails to process Bob's step 1\n");
+        ERR_print_errors_fp(stdout);
+        return 2;
+        }
+    JPAKE_STEP1_release(&bob_s1);
+
+   /* Alice -> Bob: step 2 */
+    puts("A->B s2");
+    JPAKE_STEP2_init(&alice_s2);
+    JPAKE_STEP2_generate(&alice_s2, alice);
+    if(!JPAKE_STEP2_process(bob, &alice_s2))
+        {
+        printf("Bob fails to process Alice's step 2\n");
+        ERR_print_errors_fp(stdout);
+        return 3;
+        }
+    JPAKE_STEP2_release(&alice_s2);
+
+   /* Bob -> Alice: step 2 */
+    puts("B->A s2");
+    JPAKE_STEP2_init(&bob_s2);
+    JPAKE_STEP2_generate(&bob_s2, bob);
+    if(!JPAKE_STEP2_process(alice, &bob_s2))
+        {
+        printf("Alice fails to process Bob's step 2\n");
+        ERR_print_errors_fp(stdout);
+        return 4;
+        }
+    JPAKE_STEP2_release(&bob_s2);
+
+    showbn("Alice's key", JPAKE_get_shared_key(alice));
+    showbn("Bob's key  ", JPAKE_get_shared_key(bob));
+
+   /* Alice -> Bob: step 3a */
+    puts("A->B s3a");
+    JPAKE_STEP3A_init(&alice_s3a);
+    JPAKE_STEP3A_generate(&alice_s3a, alice);
+    if(!JPAKE_STEP3A_process(bob, &alice_s3a))
+        {
+        printf("Bob fails to process Alice's step 3a\n");
+        ERR_print_errors_fp(stdout);
+        return 5;
+        }
+    JPAKE_STEP3A_release(&alice_s3a);
+    
+   /* Bob -> Alice: step 3b */
+    puts("B->A s3b");
+    JPAKE_STEP3B_init(&bob_s3b);
+    JPAKE_STEP3B_generate(&bob_s3b, bob);
+    if(!JPAKE_STEP3B_process(alice, &bob_s3b))
+        {
+        printf("Alice fails to process Bob's step 3b\n");
+        ERR_print_errors_fp(stdout);
+        return 6;
+        }
+    JPAKE_STEP3B_release(&bob_s3b);
+
+    return 0;
+    }
+
+int main(int argc, char **argv)
+    {
+    JPAKE_CTX *alice;
+    JPAKE_CTX *bob;
+    BIGNUM *p = NULL;
+    BIGNUM *g = NULL;
+    BIGNUM *q = NULL;
+    BIGNUM *secret = BN_new();
+    BIO *bio_err;
+
+    bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+
+    CRYPTO_malloc_debug_init();
+    CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+    ERR_load_crypto_strings();
+
+    /*
+    BN_hex2bn(&p, "fd7f53811d75122952df4a9c2eece4e7f611b7523cef4400c31e3f80b6512669455d402251fb593d8d58fabfc5f5ba30f6cb9b556cd7813b801d346ff26660b76b9950a5a49f9fe8047b1022c24fbba9d7feb7c61bf83b57e7c6a8a6150f04fb83f6d3c51ec3023554135a169132f675f3ae2b61d72aeff22203199dd14801c7");
+    BN_hex2bn(&g, "f7e1a085d69b3ddecbbcab5c36b857b97994afbbfa3aea82f9574c0b3d0782675159578ebad4594fe67107108180b449167123e84c281613b7cf09328cc8a6e13c167a8b547c8d28e0a3ae1e2bb3a675916ea37f0bfa213562f1fb627a01243bcca4f1bea8519089a883dfe15ae59f06928b665e807b552564014c3bfecf492a");
+    BN_hex2bn(&q, "9760508f15230bccb292b982a2eb840bf0581cf5");
+    */
+    /*
+    p = BN_new();
+    BN_generate_prime(p, 1024, 1, NULL, NULL, NULL, NULL);
+    */
+   /* Use a safe prime for p (that we found earlier) */
+    BN_hex2bn(&p, "F9E5B365665EA7A05A9C534502780FEE6F1AB5BD4F49947FD036DBD7E905269AF46EF28B0FC07487EE4F5D20FB3C0AF8E700F3A2FA3414970CBED44FEDFF80CE78D800F184BB82435D137AADA2C6C16523247930A63B85661D1FC817A51ACD96168E95898A1F83A79FFB529368AA7833ABD1B0C3AEDDB14D2E1A2F71D99F763F");
+    showbn("p", p);
+    g = BN_new();
+    BN_set_word(g, 2);
+    showbn("g", g);
+    q = BN_new();
+    BN_rshift1(q, p);
+    showbn("q", q);
+
+    BN_rand(secret, 32, -1, 0);
+
+   /* A normal run, expect this to work... */
+    alice = JPAKE_CTX_new("Alice", "Bob", p, g, q, secret);
+    bob = JPAKE_CTX_new("Bob", "Alice", p, g, q, secret);
+
+    if(run_jpake(alice, bob) != 0)
+        {
+        fprintf(stderr, "Plain JPAKE run failed\n");
+        return 1;
+        }
+
+    JPAKE_CTX_free(bob);
+    JPAKE_CTX_free(alice);
+
+   /* Now give Alice and Bob different secrets */
+    alice = JPAKE_CTX_new("Alice", "Bob", p, g, q, secret);
+    BN_add_word(secret, 1);
+    bob = JPAKE_CTX_new("Bob", "Alice", p, g, q, secret);
+
+    if(run_jpake(alice, bob) != 5)
+        {
+        fprintf(stderr, "Mismatched secret JPAKE run failed\n");
+        return 1;
+        }
+
+    JPAKE_CTX_free(bob);
+    JPAKE_CTX_free(alice);
+
+    BN_free(secret);
+    BN_free(q);
+    BN_free(g);
+    BN_free(p);
+
+    CRYPTO_cleanup_all_ex_data();
+    ERR_remove_state(0);
+    ERR_free_strings();
+    CRYPTO_mem_leaks(bio_err);
+
+    return 0;
+    }
+
+#endif
diff --git a/src/lib/libssl/src/crypto/o_init.c b/src/lib/libssl/src/crypto/o_init.c
new file mode 100644
index 0000000000..00ed65a6cf
--- /dev/null
+++ b/src/lib/libssl/src/crypto/o_init.c
@@ -0,0 +1,86 @@
+/* o_init.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <e_os.h>
+#include <openssl/err.h>
+
+/* Perform any essential OpenSSL initialization operations.
+ * Currently only sets FIPS callbacks
+ */
+
+void OPENSSL_init(void)
+        {
+#ifdef OPENSSL_FIPS
+        static int done = 0;
+        if (!done)
+                {
+                int_ERR_lib_init();
+#ifdef CRYPTO_MDEBUG
+                CRYPTO_malloc_debug_init();
+#endif
+#ifdef OPENSSL_ENGINE
+                int_EVP_MD_init_engine_callbacks();
+                int_EVP_CIPHER_init_engine_callbacks();
+                int_RAND_init_engine_callbacks();
+#endif
+                done = 1;
+                }
+#endif
+        }
+                
+
diff --git a/src/lib/libssl/src/crypto/pqueue/Makefile b/src/lib/libssl/src/crypto/pqueue/Makefile
index d0c39d25ce..36bfc349aa 100644
--- a/src/lib/libssl/src/crypto/pqueue/Makefile
+++ b/src/lib/libssl/src/crypto/pqueue/Makefile
@@ -33,7 +33,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
diff --git a/src/lib/libssl/src/crypto/rc4/asm/rc4-x86_64.pl b/src/lib/libssl/src/crypto/rc4/asm/rc4-x86_64.pl
index 2d47320485..00c6fa28aa 100755
--- a/src/lib/libssl/src/crypto/rc4/asm/rc4-x86_64.pl
+++ b/src/lib/libssl/src/crypto/rc4/asm/rc4-x86_64.pl
@@ -359,6 +359,8 @@ ___
 
 $code =~ s/#([bwd])/$1/gm;
 
+$code =~ s/RC4_set_key/private_RC4_set_key/g if ($ENV{FIPSCANLIB} ne "");
+
 print $code;
 
 close STDOUT;
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_pss.c b/src/lib/libssl/src/crypto/rsa/rsa_pss.c
index e19d18c5b9..9b993aca49 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_pss.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_pss.c
@@ -1,5 +1,5 @@
 /* rsa_pss.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2005.
  */
 /* ====================================================================
@@ -81,7 +81,7 @@ int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
         EVP_MD_CTX ctx;
         unsigned char H_[EVP_MAX_MD_SIZE];
 
-        hLen = EVP_MD_size(Hash);
+        hLen = M_EVP_MD_size(Hash);
         /*
          * Negative sLen has special meanings:
          *      -1      sLen == hLen
@@ -176,7 +176,7 @@ int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
         unsigned char *H, *salt = NULL, *p;
         EVP_MD_CTX ctx;
 
-        hLen = EVP_MD_size(Hash);
+        hLen = M_EVP_MD_size(Hash);
         /*
          * Negative sLen has special meanings:
          *      -1      sLen == hLen
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_x931.c b/src/lib/libssl/src/crypto/rsa/rsa_x931.c
index e918654176..21548e37ed 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_x931.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_x931.c
@@ -1,5 +1,5 @@
 /* rsa_x931.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2005.
  */
 /* ====================================================================
diff --git a/src/lib/libssl/src/crypto/seed/Makefile b/src/lib/libssl/src/crypto/seed/Makefile
index f9de27b288..ffaeb84218 100644
--- a/src/lib/libssl/src/crypto/seed/Makefile
+++ b/src/lib/libssl/src/crypto/seed/Makefile
@@ -34,7 +34,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
diff --git a/src/lib/libssl/src/crypto/sha/sha256.c b/src/lib/libssl/src/crypto/sha/sha256.c
index 867f90cc97..3256a83e98 100644
--- a/src/lib/libssl/src/crypto/sha/sha256.c
+++ b/src/lib/libssl/src/crypto/sha/sha256.c
@@ -12,12 +12,19 @@
 
 #include <openssl/crypto.h>
 #include <openssl/sha.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
 #include <openssl/opensslv.h>
 
 const char SHA256_version[]="SHA-256" OPENSSL_VERSION_PTEXT;
 
 int SHA224_Init (SHA256_CTX *c)
         {
+#ifdef OPENSSL_FIPS
+        FIPS_selftest_check();
+#endif
         c->h[0]=0xc1059ed8UL;   c->h[1]=0x367cd507UL;
         c->h[2]=0x3070dd17UL;   c->h[3]=0xf70e5939UL;
         c->h[4]=0xffc00b31UL;   c->h[5]=0x68581511UL;
@@ -29,6 +36,9 @@ int SHA224_Init (SHA256_CTX *c)
 
 int SHA256_Init (SHA256_CTX *c)
         {
+#ifdef OPENSSL_FIPS
+        FIPS_selftest_check();
+#endif
         c->h[0]=0x6a09e667UL;   c->h[1]=0xbb67ae85UL;
         c->h[2]=0x3c6ef372UL;   c->h[3]=0xa54ff53aUL;
         c->h[4]=0x510e527fUL;   c->h[5]=0x9b05688cUL;
diff --git a/src/lib/libssl/src/crypto/sha/sha512.c b/src/lib/libssl/src/crypto/sha/sha512.c
index 987fc07c99..f5ed468b85 100644
--- a/src/lib/libssl/src/crypto/sha/sha512.c
+++ b/src/lib/libssl/src/crypto/sha/sha512.c
@@ -5,6 +5,10 @@
  * ====================================================================
  */
 #include <openssl/opensslconf.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
 #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512)
 /*
  * IMPLEMENTATION NOTES.
@@ -61,6 +65,9 @@ const char SHA512_version[]="SHA-512" OPENSSL_VERSION_PTEXT;
 
 int SHA384_Init (SHA512_CTX *c)
         {
+#ifdef OPENSSL_FIPS
+        FIPS_selftest_check();
+#endif
         c->h[0]=U64(0xcbbb9d5dc1059ed8);
         c->h[1]=U64(0x629a292a367cd507);
         c->h[2]=U64(0x9159015a3070dd17);
@@ -76,6 +83,9 @@ int SHA384_Init (SHA512_CTX *c)
 
 int SHA512_Init (SHA512_CTX *c)
         {
+#ifdef OPENSSL_FIPS
+        FIPS_selftest_check();
+#endif
         c->h[0]=U64(0x6a09e667f3bcc908);
         c->h[1]=U64(0xbb67ae8584caa73b);
         c->h[2]=U64(0x3c6ef372fe94f82b);
@@ -327,7 +337,7 @@ static const SHA_LONG64 K512[80] = {
                                 ((SHA_LONG64)hi)<<32|lo;        })
 #   else
 #    define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\
-                         unsigned int hi=p[0],lo=p[1];          \
+                         unsigned int hi=p[0],lo=p[1];                  \
                                 asm ("bswapl %0; bswapl %1;"    \
                                 : "=r"(lo),"=r"(hi)             \
                                 : "0"(lo),"1"(hi));             \
diff --git a/src/lib/libssl/src/crypto/store/Makefile b/src/lib/libssl/src/crypto/store/Makefile
index 0dcfd7857a..c9f5d001a3 100644
--- a/src/lib/libssl/src/crypto/store/Makefile
+++ b/src/lib/libssl/src/crypto/store/Makefile
@@ -35,7 +35,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
@@ -89,14 +89,14 @@ str_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 str_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 str_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
 str_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-str_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-str_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-str_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-str_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-str_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-str_lib.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h
-str_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-str_lib.o: str_lib.c str_locl.h
+str_lib.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+str_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+str_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+str_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+str_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+str_lib.o: ../../include/openssl/stack.h ../../include/openssl/store.h
+str_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+str_lib.o: ../../include/openssl/x509_vfy.h str_lib.c str_locl.h
 str_mem.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
 str_mem.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 str_mem.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
diff --git a/src/lib/libssl/src/crypto/x509/x509_vpm.c b/src/lib/libssl/src/crypto/x509/x509_vpm.c
index e9db6d62a7..c92e65936f 100644
--- a/src/lib/libssl/src/crypto/x509/x509_vpm.c
+++ b/src/lib/libssl/src/crypto/x509/x509_vpm.c
@@ -1,5 +1,5 @@
 /* x509_vpm.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2004.
  */
 /* ====================================================================
diff --git a/src/lib/libssl/src/crypto/x509v3/pcy_cache.c b/src/lib/libssl/src/crypto/x509v3/pcy_cache.c
index c18beb89f5..1030931b71 100644
--- a/src/lib/libssl/src/crypto/x509v3/pcy_cache.c
+++ b/src/lib/libssl/src/crypto/x509v3/pcy_cache.c
@@ -1,5 +1,5 @@
 /* pcy_cache.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2004.
  */
 /* ====================================================================
diff --git a/src/lib/libssl/src/crypto/x509v3/pcy_data.c b/src/lib/libssl/src/crypto/x509v3/pcy_data.c
index 614d2b4935..fb392b901f 100644
--- a/src/lib/libssl/src/crypto/x509v3/pcy_data.c
+++ b/src/lib/libssl/src/crypto/x509v3/pcy_data.c
@@ -1,5 +1,5 @@
 /* pcy_data.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2004.
  */
 /* ====================================================================
@@ -87,6 +87,12 @@ X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, ASN1_OBJECT *id, int crit)
         X509_POLICY_DATA *ret;
         if (!policy && !id)
                 return NULL;
+        if (id)
+                {
+                id = OBJ_dup(id);
+                if (!id)
+                        return NULL;
+                }
         ret = OPENSSL_malloc(sizeof(X509_POLICY_DATA));
         if (!ret)
                 return NULL;
@@ -94,6 +100,8 @@ X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, ASN1_OBJECT *id, int crit)
         if (!ret->expected_policy_set)
                 {
                 OPENSSL_free(ret);
+                if (id)
+                        ASN1_OBJECT_free(id);
                 return NULL;
                 }
 
diff --git a/src/lib/libssl/src/crypto/x509v3/pcy_int.h b/src/lib/libssl/src/crypto/x509v3/pcy_int.h
index ba62a209da..3780de4fcd 100644
--- a/src/lib/libssl/src/crypto/x509v3/pcy_int.h
+++ b/src/lib/libssl/src/crypto/x509v3/pcy_int.h
@@ -1,5 +1,5 @@
 /* pcy_int.h */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2004.
  */
 /* ====================================================================
diff --git a/src/lib/libssl/src/crypto/x509v3/pcy_lib.c b/src/lib/libssl/src/crypto/x509v3/pcy_lib.c
index dae4840bc5..93bfd92703 100644
--- a/src/lib/libssl/src/crypto/x509v3/pcy_lib.c
+++ b/src/lib/libssl/src/crypto/x509v3/pcy_lib.c
@@ -1,5 +1,5 @@
 /* pcy_lib.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2004.
  */
 /* ====================================================================
diff --git a/src/lib/libssl/src/crypto/x509v3/pcy_map.c b/src/lib/libssl/src/crypto/x509v3/pcy_map.c
index 35221e8ba8..f28796e6d4 100644
--- a/src/lib/libssl/src/crypto/x509v3/pcy_map.c
+++ b/src/lib/libssl/src/crypto/x509v3/pcy_map.c
@@ -1,5 +1,5 @@
 /* pcy_map.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2004.
  */
 /* ====================================================================
diff --git a/src/lib/libssl/src/crypto/x509v3/pcy_node.c b/src/lib/libssl/src/crypto/x509v3/pcy_node.c
index dcc1554e29..6587cb05ab 100644
--- a/src/lib/libssl/src/crypto/x509v3/pcy_node.c
+++ b/src/lib/libssl/src/crypto/x509v3/pcy_node.c
@@ -1,5 +1,5 @@
 /* pcy_node.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2004.
  */
 /* ====================================================================
diff --git a/src/lib/libssl/src/crypto/x509v3/pcy_tree.c b/src/lib/libssl/src/crypto/x509v3/pcy_tree.c
index 4fda1d419a..6c87a7f506 100644
--- a/src/lib/libssl/src/crypto/x509v3/pcy_tree.c
+++ b/src/lib/libssl/src/crypto/x509v3/pcy_tree.c
@@ -1,5 +1,5 @@
 /* pcy_tree.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2004.
  */
 /* ====================================================================
@@ -130,9 +130,9 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
                         ret = 2;
                 if (explicit_policy > 0)
                         {
-                        explicit_policy--;
-                        if (!(x->ex_flags & EXFLAG_SS)
-                                && (cache->explicit_skip != -1)
+                        if (!(x->ex_flags & EXFLAG_SI))
+                                explicit_policy--;
+                        if ((cache->explicit_skip != -1)
                                 && (cache->explicit_skip < explicit_policy))
                                 explicit_policy = cache->explicit_skip;
                         }
@@ -197,13 +197,14 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
                         /* Any matching allowed if certificate is self
                          * issued and not the last in the chain.
                          */
-                        if (!(x->ex_flags & EXFLAG_SS) || (i == 0))
+                        if (!(x->ex_flags & EXFLAG_SI) || (i == 0))
                                 level->flags |= X509_V_FLAG_INHIBIT_ANY;
                         }
                 else
                         {
-                        any_skip--;
-                        if ((cache->any_skip > 0)
+                        if (!(x->ex_flags & EXFLAG_SI))
+                                any_skip--;
+                        if ((cache->any_skip >= 0)
                                 && (cache->any_skip < any_skip))
                                 any_skip = cache->any_skip;
                         }
@@ -213,7 +214,7 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
                 else
                         {
                         map_skip--;
-                        if ((cache->map_skip > 0)
+                        if ((cache->map_skip >= 0)
                                 && (cache->map_skip < map_skip))
                                 map_skip = cache->map_skip;
                         }
@@ -310,7 +311,8 @@ static int tree_link_any(X509_POLICY_LEVEL *curr,
 
                 if (data == NULL)
                         return 0;
-                data->qualifier_set = curr->anyPolicy->data->qualifier_set;
+                /* Curr may not have anyPolicy */
+                data->qualifier_set = cache->anyPolicy->qualifier_set;
                 data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
                 if (!level_add_node(curr, data, node, tree))
                         {
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_addr.c b/src/lib/libssl/src/crypto/x509v3/v3_addr.c
index ed9847b307..a37f844d3c 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_addr.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_addr.c
@@ -594,10 +594,10 @@ static IPAddressOrRanges *make_prefix_or_range(IPAddrBlocks *addr,
     return NULL;
   switch (afi) {
   case IANA_AFI_IPV4:
-    sk_IPAddressOrRange_set_cmp_func(aors, v4IPAddressOrRange_cmp);
+    (void)sk_IPAddressOrRange_set_cmp_func(aors, v4IPAddressOrRange_cmp);
     break;
   case IANA_AFI_IPV6:
-    sk_IPAddressOrRange_set_cmp_func(aors, v6IPAddressOrRange_cmp);
+    (void)sk_IPAddressOrRange_set_cmp_func(aors, v6IPAddressOrRange_cmp);
     break;
   }
   f->ipAddressChoice->type = IPAddressChoice_addressesOrRanges;
@@ -854,7 +854,7 @@ static int IPAddressOrRanges_canonize(IPAddressOrRanges *aors,
       if (!make_addressRange(&merged, a_min, b_max, length))
         return 0;
       sk_IPAddressOrRange_set(aors, i, merged);
-      sk_IPAddressOrRange_delete(aors, i + 1);
+      (void)sk_IPAddressOrRange_delete(aors, i + 1);
       IPAddressOrRange_free(a);
       IPAddressOrRange_free(b);
       --i;
@@ -878,6 +878,7 @@ int v3_addr_canonize(IPAddrBlocks *addr)
                                     v3_addr_get_afi(f)))
       return 0;
   }
+  (void)sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp);
   sk_IPAddressFamily_sort(addr);
   assert(v3_addr_is_canonical(addr));
   return 1;
@@ -1122,7 +1123,7 @@ int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b)
     return 1;
   if (b == NULL || v3_addr_inherits(a) || v3_addr_inherits(b))
     return 0;
-  sk_IPAddressFamily_set_cmp_func(b, IPAddressFamily_cmp);
+  (void)sk_IPAddressFamily_set_cmp_func(b, IPAddressFamily_cmp);
   for (i = 0; i < sk_IPAddressFamily_num(a); i++) {
     IPAddressFamily *fa = sk_IPAddressFamily_value(a, i);
     int j = sk_IPAddressFamily_find(b, fa);
@@ -1183,7 +1184,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
   }
   if (!v3_addr_is_canonical(ext))
     validation_err(X509_V_ERR_INVALID_EXTENSION);
-  sk_IPAddressFamily_set_cmp_func(ext, IPAddressFamily_cmp);
+  (void)sk_IPAddressFamily_set_cmp_func(ext, IPAddressFamily_cmp);
   if ((child = sk_IPAddressFamily_dup(ext)) == NULL) {
     X509V3err(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL, ERR_R_MALLOC_FAILURE);
     ret = 0;
@@ -1209,7 +1210,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
       }
       continue;
     }
-    sk_IPAddressFamily_set_cmp_func(x->rfc3779_addr, IPAddressFamily_cmp);
+    (void)sk_IPAddressFamily_set_cmp_func(x->rfc3779_addr, IPAddressFamily_cmp);
     for (j = 0; j < sk_IPAddressFamily_num(child); j++) {
       IPAddressFamily *fc = sk_IPAddressFamily_value(child, j);
       int k = sk_IPAddressFamily_find(x->rfc3779_addr, fc);
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_asid.c b/src/lib/libssl/src/crypto/x509v3/v3_asid.c
index 271930f967..abd497ed1f 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_asid.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_asid.c
@@ -466,7 +466,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
         break;
       }
       ASIdOrRange_free(b);
-      sk_ASIdOrRange_delete(choice->u.asIdsOrRanges, i + 1);
+      (void)sk_ASIdOrRange_delete(choice->u.asIdsOrRanges, i + 1);
       i--;
       continue;
     }
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_ncons.c b/src/lib/libssl/src/crypto/x509v3/v3_ncons.c
index 42e7f5a879..4e706be3e1 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_ncons.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_ncons.c
@@ -1,5 +1,5 @@
 /* v3_ncons.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
 /* ====================================================================
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_pcons.c b/src/lib/libssl/src/crypto/x509v3/v3_pcons.c
index 13248c2ada..86c0ff70e6 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_pcons.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_pcons.c
@@ -1,5 +1,5 @@
 /* v3_pcons.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
 /* ====================================================================
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_pmaps.c b/src/lib/libssl/src/crypto/x509v3/v3_pmaps.c
index 626303264f..da03bbc35d 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_pmaps.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_pmaps.c
@@ -1,5 +1,5 @@
 /* v3_pmaps.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
 /* ====================================================================
diff --git a/src/lib/libssl/src/engines/Makefile b/src/lib/libssl/src/engines/Makefile
index 88f8390d0e..002d40c964 100644
--- a/src/lib/libssl/src/engines/Makefile
+++ b/src/lib/libssl/src/engines/Makefile
@@ -20,7 +20,7 @@ TEST=
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBNAMES= 4758cca aep atalla cswift gmp chil nuron sureware ubsec
+LIBNAMES= 4758cca aep atalla cswift gmp chil nuron sureware ubsec capi
 
 LIBSRC= e_4758cca.c \
         e_aep.c \
@@ -30,7 +30,8 @@ LIBSRC=	e_4758cca.c \
         e_chil.c \
         e_nuron.c \
         e_sureware.c \
-        e_ubsec.c
+        e_ubsec.c \
+        e_capi.c
 LIBOBJ= e_4758cca.o \
         e_aep.o \
         e_atalla.o \
@@ -39,7 +40,8 @@ LIBOBJ= e_4758cca.o \
         e_chil.o \
         e_nuron.o \
         e_sureware.o \
-        e_ubsec.o
+        e_ubsec.o \
+        e_capi.o
 
 SRC= $(LIBSRC)
 
@@ -52,7 +54,8 @@ HEADER=	e_4758cca_err.c e_4758cca_err.h \
         e_chil_err.c e_chil_err.h \
         e_nuron_err.c e_nuron_err.h \
         e_sureware_err.c e_sureware_err.h \
-        e_ubsec_err.c e_ubsec_err.h
+        e_ubsec_err.c e_ubsec_err.h \
+        e_capi_err.c e_capi_err.h
 
 ALL=    $(GENERAL) $(SRC) $(HEADER)
 
@@ -143,38 +146,61 @@ e_4758cca.o: ../include/openssl/crypto.h ../include/openssl/dso.h
 e_4758cca.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 e_4758cca.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 e_4758cca.o: ../include/openssl/engine.h ../include/openssl/err.h
-e_4758cca.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-e_4758cca.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-e_4758cca.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-e_4758cca.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
-e_4758cca.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-e_4758cca.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-e_4758cca.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-e_4758cca.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-e_4758cca.o: e_4758cca.c e_4758cca_err.c e_4758cca_err.h
-e_4758cca.o: vendor_defns/hw_4758_cca.h
+e_4758cca.o: ../include/openssl/evp.h ../include/openssl/fips.h
+e_4758cca.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+e_4758cca.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+e_4758cca.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+e_4758cca.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+e_4758cca.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+e_4758cca.o: ../include/openssl/sha.h ../include/openssl/stack.h
+e_4758cca.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+e_4758cca.o: ../include/openssl/x509_vfy.h e_4758cca.c e_4758cca_err.c
+e_4758cca.o: e_4758cca_err.h vendor_defns/hw_4758_cca.h
 e_aep.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 e_aep.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 e_aep.o: ../include/openssl/crypto.h ../include/openssl/dh.h
 e_aep.o: ../include/openssl/dsa.h ../include/openssl/dso.h
-e_aep.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-e_aep.o: ../include/openssl/err.h ../include/openssl/lhash.h
-e_aep.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-e_aep.o: ../include/openssl/ossl_typ.h ../include/openssl/rsa.h
-e_aep.o: ../include/openssl/safestack.h ../include/openssl/stack.h
-e_aep.o: ../include/openssl/symhacks.h e_aep.c e_aep_err.c e_aep_err.h
-e_aep.o: vendor_defns/aep.h
+e_aep.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+e_aep.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+e_aep.o: ../include/openssl/engine.h ../include/openssl/err.h
+e_aep.o: ../include/openssl/evp.h ../include/openssl/fips.h
+e_aep.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+e_aep.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+e_aep.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+e_aep.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h
+e_aep.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+e_aep.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+e_aep.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h e_aep.c
+e_aep.o: e_aep_err.c e_aep_err.h vendor_defns/aep.h
 e_atalla.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 e_atalla.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 e_atalla.o: ../include/openssl/crypto.h ../include/openssl/dh.h
 e_atalla.o: ../include/openssl/dsa.h ../include/openssl/dso.h
-e_atalla.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-e_atalla.o: ../include/openssl/err.h ../include/openssl/lhash.h
-e_atalla.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-e_atalla.o: ../include/openssl/ossl_typ.h ../include/openssl/rsa.h
-e_atalla.o: ../include/openssl/safestack.h ../include/openssl/stack.h
-e_atalla.o: ../include/openssl/symhacks.h e_atalla.c e_atalla_err.c
-e_atalla.o: e_atalla_err.h vendor_defns/atalla.h
+e_atalla.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+e_atalla.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+e_atalla.o: ../include/openssl/engine.h ../include/openssl/err.h
+e_atalla.o: ../include/openssl/evp.h ../include/openssl/fips.h
+e_atalla.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+e_atalla.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+e_atalla.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+e_atalla.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h
+e_atalla.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+e_atalla.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+e_atalla.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h e_atalla.c
+e_atalla.o: e_atalla_err.c e_atalla_err.h vendor_defns/atalla.h
+e_capi.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+e_capi.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+e_capi.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+e_capi.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+e_capi.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+e_capi.o: ../include/openssl/evp.h ../include/openssl/fips.h
+e_capi.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+e_capi.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+e_capi.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+e_capi.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h
+e_capi.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+e_capi.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+e_capi.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h e_capi.c
 e_chil.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 e_chil.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 e_chil.o: ../include/openssl/crypto.h ../include/openssl/dh.h
@@ -182,42 +208,63 @@ e_chil.o: ../include/openssl/dso.h ../include/openssl/e_os2.h
 e_chil.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 e_chil.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 e_chil.o: ../include/openssl/err.h ../include/openssl/evp.h
-e_chil.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-e_chil.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-e_chil.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-e_chil.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-e_chil.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-e_chil.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-e_chil.o: ../include/openssl/sha.h ../include/openssl/stack.h
-e_chil.o: ../include/openssl/symhacks.h ../include/openssl/ui.h
-e_chil.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h e_chil.c
-e_chil.o: e_chil_err.c e_chil_err.h vendor_defns/hwcryptohook.h
+e_chil.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+e_chil.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+e_chil.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+e_chil.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+e_chil.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+e_chil.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+e_chil.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+e_chil.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+e_chil.o: ../include/openssl/ui.h ../include/openssl/x509.h
+e_chil.o: ../include/openssl/x509_vfy.h e_chil.c e_chil_err.c e_chil_err.h
+e_chil.o: vendor_defns/hwcryptohook.h
 e_cswift.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 e_cswift.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 e_cswift.o: ../include/openssl/crypto.h ../include/openssl/dh.h
 e_cswift.o: ../include/openssl/dsa.h ../include/openssl/dso.h
-e_cswift.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-e_cswift.o: ../include/openssl/err.h ../include/openssl/lhash.h
-e_cswift.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-e_cswift.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h
+e_cswift.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+e_cswift.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+e_cswift.o: ../include/openssl/engine.h ../include/openssl/err.h
+e_cswift.o: ../include/openssl/evp.h ../include/openssl/fips.h
+e_cswift.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+e_cswift.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+e_cswift.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+e_cswift.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 e_cswift.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-e_cswift.o: ../include/openssl/stack.h ../include/openssl/symhacks.h e_cswift.c
-e_cswift.o: e_cswift_err.c e_cswift_err.h vendor_defns/cswift.h
-e_gmp.o: ../include/openssl/buffer.h ../include/openssl/crypto.h
-e_gmp.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-e_gmp.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-e_gmp.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
-e_gmp.o: ../include/openssl/stack.h ../include/openssl/symhacks.h e_gmp.c
+e_cswift.o: ../include/openssl/sha.h ../include/openssl/stack.h
+e_cswift.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+e_cswift.o: ../include/openssl/x509_vfy.h e_cswift.c e_cswift_err.c
+e_cswift.o: e_cswift_err.h vendor_defns/cswift.h
+e_gmp.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+e_gmp.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+e_gmp.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+e_gmp.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+e_gmp.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+e_gmp.o: ../include/openssl/evp.h ../include/openssl/fips.h
+e_gmp.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+e_gmp.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+e_gmp.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+e_gmp.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h
+e_gmp.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+e_gmp.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+e_gmp.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h e_gmp.c
 e_nuron.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 e_nuron.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 e_nuron.o: ../include/openssl/crypto.h ../include/openssl/dh.h
 e_nuron.o: ../include/openssl/dsa.h ../include/openssl/dso.h
-e_nuron.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-e_nuron.o: ../include/openssl/err.h ../include/openssl/lhash.h
-e_nuron.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-e_nuron.o: ../include/openssl/ossl_typ.h ../include/openssl/rsa.h
-e_nuron.o: ../include/openssl/safestack.h ../include/openssl/stack.h
-e_nuron.o: ../include/openssl/symhacks.h e_nuron.c e_nuron_err.c e_nuron_err.h
+e_nuron.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+e_nuron.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+e_nuron.o: ../include/openssl/engine.h ../include/openssl/err.h
+e_nuron.o: ../include/openssl/evp.h ../include/openssl/fips.h
+e_nuron.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+e_nuron.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+e_nuron.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+e_nuron.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h
+e_nuron.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+e_nuron.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+e_nuron.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h e_nuron.c
+e_nuron.o: e_nuron_err.c e_nuron_err.h
 e_sureware.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 e_sureware.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 e_sureware.o: ../include/openssl/crypto.h ../include/openssl/dh.h
@@ -225,25 +272,30 @@ e_sureware.o: ../include/openssl/dsa.h ../include/openssl/dso.h
 e_sureware.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 e_sureware.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 e_sureware.o: ../include/openssl/engine.h ../include/openssl/err.h
-e_sureware.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-e_sureware.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-e_sureware.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-e_sureware.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-e_sureware.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-e_sureware.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-e_sureware.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-e_sureware.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-e_sureware.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-e_sureware.o: e_sureware.c e_sureware_err.c e_sureware_err.h
-e_sureware.o: vendor_defns/sureware.h
+e_sureware.o: ../include/openssl/evp.h ../include/openssl/fips.h
+e_sureware.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+e_sureware.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+e_sureware.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+e_sureware.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+e_sureware.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+e_sureware.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+e_sureware.o: ../include/openssl/sha.h ../include/openssl/stack.h
+e_sureware.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+e_sureware.o: ../include/openssl/x509_vfy.h e_sureware.c e_sureware_err.c
+e_sureware.o: e_sureware_err.h vendor_defns/sureware.h
 e_ubsec.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 e_ubsec.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 e_ubsec.o: ../include/openssl/crypto.h ../include/openssl/dh.h
 e_ubsec.o: ../include/openssl/dsa.h ../include/openssl/dso.h
-e_ubsec.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-e_ubsec.o: ../include/openssl/err.h ../include/openssl/lhash.h
-e_ubsec.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-e_ubsec.o: ../include/openssl/ossl_typ.h ../include/openssl/rsa.h
-e_ubsec.o: ../include/openssl/safestack.h ../include/openssl/stack.h
-e_ubsec.o: ../include/openssl/symhacks.h e_ubsec.c e_ubsec_err.c e_ubsec_err.h
-e_ubsec.o: vendor_defns/hw_ubsec.h
+e_ubsec.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+e_ubsec.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+e_ubsec.o: ../include/openssl/engine.h ../include/openssl/err.h
+e_ubsec.o: ../include/openssl/evp.h ../include/openssl/fips.h
+e_ubsec.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+e_ubsec.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+e_ubsec.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+e_ubsec.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h
+e_ubsec.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+e_ubsec.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+e_ubsec.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h e_ubsec.c
+e_ubsec.o: e_ubsec_err.c e_ubsec_err.h vendor_defns/hw_ubsec.h
diff --git a/src/lib/libssl/src/engines/e_aep.c b/src/lib/libssl/src/engines/e_aep.c
index ffdc354cdc..e24e4b424e 100644
--- a/src/lib/libssl/src/engines/e_aep.c
+++ b/src/lib/libssl/src/engines/e_aep.c
@@ -867,10 +867,12 @@ static AEP_RV aep_get_connection(AEP_CONNECTION_HNDL_PTR phConnection)
 
         CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
 
-#ifndef NETWARE_CLIB
-        curr_pid = getpid();
-#else
+#ifdef NETWARE_CLIB
         curr_pid = GetThreadID();
+#elif defined(_WIN32)
+        curr_pid = _getpid();
+#else
+        curr_pid = getpid();
 #endif
 
         /*Check if this is the first time this is being called from the current
diff --git a/src/lib/libssl/src/engines/e_chil.c b/src/lib/libssl/src/engines/e_chil.c
index 26108caa64..e1847622ea 100644
--- a/src/lib/libssl/src/engines/e_chil.c
+++ b/src/lib/libssl/src/engines/e_chil.c
@@ -1,6 +1,6 @@
 /* crypto/engine/e_chil.c -*- mode: C; c-file-style: "eay" -*- */
 /* Written by Richard Levitte (richard@levitte.org), Geoff Thorpe
- * (geoff@geoffthorpe.net) and Dr Stephen N Henson (shenson@bigfoot.com)
+ * (geoff@geoffthorpe.net) and Dr Stephen N Henson (steve@openssl.org)
  * for the OpenSSL project 2000.
  */
 /* ====================================================================
@@ -164,11 +164,11 @@ static const ENGINE_CMD_DEFN hwcrhk_cmd_defns[] = {
                 ENGINE_CMD_FLAG_STRING},
         {HWCRHK_CMD_FORK_CHECK,
                 "FORK_CHECK",
-                "Turns fork() checking on or off (boolean)",
+                "Turns fork() checking on (non-zero) or off (zero)",
                 ENGINE_CMD_FLAG_NUMERIC},
         {HWCRHK_CMD_THREAD_LOCKING,
                 "THREAD_LOCKING",
-                "Turns thread-safe locking on or off (boolean)",
+                "Turns thread-safe locking on (zero) or off (non-zero)",
                 ENGINE_CMD_FLAG_NUMERIC},
         {HWCRHK_CMD_SET_USER_INTERFACE,
                 "SET_USER_INTERFACE",
@@ -589,12 +589,6 @@ static int hwcrhk_init(ENGINE *e)
                         hwcrhk_globals.mutex_release = hwcrhk_mutex_unlock;
                         hwcrhk_globals.mutex_destroy = hwcrhk_mutex_destroy;
                         }
-                else if (CRYPTO_get_locking_callback() != NULL)
-                        {
-                        HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_LOCKING_MISSING);
-                        ERR_add_error_data(1,"You HAVE to add dynamic locking callbacks via CRYPTO_set_dynlock_{create,lock,destroy}_callback()");
-                        goto err;
-                        }
                 }
 
         /* Try and get a context - if not, we may have a DSO but no
diff --git a/src/lib/libssl/src/engines/e_chil_err.c b/src/lib/libssl/src/engines/e_chil_err.c
index 3fec95a272..c5983b2fd5 100644
--- a/src/lib/libssl/src/engines/e_chil_err.c
+++ b/src/lib/libssl/src/engines/e_chil_err.c
@@ -90,7 +90,6 @@ static ERR_STRING_DATA HWCRHK_str_reasons[]=
 {ERR_REASON(HWCRHK_R_CHIL_ERROR)         ,"chil error"},
 {ERR_REASON(HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED),"ctrl command not implemented"},
 {ERR_REASON(HWCRHK_R_DSO_FAILURE)        ,"dso failure"},
-{ERR_REASON(HWCRHK_R_LOCKING_MISSING)    ,"locking missing"},
 {ERR_REASON(HWCRHK_R_MISSING_KEY_COMPONENTS),"missing key components"},
 {ERR_REASON(HWCRHK_R_NOT_INITIALISED)    ,"not initialised"},
 {ERR_REASON(HWCRHK_R_NOT_LOADED)         ,"not loaded"},
diff --git a/src/lib/libssl/src/engines/e_chil_err.h b/src/lib/libssl/src/engines/e_chil_err.h
index 051854950a..3c42a02393 100644
--- a/src/lib/libssl/src/engines/e_chil_err.h
+++ b/src/lib/libssl/src/engines/e_chil_err.h
@@ -88,7 +88,6 @@ static void ERR_HWCRHK_error(int function, int reason, char *file, int line);
 #define HWCRHK_R_CHIL_ERROR                              102
 #define HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED            103
 #define HWCRHK_R_DSO_FAILURE                             104
-#define HWCRHK_R_LOCKING_MISSING                         114
 #define HWCRHK_R_MISSING_KEY_COMPONENTS                  105
 #define HWCRHK_R_NOT_INITIALISED                         106
 #define HWCRHK_R_NOT_LOADED                              107
diff --git a/src/lib/libssl/src/engines/e_gmp.c b/src/lib/libssl/src/engines/e_gmp.c
index e62e6fcd07..a1a2d2bda6 100644
--- a/src/lib/libssl/src/engines/e_gmp.c
+++ b/src/lib/libssl/src/engines/e_gmp.c
@@ -451,9 +451,13 @@ static int e_gmp_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
         }
 #endif
 
+#endif /* !OPENSSL_NO_GMP */
+
 /* This stuff is needed if this ENGINE is being compiled into a self-contained
  * shared-library. */      
-#ifndef ENGINE_NO_DYNAMIC_SUPPORT
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+IMPLEMENT_DYNAMIC_CHECK_FN()
+#ifndef OPENSSL_NO_GMP
 static int bind_fn(ENGINE *e, const char *id)
         {
         if(id && (strcmp(id, engine_e_gmp_id) != 0))
@@ -462,10 +466,11 @@ static int bind_fn(ENGINE *e, const char *id)
                 return 0;
         return 1;
         }       
-IMPLEMENT_DYNAMIC_CHECK_FN()
 IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
-#endif /* ENGINE_DYNAMIC_SUPPORT */
+#else
+OPENSSL_EXPORT
+int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { return 0; }
+#endif
+#endif /* OPENSSL_NO_DYNAMIC_ENGINE */
 
-#endif /* !OPENSSL_NO_GMP */
 #endif /* !OPENSSL_NO_HW */
-
diff --git a/src/lib/libssl/src/ssl/d1_clnt.c b/src/lib/libssl/src/ssl/d1_clnt.c
index 5e59dc845a..49c6760d19 100644
--- a/src/lib/libssl/src/ssl/d1_clnt.c
+++ b/src/lib/libssl/src/ssl/d1_clnt.c
@@ -1095,8 +1095,7 @@ int dtls1_send_client_certificate(SSL *s)
                  * ssl->rwstate=SSL_X509_LOOKUP; return(-1);
                  * We then get retied later */
                 i=0;
-                if (s->ctx->client_cert_cb != NULL)
-                        i=s->ctx->client_cert_cb(s,&(x509),&(pkey));
+                i = ssl_do_client_cert_cb(s, &x509, &pkey);
                 if (i < 0)
                         {
                         s->rwstate=SSL_X509_LOOKUP;
diff --git a/src/lib/libssl/src/ssl/d1_enc.c b/src/lib/libssl/src/ssl/d1_enc.c
index cbff7495c5..cf3332e4e4 100644
--- a/src/lib/libssl/src/ssl/d1_enc.c
+++ b/src/lib/libssl/src/ssl/d1_enc.c
@@ -115,12 +115,16 @@
 
 #include <stdio.h>
 #include "ssl_locl.h"
+#ifndef OPENSSL_NO_COMP
 #include <openssl/comp.h>
+#endif
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
 #include <openssl/md5.h>
 #include <openssl/rand.h>
-
+#ifdef KSSL_DEBUG
+#include <openssl/des.h>
+#endif
 
 int dtls1_enc(SSL *s, int send)
         {
@@ -202,10 +206,11 @@ int dtls1_enc(SSL *s, int send)
                 {
                 unsigned long ui;
                 printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n",
-                        ds,rec->data,rec->input,l);
-                printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n",
+                        (void *)ds,rec->data,rec->input,l);
+                printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%ld %ld], %d iv_len\n",
                         ds->buf_len, ds->cipher->key_len,
-                        DES_KEY_SZ, DES_SCHEDULE_SZ,
+                        (unsigned long)DES_KEY_SZ,
+                        (unsigned long)DES_SCHEDULE_SZ,
                         ds->cipher->iv_len);
                 printf("\t\tIV: ");
                 for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]);
@@ -230,10 +235,10 @@ int dtls1_enc(SSL *s, int send)
 
 #ifdef KSSL_DEBUG
                 {
-                unsigned long i;
+                unsigned long ki;
                 printf("\trec->data=");
-                for (i=0; i<l; i++)
-                        printf(" %02x", rec->data[i]);  printf("\n");
+                for (ki=0; ki<l; ki++)
+                        printf(" %02x", rec->data[ki]);  printf("\n");
                 }
 #endif  /* KSSL_DEBUG */
 
diff --git a/src/lib/libssl/src/ssl/d1_lib.c b/src/lib/libssl/src/ssl/d1_lib.c
index fc088b4148..3568e97a87 100644
--- a/src/lib/libssl/src/ssl/d1_lib.c
+++ b/src/lib/libssl/src/ssl/d1_lib.c
@@ -106,6 +106,7 @@ int dtls1_new(SSL *s)
         pq_64bit_init(&(d1->bitmap.map));
         pq_64bit_init(&(d1->bitmap.max_seq_num));
         
+        d1->next_bitmap.length = d1->bitmap.length;
         pq_64bit_init(&(d1->next_bitmap.map));
         pq_64bit_init(&(d1->next_bitmap.max_seq_num));
 
diff --git a/src/lib/libssl/src/ssl/d1_pkt.c b/src/lib/libssl/src/ssl/d1_pkt.c
index 377696deac..eb56cf987b 100644
--- a/src/lib/libssl/src/ssl/d1_pkt.c
+++ b/src/lib/libssl/src/ssl/d1_pkt.c
@@ -597,6 +597,7 @@ again:
         /* check whether this is a repeat, or aged record */
         if ( ! dtls1_record_replay_check(s, bitmap, &(rr->seq_num)))
                 {
+                rr->length = 0;
                 s->packet_length=0; /* dump this record */
                 goto again;     /* get another record */
                 }
@@ -811,6 +812,14 @@ start:
              *  may be fragmented--don't always expect dest_maxlen bytes */
                         if ( rr->length < dest_maxlen)
                                 {
+#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
+                                /*
+                                 * for normal alerts rr->length is 2, while
+                                 * dest_maxlen is 7 if we were to handle this
+                                 * non-existing alert...
+                                 */
+                                FIX ME
+#endif
                                 s->rstate=SSL_ST_READ_HEADER;
                                 rr->length = 0;
                                 goto start;
@@ -1251,7 +1260,7 @@ int dtls1_write_bytes(SSL *s, int type, const void *buf_, int len)
         else 
                 s->s3->wnum += i;
 
-        return tot + i;
+        return i;
         }
 
 int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len, int create_empty_fragment)
@@ -1576,7 +1585,7 @@ int dtls1_dispatch_alert(SSL *s)
         {
         int i,j;
         void (*cb)(const SSL *ssl,int type,int val)=NULL;
-        unsigned char buf[2 + 2 + 3]; /* alert level + alert desc + message seq +frag_off */
+        unsigned char buf[DTLS1_AL_HEADER_LENGTH];
         unsigned char *ptr = &buf[0];
 
         s->s3->alert_dispatch=0;
@@ -1585,6 +1594,7 @@ int dtls1_dispatch_alert(SSL *s)
         *ptr++ = s->s3->send_alert[0];
         *ptr++ = s->s3->send_alert[1];
 
+#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
         if (s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE)
                 {       
                 s2n(s->d1->handshake_read_seq, ptr);
@@ -1600,6 +1610,7 @@ int dtls1_dispatch_alert(SSL *s)
 #endif
                 l2n3(s->d1->r_msg_hdr.frag_off, ptr);
                 }
+#endif
 
         i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf), 0);
         if (i <= 0)
@@ -1609,8 +1620,11 @@ int dtls1_dispatch_alert(SSL *s)
                 }
         else
                 {
-                if ( s->s3->send_alert[0] == SSL3_AL_FATAL ||
-                        s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE)
+                if (s->s3->send_alert[0] == SSL3_AL_FATAL
+#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
+                    || s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
+#endif
+                   )
                         (void)BIO_flush(s->wbio);
 
                 if (s->msg_callback)
diff --git a/src/lib/libssl/src/ssl/d1_srvr.c b/src/lib/libssl/src/ssl/d1_srvr.c
index 927b01f3c4..0bbf8ae7f3 100644
--- a/src/lib/libssl/src/ssl/d1_srvr.c
+++ b/src/lib/libssl/src/ssl/d1_srvr.c
@@ -732,7 +732,7 @@ int dtls1_send_server_hello(SSL *s)
 
                 d = dtls1_set_message_header(s, d, SSL3_MT_SERVER_HELLO, l, 0, l);
 
-                s->state=SSL3_ST_CW_CLNT_HELLO_B;
+                s->state=SSL3_ST_SW_SRVR_HELLO_B;
                 /* number of bytes to write */
                 s->init_num=p-buf;
                 s->init_off=0;
@@ -741,7 +741,7 @@ int dtls1_send_server_hello(SSL *s)
                 dtls1_buffer_message(s, 0);
                 }
 
-        /* SSL3_ST_CW_CLNT_HELLO_B */
+        /* SSL3_ST_SW_SRVR_HELLO_B */
         return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
         }
 
@@ -765,7 +765,7 @@ int dtls1_send_server_done(SSL *s)
                 dtls1_buffer_message(s, 0);
                 }
 
-        /* SSL3_ST_CW_CLNT_HELLO_B */
+        /* SSL3_ST_SW_SRVR_DONE_B */
         return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
         }
 
diff --git a/src/lib/libssl/src/ssl/dtls1.h b/src/lib/libssl/src/ssl/dtls1.h
index a663cf85f2..f159d37110 100644
--- a/src/lib/libssl/src/ssl/dtls1.h
+++ b/src/lib/libssl/src/ssl/dtls1.h
@@ -70,7 +70,10 @@ extern "C" {
 #define DTLS1_VERSION                   0xFEFF
 #define DTLS1_BAD_VER                   0x0100
 
+#if 0
+/* this alert description is not specified anywhere... */
 #define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE    110
+#endif
 
 /* lengths of messages */
 #define DTLS1_COOKIE_LENGTH                     32
@@ -84,7 +87,11 @@ extern "C" {
 
 #define DTLS1_CCS_HEADER_LENGTH                  1
 
+#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
 #define DTLS1_AL_HEADER_LENGTH                   7
+#else
+#define DTLS1_AL_HEADER_LENGTH                   2
+#endif
 
 
 typedef struct dtls1_bitmap_st
diff --git a/src/lib/libssl/src/test/igetest.c b/src/lib/libssl/src/test/igetest.c
index 95452d0965..a2578d09c5 100644
--- a/src/lib/libssl/src/test/igetest.c
+++ b/src/lib/libssl/src/test/igetest.c
@@ -190,7 +190,7 @@ static struct bi_ige_test const bi_ige_test_vectors[] = {
 
 static int run_test_vectors(void)
         {
-        int n;
+        unsigned int n;
         int errs = 0;
 
         for(n=0 ; n < sizeof(ige_test_vectors)/sizeof(ige_test_vectors[0]) ; ++n)
@@ -292,7 +292,7 @@ int main(int argc, char **argv)
         unsigned char iv[AES_BLOCK_SIZE*4];
         unsigned char saved_iv[AES_BLOCK_SIZE*4];
         int err = 0;
-        int n;
+        unsigned int n;
         unsigned matches;
 
         assert(BIG_TEST_SIZE >= TEST_SIZE);
diff --git a/src/lib/libssl/src/util/copy.pl b/src/lib/libssl/src/util/copy.pl
index e20b45530a..eba6d5815e 100644
--- a/src/lib/libssl/src/util/copy.pl
+++ b/src/lib/libssl/src/util/copy.pl
@@ -8,9 +8,16 @@ use Fcntl;
 # Perl script 'copy' comment. On Windows the built in "copy" command also
 # copies timestamps: this messes up Makefile dependencies.
 
+my $stripcr = 0;
+
 my $arg;
 
 foreach $arg (@ARGV) {
+        if ($arg eq "-stripcr")
+                {
+                $stripcr = 1;
+                next;
+                }
         $arg =~ s|\\|/|g;       # compensate for bug/feature in cygwin glob...
         foreach (glob $arg)
                 {
@@ -49,6 +56,10 @@ foreach (@filelist)
                                         || die "Can't Open $dfile";
         while (sysread IN, $buf, 10240)
                 {
+                if ($stripcr)
+                        {
+                        $buf =~ tr/\015//d;
+                        }
                 syswrite(OUT, $buf, length($buf));
                 }
         close(IN);
diff --git a/src/lib/libssl/test/igetest.c b/src/lib/libssl/test/igetest.c
index 95452d0965..a2578d09c5 100644
--- a/src/lib/libssl/test/igetest.c
+++ b/src/lib/libssl/test/igetest.c
@@ -190,7 +190,7 @@ static struct bi_ige_test const bi_ige_test_vectors[] = {
 
 static int run_test_vectors(void)
         {
-        int n;
+        unsigned int n;
         int errs = 0;
 
         for(n=0 ; n < sizeof(ige_test_vectors)/sizeof(ige_test_vectors[0]) ; ++n)
@@ -292,7 +292,7 @@ int main(int argc, char **argv)
         unsigned char iv[AES_BLOCK_SIZE*4];
         unsigned char saved_iv[AES_BLOCK_SIZE*4];
         int err = 0;
-        int n;
+        unsigned int n;
         unsigned matches;
 
         assert(BIG_TEST_SIZE >= TEST_SIZE);