This commit was generated by cvs2git to track changes on a CVS vendor

branch.

189 files changed, 34138 insertions, 4739 deletions

diff --git a/src/lib/libcrypto/aes/aes_ige.c b/src/lib/libcrypto/aes/aes_ige.c
index 45d7096181..c161351e65 100644
--- a/src/lib/libcrypto/aes/aes_ige.c
+++ b/src/lib/libcrypto/aes/aes_ige.c
@@ -77,11 +77,11 @@ typedef struct {
 /* N.B. The IV for this mode is _twice_ the block size */
 
 void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
-                                         const unsigned long length, const AES_KEY *key,
+                                         size_t length, const AES_KEY *key,
                                          unsigned char *ivec, const int enc)
         {
-        unsigned long n;
-        unsigned long len;
+        size_t n;
+        size_t len = length;
 
         OPENSSL_assert(in && out && key && ivec);
         OPENSSL_assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc));
@@ -211,12 +211,12 @@ void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
 /* N.B. The IV for this mode is _four times_ the block size */
 
 void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
-                                                const unsigned long length, const AES_KEY *key,
+                                                size_t length, const AES_KEY *key,
                                                 const AES_KEY *key2, const unsigned char *ivec,
                                                 const int enc)
         {
-        unsigned long n;
-        unsigned long len = length;
+        size_t n;
+        size_t len = length;
         unsigned char tmp[AES_BLOCK_SIZE];
         unsigned char tmp2[AES_BLOCK_SIZE];
         unsigned char tmp3[AES_BLOCK_SIZE];
diff --git a/src/lib/libcrypto/aes/asm/aes-armv4.pl b/src/lib/libcrypto/aes/asm/aes-armv4.pl
index 15742c1ec5..690244111a 100644
--- a/src/lib/libcrypto/aes/asm/aes-armv4.pl
+++ b/src/lib/libcrypto/aes/asm/aes-armv4.pl
@@ -1024,6 +1024,7 @@ _armv4_AES_decrypt:
         mov     pc,lr                   @ return
 .size   _armv4_AES_decrypt,.-_armv4_AES_decrypt
 .asciz  "AES for ARMv4, CRYPTOGAMS by <appro\@openssl.org>"
+.align  2
 ___
 
 $code =~ s/\bbx\s+lr\b/.word\t0xe12fff1e/gm;    # make it possible to compile with -march=armv4
diff --git a/src/lib/libcrypto/aes/asm/aes-ppc.pl b/src/lib/libcrypto/aes/asm/aes-ppc.pl
index ce427655ef..f82c5e1814 100644
--- a/src/lib/libcrypto/aes/asm/aes-ppc.pl
+++ b/src/lib/libcrypto/aes/asm/aes-ppc.pl
@@ -16,6 +16,19 @@
 # at 1/2 of ppc_AES_encrypt speed, while ppc_AES_decrypt_compact -
 # at 1/3 of ppc_AES_decrypt.
 
+# February 2010
+#
+# Rescheduling instructions to favour Power6 pipeline gives 10%
+# performance improvement on the platfrom in question (and marginal
+# improvement even on others). It should be noted that Power6 fails
+# to process byte in 18 cycles, only in 23, because it fails to issue
+# 4 load instructions in two cycles, only in 3. As result non-compact
+# block subroutines are 25% slower than one would expect. Compact
+# functions scale better, because they have pure computational part,
+# which scales perfectly with clock frequency. To be specific
+# ppc_AES_encrypt_compact operates at 42 cycles per byte, while
+# ppc_AES_decrypt_compact - at 55 (in 64-bit build).
+
 $flavour = shift;
 
 if ($flavour =~ /64/) {
@@ -376,7 +389,7 @@ $code.=<<___;
         addi    $sp,$sp,$FRAME
         blr
 
-.align  4
+.align  5
 Lppc_AES_encrypt:
         lwz     $acc00,240($key)
         lwz     $t0,0($key)
@@ -397,46 +410,46 @@ Lppc_AES_encrypt:
 Lenc_loop:
         rlwinm  $acc00,$s0,`32-24+3`,21,28
         rlwinm  $acc01,$s1,`32-24+3`,21,28
-        lwz     $t0,0($key)
-        lwz     $t1,4($key)
         rlwinm  $acc02,$s2,`32-24+3`,21,28
         rlwinm  $acc03,$s3,`32-24+3`,21,28
-        lwz     $t2,8($key)
-        lwz     $t3,12($key)
+        lwz     $t0,0($key)
+        lwz     $t1,4($key)
         rlwinm  $acc04,$s1,`32-16+3`,21,28
         rlwinm  $acc05,$s2,`32-16+3`,21,28
-        lwzx    $acc00,$Tbl0,$acc00
-        lwzx    $acc01,$Tbl0,$acc01
+        lwz     $t2,8($key)
+        lwz     $t3,12($key)
         rlwinm  $acc06,$s3,`32-16+3`,21,28
         rlwinm  $acc07,$s0,`32-16+3`,21,28
-        lwzx    $acc02,$Tbl0,$acc02
-        lwzx    $acc03,$Tbl0,$acc03
+        lwzx    $acc00,$Tbl0,$acc00
+        lwzx    $acc01,$Tbl0,$acc01
         rlwinm  $acc08,$s2,`32-8+3`,21,28
         rlwinm  $acc09,$s3,`32-8+3`,21,28
-        lwzx    $acc04,$Tbl1,$acc04
-        lwzx    $acc05,$Tbl1,$acc05
+        lwzx    $acc02,$Tbl0,$acc02
+        lwzx    $acc03,$Tbl0,$acc03
         rlwinm  $acc10,$s0,`32-8+3`,21,28
         rlwinm  $acc11,$s1,`32-8+3`,21,28
-        lwzx    $acc06,$Tbl1,$acc06
-        lwzx    $acc07,$Tbl1,$acc07
+        lwzx    $acc04,$Tbl1,$acc04
+        lwzx    $acc05,$Tbl1,$acc05
         rlwinm  $acc12,$s3,`0+3`,21,28
         rlwinm  $acc13,$s0,`0+3`,21,28
-        lwzx    $acc08,$Tbl2,$acc08
-        lwzx    $acc09,$Tbl2,$acc09
+        lwzx    $acc06,$Tbl1,$acc06
+        lwzx    $acc07,$Tbl1,$acc07
         rlwinm  $acc14,$s1,`0+3`,21,28
         rlwinm  $acc15,$s2,`0+3`,21,28
-        lwzx    $acc10,$Tbl2,$acc10
-        lwzx    $acc11,$Tbl2,$acc11
+        lwzx    $acc08,$Tbl2,$acc08
+        lwzx    $acc09,$Tbl2,$acc09
         xor     $t0,$t0,$acc00
         xor     $t1,$t1,$acc01
-        lwzx    $acc12,$Tbl3,$acc12
-        lwzx    $acc13,$Tbl3,$acc13
+        lwzx    $acc10,$Tbl2,$acc10
+        lwzx    $acc11,$Tbl2,$acc11
         xor     $t2,$t2,$acc02
         xor     $t3,$t3,$acc03
-        lwzx    $acc14,$Tbl3,$acc14
-        lwzx    $acc15,$Tbl3,$acc15
+        lwzx    $acc12,$Tbl3,$acc12
+        lwzx    $acc13,$Tbl3,$acc13
         xor     $t0,$t0,$acc04
         xor     $t1,$t1,$acc05
+        lwzx    $acc14,$Tbl3,$acc14
+        lwzx    $acc15,$Tbl3,$acc15
         xor     $t2,$t2,$acc06
         xor     $t3,$t3,$acc07
         xor     $t0,$t0,$acc08
@@ -452,60 +465,60 @@ Lenc_loop:
 
         addi    $Tbl2,$Tbl0,2048
         nop
-        lwz     $acc08,`2048+0`($Tbl0)  ! prefetch Te4
-        lwz     $acc09,`2048+32`($Tbl0)
-        lwz     $acc10,`2048+64`($Tbl0)
-        lwz     $acc11,`2048+96`($Tbl0)
-        lwz     $acc08,`2048+128`($Tbl0)
-        lwz     $acc09,`2048+160`($Tbl0)
-        lwz     $acc10,`2048+192`($Tbl0)
-        lwz     $acc11,`2048+224`($Tbl0)
-        rlwinm  $acc00,$s0,`32-24`,24,31
-        rlwinm  $acc01,$s1,`32-24`,24,31
         lwz     $t0,0($key)
         lwz     $t1,4($key)
-        rlwinm  $acc02,$s2,`32-24`,24,31
-        rlwinm  $acc03,$s3,`32-24`,24,31
+        rlwinm  $acc00,$s0,`32-24`,24,31
+        rlwinm  $acc01,$s1,`32-24`,24,31
         lwz     $t2,8($key)
         lwz     $t3,12($key)
+        rlwinm  $acc02,$s2,`32-24`,24,31
+        rlwinm  $acc03,$s3,`32-24`,24,31
+        lwz     $acc08,`2048+0`($Tbl0)  ! prefetch Te4
+        lwz     $acc09,`2048+32`($Tbl0)
         rlwinm  $acc04,$s1,`32-16`,24,31
         rlwinm  $acc05,$s2,`32-16`,24,31
-        lbzx    $acc00,$Tbl2,$acc00
-        lbzx    $acc01,$Tbl2,$acc01
+        lwz     $acc10,`2048+64`($Tbl0)
+        lwz     $acc11,`2048+96`($Tbl0)
         rlwinm  $acc06,$s3,`32-16`,24,31
         rlwinm  $acc07,$s0,`32-16`,24,31
-        lbzx    $acc02,$Tbl2,$acc02
-        lbzx    $acc03,$Tbl2,$acc03
+        lwz     $acc12,`2048+128`($Tbl0)
+        lwz     $acc13,`2048+160`($Tbl0)
         rlwinm  $acc08,$s2,`32-8`,24,31
         rlwinm  $acc09,$s3,`32-8`,24,31
-        lbzx    $acc04,$Tbl2,$acc04
-        lbzx    $acc05,$Tbl2,$acc05
+        lwz     $acc14,`2048+192`($Tbl0)
+        lwz     $acc15,`2048+224`($Tbl0)
         rlwinm  $acc10,$s0,`32-8`,24,31
         rlwinm  $acc11,$s1,`32-8`,24,31
-        lbzx    $acc06,$Tbl2,$acc06
-        lbzx    $acc07,$Tbl2,$acc07
+        lbzx    $acc00,$Tbl2,$acc00
+        lbzx    $acc01,$Tbl2,$acc01
         rlwinm  $acc12,$s3,`0`,24,31
         rlwinm  $acc13,$s0,`0`,24,31
-        lbzx    $acc08,$Tbl2,$acc08
-        lbzx    $acc09,$Tbl2,$acc09
+        lbzx    $acc02,$Tbl2,$acc02
+        lbzx    $acc03,$Tbl2,$acc03
         rlwinm  $acc14,$s1,`0`,24,31
         rlwinm  $acc15,$s2,`0`,24,31
-        lbzx    $acc10,$Tbl2,$acc10
-        lbzx    $acc11,$Tbl2,$acc11
+        lbzx    $acc04,$Tbl2,$acc04
+        lbzx    $acc05,$Tbl2,$acc05
         rlwinm  $s0,$acc00,24,0,7
         rlwinm  $s1,$acc01,24,0,7
-        lbzx    $acc12,$Tbl2,$acc12
-        lbzx    $acc13,$Tbl2,$acc13
+        lbzx    $acc06,$Tbl2,$acc06
+        lbzx    $acc07,$Tbl2,$acc07
         rlwinm  $s2,$acc02,24,0,7
         rlwinm  $s3,$acc03,24,0,7
-        lbzx    $acc14,$Tbl2,$acc14
-        lbzx    $acc15,$Tbl2,$acc15
+        lbzx    $acc08,$Tbl2,$acc08
+        lbzx    $acc09,$Tbl2,$acc09
         rlwimi  $s0,$acc04,16,8,15
         rlwimi  $s1,$acc05,16,8,15
+        lbzx    $acc10,$Tbl2,$acc10
+        lbzx    $acc11,$Tbl2,$acc11
         rlwimi  $s2,$acc06,16,8,15
         rlwimi  $s3,$acc07,16,8,15
+        lbzx    $acc12,$Tbl2,$acc12
+        lbzx    $acc13,$Tbl2,$acc13
         rlwimi  $s0,$acc08,8,16,23
         rlwimi  $s1,$acc09,8,16,23
+        lbzx    $acc14,$Tbl2,$acc14
+        lbzx    $acc15,$Tbl2,$acc15
         rlwimi  $s2,$acc10,8,16,23
         rlwimi  $s3,$acc11,8,16,23
         or      $s0,$s0,$acc12
@@ -542,40 +555,40 @@ Lenc_compact_loop:
         rlwinm  $acc01,$s1,`32-24`,24,31
         rlwinm  $acc02,$s2,`32-24`,24,31
         rlwinm  $acc03,$s3,`32-24`,24,31
-        lbzx    $acc00,$Tbl1,$acc00
-        lbzx    $acc01,$Tbl1,$acc01
         rlwinm  $acc04,$s1,`32-16`,24,31
         rlwinm  $acc05,$s2,`32-16`,24,31
-        lbzx    $acc02,$Tbl1,$acc02
-        lbzx    $acc03,$Tbl1,$acc03
         rlwinm  $acc06,$s3,`32-16`,24,31
         rlwinm  $acc07,$s0,`32-16`,24,31
-        lbzx    $acc04,$Tbl1,$acc04
-        lbzx    $acc05,$Tbl1,$acc05
+        lbzx    $acc00,$Tbl1,$acc00
+        lbzx    $acc01,$Tbl1,$acc01
         rlwinm  $acc08,$s2,`32-8`,24,31
         rlwinm  $acc09,$s3,`32-8`,24,31
-        lbzx    $acc06,$Tbl1,$acc06
-        lbzx    $acc07,$Tbl1,$acc07
+        lbzx    $acc02,$Tbl1,$acc02
+        lbzx    $acc03,$Tbl1,$acc03
         rlwinm  $acc10,$s0,`32-8`,24,31
         rlwinm  $acc11,$s1,`32-8`,24,31
-        lbzx    $acc08,$Tbl1,$acc08
-        lbzx    $acc09,$Tbl1,$acc09
+        lbzx    $acc04,$Tbl1,$acc04
+        lbzx    $acc05,$Tbl1,$acc05
         rlwinm  $acc12,$s3,`0`,24,31
         rlwinm  $acc13,$s0,`0`,24,31
-        lbzx    $acc10,$Tbl1,$acc10
-        lbzx    $acc11,$Tbl1,$acc11
+        lbzx    $acc06,$Tbl1,$acc06
+        lbzx    $acc07,$Tbl1,$acc07
         rlwinm  $acc14,$s1,`0`,24,31
         rlwinm  $acc15,$s2,`0`,24,31
-        lbzx    $acc12,$Tbl1,$acc12
-        lbzx    $acc13,$Tbl1,$acc13
+        lbzx    $acc08,$Tbl1,$acc08
+        lbzx    $acc09,$Tbl1,$acc09
         rlwinm  $s0,$acc00,24,0,7
         rlwinm  $s1,$acc01,24,0,7
-        lbzx    $acc14,$Tbl1,$acc14
-        lbzx    $acc15,$Tbl1,$acc15
+        lbzx    $acc10,$Tbl1,$acc10
+        lbzx    $acc11,$Tbl1,$acc11
         rlwinm  $s2,$acc02,24,0,7
         rlwinm  $s3,$acc03,24,0,7
+        lbzx    $acc12,$Tbl1,$acc12
+        lbzx    $acc13,$Tbl1,$acc13
         rlwimi  $s0,$acc04,16,8,15
         rlwimi  $s1,$acc05,16,8,15
+        lbzx    $acc14,$Tbl1,$acc14
+        lbzx    $acc15,$Tbl1,$acc15
         rlwimi  $s2,$acc06,16,8,15
         rlwimi  $s3,$acc07,16,8,15
         rlwimi  $s0,$acc08,8,16,23
@@ -725,7 +738,7 @@ Lenc_compact_done:
         addi    $sp,$sp,$FRAME
         blr
 
-.align  4
+.align  5
 Lppc_AES_decrypt:
         lwz     $acc00,240($key)
         lwz     $t0,0($key)
@@ -746,46 +759,46 @@ Lppc_AES_decrypt:
 Ldec_loop:
         rlwinm  $acc00,$s0,`32-24+3`,21,28
         rlwinm  $acc01,$s1,`32-24+3`,21,28
-        lwz     $t0,0($key)
-        lwz     $t1,4($key)
         rlwinm  $acc02,$s2,`32-24+3`,21,28
         rlwinm  $acc03,$s3,`32-24+3`,21,28
-        lwz     $t2,8($key)
-        lwz     $t3,12($key)
+        lwz     $t0,0($key)
+        lwz     $t1,4($key)
         rlwinm  $acc04,$s3,`32-16+3`,21,28
         rlwinm  $acc05,$s0,`32-16+3`,21,28
-        lwzx    $acc00,$Tbl0,$acc00
-        lwzx    $acc01,$Tbl0,$acc01
+        lwz     $t2,8($key)
+        lwz     $t3,12($key)
         rlwinm  $acc06,$s1,`32-16+3`,21,28
         rlwinm  $acc07,$s2,`32-16+3`,21,28
-        lwzx    $acc02,$Tbl0,$acc02
-        lwzx    $acc03,$Tbl0,$acc03
+        lwzx    $acc00,$Tbl0,$acc00
+        lwzx    $acc01,$Tbl0,$acc01
         rlwinm  $acc08,$s2,`32-8+3`,21,28
         rlwinm  $acc09,$s3,`32-8+3`,21,28
-        lwzx    $acc04,$Tbl1,$acc04
-        lwzx    $acc05,$Tbl1,$acc05
+        lwzx    $acc02,$Tbl0,$acc02
+        lwzx    $acc03,$Tbl0,$acc03
         rlwinm  $acc10,$s0,`32-8+3`,21,28
         rlwinm  $acc11,$s1,`32-8+3`,21,28
-        lwzx    $acc06,$Tbl1,$acc06
-        lwzx    $acc07,$Tbl1,$acc07
+        lwzx    $acc04,$Tbl1,$acc04
+        lwzx    $acc05,$Tbl1,$acc05
         rlwinm  $acc12,$s1,`0+3`,21,28
         rlwinm  $acc13,$s2,`0+3`,21,28
-        lwzx    $acc08,$Tbl2,$acc08
-        lwzx    $acc09,$Tbl2,$acc09
+        lwzx    $acc06,$Tbl1,$acc06
+        lwzx    $acc07,$Tbl1,$acc07
         rlwinm  $acc14,$s3,`0+3`,21,28
         rlwinm  $acc15,$s0,`0+3`,21,28
-        lwzx    $acc10,$Tbl2,$acc10
-        lwzx    $acc11,$Tbl2,$acc11
+        lwzx    $acc08,$Tbl2,$acc08
+        lwzx    $acc09,$Tbl2,$acc09
         xor     $t0,$t0,$acc00
         xor     $t1,$t1,$acc01
-        lwzx    $acc12,$Tbl3,$acc12
-        lwzx    $acc13,$Tbl3,$acc13
+        lwzx    $acc10,$Tbl2,$acc10
+        lwzx    $acc11,$Tbl2,$acc11
         xor     $t2,$t2,$acc02
         xor     $t3,$t3,$acc03
-        lwzx    $acc14,$Tbl3,$acc14
-        lwzx    $acc15,$Tbl3,$acc15
+        lwzx    $acc12,$Tbl3,$acc12
+        lwzx    $acc13,$Tbl3,$acc13
         xor     $t0,$t0,$acc04
         xor     $t1,$t1,$acc05
+        lwzx    $acc14,$Tbl3,$acc14
+        lwzx    $acc15,$Tbl3,$acc15
         xor     $t2,$t2,$acc06
         xor     $t3,$t3,$acc07
         xor     $t0,$t0,$acc08
@@ -801,56 +814,56 @@ Ldec_loop:
 
         addi    $Tbl2,$Tbl0,2048
         nop
-        lwz     $acc08,`2048+0`($Tbl0)  ! prefetch Td4
-        lwz     $acc09,`2048+32`($Tbl0)
-        lwz     $acc10,`2048+64`($Tbl0)
-        lwz     $acc11,`2048+96`($Tbl0)
-        lwz     $acc08,`2048+128`($Tbl0)
-        lwz     $acc09,`2048+160`($Tbl0)
-        lwz     $acc10,`2048+192`($Tbl0)
-        lwz     $acc11,`2048+224`($Tbl0)
-        rlwinm  $acc00,$s0,`32-24`,24,31
-        rlwinm  $acc01,$s1,`32-24`,24,31
         lwz     $t0,0($key)
         lwz     $t1,4($key)
-        rlwinm  $acc02,$s2,`32-24`,24,31
-        rlwinm  $acc03,$s3,`32-24`,24,31
+        rlwinm  $acc00,$s0,`32-24`,24,31
+        rlwinm  $acc01,$s1,`32-24`,24,31
         lwz     $t2,8($key)
         lwz     $t3,12($key)
+        rlwinm  $acc02,$s2,`32-24`,24,31
+        rlwinm  $acc03,$s3,`32-24`,24,31
+        lwz     $acc08,`2048+0`($Tbl0)  ! prefetch Td4
+        lwz     $acc09,`2048+32`($Tbl0)
         rlwinm  $acc04,$s3,`32-16`,24,31
         rlwinm  $acc05,$s0,`32-16`,24,31
+        lwz     $acc10,`2048+64`($Tbl0)
+        lwz     $acc11,`2048+96`($Tbl0)
         lbzx    $acc00,$Tbl2,$acc00
         lbzx    $acc01,$Tbl2,$acc01
+        lwz     $acc12,`2048+128`($Tbl0)
+        lwz     $acc13,`2048+160`($Tbl0)
         rlwinm  $acc06,$s1,`32-16`,24,31
         rlwinm  $acc07,$s2,`32-16`,24,31
-        lbzx    $acc02,$Tbl2,$acc02
-        lbzx    $acc03,$Tbl2,$acc03
+        lwz     $acc14,`2048+192`($Tbl0)
+        lwz     $acc15,`2048+224`($Tbl0)
         rlwinm  $acc08,$s2,`32-8`,24,31
         rlwinm  $acc09,$s3,`32-8`,24,31
-        lbzx    $acc04,$Tbl2,$acc04
-        lbzx    $acc05,$Tbl2,$acc05
+        lbzx    $acc02,$Tbl2,$acc02
+        lbzx    $acc03,$Tbl2,$acc03
         rlwinm  $acc10,$s0,`32-8`,24,31
         rlwinm  $acc11,$s1,`32-8`,24,31
-        lbzx    $acc06,$Tbl2,$acc06
-        lbzx    $acc07,$Tbl2,$acc07
+        lbzx    $acc04,$Tbl2,$acc04
+        lbzx    $acc05,$Tbl2,$acc05
         rlwinm  $acc12,$s1,`0`,24,31
         rlwinm  $acc13,$s2,`0`,24,31
-        lbzx    $acc08,$Tbl2,$acc08
-        lbzx    $acc09,$Tbl2,$acc09
+        lbzx    $acc06,$Tbl2,$acc06
+        lbzx    $acc07,$Tbl2,$acc07
         rlwinm  $acc14,$s3,`0`,24,31
         rlwinm  $acc15,$s0,`0`,24,31
-        lbzx    $acc10,$Tbl2,$acc10
-        lbzx    $acc11,$Tbl2,$acc11
+        lbzx    $acc08,$Tbl2,$acc08
+        lbzx    $acc09,$Tbl2,$acc09
         rlwinm  $s0,$acc00,24,0,7
         rlwinm  $s1,$acc01,24,0,7
-        lbzx    $acc12,$Tbl2,$acc12
-        lbzx    $acc13,$Tbl2,$acc13
+        lbzx    $acc10,$Tbl2,$acc10
+        lbzx    $acc11,$Tbl2,$acc11
         rlwinm  $s2,$acc02,24,0,7
         rlwinm  $s3,$acc03,24,0,7
-        lbzx    $acc14,$Tbl2,$acc14
-        lbzx    $acc15,$Tbl2,$acc15
+        lbzx    $acc12,$Tbl2,$acc12
+        lbzx    $acc13,$Tbl2,$acc13
         rlwimi  $s0,$acc04,16,8,15
         rlwimi  $s1,$acc05,16,8,15
+        lbzx    $acc14,$Tbl2,$acc14
+        lbzx    $acc15,$Tbl2,$acc15
         rlwimi  $s2,$acc06,16,8,15
         rlwimi  $s3,$acc07,16,8,15
         rlwimi  $s0,$acc08,8,16,23
@@ -897,40 +910,40 @@ Ldec_compact_loop:
         rlwinm  $acc01,$s1,`32-24`,24,31
         rlwinm  $acc02,$s2,`32-24`,24,31
         rlwinm  $acc03,$s3,`32-24`,24,31
-        lbzx    $acc00,$Tbl1,$acc00
-        lbzx    $acc01,$Tbl1,$acc01
         rlwinm  $acc04,$s3,`32-16`,24,31
         rlwinm  $acc05,$s0,`32-16`,24,31
-        lbzx    $acc02,$Tbl1,$acc02
-        lbzx    $acc03,$Tbl1,$acc03
         rlwinm  $acc06,$s1,`32-16`,24,31
         rlwinm  $acc07,$s2,`32-16`,24,31
-        lbzx    $acc04,$Tbl1,$acc04
-        lbzx    $acc05,$Tbl1,$acc05
+        lbzx    $acc00,$Tbl1,$acc00
+        lbzx    $acc01,$Tbl1,$acc01
         rlwinm  $acc08,$s2,`32-8`,24,31
         rlwinm  $acc09,$s3,`32-8`,24,31
-        lbzx    $acc06,$Tbl1,$acc06
-        lbzx    $acc07,$Tbl1,$acc07
+        lbzx    $acc02,$Tbl1,$acc02
+        lbzx    $acc03,$Tbl1,$acc03
         rlwinm  $acc10,$s0,`32-8`,24,31
         rlwinm  $acc11,$s1,`32-8`,24,31
-        lbzx    $acc08,$Tbl1,$acc08
-        lbzx    $acc09,$Tbl1,$acc09
+        lbzx    $acc04,$Tbl1,$acc04
+        lbzx    $acc05,$Tbl1,$acc05
         rlwinm  $acc12,$s1,`0`,24,31
         rlwinm  $acc13,$s2,`0`,24,31
-        lbzx    $acc10,$Tbl1,$acc10
-        lbzx    $acc11,$Tbl1,$acc11
+        lbzx    $acc06,$Tbl1,$acc06
+        lbzx    $acc07,$Tbl1,$acc07
         rlwinm  $acc14,$s3,`0`,24,31
         rlwinm  $acc15,$s0,`0`,24,31
-        lbzx    $acc12,$Tbl1,$acc12
-        lbzx    $acc13,$Tbl1,$acc13
+        lbzx    $acc08,$Tbl1,$acc08
+        lbzx    $acc09,$Tbl1,$acc09
         rlwinm  $s0,$acc00,24,0,7
         rlwinm  $s1,$acc01,24,0,7
-        lbzx    $acc14,$Tbl1,$acc14
-        lbzx    $acc15,$Tbl1,$acc15
+        lbzx    $acc10,$Tbl1,$acc10
+        lbzx    $acc11,$Tbl1,$acc11
         rlwinm  $s2,$acc02,24,0,7
         rlwinm  $s3,$acc03,24,0,7
+        lbzx    $acc12,$Tbl1,$acc12
+        lbzx    $acc13,$Tbl1,$acc13
         rlwimi  $s0,$acc04,16,8,15
         rlwimi  $s1,$acc05,16,8,15
+        lbzx    $acc14,$Tbl1,$acc14
+        lbzx    $acc15,$Tbl1,$acc15
         rlwimi  $s2,$acc06,16,8,15
         rlwimi  $s3,$acc07,16,8,15
         rlwimi  $s0,$acc08,8,16,23
diff --git a/src/lib/libcrypto/aes/asm/aes-s390x.pl b/src/lib/libcrypto/aes/asm/aes-s390x.pl
index 4b27afd92f..7e01889298 100644
--- a/src/lib/libcrypto/aes/asm/aes-s390x.pl
+++ b/src/lib/libcrypto/aes/asm/aes-s390x.pl
@@ -765,6 +765,11 @@ $code.=<<___ if (!$softonly);
         srl     %r5,6
         ar      %r5,%r0
 
+        larl    %r1,OPENSSL_s390xcap_P
+        lg      %r0,0(%r1)
+        tmhl    %r0,0x4000      # check for message-security assist
+        jz      .Lekey_internal
+
         lghi    %r0,0           # query capability vector
         la      %r1,16($sp)
         .long   0xb92f0042      # kmc %r4,%r2
@@ -1323,6 +1328,7 @@ $code.=<<___;
 4:      ex      $len,0($s1)
         j       .Lcbc_dec_exit
 .size   AES_cbc_encrypt,.-AES_cbc_encrypt
+.comm  OPENSSL_s390xcap_P,8,8
 ___
 }
 $code.=<<___;
diff --git a/src/lib/libcrypto/aes/asm/aes-x86_64.pl b/src/lib/libcrypto/aes/asm/aes-x86_64.pl
index f616f1751f..a545e892ae 100755
--- a/src/lib/libcrypto/aes/asm/aes-x86_64.pl
+++ b/src/lib/libcrypto/aes/asm/aes-x86_64.pl
@@ -2,11 +2,12 @@
 #
 # ====================================================================
 # Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. Rights for redistribution and usage in source and binary
-# forms are granted according to the OpenSSL license.
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
 # ====================================================================
 #
-# Version 1.2.
+# Version 2.1.
 #
 # aes-*-cbc benchmarks are improved by >70% [compared to gcc 3.3.2 on
 # Opteron 240 CPU] plus all the bells-n-whistles from 32-bit version
@@ -17,17 +18,29 @@
 #
 # Performance in number of cycles per processed byte for 128-bit key:
 #
-#               ECB             CBC encrypt
-# AMD64         13.7            13.0(*)
-# EM64T         20.2            18.6(*)
+#               ECB encrypt     ECB decrypt     CBC large chunk
+# AMD64         33              41              13.0
+# EM64T         38              59              18.6(*)
+# Core 2        30              43              14.5(*)
 #
-# (*)   CBC benchmarks are better than ECB thanks to custom ABI used
-#       by the private block encryption function.
+# (*) with hyper-threading off
+
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+open STDOUT,"| $^X $xlate $flavour $output";
 
 $verticalspin=1;        # unlike 32-bit version $verticalspin performs
                         # ~15% better on both AMD and Intel cores
-$output=shift;
-open STDOUT,"| $^X ../perlasm/x86_64-xlate.pl $output";
+$speed_limit=512;       # see aes-586.pl for details
 
 $code=".text\n";
 
@@ -35,9 +48,9 @@ $s0="%eax";
 $s1="%ebx";
 $s2="%ecx";
 $s3="%edx";
-$acc0="%esi";
-$acc1="%edi";
-$acc2="%ebp";
+$acc0="%esi";   $mask80="%rsi";
+$acc1="%edi";   $maskfe="%rdi";
+$acc2="%ebp";   $mask1b="%rbp";
 $inp="%r8";
 $out="%r9";
 $t0="%r10d";
@@ -51,6 +64,8 @@ sub hi() { my $r=shift;	$r =~ s/%[er]([a-d])x/%\1h/;	$r; }
 sub lo() { my $r=shift; $r =~ s/%[er]([a-d])x/%\1l/;
                         $r =~ s/%[er]([sd]i)/%\1l/;
                         $r =~ s/%(r[0-9]+)[d]?/%\1b/;   $r; }
+sub LO() { my $r=shift; $r =~ s/%r([a-z]+)/%e\1/;
+                        $r =~ s/%r([0-9]+)/%r\1d/;      $r; }
 sub _data_word()
 { my $i;
     while(defined($i=shift)) { $code.=sprintf".long\t0x%08x,0x%08x\n",$i,$i; }
@@ -138,22 +153,17 @@ $code.=<<___;
         movzb   `&lo("$s0")`,$acc0
         movzb   `&lo("$s1")`,$acc1
         movzb   `&lo("$s2")`,$acc2
-        mov     2($sbox,$acc0,8),$t0
-        mov     2($sbox,$acc1,8),$t1
-        mov     2($sbox,$acc2,8),$t2
-
-        and     \$0x000000ff,$t0
-        and     \$0x000000ff,$t1
-        and     \$0x000000ff,$t2
+        movzb   2($sbox,$acc0,8),$t0
+        movzb   2($sbox,$acc1,8),$t1
+        movzb   2($sbox,$acc2,8),$t2
 
         movzb   `&lo("$s3")`,$acc0
         movzb   `&hi("$s1")`,$acc1
         movzb   `&hi("$s2")`,$acc2
-        mov     2($sbox,$acc0,8),$t3
+        movzb   2($sbox,$acc0,8),$t3
         mov     0($sbox,$acc1,8),$acc1  #$t0
         mov     0($sbox,$acc2,8),$acc2  #$t1
 
-        and     \$0x000000ff,$t3
         and     \$0x0000ff00,$acc1
         and     \$0x0000ff00,$acc2
 
@@ -345,6 +355,234 @@ $code.=<<___;
 .size   _x86_64_AES_encrypt,.-_x86_64_AES_encrypt
 ___
 
+# it's possible to implement this by shifting tN by 8, filling least
+# significant byte with byte load and finally bswap-ing at the end,
+# but such partial register load kills Core 2...
+sub enccompactvert()
+{ my ($t3,$t4,$t5)=("%r8d","%r9d","%r13d");
+
+$code.=<<___;
+        movzb   `&lo("$s0")`,$t0
+        movzb   `&lo("$s1")`,$t1
+        movzb   `&lo("$s2")`,$t2
+        movzb   ($sbox,$t0,1),$t0
+        movzb   ($sbox,$t1,1),$t1
+        movzb   ($sbox,$t2,1),$t2
+
+        movzb   `&lo("$s3")`,$t3
+        movzb   `&hi("$s1")`,$acc0
+        movzb   `&hi("$s2")`,$acc1
+        movzb   ($sbox,$t3,1),$t3
+        movzb   ($sbox,$acc0,1),$t4     #$t0
+        movzb   ($sbox,$acc1,1),$t5     #$t1
+
+        movzb   `&hi("$s3")`,$acc2
+        movzb   `&hi("$s0")`,$acc0
+        shr     \$16,$s2
+        movzb   ($sbox,$acc2,1),$acc2   #$t2
+        movzb   ($sbox,$acc0,1),$acc0   #$t3
+        shr     \$16,$s3
+
+        movzb   `&lo("$s2")`,$acc1
+        shl     \$8,$t4
+        shl     \$8,$t5
+        movzb   ($sbox,$acc1,1),$acc1   #$t0
+        xor     $t4,$t0
+        xor     $t5,$t1
+
+        movzb   `&lo("$s3")`,$t4
+        shr     \$16,$s0
+        shr     \$16,$s1
+        movzb   `&lo("$s0")`,$t5
+        shl     \$8,$acc2
+        shl     \$8,$acc0
+        movzb   ($sbox,$t4,1),$t4       #$t1
+        movzb   ($sbox,$t5,1),$t5       #$t2
+        xor     $acc2,$t2
+        xor     $acc0,$t3
+
+        movzb   `&lo("$s1")`,$acc2
+        movzb   `&hi("$s3")`,$acc0
+        shl     \$16,$acc1
+        movzb   ($sbox,$acc2,1),$acc2   #$t3
+        movzb   ($sbox,$acc0,1),$acc0   #$t0
+        xor     $acc1,$t0
+
+        movzb   `&hi("$s0")`,$acc1
+        shr     \$8,$s2
+        shr     \$8,$s1
+        movzb   ($sbox,$acc1,1),$acc1   #$t1
+        movzb   ($sbox,$s2,1),$s3       #$t3
+        movzb   ($sbox,$s1,1),$s2       #$t2
+        shl     \$16,$t4
+        shl     \$16,$t5
+        shl     \$16,$acc2
+        xor     $t4,$t1
+        xor     $t5,$t2
+        xor     $acc2,$t3
+
+        shl     \$24,$acc0
+        shl     \$24,$acc1
+        shl     \$24,$s3
+        xor     $acc0,$t0
+        shl     \$24,$s2
+        xor     $acc1,$t1
+        mov     $t0,$s0
+        mov     $t1,$s1
+        xor     $t2,$s2
+        xor     $t3,$s3
+___
+}
+
+sub enctransform_ref()
+{ my $sn = shift;
+  my ($acc,$r2,$tmp)=("%r8d","%r9d","%r13d");
+
+$code.=<<___;
+        mov     $sn,$acc
+        and     \$0x80808080,$acc
+        mov     $acc,$tmp
+        shr     \$7,$tmp
+        lea     ($sn,$sn),$r2
+        sub     $tmp,$acc
+        and     \$0xfefefefe,$r2
+        and     \$0x1b1b1b1b,$acc
+        mov     $sn,$tmp
+        xor     $acc,$r2
+
+        xor     $r2,$sn
+        rol     \$24,$sn
+        xor     $r2,$sn
+        ror     \$16,$tmp
+        xor     $tmp,$sn
+        ror     \$8,$tmp
+        xor     $tmp,$sn
+___
+}
+
+# unlike decrypt case it does not pay off to parallelize enctransform
+sub enctransform()
+{ my ($t3,$r20,$r21)=($acc2,"%r8d","%r9d");
+
+$code.=<<___;
+        mov     $s0,$acc0
+        mov     $s1,$acc1
+        and     \$0x80808080,$acc0
+        and     \$0x80808080,$acc1
+        mov     $acc0,$t0
+        mov     $acc1,$t1
+        shr     \$7,$t0
+        lea     ($s0,$s0),$r20
+        shr     \$7,$t1
+        lea     ($s1,$s1),$r21
+        sub     $t0,$acc0
+        sub     $t1,$acc1
+        and     \$0xfefefefe,$r20
+        and     \$0xfefefefe,$r21
+        and     \$0x1b1b1b1b,$acc0
+        and     \$0x1b1b1b1b,$acc1
+        mov     $s0,$t0
+        mov     $s1,$t1
+        xor     $acc0,$r20
+        xor     $acc1,$r21
+
+        xor     $r20,$s0
+        xor     $r21,$s1
+         mov    $s2,$acc0
+         mov    $s3,$acc1
+        rol     \$24,$s0
+        rol     \$24,$s1
+         and    \$0x80808080,$acc0
+         and    \$0x80808080,$acc1
+        xor     $r20,$s0
+        xor     $r21,$s1
+         mov    $acc0,$t2
+         mov    $acc1,$t3
+        ror     \$16,$t0
+        ror     \$16,$t1
+         shr    \$7,$t2
+         lea    ($s2,$s2),$r20
+        xor     $t0,$s0
+        xor     $t1,$s1
+         shr    \$7,$t3
+         lea    ($s3,$s3),$r21
+        ror     \$8,$t0
+        ror     \$8,$t1
+         sub    $t2,$acc0
+         sub    $t3,$acc1
+        xor     $t0,$s0
+        xor     $t1,$s1
+
+        and     \$0xfefefefe,$r20
+        and     \$0xfefefefe,$r21
+        and     \$0x1b1b1b1b,$acc0
+        and     \$0x1b1b1b1b,$acc1
+        mov     $s2,$t2
+        mov     $s3,$t3
+        xor     $acc0,$r20
+        xor     $acc1,$r21
+
+        xor     $r20,$s2
+        xor     $r21,$s3
+        rol     \$24,$s2
+        rol     \$24,$s3
+        xor     $r20,$s2
+        xor     $r21,$s3
+        mov     0($sbox),$acc0                  # prefetch Te4
+        ror     \$16,$t2
+        ror     \$16,$t3
+        mov     64($sbox),$acc1
+        xor     $t2,$s2
+        xor     $t3,$s3
+        mov     128($sbox),$r20
+        ror     \$8,$t2
+        ror     \$8,$t3
+        mov     192($sbox),$r21
+        xor     $t2,$s2
+        xor     $t3,$s3
+___
+}
+
+$code.=<<___;
+.type   _x86_64_AES_encrypt_compact,\@abi-omnipotent
+.align  16
+_x86_64_AES_encrypt_compact:
+        lea     128($sbox),$inp                 # size optimization
+        mov     0-128($inp),$acc1               # prefetch Te4
+        mov     32-128($inp),$acc2
+        mov     64-128($inp),$t0
+        mov     96-128($inp),$t1
+        mov     128-128($inp),$acc1
+        mov     160-128($inp),$acc2
+        mov     192-128($inp),$t0
+        mov     224-128($inp),$t1
+        jmp     .Lenc_loop_compact
+.align  16
+.Lenc_loop_compact:
+                xor     0($key),$s0             # xor with key
+                xor     4($key),$s1
+                xor     8($key),$s2
+                xor     12($key),$s3
+                lea     16($key),$key
+___
+                &enccompactvert();
+$code.=<<___;
+                cmp     16(%rsp),$key
+                je      .Lenc_compact_done
+___
+                &enctransform();
+$code.=<<___;
+        jmp     .Lenc_loop_compact
+.align  16
+.Lenc_compact_done:
+        xor     0($key),$s0
+        xor     4($key),$s1
+        xor     8($key),$s2
+        xor     12($key),$s3
+        .byte   0xf3,0xc3                       # rep ret
+.size   _x86_64_AES_encrypt_compact,.-_x86_64_AES_encrypt_compact
+___
+
 # void AES_encrypt (const void *inp,void *out,const AES_KEY *key);
 $code.=<<___;
 .globl  AES_encrypt
@@ -358,31 +596,57 @@ AES_encrypt:
         push    %r14
         push    %r15
 
-        mov     %rdx,$key
-        mov     %rdi,$inp
-        mov     %rsi,$out
-
-        .picmeup        $sbox
-        lea     AES_Te-.($sbox),$sbox
-
-        mov     0($inp),$s0
-        mov     4($inp),$s1
-        mov     8($inp),$s2
-        mov     12($inp),$s3
+        # allocate frame "above" key schedule
+        mov     %rsp,%r10
+        lea     -63(%rdx),%rcx  # %rdx is key argument
+        and     \$-64,%rsp
+        sub     %rsp,%rcx
+        neg     %rcx
+        and     \$0x3c0,%rcx
+        sub     %rcx,%rsp
+        sub     \$32,%rsp
 
-        call    _x86_64_AES_encrypt
+        mov     %rsi,16(%rsp)   # save out
+        mov     %r10,24(%rsp)   # save real stack pointer
+.Lenc_prologue:
 
-        mov     $s0,0($out)
+        mov     %rdx,$key
+        mov     240($key),$rnds # load rounds
+
+        mov     0(%rdi),$s0     # load input vector
+        mov     4(%rdi),$s1
+        mov     8(%rdi),$s2
+        mov     12(%rdi),$s3
+
+        shl     \$4,$rnds
+        lea     ($key,$rnds),%rbp
+        mov     $key,(%rsp)     # key schedule
+        mov     %rbp,8(%rsp)    # end of key schedule
+
+        # pick Te4 copy which can't "overlap" with stack frame or key schedule
+        lea     .LAES_Te+2048(%rip),$sbox
+        lea     768(%rsp),%rbp
+        sub     $sbox,%rbp
+        and     \$0x300,%rbp
+        lea     ($sbox,%rbp),$sbox
+
+        call    _x86_64_AES_encrypt_compact
+
+        mov     16(%rsp),$out   # restore out
+        mov     24(%rsp),%rsi   # restore saved stack pointer
+        mov     $s0,0($out)     # write output vector
         mov     $s1,4($out)
         mov     $s2,8($out)
         mov     $s3,12($out)
 
-        pop     %r15
-        pop     %r14
-        pop     %r13
-        pop     %r12
-        pop     %rbp
-        pop     %rbx
+        mov     (%rsi),%r15
+        mov     8(%rsi),%r14
+        mov     16(%rsi),%r13
+        mov     24(%rsi),%r12
+        mov     32(%rsi),%rbp
+        mov     40(%rsi),%rbx
+        lea     48(%rsi),%rsp
+.Lenc_epilogue:
         ret
 .size   AES_encrypt,.-AES_encrypt
 ___
@@ -453,19 +717,20 @@ sub declastvert()
 { my $t3="%r8d";        # zaps $inp!
 
 $code.=<<___;
+        lea     2048($sbox),$sbox       # size optimization
         movzb   `&lo("$s0")`,$acc0
         movzb   `&lo("$s1")`,$acc1
         movzb   `&lo("$s2")`,$acc2
-        movzb   2048($sbox,$acc0,1),$t0
-        movzb   2048($sbox,$acc1,1),$t1
-        movzb   2048($sbox,$acc2,1),$t2
+        movzb   ($sbox,$acc0,1),$t0
+        movzb   ($sbox,$acc1,1),$t1
+        movzb   ($sbox,$acc2,1),$t2
 
         movzb   `&lo("$s3")`,$acc0
         movzb   `&hi("$s3")`,$acc1
         movzb   `&hi("$s0")`,$acc2
-        movzb   2048($sbox,$acc0,1),$t3
-        movzb   2048($sbox,$acc1,1),$acc1       #$t0
-        movzb   2048($sbox,$acc2,1),$acc2       #$t1
+        movzb   ($sbox,$acc0,1),$t3
+        movzb   ($sbox,$acc1,1),$acc1   #$t0
+        movzb   ($sbox,$acc2,1),$acc2   #$t1
 
         shl     \$8,$acc1
         shl     \$8,$acc2
@@ -477,8 +742,8 @@ $code.=<<___;
         movzb   `&hi("$s1")`,$acc0
         movzb   `&hi("$s2")`,$acc1
         shr     \$16,$s0
-        movzb   2048($sbox,$acc0,1),$acc0       #$t2
-        movzb   2048($sbox,$acc1,1),$acc1       #$t3
+        movzb   ($sbox,$acc0,1),$acc0   #$t2
+        movzb   ($sbox,$acc1,1),$acc1   #$t3
 
         shl     \$8,$acc0
         shl     \$8,$acc1
@@ -490,9 +755,9 @@ $code.=<<___;
         movzb   `&lo("$s2")`,$acc0
         movzb   `&lo("$s3")`,$acc1
         movzb   `&lo("$s0")`,$acc2
-        movzb   2048($sbox,$acc0,1),$acc0       #$t0
-        movzb   2048($sbox,$acc1,1),$acc1       #$t1
-        movzb   2048($sbox,$acc2,1),$acc2       #$t2
+        movzb   ($sbox,$acc0,1),$acc0   #$t0
+        movzb   ($sbox,$acc1,1),$acc1   #$t1
+        movzb   ($sbox,$acc2,1),$acc2   #$t2
 
         shl     \$16,$acc0
         shl     \$16,$acc1
@@ -505,9 +770,9 @@ $code.=<<___;
         movzb   `&lo("$s1")`,$acc0
         movzb   `&hi("$s1")`,$acc1
         movzb   `&hi("$s2")`,$acc2
-        movzb   2048($sbox,$acc0,1),$acc0       #$t3
-        movzb   2048($sbox,$acc1,1),$acc1       #$t0
-        movzb   2048($sbox,$acc2,1),$acc2       #$t1
+        movzb   ($sbox,$acc0,1),$acc0   #$t3
+        movzb   ($sbox,$acc1,1),$acc1   #$t0
+        movzb   ($sbox,$acc2,1),$acc2   #$t1
 
         shl     \$16,$acc0
         shl     \$24,$acc1
@@ -520,8 +785,8 @@ $code.=<<___;
         movzb   `&hi("$s3")`,$acc0
         movzb   `&hi("$s0")`,$acc1
         mov     16+12($key),$s3
-        movzb   2048($sbox,$acc0,1),$acc0       #$t2
-        movzb   2048($sbox,$acc1,1),$acc1       #$t3
+        movzb   ($sbox,$acc0,1),$acc0   #$t2
+        movzb   ($sbox,$acc1,1),$acc1   #$t3
         mov     16+0($key),$s0
 
         shl     \$24,$acc0
@@ -532,6 +797,7 @@ $code.=<<___;
 
         mov     16+4($key),$s1
         mov     16+8($key),$s2
+        lea     -2048($sbox),$sbox
         xor     $t0,$s0
         xor     $t1,$s1
         xor     $t2,$s2
@@ -659,6 +925,260 @@ $code.=<<___;
 .size   _x86_64_AES_decrypt,.-_x86_64_AES_decrypt
 ___
 
+sub deccompactvert()
+{ my ($t3,$t4,$t5)=("%r8d","%r9d","%r13d");
+
+$code.=<<___;
+        movzb   `&lo("$s0")`,$t0
+        movzb   `&lo("$s1")`,$t1
+        movzb   `&lo("$s2")`,$t2
+        movzb   ($sbox,$t0,1),$t0
+        movzb   ($sbox,$t1,1),$t1
+        movzb   ($sbox,$t2,1),$t2
+
+        movzb   `&lo("$s3")`,$t3
+        movzb   `&hi("$s3")`,$acc0
+        movzb   `&hi("$s0")`,$acc1
+        movzb   ($sbox,$t3,1),$t3
+        movzb   ($sbox,$acc0,1),$t4     #$t0
+        movzb   ($sbox,$acc1,1),$t5     #$t1
+
+        movzb   `&hi("$s1")`,$acc2
+        movzb   `&hi("$s2")`,$acc0
+        shr     \$16,$s2
+        movzb   ($sbox,$acc2,1),$acc2   #$t2
+        movzb   ($sbox,$acc0,1),$acc0   #$t3
+        shr     \$16,$s3
+
+        movzb   `&lo("$s2")`,$acc1
+        shl     \$8,$t4
+        shl     \$8,$t5
+        movzb   ($sbox,$acc1,1),$acc1   #$t0
+        xor     $t4,$t0
+        xor     $t5,$t1
+
+        movzb   `&lo("$s3")`,$t4
+        shr     \$16,$s0
+        shr     \$16,$s1
+        movzb   `&lo("$s0")`,$t5
+        shl     \$8,$acc2
+        shl     \$8,$acc0
+        movzb   ($sbox,$t4,1),$t4       #$t1
+        movzb   ($sbox,$t5,1),$t5       #$t2
+        xor     $acc2,$t2
+        xor     $acc0,$t3
+
+        movzb   `&lo("$s1")`,$acc2
+        movzb   `&hi("$s1")`,$acc0
+        shl     \$16,$acc1
+        movzb   ($sbox,$acc2,1),$acc2   #$t3
+        movzb   ($sbox,$acc0,1),$acc0   #$t0
+        xor     $acc1,$t0
+
+        movzb   `&hi("$s2")`,$acc1
+        shl     \$16,$t4
+        shl     \$16,$t5
+        movzb   ($sbox,$acc1,1),$s1     #$t1
+        xor     $t4,$t1
+        xor     $t5,$t2
+
+        movzb   `&hi("$s3")`,$acc1
+        shr     \$8,$s0
+        shl     \$16,$acc2
+        movzb   ($sbox,$acc1,1),$s2     #$t2
+        movzb   ($sbox,$s0,1),$s3       #$t3
+        xor     $acc2,$t3
+
+        shl     \$24,$acc0
+        shl     \$24,$s1
+        shl     \$24,$s2
+        xor     $acc0,$t0
+        shl     \$24,$s3
+        xor     $t1,$s1
+        mov     $t0,$s0
+        xor     $t2,$s2
+        xor     $t3,$s3
+___
+}
+
+# parallelized version! input is pair of 64-bit values: %rax=s1.s0
+# and %rcx=s3.s2, output is four 32-bit values in %eax=s0, %ebx=s1,
+# %ecx=s2 and %edx=s3.
+sub dectransform()
+{ my ($tp10,$tp20,$tp40,$tp80,$acc0)=("%rax","%r8", "%r9", "%r10","%rbx");
+  my ($tp18,$tp28,$tp48,$tp88,$acc8)=("%rcx","%r11","%r12","%r13","%rdx");
+  my $prefetch = shift;
+
+$code.=<<___;
+        mov     $tp10,$acc0
+        mov     $tp18,$acc8
+        and     $mask80,$acc0
+        and     $mask80,$acc8
+        mov     $acc0,$tp40
+        mov     $acc8,$tp48
+        shr     \$7,$tp40
+        lea     ($tp10,$tp10),$tp20
+        shr     \$7,$tp48
+        lea     ($tp18,$tp18),$tp28
+        sub     $tp40,$acc0
+        sub     $tp48,$acc8
+        and     $maskfe,$tp20
+        and     $maskfe,$tp28
+        and     $mask1b,$acc0
+        and     $mask1b,$acc8
+        xor     $tp20,$acc0
+        xor     $tp28,$acc8
+        mov     $acc0,$tp20
+        mov     $acc8,$tp28
+
+        and     $mask80,$acc0
+        and     $mask80,$acc8
+        mov     $acc0,$tp80
+        mov     $acc8,$tp88
+        shr     \$7,$tp80
+        lea     ($tp20,$tp20),$tp40
+        shr     \$7,$tp88
+        lea     ($tp28,$tp28),$tp48
+        sub     $tp80,$acc0
+        sub     $tp88,$acc8
+        and     $maskfe,$tp40
+        and     $maskfe,$tp48
+        and     $mask1b,$acc0
+        and     $mask1b,$acc8
+        xor     $tp40,$acc0
+        xor     $tp48,$acc8
+        mov     $acc0,$tp40
+        mov     $acc8,$tp48
+
+        and     $mask80,$acc0
+        and     $mask80,$acc8
+        mov     $acc0,$tp80
+        mov     $acc8,$tp88
+        shr     \$7,$tp80
+         xor    $tp10,$tp20             # tp2^=tp1
+        shr     \$7,$tp88
+         xor    $tp18,$tp28             # tp2^=tp1
+        sub     $tp80,$acc0
+        sub     $tp88,$acc8
+        lea     ($tp40,$tp40),$tp80
+        lea     ($tp48,$tp48),$tp88
+         xor    $tp10,$tp40             # tp4^=tp1
+         xor    $tp18,$tp48             # tp4^=tp1
+        and     $maskfe,$tp80
+        and     $maskfe,$tp88
+        and     $mask1b,$acc0
+        and     $mask1b,$acc8
+        xor     $acc0,$tp80
+        xor     $acc8,$tp88
+
+        xor     $tp80,$tp10             # tp1^=tp8
+        xor     $tp88,$tp18             # tp1^=tp8
+        xor     $tp80,$tp20             # tp2^tp1^=tp8
+        xor     $tp88,$tp28             # tp2^tp1^=tp8
+        mov     $tp10,$acc0
+        mov     $tp18,$acc8
+        xor     $tp80,$tp40             # tp4^tp1^=tp8
+        xor     $tp88,$tp48             # tp4^tp1^=tp8
+        shr     \$32,$acc0
+        shr     \$32,$acc8
+        xor     $tp20,$tp80             # tp8^=tp8^tp2^tp1=tp2^tp1
+        xor     $tp28,$tp88             # tp8^=tp8^tp2^tp1=tp2^tp1
+        rol     \$8,`&LO("$tp10")`      # ROTATE(tp1^tp8,8)
+        rol     \$8,`&LO("$tp18")`      # ROTATE(tp1^tp8,8)
+        xor     $tp40,$tp80             # tp2^tp1^=tp8^tp4^tp1=tp8^tp4^tp2
+        xor     $tp48,$tp88             # tp2^tp1^=tp8^tp4^tp1=tp8^tp4^tp2
+
+        rol     \$8,`&LO("$acc0")`      # ROTATE(tp1^tp8,8)
+        rol     \$8,`&LO("$acc8")`      # ROTATE(tp1^tp8,8)
+        xor     `&LO("$tp80")`,`&LO("$tp10")`
+        xor     `&LO("$tp88")`,`&LO("$tp18")`
+        shr     \$32,$tp80
+        shr     \$32,$tp88
+        xor     `&LO("$tp80")`,`&LO("$acc0")`
+        xor     `&LO("$tp88")`,`&LO("$acc8")`
+
+        mov     $tp20,$tp80
+        mov     $tp28,$tp88
+        shr     \$32,$tp80
+        shr     \$32,$tp88
+        rol     \$24,`&LO("$tp20")`     # ROTATE(tp2^tp1^tp8,24)
+        rol     \$24,`&LO("$tp28")`     # ROTATE(tp2^tp1^tp8,24)
+        rol     \$24,`&LO("$tp80")`     # ROTATE(tp2^tp1^tp8,24)
+        rol     \$24,`&LO("$tp88")`     # ROTATE(tp2^tp1^tp8,24)
+        xor     `&LO("$tp20")`,`&LO("$tp10")`
+        xor     `&LO("$tp28")`,`&LO("$tp18")`
+        mov     $tp40,$tp20
+        mov     $tp48,$tp28
+        xor     `&LO("$tp80")`,`&LO("$acc0")`
+        xor     `&LO("$tp88")`,`&LO("$acc8")`
+
+        `"mov   0($sbox),$mask80"       if ($prefetch)`
+        shr     \$32,$tp20
+        shr     \$32,$tp28
+        `"mov   64($sbox),$maskfe"      if ($prefetch)`
+        rol     \$16,`&LO("$tp40")`     # ROTATE(tp4^tp1^tp8,16)
+        rol     \$16,`&LO("$tp48")`     # ROTATE(tp4^tp1^tp8,16)
+        `"mov   128($sbox),$mask1b"     if ($prefetch)`
+        rol     \$16,`&LO("$tp20")`     # ROTATE(tp4^tp1^tp8,16)
+        rol     \$16,`&LO("$tp28")`     # ROTATE(tp4^tp1^tp8,16)
+        `"mov   192($sbox),$tp80"       if ($prefetch)`
+        xor     `&LO("$tp40")`,`&LO("$tp10")`
+        xor     `&LO("$tp48")`,`&LO("$tp18")`
+        `"mov   256($sbox),$tp88"       if ($prefetch)`
+        xor     `&LO("$tp20")`,`&LO("$acc0")`
+        xor     `&LO("$tp28")`,`&LO("$acc8")`
+___
+}
+
+$code.=<<___;
+.type   _x86_64_AES_decrypt_compact,\@abi-omnipotent
+.align  16
+_x86_64_AES_decrypt_compact:
+        lea     128($sbox),$inp                 # size optimization
+        mov     0-128($inp),$acc1               # prefetch Td4
+        mov     32-128($inp),$acc2
+        mov     64-128($inp),$t0
+        mov     96-128($inp),$t1
+        mov     128-128($inp),$acc1
+        mov     160-128($inp),$acc2
+        mov     192-128($inp),$t0
+        mov     224-128($inp),$t1
+        jmp     .Ldec_loop_compact
+
+.align  16
+.Ldec_loop_compact:
+                xor     0($key),$s0             # xor with key
+                xor     4($key),$s1
+                xor     8($key),$s2
+                xor     12($key),$s3
+                lea     16($key),$key
+___
+                &deccompactvert();
+$code.=<<___;
+                cmp     16(%rsp),$key
+                je      .Ldec_compact_done
+
+                mov     256+0($sbox),$mask80
+                shl     \$32,%rbx
+                shl     \$32,%rdx
+                mov     256+8($sbox),$maskfe
+                or      %rbx,%rax
+                or      %rdx,%rcx
+                mov     256+16($sbox),$mask1b
+___
+                &dectransform(1);
+$code.=<<___;
+        jmp     .Ldec_loop_compact
+.align  16
+.Ldec_compact_done:
+        xor     0($key),$s0
+        xor     4($key),$s1
+        xor     8($key),$s2
+        xor     12($key),$s3
+        .byte   0xf3,0xc3                       # rep ret
+.size   _x86_64_AES_decrypt_compact,.-_x86_64_AES_decrypt_compact
+___
+
 # void AES_decrypt (const void *inp,void *out,const AES_KEY *key);
 $code.=<<___;
 .globl  AES_decrypt
@@ -672,43 +1192,59 @@ AES_decrypt:
         push    %r14
         push    %r15
 
-        mov     %rdx,$key
-        mov     %rdi,$inp
-        mov     %rsi,$out
+        # allocate frame "above" key schedule
+        mov     %rsp,%r10
+        lea     -63(%rdx),%rcx  # %rdx is key argument
+        and     \$-64,%rsp
+        sub     %rsp,%rcx
+        neg     %rcx
+        and     \$0x3c0,%rcx
+        sub     %rcx,%rsp
+        sub     \$32,%rsp
+
+        mov     %rsi,16(%rsp)   # save out
+        mov     %r10,24(%rsp)   # save real stack pointer
+.Ldec_prologue:
 
-        .picmeup        $sbox
-        lea     AES_Td-.($sbox),$sbox
-
-        # prefetch Td4
-        lea     2048+128($sbox),$sbox;
-        mov     0-128($sbox),$s0
-        mov     32-128($sbox),$s1
-        mov     64-128($sbox),$s2
-        mov     96-128($sbox),$s3
-        mov     128-128($sbox),$s0
-        mov     160-128($sbox),$s1
-        mov     192-128($sbox),$s2
-        mov     224-128($sbox),$s3
-        lea     -2048-128($sbox),$sbox;
-
-        mov     0($inp),$s0
-        mov     4($inp),$s1
-        mov     8($inp),$s2
-        mov     12($inp),$s3
-
-        call    _x86_64_AES_decrypt
-
-        mov     $s0,0($out)
+        mov     %rdx,$key
+        mov     240($key),$rnds # load rounds
+
+        mov     0(%rdi),$s0     # load input vector
+        mov     4(%rdi),$s1
+        mov     8(%rdi),$s2
+        mov     12(%rdi),$s3
+
+        shl     \$4,$rnds
+        lea     ($key,$rnds),%rbp
+        mov     $key,(%rsp)     # key schedule
+        mov     %rbp,8(%rsp)    # end of key schedule
+
+        # pick Td4 copy which can't "overlap" with stack frame or key schedule
+        lea     .LAES_Td+2048(%rip),$sbox
+        lea     768(%rsp),%rbp
+        sub     $sbox,%rbp
+        and     \$0x300,%rbp
+        lea     ($sbox,%rbp),$sbox
+        shr     \$3,%rbp        # recall "magic" constants!
+        add     %rbp,$sbox
+
+        call    _x86_64_AES_decrypt_compact
+
+        mov     16(%rsp),$out   # restore out
+        mov     24(%rsp),%rsi   # restore saved stack pointer
+        mov     $s0,0($out)     # write output vector
         mov     $s1,4($out)
         mov     $s2,8($out)
         mov     $s3,12($out)
 
-        pop     %r15
-        pop     %r14
-        pop     %r13
-        pop     %r12
-        pop     %rbp
-        pop     %rbx
+        mov     (%rsi),%r15
+        mov     8(%rsi),%r14
+        mov     16(%rsi),%r13
+        mov     24(%rsi),%r12
+        mov     32(%rsi),%rbp
+        mov     40(%rsi),%rbx
+        lea     48(%rsi),%rsp
+.Ldec_epilogue:
         ret
 .size   AES_decrypt,.-AES_decrypt
 ___
@@ -718,27 +1254,26 @@ sub enckey()
 {
 $code.=<<___;
         movz    %dl,%esi                # rk[i]>>0
-        mov     2(%rbp,%rsi,8),%ebx
+        movzb   -128(%rbp,%rsi),%ebx
         movz    %dh,%esi                # rk[i]>>8
-        and     \$0xFF000000,%ebx
+        shl     \$24,%ebx
         xor     %ebx,%eax
 
-        mov     2(%rbp,%rsi,8),%ebx
+        movzb   -128(%rbp,%rsi),%ebx
         shr     \$16,%edx
-        and     \$0x000000FF,%ebx
         movz    %dl,%esi                # rk[i]>>16
         xor     %ebx,%eax
 
-        mov     0(%rbp,%rsi,8),%ebx
+        movzb   -128(%rbp,%rsi),%ebx
         movz    %dh,%esi                # rk[i]>>24
-        and     \$0x0000FF00,%ebx
+        shl     \$8,%ebx
         xor     %ebx,%eax
 
-        mov     0(%rbp,%rsi,8),%ebx
-        and     \$0x00FF0000,%ebx
+        movzb   -128(%rbp,%rsi),%ebx
+        shl     \$16,%ebx
         xor     %ebx,%eax
 
-        xor     2048(%rbp,%rcx,4),%eax          # rcon
+        xor     1024-128(%rbp,%rcx,4),%eax              # rcon
 ___
 }
 
@@ -751,7 +1286,29 @@ $code.=<<___;
 AES_set_encrypt_key:
         push    %rbx
         push    %rbp
+        push    %r12                    # redundant, but allows to share 
+        push    %r13                    # exception handler...
+        push    %r14
+        push    %r15
+        sub     \$8,%rsp
+.Lenc_key_prologue:
+
+        call    _x86_64_AES_set_encrypt_key
+
+        mov     8(%rsp),%r15
+        mov     16(%rsp),%r14
+        mov     24(%rsp),%r13
+        mov     32(%rsp),%r12
+        mov     40(%rsp),%rbp
+        mov     48(%rsp),%rbx
+        add     \$56,%rsp
+.Lenc_key_epilogue:
+        ret
+.size   AES_set_encrypt_key,.-AES_set_encrypt_key
 
+.type   _x86_64_AES_set_encrypt_key,\@abi-omnipotent
+.align  16
+_x86_64_AES_set_encrypt_key:
         mov     %esi,%ecx                       # %ecx=bits
         mov     %rdi,%rsi                       # %rsi=userKey
         mov     %rdx,%rdi                       # %rdi=key
@@ -761,8 +1318,18 @@ AES_set_encrypt_key:
         test    \$-1,%rdi
         jz      .Lbadpointer
 
-        .picmeup %rbp
-        lea     AES_Te-.(%rbp),%rbp
+        lea     .LAES_Te(%rip),%rbp
+        lea     2048+128(%rbp),%rbp
+
+        # prefetch Te4
+        mov     0-128(%rbp),%eax
+        mov     32-128(%rbp),%ebx
+        mov     64-128(%rbp),%r8d
+        mov     96-128(%rbp),%edx
+        mov     128-128(%rbp),%eax
+        mov     160-128(%rbp),%ebx
+        mov     192-128(%rbp),%r8d
+        mov     224-128(%rbp),%edx
 
         cmp     \$128,%ecx
         je      .L10rounds
@@ -774,15 +1341,12 @@ AES_set_encrypt_key:
         jmp     .Lexit
 
 .L10rounds:
-        mov     0(%rsi),%eax                    # copy first 4 dwords
-        mov     4(%rsi),%ebx
-        mov     8(%rsi),%ecx
-        mov     12(%rsi),%edx
-        mov     %eax,0(%rdi)
-        mov     %ebx,4(%rdi)
-        mov     %ecx,8(%rdi)
-        mov     %edx,12(%rdi)
+        mov     0(%rsi),%rax                    # copy first 4 dwords
+        mov     8(%rsi),%rdx
+        mov     %rax,0(%rdi)
+        mov     %rdx,8(%rdi)
 
+        shr     \$32,%rdx
         xor     %ecx,%ecx
         jmp     .L10shortcut
 .align  4
@@ -810,19 +1374,14 @@ $code.=<<___;
         jmp     .Lexit
 
 .L12rounds:
-        mov     0(%rsi),%eax                    # copy first 6 dwords
-        mov     4(%rsi),%ebx
-        mov     8(%rsi),%ecx
-        mov     12(%rsi),%edx
-        mov     %eax,0(%rdi)
-        mov     %ebx,4(%rdi)
-        mov     %ecx,8(%rdi)
-        mov     %edx,12(%rdi)
-        mov     16(%rsi),%ecx
-        mov     20(%rsi),%edx
-        mov     %ecx,16(%rdi)
-        mov     %edx,20(%rdi)
-
+        mov     0(%rsi),%rax                    # copy first 6 dwords
+        mov     8(%rsi),%rbx
+        mov     16(%rsi),%rdx
+        mov     %rax,0(%rdi)
+        mov     %rbx,8(%rdi)
+        mov     %rdx,16(%rdi)
+
+        shr     \$32,%rdx
         xor     %ecx,%ecx
         jmp     .L12shortcut
 .align  4
@@ -858,30 +1417,23 @@ $code.=<<___;
         jmp     .Lexit
 
 .L14rounds:             
-        mov     0(%rsi),%eax                    # copy first 8 dwords
-        mov     4(%rsi),%ebx
-        mov     8(%rsi),%ecx
-        mov     12(%rsi),%edx
-        mov     %eax,0(%rdi)
-        mov     %ebx,4(%rdi)
-        mov     %ecx,8(%rdi)
-        mov     %edx,12(%rdi)
-        mov     16(%rsi),%eax
-        mov     20(%rsi),%ebx
-        mov     24(%rsi),%ecx
-        mov     28(%rsi),%edx
-        mov     %eax,16(%rdi)
-        mov     %ebx,20(%rdi)
-        mov     %ecx,24(%rdi)
-        mov     %edx,28(%rdi)
-
+        mov     0(%rsi),%rax                    # copy first 8 dwords
+        mov     8(%rsi),%rbx
+        mov     16(%rsi),%rcx
+        mov     24(%rsi),%rdx
+        mov     %rax,0(%rdi)
+        mov     %rbx,8(%rdi)
+        mov     %rcx,16(%rdi)
+        mov     %rdx,24(%rdi)
+
+        shr     \$32,%rdx
         xor     %ecx,%ecx
         jmp     .L14shortcut
 .align  4
 .L14loop:
+                mov     0(%rdi),%eax                    # rk[0]
                 mov     28(%rdi),%edx                   # rk[4]
 .L14shortcut:
-                mov     0(%rdi),%eax                    # rk[0]
 ___
                 &enckey ();
 $code.=<<___;
@@ -900,24 +1452,23 @@ $code.=<<___;
                 mov     %eax,%edx
                 mov     16(%rdi),%eax                   # rk[4]
                 movz    %dl,%esi                        # rk[11]>>0
-                mov     2(%rbp,%rsi,8),%ebx
+                movzb   -128(%rbp,%rsi),%ebx
                 movz    %dh,%esi                        # rk[11]>>8
-                and     \$0x000000FF,%ebx
                 xor     %ebx,%eax
 
-                mov     0(%rbp,%rsi,8),%ebx
+                movzb   -128(%rbp,%rsi),%ebx
                 shr     \$16,%edx
-                and     \$0x0000FF00,%ebx
+                shl     \$8,%ebx
                 movz    %dl,%esi                        # rk[11]>>16
                 xor     %ebx,%eax
 
-                mov     0(%rbp,%rsi,8),%ebx
+                movzb   -128(%rbp,%rsi),%ebx
                 movz    %dh,%esi                        # rk[11]>>24
-                and     \$0x00FF0000,%ebx
+                shl     \$16,%ebx
                 xor     %ebx,%eax
 
-                mov     2(%rbp,%rsi,8),%ebx
-                and     \$0xFF000000,%ebx
+                movzb   -128(%rbp,%rsi),%ebx
+                shl     \$24,%ebx
                 xor     %ebx,%eax
 
                 mov     %eax,48(%rdi)                   # rk[12]
@@ -938,31 +1489,61 @@ $code.=<<___;
 .Lbadpointer:
         mov     \$-1,%rax
 .Lexit:
-        pop     %rbp
-        pop     %rbx
-        ret
-.size   AES_set_encrypt_key,.-AES_set_encrypt_key
+        .byte   0xf3,0xc3                       # rep ret
+.size   _x86_64_AES_set_encrypt_key,.-_x86_64_AES_set_encrypt_key
 ___
 
-sub deckey()
+sub deckey_ref()
 { my ($i,$ptr,$te,$td) = @_;
+  my ($tp1,$tp2,$tp4,$tp8,$acc)=("%eax","%ebx","%edi","%edx","%r8d");
 $code.=<<___;
-        mov     $i($ptr),%eax
-        mov     %eax,%edx
-        movz    %ah,%ebx
-        shr     \$16,%edx
-        and     \$0xFF,%eax
-        movzb   2($te,%rax,8),%rax
-        movzb   2($te,%rbx,8),%rbx
-        mov     0($td,%rax,8),%eax
-        xor     3($td,%rbx,8),%eax
-        movzb   %dh,%ebx
-        and     \$0xFF,%edx
-        movzb   2($te,%rdx,8),%rdx
-        movzb   2($te,%rbx,8),%rbx
-        xor     2($td,%rdx,8),%eax
-        xor     1($td,%rbx,8),%eax
-        mov     %eax,$i($ptr)
+        mov     $i($ptr),$tp1
+        mov     $tp1,$acc
+        and     \$0x80808080,$acc
+        mov     $acc,$tp4
+        shr     \$7,$tp4
+        lea     0($tp1,$tp1),$tp2
+        sub     $tp4,$acc
+        and     \$0xfefefefe,$tp2
+        and     \$0x1b1b1b1b,$acc
+        xor     $tp2,$acc
+        mov     $acc,$tp2
+
+        and     \$0x80808080,$acc
+        mov     $acc,$tp8
+        shr     \$7,$tp8
+        lea     0($tp2,$tp2),$tp4
+        sub     $tp8,$acc
+        and     \$0xfefefefe,$tp4
+        and     \$0x1b1b1b1b,$acc
+         xor    $tp1,$tp2               # tp2^tp1
+        xor     $tp4,$acc
+        mov     $acc,$tp4
+
+        and     \$0x80808080,$acc
+        mov     $acc,$tp8
+        shr     \$7,$tp8
+        sub     $tp8,$acc
+        lea     0($tp4,$tp4),$tp8
+         xor    $tp1,$tp4               # tp4^tp1
+        and     \$0xfefefefe,$tp8
+        and     \$0x1b1b1b1b,$acc
+        xor     $acc,$tp8
+
+        xor     $tp8,$tp1               # tp1^tp8
+        rol     \$8,$tp1                # ROTATE(tp1^tp8,8)
+        xor     $tp8,$tp2               # tp2^tp1^tp8
+        xor     $tp8,$tp4               # tp4^tp1^tp8
+        xor     $tp2,$tp8
+        xor     $tp4,$tp8               # tp8^(tp8^tp4^tp1)^(tp8^tp2^tp1)=tp8^tp4^tp2
+
+        xor     $tp8,$tp1
+        rol     \$24,$tp2               # ROTATE(tp2^tp1^tp8,24)
+        xor     $tp2,$tp1
+        rol     \$16,$tp4               # ROTATE(tp4^tp1^tp8,16)
+        xor     $tp4,$tp1
+
+        mov     $tp1,$i($ptr)
 ___
 }
 
@@ -973,19 +1554,23 @@ $code.=<<___;
 .type   AES_set_decrypt_key,\@function,3
 .align  16
 AES_set_decrypt_key:
-        push    %rdx
-        call    AES_set_encrypt_key
-        cmp     \$0,%eax
-        je      .Lproceed
-        lea     24(%rsp),%rsp
-        ret
-.Lproceed:
+        push    %rbx
+        push    %rbp
+        push    %r12
+        push    %r13
+        push    %r14
+        push    %r15
+        push    %rdx                    # save key schedule
+.Ldec_key_prologue:
+
+        call    _x86_64_AES_set_encrypt_key
         mov     (%rsp),%r8              # restore key schedule
-        mov     %rbx,(%rsp)
+        cmp     \$0,%eax
+        jne     .Labort
 
-        mov     240(%r8),%ecx           # pull number of rounds
+        mov     240(%r8),%r14d          # pull number of rounds
         xor     %rdi,%rdi
-        lea     (%rdi,%rcx,4),%rcx
+        lea     (%rdi,%r14d,4),%rcx
         mov     %r8,%rsi
         lea     (%r8,%rcx,4),%rdi       # pointer to last chunk
 .align  4
@@ -1003,27 +1588,39 @@ AES_set_decrypt_key:
                 cmp     %rsi,%rdi
         jne     .Linvert
 
-        .picmeup %r9
-        lea     AES_Td-.(%r9),%rdi
-        lea     AES_Te-AES_Td(%rdi),%r9
+        lea     .LAES_Te+2048+1024(%rip),%rax   # rcon
 
-        mov     %r8,%rsi
-        mov     240(%r8),%ecx           # pull number of rounds
-        sub     \$1,%ecx
+        mov     40(%rax),$mask80
+        mov     48(%rax),$maskfe
+        mov     56(%rax),$mask1b
+
+        mov     %r8,$key
+        sub     \$1,%r14d
 .align  4
 .Lpermute:
-                lea     16(%rsi),%rsi
+                lea     16($key),$key
+                mov     0($key),%rax
+                mov     8($key),%rcx
 ___
-                &deckey (0,"%rsi","%r9","%rdi");
-                &deckey (4,"%rsi","%r9","%rdi");
-                &deckey (8,"%rsi","%r9","%rdi");
-                &deckey (12,"%rsi","%r9","%rdi");
+                &dectransform ();
 $code.=<<___;
-                sub     \$1,%ecx
+                mov     %eax,0($key)
+                mov     %ebx,4($key)
+                mov     %ecx,8($key)
+                mov     %edx,12($key)
+                sub     \$1,%r14d
         jnz     .Lpermute
 
         xor     %rax,%rax
-        pop     %rbx
+.Labort:
+        mov     8(%rsp),%r15
+        mov     16(%rsp),%r14
+        mov     24(%rsp),%r13
+        mov     32(%rsp),%r12
+        mov     40(%rsp),%rbp
+        mov     48(%rsp),%rbx
+        add     \$56,%rsp
+.Ldec_key_epilogue:
         ret
 .size   AES_set_decrypt_key,.-AES_set_decrypt_key
 ___
@@ -1034,47 +1631,59 @@ ___
 {
 # stack frame layout
 # -8(%rsp)              return address
-my $_rsp="0(%rsp)";             # saved %rsp
-my $_len="8(%rsp)";             # copy of 3rd parameter, length
-my $_key="16(%rsp)";            # copy of 4th parameter, key
-my $_ivp="24(%rsp)";            # copy of 5th parameter, ivp
-my $keyp="32(%rsp)";            # one to pass as $key
-my $ivec="40(%rsp)";            # ivec[16]
-my $aes_key="56(%rsp)";         # copy of aes_key
-my $mark="56+240(%rsp)";        # copy of aes_key->rounds
+my $keyp="0(%rsp)";             # one to pass as $key
+my $keyend="8(%rsp)";           # &(keyp->rd_key[4*keyp->rounds])
+my $_rsp="16(%rsp)";            # saved %rsp
+my $_inp="24(%rsp)";            # copy of 1st parameter, inp
+my $_out="32(%rsp)";            # copy of 2nd parameter, out
+my $_len="40(%rsp)";            # copy of 3rd parameter, length
+my $_key="48(%rsp)";            # copy of 4th parameter, key
+my $_ivp="56(%rsp)";            # copy of 5th parameter, ivp
+my $ivec="64(%rsp)";            # ivec[16]
+my $aes_key="80(%rsp)";         # copy of aes_key
+my $mark="80+240(%rsp)";        # copy of aes_key->rounds
 
 $code.=<<___;
 .globl  AES_cbc_encrypt
 .type   AES_cbc_encrypt,\@function,6
 .align  16
+.extern OPENSSL_ia32cap_P
 AES_cbc_encrypt:
         cmp     \$0,%rdx        # check length
-        je      .Lcbc_just_ret
+        je      .Lcbc_epilogue
+        pushfq
         push    %rbx
         push    %rbp
         push    %r12
         push    %r13
         push    %r14
         push    %r15
-        pushfq
+.Lcbc_prologue:
+
         cld
         mov     %r9d,%r9d       # clear upper half of enc
 
-        .picmeup $sbox
-.Lcbc_pic_point:
-
+        lea     .LAES_Te(%rip),$sbox
         cmp     \$0,%r9
-        je      .LDECRYPT
-
-        lea     AES_Te-.Lcbc_pic_point($sbox),$sbox
+        jne     .Lcbc_picked_te
+        lea     .LAES_Td(%rip),$sbox
+.Lcbc_picked_te:
+
+        mov     OPENSSL_ia32cap_P(%rip),%r10d
+        cmp     \$$speed_limit,%rdx
+        jb      .Lcbc_slow_prologue
+        test    \$15,%rdx
+        jnz     .Lcbc_slow_prologue
+        bt      \$28,%r10d
+        jc      .Lcbc_slow_prologue
 
         # allocate aligned stack frame...
-        lea     -64-248(%rsp),$key
+        lea     -88-248(%rsp),$key
         and     \$-64,$key
 
-        # ... and make it doesn't alias with AES_Te modulo 4096
+        # ... and make sure it doesn't alias with AES_T[ed] modulo 4096
         mov     $sbox,%r10
-        lea     2048($sbox),%r11
+        lea     2304($sbox),%r11
         mov     $key,%r12
         and     \$0xFFF,%r10    # s = $sbox&0xfff
         and     \$0xFFF,%r11    # e = ($sbox+2048)&0xfff
@@ -1094,22 +1703,27 @@ AES_cbc_encrypt:
 .Lcbc_te_ok:
 
         xchg    %rsp,$key
-        add     \$8,%rsp        # reserve for return address!
+        #add    \$8,%rsp        # reserve for return address!
         mov     $key,$_rsp      # save %rsp
+.Lcbc_fast_body:
+        mov     %rdi,$_inp      # save copy of inp
+        mov     %rsi,$_out      # save copy of out
         mov     %rdx,$_len      # save copy of len
         mov     %rcx,$_key      # save copy of key
         mov     %r8,$_ivp       # save copy of ivp
         movl    \$0,$mark       # copy of aes_key->rounds = 0;
         mov     %r8,%rbp        # rearrange input arguments
+        mov     %r9,%rbx
         mov     %rsi,$out
         mov     %rdi,$inp
         mov     %rcx,$key
 
+        mov     240($key),%eax          # key->rounds
         # do we copy key schedule to stack?
         mov     $key,%r10
         sub     $sbox,%r10
         and     \$0xfff,%r10
-        cmp     \$2048,%r10
+        cmp     \$2304,%r10
         jb      .Lcbc_do_ecopy
         cmp     \$4096-248,%r10
         jb      .Lcbc_skip_ecopy
@@ -1120,12 +1734,11 @@ AES_cbc_encrypt:
                 lea     $aes_key,$key
                 mov     \$240/8,%ecx
                 .long   0x90A548F3      # rep movsq
-                mov     (%rsi),%eax     # copy aes_key->rounds
-                mov     %eax,(%rdi)
+                mov     %eax,(%rdi)     # copy aes_key->rounds
 .Lcbc_skip_ecopy:
         mov     $key,$keyp      # save key pointer
 
-        mov     \$16,%ecx
+        mov     \$18,%ecx
 .align  4
 .Lcbc_prefetch_te:
                 mov     0($sbox),%r10
@@ -1135,184 +1748,77 @@ AES_cbc_encrypt:
                 lea     128($sbox),$sbox
                 sub     \$1,%ecx
         jnz     .Lcbc_prefetch_te
-        sub     \$2048,$sbox
+        lea     -2304($sbox),$sbox
 
-        test    \$-16,%rdx              # check upon length
-        mov     %rdx,%r10
+        cmp     \$0,%rbx
+        je      .LFAST_DECRYPT
+
+#----------------------------- ENCRYPT -----------------------------#
         mov     0(%rbp),$s0             # load iv
         mov     4(%rbp),$s1
         mov     8(%rbp),$s2
         mov     12(%rbp),$s3
-        jz      .Lcbc_enc_tail          # short input...
 
 .align  4
-.Lcbc_enc_loop:
+.Lcbc_fast_enc_loop:
                 xor     0($inp),$s0
                 xor     4($inp),$s1
                 xor     8($inp),$s2
                 xor     12($inp),$s3
-                mov     $inp,$ivec      # if ($verticalspin) save inp
-
                 mov     $keyp,$key      # restore key
+                mov     $inp,$_inp      # if ($verticalspin) save inp
+
                 call    _x86_64_AES_encrypt
 
-                mov     $ivec,$inp      # if ($verticalspin) restore inp
+                mov     $_inp,$inp      # if ($verticalspin) restore inp
+                mov     $_len,%r10
                 mov     $s0,0($out)
                 mov     $s1,4($out)
                 mov     $s2,8($out)
                 mov     $s3,12($out)
 
-                mov     $_len,%r10
                 lea     16($inp),$inp
                 lea     16($out),$out
                 sub     \$16,%r10
                 test    \$-16,%r10
                 mov     %r10,$_len
-        jnz     .Lcbc_enc_loop
-        test    \$15,%r10
-        jnz     .Lcbc_enc_tail
+        jnz     .Lcbc_fast_enc_loop
         mov     $_ivp,%rbp      # restore ivp
         mov     $s0,0(%rbp)     # save ivec
         mov     $s1,4(%rbp)
         mov     $s2,8(%rbp)
         mov     $s3,12(%rbp)
 
-.align  4
-.Lcbc_cleanup:
-        cmpl    \$0,$mark       # was the key schedule copied?
-        lea     $aes_key,%rdi
-        mov     $_rsp,%rsp
-        je      .Lcbc_exit
-                mov     \$240/8,%ecx
-                xor     %rax,%rax
-                .long   0x90AB48F3      # rep stosq
-.Lcbc_exit:
-        popfq
-        pop     %r15
-        pop     %r14
-        pop     %r13
-        pop     %r12
-        pop     %rbp
-        pop     %rbx
-.Lcbc_just_ret:
-        ret
-.align  4
-.Lcbc_enc_tail:
-        mov     %rax,%r11
-        mov     %rcx,%r12
-        mov     %r10,%rcx
-        mov     $inp,%rsi
-        mov     $out,%rdi
-        .long   0xF689A4F3              # rep movsb
-        mov     \$16,%rcx               # zero tail
-        sub     %r10,%rcx
-        xor     %rax,%rax
-        .long   0xF689AAF3              # rep stosb
-        mov     $out,$inp               # this is not a mistake!
-        movq    \$16,$_len              # len=16
-        mov     %r11,%rax
-        mov     %r12,%rcx
-        jmp     .Lcbc_enc_loop          # one more spin...
+        jmp     .Lcbc_fast_cleanup
+
 #----------------------------- DECRYPT -----------------------------#
 .align  16
-.LDECRYPT:
-        lea     AES_Td-.Lcbc_pic_point($sbox),$sbox
-
-        # allocate aligned stack frame...
-        lea     -64-248(%rsp),$key
-        and     \$-64,$key
-
-        # ... and make it doesn't alias with AES_Td modulo 4096
-        mov     $sbox,%r10
-        lea     2304($sbox),%r11
-        mov     $key,%r12
-        and     \$0xFFF,%r10    # s = $sbox&0xfff
-        and     \$0xFFF,%r11    # e = ($sbox+2048+256)&0xfff
-        and     \$0xFFF,%r12    # p = %rsp&0xfff
-
-        cmp     %r11,%r12       # if (p=>e) %rsp =- (p-e);
-        jb      .Lcbc_td_break_out
-        sub     %r11,%r12
-        sub     %r12,$key
-        jmp     .Lcbc_td_ok
-.Lcbc_td_break_out:             # else %rsp -= (p-s)&0xfff + framesz
-        sub     %r10,%r12
-        and     \$0xFFF,%r12
-        add     \$320,%r12
-        sub     %r12,$key
-.align  4
-.Lcbc_td_ok:
-
-        xchg    %rsp,$key
-        add     \$8,%rsp        # reserve for return address!
-        mov     $key,$_rsp      # save %rsp
-        mov     %rdx,$_len      # save copy of len
-        mov     %rcx,$_key      # save copy of key
-        mov     %r8,$_ivp       # save copy of ivp
-        movl    \$0,$mark       # copy of aes_key->rounds = 0;
-        mov     %r8,%rbp        # rearrange input arguments
-        mov     %rsi,$out
-        mov     %rdi,$inp
-        mov     %rcx,$key
-
-        # do we copy key schedule to stack?
-        mov     $key,%r10
-        sub     $sbox,%r10
-        and     \$0xfff,%r10
-        cmp     \$2304,%r10
-        jb      .Lcbc_do_dcopy
-        cmp     \$4096-248,%r10
-        jb      .Lcbc_skip_dcopy
-.align  4
-.Lcbc_do_dcopy:
-                mov     $key,%rsi
-                lea     $aes_key,%rdi
-                lea     $aes_key,$key
-                mov     \$240/8,%ecx
-                .long   0x90A548F3      # rep movsq
-                mov     (%rsi),%eax     # copy aes_key->rounds
-                mov     %eax,(%rdi)
-.Lcbc_skip_dcopy:
-        mov     $key,$keyp      # save key pointer
-
-        mov     \$18,%ecx
-.align  4
-.Lcbc_prefetch_td:
-                mov     0($sbox),%r10
-                mov     32($sbox),%r11
-                mov     64($sbox),%r12
-                mov     96($sbox),%r13
-                lea     128($sbox),$sbox
-                sub     \$1,%ecx
-        jnz     .Lcbc_prefetch_td
-        sub     \$2304,$sbox
-
+.LFAST_DECRYPT:
         cmp     $inp,$out
-        je      .Lcbc_dec_in_place
+        je      .Lcbc_fast_dec_in_place
 
         mov     %rbp,$ivec
 .align  4
-.Lcbc_dec_loop:
-                mov     0($inp),$s0             # read input
+.Lcbc_fast_dec_loop:
+                mov     0($inp),$s0     # read input
                 mov     4($inp),$s1
                 mov     8($inp),$s2
                 mov     12($inp),$s3
-                mov     $inp,8+$ivec    # if ($verticalspin) save inp
-
                 mov     $keyp,$key      # restore key
+                mov     $inp,$_inp      # if ($verticalspin) save inp
+
                 call    _x86_64_AES_decrypt
 
                 mov     $ivec,%rbp      # load ivp
-                mov     8+$ivec,$inp    # if ($verticalspin) restore inp
+                mov     $_inp,$inp      # if ($verticalspin) restore inp
+                mov     $_len,%r10      # load len
                 xor     0(%rbp),$s0     # xor iv
                 xor     4(%rbp),$s1
                 xor     8(%rbp),$s2
                 xor     12(%rbp),$s3
                 mov     $inp,%rbp       # current input, next iv
 
-                mov     $_len,%r10      # load len
                 sub     \$16,%r10
-                jc      .Lcbc_dec_partial
                 mov     %r10,$_len      # update len
                 mov     %rbp,$ivec      # update ivp
 
@@ -1323,81 +1829,281 @@ AES_cbc_encrypt:
 
                 lea     16($inp),$inp
                 lea     16($out),$out
-        jnz     .Lcbc_dec_loop
-.Lcbc_dec_end:
+        jnz     .Lcbc_fast_dec_loop
         mov     $_ivp,%r12              # load user ivp
         mov     0(%rbp),%r10            # load iv
         mov     8(%rbp),%r11
         mov     %r10,0(%r12)            # copy back to user
         mov     %r11,8(%r12)
-        jmp     .Lcbc_cleanup
-
-.align  4
-.Lcbc_dec_partial:
-        mov     $s0,0+$ivec             # dump output to stack
-        mov     $s1,4+$ivec
-        mov     $s2,8+$ivec
-        mov     $s3,12+$ivec
-        mov     $out,%rdi
-        lea     $ivec,%rsi
-        mov     \$16,%rcx
-        add     %r10,%rcx               # number of bytes to copy
-        .long   0xF689A4F3              # rep movsb
-        jmp     .Lcbc_dec_end
+        jmp     .Lcbc_fast_cleanup
 
 .align  16
-.Lcbc_dec_in_place:
+.Lcbc_fast_dec_in_place:
+        mov     0(%rbp),%r10            # copy iv to stack
+        mov     8(%rbp),%r11
+        mov     %r10,0+$ivec
+        mov     %r11,8+$ivec
+.align  4
+.Lcbc_fast_dec_in_place_loop:
                 mov     0($inp),$s0     # load input
                 mov     4($inp),$s1
                 mov     8($inp),$s2
                 mov     12($inp),$s3
+                mov     $keyp,$key      # restore key
+                mov     $inp,$_inp      # if ($verticalspin) save inp
 
-                mov     $inp,$ivec      # if ($verticalspin) save inp
-                mov     $keyp,$key
                 call    _x86_64_AES_decrypt
 
-                mov     $ivec,$inp      # if ($verticalspin) restore inp
-                mov     $_ivp,%rbp
-                xor     0(%rbp),$s0
-                xor     4(%rbp),$s1
-                xor     8(%rbp),$s2
-                xor     12(%rbp),$s3
+                mov     $_inp,$inp      # if ($verticalspin) restore inp
+                mov     $_len,%r10
+                xor     0+$ivec,$s0
+                xor     4+$ivec,$s1
+                xor     8+$ivec,$s2
+                xor     12+$ivec,$s3
+
+                mov     0($inp),%r11    # load input
+                mov     8($inp),%r12
+                sub     \$16,%r10
+                jz      .Lcbc_fast_dec_in_place_done
 
-                mov     0($inp),%r10    # copy input to iv
-                mov     8($inp),%r11
-                mov     %r10,0(%rbp)
-                mov     %r11,8(%rbp)
+                mov     %r11,0+$ivec    # copy input to iv
+                mov     %r12,8+$ivec
 
                 mov     $s0,0($out)     # save output [zaps input]
                 mov     $s1,4($out)
                 mov     $s2,8($out)
                 mov     $s3,12($out)
 
-                mov     $_len,%rcx
                 lea     16($inp),$inp
                 lea     16($out),$out
-                sub     \$16,%rcx
-                jc      .Lcbc_dec_in_place_partial
-                mov     %rcx,$_len
-        jnz     .Lcbc_dec_in_place
-        jmp     .Lcbc_cleanup
+                mov     %r10,$_len
+        jmp     .Lcbc_fast_dec_in_place_loop
+.Lcbc_fast_dec_in_place_done:
+        mov     $_ivp,%rdi
+        mov     %r11,0(%rdi)    # copy iv back to user
+        mov     %r12,8(%rdi)
+
+        mov     $s0,0($out)     # save output [zaps input]
+        mov     $s1,4($out)
+        mov     $s2,8($out)
+        mov     $s3,12($out)
 
 .align  4
-.Lcbc_dec_in_place_partial:
-        # one can argue if this is actually required
-        lea     ($out,%rcx),%rdi
-        lea     (%rbp,%rcx),%rsi
-        neg     %rcx
-        .long   0xF689A4F3      # rep movsb     # restore tail
-        jmp     .Lcbc_cleanup
+.Lcbc_fast_cleanup:
+        cmpl    \$0,$mark       # was the key schedule copied?
+        lea     $aes_key,%rdi
+        je      .Lcbc_exit
+                mov     \$240/8,%ecx
+                xor     %rax,%rax
+                .long   0x90AB48F3      # rep stosq
+
+        jmp     .Lcbc_exit
+
+#--------------------------- SLOW ROUTINE ---------------------------#
+.align  16
+.Lcbc_slow_prologue:
+        # allocate aligned stack frame...
+        lea     -88(%rsp),%rbp
+        and     \$-64,%rbp
+        # ... just "above" key schedule
+        lea     -88-63(%rcx),%r10
+        sub     %rbp,%r10
+        neg     %r10
+        and     \$0x3c0,%r10
+        sub     %r10,%rbp
+
+        xchg    %rsp,%rbp
+        #add    \$8,%rsp        # reserve for return address!
+        mov     %rbp,$_rsp      # save %rsp
+.Lcbc_slow_body:
+        #mov    %rdi,$_inp      # save copy of inp
+        #mov    %rsi,$_out      # save copy of out
+        #mov    %rdx,$_len      # save copy of len
+        #mov    %rcx,$_key      # save copy of key
+        mov     %r8,$_ivp       # save copy of ivp
+        mov     %r8,%rbp        # rearrange input arguments
+        mov     %r9,%rbx
+        mov     %rsi,$out
+        mov     %rdi,$inp
+        mov     %rcx,$key
+        mov     %rdx,%r10
+
+        mov     240($key),%eax
+        mov     $key,$keyp      # save key pointer
+        shl     \$4,%eax
+        lea     ($key,%rax),%rax
+        mov     %rax,$keyend
+
+        # pick Te4 copy which can't "overlap" with stack frame or key scdedule
+        lea     2048($sbox),$sbox
+        lea     768-8(%rsp),%rax
+        sub     $sbox,%rax
+        and     \$0x300,%rax
+        lea     ($sbox,%rax),$sbox
+
+        cmp     \$0,%rbx
+        je      .LSLOW_DECRYPT
+
+#--------------------------- SLOW ENCRYPT ---------------------------#
+        test    \$-16,%r10              # check upon length
+        mov     0(%rbp),$s0             # load iv
+        mov     4(%rbp),$s1
+        mov     8(%rbp),$s2
+        mov     12(%rbp),$s3
+        jz      .Lcbc_slow_enc_tail     # short input...
+
+.align  4
+.Lcbc_slow_enc_loop:
+                xor     0($inp),$s0
+                xor     4($inp),$s1
+                xor     8($inp),$s2
+                xor     12($inp),$s3
+                mov     $keyp,$key      # restore key
+                mov     $inp,$_inp      # save inp
+                mov     $out,$_out      # save out
+                mov     %r10,$_len      # save len
+
+                call    _x86_64_AES_encrypt_compact
+
+                mov     $_inp,$inp      # restore inp
+                mov     $_out,$out      # restore out
+                mov     $_len,%r10      # restore len
+                mov     $s0,0($out)
+                mov     $s1,4($out)
+                mov     $s2,8($out)
+                mov     $s3,12($out)
+
+                lea     16($inp),$inp
+                lea     16($out),$out
+                sub     \$16,%r10
+                test    \$-16,%r10
+        jnz     .Lcbc_slow_enc_loop
+        test    \$15,%r10
+        jnz     .Lcbc_slow_enc_tail
+        mov     $_ivp,%rbp      # restore ivp
+        mov     $s0,0(%rbp)     # save ivec
+        mov     $s1,4(%rbp)
+        mov     $s2,8(%rbp)
+        mov     $s3,12(%rbp)
+
+        jmp     .Lcbc_exit
+
+.align  4
+.Lcbc_slow_enc_tail:
+        mov     %rax,%r11
+        mov     %rcx,%r12
+        mov     %r10,%rcx
+        mov     $inp,%rsi
+        mov     $out,%rdi
+        .long   0x9066A4F3              # rep movsb
+        mov     \$16,%rcx               # zero tail
+        sub     %r10,%rcx
+        xor     %rax,%rax
+        .long   0x9066AAF3              # rep stosb
+        mov     $out,$inp               # this is not a mistake!
+        mov     \$16,%r10               # len=16
+        mov     %r11,%rax
+        mov     %r12,%rcx
+        jmp     .Lcbc_slow_enc_loop     # one more spin...
+#--------------------------- SLOW DECRYPT ---------------------------#
+.align  16
+.LSLOW_DECRYPT:
+        shr     \$3,%rax
+        add     %rax,$sbox              # recall "magic" constants!
+
+        mov     0(%rbp),%r11            # copy iv to stack
+        mov     8(%rbp),%r12
+        mov     %r11,0+$ivec
+        mov     %r12,8+$ivec
+
+.align  4
+.Lcbc_slow_dec_loop:
+                mov     0($inp),$s0     # load input
+                mov     4($inp),$s1
+                mov     8($inp),$s2
+                mov     12($inp),$s3
+                mov     $keyp,$key      # restore key
+                mov     $inp,$_inp      # save inp
+                mov     $out,$_out      # save out
+                mov     %r10,$_len      # save len
+
+                call    _x86_64_AES_decrypt_compact
+
+                mov     $_inp,$inp      # restore inp
+                mov     $_out,$out      # restore out
+                mov     $_len,%r10
+                xor     0+$ivec,$s0
+                xor     4+$ivec,$s1
+                xor     8+$ivec,$s2
+                xor     12+$ivec,$s3
+
+                mov     0($inp),%r11    # load input
+                mov     8($inp),%r12
+                sub     \$16,%r10
+                jc      .Lcbc_slow_dec_partial
+                jz      .Lcbc_slow_dec_done
+
+                mov     %r11,0+$ivec    # copy input to iv
+                mov     %r12,8+$ivec
+
+                mov     $s0,0($out)     # save output [can zap input]
+                mov     $s1,4($out)
+                mov     $s2,8($out)
+                mov     $s3,12($out)
+
+                lea     16($inp),$inp
+                lea     16($out),$out
+        jmp     .Lcbc_slow_dec_loop
+.Lcbc_slow_dec_done:
+        mov     $_ivp,%rdi
+        mov     %r11,0(%rdi)            # copy iv back to user
+        mov     %r12,8(%rdi)
+
+        mov     $s0,0($out)             # save output [can zap input]
+        mov     $s1,4($out)
+        mov     $s2,8($out)
+        mov     $s3,12($out)
+
+        jmp     .Lcbc_exit
+
+.align  4
+.Lcbc_slow_dec_partial:
+        mov     $_ivp,%rdi
+        mov     %r11,0(%rdi)            # copy iv back to user
+        mov     %r12,8(%rdi)
+
+        mov     $s0,0+$ivec             # save output to stack
+        mov     $s1,4+$ivec
+        mov     $s2,8+$ivec
+        mov     $s3,12+$ivec
+
+        mov     $out,%rdi
+        lea     $ivec,%rsi
+        lea     16(%r10),%rcx
+        .long   0x9066A4F3      # rep movsb
+        jmp     .Lcbc_exit
+
+.align  16
+.Lcbc_exit:
+        mov     $_rsp,%rsi
+        mov     (%rsi),%r15
+        mov     8(%rsi),%r14
+        mov     16(%rsi),%r13
+        mov     24(%rsi),%r12
+        mov     32(%rsi),%rbp
+        mov     40(%rsi),%rbx
+        lea     48(%rsi),%rsp
+.Lcbc_popfq:
+        popfq
+.Lcbc_epilogue:
+        ret
 .size   AES_cbc_encrypt,.-AES_cbc_encrypt
 ___
 }
 
 $code.=<<___;
-.globl  AES_Te
 .align  64
-AES_Te:
+.LAES_Te:
 ___
         &_data_word(0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6);
         &_data_word(0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591);
@@ -1463,16 +2169,149 @@ ___
         &_data_word(0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0);
         &_data_word(0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e);
         &_data_word(0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c);
+
+#Te4    # four copies of Te4 to choose from to avoid L1 aliasing
+        &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
+        &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
+        &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
+        &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
+        &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
+        &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
+        &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
+        &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
+        &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
+        &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
+        &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
+        &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
+        &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
+        &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
+        &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
+        &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
+        &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
+        &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
+        &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
+        &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
+        &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
+        &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
+        &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
+        &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
+        &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
+        &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
+        &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
+        &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
+        &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
+        &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
+        &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
+        &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
+
+        &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
+        &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
+        &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
+        &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
+        &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
+        &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
+        &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
+        &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
+        &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
+        &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
+        &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
+        &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
+        &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
+        &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
+        &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
+        &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
+        &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
+        &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
+        &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
+        &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
+        &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
+        &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
+        &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
+        &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
+        &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
+        &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
+        &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
+        &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
+        &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
+        &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
+        &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
+        &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
+
+        &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
+        &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
+        &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
+        &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
+        &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
+        &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
+        &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
+        &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
+        &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
+        &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
+        &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
+        &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
+        &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
+        &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
+        &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
+        &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
+        &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
+        &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
+        &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
+        &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
+        &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
+        &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
+        &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
+        &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
+        &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
+        &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
+        &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
+        &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
+        &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
+        &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
+        &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
+        &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
+
+        &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
+        &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
+        &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
+        &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
+        &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
+        &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
+        &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
+        &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
+        &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
+        &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
+        &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
+        &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
+        &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
+        &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
+        &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
+        &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
+        &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
+        &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
+        &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
+        &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
+        &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
+        &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
+        &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
+        &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
+        &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
+        &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
+        &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
+        &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
+        &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
+        &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
+        &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
+        &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
 #rcon:
 $code.=<<___;
         .long   0x00000001, 0x00000002, 0x00000004, 0x00000008
         .long   0x00000010, 0x00000020, 0x00000040, 0x00000080
-        .long   0x0000001b, 0x00000036, 0, 0, 0, 0, 0, 0
+        .long   0x0000001b, 0x00000036, 0x80808080, 0x80808080
+        .long   0xfefefefe, 0xfefefefe, 0x1b1b1b1b, 0x1b1b1b1b
 ___
 $code.=<<___;
-.globl  AES_Td
 .align  64
-AES_Td:
+.LAES_Td:
 ___
         &_data_word(0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a);
         &_data_word(0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b);
@@ -1538,7 +2377,116 @@ ___
         &_data_word(0x72c31d16, 0x0c25e2bc, 0x8b493c28, 0x41950dff);
         &_data_word(0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664);
         &_data_word(0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0);
-#Td4:
+
+#Td4:   # four copies of Td4 to choose from to avoid L1 aliasing
+        &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
+        &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
+        &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
+        &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
+        &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
+        &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
+        &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
+        &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
+        &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
+        &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
+        &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
+        &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
+        &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
+        &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
+        &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
+        &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
+        &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
+        &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
+        &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
+        &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
+        &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
+        &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
+        &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
+        &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
+        &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
+        &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
+        &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
+        &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
+        &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
+        &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
+        &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
+        &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
+$code.=<<___;
+        .long   0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe
+        .long   0x1b1b1b1b, 0x1b1b1b1b, 0, 0
+___
+        &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
+        &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
+        &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
+        &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
+        &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
+        &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
+        &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
+        &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
+        &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
+        &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
+        &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
+        &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
+        &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
+        &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
+        &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
+        &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
+        &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
+        &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
+        &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
+        &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
+        &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
+        &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
+        &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
+        &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
+        &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
+        &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
+        &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
+        &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
+        &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
+        &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
+        &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
+        &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
+$code.=<<___;
+        .long   0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe
+        .long   0x1b1b1b1b, 0x1b1b1b1b, 0, 0
+___
+        &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
+        &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
+        &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
+        &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
+        &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
+        &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
+        &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
+        &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
+        &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
+        &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
+        &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
+        &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
+        &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
+        &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
+        &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
+        &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
+        &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
+        &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
+        &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
+        &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
+        &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
+        &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
+        &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
+        &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
+        &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
+        &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
+        &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
+        &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
+        &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
+        &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
+        &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
+        &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
+$code.=<<___;
+        .long   0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe
+        .long   0x1b1b1b1b, 0x1b1b1b1b, 0, 0
+___
         &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
         &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
         &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
@@ -1571,6 +2519,288 @@ ___
         &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
         &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
         &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
+$code.=<<___;
+        .long   0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe
+        .long   0x1b1b1b1b, 0x1b1b1b1b, 0, 0
+.asciz  "AES for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
+.align  64
+___
+
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#               CONTEXT *context,DISPATCHER_CONTEXT *disp)
+if ($win64) {
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+
+$code.=<<___;
+.extern __imp_RtlVirtualUnwind
+.type   block_se_handler,\@abi-omnipotent
+.align  16
+block_se_handler:
+        push    %rsi
+        push    %rdi
+        push    %rbx
+        push    %rbp
+        push    %r12
+        push    %r13
+        push    %r14
+        push    %r15
+        pushfq
+        sub     \$64,%rsp
+
+        mov     120($context),%rax      # pull context->Rax
+        mov     248($context),%rbx      # pull context->Rip
+
+        mov     8($disp),%rsi           # disp->ImageBase
+        mov     56($disp),%r11          # disp->HandlerData
+
+        mov     0(%r11),%r10d           # HandlerData[0]
+        lea     (%rsi,%r10),%r10        # prologue label
+        cmp     %r10,%rbx               # context->Rip<prologue label
+        jb      .Lin_block_prologue
+
+        mov     152($context),%rax      # pull context->Rsp
+
+        mov     4(%r11),%r10d           # HandlerData[1]
+        lea     (%rsi,%r10),%r10        # epilogue label
+        cmp     %r10,%rbx               # context->Rip>=epilogue label
+        jae     .Lin_block_prologue
+
+        mov     24(%rax),%rax           # pull saved real stack pointer
+        lea     48(%rax),%rax           # adjust...
+
+        mov     -8(%rax),%rbx
+        mov     -16(%rax),%rbp
+        mov     -24(%rax),%r12
+        mov     -32(%rax),%r13
+        mov     -40(%rax),%r14
+        mov     -48(%rax),%r15
+        mov     %rbx,144($context)      # restore context->Rbx
+        mov     %rbp,160($context)      # restore context->Rbp
+        mov     %r12,216($context)      # restore context->R12
+        mov     %r13,224($context)      # restore context->R13
+        mov     %r14,232($context)      # restore context->R14
+        mov     %r15,240($context)      # restore context->R15
+
+.Lin_block_prologue:
+        mov     8(%rax),%rdi
+        mov     16(%rax),%rsi
+        mov     %rax,152($context)      # restore context->Rsp
+        mov     %rsi,168($context)      # restore context->Rsi
+        mov     %rdi,176($context)      # restore context->Rdi
+
+        jmp     .Lcommon_seh_exit
+.size   block_se_handler,.-block_se_handler
+
+.type   key_se_handler,\@abi-omnipotent
+.align  16
+key_se_handler:
+        push    %rsi
+        push    %rdi
+        push    %rbx
+        push    %rbp
+        push    %r12
+        push    %r13
+        push    %r14
+        push    %r15
+        pushfq
+        sub     \$64,%rsp
+
+        mov     120($context),%rax      # pull context->Rax
+        mov     248($context),%rbx      # pull context->Rip
+
+        mov     8($disp),%rsi           # disp->ImageBase
+        mov     56($disp),%r11          # disp->HandlerData
+
+        mov     0(%r11),%r10d           # HandlerData[0]
+        lea     (%rsi,%r10),%r10        # prologue label
+        cmp     %r10,%rbx               # context->Rip<prologue label
+        jb      .Lin_key_prologue
+
+        mov     152($context),%rax      # pull context->Rsp
+
+        mov     4(%r11),%r10d           # HandlerData[1]
+        lea     (%rsi,%r10),%r10        # epilogue label
+        cmp     %r10,%rbx               # context->Rip>=epilogue label
+        jae     .Lin_key_prologue
+
+        lea     56(%rax),%rax
+
+        mov     -8(%rax),%rbx
+        mov     -16(%rax),%rbp
+        mov     -24(%rax),%r12
+        mov     -32(%rax),%r13
+        mov     -40(%rax),%r14
+        mov     -48(%rax),%r15
+        mov     %rbx,144($context)      # restore context->Rbx
+        mov     %rbp,160($context)      # restore context->Rbp
+        mov     %r12,216($context)      # restore context->R12
+        mov     %r13,224($context)      # restore context->R13
+        mov     %r14,232($context)      # restore context->R14
+        mov     %r15,240($context)      # restore context->R15
+
+.Lin_key_prologue:
+        mov     8(%rax),%rdi
+        mov     16(%rax),%rsi
+        mov     %rax,152($context)      # restore context->Rsp
+        mov     %rsi,168($context)      # restore context->Rsi
+        mov     %rdi,176($context)      # restore context->Rdi
+
+        jmp     .Lcommon_seh_exit
+.size   key_se_handler,.-key_se_handler
+
+.type   cbc_se_handler,\@abi-omnipotent
+.align  16
+cbc_se_handler:
+        push    %rsi
+        push    %rdi
+        push    %rbx
+        push    %rbp
+        push    %r12
+        push    %r13
+        push    %r14
+        push    %r15
+        pushfq
+        sub     \$64,%rsp
+
+        mov     120($context),%rax      # pull context->Rax
+        mov     248($context),%rbx      # pull context->Rip
+
+        lea     .Lcbc_prologue(%rip),%r10
+        cmp     %r10,%rbx               # context->Rip<.Lcbc_prologue
+        jb      .Lin_cbc_prologue
+
+        lea     .Lcbc_fast_body(%rip),%r10
+        cmp     %r10,%rbx               # context->Rip<.Lcbc_fast_body
+        jb      .Lin_cbc_frame_setup
+
+        lea     .Lcbc_slow_prologue(%rip),%r10
+        cmp     %r10,%rbx               # context->Rip<.Lcbc_slow_prologue
+        jb      .Lin_cbc_body
+
+        lea     .Lcbc_slow_body(%rip),%r10
+        cmp     %r10,%rbx               # context->Rip<.Lcbc_slow_body
+        jb      .Lin_cbc_frame_setup
+
+.Lin_cbc_body:
+        mov     152($context),%rax      # pull context->Rsp
+
+        lea     .Lcbc_epilogue(%rip),%r10
+        cmp     %r10,%rbx               # context->Rip>=.Lcbc_epilogue
+        jae     .Lin_cbc_prologue
+
+        lea     8(%rax),%rax
+
+        lea     .Lcbc_popfq(%rip),%r10
+        cmp     %r10,%rbx               # context->Rip>=.Lcbc_popfq
+        jae     .Lin_cbc_prologue
+
+        mov     `16-8`(%rax),%rax       # biased $_rsp
+        lea     56(%rax),%rax
+
+.Lin_cbc_frame_setup:
+        mov     -16(%rax),%rbx
+        mov     -24(%rax),%rbp
+        mov     -32(%rax),%r12
+        mov     -40(%rax),%r13
+        mov     -48(%rax),%r14
+        mov     -56(%rax),%r15
+        mov     %rbx,144($context)      # restore context->Rbx
+        mov     %rbp,160($context)      # restore context->Rbp
+        mov     %r12,216($context)      # restore context->R12
+        mov     %r13,224($context)      # restore context->R13
+        mov     %r14,232($context)      # restore context->R14
+        mov     %r15,240($context)      # restore context->R15
+
+.Lin_cbc_prologue:
+        mov     8(%rax),%rdi
+        mov     16(%rax),%rsi
+        mov     %rax,152($context)      # restore context->Rsp
+        mov     %rsi,168($context)      # restore context->Rsi
+        mov     %rdi,176($context)      # restore context->Rdi
+
+.Lcommon_seh_exit:
+
+        mov     40($disp),%rdi          # disp->ContextRecord
+        mov     $context,%rsi           # context
+        mov     \$`1232/8`,%ecx         # sizeof(CONTEXT)
+        .long   0xa548f3fc              # cld; rep movsq
+
+        mov     $disp,%rsi
+        xor     %rcx,%rcx               # arg1, UNW_FLAG_NHANDLER
+        mov     8(%rsi),%rdx            # arg2, disp->ImageBase
+        mov     0(%rsi),%r8             # arg3, disp->ControlPc
+        mov     16(%rsi),%r9            # arg4, disp->FunctionEntry
+        mov     40(%rsi),%r10           # disp->ContextRecord
+        lea     56(%rsi),%r11           # &disp->HandlerData
+        lea     24(%rsi),%r12           # &disp->EstablisherFrame
+        mov     %r10,32(%rsp)           # arg5
+        mov     %r11,40(%rsp)           # arg6
+        mov     %r12,48(%rsp)           # arg7
+        mov     %rcx,56(%rsp)           # arg8, (NULL)
+        call    *__imp_RtlVirtualUnwind(%rip)
+
+        mov     \$1,%eax                # ExceptionContinueSearch
+        add     \$64,%rsp
+        popfq
+        pop     %r15
+        pop     %r14
+        pop     %r13
+        pop     %r12
+        pop     %rbp
+        pop     %rbx
+        pop     %rdi
+        pop     %rsi
+        ret
+.size   cbc_se_handler,.-cbc_se_handler
+
+.section        .pdata
+.align  4
+        .rva    .LSEH_begin_AES_encrypt
+        .rva    .LSEH_end_AES_encrypt
+        .rva    .LSEH_info_AES_encrypt
+
+        .rva    .LSEH_begin_AES_decrypt
+        .rva    .LSEH_end_AES_decrypt
+        .rva    .LSEH_info_AES_decrypt
+
+        .rva    .LSEH_begin_AES_set_encrypt_key
+        .rva    .LSEH_end_AES_set_encrypt_key
+        .rva    .LSEH_info_AES_set_encrypt_key
+
+        .rva    .LSEH_begin_AES_set_decrypt_key
+        .rva    .LSEH_end_AES_set_decrypt_key
+        .rva    .LSEH_info_AES_set_decrypt_key
+
+        .rva    .LSEH_begin_AES_cbc_encrypt
+        .rva    .LSEH_end_AES_cbc_encrypt
+        .rva    .LSEH_info_AES_cbc_encrypt
+
+.section        .xdata
+.align  8
+.LSEH_info_AES_encrypt:
+        .byte   9,0,0,0
+        .rva    block_se_handler
+        .rva    .Lenc_prologue,.Lenc_epilogue   # HandlerData[]
+.LSEH_info_AES_decrypt:
+        .byte   9,0,0,0
+        .rva    block_se_handler
+        .rva    .Ldec_prologue,.Ldec_epilogue   # HandlerData[]
+.LSEH_info_AES_set_encrypt_key:
+        .byte   9,0,0,0
+        .rva    key_se_handler
+        .rva    .Lenc_key_prologue,.Lenc_key_epilogue   # HandlerData[]
+.LSEH_info_AES_set_decrypt_key:
+        .byte   9,0,0,0
+        .rva    key_se_handler
+        .rva    .Ldec_key_prologue,.Ldec_key_epilogue   # HandlerData[]
+.LSEH_info_AES_cbc_encrypt:
+        .byte   9,0,0,0
+        .rva    cbc_se_handler
+___
+}
 
 $code =~ s/\`([^\`]*)\`/eval($1)/gem;
 
diff --git a/src/lib/libcrypto/asn1/ameth_lib.c b/src/lib/libcrypto/asn1/ameth_lib.c
index 18957c669e..9a8b6cc222 100644
--- a/src/lib/libcrypto/asn1/ameth_lib.c
+++ b/src/lib/libcrypto/asn1/ameth_lib.c
@@ -301,6 +301,8 @@ EVP_PKEY_ASN1_METHOD* EVP_PKEY_asn1_new(int id, int flags,
                 if (!ameth->info)
                         goto err;
                 }
+        else
+                ameth->info = NULL;
 
         if (pem_str)
                 {
@@ -308,6 +310,8 @@ EVP_PKEY_ASN1_METHOD* EVP_PKEY_asn1_new(int id, int flags,
                 if (!ameth->pem_str)
                         goto err;
                 }
+        else
+                ameth->pem_str = NULL;
 
         ameth->pub_decode = 0;
         ameth->pub_encode = 0;
diff --git a/src/lib/libcrypto/asn1/asn1_gen.c b/src/lib/libcrypto/asn1/asn1_gen.c
index 2da38292c8..4fc241908f 100644
--- a/src/lib/libcrypto/asn1/asn1_gen.c
+++ b/src/lib/libcrypto/asn1/asn1_gen.c
@@ -227,6 +227,8 @@ ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf)
         /* Allocate buffer for new encoding */
 
         new_der = OPENSSL_malloc(len);
+        if (!new_der)
+                goto err;
 
         /* Generate tagged encoding */
 
@@ -245,8 +247,14 @@ ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf)
         /* If IMPLICIT, output tag */
 
         if (asn1_tags.imp_tag != -1)
+                {
+                if (asn1_tags.imp_class == V_ASN1_UNIVERSAL 
+                    && (asn1_tags.imp_tag == V_ASN1_SEQUENCE
+                     || asn1_tags.imp_tag == V_ASN1_SET) )
+                        hdr_constructed = V_ASN1_CONSTRUCTED;
                 ASN1_put_object(&p, hdr_constructed, hdr_len,
                                         asn1_tags.imp_tag, asn1_tags.imp_class);
+                }
 
         /* Copy across original encoding */
         memcpy(p, cpy_start, cpy_len);
@@ -439,13 +447,15 @@ static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass)
 
 static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf)
         {
-        ASN1_TYPE *ret = NULL, *typ = NULL;
+        ASN1_TYPE *ret = NULL;
         STACK_OF(ASN1_TYPE) *sk = NULL;
         STACK_OF(CONF_VALUE) *sect = NULL;
-        unsigned char *der = NULL, *p;
+        unsigned char *der = NULL;
         int derlen;
-        int i, is_set;
+        int i;
         sk = sk_ASN1_TYPE_new_null();
+        if (!sk)
+                goto bad;
         if (section)
                 {
                 if (!cnf)
@@ -455,28 +465,23 @@ static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf)
                         goto bad;
                 for (i = 0; i < sk_CONF_VALUE_num(sect); i++)
                         {
-                        typ = ASN1_generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf);
+                        ASN1_TYPE *typ = ASN1_generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf);
                         if (!typ)
                                 goto bad;
-                        sk_ASN1_TYPE_push(sk, typ);
-                        typ = NULL;
+                        if (!sk_ASN1_TYPE_push(sk, typ))
+                                goto bad;
                         }
                 }
 
         /* Now we has a STACK of the components, convert to the correct form */
 
         if (utype == V_ASN1_SET)
-                is_set = 1;
+                derlen = i2d_ASN1_SET_ANY(sk, &der);
         else
-                is_set = 0;
-
+                derlen = i2d_ASN1_SEQUENCE_ANY(sk, &der);
 
-        derlen = i2d_ASN1_SET_OF_ASN1_TYPE(sk, NULL, i2d_ASN1_TYPE, utype,
-                                           V_ASN1_UNIVERSAL, is_set);
-        der = OPENSSL_malloc(derlen);
-        p = der;
-        i2d_ASN1_SET_OF_ASN1_TYPE(sk, &p, i2d_ASN1_TYPE, utype,
-                                  V_ASN1_UNIVERSAL, is_set);
+        if (derlen < 0)
+                goto bad;
 
         if (!(ret = ASN1_TYPE_new()))
                 goto bad;
@@ -498,8 +503,6 @@ static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf)
 
         if (sk)
                 sk_ASN1_TYPE_pop_free(sk, ASN1_TYPE_free);
-        if (typ)
-                ASN1_TYPE_free(typ);
         if (sect)
                 X509V3_section_free(cnf, sect);
 
@@ -549,7 +552,7 @@ static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, int exp_cons
 static int asn1_str2tag(const char *tagstr, int len)
         {
         unsigned int i;
-        static struct tag_name_st *tntmp, tnst [] = {
+        static const struct tag_name_st *tntmp, tnst [] = {
                 ASN1_GEN_STR("BOOL", V_ASN1_BOOLEAN),
                 ASN1_GEN_STR("BOOLEAN", V_ASN1_BOOLEAN),
                 ASN1_GEN_STR("NULL", V_ASN1_NULL),
@@ -584,6 +587,8 @@ static int asn1_str2tag(const char *tagstr, int len)
                 ASN1_GEN_STR("TELETEXSTRING", V_ASN1_T61STRING),
                 ASN1_GEN_STR("GeneralString", V_ASN1_GENERALSTRING),
                 ASN1_GEN_STR("GENSTR", V_ASN1_GENERALSTRING),
+                ASN1_GEN_STR("NUMERIC", V_ASN1_NUMERICSTRING),
+                ASN1_GEN_STR("NUMERICSTRING", V_ASN1_NUMERICSTRING),
 
                 /* Special cases */
                 ASN1_GEN_STR("SEQUENCE", V_ASN1_SEQUENCE),
@@ -729,6 +734,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype)
                 case V_ASN1_VISIBLESTRING:
                 case V_ASN1_UNIVERSALSTRING:
                 case V_ASN1_GENERALSTRING:
+                case V_ASN1_NUMERICSTRING:
 
                 if (format == ASN1_GEN_FORMAT_ASCII)
                         format = MBSTRING_ASC;
diff --git a/src/lib/libcrypto/bn/asm/alpha-mont.pl b/src/lib/libcrypto/bn/asm/alpha-mont.pl
index 7a2cc3173b..f7e0ca1646 100644
--- a/src/lib/libcrypto/bn/asm/alpha-mont.pl
+++ b/src/lib/libcrypto/bn/asm/alpha-mont.pl
@@ -53,15 +53,15 @@ $code=<<___;
 .align  5
 .ent    bn_mul_mont
 bn_mul_mont:
-        lda     sp,-40(sp)
+        lda     sp,-48(sp)
         stq     ra,0(sp)
         stq     s3,8(sp)
         stq     s4,16(sp)
         stq     s5,24(sp)
         stq     fp,32(sp)
         mov     sp,fp
-        .mask   0x0400f000,-40
-        .frame  fp,40,ra
+        .mask   0x0400f000,-48
+        .frame  fp,48,ra
         .prologue 0
 
         .align  4
@@ -306,7 +306,7 @@ bn_mul_mont:
         ldq     s4,16(sp)
         ldq     s5,24(sp)
         ldq     fp,32(sp)
-        lda     sp,40(sp)
+        lda     sp,48(sp)
         ret     (ra)
 .end    bn_mul_mont
 .rdata
diff --git a/src/lib/libcrypto/bn/asm/armv4-mont.pl b/src/lib/libcrypto/bn/asm/armv4-mont.pl
index 05d5dc1a48..14e0d2d1dd 100644
--- a/src/lib/libcrypto/bn/asm/armv4-mont.pl
+++ b/src/lib/libcrypto/bn/asm/armv4-mont.pl
@@ -193,6 +193,7 @@ bn_mul_mont:
         bx      lr                      @ interoperable with Thumb ISA:-)
 .size   bn_mul_mont,.-bn_mul_mont
 .asciz  "Montgomery multiplication for ARMv4, CRYPTOGAMS by <appro\@openssl.org>"
+.align  2
 ___
 
 $code =~ s/\bbx\s+lr\b/.word\t0xe12fff1e/gm;    # make it possible to compile with -march=armv4
diff --git a/src/lib/libcrypto/bn/asm/ppc.pl b/src/lib/libcrypto/bn/asm/ppc.pl
index 08e0053473..37c65d3511 100644
--- a/src/lib/libcrypto/bn/asm/ppc.pl
+++ b/src/lib/libcrypto/bn/asm/ppc.pl
@@ -100,9 +100,9 @@
 #       me a note at schari@us.ibm.com
 #
 
-$opf = shift;
+$flavour = shift;
 
-if ($opf =~ /32\.s/) {
+if ($flavour =~ /32/) {
         $BITS=  32;
         $BNSZ=  $BITS/8;
         $ISA=   "\"ppc\"";
@@ -125,7 +125,7 @@ if ($opf =~ /32\.s/) {
         $INSR=  "insrwi";       # insert right
         $ROTL=  "rotlwi";       # rotate left by immediate
         $TR=    "tw";           # conditional trap
-} elsif ($opf =~ /64\.s/) {
+} elsif ($flavour =~ /64/) {
         $BITS=  64;
         $BNSZ=  $BITS/8;
         $ISA=   "\"ppc64\"";
@@ -149,93 +149,16 @@ if ($opf =~ /32\.s/) {
         $INSR=  "insrdi";       # insert right 
         $ROTL=  "rotldi";       # rotate left by immediate
         $TR=    "td";           # conditional trap
-} else { die "nonsense $opf"; }
+} else { die "nonsense $flavour"; }
 
-( defined shift || open STDOUT,">$opf" ) || die "can't open $opf: $!";
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
+die "can't locate ppc-xlate.pl";
 
-# function entry points from the AIX code
-#
-# There are other, more elegant, ways to handle this. We (IBM) chose
-# this approach as it plays well with scripts we run to 'namespace'
-# OpenSSL .i.e. we add a prefix to all the public symbols so we can
-# co-exist in the same process with other implementations of OpenSSL.
-# 'cleverer' ways of doing these substitutions tend to hide data we
-# need to be obvious.
-#
-my @items = ("bn_sqr_comba4",
-             "bn_sqr_comba8",
-             "bn_mul_comba4",
-             "bn_mul_comba8",
-             "bn_sub_words",
-             "bn_add_words",
-             "bn_div_words",
-             "bn_sqr_words",
-             "bn_mul_words",
-             "bn_mul_add_words");
+open STDOUT,"| $^X $xlate $flavour ".shift || die "can't call $xlate: $!";
 
-if    ($opf =~ /linux/) {  do_linux();  }
-elsif ($opf =~ /aix/)   {  do_aix();    }
-elsif ($opf =~ /osx/)   {  do_osx();    }
-else                    {  do_bsd();    }
-
-sub do_linux {
-    $d=&data();
-
-    if ($BITS==64) {
-      foreach $t (@items) {
-        $d =~ s/\.$t:/\
-\t.section\t".opd","aw"\
-\t.align\t3\
-\t.globl\t$t\
-$t:\
-\t.quad\t.$t,.TOC.\@tocbase,0\
-\t.size\t$t,24\
-\t.previous\n\
-\t.type\t.$t,\@function\
-\t.globl\t.$t\
-.$t:/g;
-      }
-    }
-    else {
-      foreach $t (@items) {
-        $d=~s/\.$t/$t/g;
-      }
-    }
-    # hide internal labels to avoid pollution of name table...
-    $d=~s/Lppcasm_/.Lppcasm_/gm;
-    print $d;
-}
-
-sub do_aix {
-    # AIX assembler is smart enough to please the linker without
-    # making us do something special...
-    print &data();
-}
-
-# MacOSX 32 bit
-sub do_osx {
-    $d=&data();
-    # Change the bn symbol prefix from '.' to '_'
-    foreach $t (@items) {
-      $d=~s/\.$t/_$t/g;
-    }
-    # Change .machine to something OS X asm will accept
-    $d=~s/\.machine.*/.text/g;
-    $d=~s/\#/;/g; # change comment from '#' to ';'
-    print $d;
-}
-
-# BSD (Untested)
-sub do_bsd {
-    $d=&data();
-    foreach $t (@items) {
-      $d=~s/\.$t/_$t/g;
-    }
-    print $d;
-}
-
-sub data {
-        local($data)=<<EOF;
+$data=<<EOF;
 #--------------------------------------------------------------------
 #
 #
@@ -297,33 +220,20 @@ sub data {
 #
 #       Defines to be used in the assembly code.
 #       
-.set r0,0       # we use it as storage for value of 0
-.set SP,1       # preserved
-.set RTOC,2     # preserved 
-.set r3,3       # 1st argument/return value
-.set r4,4       # 2nd argument/volatile register
-.set r5,5       # 3rd argument/volatile register
-.set r6,6       # ...
-.set r7,7
-.set r8,8
-.set r9,9
-.set r10,10
-.set r11,11
-.set r12,12
-.set r13,13     # not used, nor any other "below" it...
-
-.set BO_IF_NOT,4
-.set BO_IF,12
-.set BO_dCTR_NZERO,16
-.set BO_dCTR_ZERO,18
-.set BO_ALWAYS,20
-.set CR0_LT,0;
-.set CR0_GT,1;
-.set CR0_EQ,2
-.set CR1_FX,4;
-.set CR1_FEX,5;
-.set CR1_VX,6
-.set LR,8
+#.set r0,0      # we use it as storage for value of 0
+#.set SP,1      # preserved
+#.set RTOC,2    # preserved 
+#.set r3,3      # 1st argument/return value
+#.set r4,4      # 2nd argument/volatile register
+#.set r5,5      # 3rd argument/volatile register
+#.set r6,6      # ...
+#.set r7,7
+#.set r8,8
+#.set r9,9
+#.set r10,10
+#.set r11,11
+#.set r12,12
+#.set r13,13    # not used, nor any other "below" it...
 
 #       Declare function names to be global
 #       NOTE:   For gcc these names MUST be changed to remove
@@ -344,7 +254,7 @@ sub data {
         
 # .text section
         
-        .machine        $ISA
+        .machine        "any"
 
 #
 #       NOTE:   The following label name should be changed to
@@ -478,7 +388,7 @@ sub data {
 
         $ST             r9,`6*$BNSZ`(r3)        #r[6]=c1
         $ST             r10,`7*$BNSZ`(r3)       #r[7]=c2
-        bclr    BO_ALWAYS,CR0_LT
+        blr
         .long   0x00000000
 
 #
@@ -903,7 +813,7 @@ sub data {
         $ST             r9, `15*$BNSZ`(r3)      #r[15]=c1;
 
 
-        bclr    BO_ALWAYS,CR0_LT
+        blr
 
         .long   0x00000000
 
@@ -1055,7 +965,7 @@ sub data {
 
         $ST     r10,`6*$BNSZ`(r3)       #r[6]=c1
         $ST     r11,`7*$BNSZ`(r3)       #r[7]=c2
-        bclr    BO_ALWAYS,CR0_LT
+        blr
         .long   0x00000000
 
 #
@@ -1591,7 +1501,7 @@ sub data {
         adde    r10,r10,r9
         $ST     r12,`14*$BNSZ`(r3)      #r[14]=c3;
         $ST     r10,`15*$BNSZ`(r3)      #r[15]=c1;
-        bclr    BO_ALWAYS,CR0_LT
+        blr
         .long   0x00000000
 
 #
@@ -1623,7 +1533,7 @@ sub data {
         subfc.  r7,r0,r6        # If r6 is 0 then result is 0.
                                 # if r6 > 0 then result !=0
                                 # In either case carry bit is set.
-        bc      BO_IF,CR0_EQ,Lppcasm_sub_adios
+        beq     Lppcasm_sub_adios
         addi    r4,r4,-$BNSZ
         addi    r3,r3,-$BNSZ
         addi    r5,r5,-$BNSZ
@@ -1635,11 +1545,11 @@ Lppcasm_sub_mainloop:
                                 # if carry = 1 this is r7-r8. Else it
                                 # is r7-r8 -1 as we need.
         $STU    r6,$BNSZ(r3)
-        bc      BO_dCTR_NZERO,CR0_EQ,Lppcasm_sub_mainloop
+        bdnz-   Lppcasm_sub_mainloop
 Lppcasm_sub_adios:      
         subfze  r3,r0           # if carry bit is set then r3 = 0 else -1
         andi.   r3,r3,1         # keep only last bit.
-        bclr    BO_ALWAYS,CR0_LT
+        blr
         .long   0x00000000
 
 
@@ -1670,7 +1580,7 @@ Lppcasm_sub_adios:
 #       check for r6 = 0. Is this needed?
 #
         addic.  r6,r6,0         #test r6 and clear carry bit.
-        bc      BO_IF,CR0_EQ,Lppcasm_add_adios
+        beq     Lppcasm_add_adios
         addi    r4,r4,-$BNSZ
         addi    r3,r3,-$BNSZ
         addi    r5,r5,-$BNSZ
@@ -1680,10 +1590,10 @@ Lppcasm_add_mainloop:
         $LDU    r8,$BNSZ(r5)
         adde    r8,r7,r8
         $STU    r8,$BNSZ(r3)
-        bc      BO_dCTR_NZERO,CR0_EQ,Lppcasm_add_mainloop
+        bdnz-   Lppcasm_add_mainloop
 Lppcasm_add_adios:      
         addze   r3,r0                   #return carry bit.
-        bclr    BO_ALWAYS,CR0_LT
+        blr
         .long   0x00000000
 
 #
@@ -1707,24 +1617,24 @@ Lppcasm_add_adios:
 #       r5 = d
         
         $UCMPI  0,r5,0                  # compare r5 and 0
-        bc      BO_IF_NOT,CR0_EQ,Lppcasm_div1   # proceed if d!=0
+        bne     Lppcasm_div1            # proceed if d!=0
         li      r3,-1                   # d=0 return -1
-        bclr    BO_ALWAYS,CR0_LT        
+        blr
 Lppcasm_div1:
         xor     r0,r0,r0                #r0=0
         li      r8,$BITS
         $CNTLZ. r7,r5                   #r7 = num leading 0s in d.
-        bc      BO_IF,CR0_EQ,Lppcasm_div2       #proceed if no leading zeros
+        beq     Lppcasm_div2            #proceed if no leading zeros
         subf    r8,r7,r8                #r8 = BN_num_bits_word(d)
         $SHR.   r9,r3,r8                #are there any bits above r8'th?
         $TR     16,r9,r0                #if there're, signal to dump core...
 Lppcasm_div2:
         $UCMP   0,r3,r5                 #h>=d?
-        bc      BO_IF,CR0_LT,Lppcasm_div3       #goto Lppcasm_div3 if not
+        blt     Lppcasm_div3            #goto Lppcasm_div3 if not
         subf    r3,r5,r3                #h-=d ; 
 Lppcasm_div3:                           #r7 = BN_BITS2-i. so r7=i
         cmpi    0,0,r7,0                # is (i == 0)?
-        bc      BO_IF,CR0_EQ,Lppcasm_div4
+        beq     Lppcasm_div4
         $SHL    r3,r3,r7                # h = (h<< i)
         $SHR    r8,r4,r8                # r8 = (l >> BN_BITS2 -i)
         $SHL    r5,r5,r7                # d<<=i
@@ -1741,7 +1651,7 @@ Lppcasm_divouterloop:
         $SHRI   r11,r4,`$BITS/2`        #r11= (l&BN_MASK2h)>>BN_BITS4
                                         # compute here for innerloop.
         $UCMP   0,r8,r9                 # is (h>>BN_BITS4)==dh
-        bc      BO_IF_NOT,CR0_EQ,Lppcasm_div5   # goto Lppcasm_div5 if not
+        bne     Lppcasm_div5            # goto Lppcasm_div5 if not
 
         li      r8,-1
         $CLRU   r8,r8,`$BITS/2`         #q = BN_MASK2l 
@@ -1762,9 +1672,9 @@ Lppcasm_divinnerloop:
                                         # the following 2 instructions do that
         $SHLI   r7,r10,`$BITS/2`        # r7 = (t<<BN_BITS4)
         or      r7,r7,r11               # r7|=((l&BN_MASK2h)>>BN_BITS4)
-        $UCMP   1,r6,r7                 # compare (tl <= r7)
-        bc      BO_IF_NOT,CR0_EQ,Lppcasm_divinnerexit
-        bc      BO_IF_NOT,CR1_FEX,Lppcasm_divinnerexit
+        $UCMP   cr1,r6,r7               # compare (tl <= r7)
+        bne     Lppcasm_divinnerexit
+        ble     cr1,Lppcasm_divinnerexit
         addi    r8,r8,-1                #q--
         subf    r12,r9,r12              #th -=dh
         $CLRU   r10,r5,`$BITS/2`        #r10=dl. t is no longer needed in loop.
@@ -1773,14 +1683,14 @@ Lppcasm_divinnerloop:
 Lppcasm_divinnerexit:
         $SHRI   r10,r6,`$BITS/2`        #t=(tl>>BN_BITS4)
         $SHLI   r11,r6,`$BITS/2`        #tl=(tl<<BN_BITS4)&BN_MASK2h;
-        $UCMP   1,r4,r11                # compare l and tl
+        $UCMP   cr1,r4,r11              # compare l and tl
         add     r12,r12,r10             # th+=t
-        bc      BO_IF_NOT,CR1_FX,Lppcasm_div7  # if (l>=tl) goto Lppcasm_div7
+        bge     cr1,Lppcasm_div7        # if (l>=tl) goto Lppcasm_div7
         addi    r12,r12,1               # th++
 Lppcasm_div7:
         subf    r11,r11,r4              #r11=l-tl
-        $UCMP   1,r3,r12                #compare h and th
-        bc      BO_IF_NOT,CR1_FX,Lppcasm_div8   #if (h>=th) goto Lppcasm_div8
+        $UCMP   cr1,r3,r12              #compare h and th
+        bge     cr1,Lppcasm_div8        #if (h>=th) goto Lppcasm_div8
         addi    r8,r8,-1                # q--
         add     r3,r5,r3                # h+=d
 Lppcasm_div8:
@@ -1791,12 +1701,12 @@ Lppcasm_div8:
                                         # the following 2 instructions will do this.
         $INSR   r11,r12,`$BITS/2`,`$BITS/2`     # r11 is the value we want rotated $BITS/2.
         $ROTL   r3,r11,`$BITS/2`        # rotate by $BITS/2 and store in r3
-        bc      BO_dCTR_ZERO,CR0_EQ,Lppcasm_div9#if (count==0) break ;
+        bdz     Lppcasm_div9            #if (count==0) break ;
         $SHLI   r0,r8,`$BITS/2`         #ret =q<<BN_BITS4
         b       Lppcasm_divouterloop
 Lppcasm_div9:
         or      r3,r8,r0
-        bclr    BO_ALWAYS,CR0_LT
+        blr
         .long   0x00000000
 
 #
@@ -1822,7 +1732,7 @@ Lppcasm_div9:
 #       No unrolling done here. Not performance critical.
 
         addic.  r5,r5,0                 #test r5.
-        bc      BO_IF,CR0_EQ,Lppcasm_sqr_adios
+        beq     Lppcasm_sqr_adios
         addi    r4,r4,-$BNSZ
         addi    r3,r3,-$BNSZ
         mtctr   r5
@@ -1833,9 +1743,9 @@ Lppcasm_sqr_mainloop:
         $UMULH  r8,r6,r6
         $STU    r7,$BNSZ(r3)
         $STU    r8,$BNSZ(r3)
-        bc      BO_dCTR_NZERO,CR0_EQ,Lppcasm_sqr_mainloop
+        bdnz-   Lppcasm_sqr_mainloop
 Lppcasm_sqr_adios:      
-        bclr    BO_ALWAYS,CR0_LT
+        blr
         .long   0x00000000
 
 
@@ -1858,7 +1768,7 @@ Lppcasm_sqr_adios:
         xor     r0,r0,r0
         xor     r12,r12,r12             # used for carry
         rlwinm. r7,r5,30,2,31           # num >> 2
-        bc      BO_IF,CR0_EQ,Lppcasm_mw_REM
+        beq     Lppcasm_mw_REM
         mtctr   r7
 Lppcasm_mw_LOOP:        
                                         #mul(rp[0],ap[0],w,c1);
@@ -1896,11 +1806,11 @@ Lppcasm_mw_LOOP:
         
         addi    r3,r3,`4*$BNSZ`
         addi    r4,r4,`4*$BNSZ`
-        bc      BO_dCTR_NZERO,CR0_EQ,Lppcasm_mw_LOOP
+        bdnz-   Lppcasm_mw_LOOP
 
 Lppcasm_mw_REM:
         andi.   r5,r5,0x3
-        bc      BO_IF,CR0_EQ,Lppcasm_mw_OVER
+        beq     Lppcasm_mw_OVER
                                         #mul(rp[0],ap[0],w,c1);
         $LD     r8,`0*$BNSZ`(r4)
         $UMULL  r9,r6,r8
@@ -1912,7 +1822,7 @@ Lppcasm_mw_REM:
         
         addi    r5,r5,-1
         cmpli   0,0,r5,0
-        bc      BO_IF,CR0_EQ,Lppcasm_mw_OVER
+        beq     Lppcasm_mw_OVER
 
         
                                         #mul(rp[1],ap[1],w,c1);
@@ -1926,7 +1836,7 @@ Lppcasm_mw_REM:
         
         addi    r5,r5,-1
         cmpli   0,0,r5,0
-        bc      BO_IF,CR0_EQ,Lppcasm_mw_OVER
+        beq     Lppcasm_mw_OVER
         
                                         #mul_add(rp[2],ap[2],w,c1);
         $LD     r8,`2*$BNSZ`(r4)
@@ -1939,7 +1849,7 @@ Lppcasm_mw_REM:
                 
 Lppcasm_mw_OVER:        
         addi    r3,r12,0
-        bclr    BO_ALWAYS,CR0_LT
+        blr
         .long   0x00000000
 
 #
@@ -1964,7 +1874,7 @@ Lppcasm_mw_OVER:
         xor     r0,r0,r0                #r0 = 0
         xor     r12,r12,r12             #r12 = 0 . used for carry               
         rlwinm. r7,r5,30,2,31           # num >> 2
-        bc      BO_IF,CR0_EQ,Lppcasm_maw_leftover       # if (num < 4) go LPPCASM_maw_leftover
+        beq     Lppcasm_maw_leftover    # if (num < 4) go LPPCASM_maw_leftover
         mtctr   r7
 Lppcasm_maw_mainloop:   
                                         #mul_add(rp[0],ap[0],w,c1);
@@ -2017,11 +1927,11 @@ Lppcasm_maw_mainloop:
         $ST     r11,`3*$BNSZ`(r3)
         addi    r3,r3,`4*$BNSZ`
         addi    r4,r4,`4*$BNSZ`
-        bc      BO_dCTR_NZERO,CR0_EQ,Lppcasm_maw_mainloop
+        bdnz-   Lppcasm_maw_mainloop
         
 Lppcasm_maw_leftover:
         andi.   r5,r5,0x3
-        bc      BO_IF,CR0_EQ,Lppcasm_maw_adios
+        beq     Lppcasm_maw_adios
         addi    r3,r3,-$BNSZ
         addi    r4,r4,-$BNSZ
                                         #mul_add(rp[0],ap[0],w,c1);
@@ -2036,7 +1946,7 @@ Lppcasm_maw_leftover:
         addze   r12,r10
         $ST     r9,0(r3)
         
-        bc      BO_dCTR_ZERO,CR0_EQ,Lppcasm_maw_adios
+        bdz     Lppcasm_maw_adios
                                         #mul_add(rp[1],ap[1],w,c1);
         $LDU    r8,$BNSZ(r4)    
         $UMULL  r9,r6,r8
@@ -2048,7 +1958,7 @@ Lppcasm_maw_leftover:
         addze   r12,r10
         $ST     r9,0(r3)
         
-        bc      BO_dCTR_ZERO,CR0_EQ,Lppcasm_maw_adios
+        bdz     Lppcasm_maw_adios
                                         #mul_add(rp[2],ap[2],w,c1);
         $LDU    r8,$BNSZ(r4)
         $UMULL  r9,r6,r8
@@ -2062,17 +1972,10 @@ Lppcasm_maw_leftover:
                 
 Lppcasm_maw_adios:      
         addi    r3,r12,0
-        bclr    BO_ALWAYS,CR0_LT
+        blr
         .long   0x00000000
         .align  4
 EOF
-        $data =~ s/\`([^\`]*)\`/eval $1/gem;
-
-        # if some assembler chokes on some simplified mnemonic,
-        # this is the spot to fix it up, e.g.:
-        # GNU as doesn't seem to accept cmplw, 32-bit unsigned compare
-        $data =~ s/^(\s*)cmplw(\s+)([^,]+),(.*)/$1cmpl$2$3,0,$4/gm;
-        # assembler X doesn't accept li, load immediate value
-        #$data =~ s/^(\s*)li(\s+)([^,]+),(.*)/$1addi$2$3,0,$4/gm;
-        return($data);
-}
+$data =~ s/\`([^\`]*)\`/eval $1/gem;
+print $data;
+close STDOUT;
diff --git a/src/lib/libcrypto/bn/asm/x86_64-gcc.c b/src/lib/libcrypto/bn/asm/x86_64-gcc.c
index f13f52dd85..acb0b40118 100644
--- a/src/lib/libcrypto/bn/asm/x86_64-gcc.c
+++ b/src/lib/libcrypto/bn/asm/x86_64-gcc.c
@@ -1,4 +1,5 @@
-#ifdef __SUNPRO_C
+#include "../bn_lcl.h"
+#if !(defined(__GNUC__) && __GNUC__>=2)
 # include "../bn_asm.c" /* kind of dirty hack for Sun Studio */
 #else
 /*
@@ -54,7 +55,15 @@
  *    machine.
  */
 
+#ifdef _WIN64
+#define BN_ULONG unsigned long long
+#else
 #define BN_ULONG unsigned long
+#endif
+
+#undef mul
+#undef mul_add
+#undef sqr
 
 /*
  * "m"(a), "+m"(r)      is the way to favor DirectPath µ-code;
@@ -97,7 +106,7 @@
                 : "a"(a)                \
                 : "cc");
 
-BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
+BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
         {
         BN_ULONG c1=0;
 
@@ -121,7 +130,7 @@ BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
         return(c1);
         } 
 
-BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
+BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
         {
         BN_ULONG c1=0;
 
@@ -144,7 +153,7 @@ BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
         return(c1);
         } 
 
-void bn_sqr_words(BN_ULONG *r, BN_ULONG *a, int n)
+void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
         {
         if (n <= 0) return;
 
@@ -175,14 +184,14 @@ BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
         return ret;
 }
 
-BN_ULONG bn_add_words (BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int n)
+BN_ULONG bn_add_words (BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int n)
 { BN_ULONG ret=0,i=0;
 
         if (n <= 0) return 0;
 
         asm (
         "       subq    %2,%2           \n"
-        ".align 16                      \n"
+        ".p2align 4                     \n"
         "1:     movq    (%4,%2,8),%0    \n"
         "       adcq    (%5,%2,8),%0    \n"
         "       movq    %0,(%3,%2,8)    \n"
@@ -198,14 +207,14 @@ BN_ULONG bn_add_words (BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int n)
 }
 
 #ifndef SIMICS
-BN_ULONG bn_sub_words (BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int n)
+BN_ULONG bn_sub_words (BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int n)
 { BN_ULONG ret=0,i=0;
 
         if (n <= 0) return 0;
 
         asm (
         "       subq    %2,%2           \n"
-        ".align 16                      \n"
+        ".p2align 4                     \n"
         "1:     movq    (%4,%2,8),%0    \n"
         "       sbbq    (%5,%2,8),%0    \n"
         "       movq    %0,(%3,%2,8)    \n"
@@ -485,7 +494,7 @@ void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
         r[7]=c2;
         }
 
-void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)
+void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a)
         {
         BN_ULONG t1,t2;
         BN_ULONG c1,c2,c3;
@@ -561,7 +570,7 @@ void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)
         r[15]=c1;
         }
 
-void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)
+void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a)
         {
         BN_ULONG t1,t2;
         BN_ULONG c1,c2,c3;
diff --git a/src/lib/libcrypto/bn/asm/x86_64-mont.pl b/src/lib/libcrypto/bn/asm/x86_64-mont.pl
index c43b69592a..3b7a6f243f 100755
--- a/src/lib/libcrypto/bn/asm/x86_64-mont.pl
+++ b/src/lib/libcrypto/bn/asm/x86_64-mont.pl
@@ -15,14 +15,18 @@
 # respectful 50%. It remains to be seen if loop unrolling and
 # dedicated squaring routine can provide further improvement...
 
-$output=shift;
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
 
 $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
 ( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
 ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
 die "can't locate x86_64-xlate.pl";
 
-open STDOUT,"| $^X $xlate $output";
+open STDOUT,"| $^X $xlate $flavour $output";
 
 # int bn_mul_mont(
 $rp="%rdi";     # BN_ULONG *rp,
@@ -55,13 +59,14 @@ bn_mul_mont:
         push    %r15
 
         mov     ${num}d,${num}d
-        lea     2($num),%rax
-        mov     %rsp,%rbp
-        neg     %rax
-        lea     (%rsp,%rax,8),%rsp      # tp=alloca(8*(num+2))
+        lea     2($num),%r10
+        mov     %rsp,%r11
+        neg     %r10
+        lea     (%rsp,%r10,8),%rsp      # tp=alloca(8*(num+2))
         and     \$-1024,%rsp            # minimize TLB usage
 
-        mov     %rbp,8(%rsp,$num,8)     # tp[num+1]=%rsp
+        mov     %r11,8(%rsp,$num,8)     # tp[num+1]=%rsp
+.Lprologue:
         mov     %rdx,$bp                # $bp reassigned, remember?
 
         mov     ($n0),$n0               # pull n0[0] value
@@ -197,18 +202,129 @@ bn_mul_mont:
         dec     $j
         jge     .Lcopy
 
-        mov     8(%rsp,$num,8),%rsp     # restore %rsp
+        mov     8(%rsp,$num,8),%rsi     # restore %rsp
         mov     \$1,%rax
+        mov     (%rsi),%r15
+        mov     8(%rsi),%r14
+        mov     16(%rsi),%r13
+        mov     24(%rsi),%r12
+        mov     32(%rsi),%rbp
+        mov     40(%rsi),%rbx
+        lea     48(%rsi),%rsp
+.Lepilogue:
+        ret
+.size   bn_mul_mont,.-bn_mul_mont
+.asciz  "Montgomery Multiplication for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
+.align  16
+___
+
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#               CONTEXT *context,DISPATCHER_CONTEXT *disp)
+if ($win64) {
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+
+$code.=<<___;
+.extern __imp_RtlVirtualUnwind
+.type   se_handler,\@abi-omnipotent
+.align  16
+se_handler:
+        push    %rsi
+        push    %rdi
+        push    %rbx
+        push    %rbp
+        push    %r12
+        push    %r13
+        push    %r14
+        push    %r15
+        pushfq
+        sub     \$64,%rsp
+
+        mov     120($context),%rax      # pull context->Rax
+        mov     248($context),%rbx      # pull context->Rip
+
+        lea     .Lprologue(%rip),%r10
+        cmp     %r10,%rbx               # context->Rip<.Lprologue
+        jb      .Lin_prologue
+
+        mov     152($context),%rax      # pull context->Rsp
+
+        lea     .Lepilogue(%rip),%r10
+        cmp     %r10,%rbx               # context->Rip>=.Lepilogue
+        jae     .Lin_prologue
+
+        mov     192($context),%r10      # pull $num
+        mov     8(%rax,%r10,8),%rax     # pull saved stack pointer
+        lea     48(%rax),%rax
+
+        mov     -8(%rax),%rbx
+        mov     -16(%rax),%rbp
+        mov     -24(%rax),%r12
+        mov     -32(%rax),%r13
+        mov     -40(%rax),%r14
+        mov     -48(%rax),%r15
+        mov     %rbx,144($context)      # restore context->Rbx
+        mov     %rbp,160($context)      # restore context->Rbp
+        mov     %r12,216($context)      # restore context->R12
+        mov     %r13,224($context)      # restore context->R13
+        mov     %r14,232($context)      # restore context->R14
+        mov     %r15,240($context)      # restore context->R15
+
+.Lin_prologue:
+        mov     8(%rax),%rdi
+        mov     16(%rax),%rsi
+        mov     %rax,152($context)      # restore context->Rsp
+        mov     %rsi,168($context)      # restore context->Rsi
+        mov     %rdi,176($context)      # restore context->Rdi
+
+        mov     40($disp),%rdi          # disp->ContextRecord
+        mov     $context,%rsi           # context
+        mov     \$154,%ecx              # sizeof(CONTEXT)
+        .long   0xa548f3fc              # cld; rep movsq
+
+        mov     $disp,%rsi
+        xor     %rcx,%rcx               # arg1, UNW_FLAG_NHANDLER
+        mov     8(%rsi),%rdx            # arg2, disp->ImageBase
+        mov     0(%rsi),%r8             # arg3, disp->ControlPc
+        mov     16(%rsi),%r9            # arg4, disp->FunctionEntry
+        mov     40(%rsi),%r10           # disp->ContextRecord
+        lea     56(%rsi),%r11           # &disp->HandlerData
+        lea     24(%rsi),%r12           # &disp->EstablisherFrame
+        mov     %r10,32(%rsp)           # arg5
+        mov     %r11,40(%rsp)           # arg6
+        mov     %r12,48(%rsp)           # arg7
+        mov     %rcx,56(%rsp)           # arg8, (NULL)
+        call    *__imp_RtlVirtualUnwind(%rip)
+
+        mov     \$1,%eax                # ExceptionContinueSearch
+        add     \$64,%rsp
+        popfq
         pop     %r15
         pop     %r14
         pop     %r13
         pop     %r12
         pop     %rbp
         pop     %rbx
+        pop     %rdi
+        pop     %rsi
         ret
-.size   bn_mul_mont,.-bn_mul_mont
-.asciz  "Montgomery Multiplication for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
+.size   se_handler,.-se_handler
+
+.section        .pdata
+.align  4
+        .rva    .LSEH_begin_bn_mul_mont
+        .rva    .LSEH_end_bn_mul_mont
+        .rva    .LSEH_info_bn_mul_mont
+
+.section        .xdata
+.align  8
+.LSEH_info_bn_mul_mont:
+        .byte   9,0,0,0
+        .rva    se_handler
 ___
+}
 
 print $code;
 close STDOUT;
diff --git a/src/lib/libcrypto/camellia/asm/cmll-x86.pl b/src/lib/libcrypto/camellia/asm/cmll-x86.pl
index 0812815bfb..027302ac86 100644
--- a/src/lib/libcrypto/camellia/asm/cmll-x86.pl
+++ b/src/lib/libcrypto/camellia/asm/cmll-x86.pl
@@ -1133,6 +1133,6 @@ my ($s0,$s1,$s2,$s3) = @T;
 &function_end("Camellia_cbc_encrypt");
 }
 
-&asciz("Camellia for x86 by <appro@openssl.org>");
+&asciz("Camellia for x86 by <appro\@openssl.org>");
 
 &asm_finish();
diff --git a/src/lib/libcrypto/camellia/asm/cmll-x86_64.pl b/src/lib/libcrypto/camellia/asm/cmll-x86_64.pl
index c683646ca7..76955e4726 100644
--- a/src/lib/libcrypto/camellia/asm/cmll-x86_64.pl
+++ b/src/lib/libcrypto/camellia/asm/cmll-x86_64.pl
@@ -656,7 +656,7 @@ Camellia_cbc_encrypt:
         mov     %rsi,$out               # out argument
         mov     %r8,%rbx                # ivp argument
         mov     %rcx,$key               # key argument
-        mov     272(%rcx),$keyend       # grandRounds
+        mov     272(%rcx),${keyend}d    # grandRounds
 
         mov     %r8,$_ivp
         mov     %rbp,$_rsp
@@ -859,7 +859,7 @@ Camellia_cbc_encrypt:
         ret
 .size   Camellia_cbc_encrypt,.-Camellia_cbc_encrypt
 
-.asciz  "Camellia for x86_64 by <appro@openssl.org>"
+.asciz  "Camellia for x86_64 by <appro\@openssl.org>"
 ___
 }
 
diff --git a/src/lib/libcrypto/camellia/camellia.c b/src/lib/libcrypto/camellia/camellia.c
index 491c26b39e..75fc8991c0 100644
--- a/src/lib/libcrypto/camellia/camellia.c
+++ b/src/lib/libcrypto/camellia/camellia.c
@@ -68,1557 +68,515 @@
 /* Algorithm Specification 
    http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
 */
-
-
-#include <string.h>
-#include <stdlib.h>
+ 
+/*
+ * This release balances code size and performance. In particular key
+ * schedule setup is fully unrolled, because doing so *significantly*
+ * reduces amount of instructions per setup round and code increase is
+ * justifiable. In block functions on the other hand only inner loops
+ * are unrolled, as full unroll gives only nominal performance boost,
+ * while code size grows 4 or 7 times. Also, unlike previous versions
+ * this one "encourages" compiler to keep intermediate variables in
+ * registers, which should give better "all round" results, in other
+ * words reasonable performance even with not so modern compilers.
+ */
 
 #include "camellia.h"
 #include "cmll_locl.h"
+#include <string.h>
+#include <stdlib.h>
 
-/* key constants */
-#define CAMELLIA_SIGMA1L (0xA09E667FL)
-#define CAMELLIA_SIGMA1R (0x3BCC908BL)
-#define CAMELLIA_SIGMA2L (0xB67AE858L)
-#define CAMELLIA_SIGMA2R (0x4CAA73B2L)
-#define CAMELLIA_SIGMA3L (0xC6EF372FL)
-#define CAMELLIA_SIGMA3R (0xE94F82BEL)
-#define CAMELLIA_SIGMA4L (0x54FF53A5L)
-#define CAMELLIA_SIGMA4R (0xF1D36F1CL)
-#define CAMELLIA_SIGMA5L (0x10E527FAL)
-#define CAMELLIA_SIGMA5R (0xDE682D1DL)
-#define CAMELLIA_SIGMA6L (0xB05688C2L)
-#define CAMELLIA_SIGMA6R (0xB3E6C1FDL)
-
+/* 32-bit rotations */
+#if !defined(PEDANTIC) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
+# if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64))
+#  define RightRotate(x, s) _lrotr(x, s)
+#  define LeftRotate(x, s)  _lrotl(x, s)
+#  if _MSC_VER >= 1400
+#   define SWAP(x) _byteswap_ulong(x)
+#  else
+#   define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
+#  endif
+#  define GETU32(p)   SWAP(*((u32 *)(p)))
+#  define PUTU32(p,v) (*((u32 *)(p)) = SWAP((v)))
+# elif defined(__GNUC__) && __GNUC__>=2
+#  if defined(__i386) || defined(__x86_64)
+#   define RightRotate(x,s) ({u32 ret; asm ("rorl %1,%0":"=r"(ret):"I"(s),"0"(x):"cc"); ret; })
+#   define LeftRotate(x,s)  ({u32 ret; asm ("roll %1,%0":"=r"(ret):"I"(s),"0"(x):"cc"); ret; })
+#   if defined(B_ENDIAN) /* stratus.com does it */
+#    define GETU32(p)   (*(u32 *)(p))
+#    define PUTU32(p,v) (*(u32 *)(p)=(v))
+#   else
+#    define GETU32(p)   ({u32 r=*(const u32 *)(p); asm("bswapl %0":"=r"(r):"0"(r)); r; })
+#    define PUTU32(p,v) ({u32 r=(v); asm("bswapl %0":"=r"(r):"0"(r)); *(u32 *)(p)=r; })
+#   endif
+#  elif defined(_ARCH_PPC) || defined(_ARCH_PPC64) || \
+        defined(__powerpc) || defined(__ppc__) || defined(__powerpc64__)
+#   define LeftRotate(x,s)  ({u32 ret; asm ("rlwinm %0,%1,%2,0,31":"=r"(ret):"r"(x),"I"(s)); ret; })
+#   define RightRotate(x,s) LeftRotate(x,(32-s))
+#  elif defined(__s390x__)
+#   define LeftRotate(x,s)  ({u32 ret; asm ("rll %0,%1,%2":"=r"(ret):"r"(x),"I"(s)); ret; })
+#   define RightRotate(x,s) LeftRotate(x,(32-s))
+#   define GETU32(p)   (*(u32 *)(p))
+#   define PUTU32(p,v) (*(u32 *)(p)=(v))
+#  endif
+# endif
+#endif
+
+#if !defined(RightRotate) && !defined(LeftRotate)
+# define RightRotate(x, s) ( ((x) >> (s)) + ((x) << (32 - s)) )
+# define LeftRotate(x, s)  ( ((x) << (s)) + ((x) >> (32 - s)) )
+#endif
+
+#if !defined(GETU32) && !defined(PUTU32)
+# define GETU32(p)   (((u32)(p)[0] << 24) ^ ((u32)(p)[1] << 16) ^ ((u32)(p)[2] <<  8) ^ ((u32)(p)[3]))
+# define PUTU32(p,v) ((p)[0] = (u8)((v) >> 24), (p)[1] = (u8)((v) >> 16), (p)[2] = (u8)((v) >>  8), (p)[3] = (u8)(v))
+#endif
+
+/* S-box data */
+#define SBOX1_1110 Camellia_SBOX[0]
+#define SBOX4_4404 Camellia_SBOX[1]
+#define SBOX2_0222 Camellia_SBOX[2]
+#define SBOX3_3033 Camellia_SBOX[3]
+static const u32 Camellia_SBOX[][256] = {
+{   0x70707000, 0x82828200, 0x2c2c2c00, 0xececec00, 0xb3b3b300, 0x27272700, 
+    0xc0c0c000, 0xe5e5e500, 0xe4e4e400, 0x85858500, 0x57575700, 0x35353500, 
+    0xeaeaea00, 0x0c0c0c00, 0xaeaeae00, 0x41414100, 0x23232300, 0xefefef00, 
+    0x6b6b6b00, 0x93939300, 0x45454500, 0x19191900, 0xa5a5a500, 0x21212100, 
+    0xededed00, 0x0e0e0e00, 0x4f4f4f00, 0x4e4e4e00, 0x1d1d1d00, 0x65656500, 
+    0x92929200, 0xbdbdbd00, 0x86868600, 0xb8b8b800, 0xafafaf00, 0x8f8f8f00, 
+    0x7c7c7c00, 0xebebeb00, 0x1f1f1f00, 0xcecece00, 0x3e3e3e00, 0x30303000, 
+    0xdcdcdc00, 0x5f5f5f00, 0x5e5e5e00, 0xc5c5c500, 0x0b0b0b00, 0x1a1a1a00, 
+    0xa6a6a600, 0xe1e1e100, 0x39393900, 0xcacaca00, 0xd5d5d500, 0x47474700, 
+    0x5d5d5d00, 0x3d3d3d00, 0xd9d9d900, 0x01010100, 0x5a5a5a00, 0xd6d6d600, 
+    0x51515100, 0x56565600, 0x6c6c6c00, 0x4d4d4d00, 0x8b8b8b00, 0x0d0d0d00, 
+    0x9a9a9a00, 0x66666600, 0xfbfbfb00, 0xcccccc00, 0xb0b0b000, 0x2d2d2d00, 
+    0x74747400, 0x12121200, 0x2b2b2b00, 0x20202000, 0xf0f0f000, 0xb1b1b100, 
+    0x84848400, 0x99999900, 0xdfdfdf00, 0x4c4c4c00, 0xcbcbcb00, 0xc2c2c200, 
+    0x34343400, 0x7e7e7e00, 0x76767600, 0x05050500, 0x6d6d6d00, 0xb7b7b700, 
+    0xa9a9a900, 0x31313100, 0xd1d1d100, 0x17171700, 0x04040400, 0xd7d7d700, 
+    0x14141400, 0x58585800, 0x3a3a3a00, 0x61616100, 0xdedede00, 0x1b1b1b00, 
+    0x11111100, 0x1c1c1c00, 0x32323200, 0x0f0f0f00, 0x9c9c9c00, 0x16161600, 
+    0x53535300, 0x18181800, 0xf2f2f200, 0x22222200, 0xfefefe00, 0x44444400, 
+    0xcfcfcf00, 0xb2b2b200, 0xc3c3c300, 0xb5b5b500, 0x7a7a7a00, 0x91919100, 
+    0x24242400, 0x08080800, 0xe8e8e800, 0xa8a8a800, 0x60606000, 0xfcfcfc00, 
+    0x69696900, 0x50505000, 0xaaaaaa00, 0xd0d0d000, 0xa0a0a000, 0x7d7d7d00, 
+    0xa1a1a100, 0x89898900, 0x62626200, 0x97979700, 0x54545400, 0x5b5b5b00, 
+    0x1e1e1e00, 0x95959500, 0xe0e0e000, 0xffffff00, 0x64646400, 0xd2d2d200, 
+    0x10101000, 0xc4c4c400, 0x00000000, 0x48484800, 0xa3a3a300, 0xf7f7f700, 
+    0x75757500, 0xdbdbdb00, 0x8a8a8a00, 0x03030300, 0xe6e6e600, 0xdadada00, 
+    0x09090900, 0x3f3f3f00, 0xdddddd00, 0x94949400, 0x87878700, 0x5c5c5c00, 
+    0x83838300, 0x02020200, 0xcdcdcd00, 0x4a4a4a00, 0x90909000, 0x33333300, 
+    0x73737300, 0x67676700, 0xf6f6f600, 0xf3f3f300, 0x9d9d9d00, 0x7f7f7f00, 
+    0xbfbfbf00, 0xe2e2e200, 0x52525200, 0x9b9b9b00, 0xd8d8d800, 0x26262600, 
+    0xc8c8c800, 0x37373700, 0xc6c6c600, 0x3b3b3b00, 0x81818100, 0x96969600, 
+    0x6f6f6f00, 0x4b4b4b00, 0x13131300, 0xbebebe00, 0x63636300, 0x2e2e2e00, 
+    0xe9e9e900, 0x79797900, 0xa7a7a700, 0x8c8c8c00, 0x9f9f9f00, 0x6e6e6e00, 
+    0xbcbcbc00, 0x8e8e8e00, 0x29292900, 0xf5f5f500, 0xf9f9f900, 0xb6b6b600, 
+    0x2f2f2f00, 0xfdfdfd00, 0xb4b4b400, 0x59595900, 0x78787800, 0x98989800, 
+    0x06060600, 0x6a6a6a00, 0xe7e7e700, 0x46464600, 0x71717100, 0xbababa00, 
+    0xd4d4d400, 0x25252500, 0xababab00, 0x42424200, 0x88888800, 0xa2a2a200, 
+    0x8d8d8d00, 0xfafafa00, 0x72727200, 0x07070700, 0xb9b9b900, 0x55555500, 
+    0xf8f8f800, 0xeeeeee00, 0xacacac00, 0x0a0a0a00, 0x36363600, 0x49494900, 
+    0x2a2a2a00, 0x68686800, 0x3c3c3c00, 0x38383800, 0xf1f1f100, 0xa4a4a400, 
+    0x40404000, 0x28282800, 0xd3d3d300, 0x7b7b7b00, 0xbbbbbb00, 0xc9c9c900, 
+    0x43434300, 0xc1c1c100, 0x15151500, 0xe3e3e300, 0xadadad00, 0xf4f4f400, 
+    0x77777700, 0xc7c7c700, 0x80808000, 0x9e9e9e00 },
+{   0x70700070, 0x2c2c002c, 0xb3b300b3, 0xc0c000c0, 0xe4e400e4, 0x57570057, 
+    0xeaea00ea, 0xaeae00ae, 0x23230023, 0x6b6b006b, 0x45450045, 0xa5a500a5, 
+    0xeded00ed, 0x4f4f004f, 0x1d1d001d, 0x92920092, 0x86860086, 0xafaf00af, 
+    0x7c7c007c, 0x1f1f001f, 0x3e3e003e, 0xdcdc00dc, 0x5e5e005e, 0x0b0b000b, 
+    0xa6a600a6, 0x39390039, 0xd5d500d5, 0x5d5d005d, 0xd9d900d9, 0x5a5a005a, 
+    0x51510051, 0x6c6c006c, 0x8b8b008b, 0x9a9a009a, 0xfbfb00fb, 0xb0b000b0, 
+    0x74740074, 0x2b2b002b, 0xf0f000f0, 0x84840084, 0xdfdf00df, 0xcbcb00cb, 
+    0x34340034, 0x76760076, 0x6d6d006d, 0xa9a900a9, 0xd1d100d1, 0x04040004, 
+    0x14140014, 0x3a3a003a, 0xdede00de, 0x11110011, 0x32320032, 0x9c9c009c, 
+    0x53530053, 0xf2f200f2, 0xfefe00fe, 0xcfcf00cf, 0xc3c300c3, 0x7a7a007a, 
+    0x24240024, 0xe8e800e8, 0x60600060, 0x69690069, 0xaaaa00aa, 0xa0a000a0, 
+    0xa1a100a1, 0x62620062, 0x54540054, 0x1e1e001e, 0xe0e000e0, 0x64640064, 
+    0x10100010, 0x00000000, 0xa3a300a3, 0x75750075, 0x8a8a008a, 0xe6e600e6, 
+    0x09090009, 0xdddd00dd, 0x87870087, 0x83830083, 0xcdcd00cd, 0x90900090, 
+    0x73730073, 0xf6f600f6, 0x9d9d009d, 0xbfbf00bf, 0x52520052, 0xd8d800d8, 
+    0xc8c800c8, 0xc6c600c6, 0x81810081, 0x6f6f006f, 0x13130013, 0x63630063, 
+    0xe9e900e9, 0xa7a700a7, 0x9f9f009f, 0xbcbc00bc, 0x29290029, 0xf9f900f9, 
+    0x2f2f002f, 0xb4b400b4, 0x78780078, 0x06060006, 0xe7e700e7, 0x71710071, 
+    0xd4d400d4, 0xabab00ab, 0x88880088, 0x8d8d008d, 0x72720072, 0xb9b900b9, 
+    0xf8f800f8, 0xacac00ac, 0x36360036, 0x2a2a002a, 0x3c3c003c, 0xf1f100f1, 
+    0x40400040, 0xd3d300d3, 0xbbbb00bb, 0x43430043, 0x15150015, 0xadad00ad, 
+    0x77770077, 0x80800080, 0x82820082, 0xecec00ec, 0x27270027, 0xe5e500e5, 
+    0x85850085, 0x35350035, 0x0c0c000c, 0x41410041, 0xefef00ef, 0x93930093, 
+    0x19190019, 0x21210021, 0x0e0e000e, 0x4e4e004e, 0x65650065, 0xbdbd00bd, 
+    0xb8b800b8, 0x8f8f008f, 0xebeb00eb, 0xcece00ce, 0x30300030, 0x5f5f005f, 
+    0xc5c500c5, 0x1a1a001a, 0xe1e100e1, 0xcaca00ca, 0x47470047, 0x3d3d003d, 
+    0x01010001, 0xd6d600d6, 0x56560056, 0x4d4d004d, 0x0d0d000d, 0x66660066, 
+    0xcccc00cc, 0x2d2d002d, 0x12120012, 0x20200020, 0xb1b100b1, 0x99990099, 
+    0x4c4c004c, 0xc2c200c2, 0x7e7e007e, 0x05050005, 0xb7b700b7, 0x31310031, 
+    0x17170017, 0xd7d700d7, 0x58580058, 0x61610061, 0x1b1b001b, 0x1c1c001c, 
+    0x0f0f000f, 0x16160016, 0x18180018, 0x22220022, 0x44440044, 0xb2b200b2, 
+    0xb5b500b5, 0x91910091, 0x08080008, 0xa8a800a8, 0xfcfc00fc, 0x50500050, 
+    0xd0d000d0, 0x7d7d007d, 0x89890089, 0x97970097, 0x5b5b005b, 0x95950095, 
+    0xffff00ff, 0xd2d200d2, 0xc4c400c4, 0x48480048, 0xf7f700f7, 0xdbdb00db, 
+    0x03030003, 0xdada00da, 0x3f3f003f, 0x94940094, 0x5c5c005c, 0x02020002, 
+    0x4a4a004a, 0x33330033, 0x67670067, 0xf3f300f3, 0x7f7f007f, 0xe2e200e2, 
+    0x9b9b009b, 0x26260026, 0x37370037, 0x3b3b003b, 0x96960096, 0x4b4b004b, 
+    0xbebe00be, 0x2e2e002e, 0x79790079, 0x8c8c008c, 0x6e6e006e, 0x8e8e008e, 
+    0xf5f500f5, 0xb6b600b6, 0xfdfd00fd, 0x59590059, 0x98980098, 0x6a6a006a, 
+    0x46460046, 0xbaba00ba, 0x25250025, 0x42420042, 0xa2a200a2, 0xfafa00fa, 
+    0x07070007, 0x55550055, 0xeeee00ee, 0x0a0a000a, 0x49490049, 0x68680068, 
+    0x38380038, 0xa4a400a4, 0x28280028, 0x7b7b007b, 0xc9c900c9, 0xc1c100c1, 
+    0xe3e300e3, 0xf4f400f4, 0xc7c700c7, 0x9e9e009e },
+{   0x00e0e0e0, 0x00050505, 0x00585858, 0x00d9d9d9, 0x00676767, 0x004e4e4e, 
+    0x00818181, 0x00cbcbcb, 0x00c9c9c9, 0x000b0b0b, 0x00aeaeae, 0x006a6a6a, 
+    0x00d5d5d5, 0x00181818, 0x005d5d5d, 0x00828282, 0x00464646, 0x00dfdfdf, 
+    0x00d6d6d6, 0x00272727, 0x008a8a8a, 0x00323232, 0x004b4b4b, 0x00424242, 
+    0x00dbdbdb, 0x001c1c1c, 0x009e9e9e, 0x009c9c9c, 0x003a3a3a, 0x00cacaca, 
+    0x00252525, 0x007b7b7b, 0x000d0d0d, 0x00717171, 0x005f5f5f, 0x001f1f1f, 
+    0x00f8f8f8, 0x00d7d7d7, 0x003e3e3e, 0x009d9d9d, 0x007c7c7c, 0x00606060, 
+    0x00b9b9b9, 0x00bebebe, 0x00bcbcbc, 0x008b8b8b, 0x00161616, 0x00343434, 
+    0x004d4d4d, 0x00c3c3c3, 0x00727272, 0x00959595, 0x00ababab, 0x008e8e8e, 
+    0x00bababa, 0x007a7a7a, 0x00b3b3b3, 0x00020202, 0x00b4b4b4, 0x00adadad, 
+    0x00a2a2a2, 0x00acacac, 0x00d8d8d8, 0x009a9a9a, 0x00171717, 0x001a1a1a, 
+    0x00353535, 0x00cccccc, 0x00f7f7f7, 0x00999999, 0x00616161, 0x005a5a5a, 
+    0x00e8e8e8, 0x00242424, 0x00565656, 0x00404040, 0x00e1e1e1, 0x00636363, 
+    0x00090909, 0x00333333, 0x00bfbfbf, 0x00989898, 0x00979797, 0x00858585, 
+    0x00686868, 0x00fcfcfc, 0x00ececec, 0x000a0a0a, 0x00dadada, 0x006f6f6f, 
+    0x00535353, 0x00626262, 0x00a3a3a3, 0x002e2e2e, 0x00080808, 0x00afafaf, 
+    0x00282828, 0x00b0b0b0, 0x00747474, 0x00c2c2c2, 0x00bdbdbd, 0x00363636, 
+    0x00222222, 0x00383838, 0x00646464, 0x001e1e1e, 0x00393939, 0x002c2c2c, 
+    0x00a6a6a6, 0x00303030, 0x00e5e5e5, 0x00444444, 0x00fdfdfd, 0x00888888, 
+    0x009f9f9f, 0x00656565, 0x00878787, 0x006b6b6b, 0x00f4f4f4, 0x00232323, 
+    0x00484848, 0x00101010, 0x00d1d1d1, 0x00515151, 0x00c0c0c0, 0x00f9f9f9, 
+    0x00d2d2d2, 0x00a0a0a0, 0x00555555, 0x00a1a1a1, 0x00414141, 0x00fafafa, 
+    0x00434343, 0x00131313, 0x00c4c4c4, 0x002f2f2f, 0x00a8a8a8, 0x00b6b6b6, 
+    0x003c3c3c, 0x002b2b2b, 0x00c1c1c1, 0x00ffffff, 0x00c8c8c8, 0x00a5a5a5, 
+    0x00202020, 0x00898989, 0x00000000, 0x00909090, 0x00474747, 0x00efefef, 
+    0x00eaeaea, 0x00b7b7b7, 0x00151515, 0x00060606, 0x00cdcdcd, 0x00b5b5b5, 
+    0x00121212, 0x007e7e7e, 0x00bbbbbb, 0x00292929, 0x000f0f0f, 0x00b8b8b8, 
+    0x00070707, 0x00040404, 0x009b9b9b, 0x00949494, 0x00212121, 0x00666666, 
+    0x00e6e6e6, 0x00cecece, 0x00ededed, 0x00e7e7e7, 0x003b3b3b, 0x00fefefe, 
+    0x007f7f7f, 0x00c5c5c5, 0x00a4a4a4, 0x00373737, 0x00b1b1b1, 0x004c4c4c, 
+    0x00919191, 0x006e6e6e, 0x008d8d8d, 0x00767676, 0x00030303, 0x002d2d2d, 
+    0x00dedede, 0x00969696, 0x00262626, 0x007d7d7d, 0x00c6c6c6, 0x005c5c5c, 
+    0x00d3d3d3, 0x00f2f2f2, 0x004f4f4f, 0x00191919, 0x003f3f3f, 0x00dcdcdc, 
+    0x00797979, 0x001d1d1d, 0x00525252, 0x00ebebeb, 0x00f3f3f3, 0x006d6d6d, 
+    0x005e5e5e, 0x00fbfbfb, 0x00696969, 0x00b2b2b2, 0x00f0f0f0, 0x00313131, 
+    0x000c0c0c, 0x00d4d4d4, 0x00cfcfcf, 0x008c8c8c, 0x00e2e2e2, 0x00757575, 
+    0x00a9a9a9, 0x004a4a4a, 0x00575757, 0x00848484, 0x00111111, 0x00454545, 
+    0x001b1b1b, 0x00f5f5f5, 0x00e4e4e4, 0x000e0e0e, 0x00737373, 0x00aaaaaa, 
+    0x00f1f1f1, 0x00dddddd, 0x00595959, 0x00141414, 0x006c6c6c, 0x00929292, 
+    0x00545454, 0x00d0d0d0, 0x00787878, 0x00707070, 0x00e3e3e3, 0x00494949, 
+    0x00808080, 0x00505050, 0x00a7a7a7, 0x00f6f6f6, 0x00777777, 0x00939393, 
+    0x00868686, 0x00838383, 0x002a2a2a, 0x00c7c7c7, 0x005b5b5b, 0x00e9e9e9, 
+    0x00eeeeee, 0x008f8f8f, 0x00010101, 0x003d3d3d },
+{   0x38003838, 0x41004141, 0x16001616, 0x76007676, 0xd900d9d9, 0x93009393, 
+    0x60006060, 0xf200f2f2, 0x72007272, 0xc200c2c2, 0xab00abab, 0x9a009a9a, 
+    0x75007575, 0x06000606, 0x57005757, 0xa000a0a0, 0x91009191, 0xf700f7f7, 
+    0xb500b5b5, 0xc900c9c9, 0xa200a2a2, 0x8c008c8c, 0xd200d2d2, 0x90009090, 
+    0xf600f6f6, 0x07000707, 0xa700a7a7, 0x27002727, 0x8e008e8e, 0xb200b2b2, 
+    0x49004949, 0xde00dede, 0x43004343, 0x5c005c5c, 0xd700d7d7, 0xc700c7c7, 
+    0x3e003e3e, 0xf500f5f5, 0x8f008f8f, 0x67006767, 0x1f001f1f, 0x18001818, 
+    0x6e006e6e, 0xaf00afaf, 0x2f002f2f, 0xe200e2e2, 0x85008585, 0x0d000d0d, 
+    0x53005353, 0xf000f0f0, 0x9c009c9c, 0x65006565, 0xea00eaea, 0xa300a3a3, 
+    0xae00aeae, 0x9e009e9e, 0xec00ecec, 0x80008080, 0x2d002d2d, 0x6b006b6b, 
+    0xa800a8a8, 0x2b002b2b, 0x36003636, 0xa600a6a6, 0xc500c5c5, 0x86008686, 
+    0x4d004d4d, 0x33003333, 0xfd00fdfd, 0x66006666, 0x58005858, 0x96009696, 
+    0x3a003a3a, 0x09000909, 0x95009595, 0x10001010, 0x78007878, 0xd800d8d8, 
+    0x42004242, 0xcc00cccc, 0xef00efef, 0x26002626, 0xe500e5e5, 0x61006161, 
+    0x1a001a1a, 0x3f003f3f, 0x3b003b3b, 0x82008282, 0xb600b6b6, 0xdb00dbdb, 
+    0xd400d4d4, 0x98009898, 0xe800e8e8, 0x8b008b8b, 0x02000202, 0xeb00ebeb, 
+    0x0a000a0a, 0x2c002c2c, 0x1d001d1d, 0xb000b0b0, 0x6f006f6f, 0x8d008d8d, 
+    0x88008888, 0x0e000e0e, 0x19001919, 0x87008787, 0x4e004e4e, 0x0b000b0b, 
+    0xa900a9a9, 0x0c000c0c, 0x79007979, 0x11001111, 0x7f007f7f, 0x22002222, 
+    0xe700e7e7, 0x59005959, 0xe100e1e1, 0xda00dada, 0x3d003d3d, 0xc800c8c8, 
+    0x12001212, 0x04000404, 0x74007474, 0x54005454, 0x30003030, 0x7e007e7e, 
+    0xb400b4b4, 0x28002828, 0x55005555, 0x68006868, 0x50005050, 0xbe00bebe, 
+    0xd000d0d0, 0xc400c4c4, 0x31003131, 0xcb00cbcb, 0x2a002a2a, 0xad00adad, 
+    0x0f000f0f, 0xca00caca, 0x70007070, 0xff00ffff, 0x32003232, 0x69006969, 
+    0x08000808, 0x62006262, 0x00000000, 0x24002424, 0xd100d1d1, 0xfb00fbfb, 
+    0xba00baba, 0xed00eded, 0x45004545, 0x81008181, 0x73007373, 0x6d006d6d, 
+    0x84008484, 0x9f009f9f, 0xee00eeee, 0x4a004a4a, 0xc300c3c3, 0x2e002e2e, 
+    0xc100c1c1, 0x01000101, 0xe600e6e6, 0x25002525, 0x48004848, 0x99009999, 
+    0xb900b9b9, 0xb300b3b3, 0x7b007b7b, 0xf900f9f9, 0xce00cece, 0xbf00bfbf, 
+    0xdf00dfdf, 0x71007171, 0x29002929, 0xcd00cdcd, 0x6c006c6c, 0x13001313, 
+    0x64006464, 0x9b009b9b, 0x63006363, 0x9d009d9d, 0xc000c0c0, 0x4b004b4b, 
+    0xb700b7b7, 0xa500a5a5, 0x89008989, 0x5f005f5f, 0xb100b1b1, 0x17001717, 
+    0xf400f4f4, 0xbc00bcbc, 0xd300d3d3, 0x46004646, 0xcf00cfcf, 0x37003737, 
+    0x5e005e5e, 0x47004747, 0x94009494, 0xfa00fafa, 0xfc00fcfc, 0x5b005b5b, 
+    0x97009797, 0xfe00fefe, 0x5a005a5a, 0xac00acac, 0x3c003c3c, 0x4c004c4c, 
+    0x03000303, 0x35003535, 0xf300f3f3, 0x23002323, 0xb800b8b8, 0x5d005d5d, 
+    0x6a006a6a, 0x92009292, 0xd500d5d5, 0x21002121, 0x44004444, 0x51005151, 
+    0xc600c6c6, 0x7d007d7d, 0x39003939, 0x83008383, 0xdc00dcdc, 0xaa00aaaa, 
+    0x7c007c7c, 0x77007777, 0x56005656, 0x05000505, 0x1b001b1b, 0xa400a4a4, 
+    0x15001515, 0x34003434, 0x1e001e1e, 0x1c001c1c, 0xf800f8f8, 0x52005252, 
+    0x20002020, 0x14001414, 0xe900e9e9, 0xbd00bdbd, 0xdd00dddd, 0xe400e4e4, 
+    0xa100a1a1, 0xe000e0e0, 0x8a008a8a, 0xf100f1f1, 0xd600d6d6, 0x7a007a7a, 
+    0xbb00bbbb, 0xe300e3e3, 0x40004040, 0x4f004f4f }
+};
+
+/* Key generation constants */
+static const u32 SIGMA[] = {
+    0xa09e667f, 0x3bcc908b, 0xb67ae858, 0x4caa73b2, 0xc6ef372f, 0xe94f82be,
+    0x54ff53a5, 0xf1d36f1c, 0x10e527fa, 0xde682d1d, 0xb05688c2, 0xb3e6c1fd
+};
+
+/* The phi algorithm given in C.2.7 of the Camellia spec document. */
 /*
- *  macros
+ * This version does not attempt to minimize amount of temporary
+ * variables, but instead explicitly exposes algorithm's parallelism.
+ * It is therefore most appropriate for platforms with not less than
+ * ~16 registers. For platforms with less registers [well, x86 to be
+ * specific] assembler version should be/is provided anyway...
  */
-
-/* e is pointer of subkey */
-#define CamelliaSubkeyL(INDEX) (subkey[(INDEX)*2])
-#define CamelliaSubkeyR(INDEX) (subkey[(INDEX)*2 + 1])
-
-/* rotation right shift 1byte */
-#define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24))
-/* rotation left shift 1bit */
-#define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31))
-/* rotation left shift 1byte */
-#define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24))
-
-#define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits)    \
-do                                                      \
-        {                                               \
-        w0 = ll;                                        \
-        ll = (ll << bits) + (lr >> (32 - bits));        \
-        lr = (lr << bits) + (rl >> (32 - bits));        \
-        rl = (rl << bits) + (rr >> (32 - bits));        \
-        rr = (rr << bits) + (w0 >> (32 - bits));        \
-        } while(0)
-
-#define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \
-do                                                      \
-        {                                               \
-        w0 = ll;                                        \
-        w1 = lr;                                        \
-        ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \
-        lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \
-        rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \
-        rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \
-        } while(0)
-
-#define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)])
-#define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)])
-#define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)])
-#define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)])
-
-#define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1)              \
-do                                                                      \
-        {                                                               \
-        il = xl ^ kl;                                                   \
-        ir = xr ^ kr;                                                   \
-        t0 = il >> 16;                                                  \
-        t1 = ir >> 16;                                                  \
-        yl = CAMELLIA_SP1110(ir & 0xff)                                 \
-                ^ CAMELLIA_SP0222((t1 >> 8) & 0xff)                     \
-                ^ CAMELLIA_SP3033(t1 & 0xff)                            \
-                ^ CAMELLIA_SP4404((ir >> 8) & 0xff);                    \
-        yr = CAMELLIA_SP1110((t0 >> 8) & 0xff)                          \
-                ^ CAMELLIA_SP0222(t0 & 0xff)                            \
-                ^ CAMELLIA_SP3033((il >> 8) & 0xff)                     \
-                ^ CAMELLIA_SP4404(il & 0xff);                           \
-        yl ^= yr;                                                       \
-        yr = CAMELLIA_RR8(yr);                                          \
-        yr ^= yl;                                                       \
-        } while(0)
-
+#define Camellia_Feistel(_s0,_s1,_s2,_s3,_key) do {\
+        register u32 _t0,_t1,_t2,_t3;\
+\
+        _t0  = _s0 ^ (_key)[0];\
+        _t3  = SBOX4_4404[_t0&0xff];\
+        _t1  = _s1 ^ (_key)[1];\
+        _t3 ^= SBOX3_3033[(_t0 >> 8)&0xff];\
+        _t2  = SBOX1_1110[_t1&0xff];\
+        _t3 ^= SBOX2_0222[(_t0 >> 16)&0xff];\
+        _t2 ^= SBOX4_4404[(_t1 >> 8)&0xff];\
+        _t3 ^= SBOX1_1110[(_t0 >> 24)];\
+        _t2 ^= _t3;\
+        _t3  = RightRotate(_t3,8);\
+        _t2 ^= SBOX3_3033[(_t1 >> 16)&0xff];\
+        _s3 ^= _t3;\
+        _t2 ^= SBOX2_0222[(_t1 >> 24)];\
+        _s2 ^= _t2; \
+        _s3 ^= _t2;\
+} while(0)
 
 /*
- * for speed up
- *
+ * Note that n has to be less than 32. Rotations for larger amount
+ * of bits are achieved by "rotating" order of s-elements and
+ * adjusting n accordingly, e.g. RotLeft128(s1,s2,s3,s0,n-32).
  */
-#define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \
-do                                                                      \
-        {                                                               \
-        t0 = kll;                                                       \
-        t0 &= ll;                                                       \
-        lr ^= CAMELLIA_RL1(t0);                                         \
-        t1 = klr;                                                       \
-        t1 |= lr;                                                       \
-        ll ^= t1;                                                       \
-                                                                        \
-        t2 = krr;                                                       \
-        t2 |= rr;                                                       \
-        rl ^= t2;                                                       \
-        t3 = krl;                                                       \
-        t3 &= rl;                                                       \
-        rr ^= CAMELLIA_RL1(t3);                                         \
-        } while(0)
-
-#define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1)        \
-do                                                                      \
-        {                                                               \
-        il = xl;                                                        \
-        ir = xr;                                                        \
-        t0 = il >> 16;                                                  \
-        t1 = ir >> 16;                                                  \
-        ir = CAMELLIA_SP1110(ir & 0xff)                                 \
-                ^ CAMELLIA_SP0222((t1 >> 8) & 0xff)                     \
-                ^ CAMELLIA_SP3033(t1 & 0xff)                            \
-                ^ CAMELLIA_SP4404((ir >> 8) & 0xff);                    \
-        il = CAMELLIA_SP1110((t0 >> 8) & 0xff)                          \
-                ^ CAMELLIA_SP0222(t0 & 0xff)                            \
-                ^ CAMELLIA_SP3033((il >> 8) & 0xff)                     \
-                ^ CAMELLIA_SP4404(il & 0xff);                           \
-        il ^= kl;                                                       \
-        ir ^= kr;                                                       \
-        ir ^= il;                                                       \
-        il = CAMELLIA_RR8(il);                                          \
-        il ^= ir;                                                       \
-        yl ^= ir;                                                       \
-        yr ^= il;                                                       \
-        } while(0)
-
-static const u32 camellia_sp1110[256] =
-        {
-        0x70707000,0x82828200,0x2c2c2c00,0xececec00,
-        0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500,
-        0xe4e4e400,0x85858500,0x57575700,0x35353500,
-        0xeaeaea00,0x0c0c0c00,0xaeaeae00,0x41414100,
-        0x23232300,0xefefef00,0x6b6b6b00,0x93939300,
-        0x45454500,0x19191900,0xa5a5a500,0x21212100,
-        0xededed00,0x0e0e0e00,0x4f4f4f00,0x4e4e4e00,
-        0x1d1d1d00,0x65656500,0x92929200,0xbdbdbd00,
-        0x86868600,0xb8b8b800,0xafafaf00,0x8f8f8f00,
-        0x7c7c7c00,0xebebeb00,0x1f1f1f00,0xcecece00,
-        0x3e3e3e00,0x30303000,0xdcdcdc00,0x5f5f5f00,
-        0x5e5e5e00,0xc5c5c500,0x0b0b0b00,0x1a1a1a00,
-        0xa6a6a600,0xe1e1e100,0x39393900,0xcacaca00,
-        0xd5d5d500,0x47474700,0x5d5d5d00,0x3d3d3d00,
-        0xd9d9d900,0x01010100,0x5a5a5a00,0xd6d6d600,
-        0x51515100,0x56565600,0x6c6c6c00,0x4d4d4d00,
-        0x8b8b8b00,0x0d0d0d00,0x9a9a9a00,0x66666600,
-        0xfbfbfb00,0xcccccc00,0xb0b0b000,0x2d2d2d00,
-        0x74747400,0x12121200,0x2b2b2b00,0x20202000,
-        0xf0f0f000,0xb1b1b100,0x84848400,0x99999900,
-        0xdfdfdf00,0x4c4c4c00,0xcbcbcb00,0xc2c2c200,
-        0x34343400,0x7e7e7e00,0x76767600,0x05050500,
-        0x6d6d6d00,0xb7b7b700,0xa9a9a900,0x31313100,
-        0xd1d1d100,0x17171700,0x04040400,0xd7d7d700,
-        0x14141400,0x58585800,0x3a3a3a00,0x61616100,
-        0xdedede00,0x1b1b1b00,0x11111100,0x1c1c1c00,
-        0x32323200,0x0f0f0f00,0x9c9c9c00,0x16161600,
-        0x53535300,0x18181800,0xf2f2f200,0x22222200,
-        0xfefefe00,0x44444400,0xcfcfcf00,0xb2b2b200,
-        0xc3c3c300,0xb5b5b500,0x7a7a7a00,0x91919100,
-        0x24242400,0x08080800,0xe8e8e800,0xa8a8a800,
-        0x60606000,0xfcfcfc00,0x69696900,0x50505000,
-        0xaaaaaa00,0xd0d0d000,0xa0a0a000,0x7d7d7d00,
-        0xa1a1a100,0x89898900,0x62626200,0x97979700,
-        0x54545400,0x5b5b5b00,0x1e1e1e00,0x95959500,
-        0xe0e0e000,0xffffff00,0x64646400,0xd2d2d200,
-        0x10101000,0xc4c4c400,0x00000000,0x48484800,
-        0xa3a3a300,0xf7f7f700,0x75757500,0xdbdbdb00,
-        0x8a8a8a00,0x03030300,0xe6e6e600,0xdadada00,
-        0x09090900,0x3f3f3f00,0xdddddd00,0x94949400,
-        0x87878700,0x5c5c5c00,0x83838300,0x02020200,
-        0xcdcdcd00,0x4a4a4a00,0x90909000,0x33333300,
-        0x73737300,0x67676700,0xf6f6f600,0xf3f3f300,
-        0x9d9d9d00,0x7f7f7f00,0xbfbfbf00,0xe2e2e200,
-        0x52525200,0x9b9b9b00,0xd8d8d800,0x26262600,
-        0xc8c8c800,0x37373700,0xc6c6c600,0x3b3b3b00,
-        0x81818100,0x96969600,0x6f6f6f00,0x4b4b4b00,
-        0x13131300,0xbebebe00,0x63636300,0x2e2e2e00,
-        0xe9e9e900,0x79797900,0xa7a7a700,0x8c8c8c00,
-        0x9f9f9f00,0x6e6e6e00,0xbcbcbc00,0x8e8e8e00,
-        0x29292900,0xf5f5f500,0xf9f9f900,0xb6b6b600,
-        0x2f2f2f00,0xfdfdfd00,0xb4b4b400,0x59595900,
-        0x78787800,0x98989800,0x06060600,0x6a6a6a00,
-        0xe7e7e700,0x46464600,0x71717100,0xbababa00,
-        0xd4d4d400,0x25252500,0xababab00,0x42424200,
-        0x88888800,0xa2a2a200,0x8d8d8d00,0xfafafa00,
-        0x72727200,0x07070700,0xb9b9b900,0x55555500,
-        0xf8f8f800,0xeeeeee00,0xacacac00,0x0a0a0a00,
-        0x36363600,0x49494900,0x2a2a2a00,0x68686800,
-        0x3c3c3c00,0x38383800,0xf1f1f100,0xa4a4a400,
-        0x40404000,0x28282800,0xd3d3d300,0x7b7b7b00,
-        0xbbbbbb00,0xc9c9c900,0x43434300,0xc1c1c100,
-        0x15151500,0xe3e3e300,0xadadad00,0xf4f4f400,
-        0x77777700,0xc7c7c700,0x80808000,0x9e9e9e00,
-        };
-
-static const u32 camellia_sp0222[256] =
+#define RotLeft128(_s0,_s1,_s2,_s3,_n) do {\
+        u32 _t0=_s0>>(32-_n);\
+        _s0 = (_s0<<_n) | (_s1>>(32-_n));\
+        _s1 = (_s1<<_n) | (_s2>>(32-_n));\
+        _s2 = (_s2<<_n) | (_s3>>(32-_n));\
+        _s3 = (_s3<<_n) | _t0;\
+} while (0)
+
+int Camellia_Ekeygen(int keyBitLength, const u8 *rawKey, KEY_TABLE_TYPE k)
         {
-        0x00e0e0e0,0x00050505,0x00585858,0x00d9d9d9,
-        0x00676767,0x004e4e4e,0x00818181,0x00cbcbcb,
-        0x00c9c9c9,0x000b0b0b,0x00aeaeae,0x006a6a6a,
-        0x00d5d5d5,0x00181818,0x005d5d5d,0x00828282,
-        0x00464646,0x00dfdfdf,0x00d6d6d6,0x00272727,
-        0x008a8a8a,0x00323232,0x004b4b4b,0x00424242,
-        0x00dbdbdb,0x001c1c1c,0x009e9e9e,0x009c9c9c,
-        0x003a3a3a,0x00cacaca,0x00252525,0x007b7b7b,
-        0x000d0d0d,0x00717171,0x005f5f5f,0x001f1f1f,
-        0x00f8f8f8,0x00d7d7d7,0x003e3e3e,0x009d9d9d,
-        0x007c7c7c,0x00606060,0x00b9b9b9,0x00bebebe,
-        0x00bcbcbc,0x008b8b8b,0x00161616,0x00343434,
-        0x004d4d4d,0x00c3c3c3,0x00727272,0x00959595,
-        0x00ababab,0x008e8e8e,0x00bababa,0x007a7a7a,
-        0x00b3b3b3,0x00020202,0x00b4b4b4,0x00adadad,
-        0x00a2a2a2,0x00acacac,0x00d8d8d8,0x009a9a9a,
-        0x00171717,0x001a1a1a,0x00353535,0x00cccccc,
-        0x00f7f7f7,0x00999999,0x00616161,0x005a5a5a,
-        0x00e8e8e8,0x00242424,0x00565656,0x00404040,
-        0x00e1e1e1,0x00636363,0x00090909,0x00333333,
-        0x00bfbfbf,0x00989898,0x00979797,0x00858585,
-        0x00686868,0x00fcfcfc,0x00ececec,0x000a0a0a,
-        0x00dadada,0x006f6f6f,0x00535353,0x00626262,
-        0x00a3a3a3,0x002e2e2e,0x00080808,0x00afafaf,
-        0x00282828,0x00b0b0b0,0x00747474,0x00c2c2c2,
-        0x00bdbdbd,0x00363636,0x00222222,0x00383838,
-        0x00646464,0x001e1e1e,0x00393939,0x002c2c2c,
-        0x00a6a6a6,0x00303030,0x00e5e5e5,0x00444444,
-        0x00fdfdfd,0x00888888,0x009f9f9f,0x00656565,
-        0x00878787,0x006b6b6b,0x00f4f4f4,0x00232323,
-        0x00484848,0x00101010,0x00d1d1d1,0x00515151,
-        0x00c0c0c0,0x00f9f9f9,0x00d2d2d2,0x00a0a0a0,
-        0x00555555,0x00a1a1a1,0x00414141,0x00fafafa,
-        0x00434343,0x00131313,0x00c4c4c4,0x002f2f2f,
-        0x00a8a8a8,0x00b6b6b6,0x003c3c3c,0x002b2b2b,
-        0x00c1c1c1,0x00ffffff,0x00c8c8c8,0x00a5a5a5,
-        0x00202020,0x00898989,0x00000000,0x00909090,
-        0x00474747,0x00efefef,0x00eaeaea,0x00b7b7b7,
-        0x00151515,0x00060606,0x00cdcdcd,0x00b5b5b5,
-        0x00121212,0x007e7e7e,0x00bbbbbb,0x00292929,
-        0x000f0f0f,0x00b8b8b8,0x00070707,0x00040404,
-        0x009b9b9b,0x00949494,0x00212121,0x00666666,
-        0x00e6e6e6,0x00cecece,0x00ededed,0x00e7e7e7,
-        0x003b3b3b,0x00fefefe,0x007f7f7f,0x00c5c5c5,
-        0x00a4a4a4,0x00373737,0x00b1b1b1,0x004c4c4c,
-        0x00919191,0x006e6e6e,0x008d8d8d,0x00767676,
-        0x00030303,0x002d2d2d,0x00dedede,0x00969696,
-        0x00262626,0x007d7d7d,0x00c6c6c6,0x005c5c5c,
-        0x00d3d3d3,0x00f2f2f2,0x004f4f4f,0x00191919,
-        0x003f3f3f,0x00dcdcdc,0x00797979,0x001d1d1d,
-        0x00525252,0x00ebebeb,0x00f3f3f3,0x006d6d6d,
-        0x005e5e5e,0x00fbfbfb,0x00696969,0x00b2b2b2,
-        0x00f0f0f0,0x00313131,0x000c0c0c,0x00d4d4d4,
-        0x00cfcfcf,0x008c8c8c,0x00e2e2e2,0x00757575,
-        0x00a9a9a9,0x004a4a4a,0x00575757,0x00848484,
-        0x00111111,0x00454545,0x001b1b1b,0x00f5f5f5,
-        0x00e4e4e4,0x000e0e0e,0x00737373,0x00aaaaaa,
-        0x00f1f1f1,0x00dddddd,0x00595959,0x00141414,
-        0x006c6c6c,0x00929292,0x00545454,0x00d0d0d0,
-        0x00787878,0x00707070,0x00e3e3e3,0x00494949,
-        0x00808080,0x00505050,0x00a7a7a7,0x00f6f6f6,
-        0x00777777,0x00939393,0x00868686,0x00838383,
-        0x002a2a2a,0x00c7c7c7,0x005b5b5b,0x00e9e9e9,
-        0x00eeeeee,0x008f8f8f,0x00010101,0x003d3d3d,
-        };
-
-static const u32 camellia_sp3033[256] =
-        {
-        0x38003838,0x41004141,0x16001616,0x76007676,
-        0xd900d9d9,0x93009393,0x60006060,0xf200f2f2,
-        0x72007272,0xc200c2c2,0xab00abab,0x9a009a9a,
-        0x75007575,0x06000606,0x57005757,0xa000a0a0,
-        0x91009191,0xf700f7f7,0xb500b5b5,0xc900c9c9,
-        0xa200a2a2,0x8c008c8c,0xd200d2d2,0x90009090,
-        0xf600f6f6,0x07000707,0xa700a7a7,0x27002727,
-        0x8e008e8e,0xb200b2b2,0x49004949,0xde00dede,
-        0x43004343,0x5c005c5c,0xd700d7d7,0xc700c7c7,
-        0x3e003e3e,0xf500f5f5,0x8f008f8f,0x67006767,
-        0x1f001f1f,0x18001818,0x6e006e6e,0xaf00afaf,
-        0x2f002f2f,0xe200e2e2,0x85008585,0x0d000d0d,
-        0x53005353,0xf000f0f0,0x9c009c9c,0x65006565,
-        0xea00eaea,0xa300a3a3,0xae00aeae,0x9e009e9e,
-        0xec00ecec,0x80008080,0x2d002d2d,0x6b006b6b,
-        0xa800a8a8,0x2b002b2b,0x36003636,0xa600a6a6,
-        0xc500c5c5,0x86008686,0x4d004d4d,0x33003333,
-        0xfd00fdfd,0x66006666,0x58005858,0x96009696,
-        0x3a003a3a,0x09000909,0x95009595,0x10001010,
-        0x78007878,0xd800d8d8,0x42004242,0xcc00cccc,
-        0xef00efef,0x26002626,0xe500e5e5,0x61006161,
-        0x1a001a1a,0x3f003f3f,0x3b003b3b,0x82008282,
-        0xb600b6b6,0xdb00dbdb,0xd400d4d4,0x98009898,
-        0xe800e8e8,0x8b008b8b,0x02000202,0xeb00ebeb,
-        0x0a000a0a,0x2c002c2c,0x1d001d1d,0xb000b0b0,
-        0x6f006f6f,0x8d008d8d,0x88008888,0x0e000e0e,
-        0x19001919,0x87008787,0x4e004e4e,0x0b000b0b,
-        0xa900a9a9,0x0c000c0c,0x79007979,0x11001111,
-        0x7f007f7f,0x22002222,0xe700e7e7,0x59005959,
-        0xe100e1e1,0xda00dada,0x3d003d3d,0xc800c8c8,
-        0x12001212,0x04000404,0x74007474,0x54005454,
-        0x30003030,0x7e007e7e,0xb400b4b4,0x28002828,
-        0x55005555,0x68006868,0x50005050,0xbe00bebe,
-        0xd000d0d0,0xc400c4c4,0x31003131,0xcb00cbcb,
-        0x2a002a2a,0xad00adad,0x0f000f0f,0xca00caca,
-        0x70007070,0xff00ffff,0x32003232,0x69006969,
-        0x08000808,0x62006262,0x00000000,0x24002424,
-        0xd100d1d1,0xfb00fbfb,0xba00baba,0xed00eded,
-        0x45004545,0x81008181,0x73007373,0x6d006d6d,
-        0x84008484,0x9f009f9f,0xee00eeee,0x4a004a4a,
-        0xc300c3c3,0x2e002e2e,0xc100c1c1,0x01000101,
-        0xe600e6e6,0x25002525,0x48004848,0x99009999,
-        0xb900b9b9,0xb300b3b3,0x7b007b7b,0xf900f9f9,
-        0xce00cece,0xbf00bfbf,0xdf00dfdf,0x71007171,
-        0x29002929,0xcd00cdcd,0x6c006c6c,0x13001313,
-        0x64006464,0x9b009b9b,0x63006363,0x9d009d9d,
-        0xc000c0c0,0x4b004b4b,0xb700b7b7,0xa500a5a5,
-        0x89008989,0x5f005f5f,0xb100b1b1,0x17001717,
-        0xf400f4f4,0xbc00bcbc,0xd300d3d3,0x46004646,
-        0xcf00cfcf,0x37003737,0x5e005e5e,0x47004747,
-        0x94009494,0xfa00fafa,0xfc00fcfc,0x5b005b5b,
-        0x97009797,0xfe00fefe,0x5a005a5a,0xac00acac,
-        0x3c003c3c,0x4c004c4c,0x03000303,0x35003535,
-        0xf300f3f3,0x23002323,0xb800b8b8,0x5d005d5d,
-        0x6a006a6a,0x92009292,0xd500d5d5,0x21002121,
-        0x44004444,0x51005151,0xc600c6c6,0x7d007d7d,
-        0x39003939,0x83008383,0xdc00dcdc,0xaa00aaaa,
-        0x7c007c7c,0x77007777,0x56005656,0x05000505,
-        0x1b001b1b,0xa400a4a4,0x15001515,0x34003434,
-        0x1e001e1e,0x1c001c1c,0xf800f8f8,0x52005252,
-        0x20002020,0x14001414,0xe900e9e9,0xbd00bdbd,
-        0xdd00dddd,0xe400e4e4,0xa100a1a1,0xe000e0e0,
-        0x8a008a8a,0xf100f1f1,0xd600d6d6,0x7a007a7a,
-        0xbb00bbbb,0xe300e3e3,0x40004040,0x4f004f4f,
-        };
-
-static const u32 camellia_sp4404[256] =
-        {
-        0x70700070,0x2c2c002c,0xb3b300b3,0xc0c000c0,
-        0xe4e400e4,0x57570057,0xeaea00ea,0xaeae00ae,
-        0x23230023,0x6b6b006b,0x45450045,0xa5a500a5,
-        0xeded00ed,0x4f4f004f,0x1d1d001d,0x92920092,
-        0x86860086,0xafaf00af,0x7c7c007c,0x1f1f001f,
-        0x3e3e003e,0xdcdc00dc,0x5e5e005e,0x0b0b000b,
-        0xa6a600a6,0x39390039,0xd5d500d5,0x5d5d005d,
-        0xd9d900d9,0x5a5a005a,0x51510051,0x6c6c006c,
-        0x8b8b008b,0x9a9a009a,0xfbfb00fb,0xb0b000b0,
-        0x74740074,0x2b2b002b,0xf0f000f0,0x84840084,
-        0xdfdf00df,0xcbcb00cb,0x34340034,0x76760076,
-        0x6d6d006d,0xa9a900a9,0xd1d100d1,0x04040004,
-        0x14140014,0x3a3a003a,0xdede00de,0x11110011,
-        0x32320032,0x9c9c009c,0x53530053,0xf2f200f2,
-        0xfefe00fe,0xcfcf00cf,0xc3c300c3,0x7a7a007a,
-        0x24240024,0xe8e800e8,0x60600060,0x69690069,
-        0xaaaa00aa,0xa0a000a0,0xa1a100a1,0x62620062,
-        0x54540054,0x1e1e001e,0xe0e000e0,0x64640064,
-        0x10100010,0x00000000,0xa3a300a3,0x75750075,
-        0x8a8a008a,0xe6e600e6,0x09090009,0xdddd00dd,
-        0x87870087,0x83830083,0xcdcd00cd,0x90900090,
-        0x73730073,0xf6f600f6,0x9d9d009d,0xbfbf00bf,
-        0x52520052,0xd8d800d8,0xc8c800c8,0xc6c600c6,
-        0x81810081,0x6f6f006f,0x13130013,0x63630063,
-        0xe9e900e9,0xa7a700a7,0x9f9f009f,0xbcbc00bc,
-        0x29290029,0xf9f900f9,0x2f2f002f,0xb4b400b4,
-        0x78780078,0x06060006,0xe7e700e7,0x71710071,
-        0xd4d400d4,0xabab00ab,0x88880088,0x8d8d008d,
-        0x72720072,0xb9b900b9,0xf8f800f8,0xacac00ac,
-        0x36360036,0x2a2a002a,0x3c3c003c,0xf1f100f1,
-        0x40400040,0xd3d300d3,0xbbbb00bb,0x43430043,
-        0x15150015,0xadad00ad,0x77770077,0x80800080,
-        0x82820082,0xecec00ec,0x27270027,0xe5e500e5,
-        0x85850085,0x35350035,0x0c0c000c,0x41410041,
-        0xefef00ef,0x93930093,0x19190019,0x21210021,
-        0x0e0e000e,0x4e4e004e,0x65650065,0xbdbd00bd,
-        0xb8b800b8,0x8f8f008f,0xebeb00eb,0xcece00ce,
-        0x30300030,0x5f5f005f,0xc5c500c5,0x1a1a001a,
-        0xe1e100e1,0xcaca00ca,0x47470047,0x3d3d003d,
-        0x01010001,0xd6d600d6,0x56560056,0x4d4d004d,
-        0x0d0d000d,0x66660066,0xcccc00cc,0x2d2d002d,
-        0x12120012,0x20200020,0xb1b100b1,0x99990099,
-        0x4c4c004c,0xc2c200c2,0x7e7e007e,0x05050005,
-        0xb7b700b7,0x31310031,0x17170017,0xd7d700d7,
-        0x58580058,0x61610061,0x1b1b001b,0x1c1c001c,
-        0x0f0f000f,0x16160016,0x18180018,0x22220022,
-        0x44440044,0xb2b200b2,0xb5b500b5,0x91910091,
-        0x08080008,0xa8a800a8,0xfcfc00fc,0x50500050,
-        0xd0d000d0,0x7d7d007d,0x89890089,0x97970097,
-        0x5b5b005b,0x95950095,0xffff00ff,0xd2d200d2,
-        0xc4c400c4,0x48480048,0xf7f700f7,0xdbdb00db,
-        0x03030003,0xdada00da,0x3f3f003f,0x94940094,
-        0x5c5c005c,0x02020002,0x4a4a004a,0x33330033,
-        0x67670067,0xf3f300f3,0x7f7f007f,0xe2e200e2,
-        0x9b9b009b,0x26260026,0x37370037,0x3b3b003b,
-        0x96960096,0x4b4b004b,0xbebe00be,0x2e2e002e,
-        0x79790079,0x8c8c008c,0x6e6e006e,0x8e8e008e,
-        0xf5f500f5,0xb6b600b6,0xfdfd00fd,0x59590059,
-        0x98980098,0x6a6a006a,0x46460046,0xbaba00ba,
-        0x25250025,0x42420042,0xa2a200a2,0xfafa00fa,
-        0x07070007,0x55550055,0xeeee00ee,0x0a0a000a,
-        0x49490049,0x68680068,0x38380038,0xa4a400a4,
-        0x28280028,0x7b7b007b,0xc9c900c9,0xc1c100c1,
-        0xe3e300e3,0xf4f400f4,0xc7c700c7,0x9e9e009e,
-        };
-
-/**
- * Stuff related to the Camellia key schedule
- */
-#define subl(x) subL[(x)]
-#define subr(x) subR[(x)]
-
-void camellia_setup128(const u8 *key, u32 *subkey)
-        {
-        u32 kll, klr, krl, krr;
-        u32 il, ir, t0, t1, w0, w1;
-        u32 kw4l, kw4r, dw, tl, tr;
-        u32 subL[26];
-        u32 subR[26];
-
-        /**
-         *  k == kll || klr || krl || krr (|| is concatination)
-         */
-        kll = GETU32(key     );
-        klr = GETU32(key +  4);
-        krl = GETU32(key +  8);
-        krr = GETU32(key + 12);
-        /**
-         * generate KL dependent subkeys
-         */
-        /* kw1 */
-        subl(0) = kll; subr(0) = klr;
-        /* kw2 */
-        subl(1) = krl; subr(1) = krr;
-        /* rotation left shift 15bit */
-        CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
-        /* k3 */
-        subl(4) = kll; subr(4) = klr;
-        /* k4 */
-        subl(5) = krl; subr(5) = krr;
-        /* rotation left shift 15+30bit */
-        CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
-        /* k7 */
-        subl(10) = kll; subr(10) = klr;
-        /* k8 */
-        subl(11) = krl; subr(11) = krr;
-        /* rotation left shift 15+30+15bit */
-        CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
-        /* k10 */
-        subl(13) = krl; subr(13) = krr;
-        /* rotation left shift 15+30+15+17 bit */
-        CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
-        /* kl3 */
-        subl(16) = kll; subr(16) = klr;
-        /* kl4 */
-        subl(17) = krl; subr(17) = krr;
-        /* rotation left shift 15+30+15+17+17 bit */
-        CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
-        /* k13 */
-        subl(18) = kll; subr(18) = klr;
-        /* k14 */
-        subl(19) = krl; subr(19) = krr;
-        /* rotation left shift 15+30+15+17+17+17 bit */
-        CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
-        /* k17 */
-        subl(22) = kll; subr(22) = klr;
-        /* k18 */
-        subl(23) = krl; subr(23) = krr;
-
-        /* generate KA */
-        kll = subl(0); klr = subr(0);
-        krl = subl(1); krr = subr(1);
-        CAMELLIA_F(kll, klr,
-                CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
-                w0, w1, il, ir, t0, t1);
-        krl ^= w0; krr ^= w1;
-        CAMELLIA_F(krl, krr,
-                CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
-                kll, klr, il, ir, t0, t1);
-        /* current status == (kll, klr, w0, w1) */
-        CAMELLIA_F(kll, klr,
-                CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
-                krl, krr, il, ir, t0, t1);
-        krl ^= w0; krr ^= w1;
-        CAMELLIA_F(krl, krr,
-                CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
-                w0, w1, il, ir, t0, t1);
-        kll ^= w0; klr ^= w1;
-
-        /* generate KA dependent subkeys */
-        /* k1, k2 */
-        subl(2) = kll; subr(2) = klr;
-        subl(3) = krl; subr(3) = krr;
-        CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
-        /* k5,k6 */
-        subl(6) = kll; subr(6) = klr;
-        subl(7) = krl; subr(7) = krr;
-        CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
-        /* kl1, kl2 */
-        subl(8) = kll; subr(8) = klr;
-        subl(9) = krl; subr(9) = krr;
-        CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
-        /* k9 */
-        subl(12) = kll; subr(12) = klr;
-        CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
-        /* k11, k12 */
-        subl(14) = kll; subr(14) = klr;
-        subl(15) = krl; subr(15) = krr;
-        CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
-        /* k15, k16 */
-        subl(20) = kll; subr(20) = klr;
-        subl(21) = krl; subr(21) = krr;
-        CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
-        /* kw3, kw4 */
-        subl(24) = kll; subr(24) = klr;
-        subl(25) = krl; subr(25) = krr;
-
-
-        /* absorb kw2 to other subkeys */
-/* round 2 */
-        subl(3) ^= subl(1); subr(3) ^= subr(1);
-/* round 4 */
-        subl(5) ^= subl(1); subr(5) ^= subr(1);
-/* round 6 */
-        subl(7) ^= subl(1); subr(7) ^= subr(1);
-        subl(1) ^= subr(1) & ~subr(9);
-        dw = subl(1) & subl(9),
-                subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl2) */
-/* round 8 */
-        subl(11) ^= subl(1); subr(11) ^= subr(1);
-/* round 10 */
-        subl(13) ^= subl(1); subr(13) ^= subr(1);
-/* round 12 */
-        subl(15) ^= subl(1); subr(15) ^= subr(1);
-        subl(1) ^= subr(1) & ~subr(17);
-        dw = subl(1) & subl(17),
-                subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl4) */
-/* round 14 */
-        subl(19) ^= subl(1); subr(19) ^= subr(1);
-/* round 16 */
-        subl(21) ^= subl(1); subr(21) ^= subr(1);
-/* round 18 */
-        subl(23) ^= subl(1); subr(23) ^= subr(1);
-/* kw3 */
-        subl(24) ^= subl(1); subr(24) ^= subr(1);
-
-        /* absorb kw4 to other subkeys */
-        kw4l = subl(25); kw4r = subr(25);
-/* round 17 */
-        subl(22) ^= kw4l; subr(22) ^= kw4r;
-/* round 15 */
-        subl(20) ^= kw4l; subr(20) ^= kw4r;
-/* round 13 */
-        subl(18) ^= kw4l; subr(18) ^= kw4r;
-        kw4l ^= kw4r & ~subr(16);
-        dw = kw4l & subl(16),
-                kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl3) */
-/* round 11 */
-        subl(14) ^= kw4l; subr(14) ^= kw4r;
-/* round 9 */
-        subl(12) ^= kw4l; subr(12) ^= kw4r;
-/* round 7 */
-        subl(10) ^= kw4l; subr(10) ^= kw4r;
-        kw4l ^= kw4r & ~subr(8);
-        dw = kw4l & subl(8),
-                kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl1) */
-/* round 5 */
-        subl(6) ^= kw4l; subr(6) ^= kw4r;
-/* round 3 */
-        subl(4) ^= kw4l; subr(4) ^= kw4r;
-/* round 1 */
-        subl(2) ^= kw4l; subr(2) ^= kw4r;
-/* kw1 */
-        subl(0) ^= kw4l; subr(0) ^= kw4r;
-
-
-        /* key XOR is end of F-function */
-        CamelliaSubkeyL(0) = subl(0) ^ subl(2);/* kw1 */
-        CamelliaSubkeyR(0) = subr(0) ^ subr(2);
-        CamelliaSubkeyL(2) = subl(3);       /* round 1 */
-        CamelliaSubkeyR(2) = subr(3);
-        CamelliaSubkeyL(3) = subl(2) ^ subl(4); /* round 2 */
-        CamelliaSubkeyR(3) = subr(2) ^ subr(4);
-        CamelliaSubkeyL(4) = subl(3) ^ subl(5); /* round 3 */
-        CamelliaSubkeyR(4) = subr(3) ^ subr(5);
-        CamelliaSubkeyL(5) = subl(4) ^ subl(6); /* round 4 */
-        CamelliaSubkeyR(5) = subr(4) ^ subr(6);
-        CamelliaSubkeyL(6) = subl(5) ^ subl(7); /* round 5 */
-        CamelliaSubkeyR(6) = subr(5) ^ subr(7);
-        tl = subl(10) ^ (subr(10) & ~subr(8));
-        dw = tl & subl(8),  /* FL(kl1) */
-                tr = subr(10) ^ CAMELLIA_RL1(dw);
-        CamelliaSubkeyL(7) = subl(6) ^ tl; /* round 6 */
-        CamelliaSubkeyR(7) = subr(6) ^ tr;
-        CamelliaSubkeyL(8) = subl(8);       /* FL(kl1) */
-        CamelliaSubkeyR(8) = subr(8);
-        CamelliaSubkeyL(9) = subl(9);       /* FLinv(kl2) */
-        CamelliaSubkeyR(9) = subr(9);
-        tl = subl(7) ^ (subr(7) & ~subr(9));
-        dw = tl & subl(9),  /* FLinv(kl2) */
-                tr = subr(7) ^ CAMELLIA_RL1(dw);
-        CamelliaSubkeyL(10) = tl ^ subl(11); /* round 7 */
-        CamelliaSubkeyR(10) = tr ^ subr(11);
-        CamelliaSubkeyL(11) = subl(10) ^ subl(12); /* round 8 */
-        CamelliaSubkeyR(11) = subr(10) ^ subr(12);
-        CamelliaSubkeyL(12) = subl(11) ^ subl(13); /* round 9 */
-        CamelliaSubkeyR(12) = subr(11) ^ subr(13);
-        CamelliaSubkeyL(13) = subl(12) ^ subl(14); /* round 10 */
-        CamelliaSubkeyR(13) = subr(12) ^ subr(14);
-        CamelliaSubkeyL(14) = subl(13) ^ subl(15); /* round 11 */
-        CamelliaSubkeyR(14) = subr(13) ^ subr(15);
-        tl = subl(18) ^ (subr(18) & ~subr(16));
-        dw = tl & subl(16), /* FL(kl3) */
-                tr = subr(18) ^ CAMELLIA_RL1(dw);
-        CamelliaSubkeyL(15) = subl(14) ^ tl; /* round 12 */
-        CamelliaSubkeyR(15) = subr(14) ^ tr;
-        CamelliaSubkeyL(16) = subl(16);     /* FL(kl3) */
-        CamelliaSubkeyR(16) = subr(16);
-        CamelliaSubkeyL(17) = subl(17);     /* FLinv(kl4) */
-        CamelliaSubkeyR(17) = subr(17);
-        tl = subl(15) ^ (subr(15) & ~subr(17));
-        dw = tl & subl(17), /* FLinv(kl4) */
-                tr = subr(15) ^ CAMELLIA_RL1(dw);
-        CamelliaSubkeyL(18) = tl ^ subl(19); /* round 13 */
-        CamelliaSubkeyR(18) = tr ^ subr(19);
-        CamelliaSubkeyL(19) = subl(18) ^ subl(20); /* round 14 */
-        CamelliaSubkeyR(19) = subr(18) ^ subr(20);
-        CamelliaSubkeyL(20) = subl(19) ^ subl(21); /* round 15 */
-        CamelliaSubkeyR(20) = subr(19) ^ subr(21);
-        CamelliaSubkeyL(21) = subl(20) ^ subl(22); /* round 16 */
-        CamelliaSubkeyR(21) = subr(20) ^ subr(22);
-        CamelliaSubkeyL(22) = subl(21) ^ subl(23); /* round 17 */
-        CamelliaSubkeyR(22) = subr(21) ^ subr(23);
-        CamelliaSubkeyL(23) = subl(22);     /* round 18 */
-        CamelliaSubkeyR(23) = subr(22);
-        CamelliaSubkeyL(24) = subl(24) ^ subl(23); /* kw3 */
-        CamelliaSubkeyR(24) = subr(24) ^ subr(23);
-
-        /* apply the inverse of the last half of P-function */
-        dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2),
-                dw = CAMELLIA_RL8(dw);/* round 1 */
-        CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw,
-                CamelliaSubkeyL(2) = dw;
-        dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3),
-                dw = CAMELLIA_RL8(dw);/* round 2 */
-        CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw,
-                CamelliaSubkeyL(3) = dw;
-        dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4),
-                dw = CAMELLIA_RL8(dw);/* round 3 */
-        CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw,
-                CamelliaSubkeyL(4) = dw;
-        dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5),
-                dw = CAMELLIA_RL8(dw);/* round 4 */
-        CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw,
-                CamelliaSubkeyL(5) = dw;
-        dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6),
-                dw = CAMELLIA_RL8(dw);/* round 5 */
-        CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw,
-                CamelliaSubkeyL(6) = dw;
-        dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7),
-                dw = CAMELLIA_RL8(dw);/* round 6 */
-        CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw,
-                CamelliaSubkeyL(7) = dw;
-        dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10),
-                dw = CAMELLIA_RL8(dw);/* round 7 */
-        CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw,
-                CamelliaSubkeyL(10) = dw;
-        dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11),
-                dw = CAMELLIA_RL8(dw);/* round 8 */
-        CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw,
-                CamelliaSubkeyL(11) = dw;
-        dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12),
-                dw = CAMELLIA_RL8(dw);/* round 9 */
-        CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw,
-                CamelliaSubkeyL(12) = dw;
-        dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13),
-                dw = CAMELLIA_RL8(dw);/* round 10 */
-        CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw,
-                CamelliaSubkeyL(13) = dw;
-        dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14),
-                dw = CAMELLIA_RL8(dw);/* round 11 */
-        CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw,
-                CamelliaSubkeyL(14) = dw;
-        dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15),
-                dw = CAMELLIA_RL8(dw);/* round 12 */
-        CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw,
-                CamelliaSubkeyL(15) = dw;
-        dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18),
-                dw = CAMELLIA_RL8(dw);/* round 13 */
-        CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw,
-                CamelliaSubkeyL(18) = dw;
-        dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19),
-                dw = CAMELLIA_RL8(dw);/* round 14 */
-        CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw,
-                CamelliaSubkeyL(19) = dw;
-        dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20),
-                dw = CAMELLIA_RL8(dw);/* round 15 */
-        CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw,
-                CamelliaSubkeyL(20) = dw;
-        dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21),
-                dw = CAMELLIA_RL8(dw);/* round 16 */
-        CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw,
-                CamelliaSubkeyL(21) = dw;
-        dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22),
-                dw = CAMELLIA_RL8(dw);/* round 17 */
-        CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw,
-                CamelliaSubkeyL(22) = dw;
-        dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23),
-                dw = CAMELLIA_RL8(dw);/* round 18 */
-        CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw,
-                CamelliaSubkeyL(23) = dw;
-
-        return;
+        register u32 s0,s1,s2,s3;
+
+        k[0] = s0 = GETU32(rawKey);
+        k[1] = s1 = GETU32(rawKey+4);
+        k[2] = s2 = GETU32(rawKey+8);
+        k[3] = s3 = GETU32(rawKey+12);
+
+        if (keyBitLength != 128)
+                {
+                k[8] = s0 = GETU32(rawKey+16);
+                k[9] = s1 = GETU32(rawKey+20);
+                if (keyBitLength == 192)
+                        {
+                        k[10] = s2 = ~s0;
+                        k[11] = s3 = ~s1;
+                        }
+                else
+                        {
+                        k[10] = s2 = GETU32(rawKey+24);
+                        k[11] = s3 = GETU32(rawKey+28);
+                        }
+                s0 ^= k[0], s1 ^= k[1], s2 ^= k[2], s3 ^= k[3];
+                }
+
+        /* Use the Feistel routine to scramble the key material */
+        Camellia_Feistel(s0,s1,s2,s3,SIGMA+0);
+        Camellia_Feistel(s2,s3,s0,s1,SIGMA+2);
+
+        s0 ^= k[0], s1 ^= k[1], s2 ^= k[2], s3 ^= k[3];
+        Camellia_Feistel(s0,s1,s2,s3,SIGMA+4);
+        Camellia_Feistel(s2,s3,s0,s1,SIGMA+6);
+
+        /* Fill the keyTable. Requires many block rotations. */
+        if (keyBitLength == 128)
+                {
+                k[ 4] = s0, k[ 5] = s1, k[ 6] = s2, k[ 7] = s3;
+                RotLeft128(s0,s1,s2,s3,15);     /* KA <<< 15 */
+                k[12] = s0, k[13] = s1, k[14] = s2, k[15] = s3;
+                RotLeft128(s0,s1,s2,s3,15);     /* KA <<< 30 */
+                k[16] = s0, k[17] = s1, k[18] = s2, k[19] = s3;
+                RotLeft128(s0,s1,s2,s3,15);     /* KA <<< 45 */
+                k[24] = s0, k[25] = s1;
+                RotLeft128(s0,s1,s2,s3,15);     /* KA <<< 60 */
+                k[28] = s0, k[29] = s1, k[30] = s2, k[31] = s3;
+                RotLeft128(s1,s2,s3,s0,2);      /* KA <<< 94 */
+                k[40] = s1, k[41] = s2, k[42] = s3, k[43] = s0;
+                RotLeft128(s1,s2,s3,s0,17);     /* KA <<<111 */
+                k[48] = s1, k[49] = s2, k[50] = s3, k[51] = s0;
+
+                s0 = k[ 0], s1 = k[ 1], s2 = k[ 2], s3 = k[ 3];
+                RotLeft128(s0,s1,s2,s3,15);     /* KL <<< 15 */
+                k[ 8] = s0, k[ 9] = s1, k[10] = s2, k[11] = s3;
+                RotLeft128(s0,s1,s2,s3,30);     /* KL <<< 45 */
+                k[20] = s0, k[21] = s1, k[22] = s2, k[23] = s3;
+                RotLeft128(s0,s1,s2,s3,15);     /* KL <<< 60 */
+                k[26] = s2, k[27] = s3;
+                RotLeft128(s0,s1,s2,s3,17);     /* KL <<< 77 */
+                k[32] = s0, k[33] = s1, k[34] = s2, k[35] = s3;
+                RotLeft128(s0,s1,s2,s3,17);     /* KL <<< 94 */
+                k[36] = s0, k[37] = s1, k[38] = s2, k[39] = s3;
+                RotLeft128(s0,s1,s2,s3,17);     /* KL <<<111 */
+                k[44] = s0, k[45] = s1, k[46] = s2, k[47] = s3;
+
+                return 3;       /* grand rounds */
+                }
+        else
+                {
+                k[12] = s0, k[13] = s1, k[14] = s2, k[15] = s3;
+                s0 ^= k[8], s1 ^= k[9], s2 ^=k[10], s3 ^=k[11];
+                Camellia_Feistel(s0,s1,s2,s3,(SIGMA+8));
+                Camellia_Feistel(s2,s3,s0,s1,(SIGMA+10));
+
+                k[ 4] = s0, k[ 5] = s1, k[ 6] = s2, k[ 7] = s3;
+                RotLeft128(s0,s1,s2,s3,30);     /* KB <<< 30 */
+                k[20] = s0, k[21] = s1, k[22] = s2, k[23] = s3;
+                RotLeft128(s0,s1,s2,s3,30);     /* KB <<< 60 */
+                k[40] = s0, k[41] = s1, k[42] = s2, k[43] = s3;
+                RotLeft128(s1,s2,s3,s0,19);     /* KB <<<111 */
+                k[64] = s1, k[65] = s2, k[66] = s3, k[67] = s0;
+
+                s0 = k[ 8], s1 = k[ 9], s2 = k[10], s3 = k[11];
+                RotLeft128(s0,s1,s2,s3,15);     /* KR <<< 15 */
+                k[ 8] = s0, k[ 9] = s1, k[10] = s2, k[11] = s3;
+                RotLeft128(s0,s1,s2,s3,15);     /* KR <<< 30 */
+                k[16] = s0, k[17] = s1, k[18] = s2, k[19] = s3;
+                RotLeft128(s0,s1,s2,s3,30);     /* KR <<< 60 */
+                k[36] = s0, k[37] = s1, k[38] = s2, k[39] = s3;
+                RotLeft128(s1,s2,s3,s0,2);      /* KR <<< 94 */
+                k[52] = s1, k[53] = s2, k[54] = s3, k[55] = s0;
+
+                s0 = k[12], s1 = k[13], s2 = k[14], s3 = k[15];
+                RotLeft128(s0,s1,s2,s3,15);     /* KA <<< 15 */
+                k[12] = s0, k[13] = s1, k[14] = s2, k[15] = s3;
+                RotLeft128(s0,s1,s2,s3,30);     /* KA <<< 45 */
+                k[28] = s0, k[29] = s1, k[30] = s2, k[31] = s3;
+                                                /* KA <<< 77 */
+                k[48] = s1, k[49] = s2, k[50] = s3, k[51] = s0;
+                RotLeft128(s1,s2,s3,s0,17);     /* KA <<< 94 */
+                k[56] = s1, k[57] = s2, k[58] = s3, k[59] = s0;
+
+                s0 = k[ 0], s1 = k[ 1], s2 = k[ 2], s3 = k[ 3];
+                RotLeft128(s1,s2,s3,s0,13);     /* KL <<< 45 */
+                k[24] = s1, k[25] = s2, k[26] = s3, k[27] = s0;
+                RotLeft128(s1,s2,s3,s0,15);     /* KL <<< 60 */
+                k[32] = s1, k[33] = s2, k[34] = s3, k[35] = s0;
+                RotLeft128(s1,s2,s3,s0,17);     /* KL <<< 77 */
+                k[44] = s1, k[45] = s2, k[46] = s3, k[47] = s0;
+                RotLeft128(s2,s3,s0,s1,2);      /* KL <<<111 */
+                k[60] = s2, k[61] = s3, k[62] = s0, k[63] = s1;
+
+                return 4;       /* grand rounds */
+                }
+        /*
+         * It is possible to perform certain precalculations, which
+         * would spare few cycles in block procedure. It's not done,
+         * because it upsets the performance balance between key
+         * setup and block procedures, negatively affecting overall
+         * throughput in applications operating on short messages
+         * and volatile keys.
+         */ 
         }
 
-void camellia_setup256(const u8 *key, u32 *subkey)
+void Camellia_EncryptBlock_Rounds(int grandRounds, const u8 plaintext[], 
+                const KEY_TABLE_TYPE keyTable, u8 ciphertext[])
         {
-        u32 kll,klr,krl,krr;           /* left half of key */
-        u32 krll,krlr,krrl,krrr;       /* right half of key */
-        u32 il, ir, t0, t1, w0, w1;    /* temporary variables */
-        u32 kw4l, kw4r, dw, tl, tr;
-        u32 subL[34];
-        u32 subR[34];
-
-        /**
-         *  key = (kll || klr || krl || krr || krll || krlr || krrl || krrr)
-         *  (|| is concatination)
-         */
-
-        kll  = GETU32(key     );
-        klr  = GETU32(key +  4);
-        krl  = GETU32(key +  8);
-        krr  = GETU32(key + 12);
-        krll = GETU32(key + 16);
-        krlr = GETU32(key + 20);
-        krrl = GETU32(key + 24);
-        krrr = GETU32(key + 28);
-
-        /* generate KL dependent subkeys */
-        /* kw1 */
-        subl(0) = kll; subr(0) = klr;
-        /* kw2 */
-        subl(1) = krl; subr(1) = krr;
-        CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45);
-        /* k9 */
-        subl(12) = kll; subr(12) = klr;
-        /* k10 */
-        subl(13) = krl; subr(13) = krr;
-        CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
-        /* kl3 */
-        subl(16) = kll; subr(16) = klr;
-        /* kl4 */
-        subl(17) = krl; subr(17) = krr;
-        CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
-        /* k17 */
-        subl(22) = kll; subr(22) = klr;
-        /* k18 */
-        subl(23) = krl; subr(23) = krr;
-        CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
-        /* k23 */
-        subl(30) = kll; subr(30) = klr;
-        /* k24 */
-        subl(31) = krl; subr(31) = krr;
-
-        /* generate KR dependent subkeys */
-        CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
-        /* k3 */
-        subl(4) = krll; subr(4) = krlr;
-        /* k4 */
-        subl(5) = krrl; subr(5) = krrr;
-        CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
-        /* kl1 */
-        subl(8) = krll; subr(8) = krlr;
-        /* kl2 */
-        subl(9) = krrl; subr(9) = krrr;
-        CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
-        /* k13 */
-        subl(18) = krll; subr(18) = krlr;
-        /* k14 */
-        subl(19) = krrl; subr(19) = krrr;
-        CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
-        /* k19 */
-        subl(26) = krll; subr(26) = krlr;
-        /* k20 */
-        subl(27) = krrl; subr(27) = krrr;
-        CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
-
-        /* generate KA */
-        kll = subl(0) ^ krll; klr = subr(0) ^ krlr;
-        krl = subl(1) ^ krrl; krr = subr(1) ^ krrr;
-        CAMELLIA_F(kll, klr,
-                CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
-                w0, w1, il, ir, t0, t1);
-        krl ^= w0; krr ^= w1;
-        CAMELLIA_F(krl, krr,
-                CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
-                kll, klr, il, ir, t0, t1);
-        kll ^= krll; klr ^= krlr;
-        CAMELLIA_F(kll, klr,
-                CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
-                krl, krr, il, ir, t0, t1);
-        krl ^= w0 ^ krrl; krr ^= w1 ^ krrr;
-        CAMELLIA_F(krl, krr,
-                CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
-                w0, w1, il, ir, t0, t1);
-        kll ^= w0; klr ^= w1;
-
-        /* generate KB */
-        krll ^= kll; krlr ^= klr;
-        krrl ^= krl; krrr ^= krr;
-        CAMELLIA_F(krll, krlr,
-                CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R,
-                w0, w1, il, ir, t0, t1);
-        krrl ^= w0; krrr ^= w1;
-        CAMELLIA_F(krrl, krrr,
-                CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R,
-                w0, w1, il, ir, t0, t1);
-        krll ^= w0; krlr ^= w1;
-
-        /* generate KA dependent subkeys */
-        CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
-        /* k5 */
-        subl(6) = kll; subr(6) = klr;
-        /* k6 */
-        subl(7) = krl; subr(7) = krr;
-        CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
-        /* k11 */
-        subl(14) = kll; subr(14) = klr;
-        /* k12 */
-        subl(15) = krl; subr(15) = krr;
-        /* rotation left shift 32bit */
-        /* kl5 */
-        subl(24) = klr; subr(24) = krl;
-        /* kl6 */
-        subl(25) = krr; subr(25) = kll;
-        /* rotation left shift 49 from k11,k12 -> k21,k22 */
-        CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49);
-        /* k21 */
-        subl(28) = kll; subr(28) = klr;
-        /* k22 */
-        subl(29) = krl; subr(29) = krr;
-
-        /* generate KB dependent subkeys */
-        /* k1 */
-        subl(2) = krll; subr(2) = krlr;
-        /* k2 */
-        subl(3) = krrl; subr(3) = krrr;
-        CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
-        /* k7 */
-        subl(10) = krll; subr(10) = krlr;
-        /* k8 */
-        subl(11) = krrl; subr(11) = krrr;
-        CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
-        /* k15 */
-        subl(20) = krll; subr(20) = krlr;
-        /* k16 */
-        subl(21) = krrl; subr(21) = krrr;
-        CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);
-        /* kw3 */
-        subl(32) = krll; subr(32) = krlr;
-        /* kw4 */
-        subl(33) = krrl; subr(33) = krrr;
-
-        /* absorb kw2 to other subkeys */
-/* round 2 */
-        subl(3) ^= subl(1); subr(3) ^= subr(1);
-/* round 4 */
-        subl(5) ^= subl(1); subr(5) ^= subr(1);
-/* round 6 */
-        subl(7) ^= subl(1); subr(7) ^= subr(1);
-        subl(1) ^= subr(1) & ~subr(9);
-        dw = subl(1) & subl(9),
-                subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl2) */
-/* round 8 */
-        subl(11) ^= subl(1); subr(11) ^= subr(1);
-/* round 10 */
-        subl(13) ^= subl(1); subr(13) ^= subr(1);
-/* round 12 */
-        subl(15) ^= subl(1); subr(15) ^= subr(1);
-        subl(1) ^= subr(1) & ~subr(17);
-        dw = subl(1) & subl(17),
-                subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl4) */
-/* round 14 */
-        subl(19) ^= subl(1); subr(19) ^= subr(1);
-/* round 16 */
-        subl(21) ^= subl(1); subr(21) ^= subr(1);
-/* round 18 */
-        subl(23) ^= subl(1); subr(23) ^= subr(1);
-        subl(1) ^= subr(1) & ~subr(25);
-        dw = subl(1) & subl(25),
-                subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl6) */
-/* round 20 */
-        subl(27) ^= subl(1); subr(27) ^= subr(1);
-/* round 22 */
-        subl(29) ^= subl(1); subr(29) ^= subr(1);
-/* round 24 */
-        subl(31) ^= subl(1); subr(31) ^= subr(1);
-/* kw3 */
-        subl(32) ^= subl(1); subr(32) ^= subr(1);
-
-
-        /* absorb kw4 to other subkeys */
-        kw4l = subl(33); kw4r = subr(33);
-/* round 23 */
-        subl(30) ^= kw4l; subr(30) ^= kw4r;
-/* round 21 */
-        subl(28) ^= kw4l; subr(28) ^= kw4r;
-/* round 19 */
-        subl(26) ^= kw4l; subr(26) ^= kw4r;
-        kw4l ^= kw4r & ~subr(24);
-        dw = kw4l & subl(24),
-                kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl5) */
-/* round 17 */
-        subl(22) ^= kw4l; subr(22) ^= kw4r;
-/* round 15 */
-        subl(20) ^= kw4l; subr(20) ^= kw4r;
-/* round 13 */
-        subl(18) ^= kw4l; subr(18) ^= kw4r;
-        kw4l ^= kw4r & ~subr(16);
-        dw = kw4l & subl(16),
-                kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl3) */
-/* round 11 */
-        subl(14) ^= kw4l; subr(14) ^= kw4r;
-/* round 9 */
-        subl(12) ^= kw4l; subr(12) ^= kw4r;
-/* round 7 */
-        subl(10) ^= kw4l; subr(10) ^= kw4r;
-        kw4l ^= kw4r & ~subr(8);
-        dw = kw4l & subl(8),
-                kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl1) */
-/* round 5 */
-        subl(6) ^= kw4l; subr(6) ^= kw4r;
-/* round 3 */
-        subl(4) ^= kw4l; subr(4) ^= kw4r;
-/* round 1 */
-        subl(2) ^= kw4l; subr(2) ^= kw4r;
-/* kw1 */
-        subl(0) ^= kw4l; subr(0) ^= kw4r;
-
-        /* key XOR is end of F-function */
-        CamelliaSubkeyL(0) = subl(0) ^ subl(2);/* kw1 */
-        CamelliaSubkeyR(0) = subr(0) ^ subr(2);
-        CamelliaSubkeyL(2) = subl(3);       /* round 1 */
-        CamelliaSubkeyR(2) = subr(3);
-        CamelliaSubkeyL(3) = subl(2) ^ subl(4); /* round 2 */
-        CamelliaSubkeyR(3) = subr(2) ^ subr(4);
-        CamelliaSubkeyL(4) = subl(3) ^ subl(5); /* round 3 */
-        CamelliaSubkeyR(4) = subr(3) ^ subr(5);
-        CamelliaSubkeyL(5) = subl(4) ^ subl(6); /* round 4 */
-        CamelliaSubkeyR(5) = subr(4) ^ subr(6);
-        CamelliaSubkeyL(6) = subl(5) ^ subl(7); /* round 5 */
-        CamelliaSubkeyR(6) = subr(5) ^ subr(7);
-        tl = subl(10) ^ (subr(10) & ~subr(8));
-        dw = tl & subl(8),  /* FL(kl1) */
-                tr = subr(10) ^ CAMELLIA_RL1(dw);
-        CamelliaSubkeyL(7) = subl(6) ^ tl; /* round 6 */
-        CamelliaSubkeyR(7) = subr(6) ^ tr;
-        CamelliaSubkeyL(8) = subl(8);       /* FL(kl1) */
-        CamelliaSubkeyR(8) = subr(8);
-        CamelliaSubkeyL(9) = subl(9);       /* FLinv(kl2) */
-        CamelliaSubkeyR(9) = subr(9);
-        tl = subl(7) ^ (subr(7) & ~subr(9));
-        dw = tl & subl(9),  /* FLinv(kl2) */
-                tr = subr(7) ^ CAMELLIA_RL1(dw);
-        CamelliaSubkeyL(10) = tl ^ subl(11); /* round 7 */
-        CamelliaSubkeyR(10) = tr ^ subr(11);
-        CamelliaSubkeyL(11) = subl(10) ^ subl(12); /* round 8 */
-        CamelliaSubkeyR(11) = subr(10) ^ subr(12);
-        CamelliaSubkeyL(12) = subl(11) ^ subl(13); /* round 9 */
-        CamelliaSubkeyR(12) = subr(11) ^ subr(13);
-        CamelliaSubkeyL(13) = subl(12) ^ subl(14); /* round 10 */
-        CamelliaSubkeyR(13) = subr(12) ^ subr(14);
-        CamelliaSubkeyL(14) = subl(13) ^ subl(15); /* round 11 */
-        CamelliaSubkeyR(14) = subr(13) ^ subr(15);
-        tl = subl(18) ^ (subr(18) & ~subr(16));
-        dw = tl & subl(16), /* FL(kl3) */
-                tr = subr(18) ^ CAMELLIA_RL1(dw);
-        CamelliaSubkeyL(15) = subl(14) ^ tl; /* round 12 */
-        CamelliaSubkeyR(15) = subr(14) ^ tr;
-        CamelliaSubkeyL(16) = subl(16);     /* FL(kl3) */
-        CamelliaSubkeyR(16) = subr(16);
-        CamelliaSubkeyL(17) = subl(17);     /* FLinv(kl4) */
-        CamelliaSubkeyR(17) = subr(17);
-        tl = subl(15) ^ (subr(15) & ~subr(17));
-        dw = tl & subl(17), /* FLinv(kl4) */
-                tr = subr(15) ^ CAMELLIA_RL1(dw);
-        CamelliaSubkeyL(18) = tl ^ subl(19); /* round 13 */
-        CamelliaSubkeyR(18) = tr ^ subr(19);
-        CamelliaSubkeyL(19) = subl(18) ^ subl(20); /* round 14 */
-        CamelliaSubkeyR(19) = subr(18) ^ subr(20);
-        CamelliaSubkeyL(20) = subl(19) ^ subl(21); /* round 15 */
-        CamelliaSubkeyR(20) = subr(19) ^ subr(21);
-        CamelliaSubkeyL(21) = subl(20) ^ subl(22); /* round 16 */
-        CamelliaSubkeyR(21) = subr(20) ^ subr(22);
-        CamelliaSubkeyL(22) = subl(21) ^ subl(23); /* round 17 */
-        CamelliaSubkeyR(22) = subr(21) ^ subr(23);
-        tl = subl(26) ^ (subr(26)
-                & ~subr(24));
-        dw = tl & subl(24), /* FL(kl5) */
-                tr = subr(26) ^ CAMELLIA_RL1(dw);
-        CamelliaSubkeyL(23) = subl(22) ^ tl; /* round 18 */
-        CamelliaSubkeyR(23) = subr(22) ^ tr;
-        CamelliaSubkeyL(24) = subl(24);     /* FL(kl5) */
-        CamelliaSubkeyR(24) = subr(24);
-        CamelliaSubkeyL(25) = subl(25);     /* FLinv(kl6) */
-        CamelliaSubkeyR(25) = subr(25);
-        tl = subl(23) ^ (subr(23) &
-                ~subr(25));
-        dw = tl & subl(25), /* FLinv(kl6) */
-                tr = subr(23) ^ CAMELLIA_RL1(dw);
-        CamelliaSubkeyL(26) = tl ^ subl(27); /* round 19 */
-        CamelliaSubkeyR(26) = tr ^ subr(27);
-        CamelliaSubkeyL(27) = subl(26) ^ subl(28); /* round 20 */
-        CamelliaSubkeyR(27) = subr(26) ^ subr(28);
-        CamelliaSubkeyL(28) = subl(27) ^ subl(29); /* round 21 */
-        CamelliaSubkeyR(28) = subr(27) ^ subr(29);
-        CamelliaSubkeyL(29) = subl(28) ^ subl(30); /* round 22 */
-        CamelliaSubkeyR(29) = subr(28) ^ subr(30);
-        CamelliaSubkeyL(30) = subl(29) ^ subl(31); /* round 23 */
-        CamelliaSubkeyR(30) = subr(29) ^ subr(31);
-        CamelliaSubkeyL(31) = subl(30);     /* round 24 */
-        CamelliaSubkeyR(31) = subr(30);
-        CamelliaSubkeyL(32) = subl(32) ^ subl(31); /* kw3 */
-        CamelliaSubkeyR(32) = subr(32) ^ subr(31);
-
-        /* apply the inverse of the last half of P-function */
-        dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2),
-                dw = CAMELLIA_RL8(dw);/* round 1 */
-        CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw,
-                CamelliaSubkeyL(2) = dw;
-        dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3),
-                dw = CAMELLIA_RL8(dw);/* round 2 */
-        CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw,
-                CamelliaSubkeyL(3) = dw;
-        dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4),
-                dw = CAMELLIA_RL8(dw);/* round 3 */
-        CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw,
-                CamelliaSubkeyL(4) = dw;
-        dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5),
-                dw = CAMELLIA_RL8(dw);/* round 4 */
-        CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw,
-                CamelliaSubkeyL(5) = dw;
-        dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6),
-                dw = CAMELLIA_RL8(dw);/* round 5 */
-        CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw,
-                CamelliaSubkeyL(6) = dw;
-        dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7),
-                dw = CAMELLIA_RL8(dw);/* round 6 */
-        CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw,
-                CamelliaSubkeyL(7) = dw;
-        dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10),
-                dw = CAMELLIA_RL8(dw);/* round 7 */
-        CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw,
-                CamelliaSubkeyL(10) = dw;
-        dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11),
-                dw = CAMELLIA_RL8(dw);/* round 8 */
-        CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw,
-                CamelliaSubkeyL(11) = dw;
-        dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12),
-                dw = CAMELLIA_RL8(dw);/* round 9 */
-        CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw,
-                CamelliaSubkeyL(12) = dw;
-        dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13),
-                dw = CAMELLIA_RL8(dw);/* round 10 */
-        CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw,
-                CamelliaSubkeyL(13) = dw;
-        dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14),
-                dw = CAMELLIA_RL8(dw);/* round 11 */
-        CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw,
-                CamelliaSubkeyL(14) = dw;
-        dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15),
-                dw = CAMELLIA_RL8(dw);/* round 12 */
-        CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw,
-                CamelliaSubkeyL(15) = dw;
-        dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18),
-                dw = CAMELLIA_RL8(dw);/* round 13 */
-        CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw,
-                CamelliaSubkeyL(18) = dw;
-        dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19),
-                dw = CAMELLIA_RL8(dw);/* round 14 */
-        CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw,
-                CamelliaSubkeyL(19) = dw;
-        dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20),
-                dw = CAMELLIA_RL8(dw);/* round 15 */
-        CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw,
-                CamelliaSubkeyL(20) = dw;
-        dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21),
-                dw = CAMELLIA_RL8(dw);/* round 16 */
-        CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw,
-                CamelliaSubkeyL(21) = dw;
-        dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22),
-                dw = CAMELLIA_RL8(dw);/* round 17 */
-        CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw,
-                CamelliaSubkeyL(22) = dw;
-        dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23),
-                dw = CAMELLIA_RL8(dw);/* round 18 */
-        CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw,
-                CamelliaSubkeyL(23) = dw;
-        dw = CamelliaSubkeyL(26) ^ CamelliaSubkeyR(26),
-                dw = CAMELLIA_RL8(dw);/* round 19 */
-        CamelliaSubkeyR(26) = CamelliaSubkeyL(26) ^ dw,
-                CamelliaSubkeyL(26) = dw;
-        dw = CamelliaSubkeyL(27) ^ CamelliaSubkeyR(27),
-                dw = CAMELLIA_RL8(dw);/* round 20 */
-        CamelliaSubkeyR(27) = CamelliaSubkeyL(27) ^ dw,
-                CamelliaSubkeyL(27) = dw;
-        dw = CamelliaSubkeyL(28) ^ CamelliaSubkeyR(28),
-                dw = CAMELLIA_RL8(dw);/* round 21 */
-        CamelliaSubkeyR(28) = CamelliaSubkeyL(28) ^ dw,
-                CamelliaSubkeyL(28) = dw;
-        dw = CamelliaSubkeyL(29) ^ CamelliaSubkeyR(29),
-                dw = CAMELLIA_RL8(dw);/* round 22 */
-        CamelliaSubkeyR(29) = CamelliaSubkeyL(29) ^ dw,
-                CamelliaSubkeyL(29) = dw;
-        dw = CamelliaSubkeyL(30) ^ CamelliaSubkeyR(30),
-                dw = CAMELLIA_RL8(dw);/* round 23 */
-        CamelliaSubkeyR(30) = CamelliaSubkeyL(30) ^ dw,
-                CamelliaSubkeyL(30) = dw;
-        dw = CamelliaSubkeyL(31) ^ CamelliaSubkeyR(31),
-                dw = CAMELLIA_RL8(dw);/* round 24 */
-        CamelliaSubkeyR(31) = CamelliaSubkeyL(31) ^ dw,
-                CamelliaSubkeyL(31) = dw;
-
-    
-        return;
+        register u32 s0,s1,s2,s3; 
+        const u32 *k = keyTable,*kend = keyTable+grandRounds*16; 
+
+        s0 = GETU32(plaintext)    ^ k[0];
+        s1 = GETU32(plaintext+4)  ^ k[1];
+        s2 = GETU32(plaintext+8)  ^ k[2];
+        s3 = GETU32(plaintext+12) ^ k[3];
+        k += 4;
+
+        while (1)
+                {
+                /* Camellia makes 6 Feistel rounds */
+                Camellia_Feistel(s0,s1,s2,s3,k+0);
+                Camellia_Feistel(s2,s3,s0,s1,k+2);
+                Camellia_Feistel(s0,s1,s2,s3,k+4);
+                Camellia_Feistel(s2,s3,s0,s1,k+6);
+                Camellia_Feistel(s0,s1,s2,s3,k+8);
+                Camellia_Feistel(s2,s3,s0,s1,k+10);
+                k += 12;
+
+                if (k == kend) break;
+
+                /* This is the same function as the diffusion function D
+                 * of the accompanying documentation. See section 3.2
+                 * for properties of the FLlayer function. */
+                s1 ^= LeftRotate(s0 & k[0], 1);
+                s2 ^= s3 | k[3];
+                s0 ^= s1 | k[1];
+                s3 ^= LeftRotate(s2 & k[2], 1);
+                k += 4;
+                }
+
+        s2 ^= k[0], s3 ^= k[1], s0 ^= k[2], s1 ^= k[3];
+
+        PUTU32(ciphertext,   s2);
+        PUTU32(ciphertext+4, s3);
+        PUTU32(ciphertext+8, s0);
+        PUTU32(ciphertext+12,s1);
         }
-
-void camellia_setup192(const u8 *key, u32 *subkey)
-        {
-        u8 kk[32];
-        u32 krll, krlr, krrl,krrr;
-
-        memcpy(kk, key, 24);
-        memcpy((u8 *)&krll, key+16,4);
-        memcpy((u8 *)&krlr, key+20,4);
-        krrl = ~krll;
-        krrr = ~krlr;
-        memcpy(kk+24, (u8 *)&krrl, 4);
-        memcpy(kk+28, (u8 *)&krrr, 4);
-        camellia_setup256(kk, subkey);
-        return;
-        }
-
-
-/**
- * Stuff related to camellia encryption/decryption
- */
-void camellia_encrypt128(const u32 *subkey, u32 *io)
-        {
-        u32 il, ir, t0, t1;
-
-        /* pre whitening but absorb kw2*/
-        io[0] ^= CamelliaSubkeyL(0);
-        io[1] ^= CamelliaSubkeyR(0);
-        /* main iteration */
-
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(2),CamelliaSubkeyR(2),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(3),CamelliaSubkeyR(3),
-                io[0],io[1],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(4),CamelliaSubkeyR(4),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(5),CamelliaSubkeyR(5),
-                io[0],io[1],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(6),CamelliaSubkeyR(6),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(7),CamelliaSubkeyR(7),
-                io[0],io[1],il,ir,t0,t1);
-
-        CAMELLIA_FLS(io[0],io[1],io[2],io[3],
-                CamelliaSubkeyL(8),CamelliaSubkeyR(8),
-                CamelliaSubkeyL(9),CamelliaSubkeyR(9),
-                t0,t1,il,ir);
-
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(10),CamelliaSubkeyR(10),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(11),CamelliaSubkeyR(11),
-                io[0],io[1],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(12),CamelliaSubkeyR(12),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(13),CamelliaSubkeyR(13),
-                io[0],io[1],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(14),CamelliaSubkeyR(14),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(15),CamelliaSubkeyR(15),
-                io[0],io[1],il,ir,t0,t1);
-
-        CAMELLIA_FLS(io[0],io[1],io[2],io[3],
-                CamelliaSubkeyL(16),CamelliaSubkeyR(16),
-                CamelliaSubkeyL(17),CamelliaSubkeyR(17),
-                t0,t1,il,ir);
-
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(18),CamelliaSubkeyR(18),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(19),CamelliaSubkeyR(19),
-                io[0],io[1],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(20),CamelliaSubkeyR(20),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(21),CamelliaSubkeyR(21),
-                io[0],io[1],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(22),CamelliaSubkeyR(22),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(23),CamelliaSubkeyR(23),
-                io[0],io[1],il,ir,t0,t1);
-
-        /* post whitening but kw4 */
-        io[2] ^= CamelliaSubkeyL(24);
-        io[3] ^= CamelliaSubkeyR(24);
-
-        t0 = io[0];
-        t1 = io[1];
-        io[0] = io[2];
-        io[1] = io[3];
-        io[2] = t0;
-        io[3] = t1;
-
-        return;
-        }
-
-void camellia_decrypt128(const u32 *subkey, u32 *io)
+void Camellia_EncryptBlock(int keyBitLength, const u8 plaintext[], 
+                const KEY_TABLE_TYPE keyTable, u8 ciphertext[])
         {
-        u32 il,ir,t0,t1;               /* temporary valiables */
-
-        /* pre whitening but absorb kw2*/
-        io[0] ^= CamelliaSubkeyL(24);
-        io[1] ^= CamelliaSubkeyR(24);
-
-        /* main iteration */
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(23),CamelliaSubkeyR(23),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(22),CamelliaSubkeyR(22),
-                io[0],io[1],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(21),CamelliaSubkeyR(21),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(20),CamelliaSubkeyR(20),
-                io[0],io[1],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(19),CamelliaSubkeyR(19),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(18),CamelliaSubkeyR(18),
-                io[0],io[1],il,ir,t0,t1);
-
-        CAMELLIA_FLS(io[0],io[1],io[2],io[3],
-                CamelliaSubkeyL(17),CamelliaSubkeyR(17),
-                CamelliaSubkeyL(16),CamelliaSubkeyR(16),
-                t0,t1,il,ir);
-
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(15),CamelliaSubkeyR(15),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(14),CamelliaSubkeyR(14),
-                io[0],io[1],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(13),CamelliaSubkeyR(13),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(12),CamelliaSubkeyR(12),
-                io[0],io[1],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(11),CamelliaSubkeyR(11),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(10),CamelliaSubkeyR(10),
-                io[0],io[1],il,ir,t0,t1);
-
-        CAMELLIA_FLS(io[0],io[1],io[2],io[3],
-                CamelliaSubkeyL(9),CamelliaSubkeyR(9),
-                CamelliaSubkeyL(8),CamelliaSubkeyR(8),
-                t0,t1,il,ir);
-
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(7),CamelliaSubkeyR(7),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(6),CamelliaSubkeyR(6),
-                io[0],io[1],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(5),CamelliaSubkeyR(5),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(4),CamelliaSubkeyR(4),
-                io[0],io[1],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(3),CamelliaSubkeyR(3),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(2),CamelliaSubkeyR(2),
-                io[0],io[1],il,ir,t0,t1);
-
-        /* post whitening but kw4 */
-        io[2] ^= CamelliaSubkeyL(0);
-        io[3] ^= CamelliaSubkeyR(0);
-
-        t0 = io[0];
-        t1 = io[1];
-        io[0] = io[2];
-        io[1] = io[3];
-        io[2] = t0;
-        io[3] = t1;
-
-        return;
+        Camellia_EncryptBlock_Rounds(keyBitLength==128?3:4,
+                        plaintext,keyTable,ciphertext);
         }
 
-/**
- * stuff for 192 and 256bit encryption/decryption
- */
-void camellia_encrypt256(const u32 *subkey, u32 *io)
+void Camellia_DecryptBlock_Rounds(int grandRounds, const u8 ciphertext[], 
+                const KEY_TABLE_TYPE keyTable, u8 plaintext[])
         {
-        u32 il,ir,t0,t1;           /* temporary valiables */
-
-        /* pre whitening but absorb kw2*/
-        io[0] ^= CamelliaSubkeyL(0);
-        io[1] ^= CamelliaSubkeyR(0);
-
-        /* main iteration */
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(2),CamelliaSubkeyR(2),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(3),CamelliaSubkeyR(3),
-                io[0],io[1],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(4),CamelliaSubkeyR(4),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(5),CamelliaSubkeyR(5),
-                io[0],io[1],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(6),CamelliaSubkeyR(6),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(7),CamelliaSubkeyR(7),
-                io[0],io[1],il,ir,t0,t1);
-
-        CAMELLIA_FLS(io[0],io[1],io[2],io[3],
-                CamelliaSubkeyL(8),CamelliaSubkeyR(8),
-                CamelliaSubkeyL(9),CamelliaSubkeyR(9),
-                t0,t1,il,ir);
-
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(10),CamelliaSubkeyR(10),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(11),CamelliaSubkeyR(11),
-                io[0],io[1],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(12),CamelliaSubkeyR(12),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(13),CamelliaSubkeyR(13),
-                io[0],io[1],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(14),CamelliaSubkeyR(14),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(15),CamelliaSubkeyR(15),
-                io[0],io[1],il,ir,t0,t1);
-
-        CAMELLIA_FLS(io[0],io[1],io[2],io[3],
-                CamelliaSubkeyL(16),CamelliaSubkeyR(16),
-                CamelliaSubkeyL(17),CamelliaSubkeyR(17),
-                t0,t1,il,ir);
-
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(18),CamelliaSubkeyR(18),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(19),CamelliaSubkeyR(19),
-                io[0],io[1],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(20),CamelliaSubkeyR(20),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(21),CamelliaSubkeyR(21),
-                io[0],io[1],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(22),CamelliaSubkeyR(22),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(23),CamelliaSubkeyR(23),
-                io[0],io[1],il,ir,t0,t1);
-
-        CAMELLIA_FLS(io[0],io[1],io[2],io[3],
-                CamelliaSubkeyL(24),CamelliaSubkeyR(24),
-                CamelliaSubkeyL(25),CamelliaSubkeyR(25),
-                t0,t1,il,ir);
-
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(26),CamelliaSubkeyR(26),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(27),CamelliaSubkeyR(27),
-                io[0],io[1],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(28),CamelliaSubkeyR(28),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(29),CamelliaSubkeyR(29),
-                io[0],io[1],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(30),CamelliaSubkeyR(30),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(31),CamelliaSubkeyR(31),
-                io[0],io[1],il,ir,t0,t1);
-
-        /* post whitening but kw4 */
-        io[2] ^= CamelliaSubkeyL(32);
-        io[3] ^= CamelliaSubkeyR(32);
-
-        t0 = io[0];
-        t1 = io[1];
-        io[0] = io[2];
-        io[1] = io[3];
-        io[2] = t0;
-        io[3] = t1;
-
-        return;
+        u32 s0,s1,s2,s3; 
+        const u32 *k = keyTable+grandRounds*16,*kend = keyTable+4; 
+
+        s0 = GETU32(ciphertext)    ^ k[0];
+        s1 = GETU32(ciphertext+4)  ^ k[1];
+        s2 = GETU32(ciphertext+8)  ^ k[2];
+        s3 = GETU32(ciphertext+12) ^ k[3];
+
+        while (1)
+                {
+                /* Camellia makes 6 Feistel rounds */
+                k -= 12;
+                Camellia_Feistel(s0,s1,s2,s3,k+10);
+                Camellia_Feistel(s2,s3,s0,s1,k+8);
+                Camellia_Feistel(s0,s1,s2,s3,k+6);
+                Camellia_Feistel(s2,s3,s0,s1,k+4);
+                Camellia_Feistel(s0,s1,s2,s3,k+2);
+                Camellia_Feistel(s2,s3,s0,s1,k+0);
+
+                if (k == kend) break;
+
+                /* This is the same function as the diffusion function D
+                 * of the accompanying documentation. See section 3.2
+                 * for properties of the FLlayer function. */
+                k -= 4;
+                s1 ^= LeftRotate(s0 & k[2], 1);
+                s2 ^= s3 | k[1];
+                s0 ^= s1 | k[3];
+                s3 ^= LeftRotate(s2 & k[0], 1);
+                }
+
+        k -= 4;
+        s2 ^= k[0], s3 ^= k[1], s0 ^= k[2], s1 ^= k[3];
+
+        PUTU32(plaintext,   s2);
+        PUTU32(plaintext+4, s3);
+        PUTU32(plaintext+8, s0);
+        PUTU32(plaintext+12,s1);
         }
-
-void camellia_decrypt256(const u32 *subkey, u32 *io)
+void Camellia_DecryptBlock(int keyBitLength, const u8 plaintext[], 
+                const KEY_TABLE_TYPE keyTable, u8 ciphertext[])
         {
-        u32 il,ir,t0,t1;           /* temporary valiables */
-
-        /* pre whitening but absorb kw2*/
-        io[0] ^= CamelliaSubkeyL(32);
-        io[1] ^= CamelliaSubkeyR(32);
-        
-        /* main iteration */
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(31),CamelliaSubkeyR(31),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(30),CamelliaSubkeyR(30),
-                io[0],io[1],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(29),CamelliaSubkeyR(29),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(28),CamelliaSubkeyR(28),
-                io[0],io[1],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(27),CamelliaSubkeyR(27),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(26),CamelliaSubkeyR(26),
-                io[0],io[1],il,ir,t0,t1);
-
-        CAMELLIA_FLS(io[0],io[1],io[2],io[3],
-                CamelliaSubkeyL(25),CamelliaSubkeyR(25),
-                CamelliaSubkeyL(24),CamelliaSubkeyR(24),
-                t0,t1,il,ir);
-
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(23),CamelliaSubkeyR(23),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(22),CamelliaSubkeyR(22),
-                io[0],io[1],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(21),CamelliaSubkeyR(21),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(20),CamelliaSubkeyR(20),
-                io[0],io[1],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(19),CamelliaSubkeyR(19),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(18),CamelliaSubkeyR(18),
-                io[0],io[1],il,ir,t0,t1);
-
-        CAMELLIA_FLS(io[0],io[1],io[2],io[3],
-                CamelliaSubkeyL(17),CamelliaSubkeyR(17),
-                CamelliaSubkeyL(16),CamelliaSubkeyR(16),
-                t0,t1,il,ir);
-
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(15),CamelliaSubkeyR(15),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(14),CamelliaSubkeyR(14),
-                io[0],io[1],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(13),CamelliaSubkeyR(13),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(12),CamelliaSubkeyR(12),
-                io[0],io[1],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(11),CamelliaSubkeyR(11),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(10),CamelliaSubkeyR(10),
-                io[0],io[1],il,ir,t0,t1);
-
-        CAMELLIA_FLS(io[0],io[1],io[2],io[3],
-                CamelliaSubkeyL(9),CamelliaSubkeyR(9),
-                CamelliaSubkeyL(8),CamelliaSubkeyR(8),
-                t0,t1,il,ir);
-
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(7),CamelliaSubkeyR(7),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(6),CamelliaSubkeyR(6),
-                io[0],io[1],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(5),CamelliaSubkeyR(5),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(4),CamelliaSubkeyR(4),
-                io[0],io[1],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(3),CamelliaSubkeyR(3),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(2),CamelliaSubkeyR(2),
-                io[0],io[1],il,ir,t0,t1);
-
-        /* post whitening but kw4 */
-        io[2] ^= CamelliaSubkeyL(0);
-        io[3] ^= CamelliaSubkeyR(0);
-
-        t0 = io[0];
-        t1 = io[1];
-        io[0] = io[2];
-        io[1] = io[3];
-        io[2] = t0;
-        io[3] = t1;
-
-        return;
+        Camellia_DecryptBlock_Rounds(keyBitLength==128?3:4,
+                        plaintext,keyTable,ciphertext);
         }
-
diff --git a/src/lib/libcrypto/camellia/camellia.h b/src/lib/libcrypto/camellia/camellia.h
index b8a8b6e10b..cf0457dd97 100644
--- a/src/lib/libcrypto/camellia/camellia.h
+++ b/src/lib/libcrypto/camellia/camellia.h
@@ -58,6 +58,8 @@
 #error CAMELLIA is disabled.
 #endif
 
+#include <stddef.h>
+
 #define CAMELLIA_ENCRYPT        1
 #define CAMELLIA_DECRYPT        0
 
@@ -74,24 +76,18 @@ extern "C" {
 #define CAMELLIA_TABLE_BYTE_LEN 272
 #define CAMELLIA_TABLE_WORD_LEN (CAMELLIA_TABLE_BYTE_LEN / 4)
 
- /* to match with WORD */
-typedef unsigned int KEY_TABLE_TYPE[CAMELLIA_TABLE_WORD_LEN];
+typedef unsigned int KEY_TABLE_TYPE[CAMELLIA_TABLE_WORD_LEN]; /* to match with WORD */
 
 struct camellia_key_st 
         {
-        KEY_TABLE_TYPE rd_key;
-        int bitLength;
-        void (*enc)(const unsigned int *subkey, unsigned int *io);
-        void (*dec)(const unsigned int *subkey, unsigned int *io);
+        union   {
+                double d;       /* ensures 64-bit align */
+                KEY_TABLE_TYPE rd_key;
+                } u;
+        int grand_rounds;
         };
-
 typedef struct camellia_key_st CAMELLIA_KEY;
 
-#ifdef OPENSSL_FIPS
-int private_Camellia_set_key(const unsigned char *userKey, const int bits,
-        CAMELLIA_KEY *key);
-#endif
-
 int Camellia_set_key(const unsigned char *userKey, const int bits,
         CAMELLIA_KEY *key);
 
@@ -103,25 +99,22 @@ void Camellia_decrypt(const unsigned char *in, unsigned char *out,
 void Camellia_ecb_encrypt(const unsigned char *in, unsigned char *out,
         const CAMELLIA_KEY *key, const int enc);
 void Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out,
-        const unsigned long length, const CAMELLIA_KEY *key,
+        size_t length, const CAMELLIA_KEY *key,
         unsigned char *ivec, const int enc);
 void Camellia_cfb128_encrypt(const unsigned char *in, unsigned char *out,
-        const unsigned long length, const CAMELLIA_KEY *key,
+        size_t length, const CAMELLIA_KEY *key,
         unsigned char *ivec, int *num, const int enc);
 void Camellia_cfb1_encrypt(const unsigned char *in, unsigned char *out,
-        const unsigned long length, const CAMELLIA_KEY *key,
+        size_t length, const CAMELLIA_KEY *key,
         unsigned char *ivec, int *num, const int enc);
 void Camellia_cfb8_encrypt(const unsigned char *in, unsigned char *out,
-        const unsigned long length, const CAMELLIA_KEY *key,
+        size_t length, const CAMELLIA_KEY *key,
         unsigned char *ivec, int *num, const int enc);
-void Camellia_cfbr_encrypt_block(const unsigned char *in,unsigned char *out,
-        const int nbits,const CAMELLIA_KEY *key,
-        unsigned char *ivec,const int enc);
 void Camellia_ofb128_encrypt(const unsigned char *in, unsigned char *out,
-        const unsigned long length, const CAMELLIA_KEY *key,
+        size_t length, const CAMELLIA_KEY *key,
         unsigned char *ivec, int *num);
 void Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out,
-        const unsigned long length, const CAMELLIA_KEY *key,
+        size_t length, const CAMELLIA_KEY *key,
         unsigned char ivec[CAMELLIA_BLOCK_SIZE],
         unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE],
         unsigned int *num);
@@ -131,4 +124,3 @@ void Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out,
 #endif
 
 #endif /* !HEADER_Camellia_H */
-
diff --git a/src/lib/libcrypto/camellia/cmll_cbc.c b/src/lib/libcrypto/camellia/cmll_cbc.c
index 4141a7b59b..4c8d455ade 100644
--- a/src/lib/libcrypto/camellia/cmll_cbc.c
+++ b/src/lib/libcrypto/camellia/cmll_cbc.c
@@ -49,225 +49,16 @@
  *
  */
 
-#ifndef CAMELLIA_DEBUG
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
-#endif
-#include <assert.h>
-#include <stdio.h>
-#include <string.h>
-
 #include <openssl/camellia.h>
-#include "cmll_locl.h"
+#include <openssl/modes.h>
 
 void Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out,
-                     const unsigned long length, const CAMELLIA_KEY *key,
-                     unsigned char *ivec, const int enc) {
-
-        unsigned long n;
-        unsigned long len = length;
-        const unsigned char *iv = ivec;
-        union { u32 t32[CAMELLIA_BLOCK_SIZE/sizeof(u32)];
-                u8  t8 [CAMELLIA_BLOCK_SIZE]; } tmp;
-        const union { long one; char little; } camellia_endian = {1};
-
-
-        assert(in && out && key && ivec);
-        assert((CAMELLIA_ENCRYPT == enc)||(CAMELLIA_DECRYPT == enc));
+        size_t len, const CAMELLIA_KEY *key,
+        unsigned char *ivec, const int enc) 
+        {
 
-        if(((size_t)in|(size_t)out|(size_t)ivec) % sizeof(u32) == 0)
-                {
-                if (CAMELLIA_ENCRYPT == enc)
-                        {
-                        while (len >= CAMELLIA_BLOCK_SIZE)
-                                {
-                                XOR4WORD2((u32 *)out,
-                                        (u32 *)in, (u32 *)iv);
-                                if (camellia_endian.little)
-                                        SWAP4WORD((u32 *)out);
-                                key->enc(key->rd_key, (u32 *)out);
-                                if (camellia_endian.little)
-                                        SWAP4WORD((u32 *)out);
-                                iv = out;
-                                len -= CAMELLIA_BLOCK_SIZE;
-                                in += CAMELLIA_BLOCK_SIZE;
-                                out += CAMELLIA_BLOCK_SIZE;
-                                }
-                        if (len)
-                                {
-                                for(n=0; n < len; ++n)
-                                        out[n] = in[n] ^ iv[n];
-                                for(n=len; n < CAMELLIA_BLOCK_SIZE; ++n)
-                                        out[n] = iv[n];
-                                if (camellia_endian.little)
-                                        SWAP4WORD((u32 *)out);
-                                key->enc(key->rd_key, (u32 *)out);
-                                if (camellia_endian.little)
-                                        SWAP4WORD((u32 *)out);
-                                iv = out;
-                                }
-                        memcpy(ivec,iv,CAMELLIA_BLOCK_SIZE);
-                        }
-                else if (in != out)
-                        {
-                        while (len >= CAMELLIA_BLOCK_SIZE)
-                                {
-                                memcpy(out,in,CAMELLIA_BLOCK_SIZE);
-                                if (camellia_endian.little)
-                                        SWAP4WORD((u32 *)out);
-                                key->dec(key->rd_key,(u32 *)out);
-                                if (camellia_endian.little)
-                                        SWAP4WORD((u32 *)out);
-                                XOR4WORD((u32 *)out, (u32 *)iv);
-                                iv = in;
-                                len -= CAMELLIA_BLOCK_SIZE;
-                                in  += CAMELLIA_BLOCK_SIZE;
-                                out += CAMELLIA_BLOCK_SIZE;
-                                }
-                        if (len)
-                                {
-                                memcpy(tmp.t8, in, CAMELLIA_BLOCK_SIZE);
-                                if (camellia_endian.little)
-                                        SWAP4WORD(tmp.t32);
-                                key->dec(key->rd_key, tmp.t32);
-                                if (camellia_endian.little)
-                                        SWAP4WORD(tmp.t32);
-                                for(n=0; n < len; ++n)
-                                        out[n] = tmp.t8[n] ^ iv[n];
-                                iv = in;
-                                }
-                        memcpy(ivec,iv,CAMELLIA_BLOCK_SIZE);
-                        }
-                else /* in == out */
-                        {
-                        while (len >= CAMELLIA_BLOCK_SIZE)
-                                {
-                                memcpy(tmp.t8, in, CAMELLIA_BLOCK_SIZE);
-                                if (camellia_endian.little)
-                                        SWAP4WORD((u32 *)out);
-                                key->dec(key->rd_key, (u32 *)out);
-                                if (camellia_endian.little)
-                                        SWAP4WORD((u32 *)out);
-                                XOR4WORD((u32 *)out, (u32 *)ivec);
-                                memcpy(ivec, tmp.t8, CAMELLIA_BLOCK_SIZE);
-                                len -= CAMELLIA_BLOCK_SIZE;
-                                in += CAMELLIA_BLOCK_SIZE;
-                                out += CAMELLIA_BLOCK_SIZE;
-                                }
-                        if (len)
-                                {
-                                memcpy(tmp.t8, in, CAMELLIA_BLOCK_SIZE);
-                                if (camellia_endian.little)
-                                        SWAP4WORD((u32 *)out);
-                                key->dec(key->rd_key,(u32 *)out);
-                                if (camellia_endian.little)
-                                        SWAP4WORD((u32 *)out);
-                                for(n=0; n < len; ++n)
-                                        out[n] ^= ivec[n];
-                                for(n=len; n < CAMELLIA_BLOCK_SIZE; ++n)
-                                        out[n] = tmp.t8[n];
-                                memcpy(ivec, tmp.t8, CAMELLIA_BLOCK_SIZE);
-                                }
-                        }
-                }
-        else /* no aligned */
-                {
-                if (CAMELLIA_ENCRYPT == enc)
-                        {
-                        while (len >= CAMELLIA_BLOCK_SIZE)
-                                {
-                                for(n=0; n < CAMELLIA_BLOCK_SIZE; ++n)
-                                        tmp.t8[n] = in[n] ^ iv[n];
-                                if (camellia_endian.little)
-                                        SWAP4WORD(tmp.t32);
-                                key->enc(key->rd_key, tmp.t32);
-                                if (camellia_endian.little)
-                                        SWAP4WORD(tmp.t32);
-                                memcpy(out, tmp.t8, CAMELLIA_BLOCK_SIZE);
-                                iv = out;
-                                len -= CAMELLIA_BLOCK_SIZE;
-                                in += CAMELLIA_BLOCK_SIZE;
-                                out += CAMELLIA_BLOCK_SIZE;
-                                }
-                        if (len)
-                                {
-                                for(n=0; n < len; ++n)
-                                        tmp.t8[n] = in[n] ^ iv[n];
-                                for(n=len; n < CAMELLIA_BLOCK_SIZE; ++n)
-                                        tmp.t8[n] = iv[n];
-                                if (camellia_endian.little)
-                                        SWAP4WORD(tmp.t32);
-                                key->enc(key->rd_key, tmp.t32);
-                                if (camellia_endian.little)
-                                        SWAP4WORD(tmp.t32);
-                                memcpy(out, tmp.t8, CAMELLIA_BLOCK_SIZE);
-                                iv = out;
-                                }
-                        memcpy(ivec,iv,CAMELLIA_BLOCK_SIZE);
-                        }
-                else if (in != out)
-                        {
-                        while (len >= CAMELLIA_BLOCK_SIZE)
-                                {
-                                memcpy(tmp.t8,in,CAMELLIA_BLOCK_SIZE);
-                                if (camellia_endian.little)
-                                        SWAP4WORD(tmp.t32);
-                                key->dec(key->rd_key,tmp.t32);
-                                if (camellia_endian.little)
-                                        SWAP4WORD(tmp.t32);
-                                for(n=0; n < CAMELLIA_BLOCK_SIZE; ++n)
-                                        out[n] = tmp.t8[n] ^ iv[n];
-                                iv = in;
-                                len -= CAMELLIA_BLOCK_SIZE;
-                                in  += CAMELLIA_BLOCK_SIZE;
-                                out += CAMELLIA_BLOCK_SIZE;
-                                }
-                        if (len)
-                                {
-                                memcpy(tmp.t8, in, CAMELLIA_BLOCK_SIZE);
-                                if (camellia_endian.little)
-                                        SWAP4WORD(tmp.t32);
-                                key->dec(key->rd_key, tmp.t32);
-                                if (camellia_endian.little)
-                                        SWAP4WORD(tmp.t32);
-                                for(n=0; n < len; ++n)
-                                        out[n] = tmp.t8[n] ^ iv[n];
-                                iv = in;
-                                }
-                        memcpy(ivec,iv,CAMELLIA_BLOCK_SIZE);
-                        }
-                else
-                        {
-                        while (len >= CAMELLIA_BLOCK_SIZE)
-                                {
-                                memcpy(tmp.t8, in, CAMELLIA_BLOCK_SIZE);
-                                if (camellia_endian.little)
-                                        SWAP4WORD(tmp.t32);
-                                key->dec(key->rd_key, tmp.t32);
-                                if (camellia_endian.little)
-                                        SWAP4WORD(tmp.t32);
-                                for(n=0; n < CAMELLIA_BLOCK_SIZE; ++n)
-                                        tmp.t8[n] ^= ivec[n];
-                                memcpy(ivec, in, CAMELLIA_BLOCK_SIZE);
-                                memcpy(out, tmp.t8, CAMELLIA_BLOCK_SIZE);
-                                len -= CAMELLIA_BLOCK_SIZE;
-                                in += CAMELLIA_BLOCK_SIZE;
-                                out += CAMELLIA_BLOCK_SIZE;
-                                }
-                        if (len)
-                                {
-                                memcpy(tmp.t8, in, CAMELLIA_BLOCK_SIZE);
-                                if (camellia_endian.little)
-                                        SWAP4WORD(tmp.t32);
-                                key->dec(key->rd_key,tmp.t32);
-                                if (camellia_endian.little)
-                                        SWAP4WORD(tmp.t32);
-                                for(n=0; n < len; ++n)
-                                        tmp.t8[n] ^= ivec[n];
-                                memcpy(ivec, in, CAMELLIA_BLOCK_SIZE);
-                                memcpy(out,tmp.t8,len);
-                                }
-                        }
-                }
-}
+        if (enc)
+                CRYPTO_cbc128_encrypt(in,out,len,key,ivec,(block128_f)Camellia_encrypt);
+        else
+                CRYPTO_cbc128_decrypt(in,out,len,key,ivec,(block128_f)Camellia_decrypt);
+        }
diff --git a/src/lib/libcrypto/camellia/cmll_cfb.c b/src/lib/libcrypto/camellia/cmll_cfb.c
index af0f9f49ad..3d81b51d3f 100644
--- a/src/lib/libcrypto/camellia/cmll_cfb.c
+++ b/src/lib/libcrypto/camellia/cmll_cfb.c
@@ -105,17 +105,8 @@
  * [including the GNU Public Licence.]
  */
 
-#ifndef CAMELLIA_DEBUG
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
-#endif
-#include <assert.h>
-#include <string.h>
-
 #include <openssl/camellia.h>
-#include "cmll_locl.h"
-#include "e_os.h"
+#include <openssl/modes.h>
 
 
 /* The input and output encrypted as though 128bit cfb mode is being
@@ -124,112 +115,25 @@
  */
 
 void Camellia_cfb128_encrypt(const unsigned char *in, unsigned char *out,
-        const unsigned long length, const CAMELLIA_KEY *key,
+        size_t length, const CAMELLIA_KEY *key,
         unsigned char *ivec, int *num, const int enc)
         {
 
-        unsigned int n;
-        unsigned long l = length;
-        unsigned char c;
-
-        assert(in && out && key && ivec && num);
-
-        n = *num;
-
-        if (enc) 
-                {
-                while (l--) 
-                        {
-                        if (n == 0) 
-                                {
-                                Camellia_encrypt(ivec, ivec, key);
-                                }
-                        ivec[n] = *(out++) = *(in++) ^ ivec[n];
-                        n = (n+1) % CAMELLIA_BLOCK_SIZE;
-                        }
-                } 
-        else 
-                {
-                while (l--) 
-                        {
-                        if (n == 0) 
-                                {
-                                Camellia_encrypt(ivec, ivec, key);
-                                }
-                        c = *(in);
-                        *(out++) = *(in++) ^ ivec[n];
-                        ivec[n] = c;
-                        n = (n+1) % CAMELLIA_BLOCK_SIZE;
-                        }
-                }
-
-        *num=n;
-        }
-
-/* This expects a single block of size nbits for both in and out. Note that
-   it corrupts any extra bits in the last byte of out */
-void Camellia_cfbr_encrypt_block(const unsigned char *in,unsigned char *out,
-        const int nbits,const CAMELLIA_KEY *key,
-        unsigned char *ivec,const int enc)
-        {
-        int n,rem,num;
-        unsigned char ovec[CAMELLIA_BLOCK_SIZE*2];
-
-        if (nbits<=0 || nbits>128) return;
-
-        /* fill in the first half of the new IV with the current IV */
-        memcpy(ovec,ivec,CAMELLIA_BLOCK_SIZE);
-        /* construct the new IV */
-        Camellia_encrypt(ivec,ivec,key);
-        num = (nbits+7)/8;
-        if (enc)        /* encrypt the input */
-                for(n=0 ; n < num ; ++n)
-                        out[n] = (ovec[CAMELLIA_BLOCK_SIZE+n] = in[n] ^ ivec[n]);
-        else            /* decrypt the input */
-                for(n=0 ; n < num ; ++n)
-                        out[n] = (ovec[CAMELLIA_BLOCK_SIZE+n] = in[n]) ^ ivec[n];
-        /* shift ovec left... */
-        rem = nbits%8;
-        num = nbits/8;
-        if(rem==0)
-                memcpy(ivec,ovec+num,CAMELLIA_BLOCK_SIZE);
-        else
-                for(n=0 ; n < CAMELLIA_BLOCK_SIZE ; ++n)
-                        ivec[n] = ovec[n+num]<<rem | ovec[n+num+1]>>(8-rem);
-
-        /* it is not necessary to cleanse ovec, since the IV is not secret */
+        CRYPTO_cfb128_encrypt(in,out,length,key,ivec,num,enc,(block128_f)Camellia_encrypt);
         }
 
 /* N.B. This expects the input to be packed, MS bit first */
 void Camellia_cfb1_encrypt(const unsigned char *in, unsigned char *out,
-        const unsigned long length, const CAMELLIA_KEY *key,
+        size_t length, const CAMELLIA_KEY *key,
         unsigned char *ivec, int *num, const int enc)
         {
-        unsigned int n;
-        unsigned char c[1],d[1];
-
-        assert(in && out && key && ivec && num);
-        assert(*num == 0);
-
-        memset(out,0,(length+7)/8);
-        for(n=0 ; n < length ; ++n)
-                {
-                c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;
-                Camellia_cfbr_encrypt_block(c,d,1,key,ivec,enc);
-                out[n/8]=(out[n/8]&~(1 << (7-n%8)))|((d[0]&0x80) >> (n%8));
-                }
+        CRYPTO_cfb128_1_encrypt(in,out,length,key,ivec,num,enc,(block128_f)Camellia_encrypt);
         }
 
 void Camellia_cfb8_encrypt(const unsigned char *in, unsigned char *out,
-        const unsigned long length, const CAMELLIA_KEY *key,
+        size_t length, const CAMELLIA_KEY *key,
         unsigned char *ivec, int *num, const int enc)
         {
-        unsigned int n;
-
-        assert(in && out && key && ivec && num);
-        assert(*num == 0);
-
-        for(n=0 ; n < length ; ++n)
-                Camellia_cfbr_encrypt_block(&in[n],&out[n],8,key,ivec,enc);
+        CRYPTO_cfb128_8_encrypt(in,out,length,key,ivec,num,enc,(block128_f)Camellia_encrypt);
         }
 
diff --git a/src/lib/libcrypto/camellia/cmll_ctr.c b/src/lib/libcrypto/camellia/cmll_ctr.c
index cc21b70890..014e621a34 100644
--- a/src/lib/libcrypto/camellia/cmll_ctr.c
+++ b/src/lib/libcrypto/camellia/cmll_ctr.c
@@ -49,95 +49,16 @@
  *
  */
 
-#ifndef CAMELLIA_DEBUG
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
-#endif
-#include <assert.h>
-
 #include <openssl/camellia.h>
-#include "cmll_locl.h"
-
-/* NOTE: the IV/counter CTR mode is big-endian.  The rest of the Camellia code
- * is endian-neutral. */
-/* increment counter (128-bit int) by 1 */
-static void Camellia_ctr128_inc(unsigned char *counter) 
-        {
-        unsigned long c;
-
-        /* Grab bottom dword of counter and increment */
-        c = GETU32(counter + 12);
-        c++;    c &= 0xFFFFFFFF;
-        PUTU32(counter + 12, c);
-
-        /* if no overflow, we're done */
-        if (c)
-                return;
-
-        /* Grab 1st dword of counter and increment */
-        c = GETU32(counter +  8);
-        c++;    c &= 0xFFFFFFFF;
-        PUTU32(counter +  8, c);
-
-        /* if no overflow, we're done */
-        if (c)
-                return;
-
-        /* Grab 2nd dword of counter and increment */
-        c = GETU32(counter +  4);
-        c++;    c &= 0xFFFFFFFF;
-        PUTU32(counter +  4, c);
-
-        /* if no overflow, we're done */
-        if (c)
-                return;
+#include <openssl/modes.h>
 
-        /* Grab top dword of counter and increment */
-        c = GETU32(counter +  0);
-        c++;    c &= 0xFFFFFFFF;
-        PUTU32(counter +  0, c);
-        }
-
-/* The input encrypted as though 128bit counter mode is being
- * used.  The extra state information to record how much of the
- * 128bit block we have used is contained in *num, and the
- * encrypted counter is kept in ecount_buf.  Both *num and
- * ecount_buf must be initialised with zeros before the first
- * call to Camellia_ctr128_encrypt().
- *
- * This algorithm assumes that the counter is in the x lower bits
- * of the IV (ivec), and that the application has full control over
- * overflow and the rest of the IV.  This implementation takes NO
- * responsability for checking that the counter doesn't overflow
- * into the rest of the IV when incremented.
- */
 void Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out,
-        const unsigned long length, const CAMELLIA_KEY *key,
+        size_t length, const CAMELLIA_KEY *key,
         unsigned char ivec[CAMELLIA_BLOCK_SIZE],
         unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE],
         unsigned int *num) 
         {
 
-        unsigned int n;
-        unsigned long l=length;
-
-        assert(in && out && key && counter && num);
-        assert(*num < CAMELLIA_BLOCK_SIZE);
-
-        n = *num;
-
-        while (l--) 
-                {
-                if (n == 0) 
-                        {
-                        Camellia_encrypt(ivec, ecount_buf, key);
-                        Camellia_ctr128_inc(ivec);
-                        }
-                *(out++) = *(in++) ^ ecount_buf[n];
-                n = (n+1) % CAMELLIA_BLOCK_SIZE;
-                }
-
-        *num=n;
+        CRYPTO_ctr128_encrypt(in,out,length,key,ivec,ecount_buf,num,(block128_f)Camellia_encrypt);
         }
 
diff --git a/src/lib/libcrypto/camellia/cmll_locl.h b/src/lib/libcrypto/camellia/cmll_locl.h
index 2ac2e95435..4a4d880d16 100644
--- a/src/lib/libcrypto/camellia/cmll_locl.h
+++ b/src/lib/libcrypto/camellia/cmll_locl.h
@@ -68,98 +68,16 @@
 #ifndef HEADER_CAMELLIA_LOCL_H
 #define HEADER_CAMELLIA_LOCL_H
 
-#include "openssl/e_os2.h"
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
+typedef unsigned int  u32;
 typedef unsigned char u8;
-typedef unsigned int u32;
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64))
-# define SWAP(x) ( _lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00 )
-# define GETU32(p) SWAP(*((u32 *)(p)))
-# define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); }
-# define CAMELLIA_SWAP4(x) (x = ( _lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00) )
-
-#else /* not windows */
-# define GETU32(pt) (((u32)(pt)[0] << 24) \
-        ^ ((u32)(pt)[1] << 16) \
-        ^ ((u32)(pt)[2] <<  8) \
-        ^ ((u32)(pt)[3]))
-
-# define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); \
-        (ct)[1] = (u8)((st) >> 16); \
-        (ct)[2] = (u8)((st) >>  8); \
-        (ct)[3] = (u8)(st); }
-
-#if (defined (__GNUC__) && (defined(__x86_64__) || defined(__x86_64)))
-#define CAMELLIA_SWAP4(x) \
-  do{\
-    asm("bswap %1" : "+r" (x));\
-  }while(0)
-#else
-#define CAMELLIA_SWAP4(x) \
-   do{\
-     x = ((u32)x << 16) + ((u32)x >> 16);\
-     x = (((u32)x & 0xff00ff) << 8) + (((u32)x >> 8) & 0xff00ff);\
-   } while(0)
-#endif
-#endif
-
-#define COPY4WORD(dst, src)      \
-             do                  \
-                     {           \
-                     (dst)[0]=(src)[0];         \
-                     (dst)[1]=(src)[1];         \
-                     (dst)[2]=(src)[2];         \
-                     (dst)[3]=(src)[3];         \
-                     }while(0)
-
-#define SWAP4WORD(word)                         \
-   do                                           \
-           {                                    \
-           CAMELLIA_SWAP4((word)[0]);                   \
-           CAMELLIA_SWAP4((word)[1]);                   \
-           CAMELLIA_SWAP4((word)[2]);                   \
-           CAMELLIA_SWAP4((word)[3]);                   \
-           }while(0)
-
-#define XOR4WORD(a, b)/* a = a ^ b */           \
-   do                                           \
-        {                                       \
-        (a)[0]^=(b)[0];                         \
-        (a)[1]^=(b)[1];                         \
-        (a)[2]^=(b)[2];                         \
-        (a)[3]^=(b)[3];                         \
-        }while(0)
-
-#define XOR4WORD2(a, b, c)/* a = b ^ c */       \
-   do                                           \
-        {                                       \
-        (a)[0]=(b)[0]^(c)[0];                   \
-        (a)[1]=(b)[1]^(c)[1];                           \
-        (a)[2]=(b)[2]^(c)[2];                           \
-        (a)[3]=(b)[3]^(c)[3];                           \
-        }while(0)
-
-
-void camellia_setup128(const u8 *key, u32 *subkey);
-void camellia_setup192(const u8 *key, u32 *subkey);
-void camellia_setup256(const u8 *key, u32 *subkey);
-
-void camellia_encrypt128(const u32 *subkey, u32 *io);
-void camellia_decrypt128(const u32 *subkey, u32 *io);
-void camellia_encrypt256(const u32 *subkey, u32 *io);
-void camellia_decrypt256(const u32 *subkey, u32 *io);
-
-#ifdef __cplusplus
-}
-#endif
 
+int Camellia_Ekeygen(int keyBitLength, const u8 *rawKey, KEY_TABLE_TYPE keyTable);
+void Camellia_EncryptBlock_Rounds(int grandRounds, const u8 plaintext[], 
+                const KEY_TABLE_TYPE keyTable, u8 ciphertext[]);
+void Camellia_DecryptBlock_Rounds(int grandRounds, const u8 ciphertext[], 
+                const KEY_TABLE_TYPE keyTable, u8 plaintext[]);
+void Camellia_EncryptBlock(int keyBitLength, const u8 plaintext[], 
+                const KEY_TABLE_TYPE keyTable, u8 ciphertext[]);
+void Camellia_DecryptBlock(int keyBitLength, const u8 ciphertext[], 
+                const KEY_TABLE_TYPE keyTable, u8 plaintext[]);
 #endif /* #ifndef HEADER_CAMELLIA_LOCL_H */
-
diff --git a/src/lib/libcrypto/camellia/cmll_misc.c b/src/lib/libcrypto/camellia/cmll_misc.c
index 2cd7aba9bb..f44689124b 100644
--- a/src/lib/libcrypto/camellia/cmll_misc.c
+++ b/src/lib/libcrypto/camellia/cmll_misc.c
@@ -52,78 +52,28 @@
 #include <openssl/opensslv.h>
 #include <openssl/camellia.h>
 #include "cmll_locl.h"
-#include <openssl/crypto.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 
 const char CAMELLIA_version[]="CAMELLIA" OPENSSL_VERSION_PTEXT;
 
 int Camellia_set_key(const unsigned char *userKey, const int bits,
         CAMELLIA_KEY *key)
-#ifdef OPENSSL_FIPS
         {
-        if (FIPS_mode())
-                FIPS_BAD_ABORT(CAMELLIA)
-        return private_Camellia_set_key(userKey, bits, key);
-        }
-int private_Camellia_set_key(const unsigned char *userKey, const int bits,
-        CAMELLIA_KEY *key)
-#endif
-        {
-        if (!userKey || !key)
-                {
+        if(!userKey || !key)
                 return -1;
-                }
-        
-        switch(bits)
-                {
-        case 128:
-                camellia_setup128(userKey, (unsigned int *)key->rd_key);
-                key->enc = camellia_encrypt128;
-                key->dec = camellia_decrypt128;
-                break;
-        case 192:
-                camellia_setup192(userKey, (unsigned int *)key->rd_key);
-                key->enc = camellia_encrypt256;
-                key->dec = camellia_decrypt256;
-                break;
-        case 256:
-                camellia_setup256(userKey, (unsigned int *)key->rd_key);
-                key->enc = camellia_encrypt256;
-                key->dec = camellia_decrypt256;
-                break;
-        default:
+        if(bits != 128 && bits != 192 && bits != 256)
                 return -2;
-                }
-        
-        key->bitLength = bits;
+        key->grand_rounds = Camellia_Ekeygen(bits , userKey, key->u.rd_key);
         return 0;
         }
 
 void Camellia_encrypt(const unsigned char *in, unsigned char *out,
         const CAMELLIA_KEY *key)
         {
-        u32 tmp[CAMELLIA_BLOCK_SIZE/sizeof(u32)];
-        const union { long one; char little; } camellia_endian = {1};
-
-        memcpy(tmp, in, CAMELLIA_BLOCK_SIZE);
-        if (camellia_endian.little) SWAP4WORD(tmp);
-        key->enc(key->rd_key, tmp);
-        if (camellia_endian.little) SWAP4WORD(tmp);
-        memcpy(out, tmp, CAMELLIA_BLOCK_SIZE);
+        Camellia_EncryptBlock_Rounds(key->grand_rounds, in , key->u.rd_key , out);
         }
 
 void Camellia_decrypt(const unsigned char *in, unsigned char *out,
         const CAMELLIA_KEY *key)
         {
-        u32 tmp[CAMELLIA_BLOCK_SIZE/sizeof(u32)];
-        const union { long one; char little; } camellia_endian = {1};
-
-        memcpy(tmp, in, CAMELLIA_BLOCK_SIZE);
-        if (camellia_endian.little) SWAP4WORD(tmp);
-        key->dec(key->rd_key, tmp);
-        if (camellia_endian.little) SWAP4WORD(tmp);
-        memcpy(out, tmp, CAMELLIA_BLOCK_SIZE);
+        Camellia_DecryptBlock_Rounds(key->grand_rounds, in , key->u.rd_key , out);
         }
-
diff --git a/src/lib/libcrypto/camellia/cmll_ofb.c b/src/lib/libcrypto/camellia/cmll_ofb.c
index d89cf9f3b3..a482befc74 100644
--- a/src/lib/libcrypto/camellia/cmll_ofb.c
+++ b/src/lib/libcrypto/camellia/cmll_ofb.c
@@ -105,37 +105,15 @@
  * [including the GNU Public Licence.]
  */
 
-#ifndef CAMELLIA_DEBUG
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
-#endif
-#include <assert.h>
 #include <openssl/camellia.h>
-#include "cmll_locl.h"
+#include <openssl/modes.h>
 
 /* The input and output encrypted as though 128bit ofb mode is being
  * used.  The extra state information to record how much of the
  * 128bit block we have used is contained in *num;
  */
 void Camellia_ofb128_encrypt(const unsigned char *in, unsigned char *out,
-        const unsigned long length, const CAMELLIA_KEY *key,
+        size_t length, const CAMELLIA_KEY *key,
         unsigned char *ivec, int *num) {
-
-        unsigned int n;
-        unsigned long l=length;
-
-        assert(in && out && key && ivec && num);
-
-        n = *num;
-
-        while (l--) {
-                if (n == 0) {
-                        Camellia_encrypt(ivec, ivec, key);
-                }
-                *(out++) = *(in++) ^ ivec[n];
-                n = (n+1) % CAMELLIA_BLOCK_SIZE;
-        }
-
-        *num=n;
+        CRYPTO_ofb128_encrypt(in,out,length,key,ivec,num,(block128_f)Camellia_encrypt);
 }
diff --git a/src/lib/libcrypto/cms/cms.h b/src/lib/libcrypto/cms/cms.h
index 25f88745f2..09c45d0412 100644
--- a/src/lib/libcrypto/cms/cms.h
+++ b/src/lib/libcrypto/cms/cms.h
@@ -76,8 +76,9 @@ typedef struct CMS_Receipt_st CMS_Receipt;
 
 DECLARE_STACK_OF(CMS_SignerInfo)
 DECLARE_STACK_OF(GENERAL_NAMES)
-DECLARE_ASN1_FUNCTIONS_const(CMS_ContentInfo)
-DECLARE_ASN1_FUNCTIONS_const(CMS_ReceiptRequest)
+DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
+DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest)
+DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
 
 #define CMS_SIGNERINFO_ISSUER_SERIAL    0
 #define CMS_SIGNERINFO_KEYIDENTIFIER    1
@@ -124,9 +125,13 @@ int CMS_set_detached(CMS_ContentInfo *cms, int detached);
 DECLARE_PEM_rw_const(CMS, CMS_ContentInfo)
 #endif
 
+int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms);
 CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms);
 int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms);
 
+BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms);
+int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags);
+int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags);
 CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont);
 int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);
 
@@ -230,6 +235,7 @@ STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms);
 
 CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms);
 int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl);
+int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl);
 STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms);
 
 int CMS_SignedData_init(CMS_ContentInfo *cms);
diff --git a/src/lib/libcrypto/cms/cms_asn1.c b/src/lib/libcrypto/cms/cms_asn1.c
index 7664921861..fcba4dcbcc 100644
--- a/src/lib/libcrypto/cms/cms_asn1.c
+++ b/src/lib/libcrypto/cms/cms_asn1.c
@@ -87,7 +87,8 @@ ASN1_NDEF_SEQUENCE(CMS_EncapsulatedContentInfo) = {
 } ASN1_NDEF_SEQUENCE_END(CMS_EncapsulatedContentInfo)
 
 /* Minor tweak to operation: free up signer key, cert */
-static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                                                        void *exarg)
         {
         if(operation == ASN1_OP_FREE_POST)
                 {
@@ -130,8 +131,8 @@ ASN1_NDEF_SEQUENCE(CMS_SignedData) = {
 } ASN1_NDEF_SEQUENCE_END(CMS_SignedData)
 
 ASN1_SEQUENCE(CMS_OriginatorInfo) = {
-        ASN1_IMP_SET_OF_OPT(CMS_SignedData, certificates, CMS_CertificateChoices, 0),
-        ASN1_IMP_SET_OF_OPT(CMS_SignedData, crls, CMS_RevocationInfoChoice, 1)
+        ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, certificates, CMS_CertificateChoices, 0),
+        ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, crls, CMS_RevocationInfoChoice, 1)
 } ASN1_SEQUENCE_END(CMS_OriginatorInfo)
 
 ASN1_NDEF_SEQUENCE(CMS_EncryptedContentInfo) = {
@@ -213,7 +214,8 @@ ASN1_SEQUENCE(CMS_OtherRecipientInfo) = {
 } ASN1_SEQUENCE_END(CMS_OtherRecipientInfo)
 
 /* Free up RecipientInfo additional data */
-static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                                                        void *exarg)
         {
         if(operation == ASN1_OP_FREE_PRE)
                 {
@@ -300,10 +302,42 @@ ASN1_ADB(CMS_ContentInfo) = {
         ADB_ENTRY(NID_id_smime_ct_compressedData, ASN1_NDEF_EXP(CMS_ContentInfo, d.compressedData, CMS_CompressedData, 0)),
 } ASN1_ADB_END(CMS_ContentInfo, 0, contentType, 0, &cms_default_tt, NULL);
 
-ASN1_NDEF_SEQUENCE(CMS_ContentInfo) = {
+/* CMS streaming support */
+static int cms_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                                                        void *exarg)
+        {
+        ASN1_STREAM_ARG *sarg = exarg;
+        CMS_ContentInfo *cms = NULL;
+        if (pval)
+                cms = (CMS_ContentInfo *)*pval;
+        else
+                return 1;
+        switch(operation)
+                {
+
+                case ASN1_OP_STREAM_PRE:
+                if (CMS_stream(&sarg->boundary, cms) <= 0)
+                        return 0;
+                case ASN1_OP_DETACHED_PRE:
+                sarg->ndef_bio = CMS_dataInit(cms, sarg->out);
+                if (!sarg->ndef_bio)
+                        return 0;
+                break;
+
+                case ASN1_OP_STREAM_POST:
+                case ASN1_OP_DETACHED_POST:
+                if (CMS_dataFinal(cms, sarg->ndef_bio) <= 0)
+                        return 0;
+                break;
+
+                }
+        return 1;
+        }
+
+ASN1_NDEF_SEQUENCE_cb(CMS_ContentInfo, cms_cb) = {
         ASN1_SIMPLE(CMS_ContentInfo, contentType, ASN1_OBJECT),
         ASN1_ADB_OBJECT(CMS_ContentInfo)
-} ASN1_NDEF_SEQUENCE_END(CMS_ContentInfo)
+} ASN1_NDEF_SEQUENCE_END_cb(CMS_ContentInfo, CMS_ContentInfo)
 
 /* Specials for signed attributes */
 
diff --git a/src/lib/libcrypto/cms/cms_env.c b/src/lib/libcrypto/cms/cms_env.c
index d499ae85b4..b3237d4b94 100644
--- a/src/lib/libcrypto/cms/cms_env.c
+++ b/src/lib/libcrypto/cms/cms_env.c
@@ -60,6 +60,7 @@
 #include <openssl/rand.h>
 #include <openssl/aes.h>
 #include "cms_lcl.h"
+#include "asn1_locl.h"
 
 /* CMS EnvelopedData Utilities */
 
@@ -151,7 +152,7 @@ CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
         CMS_KeyTransRecipientInfo *ktri;
         CMS_EnvelopedData *env;
         EVP_PKEY *pk = NULL;
-        int type;
+        int i, type;
         env = cms_get0_enveloped(cms);
         if (!env)
                 goto err;
@@ -200,21 +201,22 @@ CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
         if (!cms_set1_SignerIdentifier(ktri->rid, recip, type))
                 goto err;
 
-        /* Since we have no EVP_PKEY_ASN1_METHOD in OpenSSL 0.9.8,
-         * hard code algorithm parameters.
-         */
-
-        if (pk->type == EVP_PKEY_RSA)
-                {
-                X509_ALGOR_set0(ktri->keyEncryptionAlgorithm,
-                                        OBJ_nid2obj(NID_rsaEncryption), 
-                                        V_ASN1_NULL, 0);
-                }
-        else
+        if (pk->ameth && pk->ameth->pkey_ctrl)
                 {
-                CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
+                i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_ENVELOPE,
+                                                0, ri);
+                if (i == -2)
+                        {
+                        CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
                                 CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
-                goto err;
+                        goto err;
+                        }
+                if (i <= 0)
+                        {
+                        CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
+                                CMS_R_CTRL_FAILURE);
+                        goto err;
+                        }
                 }
 
         if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
@@ -301,8 +303,9 @@ static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms,
         {
         CMS_KeyTransRecipientInfo *ktri;
         CMS_EncryptedContentInfo *ec;
+        EVP_PKEY_CTX *pctx = NULL;
         unsigned char *ek = NULL;
-        int eklen;
+        size_t eklen;
 
         int ret = 0;
 
@@ -315,7 +318,22 @@ static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms,
         ktri = ri->d.ktri;
         ec = cms->d.envelopedData->encryptedContentInfo;
 
-        eklen = EVP_PKEY_size(ktri->pkey);
+        pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL);
+        if (!pctx)
+                return 0;
+
+        if (EVP_PKEY_encrypt_init(pctx) <= 0)
+                goto err;
+
+        if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT,
+                                EVP_PKEY_CTRL_CMS_ENCRYPT, 0, ri) <= 0)
+                {
+                CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, CMS_R_CTRL_ERROR);
+                goto err;
+                }
+
+        if (EVP_PKEY_encrypt(pctx, NULL, &eklen, ec->key, ec->keylen) <= 0)
+                goto err;
 
         ek = OPENSSL_malloc(eklen);
 
@@ -326,9 +344,7 @@ static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms,
                 goto err;
                 }
 
-        eklen = EVP_PKEY_encrypt(ek, ec->key, ec->keylen, ktri->pkey);
-
-        if (eklen <= 0)
+        if (EVP_PKEY_encrypt(pctx, ek, &eklen, ec->key, ec->keylen) <= 0)
                 goto err;
 
         ASN1_STRING_set0(ktri->encryptedKey, ek, eklen);
@@ -337,6 +353,8 @@ static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms,
         ret = 1;
 
         err:
+        if (pctx)
+                EVP_PKEY_CTX_free(pctx);
         if (ek)
                 OPENSSL_free(ek);
         return ret;
@@ -349,8 +367,9 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
                                                         CMS_RecipientInfo *ri)
         {
         CMS_KeyTransRecipientInfo *ktri = ri->d.ktri;
+        EVP_PKEY_CTX *pctx = NULL;
         unsigned char *ek = NULL;
-        int eklen;
+        size_t eklen;
         int ret = 0;
 
         if (ktri->pkey == NULL)
@@ -360,7 +379,24 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
                 return 0;
                 }
 
-        eklen = EVP_PKEY_size(ktri->pkey);
+        pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL);
+        if (!pctx)
+                return 0;
+
+        if (EVP_PKEY_decrypt_init(pctx) <= 0)
+                goto err;
+
+        if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DECRYPT,
+                                EVP_PKEY_CTRL_CMS_DECRYPT, 0, ri) <= 0)
+                {
+                CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CTRL_ERROR);
+                goto err;
+                }
+
+        if (EVP_PKEY_decrypt(pctx, NULL, &eklen,
+                                ktri->encryptedKey->data,
+                                ktri->encryptedKey->length) <= 0)
+                goto err;
 
         ek = OPENSSL_malloc(eklen);
 
@@ -371,10 +407,9 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
                 goto err;
                 }
 
-        eklen = EVP_PKEY_decrypt(ek, 
+        if (EVP_PKEY_decrypt(pctx, ek, &eklen,
                                 ktri->encryptedKey->data,
-                                ktri->encryptedKey->length, ktri->pkey);
-        if (eklen <= 0)
+                                ktri->encryptedKey->length) <= 0)
                 {
                 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CMS_LIB);
                 goto err;
@@ -386,6 +421,8 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
         cms->d.envelopedData->encryptedContentInfo->keylen = eklen;
 
         err:
+        if (pctx)
+                EVP_PKEY_CTX_free(pctx);
         if (!ret && ek)
                 OPENSSL_free(ek);
 
diff --git a/src/lib/libcrypto/cms/cms_err.c b/src/lib/libcrypto/cms/cms_err.c
index 52fa53954f..ff7b0309e5 100644
--- a/src/lib/libcrypto/cms/cms_err.c
+++ b/src/lib/libcrypto/cms/cms_err.c
@@ -1,6 +1,6 @@
 /* crypto/cms/cms_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -133,7 +133,7 @@ static ERR_STRING_DATA CMS_str_functs[]=
 {ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CERT),    "CMS_SIGNERINFO_VERIFY_CERT"},
 {ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT), "CMS_SignerInfo_verify_content"},
 {ERR_FUNC(CMS_F_CMS_SIGN_RECEIPT),      "CMS_sign_receipt"},
-{ERR_FUNC(CMS_F_CMS_STREAM),    "CMS_STREAM"},
+{ERR_FUNC(CMS_F_CMS_STREAM),    "CMS_stream"},
 {ERR_FUNC(CMS_F_CMS_UNCOMPRESS),        "CMS_uncompress"},
 {ERR_FUNC(CMS_F_CMS_VERIFY),    "CMS_verify"},
 {0,NULL}
diff --git a/src/lib/libcrypto/cms/cms_ess.c b/src/lib/libcrypto/cms/cms_ess.c
index ed34ff3228..90c0b82fb5 100644
--- a/src/lib/libcrypto/cms/cms_ess.c
+++ b/src/lib/libcrypto/cms/cms_ess.c
@@ -63,7 +63,7 @@
 DECLARE_ASN1_ITEM(CMS_ReceiptRequest)
 DECLARE_ASN1_ITEM(CMS_Receipt)
 
-IMPLEMENT_ASN1_FUNCTIONS_const(CMS_ReceiptRequest)
+IMPLEMENT_ASN1_FUNCTIONS(CMS_ReceiptRequest)
 
 /* ESS services: for now just Signed Receipt related */
 
@@ -344,7 +344,7 @@ int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms)
 
         /* Get original receipt request details */
 
-        if (!CMS_get1_ReceiptRequest(osi, &rr))
+        if (CMS_get1_ReceiptRequest(osi, &rr) <= 0)
                 {
                 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_RECEIPT_REQUEST);
                 goto err;
@@ -385,7 +385,7 @@ ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si)
 
         /* Get original receipt request details */
 
-        if (!CMS_get1_ReceiptRequest(si, &rr))
+        if (CMS_get1_ReceiptRequest(si, &rr) <= 0)
                 {
                 CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_RECEIPT_REQUEST);
                 goto err;
diff --git a/src/lib/libcrypto/cms/cms_io.c b/src/lib/libcrypto/cms/cms_io.c
index 30f5ddfe6d..1cb0264cc5 100644
--- a/src/lib/libcrypto/cms/cms_io.c
+++ b/src/lib/libcrypto/cms/cms_io.c
@@ -58,6 +58,25 @@
 #include "cms.h"
 #include "cms_lcl.h"
 
+int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms)
+        {
+        ASN1_OCTET_STRING **pos;
+        pos = CMS_get0_content(cms);
+        if (!pos)
+                return 0;
+        if (!*pos)
+                *pos = ASN1_OCTET_STRING_new();
+        if (*pos)
+                {
+                (*pos)->flags |= ASN1_STRING_FLAG_NDEF;
+                (*pos)->flags &= ~ASN1_STRING_FLAG_CONT;
+                *boundary = &(*pos)->data;
+                return 1;
+                }
+        CMSerr(CMS_F_CMS_STREAM, ERR_R_MALLOC_FAILURE);
+        return 0;
+        }
+
 CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms)
         {
         return ASN1_item_d2i_bio(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms);
@@ -70,52 +89,26 @@ int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms)
 
 IMPLEMENT_PEM_rw_const(CMS, CMS_ContentInfo, PEM_STRING_CMS, CMS_ContentInfo)
 
-/* Callback for int_smime_write_ASN1 */
-
-static int cms_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
-                                        const ASN1_ITEM *it)
+BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms) 
         {
-        CMS_ContentInfo *cms = (CMS_ContentInfo *)val;
-        BIO *tmpbio, *cmsbio;
-        int r = 0;
-
-        if (!(flags & SMIME_DETACHED))
-                {
-                SMIME_crlf_copy(data, out, flags);
-                return 1;
-                }
-
-        /* Let CMS code prepend any needed BIOs */
-
-        cmsbio = CMS_dataInit(cms, out);
-
-        if (!cmsbio)
-                return 0;
-
-        /* Copy data across, passing through filter BIOs for processing */
-        SMIME_crlf_copy(data, cmsbio, flags);
-
-        /* Finalize structure */
-        if (CMS_dataFinal(cms, cmsbio) <= 0)
-                goto err;
-
-        r = 1;
-
-        err:
-
-        /* Now remove any digests prepended to the BIO */
-
-        while (cmsbio != out)
-                {
-                tmpbio = BIO_pop(cmsbio);
-                BIO_free(cmsbio);
-                cmsbio = tmpbio;
-                }
+        return BIO_new_NDEF(out, (ASN1_VALUE *)cms,
+                                ASN1_ITEM_rptr(CMS_ContentInfo));
+        }
 
-        return 1;
+/* CMS wrappers round generalised stream and MIME routines */
 
+int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags)
+        {
+        return i2d_ASN1_bio_stream(out, (ASN1_VALUE *)cms, in, flags,
+                                        ASN1_ITEM_rptr(CMS_ContentInfo));
         }
 
+int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags)
+        {
+        return PEM_write_bio_ASN1_stream(out, (ASN1_VALUE *) cms, in, flags,
+                                        "CMS",
+                                        ASN1_ITEM_rptr(CMS_ContentInfo));
+        }
 
 int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags)
         {
@@ -127,9 +120,8 @@ int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags)
         else
                 mdalgs = NULL;
 
-        return int_smime_write_ASN1(bio, (ASN1_VALUE *)cms, data, flags,
+        return SMIME_write_ASN1(bio, (ASN1_VALUE *)cms, data, flags,
                                         ctype_nid, econt_nid, mdalgs,
-                                        cms_output_data,
                                         ASN1_ITEM_rptr(CMS_ContentInfo));       
         }
 
@@ -138,3 +130,4 @@ CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont)
         return (CMS_ContentInfo *)SMIME_read_ASN1(bio, bcont,
                                         ASN1_ITEM_rptr(CMS_ContentInfo));
         }
+
diff --git a/src/lib/libcrypto/cms/cms_lcl.h b/src/lib/libcrypto/cms/cms_lcl.h
index 7d60fac67e..c8ecfa724a 100644
--- a/src/lib/libcrypto/cms/cms_lcl.h
+++ b/src/lib/libcrypto/cms/cms_lcl.h
@@ -406,6 +406,7 @@ struct CMS_Receipt_st
         ASN1_OCTET_STRING *originatorSignatureValue;
         };
 
+DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
 DECLARE_ASN1_ITEM(CMS_SignerInfo)
 DECLARE_ASN1_ITEM(CMS_IssuerAndSerialNumber)
 DECLARE_ASN1_ITEM(CMS_Attributes_Sign)
diff --git a/src/lib/libcrypto/cms/cms_lib.c b/src/lib/libcrypto/cms/cms_lib.c
index 8e6c1d29a5..d00fe0f87b 100644
--- a/src/lib/libcrypto/cms/cms_lib.c
+++ b/src/lib/libcrypto/cms/cms_lib.c
@@ -60,7 +60,8 @@
 #include "cms.h"
 #include "cms_lcl.h"
 
-IMPLEMENT_ASN1_FUNCTIONS_const(CMS_ContentInfo)
+IMPLEMENT_ASN1_FUNCTIONS(CMS_ContentInfo)
+IMPLEMENT_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
 
 DECLARE_ASN1_ITEM(CMS_CertificateChoices)
 DECLARE_ASN1_ITEM(CMS_RevocationInfoChoice)
@@ -346,20 +347,10 @@ void cms_DigestAlgorithm_set(X509_ALGOR *alg, const EVP_MD *md)
         {
         int param_type;
 
-        switch (EVP_MD_type(md))
-                {
-                case NID_sha1:
-                case NID_sha224:
-                case NID_sha256:
-                case NID_sha384:
-                case NID_sha512:
+        if (md->flags & EVP_MD_FLAG_DIGALGID_ABSENT)
                 param_type = V_ASN1_UNDEF;
-                break;
-        
-                default:
+        else
                 param_type = V_ASN1_NULL;
-                break;
-                }
 
         X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_type(md)), param_type, NULL);
 
@@ -415,7 +406,11 @@ int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
                         return 0;
                         }
                 BIO_get_md_ctx(chain, &mtmp);
-                if (EVP_MD_CTX_type(mtmp) == nid)
+                if (EVP_MD_CTX_type(mtmp) == nid
+                /* Workaround for broken implementations that use signature
+                 * algorithm  OID instead of digest.
+                 */
+                        || EVP_MD_pkey_type(EVP_MD_CTX_md(mtmp)) == nid)
                         {
                         EVP_MD_CTX_copy_ex(mctx, mtmp);
                         return 1;
@@ -557,6 +552,15 @@ int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl)
         return 1;
         }
 
+int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl)
+        {
+        int r;
+        r = CMS_add0_crl(cms, crl);
+        if (r > 0)
+                CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL);
+        return r;
+        }
+
 STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms)
         {
         STACK_OF(X509) *certs = NULL;
diff --git a/src/lib/libcrypto/cms/cms_sd.c b/src/lib/libcrypto/cms/cms_sd.c
index cdac3b870d..e3192b9c57 100644
--- a/src/lib/libcrypto/cms/cms_sd.c
+++ b/src/lib/libcrypto/cms/cms_sd.c
@@ -58,6 +58,7 @@
 #include <openssl/err.h>
 #include <openssl/cms.h>
 #include "cms_lcl.h"
+#include "asn1_locl.h"
 
 /* CMS SignedData Utilities */
 
@@ -218,10 +219,9 @@ int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type)
                 if (!X509_NAME_set(&sid->d.issuerAndSerialNumber->issuer,
                                         X509_get_issuer_name(cert)))
                         goto merr;
-                ASN1_STRING_free(sid->d.issuerAndSerialNumber->serialNumber);
-                sid->d.issuerAndSerialNumber->serialNumber =
-                                ASN1_STRING_dup(X509_get_serialNumber(cert));
-                if(!sid->d.issuerAndSerialNumber->serialNumber)
+                if (!ASN1_STRING_copy(
+                        sid->d.issuerAndSerialNumber->serialNumber,
+                                X509_get_serialNumber(cert)))
                         goto merr;
                 break;
 
@@ -341,16 +341,22 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
         if (!cms_set1_SignerIdentifier(si->sid, signer, type))
                 goto err;
 
-        /* Since no EVP_PKEY_METHOD in 0.9.8 hard code SHA1 as default */
         if (md == NULL)
-                md = EVP_sha1();
-
-        /* OpenSSL 0.9.8 only supports SHA1 with non-RSA keys */
+                {
+                int def_nid;
+                if (EVP_PKEY_get_default_digest_nid(pk, &def_nid) <= 0)
+                        goto err;
+                md = EVP_get_digestbynid(def_nid);
+                if (md == NULL)
+                        {
+                        CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_NO_DEFAULT_DIGEST);
+                        goto err;
+                        }
+                }
 
-        if ((pk->type != EVP_PKEY_RSA) && (EVP_MD_type(md) != NID_sha1))
+        if (!md)
                 {
-                CMSerr(CMS_F_CMS_ADD1_SIGNER,
-                                CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
+                CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_NO_DIGEST_SET);
                 goto err;
                 }
 
@@ -379,37 +385,21 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
                         }
                 }
 
-        /* Since we have no EVP_PKEY_ASN1_METHOD in OpenSSL 0.9.8,
-         * hard code algorithm parameters.
-         */
-
-        switch (pk->type)
+        if (pk->ameth && pk->ameth->pkey_ctrl)
                 {
-
-                case EVP_PKEY_RSA:
-                X509_ALGOR_set0(si->signatureAlgorithm,
-                                        OBJ_nid2obj(NID_rsaEncryption),
-                                        V_ASN1_NULL, 0);
-                break;
-
-                case EVP_PKEY_DSA:
-                X509_ALGOR_set0(si->signatureAlgorithm,
-                                        OBJ_nid2obj(NID_dsaWithSHA1),
-                                        V_ASN1_UNDEF, 0);
-                break;
-
-
-                case EVP_PKEY_EC:
-                X509_ALGOR_set0(si->signatureAlgorithm,
-                                        OBJ_nid2obj(NID_ecdsa_with_SHA1),
-                                        V_ASN1_UNDEF, 0);
-                break;
-
-                default:
-                CMSerr(CMS_F_CMS_ADD1_SIGNER,
+                i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_SIGN,
+                                                0, si);
+                if (i == -2)
+                        {
+                        CMSerr(CMS_F_CMS_ADD1_SIGNER,
                                 CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
-                goto err;
-
+                        goto err;
+                        }
+                if (i <= 0)
+                        {
+                        CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_CTRL_FAILURE);
+                        goto err;
+                        }
                 }
 
         if (!(flags & CMS_NOATTR))
@@ -626,25 +616,6 @@ void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, X509 **signer,
                 *psig = si->signatureAlgorithm;
         }
 
-/* In OpenSSL 0.9.8 we have the link between digest types and public
- * key types so we need to fixup the digest type if the public key
- * type is not appropriate.
- */
-
-static void cms_fixup_mctx(EVP_MD_CTX *mctx, EVP_PKEY *pkey)
-        {
-        if (EVP_MD_CTX_type(mctx) != NID_sha1)
-                return;
-#ifndef OPENSSL_NO_DSA
-        if (pkey->type == EVP_PKEY_DSA)
-                mctx->digest = EVP_dss1();      
-#endif
-#ifndef OPENSSL_NO_ECDSA
-        if (pkey->type == EVP_PKEY_EC)
-                mctx->digest = EVP_ecdsa();     
-#endif
-        }
-
 static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
                                         CMS_SignerInfo *si, BIO *chain)
         {
@@ -693,7 +664,6 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
                                         ERR_R_MALLOC_FAILURE);
                         goto err;
                         }
-                cms_fixup_mctx(&mctx, si->pkey);
                 if (!EVP_SignFinal(&mctx, sig, &siglen, si->pkey))
                         {
                         CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN,
@@ -731,9 +701,10 @@ int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain)
 int CMS_SignerInfo_sign(CMS_SignerInfo *si)
         {
         EVP_MD_CTX mctx;
+        EVP_PKEY_CTX *pctx;
         unsigned char *abuf = NULL;
         int alen;
-        unsigned int siglen;
+        size_t siglen;
         const EVP_MD *md = NULL;
 
         md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
@@ -748,40 +719,38 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si)
                         goto err;
                 }
 
-        if (EVP_SignInit_ex(&mctx, md, NULL) <= 0)
+        if (EVP_DigestSignInit(&mctx, &pctx, md, NULL, si->pkey) <= 0)
                 goto err;
 
-#if 0
         if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
                                 EVP_PKEY_CTRL_CMS_SIGN, 0, si) <= 0)
                 {
                 CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR);
                 goto err;
                 }
-#endif
 
         alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs,&abuf,
                                 ASN1_ITEM_rptr(CMS_Attributes_Sign));
         if(!abuf)
                 goto err;
-        if (EVP_SignUpdate(&mctx, abuf, alen) <= 0)
+        if (EVP_DigestSignUpdate(&mctx, abuf, alen) <= 0)
+                goto err;
+        if (EVP_DigestSignFinal(&mctx, NULL, &siglen) <= 0)
                 goto err;
-        siglen = EVP_PKEY_size(si->pkey);
         OPENSSL_free(abuf);
         abuf = OPENSSL_malloc(siglen);
         if(!abuf)
                 goto err;
-        cms_fixup_mctx(&mctx, si->pkey);
-        if (EVP_SignFinal(&mctx, abuf, &siglen, si->pkey) <= 0)
+        if (EVP_DigestSignFinal(&mctx, abuf, &siglen) <= 0)
                 goto err;
-#if 0
+
         if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
                                 EVP_PKEY_CTRL_CMS_SIGN, 1, si) <= 0)
                 {
                 CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR);
                 goto err;
                 }
-#endif
+
         EVP_MD_CTX_cleanup(&mctx);
 
         ASN1_STRING_set0(si->signature, abuf, siglen);
@@ -799,6 +768,7 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si)
 int CMS_SignerInfo_verify(CMS_SignerInfo *si)
         {
         EVP_MD_CTX mctx;
+        EVP_PKEY_CTX *pctx;
         unsigned char *abuf = NULL;
         int alen, r = -1;
         const EVP_MD *md = NULL;
@@ -813,23 +783,22 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si)
         if (md == NULL)
                 return -1;
         EVP_MD_CTX_init(&mctx);
-        if (EVP_VerifyInit_ex(&mctx, md, NULL) <= 0)
+        if (EVP_DigestVerifyInit(&mctx, &pctx, md, NULL, si->pkey) <= 0)
                 goto err;
 
         alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs,&abuf,
                                 ASN1_ITEM_rptr(CMS_Attributes_Verify));
         if(!abuf)
                 goto err;
-        r = EVP_VerifyUpdate(&mctx, abuf, alen);
+        r = EVP_DigestVerifyUpdate(&mctx, abuf, alen);
         OPENSSL_free(abuf);
         if (r <= 0)
                 {
                 r = -1;
                 goto err;
                 }
-        cms_fixup_mctx(&mctx, si->pkey);
-        r = EVP_VerifyFinal(&mctx,
-                        si->signature->data, si->signature->length, si->pkey);
+        r = EVP_DigestVerifyFinal(&mctx,
+                        si->signature->data, si->signature->length);
         if (r <= 0)
                 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_VERIFICATION_FAILURE);
         err:
@@ -922,7 +891,6 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
                 }
         else
                 {
-                cms_fixup_mctx(&mctx, si->pkey);
                 r = EVP_VerifyFinal(&mctx, si->signature->data,
                                         si->signature->length, si->pkey);
                 if (r <= 0)
@@ -991,17 +959,19 @@ static int cms_add_cipher_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg)
                 return CMS_add_simple_smimecap(sk, nid, arg);
         return 1;
         }
-#if 0
+
 static int cms_add_digest_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg)
         {
         if (EVP_get_digestbynid(nid))
                 return CMS_add_simple_smimecap(sk, nid, arg);
         return 1;
         }
-#endif
+
 int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap)
         {
         if (!cms_add_cipher_smcap(smcap, NID_aes_256_cbc, -1)
+                || !cms_add_digest_smcap(smcap, NID_id_GostR3411_94, -1)
+                || !cms_add_cipher_smcap(smcap, NID_id_Gost28147_89, -1)
                 || !cms_add_cipher_smcap(smcap, NID_aes_192_cbc, -1)
                 || !cms_add_cipher_smcap(smcap, NID_aes_128_cbc, -1)
                 || !cms_add_cipher_smcap(smcap, NID_des_ede3_cbc, -1)
diff --git a/src/lib/libcrypto/des/asm/des_enc.m4 b/src/lib/libcrypto/des/asm/des_enc.m4
index f59333a030..3280595478 100644
--- a/src/lib/libcrypto/des/asm/des_enc.m4
+++ b/src/lib/libcrypto/des/asm/des_enc.m4
@@ -1954,9 +1954,11 @@ DES_ede3_cbc_encrypt:
         .word   LOOPS                     ! 280
         .word   0x0000FC00                ! 284
 
-        .type   .PIC.DES_SPtrans,#object
-        .size   .PIC.DES_SPtrans,2048
+        .global DES_SPtrans
+        .type   DES_SPtrans,#object
+        .size   DES_SPtrans,2048
 .align  64
+DES_SPtrans:
 .PIC.DES_SPtrans:
         ! nibble 0
         .word   0x02080800, 0x00080000, 0x02000002, 0x02080802
diff --git a/src/lib/libcrypto/dh/dh_ameth.c b/src/lib/libcrypto/dh/dh_ameth.c
new file mode 100644
index 0000000000..377caf96c9
--- /dev/null
+++ b/src/lib/libcrypto/dh/dh_ameth.c
@@ -0,0 +1,500 @@
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2006.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include <openssl/dh.h>
+#include <openssl/bn.h>
+#include "asn1_locl.h"
+
+static void int_dh_free(EVP_PKEY *pkey)
+        {
+        DH_free(pkey->pkey.dh);
+        }
+
+static int dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
+        {
+        const unsigned char *p, *pm;
+        int pklen, pmlen;
+        int ptype;
+        void *pval;
+        ASN1_STRING *pstr;
+        X509_ALGOR *palg;
+        ASN1_INTEGER *public_key = NULL;
+
+        DH *dh = NULL;
+
+        if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
+                return 0;
+        X509_ALGOR_get0(NULL, &ptype, &pval, palg);
+
+        if (ptype != V_ASN1_SEQUENCE)
+                {
+                DHerr(DH_F_DH_PUB_DECODE, DH_R_PARAMETER_ENCODING_ERROR);
+                goto err;
+                }
+
+        pstr = pval;    
+        pm = pstr->data;
+        pmlen = pstr->length;
+
+        if (!(dh = d2i_DHparams(NULL, &pm, pmlen)))
+                {
+                DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR);
+                goto err;
+                }
+
+        if (!(public_key=d2i_ASN1_INTEGER(NULL, &p, pklen)))
+                {
+                DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR);
+                goto err;
+                }
+
+        /* We have parameters now set public key */
+        if (!(dh->pub_key = ASN1_INTEGER_to_BN(public_key, NULL)))
+                {
+                DHerr(DH_F_DH_PUB_DECODE, DH_R_BN_DECODE_ERROR);
+                goto err;
+                }
+
+        ASN1_INTEGER_free(public_key);
+        EVP_PKEY_assign_DH(pkey, dh);
+        return 1;
+
+        err:
+        if (public_key)
+                ASN1_INTEGER_free(public_key);
+        if (dh)
+                DH_free(dh);
+        return 0;
+
+        }
+
+static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
+        {
+        DH *dh;
+        void *pval = NULL;
+        int ptype;
+        unsigned char *penc = NULL;
+        int penclen;
+        ASN1_STRING *str;
+        ASN1_INTEGER *pub_key = NULL;
+
+        dh=pkey->pkey.dh;
+
+        str = ASN1_STRING_new();
+        str->length = i2d_DHparams(dh, &str->data);
+        if (str->length <= 0)
+                {
+                DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        pval = str;
+        ptype = V_ASN1_SEQUENCE;
+
+        pub_key = BN_to_ASN1_INTEGER(dh->pub_key, NULL);
+        if (!pub_key)
+                goto err;
+
+        penclen = i2d_ASN1_INTEGER(pub_key, &penc);
+
+        ASN1_INTEGER_free(pub_key);
+
+        if (penclen <= 0)
+                {
+                DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+
+        if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DH),
+                                ptype, pval, penc, penclen))
+                return 1;
+
+        err:
+        if (penc)
+                OPENSSL_free(penc);
+        if (pval)
+                ASN1_STRING_free(pval);
+
+        return 0;
+        }
+
+
+/* PKCS#8 DH is defined in PKCS#11 of all places. It is similar to DH in
+ * that the AlgorithmIdentifier contains the paramaters, the private key
+ * is explcitly included and the pubkey must be recalculated.
+ */
+        
+static int dh_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
+        {
+        const unsigned char *p, *pm;
+        int pklen, pmlen;
+        int ptype;
+        void *pval;
+        ASN1_STRING *pstr;
+        X509_ALGOR *palg;
+        ASN1_INTEGER *privkey = NULL;
+
+        DH *dh = NULL;
+
+        if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
+                return 0;
+
+        X509_ALGOR_get0(NULL, &ptype, &pval, palg);
+
+        if (ptype != V_ASN1_SEQUENCE)
+                        goto decerr;
+
+        if (!(privkey=d2i_ASN1_INTEGER(NULL, &p, pklen)))
+                goto decerr;
+
+
+        pstr = pval;    
+        pm = pstr->data;
+        pmlen = pstr->length;
+        if (!(dh = d2i_DHparams(NULL, &pm, pmlen)))
+                goto decerr;
+        /* We have parameters now set private key */
+        if (!(dh->priv_key = ASN1_INTEGER_to_BN(privkey, NULL)))
+                {
+                DHerr(DH_F_DH_PRIV_DECODE,DH_R_BN_ERROR);
+                goto dherr;
+                }
+        /* Calculate public key */
+        if (!DH_generate_key(dh))
+                goto dherr;
+
+        EVP_PKEY_assign_DH(pkey, dh);
+
+        ASN1_INTEGER_free(privkey);
+
+        return 1;
+
+        decerr:
+        DHerr(DH_F_DH_PRIV_DECODE, EVP_R_DECODE_ERROR);
+        dherr:
+        DH_free(dh);
+        return 0;
+        }
+
+static int dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
+{
+        ASN1_STRING *params = NULL;
+        ASN1_INTEGER *prkey = NULL;
+        unsigned char *dp = NULL;
+        int dplen;
+
+        params = ASN1_STRING_new();
+
+        if (!params)
+                {
+                DHerr(DH_F_DH_PRIV_ENCODE,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+
+        params->length = i2d_DHparams(pkey->pkey.dh, &params->data);
+        if (params->length <= 0)
+                {
+                DHerr(DH_F_DH_PRIV_ENCODE,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        params->type = V_ASN1_SEQUENCE;
+
+        /* Get private key into integer */
+        prkey = BN_to_ASN1_INTEGER(pkey->pkey.dh->priv_key, NULL);
+
+        if (!prkey)
+                {
+                DHerr(DH_F_DH_PRIV_ENCODE,DH_R_BN_ERROR);
+                goto err;
+                }
+
+        dplen = i2d_ASN1_INTEGER(prkey, &dp);
+
+        ASN1_INTEGER_free(prkey);
+
+        if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dhKeyAgreement), 0,
+                                V_ASN1_SEQUENCE, params, dp, dplen))
+                goto err;
+
+        return 1;
+
+err:
+        if (dp != NULL)
+                OPENSSL_free(dp);
+        if (params != NULL)
+                ASN1_STRING_free(params);
+        if (prkey != NULL)
+                ASN1_INTEGER_free(prkey);
+        return 0;
+}
+
+
+static void update_buflen(const BIGNUM *b, size_t *pbuflen)
+        {
+        size_t i;
+        if (!b)
+                return;
+        if (*pbuflen < (i = (size_t)BN_num_bytes(b)))
+                        *pbuflen = i;
+        }
+
+static int dh_param_decode(EVP_PKEY *pkey,
+                                        const unsigned char **pder, int derlen)
+        {
+        DH *dh;
+        if (!(dh = d2i_DHparams(NULL, pder, derlen)))
+                {
+                DHerr(DH_F_DH_PARAM_DECODE, ERR_R_DH_LIB);
+                return 0;
+                }
+        EVP_PKEY_assign_DH(pkey, dh);
+        return 1;
+        }
+
+static int dh_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
+        {
+        return i2d_DHparams(pkey->pkey.dh, pder);
+        }
+
+static int do_dh_print(BIO *bp, const DH *x, int indent,
+                                                ASN1_PCTX *ctx, int ptype)
+        {
+        unsigned char *m=NULL;
+        int reason=ERR_R_BUF_LIB,ret=0;
+        size_t buf_len=0;
+
+        const char *ktype = NULL;
+
+        BIGNUM *priv_key, *pub_key;
+
+        if (ptype == 2)
+                priv_key = x->priv_key;
+        else
+                priv_key = NULL;
+
+        if (ptype > 0)
+                pub_key = x->pub_key;
+        else
+                pub_key = NULL;
+
+        update_buflen(x->p, &buf_len);
+
+        if (buf_len == 0)
+                {
+                reason = ERR_R_PASSED_NULL_PARAMETER;
+                goto err;
+                }
+
+        update_buflen(x->g, &buf_len);
+        update_buflen(pub_key, &buf_len);
+        update_buflen(priv_key, &buf_len);
+
+        if (ptype == 2)
+                ktype = "PKCS#3 DH Private-Key";
+        else if (ptype == 1)
+                ktype = "PKCS#3 DH Public-Key";
+        else
+                ktype = "PKCS#3 DH Parameters";
+
+        m= OPENSSL_malloc(buf_len+10);
+        if (m == NULL)
+                {
+                reason=ERR_R_MALLOC_FAILURE;
+                goto err;
+                }
+
+        BIO_indent(bp, indent, 128);
+        if (BIO_printf(bp,"%s: (%d bit)\n", ktype, BN_num_bits(x->p)) <= 0)
+                goto err;
+        indent += 4;
+
+        if (!ASN1_bn_print(bp,"private-key:",priv_key,m,indent)) goto err;
+        if (!ASN1_bn_print(bp,"public-key:",pub_key,m,indent)) goto err;
+
+        if (!ASN1_bn_print(bp,"prime:",x->p,m,indent)) goto err;
+        if (!ASN1_bn_print(bp,"generator:",x->g,m,indent)) goto err;
+        if (x->length != 0)
+                {
+                BIO_indent(bp, indent, 128);
+                if (BIO_printf(bp,"recommended-private-length: %d bits\n",
+                        (int)x->length) <= 0) goto err;
+                }
+
+
+        ret=1;
+        if (0)
+                {
+err:
+                DHerr(DH_F_DO_DH_PRINT,reason);
+                }
+        if (m != NULL) OPENSSL_free(m);
+        return(ret);
+        }
+
+static int int_dh_size(const EVP_PKEY *pkey)
+        {
+        return(DH_size(pkey->pkey.dh));
+        }
+
+static int dh_bits(const EVP_PKEY *pkey)
+        {
+        return BN_num_bits(pkey->pkey.dh->p);
+        }
+
+static int dh_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
+        {
+        if (    BN_cmp(a->pkey.dh->p,b->pkey.dh->p) ||
+                BN_cmp(a->pkey.dh->g,b->pkey.dh->g))
+                return 0;
+        else
+                return 1;
+        }
+
+static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
+        {
+        BIGNUM *a;
+
+        if ((a=BN_dup(from->pkey.dh->p)) == NULL)
+                return 0;
+        if (to->pkey.dh->p != NULL)
+                BN_free(to->pkey.dh->p);
+        to->pkey.dh->p=a;
+
+        if ((a=BN_dup(from->pkey.dh->g)) == NULL)
+                return 0;
+        if (to->pkey.dh->g != NULL)
+                BN_free(to->pkey.dh->g);
+        to->pkey.dh->g=a;
+
+        return 1;
+        }
+
+static int dh_missing_parameters(const EVP_PKEY *a)
+        {
+        if (!a->pkey.dh->p || !a->pkey.dh->g)
+                return 1;
+        return 0;
+        }
+
+static int dh_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
+        {
+        if (dh_cmp_parameters(a, b) == 0)
+                return 0;
+        if (BN_cmp(b->pkey.dh->pub_key,a->pkey.dh->pub_key) != 0)
+                return 0;
+        else
+                return 1;
+        }
+
+static int dh_param_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                                                        ASN1_PCTX *ctx)
+        {
+        return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 0);
+        }
+
+static int dh_public_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                                                        ASN1_PCTX *ctx)
+        {
+        return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 1);
+        }
+
+static int dh_private_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                                                        ASN1_PCTX *ctx)
+        {
+        return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 2);
+        }
+
+int DHparams_print(BIO *bp, const DH *x)
+        {
+        return do_dh_print(bp, x, 4, NULL, 0);
+        }
+
+const EVP_PKEY_ASN1_METHOD dh_asn1_meth = 
+        {
+        EVP_PKEY_DH,
+        EVP_PKEY_DH,
+        0,
+
+        "DH",
+        "OpenSSL PKCS#3 DH method",
+
+        dh_pub_decode,
+        dh_pub_encode,
+        dh_pub_cmp,
+        dh_public_print,
+
+        dh_priv_decode,
+        dh_priv_encode,
+        dh_private_print,
+
+        int_dh_size,
+        dh_bits,
+
+        dh_param_decode,
+        dh_param_encode,
+        dh_missing_parameters,
+        dh_copy_parameters,
+        dh_cmp_parameters,
+        dh_param_print,
+
+        int_dh_free,
+        0
+        };
+
diff --git a/src/lib/libcrypto/dh/dh_pmeth.c b/src/lib/libcrypto/dh/dh_pmeth.c
new file mode 100644
index 0000000000..5ae72b7d4c
--- /dev/null
+++ b/src/lib/libcrypto/dh/dh_pmeth.c
@@ -0,0 +1,254 @@
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2006.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/evp.h>
+#include <openssl/dh.h>
+#include <openssl/bn.h>
+#include "evp_locl.h"
+
+/* DH pkey context structure */
+
+typedef struct
+        {
+        /* Parameter gen parameters */
+        int prime_len;
+        int generator;
+        int use_dsa;
+        /* Keygen callback info */
+        int gentmp[2];
+        /* message digest */
+        } DH_PKEY_CTX;
+
+static int pkey_dh_init(EVP_PKEY_CTX *ctx)
+        {
+        DH_PKEY_CTX *dctx;
+        dctx = OPENSSL_malloc(sizeof(DH_PKEY_CTX));
+        if (!dctx)
+                return 0;
+        dctx->prime_len = 1024;
+        dctx->generator = 2;
+        dctx->use_dsa = 0;
+
+        ctx->data = dctx;
+        ctx->keygen_info = dctx->gentmp;
+        ctx->keygen_info_count = 2;
+        
+        return 1;
+        }
+
+static int pkey_dh_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
+        {
+        DH_PKEY_CTX *dctx, *sctx;
+        if (!pkey_dh_init(dst))
+                return 0;
+        sctx = src->data;
+        dctx = dst->data;
+        dctx->prime_len = sctx->prime_len;
+        dctx->generator = sctx->generator;
+        dctx->use_dsa = sctx->use_dsa;
+        return 1;
+        }
+
+static void pkey_dh_cleanup(EVP_PKEY_CTX *ctx)
+        {
+        DH_PKEY_CTX *dctx = ctx->data;
+        if (dctx)
+                OPENSSL_free(dctx);
+        }
+
+static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+        {
+        DH_PKEY_CTX *dctx = ctx->data;
+        switch (type)
+                {
+                case EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN:
+                if (p1 < 256)
+                        return -2;
+                dctx->prime_len = p1;
+                return 1;
+
+                case EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR:
+                dctx->generator = p1;
+                return 1;
+
+                case EVP_PKEY_CTRL_PEER_KEY:
+                /* Default behaviour is OK */
+                return 1;
+
+                default:
+                return -2;
+
+                }
+        }
+
+                        
+static int pkey_dh_ctrl_str(EVP_PKEY_CTX *ctx,
+                        const char *type, const char *value)
+        {
+        if (!strcmp(type, "dh_paramgen_prime_len"))
+                {
+                int len;
+                len = atoi(value);
+                return EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len);
+                }
+        if (!strcmp(type, "dh_paramgen_generator"))
+                {
+                int len;
+                len = atoi(value);
+                return EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, len);
+                }
+        return -2;
+        }
+
+static int pkey_dh_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+        {
+        DH *dh = NULL;
+        DH_PKEY_CTX *dctx = ctx->data;
+        BN_GENCB *pcb, cb;
+        int ret;
+        if (ctx->pkey_gencb)
+                {
+                pcb = &cb;
+                evp_pkey_set_cb_translate(pcb, ctx);
+                }
+        else
+                pcb = NULL;
+        dh = DH_new();
+        if (!dh)
+                return 0;
+        ret = DH_generate_parameters_ex(dh,
+                                        dctx->prime_len, dctx->generator, pcb);
+        if (ret)
+                EVP_PKEY_assign_DH(pkey, dh);
+        else
+                DH_free(dh);
+        return ret;
+        }
+
+static int pkey_dh_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+        {
+        DH *dh = NULL;
+        if (ctx->pkey == NULL)
+                {
+                DHerr(DH_F_PKEY_DH_KEYGEN, DH_R_NO_PARAMETERS_SET);
+                return 0;
+                }
+        dh = DH_new();
+        if (!dh)
+                return 0;
+        EVP_PKEY_assign_DH(pkey, dh);
+        /* Note: if error return, pkey is freed by parent routine */
+        if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey))
+                return 0;
+        return DH_generate_key(pkey->pkey.dh);
+        }
+
+static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
+        {
+        int ret;
+        if (!ctx->pkey || !ctx->peerkey)
+                {
+                DHerr(DH_F_PKEY_DH_DERIVE, DH_R_KEYS_NOT_SET);
+                return 0;
+                }
+        ret = DH_compute_key(key, ctx->peerkey->pkey.dh->pub_key,
+                                                        ctx->pkey->pkey.dh);
+        if (ret < 0)
+                return ret;
+        *keylen = ret;
+        return 1;
+        }
+
+const EVP_PKEY_METHOD dh_pkey_meth = 
+        {
+        EVP_PKEY_DH,
+        EVP_PKEY_FLAG_AUTOARGLEN,
+        pkey_dh_init,
+        pkey_dh_copy,
+        pkey_dh_cleanup,
+
+        0,
+        pkey_dh_paramgen,
+
+        0,
+        pkey_dh_keygen,
+
+        0,
+        0,
+
+        0,
+        0,
+
+        0,0,
+
+        0,0,0,0,
+
+        0,0,
+
+        0,0,
+
+        0,
+        pkey_dh_derive,
+
+        pkey_dh_ctrl,
+        pkey_dh_ctrl_str
+
+        };
diff --git a/src/lib/libcrypto/dh/dh_prn.c b/src/lib/libcrypto/dh/dh_prn.c
new file mode 100644
index 0000000000..ae58c2ac87
--- /dev/null
+++ b/src/lib/libcrypto/dh/dh_prn.c
@@ -0,0 +1,80 @@
+/* crypto/asn1/t_pkey.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/dh.h>
+
+#ifndef OPENSSL_NO_FP_API
+int DHparams_print_fp(FILE *fp, const DH *x)
+        {
+        BIO *b;
+        int ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                {
+                DHerr(DH_F_DHPARAMS_PRINT_FP,ERR_R_BUF_LIB);
+                return(0);
+                }
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=DHparams_print(b, x);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
diff --git a/src/lib/libcrypto/doc/EVP_DigestSignInit.pod b/src/lib/libcrypto/doc/EVP_DigestSignInit.pod
new file mode 100644
index 0000000000..37d960e3b2
--- /dev/null
+++ b/src/lib/libcrypto/doc/EVP_DigestSignInit.pod
@@ -0,0 +1,87 @@
+=pod
+
+=head1 NAME
+
+EVP_DigestSignInit, EVP_DigestSignUpdate, EVP_DigestSignFinal - EVP signing functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+                        const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
+ int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
+ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen);
+
+=head1 DESCRIPTION
+
+The EVP signature routines are a high level interface to digital signatures.
+
+EVP_DigestSignInit() sets up signing context B<ctx> to use digest B<type> from
+ENGINE B<impl> and private key B<pkey>. B<ctx> must be initialized with
+EVP_MD_CTX_init() before calling this function. If B<pctx> is not NULL the
+EVP_PKEY_CTX of the signing operation will be written to B<*pctx>: this can
+be used to set alternative signing options.
+
+EVP_DigestSignUpdate() hashes B<cnt> bytes of data at B<d> into the
+signature context B<ctx>. This function can be called several times on the
+same B<ctx> to include additional data. This function is currently implemented
+usig a macro.
+
+EVP_DigestSignFinal() signs the data in B<ctx> places the signature in B<sig>.
+If B<sig> is B<NULL> then the maximum size of the output buffer is written to
+the B<siglen> parameter. If B<sig> is not B<NULL> then before the call the
+B<siglen> parameter should contain the length of the B<sig> buffer, if the
+call is successful the signature is written to B<sig> and the amount of data
+written to B<siglen>.
+
+=head1 RETURN VALUES
+
+EVP_DigestSignInit() EVP_DigestSignUpdate() and EVP_DigestSignaFinal() return
+1 for success and 0 or a negative value for failure. In particular a return
+value of -2 indicates the operation is not supported by the public key
+algorithm.
+
+The error codes can be obtained from L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 NOTES
+
+The B<EVP> interface to digital signatures should almost always be used in
+preference to the low level interfaces. This is because the code then becomes
+transparent to the algorithm used and much more flexible.
+
+In previous versions of OpenSSL there was a link between message digest types
+and public key algorithms. This meant that "clone" digests such as EVP_dss1()
+needed to be used to sign using SHA1 and DSA. This is no longer necessary and
+the use of clone digest is now discouraged.
+
+For some key types and parameters the random number generator must be seeded
+or the operation will fail. 
+
+The call to EVP_DigestSignFinal() internally finalizes a copy of the digest
+context. This means that calls to EVP_DigestSignUpdate() and
+EVP_DigestSignFinal() can be called later to digest and sign additional data.
+
+Since only a copy of the digest context is ever finalized the context must
+be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak
+will occur.
+
+The use of EVP_PKEY_size() with these functions is discouraged because some
+signature operations may have a signature length which depends on the
+parameters set. As a result EVP_PKEY_size() would have to return a value
+which indicates the maximum possible signature for any set of parameters.
+
+=head1 SEE ALSO
+
+L<EVP_DigestVerifyInit(3)|EVP_DigestVerifyInit(3)>,
+L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>,
+L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
+L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
+L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
+
+=head1 HISTORY
+
+EVP_DigestSignInit(), EVP_DigestSignUpdate() and EVP_DigestSignFinal() 
+were first added to OpenSSL 1.0.0.
+
+=cut
diff --git a/src/lib/libcrypto/doc/EVP_DigestVerifyInit.pod b/src/lib/libcrypto/doc/EVP_DigestVerifyInit.pod
new file mode 100644
index 0000000000..f224488978
--- /dev/null
+++ b/src/lib/libcrypto/doc/EVP_DigestVerifyInit.pod
@@ -0,0 +1,82 @@
+=pod
+
+=head1 NAME
+
+EVP_DigestVerifyInit, EVP_DigestVerifyUpdate, EVP_DigestVerifyFinal - EVP signature verification functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+                        const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
+ int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
+ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t siglen);
+
+=head1 DESCRIPTION
+
+The EVP signature routines are a high level interface to digital signatures.
+
+EVP_DigestVerifyInit() sets up verification context B<ctx> to use digest
+B<type> from ENGINE B<impl> and public key B<pkey>. B<ctx> must be initialized
+with EVP_MD_CTX_init() before calling this function. If B<pctx> is not NULL the
+EVP_PKEY_CTX of the verification operation will be written to B<*pctx>: this
+can be used to set alternative verification options.
+
+EVP_DigestVerifyUpdate() hashes B<cnt> bytes of data at B<d> into the
+verification context B<ctx>. This function can be called several times on the
+same B<ctx> to include additional data. This function is currently implemented
+using a macro.
+
+EVP_DigestVerifyFinal() verifies the data in B<ctx> against the signature in
+B<sig> of length B<siglen>.
+
+=head1 RETURN VALUES
+
+EVP_DigestVerifyInit() and EVP_DigestVerifyUpdate() return 1 for success and 0
+or a negative value for failure. In particular a return value of -2 indicates
+the operation is not supported by the public key algorithm.
+
+Unlike other functions the return value 0 from EVP_DigestVerifyFinal() only
+indicates that the signature did not not verify successfully (that is tbs did
+not match the original data or the signature was of invalid form) it is not an
+indication of a more serious error.
+
+The error codes can be obtained from L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 NOTES
+
+The B<EVP> interface to digital signatures should almost always be used in
+preference to the low level interfaces. This is because the code then becomes
+transparent to the algorithm used and much more flexible.
+
+In previous versions of OpenSSL there was a link between message digest types
+and public key algorithms. This meant that "clone" digests such as EVP_dss1()
+needed to be used to sign using SHA1 and DSA. This is no longer necessary and
+the use of clone digest is now discouraged.
+
+For some key types and parameters the random number generator must be seeded
+or the operation will fail. 
+
+The call to EVP_DigestVerifyFinal() internally finalizes a copy of the digest
+context. This means that calls to EVP_VerifyUpdate() and EVP_VerifyFinal() can
+be called later to digest and verify additional data.
+
+Since only a copy of the digest context is ever finalized the context must
+be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak
+will occur.
+
+=head1 SEE ALSO
+
+L<EVP_DigestSignInit(3)|EVP_DigestSignInit(3)>,
+L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>,
+L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
+L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
+L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
+
+=head1 HISTORY
+
+EVP_DigestVerifyInit(), EVP_DigestVerifyUpdate() and EVP_DigestVerifyFinal() 
+were first added to OpenSSL 1.0.0.
+
+=cut
diff --git a/src/lib/libcrypto/doc/EVP_PKEY_CTX_ctrl.pod b/src/lib/libcrypto/doc/EVP_PKEY_CTX_ctrl.pod
new file mode 100644
index 0000000000..f2f455990f
--- /dev/null
+++ b/src/lib/libcrypto/doc/EVP_PKEY_CTX_ctrl.pod
@@ -0,0 +1,128 @@
+=pod
+
+=head1 NAME
+
+EVP_PKEY_ctrl, EVP_PKEY_ctrl_str - algorithm specific control operations
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype,
+                                int cmd, int p1, void *p2);
+ int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
+                                                const char *value);
+
+ int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid);
+
+ #include <openssl/rsa.h>
+
+ int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
+
+ int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int pad);
+ int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int len);
+ int EVP_PKEY_CTX_set_rsa_rsa_keygen_bits(EVP_PKEY_CTX *ctx, int mbits);
+ int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp);
+
+ #include <openssl/dsa.h>
+ int EVP_PKEY_CTX_set_dsa_paramgen_bits(EVP_PKEY_CTX *ctx, int nbits);
+
+ #include <openssl/dh.h>
+ int EVP_PKEY_CTX_set_dh_paramgen_prime_len(EVP_PKEY_CTX *ctx, int len);
+ int EVP_PKEY_CTX_set_dh_paramgen_generator(EVP_PKEY_CTX *ctx, int gen);
+
+ #include <openssl/ec.h>
+ int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid);
+
+=head1 DESCRIPTION
+
+The function EVP_PKEY_CTX_ctrl() sends a control operation to the context
+B<ctx>. The key type used must match B<keytype> if it is not -1. The parameter
+B<optype> is a mask indicating which operations the control can be applied to.
+The control command is indicated in B<cmd> and any additional arguments in
+B<p1> and B<p2>.
+
+Applications will not normally call EVP_PKEY_CTX_ctrl() directly but will
+instead call one of the algorithm specific macros below.
+
+The function EVP_PKEY_ctrl_str() allows an application to send an algorithm
+specific control operation to a context B<ctx> in string form. This is
+intended to be used for options specified on the command line or in text
+files. The commands supported are documented in the openssl utility
+command line pages for the option B<-pkeyopt> which is supported by the
+B<pkeyutl>, B<genpkey> and B<req> commands.
+
+All the remaining "functions" are implemented as macros.
+
+The EVP_PKEY_CTX_set_signature_md() macro sets the message digest type used
+in a signature. It can be used with any public key algorithm supporting
+signature operations.
+
+The macro EVP_PKEY_CTX_set_rsa_padding() sets the RSA padding mode for B<ctx>.
+The B<pad> parameter can take the value RSA_PKCS1_PADDING for PKCS#1 padding,
+RSA_SSLV23_PADDING for SSLv23 padding, RSA_NO_PADDING for no padding,
+RSA_PKCS1_OAEP_PADDING for OAEP padding (encrypt and decrypt only),
+RSA_X931_PADDING for X9.31 padding (signature operations only) and 
+RSA_PKCS1_PSS_PADDING (sign and verify only).
+
+Two RSA padding modes behave differently if EVP_PKEY_CTX_set_signature_md()
+is used. If this macro is called for PKCS#1 padding the plaintext buffer is
+an actual digest value and is encapsulated in a DigestInfo structure according
+to PKCS#1 when signing and this structure is expected (and stripped off) when
+verifying. If this control is not used with RSA and PKCS#1 padding then the
+supplied data is used directly and not encapsulated. In the case of X9.31
+padding for RSA the algorithm identifier byte is added or checked and removed
+if this control is called. If it is not called then the first byte of the plaintext buffer is expected to be the algorithm identifier byte.
+
+The EVP_PKEY_CTX_set_rsa_pss_saltlen() macro sets the RSA PSS salt length to
+B<len> as its name implies it is only supported for PSS padding.  Two special
+values are supported: -1 sets the salt length to the digest length. When
+signing -2 sets the salt length to the maximum permissible value. When
+verifying -2 causes the salt length to be automatically determined based on the
+B<PSS> block structure. If this macro is not called a salt length value of -2
+is used by default.
+
+The EVP_PKEY_CTX_set_rsa_rsa_keygen_bits() macro sets the RSA key length for
+RSA key genration to B<bits>. If not specified 1024 bits is used.
+
+The EVP_PKEY_CTX_set_rsa_keygen_pubexp() macro sets the public exponent value
+for RSA key generation to B<pubexp> currently it should be an odd integer. The
+B<pubexp> pointer is used internally by this function so it should not be 
+modified or free after the call. If this macro is not called then 65537 is used.
+
+The macro EVP_PKEY_CTX_set_dsa_paramgen_bits() sets the number of bits used
+for DSA parameter generation to B<bits>. If not specified 1024 is used.
+
+The macro EVP_PKEY_CTX_set_dh_paramgen_prime_len() sets the length of the DH
+prime parameter B<p> for DH parameter generation. If this macro is not called
+then 1024 is used.
+
+The EVP_PKEY_CTX_set_dh_paramgen_generator() macro sets DH generator to B<gen>
+for DH parameter generation. If not specified 2 is used.
+
+The EVP_PKEY_CTX_set_ec_paramgen_curve_nid() sets the EC curve for EC parameter
+generation to B<nid>. For EC parameter generation this macro must be called
+or an error occurs because there is no default curve.
+
+=head1 RETURN VALUES
+
+EVP_PKEY_CTX_ctrl() and its macros return a positive value for success and 0
+or a negative value for failure. In particular a return value of -2
+indicates the operation is not supported by the public key algorithm.
+
+=head1 SEE ALSO
+
+L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
+L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>,
+L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
+L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
+L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
+L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>,
+L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 
+L<EVP_PKEY_keygen(3)|EVP_PKEY_keygen(3)> 
+
+=head1 HISTORY
+
+These functions were first added to OpenSSL 1.0.0.
+
+=cut
diff --git a/src/lib/libcrypto/doc/EVP_PKEY_CTX_new.pod b/src/lib/libcrypto/doc/EVP_PKEY_CTX_new.pod
new file mode 100644
index 0000000000..a9af867580
--- /dev/null
+++ b/src/lib/libcrypto/doc/EVP_PKEY_CTX_new.pod
@@ -0,0 +1,52 @@
+=pod
+
+=head1 NAME
+
+EVP_PKEY_CTX_new, EVP_PKEY_CTX_new_id, EVP_PKEY_CTX_dup, EVP_PKEY_CTX_free - public key algorithm context functions.
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e);
+ EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e);
+ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *ctx);
+ void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx);
+
+=head1 DESCRIPTION
+
+The EVP_PKEY_CTX_new() function allocates public key algorithm context using
+the algorithm specified in B<pkey> and ENGINE B<e>.
+
+The EVP_PKEY_CTX_new_id() function allocates public key algorithm context
+using the algorithm specified by B<id> and ENGINE B<e>. It is normally used
+when no B<EVP_PKEY> structure is associated with the operations, for example
+during parameter generation of key genration for some algorithms.
+
+EVP_PKEY_CTX_dup() duplicates the context B<ctx>.
+
+EVP_PKEY_CTX_free() frees up the context B<ctx>.
+
+=head1 NOTES
+
+The B<EVP_PKEY_CTX> structure is an opaque public key algorithm context used
+by the OpenSSL high level public key API. Contexts B<MUST NOT> be shared between
+threads: that is it is not permissible to use the same context simultaneously
+in two threads.
+
+=head1 RETURN VALUES
+
+EVP_PKEY_CTX_new(), EVP_PKEY_CTX_new_id(), EVP_PKEY_CTX_dup() returns either
+the newly allocated B<EVP_PKEY_CTX> structure of B<NULL> if an error occurred.
+
+EVP_PKEY_CTX_free() does not return a value.
+
+=head1 SEE ALSO
+
+L<EVP_PKEY_new(3)|EVP_PKEY_new(3)>
+
+=head1 HISTORY
+
+These functions were first added to OpenSSL 1.0.0.
+
+=cut
diff --git a/src/lib/libcrypto/doc/EVP_PKEY_cmp.pod b/src/lib/libcrypto/doc/EVP_PKEY_cmp.pod
new file mode 100644
index 0000000000..4f8185e36c
--- /dev/null
+++ b/src/lib/libcrypto/doc/EVP_PKEY_cmp.pod
@@ -0,0 +1,61 @@
+=pod
+
+=head1 NAME
+
+EVP_PKEY_copy_parameters, EVP_PKEY_missing_parameters, EVP_PKEY_cmp_parameters, EVP_PKEY_cmp - public key parameter and comparison functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey);
+ int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from);
+
+ int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b);
+ int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b);
+
+=head1 DESCRIPTION
+
+The function EVP_PKEY_missing_parameters() returns 1 if the public key
+parameters of B<pkey> are missing and 0 if they are present or the algorithm
+doesn't use parameters.
+
+The function EVP_PKEY_copy_parameters() copies the parameters from key
+B<from> to key B<to>.
+
+The funcion EVP_PKEY_cmp_parameters() compares the parameters of keys
+B<a> and B<b>.
+
+The funcion EVP_PKEY_cmp() compares the public key components and paramters
+(if present) of keys B<a> and B<b>.
+
+=head1 NOTES
+
+The main purpose of the functions EVP_PKEY_missing_parameters() and
+EVP_PKEY_copy_parameters() is to handle public keys in certificates where the
+parameters are sometimes omitted from a public key if they are inherited from
+the CA that signed it.
+
+Since OpenSSL private keys contain public key components too the function
+EVP_PKEY_cmp() can also be used to determine if a private key matches
+a public key.
+
+=head1 RETURN VALUES
+
+The function EVP_PKEY_missing_parameters() returns 1 if the public key
+parameters of B<pkey> are missing and 0 if they are present or the algorithm
+doesn't use parameters.
+
+These functions EVP_PKEY_copy_parameters() returns 1 for success and 0 for
+failure.
+
+The function EVP_PKEY_cmp_parameters() and EVP_PKEY_cmp() return 1 if the
+keys match, 0 if they don't match, -1 if the key types are different and
+-2 if the operation is not supported.
+
+=head1 SEE ALSO
+
+L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
+L<EVP_PKEY_keygen(3)|EVP_PKEY_keygen(3)> 
+
+=cut
diff --git a/src/lib/libcrypto/doc/EVP_PKEY_decrypt.pod b/src/lib/libcrypto/doc/EVP_PKEY_decrypt.pod
new file mode 100644
index 0000000000..42b2a8c44e
--- /dev/null
+++ b/src/lib/libcrypto/doc/EVP_PKEY_decrypt.pod
@@ -0,0 +1,93 @@
+=pod
+
+=head1 NAME
+
+EVP_PKEY_decrypt_init, EVP_PKEY_decrypt - decrypt using a public key algorithm
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx,
+                        unsigned char *out, size_t *outlen,
+                        const unsigned char *in, size_t inlen);
+
+=head1 DESCRIPTION
+
+The EVP_PKEY_decrypt_init() function initializes a public key algorithm
+context using key B<pkey> for a decryption operation.
+
+The EVP_PKEY_decrypt() function performs a public key decryption operation
+using B<ctx>. The data to be decrypted is specified using the B<in> and
+B<inlen> parameters. If B<out> is B<NULL> then the maximum size of the output
+buffer is written to the B<outlen> parameter. If B<out> is not B<NULL> then
+before the call the B<outlen> parameter should contain the length of the
+B<out> buffer, if the call is successful the decrypted data is written to
+B<out> and the amount of data written to B<outlen>.
+
+=head1 NOTES
+
+After the call to EVP_PKEY_decrypt_init() algorithm specific control
+operations can be performed to set any appropriate parameters for the
+operation.
+
+The function EVP_PKEY_decrypt() can be called more than once on the same
+context if several operations are performed using the same parameters.
+
+=head1 RETURN VALUES
+
+EVP_PKEY_decrypt_init() and EVP_PKEY_decrypt() return 1 for success and 0
+or a negative value for failure. In particular a return value of -2
+indicates the operation is not supported by the public key algorithm.
+
+=head1 EXAMPLE
+
+Decrypt data using OAEP (for RSA keys):
+
+ #include <openssl/evp.h>
+ #include <openssl/rsa.h>
+
+ EVP_PKEY_CTX *ctx;
+ unsigned char *out, *in;
+ size_t outlen, inlen; 
+ EVP_PKEY *key;
+ /* NB: assumes key in, inlen are already set up
+  * and that key is an RSA private key
+  */
+ ctx = EVP_PKEY_CTX_new(key);
+ if (!ctx)
+        /* Error occurred */
+ if (EVP_PKEY_decrypt_init(ctx) <= 0)
+        /* Error */
+ if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_OAEP_PADDING) <= 0)
+        /* Error */
+
+ /* Determine buffer length */
+ if (EVP_PKEY_decrypt(ctx, NULL, &outlen, in, inlen) <= 0)
+        /* Error */
+
+ out = OPENSSL_malloc(outlen);
+
+ if (!out)
+        /* malloc failure */
+ 
+ if (EVP_PKEY_decrypt(ctx, out, &outlen, in, inlen) <= 0)
+        /* Error */
+
+ /* Decrypted data is outlen bytes written to buffer out */
+
+=head1 SEE ALSO
+
+L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
+L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>,
+L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
+L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
+L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>,
+L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 
+
+=head1 HISTORY
+
+These functions were first added to OpenSSL 1.0.0.
+
+=cut
diff --git a/src/lib/libcrypto/doc/EVP_PKEY_derive.pod b/src/lib/libcrypto/doc/EVP_PKEY_derive.pod
new file mode 100644
index 0000000000..d9d6d76c72
--- /dev/null
+++ b/src/lib/libcrypto/doc/EVP_PKEY_derive.pod
@@ -0,0 +1,93 @@
+=pod
+
+=head1 NAME
+
+EVP_PKEY_derive_init, EVP_PKEY_derive_set_peer, EVP_PKEY_derive - derive public key algorithm shared secret.
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer);
+ int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
+
+=head1 DESCRIPTION
+
+The EVP_PKEY_derive_init() function initializes a public key algorithm
+context using key B<pkey> for shared secret derivation.
+
+The EVP_PKEY_derive_set_peer() function sets the peer key: this will normally
+be a public key.
+
+The EVP_PKEY_derive() derives a shared secret using B<ctx>.
+If B<key> is B<NULL> then the maximum size of the output buffer is written to
+the B<keylen> parameter. If B<key> is not B<NULL> then before the call the
+B<keylen> parameter should contain the length of the B<key> buffer, if the call
+is successful the shared secret is written to B<key> and the amount of data
+written to B<keylen>.
+
+=head1 NOTES
+
+After the call to EVP_PKEY_derive_init() algorithm specific control
+operations can be performed to set any appropriate parameters for the
+operation.
+
+The function EVP_PKEY_derive() can be called more than once on the same
+context if several operations are performed using the same parameters.
+
+=head1 RETURN VALUES
+
+EVP_PKEY_derive_init() and EVP_PKEY_derive() return 1 for success and 0
+or a negative value for failure. In particular a return value of -2
+indicates the operation is not supported by the public key algorithm.
+
+=head1 EXAMPLE
+
+Derive shared secret (for example DH or EC keys):
+
+ #include <openssl/evp.h>
+ #include <openssl/rsa.h>
+
+ EVP_PKEY_CTX *ctx;
+ unsigned char *skey;
+ size_t skeylen;
+ EVP_PKEY *pkey, *peerkey;
+ /* NB: assumes pkey, peerkey have been already set up */
+
+ ctx = EVP_PKEY_CTX_new(pkey);
+ if (!ctx)
+        /* Error occurred */
+ if (EVP_PKEY_derive_init(ctx) <= 0)
+        /* Error */
+ if (EVP_PKEY_derive_set_peer(ctx, peerkey) <= 0)
+        /* Error */
+
+ /* Determine buffer length */
+ if (EVP_PKEY_derive(ctx, NULL, &skeylen) <= 0)
+        /* Error */
+
+ skey = OPENSSL_malloc(skeylen);
+
+ if (!skey)
+        /* malloc failure */
+ 
+ if (EVP_PKEY_derive(ctx, skey, &skeylen) <= 0)
+        /* Error */
+
+ /* Shared secret is skey bytes written to buffer skey */
+
+=head1 SEE ALSO
+
+L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
+L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>,
+L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
+L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
+L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
+L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>,
+
+=head1 HISTORY
+
+These functions were first added to OpenSSL 1.0.0.
+
+=cut
diff --git a/src/lib/libcrypto/doc/EVP_PKEY_encrypt.pod b/src/lib/libcrypto/doc/EVP_PKEY_encrypt.pod
new file mode 100644
index 0000000000..91c9c5d0a5
--- /dev/null
+++ b/src/lib/libcrypto/doc/EVP_PKEY_encrypt.pod
@@ -0,0 +1,93 @@
+=pod
+
+=head1 NAME
+
+EVP_PKEY_encrypt_init, EVP_PKEY_encrypt - encrypt using a public key algorithm
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx,
+                        unsigned char *out, size_t *outlen,
+                        const unsigned char *in, size_t inlen);
+
+=head1 DESCRIPTION
+
+The EVP_PKEY_encrypt_init() function initializes a public key algorithm
+context using key B<pkey> for an encryption operation.
+
+The EVP_PKEY_encrypt() function performs a public key encryption operation
+using B<ctx>. The data to be encrypted is specified using the B<in> and
+B<inlen> parameters. If B<out> is B<NULL> then the maximum size of the output
+buffer is written to the B<outlen> parameter. If B<out> is not B<NULL> then
+before the call the B<outlen> parameter should contain the length of the
+B<out> buffer, if the call is successful the encrypted data is written to
+B<out> and the amount of data written to B<outlen>.
+
+=head1 NOTES
+
+After the call to EVP_PKEY_encrypt_init() algorithm specific control
+operations can be performed to set any appropriate parameters for the
+operation.
+
+The function EVP_PKEY_encrypt() can be called more than once on the same
+context if several operations are performed using the same parameters.
+
+=head1 RETURN VALUES
+
+EVP_PKEY_encrypt_init() and EVP_PKEY_encrypt() return 1 for success and 0
+or a negative value for failure. In particular a return value of -2
+indicates the operation is not supported by the public key algorithm.
+
+=head1 EXAMPLE
+
+Encrypt data using OAEP (for RSA keys):
+
+ #include <openssl/evp.h>
+ #include <openssl/rsa.h>
+
+ EVP_PKEY_CTX *ctx;
+ unsigned char *out, *in;
+ size_t outlen, inlen; 
+ EVP_PKEY *key;
+ /* NB: assumes key in, inlen are already set up
+  * and that key is an RSA public key
+  */
+ ctx = EVP_PKEY_CTX_new(key);
+ if (!ctx)
+        /* Error occurred */
+ if (EVP_PKEY_encrypt_init(ctx) <= 0)
+        /* Error */
+ if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_OAEP_PADDING) <= 0)
+        /* Error */
+
+ /* Determine buffer length */
+ if (EVP_PKEY_encrypt(ctx, NULL, &outlen, in, inlen) <= 0)
+        /* Error */
+
+ out = OPENSSL_malloc(outlen);
+
+ if (!out)
+        /* malloc failure */
+ 
+ if (EVP_PKEY_encrypt(ctx, out, &outlen, in, inlen) <= 0)
+        /* Error */
+
+ /* Encrypted data is outlen bytes written to buffer out */
+
+=head1 SEE ALSO
+
+L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
+L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
+L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
+L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
+L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>,
+L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 
+
+=head1 HISTORY
+
+These functions were first added to OpenSSL 1.0.0.
+
+=cut
diff --git a/src/lib/libcrypto/doc/EVP_PKEY_get_default_digest.pod b/src/lib/libcrypto/doc/EVP_PKEY_get_default_digest.pod
new file mode 100644
index 0000000000..1a9c7954c5
--- /dev/null
+++ b/src/lib/libcrypto/doc/EVP_PKEY_get_default_digest.pod
@@ -0,0 +1,41 @@
+=pod
+
+=head1 NAME
+
+EVP_PKEY_get_default_digest_nid - get default signature digest
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+ int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid);
+
+=head1 DESCRIPTION
+
+The EVP_PKEY_get_default_digest_nid() function sets B<pnid> to the default
+message digest NID for the public key signature operations associated with key
+B<pkey>.
+
+=head1 NOTES
+
+For all current standard OpenSSL public key algorithms SHA1 is returned.
+
+=head1 RETURN VALUES
+
+The EVP_PKEY_get_default_digest_nid() function returns 1 if the message digest
+is advisory (that is other digests can be used) and 2 if it is mandatory (other
+digests can not be used).  It returns 0 or a negative value for failure. In
+particular a return value of -2 indicates the operation is not supported by the
+public key algorithm.
+
+=head1 SEE ALSO
+
+L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
+L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
+L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
+L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>,
+
+=head1 HISTORY
+
+This function was first added to OpenSSL 1.0.0.
+
+=cut
diff --git a/src/lib/libcrypto/doc/EVP_PKEY_keygen.pod b/src/lib/libcrypto/doc/EVP_PKEY_keygen.pod
new file mode 100644
index 0000000000..37c6fe9503
--- /dev/null
+++ b/src/lib/libcrypto/doc/EVP_PKEY_keygen.pod
@@ -0,0 +1,161 @@
+=pod
+
+=head1 NAME
+
+EVP_PKEY_keygen_init, EVP_PKEY_keygen, EVP_PKEY_paramgen_init, EVP_PKEY_paramgen, EVP_PKEY_CTX_set_cb, EVP_PKEY_CTX_get_cb, EVP_PKEY_CTX_get_keygen_info, EVP_PKEVP_PKEY_CTX_set_app_data, EVP_PKEY_CTX_get_app_data - key and parameter generation functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
+ int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
+
+ typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx);
+
+ void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb);
+ EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx);
+
+ int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx);
+
+ void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data);
+ void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx);
+
+=head1 DESCRIPTION
+
+The EVP_PKEY_keygen_init() function initializes a public key algorithm
+context using key B<pkey> for a key genration operation.
+
+The EVP_PKEY_keygen() function performs a key generation operation, the 
+generated key is written to B<ppkey>.
+
+The functions EVP_PKEY_paramgen_init() and EVP_PKEY_paramgen() are similar
+except parameters are generated.
+
+The function EVP_PKEY_set_cb() sets the key or parameter generation callback
+to B<cb>. The function EVP_PKEY_CTX_get_cb() returns the key or parameter
+generation callback.
+
+The function EVP_PKEY_CTX_get_keygen_info() returns parameters associated
+with the generation operation. If B<idx> is -1 the total number of
+parameters available is returned. Any non negative value returns the value of
+that parameter. EVP_PKEY_CTX_gen_keygen_info() with a non-negative value for
+B<idx> should only be called within the generation callback.
+
+If the callback returns 0 then the key genration operation is aborted and an
+error occurs. This might occur during a time consuming operation where
+a user clicks on a "cancel" button.
+
+The functions EVP_PKEY_CTX_set_app_data() and EVP_PKEY_CTX_get_app_data() set
+and retrieve an opaque pointer. This can be used to set some application
+defined value which can be retrieved in the callback: for example a handle
+which is used to update a "progress dialog".
+
+=head1 NOTES
+
+After the call to EVP_PKEY_keygen_init() or EVP_PKEY_paramgen_init() algorithm
+specific control operations can be performed to set any appropriate parameters
+for the operation.
+
+The functions EVP_PKEY_keygen() and EVP_PKEY_paramgen() can be called more than
+once on the same context if several operations are performed using the same
+parameters.
+
+The meaning of the parameters passed to the callback will depend on the
+algorithm and the specifiic implementation of the algorithm. Some might not
+give any useful information at all during key or parameter generation. Others
+might not even call the callback.
+
+The operation performed by key or parameter generation depends on the algorithm
+used. In some cases (e.g. EC with a supplied named curve) the "generation"
+option merely sets the appropriate fields in an EVP_PKEY structure.
+
+In OpenSSL an EVP_PKEY structure containing a private key also contains the
+public key components and parameters (if any). An OpenSSL private key is
+equivalent to what some libraries call a "key pair". A private key can be used
+in functions which require the use of a public key or parameters.
+
+=head1 RETURN VALUES
+
+EVP_PKEY_keygen_init(), EVP_PKEY_paramgen_init(), EVP_PKEY_keygen() and
+EVP_PKEY_paramgen() return 1 for success and 0 or a negative value for failure.
+In particular a return value of -2 indicates the operation is not supported by
+the public key algorithm.
+
+=head1 EXAMPLES
+
+Generate a 2048 bit RSA key:
+
+ #include <openssl/evp.h>
+ #include <openssl/rsa.h>
+
+ EVP_PKEY_CTX *ctx;
+ EVP_PKEY *pkey = NULL;
+ ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
+ if (!ctx)
+        /* Error occurred */
+ if (EVP_PKEY_keygen_init(ctx) <= 0)
+        /* Error */
+ if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) <= 0)
+        /* Error */
+
+ /* Generate key */
+ if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
+        /* Error */
+
+Generate a key from a set of parameters:
+
+ #include <openssl/evp.h>
+ #include <openssl/rsa.h>
+
+ EVP_PKEY_CTX *ctx;
+ EVP_PKEY *pkey = NULL, *param;
+ /* Assumed param is set up already */
+ ctx = EVP_PKEY_CTX_new(param);
+ if (!ctx)
+        /* Error occurred */
+ if (EVP_PKEY_keygen_init(ctx) <= 0)
+        /* Error */
+
+ /* Generate key */
+ if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
+        /* Error */
+
+Example of generation callback for OpenSSL public key implementations:
+
+ /* Application data is a BIO to output status to */
+
+ EVP_PKEY_CTX_set_app_data(ctx, status_bio);
+
+ static int genpkey_cb(EVP_PKEY_CTX *ctx)
+        {
+        char c='*';
+        BIO *b = EVP_PKEY_CTX_get_app_data(ctx);
+        int p;
+        p = EVP_PKEY_CTX_get_keygen_info(ctx, 0);
+        if (p == 0) c='.';
+        if (p == 1) c='+';
+        if (p == 2) c='*';
+        if (p == 3) c='\n';
+        BIO_write(b,&c,1);
+        (void)BIO_flush(b);
+        return 1;
+        }
+
+=head1 SEE ALSO
+
+L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
+L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>,
+L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
+L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
+L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
+L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>,
+L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 
+
+=head1 HISTORY
+
+These functions were first added to OpenSSL 1.0.0.
+
+=cut
diff --git a/src/lib/libcrypto/doc/EVP_PKEY_print_private.pod b/src/lib/libcrypto/doc/EVP_PKEY_print_private.pod
new file mode 100644
index 0000000000..ce9d70d7a7
--- /dev/null
+++ b/src/lib/libcrypto/doc/EVP_PKEY_print_private.pod
@@ -0,0 +1,53 @@
+=pod
+
+=head1 NAME
+
+EVP_PKEY_print_public, EVP_PKEY_print_private, EVP_PKEY_print_params - public key algorithm printing routines.
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey,
+                                int indent, ASN1_PCTX *pctx);
+ int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey,
+                                int indent, ASN1_PCTX *pctx);
+ int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey,
+                                int indent, ASN1_PCTX *pctx);
+
+=head1 DESCRIPTION
+
+The functions EVP_PKEY_print_public(), EVP_PKEY_print_private() and
+EVP_PKEY_print_params() print out the public, private or parameter components
+of key B<pkey> respectively. The key is sent to BIO B<out> in human readable
+form. The parameter B<indent> indicated how far the printout should be indented.
+
+The B<pctx> parameter allows the print output to be finely tuned by using
+ASN1 printing options. If B<pctx> is set to NULL then default values will
+be used.
+
+=head1 NOTES
+
+Currently no public key algorithms include any options in the B<pctx> parameter 
+parameter.
+
+If the key does not include all the components indicated by the function then
+only those contained in the key will be printed. For example passing a public
+key to EVP_PKEY_print_private() will only print the public components.
+
+=head1 RETURN VALUES
+
+These functions all return 1 for success and 0 or a negative value for failure.
+In particular a return value of -2 indicates the operation is not supported by
+the public key algorithm.
+
+=head1 SEE ALSO
+
+L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
+L<EVP_PKEY_keygen(3)|EVP_PKEY_keygen(3)> 
+
+=head1 HISTORY
+
+These functions were first added to OpenSSL 1.0.0.
+
+=cut
diff --git a/src/lib/libcrypto/doc/EVP_PKEY_sign.pod b/src/lib/libcrypto/doc/EVP_PKEY_sign.pod
new file mode 100644
index 0000000000..2fb52c3486
--- /dev/null
+++ b/src/lib/libcrypto/doc/EVP_PKEY_sign.pod
@@ -0,0 +1,96 @@
+=pod
+
+=head1 NAME
+
+EVP_PKEY_sign_init, EVP_PKEY_sign - sign using a public key algorithm
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
+                        unsigned char *sig, size_t *siglen,
+                        const unsigned char *tbs, size_t tbslen);
+
+=head1 DESCRIPTION
+
+The EVP_PKEY_sign_init() function initializes a public key algorithm
+context using key B<pkey> for a signing operation.
+
+The EVP_PKEY_sign() function performs a public key signing operation
+using B<ctx>. The data to be signed is specified using the B<tbs> and
+B<tbslen> parameters. If B<sig> is B<NULL> then the maximum size of the output
+buffer is written to the B<siglen> parameter. If B<sig> is not B<NULL> then
+before the call the B<siglen> parameter should contain the length of the
+B<sig> buffer, if the call is successful the signature is written to
+B<sig> and the amount of data written to B<siglen>.
+
+=head1 NOTES
+
+After the call to EVP_PKEY_sign_init() algorithm specific control
+operations can be performed to set any appropriate parameters for the
+operation.
+
+The function EVP_PKEY_sign() can be called more than once on the same
+context if several operations are performed using the same parameters.
+
+=head1 RETURN VALUES
+
+EVP_PKEY_sign_init() and EVP_PKEY_sign() return 1 for success and 0
+or a negative value for failure. In particular a return value of -2
+indicates the operation is not supported by the public key algorithm.
+
+=head1 EXAMPLE
+
+Sign data using RSA with PKCS#1 padding and SHA256 digest:
+
+ #include <openssl/evp.h>
+ #include <openssl/rsa.h>
+
+ EVP_PKEY_CTX *ctx;
+ unsigned char *md, *sig;
+ size_t mdlen, siglen; 
+ EVP_PKEY *signing_key;
+ /* NB: assumes signing_key, md and mdlen are already set up
+  * and that signing_key is an RSA private key
+  */
+ ctx = EVP_PKEY_CTX_new(signing_key);
+ if (!ctx)
+        /* Error occurred */
+ if (EVP_PKEY_sign_init(ctx) <= 0)
+        /* Error */
+ if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
+        /* Error */
+ if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)
+        /* Error */
+
+ /* Determine buffer length */
+ if (EVP_PKEY_sign(ctx, NULL, &siglen, md, mdlen) <= 0)
+        /* Error */
+
+ sig = OPENSSL_malloc(siglen);
+
+ if (!sig)
+        /* malloc failure */
+ 
+ if (EVP_PKEY_sign(ctx, sig, &siglen, md, mdlen) <= 0)
+        /* Error */
+
+ /* Signature is siglen bytes written to buffer sig */
+
+
+=head1 SEE ALSO
+
+L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
+L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>,
+L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
+L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
+L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>,
+L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 
+
+=head1 HISTORY
+
+These functions were first added to OpenSSL 1.0.0.
+
+=cut
diff --git a/src/lib/libcrypto/doc/EVP_PKEY_verify.pod b/src/lib/libcrypto/doc/EVP_PKEY_verify.pod
new file mode 100644
index 0000000000..10633da3f2
--- /dev/null
+++ b/src/lib/libcrypto/doc/EVP_PKEY_verify.pod
@@ -0,0 +1,91 @@
+=pod
+
+=head1 NAME
+
+EVP_PKEY_verify_init, EVP_PKEY_verify - signature verification using a public key algorithm
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_verify(EVP_PKEY_CTX *ctx,
+                        const unsigned char *sig, size_t siglen,
+                        const unsigned char *tbs, size_t tbslen);
+
+=head1 DESCRIPTION
+
+The EVP_PKEY_verify_init() function initializes a public key algorithm
+context using key B<pkey> for a signature verification operation.
+
+The EVP_PKEY_verify() function performs a public key verification operation
+using B<ctx>. The signature is specified using the B<sig> and
+B<siglen> parameters. The verified data (i.e. the data believed originally
+signed) is specified using the B<tbs> and B<tbslen> parameters.
+
+=head1 NOTES
+
+After the call to EVP_PKEY_verify_init() algorithm specific control
+operations can be performed to set any appropriate parameters for the
+operation.
+
+The function EVP_PKEY_verify() can be called more than once on the same
+context if several operations are performed using the same parameters.
+
+=head1 RETURN VALUES
+
+EVP_PKEY_verify_init() and EVP_PKEY_verify() return 1 if the verification was
+successful and 0 if it failed. Unlike other functions the return value 0 from
+EVP_PKEY_verify() only indicates that the signature did not not verify
+successfully (that is tbs did not match the original data or the signature was
+of invalid form) it is not an indication of a more serious error.
+
+A negative value indicates an error other that signature verification failure.
+In particular a return value of -2 indicates the operation is not supported by
+the public key algorithm.
+
+=head1 EXAMPLE
+
+Verify signature using PKCS#1 and SHA256 digest:
+
+ #include <openssl/evp.h>
+ #include <openssl/rsa.h>
+
+ EVP_PKEY_CTX *ctx;
+ unsigned char *md, *sig;
+ size_t mdlen, siglen; 
+ EVP_PKEY *verify_key;
+ /* NB: assumes verify_key, sig, siglen md and mdlen are already set up
+  * and that verify_key is an RSA public key
+  */
+ ctx = EVP_PKEY_CTX_new(verify_key);
+ if (!ctx)
+        /* Error occurred */
+ if (EVP_PKEY_verify_init(ctx) <= 0)
+        /* Error */
+ if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
+        /* Error */
+ if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)
+        /* Error */
+
+ /* Perform operation */
+ ret = EVP_PKEY_verify(ctx, md, mdlen, sig, siglen);
+
+ /* ret == 1 indicates success, 0 verify failure and < 0 for some
+  * other error.
+  */
+
+=head1 SEE ALSO
+
+L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
+L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>,
+L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
+L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
+L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>,
+L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 
+
+=head1 HISTORY
+
+These functions were first added to OpenSSL 1.0.0.
+
+=cut
diff --git a/src/lib/libcrypto/doc/OBJ_nid2obj.pod b/src/lib/libcrypto/doc/OBJ_nid2obj.pod
index 7dcc07923f..1e45dd40f6 100644
--- a/src/lib/libcrypto/doc/OBJ_nid2obj.pod
+++ b/src/lib/libcrypto/doc/OBJ_nid2obj.pod
@@ -8,6 +8,8 @@ functions
 
 =head1 SYNOPSIS
 
+ #include <openssl/objects.h>
+
  ASN1_OBJECT * OBJ_nid2obj(int n);
  const char *  OBJ_nid2ln(int n);
  const char *  OBJ_nid2sn(int n);
diff --git a/src/lib/libcrypto/doc/PEM_write_bio_CMS_stream.pod b/src/lib/libcrypto/doc/PEM_write_bio_CMS_stream.pod
new file mode 100644
index 0000000000..e070c45c2e
--- /dev/null
+++ b/src/lib/libcrypto/doc/PEM_write_bio_CMS_stream.pod
@@ -0,0 +1,41 @@
+=pod
+
+=head1 NAME
+
+ PEM_write_bio_CMS_stream - output CMS_ContentInfo structure in PEM format.
+
+=head1 SYNOPSIS
+
+ #include <openssl/cms.h>
+ #include <openssl/pem.h>
+
+ int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags);
+
+=head1 DESCRIPTION
+
+PEM_write_bio_CMS_stream() outputs a CMS_ContentInfo structure in PEM format.
+
+It is otherwise identical to the function SMIME_write_CMS().
+
+=head1 NOTES
+
+This function is effectively a version of the PEM_write_bio_CMS() supporting
+streaming.
+
+=head1 RETURN VALUES
+
+PEM_write_bio_CMS_stream() returns 1 for success or 0 for failure.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>, L<CMS_sign(3)|CMS_sign(3)>,
+L<CMS_verify(3)|CMS_verify(3)>, L<CMS_encrypt(3)|CMS_encrypt(3)>
+L<CMS_decrypt(3)|CMS_decrypt(3)>,
+L<SMIME_write_CMS(3)|SMIME_write_CMS(3)>,
+L<i2d_CMS_bio_stream(3)|i2d_CMS_bio_stream(3)>
+
+=head1 HISTORY
+
+PEM_write_bio_CMS_stream() was added to OpenSSL 1.0.0
+
+=cut
diff --git a/src/lib/libcrypto/doc/PEM_write_bio_PKCS7_stream.pod b/src/lib/libcrypto/doc/PEM_write_bio_PKCS7_stream.pod
new file mode 100644
index 0000000000..16fc9b6845
--- /dev/null
+++ b/src/lib/libcrypto/doc/PEM_write_bio_PKCS7_stream.pod
@@ -0,0 +1,41 @@
+=pod
+
+=head1 NAME
+
+PEM_write_bio_PKCS7_stream - output PKCS7 structure in PEM format.
+
+=head1 SYNOPSIS
+
+ #include <openssl/pkcs7.h>
+ #include <openssl/pem.h>
+
+ int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *data, int flags);
+
+=head1 DESCRIPTION
+
+PEM_write_bio_PKCS7_stream() outputs a PKCS7 structure in PEM format.
+
+It is otherwise identical to the function SMIME_write_PKCS7().
+
+=head1 NOTES
+
+This function is effectively a version of the PEM_write_bio_PKCS7() supporting
+streaming.
+
+=head1 RETURN VALUES
+
+PEM_write_bio_PKCS7_stream() returns 1 for success or 0 for failure.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_sign(3)|PKCS7_sign(3)>,
+L<PKCS7_verify(3)|PKCS7_verify(3)>, L<PKCS7_encrypt(3)|PKCS7_encrypt(3)>
+L<PKCS7_decrypt(3)|PKCS7_decrypt(3)>,
+L<SMIME_write_PKCS7(3)|SMIME_write_PKCS7(3)>,
+L<i2d_PKCS7_bio_stream(3)|i2d_PKCS7_bio_stream(3)>
+
+=head1 HISTORY
+
+PEM_write_bio_PKCS7_stream() was added to OpenSSL 1.0.0
+
+=cut
diff --git a/src/lib/libcrypto/doc/PKCS12_parse.pod b/src/lib/libcrypto/doc/PKCS12_parse.pod
index 51344f883a..c54cf2ad61 100644
--- a/src/lib/libcrypto/doc/PKCS12_parse.pod
+++ b/src/lib/libcrypto/doc/PKCS12_parse.pod
@@ -20,24 +20,31 @@ certificate to B<*cert> and any additional certificates to B<*ca>.
 
 =head1 NOTES
 
-The parameters B<pkey> and B<cert> cannot be B<NULL>. B<ca> can be <NULL>
-in which case additional certificates will be discarded. B<*ca> can also
-be a valid STACK in which case additional certificates are appended to
-B<*ca>. If B<*ca> is B<NULL> a new STACK will be allocated.
+The parameters B<pkey> and B<cert> cannot be B<NULL>. B<ca> can be <NULL> in
+which case additional certificates will be discarded. B<*ca> can also be a
+valid STACK in which case additional certificates are appended to B<*ca>. If
+B<*ca> is B<NULL> a new STACK will be allocated.
 
-The B<friendlyName> and B<localKeyID> attributes (if present) on each certificate
-will be stored in the B<alias> and B<keyid> attributes of the B<X509> structure.
+The B<friendlyName> and B<localKeyID> attributes (if present) on each
+certificate will be stored in the B<alias> and B<keyid> attributes of the
+B<X509> structure.
+
+=head1 RETURN VALUES
+
+PKCS12_parse() returns 1 for success and zero if an error occurred.
+
+The error can be obtained from L<ERR_get_error(3)|ERR_get_error(3)>
 
 =head1 BUGS
 
-Only a single private key and corresponding certificate is returned by this function.
-More complex PKCS#12 files with multiple private keys will only return the first
-match.
+Only a single private key and corresponding certificate is returned by this
+function. More complex PKCS#12 files with multiple private keys will only
+return the first match.
 
-Only B<friendlyName> and B<localKeyID> attributes are currently stored in certificates.
-Other attributes are discarded.
+Only B<friendlyName> and B<localKeyID> attributes are currently stored in
+certificates. Other attributes are discarded.
 
-Attributes currently cannot be store in the private key B<EVP_PKEY> structure.
+Attributes currently cannot be stored in the private key B<EVP_PKEY> structure.
 
 =head1 SEE ALSO
 
diff --git a/src/lib/libcrypto/doc/PKCS7_decrypt.pod b/src/lib/libcrypto/doc/PKCS7_decrypt.pod
index b0ca067b89..325699d0b6 100644
--- a/src/lib/libcrypto/doc/PKCS7_decrypt.pod
+++ b/src/lib/libcrypto/doc/PKCS7_decrypt.pod
@@ -6,7 +6,9 @@ PKCS7_decrypt - decrypt content from a PKCS#7 envelopedData structure
 
 =head1 SYNOPSIS
 
-int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags);
+ #include <openssl/pkcs7.h>
+
+ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags);
 
 =head1 DESCRIPTION
 
diff --git a/src/lib/libcrypto/doc/PKCS7_encrypt.pod b/src/lib/libcrypto/doc/PKCS7_encrypt.pod
index 1a507b22a2..2cd925a7e0 100644
--- a/src/lib/libcrypto/doc/PKCS7_encrypt.pod
+++ b/src/lib/libcrypto/doc/PKCS7_encrypt.pod
@@ -6,7 +6,9 @@ PKCS7_encrypt - create a PKCS#7 envelopedData structure
 
 =head1 SYNOPSIS
 
-PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, int flags);
+ #include <openssl/pkcs7.h>
+
+ PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, int flags);
 
 =head1 DESCRIPTION
 
@@ -16,43 +18,55 @@ B<cipher> is the symmetric cipher to use. B<flags> is an optional set of flags.
 
 =head1 NOTES
 
-Only RSA keys are supported in PKCS#7 and envelopedData so the recipient certificates
-supplied to this function must all contain RSA public keys, though they do not have to
-be signed using the RSA algorithm.
+Only RSA keys are supported in PKCS#7 and envelopedData so the recipient
+certificates supplied to this function must all contain RSA public keys, though
+they do not have to be signed using the RSA algorithm.
 
-EVP_des_ede3_cbc() (triple DES) is the algorithm of choice for S/MIME use because
-most clients will support it.
+EVP_des_ede3_cbc() (triple DES) is the algorithm of choice for S/MIME use
+because most clients will support it.
 
-Some old "export grade" clients may only support weak encryption using 40 or 64 bit
-RC2. These can be used by passing EVP_rc2_40_cbc() and EVP_rc2_64_cbc() respectively.
+Some old "export grade" clients may only support weak encryption using 40 or 64
+bit RC2. These can be used by passing EVP_rc2_40_cbc() and EVP_rc2_64_cbc()
+respectively.
 
-The algorithm passed in the B<cipher> parameter must support ASN1 encoding of its
-parameters. 
+The algorithm passed in the B<cipher> parameter must support ASN1 encoding of
+its parameters. 
 
-Many browsers implement a "sign and encrypt" option which is simply an S/MIME 
+Many browsers implement a "sign and encrypt" option which is simply an S/MIME
 envelopedData containing an S/MIME signed message. This can be readily produced
 by storing the S/MIME signed message in a memory BIO and passing it to
 PKCS7_encrypt().
 
 The following flags can be passed in the B<flags> parameter.
 
-If the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain> are prepended
-to the data.
+If the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain> are
+prepended to the data.
 
-Normally the supplied content is translated into MIME canonical format (as required
-by the S/MIME specifications) if B<PKCS7_BINARY> is set no translation occurs. This
-option should be used if the supplied data is in binary format otherwise the translation
-will corrupt it. If B<PKCS7_BINARY> is set then B<PKCS7_TEXT> is ignored.
+Normally the supplied content is translated into MIME canonical format (as
+required by the S/MIME specifications) if B<PKCS7_BINARY> is set no translation
+occurs. This option should be used if the supplied data is in binary format
+otherwise the translation will corrupt it. If B<PKCS7_BINARY> is set then
+B<PKCS7_TEXT> is ignored.
 
-=head1 RETURN VALUES
+If the B<PKCS7_STREAM> flag is set a partial B<PKCS7> structure is output
+suitable for streaming I/O: no data is read from the BIO B<in>.
 
-PKCS7_encrypt() returns either a valid PKCS7 structure or NULL if an error occurred.
-The error can be obtained from ERR_get_error(3).
+=head1 NOTES
 
-=head1 BUGS
+If the flag B<PKCS7_STREAM> is set the returned B<PKCS7> structure is B<not>
+complete and outputting its contents via a function that does not
+properly finalize the B<PKCS7> structure will give unpredictable 
+results.
 
-The lack of single pass processing and need to hold all data in memory as
-mentioned in PKCS7_sign() also applies to PKCS7_verify().
+Several functions including SMIME_write_PKCS7(), i2d_PKCS7_bio_stream(),
+PEM_write_bio_PKCS7_stream() finalize the structure. Alternatively finalization
+can be performed by obtaining the streaming ASN1 B<BIO> directly using
+BIO_new_PKCS7().
+
+=head1 RETURN VALUES
+
+PKCS7_encrypt() returns either a PKCS7 structure or NULL if an error occurred.
+The error can be obtained from ERR_get_error(3).
 
 =head1 SEE ALSO
 
@@ -61,5 +75,6 @@ L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_decrypt(3)|PKCS7_decrypt(3)>
 =head1 HISTORY
 
 PKCS7_decrypt() was added to OpenSSL 0.9.5
+The B<PKCS7_STREAM> flag was first supported in OpenSSL 1.0.0.
 
 =cut
diff --git a/src/lib/libcrypto/doc/PKCS7_sign.pod b/src/lib/libcrypto/doc/PKCS7_sign.pod
index ffd0c734b0..64a35144f8 100644
--- a/src/lib/libcrypto/doc/PKCS7_sign.pod
+++ b/src/lib/libcrypto/doc/PKCS7_sign.pod
@@ -6,14 +6,16 @@ PKCS7_sign - create a PKCS#7 signedData structure
 
 =head1 SYNOPSIS
 
-PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data, int flags);
+ #include <openssl/pkcs7.h>
+
+ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data, int flags);
 
 =head1 DESCRIPTION
 
-PKCS7_sign() creates and returns a PKCS#7 signedData structure. B<signcert>
-is the certificate to sign with, B<pkey> is the corresponsding private key.
-B<certs> is an optional additional set of certificates to include in the
-PKCS#7 structure (for example any intermediate CAs in the chain). 
+PKCS7_sign() creates and returns a PKCS#7 signedData structure. B<signcert> is
+the certificate to sign with, B<pkey> is the corresponsding private key.
+B<certs> is an optional additional set of certificates to include in the PKCS#7
+structure (for example any intermediate CAs in the chain). 
 
 The data to be signed is read from BIO B<data>.
 
@@ -21,72 +23,83 @@ B<flags> is an optional set of flags.
 
 =head1 NOTES
 
-Any of the following flags (ored together) can be passed in the B<flags> parameter.
+Any of the following flags (ored together) can be passed in the B<flags>
+parameter.
 
 Many S/MIME clients expect the signed content to include valid MIME headers. If
 the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain> are prepended
 to the data.
 
 If B<PKCS7_NOCERTS> is set the signer's certificate will not be included in the
-PKCS7 structure, the signer's certificate must still be supplied in the B<signcert>
-parameter though. This can reduce the size of the signature if the signers certificate
-can be obtained by other means: for example a previously signed message.
-
-The data being signed is included in the PKCS7 structure, unless B<PKCS7_DETACHED> 
-is set in which case it is omitted. This is used for PKCS7 detached signatures
-which are used in S/MIME plaintext signed messages for example.
+PKCS7 structure, the signer's certificate must still be supplied in the
+B<signcert> parameter though. This can reduce the size of the signature if the
+signers certificate can be obtained by other means: for example a previously
+signed message.
+
+The data being signed is included in the PKCS7 structure, unless
+B<PKCS7_DETACHED> is set in which case it is omitted. This is used for PKCS7
+detached signatures which are used in S/MIME plaintext signed messages for
+example.
+
+Normally the supplied content is translated into MIME canonical format (as
+required by the S/MIME specifications) if B<PKCS7_BINARY> is set no translation
+occurs. This option should be used if the supplied data is in binary format
+otherwise the translation will corrupt it.
+
+The signedData structure includes several PKCS#7 autenticatedAttributes
+including the signing time, the PKCS#7 content type and the supported list of
+ciphers in an SMIMECapabilities attribute. If B<PKCS7_NOATTR> is set then no
+authenticatedAttributes will be used. If B<PKCS7_NOSMIMECAP> is set then just
+the SMIMECapabilities are omitted.
 
-Normally the supplied content is translated into MIME canonical format (as required
-by the S/MIME specifications) if B<PKCS7_BINARY> is set no translation occurs. This
-option should be used if the supplied data is in binary format otherwise the translation
-will corrupt it.
+If present the SMIMECapabilities attribute indicates support for the following
+algorithms: triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. If any of
+these algorithms is disabled then it will not be included.
 
-The signedData structure includes several PKCS#7 autenticatedAttributes including
-the signing time, the PKCS#7 content type and the supported list of ciphers in
-an SMIMECapabilities attribute. If B<PKCS7_NOATTR> is set then no authenticatedAttributes
-will be used. If B<PKCS7_NOSMIMECAP> is set then just the SMIMECapabilities are
-omitted.
+If the flags B<PKCS7_STREAM> is set then the returned B<PKCS7> structure is
+just initialized ready to perform the signing operation. The signing is however
+B<not> performed and the data to be signed is not read from the B<data>
+parameter. Signing is deferred until after the data has been written. In this
+way data can be signed in a single pass.
 
-If present the SMIMECapabilities attribute indicates support for the following
-algorithms: triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. If any
-of these algorithms is disabled then it will not be included.
+If the B<PKCS7_PARTIAL> flag is set a partial B<PKCS7> structure is output to
+which additional signers and capabilities can be added before finalization.
 
-If the flags B<PKCS7_PARTSIGN> is set then the returned B<PKCS7> structure
-is just initialized ready to perform the signing operation. The signing
-is however B<not> performed and the data to be signed is not read from
-the B<data> parameter. Signing is deferred until after the data has been
-written. In this way data can be signed in a single pass. Currently the
-flag B<PKCS7_DETACHED> B<must> also be set.
 
 =head1 NOTES
 
-Currently the flag B<PKCS7_PARTSIGN> is only supported for detached
-data. If this flag is set the returned B<PKCS7> structure is B<not>
-complete and outputting its contents via a function that does not
-properly finalize the B<PKCS7> structure will give unpredictable 
-results.
+If the flag B<PKCS7_STREAM> is set the returned B<PKCS7> structure is B<not>
+complete and outputting its contents via a function that does not properly
+finalize the B<PKCS7> structure will give unpredictable results.
 
-At present only the SMIME_write_PKCS7() function properly finalizes the
-structure.
+Several functions including SMIME_write_PKCS7(), i2d_PKCS7_bio_stream(),
+PEM_write_bio_PKCS7_stream() finalize the structure. Alternatively finalization
+can be performed by obtaining the streaming ASN1 B<BIO> directly using
+BIO_new_PKCS7().
 
-=head1 BUGS
+If a signer is specified it will use the default digest for the signing
+algorithm. This is B<SHA1> for both RSA and DSA keys.
+
+In OpenSSL 1.0.0 the B<certs>, B<signcert> and B<pkey> parameters can all be
+B<NULL> if the B<PKCS7_PARTIAL> flag is set. One or more signers can be added
+using the function B<PKCS7_sign_add_signer()>. B<PKCS7_final()> must also be
+called to finalize the structure if streaming is not enabled. Alternative
+signing digests can also be specified using this method.
 
-PKCS7_sign() is somewhat limited. It does not support multiple signers, some
-advanced attributes such as counter signatures are not supported.
+In OpenSSL 1.0.0 if B<signcert> and B<pkey> are NULL then a certificates only
+PKCS#7 structure is output.
 
-The SHA1 digest algorithm is currently always used.
+In versions of OpenSSL before 1.0.0 the B<signcert> and B<pkey> parameters must
+B<NOT> be NULL.
 
-When the signed data is not detached it will be stored in memory within the
-B<PKCS7> structure. This effectively limits the size of messages which can be
-signed due to memory restraints. There should be a way to sign data without
-having to hold it all in memory, this would however require fairly major
-revisions of the OpenSSL ASN1 code.
+=head1 BUGS
 
+Some advanced attributes such as counter signatures are not supported.
 
 =head1 RETURN VALUES
 
-PKCS7_sign() returns either a valid PKCS7 structure or NULL if an error occurred.
-The error can be obtained from ERR_get_error(3).
+PKCS7_sign() returns either a valid PKCS7 structure or NULL if an error
+occurred.  The error can be obtained from ERR_get_error(3).
 
 =head1 SEE ALSO
 
@@ -96,6 +109,8 @@ L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_verify(3)|PKCS7_verify(3)>
 
 PKCS7_sign() was added to OpenSSL 0.9.5
 
-The B<PKCS7_PARTSIGN> flag was added in OpenSSL 0.9.8
+The B<PKCS7_PARTIAL> flag was added in OpenSSL 1.0.0
+
+The B<PKCS7_STREAM> flag was added in OpenSSL 1.0.0
 
 =cut
diff --git a/src/lib/libcrypto/doc/PKCS7_sign_add_signer.pod b/src/lib/libcrypto/doc/PKCS7_sign_add_signer.pod
new file mode 100644
index 0000000000..ebec4d57de
--- /dev/null
+++ b/src/lib/libcrypto/doc/PKCS7_sign_add_signer.pod
@@ -0,0 +1,87 @@
+=pod
+
+=head1 NAME
+
+PKCS7_sign_add_signer - add a signer PKCS7 signed data structure.
+
+=head1 SYNOPSIS
+
+ #include <openssl/pkcs7.h>
+
+ PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert, EVP_PKEY *pkey, const EVP_MD *md, int flags);
+
+
+=head1 DESCRIPTION
+
+PKCS7_sign_add_signer() adds a signer with certificate B<signcert> and private
+key B<pkey> using message digest B<md> to a PKCS7 signed data structure
+B<p7>.
+
+The PKCS7 structure should be obtained from an initial call to PKCS7_sign()
+with the flag B<PKCS7_PARTIAL> set or in the case or re-signing a valid PKCS7
+signed data structure.
+
+If the B<md> parameter is B<NULL> then the default digest for the public
+key algorithm will be used.
+
+Unless the B<PKCS7_REUSE_DIGEST> flag is set the returned PKCS7 structure
+is not complete and must be finalized either by streaming (if applicable) or
+a call to PKCS7_final().
+
+
+=head1 NOTES
+
+The main purpose of this function is to provide finer control over a PKCS#7
+signed data structure where the simpler PKCS7_sign() function defaults are
+not appropriate. For example if multiple signers or non default digest
+algorithms are needed.
+
+Any of the following flags (ored together) can be passed in the B<flags>
+parameter.
+
+If B<PKCS7_REUSE_DIGEST> is set then an attempt is made to copy the content
+digest value from the PKCS7 struture: to add a signer to an existing structure.
+An error occurs if a matching digest value cannot be found to copy. The
+returned PKCS7 structure will be valid and finalized when this flag is set.
+
+If B<PKCS7_PARTIAL> is set in addition to B<PKCS7_REUSE_DIGEST> then the 
+B<PKCS7_SIGNER_INO> structure will not be finalized so additional attributes
+can be added. In this case an explicit call to PKCS7_SIGNER_INFO_sign() is
+needed to finalize it.
+
+If B<PKCS7_NOCERTS> is set the signer's certificate will not be included in the
+PKCS7 structure, the signer's certificate must still be supplied in the
+B<signcert> parameter though. This can reduce the size of the signature if the
+signers certificate can be obtained by other means: for example a previously
+signed message.
+
+The signedData structure includes several PKCS#7 autenticatedAttributes
+including the signing time, the PKCS#7 content type and the supported list of
+ciphers in an SMIMECapabilities attribute. If B<PKCS7_NOATTR> is set then no
+authenticatedAttributes will be used. If B<PKCS7_NOSMIMECAP> is set then just
+the SMIMECapabilities are omitted.
+
+If present the SMIMECapabilities attribute indicates support for the following
+algorithms: triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. If any of
+these algorithms is disabled then it will not be included.
+
+
+PKCS7_sign_add_signers() returns an internal pointer to the PKCS7_SIGNER_INFO
+structure just added, this can be used to set additional attributes 
+before it is finalized.
+
+=head1 RETURN VALUES
+
+PKCS7_sign_add_signers() returns an internal pointer to the PKCS7_SIGNER_INFO
+structure just added or NULL if an error occurs.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_sign(3)|PKCS7_sign(3)>,
+L<PKCS7_final(3)|PKCS7_final(3)>,
+
+=head1 HISTORY
+
+PPKCS7_sign_add_signer() was added to OpenSSL 1.0.0
+
+=cut
diff --git a/src/lib/libcrypto/doc/PKCS7_verify.pod b/src/lib/libcrypto/doc/PKCS7_verify.pod
index 3490b5dc82..7c10a4cc3c 100644
--- a/src/lib/libcrypto/doc/PKCS7_verify.pod
+++ b/src/lib/libcrypto/doc/PKCS7_verify.pod
@@ -6,9 +6,11 @@ PKCS7_verify - verify a PKCS#7 signedData structure
 
 =head1 SYNOPSIS
 
-int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, BIO *out, int flags);
+ #include <openssl/pkcs7.h>
 
-STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags);
+ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, BIO *out, int flags);
+
+ STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags);
 
 =head1 DESCRIPTION
 
diff --git a/src/lib/libcrypto/doc/SMIME_read_CMS.pod b/src/lib/libcrypto/doc/SMIME_read_CMS.pod
new file mode 100644
index 0000000000..acc5524c14
--- /dev/null
+++ b/src/lib/libcrypto/doc/SMIME_read_CMS.pod
@@ -0,0 +1,70 @@
+=pod
+
+=head1 NAME
+
+ SMIME_read_CMS - parse S/MIME message.
+
+=head1 SYNOPSIS
+
+ #include <openssl/cms.h>
+
+ CMS_ContentInfo *SMIME_read_CMS(BIO *in, BIO **bcont);
+
+=head1 DESCRIPTION
+
+SMIME_read_CMS() parses a message in S/MIME format.
+
+B<in> is a BIO to read the message from.
+
+If cleartext signing is used then the content is saved in a memory bio which is
+written to B<*bcont>, otherwise B<*bcont> is set to NULL.
+
+The parsed CMS_ContentInfo structure is returned or NULL if an
+error occurred.
+
+=head1 NOTES
+
+If B<*bcont> is not NULL then the message is clear text signed. B<*bcont> can
+then be passed to CMS_verify() with the B<CMS_DETACHED> flag set.
+
+Otherwise the type of the returned structure can be determined
+using CMS_get0_type().
+
+To support future functionality if B<bcont> is not NULL B<*bcont> should be
+initialized to NULL. For example:
+
+ BIO *cont = NULL;
+ CMS_ContentInfo *cms;
+
+ cms = SMIME_read_CMS(in, &cont);
+
+=head1 BUGS
+
+The MIME parser used by SMIME_read_CMS() is somewhat primitive.  While it will
+handle most S/MIME messages more complex compound formats may not work.
+
+The parser assumes that the CMS_ContentInfo structure is always base64 encoded
+and will not handle the case where it is in binary format or uses quoted
+printable format.
+
+The use of a memory BIO to hold the signed content limits the size of message
+which can be processed due to memory restraints: a streaming single pass option
+should be available.
+
+=head1 RETURN VALUES
+
+SMIME_read_CMS() returns a valid B<CMS_ContentInfo> structure or B<NULL>
+if an error occurred. The error can be obtained from ERR_get_error(3).
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>, L<CMS_type(3)|CMS_type(3)>
+L<SMIME_read_CMS(3)|SMIME_read_CMS(3)>, L<CMS_sign(3)|CMS_sign(3)>,
+L<CMS_verify(3)|CMS_verify(3)>, L<CMS_encrypt(3)|CMS_encrypt(3)>
+L<CMS_decrypt(3)|CMS_decrypt(3)>
+
+=head1 HISTORY
+
+SMIME_read_CMS() was added to OpenSSL 0.9.8
+
+=cut
diff --git a/src/lib/libcrypto/doc/SMIME_read_PKCS7.pod b/src/lib/libcrypto/doc/SMIME_read_PKCS7.pod
index ffafa37887..9d46715941 100644
--- a/src/lib/libcrypto/doc/SMIME_read_PKCS7.pod
+++ b/src/lib/libcrypto/doc/SMIME_read_PKCS7.pod
@@ -6,7 +6,9 @@ SMIME_read_PKCS7 - parse S/MIME message.
 
 =head1 SYNOPSIS
 
-PKCS7 *SMIME_read_PKCS7(BIO *in, BIO **bcont);
+ #include <openssl/pkcs7.h>
+
+ PKCS7 *SMIME_read_PKCS7(BIO *in, BIO **bcont);
 
 =head1 DESCRIPTION
 
diff --git a/src/lib/libcrypto/doc/SMIME_write_CMS.pod b/src/lib/libcrypto/doc/SMIME_write_CMS.pod
new file mode 100644
index 0000000000..04bedfb429
--- /dev/null
+++ b/src/lib/libcrypto/doc/SMIME_write_CMS.pod
@@ -0,0 +1,64 @@
+=pod
+
+=head1 NAME
+
+ SMIME_write_CMS - convert CMS structure to S/MIME format.
+
+=head1 SYNOPSIS
+
+ #include <openssl/cms.h>
+
+ int SMIME_write_CMS(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags);
+
+=head1 DESCRIPTION
+
+SMIME_write_CMS() adds the appropriate MIME headers to a CMS
+structure to produce an S/MIME message.
+
+B<out> is the BIO to write the data to. B<cms> is the appropriate
+B<CMS_ContentInfo> structure. If streaming is enabled then the content must be
+supplied in the B<data> argument. B<flags> is an optional set of flags.
+
+=head1 NOTES
+
+The following flags can be passed in the B<flags> parameter.
+
+If B<CMS_DETACHED> is set then cleartext signing will be used, this option only
+makes sense for SignedData where B<CMS_DETACHED> is also set when CMS_sign() is
+called.
+
+If the B<CMS_TEXT> flag is set MIME headers for type B<text/plain> are added to
+the content, this only makes sense if B<CMS_DETACHED> is also set.
+
+If the B<CMS_STREAM> flag is set streaming is performed. This flag should only
+be set if B<CMS_STREAM> was also set in the previous call to a CMS_ContentInfo
+creation function.
+
+If cleartext signing is being used and B<CMS_STREAM> not set then the data must
+be read twice: once to compute the signature in CMS_sign() and once to output
+the S/MIME message.
+
+If streaming is performed the content is output in BER format using indefinite
+length constructed encoding except in the case of signed data with detached
+content where the content is absent and DER format is used.
+
+=head1 BUGS
+
+SMIME_write_CMS() always base64 encodes CMS structures, there should be an
+option to disable this.
+
+=head1 RETURN VALUES
+
+SMIME_write_CMS() returns 1 for success or 0 for failure.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>, L<CMS_sign(3)|CMS_sign(3)>,
+L<CMS_verify(3)|CMS_verify(3)>, L<CMS_encrypt(3)|CMS_encrypt(3)>
+L<CMS_decrypt(3)|CMS_decrypt(3)>
+
+=head1 HISTORY
+
+SMIME_write_CMS() was added to OpenSSL 0.9.8
+
+=cut
diff --git a/src/lib/libcrypto/doc/SMIME_write_PKCS7.pod b/src/lib/libcrypto/doc/SMIME_write_PKCS7.pod
index 61945b3887..ca6bd02763 100644
--- a/src/lib/libcrypto/doc/SMIME_write_PKCS7.pod
+++ b/src/lib/libcrypto/doc/SMIME_write_PKCS7.pod
@@ -6,17 +6,18 @@ SMIME_write_PKCS7 - convert PKCS#7 structure to S/MIME format.
 
 =head1 SYNOPSIS
 
-int SMIME_write_PKCS7(BIO *out, PKCS7 *p7, BIO *data, int flags);
+ #include <openssl/pkcs7.h>
+
+ int SMIME_write_PKCS7(BIO *out, PKCS7 *p7, BIO *data, int flags);
 
 =head1 DESCRIPTION
 
 SMIME_write_PKCS7() adds the appropriate MIME headers to a PKCS#7
 structure to produce an S/MIME message.
 
-B<out> is the BIO to write the data to. B<p7> is the appropriate
-B<PKCS7> structure. If cleartext signing (B<multipart/signed>) is
-being used then the signed data must be supplied in the B<data> 
-argument. B<flags> is an optional set of flags.
+B<out> is the BIO to write the data to. B<p7> is the appropriate B<PKCS7>
+structure. If streaming is enabled then the content must be supplied in the
+B<data> argument. B<flags> is an optional set of flags.
 
 =head1 NOTES
 
@@ -30,15 +31,18 @@ If the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain>
 are added to the content, this only makes sense if B<PKCS7_DETACHED>
 is also set.
 
-If the B<PKCS7_PARTSIGN> flag is set the signed data is finalized
-and output along with the content. This flag should only be set
-if B<PKCS7_DETACHED> is also set and the previous call to PKCS7_sign()
-also set these flags.
+If the B<PKCS7_STREAM> flag is set streaming is performed. This flag should
+only be set if B<PKCS7_STREAM> was also set in the previous call to
+PKCS7_sign() or B<PKCS7_encrypt()>.
 
-If cleartext signing is being used and B<PKCS7_PARTSIGN> not set then
+If cleartext signing is being used and B<PKCS7_STREAM> not set then
 the data must be read twice: once to compute the signature in PKCS7_sign()
 and once to output the S/MIME message.
 
+If streaming is performed the content is output in BER format using indefinite
+length constructuted encoding except in the case of signed data with detached
+content where the content is absent and DER format is used.
+
 =head1 BUGS
 
 SMIME_write_PKCS7() always base64 encodes PKCS#7 structures, there
diff --git a/src/lib/libcrypto/doc/X509_NAME_ENTRY_get_object.pod b/src/lib/libcrypto/doc/X509_NAME_ENTRY_get_object.pod
index 11b35f6fd3..41902c0d45 100644
--- a/src/lib/libcrypto/doc/X509_NAME_ENTRY_get_object.pod
+++ b/src/lib/libcrypto/doc/X509_NAME_ENTRY_get_object.pod
@@ -9,15 +9,17 @@ X509_NAME_ENTRY_create_by_OBJ - X509_NAME_ENTRY utility functions
 
 =head1 SYNOPSIS
 
-ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne);
-ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne);
+ #include <openssl/x509.h>
 
-int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj);
-int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, const unsigned char *bytes, int len);
+ ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne);
+ ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne);
 
-X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, const char *field, int type, const unsigned char *bytes, int len);
-X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, int type,unsigned char *bytes, int len);
-X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len);
+ int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj);
+ int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, const unsigned char *bytes, int len);
+
+ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, const char *field, int type, const unsigned char *bytes, int len);
+ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, int type,unsigned char *bytes, int len);
+ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len);
 
 =head1 DESCRIPTION
 
diff --git a/src/lib/libcrypto/doc/X509_NAME_add_entry_by_txt.pod b/src/lib/libcrypto/doc/X509_NAME_add_entry_by_txt.pod
index e2ab4b0d2b..1afd008cb3 100644
--- a/src/lib/libcrypto/doc/X509_NAME_add_entry_by_txt.pod
+++ b/src/lib/libcrypto/doc/X509_NAME_add_entry_by_txt.pod
@@ -7,15 +7,17 @@ X509_NAME_add_entry, X509_NAME_delete_entry - X509_NAME modification functions
 
 =head1 SYNOPSIS
 
-int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, const unsigned char *bytes, int len, int loc, int set);
+ #include <openssl/x509.h>
 
-int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type, unsigned char *bytes, int len, int loc, int set);
+ int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, const unsigned char *bytes, int len, int loc, int set);
 
-int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, unsigned char *bytes, int len, int loc, int set);
+ int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type, unsigned char *bytes, int len, int loc, int set);
 
-int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne, int loc, int set);
+ int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, unsigned char *bytes, int len, int loc, int set);
 
-X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
+ int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne, int loc, int set);
+
+ X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
 
 =head1 DESCRIPTION
 
diff --git a/src/lib/libcrypto/doc/X509_NAME_get_index_by_NID.pod b/src/lib/libcrypto/doc/X509_NAME_get_index_by_NID.pod
index 333323d734..3b1f9ff43b 100644
--- a/src/lib/libcrypto/doc/X509_NAME_get_index_by_NID.pod
+++ b/src/lib/libcrypto/doc/X509_NAME_get_index_by_NID.pod
@@ -8,14 +8,16 @@ X509_NAME lookup and enumeration functions
 
 =head1 SYNOPSIS
 
-int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos);
-int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj, int lastpos);
+ #include <openssl/x509.h>
 
-int X509_NAME_entry_count(X509_NAME *name);
-X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc);
+ int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos);
+ int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj, int lastpos);
 
-int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf,int len);
-int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf,int len);
+ int X509_NAME_entry_count(X509_NAME *name);
+ X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc);
+
+ int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf,int len);
+ int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf,int len);
 
 =head1 DESCRIPTION
 
diff --git a/src/lib/libcrypto/doc/X509_STORE_CTX_get_error.pod b/src/lib/libcrypto/doc/X509_STORE_CTX_get_error.pod
new file mode 100644
index 0000000000..a883f6c097
--- /dev/null
+++ b/src/lib/libcrypto/doc/X509_STORE_CTX_get_error.pod
@@ -0,0 +1,303 @@
+=pod
+
+=head1 NAME
+
+X509_STORE_CTX_get_error, X509_STORE_CTX_set_error, X509_STORE_CTX_get_error_depth, X509_STORE_CTX_get_current_cert, X509_STORE_CTX_get1_chain, X509_verify_cert_error_string - get or set certificate verification status information
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509.h>
+ #include <openssl/x509_vfy.h>
+
+ int    X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
+ void   X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s);
+ int    X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
+ X509 * X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
+
+ STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx);
+
+ const char *X509_verify_cert_error_string(long n);
+
+=head1 DESCRIPTION
+
+These functions are typically called after X509_verify_cert() has indicated
+an error or in a verification callback to determine the nature of an error.
+
+X509_STORE_CTX_get_error() returns the error code of B<ctx>, see
+the B<ERROR CODES> section for a full description of all error codes.
+
+X509_STORE_CTX_set_error() sets the error code of B<ctx> to B<s>. For example
+it might be used in a verification callback to set an error based on additional
+checks.
+
+X509_STORE_CTX_get_error_depth() returns the B<depth> of the error. This is a
+non-negative integer representing where in the certificate chain the error
+occurred. If it is zero it occured in the end entity certificate, one if
+it is the certificate which signed the end entity certificate and so on.
+
+X509_STORE_CTX_get_current_cert() returns the certificate in B<ctx> which
+caused the error or B<NULL> if no certificate is relevant.
+
+X509_STORE_CTX_get1_chain() returns a complete validate chain if a previous
+call to X509_verify_cert() is successful. If the call to X509_verify_cert()
+is B<not> successful the returned chain may be incomplete or invalid. The
+returned chain persists after the B<ctx> structure is freed, when it is
+no longer needed it should be free up using:
+
+  sk_X509_pop_free(chain, X509_free);
+
+X509_verify_cert_error_string() returns a human readable error string for
+verification error B<n>.
+
+=head1 RETURN VALUES
+
+X509_STORE_CTX_get_error() returns B<X509_V_OK> or an error code.
+
+X509_STORE_CTX_get_error_depth() returns a non-negative error depth.
+
+X509_STORE_CTX_get_current_cert() returns the cerificate which caused the
+error or B<NULL> if no certificate is relevant to the error.
+
+X509_verify_cert_error_string() returns a human readable error string for
+verification error B<n>.
+
+=head1 ERROR CODES
+
+A list of error codes and messages is shown below.  Some of the
+error codes are defined but currently never returned: these are described as
+"unused".
+
+=over 4
+
+=item B<X509_V_OK: ok>
+
+the operation was successful.
+
+=item B<X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate>
+
+the issuer certificate could not be found: this occurs if the issuer certificate
+of an untrusted certificate cannot be found.
+
+=item B<X509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate CRL>
+
+the CRL of a certificate could not be found.
+
+=item B<X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature>
+
+the certificate signature could not be decrypted. This means that the actual
+signature value could not be determined rather than it not matching the
+expected value, this is only meaningful for RSA keys.
+
+=item B<X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt CRL's signature>
+
+the CRL signature could not be decrypted: this means that the actual signature
+value could not be determined rather than it not matching the expected value.
+Unused.
+
+=item B<X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode issuer public key>
+
+the public key in the certificate SubjectPublicKeyInfo could not be read.
+
+=item B<X509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure>
+
+the signature of the certificate is invalid.
+
+=item B<X509_V_ERR_CRL_SIGNATURE_FAILURE: CRL signature failure>
+
+the signature of the certificate is invalid.
+
+=item B<X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid>
+
+the certificate is not yet valid: the notBefore date is after the current time.
+
+=item B<X509_V_ERR_CERT_HAS_EXPIRED: certificate has expired>
+
+the certificate has expired: that is the notAfter date is before the current time.
+
+=item B<X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid>
+
+the CRL is not yet valid.
+
+=item B<X509_V_ERR_CRL_HAS_EXPIRED: CRL has expired>
+
+the CRL has expired.
+
+=item B<X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field>
+
+the certificate notBefore field contains an invalid time.
+
+=item B<X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's notAfter field>
+
+the certificate notAfter field contains an invalid time.
+
+=item B<X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in CRL's lastUpdate field>
+
+the CRL lastUpdate field contains an invalid time.
+
+=item B<X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in CRL's nextUpdate field>
+
+the CRL nextUpdate field contains an invalid time.
+
+=item B<X509_V_ERR_OUT_OF_MEM: out of memory>
+
+an error occurred trying to allocate memory. This should never happen.
+
+=item B<X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate>
+
+the passed certificate is self signed and the same certificate cannot be found
+in the list of trusted certificates.
+
+=item B<X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain>
+
+the certificate chain could be built up using the untrusted certificates but
+the root could not be found locally.
+
+=item B<X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate>
+
+the issuer certificate of a locally looked up certificate could not be found.
+This normally means the list of trusted certificates is not complete.
+
+=item B<X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate>
+
+no signatures could be verified because the chain contains only one certificate
+and it is not self signed.
+
+=item B<X509_V_ERR_CERT_CHAIN_TOO_LONG: certificate chain too long>
+
+the certificate chain length is greater than the supplied maximum depth. Unused.
+
+=item B<X509_V_ERR_CERT_REVOKED: certificate revoked>
+
+the certificate has been revoked.
+
+=item B<X509_V_ERR_INVALID_CA: invalid CA certificate>
+
+a CA certificate is invalid. Either it is not a CA or its extensions are not
+consistent with the supplied purpose.
+
+=item B<X509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded>
+
+the basicConstraints pathlength parameter has been exceeded.
+
+=item B<X509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose>
+
+the supplied certificate cannot be used for the specified purpose.
+
+=item B<X509_V_ERR_CERT_UNTRUSTED: certificate not trusted>
+
+the root CA is not marked as trusted for the specified purpose.
+
+=item B<X509_V_ERR_CERT_REJECTED: certificate rejected>
+
+the root CA is marked to reject the specified purpose.
+
+=item B<X509_V_ERR_SUBJECT_ISSUER_MISMATCH: subject issuer mismatch>
+
+the current candidate issuer certificate was rejected because its subject name
+did not match the issuer name of the current certificate. This is only set
+if issuer check debugging is enabled it is used for status notification and
+is B<not> in itself an error.
+
+=item B<X509_V_ERR_AKID_SKID_MISMATCH: authority and subject key identifier mismatch>
+
+the current candidate issuer certificate was rejected because its subject key
+identifier was present and did not match the authority key identifier current
+certificate. This is only set if issuer check debugging is enabled it is used
+for status notification and is B<not> in itself an error.
+
+=item B<X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: authority and issuer serial number mismatch>
+
+the current candidate issuer certificate was rejected because its issuer name
+and serial number was present and did not match the authority key identifier of
+the current certificate. This is only set if issuer check debugging is enabled
+it is used for status notification and is B<not> in itself an error.
+
+=item B<X509_V_ERR_KEYUSAGE_NO_CERTSIGN:key usage does not include certificate signing>
+
+the current candidate issuer certificate was rejected because its keyUsage
+extension does not permit certificate signing. This is only set if issuer check
+debugging is enabled it is used for status notification and is B<not> in itself
+an error.
+
+=item B<X509_V_ERR_INVALID_EXTENSION: invalid or inconsistent certificate extension>
+
+A certificate extension had an invalid value (for example an incorrect
+encoding) or some value inconsistent with other extensions.
+
+
+=item B<X509_V_ERR_INVALID_POLICY_EXTENSION: invalid or inconsistent certificate policy extension>
+
+A certificate policies extension had an invalid value (for example an incorrect
+encoding) or some value inconsistent with other extensions. This error only
+occurs if policy processing is enabled.
+
+=item B<X509_V_ERR_NO_EXPLICIT_POLICY: no explicit policy>
+
+The verification flags were set to require and explicit policy but none was
+present.
+
+=item B<X509_V_ERR_DIFFERENT_CRL_SCOPE: Different CRL scope>
+
+The only CRLs that could be found did not match the scope of the certificate.
+
+=item B<X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE: Unsupported extension feature>
+
+Some feature of a certificate extension is not supported. Unused.
+
+=item B<X509_V_ERR_PERMITTED_VIOLATION: permitted subtree violation>
+
+A name constraint violation occured in the permitted subtrees.
+
+=item B<X509_V_ERR_EXCLUDED_VIOLATION: excluded subtree violation>
+
+A name constraint violation occured in the excluded subtrees.
+
+=item B<X509_V_ERR_SUBTREE_MINMAX: name constraints minimum and maximum not supported>
+
+A certificate name constraints extension included a minimum or maximum field:
+this is not supported.
+
+=item B<X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: unsupported name constraint type>
+
+An unsupported name constraint type was encountered. OpenSSL currently only
+supports directory name, DNS name, email and URI types.
+
+=item B<X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: unsupported or invalid name constraint syntax>
+
+The format of the name constraint is not recognised: for example an email
+address format of a form not mentioned in RFC3280. This could be caused by
+a garbage extension or some new feature not currently supported.
+
+=item B<X509_V_ERR_CRL_PATH_VALIDATION_ERROR: CRL path validation error>
+
+An error occured when attempting to verify the CRL path. This error can only
+happen if extended CRL checking is enabled.
+
+=item B<X509_V_ERR_APPLICATION_VERIFICATION: application verification failure>
+
+an application specific error. This will never be returned unless explicitly
+set by an application.
+
+=head1 NOTES
+
+The above functions should be used instead of directly referencing the fields
+in the B<X509_VERIFY_CTX> structure.
+
+In versions of OpenSSL before 1.0 the current certificate returned by
+X509_STORE_CTX_get_current_cert() was never B<NULL>. Applications should
+check the return value before printing out any debugging information relating
+to the current certificate.
+
+If an unrecognised error code is passed to X509_verify_cert_error_string() the
+numerical value of the unknown code is returned in a static buffer. This is not
+thread safe but will never happen unless an invalid code is passed.
+
+=head1 SEE ALSO
+
+L<X509_verify_cert(3)|X509_verify_cert(3)>
+
+=head1 HISTORY
+
+TBA
+
+=cut
diff --git a/src/lib/libcrypto/doc/X509_STORE_CTX_get_ex_new_index.pod b/src/lib/libcrypto/doc/X509_STORE_CTX_get_ex_new_index.pod
new file mode 100644
index 0000000000..8d6b9dda47
--- /dev/null
+++ b/src/lib/libcrypto/doc/X509_STORE_CTX_get_ex_new_index.pod
@@ -0,0 +1,41 @@
+=pod
+
+=head1 NAME
+
+X509_STORE_CTX_get_ex_new_index, X509_STORE_CTX_set_ex_data, X509_STORE_CTX_get_ex_data - add application specific data to X509_STORE_CTX structures
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509_vfy.h>
+
+ int X509_STORE_CTX_get_ex_new_index(long argl, void *argp,
+                CRYPTO_EX_new *new_func,
+                CRYPTO_EX_dup *dup_func,
+                CRYPTO_EX_free *free_func);
+
+ int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *d, int idx, void *arg);
+
+ char *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *d, int idx);
+
+=head1 DESCRIPTION
+
+These functions handle application specific data in X509_STORE_CTX structures.
+Their usage is identical to that of RSA_get_ex_new_index(), RSA_set_ex_data()
+and RSA_get_ex_data() as described in L<RSA_get_ex_new_index(3)>.
+
+=head1 NOTES
+
+This mechanism is used internally by the B<ssl> library to store the B<SSL>
+structure associated with a verification operation in an B<X509_STORE_CTX>
+structure. 
+
+=head1 SEE ALSO
+
+L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>
+
+=head1 HISTORY
+
+X509_STORE_CTX_get_ex_new_index(), X509_STORE_CTX_set_ex_data() and
+X509_STORE_CTX_get_ex_data() are available since OpenSSL 0.9.5.
+
+=cut
diff --git a/src/lib/libcrypto/doc/X509_STORE_CTX_new.pod b/src/lib/libcrypto/doc/X509_STORE_CTX_new.pod
new file mode 100644
index 0000000000..b17888f149
--- /dev/null
+++ b/src/lib/libcrypto/doc/X509_STORE_CTX_new.pod
@@ -0,0 +1,122 @@
+=pod
+
+=head1 NAME
+
+X509_STORE_CTX_new, X509_STORE_CTX_cleanup, X509_STORE_CTX_free, X509_STORE_CTX_init, X509_STORE_CTX_trusted_stack, X509_STORE_CTX_set_cert, X509_STORE_CTX_set_chain, X509_STORE_CTX_set0_crls, X509_STORE_CTX_get0_param, X509_STORE_CTX_set0_param, X509_STORE_CTX_set_default - X509_STORE_CTX initialisation
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509_vfy.h>
+
+ X509_STORE_CTX *X509_STORE_CTX_new(void);
+ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
+ void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
+
+ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
+                         X509 *x509, STACK_OF(X509) *chain);
+
+ void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
+
+ void   X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx,X509 *x);
+ void   X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx,STACK_OF(X509) *sk);
+ void   X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk);
+
+ X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx);
+ void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param);
+ int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name);
+
+=head1 DESCRIPTION
+
+These functions initialise an B<X509_STORE_CTX> structure for subsequent use
+by X509_verify_cert().
+
+X509_STORE_CTX_new() returns a newly initialised B<X509_STORE_CTX> structure.
+
+X509_STORE_CTX_cleanup() internally cleans up an B<X509_STORE_CTX> structure.
+The context can then be reused with an new call to X509_STORE_CTX_init().
+
+X509_STORE_CTX_free() completely frees up B<ctx>. After this call B<ctx>
+is no longer valid.
+
+X509_STORE_CTX_init() sets up B<ctx> for a subsequent verification operation.
+The trusted certificate store is set to B<store>, the end entity certificate
+to be verified is set to B<x509> and a set of additional certificates (which
+will be untrusted but may be used to build the chain) in B<chain>. Any or
+all of the B<store>, B<x509> and B<chain> parameters can be B<NULL>.
+
+X509_STORE_CTX_trusted_stack() sets the set of trusted certificates of B<ctx>
+to B<sk>. This is an alternative way of specifying trusted certificates 
+instead of using an B<X509_STORE>.
+
+X509_STORE_CTX_set_cert() sets the certificate to be vertified in B<ctx> to
+B<x>.
+
+X509_STORE_CTX_set_chain() sets the additional certificate chain used by B<ctx>
+to B<sk>.
+
+X509_STORE_CTX_set0_crls() sets a set of CRLs to use to aid certificate
+verification to B<sk>. These CRLs will only be used if CRL verification is
+enabled in the associated B<X509_VERIFY_PARAM> structure. This might be
+used where additional "useful" CRLs are supplied as part of a protocol,
+for example in a PKCS#7 structure.
+
+X509_VERIFY_PARAM *X509_STORE_CTX_get0_param() retrieves an intenal pointer
+to the verification parameters associated with B<ctx>.
+
+X509_STORE_CTX_set0_param() sets the intenal verification parameter pointer
+to B<param>. After this call B<param> should not be used.
+
+X509_STORE_CTX_set_default() looks up and sets the default verification
+method to B<name>. This uses the function X509_VERIFY_PARAM_lookup() to
+find an appropriate set of parameters from B<name>.
+
+=head1 NOTES
+
+The certificates and CRLs in a store are used internally and should B<not>
+be freed up until after the associated B<X509_STORE_CTX> is freed. Legacy
+applications might implicitly use an B<X509_STORE_CTX> like this:
+
+  X509_STORE_CTX ctx;
+  X509_STORE_CTX_init(&ctx, store, cert, chain);
+
+this is B<not> recommended in new applications they should instead do:
+
+  X509_STORE_CTX *ctx;
+  ctx = X509_STORE_CTX_new();
+  if (ctx == NULL)
+        /* Bad error */
+  X509_STORE_CTX_init(ctx, store, cert, chain);
+
+=head1 BUGS
+
+The certificates and CRLs in a context are used internally and should B<not>
+be freed up until after the associated B<X509_STORE_CTX> is freed. Copies
+should be made or reference counts increased instead.
+
+=head1 RETURN VALUES
+
+X509_STORE_CTX_new() returns an newly allocates context or B<NULL> is an
+error occurred.
+
+X509_STORE_CTX_init() returns 1 for success or 0 if an error occurred.
+
+X509_STORE_CTX_get0_param() returns a pointer to an B<X509_VERIFY_PARAM>
+structure or B<NULL> if an error occurred.
+
+X509_STORE_CTX_cleanup(), X509_STORE_CTX_free(), X509_STORE_CTX_trusted_stack(),
+X509_STORE_CTX_set_cert(), X509_STORE_CTX_set_chain(),
+X509_STORE_CTX_set0_crls() and X509_STORE_CTX_set0_param() do not return
+values.
+
+X509_STORE_CTX_set_default() returns 1 for success or 0 if an error occurred.
+
+=head1 SEE ALSO
+
+L<X509_verify_cert(3)|X509_verify_cert(3)>
+L<X509_VERIFY_PARAM_set_flags(3)|X509_VERIFY_PARAM_set_flags(3)>
+
+=head1 HISTORY
+
+X509_STORE_CTX_set0_crls() was first added to OpenSSL 1.0.0
+
+=cut
diff --git a/src/lib/libcrypto/doc/X509_STORE_CTX_set_verify_cb.pod b/src/lib/libcrypto/doc/X509_STORE_CTX_set_verify_cb.pod
new file mode 100644
index 0000000000..b9787a6ca6
--- /dev/null
+++ b/src/lib/libcrypto/doc/X509_STORE_CTX_set_verify_cb.pod
@@ -0,0 +1,161 @@
+=pod
+
+=head1 NAME
+
+X509_STORE_CTX_set_verify_cb - set verification callback
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509_vfy.h>
+
+ void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
+                                int (*verify_cb)(int ok, X509_STORE_CTX *ctx));
+
+=head1 DESCRIPTION
+
+X509_STORE_CTX_set_verify_cb() sets the verification callback of B<ctx> to
+B<verify_cb> overwriting any existing callback.
+
+The verification callback can be used to customise the operation of certificate
+verification, either by overriding error conditions or logging errors for
+debugging purposes.
+
+However a verification callback is B<not> essential and the default operation
+is often sufficient.
+
+The B<ok> parameter to the callback indicates the value the callback should
+return to retain the default behaviour. If it is zero then and error condition
+is indicated. If it is 1 then no error occurred. If the flag
+B<X509_V_FLAG_NOTIFY_POLICY> is set then B<ok> is set to 2 to indicate the
+policy checking is complete.
+
+The B<ctx> parameter to the callback is the B<X509_STORE_CTX> structure that
+is performing the verification operation. A callback can examine this
+structure and receive additional information about the error, for example
+by calling X509_STORE_CTX_get_current_cert(). Additional application data can
+be passed to the callback via the B<ex_data> mechanism.
+
+=head1 WARNING
+
+In general a verification callback should B<NOT> unconditionally return 1 in
+all circumstances because this will allow verification to succeed no matter
+what the error. This effectively removes all security from the application
+because B<any> certificate (including untrusted generated ones) will be
+accepted.
+
+=head1 NOTES
+
+The verification callback can be set and inherited from the parent structure
+performing the operation. In some cases (such as S/MIME verification) the
+B<X509_STORE_CTX> structure is created and destroyed internally and the
+only way to set a custom verification callback is by inheriting it from the
+associated B<X509_STORE>.
+
+=head1 RETURN VALUES
+
+X509_STORE_CTX_set_verify_cb() does not return a value.
+
+=head1 EXAMPLES
+
+Default callback operation:
+
+ int verify_callback(int ok, X509_STORE_CTX *ctx)
+        {
+        return ok;
+        }
+
+Simple example, suppose a certificate in the chain is expired and we wish
+to continue after this error:
+
+ int verify_callback(int ok, X509_STORE_CTX *ctx)
+        {
+        /* Tolerate certificate expiration */
+        if (X509_STORE_CTX_get_error(ctx) == X509_V_ERR_CERT_HAS_EXPIRED)
+                        return 1;
+        /* Otherwise don't override */
+        return ok;
+        }
+
+More complex example, we don't wish to continue after B<any> certificate has
+expired just one specific case:
+
+ int verify_callback(int ok, X509_STORE_CTX *ctx)
+        {
+        int err = X509_STORE_CTX_get_error(ctx);
+        X509 *err_cert = X509_STORE_CTX_get_current_cert(ctx);
+        if (err == X509_V_ERR_CERT_HAS_EXPIRED)
+                {
+                if (check_is_acceptable_expired_cert(err_cert)
+                        return 1;
+                }
+        return ok;
+        }
+
+Full featured logging callback. In this case the B<bio_err> is assumed to be
+a global logging B<BIO>, an alternative would to store a BIO in B<ctx> using
+B<ex_data>.
+        
+ int verify_callback(int ok, X509_STORE_CTX *ctx)
+        {
+        X509 *err_cert;
+        int err,depth;
+
+        err_cert = X509_STORE_CTX_get_current_cert(ctx);
+        err =   X509_STORE_CTX_get_error(ctx);
+        depth = X509_STORE_CTX_get_error_depth(ctx);
+
+        BIO_printf(bio_err,"depth=%d ",depth);
+        if (err_cert)
+                {
+                X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert),
+                                        0, XN_FLAG_ONELINE);
+                BIO_puts(bio_err, "\n");
+                }
+        else
+                BIO_puts(bio_err, "<no cert>\n");
+        if (!ok)
+                BIO_printf(bio_err,"verify error:num=%d:%s\n",err,
+                        X509_verify_cert_error_string(err));
+        switch (err)
+                {
+        case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
+                BIO_puts(bio_err,"issuer= ");
+                X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert),
+                                        0, XN_FLAG_ONELINE);
+                BIO_puts(bio_err, "\n");
+                break;
+        case X509_V_ERR_CERT_NOT_YET_VALID:
+        case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
+                BIO_printf(bio_err,"notBefore=");
+                ASN1_TIME_print(bio_err,X509_get_notBefore(err_cert));
+                BIO_printf(bio_err,"\n");
+                break;
+        case X509_V_ERR_CERT_HAS_EXPIRED:
+        case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
+                BIO_printf(bio_err,"notAfter=");
+                ASN1_TIME_print(bio_err,X509_get_notAfter(err_cert));
+                BIO_printf(bio_err,"\n");
+                break;
+        case X509_V_ERR_NO_EXPLICIT_POLICY:
+                policies_print(bio_err, ctx);
+                break;
+                }
+        if (err == X509_V_OK && ok == 2)
+                /* print out policies */
+
+        BIO_printf(bio_err,"verify return:%d\n",ok);
+        return(ok);
+        }
+
+=head1 SEE ALSO
+
+L<X509_STORE_CTX_get_error(3)|X509_STORE_CTX_get_error(3)>
+L<X509_STORE_set_verify_cb_func(3)|X509_STORE_set_verify_cb_func(3)>
+L<X509_STORE_CTX_get_ex_new_index(3)|X509_STORE_CTX_get_ex_new_index(3)>
+
+=head1 HISTORY
+
+X509_STORE_CTX_set_verify_cb() is available in all versions of SSLeay and
+OpenSSL.
+
+=cut
diff --git a/src/lib/libcrypto/doc/X509_STORE_set_verify_cb_func.pod b/src/lib/libcrypto/doc/X509_STORE_set_verify_cb_func.pod
new file mode 100644
index 0000000000..29e3bbe3bc
--- /dev/null
+++ b/src/lib/libcrypto/doc/X509_STORE_set_verify_cb_func.pod
@@ -0,0 +1,54 @@
+=pod
+
+=head1 NAME
+
+X509_STORE_set_verify_cb_func, X509_STORE_set_verify_cb - set verification callback
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509_vfy.h>
+
+ void X509_STORE_set_verify_cb(X509_STORE *st,
+                                int (*verify_cb)(int ok, X509_STORE_CTX *ctx));
+
+ void X509_STORE_set_verify_cb_func(X509_STORE *st,
+                                int (*verify_cb)(int ok, X509_STORE_CTX *ctx));
+
+=head1 DESCRIPTION
+
+X509_STORE_set_verify_cb() sets the verification callback of B<ctx> to
+B<verify_cb> overwriting any existing callback.
+
+X509_STORE_set_verify_cb_func() also sets the verification callback but it
+is implemented as a macro.
+
+=head1 NOTES
+
+The verification callback from an B<X509_STORE> is inherited by 
+the corresponding B<X509_STORE_CTX> structure when it is initialized. This can
+be used to set the verification callback when the B<X509_STORE_CTX> is 
+otherwise inaccessible (for example during S/MIME verification).
+
+=head1 BUGS
+
+The macro version of this function was the only one available before 
+OpenSSL 1.0.0.
+
+=head1 RETURN VALUES
+
+X509_STORE_set_verify_cb() and X509_STORE_set_verify_cb_func() do not return
+a value.
+
+=head1 SEE ALSO
+
+L<X509_STORE_CTX_set_verify_cb(3)|X509_STORE_CTX_set_verify_cb(3)>
+L<CMS_verify(3)|CMS_verify(3)>
+
+=head1 HISTORY
+
+X509_STORE_set_verify_cb_func() is available in all versions of SSLeay and
+OpenSSL.
+
+X509_STORE_set_verify_cb() was added to OpenSSL 1.0.0.
+
+=cut
diff --git a/src/lib/libcrypto/doc/X509_VERIFY_PARAM_set_flags.pod b/src/lib/libcrypto/doc/X509_VERIFY_PARAM_set_flags.pod
new file mode 100644
index 0000000000..b68eece033
--- /dev/null
+++ b/src/lib/libcrypto/doc/X509_VERIFY_PARAM_set_flags.pod
@@ -0,0 +1,171 @@
+=pod
+
+=head1 NAME
+
+X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, X509_VERIFY_PARAM_get_flags, X509_VERIFY_PARAM_set_purpose, X509_VERIFY_PARAM_set_trust, X509_VERIFY_PARAM_set_depth, X509_VERIFY_PARAM_get_depth, X509_VERIFY_PARAM_set_time, X509_VERIFY_PARAM_add0_policy, X509_VERIFY_PARAM_set1_policies - X509 verification parameters 
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509_vfy.h>
+
+ int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags);
+ int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param,
+                                                        unsigned long flags);
+ unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param);
+
+ int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose);
+ int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust);
+
+ void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t);
+
+ int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
+                                                ASN1_OBJECT *policy);
+ int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, 
+                                        STACK_OF(ASN1_OBJECT) *policies);
+
+ void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth);
+ int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param);
+
+=head1 DESCRIPTION
+
+These functions manipulate the B<X509_VERIFY_PARAM> structure associated with
+a certificate verification operation. 
+
+The X509_VERIFY_PARAM_set_flags() function sets the flags in B<param> by oring
+it with B<flags>. See the B<VERIFICATION FLAGS> section for a complete
+description of values the B<flags> parameter can take.
+
+X509_VERIFY_PARAM_get_flags() returns the flags in B<param>.
+
+X509_VERIFY_PARAM_clear_flags() clears the flags B<flags> in B<param>.
+
+X509_VERIFY_PARAM_set_purpose() sets the verification purpose in B<param>
+to B<purpose>. This determines the acceptable purpose of the certificate
+chain, for example SSL client or SSL server.
+
+X509_VERIFY_PARAM_set_trust() sets the trust setting in B<param> to 
+B<trust>.
+
+X509_VERIFY_PARAM_set_time() sets the verification time in B<param> to
+B<t>. Normally the current time is used.
+
+X509_VERIFY_PARAM_add0_policy() enables policy checking (it is disabled
+by default) and adds B<policy> to the acceptable policy set.
+
+X509_VERIFY_PARAM_set1_policies() enables policy checking (it is disabled
+by default) and sets the acceptable policy set to B<policies>. Any existing
+policy set is cleared. The B<policies> parameter can be B<NULL> to clear
+an existing policy set.
+
+X509_VERIFY_PARAM_set_depth() sets the maximum verification depth to B<depth>.
+That is the maximum number of untrusted CA certificates that can appear in a
+chain.
+
+=head1 RETURN VALUES
+
+X509_VERIFY_PARAM_set_flags(), X509_VERIFY_PARAM_clear_flags(), 
+X509_VERIFY_PARAM_set_purpose(), X509_VERIFY_PARAM_set_trust(),
+X509_VERIFY_PARAM_add0_policy() and X509_VERIFY_PARAM_set1_policies() return 1
+for success and 0 for failure. 
+
+X509_VERIFY_PARAM_get_flags() returns the current verification flags.
+
+X509_VERIFY_PARAM_set_time() and X509_VERIFY_PARAM_set_depth() do not return
+values.
+
+X509_VERIFY_PARAM_get_depth() returns the current verification depth.
+
+=head1 VERIFICATION FLAGS
+
+The verification flags consists of zero or more of the following flags
+ored together.
+
+B<X509_V_FLAG_CRL_CHECK> enables CRL checking for the certificate chain leaf
+certificate. An error occurs if a suitable CRL cannot be found. 
+
+B<X509_V_FLAG_CRL_CHECK_ALL> enables CRL checking for the entire certificate
+chain.
+
+B<X509_V_FLAG_IGNORE_CRITICAL> disabled critical extension checking. By default
+any unhandled critical extensions in certificates or (if checked) CRLs results
+in a fatal error. If this flag is set unhandled critical extensions are
+ignored. B<WARNING> setting this option for anything other than debugging
+purposes can be a security risk. Finer control over which extensions are
+supported can be performed in the verification callback.
+
+THe B<X509_V_FLAG_X509_STRICT> flag disables workarounds for some broken
+certificates and makes the verification strictly apply B<X509> rules.
+
+B<X509_V_FLAG_ALLOW_PROXY_CERTS> enables proxy certificate verification.
+
+B<X509_V_FLAG_POLICY_CHECK> enables certificate policy checking, by default
+no policy checking is peformed. Additional information is sent to the 
+verification callback relating to policy checking.
+
+B<X509_V_FLAG_EXPLICIT_POLICY>, B<X509_V_FLAG_INHIBIT_ANY> and
+B<X509_V_FLAG_INHIBIT_MAP> set the B<require explicit policy>, B<inhibit any
+policy> and B<inhibit policy mapping> flags respectively as defined in
+B<RFC3280>. Policy checking is automatically enabled if any of these flags
+are set.
+
+If B<X509_V_FLAG_NOTIFY_POLICY> is set and the policy checking is successful
+a special status code is set to the verification callback. This permits it
+to examine the valid policy tree and perform additional checks or simply
+log it for debugging purposes.
+
+By default some addtional features such as indirect CRLs and CRLs signed by
+different keys are disabled. If B<X509_V_FLAG_EXTENDED_CRL_SUPPORT> is set
+they are enabled.
+
+If B<X509_V_FLAG_USE_DELTAS> ise set delta CRLs (if present) are used to
+determine certificate status. If not set deltas are ignored.
+
+B<X509_V_FLAG_CHECK_SS_SIGNATURE> enables checking of the root CA self signed
+cerificate signature. By default this check is disabled because it doesn't
+add any additional security but in some cases applications might want to
+check the signature anyway. A side effect of not checking the root CA
+signature is that disabled or unsupported message digests on the root CA
+are not treated as fatal errors.
+
+The B<X509_V_FLAG_CB_ISSUER_CHECK> flag enables debugging of certificate
+issuer checks. It is B<not> needed unless you are logging certificate
+verification. If this flag is set then additional status codes will be sent
+to the verification callback and it B<must> be prepared to handle such cases
+without assuming they are hard errors.
+
+=head1 NOTES
+
+The above functions should be used to manipulate verification parameters
+instead of legacy functions which work in specific structures such as
+X509_STORE_CTX_set_flags().
+
+=head1 BUGS
+
+Delta CRL checking is currently primitive. Only a single delta can be used and
+(partly due to limitations of B<X509_STORE>) constructed CRLs are not 
+maintained.
+
+If CRLs checking is enable CRLs are expected to be available in the
+corresponding B<X509_STORE> structure. No attempt is made to download
+CRLs from the CRL distribution points extension.
+
+=head1 EXAMPLE
+
+Enable CRL checking when performing certificate verification during SSL 
+connections associated with an B<SSL_CTX> structure B<ctx>:
+
+  X509_VERIFY_PARAM *param;
+  param = X509_VERIFY_PARAM_new();
+  X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);
+  SSL_CTX_set1_param(ctx, param);
+  X509_VERIFY_PARAM_free(param);
+
+=head1 SEE ALSO
+
+L<X509_verify_cert(3)|X509_verify_cert(3)>
+
+=head1 HISTORY
+
+TBA
+
+=cut
diff --git a/src/lib/libcrypto/doc/X509_new.pod b/src/lib/libcrypto/doc/X509_new.pod
index fd5fc65ce1..d38872335f 100644
--- a/src/lib/libcrypto/doc/X509_new.pod
+++ b/src/lib/libcrypto/doc/X509_new.pod
@@ -6,6 +6,8 @@ X509_new, X509_free - X509 certificate ASN1 allocation functions
 
 =head1 SYNOPSIS
 
+ #include <openssl/x509.h>
+
  X509 *X509_new(void);
  void X509_free(X509 *a);
 
diff --git a/src/lib/libcrypto/doc/X509_verify_cert.pod b/src/lib/libcrypto/doc/X509_verify_cert.pod
new file mode 100644
index 0000000000..5253bdcd70
--- /dev/null
+++ b/src/lib/libcrypto/doc/X509_verify_cert.pod
@@ -0,0 +1,53 @@
+=pod
+
+=head1 NAME
+
+X509_verify_cert - discover and verify X509 certificte chain
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509.h>
+
+ int X509_verify_cert(X509_STORE_CTX *ctx);
+
+=head1 DESCRIPTION
+
+The X509_verify_cert() function attempts to discover and validate a
+certificate chain based on parameters in B<ctx>. A complete description of
+the process is contained in the L<verify(1)|verify(1)> manual page.
+
+=head1 RETURN VALUES
+
+If a complete chain can be built and validated this function returns 1,
+otherwise it return zero, in exceptional circumstances it can also
+return a negative code.
+
+If the function fails additional error information can be obtained by
+examining B<ctx> using, for example X509_STORE_CTX_get_error().
+
+=head1 NOTES
+
+Applications rarely call this function directly but it is used by
+OpenSSL internally for certificate validation, in both the S/MIME and
+SSL/TLS code.
+
+The negative return value from X509_verify_cert() can only occur if no
+certificate is set in B<ctx> (due to a programming error) or if a retry
+operation is requested during internal lookups (which never happens with
+standard lookup methods). It is however recommended that application check
+for <= 0 return value on error.
+
+=head1 BUGS
+
+This function uses the header B<x509.h> as opposed to most chain verification
+functiosn which use B<x509_vfy.h>.
+
+=head1 SEE ALSO
+
+L<X509_STORE_CTX_get_error(3)|X509_STORE_CTX_get_error(3)>
+
+=head1 HISTORY
+
+X509_verify_cert() is available in all versions of SSLeay and OpenSSL.
+
+=cut
diff --git a/src/lib/libcrypto/doc/d2i_X509.pod b/src/lib/libcrypto/doc/d2i_X509.pod
index 5bfa18afbb..298ec54a4c 100644
--- a/src/lib/libcrypto/doc/d2i_X509.pod
+++ b/src/lib/libcrypto/doc/d2i_X509.pod
@@ -15,8 +15,8 @@ i2d_X509_fp - X509 encode and decode functions
  X509 *d2i_X509_bio(BIO *bp, X509 **x);
  X509 *d2i_X509_fp(FILE *fp, X509 **x);
 
- int i2d_X509_bio(X509 *x, BIO *bp);
- int i2d_X509_fp(X509 *x, FILE *fp);
+ int i2d_X509_bio(BIO *bp, X509 *x);
+ int i2d_X509_fp(FILE *fp, X509 *x);
 
 =head1 DESCRIPTION
 
@@ -212,11 +212,11 @@ d2i_X509(), d2i_X509_bio() and d2i_X509_fp() return a valid B<X509> structure
 or B<NULL> if an error occurs. The error code that can be obtained by
 L<ERR_get_error(3)|ERR_get_error(3)>. 
 
-i2d_X509(), i2d_X509_bio() and i2d_X509_fp() return a the number of bytes
-successfully encoded or a negative value if an error occurs. The error code
-can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. 
+i2d_X509() returns the number of bytes successfully encoded or a negative
+value if an error occurs. The error code can be obtained by
+L<ERR_get_error(3)|ERR_get_error(3)>. 
 
-i2d_X509_bio() and i2d_X509_fp() returns 1 for success and 0 if an error 
+i2d_X509_bio() and i2d_X509_fp() return 1 for success and 0 if an error 
 occurs The error code can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. 
 
 =head1 SEE ALSO
diff --git a/src/lib/libcrypto/doc/d2i_X509_CRL.pod b/src/lib/libcrypto/doc/d2i_X509_CRL.pod
index e7295a5d61..224f9e082b 100644
--- a/src/lib/libcrypto/doc/d2i_X509_CRL.pod
+++ b/src/lib/libcrypto/doc/d2i_X509_CRL.pod
@@ -15,8 +15,8 @@ i2d_X509_CRL_bio, i2d_X509_CRL_fp - PKCS#10 certificate request functions.
  X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **x);
  X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **x);
 
- int i2d_X509_CRL_bio(X509_CRL *x, BIO *bp);
- int i2d_X509_CRL_fp(X509_CRL *x, FILE *fp);
+ int i2d_X509_CRL_bio(BIO *bp, X509_CRL *x);
+ int i2d_X509_CRL_fp(FILE *fp, X509_CRL *x);
 
 =head1 DESCRIPTION
 
diff --git a/src/lib/libcrypto/doc/d2i_X509_REQ.pod b/src/lib/libcrypto/doc/d2i_X509_REQ.pod
index ae32a3891d..91c0c1974b 100644
--- a/src/lib/libcrypto/doc/d2i_X509_REQ.pod
+++ b/src/lib/libcrypto/doc/d2i_X509_REQ.pod
@@ -15,8 +15,8 @@ i2d_X509_REQ_bio, i2d_X509_REQ_fp - PKCS#10 certificate request functions.
  X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **x);
  X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **x);
 
- int i2d_X509_REQ_bio(X509_REQ *x, BIO *bp);
- int i2d_X509_REQ_fp(X509_REQ *x, FILE *fp);
+ int i2d_X509_REQ_bio(BIO *bp, X509_REQ *x);
+ int i2d_X509_REQ_fp(FILE *fp, X509_REQ *x);
 
 =head1 DESCRIPTION
 
diff --git a/src/lib/libcrypto/doc/i2d_CMS_bio_stream.pod b/src/lib/libcrypto/doc/i2d_CMS_bio_stream.pod
new file mode 100644
index 0000000000..558bdd0812
--- /dev/null
+++ b/src/lib/libcrypto/doc/i2d_CMS_bio_stream.pod
@@ -0,0 +1,44 @@
+=pod
+
+=head1 NAME
+
+ i2d_CMS_bio_stream - output CMS_ContentInfo structure in BER format.
+
+=head1 SYNOPSIS
+
+ #include <openssl/cms.h>
+
+ int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags);
+
+=head1 DESCRIPTION
+
+i2d_CMS_bio_stream() outputs a CMS_ContentInfo structure in BER format.
+
+It is otherwise identical to the function SMIME_write_CMS().
+
+=head1 NOTES
+
+This function is effectively a version of the i2d_CMS_bio() supporting
+streaming.
+
+=head1 BUGS
+
+The prefix "i2d" is arguably wrong because the function outputs BER format.
+
+=head1 RETURN VALUES
+
+i2d_CMS_bio_stream() returns 1 for success or 0 for failure.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>, L<CMS_sign(3)|CMS_sign(3)>,
+L<CMS_verify(3)|CMS_verify(3)>, L<CMS_encrypt(3)|CMS_encrypt(3)>
+L<CMS_decrypt(3)|CMS_decrypt(3)>,
+L<SMIME_write_CMS(3)|SMIME_write_CMS(3)>,
+L<PEM_write_bio_CMS_stream(3)|PEM_write_bio_CMS_stream(3)>
+
+=head1 HISTORY
+
+i2d_CMS_bio_stream() was added to OpenSSL 1.0.0
+
+=cut
diff --git a/src/lib/libcrypto/doc/i2d_PKCS7_bio_stream.pod b/src/lib/libcrypto/doc/i2d_PKCS7_bio_stream.pod
new file mode 100644
index 0000000000..dc4d884c59
--- /dev/null
+++ b/src/lib/libcrypto/doc/i2d_PKCS7_bio_stream.pod
@@ -0,0 +1,44 @@
+=pod
+
+=head1 NAME
+
+i2d_PKCS7_bio_stream - output PKCS7 structure in BER format.
+
+=head1 SYNOPSIS
+
+ #include <openssl/pkcs7.h>
+
+ int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *data, int flags);
+
+=head1 DESCRIPTION
+
+i2d_PKCS7_bio_stream() outputs a PKCS7 structure in BER format.
+
+It is otherwise identical to the function SMIME_write_PKCS7().
+
+=head1 NOTES
+
+This function is effectively a version of the d2i_PKCS7_bio() supporting
+streaming.
+
+=head1 BUGS
+
+The prefix "d2i" is arguably wrong because the function outputs BER format.
+
+=head1 RETURN VALUES
+
+i2d_PKCS7_bio_stream() returns 1 for success or 0 for failure.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_sign(3)|PKCS7_sign(3)>,
+L<PKCS7_verify(3)|PKCS7_verify(3)>, L<PKCS7_encrypt(3)|PKCS7_encrypt(3)>
+L<PKCS7_decrypt(3)|PKCS7_decrypt(3)>,
+L<SMIME_write_PKCS7(3)|SMIME_write_PKCS7(3)>,
+L<PEM_write_bio_PKCS7_stream(3)|PEM_write_bio_PKCS7_stream(3)>
+
+=head1 HISTORY
+
+i2d_PKCS7_bio_stream() was added to OpenSSL 1.0.0
+
+=cut
diff --git a/src/lib/libcrypto/dsa/dsa_ameth.c b/src/lib/libcrypto/dsa/dsa_ameth.c
new file mode 100644
index 0000000000..6413aae46e
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_ameth.c
@@ -0,0 +1,657 @@
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2006.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include <openssl/dsa.h>
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_CMS
+#include <openssl/cms.h>
+#endif
+#include "asn1_locl.h"
+
+static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
+        {
+        const unsigned char *p, *pm;
+        int pklen, pmlen;
+        int ptype;
+        void *pval;
+        ASN1_STRING *pstr;
+        X509_ALGOR *palg;
+        ASN1_INTEGER *public_key = NULL;
+
+        DSA *dsa = NULL;
+
+        if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
+                return 0;
+        X509_ALGOR_get0(NULL, &ptype, &pval, palg);
+
+
+        if (ptype == V_ASN1_SEQUENCE)
+                {
+                pstr = pval;    
+                pm = pstr->data;
+                pmlen = pstr->length;
+
+                if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen)))
+                        {
+                        DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR);
+                        goto err;
+                        }
+
+                }
+        else if ((ptype == V_ASN1_NULL) || (ptype == V_ASN1_UNDEF))
+                {
+                if (!(dsa = DSA_new()))
+                        {
+                        DSAerr(DSA_F_DSA_PUB_DECODE, ERR_R_MALLOC_FAILURE);
+                        goto err;
+                        }
+                }
+        else
+                {
+                DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_PARAMETER_ENCODING_ERROR);
+                goto err;
+                }
+
+        if (!(public_key=d2i_ASN1_INTEGER(NULL, &p, pklen)))
+                {
+                DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR);
+                goto err;
+                }
+
+        if (!(dsa->pub_key = ASN1_INTEGER_to_BN(public_key, NULL)))
+                {
+                DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_BN_DECODE_ERROR);
+                goto err;
+                }
+
+        ASN1_INTEGER_free(public_key);
+        EVP_PKEY_assign_DSA(pkey, dsa);
+        return 1;
+
+        err:
+        if (public_key)
+                ASN1_INTEGER_free(public_key);
+        if (dsa)
+                DSA_free(dsa);
+        return 0;
+
+        }
+
+static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
+        {
+        DSA *dsa;
+        void *pval = NULL;
+        int ptype;
+        unsigned char *penc = NULL;
+        int penclen;
+
+        dsa=pkey->pkey.dsa;
+        if (pkey->save_parameters && dsa->p && dsa->q && dsa->g)
+                {
+                ASN1_STRING *str;
+                str = ASN1_STRING_new();
+                str->length = i2d_DSAparams(dsa, &str->data);
+                if (str->length <= 0)
+                        {
+                        DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
+                        goto err;
+                        }
+                pval = str;
+                ptype = V_ASN1_SEQUENCE;
+                }
+        else
+                ptype = V_ASN1_UNDEF;
+
+        dsa->write_params=0;
+
+        penclen = i2d_DSAPublicKey(dsa, &penc);
+
+        if (penclen <= 0)
+                {
+                DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+
+        if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DSA),
+                                ptype, pval, penc, penclen))
+                return 1;
+
+        err:
+        if (penc)
+                OPENSSL_free(penc);
+        if (pval)
+                ASN1_STRING_free(pval);
+
+        return 0;
+        }
+
+/* In PKCS#8 DSA: you just get a private key integer and parameters in the
+ * AlgorithmIdentifier the pubkey must be recalculated.
+ */
+        
+static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
+        {
+        const unsigned char *p, *pm;
+        int pklen, pmlen;
+        int ptype;
+        void *pval;
+        ASN1_STRING *pstr;
+        X509_ALGOR *palg;
+        ASN1_INTEGER *privkey = NULL;
+        BN_CTX *ctx = NULL;
+
+        STACK_OF(ASN1_TYPE) *ndsa = NULL;
+        DSA *dsa = NULL;
+
+        if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
+                return 0;
+        X509_ALGOR_get0(NULL, &ptype, &pval, palg);
+
+        /* Check for broken DSA PKCS#8, UGH! */
+        if (*p == (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED))
+                {
+                ASN1_TYPE *t1, *t2;
+                if(!(ndsa = d2i_ASN1_SEQUENCE_ANY(NULL, &p, pklen)))
+                        goto decerr;
+                if (sk_ASN1_TYPE_num(ndsa) != 2)
+                        goto decerr;
+                /* Handle Two broken types:
+                 * SEQUENCE {parameters, priv_key}
+                 * SEQUENCE {pub_key, priv_key}
+                 */
+
+                t1 = sk_ASN1_TYPE_value(ndsa, 0);
+                t2 = sk_ASN1_TYPE_value(ndsa, 1);
+                if (t1->type == V_ASN1_SEQUENCE)
+                        {
+                        p8->broken = PKCS8_EMBEDDED_PARAM;
+                        pval = t1->value.ptr;
+                        }
+                else if (ptype == V_ASN1_SEQUENCE)
+                        p8->broken = PKCS8_NS_DB;
+                else
+                        goto decerr;
+
+                if (t2->type != V_ASN1_INTEGER)
+                        goto decerr;
+
+                privkey = t2->value.integer;
+                }
+        else
+                {
+                const unsigned char *q = p;
+                if (!(privkey=d2i_ASN1_INTEGER(NULL, &p, pklen)))
+                        goto decerr;
+                if (privkey->type == V_ASN1_NEG_INTEGER)
+                        {
+                        p8->broken = PKCS8_NEG_PRIVKEY;
+                        ASN1_INTEGER_free(privkey);
+                        if (!(privkey=d2i_ASN1_UINTEGER(NULL, &q, pklen)))
+                                goto decerr;
+                        }
+                if (ptype != V_ASN1_SEQUENCE)
+                        goto decerr;
+                }
+
+        pstr = pval;    
+        pm = pstr->data;
+        pmlen = pstr->length;
+        if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen)))
+                goto decerr;
+        /* We have parameters now set private key */
+        if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL)))
+                {
+                DSAerr(DSA_F_DSA_PRIV_DECODE,DSA_R_BN_ERROR);
+                goto dsaerr;
+                }
+        /* Calculate public key */
+        if (!(dsa->pub_key = BN_new()))
+                {
+                DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE);
+                goto dsaerr;
+                }
+        if (!(ctx = BN_CTX_new()))
+                {
+                DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE);
+                goto dsaerr;
+                }
+                        
+        if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx))
+                {
+                DSAerr(DSA_F_DSA_PRIV_DECODE,DSA_R_BN_ERROR);
+                goto dsaerr;
+                }
+
+        EVP_PKEY_assign_DSA(pkey, dsa);
+        BN_CTX_free (ctx);
+        if(ndsa)
+                sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
+        else
+                ASN1_INTEGER_free(privkey);
+
+        return 1;
+
+        decerr:
+        DSAerr(DSA_F_DSA_PRIV_DECODE, EVP_R_DECODE_ERROR);
+        dsaerr:
+        BN_CTX_free (ctx);
+        if (privkey)
+                ASN1_INTEGER_free(privkey);
+        sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
+        DSA_free(dsa);
+        return 0;
+        }
+
+static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
+{
+        ASN1_STRING *params = NULL;
+        ASN1_INTEGER *prkey = NULL;
+        unsigned char *dp = NULL;
+        int dplen;
+
+        params = ASN1_STRING_new();
+
+        if (!params)
+                {
+                DSAerr(DSA_F_DSA_PRIV_ENCODE,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+
+        params->length = i2d_DSAparams(pkey->pkey.dsa, &params->data);
+        if (params->length <= 0)
+                {
+                DSAerr(DSA_F_DSA_PRIV_ENCODE,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        params->type = V_ASN1_SEQUENCE;
+
+        /* Get private key into integer */
+        prkey = BN_to_ASN1_INTEGER(pkey->pkey.dsa->priv_key, NULL);
+
+        if (!prkey)
+                {
+                DSAerr(DSA_F_DSA_PRIV_ENCODE,DSA_R_BN_ERROR);
+                goto err;
+                }
+
+        dplen = i2d_ASN1_INTEGER(prkey, &dp);
+
+        ASN1_INTEGER_free(prkey);
+
+        if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dsa), 0,
+                                V_ASN1_SEQUENCE, params, dp, dplen))
+                goto err;
+
+        return 1;
+
+err:
+        if (dp != NULL)
+                OPENSSL_free(dp);
+        if (params != NULL)
+                ASN1_STRING_free(params);
+        if (prkey != NULL)
+                ASN1_INTEGER_free(prkey);
+        return 0;
+}
+
+static int int_dsa_size(const EVP_PKEY *pkey)
+        {
+        return(DSA_size(pkey->pkey.dsa));
+        }
+
+static int dsa_bits(const EVP_PKEY *pkey)
+        {
+        return BN_num_bits(pkey->pkey.dsa->p);
+        }
+
+static int dsa_missing_parameters(const EVP_PKEY *pkey)
+        {
+        DSA *dsa;
+        dsa=pkey->pkey.dsa;
+        if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
+                        return 1;
+        return 0;
+        }
+
+static int dsa_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
+        {
+        BIGNUM *a;
+
+        if ((a=BN_dup(from->pkey.dsa->p)) == NULL)
+                return 0;
+        if (to->pkey.dsa->p != NULL)
+                BN_free(to->pkey.dsa->p);
+        to->pkey.dsa->p=a;
+
+        if ((a=BN_dup(from->pkey.dsa->q)) == NULL)
+                return 0;
+        if (to->pkey.dsa->q != NULL)
+                BN_free(to->pkey.dsa->q);
+        to->pkey.dsa->q=a;
+
+        if ((a=BN_dup(from->pkey.dsa->g)) == NULL)
+                return 0;
+        if (to->pkey.dsa->g != NULL)
+                BN_free(to->pkey.dsa->g);
+        to->pkey.dsa->g=a;
+        return 1;
+        }
+
+static int dsa_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
+        {
+        if (    BN_cmp(a->pkey.dsa->p,b->pkey.dsa->p) ||
+                BN_cmp(a->pkey.dsa->q,b->pkey.dsa->q) ||
+                BN_cmp(a->pkey.dsa->g,b->pkey.dsa->g))
+                return 0;
+        else
+                return 1;
+        }
+
+static int dsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
+        {
+        if (BN_cmp(b->pkey.dsa->pub_key,a->pkey.dsa->pub_key) != 0)
+                return 0;
+        else
+                return 1;
+        }
+
+static void int_dsa_free(EVP_PKEY *pkey)
+        {
+        DSA_free(pkey->pkey.dsa);
+        }
+
+static void update_buflen(const BIGNUM *b, size_t *pbuflen)
+        {
+        size_t i;
+        if (!b)
+                return;
+        if (*pbuflen < (i = (size_t)BN_num_bytes(b)))
+                        *pbuflen = i;
+        }
+
+static int do_dsa_print(BIO *bp, const DSA *x, int off, int ptype)
+        {
+        unsigned char *m=NULL;
+        int ret=0;
+        size_t buf_len=0;
+        const char *ktype = NULL;
+
+        const BIGNUM *priv_key, *pub_key;
+
+        if (ptype == 2)
+                priv_key = x->priv_key;
+        else
+                priv_key = NULL;
+
+        if (ptype > 0)
+                pub_key = x->pub_key;
+        else
+                pub_key = NULL;
+
+        if (ptype == 2)
+                ktype = "Private-Key";
+        else if (ptype == 1)
+                ktype = "Public-Key";
+        else
+                ktype = "DSA-Parameters";
+
+        update_buflen(x->p, &buf_len);
+        update_buflen(x->q, &buf_len);
+        update_buflen(x->g, &buf_len);
+        update_buflen(priv_key, &buf_len);
+        update_buflen(pub_key, &buf_len);
+
+        m=(unsigned char *)OPENSSL_malloc(buf_len+10);
+        if (m == NULL)
+                {
+                DSAerr(DSA_F_DO_DSA_PRINT,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+
+        if (priv_key)
+                {
+                if(!BIO_indent(bp,off,128))
+                   goto err;
+                if (BIO_printf(bp,"%s: (%d bit)\n",ktype, BN_num_bits(x->p))
+                        <= 0) goto err;
+                }
+
+        if (!ASN1_bn_print(bp,"priv:",priv_key,m,off))
+                goto err;
+        if (!ASN1_bn_print(bp,"pub: ",pub_key,m,off))
+                goto err;
+        if (!ASN1_bn_print(bp,"P:   ",x->p,m,off)) goto err;
+        if (!ASN1_bn_print(bp,"Q:   ",x->q,m,off)) goto err;
+        if (!ASN1_bn_print(bp,"G:   ",x->g,m,off)) goto err;
+        ret=1;
+err:
+        if (m != NULL) OPENSSL_free(m);
+        return(ret);
+        }
+
+static int dsa_param_decode(EVP_PKEY *pkey,
+                                        const unsigned char **pder, int derlen)
+        {
+        DSA *dsa;
+        if (!(dsa = d2i_DSAparams(NULL, pder, derlen)))
+                {
+                DSAerr(DSA_F_DSA_PARAM_DECODE, ERR_R_DSA_LIB);
+                return 0;
+                }
+        EVP_PKEY_assign_DSA(pkey, dsa);
+        return 1;
+        }
+
+static int dsa_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
+        {
+        return i2d_DSAparams(pkey->pkey.dsa, pder);
+        }
+
+static int dsa_param_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                                                        ASN1_PCTX *ctx)
+        {
+        return do_dsa_print(bp, pkey->pkey.dsa, indent, 0);
+        }
+
+static int dsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                                                        ASN1_PCTX *ctx)
+        {
+        return do_dsa_print(bp, pkey->pkey.dsa, indent, 1);
+        }
+
+
+static int dsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                                                        ASN1_PCTX *ctx)
+        {
+        return do_dsa_print(bp, pkey->pkey.dsa, indent, 2);
+        }
+
+static int old_dsa_priv_decode(EVP_PKEY *pkey,
+                                        const unsigned char **pder, int derlen)
+        {
+        DSA *dsa;
+        if (!(dsa = d2i_DSAPrivateKey (NULL, pder, derlen)))
+                {
+                DSAerr(DSA_F_OLD_DSA_PRIV_DECODE, ERR_R_DSA_LIB);
+                return 0;
+                }
+        EVP_PKEY_assign_DSA(pkey, dsa);
+        return 1;
+        }
+
+static int old_dsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder)
+        {
+        return i2d_DSAPrivateKey(pkey->pkey.dsa, pder);
+        }
+
+static int dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
+        {
+        switch (op)
+                {
+                case ASN1_PKEY_CTRL_PKCS7_SIGN:
+                if (arg1 == 0)
+                        {
+                        int snid, hnid;
+                        X509_ALGOR *alg1, *alg2;
+                        PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, &alg1, &alg2);
+                        if (alg1 == NULL || alg1->algorithm == NULL)
+                                return -1;
+                        hnid = OBJ_obj2nid(alg1->algorithm);
+                        if (hnid == NID_undef)
+                                return -1;
+                        if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
+                                return -1; 
+                        X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
+                        }
+                return 1;
+#ifndef OPENSSL_NO_CMS
+                case ASN1_PKEY_CTRL_CMS_SIGN:
+                if (arg1 == 0)
+                        {
+                        int snid, hnid;
+                        X509_ALGOR *alg1, *alg2;
+                        CMS_SignerInfo_get0_algs(arg2, NULL, NULL, &alg1, &alg2);
+                        if (alg1 == NULL || alg1->algorithm == NULL)
+                                return -1;
+                        hnid = OBJ_obj2nid(alg1->algorithm);
+                        if (hnid == NID_undef)
+                                return -1;
+                        if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
+                                return -1; 
+                        X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
+                        }
+                return 1;
+#endif
+
+                case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
+                *(int *)arg2 = NID_sha1;
+                return 2;
+
+                default:
+                return -2;
+
+                }
+
+        }
+
+/* NB these are sorted in pkey_id order, lowest first */
+
+const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[] = 
+        {
+
+                {
+                EVP_PKEY_DSA2,
+                EVP_PKEY_DSA,
+                ASN1_PKEY_ALIAS
+                },
+
+                {
+                EVP_PKEY_DSA1,
+                EVP_PKEY_DSA,
+                ASN1_PKEY_ALIAS
+                },
+
+                {
+                EVP_PKEY_DSA4,
+                EVP_PKEY_DSA,
+                ASN1_PKEY_ALIAS
+                },
+
+                {
+                EVP_PKEY_DSA3,
+                EVP_PKEY_DSA,
+                ASN1_PKEY_ALIAS
+                },
+
+                {
+                EVP_PKEY_DSA,
+                EVP_PKEY_DSA,
+                0,
+
+                "DSA",
+                "OpenSSL DSA method",
+
+                dsa_pub_decode,
+                dsa_pub_encode,
+                dsa_pub_cmp,
+                dsa_pub_print,
+
+                dsa_priv_decode,
+                dsa_priv_encode,
+                dsa_priv_print,
+
+                int_dsa_size,
+                dsa_bits,
+
+                dsa_param_decode,
+                dsa_param_encode,
+                dsa_missing_parameters,
+                dsa_copy_parameters,
+                dsa_cmp_parameters,
+                dsa_param_print,
+
+                int_dsa_free,
+                dsa_pkey_ctrl,
+                old_dsa_priv_decode,
+                old_dsa_priv_encode
+                }
+        };
+
diff --git a/src/lib/libcrypto/dsa/dsa_locl.h b/src/lib/libcrypto/dsa/dsa_locl.h
new file mode 100644
index 0000000000..2b8cfee3db
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_locl.h
@@ -0,0 +1,59 @@
+/* ====================================================================
+ * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/dsa.h>
+
+int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
+        const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
+        int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
diff --git a/src/lib/libcrypto/dsa/dsa_pmeth.c b/src/lib/libcrypto/dsa/dsa_pmeth.c
new file mode 100644
index 0000000000..4ce91e20c6
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_pmeth.c
@@ -0,0 +1,315 @@
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2006.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+#include "evp_locl.h"
+#include "dsa_locl.h"
+
+/* DSA pkey context structure */
+
+typedef struct
+        {
+        /* Parameter gen parameters */
+        int nbits;              /* size of p in bits (default: 1024) */
+        int qbits;              /* size of q in bits (default: 160)  */
+        const EVP_MD *pmd;      /* MD for parameter generation */
+        /* Keygen callback info */
+        int gentmp[2];
+        /* message digest */
+        const EVP_MD *md;       /* MD for the signature */
+        } DSA_PKEY_CTX;
+
+static int pkey_dsa_init(EVP_PKEY_CTX *ctx)
+        {
+        DSA_PKEY_CTX *dctx;
+        dctx = OPENSSL_malloc(sizeof(DSA_PKEY_CTX));
+        if (!dctx)
+                return 0;
+        dctx->nbits = 1024;
+        dctx->qbits = 160;
+        dctx->pmd = NULL;
+        dctx->md = NULL;
+
+        ctx->data = dctx;
+        ctx->keygen_info = dctx->gentmp;
+        ctx->keygen_info_count = 2;
+        
+        return 1;
+        }
+
+static int pkey_dsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
+        {
+        DSA_PKEY_CTX *dctx, *sctx;
+        if (!pkey_dsa_init(dst))
+                return 0;
+        sctx = src->data;
+        dctx = dst->data;
+        dctx->nbits = sctx->nbits;
+        dctx->qbits = sctx->qbits;
+        dctx->pmd = sctx->pmd;
+        dctx->md  = sctx->md;
+        return 1;
+        }
+
+static void pkey_dsa_cleanup(EVP_PKEY_CTX *ctx)
+        {
+        DSA_PKEY_CTX *dctx = ctx->data;
+        if (dctx)
+                OPENSSL_free(dctx);
+        }
+
+static int pkey_dsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+                                        const unsigned char *tbs, size_t tbslen)
+        {
+        int ret, type;
+        unsigned int sltmp;
+        DSA_PKEY_CTX *dctx = ctx->data;
+        DSA *dsa = ctx->pkey->pkey.dsa;
+
+        if (dctx->md)
+                type = EVP_MD_type(dctx->md);
+        else
+                type = NID_sha1;
+
+        ret = DSA_sign(type, tbs, tbslen, sig, &sltmp, dsa);
+
+        if (ret <= 0)
+                return ret;
+        *siglen = sltmp;
+        return 1;
+        }
+
+static int pkey_dsa_verify(EVP_PKEY_CTX *ctx,
+                                        const unsigned char *sig, size_t siglen,
+                                        const unsigned char *tbs, size_t tbslen)
+        {
+        int ret, type;
+        DSA_PKEY_CTX *dctx = ctx->data;
+        DSA *dsa = ctx->pkey->pkey.dsa;
+
+        if (dctx->md)
+                type = EVP_MD_type(dctx->md);
+        else
+                type = NID_sha1;
+
+        ret = DSA_verify(type, tbs, tbslen, sig, siglen, dsa);
+
+        return ret;
+        }
+
+static int pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+        {
+        DSA_PKEY_CTX *dctx = ctx->data;
+        switch (type)
+                {
+                case EVP_PKEY_CTRL_DSA_PARAMGEN_BITS:
+                if (p1 < 256)
+                        return -2;
+                dctx->nbits = p1;
+                return 1;
+
+                case EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS:
+                if (p1 != 160 && p1 != 224 && p1 && p1 != 256)
+                        return -2;
+                dctx->qbits = p1;
+                return 1;
+
+                case EVP_PKEY_CTRL_DSA_PARAMGEN_MD:
+                if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1   &&
+                    EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
+                    EVP_MD_type((const EVP_MD *)p2) != NID_sha256)
+                        {
+                        DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE);
+                        return 0;
+                        }
+                dctx->md = p2;
+                return 1;
+
+                case EVP_PKEY_CTRL_MD:
+                if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1   &&
+                    EVP_MD_type((const EVP_MD *)p2) != NID_dsa    &&
+                    EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
+                    EVP_MD_type((const EVP_MD *)p2) != NID_sha256)
+                        {
+                        DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE);
+                        return 0;
+                        }
+                dctx->md = p2;
+                return 1;
+
+                case EVP_PKEY_CTRL_DIGESTINIT:
+                case EVP_PKEY_CTRL_PKCS7_SIGN:
+                case EVP_PKEY_CTRL_CMS_SIGN:
+                return 1;
+                
+                case EVP_PKEY_CTRL_PEER_KEY:
+                        DSAerr(DSA_F_PKEY_DSA_CTRL,
+                        EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                        return -2;      
+                default:
+                return -2;
+
+                }
+        }
+                        
+static int pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx,
+                        const char *type, const char *value)
+        {
+        if (!strcmp(type, "dsa_paramgen_bits"))
+                {
+                int nbits;
+                nbits = atoi(value);
+                return EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits);
+                }
+        if (!strcmp(type, "dsa_paramgen_q_bits"))
+                {
+                int qbits = atoi(value);
+                return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN,
+                                         EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, qbits, NULL);
+                }
+        if (!strcmp(type, "dsa_paramgen_md"))
+                {
+                return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN,
+                                         EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0, 
+                                         (void *)EVP_get_digestbyname(value));
+                }
+        return -2;
+        }
+
+static int pkey_dsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+        {
+        DSA *dsa = NULL;
+        DSA_PKEY_CTX *dctx = ctx->data;
+        BN_GENCB *pcb, cb;
+        int ret;
+        if (ctx->pkey_gencb)
+                {
+                pcb = &cb;
+                evp_pkey_set_cb_translate(pcb, ctx);
+                }
+        else
+                pcb = NULL;
+        dsa = DSA_new();
+        if (!dsa)
+                return 0;
+        ret = dsa_builtin_paramgen(dsa, dctx->nbits, dctx->qbits, dctx->pmd,
+                                   NULL, 0, NULL, NULL, pcb);
+        if (ret)
+                EVP_PKEY_assign_DSA(pkey, dsa);
+        else
+                DSA_free(dsa);
+        return ret;
+        }
+
+static int pkey_dsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+        {
+        DSA *dsa = NULL;
+        if (ctx->pkey == NULL)
+                {
+                DSAerr(DSA_F_PKEY_DSA_KEYGEN, DSA_R_NO_PARAMETERS_SET);
+                return 0;
+                }
+        dsa = DSA_new();
+        if (!dsa)
+                return 0;
+        EVP_PKEY_assign_DSA(pkey, dsa);
+        /* Note: if error return, pkey is freed by parent routine */
+        if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey))
+                return 0;
+        return DSA_generate_key(pkey->pkey.dsa);
+        }
+
+const EVP_PKEY_METHOD dsa_pkey_meth = 
+        {
+        EVP_PKEY_DSA,
+        EVP_PKEY_FLAG_AUTOARGLEN,
+        pkey_dsa_init,
+        pkey_dsa_copy,
+        pkey_dsa_cleanup,
+
+        0,
+        pkey_dsa_paramgen,
+
+        0,
+        pkey_dsa_keygen,
+
+        0,
+        pkey_dsa_sign,
+
+        0,
+        pkey_dsa_verify,
+
+        0,0,
+
+        0,0,0,0,
+
+        0,0,
+
+        0,0,
+
+        0,0,
+
+        pkey_dsa_ctrl,
+        pkey_dsa_ctrl_str
+
+
+        };
diff --git a/src/lib/libcrypto/dsa/dsa_prn.c b/src/lib/libcrypto/dsa/dsa_prn.c
new file mode 100644
index 0000000000..6f29f5e240
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_prn.c
@@ -0,0 +1,121 @@
+/* crypto/dsa/dsa_prn.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2006.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/dsa.h>
+
+#ifndef OPENSSL_NO_FP_API
+int DSA_print_fp(FILE *fp, const DSA *x, int off)
+        {
+        BIO *b;
+        int ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                {
+                DSAerr(DSA_F_DSA_PRINT_FP,ERR_R_BUF_LIB);
+                return(0);
+                }
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=DSA_print(b,x,off);
+        BIO_free(b);
+        return(ret);
+        }
+
+int DSAparams_print_fp(FILE *fp, const DSA *x)
+        {
+        BIO *b;
+        int ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                {
+                DSAerr(DSA_F_DSAPARAMS_PRINT_FP,ERR_R_BUF_LIB);
+                return(0);
+                }
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=DSAparams_print(b, x);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+
+int DSA_print(BIO *bp, const DSA *x, int off)
+        {
+        EVP_PKEY *pk;
+        int ret;
+        pk = EVP_PKEY_new();
+        if (!pk || !EVP_PKEY_set1_DSA(pk, (DSA *)x))
+                return 0;
+        ret = EVP_PKEY_print_private(bp, pk, off, NULL);
+        EVP_PKEY_free(pk);
+        return ret;
+        }
+
+int DSAparams_print(BIO *bp, const DSA *x)
+        {
+        EVP_PKEY *pk;
+        int ret;
+        pk = EVP_PKEY_new();
+        if (!pk || !EVP_PKEY_set1_DSA(pk, (DSA *)x))
+                return 0;
+        ret = EVP_PKEY_print_params(bp, pk, 4, NULL);
+        EVP_PKEY_free(pk);
+        return ret;
+        }
+
diff --git a/src/lib/libcrypto/ec/ec2_mult.c b/src/lib/libcrypto/ec/ec2_mult.c
index ff368fd7d7..ab631a50a2 100644
--- a/src/lib/libcrypto/ec/ec2_mult.c
+++ b/src/lib/libcrypto/ec/ec2_mult.c
@@ -76,7 +76,7 @@
  * coordinates.
  * Uses algorithm Mdouble in appendix of 
  *     Lopez, J. and Dahab, R.  "Fast multiplication on elliptic curves over 
- *     GF(2^m) without precomputation".
+ *     GF(2^m) without precomputation" (CHES '99, LNCS 1717).
  * modified to not require precomputation of c=b^{2^{m-1}}.
  */
 static int gf2m_Mdouble(const EC_GROUP *group, BIGNUM *x, BIGNUM *z, BN_CTX *ctx)
@@ -107,8 +107,8 @@ static int gf2m_Mdouble(const EC_GROUP *group, BIGNUM *x, BIGNUM *z, BN_CTX *ctx
 /* Compute the x-coordinate x1/z1 for the point (x1/z1)+(x2/x2) in Montgomery 
  * projective coordinates.
  * Uses algorithm Madd in appendix of 
- *     Lopex, J. and Dahab, R.  "Fast multiplication on elliptic curves over 
- *     GF(2^m) without precomputation".
+ *     Lopez, J. and Dahab, R.  "Fast multiplication on elliptic curves over 
+ *     GF(2^m) without precomputation" (CHES '99, LNCS 1717).
  */
 static int gf2m_Madd(const EC_GROUP *group, const BIGNUM *x, BIGNUM *x1, BIGNUM *z1, 
         const BIGNUM *x2, const BIGNUM *z2, BN_CTX *ctx)
@@ -140,8 +140,8 @@ static int gf2m_Madd(const EC_GROUP *group, const BIGNUM *x, BIGNUM *x1, BIGNUM
 
 /* Compute the x, y affine coordinates from the point (x1, z1) (x2, z2) 
  * using Montgomery point multiplication algorithm Mxy() in appendix of 
- *     Lopex, J. and Dahab, R.  "Fast multiplication on elliptic curves over 
- *     GF(2^m) without precomputation".
+ *     Lopez, J. and Dahab, R.  "Fast multiplication on elliptic curves over 
+ *     GF(2^m) without precomputation" (CHES '99, LNCS 1717).
  * Returns:
  *     0 on error
  *     1 if return value should be the point at infinity
@@ -209,15 +209,15 @@ static int gf2m_Mxy(const EC_GROUP *group, const BIGNUM *x, const BIGNUM *y, BIG
 /* Computes scalar*point and stores the result in r.
  * point can not equal r.
  * Uses algorithm 2P of
- *     Lopex, J. and Dahab, R.  "Fast multiplication on elliptic curves over 
- *     GF(2^m) without precomputation".
+ *     Lopez, J. and Dahab, R.  "Fast multiplication on elliptic curves over 
+ *     GF(2^m) without precomputation" (CHES '99, LNCS 1717).
  */
 static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
         const EC_POINT *point, BN_CTX *ctx)
         {
         BIGNUM *x1, *x2, *z1, *z2;
-        int ret = 0, i, j;
-        BN_ULONG mask;
+        int ret = 0, i;
+        BN_ULONG mask,word;
 
         if (r == point)
                 {
@@ -251,22 +251,24 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r,
         if (!BN_GF2m_add(x2, x2, &group->b)) goto err; /* x2 = x^4 + b */
 
         /* find top most bit and go one past it */
-        i = scalar->top - 1; j = BN_BITS2 - 1;
+        i = scalar->top - 1;
         mask = BN_TBIT;
-        while (!(scalar->d[i] & mask)) { mask >>= 1; j--; }
-        mask >>= 1; j--;
+        word = scalar->d[i];
+        while (!(word & mask)) mask >>= 1;
+        mask >>= 1;
         /* if top most bit was at word break, go to next word */
         if (!mask) 
                 {
-                i--; j = BN_BITS2 - 1;
+                i--;
                 mask = BN_TBIT;
                 }
 
         for (; i >= 0; i--)
                 {
-                for (; j >= 0; j--)
+                word = scalar->d[i];
+                while (mask)
                         {
-                        if (scalar->d[i] & mask)
+                        if (word & mask)
                                 {
                                 if (!gf2m_Madd(group, &point->X, x1, z1, x2, z2, ctx)) goto err;
                                 if (!gf2m_Mdouble(group, x2, z2, ctx)) goto err;
@@ -278,7 +280,6 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r,
                                 }
                         mask >>= 1;
                         }
-                j = BN_BITS2 - 1;
                 mask = BN_TBIT;
                 }
 
diff --git a/src/lib/libcrypto/ec/ec_ameth.c b/src/lib/libcrypto/ec/ec_ameth.c
new file mode 100644
index 0000000000..c00f7d746c
--- /dev/null
+++ b/src/lib/libcrypto/ec/ec_ameth.c
@@ -0,0 +1,659 @@
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2006.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/ec.h>
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_CMS
+#include <openssl/cms.h>
+#endif
+#include "asn1_locl.h"
+
+static int eckey_param2type(int *pptype, void **ppval, EC_KEY *ec_key)
+        {
+        const EC_GROUP  *group;
+        int nid;
+        if (ec_key == NULL || (group = EC_KEY_get0_group(ec_key)) == NULL) 
+        {
+                ECerr(EC_F_ECKEY_PARAM2TYPE, EC_R_MISSING_PARAMETERS);
+                return 0;
+        }
+        if (EC_GROUP_get_asn1_flag(group)
+                     && (nid = EC_GROUP_get_curve_name(group)))
+                /* we have a 'named curve' => just set the OID */
+                {
+                *ppval = OBJ_nid2obj(nid);
+                *pptype = V_ASN1_OBJECT;
+                }
+        else    /* explicit parameters */
+                {
+                ASN1_STRING *pstr = NULL;
+                pstr = ASN1_STRING_new();
+                if (!pstr)
+                        return 0;
+                pstr->length = i2d_ECParameters(ec_key, &pstr->data);
+                if (pstr->length < 0)
+                        {
+                        ASN1_STRING_free(pstr);
+                        ECerr(EC_F_ECKEY_PARAM2TYPE, ERR_R_EC_LIB);
+                        return 0;
+                        }
+                *ppval = pstr;
+                *pptype = V_ASN1_SEQUENCE;
+                }
+        return 1;
+        }
+
+static int eckey_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
+        {
+        EC_KEY *ec_key = pkey->pkey.ec;
+        void *pval = NULL;
+        int ptype;
+        unsigned char *penc = NULL, *p;
+        int penclen;
+
+        if (!eckey_param2type(&ptype, &pval, ec_key))
+                {
+                ECerr(EC_F_ECKEY_PUB_ENCODE, ERR_R_EC_LIB);
+                return 0;
+                }
+        penclen = i2o_ECPublicKey(ec_key, NULL);
+        if (penclen <= 0)
+                goto err;
+        penc = OPENSSL_malloc(penclen);
+        if (!penc)
+                goto err;
+        p = penc;
+        penclen = i2o_ECPublicKey(ec_key, &p);
+        if (penclen <= 0)
+                goto err;
+        if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_EC),
+                                ptype, pval, penc, penclen))
+                return 1;
+        err:
+        if (ptype == V_ASN1_OBJECT)
+                ASN1_OBJECT_free(pval);
+        else
+                ASN1_STRING_free(pval);
+        if (penc)
+                OPENSSL_free(penc);
+        return 0;
+        }
+
+static EC_KEY *eckey_type2param(int ptype, void *pval)
+        {
+        EC_KEY *eckey = NULL;
+        if (ptype == V_ASN1_SEQUENCE)
+                {
+                ASN1_STRING *pstr = pval;
+                const unsigned char *pm = NULL;
+                int pmlen;
+                pm = pstr->data;
+                pmlen = pstr->length;
+                if (!(eckey = d2i_ECParameters(NULL, &pm, pmlen)))
+                        {
+                        ECerr(EC_F_ECKEY_TYPE2PARAM, EC_R_DECODE_ERROR);
+                        goto ecerr;
+                        }
+                }
+        else if (ptype == V_ASN1_OBJECT)
+                {
+                ASN1_OBJECT *poid = pval;
+                EC_GROUP *group;
+
+                /* type == V_ASN1_OBJECT => the parameters are given
+                 * by an asn1 OID
+                 */
+                if ((eckey = EC_KEY_new()) == NULL)
+                        {
+                        ECerr(EC_F_ECKEY_TYPE2PARAM, ERR_R_MALLOC_FAILURE);
+                        goto ecerr;
+                        }
+                group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(poid));
+                if (group == NULL)
+                        goto ecerr;
+                EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
+                if (EC_KEY_set_group(eckey, group) == 0)
+                        goto ecerr;
+                EC_GROUP_free(group);
+                }
+        else
+                {
+                ECerr(EC_F_ECKEY_TYPE2PARAM, EC_R_DECODE_ERROR);
+                goto ecerr;
+                }
+
+        return eckey;
+
+        ecerr:
+        if (eckey)
+                EC_KEY_free(eckey);
+        return NULL;
+        }
+
+static int eckey_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
+        {
+        const unsigned char *p = NULL;
+        void *pval;
+        int ptype, pklen;
+        EC_KEY *eckey = NULL;
+        X509_ALGOR *palg;
+
+        if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
+                return 0;
+        X509_ALGOR_get0(NULL, &ptype, &pval, palg);
+
+        eckey = eckey_type2param(ptype, pval);
+
+        if (!eckey)
+                {
+                ECerr(EC_F_ECKEY_PUB_DECODE, ERR_R_EC_LIB);
+                return 0;
+                }
+
+        /* We have parameters now set public key */
+        if (!o2i_ECPublicKey(&eckey, &p, pklen))
+                {
+                ECerr(EC_F_ECKEY_PUB_DECODE, EC_R_DECODE_ERROR);
+                goto ecerr;
+                }
+
+        EVP_PKEY_assign_EC_KEY(pkey, eckey);
+        return 1;
+
+        ecerr:
+        if (eckey)
+                EC_KEY_free(eckey);
+        return 0;
+        }
+
+static int eckey_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
+        {
+        int  r;
+        const EC_GROUP *group = EC_KEY_get0_group(b->pkey.ec);
+        const EC_POINT *pa = EC_KEY_get0_public_key(a->pkey.ec),
+                       *pb = EC_KEY_get0_public_key(b->pkey.ec);
+        r = EC_POINT_cmp(group, pa, pb, NULL);
+        if (r == 0)
+                return 1;
+        if (r == 1)
+                return 0;
+        return -2;
+        }
+
+static int eckey_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
+        {
+        const unsigned char *p = NULL;
+        void *pval;
+        int ptype, pklen;
+        EC_KEY *eckey = NULL;
+        X509_ALGOR *palg;
+
+        if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
+                return 0;
+        X509_ALGOR_get0(NULL, &ptype, &pval, palg);
+
+        eckey = eckey_type2param(ptype, pval);
+
+        if (!eckey)
+                goto ecliberr;
+
+        /* We have parameters now set private key */
+        if (!d2i_ECPrivateKey(&eckey, &p, pklen))
+                {
+                ECerr(EC_F_ECKEY_PRIV_DECODE, EC_R_DECODE_ERROR);
+                goto ecerr;
+                }
+
+        /* calculate public key (if necessary) */
+        if (EC_KEY_get0_public_key(eckey) == NULL)
+                {
+                const BIGNUM *priv_key;
+                const EC_GROUP *group;
+                EC_POINT *pub_key;
+                /* the public key was not included in the SEC1 private
+                 * key => calculate the public key */
+                group   = EC_KEY_get0_group(eckey);
+                pub_key = EC_POINT_new(group);
+                if (pub_key == NULL)
+                        {
+                        ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);
+                        goto ecliberr;
+                        }
+                if (!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group)))
+                        {
+                        EC_POINT_free(pub_key);
+                        ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);
+                        goto ecliberr;
+                        }
+                priv_key = EC_KEY_get0_private_key(eckey);
+                if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, NULL))
+                        {
+                        EC_POINT_free(pub_key);
+                        ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);
+                        goto ecliberr;
+                        }
+                if (EC_KEY_set_public_key(eckey, pub_key) == 0)
+                        {
+                        EC_POINT_free(pub_key);
+                        ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);
+                        goto ecliberr;
+                        }
+                EC_POINT_free(pub_key);
+                }
+
+        EVP_PKEY_assign_EC_KEY(pkey, eckey);
+        return 1;
+
+        ecliberr:
+        ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);
+        ecerr:
+        if (eckey)
+                EC_KEY_free(eckey);
+        return 0;
+        }
+
+static int eckey_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
+{
+        EC_KEY          *ec_key;
+        unsigned char   *ep, *p;
+        int             eplen, ptype;
+        void            *pval;
+        unsigned int    tmp_flags, old_flags;
+
+        ec_key = pkey->pkey.ec;
+
+        if (!eckey_param2type(&ptype, &pval, ec_key))
+                {
+                ECerr(EC_F_ECKEY_PRIV_ENCODE, EC_R_DECODE_ERROR);
+                return 0;
+                }
+
+        /* set the private key */
+
+        /* do not include the parameters in the SEC1 private key
+         * see PKCS#11 12.11 */
+        old_flags = EC_KEY_get_enc_flags(ec_key);
+        tmp_flags = old_flags | EC_PKEY_NO_PARAMETERS;
+        EC_KEY_set_enc_flags(ec_key, tmp_flags);
+        eplen = i2d_ECPrivateKey(ec_key, NULL);
+        if (!eplen)
+        {
+                EC_KEY_set_enc_flags(ec_key, old_flags);
+                ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_EC_LIB);
+                return 0;
+        }
+        ep = (unsigned char *) OPENSSL_malloc(eplen);
+        if (!ep)
+        {
+                EC_KEY_set_enc_flags(ec_key, old_flags);
+                ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
+                return 0;
+        }
+        p = ep;
+        if (!i2d_ECPrivateKey(ec_key, &p))
+        {
+                EC_KEY_set_enc_flags(ec_key, old_flags);
+                OPENSSL_free(ep);
+                ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_EC_LIB);
+        }
+        /* restore old encoding flags */
+        EC_KEY_set_enc_flags(ec_key, old_flags);
+
+        if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_X9_62_id_ecPublicKey), 0,
+                                ptype, pval, ep, eplen))
+                return 0;
+
+        return 1;
+}
+
+static int int_ec_size(const EVP_PKEY *pkey)
+        {
+        return ECDSA_size(pkey->pkey.ec);
+        }
+
+static int ec_bits(const EVP_PKEY *pkey)
+        {
+        BIGNUM *order = BN_new();
+        const EC_GROUP *group;
+        int ret;
+
+        if (!order)
+                {
+                ERR_clear_error();
+                return 0;
+                }
+        group = EC_KEY_get0_group(pkey->pkey.ec);
+        if (!EC_GROUP_get_order(group, order, NULL))
+                {
+                ERR_clear_error();
+                return 0;
+                }
+
+        ret = BN_num_bits(order);
+        BN_free(order);
+        return ret;
+        }
+
+static int ec_missing_parameters(const EVP_PKEY *pkey)
+        {
+        if (EC_KEY_get0_group(pkey->pkey.ec) == NULL)
+                return 1;
+        return 0;
+        }
+
+static int ec_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
+        {
+        EC_GROUP *group = EC_GROUP_dup(EC_KEY_get0_group(from->pkey.ec));
+        if (group == NULL)
+                return 0;
+        if (EC_KEY_set_group(to->pkey.ec, group) == 0)
+                return 0;
+        EC_GROUP_free(group);
+        return 1;
+        }
+
+static int ec_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
+        {
+        const EC_GROUP *group_a = EC_KEY_get0_group(a->pkey.ec),
+                       *group_b = EC_KEY_get0_group(b->pkey.ec);
+        if (EC_GROUP_cmp(group_a, group_b, NULL))
+                return 0;
+        else
+                return 1;
+        }
+
+static void int_ec_free(EVP_PKEY *pkey)
+        {
+        EC_KEY_free(pkey->pkey.ec);
+        }
+
+static int do_EC_KEY_print(BIO *bp, const EC_KEY *x, int off, int ktype)
+        {
+        unsigned char *buffer=NULL;
+        const char *ecstr;
+        size_t  buf_len=0, i;
+        int     ret=0, reason=ERR_R_BIO_LIB;
+        BIGNUM  *pub_key=NULL, *order=NULL;
+        BN_CTX  *ctx=NULL;
+        const EC_GROUP *group;
+        const EC_POINT *public_key;
+        const BIGNUM *priv_key;
+ 
+        if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL)
+                {
+                reason = ERR_R_PASSED_NULL_PARAMETER;
+                goto err;
+                }
+
+        ctx = BN_CTX_new();
+        if (ctx == NULL)
+                {
+                reason = ERR_R_MALLOC_FAILURE;
+                goto err;
+                }
+
+        if (ktype > 0)
+                {
+                public_key = EC_KEY_get0_public_key(x);
+                if ((pub_key = EC_POINT_point2bn(group, public_key,
+                        EC_KEY_get_conv_form(x), NULL, ctx)) == NULL)
+                        {
+                        reason = ERR_R_EC_LIB;
+                        goto err;
+                        }
+                if (pub_key)
+                        buf_len = (size_t)BN_num_bytes(pub_key);
+                }
+
+        if (ktype == 2)
+                {
+                priv_key = EC_KEY_get0_private_key(x);
+                if (priv_key && (i = (size_t)BN_num_bytes(priv_key)) > buf_len)
+                        buf_len = i;
+                }
+        else
+                priv_key = NULL;
+
+        if (ktype > 0)
+                {
+                buf_len += 10;
+                if ((buffer = OPENSSL_malloc(buf_len)) == NULL)
+                        {
+                        reason = ERR_R_MALLOC_FAILURE;
+                        goto err;
+                        }
+                }
+        if (ktype == 2)
+                ecstr = "Private-Key";
+        else if (ktype == 1)
+                ecstr = "Public-Key";
+        else
+                ecstr = "ECDSA-Parameters";
+
+        if (!BIO_indent(bp, off, 128))
+                goto err;
+        if ((order = BN_new()) == NULL)
+                goto err;
+        if (!EC_GROUP_get_order(group, order, NULL))
+                goto err;
+        if (BIO_printf(bp, "%s: (%d bit)\n", ecstr,
+                BN_num_bits(order)) <= 0) goto err;
+  
+        if ((priv_key != NULL) && !ASN1_bn_print(bp, "priv:", priv_key, 
+                buffer, off))
+                goto err;
+        if ((pub_key != NULL) && !ASN1_bn_print(bp, "pub: ", pub_key,
+                buffer, off))
+                goto err;
+        if (!ECPKParameters_print(bp, group, off))
+                goto err;
+        ret=1;
+err:
+        if (!ret)
+                ECerr(EC_F_DO_EC_KEY_PRINT, reason);
+        if (pub_key) 
+                BN_free(pub_key);
+        if (order)
+                BN_free(order);
+        if (ctx)
+                BN_CTX_free(ctx);
+        if (buffer != NULL)
+                OPENSSL_free(buffer);
+        return(ret);
+        }
+
+static int eckey_param_decode(EVP_PKEY *pkey,
+                                        const unsigned char **pder, int derlen)
+        {
+        EC_KEY *eckey;
+        if (!(eckey = d2i_ECParameters(NULL, pder, derlen)))
+                {
+                ECerr(EC_F_ECKEY_PARAM_DECODE, ERR_R_EC_LIB);
+                return 0;
+                }
+        EVP_PKEY_assign_EC_KEY(pkey, eckey);
+        return 1;
+        }
+
+static int eckey_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
+        {
+        return i2d_ECParameters(pkey->pkey.ec, pder);
+        }
+
+static int eckey_param_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                                                        ASN1_PCTX *ctx)
+        {
+        return do_EC_KEY_print(bp, pkey->pkey.ec, indent, 0);
+        }
+
+static int eckey_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                                                        ASN1_PCTX *ctx)
+        {
+        return do_EC_KEY_print(bp, pkey->pkey.ec, indent, 1);
+        }
+
+
+static int eckey_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                                                        ASN1_PCTX *ctx)
+        {
+        return do_EC_KEY_print(bp, pkey->pkey.ec, indent, 2);
+        }
+
+static int old_ec_priv_decode(EVP_PKEY *pkey,
+                                        const unsigned char **pder, int derlen)
+        {
+        EC_KEY *ec;
+        if (!(ec = d2i_ECPrivateKey (NULL, pder, derlen)))
+                {
+                ECerr(EC_F_OLD_EC_PRIV_DECODE, EC_R_DECODE_ERROR);
+                return 0;
+                }
+        EVP_PKEY_assign_EC_KEY(pkey, ec);
+        return 1;
+        }
+
+static int old_ec_priv_encode(const EVP_PKEY *pkey, unsigned char **pder)
+        {
+        return i2d_ECPrivateKey(pkey->pkey.ec, pder);
+        }
+
+static int ec_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
+        {
+        switch (op)
+                {
+                case ASN1_PKEY_CTRL_PKCS7_SIGN:
+                if (arg1 == 0)
+                        {
+                        int snid, hnid;
+                        X509_ALGOR *alg1, *alg2;
+                        PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, &alg1, &alg2);
+                        if (alg1 == NULL || alg1->algorithm == NULL)
+                                return -1;
+                        hnid = OBJ_obj2nid(alg1->algorithm);
+                        if (hnid == NID_undef)
+                                return -1;
+                        if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
+                                return -1; 
+                        X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
+                        }
+                return 1;
+#ifndef OPENSSL_NO_CMS
+                case ASN1_PKEY_CTRL_CMS_SIGN:
+                if (arg1 == 0)
+                        {
+                        int snid, hnid;
+                        X509_ALGOR *alg1, *alg2;
+                        CMS_SignerInfo_get0_algs(arg2, NULL, NULL,
+                                                                &alg1, &alg2);
+                        if (alg1 == NULL || alg1->algorithm == NULL)
+                                return -1;
+                        hnid = OBJ_obj2nid(alg1->algorithm);
+                        if (hnid == NID_undef)
+                                return -1;
+                        if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
+                                return -1; 
+                        X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
+                        }
+                return 1;
+#endif
+
+                case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
+                *(int *)arg2 = NID_sha1;
+                return 2;
+
+                default:
+                return -2;
+
+                }
+
+        }
+
+const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = 
+        {
+        EVP_PKEY_EC,
+        EVP_PKEY_EC,
+        0,
+        "EC",
+        "OpenSSL EC algorithm",
+
+        eckey_pub_decode,
+        eckey_pub_encode,
+        eckey_pub_cmp,
+        eckey_pub_print,
+
+        eckey_priv_decode,
+        eckey_priv_encode,
+        eckey_priv_print,
+
+        int_ec_size,
+        ec_bits,
+
+        eckey_param_decode,
+        eckey_param_encode,
+        ec_missing_parameters,
+        ec_copy_parameters,
+        ec_cmp_parameters,
+        eckey_param_print,
+
+        int_ec_free,
+        ec_pkey_ctrl,
+        old_ec_priv_decode,
+        old_ec_priv_encode
+        };
diff --git a/src/lib/libcrypto/ec/ec_curve.c b/src/lib/libcrypto/ec/ec_curve.c
index beac20969b..23274e4031 100644
--- a/src/lib/libcrypto/ec/ec_curve.c
+++ b/src/lib/libcrypto/ec/ec_curve.c
@@ -73,926 +73,1690 @@
 #include <openssl/err.h>
 #include <openssl/obj_mac.h>
 
-typedef struct ec_curve_data_st {
-        int     field_type;     /* either NID_X9_62_prime_field or
+typedef struct {
+        int     field_type,     /* either NID_X9_62_prime_field or
                                  * NID_X9_62_characteristic_two_field */
-        const char *p;          /* either a prime number or a polynomial */
-        const char *a;
-        const char *b;
-        const char *x;          /* the x coordinate of the generator */
-        const char *y;          /* the y coordinate of the generator */
-        const char *order;      /* the order of the group generated by the
-                                 * generator */
-        const BN_ULONG cofactor;/* the cofactor */
-        const unsigned char *seed;/* the seed (optional) */
-        size_t  seed_len;
-        const char *comment;    /* a short description of the curve */
+                seed_len,
+                param_len;
+        unsigned int cofactor;  /* promoted to BN_ULONG */
 } EC_CURVE_DATA;
 
 /* the nist prime curves */
-static const unsigned char _EC_NIST_PRIME_192_SEED[] = {
-        0x30,0x45,0xAE,0x6F,0xC8,0x42,0x2F,0x64,0xED,0x57,
-        0x95,0x28,0xD3,0x81,0x20,0xEA,0xE1,0x21,0x96,0xD5};
-static const EC_CURVE_DATA _EC_NIST_PRIME_192 = {
-        NID_X9_62_prime_field,
-        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
-        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
-        "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1",
-        "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012",
-        "07192b95ffc8da78631011ed6b24cdd573f977a11e794811",
-        "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831",1,
-        _EC_NIST_PRIME_192_SEED, 20,
-        "NIST/X9.62/SECG curve over a 192 bit prime field"
+static const struct { EC_CURVE_DATA h; unsigned char data[20+24*6]; }
+        _EC_NIST_PRIME_192 = {
+        { NID_X9_62_prime_field,20,24,1 },
+        { 0x30,0x45,0xAE,0x6F,0xC8,0x42,0x2F,0x64,0xED,0x57,    /* seed */
+          0x95,0x28,0xD3,0x81,0x20,0xEA,0xE1,0x21,0x96,0xD5,
+
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* p */
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFF,0xFF,
+          0xFF,0xFF,0xFF,0xFF,
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* a */
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFF,0xFF,
+          0xFF,0xFF,0xFF,0xFC,
+          0x64,0x21,0x05,0x19,0xE5,0x9C,0x80,0xE7,0x0F,0xA7,    /* b */
+          0xE9,0xAB,0x72,0x24,0x30,0x49,0xFE,0xB8,0xDE,0xEC,
+          0xC1,0x46,0xB9,0xB1,
+          0x18,0x8D,0xA8,0x0E,0xB0,0x30,0x90,0xF6,0x7C,0xBF,    /* x */
+          0x20,0xEB,0x43,0xA1,0x88,0x00,0xF4,0xFF,0x0A,0xFD,
+          0x82,0xFF,0x10,0x12,
+          0x07,0x19,0x2b,0x95,0xff,0xc8,0xda,0x78,0x63,0x10,    /* y */
+          0x11,0xed,0x6b,0x24,0xcd,0xd5,0x73,0xf9,0x77,0xa1,
+          0x1e,0x79,0x48,0x11,
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* order */
+          0xFF,0xFF,0x99,0xDE,0xF8,0x36,0x14,0x6B,0xC9,0xB1,
+          0xB4,0xD2,0x28,0x31 }
         };
 
-static const unsigned char _EC_NIST_PRIME_224_SEED[] = {
-        0xBD,0x71,0x34,0x47,0x99,0xD5,0xC7,0xFC,0xDC,0x45,
-        0xB5,0x9F,0xA3,0xB9,0xAB,0x8F,0x6A,0x94,0x8B,0xC5};
-static const EC_CURVE_DATA _EC_NIST_PRIME_224 = {
-        NID_X9_62_prime_field,
-        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001",
-        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE",
-        "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4",
-        "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21",
-        "bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34",
-        "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D",1,
-        _EC_NIST_PRIME_224_SEED, 20,
-        "NIST/SECG curve over a 224 bit prime field"
+static const struct { EC_CURVE_DATA h; unsigned char data[20+28*6]; }
+        _EC_NIST_PRIME_224 = {
+        { NID_X9_62_prime_field,20,28,1 },
+        { 0xBD,0x71,0x34,0x47,0x99,0xD5,0xC7,0xFC,0xDC,0x45,    /* seed */
+          0xB5,0x9F,0xA3,0xB9,0xAB,0x8F,0x6A,0x94,0x8B,0xC5,
+
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* p */
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* a */
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFF,0xFF,
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,
+          0xB4,0x05,0x0A,0x85,0x0C,0x04,0xB3,0xAB,0xF5,0x41,    /* b */
+          0x32,0x56,0x50,0x44,0xB0,0xB7,0xD7,0xBF,0xD8,0xBA,
+          0x27,0x0B,0x39,0x43,0x23,0x55,0xFF,0xB4,
+          0xB7,0x0E,0x0C,0xBD,0x6B,0xB4,0xBF,0x7F,0x32,0x13,    /* x */
+          0x90,0xB9,0x4A,0x03,0xC1,0xD3,0x56,0xC2,0x11,0x22,
+          0x34,0x32,0x80,0xD6,0x11,0x5C,0x1D,0x21,
+          0xbd,0x37,0x63,0x88,0xb5,0xf7,0x23,0xfb,0x4c,0x22,    /* y */
+          0xdf,0xe6,0xcd,0x43,0x75,0xa0,0x5a,0x07,0x47,0x64,
+          0x44,0xd5,0x81,0x99,0x85,0x00,0x7e,0x34,
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* order */
+          0xFF,0xFF,0xFF,0xFF,0x16,0xA2,0xE0,0xB8,0xF0,0x3E,
+          0x13,0xDD,0x29,0x45,0x5C,0x5C,0x2A,0x3D }
         };
 
-static const unsigned char _EC_NIST_PRIME_384_SEED[] = {
-        0xA3,0x35,0x92,0x6A,0xA3,0x19,0xA2,0x7A,0x1D,0x00,
-        0x89,0x6A,0x67,0x73,0xA4,0x82,0x7A,0xCD,0xAC,0x73};
-static const EC_CURVE_DATA _EC_NIST_PRIME_384 = {
-        NID_X9_62_prime_field,
-        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFF"
-        "FFF0000000000000000FFFFFFFF",
-        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFF"
-        "FFF0000000000000000FFFFFFFC",
-        "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC6563"
-        "98D8A2ED19D2A85C8EDD3EC2AEF",
-        "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F"
-        "25DBF55296C3A545E3872760AB7",
-        "3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b"
-        "1ce1d7e819d7a431d7c90ea0e5f",
-        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0"
-        "DB248B0A77AECEC196ACCC52973",1,
-        _EC_NIST_PRIME_384_SEED, 20,
-        "NIST/SECG curve over a 384 bit prime field"
+static const struct { EC_CURVE_DATA h; unsigned char data[20+48*6]; }
+        _EC_NIST_PRIME_384 = {
+        { NID_X9_62_prime_field,20,48,1 },
+        { 0xA3,0x35,0x92,0x6A,0xA3,0x19,0xA2,0x7A,0x1D,0x00,    /* seed */
+          0x89,0x6A,0x67,0x73,0xA4,0x82,0x7A,0xCD,0xAC,0x73,
+
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* p */
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+          0xFF,0xFE,0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* a */
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+          0xFF,0xFE,0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFC,
+          0xB3,0x31,0x2F,0xA7,0xE2,0x3E,0xE7,0xE4,0x98,0x8E,    /* b */
+          0x05,0x6B,0xE3,0xF8,0x2D,0x19,0x18,0x1D,0x9C,0x6E,
+          0xFE,0x81,0x41,0x12,0x03,0x14,0x08,0x8F,0x50,0x13,
+          0x87,0x5A,0xC6,0x56,0x39,0x8D,0x8A,0x2E,0xD1,0x9D,
+          0x2A,0x85,0xC8,0xED,0xD3,0xEC,0x2A,0xEF,
+          0xAA,0x87,0xCA,0x22,0xBE,0x8B,0x05,0x37,0x8E,0xB1,    /* x */
+          0xC7,0x1E,0xF3,0x20,0xAD,0x74,0x6E,0x1D,0x3B,0x62,
+          0x8B,0xA7,0x9B,0x98,0x59,0xF7,0x41,0xE0,0x82,0x54,
+          0x2A,0x38,0x55,0x02,0xF2,0x5D,0xBF,0x55,0x29,0x6C,
+          0x3A,0x54,0x5E,0x38,0x72,0x76,0x0A,0xB7,
+          0x36,0x17,0xde,0x4a,0x96,0x26,0x2c,0x6f,0x5d,0x9e,    /* y */
+          0x98,0xbf,0x92,0x92,0xdc,0x29,0xf8,0xf4,0x1d,0xbd,
+          0x28,0x9a,0x14,0x7c,0xe9,0xda,0x31,0x13,0xb5,0xf0,
+          0xb8,0xc0,0x0a,0x60,0xb1,0xce,0x1d,0x7e,0x81,0x9d,
+          0x7a,0x43,0x1d,0x7c,0x90,0xea,0x0e,0x5f,
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* order */
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+          0xFF,0xFF,0xFF,0xFF,0xC7,0x63,0x4D,0x81,0xF4,0x37,
+          0x2D,0xDF,0x58,0x1A,0x0D,0xB2,0x48,0xB0,0xA7,0x7A,
+          0xEC,0xEC,0x19,0x6A,0xCC,0xC5,0x29,0x73 }
         };
 
-static const unsigned char _EC_NIST_PRIME_521_SEED[] = {
-        0xD0,0x9E,0x88,0x00,0x29,0x1C,0xB8,0x53,0x96,0xCC,
-        0x67,0x17,0x39,0x32,0x84,0xAA,0xA0,0xDA,0x64,0xBA};
-static const EC_CURVE_DATA _EC_NIST_PRIME_521 = {
-        NID_X9_62_prime_field,
-        "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
-        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
-        "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
-        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC",
-        "051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156"
-        "193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00",
-        "C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14"
-        "B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66",
-        "011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c9"
-        "7ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650",
-        "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51"
-        "868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409",1,
-        _EC_NIST_PRIME_521_SEED, 20,
-        "NIST/SECG curve over a 521 bit prime field"
+static const struct { EC_CURVE_DATA h; unsigned char data[20+66*6]; }
+        _EC_NIST_PRIME_521 = {
+        { NID_X9_62_prime_field,20,66,1 },
+        { 0xD0,0x9E,0x88,0x00,0x29,0x1C,0xB8,0x53,0x96,0xCC,    /* seed */
+          0x67,0x17,0x39,0x32,0x84,0xAA,0xA0,0xDA,0x64,0xBA,
+
+          0x01,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* p */
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+          0x01,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* a */
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFC,
+          0x00,0x51,0x95,0x3E,0xB9,0x61,0x8E,0x1C,0x9A,0x1F,    /* b */
+          0x92,0x9A,0x21,0xA0,0xB6,0x85,0x40,0xEE,0xA2,0xDA,
+          0x72,0x5B,0x99,0xB3,0x15,0xF3,0xB8,0xB4,0x89,0x91,
+          0x8E,0xF1,0x09,0xE1,0x56,0x19,0x39,0x51,0xEC,0x7E,
+          0x93,0x7B,0x16,0x52,0xC0,0xBD,0x3B,0xB1,0xBF,0x07,
+          0x35,0x73,0xDF,0x88,0x3D,0x2C,0x34,0xF1,0xEF,0x45,
+          0x1F,0xD4,0x6B,0x50,0x3F,0x00,
+          0x00,0xC6,0x85,0x8E,0x06,0xB7,0x04,0x04,0xE9,0xCD,    /* x */
+          0x9E,0x3E,0xCB,0x66,0x23,0x95,0xB4,0x42,0x9C,0x64,
+          0x81,0x39,0x05,0x3F,0xB5,0x21,0xF8,0x28,0xAF,0x60,
+          0x6B,0x4D,0x3D,0xBA,0xA1,0x4B,0x5E,0x77,0xEF,0xE7,
+          0x59,0x28,0xFE,0x1D,0xC1,0x27,0xA2,0xFF,0xA8,0xDE,
+          0x33,0x48,0xB3,0xC1,0x85,0x6A,0x42,0x9B,0xF9,0x7E,
+          0x7E,0x31,0xC2,0xE5,0xBD,0x66,
+          0x01,0x18,0x39,0x29,0x6a,0x78,0x9a,0x3b,0xc0,0x04,    /* y */
+          0x5c,0x8a,0x5f,0xb4,0x2c,0x7d,0x1b,0xd9,0x98,0xf5,
+          0x44,0x49,0x57,0x9b,0x44,0x68,0x17,0xaf,0xbd,0x17,
+          0x27,0x3e,0x66,0x2c,0x97,0xee,0x72,0x99,0x5e,0xf4,
+          0x26,0x40,0xc5,0x50,0xb9,0x01,0x3f,0xad,0x07,0x61,
+          0x35,0x3c,0x70,0x86,0xa2,0x72,0xc2,0x40,0x88,0xbe,
+          0x94,0x76,0x9f,0xd1,0x66,0x50,
+          0x01,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* order */
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+          0xFF,0xFF,0xFF,0xFA,0x51,0x86,0x87,0x83,0xBF,0x2F,
+          0x96,0x6B,0x7F,0xCC,0x01,0x48,0xF7,0x09,0xA5,0xD0,
+          0x3B,0xB5,0xC9,0xB8,0x89,0x9C,0x47,0xAE,0xBB,0x6F,
+          0xB7,0x1E,0x91,0x38,0x64,0x09 }
         };
+
 /* the x9.62 prime curves (minus the nist prime curves) */
-static const unsigned char _EC_X9_62_PRIME_192V2_SEED[] = {
-        0x31,0xA9,0x2E,0xE2,0x02,0x9F,0xD1,0x0D,0x90,0x1B,
-        0x11,0x3E,0x99,0x07,0x10,0xF0,0xD2,0x1A,0xC6,0xB6};
-static const EC_CURVE_DATA _EC_X9_62_PRIME_192V2 = {
-        NID_X9_62_prime_field,
-        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
-        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
-        "CC22D6DFB95C6B25E49C0D6364A4E5980C393AA21668D953",
-        "EEA2BAE7E1497842F2DE7769CFE9C989C072AD696F48034A",
-        "6574d11d69b6ec7a672bb82a083df2f2b0847de970b2de15",
-        "FFFFFFFFFFFFFFFFFFFFFFFE5FB1A724DC80418648D8DD31",1,
-        _EC_X9_62_PRIME_192V2_SEED, 20,
-        "X9.62 curve over a 192 bit prime field"
+static const struct { EC_CURVE_DATA h; unsigned char data[20+24*6]; }
+        _EC_X9_62_PRIME_192V2 = {
+        { NID_X9_62_prime_field,20,24,1 },
+        { 0x31,0xA9,0x2E,0xE2,0x02,0x9F,0xD1,0x0D,0x90,0x1B,    /* seed */
+          0x11,0x3E,0x99,0x07,0x10,0xF0,0xD2,0x1A,0xC6,0xB6,
+
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* p */
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFF,0xFF,
+          0xFF,0xFF,0xFF,0xFF,
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* a */
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFF,0xFF,
+          0xFF,0xFF,0xFF,0xFC,
+          0xCC,0x22,0xD6,0xDF,0xB9,0x5C,0x6B,0x25,0xE4,0x9C,    /* b */
+          0x0D,0x63,0x64,0xA4,0xE5,0x98,0x0C,0x39,0x3A,0xA2,
+          0x16,0x68,0xD9,0x53,
+          0xEE,0xA2,0xBA,0xE7,0xE1,0x49,0x78,0x42,0xF2,0xDE,    /* x */
+          0x77,0x69,0xCF,0xE9,0xC9,0x89,0xC0,0x72,0xAD,0x69,
+          0x6F,0x48,0x03,0x4A,
+          0x65,0x74,0xd1,0x1d,0x69,0xb6,0xec,0x7a,0x67,0x2b,    /* y */
+          0xb8,0x2a,0x08,0x3d,0xf2,0xf2,0xb0,0x84,0x7d,0xe9,
+          0x70,0xb2,0xde,0x15,
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* order */
+          0xFF,0xFE,0x5F,0xB1,0xA7,0x24,0xDC,0x80,0x41,0x86,
+          0x48,0xD8,0xDD,0x31 }
         };
 
-static const unsigned char _EC_X9_62_PRIME_192V3_SEED[] = {
-        0xC4,0x69,0x68,0x44,0x35,0xDE,0xB3,0x78,0xC4,0xB6,
-        0x5C,0xA9,0x59,0x1E,0x2A,0x57,0x63,0x05,0x9A,0x2E};
-static const EC_CURVE_DATA _EC_X9_62_PRIME_192V3 = {
-        NID_X9_62_prime_field,
-        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
-        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
-        "22123DC2395A05CAA7423DAECCC94760A7D462256BD56916",
-        "7D29778100C65A1DA1783716588DCE2B8B4AEE8E228F1896",
-        "38a90f22637337334b49dcb66a6dc8f9978aca7648a943b0",
-        "FFFFFFFFFFFFFFFFFFFFFFFF7A62D031C83F4294F640EC13",1,
-        _EC_X9_62_PRIME_192V3_SEED, 20,
-        "X9.62 curve over a 192 bit prime field"
+static const struct { EC_CURVE_DATA h; unsigned char data[20+24*6]; }
+        _EC_X9_62_PRIME_192V3 = {
+        { NID_X9_62_prime_field,20,24,1 },
+        { 0xC4,0x69,0x68,0x44,0x35,0xDE,0xB3,0x78,0xC4,0xB6,    /* seed */
+          0x5C,0xA9,0x59,0x1E,0x2A,0x57,0x63,0x05,0x9A,0x2E,
+
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* p */
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFF,0xFF,
+          0xFF,0xFF,0xFF,0xFF,
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* a */
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFF,0xFF,
+          0xFF,0xFF,0xFF,0xFC,
+          0x22,0x12,0x3D,0xC2,0x39,0x5A,0x05,0xCA,0xA7,0x42,    /* b */
+          0x3D,0xAE,0xCC,0xC9,0x47,0x60,0xA7,0xD4,0x62,0x25,
+          0x6B,0xD5,0x69,0x16,
+          0x7D,0x29,0x77,0x81,0x00,0xC6,0x5A,0x1D,0xA1,0x78,    /* x */
+          0x37,0x16,0x58,0x8D,0xCE,0x2B,0x8B,0x4A,0xEE,0x8E,
+          0x22,0x8F,0x18,0x96,
+          0x38,0xa9,0x0f,0x22,0x63,0x73,0x37,0x33,0x4b,0x49,    /* y */
+          0xdc,0xb6,0x6a,0x6d,0xc8,0xf9,0x97,0x8a,0xca,0x76,
+          0x48,0xa9,0x43,0xb0,
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* order */
+          0xFF,0xFF,0x7A,0x62,0xD0,0x31,0xC8,0x3F,0x42,0x94,
+          0xF6,0x40,0xEC,0x13 }
         };
 
-static const unsigned char _EC_X9_62_PRIME_239V1_SEED[] = {
-        0xE4,0x3B,0xB4,0x60,0xF0,0xB8,0x0C,0xC0,0xC0,0xB0,
-        0x75,0x79,0x8E,0x94,0x80,0x60,0xF8,0x32,0x1B,0x7D};
-static const EC_CURVE_DATA _EC_X9_62_PRIME_239V1 = {
-        NID_X9_62_prime_field,
-        "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
-        "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
-        "6B016C3BDCF18941D0D654921475CA71A9DB2FB27D1D37796185C2942C0A",
-        "0FFA963CDCA8816CCC33B8642BEDF905C3D358573D3F27FBBD3B3CB9AAAF",
-        "7debe8e4e90a5dae6e4054ca530ba04654b36818ce226b39fccb7b02f1ae",
-        "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF9E5E9A9F5D9071FBD1522688909D0B",1,
-        _EC_X9_62_PRIME_239V1_SEED, 20,
-        "X9.62 curve over a 239 bit prime field"
+static const struct { EC_CURVE_DATA h; unsigned char data[20+30*6]; }
+        _EC_X9_62_PRIME_239V1 = {
+        { NID_X9_62_prime_field,20,30,1 },
+        { 0xE4,0x3B,0xB4,0x60,0xF0,0xB8,0x0C,0xC0,0xC0,0xB0,    /* seed */
+          0x75,0x79,0x8E,0x94,0x80,0x60,0xF8,0x32,0x1B,0x7D,
+
+          0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* p */
+          0xFF,0xFF,0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0x80,0x00,
+          0x00,0x00,0x00,0x00,0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,
+
+          0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* a */
+          0xFF,0xFF,0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0x80,0x00,
+          0x00,0x00,0x00,0x00,0x7F,0xFF,0xFF,0xFF,0xFF,0xFC,
+
+          0x6B,0x01,0x6C,0x3B,0xDC,0xF1,0x89,0x41,0xD0,0xD6,    /* b */
+          0x54,0x92,0x14,0x75,0xCA,0x71,0xA9,0xDB,0x2F,0xB2,
+          0x7D,0x1D,0x37,0x79,0x61,0x85,0xC2,0x94,0x2C,0x0A,
+
+          0x0F,0xFA,0x96,0x3C,0xDC,0xA8,0x81,0x6C,0xCC,0x33,    /* x */
+          0xB8,0x64,0x2B,0xED,0xF9,0x05,0xC3,0xD3,0x58,0x57,
+          0x3D,0x3F,0x27,0xFB,0xBD,0x3B,0x3C,0xB9,0xAA,0xAF,
+
+          0x7d,0xeb,0xe8,0xe4,0xe9,0x0a,0x5d,0xae,0x6e,0x40,    /* y */
+          0x54,0xca,0x53,0x0b,0xa0,0x46,0x54,0xb3,0x68,0x18,
+          0xce,0x22,0x6b,0x39,0xfc,0xcb,0x7b,0x02,0xf1,0xae,
+
+          0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* order */
+          0xFF,0xFF,0x7F,0xFF,0xFF,0x9E,0x5E,0x9A,0x9F,0x5D,
+          0x90,0x71,0xFB,0xD1,0x52,0x26,0x88,0x90,0x9D,0x0B }
         };
 
-static const unsigned char _EC_X9_62_PRIME_239V2_SEED[] = {
-        0xE8,0xB4,0x01,0x16,0x04,0x09,0x53,0x03,0xCA,0x3B,
-        0x80,0x99,0x98,0x2B,0xE0,0x9F,0xCB,0x9A,0xE6,0x16};
-static const EC_CURVE_DATA _EC_X9_62_PRIME_239V2 = {
-        NID_X9_62_prime_field,
-        "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
-        "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
-        "617FAB6832576CBBFED50D99F0249C3FEE58B94BA0038C7AE84C8C832F2C",
-        "38AF09D98727705120C921BB5E9E26296A3CDCF2F35757A0EAFD87B830E7",
-        "5b0125e4dbea0ec7206da0fc01d9b081329fb555de6ef460237dff8be4ba",
-        "7FFFFFFFFFFFFFFFFFFFFFFF800000CFA7E8594377D414C03821BC582063",1,
-        _EC_X9_62_PRIME_239V2_SEED, 20,
-        "X9.62 curve over a 239 bit prime field"
+static const struct { EC_CURVE_DATA h; unsigned char data[20+30*6]; }
+        _EC_X9_62_PRIME_239V2 = {
+        { NID_X9_62_prime_field,20,30,1 },
+        { 0xE8,0xB4,0x01,0x16,0x04,0x09,0x53,0x03,0xCA,0x3B,    /* seed */
+          0x80,0x99,0x98,0x2B,0xE0,0x9F,0xCB,0x9A,0xE6,0x16,
+
+          0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* p */
+          0xFF,0xFF,0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0x80,0x00,
+          0x00,0x00,0x00,0x00,0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,
+
+          0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* a */
+          0xFF,0xFF,0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0x80,0x00,
+          0x00,0x00,0x00,0x00,0x7F,0xFF,0xFF,0xFF,0xFF,0xFC,
+
+          0x61,0x7F,0xAB,0x68,0x32,0x57,0x6C,0xBB,0xFE,0xD5,    /* b */
+          0x0D,0x99,0xF0,0x24,0x9C,0x3F,0xEE,0x58,0xB9,0x4B,
+          0xA0,0x03,0x8C,0x7A,0xE8,0x4C,0x8C,0x83,0x2F,0x2C,
+
+          0x38,0xAF,0x09,0xD9,0x87,0x27,0x70,0x51,0x20,0xC9,    /* x */
+          0x21,0xBB,0x5E,0x9E,0x26,0x29,0x6A,0x3C,0xDC,0xF2,
+          0xF3,0x57,0x57,0xA0,0xEA,0xFD,0x87,0xB8,0x30,0xE7,
+
+          0x5b,0x01,0x25,0xe4,0xdb,0xea,0x0e,0xc7,0x20,0x6d,    /* y */
+          0xa0,0xfc,0x01,0xd9,0xb0,0x81,0x32,0x9f,0xb5,0x55,
+          0xde,0x6e,0xf4,0x60,0x23,0x7d,0xff,0x8b,0xe4,0xba,
+
+          0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* order */
+          0xFF,0xFF,0x80,0x00,0x00,0xCF,0xA7,0xE8,0x59,0x43,
+          0x77,0xD4,0x14,0xC0,0x38,0x21,0xBC,0x58,0x20,0x63 }
         };
 
-static const unsigned char _EC_X9_62_PRIME_239V3_SEED[] = {
-        0x7D,0x73,0x74,0x16,0x8F,0xFE,0x34,0x71,0xB6,0x0A,
-        0x85,0x76,0x86,0xA1,0x94,0x75,0xD3,0xBF,0xA2,0xFF};
-static const EC_CURVE_DATA _EC_X9_62_PRIME_239V3 = {
-        NID_X9_62_prime_field,
-        "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
-        "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
-        "255705FA2A306654B1F4CB03D6A750A30C250102D4988717D9BA15AB6D3E",
-        "6768AE8E18BB92CFCF005C949AA2C6D94853D0E660BBF854B1C9505FE95A",
-        "1607e6898f390c06bc1d552bad226f3b6fcfe48b6e818499af18e3ed6cf3",
-        "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF975DEB41B3A6057C3C432146526551",1,
-        _EC_X9_62_PRIME_239V3_SEED, 20,
-        "X9.62 curve over a 239 bit prime field"
+static const struct { EC_CURVE_DATA h; unsigned char data[20+30*6]; }
+        _EC_X9_62_PRIME_239V3 = {
+        { NID_X9_62_prime_field,20,30,1 },
+        { 0x7D,0x73,0x74,0x16,0x8F,0xFE,0x34,0x71,0xB6,0x0A,    /* seed */
+          0x85,0x76,0x86,0xA1,0x94,0x75,0xD3,0xBF,0xA2,0xFF,
+
+          0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* p */
+          0xFF,0xFF,0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0x80,0x00,
+          0x00,0x00,0x00,0x00,0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,
+
+          0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* a */
+          0xFF,0xFF,0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0x80,0x00,
+          0x00,0x00,0x00,0x00,0x7F,0xFF,0xFF,0xFF,0xFF,0xFC,
+
+          0x25,0x57,0x05,0xFA,0x2A,0x30,0x66,0x54,0xB1,0xF4,    /* b */
+          0xCB,0x03,0xD6,0xA7,0x50,0xA3,0x0C,0x25,0x01,0x02,
+          0xD4,0x98,0x87,0x17,0xD9,0xBA,0x15,0xAB,0x6D,0x3E,
+
+          0x67,0x68,0xAE,0x8E,0x18,0xBB,0x92,0xCF,0xCF,0x00,    /* x */
+          0x5C,0x94,0x9A,0xA2,0xC6,0xD9,0x48,0x53,0xD0,0xE6,
+          0x60,0xBB,0xF8,0x54,0xB1,0xC9,0x50,0x5F,0xE9,0x5A,
+
+          0x16,0x07,0xe6,0x89,0x8f,0x39,0x0c,0x06,0xbc,0x1d,    /* y */
+          0x55,0x2b,0xad,0x22,0x6f,0x3b,0x6f,0xcf,0xe4,0x8b,
+          0x6e,0x81,0x84,0x99,0xaf,0x18,0xe3,0xed,0x6c,0xf3,
+
+          0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* order */
+          0xFF,0xFF,0x7F,0xFF,0xFF,0x97,0x5D,0xEB,0x41,0xB3,
+          0xA6,0x05,0x7C,0x3C,0x43,0x21,0x46,0x52,0x65,0x51 }
         };
 
-static const unsigned char _EC_X9_62_PRIME_256V1_SEED[] = {
-        0xC4,0x9D,0x36,0x08,0x86,0xE7,0x04,0x93,0x6A,0x66,
-        0x78,0xE1,0x13,0x9D,0x26,0xB7,0x81,0x9F,0x7E,0x90};
-static const EC_CURVE_DATA _EC_X9_62_PRIME_256V1 = {
-        NID_X9_62_prime_field,
-        "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF",
-        "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC",
-        "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B",
-        "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296",
-        "4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5",
-        "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551",1,
-        _EC_X9_62_PRIME_256V1_SEED, 20,
-        "X9.62/SECG curve over a 256 bit prime field"
+
+static const struct { EC_CURVE_DATA h; unsigned char data[20+32*6]; }
+        _EC_X9_62_PRIME_256V1 = {
+        { NID_X9_62_prime_field,20,32,1 },
+        { 0xC4,0x9D,0x36,0x08,0x86,0xE7,0x04,0x93,0x6A,0x66,    /* seed */
+          0x78,0xE1,0x13,0x9D,0x26,0xB7,0x81,0x9F,0x7E,0x90,
+
+          0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x01,0x00,0x00,    /* p */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+          0xFF,0xFF,
+          0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x01,0x00,0x00,    /* a */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+          0xFF,0xFC,
+          0x5A,0xC6,0x35,0xD8,0xAA,0x3A,0x93,0xE7,0xB3,0xEB,    /* b */
+          0xBD,0x55,0x76,0x98,0x86,0xBC,0x65,0x1D,0x06,0xB0,
+          0xCC,0x53,0xB0,0xF6,0x3B,0xCE,0x3C,0x3E,0x27,0xD2,
+          0x60,0x4B,
+          0x6B,0x17,0xD1,0xF2,0xE1,0x2C,0x42,0x47,0xF8,0xBC,    /* x */
+          0xE6,0xE5,0x63,0xA4,0x40,0xF2,0x77,0x03,0x7D,0x81,
+          0x2D,0xEB,0x33,0xA0,0xF4,0xA1,0x39,0x45,0xD8,0x98,
+          0xC2,0x96,
+          0x4f,0xe3,0x42,0xe2,0xfe,0x1a,0x7f,0x9b,0x8e,0xe7,    /* y */
+          0xeb,0x4a,0x7c,0x0f,0x9e,0x16,0x2b,0xce,0x33,0x57,
+          0x6b,0x31,0x5e,0xce,0xcb,0xb6,0x40,0x68,0x37,0xbf,
+          0x51,0xf5,
+          0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00,0xFF,0xFF,    /* order */
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xBC,0xE6,0xFA,0xAD,
+          0xA7,0x17,0x9E,0x84,0xF3,0xB9,0xCA,0xC2,0xFC,0x63,
+          0x25,0x51 }
         };
+
 /* the secg prime curves (minus the nist and x9.62 prime curves) */
-static const unsigned char _EC_SECG_PRIME_112R1_SEED[] = {
-        0x00,0xF5,0x0B,0x02,0x8E,0x4D,0x69,0x6E,0x67,0x68,
-        0x75,0x61,0x51,0x75,0x29,0x04,0x72,0x78,0x3F,0xB1};
-static const EC_CURVE_DATA _EC_SECG_PRIME_112R1 = {
-        NID_X9_62_prime_field,
-        "DB7C2ABF62E35E668076BEAD208B",
-        "DB7C2ABF62E35E668076BEAD2088",
-        "659EF8BA043916EEDE8911702B22",
-        "09487239995A5EE76B55F9C2F098",
-        "a89ce5af8724c0a23e0e0ff77500",
-        "DB7C2ABF62E35E7628DFAC6561C5",1,
-        _EC_SECG_PRIME_112R1_SEED, 20,
-        "SECG/WTLS curve over a 112 bit prime field"
+static const struct { EC_CURVE_DATA h; unsigned char data[20+14*6]; }
+        _EC_SECG_PRIME_112R1 = {
+        { NID_X9_62_prime_field,20,14,1 },
+        { 0x00,0xF5,0x0B,0x02,0x8E,0x4D,0x69,0x6E,0x67,0x68,    /* seed */
+          0x75,0x61,0x51,0x75,0x29,0x04,0x72,0x78,0x3F,0xB1,
+
+          0xDB,0x7C,0x2A,0xBF,0x62,0xE3,0x5E,0x66,0x80,0x76,    /* p */
+          0xBE,0xAD,0x20,0x8B,
+          0xDB,0x7C,0x2A,0xBF,0x62,0xE3,0x5E,0x66,0x80,0x76,    /* a */
+          0xBE,0xAD,0x20,0x88,
+          0x65,0x9E,0xF8,0xBA,0x04,0x39,0x16,0xEE,0xDE,0x89,    /* b */
+          0x11,0x70,0x2B,0x22,
+          0x09,0x48,0x72,0x39,0x99,0x5A,0x5E,0xE7,0x6B,0x55,    /* x */
+          0xF9,0xC2,0xF0,0x98,
+          0xa8,0x9c,0xe5,0xaf,0x87,0x24,0xc0,0xa2,0x3e,0x0e,    /* y */
+          0x0f,0xf7,0x75,0x00,
+          0xDB,0x7C,0x2A,0xBF,0x62,0xE3,0x5E,0x76,0x28,0xDF,    /* order */
+          0xAC,0x65,0x61,0xC5 }
         };
 
-static const unsigned char _EC_SECG_PRIME_112R2_SEED[] = {
-        0x00,0x27,0x57,0xA1,0x11,0x4D,0x69,0x6E,0x67,0x68,
-        0x75,0x61,0x51,0x75,0x53,0x16,0xC0,0x5E,0x0B,0xD4};
-static const EC_CURVE_DATA _EC_SECG_PRIME_112R2 = {
-        NID_X9_62_prime_field,
-        "DB7C2ABF62E35E668076BEAD208B",
-        "6127C24C05F38A0AAAF65C0EF02C",
-        "51DEF1815DB5ED74FCC34C85D709",
-        "4BA30AB5E892B4E1649DD0928643",
-        "adcd46f5882e3747def36e956e97",
-        "36DF0AAFD8B8D7597CA10520D04B",4, 
-        _EC_SECG_PRIME_112R2_SEED, 20,
-        "SECG curve over a 112 bit prime field"
+static const struct { EC_CURVE_DATA h; unsigned char data[20+14*6]; }
+        _EC_SECG_PRIME_112R2 = {
+        { NID_X9_62_prime_field,20,14,4 },
+        { 0x00,0x27,0x57,0xA1,0x11,0x4D,0x69,0x6E,0x67,0x68,    /* seed */
+          0x75,0x61,0x51,0x75,0x53,0x16,0xC0,0x5E,0x0B,0xD4,
+
+          0xDB,0x7C,0x2A,0xBF,0x62,0xE3,0x5E,0x66,0x80,0x76,    /* p */
+          0xBE,0xAD,0x20,0x8B,
+          0x61,0x27,0xC2,0x4C,0x05,0xF3,0x8A,0x0A,0xAA,0xF6,    /* a */
+          0x5C,0x0E,0xF0,0x2C,
+          0x51,0xDE,0xF1,0x81,0x5D,0xB5,0xED,0x74,0xFC,0xC3,    /* b */
+          0x4C,0x85,0xD7,0x09,
+          0x4B,0xA3,0x0A,0xB5,0xE8,0x92,0xB4,0xE1,0x64,0x9D,    /* x */
+          0xD0,0x92,0x86,0x43,
+          0xad,0xcd,0x46,0xf5,0x88,0x2e,0x37,0x47,0xde,0xf3,    /* y */
+          0x6e,0x95,0x6e,0x97,
+          0x36,0xDF,0x0A,0xAF,0xD8,0xB8,0xD7,0x59,0x7C,0xA1,    /* order */
+          0x05,0x20,0xD0,0x4B }
         };
 
-static const unsigned char _EC_SECG_PRIME_128R1_SEED[] = {
-        0x00,0x0E,0x0D,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61,
-        0x51,0x75,0x0C,0xC0,0x3A,0x44,0x73,0xD0,0x36,0x79};
-static const EC_CURVE_DATA _EC_SECG_PRIME_128R1 = {
-        NID_X9_62_prime_field,
-        "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF",
-        "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFC",
-        "E87579C11079F43DD824993C2CEE5ED3",
-        "161FF7528B899B2D0C28607CA52C5B86",
-        "cf5ac8395bafeb13c02da292dded7a83",
-        "FFFFFFFE0000000075A30D1B9038A115",1,
-        _EC_SECG_PRIME_128R1_SEED, 20,
-        "SECG curve over a 128 bit prime field"
+static const struct { EC_CURVE_DATA h; unsigned char data[20+16*6]; }
+        _EC_SECG_PRIME_128R1 = {
+        { NID_X9_62_prime_field,20,16,1 },
+        { 0x00,0x0E,0x0D,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61,    /* seed */
+          0x51,0x75,0x0C,0xC0,0x3A,0x44,0x73,0xD0,0x36,0x79,
+
+          0xFF,0xFF,0xFF,0xFD,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* p */
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+          0xFF,0xFF,0xFF,0xFD,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* a */
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFC,
+          0xE8,0x75,0x79,0xC1,0x10,0x79,0xF4,0x3D,0xD8,0x24,    /* b */
+          0x99,0x3C,0x2C,0xEE,0x5E,0xD3,
+          0x16,0x1F,0xF7,0x52,0x8B,0x89,0x9B,0x2D,0x0C,0x28,    /* x */
+          0x60,0x7C,0xA5,0x2C,0x5B,0x86,
+          0xcf,0x5a,0xc8,0x39,0x5b,0xaf,0xeb,0x13,0xc0,0x2d,    /* y */
+          0xa2,0x92,0xdd,0xed,0x7a,0x83,
+          0xFF,0xFF,0xFF,0xFE,0x00,0x00,0x00,0x00,0x75,0xA3,    /* order */
+          0x0D,0x1B,0x90,0x38,0xA1,0x15 }
         };
 
-static const unsigned char _EC_SECG_PRIME_128R2_SEED[] = {
-        0x00,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61,0x51,0x75,
-        0x12,0xD8,0xF0,0x34,0x31,0xFC,0xE6,0x3B,0x88,0xF4};
-static const EC_CURVE_DATA _EC_SECG_PRIME_128R2 = {
-        NID_X9_62_prime_field,
-        "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF",
-        "D6031998D1B3BBFEBF59CC9BBFF9AEE1",
-        "5EEEFCA380D02919DC2C6558BB6D8A5D",
-        "7B6AA5D85E572983E6FB32A7CDEBC140",
-        "27b6916a894d3aee7106fe805fc34b44",
-        "3FFFFFFF7FFFFFFFBE0024720613B5A3",4,
-        _EC_SECG_PRIME_128R2_SEED, 20,
-        "SECG curve over a 128 bit prime field"
+static const struct { EC_CURVE_DATA h; unsigned char data[20+16*6]; }
+        _EC_SECG_PRIME_128R2 = {
+        { NID_X9_62_prime_field,20,16,4 },
+        { 0x00,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61,0x51,0x75,    /* seed */
+          0x12,0xD8,0xF0,0x34,0x31,0xFC,0xE6,0x3B,0x88,0xF4,
+
+          0xFF,0xFF,0xFF,0xFD,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* p */
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+          0xD6,0x03,0x19,0x98,0xD1,0xB3,0xBB,0xFE,0xBF,0x59,    /* a */
+          0xCC,0x9B,0xBF,0xF9,0xAE,0xE1,
+          0x5E,0xEE,0xFC,0xA3,0x80,0xD0,0x29,0x19,0xDC,0x2C,    /* b */
+          0x65,0x58,0xBB,0x6D,0x8A,0x5D,
+          0x7B,0x6A,0xA5,0xD8,0x5E,0x57,0x29,0x83,0xE6,0xFB,    /* x */
+          0x32,0xA7,0xCD,0xEB,0xC1,0x40,
+          0x27,0xb6,0x91,0x6a,0x89,0x4d,0x3a,0xee,0x71,0x06,    /* y */
+          0xfe,0x80,0x5f,0xc3,0x4b,0x44,
+          0x3F,0xFF,0xFF,0xFF,0x7F,0xFF,0xFF,0xFF,0xBE,0x00,    /* order */
+          0x24,0x72,0x06,0x13,0xB5,0xA3 }
         };
 
-static const EC_CURVE_DATA _EC_SECG_PRIME_160K1 = {
-        NID_X9_62_prime_field,
-        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73",
-        "0",
-        "7",
-        "3B4C382CE37AA192A4019E763036F4F5DD4D7EBB",
-        "938cf935318fdced6bc28286531733c3f03c4fee",
-        "0100000000000000000001B8FA16DFAB9ACA16B6B3",1,
-        NULL, 0,
-        "SECG curve over a 160 bit prime field"
+static const struct { EC_CURVE_DATA h; unsigned char data[0+21*6]; }
+        _EC_SECG_PRIME_160K1 = {
+        { NID_X9_62_prime_field,0,21,1 },
+        {                                                       /* no seed */
+          0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* p */
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xAC,
+          0x73,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* a */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* b */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x07,
+          0x00,0x3B,0x4C,0x38,0x2C,0xE3,0x7A,0xA1,0x92,0xA4,    /* x */
+          0x01,0x9E,0x76,0x30,0x36,0xF4,0xF5,0xDD,0x4D,0x7E,
+          0xBB,
+          0x00,0x93,0x8c,0xf9,0x35,0x31,0x8f,0xdc,0xed,0x6b,    /* y */
+          0xc2,0x82,0x86,0x53,0x17,0x33,0xc3,0xf0,0x3c,0x4f,
+          0xee,
+          0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* order */
+          0x01,0xB8,0xFA,0x16,0xDF,0xAB,0x9A,0xCA,0x16,0xB6,
+          0xB3 }
         };
 
-static const unsigned char _EC_SECG_PRIME_160R1_SEED[] = {
-        0x10,0x53,0xCD,0xE4,0x2C,0x14,0xD6,0x96,0xE6,0x76,
-        0x87,0x56,0x15,0x17,0x53,0x3B,0xF3,0xF8,0x33,0x45};
-static const EC_CURVE_DATA _EC_SECG_PRIME_160R1 = {
-        NID_X9_62_prime_field,
-        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF",
-        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC",
-        "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45",
-        "4A96B5688EF573284664698968C38BB913CBFC82",
-        "23a628553168947d59dcc912042351377ac5fb32",
-        "0100000000000000000001F4C8F927AED3CA752257",1,
-        _EC_SECG_PRIME_160R1_SEED, 20,
-        "SECG curve over a 160 bit prime field"
+static const struct { EC_CURVE_DATA h; unsigned char data[20+21*6]; }
+        _EC_SECG_PRIME_160R1 = {
+        { NID_X9_62_prime_field,20,21,1 },
+        { 0x10,0x53,0xCD,0xE4,0x2C,0x14,0xD6,0x96,0xE6,0x76,    /* seed */
+          0x87,0x56,0x15,0x17,0x53,0x3B,0xF3,0xF8,0x33,0x45,
+
+          0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* p */
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0x7F,0xFF,0xFF,
+          0xFF,
+          0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* a */
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0x7F,0xFF,0xFF,
+          0xFC,
+          0x00,0x1C,0x97,0xBE,0xFC,0x54,0xBD,0x7A,0x8B,0x65,    /* b */
+          0xAC,0xF8,0x9F,0x81,0xD4,0xD4,0xAD,0xC5,0x65,0xFA,
+          0x45,
+          0x00,0x4A,0x96,0xB5,0x68,0x8E,0xF5,0x73,0x28,0x46,    /* x */
+          0x64,0x69,0x89,0x68,0xC3,0x8B,0xB9,0x13,0xCB,0xFC,
+          0x82,
+          0x00,0x23,0xa6,0x28,0x55,0x31,0x68,0x94,0x7d,0x59,    /* y */
+          0xdc,0xc9,0x12,0x04,0x23,0x51,0x37,0x7a,0xc5,0xfb,
+          0x32,
+          0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* order */
+          0x01,0xF4,0xC8,0xF9,0x27,0xAE,0xD3,0xCA,0x75,0x22,
+          0x57 }
         };
 
-static const unsigned char _EC_SECG_PRIME_160R2_SEED[] = {
-        0xB9,0x9B,0x99,0xB0,0x99,0xB3,0x23,0xE0,0x27,0x09,
-        0xA4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15,0x17,0x51};
-static const EC_CURVE_DATA _EC_SECG_PRIME_160R2 = {
-        NID_X9_62_prime_field,
-        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73",
-        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC70",
-        "B4E134D3FB59EB8BAB57274904664D5AF50388BA",
-        "52DCB034293A117E1F4FF11B30F7199D3144CE6D",
-        "feaffef2e331f296e071fa0df9982cfea7d43f2e",
-        "0100000000000000000000351EE786A818F3A1A16B",1,
-        _EC_SECG_PRIME_160R2_SEED, 20,
-        "SECG/WTLS curve over a 160 bit prime field"
+static const struct { EC_CURVE_DATA h; unsigned char data[20+21*6]; }
+        _EC_SECG_PRIME_160R2 = {
+        { NID_X9_62_prime_field,20,21,1 },
+        { 0xB9,0x9B,0x99,0xB0,0x99,0xB3,0x23,0xE0,0x27,0x09,    /* seed */
+          0xA4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15,0x17,0x51,
+
+          0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* p */
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xAC,
+          0x73,
+          0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* a */
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xAC,
+          0x70,
+          0x00,0xB4,0xE1,0x34,0xD3,0xFB,0x59,0xEB,0x8B,0xAB,    /* b */
+          0x57,0x27,0x49,0x04,0x66,0x4D,0x5A,0xF5,0x03,0x88,
+          0xBA,
+          0x00,0x52,0xDC,0xB0,0x34,0x29,0x3A,0x11,0x7E,0x1F,    /* x */
+          0x4F,0xF1,0x1B,0x30,0xF7,0x19,0x9D,0x31,0x44,0xCE,
+          0x6D,
+          0x00,0xfe,0xaf,0xfe,0xf2,0xe3,0x31,0xf2,0x96,0xe0,    /* y */
+          0x71,0xfa,0x0d,0xf9,0x98,0x2c,0xfe,0xa7,0xd4,0x3f,
+          0x2e,
+          0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* order */
+          0x00,0x35,0x1E,0xE7,0x86,0xA8,0x18,0xF3,0xA1,0xA1,
+          0x6B }
         };
 
-static const EC_CURVE_DATA _EC_SECG_PRIME_192K1 = {
-        NID_X9_62_prime_field,
-        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37",
-        "0",
-        "3",
-        "DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D",
-        "9b2f2f6d9c5628a7844163d015be86344082aa88d95e2f9d",
-        "FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D",1,
-        NULL, 20,
-        "SECG curve over a 192 bit prime field"
+static const struct { EC_CURVE_DATA h; unsigned char data[0+24*6]; }
+        _EC_SECG_PRIME_192K1 = {
+        { NID_X9_62_prime_field,0,24,1 },
+        {                                                       /* no seed */
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* p */
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,
+          0xFF,0xFF,0xEE,0x37,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* a */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* b */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x03,
+          0xDB,0x4F,0xF1,0x0E,0xC0,0x57,0xE9,0xAE,0x26,0xB0,    /* x */
+          0x7D,0x02,0x80,0xB7,0xF4,0x34,0x1D,0xA5,0xD1,0xB1,
+          0xEA,0xE0,0x6C,0x7D,
+          0x9b,0x2f,0x2f,0x6d,0x9c,0x56,0x28,0xa7,0x84,0x41,    /* y */
+          0x63,0xd0,0x15,0xbe,0x86,0x34,0x40,0x82,0xaa,0x88,
+          0xd9,0x5e,0x2f,0x9d,
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* order */
+          0xFF,0xFE,0x26,0xF2,0xFC,0x17,0x0F,0x69,0x46,0x6A,
+          0x74,0xDE,0xFD,0x8D }
         };
 
-static const EC_CURVE_DATA _EC_SECG_PRIME_224K1 = {
-        NID_X9_62_prime_field,
-        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D",
-        "0",
-        "5",
-        "A1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C",
-        "7e089fed7fba344282cafbd6f7e319f7c0b0bd59e2ca4bdb556d61a5",
-        "010000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7",1,
-        NULL, 20,
-        "SECG curve over a 224 bit prime field"
+static const struct { EC_CURVE_DATA h; unsigned char data[0+29*6]; }
+        _EC_SECG_PRIME_224K1 = {
+        { NID_X9_62_prime_field,0,29,1 },
+        {                                                       /* no seed */
+          0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* p */
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+          0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xE5,0x6D,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* a */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* b */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x05,
+          0x00,0xA1,0x45,0x5B,0x33,0x4D,0xF0,0x99,0xDF,0x30,    /* x */
+          0xFC,0x28,0xA1,0x69,0xA4,0x67,0xE9,0xE4,0x70,0x75,
+          0xA9,0x0F,0x7E,0x65,0x0E,0xB6,0xB7,0xA4,0x5C,
+          0x00,0x7e,0x08,0x9f,0xed,0x7f,0xba,0x34,0x42,0x82,    /* y */
+          0xca,0xfb,0xd6,0xf7,0xe3,0x19,0xf7,0xc0,0xb0,0xbd,
+          0x59,0xe2,0xca,0x4b,0xdb,0x55,0x6d,0x61,0xa5,
+          0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* order */
+          0x00,0x00,0x00,0x00,0x01,0xDC,0xE8,0xD2,0xEC,0x61,
+          0x84,0xCA,0xF0,0xA9,0x71,0x76,0x9F,0xB1,0xF7 }
         };
 
-static const EC_CURVE_DATA _EC_SECG_PRIME_256K1 = {
-        NID_X9_62_prime_field,
-        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F",
-        "0",
-        "7",
-        "79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798",
-        "483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8",
-        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141",1,
-        NULL, 20,
-        "SECG curve over a 256 bit prime field"
+static const struct { EC_CURVE_DATA h; unsigned char data[0+32*6]; }
+        _EC_SECG_PRIME_256K1 = {
+        { NID_X9_62_prime_field,0,32,1 },
+        {                                                       /* no seed */
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* p */
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,
+          0xFC,0x2F,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* a */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* b */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x07,
+          0x79,0xBE,0x66,0x7E,0xF9,0xDC,0xBB,0xAC,0x55,0xA0,    /* x */
+          0x62,0x95,0xCE,0x87,0x0B,0x07,0x02,0x9B,0xFC,0xDB,
+          0x2D,0xCE,0x28,0xD9,0x59,0xF2,0x81,0x5B,0x16,0xF8,
+          0x17,0x98,
+          0x48,0x3a,0xda,0x77,0x26,0xa3,0xc4,0x65,0x5d,0xa4,    /* y */
+          0xfb,0xfc,0x0e,0x11,0x08,0xa8,0xfd,0x17,0xb4,0x48,
+          0xa6,0x85,0x54,0x19,0x9c,0x47,0xd0,0x8f,0xfb,0x10,
+          0xd4,0xb8,
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* order */
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xBA,0xAE,0xDC,0xE6,
+          0xAF,0x48,0xA0,0x3B,0xBF,0xD2,0x5E,0x8C,0xD0,0x36,
+          0x41,0x41 }
         };
 
 /* some wap/wtls curves */
-static const EC_CURVE_DATA _EC_WTLS_8 = {
-        NID_X9_62_prime_field,
-        "FFFFFFFFFFFFFFFFFFFFFFFFFDE7",
-        "0",
-        "3",
-        "1",
-        "2",
-        "0100000000000001ECEA551AD837E9",1,
-        NULL, 20,
-        "WTLS curve over a 112 bit prime field"
+static const struct { EC_CURVE_DATA h; unsigned char data[0+15*6]; }
+        _EC_WTLS_8 = {
+        { NID_X9_62_prime_field,0,15,1 },
+        {                                                       /* no seed */
+          0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* p */
+          0xFF,0xFF,0xFF,0xFD,0xE7,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* a */
+          0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* b */
+          0x00,0x00,0x00,0x00,0x03,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* x */
+          0x00,0x00,0x00,0x00,0x01,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* y */
+          0x00,0x00,0x00,0x00,0x02,
+          0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0xEC,0xEA,    /* order */
+          0x55,0x1A,0xD8,0x37,0xE9 }
         };
 
-static const EC_CURVE_DATA _EC_WTLS_9 = {
-        NID_X9_62_prime_field,
-        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC808F",
-        "0",
-        "3",
-        "1",
-        "2",
-        "0100000000000000000001CDC98AE0E2DE574ABF33",1,
-        NULL, 20,
-        "WTLS curve over a 160 bit prime field"
+static const struct { EC_CURVE_DATA h; unsigned char data[0+21*6]; }
+        _EC_WTLS_9 = {
+        { NID_X9_62_prime_field,0,21,1 },
+        {                                                       /* no seed */
+          0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* p */
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFC,0x80,
+          0x8F,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* a */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* b */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x03,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* x */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x01,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* y */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x02,
+          0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* order */
+          0x01,0xCD,0xC9,0x8A,0xE0,0xE2,0xDE,0x57,0x4A,0xBF,
+          0x33 }
         };
 
-static const EC_CURVE_DATA _EC_WTLS_12 = {
-        NID_X9_62_prime_field,
-        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001",
-        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE",
-        "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4",
-        "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21",
-        "bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34",
-        "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D", 1,
-        NULL, 0,
-        "WTLS curvs over a 224 bit prime field"
+static const struct { EC_CURVE_DATA h; unsigned char data[0+28*6]; }
+        _EC_WTLS_12 = {
+        { NID_X9_62_prime_field,0,28,1 },
+        {                                                       /* no seed */
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* p */
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* a */
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFF,0xFF,
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,
+          0xB4,0x05,0x0A,0x85,0x0C,0x04,0xB3,0xAB,0xF5,0x41,    /* b */
+          0x32,0x56,0x50,0x44,0xB0,0xB7,0xD7,0xBF,0xD8,0xBA,
+          0x27,0x0B,0x39,0x43,0x23,0x55,0xFF,0xB4,
+          0xB7,0x0E,0x0C,0xBD,0x6B,0xB4,0xBF,0x7F,0x32,0x13,    /* x */
+          0x90,0xB9,0x4A,0x03,0xC1,0xD3,0x56,0xC2,0x11,0x22,
+          0x34,0x32,0x80,0xD6,0x11,0x5C,0x1D,0x21,
+          0xbd,0x37,0x63,0x88,0xb5,0xf7,0x23,0xfb,0x4c,0x22,    /* y */
+          0xdf,0xe6,0xcd,0x43,0x75,0xa0,0x5a,0x07,0x47,0x64,
+          0x44,0xd5,0x81,0x99,0x85,0x00,0x7e,0x34,
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* order */
+          0xFF,0xFF,0xFF,0xFF,0x16,0xA2,0xE0,0xB8,0xF0,0x3E,
+          0x13,0xDD,0x29,0x45,0x5C,0x5C,0x2A,0x3D }
         };
 
 /* characteristic two curves */
-static const unsigned char _EC_SECG_CHAR2_113R1_SEED[] = {
-        0x10,0xE7,0x23,0xAB,0x14,0xD6,0x96,0xE6,0x76,0x87,
-        0x56,0x15,0x17,0x56,0xFE,0xBF,0x8F,0xCB,0x49,0xA9};
-static const EC_CURVE_DATA _EC_SECG_CHAR2_113R1 = {
-        NID_X9_62_characteristic_two_field,
-        "020000000000000000000000000201",
-        "003088250CA6E7C7FE649CE85820F7",
-        "00E8BEE4D3E2260744188BE0E9C723",
-        "009D73616F35F4AB1407D73562C10F",
-        "00A52830277958EE84D1315ED31886",
-        "0100000000000000D9CCEC8A39E56F", 2,
-        _EC_SECG_CHAR2_113R1_SEED, 20,
-        "SECG curve over a 113 bit binary field"
+static const struct { EC_CURVE_DATA h; unsigned char data[20+15*6]; }
+        _EC_SECG_CHAR2_113R1 = {
+        { NID_X9_62_characteristic_two_field,20,15,2 },
+        { 0x10,0xE7,0x23,0xAB,0x14,0xD6,0x96,0xE6,0x76,0x87,    /* seed */
+          0x56,0x15,0x17,0x56,0xFE,0xBF,0x8F,0xCB,0x49,0xA9,
+
+          0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
+          0x00,0x00,0x00,0x02,0x01,
+          0x00,0x30,0x88,0x25,0x0C,0xA6,0xE7,0xC7,0xFE,0x64,    /* a */
+          0x9C,0xE8,0x58,0x20,0xF7,
+          0x00,0xE8,0xBE,0xE4,0xD3,0xE2,0x26,0x07,0x44,0x18,    /* b */
+          0x8B,0xE0,0xE9,0xC7,0x23,
+          0x00,0x9D,0x73,0x61,0x6F,0x35,0xF4,0xAB,0x14,0x07,    /* x */
+          0xD7,0x35,0x62,0xC1,0x0F,
+          0x00,0xA5,0x28,0x30,0x27,0x79,0x58,0xEE,0x84,0xD1,    /* y */
+          0x31,0x5E,0xD3,0x18,0x86,
+          0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xD9,0xCC,    /* order */
+          0xEC,0x8A,0x39,0xE5,0x6F }
         };
 
-static const unsigned char _EC_SECG_CHAR2_113R2_SEED[] = {
-        0x10,0xC0,0xFB,0x15,0x76,0x08,0x60,0xDE,0xF1,0xEE,
-        0xF4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15,0x17,0x5D};
-static const EC_CURVE_DATA _EC_SECG_CHAR2_113R2 = {
-        NID_X9_62_characteristic_two_field,
-        "020000000000000000000000000201",
-        "00689918DBEC7E5A0DD6DFC0AA55C7",
-        "0095E9A9EC9B297BD4BF36E059184F",
-        "01A57A6A7B26CA5EF52FCDB8164797",
-        "00B3ADC94ED1FE674C06E695BABA1D",
-        "010000000000000108789B2496AF93", 2,
-        _EC_SECG_CHAR2_113R2_SEED, 20,
-        "SECG curve over a 113 bit binary field"
+static const struct { EC_CURVE_DATA h; unsigned char data[20+15*6]; }
+        _EC_SECG_CHAR2_113R2 = {
+        { NID_X9_62_characteristic_two_field,20,15,2 },
+        { 0x10,0xC0,0xFB,0x15,0x76,0x08,0x60,0xDE,0xF1,0xEE,    /* seed */
+          0xF4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15,0x17,0x5D,
+
+          0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
+          0x00,0x00,0x00,0x02,0x01,
+          0x00,0x68,0x99,0x18,0xDB,0xEC,0x7E,0x5A,0x0D,0xD6,    /* a */
+          0xDF,0xC0,0xAA,0x55,0xC7,
+          0x00,0x95,0xE9,0xA9,0xEC,0x9B,0x29,0x7B,0xD4,0xBF,    /* b */
+          0x36,0xE0,0x59,0x18,0x4F,
+          0x01,0xA5,0x7A,0x6A,0x7B,0x26,0xCA,0x5E,0xF5,0x2F,    /* x */
+          0xCD,0xB8,0x16,0x47,0x97,
+          0x00,0xB3,0xAD,0xC9,0x4E,0xD1,0xFE,0x67,0x4C,0x06,    /* y */
+          0xE6,0x95,0xBA,0xBA,0x1D,
+          0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x08,0x78,    /* order */
+          0x9B,0x24,0x96,0xAF,0x93 }
         };
 
-static const unsigned char _EC_SECG_CHAR2_131R1_SEED[] = {
-        0x4D,0x69,0x6E,0x67,0x68,0x75,0x61,0x51,0x75,0x98,
-        0x5B,0xD3,0xAD,0xBA,0xDA,0x21,0xB4,0x3A,0x97,0xE2};
-static const EC_CURVE_DATA _EC_SECG_CHAR2_131R1 = {
-        NID_X9_62_characteristic_two_field,
-        "080000000000000000000000000000010D",
-        "07A11B09A76B562144418FF3FF8C2570B8",
-        "0217C05610884B63B9C6C7291678F9D341",
-        "0081BAF91FDF9833C40F9C181343638399",
-        "078C6E7EA38C001F73C8134B1B4EF9E150",
-        "0400000000000000023123953A9464B54D", 2,
-        _EC_SECG_CHAR2_131R1_SEED, 20,
-        "SECG/WTLS curve over a 131 bit binary field"
+static const struct { EC_CURVE_DATA h; unsigned char data[20+17*6]; }
+        _EC_SECG_CHAR2_131R1 = {
+        { NID_X9_62_characteristic_two_field,20,17,2 },
+        { 0x4D,0x69,0x6E,0x67,0x68,0x75,0x61,0x51,0x75,0x98,    /* seed */
+          0x5B,0xD3,0xAD,0xBA,0xDA,0x21,0xB4,0x3A,0x97,0xE2,
+
+          0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
+          0x00,0x00,0x00,0x00,0x00,0x01,0x0D,
+          0x07,0xA1,0x1B,0x09,0xA7,0x6B,0x56,0x21,0x44,0x41,    /* a */
+          0x8F,0xF3,0xFF,0x8C,0x25,0x70,0xB8,
+          0x02,0x17,0xC0,0x56,0x10,0x88,0x4B,0x63,0xB9,0xC6,    /* b */
+          0xC7,0x29,0x16,0x78,0xF9,0xD3,0x41,
+          0x00,0x81,0xBA,0xF9,0x1F,0xDF,0x98,0x33,0xC4,0x0F,    /* x */
+          0x9C,0x18,0x13,0x43,0x63,0x83,0x99,
+          0x07,0x8C,0x6E,0x7E,0xA3,0x8C,0x00,0x1F,0x73,0xC8,    /* y */
+          0x13,0x4B,0x1B,0x4E,0xF9,0xE1,0x50,
+          0x04,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x02,0x31,    /* order */
+          0x23,0x95,0x3A,0x94,0x64,0xB5,0x4D }
         };
 
-static const unsigned char _EC_SECG_CHAR2_131R2_SEED[] = {
-        0x98,0x5B,0xD3,0xAD,0xBA,0xD4,0xD6,0x96,0xE6,0x76,
-        0x87,0x56,0x15,0x17,0x5A,0x21,0xB4,0x3A,0x97,0xE3};
-static const EC_CURVE_DATA _EC_SECG_CHAR2_131R2 = {
-        NID_X9_62_characteristic_two_field,
-        "080000000000000000000000000000010D",
-        "03E5A88919D7CAFCBF415F07C2176573B2",
-        "04B8266A46C55657AC734CE38F018F2192",
-        "0356DCD8F2F95031AD652D23951BB366A8",
-        "0648F06D867940A5366D9E265DE9EB240F",
-        "0400000000000000016954A233049BA98F", 2,
-        _EC_SECG_CHAR2_131R2_SEED, 20,
-        "SECG curve over a 131 bit binary field"
+static const struct { EC_CURVE_DATA h; unsigned char data[20+17*6]; }
+        _EC_SECG_CHAR2_131R2 = {
+        { NID_X9_62_characteristic_two_field,20,17,2 },
+        { 0x98,0x5B,0xD3,0xAD,0xBA,0xD4,0xD6,0x96,0xE6,0x76,    /* seed */
+          0x87,0x56,0x15,0x17,0x5A,0x21,0xB4,0x3A,0x97,0xE3,
+
+          0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
+          0x00,0x00,0x00,0x00,0x00,0x01,0x0D,
+          0x03,0xE5,0xA8,0x89,0x19,0xD7,0xCA,0xFC,0xBF,0x41,    /* a */
+          0x5F,0x07,0xC2,0x17,0x65,0x73,0xB2,
+          0x04,0xB8,0x26,0x6A,0x46,0xC5,0x56,0x57,0xAC,0x73,    /* b */
+          0x4C,0xE3,0x8F,0x01,0x8F,0x21,0x92,
+          0x03,0x56,0xDC,0xD8,0xF2,0xF9,0x50,0x31,0xAD,0x65,    /* x */
+          0x2D,0x23,0x95,0x1B,0xB3,0x66,0xA8,
+          0x06,0x48,0xF0,0x6D,0x86,0x79,0x40,0xA5,0x36,0x6D,    /* y */
+          0x9E,0x26,0x5D,0xE9,0xEB,0x24,0x0F,
+          0x04,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x69,    /* order */
+          0x54,0xA2,0x33,0x04,0x9B,0xA9,0x8F }
         };
 
-static const EC_CURVE_DATA _EC_NIST_CHAR2_163K = {
-        NID_X9_62_characteristic_two_field,
-        "0800000000000000000000000000000000000000C9",
-        "1",
-        "1",
-        "02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8",
-        "0289070FB05D38FF58321F2E800536D538CCDAA3D9",
-        "04000000000000000000020108A2E0CC0D99F8A5EF", 2,
-        NULL, 0,
-        "NIST/SECG/WTLS curve over a 163 bit binary field"
+static const struct { EC_CURVE_DATA h; unsigned char data[0+21*6]; }
+        _EC_NIST_CHAR2_163K = {
+        { NID_X9_62_characteristic_two_field,0,21,2 },
+        {                                                       /* no seed */
+          0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0xC9,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* a */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x01,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* b */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x01,
+          0x02,0xFE,0x13,0xC0,0x53,0x7B,0xBC,0x11,0xAC,0xAA,    /* x */
+          0x07,0xD7,0x93,0xDE,0x4E,0x6D,0x5E,0x5C,0x94,0xEE,
+          0xE8,
+          0x02,0x89,0x07,0x0F,0xB0,0x5D,0x38,0xFF,0x58,0x32,    /* y */
+          0x1F,0x2E,0x80,0x05,0x36,0xD5,0x38,0xCC,0xDA,0xA3,
+          0xD9,
+          0x04,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* order */
+          0x02,0x01,0x08,0xA2,0xE0,0xCC,0x0D,0x99,0xF8,0xA5,
+          0xEF }
         };
 
-static const unsigned char _EC_SECG_CHAR2_163R1_SEED[] = {
-        0x24,0xB7,0xB1,0x37,0xC8,0xA1,0x4D,0x69,0x6E,0x67,
-        0x68,0x75,0x61,0x51,0x75,0x6F,0xD0,0xDA,0x2E,0x5C};
-static const EC_CURVE_DATA _EC_SECG_CHAR2_163R1 = {
-        NID_X9_62_characteristic_two_field,
-        "0800000000000000000000000000000000000000C9",
-        "07B6882CAAEFA84F9554FF8428BD88E246D2782AE2",
-        "0713612DCDDCB40AAB946BDA29CA91F73AF958AFD9",
-        "0369979697AB43897789566789567F787A7876A654",
-        "00435EDB42EFAFB2989D51FEFCE3C80988F41FF883",
-        "03FFFFFFFFFFFFFFFFFFFF48AAB689C29CA710279B", 2,
+static const struct { EC_CURVE_DATA h; unsigned char data[0+21*6]; }
+        _EC_SECG_CHAR2_163R1 = {
+        { NID_X9_62_characteristic_two_field,0,21,2 },
+        {                                                       /* no seed */
+#if 0
 /* The algorithm used to derive the curve parameters from
  * the seed used here is slightly different than the
- * algorithm described in X9.62 .
- */
-#if 0
-        _EC_SECG_CHAR2_163R1_SEED, 20,
-#else
-        NULL, 0,
+ * algorithm described in X9.62 . */
+          0x24,0xB7,0xB1,0x37,0xC8,0xA1,0x4D,0x69,0x6E,0x67,
+          0x68,0x75,0x61,0x51,0x75,0x6F,0xD0,0xDA,0x2E,0x5C,
 #endif
-        "SECG curve over a 163 bit binary field"
+          0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0xC9,
+          0x07,0xB6,0x88,0x2C,0xAA,0xEF,0xA8,0x4F,0x95,0x54,    /* a */
+          0xFF,0x84,0x28,0xBD,0x88,0xE2,0x46,0xD2,0x78,0x2A,
+          0xE2,
+          0x07,0x13,0x61,0x2D,0xCD,0xDC,0xB4,0x0A,0xAB,0x94,    /* b */
+          0x6B,0xDA,0x29,0xCA,0x91,0xF7,0x3A,0xF9,0x58,0xAF,
+          0xD9,
+          0x03,0x69,0x97,0x96,0x97,0xAB,0x43,0x89,0x77,0x89,    /* x */
+          0x56,0x67,0x89,0x56,0x7F,0x78,0x7A,0x78,0x76,0xA6,
+          0x54,
+          0x00,0x43,0x5E,0xDB,0x42,0xEF,0xAF,0xB2,0x98,0x9D,    /* y */
+          0x51,0xFE,0xFC,0xE3,0xC8,0x09,0x88,0xF4,0x1F,0xF8,
+          0x83,
+          0x03,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* order */
+          0xFF,0x48,0xAA,0xB6,0x89,0xC2,0x9C,0xA7,0x10,0x27,
+          0x9B }
         };
 
-static const unsigned char _EC_NIST_CHAR2_163B_SEED[] = {
-        0x85,0xE2,0x5B,0xFE,0x5C,0x86,0x22,0x6C,0xDB,0x12,
-        0x01,0x6F,0x75,0x53,0xF9,0xD0,0xE6,0x93,0xA2,0x68};
-static const EC_CURVE_DATA _EC_NIST_CHAR2_163B ={
-        NID_X9_62_characteristic_two_field,
-        "0800000000000000000000000000000000000000C9",
-        "1",
-        "020A601907B8C953CA1481EB10512F78744A3205FD",
-        "03F0EBA16286A2D57EA0991168D4994637E8343E36",
-        "00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1",
-        "040000000000000000000292FE77E70C12A4234C33", 2,
-/* The seed here was used to created the curve parameters in normal
- * basis representation (and not the polynomial representation used here) 
- */
+static const struct { EC_CURVE_DATA h; unsigned char data[0+21*6]; }
+        _EC_NIST_CHAR2_163B = {
+        { NID_X9_62_characteristic_two_field,0,21,2 },
+        {                                                       /* no seed */
 #if 0
-        _EC_NIST_CHAR2_163B_SEED, 20,
-#else
-        NULL, 0,
+/* The seed here was used to created the curve parameters in normal
+ * basis representation (and not the polynomial representation used here) */
+          0x85,0xE2,0x5B,0xFE,0x5C,0x86,0x22,0x6C,0xDB,0x12,
+          0x01,0x6F,0x75,0x53,0xF9,0xD0,0xE6,0x93,0xA2,0x68,
 #endif
-        "NIST/SECG curve over a 163 bit binary field"
+          0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0xC9,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* a */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x01,
+          0x02,0x0A,0x60,0x19,0x07,0xB8,0xC9,0x53,0xCA,0x14,    /* b */
+          0x81,0xEB,0x10,0x51,0x2F,0x78,0x74,0x4A,0x32,0x05,
+          0xFD,
+          0x03,0xF0,0xEB,0xA1,0x62,0x86,0xA2,0xD5,0x7E,0xA0,    /* x */
+          0x99,0x11,0x68,0xD4,0x99,0x46,0x37,0xE8,0x34,0x3E,
+          0x36,
+          0x00,0xD5,0x1F,0xBC,0x6C,0x71,0xA0,0x09,0x4F,0xA2,    /* y */
+          0xCD,0xD5,0x45,0xB1,0x1C,0x5C,0x0C,0x79,0x73,0x24,
+          0xF1,
+          0x04,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* order */
+          0x02,0x92,0xFE,0x77,0xE7,0x0C,0x12,0xA4,0x23,0x4C,
+          0x33 }
         };
 
-static const unsigned char _EC_SECG_CHAR2_193R1_SEED[] = {
-        0x10,0x3F,0xAE,0xC7,0x4D,0x69,0x6E,0x67,0x68,0x75,
-        0x61,0x51,0x75,0x77,0x7F,0xC5,0xB1,0x91,0xEF,0x30};
-static const EC_CURVE_DATA _EC_SECG_CHAR2_193R1 = {
-        NID_X9_62_characteristic_two_field,
-        "02000000000000000000000000000000000000000000008001",
-        "0017858FEB7A98975169E171F77B4087DE098AC8A911DF7B01",
-        "00FDFB49BFE6C3A89FACADAA7A1E5BBC7CC1C2E5D831478814",
-        "01F481BC5F0FF84A74AD6CDF6FDEF4BF6179625372D8C0C5E1",
-        "0025E399F2903712CCF3EA9E3A1AD17FB0B3201B6AF7CE1B05",
-        "01000000000000000000000000C7F34A778F443ACC920EBA49", 2,
-        _EC_SECG_CHAR2_193R1_SEED, 20,
-        "SECG curve over a 193 bit binary field"
+static const struct { EC_CURVE_DATA h; unsigned char data[20+25*6]; }
+        _EC_SECG_CHAR2_193R1 = {
+        { NID_X9_62_characteristic_two_field,20,25,2 },
+        { 0x10,0x3F,0xAE,0xC7,0x4D,0x69,0x6E,0x67,0x68,0x75,    /* seed */
+          0x61,0x51,0x75,0x77,0x7F,0xC5,0xB1,0x91,0xEF,0x30,
+
+          0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x80,0x01,
+          0x00,0x17,0x85,0x8F,0xEB,0x7A,0x98,0x97,0x51,0x69,    /* a */
+          0xE1,0x71,0xF7,0x7B,0x40,0x87,0xDE,0x09,0x8A,0xC8,
+          0xA9,0x11,0xDF,0x7B,0x01,
+          0x00,0xFD,0xFB,0x49,0xBF,0xE6,0xC3,0xA8,0x9F,0xAC,    /* b */
+          0xAD,0xAA,0x7A,0x1E,0x5B,0xBC,0x7C,0xC1,0xC2,0xE5,
+          0xD8,0x31,0x47,0x88,0x14,
+          0x01,0xF4,0x81,0xBC,0x5F,0x0F,0xF8,0x4A,0x74,0xAD,    /* x */
+          0x6C,0xDF,0x6F,0xDE,0xF4,0xBF,0x61,0x79,0x62,0x53,
+          0x72,0xD8,0xC0,0xC5,0xE1,
+          0x00,0x25,0xE3,0x99,0xF2,0x90,0x37,0x12,0xCC,0xF3,    /* y */
+          0xEA,0x9E,0x3A,0x1A,0xD1,0x7F,0xB0,0xB3,0x20,0x1B,
+          0x6A,0xF7,0xCE,0x1B,0x05,
+          0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* order */
+          0x00,0x00,0x00,0xC7,0xF3,0x4A,0x77,0x8F,0x44,0x3A,
+          0xCC,0x92,0x0E,0xBA,0x49 }
         };
 
-static const unsigned char _EC_SECG_CHAR2_193R2_SEED[] = {
-        0x10,0xB7,0xB4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15,
-        0x17,0x51,0x37,0xC8,0xA1,0x6F,0xD0,0xDA,0x22,0x11};
-static const EC_CURVE_DATA _EC_SECG_CHAR2_193R2 = {
-        NID_X9_62_characteristic_two_field,
-        "02000000000000000000000000000000000000000000008001",
-        "0163F35A5137C2CE3EA6ED8667190B0BC43ECD69977702709B",
-        "00C9BB9E8927D4D64C377E2AB2856A5B16E3EFB7F61D4316AE",
-        "00D9B67D192E0367C803F39E1A7E82CA14A651350AAE617E8F",
-        "01CE94335607C304AC29E7DEFBD9CA01F596F927224CDECF6C",
-        "010000000000000000000000015AAB561B005413CCD4EE99D5", 2,
-        _EC_SECG_CHAR2_193R2_SEED, 20,
-        "SECG curve over a 193 bit binary field"
+static const struct { EC_CURVE_DATA h; unsigned char data[20+25*6]; }
+        _EC_SECG_CHAR2_193R2 = {
+        { NID_X9_62_characteristic_two_field,20,25,2 },
+        { 0x10,0xB7,0xB4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15,    /* seed */
+          0x17,0x51,0x37,0xC8,0xA1,0x6F,0xD0,0xDA,0x22,0x11,
+
+          0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x80,0x01,
+          0x01,0x63,0xF3,0x5A,0x51,0x37,0xC2,0xCE,0x3E,0xA6,    /* a */
+          0xED,0x86,0x67,0x19,0x0B,0x0B,0xC4,0x3E,0xCD,0x69,
+          0x97,0x77,0x02,0x70,0x9B,
+          0x00,0xC9,0xBB,0x9E,0x89,0x27,0xD4,0xD6,0x4C,0x37,    /* b */
+          0x7E,0x2A,0xB2,0x85,0x6A,0x5B,0x16,0xE3,0xEF,0xB7,
+          0xF6,0x1D,0x43,0x16,0xAE,
+          0x00,0xD9,0xB6,0x7D,0x19,0x2E,0x03,0x67,0xC8,0x03,    /* x */
+          0xF3,0x9E,0x1A,0x7E,0x82,0xCA,0x14,0xA6,0x51,0x35,
+          0x0A,0xAE,0x61,0x7E,0x8F,
+          0x01,0xCE,0x94,0x33,0x56,0x07,0xC3,0x04,0xAC,0x29,    /* y */
+          0xE7,0xDE,0xFB,0xD9,0xCA,0x01,0xF5,0x96,0xF9,0x27,
+          0x22,0x4C,0xDE,0xCF,0x6C,
+          0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* order */
+          0x00,0x00,0x01,0x5A,0xAB,0x56,0x1B,0x00,0x54,0x13,
+          0xCC,0xD4,0xEE,0x99,0xD5 }
         };
 
-static const EC_CURVE_DATA _EC_NIST_CHAR2_233K = {
-        NID_X9_62_characteristic_two_field,
-        "020000000000000000000000000000000000000004000000000000000001",
-        "0",
-        "1",
-        "017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126",
-        "01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3",
-        "008000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF", 4,
-        NULL, 0,
-        "NIST/SECG/WTLS curve over a 233 bit binary field"
+static const struct { EC_CURVE_DATA h; unsigned char data[0+30*6]; }
+        _EC_NIST_CHAR2_233K = {
+        { NID_X9_62_characteristic_two_field,0,30,4 },
+        {                                                       /* no seed */
+          0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x04,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,
+
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* a */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* b */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,
+
+          0x01,0x72,0x32,0xBA,0x85,0x3A,0x7E,0x73,0x1A,0xF1,    /* x */
+          0x29,0xF2,0x2F,0xF4,0x14,0x95,0x63,0xA4,0x19,0xC2,
+          0x6B,0xF5,0x0A,0x4C,0x9D,0x6E,0xEF,0xAD,0x61,0x26,
+
+          0x01,0xDB,0x53,0x7D,0xEC,0xE8,0x19,0xB7,0xF7,0x0F,    /* y */
+          0x55,0x5A,0x67,0xC4,0x27,0xA8,0xCD,0x9B,0xF1,0x8A,
+          0xEB,0x9B,0x56,0xE0,0xC1,0x10,0x56,0xFA,0xE6,0xA3,
+
+          0x00,0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* order */
+          0x00,0x00,0x00,0x00,0x00,0x06,0x9D,0x5B,0xB9,0x15,
+          0xBC,0xD4,0x6E,0xFB,0x1A,0xD5,0xF1,0x73,0xAB,0xDF }
         };
 
-static const unsigned char _EC_NIST_CHAR2_233B_SEED[] = {
-        0x74,0xD5,0x9F,0xF0,0x7F,0x6B,0x41,0x3D,0x0E,0xA1,
-        0x4B,0x34,0x4B,0x20,0xA2,0xDB,0x04,0x9B,0x50,0xC3};
-static const EC_CURVE_DATA _EC_NIST_CHAR2_233B = {
-        NID_X9_62_characteristic_two_field,
-        "020000000000000000000000000000000000000004000000000000000001",
-        "000000000000000000000000000000000000000000000000000000000001",
-        "0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD",
-        "00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B",
-        "01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052",
-        "01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7", 2,
-        _EC_NIST_CHAR2_233B_SEED, 20,
-        "NIST/SECG/WTLS curve over a 233 bit binary field"
+static const struct { EC_CURVE_DATA h; unsigned char data[20+30*6]; }
+        _EC_NIST_CHAR2_233B = {
+        { NID_X9_62_characteristic_two_field,20,30,2 },
+        { 0x74,0xD5,0x9F,0xF0,0x7F,0x6B,0x41,0x3D,0x0E,0xA1,    /* seed */
+          0x4B,0x34,0x4B,0x20,0xA2,0xDB,0x04,0x9B,0x50,0xC3,
+
+          0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x04,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,
+
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* a */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,
+
+          0x00,0x66,0x64,0x7E,0xDE,0x6C,0x33,0x2C,0x7F,0x8C,    /* b */
+          0x09,0x23,0xBB,0x58,0x21,0x3B,0x33,0x3B,0x20,0xE9,
+          0xCE,0x42,0x81,0xFE,0x11,0x5F,0x7D,0x8F,0x90,0xAD,
+
+          0x00,0xFA,0xC9,0xDF,0xCB,0xAC,0x83,0x13,0xBB,0x21,    /* x */
+          0x39,0xF1,0xBB,0x75,0x5F,0xEF,0x65,0xBC,0x39,0x1F,
+          0x8B,0x36,0xF8,0xF8,0xEB,0x73,0x71,0xFD,0x55,0x8B,
+
+          0x01,0x00,0x6A,0x08,0xA4,0x19,0x03,0x35,0x06,0x78,    /* y */
+          0xE5,0x85,0x28,0xBE,0xBF,0x8A,0x0B,0xEF,0xF8,0x67,
+          0xA7,0xCA,0x36,0x71,0x6F,0x7E,0x01,0xF8,0x10,0x52,
+
+          0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* order */
+          0x00,0x00,0x00,0x00,0x00,0x13,0xE9,0x74,0xE7,0x2F,
+          0x8A,0x69,0x22,0x03,0x1D,0x26,0x03,0xCF,0xE0,0xD7 }
         };
 
-static const EC_CURVE_DATA _EC_SECG_CHAR2_239K1 = {
-        NID_X9_62_characteristic_two_field,
-        "800000000000000000004000000000000000000000000000000000000001",
-        "0",
-        "1",
-        "29A0B6A887A983E9730988A68727A8B2D126C44CC2CC7B2A6555193035DC",
-        "76310804F12E549BDB011C103089E73510ACB275FC312A5DC6B76553F0CA",
-        "2000000000000000000000000000005A79FEC67CB6E91F1C1DA800E478A5", 4,
-        NULL, 0,
-        "SECG curve over a 239 bit binary field"
+static const struct { EC_CURVE_DATA h; unsigned char data[0+30*6]; }
+        _EC_SECG_CHAR2_239K1 = {
+        { NID_X9_62_characteristic_two_field,0,30,4 },
+        {                                                       /* no seed */
+          0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x40,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,
+
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* a */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* b */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,
+
+          0x29,0xA0,0xB6,0xA8,0x87,0xA9,0x83,0xE9,0x73,0x09,    /* x */
+          0x88,0xA6,0x87,0x27,0xA8,0xB2,0xD1,0x26,0xC4,0x4C,
+          0xC2,0xCC,0x7B,0x2A,0x65,0x55,0x19,0x30,0x35,0xDC,
+
+          0x76,0x31,0x08,0x04,0xF1,0x2E,0x54,0x9B,0xDB,0x01,    /* y */
+          0x1C,0x10,0x30,0x89,0xE7,0x35,0x10,0xAC,0xB2,0x75,
+          0xFC,0x31,0x2A,0x5D,0xC6,0xB7,0x65,0x53,0xF0,0xCA,
+
+          0x20,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* order */
+          0x00,0x00,0x00,0x00,0x00,0x5A,0x79,0xFE,0xC6,0x7C,
+          0xB6,0xE9,0x1F,0x1C,0x1D,0xA8,0x00,0xE4,0x78,0xA5 }
         };
 
-static const EC_CURVE_DATA _EC_NIST_CHAR2_283K = {
-        NID_X9_62_characteristic_two_field,
-        "080000000000000000000000000000000000000000000000000000000000000000001"
-        "0A1",
-        "0",
-        "1",
-        "0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492"
-        "836",
-        "01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2"
-        "259",
-        "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163"
-        "C61", 4,
-        NULL, 20,
-        "NIST/SECG curve over a 283 bit binary field"
+static const struct { EC_CURVE_DATA h; unsigned char data[0+36*6]; }
+        _EC_NIST_CHAR2_283K = {
+        { NID_X9_62_characteristic_two_field,0,36,4 },
+        {                                                       /* no seed */
+          0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x10,0xA1,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* a */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* b */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x01,
+          0x05,0x03,0x21,0x3F,0x78,0xCA,0x44,0x88,0x3F,0x1A,    /* x */
+          0x3B,0x81,0x62,0xF1,0x88,0xE5,0x53,0xCD,0x26,0x5F,
+          0x23,0xC1,0x56,0x7A,0x16,0x87,0x69,0x13,0xB0,0xC2,
+          0xAC,0x24,0x58,0x49,0x28,0x36,
+          0x01,0xCC,0xDA,0x38,0x0F,0x1C,0x9E,0x31,0x8D,0x90,    /* y */
+          0xF9,0x5D,0x07,0xE5,0x42,0x6F,0xE8,0x7E,0x45,0xC0,
+          0xE8,0x18,0x46,0x98,0xE4,0x59,0x62,0x36,0x4E,0x34,
+          0x11,0x61,0x77,0xDD,0x22,0x59,
+          0x01,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* order */
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xE9,0xAE,
+          0x2E,0xD0,0x75,0x77,0x26,0x5D,0xFF,0x7F,0x94,0x45,
+          0x1E,0x06,0x1E,0x16,0x3C,0x61 }
         };
 
-static const unsigned char _EC_NIST_CHAR2_283B_SEED[] = {
-        0x77,0xE2,0xB0,0x73,0x70,0xEB,0x0F,0x83,0x2A,0x6D,
-        0xD5,0xB6,0x2D,0xFC,0x88,0xCD,0x06,0xBB,0x84,0xBE};
-static const EC_CURVE_DATA _EC_NIST_CHAR2_283B = {
-        NID_X9_62_characteristic_two_field,
-        "080000000000000000000000000000000000000000000000000000000000000000001"
-        "0A1",
-        "000000000000000000000000000000000000000000000000000000000000000000000"
-        "001",
-        "027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A"
-        "2F5",
-        "05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12"
-        "053",
-        "03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE811"
-        "2F4",
-        "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB"
-        "307", 2,
-        _EC_NIST_CHAR2_283B_SEED, 20,
-        "NIST/SECG curve over a 283 bit binary field"
+static const struct { EC_CURVE_DATA h; unsigned char data[20+36*6]; }
+        _EC_NIST_CHAR2_283B = {
+        { NID_X9_62_characteristic_two_field,20,36,2 },
+        { 0x77,0xE2,0xB0,0x73,0x70,0xEB,0x0F,0x83,0x2A,0x6D,    /* no seed */
+          0xD5,0xB6,0x2D,0xFC,0x88,0xCD,0x06,0xBB,0x84,0xBE,
+
+          0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x10,0xA1,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* a */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x01,
+          0x02,0x7B,0x68,0x0A,0xC8,0xB8,0x59,0x6D,0xA5,0xA4,    /* b */
+          0xAF,0x8A,0x19,0xA0,0x30,0x3F,0xCA,0x97,0xFD,0x76,
+          0x45,0x30,0x9F,0xA2,0xA5,0x81,0x48,0x5A,0xF6,0x26,
+          0x3E,0x31,0x3B,0x79,0xA2,0xF5,
+          0x05,0xF9,0x39,0x25,0x8D,0xB7,0xDD,0x90,0xE1,0x93,    /* x */
+          0x4F,0x8C,0x70,0xB0,0xDF,0xEC,0x2E,0xED,0x25,0xB8,
+          0x55,0x7E,0xAC,0x9C,0x80,0xE2,0xE1,0x98,0xF8,0xCD,
+          0xBE,0xCD,0x86,0xB1,0x20,0x53,
+          0x03,0x67,0x68,0x54,0xFE,0x24,0x14,0x1C,0xB9,0x8F,    /* y */
+          0xE6,0xD4,0xB2,0x0D,0x02,0xB4,0x51,0x6F,0xF7,0x02,
+          0x35,0x0E,0xDD,0xB0,0x82,0x67,0x79,0xC8,0x13,0xF0,
+          0xDF,0x45,0xBE,0x81,0x12,0xF4,
+          0x03,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* order */
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xEF,0x90,
+          0x39,0x96,0x60,0xFC,0x93,0x8A,0x90,0x16,0x5B,0x04,
+          0x2A,0x7C,0xEF,0xAD,0xB3,0x07 }
         };
 
-static const EC_CURVE_DATA _EC_NIST_CHAR2_409K = {
-        NID_X9_62_characteristic_two_field,
-        "020000000000000000000000000000000000000000000000000000000000000000000"
-        "00000000000008000000000000000000001",
-        "0",
-        "1",
-        "0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C4601"
-        "89EB5AAAA62EE222EB1B35540CFE9023746",
-        "01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6"
-        "C42E9C55215AA9CA27A5863EC48D8E0286B",
-        "007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400"
-        "EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF", 4,
-        NULL, 0,
-        "NIST/SECG curve over a 409 bit binary field"
+static const struct { EC_CURVE_DATA h; unsigned char data[0+52*6]; }
+        _EC_NIST_CHAR2_409K = {
+        { NID_X9_62_characteristic_two_field,0,52,4 },
+        {                                                       /* no seed */
+          0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x01,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* a */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* b */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x01,
+          0x00,0x60,0xF0,0x5F,0x65,0x8F,0x49,0xC1,0xAD,0x3A,    /* x */
+          0xB1,0x89,0x0F,0x71,0x84,0x21,0x0E,0xFD,0x09,0x87,
+          0xE3,0x07,0xC8,0x4C,0x27,0xAC,0xCF,0xB8,0xF9,0xF6,
+          0x7C,0xC2,0xC4,0x60,0x18,0x9E,0xB5,0xAA,0xAA,0x62,
+          0xEE,0x22,0x2E,0xB1,0xB3,0x55,0x40,0xCF,0xE9,0x02,
+          0x37,0x46,
+          0x01,0xE3,0x69,0x05,0x0B,0x7C,0x4E,0x42,0xAC,0xBA,    /* y */
+          0x1D,0xAC,0xBF,0x04,0x29,0x9C,0x34,0x60,0x78,0x2F,
+          0x91,0x8E,0xA4,0x27,0xE6,0x32,0x51,0x65,0xE9,0xEA,
+          0x10,0xE3,0xDA,0x5F,0x6C,0x42,0xE9,0xC5,0x52,0x15,
+          0xAA,0x9C,0xA2,0x7A,0x58,0x63,0xEC,0x48,0xD8,0xE0,
+          0x28,0x6B,
+          0x00,0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* order */
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0x5F,0x83,0xB2,
+          0xD4,0xEA,0x20,0x40,0x0E,0xC4,0x55,0x7D,0x5E,0xD3,
+          0xE3,0xE7,0xCA,0x5B,0x4B,0x5C,0x83,0xB8,0xE0,0x1E,
+          0x5F,0xCF }
         };
 
-static const unsigned char _EC_NIST_CHAR2_409B_SEED[] = {
-        0x40,0x99,0xB5,0xA4,0x57,0xF9,0xD6,0x9F,0x79,0x21,
-        0x3D,0x09,0x4C,0x4B,0xCD,0x4D,0x42,0x62,0x21,0x0B};
-static const EC_CURVE_DATA _EC_NIST_CHAR2_409B = {
-        NID_X9_62_characteristic_two_field,
-        "020000000000000000000000000000000000000000000000000000000000000000000"
-        "00000000000008000000000000000000001",
-        "000000000000000000000000000000000000000000000000000000000000000000000"
-        "00000000000000000000000000000000001",
-        "0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A19"
-        "7B272822F6CD57A55AA4F50AE317B13545F",
-        "015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255"
-        "A868A1180515603AEAB60794E54BB7996A7",
-        "0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514"
-        "F1FDF4B4F40D2181B3681C364BA0273C706",
-        "010000000000000000000000000000000000000000000000000001E2AAD6A612F3330"
-        "7BE5FA47C3C9E052F838164CD37D9A21173", 2,
-        _EC_NIST_CHAR2_409B_SEED, 20,
-        "NIST/SECG curve over a 409 bit binary field"
+static const struct { EC_CURVE_DATA h; unsigned char data[20+52*6]; }
+        _EC_NIST_CHAR2_409B = {
+        { NID_X9_62_characteristic_two_field,20,52,2 },
+        { 0x40,0x99,0xB5,0xA4,0x57,0xF9,0xD6,0x9F,0x79,0x21,    /* seed */
+          0x3D,0x09,0x4C,0x4B,0xCD,0x4D,0x42,0x62,0x21,0x0B,
+
+          0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x01,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* a */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x01,
+          0x00,0x21,0xA5,0xC2,0xC8,0xEE,0x9F,0xEB,0x5C,0x4B,    /* b */
+          0x9A,0x75,0x3B,0x7B,0x47,0x6B,0x7F,0xD6,0x42,0x2E,
+          0xF1,0xF3,0xDD,0x67,0x47,0x61,0xFA,0x99,0xD6,0xAC,
+          0x27,0xC8,0xA9,0xA1,0x97,0xB2,0x72,0x82,0x2F,0x6C,
+          0xD5,0x7A,0x55,0xAA,0x4F,0x50,0xAE,0x31,0x7B,0x13,
+          0x54,0x5F,
+          0x01,0x5D,0x48,0x60,0xD0,0x88,0xDD,0xB3,0x49,0x6B,    /* x */
+          0x0C,0x60,0x64,0x75,0x62,0x60,0x44,0x1C,0xDE,0x4A,
+          0xF1,0x77,0x1D,0x4D,0xB0,0x1F,0xFE,0x5B,0x34,0xE5,
+          0x97,0x03,0xDC,0x25,0x5A,0x86,0x8A,0x11,0x80,0x51,
+          0x56,0x03,0xAE,0xAB,0x60,0x79,0x4E,0x54,0xBB,0x79,
+          0x96,0xA7,
+          0x00,0x61,0xB1,0xCF,0xAB,0x6B,0xE5,0xF3,0x2B,0xBF,    /* y */
+          0xA7,0x83,0x24,0xED,0x10,0x6A,0x76,0x36,0xB9,0xC5,
+          0xA7,0xBD,0x19,0x8D,0x01,0x58,0xAA,0x4F,0x54,0x88,
+          0xD0,0x8F,0x38,0x51,0x4F,0x1F,0xDF,0x4B,0x4F,0x40,
+          0xD2,0x18,0x1B,0x36,0x81,0xC3,0x64,0xBA,0x02,0x73,
+          0xC7,0x06,
+          0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* order */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x01,0xE2,0xAA,0xD6,
+          0xA6,0x12,0xF3,0x33,0x07,0xBE,0x5F,0xA4,0x7C,0x3C,
+          0x9E,0x05,0x2F,0x83,0x81,0x64,0xCD,0x37,0xD9,0xA2,
+          0x11,0x73 }
         };
 
-static const EC_CURVE_DATA _EC_NIST_CHAR2_571K = {
-        NID_X9_62_characteristic_two_field,
-        "800000000000000000000000000000000000000000000000000000000000000000000"
-        "000000000000000000000000000000000000000000000000000000000000000000000"
-        "00425",
-        "0",
-        "1",
-        "026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA443709"
-        "58493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A0"
-        "1C8972",
-        "0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D497"
-        "9C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143E"
-        "F1C7A3",
-        "020000000000000000000000000000000000000000000000000000000000000000000"
-        "000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F63"
-        "7C1001", 4,
-        NULL, 0,
-        "NIST/SECG curve over a 571 bit binary field"
+static const struct { EC_CURVE_DATA h; unsigned char data[0+72*6]; }
+        _EC_NIST_CHAR2_571K = {
+        { NID_X9_62_characteristic_two_field,0,72,4 },
+        {                                                       /* no seed */
+          0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x04,0x25,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* a */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* b */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x01,
+          0x02,0x6E,0xB7,0xA8,0x59,0x92,0x3F,0xBC,0x82,0x18,    /* x */
+          0x96,0x31,0xF8,0x10,0x3F,0xE4,0xAC,0x9C,0xA2,0x97,
+          0x00,0x12,0xD5,0xD4,0x60,0x24,0x80,0x48,0x01,0x84,
+          0x1C,0xA4,0x43,0x70,0x95,0x84,0x93,0xB2,0x05,0xE6,
+          0x47,0xDA,0x30,0x4D,0xB4,0xCE,0xB0,0x8C,0xBB,0xD1,
+          0xBA,0x39,0x49,0x47,0x76,0xFB,0x98,0x8B,0x47,0x17,
+          0x4D,0xCA,0x88,0xC7,0xE2,0x94,0x52,0x83,0xA0,0x1C,
+          0x89,0x72,
+          0x03,0x49,0xDC,0x80,0x7F,0x4F,0xBF,0x37,0x4F,0x4A,    /* y */
+          0xEA,0xDE,0x3B,0xCA,0x95,0x31,0x4D,0xD5,0x8C,0xEC,
+          0x9F,0x30,0x7A,0x54,0xFF,0xC6,0x1E,0xFC,0x00,0x6D,
+          0x8A,0x2C,0x9D,0x49,0x79,0xC0,0xAC,0x44,0xAE,0xA7,
+          0x4F,0xBE,0xBB,0xB9,0xF7,0x72,0xAE,0xDC,0xB6,0x20,
+          0xB0,0x1A,0x7B,0xA7,0xAF,0x1B,0x32,0x04,0x30,0xC8,
+          0x59,0x19,0x84,0xF6,0x01,0xCD,0x4C,0x14,0x3E,0xF1,
+          0xC7,0xA3,
+          0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* order */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x13,0x18,0x50,0xE1,
+          0xF1,0x9A,0x63,0xE4,0xB3,0x91,0xA8,0xDB,0x91,0x7F,
+          0x41,0x38,0xB6,0x30,0xD8,0x4B,0xE5,0xD6,0x39,0x38,
+          0x1E,0x91,0xDE,0xB4,0x5C,0xFE,0x77,0x8F,0x63,0x7C,
+          0x10,0x01 }
         };
 
-static const unsigned char _EC_NIST_CHAR2_571B_SEED[] = {
-        0x2A,0xA0,0x58,0xF7,0x3A,0x0E,0x33,0xAB,0x48,0x6B,
-        0x0F,0x61,0x04,0x10,0xC5,0x3A,0x7F,0x13,0x23,0x10};
-static const EC_CURVE_DATA _EC_NIST_CHAR2_571B = {
-        NID_X9_62_characteristic_two_field,
-        "800000000000000000000000000000000000000000000000000000000000000000000"
-        "000000000000000000000000000000000000000000000000000000000000000000000"
-        "00425",
-        "000000000000000000000000000000000000000000000000000000000000000000000"
-        "000000000000000000000000000000000000000000000000000000000000000000000"
-        "000001",
-        "02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFA"
-        "BBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F29"
-        "55727A",
-        "0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53"
-        "950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8E"
-        "EC2D19",
-        "037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423"
-        "E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B"
-        "8AC15B",
-        "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
-        "FFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2F"
-        "E84E47", 2,
-        _EC_NIST_CHAR2_571B_SEED, 20,
-        "NIST/SECG curve over a 571 bit binary field"
+static const struct { EC_CURVE_DATA h; unsigned char data[20+72*6]; }
+        _EC_NIST_CHAR2_571B = {
+        { NID_X9_62_characteristic_two_field,20,72,2 },
+        { 0x2A,0xA0,0x58,0xF7,0x3A,0x0E,0x33,0xAB,0x48,0x6B,    /* seed */
+          0x0F,0x61,0x04,0x10,0xC5,0x3A,0x7F,0x13,0x23,0x10,
+
+          0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x04,0x25,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* a */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x01,
+          0x02,0xF4,0x0E,0x7E,0x22,0x21,0xF2,0x95,0xDE,0x29,    /* b */
+          0x71,0x17,0xB7,0xF3,0xD6,0x2F,0x5C,0x6A,0x97,0xFF,
+          0xCB,0x8C,0xEF,0xF1,0xCD,0x6B,0xA8,0xCE,0x4A,0x9A,
+          0x18,0xAD,0x84,0xFF,0xAB,0xBD,0x8E,0xFA,0x59,0x33,
+          0x2B,0xE7,0xAD,0x67,0x56,0xA6,0x6E,0x29,0x4A,0xFD,
+          0x18,0x5A,0x78,0xFF,0x12,0xAA,0x52,0x0E,0x4D,0xE7,
+          0x39,0xBA,0xCA,0x0C,0x7F,0xFE,0xFF,0x7F,0x29,0x55,
+          0x72,0x7A,
+          0x03,0x03,0x00,0x1D,0x34,0xB8,0x56,0x29,0x6C,0x16,    /* x */
+          0xC0,0xD4,0x0D,0x3C,0xD7,0x75,0x0A,0x93,0xD1,0xD2,
+          0x95,0x5F,0xA8,0x0A,0xA5,0xF4,0x0F,0xC8,0xDB,0x7B,
+          0x2A,0xBD,0xBD,0xE5,0x39,0x50,0xF4,0xC0,0xD2,0x93,
+          0xCD,0xD7,0x11,0xA3,0x5B,0x67,0xFB,0x14,0x99,0xAE,
+          0x60,0x03,0x86,0x14,0xF1,0x39,0x4A,0xBF,0xA3,0xB4,
+          0xC8,0x50,0xD9,0x27,0xE1,0xE7,0x76,0x9C,0x8E,0xEC,
+          0x2D,0x19,
+          0x03,0x7B,0xF2,0x73,0x42,0xDA,0x63,0x9B,0x6D,0xCC,    /* y */
+          0xFF,0xFE,0xB7,0x3D,0x69,0xD7,0x8C,0x6C,0x27,0xA6,
+          0x00,0x9C,0xBB,0xCA,0x19,0x80,0xF8,0x53,0x39,0x21,
+          0xE8,0xA6,0x84,0x42,0x3E,0x43,0xBA,0xB0,0x8A,0x57,
+          0x62,0x91,0xAF,0x8F,0x46,0x1B,0xB2,0xA8,0xB3,0x53,
+          0x1D,0x2F,0x04,0x85,0xC1,0x9B,0x16,0xE2,0xF1,0x51,
+          0x6E,0x23,0xDD,0x3C,0x1A,0x48,0x27,0xAF,0x1B,0x8A,
+          0xC1,0x5B,
+          0x03,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* order */
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xE6,0x61,0xCE,0x18,
+          0xFF,0x55,0x98,0x73,0x08,0x05,0x9B,0x18,0x68,0x23,
+          0x85,0x1E,0xC7,0xDD,0x9C,0xA1,0x16,0x1D,0xE9,0x3D,
+          0x51,0x74,0xD6,0x6E,0x83,0x82,0xE9,0xBB,0x2F,0xE8,
+          0x4E,0x47 }
         };
 
-static const unsigned char _EC_X9_62_CHAR2_163V1_SEED[] = {
-        0xD2,0xC0,0xFB,0x15,0x76,0x08,0x60,0xDE,0xF1,0xEE,
-        0xF4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15,0x17,0x54};
-static const EC_CURVE_DATA _EC_X9_62_CHAR2_163V1 = {
-        NID_X9_62_characteristic_two_field,
-        "080000000000000000000000000000000000000107",
-        "072546B5435234A422E0789675F432C89435DE5242",
-        "00C9517D06D5240D3CFF38C74B20B6CD4D6F9DD4D9",
-        "07AF69989546103D79329FCC3D74880F33BBE803CB",
-        "01EC23211B5966ADEA1D3F87F7EA5848AEF0B7CA9F",
-        "0400000000000000000001E60FC8821CC74DAEAFC1", 2,
-        _EC_X9_62_CHAR2_163V1_SEED, 20,
-        "X9.62 curve over a 163 bit binary field"
+static const struct { EC_CURVE_DATA h; unsigned char data[20+21*6]; }
+        _EC_X9_62_CHAR2_163V1 = {
+        { NID_X9_62_characteristic_two_field,20,21,2 },
+        { 0xD2,0xC0,0xFB,0x15,0x76,0x08,0x60,0xDE,0xF1,0xEE,
+          0xF4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15,0x17,0x54,    /* seed */
+
+          0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,
+          0x07,
+          0x07,0x25,0x46,0xB5,0x43,0x52,0x34,0xA4,0x22,0xE0,    /* a */
+          0x78,0x96,0x75,0xF4,0x32,0xC8,0x94,0x35,0xDE,0x52,
+          0x42,
+          0x00,0xC9,0x51,0x7D,0x06,0xD5,0x24,0x0D,0x3C,0xFF,    /* b */
+          0x38,0xC7,0x4B,0x20,0xB6,0xCD,0x4D,0x6F,0x9D,0xD4,
+          0xD9,
+          0x07,0xAF,0x69,0x98,0x95,0x46,0x10,0x3D,0x79,0x32,    /* x */
+          0x9F,0xCC,0x3D,0x74,0x88,0x0F,0x33,0xBB,0xE8,0x03,
+          0xCB,
+          0x01,0xEC,0x23,0x21,0x1B,0x59,0x66,0xAD,0xEA,0x1D,    /* y */
+          0x3F,0x87,0xF7,0xEA,0x58,0x48,0xAE,0xF0,0xB7,0xCA,
+          0x9F,
+          0x04,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* order */
+          0x01,0xE6,0x0F,0xC8,0x82,0x1C,0xC7,0x4D,0xAE,0xAF,
+          0xC1 }
         };
 
-static const unsigned char _EC_X9_62_CHAR2_163V2_SEED[] = {
-        0x53,0x81,0x4C,0x05,0x0D,0x44,0xD6,0x96,0xE6,0x76,
-        0x87,0x56,0x15,0x17,0x58,0x0C,0xA4,0xE2,0x9F,0xFD};
-static const EC_CURVE_DATA _EC_X9_62_CHAR2_163V2 = {
-        NID_X9_62_characteristic_two_field,
-        "080000000000000000000000000000000000000107",
-        "0108B39E77C4B108BED981ED0E890E117C511CF072",
-        "0667ACEB38AF4E488C407433FFAE4F1C811638DF20",
-        "0024266E4EB5106D0A964D92C4860E2671DB9B6CC5",
-        "079F684DDF6684C5CD258B3890021B2386DFD19FC5",
-        "03FFFFFFFFFFFFFFFFFFFDF64DE1151ADBB78F10A7", 2,
-        _EC_X9_62_CHAR2_163V2_SEED, 20,
-        "X9.62 curve over a 163 bit binary field"
+static const struct { EC_CURVE_DATA h; unsigned char data[20+21*6]; }
+        _EC_X9_62_CHAR2_163V2 = {
+        { NID_X9_62_characteristic_two_field,20,21,2 },
+        { 0x53,0x81,0x4C,0x05,0x0D,0x44,0xD6,0x96,0xE6,0x76,    /* seed */
+          0x87,0x56,0x15,0x17,0x58,0x0C,0xA4,0xE2,0x9F,0xFD,
+
+          0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,
+          0x07,
+          0x01,0x08,0xB3,0x9E,0x77,0xC4,0xB1,0x08,0xBE,0xD9,    /* a */
+          0x81,0xED,0x0E,0x89,0x0E,0x11,0x7C,0x51,0x1C,0xF0,
+          0x72,
+          0x06,0x67,0xAC,0xEB,0x38,0xAF,0x4E,0x48,0x8C,0x40,    /* b */
+          0x74,0x33,0xFF,0xAE,0x4F,0x1C,0x81,0x16,0x38,0xDF,
+          0x20,
+          0x00,0x24,0x26,0x6E,0x4E,0xB5,0x10,0x6D,0x0A,0x96,    /* x */
+          0x4D,0x92,0xC4,0x86,0x0E,0x26,0x71,0xDB,0x9B,0x6C,
+          0xC5,
+          0x07,0x9F,0x68,0x4D,0xDF,0x66,0x84,0xC5,0xCD,0x25,    /* y */
+          0x8B,0x38,0x90,0x02,0x1B,0x23,0x86,0xDF,0xD1,0x9F,
+          0xC5,
+          0x03,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* order */
+          0xFD,0xF6,0x4D,0xE1,0x15,0x1A,0xDB,0xB7,0x8F,0x10,
+          0xA7 }
         };
 
-static const unsigned char _EC_X9_62_CHAR2_163V3_SEED[] = {
-        0x50,0xCB,0xF1,0xD9,0x5C,0xA9,0x4D,0x69,0x6E,0x67,
-        0x68,0x75,0x61,0x51,0x75,0xF1,0x6A,0x36,0xA3,0xB8};
-static const EC_CURVE_DATA _EC_X9_62_CHAR2_163V3 = {
-        NID_X9_62_characteristic_two_field,
-        "080000000000000000000000000000000000000107",
-        "07A526C63D3E25A256A007699F5447E32AE456B50E",
-        "03F7061798EB99E238FD6F1BF95B48FEEB4854252B",
-        "02F9F87B7C574D0BDECF8A22E6524775F98CDEBDCB",
-        "05B935590C155E17EA48EB3FF3718B893DF59A05D0",
-        "03FFFFFFFFFFFFFFFFFFFE1AEE140F110AFF961309", 2,
-        _EC_X9_62_CHAR2_163V3_SEED, 20,
-        "X9.62 curve over a 163 bit binary field"
+static const struct { EC_CURVE_DATA h; unsigned char data[20+21*6]; }
+        _EC_X9_62_CHAR2_163V3 = {
+        { NID_X9_62_characteristic_two_field,20,21,2 },
+        { 0x50,0xCB,0xF1,0xD9,0x5C,0xA9,0x4D,0x69,0x6E,0x67,    /* seed */
+          0x68,0x75,0x61,0x51,0x75,0xF1,0x6A,0x36,0xA3,0xB8,
+
+          0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,
+          0x07,
+          0x07,0xA5,0x26,0xC6,0x3D,0x3E,0x25,0xA2,0x56,0xA0,    /* a */
+          0x07,0x69,0x9F,0x54,0x47,0xE3,0x2A,0xE4,0x56,0xB5,
+          0x0E,
+          0x03,0xF7,0x06,0x17,0x98,0xEB,0x99,0xE2,0x38,0xFD,    /* b */
+          0x6F,0x1B,0xF9,0x5B,0x48,0xFE,0xEB,0x48,0x54,0x25,
+          0x2B,
+          0x02,0xF9,0xF8,0x7B,0x7C,0x57,0x4D,0x0B,0xDE,0xCF,    /* x */
+          0x8A,0x22,0xE6,0x52,0x47,0x75,0xF9,0x8C,0xDE,0xBD,
+          0xCB,
+          0x05,0xB9,0x35,0x59,0x0C,0x15,0x5E,0x17,0xEA,0x48,    /* y */
+          0xEB,0x3F,0xF3,0x71,0x8B,0x89,0x3D,0xF5,0x9A,0x05,
+          0xD0,
+          0x03,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* order */
+          0xFE,0x1A,0xEE,0x14,0x0F,0x11,0x0A,0xFF,0x96,0x13,
+          0x09 }
         };
 
-static const EC_CURVE_DATA _EC_X9_62_CHAR2_176V1 = {
-        NID_X9_62_characteristic_two_field,
-        "0100000000000000000000000000000000080000000007",
-        "E4E6DB2995065C407D9D39B8D0967B96704BA8E9C90B",
-        "5DDA470ABE6414DE8EC133AE28E9BBD7FCEC0AE0FFF2",
-        "8D16C2866798B600F9F08BB4A8E860F3298CE04A5798",
-        "6FA4539C2DADDDD6BAB5167D61B436E1D92BB16A562C",
-        "00010092537397ECA4F6145799D62B0A19CE06FE26AD", 0xFF6E,
-        NULL, 0,
-        "X9.62 curve over a 176 bit binary field"
+static const struct { EC_CURVE_DATA h; unsigned char data[0+23*6]; }
+        _EC_X9_62_CHAR2_176V1 = {
+        { NID_X9_62_characteristic_two_field,0,23,0xFF6E },
+        {                                                       /* no seed */
+          0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x00,
+          0x00,0x00,0x07,
+          0x00,0xE4,0xE6,0xDB,0x29,0x95,0x06,0x5C,0x40,0x7D,    /* a */
+          0x9D,0x39,0xB8,0xD0,0x96,0x7B,0x96,0x70,0x4B,0xA8,
+          0xE9,0xC9,0x0B,
+          0x00,0x5D,0xDA,0x47,0x0A,0xBE,0x64,0x14,0xDE,0x8E,    /* b */
+          0xC1,0x33,0xAE,0x28,0xE9,0xBB,0xD7,0xFC,0xEC,0x0A,
+          0xE0,0xFF,0xF2,
+          0x00,0x8D,0x16,0xC2,0x86,0x67,0x98,0xB6,0x00,0xF9,    /* x */
+          0xF0,0x8B,0xB4,0xA8,0xE8,0x60,0xF3,0x29,0x8C,0xE0,
+          0x4A,0x57,0x98,
+          0x00,0x6F,0xA4,0x53,0x9C,0x2D,0xAD,0xDD,0xD6,0xBA,    /* y */
+          0xB5,0x16,0x7D,0x61,0xB4,0x36,0xE1,0xD9,0x2B,0xB1,
+          0x6A,0x56,0x2C,
+          0x00,0x00,0x01,0x00,0x92,0x53,0x73,0x97,0xEC,0xA4,    /* order */
+          0xF6,0x14,0x57,0x99,0xD6,0x2B,0x0A,0x19,0xCE,0x06,
+          0xFE,0x26,0xAD }
         };
 
-static const unsigned char _EC_X9_62_CHAR2_191V1_SEED[] = {
-        0x4E,0x13,0xCA,0x54,0x27,0x44,0xD6,0x96,0xE6,0x76,
-        0x87,0x56,0x15,0x17,0x55,0x2F,0x27,0x9A,0x8C,0x84};
-static const EC_CURVE_DATA _EC_X9_62_CHAR2_191V1 = {
-        NID_X9_62_characteristic_two_field,
-        "800000000000000000000000000000000000000000000201",
-        "2866537B676752636A68F56554E12640276B649EF7526267",
-        "2E45EF571F00786F67B0081B9495A3D95462F5DE0AA185EC",
-        "36B3DAF8A23206F9C4F299D7B21A9C369137F2C84AE1AA0D",
-        "765BE73433B3F95E332932E70EA245CA2418EA0EF98018FB",
-        "40000000000000000000000004A20E90C39067C893BBB9A5", 2,
-        _EC_X9_62_CHAR2_191V1_SEED, 20,
-        "X9.62 curve over a 191 bit binary field"
+static const struct { EC_CURVE_DATA h; unsigned char data[20+24*6]; }
+        _EC_X9_62_CHAR2_191V1 = {
+        { NID_X9_62_characteristic_two_field,20,24,2 },
+        { 0x4E,0x13,0xCA,0x54,0x27,0x44,0xD6,0x96,0xE6,0x76,    /* seed */
+          0x87,0x56,0x15,0x17,0x55,0x2F,0x27,0x9A,0x8C,0x84,
+
+          0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x02,0x01,
+          0x28,0x66,0x53,0x7B,0x67,0x67,0x52,0x63,0x6A,0x68,    /* a */
+          0xF5,0x65,0x54,0xE1,0x26,0x40,0x27,0x6B,0x64,0x9E,
+          0xF7,0x52,0x62,0x67,
+          0x2E,0x45,0xEF,0x57,0x1F,0x00,0x78,0x6F,0x67,0xB0,    /* b */
+          0x08,0x1B,0x94,0x95,0xA3,0xD9,0x54,0x62,0xF5,0xDE,
+          0x0A,0xA1,0x85,0xEC,
+          0x36,0xB3,0xDA,0xF8,0xA2,0x32,0x06,0xF9,0xC4,0xF2,    /* x */
+          0x99,0xD7,0xB2,0x1A,0x9C,0x36,0x91,0x37,0xF2,0xC8,
+          0x4A,0xE1,0xAA,0x0D,
+          0x76,0x5B,0xE7,0x34,0x33,0xB3,0xF9,0x5E,0x33,0x29,    /* y */
+          0x32,0xE7,0x0E,0xA2,0x45,0xCA,0x24,0x18,0xEA,0x0E,
+          0xF9,0x80,0x18,0xFB,
+          0x40,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* order */
+          0x00,0x00,0x04,0xA2,0x0E,0x90,0xC3,0x90,0x67,0xC8,
+          0x93,0xBB,0xB9,0xA5 }
         };
 
-static const unsigned char _EC_X9_62_CHAR2_191V2_SEED[] = {
-        0x08,0x71,0xEF,0x2F,0xEF,0x24,0xD6,0x96,0xE6,0x76,
-        0x87,0x56,0x15,0x17,0x58,0xBE,0xE0,0xD9,0x5C,0x15};
-static const EC_CURVE_DATA _EC_X9_62_CHAR2_191V2 = {
-        NID_X9_62_characteristic_two_field,
-        "800000000000000000000000000000000000000000000201",
-        "401028774D7777C7B7666D1366EA432071274F89FF01E718",
-        "0620048D28BCBD03B6249C99182B7C8CD19700C362C46A01",
-        "3809B2B7CC1B28CC5A87926AAD83FD28789E81E2C9E3BF10",
-        "17434386626D14F3DBF01760D9213A3E1CF37AEC437D668A",
-        "20000000000000000000000050508CB89F652824E06B8173", 4,
-        _EC_X9_62_CHAR2_191V2_SEED, 20,
-        "X9.62 curve over a 191 bit binary field"
+static const struct { EC_CURVE_DATA h; unsigned char data[20+24*6]; }
+        _EC_X9_62_CHAR2_191V2 = {
+        { NID_X9_62_characteristic_two_field,20,24,4 },
+        { 0x08,0x71,0xEF,0x2F,0xEF,0x24,0xD6,0x96,0xE6,0x76,    /* seed */
+          0x87,0x56,0x15,0x17,0x58,0xBE,0xE0,0xD9,0x5C,0x15,
+
+          0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x02,0x01,
+          0x40,0x10,0x28,0x77,0x4D,0x77,0x77,0xC7,0xB7,0x66,    /* a */
+          0x6D,0x13,0x66,0xEA,0x43,0x20,0x71,0x27,0x4F,0x89,
+          0xFF,0x01,0xE7,0x18,
+          0x06,0x20,0x04,0x8D,0x28,0xBC,0xBD,0x03,0xB6,0x24,    /* b */
+          0x9C,0x99,0x18,0x2B,0x7C,0x8C,0xD1,0x97,0x00,0xC3,
+          0x62,0xC4,0x6A,0x01,
+          0x38,0x09,0xB2,0xB7,0xCC,0x1B,0x28,0xCC,0x5A,0x87,    /* x */
+          0x92,0x6A,0xAD,0x83,0xFD,0x28,0x78,0x9E,0x81,0xE2,
+          0xC9,0xE3,0xBF,0x10,
+          0x17,0x43,0x43,0x86,0x62,0x6D,0x14,0xF3,0xDB,0xF0,    /* y */
+          0x17,0x60,0xD9,0x21,0x3A,0x3E,0x1C,0xF3,0x7A,0xEC,
+          0x43,0x7D,0x66,0x8A,
+          0x20,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* order */
+          0x00,0x00,0x50,0x50,0x8C,0xB8,0x9F,0x65,0x28,0x24,
+          0xE0,0x6B,0x81,0x73 }
         };
 
-static const unsigned char _EC_X9_62_CHAR2_191V3_SEED[] = {
-        0xE0,0x53,0x51,0x2D,0xC6,0x84,0xD6,0x96,0xE6,0x76,
-        0x87,0x56,0x15,0x17,0x50,0x67,0xAE,0x78,0x6D,0x1F};
-static const EC_CURVE_DATA _EC_X9_62_CHAR2_191V3 = {
-        NID_X9_62_characteristic_two_field,
-        "800000000000000000000000000000000000000000000201",
-        "6C01074756099122221056911C77D77E77A777E7E7E77FCB",
-        "71FE1AF926CF847989EFEF8DB459F66394D90F32AD3F15E8",
-        "375D4CE24FDE434489DE8746E71786015009E66E38A926DD",
-        "545A39176196575D985999366E6AD34CE0A77CD7127B06BE",
-        "155555555555555555555555610C0B196812BFB6288A3EA3", 6,
-        _EC_X9_62_CHAR2_191V3_SEED, 20,
-        "X9.62 curve over a 191 bit binary field"
+static const struct { EC_CURVE_DATA h; unsigned char data[20+24*6]; }
+        _EC_X9_62_CHAR2_191V3 = {
+        { NID_X9_62_characteristic_two_field,20,24,6 },
+        { 0xE0,0x53,0x51,0x2D,0xC6,0x84,0xD6,0x96,0xE6,0x76,    /* seed */
+          0x87,0x56,0x15,0x17,0x50,0x67,0xAE,0x78,0x6D,0x1F,
+
+          0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x02,0x01,
+          0x6C,0x01,0x07,0x47,0x56,0x09,0x91,0x22,0x22,0x10,    /* a */
+          0x56,0x91,0x1C,0x77,0xD7,0x7E,0x77,0xA7,0x77,0xE7,
+          0xE7,0xE7,0x7F,0xCB,
+          0x71,0xFE,0x1A,0xF9,0x26,0xCF,0x84,0x79,0x89,0xEF,    /* b */
+          0xEF,0x8D,0xB4,0x59,0xF6,0x63,0x94,0xD9,0x0F,0x32,
+          0xAD,0x3F,0x15,0xE8,
+          0x37,0x5D,0x4C,0xE2,0x4F,0xDE,0x43,0x44,0x89,0xDE,    /* x */
+          0x87,0x46,0xE7,0x17,0x86,0x01,0x50,0x09,0xE6,0x6E,
+          0x38,0xA9,0x26,0xDD,
+          0x54,0x5A,0x39,0x17,0x61,0x96,0x57,0x5D,0x98,0x59,    /* y */
+          0x99,0x36,0x6E,0x6A,0xD3,0x4C,0xE0,0xA7,0x7C,0xD7,
+          0x12,0x7B,0x06,0xBE,
+          0x15,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,    /* order */
+          0x55,0x55,0x61,0x0C,0x0B,0x19,0x68,0x12,0xBF,0xB6,
+          0x28,0x8A,0x3E,0xA3 }
         };
 
-static const EC_CURVE_DATA _EC_X9_62_CHAR2_208W1 = {
-        NID_X9_62_characteristic_two_field,
-        "010000000000000000000000000000000800000000000000000007",
-        "0000000000000000000000000000000000000000000000000000",
-        "C8619ED45A62E6212E1160349E2BFA844439FAFC2A3FD1638F9E",
-        "89FDFBE4ABE193DF9559ECF07AC0CE78554E2784EB8C1ED1A57A",
-        "0F55B51A06E78E9AC38A035FF520D8B01781BEB1A6BB08617DE3",
-        "000101BAF95C9723C57B6C21DA2EFF2D5ED588BDD5717E212F9D", 0xFE48,
-        NULL, 0,
-        "X9.62 curve over a 208 bit binary field"
+static const struct { EC_CURVE_DATA h; unsigned char data[0+27*6]; }
+        _EC_X9_62_CHAR2_208W1 = {
+        { NID_X9_62_characteristic_two_field,0,27,0xFE48 },
+        {                                                       /* no seed */
+          0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x07,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* a */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0xC8,0x61,0x9E,0xD4,0x5A,0x62,0xE6,0x21,0x2E,    /* b */
+          0x11,0x60,0x34,0x9E,0x2B,0xFA,0x84,0x44,0x39,0xFA,
+          0xFC,0x2A,0x3F,0xD1,0x63,0x8F,0x9E,
+          0x00,0x89,0xFD,0xFB,0xE4,0xAB,0xE1,0x93,0xDF,0x95,    /* x */
+          0x59,0xEC,0xF0,0x7A,0xC0,0xCE,0x78,0x55,0x4E,0x27,
+          0x84,0xEB,0x8C,0x1E,0xD1,0xA5,0x7A,
+          0x00,0x0F,0x55,0xB5,0x1A,0x06,0xE7,0x8E,0x9A,0xC3,    /* y */
+          0x8A,0x03,0x5F,0xF5,0x20,0xD8,0xB0,0x17,0x81,0xBE,
+          0xB1,0xA6,0xBB,0x08,0x61,0x7D,0xE3,
+          0x00,0x00,0x01,0x01,0xBA,0xF9,0x5C,0x97,0x23,0xC5,    /* order */
+          0x7B,0x6C,0x21,0xDA,0x2E,0xFF,0x2D,0x5E,0xD5,0x88,
+          0xBD,0xD5,0x71,0x7E,0x21,0x2F,0x9D }
         };
 
-static const unsigned char _EC_X9_62_CHAR2_239V1_SEED[] = {
-        0xD3,0x4B,0x9A,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61,
-        0x51,0x75,0xCA,0x71,0xB9,0x20,0xBF,0xEF,0xB0,0x5D};
-static const EC_CURVE_DATA _EC_X9_62_CHAR2_239V1 = {
-        NID_X9_62_characteristic_two_field,
-        "800000000000000000000000000000000000000000000000001000000001",
-        "32010857077C5431123A46B808906756F543423E8D27877578125778AC76",
-        "790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16",
-        "57927098FA932E7C0A96D3FD5B706EF7E5F5C156E16B7E7C86038552E91D",
-        "61D8EE5077C33FECF6F1A16B268DE469C3C7744EA9A971649FC7A9616305",
-        "2000000000000000000000000000000F4D42FFE1492A4993F1CAD666E447", 4,
-        _EC_X9_62_CHAR2_239V1_SEED, 20,
-        "X9.62 curve over a 239 bit binary field"
+static const struct { EC_CURVE_DATA h; unsigned char data[20+30*6]; }
+        _EC_X9_62_CHAR2_239V1 = {
+        { NID_X9_62_characteristic_two_field,20,30,4 },
+        { 0xD3,0x4B,0x9A,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61,    /* seed */
+          0x51,0x75,0xCA,0x71,0xB9,0x20,0xBF,0xEF,0xB0,0x5D,
+
+          0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x00,0x00,0x01,
+
+          0x32,0x01,0x08,0x57,0x07,0x7C,0x54,0x31,0x12,0x3A,    /* a */
+          0x46,0xB8,0x08,0x90,0x67,0x56,0xF5,0x43,0x42,0x3E,
+          0x8D,0x27,0x87,0x75,0x78,0x12,0x57,0x78,0xAC,0x76,
+
+          0x79,0x04,0x08,0xF2,0xEE,0xDA,0xF3,0x92,0xB0,0x12,    /* b */
+          0xED,0xEF,0xB3,0x39,0x2F,0x30,0xF4,0x32,0x7C,0x0C,
+          0xA3,0xF3,0x1F,0xC3,0x83,0xC4,0x22,0xAA,0x8C,0x16,
+
+          0x57,0x92,0x70,0x98,0xFA,0x93,0x2E,0x7C,0x0A,0x96,    /* x */
+          0xD3,0xFD,0x5B,0x70,0x6E,0xF7,0xE5,0xF5,0xC1,0x56,
+          0xE1,0x6B,0x7E,0x7C,0x86,0x03,0x85,0x52,0xE9,0x1D,
+
+          0x61,0xD8,0xEE,0x50,0x77,0xC3,0x3F,0xEC,0xF6,0xF1,    /* y */
+          0xA1,0x6B,0x26,0x8D,0xE4,0x69,0xC3,0xC7,0x74,0x4E,
+          0xA9,0xA9,0x71,0x64,0x9F,0xC7,0xA9,0x61,0x63,0x05,
+
+          0x20,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* order */
+          0x00,0x00,0x00,0x00,0x00,0x0F,0x4D,0x42,0xFF,0xE1,
+          0x49,0x2A,0x49,0x93,0xF1,0xCA,0xD6,0x66,0xE4,0x47 }
         };
 
-static const unsigned char _EC_X9_62_CHAR2_239V2_SEED[] = {
-        0x2A,0xA6,0x98,0x2F,0xDF,0xA4,0xD6,0x96,0xE6,0x76,
-        0x87,0x56,0x15,0x17,0x5D,0x26,0x67,0x27,0x27,0x7D};
-static const EC_CURVE_DATA _EC_X9_62_CHAR2_239V2 = {
-        NID_X9_62_characteristic_two_field,
-        "800000000000000000000000000000000000000000000000001000000001",
-        "4230017757A767FAE42398569B746325D45313AF0766266479B75654E65F",
-        "5037EA654196CFF0CD82B2C14A2FCF2E3FF8775285B545722F03EACDB74B",
-        "28F9D04E900069C8DC47A08534FE76D2B900B7D7EF31F5709F200C4CA205",
-        "5667334C45AFF3B5A03BAD9DD75E2C71A99362567D5453F7FA6E227EC833",
-        "1555555555555555555555555555553C6F2885259C31E3FCDF154624522D", 6,
-        _EC_X9_62_CHAR2_239V2_SEED, 20,
-        "X9.62 curve over a 239 bit binary field"
+static const struct { EC_CURVE_DATA h; unsigned char data[20+30*6]; }
+        _EC_X9_62_CHAR2_239V2 = {
+        { NID_X9_62_characteristic_two_field,20,30,6 },
+        { 0x2A,0xA6,0x98,0x2F,0xDF,0xA4,0xD6,0x96,0xE6,0x76,    /* seed */
+          0x87,0x56,0x15,0x17,0x5D,0x26,0x67,0x27,0x27,0x7D,
+
+          0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x00,0x00,0x01,
+
+          0x42,0x30,0x01,0x77,0x57,0xA7,0x67,0xFA,0xE4,0x23,    /* a */
+          0x98,0x56,0x9B,0x74,0x63,0x25,0xD4,0x53,0x13,0xAF,
+          0x07,0x66,0x26,0x64,0x79,0xB7,0x56,0x54,0xE6,0x5F,
+
+          0x50,0x37,0xEA,0x65,0x41,0x96,0xCF,0xF0,0xCD,0x82,    /* b */
+          0xB2,0xC1,0x4A,0x2F,0xCF,0x2E,0x3F,0xF8,0x77,0x52,
+          0x85,0xB5,0x45,0x72,0x2F,0x03,0xEA,0xCD,0xB7,0x4B,
+
+          0x28,0xF9,0xD0,0x4E,0x90,0x00,0x69,0xC8,0xDC,0x47,    /* x */
+          0xA0,0x85,0x34,0xFE,0x76,0xD2,0xB9,0x00,0xB7,0xD7,
+          0xEF,0x31,0xF5,0x70,0x9F,0x20,0x0C,0x4C,0xA2,0x05,
+
+          0x56,0x67,0x33,0x4C,0x45,0xAF,0xF3,0xB5,0xA0,0x3B,    /* y */
+          0xAD,0x9D,0xD7,0x5E,0x2C,0x71,0xA9,0x93,0x62,0x56,
+          0x7D,0x54,0x53,0xF7,0xFA,0x6E,0x22,0x7E,0xC8,0x33,
+
+          0x15,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,    /* order */
+          0x55,0x55,0x55,0x55,0x55,0x3C,0x6F,0x28,0x85,0x25,
+          0x9C,0x31,0xE3,0xFC,0xDF,0x15,0x46,0x24,0x52,0x2D }
         };
 
-static const unsigned char _EC_X9_62_CHAR2_239V3_SEED[] = {
-        0x9E,0x07,0x6F,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61,
-        0x51,0x75,0xE1,0x1E,0x9F,0xDD,0x77,0xF9,0x20,0x41};
-static const EC_CURVE_DATA _EC_X9_62_CHAR2_239V3 = {
-        NID_X9_62_characteristic_two_field,
-        "800000000000000000000000000000000000000000000000001000000001",
-        "01238774666A67766D6676F778E676B66999176666E687666D8766C66A9F",
-        "6A941977BA9F6A435199ACFC51067ED587F519C5ECB541B8E44111DE1D40",
-        "70F6E9D04D289C4E89913CE3530BFDE903977D42B146D539BF1BDE4E9C92",
-        "2E5A0EAF6E5E1305B9004DCE5C0ED7FE59A35608F33837C816D80B79F461",
-        "0CCCCCCCCCCCCCCCCCCCCCCCCCCCCCAC4912D2D9DF903EF9888B8A0E4CFF", 0xA,
-        _EC_X9_62_CHAR2_239V3_SEED, 20,
-        "X9.62 curve over a 239 bit binary field"
+static const struct { EC_CURVE_DATA h; unsigned char data[20+30*6]; }
+        _EC_X9_62_CHAR2_239V3 = {
+        { NID_X9_62_characteristic_two_field,20,30,0xA },
+        { 0x9E,0x07,0x6F,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61,    /* seed */
+          0x51,0x75,0xE1,0x1E,0x9F,0xDD,0x77,0xF9,0x20,0x41,
+
+          0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x00,0x00,0x01,
+
+          0x01,0x23,0x87,0x74,0x66,0x6A,0x67,0x76,0x6D,0x66,    /* a */
+          0x76,0xF7,0x78,0xE6,0x76,0xB6,0x69,0x99,0x17,0x66,
+          0x66,0xE6,0x87,0x66,0x6D,0x87,0x66,0xC6,0x6A,0x9F,
+
+          0x6A,0x94,0x19,0x77,0xBA,0x9F,0x6A,0x43,0x51,0x99,    /* b */
+          0xAC,0xFC,0x51,0x06,0x7E,0xD5,0x87,0xF5,0x19,0xC5,
+          0xEC,0xB5,0x41,0xB8,0xE4,0x41,0x11,0xDE,0x1D,0x40,
+
+          0x70,0xF6,0xE9,0xD0,0x4D,0x28,0x9C,0x4E,0x89,0x91,    /* x */
+          0x3C,0xE3,0x53,0x0B,0xFD,0xE9,0x03,0x97,0x7D,0x42,
+          0xB1,0x46,0xD5,0x39,0xBF,0x1B,0xDE,0x4E,0x9C,0x92,
+
+          0x2E,0x5A,0x0E,0xAF,0x6E,0x5E,0x13,0x05,0xB9,0x00,    /* y */
+          0x4D,0xCE,0x5C,0x0E,0xD7,0xFE,0x59,0xA3,0x56,0x08,
+          0xF3,0x38,0x37,0xC8,0x16,0xD8,0x0B,0x79,0xF4,0x61,
+
+          0x0C,0xCC,0xCC,0xCC,0xCC,0xCC,0xCC,0xCC,0xCC,0xCC,    /* order */
+          0xCC,0xCC,0xCC,0xCC,0xCC,0xAC,0x49,0x12,0xD2,0xD9,
+          0xDF,0x90,0x3E,0xF9,0x88,0x8B,0x8A,0x0E,0x4C,0xFF }
         };
 
-static const EC_CURVE_DATA _EC_X9_62_CHAR2_272W1 = {
-        NID_X9_62_characteristic_two_field,
-        "010000000000000000000000000000000000000000000000000000010000000000000"
-        "B",
-        "91A091F03B5FBA4AB2CCF49C4EDD220FB028712D42BE752B2C40094DBACDB586FB20",
-        "7167EFC92BB2E3CE7C8AAAFF34E12A9C557003D7C73A6FAF003F99F6CC8482E540F7",
-        "6108BABB2CEEBCF787058A056CBE0CFE622D7723A289E08A07AE13EF0D10D171DD8D",
-        "10C7695716851EEF6BA7F6872E6142FBD241B830FF5EFCACECCAB05E02005DDE9D23",
-        "000100FAF51354E0E39E4892DF6E319C72C8161603FA45AA7B998A167B8F1E629521",
-        0xFF06,
-        NULL, 0,
-        "X9.62 curve over a 272 bit binary field"
+static const struct { EC_CURVE_DATA h; unsigned char data[0+35*6]; }
+        _EC_X9_62_CHAR2_272W1 = {
+        { NID_X9_62_characteristic_two_field,0,35,0xFF06 },
+        {                                                       /* no seed */
+          0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x0B,
+          0x00,0x91,0xA0,0x91,0xF0,0x3B,0x5F,0xBA,0x4A,0xB2,    /* a */
+          0xCC,0xF4,0x9C,0x4E,0xDD,0x22,0x0F,0xB0,0x28,0x71,
+          0x2D,0x42,0xBE,0x75,0x2B,0x2C,0x40,0x09,0x4D,0xBA,
+          0xCD,0xB5,0x86,0xFB,0x20,
+          0x00,0x71,0x67,0xEF,0xC9,0x2B,0xB2,0xE3,0xCE,0x7C,    /* b */
+          0x8A,0xAA,0xFF,0x34,0xE1,0x2A,0x9C,0x55,0x70,0x03,
+          0xD7,0xC7,0x3A,0x6F,0xAF,0x00,0x3F,0x99,0xF6,0xCC,
+          0x84,0x82,0xE5,0x40,0xF7,
+          0x00,0x61,0x08,0xBA,0xBB,0x2C,0xEE,0xBC,0xF7,0x87,    /* x */
+          0x05,0x8A,0x05,0x6C,0xBE,0x0C,0xFE,0x62,0x2D,0x77,
+          0x23,0xA2,0x89,0xE0,0x8A,0x07,0xAE,0x13,0xEF,0x0D,
+          0x10,0xD1,0x71,0xDD,0x8D,
+          0x00,0x10,0xC7,0x69,0x57,0x16,0x85,0x1E,0xEF,0x6B,    /* y */
+          0xA7,0xF6,0x87,0x2E,0x61,0x42,0xFB,0xD2,0x41,0xB8,
+          0x30,0xFF,0x5E,0xFC,0xAC,0xEC,0xCA,0xB0,0x5E,0x02,
+          0x00,0x5D,0xDE,0x9D,0x23,
+          0x00,0x00,0x01,0x00,0xFA,0xF5,0x13,0x54,0xE0,0xE3,    /* order */
+          0x9E,0x48,0x92,0xDF,0x6E,0x31,0x9C,0x72,0xC8,0x16,
+          0x16,0x03,0xFA,0x45,0xAA,0x7B,0x99,0x8A,0x16,0x7B,
+          0x8F,0x1E,0x62,0x95,0x21 }
         };
 
-static const EC_CURVE_DATA _EC_X9_62_CHAR2_304W1 = {
-        NID_X9_62_characteristic_two_field,
-        "010000000000000000000000000000000000000000000000000000000000000000000"
-        "000000807",
-        "FD0D693149A118F651E6DCE6802085377E5F882D1B510B44160074C1288078365A039"
-        "6C8E681",
-        "BDDB97E555A50A908E43B01C798EA5DAA6788F1EA2794EFCF57166B8C14039601E558"
-        "27340BE",
-        "197B07845E9BE2D96ADB0F5F3C7F2CFFBD7A3EB8B6FEC35C7FD67F26DDF6285A644F7"
-        "40A2614",
-        "E19FBEB76E0DA171517ECF401B50289BF014103288527A9B416A105E80260B549FDC1"
-        "B92C03B",
-        "000101D556572AABAC800101D556572AABAC8001022D5C91DD173F8FB561DA6899164"
-        "443051D", 0xFE2E,
-        NULL, 0,
-        "X9.62 curve over a 304 bit binary field"
+static const struct { EC_CURVE_DATA h; unsigned char data[0+39*6]; }
+        _EC_X9_62_CHAR2_304W1 = {
+        { NID_X9_62_characteristic_two_field,0,39,0xFE2E },
+        {                                                       /* no seed */
+          0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x08,0x07,
+          0x00,0xFD,0x0D,0x69,0x31,0x49,0xA1,0x18,0xF6,0x51,    /* a */
+          0xE6,0xDC,0xE6,0x80,0x20,0x85,0x37,0x7E,0x5F,0x88,
+          0x2D,0x1B,0x51,0x0B,0x44,0x16,0x00,0x74,0xC1,0x28,
+          0x80,0x78,0x36,0x5A,0x03,0x96,0xC8,0xE6,0x81,
+          0x00,0xBD,0xDB,0x97,0xE5,0x55,0xA5,0x0A,0x90,0x8E,    /* b */
+          0x43,0xB0,0x1C,0x79,0x8E,0xA5,0xDA,0xA6,0x78,0x8F,
+          0x1E,0xA2,0x79,0x4E,0xFC,0xF5,0x71,0x66,0xB8,0xC1,
+          0x40,0x39,0x60,0x1E,0x55,0x82,0x73,0x40,0xBE,
+          0x00,0x19,0x7B,0x07,0x84,0x5E,0x9B,0xE2,0xD9,0x6A,    /* x */
+          0xDB,0x0F,0x5F,0x3C,0x7F,0x2C,0xFF,0xBD,0x7A,0x3E,
+          0xB8,0xB6,0xFE,0xC3,0x5C,0x7F,0xD6,0x7F,0x26,0xDD,
+          0xF6,0x28,0x5A,0x64,0x4F,0x74,0x0A,0x26,0x14,
+          0x00,0xE1,0x9F,0xBE,0xB7,0x6E,0x0D,0xA1,0x71,0x51,    /* y */
+          0x7E,0xCF,0x40,0x1B,0x50,0x28,0x9B,0xF0,0x14,0x10,
+          0x32,0x88,0x52,0x7A,0x9B,0x41,0x6A,0x10,0x5E,0x80,
+          0x26,0x0B,0x54,0x9F,0xDC,0x1B,0x92,0xC0,0x3B,
+          0x00,0x00,0x01,0x01,0xD5,0x56,0x57,0x2A,0xAB,0xAC,    /* order */
+          0x80,0x01,0x01,0xD5,0x56,0x57,0x2A,0xAB,0xAC,0x80,
+          0x01,0x02,0x2D,0x5C,0x91,0xDD,0x17,0x3F,0x8F,0xB5,
+          0x61,0xDA,0x68,0x99,0x16,0x44,0x43,0x05,0x1D }
         };
 
-static const unsigned char _EC_X9_62_CHAR2_359V1_SEED[] = {
-        0x2B,0x35,0x49,0x20,0xB7,0x24,0xD6,0x96,0xE6,0x76,
-        0x87,0x56,0x15,0x17,0x58,0x5B,0xA1,0x33,0x2D,0xC6};
-static const EC_CURVE_DATA _EC_X9_62_CHAR2_359V1 = {
-        NID_X9_62_characteristic_two_field,
-        "800000000000000000000000000000000000000000000000000000000000000000000"
-        "000100000000000000001",
-        "5667676A654B20754F356EA92017D946567C46675556F19556A04616B567D223A5E05"
-        "656FB549016A96656A557",
-        "2472E2D0197C49363F1FE7F5B6DB075D52B6947D135D8CA445805D39BC34562608968"
-        "7742B6329E70680231988",
-        "3C258EF3047767E7EDE0F1FDAA79DAEE3841366A132E163ACED4ED2401DF9C6BDCDE9"
-        "8E8E707C07A2239B1B097",
-        "53D7E08529547048121E9C95F3791DD804963948F34FAE7BF44EA82365DC7868FE57E"
-        "4AE2DE211305A407104BD",
-        "01AF286BCA1AF286BCA1AF286BCA1AF286BCA1AF286BC9FB8F6B85C556892C20A7EB9"
-        "64FE7719E74F490758D3B", 0x4C,
-        _EC_X9_62_CHAR2_359V1_SEED, 20,
-        "X9.62 curve over a 359 bit binary field"
+static const struct { EC_CURVE_DATA h; unsigned char data[20+45*6]; }
+        _EC_X9_62_CHAR2_359V1 = {
+        { NID_X9_62_characteristic_two_field,20,45,0x4C },
+        { 0x2B,0x35,0x49,0x20,0xB7,0x24,0xD6,0x96,0xE6,0x76,    /* seed */
+          0x87,0x56,0x15,0x17,0x58,0x5B,0xA1,0x33,0x2D,0xC6,
+
+          0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x01,
+          0x56,0x67,0x67,0x6A,0x65,0x4B,0x20,0x75,0x4F,0x35,    /* a */
+          0x6E,0xA9,0x20,0x17,0xD9,0x46,0x56,0x7C,0x46,0x67,
+          0x55,0x56,0xF1,0x95,0x56,0xA0,0x46,0x16,0xB5,0x67,
+          0xD2,0x23,0xA5,0xE0,0x56,0x56,0xFB,0x54,0x90,0x16,
+          0xA9,0x66,0x56,0xA5,0x57,
+          0x24,0x72,0xE2,0xD0,0x19,0x7C,0x49,0x36,0x3F,0x1F,    /* b */
+          0xE7,0xF5,0xB6,0xDB,0x07,0x5D,0x52,0xB6,0x94,0x7D,
+          0x13,0x5D,0x8C,0xA4,0x45,0x80,0x5D,0x39,0xBC,0x34,
+          0x56,0x26,0x08,0x96,0x87,0x74,0x2B,0x63,0x29,0xE7,
+          0x06,0x80,0x23,0x19,0x88,
+          0x3C,0x25,0x8E,0xF3,0x04,0x77,0x67,0xE7,0xED,0xE0,    /* x */
+          0xF1,0xFD,0xAA,0x79,0xDA,0xEE,0x38,0x41,0x36,0x6A,
+          0x13,0x2E,0x16,0x3A,0xCE,0xD4,0xED,0x24,0x01,0xDF,
+          0x9C,0x6B,0xDC,0xDE,0x98,0xE8,0xE7,0x07,0xC0,0x7A,
+          0x22,0x39,0xB1,0xB0,0x97,
+          0x53,0xD7,0xE0,0x85,0x29,0x54,0x70,0x48,0x12,0x1E,    /* y */
+          0x9C,0x95,0xF3,0x79,0x1D,0xD8,0x04,0x96,0x39,0x48,
+          0xF3,0x4F,0xAE,0x7B,0xF4,0x4E,0xA8,0x23,0x65,0xDC,
+          0x78,0x68,0xFE,0x57,0xE4,0xAE,0x2D,0xE2,0x11,0x30,
+          0x5A,0x40,0x71,0x04,0xBD,
+          0x01,0xAF,0x28,0x6B,0xCA,0x1A,0xF2,0x86,0xBC,0xA1,    /* order */
+          0xAF,0x28,0x6B,0xCA,0x1A,0xF2,0x86,0xBC,0xA1,0xAF,
+          0x28,0x6B,0xC9,0xFB,0x8F,0x6B,0x85,0xC5,0x56,0x89,
+          0x2C,0x20,0xA7,0xEB,0x96,0x4F,0xE7,0x71,0x9E,0x74,
+          0xF4,0x90,0x75,0x8D,0x3B }
         };
 
-static const EC_CURVE_DATA _EC_X9_62_CHAR2_368W1 = {
-        NID_X9_62_characteristic_two_field,
-        "010000000000000000000000000000000000000000000000000000000000000000000"
-        "0002000000000000000000007",
-        "E0D2EE25095206F5E2A4F9ED229F1F256E79A0E2B455970D8D0D865BD94778C576D62"
-        "F0AB7519CCD2A1A906AE30D",
-        "FC1217D4320A90452C760A58EDCD30C8DD069B3C34453837A34ED50CB54917E1C2112"
-        "D84D164F444F8F74786046A",
-        "1085E2755381DCCCE3C1557AFA10C2F0C0C2825646C5B34A394CBCFA8BC16B22E7E78"
-        "9E927BE216F02E1FB136A5F",
-        "7B3EB1BDDCBA62D5D8B2059B525797FC73822C59059C623A45FF3843CEE8F87CD1855"
-        "ADAA81E2A0750B80FDA2310",
-        "00010090512DA9AF72B08349D98A5DD4C7B0532ECA51CE03E2D10F3B7AC579BD87E90"
-        "9AE40A6F131E9CFCE5BD967", 0xFF70,
-        NULL, 0,
-        "X9.62 curve over a 368 bit binary field"
+static const struct { EC_CURVE_DATA h; unsigned char data[0+47*6]; }
+        _EC_X9_62_CHAR2_368W1 = {
+        { NID_X9_62_characteristic_two_field,0,47,0xFF70 },
+        {                                                       /* no seed */
+          0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x20,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x07,
+          0x00,0xE0,0xD2,0xEE,0x25,0x09,0x52,0x06,0xF5,0xE2,    /* a */
+          0xA4,0xF9,0xED,0x22,0x9F,0x1F,0x25,0x6E,0x79,0xA0,
+          0xE2,0xB4,0x55,0x97,0x0D,0x8D,0x0D,0x86,0x5B,0xD9,
+          0x47,0x78,0xC5,0x76,0xD6,0x2F,0x0A,0xB7,0x51,0x9C,
+          0xCD,0x2A,0x1A,0x90,0x6A,0xE3,0x0D,
+          0x00,0xFC,0x12,0x17,0xD4,0x32,0x0A,0x90,0x45,0x2C,    /* b */
+          0x76,0x0A,0x58,0xED,0xCD,0x30,0xC8,0xDD,0x06,0x9B,
+          0x3C,0x34,0x45,0x38,0x37,0xA3,0x4E,0xD5,0x0C,0xB5,
+          0x49,0x17,0xE1,0xC2,0x11,0x2D,0x84,0xD1,0x64,0xF4,
+          0x44,0xF8,0xF7,0x47,0x86,0x04,0x6A,
+          0x00,0x10,0x85,0xE2,0x75,0x53,0x81,0xDC,0xCC,0xE3,    /* x */
+          0xC1,0x55,0x7A,0xFA,0x10,0xC2,0xF0,0xC0,0xC2,0x82,
+          0x56,0x46,0xC5,0xB3,0x4A,0x39,0x4C,0xBC,0xFA,0x8B,
+          0xC1,0x6B,0x22,0xE7,0xE7,0x89,0xE9,0x27,0xBE,0x21,
+          0x6F,0x02,0xE1,0xFB,0x13,0x6A,0x5F,
+          0x00,0x7B,0x3E,0xB1,0xBD,0xDC,0xBA,0x62,0xD5,0xD8,    /* y */
+          0xB2,0x05,0x9B,0x52,0x57,0x97,0xFC,0x73,0x82,0x2C,
+          0x59,0x05,0x9C,0x62,0x3A,0x45,0xFF,0x38,0x43,0xCE,
+          0xE8,0xF8,0x7C,0xD1,0x85,0x5A,0xDA,0xA8,0x1E,0x2A,
+          0x07,0x50,0xB8,0x0F,0xDA,0x23,0x10,
+          0x00,0x00,0x01,0x00,0x90,0x51,0x2D,0xA9,0xAF,0x72,    /* order */
+          0xB0,0x83,0x49,0xD9,0x8A,0x5D,0xD4,0xC7,0xB0,0x53,
+          0x2E,0xCA,0x51,0xCE,0x03,0xE2,0xD1,0x0F,0x3B,0x7A,
+          0xC5,0x79,0xBD,0x87,0xE9,0x09,0xAE,0x40,0xA6,0xF1,
+          0x31,0xE9,0xCF,0xCE,0x5B,0xD9,0x67 }
         };
 
-static const EC_CURVE_DATA _EC_X9_62_CHAR2_431R1 = {
-        NID_X9_62_characteristic_two_field,
-        "800000000000000000000000000000000000000000000000000000000000000000000"
-        "000000001000000000000000000000000000001",
-        "1A827EF00DD6FC0E234CAF046C6A5D8A85395B236CC4AD2CF32A0CADBDC9DDF620B0E"
-        "B9906D0957F6C6FEACD615468DF104DE296CD8F",
-        "10D9B4A3D9047D8B154359ABFB1B7F5485B04CEB868237DDC9DEDA982A679A5A919B6"
-        "26D4E50A8DD731B107A9962381FB5D807BF2618",
-        "120FC05D3C67A99DE161D2F4092622FECA701BE4F50F4758714E8A87BBF2A658EF8C2"
-        "1E7C5EFE965361F6C2999C0C247B0DBD70CE6B7",
-        "20D0AF8903A96F8D5FA2C255745D3C451B302C9346D9B7E485E7BCE41F6B591F3E8F6"
-        "ADDCBB0BC4C2F947A7DE1A89B625D6A598B3760",
-        "0340340340340340340340340340340340340340340340340340340323C313FAB5058"
-        "9703B5EC68D3587FEC60D161CC149C1AD4A91", 0x2760,
-        NULL, 0,
-        "X9.62 curve over a 431 bit binary field"
+static const struct { EC_CURVE_DATA h; unsigned char data[0+54*6]; }
+        _EC_X9_62_CHAR2_431R1 = {
+        { NID_X9_62_characteristic_two_field,0,54,0x2760 },
+        {                                                       /* no seed */
+          0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x01,
+          0x1A,0x82,0x7E,0xF0,0x0D,0xD6,0xFC,0x0E,0x23,0x4C,    /* a */
+          0xAF,0x04,0x6C,0x6A,0x5D,0x8A,0x85,0x39,0x5B,0x23,
+          0x6C,0xC4,0xAD,0x2C,0xF3,0x2A,0x0C,0xAD,0xBD,0xC9,
+          0xDD,0xF6,0x20,0xB0,0xEB,0x99,0x06,0xD0,0x95,0x7F,
+          0x6C,0x6F,0xEA,0xCD,0x61,0x54,0x68,0xDF,0x10,0x4D,
+          0xE2,0x96,0xCD,0x8F,
+          0x10,0xD9,0xB4,0xA3,0xD9,0x04,0x7D,0x8B,0x15,0x43,    /* b */
+          0x59,0xAB,0xFB,0x1B,0x7F,0x54,0x85,0xB0,0x4C,0xEB,
+          0x86,0x82,0x37,0xDD,0xC9,0xDE,0xDA,0x98,0x2A,0x67,
+          0x9A,0x5A,0x91,0x9B,0x62,0x6D,0x4E,0x50,0xA8,0xDD,
+          0x73,0x1B,0x10,0x7A,0x99,0x62,0x38,0x1F,0xB5,0xD8,
+          0x07,0xBF,0x26,0x18,
+          0x12,0x0F,0xC0,0x5D,0x3C,0x67,0xA9,0x9D,0xE1,0x61,    /* x */
+          0xD2,0xF4,0x09,0x26,0x22,0xFE,0xCA,0x70,0x1B,0xE4,
+          0xF5,0x0F,0x47,0x58,0x71,0x4E,0x8A,0x87,0xBB,0xF2,
+          0xA6,0x58,0xEF,0x8C,0x21,0xE7,0xC5,0xEF,0xE9,0x65,
+          0x36,0x1F,0x6C,0x29,0x99,0xC0,0xC2,0x47,0xB0,0xDB,
+          0xD7,0x0C,0xE6,0xB7,
+          0x20,0xD0,0xAF,0x89,0x03,0xA9,0x6F,0x8D,0x5F,0xA2,    /* y */
+          0xC2,0x55,0x74,0x5D,0x3C,0x45,0x1B,0x30,0x2C,0x93,
+          0x46,0xD9,0xB7,0xE4,0x85,0xE7,0xBC,0xE4,0x1F,0x6B,
+          0x59,0x1F,0x3E,0x8F,0x6A,0xDD,0xCB,0xB0,0xBC,0x4C,
+          0x2F,0x94,0x7A,0x7D,0xE1,0xA8,0x9B,0x62,0x5D,0x6A,
+          0x59,0x8B,0x37,0x60,
+          0x00,0x03,0x40,0x34,0x03,0x40,0x34,0x03,0x40,0x34,    /* order */
+          0x03,0x40,0x34,0x03,0x40,0x34,0x03,0x40,0x34,0x03,
+          0x40,0x34,0x03,0x40,0x34,0x03,0x40,0x34,0x03,0x23,
+          0xC3,0x13,0xFA,0xB5,0x05,0x89,0x70,0x3B,0x5E,0xC6,
+          0x8D,0x35,0x87,0xFE,0xC6,0x0D,0x16,0x1C,0xC1,0x49,
+          0xC1,0xAD,0x4A,0x91 }
         };
 
-static const EC_CURVE_DATA _EC_WTLS_1 = {
-        NID_X9_62_characteristic_two_field,
-        "020000000000000000000000000201",
-        "1",
-        "1",
-        "01667979A40BA497E5D5C270780617",
-        "00F44B4AF1ECC2630E08785CEBCC15",
-        "00FFFFFFFFFFFFFFFDBF91AF6DEA73", 2,
-        NULL, 0,
-        "WTLS curve over a 113 bit binary field"
+static const struct { EC_CURVE_DATA h; unsigned char data[0+15*6]; }
+        _EC_WTLS_1 = {
+        { NID_X9_62_characteristic_two_field,0,15,2 },
+        {                                                       /* no seed */
+          0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
+          0x00,0x00,0x00,0x02,0x01,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* a */
+          0x00,0x00,0x00,0x00,0x01,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* b */
+          0x00,0x00,0x00,0x00,0x01,
+          0x01,0x66,0x79,0x79,0xA4,0x0B,0xA4,0x97,0xE5,0xD5,    /* x */
+          0xC2,0x70,0x78,0x06,0x17,
+          0x00,0xF4,0x4B,0x4A,0xF1,0xEC,0xC2,0x63,0x0E,0x08,    /* y */
+          0x78,0x5C,0xEB,0xCC,0x15,
+          0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFD,0xBF,    /* order */
+          0x91,0xAF,0x6D,0xEA,0x73 }
         };
 
 /* IPSec curves */
@@ -1001,17 +1765,27 @@ static const EC_CURVE_DATA _EC_WTLS_1 = {
  * As the group order is not a prime this curve is not suitable
  * for ECDSA.
  */
-static const EC_CURVE_DATA _EC_IPSEC_155_ID3 = {
-        NID_X9_62_characteristic_two_field,
-        "0800000000000000000000004000000000000001",
-        "0",
-        "07338f",
-        "7b",
-        "1c8",
-        "2AAAAAAAAAAAAAAAAAAC7F3C7881BD0868FA86C",3,
-        NULL, 0,
-        "\n\tIPSec/IKE/Oakley curve #3 over a 155 bit binary field.\n"
-        "\tNot suitable for ECDSA.\n\tQuestionable extension field!"
+static const struct { EC_CURVE_DATA h; unsigned char data[0+20*6]; }
+        _EC_IPSEC_155_ID3 = {
+        { NID_X9_62_characteristic_two_field,0,20,3 },
+        {                                                       /* no seed */
+          0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
+          0x00,0x00,0x40,0x00,0x00,0x00,0x00,0x00,0x00,0x01,
+
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* a */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* b */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x07,0x33,0x8f,
+
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* x */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x7b,
+
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* y */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0xc8,
+
+          0x02,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,    /* order */
+          0xC7,0xF3,0xC7,0x88,0x1B,0xD0,0x86,0x8F,0xA8,0x6C }
         };
 
 /* NOTE: The of curves over a extension field of non prime degree
@@ -1019,106 +1793,118 @@ static const EC_CURVE_DATA _EC_IPSEC_155_ID3 = {
  * As the group order is not a prime this curve is not suitable
  * for ECDSA.
  */
-static const EC_CURVE_DATA _EC_IPSEC_185_ID4 = {
-        NID_X9_62_characteristic_two_field,
-        "020000000000000000000000000000200000000000000001",
-        "0",
-        "1ee9",
-        "18",
-        "0d",
-        "FFFFFFFFFFFFFFFFFFFFFFEDF97C44DB9F2420BAFCA75E",2,
-        NULL, 0,
-        "\n\tIPSec/IKE/Oakley curve #4 over a 185 bit binary field.\n"
-        "\tNot suitable for ECDSA.\n\tQuestionable extension field!"
+static const struct { EC_CURVE_DATA h; unsigned char data[0+24*6]; }
+        _EC_IPSEC_185_ID4 = {
+        { NID_X9_62_characteristic_two_field,0,24,2 },
+        {                                                       /* no seed */
+          0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
+          0x00,0x00,0x00,0x00,0x00,0x20,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x01,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* a */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* b */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x1e,0xe9,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* x */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x18,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* y */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x0d,
+          0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* order */
+          0xFF,0xFF,0xED,0xF9,0x7C,0x44,0xDB,0x9F,0x24,0x20,
+          0xBA,0xFC,0xA7,0x5E }
         };
 
 typedef struct _ec_list_element_st {
         int     nid;
         const EC_CURVE_DATA *data;
+        const char *comment;
         } ec_list_element;
 
 static const ec_list_element curve_list[] = {
         /* prime field curves */        
         /* secg curves */
-        { NID_secp112r1, &_EC_SECG_PRIME_112R1},
-        { NID_secp112r2, &_EC_SECG_PRIME_112R2},
-        { NID_secp128r1, &_EC_SECG_PRIME_128R1},
-        { NID_secp128r2, &_EC_SECG_PRIME_128R2},
-        { NID_secp160k1, &_EC_SECG_PRIME_160K1},
-        { NID_secp160r1, &_EC_SECG_PRIME_160R1},
-        { NID_secp160r2, &_EC_SECG_PRIME_160R2},
+        { NID_secp112r1, &_EC_SECG_PRIME_112R1.h, "SECG/WTLS curve over a 112 bit prime field"},
+        { NID_secp112r2, &_EC_SECG_PRIME_112R2.h, "SECG curve over a 112 bit prime field"},
+        { NID_secp128r1, &_EC_SECG_PRIME_128R1.h, "SECG curve over a 128 bit prime field"},
+        { NID_secp128r2, &_EC_SECG_PRIME_128R2.h, "SECG curve over a 128 bit prime field"},
+        { NID_secp160k1, &_EC_SECG_PRIME_160K1.h, "SECG curve over a 160 bit prime field"},
+        { NID_secp160r1, &_EC_SECG_PRIME_160R1.h, "SECG curve over a 160 bit prime field"},
+        { NID_secp160r2, &_EC_SECG_PRIME_160R2.h, "SECG/WTLS curve over a 160 bit prime field"},
         /* SECG secp192r1 is the same as X9.62 prime192v1 and hence omitted */
-        { NID_secp192k1, &_EC_SECG_PRIME_192K1},
-        { NID_secp224k1, &_EC_SECG_PRIME_224K1},
-        { NID_secp224r1, &_EC_NIST_PRIME_224},
-        { NID_secp256k1, &_EC_SECG_PRIME_256K1},
+        { NID_secp192k1, &_EC_SECG_PRIME_192K1.h, "SECG curve over a 192 bit prime field"},
+        { NID_secp224k1, &_EC_SECG_PRIME_224K1.h, "SECG curve over a 224 bit prime field"},
+        { NID_secp224r1, &_EC_NIST_PRIME_224.h,   "NIST/SECG curve over a 224 bit prime field"},
+        { NID_secp256k1, &_EC_SECG_PRIME_256K1.h, "SECG curve over a 256 bit prime field"},
         /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */
-        { NID_secp384r1, &_EC_NIST_PRIME_384},
-        { NID_secp521r1, &_EC_NIST_PRIME_521},
+        { NID_secp384r1, &_EC_NIST_PRIME_384.h, "NIST/SECG curve over a 384 bit prime field"},
+        { NID_secp521r1, &_EC_NIST_PRIME_521.h, "NIST/SECG curve over a 521 bit prime field"},
         /* X9.62 curves */
-        { NID_X9_62_prime192v1, &_EC_NIST_PRIME_192},
-        { NID_X9_62_prime192v2, &_EC_X9_62_PRIME_192V2},
-        { NID_X9_62_prime192v3, &_EC_X9_62_PRIME_192V3},
-        { NID_X9_62_prime239v1, &_EC_X9_62_PRIME_239V1},
-        { NID_X9_62_prime239v2, &_EC_X9_62_PRIME_239V2},
-        { NID_X9_62_prime239v3, &_EC_X9_62_PRIME_239V3},
-        { NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1},
+        { NID_X9_62_prime192v1, &_EC_NIST_PRIME_192.h, "NIST/X9.62/SECG curve over a 192 bit prime field"},
+        { NID_X9_62_prime192v2, &_EC_X9_62_PRIME_192V2.h, "X9.62 curve over a 192 bit prime field"},
+        { NID_X9_62_prime192v3, &_EC_X9_62_PRIME_192V3.h, "X9.62 curve over a 192 bit prime field"},
+        { NID_X9_62_prime239v1, &_EC_X9_62_PRIME_239V1.h, "X9.62 curve over a 239 bit prime field"},
+        { NID_X9_62_prime239v2, &_EC_X9_62_PRIME_239V2.h, "X9.62 curve over a 239 bit prime field"},
+        { NID_X9_62_prime239v3, &_EC_X9_62_PRIME_239V3.h, "X9.62 curve over a 239 bit prime field"},
+        { NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, "X9.62/SECG curve over a 256 bit prime field"},
         /* characteristic two field curves */
         /* NIST/SECG curves */
-        { NID_sect113r1, &_EC_SECG_CHAR2_113R1},
-        { NID_sect113r2, &_EC_SECG_CHAR2_113R2},
-        { NID_sect131r1, &_EC_SECG_CHAR2_131R1},
-        { NID_sect131r2, &_EC_SECG_CHAR2_131R2},
-        { NID_sect163k1, &_EC_NIST_CHAR2_163K },
-        { NID_sect163r1, &_EC_SECG_CHAR2_163R1},
-        { NID_sect163r2, &_EC_NIST_CHAR2_163B },
-        { NID_sect193r1, &_EC_SECG_CHAR2_193R1},
-        { NID_sect193r2, &_EC_SECG_CHAR2_193R2},
-        { NID_sect233k1, &_EC_NIST_CHAR2_233K },
-        { NID_sect233r1, &_EC_NIST_CHAR2_233B },
-        { NID_sect239k1, &_EC_SECG_CHAR2_239K1},
-        { NID_sect283k1, &_EC_NIST_CHAR2_283K },
-        { NID_sect283r1, &_EC_NIST_CHAR2_283B },
-        { NID_sect409k1, &_EC_NIST_CHAR2_409K },
-        { NID_sect409r1, &_EC_NIST_CHAR2_409B },
-        { NID_sect571k1, &_EC_NIST_CHAR2_571K },
-        { NID_sect571r1, &_EC_NIST_CHAR2_571B },
+        { NID_sect113r1, &_EC_SECG_CHAR2_113R1.h, "SECG curve over a 113 bit binary field"},
+        { NID_sect113r2, &_EC_SECG_CHAR2_113R2.h, "SECG curve over a 113 bit binary field"},
+        { NID_sect131r1, &_EC_SECG_CHAR2_131R1.h, "SECG/WTLS curve over a 131 bit binary field"},
+        { NID_sect131r2, &_EC_SECG_CHAR2_131R2.h, "SECG curve over a 131 bit binary field"},
+        { NID_sect163k1, &_EC_NIST_CHAR2_163K.h,  "NIST/SECG/WTLS curve over a 163 bit binary field" },
+        { NID_sect163r1, &_EC_SECG_CHAR2_163R1.h, "SECG curve over a 163 bit binary field"},
+        { NID_sect163r2, &_EC_NIST_CHAR2_163B.h,  "NIST/SECG curve over a 163 bit binary field" },
+        { NID_sect193r1, &_EC_SECG_CHAR2_193R1.h, "SECG curve over a 193 bit binary field"},
+        { NID_sect193r2, &_EC_SECG_CHAR2_193R2.h, "SECG curve over a 193 bit binary field"},
+        { NID_sect233k1, &_EC_NIST_CHAR2_233K.h,  "NIST/SECG/WTLS curve over a 233 bit binary field" },
+        { NID_sect233r1, &_EC_NIST_CHAR2_233B.h,  "NIST/SECG/WTLS curve over a 233 bit binary field" },
+        { NID_sect239k1, &_EC_SECG_CHAR2_239K1.h, "SECG curve over a 239 bit binary field"},
+        { NID_sect283k1, &_EC_NIST_CHAR2_283K.h,  "NIST/SECG curve over a 283 bit binary field" },
+        { NID_sect283r1, &_EC_NIST_CHAR2_283B.h,  "NIST/SECG curve over a 283 bit binary field" },
+        { NID_sect409k1, &_EC_NIST_CHAR2_409K.h,  "NIST/SECG curve over a 409 bit binary field" },
+        { NID_sect409r1, &_EC_NIST_CHAR2_409B.h,  "NIST/SECG curve over a 409 bit binary field" },
+        { NID_sect571k1, &_EC_NIST_CHAR2_571K.h,  "NIST/SECG curve over a 571 bit binary field" },
+        { NID_sect571r1, &_EC_NIST_CHAR2_571B.h,  "NIST/SECG curve over a 571 bit binary field" },
         /* X9.62 curves */
-        { NID_X9_62_c2pnb163v1, &_EC_X9_62_CHAR2_163V1},
-        { NID_X9_62_c2pnb163v2, &_EC_X9_62_CHAR2_163V2},
-        { NID_X9_62_c2pnb163v3, &_EC_X9_62_CHAR2_163V3},
-        { NID_X9_62_c2pnb176v1, &_EC_X9_62_CHAR2_176V1},
-        { NID_X9_62_c2tnb191v1, &_EC_X9_62_CHAR2_191V1},
-        { NID_X9_62_c2tnb191v2, &_EC_X9_62_CHAR2_191V2},
-        { NID_X9_62_c2tnb191v3, &_EC_X9_62_CHAR2_191V3},
-        { NID_X9_62_c2pnb208w1, &_EC_X9_62_CHAR2_208W1},
-        { NID_X9_62_c2tnb239v1, &_EC_X9_62_CHAR2_239V1},
-        { NID_X9_62_c2tnb239v2, &_EC_X9_62_CHAR2_239V2},
-        { NID_X9_62_c2tnb239v3, &_EC_X9_62_CHAR2_239V3},
-        { NID_X9_62_c2pnb272w1, &_EC_X9_62_CHAR2_272W1},
-        { NID_X9_62_c2pnb304w1, &_EC_X9_62_CHAR2_304W1},
-        { NID_X9_62_c2tnb359v1, &_EC_X9_62_CHAR2_359V1},
-        { NID_X9_62_c2pnb368w1, &_EC_X9_62_CHAR2_368W1},
-        { NID_X9_62_c2tnb431r1, &_EC_X9_62_CHAR2_431R1},
+        { NID_X9_62_c2pnb163v1, &_EC_X9_62_CHAR2_163V1.h, "X9.62 curve over a 163 bit binary field"},
+        { NID_X9_62_c2pnb163v2, &_EC_X9_62_CHAR2_163V2.h, "X9.62 curve over a 163 bit binary field"},
+        { NID_X9_62_c2pnb163v3, &_EC_X9_62_CHAR2_163V3.h, "X9.62 curve over a 163 bit binary field"},
+        { NID_X9_62_c2pnb176v1, &_EC_X9_62_CHAR2_176V1.h, "X9.62 curve over a 176 bit binary field"},
+        { NID_X9_62_c2tnb191v1, &_EC_X9_62_CHAR2_191V1.h, "X9.62 curve over a 191 bit binary field"},
+        { NID_X9_62_c2tnb191v2, &_EC_X9_62_CHAR2_191V2.h, "X9.62 curve over a 191 bit binary field"},
+        { NID_X9_62_c2tnb191v3, &_EC_X9_62_CHAR2_191V3.h, "X9.62 curve over a 191 bit binary field"},
+        { NID_X9_62_c2pnb208w1, &_EC_X9_62_CHAR2_208W1.h, "X9.62 curve over a 208 bit binary field"},
+        { NID_X9_62_c2tnb239v1, &_EC_X9_62_CHAR2_239V1.h, "X9.62 curve over a 239 bit binary field"},
+        { NID_X9_62_c2tnb239v2, &_EC_X9_62_CHAR2_239V2.h, "X9.62 curve over a 239 bit binary field"},
+        { NID_X9_62_c2tnb239v3, &_EC_X9_62_CHAR2_239V3.h, "X9.62 curve over a 239 bit binary field"},
+        { NID_X9_62_c2pnb272w1, &_EC_X9_62_CHAR2_272W1.h, "X9.62 curve over a 272 bit binary field"},
+        { NID_X9_62_c2pnb304w1, &_EC_X9_62_CHAR2_304W1.h, "X9.62 curve over a 304 bit binary field"},
+        { NID_X9_62_c2tnb359v1, &_EC_X9_62_CHAR2_359V1.h, "X9.62 curve over a 359 bit binary field"},
+        { NID_X9_62_c2pnb368w1, &_EC_X9_62_CHAR2_368W1.h, "X9.62 curve over a 368 bit binary field"},
+        { NID_X9_62_c2tnb431r1, &_EC_X9_62_CHAR2_431R1.h, "X9.62 curve over a 431 bit binary field"},
         /* the WAP/WTLS curves
          * [unlike SECG, spec has its own OIDs for curves from X9.62] */
-        { NID_wap_wsg_idm_ecid_wtls1, &_EC_WTLS_1},
-        { NID_wap_wsg_idm_ecid_wtls3, &_EC_NIST_CHAR2_163K},
-        { NID_wap_wsg_idm_ecid_wtls4, &_EC_SECG_CHAR2_113R1},
-        { NID_wap_wsg_idm_ecid_wtls5, &_EC_X9_62_CHAR2_163V1},
-        { NID_wap_wsg_idm_ecid_wtls6, &_EC_SECG_PRIME_112R1},
-        { NID_wap_wsg_idm_ecid_wtls7, &_EC_SECG_PRIME_160R2},
-        { NID_wap_wsg_idm_ecid_wtls8, &_EC_WTLS_8},
-        { NID_wap_wsg_idm_ecid_wtls9, &_EC_WTLS_9 },
-        { NID_wap_wsg_idm_ecid_wtls10, &_EC_NIST_CHAR2_233K},
-        { NID_wap_wsg_idm_ecid_wtls11, &_EC_NIST_CHAR2_233B},
-        { NID_wap_wsg_idm_ecid_wtls12, &_EC_WTLS_12},
+        { NID_wap_wsg_idm_ecid_wtls1, &_EC_WTLS_1.h, "WTLS curve over a 113 bit binary field"},
+        { NID_wap_wsg_idm_ecid_wtls3, &_EC_NIST_CHAR2_163K.h,   "NIST/SECG/WTLS curve over a 163 bit binary field"},
+        { NID_wap_wsg_idm_ecid_wtls4, &_EC_SECG_CHAR2_113R1.h,  "SECG curve over a 113 bit binary field"},
+        { NID_wap_wsg_idm_ecid_wtls5, &_EC_X9_62_CHAR2_163V1.h, "X9.62 curve over a 163 bit binary field"},
+        { NID_wap_wsg_idm_ecid_wtls6, &_EC_SECG_PRIME_112R1.h,  "SECG/WTLS curve over a 112 bit prime field"},
+        { NID_wap_wsg_idm_ecid_wtls7, &_EC_SECG_PRIME_160R2.h,  "SECG/WTLS curve over a 160 bit prime field"},
+        { NID_wap_wsg_idm_ecid_wtls8, &_EC_WTLS_8.h, "WTLS curve over a 112 bit prime field"},
+        { NID_wap_wsg_idm_ecid_wtls9, &_EC_WTLS_9.h, "WTLS curve over a 160 bit prime field" },
+        { NID_wap_wsg_idm_ecid_wtls10, &_EC_NIST_CHAR2_233K.h, "NIST/SECG/WTLS curve over a 233 bit binary field"},
+        { NID_wap_wsg_idm_ecid_wtls11, &_EC_NIST_CHAR2_233B.h, "NIST/SECG/WTLS curve over a 233 bit binary field"},
+        { NID_wap_wsg_idm_ecid_wtls12, &_EC_WTLS_12.h, "WTLS curvs over a 224 bit prime field"},
         /* IPSec curves */
-        { NID_ipsec3, &_EC_IPSEC_155_ID3},
-        { NID_ipsec4, &_EC_IPSEC_185_ID4},
+        { NID_ipsec3, &_EC_IPSEC_155_ID3.h, "\n\tIPSec/IKE/Oakley curve #3 over a 155 bit binary field.\n""\tNot suitable for ECDSA.\n\tQuestionable extension field!"},
+        { NID_ipsec4, &_EC_IPSEC_185_ID4.h, "\n\tIPSec/IKE/Oakley curve #4 over a 185 bit binary field.\n""\tNot suitable for ECDSA.\n\tQuestionable extension field!"},
 };
 
-static size_t curve_list_length = sizeof(curve_list)/sizeof(ec_list_element);
+#define curve_list_length (sizeof(curve_list)/sizeof(ec_list_element))
 
 static EC_GROUP *ec_group_new_from_data(const EC_CURVE_DATA *data)
         {
@@ -1127,22 +1913,23 @@ static EC_GROUP *ec_group_new_from_data(const EC_CURVE_DATA *data)
         BN_CTX   *ctx=NULL;
         BIGNUM   *p=NULL, *a=NULL, *b=NULL, *x=NULL, *y=NULL, *order=NULL;
         int      ok=0;
+        int      seed_len,param_len;
+        const unsigned char *params;
 
         if ((ctx = BN_CTX_new()) == NULL)
                 {
                 ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE);
                 goto err;
                 }
-        if ((p = BN_new()) == NULL || (a = BN_new()) == NULL || 
-                (b = BN_new()) == NULL || (x = BN_new()) == NULL ||
-                (y = BN_new()) == NULL || (order = BN_new()) == NULL)
-                {
-                ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-        
-        if (!BN_hex2bn(&p, data->p) || !BN_hex2bn(&a, data->a)
-                || !BN_hex2bn(&b, data->b))
+
+        seed_len  = data->seed_len;
+        param_len = data->param_len;
+        params    = (const unsigned char *)(data+1);    /* skip header */
+        params   += seed_len;                           /* skip seed   */
+
+        if (!(p = BN_bin2bn(params+0*param_len, param_len, NULL))
+                || !(a = BN_bin2bn(params+1*param_len, param_len, NULL))
+                || !(b = BN_bin2bn(params+2*param_len, param_len, NULL)))
                 {
                 ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
                 goto err;
@@ -1156,8 +1943,8 @@ static EC_GROUP *ec_group_new_from_data(const EC_CURVE_DATA *data)
                         goto err;
                         }
                 }
-                else
-                { /* field_type == NID_X9_62_characteristic_two_field */
+        else    /* field_type == NID_X9_62_characteristic_two_field */
+                {
                 if ((group = EC_GROUP_new_curve_GF2m(p, a, b, ctx)) == NULL)
                         {
                         ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
@@ -1171,7 +1958,8 @@ static EC_GROUP *ec_group_new_from_data(const EC_CURVE_DATA *data)
                 goto err;
                 }
         
-        if (!BN_hex2bn(&x, data->x) || !BN_hex2bn(&y, data->y))
+        if (!(x = BN_bin2bn(params+3*param_len, param_len, NULL))
+                || !(y = BN_bin2bn(params+4*param_len, param_len, NULL)))
                 {
                 ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
                 goto err;
@@ -1181,7 +1969,8 @@ static EC_GROUP *ec_group_new_from_data(const EC_CURVE_DATA *data)
                 ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
                 goto err;
                 }
-        if (!BN_hex2bn(&order, data->order) || !BN_set_word(x, data->cofactor))
+        if (!(order = BN_bin2bn(params+5*param_len, param_len, NULL))
+                || !BN_set_word(x, (BN_ULONG)data->cofactor))
                 {
                 ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
                 goto err;
@@ -1191,9 +1980,9 @@ static EC_GROUP *ec_group_new_from_data(const EC_CURVE_DATA *data)
                 ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
                 goto err;
                 }
-        if (data->seed)
+        if (seed_len)
                 {
-                if (!EC_GROUP_set_seed(group, data->seed, data->seed_len))
+                if (!EC_GROUP_set_seed(group, params-seed_len, seed_len))
                         {
                         ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
                         goto err;
@@ -1263,7 +2052,7 @@ size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems)
         for (i = 0; i < min; i++)
                 {
                 r[i].nid = curve_list[i].nid;
-                r[i].comment = curve_list[i].data->comment;
+                r[i].comment = curve_list[i].comment;
                 }
 
         return curve_list_length;
diff --git a/src/lib/libcrypto/ec/ec_pmeth.c b/src/lib/libcrypto/ec/ec_pmeth.c
new file mode 100644
index 0000000000..f433076ca1
--- /dev/null
+++ b/src/lib/libcrypto/ec/ec_pmeth.c
@@ -0,0 +1,340 @@
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2006.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/ec.h>
+#include <openssl/ecdsa.h>
+#include <openssl/evp.h>
+#include "evp_locl.h"
+
+/* EC pkey context structure */
+
+typedef struct
+        {
+        /* Key and paramgen group */
+        EC_GROUP *gen_group;
+        /* message digest */
+        const EVP_MD *md;
+        } EC_PKEY_CTX;
+
+static int pkey_ec_init(EVP_PKEY_CTX *ctx)
+        {
+        EC_PKEY_CTX *dctx;
+        dctx = OPENSSL_malloc(sizeof(EC_PKEY_CTX));
+        if (!dctx)
+                return 0;
+        dctx->gen_group = NULL;
+        dctx->md = NULL;
+
+        ctx->data = dctx;
+
+        return 1;
+        }
+
+static int pkey_ec_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
+        {
+        EC_PKEY_CTX *dctx, *sctx;
+        if (!pkey_ec_init(dst))
+                return 0;
+        sctx = src->data;
+        dctx = dst->data;
+        if (sctx->gen_group)
+                {
+                dctx->gen_group = EC_GROUP_dup(sctx->gen_group);
+                if (!dctx->gen_group)
+                        return 0;
+                }
+        dctx->md = sctx->md;
+        return 1;
+        }
+
+static void pkey_ec_cleanup(EVP_PKEY_CTX *ctx)
+        {
+        EC_PKEY_CTX *dctx = ctx->data;
+        if (dctx)
+                {
+                if (dctx->gen_group)
+                        EC_GROUP_free(dctx->gen_group);
+                OPENSSL_free(dctx);
+                }
+        }
+
+static int pkey_ec_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+                                        const unsigned char *tbs, size_t tbslen)
+        {
+        int ret, type;
+        unsigned int sltmp;
+        EC_PKEY_CTX *dctx = ctx->data;
+        EC_KEY *ec = ctx->pkey->pkey.ec;
+
+        if (!sig)
+                {
+                *siglen = ECDSA_size(ec);
+                return 1;
+                }
+        else if(*siglen < (size_t)ECDSA_size(ec))
+                {
+                ECerr(EC_F_PKEY_EC_SIGN, EC_R_BUFFER_TOO_SMALL);
+                return 0;
+                }
+
+        if (dctx->md)
+                type = EVP_MD_type(dctx->md);
+        else
+                type = NID_sha1;
+
+
+        ret = ECDSA_sign(type, tbs, tbslen, sig, &sltmp, ec);
+
+        if (ret <= 0)
+                return ret;
+        *siglen = (size_t)sltmp;
+        return 1;
+        }
+
+static int pkey_ec_verify(EVP_PKEY_CTX *ctx,
+                                        const unsigned char *sig, size_t siglen,
+                                        const unsigned char *tbs, size_t tbslen)
+        {
+        int ret, type;
+        EC_PKEY_CTX *dctx = ctx->data;
+        EC_KEY *ec = ctx->pkey->pkey.ec;
+
+        if (dctx->md)
+                type = EVP_MD_type(dctx->md);
+        else
+                type = NID_sha1;
+
+        ret = ECDSA_verify(type, tbs, tbslen, sig, siglen, ec);
+
+        return ret;
+        }
+
+static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
+        {
+        int ret;
+        size_t outlen;
+        const EC_POINT *pubkey = NULL;
+        if (!ctx->pkey || !ctx->peerkey)
+                {
+                ECerr(EC_F_PKEY_EC_DERIVE, EC_R_KEYS_NOT_SET);
+                return 0;
+                }
+
+        if (!key)
+                {
+                const EC_GROUP *group;
+                group = EC_KEY_get0_group(ctx->pkey->pkey.ec);
+                *keylen = (EC_GROUP_get_degree(group) + 7)/8;
+                return 1;
+                }
+
+        pubkey = EC_KEY_get0_public_key(ctx->peerkey->pkey.ec);
+
+        /* NB: unlike PKS#3 DH, if *outlen is less than maximum size this is
+         * not an error, the result is truncated.
+         */
+
+        outlen = *keylen;
+                
+        ret = ECDH_compute_key(key, outlen, pubkey, ctx->pkey->pkey.ec, 0);
+        if (ret < 0)
+                return ret;
+        *keylen = ret;
+        return 1;
+        }
+
+static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+        {
+        EC_PKEY_CTX *dctx = ctx->data;
+        EC_GROUP *group;
+        switch (type)
+                {
+                case EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID:
+                group = EC_GROUP_new_by_curve_name(p1);
+                if (group == NULL)
+                        {
+                        ECerr(EC_F_PKEY_EC_CTRL, EC_R_INVALID_CURVE);
+                        return 0;
+                        }
+                if (dctx->gen_group)
+                        EC_GROUP_free(dctx->gen_group);
+                dctx->gen_group = group;
+                return 1;
+
+                case EVP_PKEY_CTRL_MD:
+                if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 &&
+                    EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
+                    EVP_MD_type((const EVP_MD *)p2) != NID_sha256 &&
+                    EVP_MD_type((const EVP_MD *)p2) != NID_sha384 &&
+                    EVP_MD_type((const EVP_MD *)p2) != NID_sha512)
+                        {
+                        ECerr(EC_F_PKEY_EC_CTRL, EC_R_INVALID_DIGEST_TYPE);
+                        return 0;
+                        }
+                dctx->md = p2;
+                return 1;
+
+                case EVP_PKEY_CTRL_PEER_KEY:
+                /* Default behaviour is OK */
+                case EVP_PKEY_CTRL_DIGESTINIT:
+                case EVP_PKEY_CTRL_PKCS7_SIGN:
+                case EVP_PKEY_CTRL_CMS_SIGN:
+                return 1;
+
+                default:
+                return -2;
+
+                }
+        }
+                        
+static int pkey_ec_ctrl_str(EVP_PKEY_CTX *ctx,
+                        const char *type, const char *value)
+        {
+        if (!strcmp(type, "ec_paramgen_curve"))
+                {
+                int nid;
+                nid = OBJ_sn2nid(value);
+                if (nid == NID_undef)
+                        nid = OBJ_ln2nid(value);
+                if (nid == NID_undef)
+                        {
+                        ECerr(EC_F_PKEY_EC_CTRL_STR, EC_R_INVALID_CURVE);
+                        return 0;
+                        }
+                return EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid);
+                }
+        return -2;
+        }
+
+static int pkey_ec_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+        {
+        EC_KEY *ec = NULL;
+        EC_PKEY_CTX *dctx = ctx->data;
+        int ret = 0;
+        if (dctx->gen_group == NULL)
+                {
+                ECerr(EC_F_PKEY_EC_PARAMGEN, EC_R_NO_PARAMETERS_SET);
+                return 0;
+                }
+        ec = EC_KEY_new();
+        if (!ec)
+                return 0;
+        ret = EC_KEY_set_group(ec, dctx->gen_group);
+        if (ret)
+                EVP_PKEY_assign_EC_KEY(pkey, ec);
+        else
+                EC_KEY_free(ec);
+        return ret;
+        }
+
+static int pkey_ec_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+        {
+        EC_KEY *ec = NULL;
+        if (ctx->pkey == NULL)
+                {
+                ECerr(EC_F_PKEY_EC_KEYGEN, EC_R_NO_PARAMETERS_SET);
+                return 0;
+                }
+        ec = EC_KEY_new();
+        if (!ec)
+                return 0;
+        EVP_PKEY_assign_EC_KEY(pkey, ec);
+        /* Note: if error return, pkey is freed by parent routine */
+        if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey))
+                return 0;
+        return EC_KEY_generate_key(pkey->pkey.ec);
+        }
+
+const EVP_PKEY_METHOD ec_pkey_meth = 
+        {
+        EVP_PKEY_EC,
+        0,
+        pkey_ec_init,
+        pkey_ec_copy,
+        pkey_ec_cleanup,
+
+        0,
+        pkey_ec_paramgen,
+
+        0,
+        pkey_ec_keygen,
+
+        0,
+        pkey_ec_sign,
+
+        0,
+        pkey_ec_verify,
+
+        0,0,
+
+        0,0,0,0,
+
+        0,0,
+
+        0,0,
+
+        0,
+        pkey_ec_derive,
+
+        pkey_ec_ctrl,
+        pkey_ec_ctrl_str
+
+        };
diff --git a/src/lib/libcrypto/ec/eck_prn.c b/src/lib/libcrypto/ec/eck_prn.c
new file mode 100644
index 0000000000..7d3e175ae7
--- /dev/null
+++ b/src/lib/libcrypto/ec/eck_prn.c
@@ -0,0 +1,391 @@
+/* crypto/ec/eck_prn.c */
+/*
+ * Written by Nils Larsch for the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * Portions originally developed by SUN MICROSYSTEMS, INC., and 
+ * contributed to the OpenSSL project.
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/ec.h>
+#include <openssl/bn.h>
+
+#ifndef OPENSSL_NO_FP_API
+int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off)
+        {
+        BIO *b;
+        int ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                {
+                ECerr(EC_F_ECPKPARAMETERS_PRINT_FP,ERR_R_BUF_LIB);
+                return(0);
+                }
+        BIO_set_fp(b, fp, BIO_NOCLOSE);
+        ret = ECPKParameters_print(b, x, off);
+        BIO_free(b);
+        return(ret);
+        }
+
+int EC_KEY_print_fp(FILE *fp, const EC_KEY *x, int off)
+        {
+        BIO *b;
+        int ret;
+ 
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                {
+                ECerr(EC_F_EC_KEY_PRINT_FP, ERR_R_BIO_LIB);
+                return(0);
+                }
+        BIO_set_fp(b, fp, BIO_NOCLOSE);
+        ret = EC_KEY_print(b, x, off);
+        BIO_free(b);
+        return(ret);
+        }
+
+int ECParameters_print_fp(FILE *fp, const EC_KEY *x)
+        {
+        BIO *b;
+        int ret;
+ 
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                {
+                ECerr(EC_F_ECPARAMETERS_PRINT_FP, ERR_R_BIO_LIB);
+                return(0);
+                }
+        BIO_set_fp(b, fp, BIO_NOCLOSE);
+        ret = ECParameters_print(b, x);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+
+int EC_KEY_print(BIO *bp, const EC_KEY *x, int off)
+        {
+        EVP_PKEY *pk;
+        int ret;
+        pk = EVP_PKEY_new();
+        if (!pk || !EVP_PKEY_set1_EC_KEY(pk, (EC_KEY *)x))
+                return 0;
+        ret = EVP_PKEY_print_private(bp, pk, off, NULL);
+        EVP_PKEY_free(pk);
+        return ret;
+        }
+
+int ECParameters_print(BIO *bp, const EC_KEY *x)
+        {
+        EVP_PKEY *pk;
+        int ret;
+        pk = EVP_PKEY_new();
+        if (!pk || !EVP_PKEY_set1_EC_KEY(pk, (EC_KEY *)x))
+                return 0;
+        ret = EVP_PKEY_print_params(bp, pk, 4, NULL);
+        EVP_PKEY_free(pk);
+        return ret;
+        }
+
+static int print_bin(BIO *fp, const char *str, const unsigned char *num,
+                size_t len, int off);
+
+int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off)
+        {
+        unsigned char *buffer=NULL;
+        size_t  buf_len=0, i;
+        int     ret=0, reason=ERR_R_BIO_LIB;
+        BN_CTX  *ctx=NULL;
+        const EC_POINT *point=NULL;
+        BIGNUM  *p=NULL, *a=NULL, *b=NULL, *gen=NULL,
+                *order=NULL, *cofactor=NULL;
+        const unsigned char *seed;
+        size_t  seed_len=0;
+        
+        static const char *gen_compressed = "Generator (compressed):";
+        static const char *gen_uncompressed = "Generator (uncompressed):";
+        static const char *gen_hybrid = "Generator (hybrid):";
+ 
+        if (!x)
+                {
+                reason = ERR_R_PASSED_NULL_PARAMETER;
+                goto err;
+                }
+
+        ctx = BN_CTX_new();
+        if (ctx == NULL)
+                {
+                reason = ERR_R_MALLOC_FAILURE;
+                goto err;
+                }
+
+        if (EC_GROUP_get_asn1_flag(x))
+                {
+                /* the curve parameter are given by an asn1 OID */
+                int nid;
+
+                if (!BIO_indent(bp, off, 128))
+                        goto err;
+
+                nid = EC_GROUP_get_curve_name(x);
+                if (nid == 0)
+                        goto err;
+
+                if (BIO_printf(bp, "ASN1 OID: %s", OBJ_nid2sn(nid)) <= 0)
+                        goto err;
+                if (BIO_printf(bp, "\n") <= 0)
+                        goto err;
+                }
+        else
+                {
+                /* explicit parameters */
+                int is_char_two = 0;
+                point_conversion_form_t form;
+                int tmp_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(x));
+
+                if (tmp_nid == NID_X9_62_characteristic_two_field)
+                        is_char_two = 1;
+
+                if ((p = BN_new()) == NULL || (a = BN_new()) == NULL ||
+                        (b = BN_new()) == NULL || (order = BN_new()) == NULL ||
+                        (cofactor = BN_new()) == NULL)
+                        {
+                        reason = ERR_R_MALLOC_FAILURE;
+                        goto err;
+                        }
+
+                if (is_char_two)
+                        {
+                        if (!EC_GROUP_get_curve_GF2m(x, p, a, b, ctx))
+                                {
+                                reason = ERR_R_EC_LIB;
+                                goto err;
+                                }
+                        }
+                else /* prime field */
+                        {
+                        if (!EC_GROUP_get_curve_GFp(x, p, a, b, ctx))
+                                {
+                                reason = ERR_R_EC_LIB;
+                                goto err;
+                                }
+                        }
+
+                if ((point = EC_GROUP_get0_generator(x)) == NULL)
+                        {
+                        reason = ERR_R_EC_LIB;
+                        goto err;
+                        }
+                if (!EC_GROUP_get_order(x, order, NULL) || 
+                        !EC_GROUP_get_cofactor(x, cofactor, NULL))
+                        {
+                        reason = ERR_R_EC_LIB;
+                        goto err;
+                        }
+                
+                form = EC_GROUP_get_point_conversion_form(x);
+
+                if ((gen = EC_POINT_point2bn(x, point, 
+                                form, NULL, ctx)) == NULL)
+                        {
+                        reason = ERR_R_EC_LIB;
+                        goto err;
+                        }
+
+                buf_len = (size_t)BN_num_bytes(p);
+                if (buf_len < (i = (size_t)BN_num_bytes(a)))
+                        buf_len = i;
+                if (buf_len < (i = (size_t)BN_num_bytes(b)))
+                        buf_len = i;
+                if (buf_len < (i = (size_t)BN_num_bytes(gen)))
+                        buf_len = i;
+                if (buf_len < (i = (size_t)BN_num_bytes(order)))
+                        buf_len = i;
+                if (buf_len < (i = (size_t)BN_num_bytes(cofactor))) 
+                        buf_len = i;
+
+                if ((seed = EC_GROUP_get0_seed(x)) != NULL)
+                        seed_len = EC_GROUP_get_seed_len(x);
+
+                buf_len += 10;
+                if ((buffer = OPENSSL_malloc(buf_len)) == NULL)
+                        {
+                        reason = ERR_R_MALLOC_FAILURE;
+                        goto err;
+                        }
+
+                if (!BIO_indent(bp, off, 128))
+                        goto err;
+
+                /* print the 'short name' of the field type */
+                if (BIO_printf(bp, "Field Type: %s\n", OBJ_nid2sn(tmp_nid))
+                        <= 0)
+                        goto err;  
+
+                if (is_char_two)
+                        {
+                        /* print the 'short name' of the base type OID */
+                        int basis_type = EC_GROUP_get_basis_type(x);
+                        if (basis_type == 0)
+                                goto err;
+
+                        if (!BIO_indent(bp, off, 128))
+                                goto err;
+
+                        if (BIO_printf(bp, "Basis Type: %s\n", 
+                                OBJ_nid2sn(basis_type)) <= 0)
+                                goto err;
+
+                        /* print the polynomial */
+                        if ((p != NULL) && !ASN1_bn_print(bp, "Polynomial:", p, buffer,
+                                off))
+                                goto err;
+                        }
+                else
+                        {
+                        if ((p != NULL) && !ASN1_bn_print(bp, "Prime:", p, buffer,off))
+                                goto err;
+                        }
+                if ((a != NULL) && !ASN1_bn_print(bp, "A:   ", a, buffer, off)) 
+                        goto err;
+                if ((b != NULL) && !ASN1_bn_print(bp, "B:   ", b, buffer, off))
+                        goto err;
+                if (form == POINT_CONVERSION_COMPRESSED)
+                        {
+                        if ((gen != NULL) && !ASN1_bn_print(bp, gen_compressed, gen,
+                                buffer, off))
+                                goto err;
+                        }
+                else if (form == POINT_CONVERSION_UNCOMPRESSED)
+                        {
+                        if ((gen != NULL) && !ASN1_bn_print(bp, gen_uncompressed, gen,
+                                buffer, off))
+                                goto err;
+                        }
+                else /* form == POINT_CONVERSION_HYBRID */
+                        {
+                        if ((gen != NULL) && !ASN1_bn_print(bp, gen_hybrid, gen,
+                                buffer, off))
+                                goto err;
+                        }
+                if ((order != NULL) && !ASN1_bn_print(bp, "Order: ", order, 
+                        buffer, off)) goto err;
+                if ((cofactor != NULL) && !ASN1_bn_print(bp, "Cofactor: ", cofactor, 
+                        buffer, off)) goto err;
+                if (seed && !print_bin(bp, "Seed:", seed, seed_len, off))
+                        goto err;
+                }
+        ret=1;
+err:
+        if (!ret)
+                ECerr(EC_F_ECPKPARAMETERS_PRINT, reason);
+        if (p) 
+                BN_free(p);
+        if (a) 
+                BN_free(a);
+        if (b)
+                BN_free(b);
+        if (gen)
+                BN_free(gen);
+        if (order)
+                BN_free(order);
+        if (cofactor)
+                BN_free(cofactor);
+        if (ctx)
+                BN_CTX_free(ctx);
+        if (buffer != NULL) 
+                OPENSSL_free(buffer);
+        return(ret);    
+        }
+
+static int print_bin(BIO *fp, const char *name, const unsigned char *buf,
+                size_t len, int off)
+        {
+        size_t i;
+        char str[128];
+
+        if (buf == NULL)
+                return 1;
+        if (off)
+                {
+                if (off > 128)
+                        off=128;
+                memset(str,' ',off);
+                if (BIO_write(fp, str, off) <= 0)
+                        return 0;
+                }
+
+        if (BIO_printf(fp,"%s", name) <= 0)
+                return 0;
+
+        for (i=0; i<len; i++)
+                {
+                if ((i%15) == 0)
+                        {
+                        str[0]='\n';
+                        memset(&(str[1]),' ',off+4);
+                        if (BIO_write(fp, str, off+1+4) <= 0)
+                                return 0;
+                        }
+                if (BIO_printf(fp,"%02x%s",buf[i],((i+1) == len)?"":":") <= 0)
+                        return 0;
+                }
+        if (BIO_write(fp,"\n",1) <= 0)
+                return 0;
+
+        return 1;
+        }
diff --git a/src/lib/libcrypto/ecdh/ech_err.c b/src/lib/libcrypto/ecdh/ech_err.c
index 4d2ede75bd..6f4b0c9953 100644
--- a/src/lib/libcrypto/ecdh/ech_err.c
+++ b/src/lib/libcrypto/ecdh/ech_err.c
@@ -1,6 +1,6 @@
 /* crypto/ecdh/ech_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -71,7 +71,7 @@
 static ERR_STRING_DATA ECDH_str_functs[]=
         {
 {ERR_FUNC(ECDH_F_ECDH_COMPUTE_KEY),     "ECDH_compute_key"},
-{ERR_FUNC(ECDH_F_ECDH_DATA_NEW_METHOD), "ECDH_DATA_NEW_METHOD"},
+{ERR_FUNC(ECDH_F_ECDH_DATA_NEW_METHOD), "ECDH_DATA_new_method"},
 {0,NULL}
         };
 
diff --git a/src/lib/libcrypto/ecdsa/ecdsa.h b/src/lib/libcrypto/ecdsa/ecdsa.h
index f20c8ee738..e61c539812 100644
--- a/src/lib/libcrypto/ecdsa/ecdsa.h
+++ b/src/lib/libcrypto/ecdsa/ecdsa.h
@@ -4,7 +4,7 @@
  * \author Written by Nils Larsch for the OpenSSL project
  */
 /* ====================================================================
- * Copyright (c) 2000-2003 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -81,156 +81,143 @@ typedef struct ECDSA_SIG_st
         BIGNUM *s;
         } ECDSA_SIG;
 
-/** ECDSA_SIG *ECDSA_SIG_new(void)
- * allocates and initialize a ECDSA_SIG structure
- * \return pointer to a ECDSA_SIG structure or NULL if an error occurred
+/** Allocates and initialize a ECDSA_SIG structure
+ *  \return pointer to a ECDSA_SIG structure or NULL if an error occurred
  */
 ECDSA_SIG *ECDSA_SIG_new(void);
 
-/** ECDSA_SIG_free
- * frees a ECDSA_SIG structure
- * \param a pointer to the ECDSA_SIG structure
+/** frees a ECDSA_SIG structure
+ *  \param  sig  pointer to the ECDSA_SIG structure
  */
-void      ECDSA_SIG_free(ECDSA_SIG *a);
+void      ECDSA_SIG_free(ECDSA_SIG *sig);
 
-/** i2d_ECDSA_SIG
- * DER encode content of ECDSA_SIG object (note: this function modifies *pp
- * (*pp += length of the DER encoded signature)).
- * \param a  pointer to the ECDSA_SIG object
- * \param pp pointer to a unsigned char pointer for the output or NULL
- * \return the length of the DER encoded ECDSA_SIG object or 0 
+/** DER encode content of ECDSA_SIG object (note: this function modifies *pp
+ *  (*pp += length of the DER encoded signature)).
+ *  \param  sig  pointer to the ECDSA_SIG object
+ *  \param  pp   pointer to a unsigned char pointer for the output or NULL
+ *  \return the length of the DER encoded ECDSA_SIG object or 0 
  */
-int       i2d_ECDSA_SIG(const ECDSA_SIG *a, unsigned char **pp);
+int       i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp);
 
-/** d2i_ECDSA_SIG
- * decodes a DER encoded ECDSA signature (note: this function changes *pp
- * (*pp += len)). 
- * \param v pointer to ECDSA_SIG pointer (may be NULL)
- * \param pp buffer with the DER encoded signature
- * \param len bufferlength
- * \return pointer to the decoded ECDSA_SIG structure (or NULL)
+/** Decodes a DER encoded ECDSA signature (note: this function changes *pp
+ *  (*pp += len)). 
+ *  \param  sig  pointer to ECDSA_SIG pointer (may be NULL)
+ *  \param  pp   memory buffer with the DER encoded signature
+ *  \param  len  length of the buffer
+ *  \return pointer to the decoded ECDSA_SIG structure (or NULL)
  */
-ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **v, const unsigned char **pp, long len);
+ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, long len);
 
-/** ECDSA_do_sign
- * computes the ECDSA signature of the given hash value using
- * the supplied private key and returns the created signature.
- * \param dgst pointer to the hash value
- * \param dgst_len length of the hash value
- * \param eckey pointer to the EC_KEY object containing a private EC key
- * \return pointer to a ECDSA_SIG structure or NULL
+/** Computes the ECDSA signature of the given hash value using
+ *  the supplied private key and returns the created signature.
+ *  \param  dgst      pointer to the hash value
+ *  \param  dgst_len  length of the hash value
+ *  \param  eckey     EC_KEY object containing a private EC key
+ *  \return pointer to a ECDSA_SIG structure or NULL if an error occurred
  */
 ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst,int dgst_len,EC_KEY *eckey);
 
-/** ECDSA_do_sign_ex
- * computes ECDSA signature of a given hash value using the supplied
- * private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
- * \param dgst pointer to the hash value to sign
- * \param dgstlen length of the hash value
- * \param kinv optional pointer to a pre-computed inverse k
- * \param rp optional pointer to the pre-computed rp value (see 
- *        ECDSA_sign_setup
- * \param eckey pointer to the EC_KEY object containing a private EC key
- * \return pointer to a ECDSA_SIG structure or NULL
+/** Computes ECDSA signature of a given hash value using the supplied
+ *  private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
+ *  \param  dgst     pointer to the hash value to sign
+ *  \param  dgstlen  length of the hash value
+ *  \param  kinv     BIGNUM with a pre-computed inverse k (optional)
+ *  \param  rp       BIGNUM with a pre-computed rp value (optioanl), 
+ *                   see ECDSA_sign_setup
+ *  \param  eckey    EC_KEY object containing a private EC key
+ *  \return pointer to a ECDSA_SIG structure or NULL if an error occurred
  */
 ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen, 
                 const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey);
 
-/** ECDSA_do_verify
- * verifies that the supplied signature is a valid ECDSA
- * signature of the supplied hash value using the supplied public key.
- * \param dgst pointer to the hash value
- * \param dgst_len length of the hash value
- * \param sig  pointer to the ECDSA_SIG structure
- * \param eckey pointer to the EC_KEY object containing a public EC key
- * \return 1 if the signature is valid, 0 if the signature is invalid and -1 on error
+/** Verifies that the supplied signature is a valid ECDSA
+ *  signature of the supplied hash value using the supplied public key.
+ *  \param  dgst      pointer to the hash value
+ *  \param  dgst_len  length of the hash value
+ *  \param  sig       ECDSA_SIG structure
+ *  \param  eckey     EC_KEY object containing a public EC key
+ *  \return 1 if the signature is valid, 0 if the signature is invalid
+ *          and -1 on error
  */
 int       ECDSA_do_verify(const unsigned char *dgst, int dgst_len,
                 const ECDSA_SIG *sig, EC_KEY* eckey);
 
 const ECDSA_METHOD *ECDSA_OpenSSL(void);
 
-/** ECDSA_set_default_method
- * sets the default ECDSA method
- * \param meth the new default ECDSA_METHOD
+/** Sets the default ECDSA method
+ *  \param  meth  new default ECDSA_METHOD
  */
 void      ECDSA_set_default_method(const ECDSA_METHOD *meth);
 
-/** ECDSA_get_default_method
- * returns the default ECDSA method
- * \return pointer to ECDSA_METHOD structure containing the default method
+/** Returns the default ECDSA method
+ *  \return pointer to ECDSA_METHOD structure containing the default method
  */
 const ECDSA_METHOD *ECDSA_get_default_method(void);
 
-/** ECDSA_set_method
- * sets method to be used for the ECDSA operations
- * \param eckey pointer to the EC_KEY object
- * \param meth  pointer to the new method
- * \return 1 on success and 0 otherwise 
+/** Sets method to be used for the ECDSA operations
+ *  \param  eckey  EC_KEY object
+ *  \param  meth   new method
+ *  \return 1 on success and 0 otherwise 
  */
 int       ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth);
 
-/** ECDSA_size
- * returns the maximum length of the DER encoded signature
- * \param  eckey pointer to a EC_KEY object
- * \return numbers of bytes required for the DER encoded signature
+/** Returns the maximum length of the DER encoded signature
+ *  \param  eckey  EC_KEY object
+ *  \return numbers of bytes required for the DER encoded signature
  */
 int       ECDSA_size(const EC_KEY *eckey);
 
-/** ECDSA_sign_setup
- * precompute parts of the signing operation. 
- * \param eckey pointer to the EC_KEY object containing a private EC key
- * \param ctx  pointer to a BN_CTX object (may be NULL)
- * \param kinv pointer to a BIGNUM pointer for the inverse of k
- * \param rp   pointer to a BIGNUM pointer for x coordinate of k * generator
- * \return 1 on success and 0 otherwise
+/** Precompute parts of the signing operation
+ *  \param  eckey  EC_KEY object containing a private EC key
+ *  \param  ctx    BN_CTX object (optional)
+ *  \param  kinv   BIGNUM pointer for the inverse of k
+ *  \param  rp     BIGNUM pointer for x coordinate of k * generator
+ *  \return 1 on success and 0 otherwise
  */
 int       ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, 
                 BIGNUM **rp);
 
-/** ECDSA_sign
- * computes ECDSA signature of a given hash value using the supplied
- * private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
- * \param type this parameter is ignored
- * \param dgst pointer to the hash value to sign
- * \param dgstlen length of the hash value
- * \param sig buffer to hold the DER encoded signature
- * \param siglen pointer to the length of the returned signature
- * \param eckey pointer to the EC_KEY object containing a private EC key
- * \return 1 on success and 0 otherwise
+/** Computes ECDSA signature of a given hash value using the supplied
+ *  private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
+ *  \param  type     this parameter is ignored
+ *  \param  dgst     pointer to the hash value to sign
+ *  \param  dgstlen  length of the hash value
+ *  \param  sig      memory for the DER encoded created signature
+ *  \param  siglen   pointer to the length of the returned signature
+ *  \param  eckey    EC_KEY object containing a private EC key
+ *  \return 1 on success and 0 otherwise
  */
 int       ECDSA_sign(int type, const unsigned char *dgst, int dgstlen, 
                 unsigned char *sig, unsigned int *siglen, EC_KEY *eckey);
 
 
-/** ECDSA_sign_ex
- * computes ECDSA signature of a given hash value using the supplied
- * private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
- * \param type this parameter is ignored
- * \param dgst pointer to the hash value to sign
- * \param dgstlen length of the hash value
- * \param sig buffer to hold the DER encoded signature
- * \param siglen pointer to the length of the returned signature
- * \param kinv optional pointer to a pre-computed inverse k
- * \param rp optional pointer to the pre-computed rp value (see 
- *        ECDSA_sign_setup
- * \param eckey pointer to the EC_KEY object containing a private EC key
- * \return 1 on success and 0 otherwise
+/** Computes ECDSA signature of a given hash value using the supplied
+ *  private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
+ *  \param  type     this parameter is ignored
+ *  \param  dgst     pointer to the hash value to sign
+ *  \param  dgstlen  length of the hash value
+ *  \param  sig      buffer to hold the DER encoded signature
+ *  \param  siglen   pointer to the length of the returned signature
+ *  \param  kinv     BIGNUM with a pre-computed inverse k (optional)
+ *  \param  rp       BIGNUM with a pre-computed rp value (optioanl), 
+ *                   see ECDSA_sign_setup
+ *  \param  eckey    EC_KEY object containing a private EC key
+ *  \return 1 on success and 0 otherwise
  */
 int       ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen, 
                 unsigned char *sig, unsigned int *siglen, const BIGNUM *kinv,
                 const BIGNUM *rp, EC_KEY *eckey);
 
-/** ECDSA_verify
- * verifies that the given signature is valid ECDSA signature
- * of the supplied hash value using the specified public key.
- * \param type this parameter is ignored
- * \param dgst pointer to the hash value 
- * \param dgstlen length of the hash value
- * \param sig  pointer to the DER encoded signature
- * \param siglen length of the DER encoded signature
- * \param eckey pointer to the EC_KEY object containing a public EC key
- * \return 1 if the signature is valid, 0 if the signature is invalid and -1 on error
+/** Verifies that the given signature is valid ECDSA signature
+ *  of the supplied hash value using the specified public key.
+ *  \param  type     this parameter is ignored
+ *  \param  dgst     pointer to the hash value 
+ *  \param  dgstlen  length of the hash value
+ *  \param  sig      pointer to the DER encoded signature
+ *  \param  siglen   length of the DER encoded signature
+ *  \param  eckey    EC_KEY object containing a public EC key
+ *  \return 1 if the signature is valid, 0 if the signature is invalid
+ *          and -1 on error
  */
 int       ECDSA_verify(int type, const unsigned char *dgst, int dgstlen, 
                 const unsigned char *sig, int siglen, EC_KEY *eckey);
diff --git a/src/lib/libcrypto/ecdsa/ecs_err.c b/src/lib/libcrypto/ecdsa/ecs_err.c
index d2a53730ea..98e38d537f 100644
--- a/src/lib/libcrypto/ecdsa/ecs_err.c
+++ b/src/lib/libcrypto/ecdsa/ecs_err.c
@@ -1,6 +1,6 @@
 /* crypto/ecdsa/ecs_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
diff --git a/src/lib/libcrypto/ecdsa/ecs_ossl.c b/src/lib/libcrypto/ecdsa/ecs_ossl.c
index 3ead1af94e..551cf5068f 100644
--- a/src/lib/libcrypto/ecdsa/ecs_ossl.c
+++ b/src/lib/libcrypto/ecdsa/ecs_ossl.c
@@ -212,7 +212,7 @@ err:
 static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, 
                 const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey)
 {
-        int     ok = 0;
+        int     ok = 0, i;
         BIGNUM *kinv=NULL, *s, *m=NULL,*tmp=NULL,*order=NULL;
         const BIGNUM *ckinv;
         BN_CTX     *ctx = NULL;
@@ -251,22 +251,19 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
                 ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
                 goto err;
         }
-        if (8 * dgst_len > BN_num_bits(order))
+        i = BN_num_bits(order);
+        /* Need to truncate digest if it is too long: first truncate whole
+         * bytes.
+         */
+        if (8 * dgst_len > i)
+                dgst_len = (i + 7)/8;
+        if (!BN_bin2bn(dgst, dgst_len, m))
         {
-                /* XXX
-                 * 
-                 * Should provide for optional hash truncation:
-                 * Keep the BN_num_bits(order) leftmost bits of dgst
-                 * (see March 2006 FIPS 186-3 draft, which has a few
-                 * confusing errors in this part though)
-                 */
-
-                ECDSAerr(ECDSA_F_ECDSA_DO_SIGN,
-                        ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+                ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
                 goto err;
         }
-
-        if (!BN_bin2bn(dgst, dgst_len, m))
+        /* If still too long truncate remaining bits with a shift */
+        if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7)))
         {
                 ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
                 goto err;
@@ -346,7 +343,7 @@ err:
 static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len,
                 const ECDSA_SIG *sig, EC_KEY *eckey)
 {
-        int ret = -1;
+        int ret = -1, i;
         BN_CTX   *ctx;
         BIGNUM   *order, *u1, *u2, *m, *X;
         EC_POINT *point = NULL;
@@ -384,21 +381,6 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len,
                 ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
                 goto err;
         }
-        if (8 * dgst_len > BN_num_bits(order))
-        {
-                /* XXX
-                 * 
-                 * Should provide for optional hash truncation:
-                 * Keep the BN_num_bits(order) leftmost bits of dgst
-                 * (see March 2006 FIPS 186-3 draft, which has a few
-                 * confusing errors in this part though)
-                 */
-
-                ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY,
-                        ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
-                ret = 0;
-                goto err;
-        }
 
         if (BN_is_zero(sig->r)          || BN_is_negative(sig->r) || 
             BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s)  ||
@@ -415,11 +397,23 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len,
                 goto err;
         }
         /* digest -> m */
+        i = BN_num_bits(order);
+        /* Need to truncate digest if it is too long: first truncate whole
+         * bytes.
+         */
+        if (8 * dgst_len > i)
+                dgst_len = (i + 7)/8;
         if (!BN_bin2bn(dgst, dgst_len, m))
         {
                 ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
                 goto err;
         }
+        /* If still too long truncate remaining bits with a shift */
+        if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7)))
+        {
+                ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
+                goto err;
+        }
         /* u1 = m * tmp mod order */
         if (!BN_mod_mul(u1, m, u2, order, ctx))
         {
diff --git a/src/lib/libcrypto/ecdsa/ecs_sign.c b/src/lib/libcrypto/ecdsa/ecs_sign.c
index 74b1fe8caf..353d5af514 100644
--- a/src/lib/libcrypto/ecdsa/ecs_sign.c
+++ b/src/lib/libcrypto/ecdsa/ecs_sign.c
@@ -57,6 +57,7 @@
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
 #endif
+#include <openssl/rand.h>
 
 ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey)
 {
@@ -83,6 +84,7 @@ int ECDSA_sign_ex(int type, const unsigned char *dgst, int dlen, unsigned char
         EC_KEY *eckey)
 {
         ECDSA_SIG *s;
+        RAND_seed(dgst, dlen);
         s = ECDSA_do_sign_ex(dgst, dlen, kinv, r, eckey);
         if (s == NULL)
         {
diff --git a/src/lib/libcrypto/engine/tb_asnmth.c b/src/lib/libcrypto/engine/tb_asnmth.c
new file mode 100644
index 0000000000..75090339f7
--- /dev/null
+++ b/src/lib/libcrypto/engine/tb_asnmth.c
@@ -0,0 +1,246 @@
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include "eng_int.h"
+#include "asn1_locl.h"
+#include <openssl/evp.h>
+
+/* If this symbol is defined then ENGINE_get_pkey_asn1_meth_engine(), the
+ * function that is used by EVP to hook in pkey_asn1_meth code and cache
+ * defaults (etc), will display brief debugging summaries to stderr with the
+ * 'nid'. */
+/* #define ENGINE_PKEY_ASN1_METH_DEBUG */
+
+static ENGINE_TABLE *pkey_asn1_meth_table = NULL;
+
+void ENGINE_unregister_pkey_asn1_meths(ENGINE *e)
+        {
+        engine_table_unregister(&pkey_asn1_meth_table, e);
+        }
+
+static void engine_unregister_all_pkey_asn1_meths(void)
+        {
+        engine_table_cleanup(&pkey_asn1_meth_table);
+        }
+
+int ENGINE_register_pkey_asn1_meths(ENGINE *e)
+        {
+        if(e->pkey_asn1_meths)
+                {
+                const int *nids;
+                int num_nids = e->pkey_asn1_meths(e, NULL, &nids, 0);
+                if(num_nids > 0)
+                        return engine_table_register(&pkey_asn1_meth_table,
+                                engine_unregister_all_pkey_asn1_meths, e, nids,
+                                        num_nids, 0);
+                }
+        return 1;
+        }
+
+void ENGINE_register_all_pkey_asn1_meths(void)
+        {
+        ENGINE *e;
+
+        for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
+                ENGINE_register_pkey_asn1_meths(e);
+        }
+
+int ENGINE_set_default_pkey_asn1_meths(ENGINE *e)
+        {
+        if(e->pkey_asn1_meths)
+                {
+                const int *nids;
+                int num_nids = e->pkey_asn1_meths(e, NULL, &nids, 0);
+                if(num_nids > 0)
+                        return engine_table_register(&pkey_asn1_meth_table,
+                                engine_unregister_all_pkey_asn1_meths, e, nids,
+                                        num_nids, 1);
+                }
+        return 1;
+        }
+
+/* Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references) for a given pkey_asn1_meth 'nid' */
+ENGINE *ENGINE_get_pkey_asn1_meth_engine(int nid)
+        {
+        return engine_table_select(&pkey_asn1_meth_table, nid);
+        }
+
+/* Obtains a pkey_asn1_meth implementation from an ENGINE functional reference */
+const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth(ENGINE *e, int nid)
+        {
+        EVP_PKEY_ASN1_METHOD *ret;
+        ENGINE_PKEY_ASN1_METHS_PTR fn = ENGINE_get_pkey_asn1_meths(e);
+        if(!fn || !fn(e, &ret, NULL, nid))
+                {
+                ENGINEerr(ENGINE_F_ENGINE_GET_PKEY_ASN1_METH,
+                                ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD);
+                return NULL;
+                }
+        return ret;
+        }
+
+/* Gets the pkey_asn1_meth callback from an ENGINE structure */
+ENGINE_PKEY_ASN1_METHS_PTR ENGINE_get_pkey_asn1_meths(const ENGINE *e)
+        {
+        return e->pkey_asn1_meths;
+        }
+
+/* Sets the pkey_asn1_meth callback in an ENGINE structure */
+int ENGINE_set_pkey_asn1_meths(ENGINE *e, ENGINE_PKEY_ASN1_METHS_PTR f)
+        {
+        e->pkey_asn1_meths = f;
+        return 1;
+        }
+
+/* Internal function to free up EVP_PKEY_ASN1_METHOD structures before an
+ * ENGINE is destroyed
+ */
+
+void engine_pkey_asn1_meths_free(ENGINE *e)
+        {
+        int i;
+        EVP_PKEY_ASN1_METHOD *pkm;
+        if (e->pkey_asn1_meths)
+                {
+                const int *pknids;
+                int npknids;
+                npknids = e->pkey_asn1_meths(e, NULL, &pknids, 0);
+                for (i = 0; i < npknids; i++)
+                        {
+                        if (e->pkey_asn1_meths(e, &pkm, NULL, pknids[i]))
+                                {
+                                EVP_PKEY_asn1_free(pkm);
+                                }
+                        }
+                }
+        }
+
+/* Find a method based on a string. This does a linear search through
+ * all implemented algorithms. This is OK in practice because only
+ * a small number of algorithms are likely to be implemented in an engine
+ * and it is not used for speed critical operations.
+ */
+
+const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e,
+                                        const char *str, int len)
+        {
+        int i, nidcount;
+        const int *nids;
+        EVP_PKEY_ASN1_METHOD *ameth;
+        if (!e->pkey_asn1_meths)
+                return NULL;
+        if (len == -1)
+                len = strlen(str);
+        nidcount = e->pkey_asn1_meths(e, NULL, &nids, 0);
+        for (i = 0; i < nidcount; i++)
+                {
+                e->pkey_asn1_meths(e, &ameth, NULL, nids[i]);
+                if (((int)strlen(ameth->pem_str) == len) && 
+                                        !strncasecmp(ameth->pem_str, str, len))
+                        return ameth;
+                }
+        return NULL;
+        }
+
+typedef struct 
+        {
+        ENGINE *e;
+        const EVP_PKEY_ASN1_METHOD *ameth;
+        const char *str;
+        int len;
+        } ENGINE_FIND_STR;
+
+static void look_str_cb(int nid, STACK_OF(ENGINE) *sk, ENGINE *def, void *arg)
+        {
+        ENGINE_FIND_STR *lk = arg;
+        int i;
+        if (lk->ameth)
+                return;
+        for (i = 0; i < sk_ENGINE_num(sk); i++)
+                {
+                ENGINE *e = sk_ENGINE_value(sk, i);
+                EVP_PKEY_ASN1_METHOD *ameth;
+                e->pkey_asn1_meths(e, &ameth, NULL, nid);
+                if (((int)strlen(ameth->pem_str) == lk->len) && 
+                                !strncasecmp(ameth->pem_str, lk->str, lk->len))
+                        {
+                        lk->e = e;
+                        lk->ameth = ameth;
+                        return;
+                        }
+                }
+        }
+
+const EVP_PKEY_ASN1_METHOD *ENGINE_pkey_asn1_find_str(ENGINE **pe,
+                                        const char *str, int len)
+        {
+        ENGINE_FIND_STR fstr;
+        fstr.e = NULL;
+        fstr.ameth = NULL;
+        fstr.str = str;
+        fstr.len = len;
+        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+        engine_table_doall(pkey_asn1_meth_table, look_str_cb, &fstr);
+        /* If found obtain a structural reference to engine */
+        if (fstr.e)
+                {
+                fstr.e->struct_ref++;
+                engine_ref_debug(fstr.e, 0, 1)
+                }
+        *pe = fstr.e;
+        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        return fstr.ameth;
+        }
diff --git a/src/lib/libcrypto/engine/tb_pkmeth.c b/src/lib/libcrypto/engine/tb_pkmeth.c
new file mode 100644
index 0000000000..1cdb967f25
--- /dev/null
+++ b/src/lib/libcrypto/engine/tb_pkmeth.c
@@ -0,0 +1,167 @@
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include "eng_int.h"
+#include <openssl/evp.h>
+
+/* If this symbol is defined then ENGINE_get_pkey_meth_engine(), the function
+ * that is used by EVP to hook in pkey_meth code and cache defaults (etc), will
+ * display brief debugging summaries to stderr with the 'nid'. */
+/* #define ENGINE_PKEY_METH_DEBUG */
+
+static ENGINE_TABLE *pkey_meth_table = NULL;
+
+void ENGINE_unregister_pkey_meths(ENGINE *e)
+        {
+        engine_table_unregister(&pkey_meth_table, e);
+        }
+
+static void engine_unregister_all_pkey_meths(void)
+        {
+        engine_table_cleanup(&pkey_meth_table);
+        }
+
+int ENGINE_register_pkey_meths(ENGINE *e)
+        {
+        if(e->pkey_meths)
+                {
+                const int *nids;
+                int num_nids = e->pkey_meths(e, NULL, &nids, 0);
+                if(num_nids > 0)
+                        return engine_table_register(&pkey_meth_table,
+                                engine_unregister_all_pkey_meths, e, nids,
+                                        num_nids, 0);
+                }
+        return 1;
+        }
+
+void ENGINE_register_all_pkey_meths()
+        {
+        ENGINE *e;
+
+        for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
+                ENGINE_register_pkey_meths(e);
+        }
+
+int ENGINE_set_default_pkey_meths(ENGINE *e)
+        {
+        if(e->pkey_meths)
+                {
+                const int *nids;
+                int num_nids = e->pkey_meths(e, NULL, &nids, 0);
+                if(num_nids > 0)
+                        return engine_table_register(&pkey_meth_table,
+                                engine_unregister_all_pkey_meths, e, nids,
+                                        num_nids, 1);
+                }
+        return 1;
+        }
+
+/* Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references) for a given pkey_meth 'nid' */
+ENGINE *ENGINE_get_pkey_meth_engine(int nid)
+        {
+        return engine_table_select(&pkey_meth_table, nid);
+        }
+
+/* Obtains a pkey_meth implementation from an ENGINE functional reference */
+const EVP_PKEY_METHOD *ENGINE_get_pkey_meth(ENGINE *e, int nid)
+        {
+        EVP_PKEY_METHOD *ret;
+        ENGINE_PKEY_METHS_PTR fn = ENGINE_get_pkey_meths(e);
+        if(!fn || !fn(e, &ret, NULL, nid))
+                {
+                ENGINEerr(ENGINE_F_ENGINE_GET_PKEY_METH,
+                                ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD);
+                return NULL;
+                }
+        return ret;
+        }
+
+/* Gets the pkey_meth callback from an ENGINE structure */
+ENGINE_PKEY_METHS_PTR ENGINE_get_pkey_meths(const ENGINE *e)
+        {
+        return e->pkey_meths;
+        }
+
+/* Sets the pkey_meth callback in an ENGINE structure */
+int ENGINE_set_pkey_meths(ENGINE *e, ENGINE_PKEY_METHS_PTR f)
+        {
+        e->pkey_meths = f;
+        return 1;
+        }
+
+/* Internal function to free up EVP_PKEY_METHOD structures before an
+ * ENGINE is destroyed
+ */
+
+void engine_pkey_meths_free(ENGINE *e)
+        {
+        int i;
+        EVP_PKEY_METHOD *pkm;
+        if (e->pkey_meths)
+                {
+                const int *pknids;
+                int npknids;
+                npknids = e->pkey_meths(e, NULL, &pknids, 0);
+                for (i = 0; i < npknids; i++)
+                        {
+                        if (e->pkey_meths(e, &pkm, NULL, pknids[i]))
+                                {
+                                EVP_PKEY_meth_free(pkm);
+                                }
+                        }
+                }
+        }
diff --git a/src/lib/libcrypto/evp/e_camellia.c b/src/lib/libcrypto/evp/e_camellia.c
index 365d397164..a7b40d1c60 100644
--- a/src/lib/libcrypto/evp/e_camellia.c
+++ b/src/lib/libcrypto/evp/e_camellia.c
@@ -93,7 +93,7 @@ IMPLEMENT_BLOCK_CIPHER(camellia_256, ks, Camellia, EVP_CAMELLIA_KEY,
         EVP_CIPHER_get_asn1_iv,
         NULL)
 
-#define IMPLEMENT_CAMELLIA_CFBR(ksize,cbits)    IMPLEMENT_CFBR(camellia,Camellia,EVP_CAMELLIA_KEY,ks,ksize,cbits,16,0)
+#define IMPLEMENT_CAMELLIA_CFBR(ksize,cbits)    IMPLEMENT_CFBR(camellia,Camellia,EVP_CAMELLIA_KEY,ks,ksize,cbits,16)
 
 IMPLEMENT_CAMELLIA_CFBR(128,1)
 IMPLEMENT_CAMELLIA_CFBR(192,1)
diff --git a/src/lib/libcrypto/evp/m_ecdsa.c b/src/lib/libcrypto/evp/m_ecdsa.c
index fad270faca..8d87a49ebe 100644
--- a/src/lib/libcrypto/evp/m_ecdsa.c
+++ b/src/lib/libcrypto/evp/m_ecdsa.c
@@ -130,7 +130,7 @@ static const EVP_MD ecdsa_md=
         NID_ecdsa_with_SHA1,
         NID_ecdsa_with_SHA1,
         SHA_DIGEST_LENGTH,
-        0,
+        EVP_MD_FLAG_PKEY_DIGEST,
         init,
         update,
         final,
diff --git a/src/lib/libcrypto/evp/m_sigver.c b/src/lib/libcrypto/evp/m_sigver.c
new file mode 100644
index 0000000000..f0b7f95059
--- /dev/null
+++ b/src/lib/libcrypto/evp/m_sigver.c
@@ -0,0 +1,200 @@
+/* m_sigver.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2006.
+ */
+/* ====================================================================
+ * Copyright (c) 2006,2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include "evp_locl.h"
+
+static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+                          const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey,
+                          int ver)
+        {
+        if (ctx->pctx == NULL)
+                ctx->pctx = EVP_PKEY_CTX_new(pkey, e);
+        if (ctx->pctx == NULL)
+                return 0;
+
+        if (type == NULL)
+                {
+                int def_nid;
+                if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) > 0)
+                        type = EVP_get_digestbynid(def_nid);
+                }
+
+        if (type == NULL)
+                {
+                EVPerr(EVP_F_DO_SIGVER_INIT, EVP_R_NO_DEFAULT_DIGEST);
+                return 0;
+                }
+
+        if (ver)
+                {
+                if (ctx->pctx->pmeth->verifyctx_init)
+                        {
+                        if (ctx->pctx->pmeth->verifyctx_init(ctx->pctx, ctx) <=0)
+                                return 0;
+                        ctx->pctx->operation = EVP_PKEY_OP_VERIFYCTX;
+                        }
+                else if (EVP_PKEY_verify_init(ctx->pctx) <= 0)
+                        return 0;
+                }
+        else
+                {
+                if (ctx->pctx->pmeth->signctx_init)
+                        {
+                        if (ctx->pctx->pmeth->signctx_init(ctx->pctx, ctx) <= 0)
+                                return 0;
+                        ctx->pctx->operation = EVP_PKEY_OP_SIGNCTX;
+                        }
+                else if (EVP_PKEY_sign_init(ctx->pctx) <= 0)
+                        return 0;
+                }
+        if (EVP_PKEY_CTX_set_signature_md(ctx->pctx, type) <= 0)
+                return 0;
+        if (pctx)
+                *pctx = ctx->pctx;
+        if (!EVP_DigestInit_ex(ctx, type, e))
+                return 0;
+        return 1;
+        }
+
+int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+                        const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey)
+        {
+        return do_sigver_init(ctx, pctx, type, e, pkey, 0);
+        }
+
+int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+                        const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey)
+        {
+        return do_sigver_init(ctx, pctx, type, e, pkey, 1);
+        }
+
+int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen)
+        {
+        int sctx, r = 0;
+        if (ctx->pctx->pmeth->signctx)
+                sctx = 1;
+        else
+                sctx = 0;
+        if (sigret)
+                {
+                MS_STATIC EVP_MD_CTX tmp_ctx;
+                unsigned char md[EVP_MAX_MD_SIZE];
+                unsigned int mdlen;
+                EVP_MD_CTX_init(&tmp_ctx);
+                if (!EVP_MD_CTX_copy_ex(&tmp_ctx,ctx))
+                        return 0;
+                if (sctx)
+                        r = tmp_ctx.pctx->pmeth->signctx(tmp_ctx.pctx,
+                                        sigret, siglen, &tmp_ctx);
+                else
+                        r = EVP_DigestFinal_ex(&tmp_ctx,md,&mdlen);
+                EVP_MD_CTX_cleanup(&tmp_ctx);
+                if (sctx || !r)
+                        return r;
+                if (EVP_PKEY_sign(ctx->pctx, sigret, siglen, md, mdlen) <= 0)
+                        return 0;
+                }
+        else
+                {
+                if (sctx)
+                        {
+                        if (ctx->pctx->pmeth->signctx(ctx->pctx, sigret, siglen, ctx) <= 0)
+                                return 0;
+                        }
+                else
+                        {
+                        int s = EVP_MD_size(ctx->digest);
+                        if (s < 0 || EVP_PKEY_sign(ctx->pctx, sigret, siglen, NULL, s) <= 0)
+                                return 0;
+                        }
+                }
+        return 1;
+        }
+
+int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t siglen)
+        {
+        MS_STATIC EVP_MD_CTX tmp_ctx;
+        unsigned char md[EVP_MAX_MD_SIZE];
+        int r;
+        unsigned int mdlen;
+        int vctx;
+
+        if (ctx->pctx->pmeth->verifyctx)
+                vctx = 1;
+        else
+                vctx = 0;
+        EVP_MD_CTX_init(&tmp_ctx);
+        if (!EVP_MD_CTX_copy_ex(&tmp_ctx,ctx))
+                return -1;      
+        if (vctx)
+                {
+                r = tmp_ctx.pctx->pmeth->verifyctx(tmp_ctx.pctx,
+                                        sig, siglen, &tmp_ctx);
+                }
+        else
+                r = EVP_DigestFinal_ex(&tmp_ctx,md,&mdlen);
+        EVP_MD_CTX_cleanup(&tmp_ctx);
+        if (vctx || !r)
+                return r;
+        return EVP_PKEY_verify(ctx->pctx, sig, siglen, md, mdlen);
+        }
diff --git a/src/lib/libcrypto/evp/m_wp.c b/src/lib/libcrypto/evp/m_wp.c
new file mode 100644
index 0000000000..1ce47c040b
--- /dev/null
+++ b/src/lib/libcrypto/evp/m_wp.c
@@ -0,0 +1,42 @@
+/* crypto/evp/m_wp.c */
+
+#include <stdio.h>
+#include "cryptlib.h"
+
+#ifndef OPENSSL_NO_WHIRLPOOL
+
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/whrlpool.h>
+
+static int init(EVP_MD_CTX *ctx)
+        { return WHIRLPOOL_Init(ctx->md_data); }
+
+static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
+        { return WHIRLPOOL_Update(ctx->md_data,data,count); }
+
+static int final(EVP_MD_CTX *ctx,unsigned char *md)
+        { return WHIRLPOOL_Final(md,ctx->md_data); }
+
+static const EVP_MD whirlpool_md=
+        {
+        NID_whirlpool,
+        0,
+        WHIRLPOOL_DIGEST_LENGTH,
+        0,
+        init,
+        update,
+        final,
+        NULL,
+        NULL,
+        EVP_PKEY_NULL_method,
+        WHIRLPOOL_BBLOCK/8,
+        sizeof(EVP_MD *)+sizeof(WHIRLPOOL_CTX),
+        };
+
+const EVP_MD *EVP_whirlpool(void)
+        {
+        return(&whirlpool_md);
+        }
+#endif
diff --git a/src/lib/libcrypto/evp/pmeth_fn.c b/src/lib/libcrypto/evp/pmeth_fn.c
new file mode 100644
index 0000000000..c4676f2f8d
--- /dev/null
+++ b/src/lib/libcrypto/evp/pmeth_fn.c
@@ -0,0 +1,368 @@
+/* pmeth_fn.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2006.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include "cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include "evp_locl.h"
+
+#define M_check_autoarg(ctx, arg, arglen, err) \
+        if (ctx->pmeth->flags & EVP_PKEY_FLAG_AUTOARGLEN) \
+                { \
+                size_t pksize = (size_t)EVP_PKEY_size(ctx->pkey); \
+                if (!arg) \
+                        { \
+                        *arglen = pksize; \
+                        return 1; \
+                        } \
+                else if (*arglen < pksize) \
+                        { \
+                        EVPerr(err, EVP_R_BUFFER_TOO_SMALL); /*ckerr_ignore*/\
+                        return 0; \
+                        } \
+                }
+
+int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx)
+        {
+        int ret;
+        if (!ctx || !ctx->pmeth || !ctx->pmeth->sign)
+                {
+                EVPerr(EVP_F_EVP_PKEY_SIGN_INIT,
+                        EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                return -2;
+                }
+        ctx->operation = EVP_PKEY_OP_SIGN;
+        if (!ctx->pmeth->sign_init)
+                return 1;
+        ret = ctx->pmeth->sign_init(ctx);
+        if (ret <= 0)
+                ctx->operation = EVP_PKEY_OP_UNDEFINED;
+        return ret;
+        }
+
+int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
+                        unsigned char *sig, size_t *siglen,
+                        const unsigned char *tbs, size_t tbslen)
+        {
+        if (!ctx || !ctx->pmeth || !ctx->pmeth->sign)
+                {
+                EVPerr(EVP_F_EVP_PKEY_SIGN,
+                        EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                return -2;
+                }
+        if (ctx->operation != EVP_PKEY_OP_SIGN)
+                {
+                EVPerr(EVP_F_EVP_PKEY_SIGN, EVP_R_OPERATON_NOT_INITIALIZED);
+                return -1;
+                }
+        M_check_autoarg(ctx, sig, siglen, EVP_F_EVP_PKEY_SIGN)
+        return ctx->pmeth->sign(ctx, sig, siglen, tbs, tbslen);
+        }
+
+int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx)
+        {
+        int ret;
+        if (!ctx || !ctx->pmeth || !ctx->pmeth->verify)
+                {
+                EVPerr(EVP_F_EVP_PKEY_VERIFY_INIT,
+                        EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                return -2;
+                }
+        ctx->operation = EVP_PKEY_OP_VERIFY;
+        if (!ctx->pmeth->verify_init)
+                return 1;
+        ret = ctx->pmeth->verify_init(ctx);
+        if (ret <= 0)
+                ctx->operation = EVP_PKEY_OP_UNDEFINED;
+        return ret;
+        }
+
+int EVP_PKEY_verify(EVP_PKEY_CTX *ctx,
+                        const unsigned char *sig, size_t siglen,
+                        const unsigned char *tbs, size_t tbslen)
+        {
+        if (!ctx || !ctx->pmeth || !ctx->pmeth->verify)
+                {
+                EVPerr(EVP_F_EVP_PKEY_VERIFY,
+                        EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                return -2;
+                }
+        if (ctx->operation != EVP_PKEY_OP_VERIFY)
+                {
+                EVPerr(EVP_F_EVP_PKEY_VERIFY, EVP_R_OPERATON_NOT_INITIALIZED);
+                return -1;
+                }
+        return ctx->pmeth->verify(ctx, sig, siglen, tbs, tbslen);
+        }
+
+int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx)
+        {
+        int ret;
+        if (!ctx || !ctx->pmeth || !ctx->pmeth->verify_recover)
+                {
+                EVPerr(EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT,
+                        EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                return -2;
+                }
+        ctx->operation = EVP_PKEY_OP_VERIFYRECOVER;
+        if (!ctx->pmeth->verify_recover_init)
+                return 1;
+        ret = ctx->pmeth->verify_recover_init(ctx);
+        if (ret <= 0)
+                ctx->operation = EVP_PKEY_OP_UNDEFINED;
+        return ret;
+        }
+
+int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx,
+                        unsigned char *rout, size_t *routlen,
+                        const unsigned char *sig, size_t siglen)
+        {
+        if (!ctx || !ctx->pmeth || !ctx->pmeth->verify_recover)
+                {
+                EVPerr(EVP_F_EVP_PKEY_VERIFY_RECOVER,
+                        EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                return -2;
+                }
+        if (ctx->operation != EVP_PKEY_OP_VERIFYRECOVER)
+                {
+                EVPerr(EVP_F_EVP_PKEY_VERIFY_RECOVER, EVP_R_OPERATON_NOT_INITIALIZED);
+                return -1;
+                }
+        M_check_autoarg(ctx, rout, routlen, EVP_F_EVP_PKEY_VERIFY_RECOVER)
+        return ctx->pmeth->verify_recover(ctx, rout, routlen, sig, siglen);
+        }
+
+int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx)
+        {
+        int ret;
+        if (!ctx || !ctx->pmeth || !ctx->pmeth->encrypt)
+                {
+                EVPerr(EVP_F_EVP_PKEY_ENCRYPT_INIT,
+                        EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                return -2;
+                }
+        ctx->operation = EVP_PKEY_OP_ENCRYPT;
+        if (!ctx->pmeth->encrypt_init)
+                return 1;
+        ret = ctx->pmeth->encrypt_init(ctx);
+        if (ret <= 0)
+                ctx->operation = EVP_PKEY_OP_UNDEFINED;
+        return ret;
+        }
+
+int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx,
+                        unsigned char *out, size_t *outlen,
+                        const unsigned char *in, size_t inlen)
+        {
+        if (!ctx || !ctx->pmeth || !ctx->pmeth->encrypt)
+                {
+                EVPerr(EVP_F_EVP_PKEY_ENCRYPT,
+                        EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                return -2;
+                }
+        if (ctx->operation != EVP_PKEY_OP_ENCRYPT)
+                {
+                EVPerr(EVP_F_EVP_PKEY_ENCRYPT, EVP_R_OPERATON_NOT_INITIALIZED);
+                return -1;
+                }
+        M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_ENCRYPT)
+        return ctx->pmeth->encrypt(ctx, out, outlen, in, inlen);
+        }
+
+int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx)
+        {
+        int ret;
+        if (!ctx || !ctx->pmeth || !ctx->pmeth->decrypt)
+                {
+                EVPerr(EVP_F_EVP_PKEY_DECRYPT_INIT,
+                        EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                return -2;
+                }
+        ctx->operation = EVP_PKEY_OP_DECRYPT;
+        if (!ctx->pmeth->decrypt_init)
+                return 1;
+        ret = ctx->pmeth->decrypt_init(ctx);
+        if (ret <= 0)
+                ctx->operation = EVP_PKEY_OP_UNDEFINED;
+        return ret;
+        }
+
+int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx,
+                        unsigned char *out, size_t *outlen,
+                        const unsigned char *in, size_t inlen)
+        {
+        if (!ctx || !ctx->pmeth || !ctx->pmeth->decrypt)
+                {
+                EVPerr(EVP_F_EVP_PKEY_DECRYPT,
+                        EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                return -2;
+                }
+        if (ctx->operation != EVP_PKEY_OP_DECRYPT)
+                {
+                EVPerr(EVP_F_EVP_PKEY_DECRYPT, EVP_R_OPERATON_NOT_INITIALIZED);
+                return -1;
+                }
+        M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_DECRYPT)
+        return ctx->pmeth->decrypt(ctx, out, outlen, in, inlen);
+        }
+
+
+int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx)
+        {
+        int ret;
+        if (!ctx || !ctx->pmeth || !ctx->pmeth->derive)
+                {
+                EVPerr(EVP_F_EVP_PKEY_DERIVE_INIT,
+                        EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                return -2;
+                }
+        ctx->operation = EVP_PKEY_OP_DERIVE;
+        if (!ctx->pmeth->derive_init)
+                return 1;
+        ret = ctx->pmeth->derive_init(ctx);
+        if (ret <= 0)
+                ctx->operation = EVP_PKEY_OP_UNDEFINED;
+        return ret;
+        }
+
+int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer)
+        {
+        int ret;
+        if (!ctx || !ctx->pmeth || !(ctx->pmeth->derive||ctx->pmeth->encrypt||ctx->pmeth->decrypt) || !ctx->pmeth->ctrl)
+                {
+                EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER,
+                        EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                return -2;
+                }
+        if (ctx->operation != EVP_PKEY_OP_DERIVE && ctx->operation != EVP_PKEY_OP_ENCRYPT && ctx->operation != EVP_PKEY_OP_DECRYPT)
+                {
+                EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER,
+                                        EVP_R_OPERATON_NOT_INITIALIZED);
+                return -1;
+                }
+
+        ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 0, peer);
+
+        if (ret <= 0)
+                return ret;
+
+        if (ret == 2)
+                return 1;
+
+        if (!ctx->pkey)
+                {
+                EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, EVP_R_NO_KEY_SET);
+                return -1;
+                }
+
+        if (ctx->pkey->type != peer->type)
+                {
+                EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER,
+                                                EVP_R_DIFFERENT_KEY_TYPES);
+                return -1;
+                }
+
+        /* ran@cryptocom.ru: For clarity.  The error is if parameters in peer are
+         * present (!missing) but don't match.  EVP_PKEY_cmp_parameters may return
+         * 1 (match), 0 (don't match) and -2 (comparison is not defined).  -1
+         * (different key types) is impossible here because it is checked earlier.
+         * -2 is OK for us here, as well as 1, so we can check for 0 only. */
+        if (!EVP_PKEY_missing_parameters(peer) &&
+                !EVP_PKEY_cmp_parameters(ctx->pkey, peer))
+                {
+                EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER,
+                                                EVP_R_DIFFERENT_PARAMETERS);
+                return -1;
+                }
+
+        if (ctx->peerkey)
+                EVP_PKEY_free(ctx->peerkey);
+        ctx->peerkey = peer;
+
+        ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 1, peer);
+
+        if (ret <= 0)
+                {
+                ctx->peerkey = NULL;
+                return ret;
+                }
+
+        CRYPTO_add(&peer->references,1,CRYPTO_LOCK_EVP_PKEY);
+        return 1;
+        }
+
+
+int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *pkeylen)
+        {
+        if (!ctx || !ctx->pmeth || !ctx->pmeth->derive)
+                {
+                EVPerr(EVP_F_EVP_PKEY_DERIVE,
+                        EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                return -2;
+                }
+        if (ctx->operation != EVP_PKEY_OP_DERIVE)
+                {
+                EVPerr(EVP_F_EVP_PKEY_DERIVE, EVP_R_OPERATON_NOT_INITIALIZED);
+                return -1;
+                }
+        M_check_autoarg(ctx, key, pkeylen, EVP_F_EVP_PKEY_DERIVE)
+        return ctx->pmeth->derive(ctx, key, pkeylen);
+        }
+
diff --git a/src/lib/libcrypto/evp/pmeth_gn.c b/src/lib/libcrypto/evp/pmeth_gn.c
new file mode 100644
index 0000000000..5d74161a09
--- /dev/null
+++ b/src/lib/libcrypto/evp/pmeth_gn.c
@@ -0,0 +1,220 @@
+/* pmeth_gn.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2006.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include "cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+#include "evp_locl.h"
+
+int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx)
+        {
+        int ret;
+        if (!ctx || !ctx->pmeth || !ctx->pmeth->paramgen)
+                {
+                EVPerr(EVP_F_EVP_PKEY_PARAMGEN_INIT,
+                        EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                return -2;
+                }
+        ctx->operation = EVP_PKEY_OP_PARAMGEN;
+        if (!ctx->pmeth->paramgen_init)
+                return 1;
+        ret = ctx->pmeth->paramgen_init(ctx);
+        if (ret <= 0)
+                ctx->operation = EVP_PKEY_OP_UNDEFINED;
+        return ret;
+        }
+
+int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
+        {
+        int ret;
+        if (!ctx || !ctx->pmeth || !ctx->pmeth->paramgen)
+                {
+                EVPerr(EVP_F_EVP_PKEY_PARAMGEN,
+                        EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                return -2;
+                }
+
+        if (ctx->operation != EVP_PKEY_OP_PARAMGEN)
+                {
+                EVPerr(EVP_F_EVP_PKEY_PARAMGEN, EVP_R_OPERATON_NOT_INITIALIZED);
+                return -1;
+                }
+
+        if (!ppkey)
+                return -1;
+
+        if (!*ppkey)
+                *ppkey = EVP_PKEY_new();
+
+        ret = ctx->pmeth->paramgen(ctx, *ppkey);
+        if (ret <= 0)
+                {
+                EVP_PKEY_free(*ppkey);
+                *ppkey = NULL;
+                }
+        return ret;
+        }
+
+int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx)
+        {
+        int ret;
+        if (!ctx || !ctx->pmeth || !ctx->pmeth->keygen)
+                {
+                EVPerr(EVP_F_EVP_PKEY_KEYGEN_INIT,
+                        EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                return -2;
+                }
+        ctx->operation = EVP_PKEY_OP_KEYGEN;
+        if (!ctx->pmeth->keygen_init)
+                return 1;
+        ret = ctx->pmeth->keygen_init(ctx);
+        if (ret <= 0)
+                ctx->operation = EVP_PKEY_OP_UNDEFINED;
+        return ret;
+        }
+
+int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
+        {
+        int ret;
+
+        if (!ctx || !ctx->pmeth || !ctx->pmeth->keygen)
+                {
+                EVPerr(EVP_F_EVP_PKEY_KEYGEN,
+                        EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                return -2;
+                }
+        if (ctx->operation != EVP_PKEY_OP_KEYGEN)
+                {
+                EVPerr(EVP_F_EVP_PKEY_KEYGEN, EVP_R_OPERATON_NOT_INITIALIZED);
+                return -1;
+                }
+
+        if (!ppkey)
+                return -1;
+
+        if (!*ppkey)
+                *ppkey = EVP_PKEY_new();
+
+        ret = ctx->pmeth->keygen(ctx, *ppkey);
+        if (ret <= 0)
+                {
+                EVP_PKEY_free(*ppkey);
+                *ppkey = NULL;
+                }
+        return ret;
+        }
+
+void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb)
+        {
+        ctx->pkey_gencb = cb;
+        }
+
+EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx)
+        {
+        return ctx->pkey_gencb;
+        }
+
+/* "translation callback" to call EVP_PKEY_CTX callbacks using BN_GENCB
+ * style callbacks.
+ */
+
+static int trans_cb(int a, int b, BN_GENCB *gcb)
+        {
+        EVP_PKEY_CTX *ctx = gcb->arg;
+        ctx->keygen_info[0] = a;
+        ctx->keygen_info[1] = b;
+        return ctx->pkey_gencb(ctx);
+        }       
+
+void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx)
+        {
+        BN_GENCB_set(cb, trans_cb, ctx)
+        }
+
+int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx)
+        {
+        if (idx == -1)
+                return ctx->keygen_info_count; 
+        if (idx < 0 || idx > ctx->keygen_info_count)
+                return 0;
+        return ctx->keygen_info[idx];
+        }
+
+EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e,
+                                unsigned char *key, int keylen)
+        {
+        EVP_PKEY_CTX *mac_ctx = NULL;
+        EVP_PKEY *mac_key = NULL;
+        mac_ctx = EVP_PKEY_CTX_new_id(type, e);
+        if (!mac_ctx)
+                return NULL;
+        if (EVP_PKEY_keygen_init(mac_ctx) <= 0)
+                goto merr;
+        if (EVP_PKEY_CTX_ctrl(mac_ctx, -1, EVP_PKEY_OP_KEYGEN,
+                                EVP_PKEY_CTRL_SET_MAC_KEY, keylen, key) <= 0)
+                goto merr;
+        if (EVP_PKEY_keygen(mac_ctx, &mac_key) <= 0)
+                goto merr;
+        merr:
+        if (mac_ctx)
+                EVP_PKEY_CTX_free(mac_ctx);
+        return mac_key;
+        }
diff --git a/src/lib/libcrypto/evp/pmeth_lib.c b/src/lib/libcrypto/evp/pmeth_lib.c
new file mode 100644
index 0000000000..b2d8de3a8d
--- /dev/null
+++ b/src/lib/libcrypto/evp/pmeth_lib.c
@@ -0,0 +1,538 @@
+/* pmeth_lib.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2006.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include "cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+#include "asn1_locl.h"
+#include "evp_locl.h"
+
+typedef int sk_cmp_fn_type(const char * const *a, const char * const *b);
+
+DECLARE_STACK_OF(EVP_PKEY_METHOD)
+STACK_OF(EVP_PKEY_METHOD) *app_pkey_methods = NULL;
+
+extern const EVP_PKEY_METHOD rsa_pkey_meth, dh_pkey_meth, dsa_pkey_meth;
+extern const EVP_PKEY_METHOD ec_pkey_meth, hmac_pkey_meth;
+
+static const EVP_PKEY_METHOD *standard_methods[] =
+        {
+#ifndef OPENSSL_NO_RSA
+        &rsa_pkey_meth,
+#endif
+#ifndef OPENSSL_NO_DH
+        &dh_pkey_meth,
+#endif
+#ifndef OPENSSL_NO_DSA
+        &dsa_pkey_meth,
+#endif
+#ifndef OPENSSL_NO_EC
+        &ec_pkey_meth,
+#endif
+        &hmac_pkey_meth,
+        };
+
+DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, const EVP_PKEY_METHOD *,
+                           pmeth);
+
+static int pmeth_cmp(const EVP_PKEY_METHOD * const *a,
+                     const EVP_PKEY_METHOD * const *b)
+        {
+        return ((*a)->pkey_id - (*b)->pkey_id);
+        }
+
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, const EVP_PKEY_METHOD *,
+                             pmeth);
+
+const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type)
+        {
+        EVP_PKEY_METHOD tmp;
+        const EVP_PKEY_METHOD *t = &tmp, **ret;
+        tmp.pkey_id = type;
+        if (app_pkey_methods)
+                {
+                int idx;
+                idx = sk_EVP_PKEY_METHOD_find(app_pkey_methods, &tmp);
+                if (idx >= 0)
+                        return sk_EVP_PKEY_METHOD_value(app_pkey_methods, idx);
+                }
+        ret = OBJ_bsearch_pmeth(&t, standard_methods,
+                          sizeof(standard_methods)/sizeof(EVP_PKEY_METHOD *));
+        if (!ret || !*ret)
+                return NULL;
+        return *ret;
+        }
+
+static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id)
+        {
+        EVP_PKEY_CTX *ret;
+        const EVP_PKEY_METHOD *pmeth;
+        if (id == -1)
+                {
+                if (!pkey || !pkey->ameth)
+                        return NULL;
+                id = pkey->ameth->pkey_id;
+                }
+#ifndef OPENSSL_NO_ENGINE
+        /* Try to find an ENGINE which implements this method */
+        if (e)
+                {
+                if (!ENGINE_init(e))
+                        {
+                        EVPerr(EVP_F_INT_CTX_NEW,ERR_R_ENGINE_LIB);
+                        return NULL;
+                        }
+                }
+        else
+                e = ENGINE_get_pkey_meth_engine(id);
+
+        /* If an ENGINE handled this method look it up. Othewise
+         * use internal tables.
+         */
+
+        if (e)
+                pmeth = ENGINE_get_pkey_meth(e, id);
+        else
+#endif
+                pmeth = EVP_PKEY_meth_find(id);
+
+        if (pmeth == NULL)
+                {
+                EVPerr(EVP_F_INT_CTX_NEW,EVP_R_UNSUPPORTED_ALGORITHM);
+                return NULL;
+                }
+
+        ret = OPENSSL_malloc(sizeof(EVP_PKEY_CTX));
+        if (!ret)
+                {
+#ifndef OPENSSL_NO_ENGINE
+                if (e)
+                        ENGINE_finish(e);
+#endif
+                EVPerr(EVP_F_INT_CTX_NEW,ERR_R_MALLOC_FAILURE);
+                return NULL;
+                }
+        ret->engine = e;
+        ret->pmeth = pmeth;
+        ret->operation = EVP_PKEY_OP_UNDEFINED;
+        ret->pkey = pkey;
+        ret->peerkey = NULL;
+        ret->pkey_gencb = 0;
+        if (pkey)
+                CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
+        ret->data = NULL;
+
+        if (pmeth->init)
+                {
+                if (pmeth->init(ret) <= 0)
+                        {
+                        EVP_PKEY_CTX_free(ret);
+                        return NULL;
+                        }
+                }
+
+        return ret;
+        }
+
+EVP_PKEY_METHOD* EVP_PKEY_meth_new(int id, int flags)
+        {
+        EVP_PKEY_METHOD *pmeth;
+        pmeth = OPENSSL_malloc(sizeof(EVP_PKEY_METHOD));
+        if (!pmeth)
+                return NULL;
+
+        pmeth->pkey_id = id;
+        pmeth->flags = flags | EVP_PKEY_FLAG_DYNAMIC;
+
+        pmeth->init = 0;
+        pmeth->copy = 0;
+        pmeth->cleanup = 0;
+        pmeth->paramgen_init = 0;
+        pmeth->paramgen = 0;
+        pmeth->keygen_init = 0;
+        pmeth->keygen = 0;
+        pmeth->sign_init = 0;
+        pmeth->sign = 0;
+        pmeth->verify_init = 0;
+        pmeth->verify = 0;
+        pmeth->verify_recover_init = 0;
+        pmeth->verify_recover = 0;
+        pmeth->signctx_init = 0;
+        pmeth->signctx = 0;
+        pmeth->verifyctx_init = 0;
+        pmeth->verifyctx = 0;
+        pmeth->encrypt_init = 0;
+        pmeth->encrypt = 0;
+        pmeth->decrypt_init = 0;
+        pmeth->decrypt = 0;
+        pmeth->derive_init = 0;
+        pmeth->derive = 0;
+        pmeth->ctrl = 0;
+        pmeth->ctrl_str = 0;
+
+        return pmeth;
+        }
+
+void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth)
+        {
+        if (pmeth && (pmeth->flags & EVP_PKEY_FLAG_DYNAMIC))
+                OPENSSL_free(pmeth);
+        }
+
+EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e)
+        {
+        return int_ctx_new(pkey, e, -1);
+        }
+
+EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e)
+        {
+        return int_ctx_new(NULL, e, id);
+        }
+
+EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *pctx)
+        {
+        EVP_PKEY_CTX *rctx;
+        if (!pctx->pmeth || !pctx->pmeth->copy)
+                return NULL;
+#ifndef OPENSSL_NO_ENGINE
+        /* Make sure it's safe to copy a pkey context using an ENGINE */
+        if (pctx->engine && !ENGINE_init(pctx->engine))
+                {
+                EVPerr(EVP_F_EVP_PKEY_CTX_DUP,ERR_R_ENGINE_LIB);
+                return 0;
+                }
+#endif
+        rctx = OPENSSL_malloc(sizeof(EVP_PKEY_CTX));
+        if (!rctx)
+                return NULL;
+
+        rctx->pmeth = pctx->pmeth;
+#ifndef OPENSSL_NO_ENGINE
+        rctx->engine = pctx->engine;
+#endif
+
+        if (pctx->pkey)
+                CRYPTO_add(&pctx->pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
+
+        rctx->pkey = pctx->pkey;
+
+        if (pctx->peerkey)
+                CRYPTO_add(&pctx->peerkey->references,1,CRYPTO_LOCK_EVP_PKEY);
+
+        rctx->peerkey = pctx->peerkey;
+
+        rctx->data = NULL;
+        rctx->app_data = NULL;
+        rctx->operation = pctx->operation;
+
+        if (pctx->pmeth->copy(rctx, pctx) > 0)
+                return rctx;
+
+        EVP_PKEY_CTX_free(rctx);
+        return NULL;
+
+        }
+
+int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth)
+        {
+        if (app_pkey_methods == NULL)
+                {
+                app_pkey_methods = sk_EVP_PKEY_METHOD_new(pmeth_cmp);
+                if (!app_pkey_methods)
+                        return 0;
+                }
+        if (!sk_EVP_PKEY_METHOD_push(app_pkey_methods, pmeth))
+                return 0;
+        sk_EVP_PKEY_METHOD_sort(app_pkey_methods);
+        return 1;
+        }
+
+void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx)
+        {
+        if (ctx == NULL)
+                return;
+        if (ctx->pmeth && ctx->pmeth->cleanup)
+                ctx->pmeth->cleanup(ctx);
+        if (ctx->pkey)
+                EVP_PKEY_free(ctx->pkey);
+        if (ctx->peerkey)
+                EVP_PKEY_free(ctx->peerkey);
+#ifndef OPENSSL_NO_ENGINE
+        if(ctx->engine)
+                /* The EVP_PKEY_CTX we used belongs to an ENGINE, release the
+                 * functional reference we held for this reason. */
+                ENGINE_finish(ctx->engine);
+#endif
+        OPENSSL_free(ctx);
+        }
+
+int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype,
+                                int cmd, int p1, void *p2)
+        {
+        int ret;
+        if (!ctx || !ctx->pmeth || !ctx->pmeth->ctrl)
+                {
+                EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_COMMAND_NOT_SUPPORTED);
+                return -2;
+                }
+        if ((keytype != -1) && (ctx->pmeth->pkey_id != keytype))
+                return -1;
+
+        if (ctx->operation == EVP_PKEY_OP_UNDEFINED)
+                {
+                EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_NO_OPERATION_SET);
+                return -1;
+                }
+
+        if ((optype != -1) && !(ctx->operation & optype))
+                {
+                EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_INVALID_OPERATION);
+                return -1;
+                }
+
+        ret = ctx->pmeth->ctrl(ctx, cmd, p1, p2);
+
+        if (ret == -2)
+                EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_COMMAND_NOT_SUPPORTED);
+
+        return ret;
+
+        }
+
+int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx,
+                                        const char *name, const char *value)
+        {
+        if (!ctx || !ctx->pmeth || !ctx->pmeth->ctrl_str)
+                {
+                EVPerr(EVP_F_EVP_PKEY_CTX_CTRL_STR,
+                                                EVP_R_COMMAND_NOT_SUPPORTED);
+                return -2;
+                }
+        if (!strcmp(name, "digest"))
+                {
+                const EVP_MD *md;
+                if (!value || !(md = EVP_get_digestbyname(value)))
+                        {
+                        EVPerr(EVP_F_EVP_PKEY_CTX_CTRL_STR,
+                                                EVP_R_INVALID_DIGEST);
+                        return 0;
+                        }
+                return EVP_PKEY_CTX_set_signature_md(ctx, md);
+                }
+        return ctx->pmeth->ctrl_str(ctx, name, value);
+        }
+
+int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx)
+        {
+        return ctx->operation;
+        }
+
+void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen)
+        {
+        ctx->keygen_info = dat;
+        ctx->keygen_info_count = datlen;
+        }
+
+void EVP_PKEY_CTX_set_data(EVP_PKEY_CTX *ctx, void *data)
+        {
+        ctx->data = data;
+        }
+
+void *EVP_PKEY_CTX_get_data(EVP_PKEY_CTX *ctx)
+        {
+        return ctx->data;
+        }
+
+EVP_PKEY *EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX *ctx)
+        {
+        return ctx->pkey;
+        }
+
+EVP_PKEY *EVP_PKEY_CTX_get0_peerkey(EVP_PKEY_CTX *ctx)
+        {
+        return ctx->peerkey;
+        }
+        
+void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data)
+        {
+        ctx->app_data = data;
+        }
+
+void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx)
+        {
+        return ctx->app_data;
+        }
+
+void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth,
+        int (*init)(EVP_PKEY_CTX *ctx))
+        {
+        pmeth->init = init;
+        }
+
+void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth,
+        int (*copy)(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src))
+        {
+        pmeth->copy = copy;
+        }
+
+void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth,
+        void (*cleanup)(EVP_PKEY_CTX *ctx))
+        {
+        pmeth->cleanup = cleanup;
+        }
+
+void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth,
+        int (*paramgen_init)(EVP_PKEY_CTX *ctx),
+        int (*paramgen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey))
+        {
+        pmeth->paramgen_init = paramgen_init;
+        pmeth->paramgen = paramgen;
+        }
+
+void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth,
+        int (*keygen_init)(EVP_PKEY_CTX *ctx),
+        int (*keygen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey))
+        {
+        pmeth->keygen_init = keygen_init;
+        pmeth->keygen = keygen;
+        }
+
+void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth,
+        int (*sign_init)(EVP_PKEY_CTX *ctx),
+        int (*sign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+                                        const unsigned char *tbs, size_t tbslen))
+        {
+        pmeth->sign_init = sign_init;
+        pmeth->sign = sign;
+        }
+
+void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth,
+        int (*verify_init)(EVP_PKEY_CTX *ctx),
+        int (*verify)(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen,
+                                        const unsigned char *tbs, size_t tbslen))
+        {
+        pmeth->verify_init = verify_init;
+        pmeth->verify = verify;
+        }
+
+void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth,
+        int (*verify_recover_init)(EVP_PKEY_CTX *ctx),
+        int (*verify_recover)(EVP_PKEY_CTX *ctx,
+                                        unsigned char *sig, size_t *siglen,
+                                        const unsigned char *tbs, size_t tbslen))
+        {
+        pmeth->verify_recover_init = verify_recover_init;
+        pmeth->verify_recover = verify_recover;
+        }
+
+void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth,
+        int (*signctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx),
+        int (*signctx)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+                                        EVP_MD_CTX *mctx))
+        {
+        pmeth->signctx_init = signctx_init;
+        pmeth->signctx = signctx;
+        }
+
+void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth,
+        int (*verifyctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx),
+        int (*verifyctx)(EVP_PKEY_CTX *ctx, const unsigned char *sig,int siglen,
+                                        EVP_MD_CTX *mctx))
+        {
+        pmeth->verifyctx_init = verifyctx_init;
+        pmeth->verifyctx = verifyctx;
+        }
+
+void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth,
+        int (*encrypt_init)(EVP_PKEY_CTX *ctx),
+        int (*encryptfn)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
+                                        const unsigned char *in, size_t inlen))
+        {
+        pmeth->encrypt_init = encrypt_init;
+        pmeth->encrypt = encryptfn;
+        }
+
+void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth,
+        int (*decrypt_init)(EVP_PKEY_CTX *ctx),
+        int (*decrypt)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
+                                        const unsigned char *in, size_t inlen))
+        {
+        pmeth->decrypt_init = decrypt_init;
+        pmeth->decrypt = decrypt;
+        }
+
+void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth,
+        int (*derive_init)(EVP_PKEY_CTX *ctx),
+        int (*derive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen))
+        {
+        pmeth->derive_init = derive_init;
+        pmeth->derive = derive;
+        }
+
+void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
+        int (*ctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2),
+        int (*ctrl_str)(EVP_PKEY_CTX *ctx, const char *type, const char *value))
+        {
+        pmeth->ctrl = ctrl;
+        pmeth->ctrl_str = ctrl_str;
+        }
diff --git a/src/lib/libcrypto/hmac/hm_ameth.c b/src/lib/libcrypto/hmac/hm_ameth.c
new file mode 100644
index 0000000000..6d8a89149e
--- /dev/null
+++ b/src/lib/libcrypto/hmac/hm_ameth.c
@@ -0,0 +1,167 @@
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2007.
+ */
+/* ====================================================================
+ * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include "asn1_locl.h"
+
+#define HMAC_TEST_PRIVATE_KEY_FORMAT
+
+/* HMAC "ASN1" method. This is just here to indicate the
+ * maximum HMAC output length and to free up an HMAC
+ * key.
+ */
+
+static int hmac_size(const EVP_PKEY *pkey)
+        {
+        return EVP_MAX_MD_SIZE;
+        }
+
+static void hmac_key_free(EVP_PKEY *pkey)
+        {
+        ASN1_OCTET_STRING *os = (ASN1_OCTET_STRING *)pkey->pkey.ptr;
+        if (os)
+                {
+                if (os->data)
+                        OPENSSL_cleanse(os->data, os->length);
+                ASN1_OCTET_STRING_free(os);
+                }
+        }
+
+
+static int hmac_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
+        {
+        switch (op)
+                {
+                case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
+                *(int *)arg2 = NID_sha1;
+                return 1;
+
+                default:
+                return -2;
+                }
+        }
+
+#ifdef HMAC_TEST_PRIVATE_KEY_FORMAT
+/* A bogus private key format for test purposes. This is simply the
+ * HMAC key with "HMAC PRIVATE KEY" in the headers. When enabled the
+ * genpkey utility can be used to "generate" HMAC keys.
+ */
+
+static int old_hmac_decode(EVP_PKEY *pkey,
+                                        const unsigned char **pder, int derlen)
+        {
+        ASN1_OCTET_STRING *os;
+        os = ASN1_OCTET_STRING_new();
+        if (!os || !ASN1_OCTET_STRING_set(os, *pder, derlen))
+                return 0;
+        EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, os);
+        return 1;
+        }
+
+static int old_hmac_encode(const EVP_PKEY *pkey, unsigned char **pder)
+        {
+        int inc;
+        ASN1_OCTET_STRING *os = (ASN1_OCTET_STRING *)pkey->pkey.ptr;
+        if (pder)
+                {
+                if (!*pder)
+                        {
+                        *pder = OPENSSL_malloc(os->length);
+                        inc = 0;
+                        }
+                else inc = 1;
+
+                memcpy(*pder, os->data, os->length);
+
+                if (inc)
+                        *pder += os->length;
+                }
+                        
+        return os->length;
+        }
+
+#endif
+
+const EVP_PKEY_ASN1_METHOD hmac_asn1_meth = 
+        {
+        EVP_PKEY_HMAC,
+        EVP_PKEY_HMAC,
+        0,
+
+        "HMAC",
+        "OpenSSL HMAC method",
+
+        0,0,0,0,
+
+        0,0,0,
+
+        hmac_size,
+        0,
+        0,0,0,0,0,0,
+
+        hmac_key_free,
+        hmac_pkey_ctrl,
+#ifdef HMAC_TEST_PRIVATE_KEY_FORMAT
+        old_hmac_decode,
+        old_hmac_encode
+#else
+        0,0
+#endif
+        };
+
diff --git a/src/lib/libcrypto/hmac/hm_pmeth.c b/src/lib/libcrypto/hmac/hm_pmeth.c
new file mode 100644
index 0000000000..985921ca1a
--- /dev/null
+++ b/src/lib/libcrypto/hmac/hm_pmeth.c
@@ -0,0 +1,265 @@
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2007.
+ */
+/* ====================================================================
+ * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+#include "evp_locl.h"
+
+/* HMAC pkey context structure */
+
+typedef struct
+        {
+        const EVP_MD *md;       /* MD for HMAC use */
+        ASN1_OCTET_STRING ktmp; /* Temp storage for key */
+        HMAC_CTX ctx;
+        } HMAC_PKEY_CTX;
+
+static int pkey_hmac_init(EVP_PKEY_CTX *ctx)
+        {
+        HMAC_PKEY_CTX *hctx;
+        hctx = OPENSSL_malloc(sizeof(HMAC_PKEY_CTX));
+        if (!hctx)
+                return 0;
+        hctx->md = NULL;
+        hctx->ktmp.data = NULL;
+        hctx->ktmp.length = 0;
+        hctx->ktmp.flags = 0;
+        hctx->ktmp.type = V_ASN1_OCTET_STRING;
+        HMAC_CTX_init(&hctx->ctx);
+
+        ctx->data = hctx;
+        ctx->keygen_info_count = 0;
+
+        return 1;
+        }
+
+static int pkey_hmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
+        {
+        HMAC_PKEY_CTX *sctx, *dctx;
+        if (!pkey_hmac_init(dst))
+                return 0;
+        sctx = src->data;
+        dctx = dst->data;
+        dctx->md = sctx->md;
+        HMAC_CTX_init(&dctx->ctx);
+        HMAC_CTX_copy(&dctx->ctx, &sctx->ctx);
+        if (sctx->ktmp.data)
+                {
+                if (!ASN1_OCTET_STRING_set(&dctx->ktmp,
+                                        sctx->ktmp.data, sctx->ktmp.length))
+                        return 0;
+                }
+        return 1;
+        }
+
+static void pkey_hmac_cleanup(EVP_PKEY_CTX *ctx)
+        {
+        HMAC_PKEY_CTX *hctx = ctx->data;
+        HMAC_CTX_cleanup(&hctx->ctx);
+        if (hctx->ktmp.data)
+                {
+                if (hctx->ktmp.length)
+                        OPENSSL_cleanse(hctx->ktmp.data, hctx->ktmp.length);
+                OPENSSL_free(hctx->ktmp.data);
+                hctx->ktmp.data = NULL;
+                }
+        OPENSSL_free(hctx);
+        }
+
+static int pkey_hmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+        {
+        ASN1_OCTET_STRING *hkey = NULL;
+        HMAC_PKEY_CTX *hctx = ctx->data;
+        if (!hctx->ktmp.data)
+                return 0;
+        hkey = ASN1_OCTET_STRING_dup(&hctx->ktmp);
+        if (!hkey)
+                return 0;
+        EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, hkey);
+        
+        return 1;
+        }
+
+static int int_update(EVP_MD_CTX *ctx,const void *data,size_t count)
+        {
+        HMAC_PKEY_CTX *hctx = ctx->pctx->data;
+        HMAC_Update(&hctx->ctx, data, count);
+        return 1;
+        }
+
+static int hmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
+        {
+        EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT);
+        mctx->update = int_update;
+        return 1;
+        }
+
+static int hmac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+                                        EVP_MD_CTX *mctx)
+        {
+        unsigned int hlen;
+        HMAC_PKEY_CTX *hctx = ctx->data;
+        int l = EVP_MD_CTX_size(mctx);
+
+        if (l < 0)
+                return 0;
+        *siglen = l;
+        if (!sig)
+                return 1;
+
+        HMAC_Final(&hctx->ctx, sig, &hlen);
+        *siglen = (size_t)hlen;
+        return 1;
+        }
+
+static int pkey_hmac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+        {
+        HMAC_PKEY_CTX *hctx = ctx->data;
+        ASN1_OCTET_STRING *key;
+        switch (type)
+                {
+
+                case EVP_PKEY_CTRL_SET_MAC_KEY:
+                if ((!p2 && p1 > 0) || (p1 < -1))
+                        return 0;
+                if (!ASN1_OCTET_STRING_set(&hctx->ktmp, p2, p1))
+                        return 0;
+                break;
+
+                case EVP_PKEY_CTRL_MD:
+                hctx->md = p2;
+                break;
+
+                case EVP_PKEY_CTRL_DIGESTINIT:
+                key = (ASN1_OCTET_STRING *)ctx->pkey->pkey.ptr;
+                HMAC_Init_ex(&hctx->ctx, key->data, key->length, hctx->md,
+                                ctx->engine);
+                break;
+
+                default:
+                return -2;
+
+                }
+        return 1;
+        }
+
+static int pkey_hmac_ctrl_str(EVP_PKEY_CTX *ctx,
+                        const char *type, const char *value)
+        {
+        if (!value)
+                {
+                return 0;
+                }
+        if (!strcmp(type, "key"))
+                {
+                void *p = (void *)value;
+                return pkey_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY,
+                                -1, p);
+                }
+        if (!strcmp(type, "hexkey"))
+                {
+                unsigned char *key;
+                int r;
+                long keylen;
+                key = string_to_hex(value, &keylen);
+                if (!key)
+                        return 0;
+                r = pkey_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, keylen, key);
+                OPENSSL_free(key);
+                return r;
+                }
+        return -2;
+        }
+
+const EVP_PKEY_METHOD hmac_pkey_meth = 
+        {
+        EVP_PKEY_HMAC,
+        0,
+        pkey_hmac_init,
+        pkey_hmac_copy,
+        pkey_hmac_cleanup,
+
+        0, 0,
+
+        0,
+        pkey_hmac_keygen,
+
+        0, 0,
+
+        0, 0,
+
+        0,0,
+
+        hmac_signctx_init,
+        hmac_signctx,
+
+        0,0,
+
+        0,0,
+
+        0,0,
+
+        0,0,
+
+        pkey_hmac_ctrl,
+        pkey_hmac_ctrl_str
+
+        };
diff --git a/src/lib/libcrypto/ia64cpuid.S b/src/lib/libcrypto/ia64cpuid.S
index 04fbb3439e..d705fff7ee 100644
--- a/src/lib/libcrypto/ia64cpuid.S
+++ b/src/lib/libcrypto/ia64cpuid.S
@@ -1,6 +1,13 @@
 // Works on all IA-64 platforms: Linux, HP-UX, Win64i...
 // On Win64i compile with ias.exe.
 .text
+
+.global OPENSSL_cpuid_setup#
+.proc   OPENSSL_cpuid_setup#
+OPENSSL_cpuid_setup:
+{ .mib; br.ret.sptk.many        b0              };;
+.endp   OPENSSL_cpuid_setup#
+
 .global OPENSSL_rdtsc#
 .proc   OPENSSL_rdtsc#
 OPENSSL_rdtsc:
@@ -119,3 +126,42 @@ OPENSSL_wipe_cpu:
         mov             ar.lc=r3
         br.ret.sptk     b0              };;
 .endp   OPENSSL_wipe_cpu#
+
+.global OPENSSL_cleanse#
+.proc   OPENSSL_cleanse#
+OPENSSL_cleanse:
+{ .mib; cmp.eq          p6,p0=0,r33         // len==0
+#if defined(_HPUX_SOURCE) && !defined(_LP64)
+        addp4           r32=0,r32
+#endif
+(p6)    br.ret.spnt     b0              };;
+{ .mib; and             r2=7,r32
+        cmp.leu         p6,p0=15,r33        // len>=15
+(p6)    br.cond.dptk    .Lot            };;
+
+.Little:
+{ .mib; st1             [r32]=r0,1
+        cmp.ltu         p6,p7=1,r33     }  // len>1
+{ .mbb; add             r33=-1,r33         // len--
+(p6)    br.cond.dptk    .Little
+(p7)    br.ret.sptk.many        b0      };;
+
+.Lot:
+{ .mib; cmp.eq          p6,p0=0,r2
+(p6)    br.cond.dptk    .Laligned       };;
+{ .mmi; st1             [r32]=r0,1;;
+        and             r2=7,r32        }
+{ .mib; add             r33=-1,r33
+        br              .Lot            };;
+
+.Laligned:
+{ .mmi; st8             [r32]=r0,8
+        and             r2=-8,r33           // len&~7
+        add             r33=-8,r33      };; // len-=8
+{ .mib; cmp.ltu         p6,p0=8,r2          // ((len+8)&~7)>8
+(p6)    br.cond.dptk    .Laligned       };;
+
+{ .mbb; cmp.eq          p6,p7=r0,r33
+(p7)    br.cond.dpnt    .Little
+(p6)    br.ret.sptk.many        b0      };;
+.endp   OPENSSL_cleanse#
diff --git a/src/lib/libcrypto/md5/asm/md5-ia64.S b/src/lib/libcrypto/md5/asm/md5-ia64.S
new file mode 100644
index 0000000000..e7de08d46a
--- /dev/null
+++ b/src/lib/libcrypto/md5/asm/md5-ia64.S
@@ -0,0 +1,992 @@
+/* Copyright (c) 2005 Hewlett-Packard Development Company, L.P.
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.  */
+
+//      Common registers are assigned as follows:
+//
+//      COMMON
+//
+//      t0              Const Tbl Ptr   TPtr
+//      t1              Round Constant  TRound
+//      t4              Block residual  LenResid
+//      t5              Residual Data   DTmp
+//
+//      {in,out}0       Block 0 Cycle   RotateM0
+//      {in,out}1       Block Value 12  M12
+//      {in,out}2       Block Value 8   M8
+//      {in,out}3       Block Value 4   M4
+//      {in,out}4       Block Value 0   M0
+//      {in,out}5       Block 1 Cycle   RotateM1
+//      {in,out}6       Block Value 13  M13
+//      {in,out}7       Block Value 9   M9
+//      {in,out}8       Block Value 5   M5
+//      {in,out}9       Block Value 1   M1
+//      {in,out}10      Block 2 Cycle   RotateM2
+//      {in,out}11      Block Value 14  M14
+//      {in,out}12      Block Value 10  M10
+//      {in,out}13      Block Value 6   M6
+//      {in,out}14      Block Value 2   M2
+//      {in,out}15      Block 3 Cycle   RotateM3
+//      {in,out}16      Block Value 15  M15
+//      {in,out}17      Block Value 11  M11
+//      {in,out}18      Block Value 7   M7
+//      {in,out}19      Block Value 3   M3
+//      {in,out}20      Scratch                 Z
+//      {in,out}21      Scratch                 Y
+//      {in,out}22      Scratch                 X
+//      {in,out}23      Scratch                 W
+//      {in,out}24      Digest A                A
+//      {in,out}25      Digest B                B
+//      {in,out}26      Digest C                C
+//      {in,out}27      Digest D                D
+//      {in,out}28      Active Data Ptr DPtr
+//      in28            Dummy Value             -
+//      out28           Dummy Value             -
+//      bt0                     Coroutine Link  QUICK_RTN
+//
+///     These predicates are used for computing the padding block(s) and
+///     are shared between the driver and digest co-routines
+//
+//      pt0                     Extra Pad Block pExtra
+//      pt1                     Load next word  pLoad
+//      pt2                     Skip next word  pSkip
+//      pt3                     Search for Pad  pNoPad
+//      pt4                     Pad Word 0              pPad0
+//      pt5                     Pad Word 1              pPad1
+//      pt6                     Pad Word 2              pPad2
+//      pt7                     Pad Word 3              pPad3
+
+#define DTmp            r19
+#define LenResid        r18
+#define QUICK_RTN       b6
+#define TPtr            r14
+#define TRound          r15
+#define pExtra          p6
+#define pLoad           p7
+#define pNoPad          p9
+#define pPad0           p10
+#define pPad1           p11
+#define pPad2           p12
+#define pPad3           p13
+#define pSkip           p8
+
+#define A_              out24
+#define B_              out25
+#define C_              out26
+#define D_              out27
+#define DPtr_           out28
+#define M0_             out4
+#define M1_             out9
+#define M10_            out12
+#define M11_            out17
+#define M12_            out1
+#define M13_            out6
+#define M14_            out11
+#define M15_            out16
+#define M2_             out14
+#define M3_             out19
+#define M4_             out3
+#define M5_             out8
+#define M6_             out13
+#define M7_             out18
+#define M8_             out2
+#define M9_             out7
+#define RotateM0_       out0
+#define RotateM1_       out5
+#define RotateM2_       out10
+#define RotateM3_       out15
+#define W_              out23
+#define X_              out22
+#define Y_              out21
+#define Z_              out20
+
+#define A               in24
+#define B               in25
+#define C               in26
+#define D               in27
+#define DPtr            in28
+#define M0              in4
+#define M1              in9
+#define M10             in12
+#define M11             in17
+#define M12             in1
+#define M13             in6
+#define M14             in11
+#define M15             in16
+#define M2              in14
+#define M3              in19
+#define M4              in3
+#define M5              in8
+#define M6              in13
+#define M7              in18
+#define M8              in2
+#define M9              in7
+#define RotateM0        in0
+#define RotateM1        in5
+#define RotateM2        in10
+#define RotateM3        in15
+#define W               in23
+#define X               in22
+#define Y               in21
+#define Z               in20
+
+/* register stack configuration for md5_block_asm_data_order(): */
+#define MD5_NINP        3
+#define MD5_NLOC        0
+#define MD5_NOUT        29
+#define MD5_NROT        0
+
+/* register stack configuration for helpers: */
+#define _NINPUTS        MD5_NOUT
+#define _NLOCALS        0
+#define _NOUTPUT        0
+#define _NROTATE        24      /* this must be <= _NINPUTS */
+
+#if defined(_HPUX_SOURCE) && !defined(_LP64)
+#define ADDP    addp4
+#else
+#define ADDP    add
+#endif
+
+#if defined(_HPUX_SOURCE) || defined(B_ENDIAN)
+#define HOST_IS_BIG_ENDIAN
+#endif
+
+//      Macros for getting the left and right portions of little-endian words
+
+#define GETLW(dst, src, align)  dep.z dst = src, 32 - 8 * align, 8 * align
+#define GETRW(dst, src, align)  extr.u dst = src, 8 * align, 32 - 8 * align
+
+//      MD5 driver
+//
+//              Reads an input block, then calls the digest block
+//              subroutine and adds the results to the accumulated
+//              digest.  It allocates 32 outs which the subroutine
+//              uses as it's inputs and rotating
+//              registers. Initializes the round constant pointer and
+//              takes care of saving/restoring ar.lc
+//
+///     INPUT
+//
+//      in0             Context Ptr             CtxPtr0
+//      in1             Input Data Ptr          DPtrIn
+//      in2             Integral Blocks         BlockCount
+//      rp              Return Address          -
+//
+///     CODE
+//
+//      v2              Input Align             InAlign
+//      t0              Shared w/digest         -
+//      t1              Shared w/digest         -
+//      t2              Shared w/digest         -
+//      t3              Shared w/digest         -
+//      t4              Shared w/digest         -
+//      t5              Shared w/digest         -
+//      t6              PFS Save                PFSSave
+//      t7              ar.lc Save              LCSave
+//      t8              Saved PR                PRSave
+//      t9              2nd CtxPtr              CtxPtr1
+//      t10             Table Base              CTable
+//      t11             Table[0]                CTable0
+//      t13             Accumulator A           AccumA
+//      t14             Accumulator B           AccumB
+//      t15             Accumulator C           AccumC
+//      t16             Accumulator D           AccumD
+//      pt0             Shared w/digest         -
+//      pt1             Shared w/digest         -
+//      pt2             Shared w/digest         -
+//      pt3             Shared w/digest         -
+//      pt4             Shared w/digest         -
+//      pt5             Shared w/digest         -
+//      pt6             Shared w/digest         -
+//      pt7             Shared w/digest         -
+//      pt8             Not Aligned             pOff
+//      pt8             Blocks Left             pAgain
+
+#define AccumA          r27
+#define AccumB          r28
+#define AccumC          r29
+#define AccumD          r30
+#define CTable          r24
+#define CTable0         r25
+#define CtxPtr0         in0
+#define CtxPtr1         r23
+#define DPtrIn          in1
+#define BlockCount      in2
+#define InAlign         r10
+#define LCSave          r21
+#define PFSSave         r20
+#define PRSave          r22
+#define pAgain          p63
+#define pOff            p63
+
+        .text
+
+/* md5_block_asm_data_order(MD5_CTX *c, const void *data, size_t num)
+
+     where:
+      c: a pointer to a structure of this type:
+
+           typedef struct MD5state_st
+             {
+               MD5_LONG A,B,C,D;
+               MD5_LONG Nl,Nh;
+               MD5_LONG data[MD5_LBLOCK];
+               unsigned int num;
+             }
+           MD5_CTX;
+
+      data: a pointer to the input data (may be misaligned)
+      num:  the number of 16-byte blocks to hash (i.e., the length
+            of DATA is 16*NUM.
+
+   */
+
+        .type   md5_block_asm_data_order, @function
+        .global md5_block_asm_data_order
+        .align  32
+        .proc   md5_block_asm_data_order
+md5_block_asm_data_order:
+.md5_block:
+        .prologue
+{       .mmi
+        .save   ar.pfs, PFSSave
+        alloc   PFSSave = ar.pfs, MD5_NINP, MD5_NLOC, MD5_NOUT, MD5_NROT
+        ADDP    CtxPtr1 = 8, CtxPtr0
+        mov     CTable = ip
+}
+{       .mmi
+        ADDP    DPtrIn = 0, DPtrIn
+        ADDP    CtxPtr0 = 0, CtxPtr0
+        .save   ar.lc, LCSave
+        mov     LCSave = ar.lc
+}
+;;
+{       .mmi
+        add     CTable = .md5_tbl_data_order#-.md5_block#, CTable
+        and     InAlign = 0x3, DPtrIn
+}
+
+{       .mmi
+        ld4     AccumA = [CtxPtr0], 4
+        ld4     AccumC = [CtxPtr1], 4
+        .save pr, PRSave
+        mov     PRSave = pr
+        .body
+}
+;;
+{       .mmi
+        ld4     AccumB = [CtxPtr0]
+        ld4     AccumD = [CtxPtr1]
+        dep     DPtr_ = 0, DPtrIn, 0, 2
+} ;;
+#ifdef HOST_IS_BIG_ENDIAN
+        rum     psr.be;;        // switch to little-endian
+#endif
+{       .mmb
+        ld4     CTable0 = [CTable], 4
+        cmp.ne  pOff, p0 = 0, InAlign
+(pOff)  br.cond.spnt.many .md5_unaligned
+} ;;
+
+//      The FF load/compute loop rotates values three times, so that
+//      loading into M12 here produces the M0 value, M13 -> M1, etc.
+
+.md5_block_loop0:
+{       .mmi
+        ld4     M12_ = [DPtr_], 4
+        mov     TPtr = CTable
+        mov     TRound = CTable0
+} ;;
+{       .mmi
+        ld4     M13_ = [DPtr_], 4
+        mov     A_ = AccumA
+        mov     B_ = AccumB
+} ;;
+{       .mmi
+        ld4     M14_ = [DPtr_], 4
+        mov     C_ = AccumC
+        mov     D_ = AccumD
+} ;;
+{       .mmb
+        ld4     M15_ = [DPtr_], 4
+        add     BlockCount = -1, BlockCount
+        br.call.sptk.many QUICK_RTN = md5_digest_block0
+} ;;
+
+//      Now, we add the new digest values and do some clean-up
+//      before checking if there's another full block to process
+
+{       .mmi
+        add     AccumA = AccumA, A_
+        add     AccumB = AccumB, B_
+        cmp.ne  pAgain, p0 = 0, BlockCount
+}
+{       .mib
+        add     AccumC = AccumC, C_
+        add     AccumD = AccumD, D_
+(pAgain) br.cond.dptk.many .md5_block_loop0
+} ;;
+
+.md5_exit:
+#ifdef HOST_IS_BIG_ENDIAN
+        sum     psr.be;;        // switch back to big-endian mode
+#endif
+{       .mmi
+        st4     [CtxPtr0] = AccumB, -4
+        st4     [CtxPtr1] = AccumD, -4
+        mov     pr = PRSave, 0x1ffff ;;
+}
+{       .mmi
+        st4     [CtxPtr0] = AccumA
+        st4     [CtxPtr1] = AccumC
+        mov     ar.lc = LCSave
+} ;;
+{       .mib
+        mov     ar.pfs = PFSSave
+        br.ret.sptk.few rp
+} ;;
+
+#define MD5UNALIGNED(offset)                                            \
+.md5_process##offset:                                                   \
+{       .mib ;                                                          \
+        nop     0x0     ;                                               \
+        GETRW(DTmp, DTmp, offset) ;                                     \
+} ;;                                                                    \
+.md5_block_loop##offset:                                                \
+{       .mmi ;                                                          \
+        ld4     Y_ = [DPtr_], 4 ;                                       \
+        mov     TPtr = CTable ;                                         \
+        mov     TRound = CTable0 ;                                      \
+} ;;                                                                    \
+{       .mmi ;                                                          \
+        ld4     M13_ = [DPtr_], 4 ;                                     \
+        mov     A_ = AccumA ;                                           \
+        mov     B_ = AccumB ;                                           \
+} ;;                                                                    \
+{       .mii ;                                                          \
+        ld4     M14_ = [DPtr_], 4 ;                                     \
+        GETLW(W_, Y_, offset) ;                                         \
+        mov     C_ = AccumC ;                                           \
+}                                                                       \
+{       .mmi ;                                                          \
+        mov     D_ = AccumD ;;                                          \
+        or      M12_ = W_, DTmp ;                                       \
+        GETRW(DTmp, Y_, offset) ;                                       \
+}                                                                       \
+{       .mib ;                                                          \
+        ld4     M15_ = [DPtr_], 4 ;                                     \
+        add     BlockCount = -1, BlockCount ;                           \
+        br.call.sptk.many QUICK_RTN = md5_digest_block##offset;         \
+} ;;                                                                    \
+{       .mmi ;                                                          \
+        add     AccumA = AccumA, A_ ;                                   \
+        add     AccumB = AccumB, B_ ;                                   \
+        cmp.ne  pAgain, p0 = 0, BlockCount ;                            \
+}                                                                       \
+{       .mib ;                                                          \
+        add     AccumC = AccumC, C_ ;                                   \
+        add     AccumD = AccumD, D_ ;                                   \
+(pAgain) br.cond.dptk.many .md5_block_loop##offset ;                    \
+} ;;                                                                    \
+{       .mib ;                                                          \
+        nop     0x0 ;                                                   \
+        nop     0x0 ;                                                   \
+        br.cond.sptk.many .md5_exit ;                                   \
+} ;;
+
+        .align  32
+.md5_unaligned:
+//
+//      Because variable shifts are expensive, we special case each of
+//      the four alignements. In practice, this won't hurt too much
+//      since only one working set of code will be loaded.
+//
+{       .mib
+        ld4     DTmp = [DPtr_], 4
+        cmp.eq  pOff, p0 = 1, InAlign
+(pOff)  br.cond.dpnt.many .md5_process1
+} ;;
+{       .mib
+        cmp.eq  pOff, p0 = 2, InAlign
+        nop     0x0
+(pOff)  br.cond.dpnt.many .md5_process2
+} ;;
+        MD5UNALIGNED(3)
+        MD5UNALIGNED(1)
+        MD5UNALIGNED(2)
+
+        .endp md5_block_asm_data_order
+
+
+// MD5 Perform the F function and load
+//
+// Passed the first 4 words (M0 - M3) and initial (A, B, C, D) values,
+// computes the FF() round of functions, then branches to the common
+// digest code to finish up with GG(), HH, and II().
+//
+// INPUT
+//
+// rp Return Address -
+//
+// CODE
+//
+// v0 PFS bit bucket PFS
+// v1 Loop Trip Count LTrip
+// pt0 Load next word pMore
+
+/* For F round: */
+#define LTrip   r9
+#define PFS     r8
+#define pMore   p6
+
+/* For GHI rounds: */
+#define T       r9
+#define U       r10
+#define V       r11
+
+#define COMPUTE(a, b, s, M, R)                  \
+{                                               \
+        .mii ;                                  \
+        ld4 TRound = [TPtr], 4 ;                \
+        dep.z Y = Z, 32, 32 ;;                  \
+        shrp Z = Z, Y, 64 - s ;                 \
+} ;;                                            \
+{                                               \
+        .mmi ;                                  \
+        add a = Z, b ;                          \
+        mov R = M ;                             \
+        nop 0x0 ;                               \
+} ;;
+
+#define LOOP(a, b, s, M, R, label)              \
+{       .mii ;                                  \
+        ld4 TRound = [TPtr], 4 ;                \
+        dep.z Y = Z, 32, 32 ;;                  \
+        shrp Z = Z, Y, 64 - s ;                 \
+} ;;                                            \
+{       .mib ;                                  \
+        add a = Z, b ;                          \
+        mov R = M ;                             \
+        br.ctop.sptk.many label ;               \
+} ;;
+
+// G(B, C, D) = (B & D) | (C & ~D)
+
+#define G(a, b, c, d, M)                        \
+{       .mmi ;                                  \
+        add Z = M, TRound ;                     \
+        and Y = b, d ;                          \
+        andcm X = c, d ;                        \
+} ;;                                            \
+{       .mii ;                                  \
+        add Z = Z, a ;                          \
+        or Y = Y, X ;;                          \
+        add Z = Z, Y ;                          \
+} ;;
+
+// H(B, C, D) = B ^ C ^ D
+
+#define H(a, b, c, d, M)                        \
+{       .mmi ;                                  \
+        add Z = M, TRound ;                     \
+        xor Y = b, c ;                          \
+        nop 0x0 ;                               \
+} ;;                                            \
+{       .mii ;                                  \
+        add Z = Z, a ;                          \
+        xor Y = Y, d ;;                         \
+        add Z = Z, Y ;                          \
+} ;;
+
+// I(B, C, D) = C ^ (B | ~D)
+//
+// However, since we have an andcm operator, we use the fact that
+//
+// Y ^ Z == ~Y ^ ~Z
+//
+// to rewrite the expression as
+//
+// I(B, C, D) = ~C ^ (~B & D)
+
+#define I(a, b, c, d, M)                        \
+{       .mmi ;                                  \
+        add Z = M, TRound ;                     \
+        andcm Y = d, b ;                        \
+        andcm X = -1, c ;                       \
+} ;;                                            \
+{       .mii ;                                  \
+        add Z = Z, a ;                          \
+        xor Y = Y, X ;;                         \
+        add Z = Z, Y ;                          \
+} ;;
+
+#define GG4(label)                              \
+        G(A, B, C, D, M0)                       \
+        COMPUTE(A, B, 5, M0, RotateM0)          \
+        G(D, A, B, C, M1)                       \
+        COMPUTE(D, A, 9, M1, RotateM1)          \
+        G(C, D, A, B, M2)                       \
+        COMPUTE(C, D, 14, M2, RotateM2)         \
+        G(B, C, D, A, M3)                       \
+        LOOP(B, C, 20, M3, RotateM3, label)
+
+#define HH4(label)                              \
+        H(A, B, C, D, M0)                       \
+        COMPUTE(A, B, 4, M0, RotateM0)          \
+        H(D, A, B, C, M1)                       \
+        COMPUTE(D, A, 11, M1, RotateM1)         \
+        H(C, D, A, B, M2)                       \
+        COMPUTE(C, D, 16, M2, RotateM2)         \
+        H(B, C, D, A, M3)                       \
+        LOOP(B, C, 23, M3, RotateM3, label)
+
+#define II4(label)                              \
+        I(A, B, C, D, M0)                       \
+        COMPUTE(A, B, 6, M0, RotateM0)          \
+        I(D, A, B, C, M1)                       \
+        COMPUTE(D, A, 10, M1, RotateM1)         \
+        I(C, D, A, B, M2)                       \
+        COMPUTE(C, D, 15, M2, RotateM2)         \
+        I(B, C, D, A, M3)                       \
+        LOOP(B, C, 21, M3, RotateM3, label)
+
+#define FFLOAD(a, b, c, d, M, N, s)             \
+{       .mii ;                                  \
+(pMore) ld4 N = [DPtr], 4 ;                     \
+        add Z = M, TRound ;                     \
+        and Y = c, b ;                          \
+}                                               \
+{       .mmi ;                                  \
+        andcm X = d, b ;;                       \
+        add Z = Z, a ;                          \
+        or Y = Y, X ;                           \
+} ;;                                            \
+{       .mii ;                                  \
+        ld4 TRound = [TPtr], 4 ;                \
+        add Z = Z, Y ;;                         \
+        dep.z Y = Z, 32, 32 ;                   \
+} ;;                                            \
+{       .mii ;                                  \
+        nop 0x0 ;                               \
+        shrp Z = Z, Y, 64 - s ;;                \
+        add a = Z, b ;                          \
+} ;;
+
+#define FFLOOP(a, b, c, d, M, N, s, dest)       \
+{       .mii ;                                  \
+(pMore) ld4 N = [DPtr], 4 ;                     \
+        add Z = M, TRound ;                     \
+        and Y = c, b ;                          \
+}                                               \
+{       .mmi ;                                  \
+        andcm X = d, b ;;                       \
+        add Z = Z, a ;                          \
+        or Y = Y, X ;                           \
+} ;;                                            \
+{       .mii ;                                  \
+        ld4 TRound = [TPtr], 4 ;                \
+        add Z = Z, Y ;;                         \
+        dep.z Y = Z, 32, 32 ;                   \
+} ;;                                            \
+{       .mii ;                                  \
+        nop 0x0 ;                               \
+        shrp Z = Z, Y, 64 - s ;;                \
+        add a = Z, b ;                          \
+}                                               \
+{       .mib ;                                  \
+        cmp.ne pMore, p0 = 0, LTrip ;           \
+        add LTrip = -1, LTrip ;                 \
+        br.ctop.dptk.many dest ;                \
+} ;;
+
+        .type md5_digest_block0, @function
+        .align 32
+
+        .proc md5_digest_block0
+        .prologue
+md5_digest_block0:
+        .altrp QUICK_RTN
+        .body
+{       .mmi
+        alloc PFS = ar.pfs, _NINPUTS, _NLOCALS, _NOUTPUT, _NROTATE
+        mov LTrip = 2
+        mov ar.lc = 3
+} ;;
+{       .mii
+        cmp.eq pMore, p0 = r0, r0
+        mov ar.ec = 0
+        nop 0x0
+} ;;
+
+.md5_FF_round0:
+        FFLOAD(A, B, C, D, M12, RotateM0, 7)
+        FFLOAD(D, A, B, C, M13, RotateM1, 12)
+        FFLOAD(C, D, A, B, M14, RotateM2, 17)
+        FFLOOP(B, C, D, A, M15, RotateM3, 22, .md5_FF_round0)
+        //
+        // !!! Fall through to md5_digest_GHI
+        //
+        .endp md5_digest_block0
+
+        .type md5_digest_GHI, @function
+        .align 32
+
+        .proc md5_digest_GHI
+        .prologue
+        .regstk _NINPUTS, _NLOCALS, _NOUTPUT, _NROTATE
+md5_digest_GHI:
+        .altrp QUICK_RTN
+        .body
+//
+// The following sequence shuffles the block counstants round for the
+// next round:
+//
+// 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
+// 1 6 11 0 5 10 14 4 9 14 3 8 13 2 7 12
+//
+{       .mmi
+        mov Z = M0
+        mov Y = M15
+        mov ar.lc = 3
+}
+{       .mmi
+        mov X = M2
+        mov W = M9
+        mov V = M4
+} ;;
+
+{       .mmi
+        mov M0 = M1
+        mov M15 = M12
+        mov ar.ec = 1
+}
+{       .mmi
+        mov M2 = M11
+        mov M9 = M14
+        mov M4 = M5
+} ;;
+
+{       .mmi
+        mov M1 = M6
+        mov M12 = M13
+        mov U = M3
+}
+{       .mmi
+        mov M11 = M8
+        mov M14 = M7
+        mov M5 = M10
+} ;;
+
+{       .mmi
+        mov M6 = Y
+        mov M13 = X
+        mov M3 = Z
+}
+{       .mmi
+        mov M8 = W
+        mov M7 = V
+        mov M10 = U
+} ;;
+
+.md5_GG_round:
+        GG4(.md5_GG_round)
+
+// The following sequence shuffles the block constants round for the
+// next round:
+//
+// 1 6 11 0 5 10 14 4 9 14 3 8 13 2 7 12
+// 5 8 11 14 1 4 7 10 13 0 3 6 9 12 15 2
+
+{       .mmi
+        mov Z = M0
+        mov Y = M1
+        mov ar.lc = 3
+}
+{       .mmi
+        mov X = M3
+        mov W = M5
+        mov V = M6
+} ;;
+
+{       .mmi
+        mov M0 = M4
+        mov M1 = M11
+        mov ar.ec = 1
+}
+{       .mmi
+        mov M3 = M9
+        mov U = M8
+        mov T = M13
+} ;;
+
+{       .mmi
+        mov M4 = Z
+        mov M11 = Y
+        mov M5 = M7
+}
+{       .mmi
+        mov M6 = M14
+        mov M8 = M12
+        mov M13 = M15
+} ;;
+
+{       .mmi
+        mov M7 = W
+        mov M14 = V
+        nop 0x0
+}
+{       .mmi
+        mov M9 = X
+        mov M12 = U
+        mov M15 = T
+} ;;
+
+.md5_HH_round:
+        HH4(.md5_HH_round)
+
+// The following sequence shuffles the block constants round for the
+// next round:
+//
+// 5 8 11 14 1 4 7 10 13 0 3 6 9 12 15 2
+// 0 7 14 5 12 3 10 1 8 15 6 13 4 11 2 9
+
+{       .mmi
+        mov Z = M0
+        mov Y = M15
+        mov ar.lc = 3
+}
+{       .mmi
+        mov X = M10
+        mov W = M1
+        mov V = M4
+} ;;
+
+{       .mmi
+        mov M0 = M9
+        mov M15 = M12
+        mov ar.ec = 1
+}
+{       .mmi
+        mov M10 = M11
+        mov M1 = M6
+        mov M4 = M13
+} ;;
+
+{       .mmi
+        mov M9 = M14
+        mov M12 = M5
+        mov U = M3
+}
+{       .mmi
+        mov M11 = M8
+        mov M6 = M7
+        mov M13 = M2
+} ;;
+
+{       .mmi
+        mov M14 = Y
+        mov M5 = X
+        mov M3 = Z
+}
+{       .mmi
+        mov M8 = W
+        mov M7 = V
+        mov M2 = U
+} ;;
+
+.md5_II_round:
+        II4(.md5_II_round)
+
+{       .mib
+        nop 0x0
+        nop 0x0
+        br.ret.sptk.many QUICK_RTN
+} ;;
+
+        .endp md5_digest_GHI
+
+#define FFLOADU(a, b, c, d, M, P, N, s, offset) \
+{       .mii ;                                  \
+(pMore) ld4 N = [DPtr], 4 ;                     \
+        add Z = M, TRound ;                     \
+        and Y = c, b ;                          \
+}                                               \
+{       .mmi ;                                  \
+        andcm X = d, b ;;                       \
+        add Z = Z, a ;                          \
+        or Y = Y, X ;                           \
+} ;;                                            \
+{       .mii ;                                  \
+        ld4 TRound = [TPtr], 4 ;                \
+        GETLW(W, P, offset) ;                   \
+        add Z = Z, Y ;                          \
+} ;;                                            \
+{       .mii ;                                  \
+        or W = W, DTmp ;                        \
+        dep.z Y = Z, 32, 32 ;;                  \
+        shrp Z = Z, Y, 64 - s ;                 \
+} ;;                                            \
+{       .mii ;                                  \
+        add a = Z, b ;                          \
+        GETRW(DTmp, P, offset) ;                \
+        mov P = W ;                             \
+} ;;
+
+#define FFLOOPU(a, b, c, d, M, P, N, s, offset)         \
+{       .mii ;                                          \
+(pMore) ld4 N = [DPtr], 4 ;                             \
+        add Z = M, TRound ;                             \
+        and Y = c, b ;                                  \
+}                                                       \
+{       .mmi ;                                          \
+        andcm X = d, b ;;                               \
+        add Z = Z, a ;                                  \
+        or Y = Y, X ;                                   \
+} ;;                                                    \
+{       .mii ;                                          \
+        ld4 TRound = [TPtr], 4 ;                        \
+(pMore) GETLW(W, P, offset)     ;                       \
+        add Z = Z, Y ;                                  \
+} ;;                                                    \
+{       .mii ;                                          \
+(pMore) or W = W, DTmp ;                                \
+        dep.z Y = Z, 32, 32 ;;                          \
+        shrp Z = Z, Y, 64 - s ;                         \
+} ;;                                                    \
+{       .mii ;                                          \
+        add a = Z, b ;                                  \
+(pMore) GETRW(DTmp, P, offset)  ;                       \
+(pMore) mov P = W ;                                     \
+}                                                       \
+{       .mib ;                                          \
+        cmp.ne pMore, p0 = 0, LTrip ;                   \
+        add LTrip = -1, LTrip ;                         \
+        br.ctop.sptk.many .md5_FF_round##offset ;       \
+} ;;
+
+#define MD5FBLOCK(offset)                                               \
+        .type md5_digest_block##offset, @function ;                     \
+                                                                        \
+        .align 32 ;                                                     \
+        .proc md5_digest_block##offset ;                                \
+        .prologue ;                                                     \
+        .altrp QUICK_RTN ;                                              \
+        .body ;                                                         \
+md5_digest_block##offset:                                               \
+{       .mmi ;                                                          \
+        alloc PFS = ar.pfs, _NINPUTS, _NLOCALS, _NOUTPUT, _NROTATE ;    \
+        mov LTrip = 2 ;                                                 \
+        mov ar.lc = 3 ;                                                 \
+} ;;                                                                    \
+{       .mii ;                                                          \
+        cmp.eq pMore, p0 = r0, r0 ;                                     \
+        mov ar.ec = 0 ;                                                 \
+        nop 0x0 ;                                                       \
+} ;;                                                                    \
+                                                                        \
+        .pred.rel "mutex", pLoad, pSkip ;                               \
+.md5_FF_round##offset:                                                  \
+        FFLOADU(A, B, C, D, M12, M13, RotateM0, 7, offset)              \
+        FFLOADU(D, A, B, C, M13, M14, RotateM1, 12, offset)             \
+        FFLOADU(C, D, A, B, M14, M15, RotateM2, 17, offset)             \
+        FFLOOPU(B, C, D, A, M15, RotateM0, RotateM3, 22, offset)        \
+                                                                        \
+{       .mib ;                                                          \
+        nop 0x0 ;                                                       \
+        nop 0x0 ;                                                       \
+        br.cond.sptk.many md5_digest_GHI ;                              \
+} ;;                                                                    \
+        .endp md5_digest_block##offset
+
+MD5FBLOCK(1)
+MD5FBLOCK(2)
+MD5FBLOCK(3)
+
+        .align 64
+        .type md5_constants, @object
+md5_constants:
+.md5_tbl_data_order:                    // To ensure little-endian data
+                                        // order, code as bytes.
+        data1 0x78, 0xa4, 0x6a, 0xd7    //     0
+        data1 0x56, 0xb7, 0xc7, 0xe8    //     1
+        data1 0xdb, 0x70, 0x20, 0x24    //     2
+        data1 0xee, 0xce, 0xbd, 0xc1    //     3
+        data1 0xaf, 0x0f, 0x7c, 0xf5    //     4
+        data1 0x2a, 0xc6, 0x87, 0x47    //     5
+        data1 0x13, 0x46, 0x30, 0xa8    //     6
+        data1 0x01, 0x95, 0x46, 0xfd    //     7
+        data1 0xd8, 0x98, 0x80, 0x69    //     8
+        data1 0xaf, 0xf7, 0x44, 0x8b    //     9
+        data1 0xb1, 0x5b, 0xff, 0xff    //    10
+        data1 0xbe, 0xd7, 0x5c, 0x89    //    11
+        data1 0x22, 0x11, 0x90, 0x6b    //    12
+        data1 0x93, 0x71, 0x98, 0xfd    //    13
+        data1 0x8e, 0x43, 0x79, 0xa6    //    14
+        data1 0x21, 0x08, 0xb4, 0x49    //    15
+        data1 0x62, 0x25, 0x1e, 0xf6    //    16
+        data1 0x40, 0xb3, 0x40, 0xc0    //    17
+        data1 0x51, 0x5a, 0x5e, 0x26    //    18
+        data1 0xaa, 0xc7, 0xb6, 0xe9    //    19
+        data1 0x5d, 0x10, 0x2f, 0xd6    //    20
+        data1 0x53, 0x14, 0x44, 0x02    //    21
+        data1 0x81, 0xe6, 0xa1, 0xd8    //    22
+        data1 0xc8, 0xfb, 0xd3, 0xe7    //    23
+        data1 0xe6, 0xcd, 0xe1, 0x21    //    24
+        data1 0xd6, 0x07, 0x37, 0xc3    //    25
+        data1 0x87, 0x0d, 0xd5, 0xf4    //    26
+        data1 0xed, 0x14, 0x5a, 0x45    //    27
+        data1 0x05, 0xe9, 0xe3, 0xa9    //    28
+        data1 0xf8, 0xa3, 0xef, 0xfc    //    29
+        data1 0xd9, 0x02, 0x6f, 0x67    //    30
+        data1 0x8a, 0x4c, 0x2a, 0x8d    //    31
+        data1 0x42, 0x39, 0xfa, 0xff    //    32
+        data1 0x81, 0xf6, 0x71, 0x87    //    33
+        data1 0x22, 0x61, 0x9d, 0x6d    //    34
+        data1 0x0c, 0x38, 0xe5, 0xfd    //    35
+        data1 0x44, 0xea, 0xbe, 0xa4    //    36
+        data1 0xa9, 0xcf, 0xde, 0x4b    //    37
+        data1 0x60, 0x4b, 0xbb, 0xf6    //    38
+        data1 0x70, 0xbc, 0xbf, 0xbe    //    39
+        data1 0xc6, 0x7e, 0x9b, 0x28    //    40
+        data1 0xfa, 0x27, 0xa1, 0xea    //    41
+        data1 0x85, 0x30, 0xef, 0xd4    //    42
+        data1 0x05, 0x1d, 0x88, 0x04    //    43
+        data1 0x39, 0xd0, 0xd4, 0xd9    //    44
+        data1 0xe5, 0x99, 0xdb, 0xe6    //    45
+        data1 0xf8, 0x7c, 0xa2, 0x1f    //    46
+        data1 0x65, 0x56, 0xac, 0xc4    //    47
+        data1 0x44, 0x22, 0x29, 0xf4    //    48
+        data1 0x97, 0xff, 0x2a, 0x43    //    49
+        data1 0xa7, 0x23, 0x94, 0xab    //    50
+        data1 0x39, 0xa0, 0x93, 0xfc    //    51
+        data1 0xc3, 0x59, 0x5b, 0x65    //    52
+        data1 0x92, 0xcc, 0x0c, 0x8f    //    53
+        data1 0x7d, 0xf4, 0xef, 0xff    //    54
+        data1 0xd1, 0x5d, 0x84, 0x85    //    55
+        data1 0x4f, 0x7e, 0xa8, 0x6f    //    56
+        data1 0xe0, 0xe6, 0x2c, 0xfe    //    57
+        data1 0x14, 0x43, 0x01, 0xa3    //    58
+        data1 0xa1, 0x11, 0x08, 0x4e    //    59
+        data1 0x82, 0x7e, 0x53, 0xf7    //    60
+        data1 0x35, 0xf2, 0x3a, 0xbd    //    61
+        data1 0xbb, 0xd2, 0xd7, 0x2a    //    62
+        data1 0x91, 0xd3, 0x86, 0xeb    //    63
+.size   md5_constants#,64*4
diff --git a/src/lib/libcrypto/md5/asm/md5-x86_64.pl b/src/lib/libcrypto/md5/asm/md5-x86_64.pl
index 9a6fa67224..867885435e 100755
--- a/src/lib/libcrypto/md5/asm/md5-x86_64.pl
+++ b/src/lib/libcrypto/md5/asm/md5-x86_64.pl
@@ -15,7 +15,7 @@ my $code;
 #   dst = x + ((dst + F(x,y,z) + X[k] + T_i) <<< s)
 #   %r10d = X[k_next]
 #   %r11d = z' (copy of z for the next step)
-# Each round1_step() takes about 5.71 clocks (9 instructions, 1.58 IPC)
+# Each round1_step() takes about 5.3 clocks (9 instructions, 1.7 IPC)
 sub round1_step
 {
     my ($pos, $dst, $x, $y, $z, $k_next, $T_i, $s) = @_;
@@ -37,22 +37,26 @@ EOF
 # round2_step() does:
 #   dst = x + ((dst + G(x,y,z) + X[k] + T_i) <<< s)
 #   %r10d = X[k_next]
-#   %r11d = y' (copy of y for the next step)
-# Each round2_step() takes about 6.22 clocks (9 instructions, 1.45 IPC)
+#   %r11d = z' (copy of z for the next step)
+#   %r12d = z' (copy of z for the next step)
+# Each round2_step() takes about 5.4 clocks (11 instructions, 2.0 IPC)
 sub round2_step
 {
     my ($pos, $dst, $x, $y, $z, $k_next, $T_i, $s) = @_;
     $code .= " mov      1*4(%rsi),      %r10d           /* (NEXT STEP) X[1] */\n" if ($pos == -1);
-    $code .= " mov      %ecx,           %r11d           /* (NEXT STEP) y' = %ecx */\n" if ($pos == -1);
+    $code .= " mov      %edx,           %r11d           /* (NEXT STEP) z' = %edx */\n" if ($pos == -1);
+    $code .= " mov      %edx,           %r12d           /* (NEXT STEP) z' = %edx */\n" if ($pos == -1);
     $code .= <<EOF;
-        xor     $x,             %r11d           /* x ^ ... */
+        not     %r11d                           /* not z */
         lea     $T_i($dst,%r10d),$dst           /* Const + dst + ... */
-        and     $z,             %r11d           /* z & ... */
-        xor     $y,             %r11d           /* y ^ ... */
+        and     $x,             %r12d           /* x & z */
+        and     $y,             %r11d           /* y & (not z) */
         mov     $k_next*4(%rsi),%r10d           /* (NEXT STEP) X[$k_next] */
-        add     %r11d,          $dst            /* dst += ... */
+        or      %r11d,          %r12d           /* (y & (not z)) | (x & z) */
+        mov     $y,             %r11d           /* (NEXT STEP) z' = $y */
+        add     %r12d,          $dst            /* dst += ... */
+        mov     $y,             %r12d           /* (NEXT STEP) z' = $y */
         rol     \$$s,           $dst            /* dst <<< s */
-        mov     $x,             %r11d           /* (NEXT STEP) y' = $x */
         add     $x,             $dst            /* dst += x */
 EOF
 }
@@ -61,7 +65,7 @@ EOF
 #   dst = x + ((dst + H(x,y,z) + X[k] + T_i) <<< s)
 #   %r10d = X[k_next]
 #   %r11d = y' (copy of y for the next step)
-# Each round3_step() takes about 4.26 clocks (8 instructions, 1.88 IPC)
+# Each round3_step() takes about 4.2 clocks (8 instructions, 1.9 IPC)
 sub round3_step
 {
     my ($pos, $dst, $x, $y, $z, $k_next, $T_i, $s) = @_;
@@ -83,7 +87,7 @@ EOF
 #   dst = x + ((dst + I(x,y,z) + X[k] + T_i) <<< s)
 #   %r10d = X[k_next]
 #   %r11d = not z' (copy of not z for the next step)
-# Each round4_step() takes about 5.27 clocks (9 instructions, 1.71 IPC)
+# Each round4_step() takes about 5.2 clocks (9 instructions, 1.7 IPC)
 sub round4_step
 {
     my ($pos, $dst, $x, $y, $z, $k_next, $T_i, $s) = @_;
@@ -104,8 +108,19 @@ sub round4_step
 EOF
 }
 
-my $output = shift;
-open STDOUT,"| $^X ../perlasm/x86_64-xlate.pl $output";
+my $flavour = shift;
+my $output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+my $win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; my $dir=$1; my $xlate;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+no warnings qw(uninitialized);
+open STDOUT,"| $^X $xlate $flavour $output";
 
 $code .= <<EOF;
 .text
@@ -116,8 +131,10 @@ $code .= <<EOF;
 md5_block_asm_data_order:
         push    %rbp
         push    %rbx
+        push    %r12
         push    %r14
         push    %r15
+.Lprologue:
 
         # rdi = arg #1 (ctx, MD5_CTX pointer)
         # rsi = arg #2 (ptr, data pointer)
@@ -232,13 +249,120 @@ $code .= <<EOF;
         mov     %ecx,           2*4(%rbp)       # ctx->C = C
         mov     %edx,           3*4(%rbp)       # ctx->D = D
 
+        mov     (%rsp),%r15
+        mov     8(%rsp),%r14
+        mov     16(%rsp),%r12
+        mov     24(%rsp),%rbx
+        mov     32(%rsp),%rbp
+        add     \$40,%rsp
+.Lepilogue:
+        ret
+.size md5_block_asm_data_order,.-md5_block_asm_data_order
+EOF
+
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#               CONTEXT *context,DISPATCHER_CONTEXT *disp)
+if ($win64) {
+my $rec="%rcx";
+my $frame="%rdx";
+my $context="%r8";
+my $disp="%r9";
+
+$code.=<<___;
+.extern __imp_RtlVirtualUnwind
+.type   se_handler,\@abi-omnipotent
+.align  16
+se_handler:
+        push    %rsi
+        push    %rdi
+        push    %rbx
+        push    %rbp
+        push    %r12
+        push    %r13
+        push    %r14
+        push    %r15
+        pushfq
+        sub     \$64,%rsp
+
+        mov     120($context),%rax      # pull context->Rax
+        mov     248($context),%rbx      # pull context->Rip
+
+        lea     .Lprologue(%rip),%r10
+        cmp     %r10,%rbx               # context->Rip<.Lprologue
+        jb      .Lin_prologue
+
+        mov     152($context),%rax      # pull context->Rsp
+
+        lea     .Lepilogue(%rip),%r10
+        cmp     %r10,%rbx               # context->Rip>=.Lepilogue
+        jae     .Lin_prologue
+
+        lea     40(%rax),%rax
+
+        mov     -8(%rax),%rbp
+        mov     -16(%rax),%rbx
+        mov     -24(%rax),%r12
+        mov     -32(%rax),%r14
+        mov     -40(%rax),%r15
+        mov     %rbx,144($context)      # restore context->Rbx
+        mov     %rbp,160($context)      # restore context->Rbp
+        mov     %r12,216($context)      # restore context->R12
+        mov     %r14,232($context)      # restore context->R14
+        mov     %r15,240($context)      # restore context->R15
+
+.Lin_prologue:
+        mov     8(%rax),%rdi
+        mov     16(%rax),%rsi
+        mov     %rax,152($context)      # restore context->Rsp
+        mov     %rsi,168($context)      # restore context->Rsi
+        mov     %rdi,176($context)      # restore context->Rdi
+
+        mov     40($disp),%rdi          # disp->ContextRecord
+        mov     $context,%rsi           # context
+        mov     \$154,%ecx              # sizeof(CONTEXT)
+        .long   0xa548f3fc              # cld; rep movsq
+
+        mov     $disp,%rsi
+        xor     %rcx,%rcx               # arg1, UNW_FLAG_NHANDLER
+        mov     8(%rsi),%rdx            # arg2, disp->ImageBase
+        mov     0(%rsi),%r8             # arg3, disp->ControlPc
+        mov     16(%rsi),%r9            # arg4, disp->FunctionEntry
+        mov     40(%rsi),%r10           # disp->ContextRecord
+        lea     56(%rsi),%r11           # &disp->HandlerData
+        lea     24(%rsi),%r12           # &disp->EstablisherFrame
+        mov     %r10,32(%rsp)           # arg5
+        mov     %r11,40(%rsp)           # arg6
+        mov     %r12,48(%rsp)           # arg7
+        mov     %rcx,56(%rsp)           # arg8, (NULL)
+        call    *__imp_RtlVirtualUnwind(%rip)
+
+        mov     \$1,%eax                # ExceptionContinueSearch
+        add     \$64,%rsp
+        popfq
         pop     %r15
         pop     %r14
-        pop     %rbx
+        pop     %r13
+        pop     %r12
         pop     %rbp
+        pop     %rbx
+        pop     %rdi
+        pop     %rsi
         ret
-.size md5_block_asm_data_order,.-md5_block_asm_data_order
-EOF
+.size   se_handler,.-se_handler
+
+.section        .pdata
+.align  4
+        .rva    .LSEH_begin_md5_block_asm_data_order
+        .rva    .LSEH_end_md5_block_asm_data_order
+        .rva    .LSEH_info_md5_block_asm_data_order
+
+.section        .xdata
+.align  8
+.LSEH_info_md5_block_asm_data_order:
+        .byte   9,0,0,0
+        .rva    se_handler
+___
+}
 
 print $code;
 
diff --git a/src/lib/libcrypto/modes/cbc128.c b/src/lib/libcrypto/modes/cbc128.c
new file mode 100644
index 0000000000..8f8bd563b9
--- /dev/null
+++ b/src/lib/libcrypto/modes/cbc128.c
@@ -0,0 +1,206 @@
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#include "modes.h"
+#include <string.h>
+
+#ifndef MODES_DEBUG
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
+#endif
+#include <assert.h>
+
+#define STRICT_ALIGNMENT 1
+#if defined(__i386) || defined(__i386__) || \
+    defined(__x86_64) || defined(__x86_64__) || \
+    defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \
+    defined(__s390__) || defined(__s390x__)
+#  undef STRICT_ALIGNMENT
+#  define STRICT_ALIGNMENT 0
+#endif
+
+void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out,
+                        size_t len, const void *key,
+                        unsigned char ivec[16], block128_f block)
+{
+        size_t n;
+        const unsigned char *iv = ivec;
+
+        assert(in && out && key && ivec);
+
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+        if (STRICT_ALIGNMENT &&
+            ((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0) {
+                while (len>=16) {
+                        for(n=0; n<16; ++n)
+                                out[n] = in[n] ^ iv[n];
+                        (*block)(out, out, key);
+                        iv = out;
+                        len -= 16;
+                        in  += 16;
+                        out += 16;
+                }
+        } else {
+                while (len>=16) {
+                        for(n=0; n<16; n+=sizeof(size_t))
+                                *(size_t*)(out+n) =
+                                *(size_t*)(in+n) ^ *(size_t*)(iv+n);
+                        (*block)(out, out, key);
+                        iv = out;
+                        len -= 16;
+                        in  += 16;
+                        out += 16;
+                }
+        }
+#endif
+        while (len) {
+                for(n=0; n<16 && n<len; ++n)
+                        out[n] = in[n] ^ iv[n];
+                for(; n<16; ++n)
+                        out[n] = iv[n];
+                (*block)(out, out, key);
+                iv = out;
+                if (len<=16) break;
+                len -= 16;
+                in  += 16;
+                out += 16;
+        }
+        memcpy(ivec,iv,16);
+}
+
+void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out,
+                        size_t len, const void *key,
+                        unsigned char ivec[16], block128_f block)
+{
+        size_t n;
+        union { size_t align; unsigned char c[16]; } tmp;
+
+        assert(in && out && key && ivec);
+
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+        if (in != out) {
+                const unsigned char *iv = ivec;
+
+                if (STRICT_ALIGNMENT &&
+                    ((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0) {
+                        while (len>=16) {
+                                (*block)(in, out, key);
+                                for(n=0; n<16; ++n)
+                                        out[n] ^= iv[n];
+                                iv = in;
+                                len -= 16;
+                                in  += 16;
+                                out += 16;
+                        }
+                }
+                else {
+                        while (len>=16) {
+                                (*block)(in, out, key);
+                                for(n=0; n<16; n+=sizeof(size_t))
+                                        *(size_t *)(out+n) ^= *(size_t *)(iv+n);
+                                iv = in;
+                                len -= 16;
+                                in  += 16;
+                                out += 16;
+                        }
+                }
+                memcpy(ivec,iv,16);
+        } else {
+                if (STRICT_ALIGNMENT &&
+                    ((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0) {
+                        unsigned char c;
+                        while (len>=16) {
+                                (*block)(in, tmp.c, key);
+                                for(n=0; n<16; ++n) {
+                                        c = in[n];
+                                        out[n] = tmp.c[n] ^ ivec[n];
+                                        ivec[n] = c;
+                                }
+                                len -= 16;
+                                in  += 16;
+                                out += 16;
+                        }
+                }
+                else {
+                        size_t c;
+                        while (len>=16) {
+                                (*block)(in, tmp.c, key);
+                                for(n=0; n<16; n+=sizeof(size_t)) {
+                                        c = *(size_t *)(in+n);
+                                        *(size_t *)(out+n) =
+                                        *(size_t *)(tmp.c+n) ^ *(size_t *)(ivec+n);
+                                        *(size_t *)(ivec+n) = c;
+                                }
+                                len -= 16;
+                                in  += 16;
+                                out += 16;
+                        }
+                }
+        }
+#endif
+        while (len) {
+                unsigned char c;
+                (*block)(in, tmp.c, key);
+                for(n=0; n<16 && n<len; ++n) {
+                        c = in[n];
+                        out[n] = tmp.c[n] ^ ivec[n];
+                        ivec[n] = c;
+                }
+                if (len<=16) {
+                        for (; n<16; ++n)
+                                ivec[n] = in[n];
+                        break;
+                }
+                len -= 16;
+                in  += 16;
+                out += 16;
+        }
+}
diff --git a/src/lib/libcrypto/modes/cfb128.c b/src/lib/libcrypto/modes/cfb128.c
new file mode 100644
index 0000000000..e5938c6137
--- /dev/null
+++ b/src/lib/libcrypto/modes/cfb128.c
@@ -0,0 +1,249 @@
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#include "modes.h"
+#include <string.h>
+
+#ifndef MODES_DEBUG
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
+#endif
+#include <assert.h>
+
+#define STRICT_ALIGNMENT
+#if defined(__i386) || defined(__i386__) || \
+    defined(__x86_64) || defined(__x86_64__) || \
+    defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \
+    defined(__s390__) || defined(__s390x__)
+#  undef STRICT_ALIGNMENT
+#endif
+
+/* The input and output encrypted as though 128bit cfb mode is being
+ * used.  The extra state information to record how much of the
+ * 128bit block we have used is contained in *num;
+ */
+void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+                        size_t len, const void *key,
+                        unsigned char ivec[16], int *num,
+                        int enc, block128_f block)
+{
+    unsigned int n;
+    size_t l = 0;
+
+    assert(in && out && key && ivec && num);
+
+    n = *num;
+
+    if (enc) {
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+        if (16%sizeof(size_t) == 0) do {        /* always true actually */
+                while (n && len) {
+                        *(out++) = ivec[n] ^= *(in++);
+                        --len;
+                        n = (n+1) % 16;
+                }
+#if defined(STRICT_ALIGNMENT)
+                if (((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0)
+                        break;
+#endif
+                while (len>=16) {
+                        (*block)(ivec, ivec, key);
+                        for (; n<16; n+=sizeof(size_t)) {
+                                *(size_t*)(out+n) =
+                                *(size_t*)(ivec+n) ^= *(size_t*)(in+n);
+                        }
+                        len -= 16;
+                        out += 16;
+                        in  += 16;
+                        n = 0;
+                }
+                if (len) {
+                        (*block)(ivec, ivec, key);
+                        while (len--) {
+                                out[n] = ivec[n] ^= in[n];
+                                ++n;
+                        }
+                }
+                *num = n;
+                return;
+        } while (0);
+        /* the rest would be commonly eliminated by x86* compiler */
+#endif
+        while (l<len) {
+                if (n == 0) {
+                        (*block)(ivec, ivec, key);
+                }
+                out[l] = ivec[n] ^= in[l];
+                ++l;
+                n = (n+1) % 16;
+        }
+        *num = n;
+    } else {
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+        if (16%sizeof(size_t) == 0) do {        /* always true actually */
+                while (n && len) {
+                        unsigned char c;
+                        *(out++) = ivec[n] ^ (c = *(in++)); ivec[n] = c;
+                        --len;
+                        n = (n+1) % 16;
+                }
+#if defined(STRICT_ALIGNMENT)
+                if (((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0)
+                        break;
+#endif
+                while (len>=16) {
+                        (*block)(ivec, ivec, key);
+                        for (; n<16; n+=sizeof(size_t)) {
+                                size_t t = *(size_t*)(in+n);
+                                *(size_t*)(out+n) = *(size_t*)(ivec+n) ^ t;
+                                *(size_t*)(ivec+n) = t;
+                        }
+                        len -= 16;
+                        out += 16;
+                        in  += 16;
+                        n = 0;
+                }
+                if (len) {
+                        (*block)(ivec, ivec, key);
+                        while (len--) {
+                                unsigned char c;
+                                out[n] = ivec[n] ^ (c = in[n]); ivec[n] = c;
+                                ++n;
+                        }
+                }
+                *num = n;
+                return;
+        } while (0);
+        /* the rest would be commonly eliminated by x86* compiler */
+#endif
+        while (l<len) {
+                unsigned char c;
+                if (n == 0) {
+                        (*block)(ivec, ivec, key);
+                }
+                out[l] = ivec[n] ^ (c = in[l]); ivec[n] = c;
+                ++l;
+                n = (n+1) % 16;
+        }
+        *num=n;
+    }
+}
+
+/* This expects a single block of size nbits for both in and out. Note that
+   it corrupts any extra bits in the last byte of out */
+static void cfbr_encrypt_block(const unsigned char *in,unsigned char *out,
+                            int nbits,const void *key,
+                            unsigned char ivec[16],int enc,
+                            block128_f block)
+{
+    int n,rem,num;
+    unsigned char ovec[16*2 + 1];  /* +1 because we dererefence (but don't use) one byte off the end */
+
+    if (nbits<=0 || nbits>128) return;
+
+        /* fill in the first half of the new IV with the current IV */
+        memcpy(ovec,ivec,16);
+        /* construct the new IV */
+        (*block)(ivec,ivec,key);
+        num = (nbits+7)/8;
+        if (enc)        /* encrypt the input */
+            for(n=0 ; n < num ; ++n)
+                out[n] = (ovec[16+n] = in[n] ^ ivec[n]);
+        else            /* decrypt the input */
+            for(n=0 ; n < num ; ++n)
+                out[n] = (ovec[16+n] = in[n]) ^ ivec[n];
+        /* shift ovec left... */
+        rem = nbits%8;
+        num = nbits/8;
+        if(rem==0)
+            memcpy(ivec,ovec+num,16);
+        else
+            for(n=0 ; n < 16 ; ++n)
+                ivec[n] = ovec[n+num]<<rem | ovec[n+num+1]>>(8-rem);
+
+    /* it is not necessary to cleanse ovec, since the IV is not secret */
+}
+
+/* N.B. This expects the input to be packed, MS bit first */
+void CRYPTO_cfb128_1_encrypt(const unsigned char *in, unsigned char *out,
+                        size_t bits, const void *key,
+                        unsigned char ivec[16], int *num,
+                        int enc, block128_f block)
+{
+    size_t n;
+    unsigned char c[1],d[1];
+
+    assert(in && out && key && ivec && num);
+    assert(*num == 0);
+
+    for(n=0 ; n<bits ; ++n)
+        {
+        c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;
+        cfbr_encrypt_block(c,d,1,key,ivec,enc,block);
+        out[n/8]=(out[n/8]&~(1 << (unsigned int)(7-n%8))) |
+                 ((d[0]&0x80) >> (unsigned int)(n%8));
+        }
+}
+
+void CRYPTO_cfb128_8_encrypt(const unsigned char *in, unsigned char *out,
+                        size_t length, const void *key,
+                        unsigned char ivec[16], int *num,
+                        int enc, block128_f block)
+{
+    size_t n;
+
+    assert(in && out && key && ivec && num);
+    assert(*num == 0);
+
+    for(n=0 ; n<length ; ++n)
+        cfbr_encrypt_block(&in[n],&out[n],8,key,ivec,enc,block);
+}
+
diff --git a/src/lib/libcrypto/modes/ctr128.c b/src/lib/libcrypto/modes/ctr128.c
new file mode 100644
index 0000000000..932037f551
--- /dev/null
+++ b/src/lib/libcrypto/modes/ctr128.c
@@ -0,0 +1,184 @@
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#include "modes.h"
+#include <string.h>
+
+#ifndef MODES_DEBUG
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
+#endif
+#include <assert.h>
+
+typedef unsigned int u32;
+typedef unsigned char u8;
+
+#define STRICT_ALIGNMENT
+#if defined(__i386)     || defined(__i386__)    || \
+    defined(__x86_64)   || defined(__x86_64__)  || \
+    defined(_M_IX86)    || defined(_M_AMD64)    || defined(_M_X64) || \
+    defined(__s390__)   || defined(__s390x__)
+#  undef STRICT_ALIGNMENT
+#endif
+
+/* NOTE: the IV/counter CTR mode is big-endian.  The code itself
+ * is endian-neutral. */
+
+/* increment counter (128-bit int) by 1 */
+static void ctr128_inc(unsigned char *counter) {
+        u32 n=16;
+        u8  c;
+
+        do {
+                --n;
+                c = counter[n];
+                ++c;
+                counter[n] = c;
+                if (c) return;
+        } while (n);
+}
+
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+static void ctr128_inc_aligned(unsigned char *counter) {
+        size_t *data,c,n;
+        const union { long one; char little; } is_endian = {1};
+
+        if (is_endian.little) {
+                ctr128_inc(counter);
+                return;
+        }
+
+        data = (size_t *)counter;
+        n = 16/sizeof(size_t);
+        do {
+                --n;
+                c = data[n];
+                ++c;
+                data[n] = c;
+                if (c) return;
+        } while (n);
+}
+#endif
+
+/* The input encrypted as though 128bit counter mode is being
+ * used.  The extra state information to record how much of the
+ * 128bit block we have used is contained in *num, and the
+ * encrypted counter is kept in ecount_buf.  Both *num and
+ * ecount_buf must be initialised with zeros before the first
+ * call to CRYPTO_ctr128_encrypt().
+ *
+ * This algorithm assumes that the counter is in the x lower bits
+ * of the IV (ivec), and that the application has full control over
+ * overflow and the rest of the IV.  This implementation takes NO
+ * responsability for checking that the counter doesn't overflow
+ * into the rest of the IV when incremented.
+ */
+void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out,
+                        size_t len, const void *key,
+                        unsigned char ivec[16], unsigned char ecount_buf[16],
+                        unsigned int *num, block128_f block)
+{
+        unsigned int n;
+        size_t l=0;
+
+        assert(in && out && key && ecount_buf && num);
+        assert(*num < 16);
+
+        n = *num;
+
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+        if (16%sizeof(size_t) == 0) do { /* always true actually */
+                while (n && len) {
+                        *(out++) = *(in++) ^ ecount_buf[n];
+                        --len;
+                        n = (n+1) % 16;
+                }
+
+#if defined(STRICT_ALIGNMENT)
+                if (((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0)
+                        break;
+#endif
+                while (len>=16) {
+                        (*block)(ivec, ecount_buf, key);
+                        ctr128_inc_aligned(ivec);
+                        for (; n<16; n+=sizeof(size_t))
+                                *(size_t *)(out+n) =
+                                *(size_t *)(in+n) ^ *(size_t *)(ecount_buf+n);
+                        len -= 16;
+                        out += 16;
+                        in  += 16;
+                        n = 0;
+                }
+                if (len) {
+                        (*block)(ivec, ecount_buf, key);
+                        ctr128_inc_aligned(ivec);
+                        while (len--) {
+                                out[n] = in[n] ^ ecount_buf[n];
+                                ++n;
+                        }
+                }
+                *num = n;
+                return;
+        } while(0);
+        /* the rest would be commonly eliminated by x86* compiler */
+#endif
+        while (l<len) {
+                if (n==0) {
+                        (*block)(ivec, ecount_buf, key);
+                        ctr128_inc(ivec);
+                }
+                out[l] = in[l] ^ ecount_buf[n];
+                ++l;
+                n = (n+1) % 16;
+        }
+
+        *num=n;
+}
diff --git a/src/lib/libcrypto/modes/cts128.c b/src/lib/libcrypto/modes/cts128.c
new file mode 100644
index 0000000000..e0430f9fdc
--- /dev/null
+++ b/src/lib/libcrypto/modes/cts128.c
@@ -0,0 +1,259 @@
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
+ *
+ * Rights for redistribution and usage in source and binary
+ * forms are granted according to the OpenSSL license.
+ */
+
+#include "modes.h"
+#include <string.h>
+
+#ifndef MODES_DEBUG
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
+#endif
+#include <assert.h>
+
+/*
+ * Trouble with Ciphertext Stealing, CTS, mode is that there is no
+ * common official specification, but couple of cipher/application
+ * specific ones: RFC2040 and RFC3962. Then there is 'Proposal to
+ * Extend CBC Mode By "Ciphertext Stealing"' at NIST site, which
+ * deviates from mentioned RFCs. Most notably it allows input to be
+ * of block length and it doesn't flip the order of the last two
+ * blocks. CTS is being discussed even in ECB context, but it's not
+ * adopted for any known application. This implementation complies
+ * with mentioned RFCs and [as such] extends CBC mode.
+ */
+
+size_t CRYPTO_cts128_encrypt_block(const unsigned char *in, unsigned char *out,
+                        size_t len, const void *key,
+                        unsigned char ivec[16], block128_f block)
+{       size_t residue, n;
+
+        assert (in && out && key && ivec);
+
+        if (len <= 16) return 0;
+
+        if ((residue=len%16) == 0) residue = 16;
+
+        len -= residue;
+
+        CRYPTO_cbc128_encrypt(in,out,len,key,ivec,block);
+
+        in  += len;
+        out += len;
+
+        for (n=0; n<residue; ++n)
+                ivec[n] ^= in[n];
+        (*block)(ivec,ivec,key);
+        memcpy(out,out-16,residue);
+        memcpy(out-16,ivec,16); 
+
+        return len+residue;
+}
+
+size_t CRYPTO_cts128_encrypt(const unsigned char *in, unsigned char *out,
+                        size_t len, const void *key,
+                        unsigned char ivec[16], cbc128_f cbc)
+{       size_t residue;
+        union { size_t align; unsigned char c[16]; } tmp;
+
+        assert (in && out && key && ivec);
+
+        if (len <= 16) return 0;
+
+        if ((residue=len%16) == 0) residue = 16;
+
+        len -= residue;
+
+        (*cbc)(in,out,len,key,ivec,1);
+
+        in  += len;
+        out += len;
+
+#if defined(CBC_HANDLES_TRUNCATED_IO)
+        memcpy(tmp.c,out-16,16);
+        (*cbc)(in,out-16,residue,key,ivec,1);
+        memcpy(out,tmp.c,residue);
+#else
+        {
+        size_t n;
+        for (n=0; n<16; n+=sizeof(size_t))
+                *(size_t *)(tmp.c+n) = 0;
+        memcpy(tmp.c,in,residue);
+        }
+        memcpy(out,out-16,residue);
+        (*cbc)(tmp.c,out-16,16,key,ivec,1);
+#endif
+        return len+residue;
+}
+
+size_t CRYPTO_cts128_decrypt_block(const unsigned char *in, unsigned char *out,
+                        size_t len, const void *key,
+                        unsigned char ivec[16], block128_f block)
+{       size_t residue, n;
+        union { size_t align; unsigned char c[32]; } tmp;
+
+        assert (in && out && key && ivec);
+
+        if (len<=16) return 0;
+
+        if ((residue=len%16) == 0) residue = 16;
+
+        len -= 16+residue;
+
+        if (len) {
+                CRYPTO_cbc128_decrypt(in,out,len,key,ivec,block);
+                in  += len;
+                out += len;
+        }
+
+        (*block)(in,tmp.c+16,key);
+
+        for (n=0; n<16; n+=sizeof(size_t))
+                *(size_t *)(tmp.c+n) = *(size_t *)(tmp.c+16+n);
+        memcpy(tmp.c,in+16,residue);
+        (*block)(tmp.c,tmp.c,key);
+
+        for(n=0; n<16; ++n) {
+                unsigned char c = in[n];
+                out[n] = tmp.c[n] ^ ivec[n];
+                ivec[n] = c;
+        }
+        for(residue+=16; n<residue; ++n)
+                out[n] = tmp.c[n] ^ in[n];
+
+        return len+residue-16;
+}
+
+size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out,
+                        size_t len, const void *key,
+                        unsigned char ivec[16], cbc128_f cbc)
+{       size_t residue, n;
+        union { size_t align; unsigned char c[32]; } tmp;
+
+        assert (in && out && key && ivec);
+
+        if (len<=16) return 0;
+
+        if ((residue=len%16) == 0) residue = 16;
+
+        len -= 16+residue;
+
+        if (len) {
+                (*cbc)(in,out,len,key,ivec,0);
+                in  += len;
+                out += len;
+        }
+
+        for (n=16; n<32; n+=sizeof(size_t))
+                *(size_t *)(tmp.c+n) = 0;
+        /* this places in[16] at &tmp.c[16] and decrypted block at &tmp.c[0] */
+        (*cbc)(in,tmp.c,16,key,tmp.c+16,0);
+
+        memcpy(tmp.c,in+16,residue);
+#if defined(CBC_HANDLES_TRUNCATED_IO)
+        (*cbc)(tmp.c,out,16+residue,key,ivec,0);
+#else
+        (*cbc)(tmp.c,tmp.c,32,key,ivec,0);
+        memcpy(out,tmp.c,16+residue);
+#endif
+        return len+residue;
+}
+
+#if defined(SELFTEST)
+#include <stdio.h>
+#include <openssl/aes.h>
+
+/* test vectors from RFC 3962 */
+static const unsigned char test_key[16] = "chicken teriyaki";
+static const unsigned char test_input[64] =
+                "I would like the" " General Gau's C"
+                "hicken, please, " "and wonton soup.";
+static const unsigned char test_iv[16] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
+
+static const unsigned char vector_17[17] =
+{0xc6,0x35,0x35,0x68,0xf2,0xbf,0x8c,0xb4, 0xd8,0xa5,0x80,0x36,0x2d,0xa7,0xff,0x7f,
+ 0x97};
+static const unsigned char vector_31[31] =
+{0xfc,0x00,0x78,0x3e,0x0e,0xfd,0xb2,0xc1, 0xd4,0x45,0xd4,0xc8,0xef,0xf7,0xed,0x22,
+ 0x97,0x68,0x72,0x68,0xd6,0xec,0xcc,0xc0, 0xc0,0x7b,0x25,0xe2,0x5e,0xcf,0xe5};
+static const unsigned char vector_32[32] =
+{0x39,0x31,0x25,0x23,0xa7,0x86,0x62,0xd5, 0xbe,0x7f,0xcb,0xcc,0x98,0xeb,0xf5,0xa8,
+ 0x97,0x68,0x72,0x68,0xd6,0xec,0xcc,0xc0, 0xc0,0x7b,0x25,0xe2,0x5e,0xcf,0xe5,0x84};
+static const unsigned char vector_47[47] =
+{0x97,0x68,0x72,0x68,0xd6,0xec,0xcc,0xc0, 0xc0,0x7b,0x25,0xe2,0x5e,0xcf,0xe5,0x84,
+ 0xb3,0xff,0xfd,0x94,0x0c,0x16,0xa1,0x8c, 0x1b,0x55,0x49,0xd2,0xf8,0x38,0x02,0x9e,
+ 0x39,0x31,0x25,0x23,0xa7,0x86,0x62,0xd5, 0xbe,0x7f,0xcb,0xcc,0x98,0xeb,0xf5};
+static const unsigned char vector_48[48] =
+{0x97,0x68,0x72,0x68,0xd6,0xec,0xcc,0xc0, 0xc0,0x7b,0x25,0xe2,0x5e,0xcf,0xe5,0x84,
+ 0x9d,0xad,0x8b,0xbb,0x96,0xc4,0xcd,0xc0, 0x3b,0xc1,0x03,0xe1,0xa1,0x94,0xbb,0xd8,
+ 0x39,0x31,0x25,0x23,0xa7,0x86,0x62,0xd5, 0xbe,0x7f,0xcb,0xcc,0x98,0xeb,0xf5,0xa8};
+static const unsigned char vector_64[64] =
+{0x97,0x68,0x72,0x68,0xd6,0xec,0xcc,0xc0, 0xc0,0x7b,0x25,0xe2,0x5e,0xcf,0xe5,0x84,
+ 0x39,0x31,0x25,0x23,0xa7,0x86,0x62,0xd5, 0xbe,0x7f,0xcb,0xcc,0x98,0xeb,0xf5,0xa8,
+ 0x48,0x07,0xef,0xe8,0x36,0xee,0x89,0xa5, 0x26,0x73,0x0d,0xbc,0x2f,0x7b,0xc8,0x40,
+ 0x9d,0xad,0x8b,0xbb,0x96,0xc4,0xcd,0xc0, 0x3b,0xc1,0x03,0xe1,0xa1,0x94,0xbb,0xd8};
+
+static AES_KEY encks, decks;
+
+void test_vector(const unsigned char *vector,size_t len)
+{       unsigned char cleartext[64];
+        unsigned char iv[sizeof(test_iv)];
+        unsigned char ciphertext[64];
+        size_t tail;
+
+        printf("vector_%d\n",len); fflush(stdout);
+
+        if ((tail=len%16) == 0) tail = 16;
+        tail += 16;
+
+        /* test block-based encryption */
+        memcpy(iv,test_iv,sizeof(test_iv));
+        CRYPTO_cts128_encrypt_block(test_input,ciphertext,len,&encks,iv,(block128_f)AES_encrypt);
+        if (memcmp(ciphertext,vector,len))
+                fprintf(stderr,"output_%d mismatch\n",len), exit(1);
+        if (memcmp(iv,vector+len-tail,sizeof(iv)))
+                fprintf(stderr,"iv_%d mismatch\n",len), exit(1);
+
+        /* test block-based decryption */
+        memcpy(iv,test_iv,sizeof(test_iv));
+        CRYPTO_cts128_decrypt_block(ciphertext,cleartext,len,&decks,iv,(block128_f)AES_decrypt);
+        if (memcmp(cleartext,test_input,len))
+                fprintf(stderr,"input_%d mismatch\n",len), exit(2);
+        if (memcmp(iv,vector+len-tail,sizeof(iv)))
+                fprintf(stderr,"iv_%d mismatch\n",len), exit(2);
+
+        /* test streamed encryption */
+        memcpy(iv,test_iv,sizeof(test_iv));
+        CRYPTO_cts128_encrypt(test_input,ciphertext,len,&encks,iv,(cbc128_f)AES_cbc_encrypt);
+        if (memcmp(ciphertext,vector,len))
+                fprintf(stderr,"output_%d mismatch\n",len), exit(3);
+        if (memcmp(iv,vector+len-tail,sizeof(iv)))
+                fprintf(stderr,"iv_%d mismatch\n",len), exit(3);
+
+        /* test streamed decryption */
+        memcpy(iv,test_iv,sizeof(test_iv));
+        CRYPTO_cts128_decrypt(ciphertext,cleartext,len,&decks,iv,(cbc128_f)AES_cbc_encrypt);
+        if (memcmp(cleartext,test_input,len))
+                fprintf(stderr,"input_%d mismatch\n",len), exit(4);
+        if (memcmp(iv,vector+len-tail,sizeof(iv)))
+                fprintf(stderr,"iv_%d mismatch\n",len), exit(4);
+}
+
+main()
+{
+        AES_set_encrypt_key(test_key,128,&encks);
+        AES_set_decrypt_key(test_key,128,&decks);
+
+        test_vector(vector_17,sizeof(vector_17));
+        test_vector(vector_31,sizeof(vector_31));
+        test_vector(vector_32,sizeof(vector_32));
+        test_vector(vector_47,sizeof(vector_47));
+        test_vector(vector_48,sizeof(vector_48));
+        test_vector(vector_64,sizeof(vector_64));
+        exit(0);
+}
+#endif
diff --git a/src/lib/libcrypto/modes/modes.h b/src/lib/libcrypto/modes/modes.h
new file mode 100644
index 0000000000..af8d97d795
--- /dev/null
+++ b/src/lib/libcrypto/modes/modes.h
@@ -0,0 +1,59 @@
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
+ *
+ * Rights for redistribution and usage in source and binary
+ * forms are granted according to the OpenSSL license.
+ */
+
+#include <stddef.h>
+
+typedef void (*block128_f)(const unsigned char in[16],
+                        unsigned char out[16],
+                        const void *key);
+
+typedef void (*cbc128_f)(const unsigned char *in, unsigned char *out,
+                        size_t len, const void *key,
+                        unsigned char ivec[16], int enc);
+
+void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out,
+                        size_t len, const void *key,
+                        unsigned char ivec[16], block128_f block);
+void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out,
+                        size_t len, const void *key,
+                        unsigned char ivec[16], block128_f block);
+
+void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out,
+                        size_t len, const void *key,
+                        unsigned char ivec[16], unsigned char ecount_buf[16],
+                        unsigned int *num, block128_f block);
+
+void CRYPTO_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+                        size_t len, const void *key,
+                        unsigned char ivec[16], int *num,
+                        block128_f block);
+
+void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+                        size_t len, const void *key,
+                        unsigned char ivec[16], int *num,
+                        int enc, block128_f block);
+void CRYPTO_cfb128_8_encrypt(const unsigned char *in, unsigned char *out,
+                        size_t length, const void *key,
+                        unsigned char ivec[16], int *num,
+                        int enc, block128_f block);
+void CRYPTO_cfb128_1_encrypt(const unsigned char *in, unsigned char *out,
+                        size_t bits, const void *key,
+                        unsigned char ivec[16], int *num,
+                        int enc, block128_f block);
+
+size_t CRYPTO_cts128_encrypt_block(const unsigned char *in, unsigned char *out,
+                        size_t len, const void *key,
+                        unsigned char ivec[16], block128_f block);
+size_t CRYPTO_cts128_encrypt(const unsigned char *in, unsigned char *out,
+                        size_t len, const void *key,
+                        unsigned char ivec[16], cbc128_f cbc);
+size_t CRYPTO_cts128_decrypt_block(const unsigned char *in, unsigned char *out,
+                        size_t len, const void *key,
+                        unsigned char ivec[16], block128_f block);
+size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out,
+                        size_t len, const void *key,
+                        unsigned char ivec[16], cbc128_f cbc);
diff --git a/src/lib/libcrypto/modes/ofb128.c b/src/lib/libcrypto/modes/ofb128.c
new file mode 100644
index 0000000000..c732e2ec58
--- /dev/null
+++ b/src/lib/libcrypto/modes/ofb128.c
@@ -0,0 +1,128 @@
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#include "modes.h"
+#include <string.h>
+
+#ifndef MODES_DEBUG
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
+#endif
+#include <assert.h>
+
+#define STRICT_ALIGNMENT
+#if defined(__i386) || defined(__i386__) || \
+    defined(__x86_64) || defined(__x86_64__) || \
+    defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \
+    defined(__s390__) || defined(__s390x__)
+#  undef STRICT_ALIGNMENT
+#endif
+
+/* The input and output encrypted as though 128bit ofb mode is being
+ * used.  The extra state information to record how much of the
+ * 128bit block we have used is contained in *num;
+ */
+void CRYPTO_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+                        size_t len, const void *key,
+                        unsigned char ivec[16], int *num,
+                        block128_f block)
+{
+        unsigned int n;
+        size_t l=0;
+
+        assert(in && out && key && ivec && num);
+
+        n = *num;
+
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+        if (16%sizeof(size_t) == 0) do { /* always true actually */
+                while (n && len) {
+                        *(out++) = *(in++) ^ ivec[n];
+                        --len;
+                        n = (n+1) % 16;
+                }
+#if defined(STRICT_ALIGNMENT)
+                if (((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0)
+                        break;
+#endif
+                while (len>=16) {
+                        (*block)(ivec, ivec, key);
+                        for (; n<16; n+=sizeof(size_t))
+                                *(size_t*)(out+n) =
+                                *(size_t*)(in+n) ^ *(size_t*)(ivec+n);
+                        len -= 16;
+                        out += 16;
+                        in  += 16;
+                        n = 0;
+                }
+                if (len) {
+                        (*block)(ivec, ivec, key);
+                        while (len--) {
+                                out[n] = in[n] ^ ivec[n];
+                                ++n;
+                        }
+                }
+                *num = n;
+                return;
+        } while(0);
+        /* the rest would be commonly eliminated by x86* compiler */
+#endif
+        while (l<len) {
+                if (n==0) {
+                        (*block)(ivec, ivec, key);
+                }
+                out[l] = in[l] ^ ivec[n];
+                ++l;
+                n = (n+1) % 16;
+        }
+
+        *num=n;
+}
diff --git a/src/lib/libcrypto/o_str.c b/src/lib/libcrypto/o_str.c
index 59cc25094b..56104a6c34 100644
--- a/src/lib/libcrypto/o_str.c
+++ b/src/lib/libcrypto/o_str.c
@@ -60,7 +60,9 @@
 #include <e_os.h>
 #include "o_str.h"
 
-#if !defined(OPENSSL_IMPLEMENTS_strncasecmp) && !defined(OPENSSL_SYSNAME_WIN32)
+#if !defined(OPENSSL_IMPLEMENTS_strncasecmp) && \
+    !defined(OPENSSL_SYSNAME_WIN32) && \
+    !defined(NETWARE_CLIB)
 # include <strings.h>
 #endif
 
diff --git a/src/lib/libcrypto/objects/obj_xref.c b/src/lib/libcrypto/objects/obj_xref.c
new file mode 100644
index 0000000000..152eca5c67
--- /dev/null
+++ b/src/lib/libcrypto/objects/obj_xref.c
@@ -0,0 +1,231 @@
+/* crypto/objects/obj_xref.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2006.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/objects.h>
+#include "obj_xref.h"
+
+DECLARE_STACK_OF(nid_triple)
+STACK_OF(nid_triple) *sig_app, *sigx_app;
+
+static int sig_cmp(const nid_triple *a, const nid_triple *b)
+        {
+        return a->sign_id - b->sign_id;
+        }
+
+DECLARE_OBJ_BSEARCH_CMP_FN(nid_triple, nid_triple, sig);
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(nid_triple, nid_triple, sig);
+
+static int sig_sk_cmp(const nid_triple * const *a, const nid_triple * const *b)
+        {
+        return (*a)->sign_id - (*b)->sign_id;
+        }
+
+DECLARE_OBJ_BSEARCH_CMP_FN(const nid_triple *, const nid_triple *, sigx);
+
+static int sigx_cmp(const nid_triple * const *a, const nid_triple * const *b)
+        {
+        int ret;
+        ret = (*a)->hash_id - (*b)->hash_id;
+        if (ret)
+                return ret;
+        return (*a)->pkey_id - (*b)->pkey_id;
+        }
+
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(const nid_triple *, const nid_triple *, sigx);
+
+int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid)
+        {
+        nid_triple tmp;
+        const nid_triple *rv = NULL;
+        tmp.sign_id = signid;
+
+        if (sig_app)
+                {
+                int idx = sk_nid_triple_find(sig_app, &tmp);
+                if (idx >= 0)
+                        rv = sk_nid_triple_value(sig_app, idx);
+                }
+
+#ifndef OBJ_XREF_TEST2
+        if (rv == NULL)
+                {
+                rv = OBJ_bsearch_sig(&tmp, sigoid_srt,
+                                 sizeof(sigoid_srt) / sizeof(nid_triple));
+                }
+#endif
+        if (rv == NULL)
+                return 0;
+        *pdig_nid = rv->hash_id;
+        *ppkey_nid = rv->pkey_id;
+        return 1;
+        }
+
+int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid)
+        {
+        nid_triple tmp;
+        const nid_triple *t=&tmp;
+        const nid_triple **rv = NULL;
+
+        tmp.hash_id = dig_nid;
+        tmp.pkey_id = pkey_nid;
+
+        if (sigx_app)
+                {
+                int idx = sk_nid_triple_find(sigx_app, &tmp);
+                if (idx >= 0)
+                        {
+                        t = sk_nid_triple_value(sigx_app, idx);
+                        rv = &t;
+                        }
+                }
+
+#ifndef OBJ_XREF_TEST2
+        if (rv == NULL)
+                {
+                rv = OBJ_bsearch_sigx(&t, sigoid_srt_xref,
+                                 sizeof(sigoid_srt_xref) / sizeof(nid_triple *)
+                                 );
+                }
+#endif
+        if (rv == NULL)
+                return 0;
+        *psignid = (*rv)->sign_id;
+        return 1;
+        }
+
+int OBJ_add_sigid(int signid, int dig_id, int pkey_id)
+        {
+        nid_triple *ntr;
+        if (!sig_app)
+                sig_app = sk_nid_triple_new(sig_sk_cmp);
+        if (!sig_app)
+                return 0;
+        if (!sigx_app)
+                sigx_app = sk_nid_triple_new(sigx_cmp);
+        if (!sigx_app)
+                return 0;
+        ntr = OPENSSL_malloc(sizeof(int) * 3);
+        if (!ntr)
+                return 0;
+        ntr->sign_id = signid;
+        ntr->hash_id = dig_id;
+        ntr->pkey_id = pkey_id;
+
+        if (!sk_nid_triple_push(sig_app, ntr))
+                {
+                OPENSSL_free(ntr);
+                return 0;
+                }
+
+        if (!sk_nid_triple_push(sigx_app, ntr))
+                return 0;
+
+        sk_nid_triple_sort(sig_app);
+        sk_nid_triple_sort(sigx_app);
+
+        return 1;
+        }
+
+static void sid_free(nid_triple *tt)
+        {
+        OPENSSL_free(tt);
+        }
+
+void OBJ_sigid_free(void)
+        {
+        if (sig_app)
+                {
+                sk_nid_triple_pop_free(sig_app, sid_free);
+                sig_app = NULL;
+                }
+        if (sigx_app)
+                {
+                sk_nid_triple_free(sigx_app);
+                sigx_app = NULL;
+                }
+        }
+                
+#ifdef OBJ_XREF_TEST
+
+main()
+        {
+        int n1, n2, n3;
+
+        int i, rv;
+#ifdef OBJ_XREF_TEST2
+        for (i = 0; i < sizeof(sigoid_srt) / sizeof(nid_triple); i++)
+                {
+                OBJ_add_sigid(sigoid_srt[i][0], sigoid_srt[i][1],
+                                sigoid_srt[i][2]);
+                }
+#endif
+
+        for (i = 0; i < sizeof(sigoid_srt) / sizeof(nid_triple); i++)
+                {
+                n1 = sigoid_srt[i][0];
+                rv = OBJ_find_sigid_algs(n1, &n2, &n3);
+                printf("Forward: %d, %s %s %s\n", rv,
+                        OBJ_nid2ln(n1), OBJ_nid2ln(n2), OBJ_nid2ln(n3));
+                n1=0;
+                rv = OBJ_find_sigid_by_algs(&n1, n2, n3);
+                printf("Reverse: %d, %s %s %s\n", rv,
+                        OBJ_nid2ln(n1), OBJ_nid2ln(n2), OBJ_nid2ln(n3));
+                }
+        }
+        
+#endif
diff --git a/src/lib/libcrypto/objects/obj_xref.h b/src/lib/libcrypto/objects/obj_xref.h
new file mode 100644
index 0000000000..d5b9b8e198
--- /dev/null
+++ b/src/lib/libcrypto/objects/obj_xref.h
@@ -0,0 +1,75 @@
+/* AUTOGENERATED BY objxref.pl, DO NOT EDIT */
+
+typedef struct
+        {
+        int sign_id;
+        int hash_id;
+        int pkey_id;
+        } nid_triple;
+
+static const nid_triple sigoid_srt[] =
+        {
+        {NID_md2WithRSAEncryption, NID_md2, NID_rsaEncryption},
+        {NID_md5WithRSAEncryption, NID_md5, NID_rsaEncryption},
+        {NID_shaWithRSAEncryption, NID_sha, NID_rsaEncryption},
+        {NID_sha1WithRSAEncryption, NID_sha1, NID_rsaEncryption},
+        {NID_dsaWithSHA, NID_sha, NID_dsa},
+        {NID_dsaWithSHA1_2, NID_sha1, NID_dsa_2},
+        {NID_mdc2WithRSA, NID_mdc2, NID_rsaEncryption},
+        {NID_md5WithRSA, NID_md5, NID_rsa},
+        {NID_dsaWithSHA1, NID_sha1, NID_dsa},
+        {NID_sha1WithRSA, NID_sha1, NID_rsa},
+        {NID_ripemd160WithRSA, NID_ripemd160, NID_rsaEncryption},
+        {NID_md4WithRSAEncryption, NID_md4, NID_rsaEncryption},
+        {NID_ecdsa_with_SHA1, NID_sha1, NID_X9_62_id_ecPublicKey},
+        {NID_sha256WithRSAEncryption, NID_sha256, NID_rsaEncryption},
+        {NID_sha384WithRSAEncryption, NID_sha384, NID_rsaEncryption},
+        {NID_sha512WithRSAEncryption, NID_sha512, NID_rsaEncryption},
+        {NID_sha224WithRSAEncryption, NID_sha224, NID_rsaEncryption},
+        {NID_ecdsa_with_Recommended, NID_undef, NID_X9_62_id_ecPublicKey},
+        {NID_ecdsa_with_Specified, NID_undef, NID_X9_62_id_ecPublicKey},
+        {NID_ecdsa_with_SHA224, NID_sha224, NID_X9_62_id_ecPublicKey},
+        {NID_ecdsa_with_SHA256, NID_sha256, NID_X9_62_id_ecPublicKey},
+        {NID_ecdsa_with_SHA384, NID_sha384, NID_X9_62_id_ecPublicKey},
+        {NID_ecdsa_with_SHA512, NID_sha512, NID_X9_62_id_ecPublicKey},
+        {NID_dsa_with_SHA224, NID_sha224, NID_dsa},
+        {NID_dsa_with_SHA256, NID_sha256, NID_dsa},
+        {NID_id_GostR3411_94_with_GostR3410_2001, NID_id_GostR3411_94, NID_id_GostR3410_2001},
+        {NID_id_GostR3411_94_with_GostR3410_94, NID_id_GostR3411_94, NID_id_GostR3410_94},
+        {NID_id_GostR3411_94_with_GostR3410_94_cc, NID_id_GostR3411_94, NID_id_GostR3410_94_cc},
+        {NID_id_GostR3411_94_with_GostR3410_2001_cc, NID_id_GostR3411_94, NID_id_GostR3410_2001_cc},
+        };
+
+static const nid_triple * const sigoid_srt_xref[] =
+        {
+        &sigoid_srt[17],
+        &sigoid_srt[18],
+        &sigoid_srt[0],
+        &sigoid_srt[1],
+        &sigoid_srt[7],
+        &sigoid_srt[2],
+        &sigoid_srt[4],
+        &sigoid_srt[3],
+        &sigoid_srt[9],
+        &sigoid_srt[5],
+        &sigoid_srt[8],
+        &sigoid_srt[12],
+        &sigoid_srt[6],
+        &sigoid_srt[10],
+        &sigoid_srt[11],
+        &sigoid_srt[13],
+        &sigoid_srt[24],
+        &sigoid_srt[20],
+        &sigoid_srt[14],
+        &sigoid_srt[21],
+        &sigoid_srt[15],
+        &sigoid_srt[22],
+        &sigoid_srt[16],
+        &sigoid_srt[23],
+        &sigoid_srt[19],
+        &sigoid_srt[25],
+        &sigoid_srt[26],
+        &sigoid_srt[27],
+        &sigoid_srt[28],
+        };
+
diff --git a/src/lib/libcrypto/objects/obj_xref.txt b/src/lib/libcrypto/objects/obj_xref.txt
new file mode 100644
index 0000000000..e45b3d34b9
--- /dev/null
+++ b/src/lib/libcrypto/objects/obj_xref.txt
@@ -0,0 +1,42 @@
+# OID cross reference table.
+# Links signatures OIDs to their corresponding public key algorithms
+# and digests.
+
+md2WithRSAEncryption    md2     rsaEncryption
+md5WithRSAEncryption    md5     rsaEncryption
+shaWithRSAEncryption    sha     rsaEncryption
+sha1WithRSAEncryption   sha1    rsaEncryption
+md4WithRSAEncryption    md4     rsaEncryption
+sha256WithRSAEncryption sha256  rsaEncryption
+sha384WithRSAEncryption sha384  rsaEncryption
+sha512WithRSAEncryption sha512  rsaEncryption
+sha224WithRSAEncryption sha224  rsaEncryption
+mdc2WithRSA             mdc2    rsaEncryption
+ripemd160WithRSA        ripemd160 rsaEncryption
+
+# Alternative deprecated OIDs. By using the older "rsa" OID this
+# type will be recognized by not normally used.
+
+md5WithRSA              md5     rsa
+sha1WithRSA             sha1    rsa
+
+dsaWithSHA              sha     dsa
+dsaWithSHA1             sha1    dsa
+
+dsaWithSHA1_2           sha1    dsa_2
+
+ecdsa_with_SHA1         sha1    X9_62_id_ecPublicKey
+ecdsa_with_SHA224       sha224  X9_62_id_ecPublicKey
+ecdsa_with_SHA256       sha256  X9_62_id_ecPublicKey
+ecdsa_with_SHA384       sha384  X9_62_id_ecPublicKey
+ecdsa_with_SHA512       sha512  X9_62_id_ecPublicKey
+ecdsa_with_Recommended  undef   X9_62_id_ecPublicKey
+ecdsa_with_Specified    undef   X9_62_id_ecPublicKey
+
+dsa_with_SHA224         sha224  dsa
+dsa_with_SHA256         sha256  dsa
+
+id_GostR3411_94_with_GostR3410_2001     id_GostR3411_94 id_GostR3410_2001
+id_GostR3411_94_with_GostR3410_94       id_GostR3411_94 id_GostR3410_94
+id_GostR3411_94_with_GostR3410_94_cc    id_GostR3411_94 id_GostR3410_94_cc
+id_GostR3411_94_with_GostR3410_2001_cc  id_GostR3411_94 id_GostR3410_2001_cc
diff --git a/src/lib/libcrypto/objects/objxref.pl b/src/lib/libcrypto/objects/objxref.pl
new file mode 100644
index 0000000000..731d3ae22c
--- /dev/null
+++ b/src/lib/libcrypto/objects/objxref.pl
@@ -0,0 +1,107 @@
+#!/usr/local/bin/perl
+
+use strict;
+
+my %xref_tbl;
+my %oid_tbl;
+
+my ($mac_file, $xref_file) = @ARGV;
+
+open(IN, $mac_file) || die "Can't open $mac_file";
+
+# Read in OID nid values for a lookup table.
+
+while (<IN>)
+        {
+        chomp;
+        my ($name, $num) = /^(\S+)\s+(\S+)$/;
+        $oid_tbl{$name} = $num;
+        }
+close IN;
+
+open(IN, $xref_file) || die "Can't open $xref_file";
+
+my $ln = 1;
+
+while (<IN>)
+        {
+        chomp;
+        s/#.*$//;
+        next if (/^\S*$/);
+        my ($xr, $p1, $p2) = /^(\S+)\s+(\S+)\s+(\S+)/;
+        check_oid($xr);
+        check_oid($p1);
+        check_oid($p2);
+        $xref_tbl{$xr} = [$p1, $p2, $ln];
+        }
+
+my @xrkeys = keys %xref_tbl;
+
+my @srt1 = sort { $oid_tbl{$a} <=> $oid_tbl{$b}} @xrkeys;
+
+for(my $i = 0; $i <= $#srt1; $i++)
+        {
+        $xref_tbl{$srt1[$i]}[2] = $i;
+        }
+
+my @srt2 = sort
+        {
+        my$ap1 = $oid_tbl{$xref_tbl{$a}[0]};
+        my$bp1 = $oid_tbl{$xref_tbl{$b}[0]};
+        return $ap1 - $bp1 if ($ap1 != $bp1);
+        my$ap2 = $oid_tbl{$xref_tbl{$a}[1]};
+        my$bp2 = $oid_tbl{$xref_tbl{$b}[1]};
+
+        return $ap2 - $bp2;
+        } @xrkeys;
+
+my $pname = $0;
+
+$pname =~ s|^.[^/]/||;
+
+print <<EOF;
+/* AUTOGENERATED BY $pname, DO NOT EDIT */
+
+typedef struct
+        {
+        int sign_id;
+        int hash_id;
+        int pkey_id;
+        } nid_triple;
+
+static const nid_triple sigoid_srt[] =
+        {
+EOF
+
+foreach (@srt1)
+        {
+        my $xr = $_;
+        my ($p1, $p2) = @{$xref_tbl{$_}};
+        print "\t{NID_$xr, NID_$p1, NID_$p2},\n";
+        }
+
+print "\t};";
+print <<EOF;
+
+
+static const nid_triple * const sigoid_srt_xref[] =
+        {
+EOF
+
+foreach (@srt2)
+        {
+        my $x = $xref_tbl{$_}[2];
+        print "\t\&sigoid_srt\[$x\],\n";
+        }
+
+print "\t};\n\n";
+
+sub check_oid
+        {
+        my ($chk) = @_;
+        if (!exists $oid_tbl{$chk})
+                {
+                die "Not Found \"$chk\"\n";
+                }
+        }
+
diff --git a/src/lib/libcrypto/pem/pvkfmt.c b/src/lib/libcrypto/pem/pvkfmt.c
new file mode 100644
index 0000000000..d998a67fa5
--- /dev/null
+++ b/src/lib/libcrypto/pem/pvkfmt.c
@@ -0,0 +1,942 @@
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* Support for PVK format keys and related structures (such a PUBLICKEYBLOB
+ * and PRIVATEKEYBLOB).
+ */
+
+#include "cryptlib.h"
+#include <openssl/pem.h>
+#include <openssl/rand.h>
+#include <openssl/bn.h>
+#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA)
+#include <openssl/dsa.h>
+#include <openssl/rsa.h>
+
+/* Utility function: read a DWORD (4 byte unsigned integer) in little endian
+ * format
+ */
+
+static unsigned int read_ledword(const unsigned char **in)
+        {
+        const unsigned char *p = *in;
+        unsigned int ret;
+        ret = *p++;
+        ret |= (*p++ << 8);
+        ret |= (*p++ << 16);
+        ret |= (*p++ << 24);
+        *in = p;
+        return ret;
+        }
+
+/* Read a BIGNUM in little endian format. The docs say that this should take up 
+ * bitlen/8 bytes.
+ */
+
+static int read_lebn(const unsigned char **in, unsigned int nbyte, BIGNUM **r)
+        {
+        const unsigned char *p;
+        unsigned char *tmpbuf, *q;
+        unsigned int i;
+        p = *in + nbyte - 1;
+        tmpbuf = OPENSSL_malloc(nbyte);
+        if (!tmpbuf)
+                return 0;
+        q = tmpbuf;
+        for (i = 0; i < nbyte; i++)
+                *q++ = *p--;
+        *r = BN_bin2bn(tmpbuf, nbyte, NULL);
+        OPENSSL_free(tmpbuf);
+        if (*r)
+                {
+                *in += nbyte;
+                return 1;
+                }
+        else
+                return 0;
+        }
+
+
+/* Convert private key blob to EVP_PKEY: RSA and DSA keys supported */
+
+#define MS_PUBLICKEYBLOB        0x6
+#define MS_PRIVATEKEYBLOB       0x7
+#define MS_RSA1MAGIC            0x31415352L
+#define MS_RSA2MAGIC            0x32415352L
+#define MS_DSS1MAGIC            0x31535344L
+#define MS_DSS2MAGIC            0x32535344L
+
+#define MS_KEYALG_RSA_KEYX      0xa400
+#define MS_KEYALG_DSS_SIGN      0x2200
+
+#define MS_KEYTYPE_KEYX         0x1
+#define MS_KEYTYPE_SIGN         0x2
+
+/* The PVK file magic number: seems to spell out "bobsfile", who is Bob? */
+#define MS_PVKMAGIC             0xb0b5f11eL
+/* Salt length for PVK files */
+#define PVK_SALTLEN             0x10
+
+static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length,
+                                                unsigned int bitlen, int ispub);
+static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length,
+                                                unsigned int bitlen, int ispub);
+
+static int do_blob_header(const unsigned char **in, unsigned int length,
+                                unsigned int *pmagic, unsigned int *pbitlen,
+                                int *pisdss, int *pispub)
+        {
+        const unsigned char *p = *in;
+        if (length < 16)
+                return 0;
+        /* bType */
+        if (*p == MS_PUBLICKEYBLOB)
+                {
+                if (*pispub == 0)
+                        {
+                        PEMerr(PEM_F_DO_BLOB_HEADER,
+                                        PEM_R_EXPECTING_PRIVATE_KEY_BLOB);
+                        return 0;
+                        }
+                *pispub = 1;
+                }
+        else if (*p == MS_PRIVATEKEYBLOB)
+                {
+                if (*pispub == 1)
+                        {
+                        PEMerr(PEM_F_DO_BLOB_HEADER,
+                                        PEM_R_EXPECTING_PUBLIC_KEY_BLOB);
+                        return 0;
+                        }
+                *pispub = 0;
+                }
+        else
+                return 0;
+        p++;
+        /* Version */
+        if (*p++ != 0x2)
+                {
+                PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_BAD_VERSION_NUMBER);
+                return 0;
+                }
+        /* Ignore reserved, aiKeyAlg */
+        p+= 6;
+        *pmagic = read_ledword(&p);
+        *pbitlen = read_ledword(&p);
+        *pisdss = 0;
+        switch (*pmagic)
+                {
+
+                case MS_DSS1MAGIC:
+                *pisdss = 1;
+                case MS_RSA1MAGIC:
+                if (*pispub == 0)
+                        {
+                        PEMerr(PEM_F_DO_BLOB_HEADER,
+                                        PEM_R_EXPECTING_PRIVATE_KEY_BLOB);
+                        return 0;
+                        }
+                break;
+
+                case MS_DSS2MAGIC:
+                *pisdss = 1;
+                case MS_RSA2MAGIC:
+                if (*pispub == 1)
+                        {
+                        PEMerr(PEM_F_DO_BLOB_HEADER,
+                                        PEM_R_EXPECTING_PUBLIC_KEY_BLOB);
+                        return 0;
+                        }
+                break;
+
+                default:
+                PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_BAD_MAGIC_NUMBER);
+                return -1;
+                }
+        *in = p;
+        return 1;
+        }
+
+static unsigned int blob_length(unsigned bitlen, int isdss, int ispub)
+        {
+        unsigned int nbyte, hnbyte;
+        nbyte = (bitlen + 7) >> 3;
+        hnbyte = (bitlen + 15) >> 4;
+        if (isdss)
+                {
+
+                /* Expected length: 20 for q + 3 components bitlen each + 24
+                 * for seed structure.
+                 */
+                if (ispub)
+                        return  44 + 3 * nbyte;
+                /* Expected length: 20 for q, priv, 2 bitlen components + 24
+                 * for seed structure.
+                 */
+                else
+                        return 64 + 2 * nbyte;
+                }
+        else
+                {
+                /* Expected length: 4 for 'e' + 'n' */
+                if (ispub)
+                        return 4 + nbyte;
+                else
+                /* Expected length: 4 for 'e' and 7 other components.
+                 * 2 components are bitlen size, 5 are bitlen/2
+                 */
+                        return 4 + 2*nbyte + 5*hnbyte;
+                }
+
+        }
+
+static EVP_PKEY *do_b2i(const unsigned char **in, unsigned int length,
+                                                                int ispub)
+        {
+        const unsigned char *p = *in;
+        unsigned int bitlen, magic;
+        int isdss;
+        if (do_blob_header(&p, length, &magic, &bitlen, &isdss, &ispub) <= 0)
+                {
+                PEMerr(PEM_F_DO_B2I, PEM_R_KEYBLOB_HEADER_PARSE_ERROR);
+                return NULL;
+                }
+        length -= 16;
+        if (length < blob_length(bitlen, isdss, ispub))
+                {
+                PEMerr(PEM_F_DO_B2I, PEM_R_KEYBLOB_TOO_SHORT);
+                return NULL;
+                }
+        if (isdss)
+                return b2i_dss(&p, length, bitlen, ispub);
+        else
+                return b2i_rsa(&p, length, bitlen, ispub);
+        }
+
+static EVP_PKEY *do_b2i_bio(BIO *in, int ispub)
+        {
+        const unsigned char *p;
+        unsigned char hdr_buf[16], *buf = NULL;
+        unsigned int bitlen, magic, length;
+        int isdss;
+        EVP_PKEY *ret = NULL;
+        if (BIO_read(in, hdr_buf, 16) != 16)
+                {
+                PEMerr(PEM_F_DO_B2I_BIO, PEM_R_KEYBLOB_TOO_SHORT);
+                return NULL;
+                }
+        p = hdr_buf;
+        if (do_blob_header(&p, 16, &magic, &bitlen, &isdss, &ispub) <= 0)
+                return NULL;
+
+        length = blob_length(bitlen, isdss, ispub);
+        buf = OPENSSL_malloc(length);
+        if (!buf)
+                {
+                PEMerr(PEM_F_DO_B2I_BIO, ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        p = buf;
+        if (BIO_read(in, buf, length) != (int)length)
+                {
+                PEMerr(PEM_F_DO_B2I_BIO, PEM_R_KEYBLOB_TOO_SHORT);
+                goto err;
+                }
+
+        if (isdss)
+                ret = b2i_dss(&p, length, bitlen, ispub);
+        else
+                ret = b2i_rsa(&p, length, bitlen, ispub);
+
+        err:
+        if (buf)
+                OPENSSL_free(buf);
+        return ret;
+        }
+
+static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length,
+                                                unsigned int bitlen, int ispub)
+        {
+        const unsigned char *p = *in;
+        EVP_PKEY *ret = NULL;
+        DSA *dsa = NULL;
+        BN_CTX *ctx = NULL;
+        unsigned int nbyte;
+        nbyte = (bitlen + 7) >> 3;
+
+        dsa = DSA_new();
+        ret = EVP_PKEY_new();
+        if (!dsa || !ret)
+                goto memerr;
+        if (!read_lebn(&p, nbyte, &dsa->p))
+                goto memerr;
+        if (!read_lebn(&p, 20, &dsa->q))
+                goto memerr;
+        if (!read_lebn(&p, nbyte, &dsa->g))
+                goto memerr;
+        if (ispub)
+                {
+                if (!read_lebn(&p, nbyte, &dsa->pub_key))
+                        goto memerr;
+                }
+        else
+                {
+                if (!read_lebn(&p, 20, &dsa->priv_key))
+                        goto memerr;
+                /* Calculate public key */
+                if (!(dsa->pub_key = BN_new()))
+                        goto memerr;
+                if (!(ctx = BN_CTX_new()))
+                        goto memerr;
+                        
+                if (!BN_mod_exp(dsa->pub_key, dsa->g,
+                                                 dsa->priv_key, dsa->p, ctx))
+                        
+                        goto memerr;
+                BN_CTX_free(ctx);
+                }
+
+        EVP_PKEY_set1_DSA(ret, dsa);
+        DSA_free(dsa);
+        *in = p;
+        return ret;
+
+        memerr:
+        PEMerr(PEM_F_B2I_DSS, ERR_R_MALLOC_FAILURE);
+        if (dsa)
+                DSA_free(dsa);
+        if (ret)
+                EVP_PKEY_free(ret);
+        if (ctx)
+                BN_CTX_free(ctx);
+        return NULL;
+        }
+
+static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length,
+                                                unsigned int bitlen, int ispub)
+                
+        {
+        const unsigned char *p = *in;
+        EVP_PKEY *ret = NULL;
+        RSA *rsa = NULL;
+        unsigned int nbyte, hnbyte;
+        nbyte = (bitlen + 7) >> 3;
+        hnbyte = (bitlen + 15) >> 4;
+        rsa = RSA_new();
+        ret = EVP_PKEY_new();
+        if (!rsa || !ret)
+                goto memerr;
+        rsa->e = BN_new();
+        if (!rsa->e)
+                goto memerr;
+        if (!BN_set_word(rsa->e, read_ledword(&p)))
+                goto memerr;
+        if (!read_lebn(&p, nbyte, &rsa->n))
+                goto memerr;
+        if (!ispub)
+                {
+                if (!read_lebn(&p, hnbyte, &rsa->p))
+                        goto memerr;
+                if (!read_lebn(&p, hnbyte, &rsa->q))
+                        goto memerr;
+                if (!read_lebn(&p, hnbyte, &rsa->dmp1))
+                        goto memerr;
+                if (!read_lebn(&p, hnbyte, &rsa->dmq1))
+                        goto memerr;
+                if (!read_lebn(&p, hnbyte, &rsa->iqmp))
+                        goto memerr;
+                if (!read_lebn(&p, nbyte, &rsa->d))
+                        goto memerr;
+                }
+
+        EVP_PKEY_set1_RSA(ret, rsa);
+        RSA_free(rsa);
+        *in = p;
+        return ret;
+        memerr:
+        PEMerr(PEM_F_B2I_RSA, ERR_R_MALLOC_FAILURE);
+        if (rsa)
+                RSA_free(rsa);
+        if (ret)
+                EVP_PKEY_free(ret);
+        return NULL;
+        }
+
+EVP_PKEY *b2i_PrivateKey(const unsigned char **in, long length)
+        {
+        return do_b2i(in, length, 0);
+        }
+
+EVP_PKEY *b2i_PublicKey(const unsigned char **in, long length)
+        {
+        return do_b2i(in, length, 1);
+        }
+
+
+EVP_PKEY *b2i_PrivateKey_bio(BIO *in)
+        {
+        return do_b2i_bio(in, 0);
+        }
+
+EVP_PKEY *b2i_PublicKey_bio(BIO *in)
+        {
+        return do_b2i_bio(in, 1);
+        }
+
+static void write_ledword(unsigned char **out, unsigned int dw)
+        {
+        unsigned char *p = *out;
+        *p++ = dw & 0xff;
+        *p++ = (dw>>8) & 0xff;
+        *p++ = (dw>>16) & 0xff;
+        *p++ = (dw>>24) & 0xff;
+        *out = p;
+        }
+
+static void write_lebn(unsigned char **out, const BIGNUM *bn, int len)
+        {
+        int nb, i;
+        unsigned char *p = *out, *q, c;
+        nb = BN_num_bytes(bn);
+        BN_bn2bin(bn, p);
+        q = p + nb - 1;
+        /* In place byte order reversal */
+        for (i = 0; i < nb/2; i++)
+                {
+                c = *p;
+                *p++ = *q;
+                *q-- = c;
+                }
+        *out += nb;
+        /* Pad with zeroes if we have to */
+        if (len > 0)
+                {
+                len -= nb;
+                if (len > 0)
+                        {
+                        memset(*out, 0, len);
+                        *out += len;
+                        }
+                }
+        }
+
+
+static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *magic);
+static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *magic);
+
+static void write_rsa(unsigned char **out, RSA *rsa, int ispub);
+static void write_dsa(unsigned char **out, DSA *dsa, int ispub);
+        
+static int do_i2b(unsigned char **out, EVP_PKEY *pk, int ispub)
+        {
+        unsigned char *p;
+        unsigned int bitlen, magic = 0, keyalg;
+        int outlen, noinc = 0;
+        if (pk->type == EVP_PKEY_DSA)
+                {
+                bitlen = check_bitlen_dsa(pk->pkey.dsa, ispub, &magic);
+                keyalg = MS_KEYALG_DSS_SIGN;
+                }
+        else if (pk->type == EVP_PKEY_RSA)
+                {
+                bitlen = check_bitlen_rsa(pk->pkey.rsa, ispub, &magic);
+                keyalg = MS_KEYALG_RSA_KEYX;
+                }
+        else
+                return -1;
+        if (bitlen == 0)
+                return -1;
+        outlen = 16 + blob_length(bitlen,
+                        keyalg == MS_KEYALG_DSS_SIGN ? 1 : 0, ispub);
+        if (out == NULL)
+                return outlen;
+        if (*out)
+                p = *out;
+        else
+                {
+                p = OPENSSL_malloc(outlen);
+                if (!p)
+                        return -1;
+                *out = p;
+                noinc = 1;
+                }
+        if (ispub)
+                *p++ = MS_PUBLICKEYBLOB;
+        else
+                *p++ = MS_PRIVATEKEYBLOB;
+        *p++ = 0x2;
+        *p++ = 0;
+        *p++ = 0;
+        write_ledword(&p, keyalg);
+        write_ledword(&p, magic);
+        write_ledword(&p, bitlen);
+        if (keyalg == MS_KEYALG_DSS_SIGN)
+                write_dsa(&p, pk->pkey.dsa, ispub);
+        else
+                write_rsa(&p, pk->pkey.rsa, ispub);
+        if (!noinc)
+                *out += outlen;
+        return outlen;
+        }
+
+static int do_i2b_bio(BIO *out, EVP_PKEY *pk, int ispub)
+        {
+        unsigned char *tmp = NULL;
+        int outlen, wrlen;
+        outlen = do_i2b(&tmp, pk, ispub);
+        if (outlen < 0)
+                return -1;
+        wrlen = BIO_write(out, tmp, outlen);
+        OPENSSL_free(tmp);
+        if (wrlen == outlen)
+                return outlen;
+        return -1;
+        }
+
+static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *pmagic)
+        {
+        int bitlen;
+        bitlen = BN_num_bits(dsa->p);
+        if ((bitlen & 7) || (BN_num_bits(dsa->q) != 160)
+                || (BN_num_bits(dsa->g) > bitlen))
+                goto badkey;
+        if (ispub)
+                {
+                if (BN_num_bits(dsa->pub_key) > bitlen)
+                        goto badkey;
+                *pmagic = MS_DSS1MAGIC;
+                }
+        else
+                {
+                if (BN_num_bits(dsa->priv_key) > 160)
+                        goto badkey;
+                *pmagic = MS_DSS2MAGIC;
+                }
+        
+        return bitlen;
+        badkey:
+        PEMerr(PEM_F_CHECK_BITLEN_DSA, PEM_R_UNSUPPORTED_KEY_COMPONENTS);
+        return 0;
+        }
+
+static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *pmagic)
+        {
+        int nbyte, hnbyte, bitlen;
+        if (BN_num_bits(rsa->e) > 32)
+                goto badkey;
+        bitlen = BN_num_bits(rsa->n);
+        nbyte = BN_num_bytes(rsa->n);
+        hnbyte = (BN_num_bits(rsa->n) + 15) >> 4;
+        if (ispub)
+                {
+                *pmagic = MS_RSA1MAGIC;
+                return bitlen;
+                }
+        else
+        {
+                *pmagic = MS_RSA2MAGIC;
+                /* For private key each component must fit within nbyte or
+                 * hnbyte.
+                 */
+                if (BN_num_bytes(rsa->d) > nbyte)
+                        goto badkey;
+                if ((BN_num_bytes(rsa->iqmp) > hnbyte)
+                        || (BN_num_bytes(rsa->p) > hnbyte)
+                        || (BN_num_bytes(rsa->q) > hnbyte)
+                        || (BN_num_bytes(rsa->dmp1) > hnbyte)
+                        || (BN_num_bytes(rsa->dmq1) > hnbyte))
+                        goto badkey;
+        }
+        return bitlen;
+        badkey:
+        PEMerr(PEM_F_CHECK_BITLEN_RSA, PEM_R_UNSUPPORTED_KEY_COMPONENTS);
+        return 0;
+        }
+
+
+static void write_rsa(unsigned char **out, RSA *rsa, int ispub)
+        {
+        int nbyte, hnbyte;
+        nbyte = BN_num_bytes(rsa->n);
+        hnbyte = (BN_num_bits(rsa->n) + 15) >> 4;
+        write_lebn(out, rsa->e, 4);
+        write_lebn(out, rsa->n, -1);
+        if (ispub)
+                return;
+        write_lebn(out, rsa->p, hnbyte);
+        write_lebn(out, rsa->q, hnbyte);
+        write_lebn(out, rsa->dmp1, hnbyte);
+        write_lebn(out, rsa->dmq1, hnbyte);
+        write_lebn(out, rsa->iqmp, hnbyte);
+        write_lebn(out, rsa->d, nbyte);
+        }
+
+        
+static void write_dsa(unsigned char **out, DSA *dsa, int ispub)
+        {
+        int nbyte;
+        nbyte = BN_num_bytes(dsa->p);
+        write_lebn(out, dsa->p, nbyte);
+        write_lebn(out, dsa->q, 20);
+        write_lebn(out, dsa->g, nbyte);
+        if (ispub)
+                write_lebn(out, dsa->pub_key, nbyte);
+        else
+                write_lebn(out, dsa->priv_key, 20);
+        /* Set "invalid" for seed structure values */
+        memset(*out, 0xff, 24);
+        *out += 24;
+        return;
+        }
+        
+
+int i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk)
+        {
+        return do_i2b_bio(out, pk, 0);
+        }
+
+int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk)
+        {
+        return do_i2b_bio(out, pk, 1);
+        }
+
+#ifndef OPENSSL_NO_RC4
+
+static int do_PVK_header(const unsigned char **in, unsigned int length,
+                int skip_magic,
+                unsigned int *psaltlen, unsigned int *pkeylen)
+                
+        {
+        const unsigned char *p = *in;
+        unsigned int pvk_magic, keytype, is_encrypted;
+        if (skip_magic)
+                {
+                if (length < 20)
+                        {
+                        PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_PVK_TOO_SHORT);
+                        return 0;
+                        }
+                length -= 20;
+                }
+        else
+                {
+                if (length < 24)
+                        {
+                        PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_PVK_TOO_SHORT);
+                        return 0;
+                        }
+                length -= 24;
+                pvk_magic = read_ledword(&p);
+                if (pvk_magic != MS_PVKMAGIC)
+                        {
+                        PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_BAD_MAGIC_NUMBER);
+                        return 0;
+                        }
+                }
+        /* Skip reserved */
+        p += 4;
+        keytype = read_ledword(&p);
+        is_encrypted = read_ledword(&p);
+        *psaltlen = read_ledword(&p);
+        *pkeylen = read_ledword(&p);
+
+        if (is_encrypted && !*psaltlen)
+                {
+                PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_INCONSISTENT_HEADER);
+                return 0;
+                }
+
+        *in = p;
+        return 1;
+        }
+
+static int derive_pvk_key(unsigned char *key, 
+                        const unsigned char *salt, unsigned int saltlen,
+                        const unsigned char *pass, int passlen)
+        {
+        EVP_MD_CTX mctx;
+        EVP_MD_CTX_init(&mctx);
+        EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL);
+        EVP_DigestUpdate(&mctx, salt, saltlen);
+        EVP_DigestUpdate(&mctx, pass, passlen);
+        EVP_DigestFinal_ex(&mctx, key, NULL);
+        EVP_MD_CTX_cleanup(&mctx);
+        return 1;
+        }
+        
+
+static EVP_PKEY *do_PVK_body(const unsigned char **in,
+                unsigned int saltlen, unsigned int keylen,
+                pem_password_cb *cb, void *u)
+        {
+        EVP_PKEY *ret = NULL;
+        const unsigned char *p = *in;
+        unsigned int magic;
+        unsigned char *enctmp = NULL, *q;
+        if (saltlen)
+                {
+                char psbuf[PEM_BUFSIZE];
+                unsigned char keybuf[20];
+                EVP_CIPHER_CTX cctx;
+                int enctmplen, inlen;
+                if (cb)
+                        inlen=cb(psbuf,PEM_BUFSIZE,0,u);
+                else
+                        inlen=PEM_def_callback(psbuf,PEM_BUFSIZE,0,u);
+                if (inlen <= 0)
+                        {
+                        PEMerr(PEM_F_DO_PVK_BODY,PEM_R_BAD_PASSWORD_READ);
+                        return NULL;
+                        }
+                enctmp = OPENSSL_malloc(keylen + 8);
+                if (!enctmp)
+                        {
+                        PEMerr(PEM_F_DO_PVK_BODY, ERR_R_MALLOC_FAILURE);
+                        return NULL;
+                        }
+                if (!derive_pvk_key(keybuf, p, saltlen,
+                            (unsigned char *)psbuf, inlen))
+                        return NULL;
+                p += saltlen;
+                /* Copy BLOBHEADER across, decrypt rest */
+                memcpy(enctmp, p, 8);
+                p += 8;
+                inlen = keylen - 8;
+                q = enctmp + 8;
+                EVP_CIPHER_CTX_init(&cctx);
+                EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL);
+                EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen);
+                EVP_DecryptFinal_ex(&cctx, q + enctmplen, &enctmplen);
+                magic = read_ledword((const unsigned char **)&q);
+                if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC)
+                        {
+                        q = enctmp + 8;
+                        memset(keybuf + 5, 0, 11);
+                        EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf,
+                                                                NULL);
+                        OPENSSL_cleanse(keybuf, 20);
+                        EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen);
+                        EVP_DecryptFinal_ex(&cctx, q + enctmplen,
+                                                                &enctmplen);
+                        magic = read_ledword((const unsigned char **)&q);
+                        if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC)
+                                {
+                                EVP_CIPHER_CTX_cleanup(&cctx);
+                                PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_DECRYPT);
+                                goto err;
+                                }
+                        }
+                else
+                        OPENSSL_cleanse(keybuf, 20);
+                EVP_CIPHER_CTX_cleanup(&cctx);
+                p = enctmp;
+                }
+
+        ret = b2i_PrivateKey(&p, keylen);
+        err:
+        if (enctmp && saltlen)
+                OPENSSL_free(enctmp);
+        return ret;
+        }
+
+
+EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u)
+        {
+        unsigned char pvk_hdr[24], *buf = NULL;
+        const unsigned char *p;
+        int buflen;
+        EVP_PKEY *ret = NULL;
+        unsigned int saltlen, keylen;
+        if (BIO_read(in, pvk_hdr, 24) != 24)
+                {
+                PEMerr(PEM_F_B2I_PVK_BIO, PEM_R_PVK_DATA_TOO_SHORT);
+                return NULL;
+                }
+        p = pvk_hdr;
+
+        if (!do_PVK_header(&p, 24, 0, &saltlen, &keylen))
+                return 0;
+        buflen = (int) keylen + saltlen;
+        buf = OPENSSL_malloc(buflen);
+        if (!buf)
+                {
+                PEMerr(PEM_F_B2I_PVK_BIO, ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        p = buf;
+        if (BIO_read(in, buf, buflen) != buflen)
+                {
+                PEMerr(PEM_F_B2I_PVK_BIO, PEM_R_PVK_DATA_TOO_SHORT);
+                goto err;
+                }
+        ret = do_PVK_body(&p, saltlen, keylen, cb, u);
+
+        err:
+        if (buf)
+                {
+                OPENSSL_cleanse(buf, buflen);
+                OPENSSL_free(buf);
+                }
+        return ret;
+        }
+
+        
+        
+static int i2b_PVK(unsigned char **out, EVP_PKEY*pk, int enclevel,
+                pem_password_cb *cb, void *u)
+        {
+        int outlen = 24, noinc, pklen;
+        unsigned char *p, *salt = NULL;
+        if (enclevel)
+                outlen += PVK_SALTLEN;
+        pklen = do_i2b(NULL, pk, 0);
+        if (pklen < 0)
+                return -1;
+        outlen += pklen;
+        if (!out)
+                return outlen;
+        if (*out)
+                {
+                p = *out;
+                noinc = 0;
+                }
+        else
+                {
+                p = OPENSSL_malloc(outlen);
+                if (!p)
+                        {
+                        PEMerr(PEM_F_I2B_PVK,ERR_R_MALLOC_FAILURE);
+                        return -1;
+                        }
+                *out = p;
+                noinc = 1;
+                }
+
+        write_ledword(&p, MS_PVKMAGIC);
+        write_ledword(&p, 0);
+        if (pk->type == EVP_PKEY_DSA)
+                write_ledword(&p, MS_KEYTYPE_SIGN);
+        else
+                write_ledword(&p, MS_KEYTYPE_KEYX);
+        write_ledword(&p, enclevel ? 1 : 0);
+        write_ledword(&p, enclevel ? PVK_SALTLEN: 0);
+        write_ledword(&p, pklen);
+        if (enclevel)
+                {
+                if (RAND_bytes(p, PVK_SALTLEN) <= 0)
+                        goto error;
+                salt = p;
+                p += PVK_SALTLEN;
+                }
+        do_i2b(&p, pk, 0);
+        if (enclevel == 0)
+                return outlen;
+        else
+                {
+                char psbuf[PEM_BUFSIZE];
+                unsigned char keybuf[20];
+                EVP_CIPHER_CTX cctx;
+                int enctmplen, inlen;
+                if (cb)
+                        inlen=cb(psbuf,PEM_BUFSIZE,1,u);
+                else
+                        inlen=PEM_def_callback(psbuf,PEM_BUFSIZE,1,u);
+                if (inlen <= 0)
+                        {
+                        PEMerr(PEM_F_I2B_PVK,PEM_R_BAD_PASSWORD_READ);
+                        goto error;
+                        }
+                if (!derive_pvk_key(keybuf, salt, PVK_SALTLEN,
+                            (unsigned char *)psbuf, inlen))
+                        goto error;
+                if (enclevel == 1)
+                        memset(keybuf + 5, 0, 11);
+                p = salt + PVK_SALTLEN + 8;
+                EVP_CIPHER_CTX_init(&cctx);
+                EVP_EncryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL);
+                OPENSSL_cleanse(keybuf, 20);
+                EVP_DecryptUpdate(&cctx, p, &enctmplen, p, pklen - 8);
+                EVP_DecryptFinal_ex(&cctx, p + enctmplen, &enctmplen);
+                EVP_CIPHER_CTX_cleanup(&cctx);
+                }
+        return outlen;
+
+        error:
+        return -1;
+        }
+
+int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel,
+                pem_password_cb *cb, void *u)
+        {
+        unsigned char *tmp = NULL;
+        int outlen, wrlen;
+        outlen = i2b_PVK(&tmp, pk, enclevel, cb, u);
+        if (outlen < 0)
+                return -1;
+        wrlen = BIO_write(out, tmp, outlen);
+        OPENSSL_free(tmp);
+        if (wrlen == outlen)
+                {
+                PEMerr(PEM_F_I2B_PVK_BIO, PEM_R_BIO_WRITE_FAILURE);
+                return outlen;
+                }
+        return -1;
+        }
+
+#endif
+
+#endif
diff --git a/src/lib/libcrypto/perlasm/ppc-xlate.pl b/src/lib/libcrypto/perlasm/ppc-xlate.pl
new file mode 100755
index 0000000000..4579671c97
--- /dev/null
+++ b/src/lib/libcrypto/perlasm/ppc-xlate.pl
@@ -0,0 +1,152 @@
+#!/usr/bin/env perl
+
+# PowerPC assembler distiller by <appro>.
+
+my $flavour = shift;
+my $output = shift;
+open STDOUT,">$output" || die "can't open $output: $!";
+
+my %GLOBALS;
+my $dotinlocallabels=($flavour=~/linux/)?1:0;
+
+################################################################
+# directives which need special treatment on different platforms
+################################################################
+my $globl = sub {
+    my $junk = shift;
+    my $name = shift;
+    my $global = \$GLOBALS{$name};
+    my $ret;
+
+    $name =~ s|^[\.\_]||;
+ 
+    SWITCH: for ($flavour) {
+        /aix/           && do { $name = ".$name";
+                                last;
+                              };
+        /osx/           && do { $name = "_$name";
+                                last;
+                              };
+        /linux.*32/     && do { $ret .= ".globl $name\n";
+                                $ret .= ".type  $name,\@function";
+                                last;
+                              };
+        /linux.*64/     && do { $ret .= ".globl .$name\n";
+                                $ret .= ".type  .$name,\@function\n";
+                                $ret .= ".section       \".opd\",\"aw\"\n";
+                                $ret .= ".globl $name\n";
+                                $ret .= ".align 3\n";
+                                $ret .= "$name:\n";
+                                $ret .= ".quad  .$name,.TOC.\@tocbase,0\n";
+                                $ret .= ".size  $name,24\n";
+                                $ret .= ".previous\n";
+
+                                $name = ".$name";
+                                last;
+                              };
+    }
+
+    $ret = ".globl      $name" if (!$ret);
+    $$global = $name;
+    $ret;
+};
+my $text = sub {
+    ($flavour =~ /aix/) ? ".csect" : ".text";
+};
+my $machine = sub {
+    my $junk = shift;
+    my $arch = shift;
+    if ($flavour =~ /osx/)
+    {   $arch =~ s/\"//g;
+        $arch = ($flavour=~/64/) ? "ppc970-64" : "ppc970" if ($arch eq "any");
+    }
+    ".machine   $arch";
+};
+my $asciz = sub {
+    shift;
+    my $line = join(",",@_);
+    if ($line =~ /^"(.*)"$/)
+    {   ".byte  " . join(",",unpack("C*",$1),0) . "\n.align     2";     }
+    else
+    {   "";     }
+};
+
+################################################################
+# simplified mnemonics not handled by at least one assembler
+################################################################
+my $cmplw = sub {
+    my $f = shift;
+    my $cr = 0; $cr = shift if ($#_>1);
+    # Some out-of-date 32-bit GNU assembler just can't handle cmplw...
+    ($flavour =~ /linux.*32/) ?
+        "       .long   ".sprintf "0x%x",31<<26|$cr<<23|$_[0]<<16|$_[1]<<11|64 :
+        "       cmplw   ".join(',',$cr,@_);
+};
+my $bdnz = sub {
+    my $f = shift;
+    my $bo = $f=~/[\+\-]/ ? 16+9 : 16;  # optional "to be taken" hint
+    "   bc      $bo,0,".shift;
+} if ($flavour!~/linux/);
+my $bltlr = sub {
+    my $f = shift;
+    my $bo = $f=~/\-/ ? 12+2 : 12;      # optional "not to be taken" hint
+    ($flavour =~ /linux/) ?             # GNU as doesn't allow most recent hints
+        "       .long   ".sprintf "0x%x",19<<26|$bo<<21|16<<1 :
+        "       bclr    $bo,0";
+};
+my $bnelr = sub {
+    my $f = shift;
+    my $bo = $f=~/\-/ ? 4+2 : 4;        # optional "not to be taken" hint
+    ($flavour =~ /linux/) ?             # GNU as doesn't allow most recent hints
+        "       .long   ".sprintf "0x%x",19<<26|$bo<<21|2<<16|16<<1 :
+        "       bclr    $bo,2";
+};
+my $beqlr = sub {
+    my $f = shift;
+    my $bo = $f=~/-/ ? 12+2 : 12;       # optional "not to be taken" hint
+    ($flavour =~ /linux/) ?             # GNU as doesn't allow most recent hints
+        "       .long   ".sprintf "0x%X",19<<26|$bo<<21|2<<16|16<<1 :
+        "       bclr    $bo,2";
+};
+# GNU assembler can't handle extrdi rA,rS,16,48, or when sum of last two
+# arguments is 64, with "operand out of range" error.
+my $extrdi = sub {
+    my ($f,$ra,$rs,$n,$b) = @_;
+    $b = ($b+$n)&63; $n = 64-$n;
+    "   rldicl  $ra,$rs,$b,$n";
+};
+
+while($line=<>) {
+
+    $line =~ s|[#!;].*$||;      # get rid of asm-style comments...
+    $line =~ s|/\*.*\*/||;      # ... and C-style comments...
+    $line =~ s|^\s+||;          # ... and skip white spaces in beginning...
+    $line =~ s|\s+$||;          # ... and at the end
+
+    {
+        $line =~ s|\b\.L(\w+)|L$1|g;    # common denominator for Locallabel
+        $line =~ s|\bL(\w+)|\.L$1|g     if ($dotinlocallabels);
+    }
+
+    {
+        $line =~ s|(^[\.\w]+)\:\s*||;
+        my $label = $1;
+        printf "%s:",($GLOBALS{$label} or $label) if ($label);
+    }
+
+    {
+        $line =~ s|^\s*(\.?)(\w+)([\.\+\-]?)\s*||;
+        my $c = $1; $c = "\t" if ($c eq "");
+        my $mnemonic = $2;
+        my $f = $3;
+        my $opcode = eval("\$$mnemonic");
+        $line =~ s|\bc?[rf]([0-9]+)\b|$1|g if ($c ne "." and $flavour !~ /osx/);
+        if (ref($opcode) eq 'CODE') { $line = &$opcode($f,split(',',$line)); }
+        elsif ($mnemonic)           { $line = $c.$mnemonic.$f."\t".$line; }
+    }
+
+    print $line if ($line);
+    print "\n";
+}
+
+close STDOUT;
diff --git a/src/lib/libcrypto/perlasm/x86gas.pl b/src/lib/libcrypto/perlasm/x86gas.pl
new file mode 100644
index 0000000000..6eab727fd4
--- /dev/null
+++ b/src/lib/libcrypto/perlasm/x86gas.pl
@@ -0,0 +1,247 @@
+#!/usr/bin/env perl
+
+package x86gas;
+
+*out=\@::out;
+
+$::lbdecor=$::aout?"L":".L";            # local label decoration
+$nmdecor=($::aout or $::coff)?"_":"";   # external name decoration
+
+$initseg="";
+
+$align=16;
+$align=log($align)/log(2) if ($::aout);
+$com_start="#" if ($::aout or $::coff);
+
+sub opsize()
+{ my $reg=shift;
+    if    ($reg =~ m/^%e/o)             { "l"; }
+    elsif ($reg =~ m/^%[a-d][hl]$/o)    { "b"; }
+    elsif ($reg =~ m/^%[xm]/o)          { undef; }
+    else                                { "w"; }
+}
+
+# swap arguments;
+# expand opcode with size suffix;
+# prefix numeric constants with $;
+sub ::generic
+{ my($opcode,@arg)=@_;
+  my($suffix,$dst,$src);
+
+    @arg=reverse(@arg);
+
+    for (@arg)
+    {   s/^(\*?)(e?[a-dsixphl]{2})$/$1%$2/o;    # gp registers
+        s/^([xy]?mm[0-7])$/%$1/o;               # xmm/mmx registers
+        s/^(\-?[0-9]+)$/\$$1/o;                 # constants
+        s/^(\-?0x[0-9a-f]+)$/\$$1/o;            # constants
+    }
+
+    $dst = $arg[$#arg]          if ($#arg>=0);
+    $src = $arg[$#arg-1]        if ($#arg>=1);
+    if    ($dst =~ m/^%/o)      { $suffix=&opsize($dst); }
+    elsif ($src =~ m/^%/o)      { $suffix=&opsize($src); }
+    else                        { $suffix="l";           }
+    undef $suffix if ($dst =~ m/^%[xm]/o || $src =~ m/^%[xm]/o);
+
+    if ($#_==0)                         { &::emit($opcode);             }
+    elsif ($opcode =~ m/^j/o && $#_==1) { &::emit($opcode,@arg);        }
+    elsif ($opcode eq "call" && $#_==1) { &::emit($opcode,@arg);        }
+    elsif ($opcode =~ m/^set/&& $#_==1) { &::emit($opcode,@arg);        }
+    else                                { &::emit($opcode.$suffix,@arg);}
+
+  1;
+}
+#
+# opcodes not covered by ::generic above, mostly inconsistent namings...
+#
+sub ::movzx     { &::movzb(@_);                 }
+sub ::pushfd    { &::pushfl;                    }
+sub ::popfd     { &::popfl;                     }
+sub ::cpuid     { &::emit(".byte\t0x0f,0xa2");  }
+sub ::rdtsc     { &::emit(".byte\t0x0f,0x31");  }
+
+sub ::call      { &::emit("call",(&::islabel($_[0]) or "$nmdecor$_[0]")); }
+sub ::call_ptr  { &::generic("call","*$_[0]");  }
+sub ::jmp_ptr   { &::generic("jmp","*$_[0]");   }
+
+*::bswap = sub  { &::emit("bswap","%$_[0]");    } if (!$::i386);
+
+sub ::DWP
+{ my($addr,$reg1,$reg2,$idx)=@_;
+  my $ret="";
+
+    $addr =~ s/^\s+//;
+    # prepend global references with optional underscore
+    $addr =~ s/^([^\+\-0-9][^\+\-]*)/&::islabel($1) or "$nmdecor$1"/ige;
+
+    $reg1 = "%$reg1" if ($reg1);
+    $reg2 = "%$reg2" if ($reg2);
+
+    $ret .= $addr if (($addr ne "") && ($addr ne 0));
+
+    if ($reg2)
+    {   $idx!= 0 or $idx=1;
+        $ret .= "($reg1,$reg2,$idx)";
+    }
+    elsif ($reg1)
+    {   $ret .= "($reg1)";      }
+
+  $ret;
+}
+sub ::QWP       { &::DWP(@_);   }
+sub ::BP        { &::DWP(@_);   }
+sub ::BC        { @_;           }
+sub ::DWC       { @_;           }
+
+sub ::file
+{   push(@out,".file\t\"$_[0].s\"\n.text\n");   }
+
+sub ::function_begin_B
+{ my $func=shift;
+  my $global=($func !~ /^_/);
+  my $begin="${::lbdecor}_${func}_begin";
+
+    &::LABEL($func,$global?"$begin":"$nmdecor$func");
+    $func=$nmdecor.$func;
+
+    push(@out,".globl\t$func\n")        if ($global);
+    if ($::coff)
+    {   push(@out,".def\t$func;\t.scl\t".(3-$global).";\t.type\t32;\t.endef\n"); }
+    elsif (($::aout and !$::pic) or $::macosx)
+    { }
+    else
+    {   push(@out,".type        $func,\@function\n"); }
+    push(@out,".align\t$align\n");
+    push(@out,"$func:\n");
+    push(@out,"$begin:\n")              if ($global);
+    $::stack=4;
+}
+
+sub ::function_end_B
+{ my $func=shift;
+    push(@out,".size\t$nmdecor$func,.-".&::LABEL($func)."\n") if ($::elf);
+    $::stack=0;
+    &::wipe_labels();
+}
+
+sub ::comment
+        {
+        if (!defined($com_start) or $::elf)
+                {       # Regarding $::elf above...
+                        # GNU and SVR4 as'es use different comment delimiters,
+                push(@out,"\n");        # so we just skip ELF comments...
+                return;
+                }
+        foreach (@_)
+                {
+                if (/^\s*$/)
+                        { push(@out,"\n"); }
+                else
+                        { push(@out,"\t$com_start $_ $com_end\n"); }
+                }
+        }
+
+sub ::external_label
+{   foreach(@_) { &::LABEL($_,$nmdecor.$_); }   }
+
+sub ::public_label
+{   push(@out,".globl\t".&::LABEL($_[0],$nmdecor.$_[0])."\n");   }
+
+sub ::file_end
+{   if (grep {/\b${nmdecor}OPENSSL_ia32cap_P\b/i} @out) {
+        my $tmp=".comm\t${nmdecor}OPENSSL_ia32cap_P,4";
+        if ($::elf)     { push (@out,"$tmp,4\n"); }
+        else            { push (@out,"$tmp\n"); }
+    }
+    if ($::macosx)
+    {   if (%non_lazy_ptr)
+        {   push(@out,".section __IMPORT,__pointers,non_lazy_symbol_pointers\n");
+            foreach $i (keys %non_lazy_ptr)
+            {   push(@out,"$non_lazy_ptr{$i}:\n.indirect_symbol\t$i\n.long\t0\n");   }
+        }
+    }
+    push(@out,$initseg) if ($initseg);
+}
+
+sub ::data_byte {   push(@out,".byte\t".join(',',@_)."\n");   }
+sub ::data_word {   push(@out,".long\t".join(',',@_)."\n");   }
+
+sub ::align
+{ my $val=$_[0],$p2,$i;
+    if ($::aout)
+    {   for ($p2=0;$val!=0;$val>>=1) { $p2++; }
+        $val=$p2-1;
+        $val.=",0x90";
+    }
+    push(@out,".align\t$val\n");
+}
+
+sub ::picmeup
+{ my($dst,$sym,$base,$reflabel)=@_;
+
+    if ($::pic && ($::elf || $::aout))
+    {   if (!defined($base))
+        {   &::call(&::label("PIC_me_up"));
+            &::set_label("PIC_me_up");
+            &::blindpop($dst);
+            $base=$dst;
+            $reflabel=&::label("PIC_me_up");
+        }
+        if ($::macosx)
+        {   my $indirect=&::static_label("$nmdecor$sym\$non_lazy_ptr");
+            &::mov($dst,&::DWP("$indirect-$reflabel",$base));
+            $non_lazy_ptr{"$nmdecor$sym"}=$indirect;
+        }
+        else
+        {   &::lea($dst,&::DWP("_GLOBAL_OFFSET_TABLE_+[.-$reflabel]",
+                            $base));
+            &::mov($dst,&::DWP("$sym\@GOT",$dst));
+        }
+    }
+    else
+    {   &::lea($dst,&::DWP($sym));      }
+}
+
+sub ::initseg
+{ my $f=$nmdecor.shift;
+
+    if ($::elf)
+    {   $initseg.=<<___;
+.section        .init
+        call    $f
+        jmp     .Linitalign
+.align  $align
+.Linitalign:
+___
+    }
+    elsif ($::coff)
+    {   $initseg.=<<___;        # applies to both Cygwin and Mingw
+.section        .ctors
+.long   $f
+___
+    }
+    elsif ($::macosx)
+    {   $initseg.=<<___;
+.mod_init_func
+.align 2
+.long   $f
+___
+    }
+    elsif ($::aout)
+    {   my $ctor="${nmdecor}_GLOBAL_\$I\$$f";
+        $initseg.=".text\n";
+        $initseg.=".type        $ctor,\@function\n" if ($::pic);
+        $initseg.=<<___;        # OpenBSD way...
+.globl  $ctor
+.align  2
+$ctor:
+        jmp     $f
+___
+    }
+}
+
+sub ::dataseg
+{   push(@out,".data\n");   }
+
+1;
diff --git a/src/lib/libcrypto/pkcs7/bio_pk7.c b/src/lib/libcrypto/pkcs7/bio_pk7.c
new file mode 100644
index 0000000000..c8d06d6cdc
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/bio_pk7.c
@@ -0,0 +1,69 @@
+/* bio_pk7.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#include <openssl/asn1.h>
+#include <openssl/pkcs7.h>
+#include <openssl/bio.h>
+
+#ifndef OPENSSL_SYSNAME_NETWARE
+#include <memory.h>
+#endif
+#include <stdio.h>
+
+/* Streaming encode support for PKCS#7 */
+
+BIO *BIO_new_PKCS7(BIO *out, PKCS7 *p7) 
+        {
+        return BIO_new_NDEF(out, (ASN1_VALUE *)p7, ASN1_ITEM_rptr(PKCS7));
+        }
diff --git a/src/lib/libcrypto/ppccpuid.pl b/src/lib/libcrypto/ppccpuid.pl
index fe44ff07bc..369e1d0df9 100755
--- a/src/lib/libcrypto/ppccpuid.pl
+++ b/src/lib/libcrypto/ppccpuid.pl
@@ -67,6 +67,8 @@ Loop:	lwarx	r5,0,r3
         $CMPLI  r4,7
         li      r0,0
         bge     Lot
+        $CMPLI  r4,0
+        beqlr-
 Little: mtctr   r4
         stb     r0,0(r3)
         addi    r3,r3,1
diff --git a/src/lib/libcrypto/rc4/asm/rc4-ia64.pl b/src/lib/libcrypto/rc4/asm/rc4-ia64.pl
new file mode 100644
index 0000000000..49cd5b5e69
--- /dev/null
+++ b/src/lib/libcrypto/rc4/asm/rc4-ia64.pl
@@ -0,0 +1,755 @@
+#!/usr/bin/env perl
+#
+# ====================================================================
+# Written by David Mosberger <David.Mosberger@acm.org> based on the
+# Itanium optimized Crypto code which was released by HP Labs at
+# http://www.hpl.hp.com/research/linux/crypto/.
+#
+# Copyright (c) 2005 Hewlett-Packard Development Company, L.P.
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.  */
+
+
+
+# This is a little helper program which generates a software-pipelined
+# for RC4 encryption.  The basic algorithm looks like this:
+#
+#   for (counter = 0; counter < len; ++counter)
+#     {
+#       in = inp[counter];
+#       SI = S[I];
+#       J = (SI + J) & 0xff;
+#       SJ = S[J];
+#       T = (SI + SJ) & 0xff;
+#       S[I] = SJ, S[J] = SI;
+#       ST = S[T];
+#       outp[counter] = in ^ ST;
+#       I = (I + 1) & 0xff;
+#     }
+#
+# Pipelining this loop isn't easy, because the stores to the S[] array
+# need to be observed in the right order.  The loop generated by the
+# code below has the following pipeline diagram:
+#
+#      cycle
+#     | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 |10 |11 |12 |13 |14 |15 |16 |17 |
+# iter
+#   1: xxx LDI xxx xxx xxx LDJ xxx SWP xxx LDT xxx xxx
+#   2:             xxx LDI xxx xxx xxx LDJ xxx SWP xxx LDT xxx xxx
+#   3:                         xxx LDI xxx xxx xxx LDJ xxx SWP xxx LDT xxx xxx
+#
+#   where:
+#       LDI = load of S[I]
+#       LDJ = load of S[J]
+#       SWP = swap of S[I] and S[J]
+#       LDT = load of S[T]
+#
+# Note that in the above diagram, the major trouble-spot is that LDI
+# of the 2nd iteration is performed BEFORE the SWP of the first
+# iteration.  Fortunately, this is easy to detect (I of the 1st
+# iteration will be equal to J of the 2nd iteration) and when this
+# happens, we simply forward the proper value from the 1st iteration
+# to the 2nd one.  The proper value in this case is simply the value
+# of S[I] from the first iteration (thanks to the fact that SWP
+# simply swaps the contents of S[I] and S[J]).
+#
+# Another potential trouble-spot is in cycle 7, where SWP of the 1st
+# iteration issues at the same time as the LDI of the 3rd iteration.
+# However, thanks to IA-64 execution semantics, this can be taken
+# care of simply by placing LDI later in the instruction-group than
+# SWP.  IA-64 CPUs will automatically forward the value if they
+# detect that the SWP and LDI are accessing the same memory-location.
+
+# The core-loop that can be pipelined then looks like this (annotated
+# with McKinley/Madison issue port & latency numbers, assuming L1
+# cache hits for the most part):
+
+# operation:        instruction:                    issue-ports:  latency
+# ------------------  -----------------------------   ------------- -------
+
+# Data = *inp++       ld1 data = [inp], 1             M0-M1         1 cyc     c0
+#                     shladd Iptr = I, KeyTable, 3    M0-M3, I0, I1 1 cyc
+# I = (I + 1) & 0xff  padd1 nextI = I, one            M0-M3, I0, I1 3 cyc
+#                     ;;
+# SI = S[I]           ld8 SI = [Iptr]                 M0-M1         1 cyc     c1 * after SWAP!
+#                     ;;
+#                     cmp.eq.unc pBypass = I, J                                  * after J is valid!
+# J = SI + J          add J = J, SI                   M0-M3, I0, I1 1 cyc     c2
+#                     (pBypass) br.cond.spnt Bypass
+#                     ;;
+# ---------------------------------------------------------------------------------------
+# J = J & 0xff        zxt1 J = J                      I0, I1, 1 cyc           c3
+#                     ;;
+#                     shladd Jptr = J, KeyTable, 3    M0-M3, I0, I1 1 cyc     c4
+#                     ;;
+# SJ = S[J]           ld8 SJ = [Jptr]                 M0-M1         1 cyc     c5
+#                     ;;
+# ---------------------------------------------------------------------------------------
+# T = (SI + SJ)       add T = SI, SJ                  M0-M3, I0, I1 1 cyc     c6
+#                     ;;
+# T = T & 0xff        zxt1 T = T                      I0, I1        1 cyc
+# S[I] = SJ           st8 [Iptr] = SJ                 M2-M3                   c7
+# S[J] = SI           st8 [Jptr] = SI                 M2-M3
+#                     ;;
+#                     shladd Tptr = T, KeyTable, 3    M0-M3, I0, I1 1 cyc     c8
+#                     ;;
+# ---------------------------------------------------------------------------------------
+# T = S[T]            ld8 T = [Tptr]                  M0-M1         1 cyc     c9
+#                     ;;
+# data ^= T           xor data = data, T              M0-M3, I0, I1 1 cyc     c10
+#                     ;;
+# *out++ = Data ^ T   dep word = word, data, 8, POS   I0, I1        1 cyc     c11
+#                     ;;
+# ---------------------------------------------------------------------------------------
+
+# There are several points worth making here:
+
+#   - Note that due to the bypass/forwarding-path, the first two
+#     phases of the loop are strangly mingled together.  In
+#     particular, note that the first stage of the pipeline is
+#     using the value of "J", as calculated by the second stage.
+#   - Each bundle-pair will have exactly 6 instructions.
+#   - Pipelined, the loop can execute in 3 cycles/iteration and
+#     4 stages.  However, McKinley/Madison can issue "st1" to
+#     the same bank at a rate of at most one per 4 cycles.  Thus,
+#     instead of storing each byte, we accumulate them in a word
+#     and then write them back at once with a single "st8" (this
+#     implies that the setup code needs to ensure that the output
+#     buffer is properly aligned, if need be, by encoding the
+#     first few bytes separately).
+#   - There is no space for a "br.ctop" instruction.  For this
+#     reason we can't use module-loop support in IA-64 and have
+#     to do a traditional, purely software-pipelined loop.
+#   - We can't replace any of the remaining "add/zxt1" pairs with
+#     "padd1" because the latency for that instruction is too high
+#     and would push the loop to the point where more bypasses
+#     would be needed, which we don't have space for.
+#   - The above loop runs at around 3.26 cycles/byte, or roughly
+#     440 MByte/sec on a 1.5GHz Madison.  This is well below the
+#     system bus bandwidth and hence with judicious use of
+#     "lfetch" this loop can run at (almost) peak speed even when
+#     the input and output data reside in memory.  The
+#     max. latency that can be tolerated is (PREFETCH_DISTANCE *
+#     L2_LINE_SIZE * 3 cyc), or about 384 cycles assuming (at
+#     least) 1-ahead prefetching of 128 byte cache-lines.  Note
+#     that we do NOT prefetch into L1, since that would only
+#     interfere with the S[] table values stored there.  This is
+#     acceptable because there is a 10 cycle latency between
+#     load and first use of the input data.
+#   - We use a branch to out-of-line bypass-code of cycle-pressure:
+#     we calculate the next J, check for the need to activate the
+#     bypass path, and activate the bypass path ALL IN THE SAME
+#     CYCLE.  If we didn't have these constraints, we could do
+#     the bypass with a simple conditional move instruction.
+#     Fortunately, the bypass paths get activated relatively
+#     infrequently, so the extra branches don't cost all that much
+#     (about 0.04 cycles/byte, measured on a 16396 byte file with
+#     random input data).
+#
+
+$phases = 4;            # number of stages/phases in the pipelined-loop
+$unroll_count = 6;      # number of times we unrolled it
+$pComI = (1 << 0);
+$pComJ = (1 << 1);
+$pComT = (1 << 2);
+$pOut  = (1 << 3);
+
+$NData = 4;
+$NIP = 3;
+$NJP = 2;
+$NI = 2;
+$NSI = 3;
+$NSJ = 2;
+$NT = 2;
+$NOutWord = 2;
+
+#
+# $threshold is the minimum length before we attempt to use the
+# big software-pipelined loop.  It MUST be greater-or-equal
+# to:
+#               PHASES * (UNROLL_COUNT + 1) + 7
+#
+# The "+ 7" comes from the fact we may have to encode up to
+#   7 bytes separately before the output pointer is aligned.
+#
+$threshold = (3 * ($phases * ($unroll_count + 1)) + 7);
+
+sub I {
+    local *code = shift;
+    local $format = shift;
+    $code .= sprintf ("\t\t".$format."\n", @_);
+}
+
+sub P {
+    local *code = shift;
+    local $format = shift;
+    $code .= sprintf ($format."\n", @_);
+}
+
+sub STOP {
+    local *code = shift;
+    $code .=<<___;
+                ;;
+___
+}
+
+sub emit_body {
+    local *c = shift;
+    local *bypass = shift;
+    local ($iteration, $p) = @_;
+
+    local $i0 = $iteration;
+    local $i1 = $iteration - 1;
+    local $i2 = $iteration - 2;
+    local $i3 = $iteration - 3;
+    local $iw0 = ($iteration - 3) / 8;
+    local $iw1 = ($iteration > 3) ? ($iteration - 4) / 8 : 1;
+    local $byte_num = ($iteration - 3) % 8;
+    local $label = $iteration + 1;
+    local $pAny = ($p & 0xf) == 0xf;
+    local $pByp = (($p & $pComI) && ($iteration > 0));
+
+    $c.=<<___;
+//////////////////////////////////////////////////
+___
+
+    if (($p & 0xf) == 0) {
+        $c.="#ifdef HOST_IS_BIG_ENDIAN\n";
+        &I(\$c,"shr.u   OutWord[%u] = OutWord[%u], 32;;",
+                                $iw1 % $NOutWord, $iw1 % $NOutWord);
+        $c.="#endif\n";
+        &I(\$c, "st4 [OutPtr] = OutWord[%u], 4", $iw1 % $NOutWord);
+        return;
+    }
+
+    # Cycle 0
+    &I(\$c, "{ .mmi")                                         if ($pAny);
+    &I(\$c, "ld1    Data[%u] = [InPtr], 1", $i0 % $NData)     if ($p & $pComI);
+    &I(\$c, "padd1  I[%u] = One, I[%u]", $i0 % $NI, $i1 % $NI)if ($p & $pComI);
+    &I(\$c, "zxt1   J = J")                                   if ($p & $pComJ);
+    &I(\$c, "}")                                              if ($pAny);
+    &I(\$c, "{ .mmi")                                         if ($pAny);
+    &I(\$c, "LKEY   T[%u] = [T[%u]]", $i1 % $NT, $i1 % $NT)   if ($p & $pOut);
+    &I(\$c, "add    T[%u] = SI[%u], SJ[%u]",
+       $i0 % $NT, $i2 % $NSI, $i1 % $NSJ)                     if ($p & $pComT);
+    &I(\$c, "KEYADDR(IPr[%u], I[%u])", $i0 % $NIP, $i1 % $NI) if ($p & $pComI);
+    &I(\$c, "}")                                              if ($pAny);
+    &STOP(\$c);
+
+    # Cycle 1
+    &I(\$c, "{ .mmi")                                         if ($pAny);
+    &I(\$c, "SKEY   [IPr[%u]] = SJ[%u]", $i2 % $NIP, $i1%$NSJ)if ($p & $pComT);
+    &I(\$c, "SKEY   [JP[%u]] = SI[%u]", $i1 % $NJP, $i2%$NSI) if ($p & $pComT);
+    &I(\$c, "zxt1   T[%u] = T[%u]", $i0 % $NT, $i0 % $NT)     if ($p & $pComT);
+    &I(\$c, "}")                                              if ($pAny);
+    &I(\$c, "{ .mmi")                                         if ($pAny);
+    &I(\$c, "LKEY   SI[%u] = [IPr[%u]]", $i0 % $NSI, $i0%$NIP)if ($p & $pComI);
+    &I(\$c, "KEYADDR(JP[%u], J)", $i0 % $NJP)                 if ($p & $pComJ);
+    &I(\$c, "xor    Data[%u] = Data[%u], T[%u]",
+       $i3 % $NData, $i3 % $NData, $i1 % $NT)                 if ($p & $pOut);
+    &I(\$c, "}")                                              if ($pAny);
+    &STOP(\$c);
+
+    # Cycle 2
+    &I(\$c, "{ .mmi")                                         if ($pAny);
+    &I(\$c, "LKEY   SJ[%u] = [JP[%u]]", $i0 % $NSJ, $i0%$NJP) if ($p & $pComJ);
+    &I(\$c, "cmp.eq pBypass, p0 = I[%u], J", $i1 % $NI)       if ($pByp);
+    &I(\$c, "dep OutWord[%u] = Data[%u], OutWord[%u], BYTE_POS(%u), 8",
+       $iw0%$NOutWord, $i3%$NData, $iw1%$NOutWord, $byte_num) if ($p & $pOut);
+    &I(\$c, "}")                                              if ($pAny);
+    &I(\$c, "{ .mmb")                                         if ($pAny);
+    &I(\$c, "add    J = J, SI[%u]", $i0 % $NSI)               if ($p & $pComI);
+    &I(\$c, "KEYADDR(T[%u], T[%u])", $i0 % $NT, $i0 % $NT)    if ($p & $pComT);
+    &P(\$c, "(pBypass)\tbr.cond.spnt.many .rc4Bypass%u",$label)if ($pByp);
+    &I(\$c, "}") if ($pAny);
+    &STOP(\$c);
+
+    &P(\$c, ".rc4Resume%u:", $label)                          if ($pByp);
+    if ($byte_num == 0 && $iteration >= $phases) {
+        &I(\$c, "st8 [OutPtr] = OutWord[%u], 8",
+           $iw1 % $NOutWord)                                  if ($p & $pOut);
+        if ($iteration == (1 + $unroll_count) * $phases - 1) {
+            if ($unroll_count == 6) {
+                &I(\$c, "mov OutWord[%u] = OutWord[%u]",
+                   $iw1 % $NOutWord, $iw0 % $NOutWord);
+            }
+            &I(\$c, "lfetch.nt1 [InPrefetch], %u",
+               $unroll_count * $phases);
+            &I(\$c, "lfetch.excl.nt1 [OutPrefetch], %u",
+               $unroll_count * $phases);
+            &I(\$c, "br.cloop.sptk.few .rc4Loop");
+        }
+    }
+
+    if ($pByp) {
+        &P(\$bypass, ".rc4Bypass%u:", $label);
+        &I(\$bypass, "sub J = J, SI[%u]", $i0 % $NSI);
+        &I(\$bypass, "nop 0");
+        &I(\$bypass, "nop 0");
+        &I(\$bypass, ";;");
+        &I(\$bypass, "add J = J, SI[%u]", $i1 % $NSI);
+        &I(\$bypass, "mov SI[%u] = SI[%u]", $i0 % $NSI, $i1 % $NSI);
+        &I(\$bypass, "br.sptk.many .rc4Resume%u\n", $label);
+        &I(\$bypass, ";;");
+    }
+}
+
+$code=<<___;
+.ident \"rc4-ia64.s, version 3.0\"
+.ident \"Copyright (c) 2005 Hewlett-Packard Development Company, L.P.\"
+
+#define LCSave          r8
+#define PRSave          r9
+
+/* Inputs become invalid once rotation begins!  */
+
+#define StateTable      in0
+#define DataLen         in1
+#define InputBuffer     in2
+#define OutputBuffer    in3
+
+#define KTable          r14
+#define J               r15
+#define InPtr           r16
+#define OutPtr          r17
+#define InPrefetch      r18
+#define OutPrefetch     r19
+#define One             r20
+#define LoopCount       r21
+#define Remainder       r22
+#define IFinal          r23
+#define EndPtr          r24
+
+#define tmp0            r25
+#define tmp1            r26
+
+#define pBypass         p6
+#define pDone           p7
+#define pSmall          p8
+#define pAligned        p9
+#define pUnaligned      p10
+
+#define pComputeI       pPhase[0]
+#define pComputeJ       pPhase[1]
+#define pComputeT       pPhase[2]
+#define pOutput         pPhase[3]
+
+#define RetVal          r8
+#define L_OK            p7
+#define L_NOK           p8
+
+#define _NINPUTS        4
+#define _NOUTPUT        0
+
+#define _NROTATE        24
+#define _NLOCALS        (_NROTATE - _NINPUTS - _NOUTPUT)
+
+#ifndef SZ
+# define SZ     4       // this must be set to sizeof(RC4_INT)
+#endif
+
+#if SZ == 1
+# define LKEY                   ld1
+# define SKEY                   st1
+# define KEYADDR(dst, i)        add dst = i, KTable
+#elif SZ == 2
+# define LKEY                   ld2
+# define SKEY                   st2
+# define KEYADDR(dst, i)        shladd dst = i, 1, KTable
+#elif SZ == 4
+# define LKEY                   ld4
+# define SKEY                   st4
+# define KEYADDR(dst, i)        shladd dst = i, 2, KTable
+#else
+# define LKEY                   ld8
+# define SKEY                   st8
+# define KEYADDR(dst, i)        shladd dst = i, 3, KTable
+#endif
+
+#if defined(_HPUX_SOURCE) && !defined(_LP64)
+# define ADDP   addp4
+#else
+# define ADDP   add
+#endif
+
+/* Define a macro for the bit number of the n-th byte: */
+
+#if defined(_HPUX_SOURCE) || defined(B_ENDIAN)
+# define HOST_IS_BIG_ENDIAN
+# define BYTE_POS(n)    (56 - (8 * (n)))
+#else
+# define BYTE_POS(n)    (8 * (n))
+#endif
+
+/*
+   We must perform the first phase of the pipeline explicitly since
+   we will always load from the stable the first time. The br.cexit
+   will never be taken since regardless of the number of bytes because
+   the epilogue count is 4.
+*/
+/* MODSCHED_RC4 macro was split to _PROLOGUE and _LOOP, because HP-UX
+   assembler failed on original macro with syntax error. <appro> */
+#define MODSCHED_RC4_PROLOGUE                                              \\
+        {                                                                  \\
+                                ld1             Data[0] = [InPtr], 1;      \\
+                                add             IFinal = 1, I[1];          \\
+                                KEYADDR(IPr[0], I[1]);                     \\
+        } ;;                                                               \\
+        {                                                                  \\
+                                LKEY            SI[0] = [IPr[0]];          \\
+                                mov             pr.rot = 0x10000;          \\
+                                mov             ar.ec = 4;                 \\
+        } ;;                                                               \\
+        {                                                                  \\
+                                add             J = J, SI[0];              \\
+                                zxt1            I[0] = IFinal;             \\
+                                br.cexit.spnt.few .+16; /* never taken */  \\
+        } ;;
+#define MODSCHED_RC4_LOOP(label)                                           \\
+label:                                                                     \\
+        {       .mmi;                                                      \\
+                (pComputeI)     ld1             Data[0] = [InPtr], 1;      \\
+                (pComputeI)     add             IFinal = 1, I[1];          \\
+                (pComputeJ)     zxt1            J = J;                     \\
+        }{      .mmi;                                                      \\
+                (pOutput)       LKEY            T[1] = [T[1]];             \\
+                (pComputeT)     add             T[0] = SI[2], SJ[1];       \\
+                (pComputeI)     KEYADDR(IPr[0], I[1]);                     \\
+        } ;;                                                               \\
+        {       .mmi;                                                      \\
+                (pComputeT)     SKEY            [IPr[2]] = SJ[1];          \\
+                (pComputeT)     SKEY            [JP[1]] = SI[2];           \\
+                (pComputeT)     zxt1            T[0] = T[0];               \\
+        }{      .mmi;                                                      \\
+                (pComputeI)     LKEY            SI[0] = [IPr[0]];          \\
+                (pComputeJ)     KEYADDR(JP[0], J);                         \\
+                (pComputeI)     cmp.eq.unc      pBypass, p0 = I[1], J;     \\
+        } ;;                                                               \\
+        {       .mmi;                                                      \\
+                (pComputeJ)     LKEY            SJ[0] = [JP[0]];           \\
+                (pOutput)       xor             Data[3] = Data[3], T[1];   \\
+                                nop             0x0;                       \\
+        }{      .mmi;                                                      \\
+                (pComputeT)     KEYADDR(T[0], T[0]);                       \\
+                (pBypass)       mov             SI[0] = SI[1];             \\
+                (pComputeI)     zxt1            I[0] = IFinal;             \\
+        } ;;                                                               \\
+        {       .mmb;                                                      \\
+                (pOutput)       st1             [OutPtr] = Data[3], 1;     \\
+                (pComputeI)     add             J = J, SI[0];              \\
+                                br.ctop.sptk.few label;                    \\
+        } ;;
+
+        .text
+
+        .align  32
+
+        .type   RC4, \@function
+        .global RC4
+
+        .proc   RC4
+        .prologue
+
+RC4:
+        {
+                .mmi
+                alloc   r2 = ar.pfs, _NINPUTS, _NLOCALS, _NOUTPUT, _NROTATE
+
+                .rotr Data[4], I[2], IPr[3], SI[3], JP[2], SJ[2], T[2], \\
+                      OutWord[2]
+                .rotp pPhase[4]
+
+                ADDP            InPrefetch = 0, InputBuffer
+                ADDP            KTable = 0, StateTable
+        }
+        {
+                .mmi
+                ADDP            InPtr = 0, InputBuffer
+                ADDP            OutPtr = 0, OutputBuffer
+                mov             RetVal = r0
+        }
+        ;;
+        {
+                .mmi
+                lfetch.nt1      [InPrefetch], 0x80
+                ADDP            OutPrefetch = 0, OutputBuffer
+        }
+        {               // Return 0 if the input length is nonsensical
+                .mib
+                ADDP            StateTable = 0, StateTable
+                cmp.ge.unc      L_NOK, L_OK = r0, DataLen
+        (L_NOK) br.ret.sptk.few rp
+        }
+        ;;
+        {
+                .mib
+                cmp.eq.or       L_NOK, L_OK = r0, InPtr
+                cmp.eq.or       L_NOK, L_OK = r0, OutPtr
+                nop             0x0
+        }
+        {
+                .mib
+                cmp.eq.or       L_NOK, L_OK = r0, StateTable
+                nop             0x0
+        (L_NOK) br.ret.sptk.few rp
+        }
+        ;;
+                LKEY            I[1] = [KTable], SZ
+/* Prefetch the state-table. It contains 256 elements of size SZ */
+
+#if SZ == 1
+                ADDP            tmp0 = 1*128, StateTable
+#elif SZ == 2
+                ADDP            tmp0 = 3*128, StateTable
+                ADDP            tmp1 = 2*128, StateTable
+#elif SZ == 4
+                ADDP            tmp0 = 7*128, StateTable
+                ADDP            tmp1 = 6*128, StateTable
+#elif SZ == 8
+                ADDP            tmp0 = 15*128, StateTable
+                ADDP            tmp1 = 14*128, StateTable
+#endif
+                ;;
+#if SZ >= 8
+                lfetch.fault.nt1                [tmp0], -256    // 15
+                lfetch.fault.nt1                [tmp1], -256;;
+                lfetch.fault.nt1                [tmp0], -256    // 13
+                lfetch.fault.nt1                [tmp1], -256;;
+                lfetch.fault.nt1                [tmp0], -256    // 11
+                lfetch.fault.nt1                [tmp1], -256;;
+                lfetch.fault.nt1                [tmp0], -256    //  9
+                lfetch.fault.nt1                [tmp1], -256;;
+#endif
+#if SZ >= 4
+                lfetch.fault.nt1                [tmp0], -256    //  7
+                lfetch.fault.nt1                [tmp1], -256;;
+                lfetch.fault.nt1                [tmp0], -256    //  5
+                lfetch.fault.nt1                [tmp1], -256;;
+#endif
+#if SZ >= 2
+                lfetch.fault.nt1                [tmp0], -256    //  3
+                lfetch.fault.nt1                [tmp1], -256;;
+#endif
+        {
+                .mii
+                lfetch.fault.nt1                [tmp0]          //  1
+                add             I[1]=1,I[1];;
+                zxt1            I[1]=I[1]
+        }
+        {
+                .mmi
+                lfetch.nt1      [InPrefetch], 0x80
+                lfetch.excl.nt1 [OutPrefetch], 0x80
+                .save           pr, PRSave
+                mov             PRSave = pr
+        } ;;
+        {
+                .mmi
+                lfetch.excl.nt1 [OutPrefetch], 0x80
+                LKEY            J = [KTable], SZ
+                ADDP            EndPtr = DataLen, InPtr
+        }  ;;
+        {
+                .mmi
+                ADDP            EndPtr = -1, EndPtr     // Make it point to
+                                                        // last data byte.
+                mov             One = 1
+                .save           ar.lc, LCSave
+                mov             LCSave = ar.lc
+                .body
+        } ;;
+        {
+                .mmb
+                sub             Remainder = 0, OutPtr
+                cmp.gtu         pSmall, p0 = $threshold, DataLen
+(pSmall)        br.cond.dpnt    .rc4Remainder           // Data too small for
+                                                        // big loop.
+        } ;;
+        {
+                .mmi
+                and             Remainder = 0x7, Remainder
+                ;;
+                cmp.eq          pAligned, pUnaligned = Remainder, r0
+                nop             0x0
+        } ;;
+        {
+                .mmb
+.pred.rel       "mutex",pUnaligned,pAligned
+(pUnaligned)    add             Remainder = -1, Remainder
+(pAligned)      sub             Remainder = EndPtr, InPtr
+(pAligned)      br.cond.dptk.many .rc4Aligned
+        } ;;
+        {
+                .mmi
+                nop             0x0
+                nop             0x0
+                mov.i           ar.lc = Remainder
+        }
+
+/* Do the initial few bytes via the compact, modulo-scheduled loop
+   until the output pointer is 8-byte-aligned.  */
+
+                MODSCHED_RC4_PROLOGUE
+                MODSCHED_RC4_LOOP(.RC4AlignLoop)
+
+        {
+                .mib
+                sub             Remainder = EndPtr, InPtr
+                zxt1            IFinal = IFinal
+                clrrrb                          // Clear CFM.rrb.pr so
+                ;;                              // next "mov pr.rot = N"
+                                                // does the right thing.
+        }
+        {
+                .mmi
+                mov             I[1] = IFinal
+                nop             0x0
+                nop             0x0
+        } ;;
+
+
+.rc4Aligned:
+
+/*
+   Unrolled loop count = (Remainder - ($unroll_count+1)*$phases)/($unroll_count*$phases)
+ */
+
+        {
+                .mlx
+                add     LoopCount = 1 - ($unroll_count + 1)*$phases, Remainder
+                movl            Remainder = 0xaaaaaaaaaaaaaaab
+        } ;;
+        {
+                .mmi
+                setf.sig        f6 = LoopCount          // M2, M3       6 cyc
+                setf.sig        f7 = Remainder          // M2, M3       6 cyc
+                nop             0x0
+        } ;;
+        {
+                .mfb
+                nop             0x0
+                xmpy.hu         f6 = f6, f7
+                nop             0x0
+        } ;;
+        {
+                .mmi
+                getf.sig        LoopCount = f6;;        // M2           5 cyc
+                nop             0x0
+                shr.u           LoopCount = LoopCount, 4
+        } ;;
+        {
+                .mmi
+                nop             0x0
+                nop             0x0
+                mov.i           ar.lc = LoopCount
+        } ;;
+
+/* Now comes the unrolled loop: */
+
+.rc4Prologue:
+___
+
+$iteration = 0;
+
+# Generate the prologue:
+$predicates = 1;
+for ($i = 0; $i < $phases; ++$i) {
+    &emit_body (\$code, \$bypass, $iteration++, $predicates);
+    $predicates = ($predicates << 1) | 1;
+}
+
+$code.=<<___;
+.rc4Loop:
+___
+
+# Generate the body:
+for ($i = 0; $i < $unroll_count*$phases; ++$i) {
+    &emit_body (\$code, \$bypass, $iteration++, $predicates);
+}
+
+$code.=<<___;
+.rc4Epilogue:
+___
+
+# Generate the epilogue:
+for ($i = 0; $i < $phases; ++$i) {
+    $predicates <<= 1;
+    &emit_body (\$code, \$bypass, $iteration++, $predicates);
+}
+
+$code.=<<___;
+        {
+                .mmi
+                lfetch.nt1      [EndPtr]        // fetch line with last byte
+                mov             IFinal = I[1]
+                nop             0x0
+        }
+
+.rc4Remainder:
+        {
+                .mmi
+                sub             Remainder = EndPtr, InPtr       // Calculate
+                                                                // # of bytes
+                                                                // left - 1
+                nop             0x0
+                nop             0x0
+        } ;;
+        {
+                .mib
+                cmp.eq          pDone, p0 = -1, Remainder // done already?
+                mov.i           ar.lc = Remainder
+(pDone)         br.cond.dptk.few .rc4Complete
+        }
+
+/* Do the remaining bytes via the compact, modulo-scheduled loop */
+
+                MODSCHED_RC4_PROLOGUE
+                MODSCHED_RC4_LOOP(.RC4RestLoop)
+
+.rc4Complete:
+        {
+                .mmi
+                add             KTable = -SZ, KTable
+                add             IFinal = -1, IFinal
+                mov             ar.lc = LCSave
+        } ;;
+        {
+                .mii
+                SKEY            [KTable] = J,-SZ
+                zxt1            IFinal = IFinal
+                mov             pr = PRSave, 0x1FFFF
+        } ;;
+        {
+                .mib
+                SKEY            [KTable] = IFinal
+                add             RetVal = 1, r0
+                br.ret.sptk.few rp
+        } ;;
+___
+
+# Last but not least, emit the code for the bypass-code of the unrolled loop:
+
+$code.=$bypass;
+
+$code.=<<___;
+        .endp RC4
+___
+
+print $code;
diff --git a/src/lib/libcrypto/rc4/asm/rc4-s390x.pl b/src/lib/libcrypto/rc4/asm/rc4-s390x.pl
new file mode 100644
index 0000000000..96681fa05e
--- /dev/null
+++ b/src/lib/libcrypto/rc4/asm/rc4-s390x.pl
@@ -0,0 +1,205 @@
+#!/usr/bin/env perl
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# February 2009
+#
+# Performance is 2x of gcc 3.4.6 on z10. Coding "secret" is to
+# "cluster" Address Generation Interlocks, so that one pipeline stall
+# resolves several dependencies.
+
+$rp="%r14";
+$sp="%r15";
+$code=<<___;
+.text
+
+___
+
+# void RC4(RC4_KEY *key,size_t len,const void *inp,void *out)
+{
+$acc="%r0";
+$cnt="%r1";
+$key="%r2";
+$len="%r3";
+$inp="%r4";
+$out="%r5";
+
+@XX=("%r6","%r7");
+@TX=("%r8","%r9");
+$YY="%r10";
+$TY="%r11";
+
+$code.=<<___;
+.globl  RC4
+.type   RC4,\@function
+.align  64
+RC4:
+        stmg    %r6,%r11,48($sp)
+        llgc    $XX[0],0($key)
+        llgc    $YY,1($key)
+        la      $XX[0],1($XX[0])
+        nill    $XX[0],0xff
+        srlg    $cnt,$len,3
+        ltgr    $cnt,$cnt
+        llgc    $TX[0],2($XX[0],$key)
+        jz      .Lshort
+        j       .Loop8
+
+.align  64
+.Loop8:
+___
+for ($i=0;$i<8;$i++) {
+$code.=<<___;
+        la      $YY,0($YY,$TX[0])       # $i
+        nill    $YY,255
+        la      $XX[1],1($XX[0])
+        nill    $XX[1],255
+___
+$code.=<<___ if ($i==1);
+        llgc    $acc,2($TY,$key)
+___
+$code.=<<___ if ($i>1);
+        sllg    $acc,$acc,8
+        ic      $acc,2($TY,$key)
+___
+$code.=<<___;
+        llgc    $TY,2($YY,$key)
+        stc     $TX[0],2($YY,$key)
+        llgc    $TX[1],2($XX[1],$key)
+        stc     $TY,2($XX[0],$key)
+        cr      $XX[1],$YY
+        jne     .Lcmov$i
+        la      $TX[1],0($TX[0])
+.Lcmov$i:
+        la      $TY,0($TY,$TX[0])
+        nill    $TY,255
+___
+push(@TX,shift(@TX)); push(@XX,shift(@XX));     # "rotate" registers
+}
+
+$code.=<<___;
+        lg      $TX[1],0($inp)
+        sllg    $acc,$acc,8
+        la      $inp,8($inp)
+        ic      $acc,2($TY,$key)
+        xgr     $acc,$TX[1]
+        stg     $acc,0($out)
+        la      $out,8($out)
+        brct    $cnt,.Loop8
+
+.Lshort:
+        lghi    $acc,7
+        ngr     $len,$acc
+        jz      .Lexit
+        j       .Loop1
+
+.align  16
+.Loop1:
+        la      $YY,0($YY,$TX[0])
+        nill    $YY,255
+        llgc    $TY,2($YY,$key)
+        stc     $TX[0],2($YY,$key)
+        stc     $TY,2($XX[0],$key)
+        ar      $TY,$TX[0]
+        ahi     $XX[0],1
+        nill    $TY,255
+        nill    $XX[0],255
+        llgc    $acc,0($inp)
+        la      $inp,1($inp)
+        llgc    $TY,2($TY,$key)
+        llgc    $TX[0],2($XX[0],$key)
+        xr      $acc,$TY
+        stc     $acc,0($out)
+        la      $out,1($out)
+        brct    $len,.Loop1
+
+.Lexit:
+        ahi     $XX[0],-1
+        stc     $XX[0],0($key)
+        stc     $YY,1($key)
+        lmg     %r6,%r11,48($sp)
+        br      $rp
+.size   RC4,.-RC4
+.string "RC4 for s390x, CRYPTOGAMS by <appro\@openssl.org>"
+
+___
+}
+
+# void RC4_set_key(RC4_KEY *key,unsigned int len,const void *inp)
+{
+$cnt="%r0";
+$idx="%r1";
+$key="%r2";
+$len="%r3";
+$inp="%r4";
+$acc="%r5";
+$dat="%r6";
+$ikey="%r7";
+$iinp="%r8";
+
+$code.=<<___;
+.globl  RC4_set_key
+.type   RC4_set_key,\@function
+.align  64
+RC4_set_key:
+        stmg    %r6,%r8,48($sp)
+        lhi     $cnt,256
+        la      $idx,0(%r0)
+        sth     $idx,0($key)
+.align  4
+.L1stloop:
+        stc     $idx,2($idx,$key)
+        la      $idx,1($idx)
+        brct    $cnt,.L1stloop
+
+        lghi    $ikey,-256
+        lr      $cnt,$len
+        la      $iinp,0(%r0)
+        la      $idx,0(%r0)
+.align  16
+.L2ndloop:
+        llgc    $acc,2+256($ikey,$key)
+        llgc    $dat,0($iinp,$inp)
+        la      $idx,0($idx,$acc)
+        la      $ikey,1($ikey)
+        la      $idx,0($idx,$dat)
+        nill    $idx,255
+        la      $iinp,1($iinp)
+        tml     $ikey,255
+        llgc    $dat,2($idx,$key)
+        stc     $dat,2+256-1($ikey,$key)
+        stc     $acc,2($idx,$key)
+        jz      .Ldone
+        brct    $cnt,.L2ndloop
+        lr      $cnt,$len
+        la      $iinp,0(%r0)
+        j       .L2ndloop
+.Ldone:
+        lmg     %r6,%r8,48($sp)
+        br      $rp
+.size   RC4_set_key,.-RC4_set_key
+
+___
+}
+
+# const char *RC4_options()
+$code.=<<___;
+.globl  RC4_options
+.type   RC4_options,\@function
+.align  16
+RC4_options:
+        larl    %r2,.Loptions
+        br      %r14
+.size   RC4_options,.-RC4_options
+.section        .rodata
+.Loptions:
+.align  8
+.string "rc4(8x,char)"
+___
+
+print $code;
diff --git a/src/lib/libcrypto/rsa/rsa_ameth.c b/src/lib/libcrypto/rsa/rsa_ameth.c
new file mode 100644
index 0000000000..8c3209885e
--- /dev/null
+++ b/src/lib/libcrypto/rsa/rsa_ameth.c
@@ -0,0 +1,349 @@
+/* crypto/rsa/rsa_ameth.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2006.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/rsa.h>
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_CMS
+#include <openssl/cms.h>
+#endif
+#include "asn1_locl.h"
+
+static int rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
+        {
+        unsigned char *penc = NULL;
+        int penclen;
+        penclen = i2d_RSAPublicKey(pkey->pkey.rsa, &penc);
+        if (penclen <= 0)
+                return 0;
+        if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_RSA),
+                                V_ASN1_NULL, NULL, penc, penclen))
+                return 1;
+
+        OPENSSL_free(penc);
+        return 0;
+        }
+
+static int rsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
+        {
+        const unsigned char *p;
+        int pklen;
+        RSA *rsa = NULL;
+        if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, NULL, pubkey))
+                return 0;
+        if (!(rsa = d2i_RSAPublicKey(NULL, &p, pklen)))
+                {
+                RSAerr(RSA_F_RSA_PUB_DECODE, ERR_R_RSA_LIB);
+                return 0;
+                }
+        EVP_PKEY_assign_RSA (pkey, rsa);
+        return 1;
+        }
+
+static int rsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
+        {
+        if (BN_cmp(b->pkey.rsa->n,a->pkey.rsa->n) != 0
+                || BN_cmp(b->pkey.rsa->e,a->pkey.rsa->e) != 0)
+                        return 0;
+        return 1;
+        }
+
+static int old_rsa_priv_decode(EVP_PKEY *pkey,
+                                        const unsigned char **pder, int derlen)
+        {
+        RSA *rsa;
+        if (!(rsa = d2i_RSAPrivateKey (NULL, pder, derlen)))
+                {
+                RSAerr(RSA_F_OLD_RSA_PRIV_DECODE, ERR_R_RSA_LIB);
+                return 0;
+                }
+        EVP_PKEY_assign_RSA(pkey, rsa);
+        return 1;
+        }
+
+static int old_rsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder)
+        {
+        return i2d_RSAPrivateKey(pkey->pkey.rsa, pder);
+        }
+
+static int rsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
+        {
+        unsigned char *rk = NULL;
+        int rklen;
+        rklen = i2d_RSAPrivateKey(pkey->pkey.rsa, &rk);
+
+        if (rklen <= 0)
+                {
+                RSAerr(RSA_F_RSA_PRIV_ENCODE,ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+
+        if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_rsaEncryption), 0,
+                                V_ASN1_NULL, NULL, rk, rklen))
+                {
+                RSAerr(RSA_F_RSA_PRIV_ENCODE,ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+
+        return 1;
+        }
+
+static int rsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
+        {
+        const unsigned char *p;
+        int pklen;
+        if (!PKCS8_pkey_get0(NULL, &p, &pklen, NULL, p8))
+                return 0;
+        return old_rsa_priv_decode(pkey, &p, pklen);
+        }
+
+static int int_rsa_size(const EVP_PKEY *pkey)
+        {
+        return RSA_size(pkey->pkey.rsa);
+        }
+
+static int rsa_bits(const EVP_PKEY *pkey)
+        {
+        return BN_num_bits(pkey->pkey.rsa->n);
+        }
+
+static void int_rsa_free(EVP_PKEY *pkey)
+        {
+        RSA_free(pkey->pkey.rsa);
+        }
+
+
+static void update_buflen(const BIGNUM *b, size_t *pbuflen)
+        {
+        size_t i;
+        if (!b)
+                return;
+        if (*pbuflen < (i = (size_t)BN_num_bytes(b)))
+                        *pbuflen = i;
+        }
+
+static int do_rsa_print(BIO *bp, const RSA *x, int off, int priv)
+        {
+        char *str;
+        const char *s;
+        unsigned char *m=NULL;
+        int ret=0, mod_len = 0;
+        size_t buf_len=0;
+
+        update_buflen(x->n, &buf_len);
+        update_buflen(x->e, &buf_len);
+
+        if (priv)
+                {
+                update_buflen(x->d, &buf_len);
+                update_buflen(x->p, &buf_len);
+                update_buflen(x->q, &buf_len);
+                update_buflen(x->dmp1, &buf_len);
+                update_buflen(x->dmq1, &buf_len);
+                update_buflen(x->iqmp, &buf_len);
+                }
+
+        m=(unsigned char *)OPENSSL_malloc(buf_len+10);
+        if (m == NULL)
+                {
+                RSAerr(RSA_F_DO_RSA_PRINT,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+
+        if (x->n != NULL)
+                mod_len = BN_num_bits(x->n);
+
+        if(!BIO_indent(bp,off,128))
+                goto err;
+
+        if (priv && x->d)
+                {
+                if (BIO_printf(bp,"Private-Key: (%d bit)\n", mod_len)
+                        <= 0) goto err;
+                str = "modulus:";
+                s = "publicExponent:";
+                }
+        else
+                {
+                if (BIO_printf(bp,"Public-Key: (%d bit)\n", mod_len)
+                        <= 0) goto err;
+                str = "Modulus:";
+                s= "Exponent:";
+                }
+        if (!ASN1_bn_print(bp,str,x->n,m,off)) goto err;
+        if (!ASN1_bn_print(bp,s,x->e,m,off))
+                goto err;
+        if (priv)
+                {
+                if (!ASN1_bn_print(bp,"privateExponent:",x->d,m,off))
+                        goto err;
+                if (!ASN1_bn_print(bp,"prime1:",x->p,m,off))
+                        goto err;
+                if (!ASN1_bn_print(bp,"prime2:",x->q,m,off))
+                        goto err;
+                if (!ASN1_bn_print(bp,"exponent1:",x->dmp1,m,off))
+                        goto err;
+                if (!ASN1_bn_print(bp,"exponent2:",x->dmq1,m,off))
+                        goto err;
+                if (!ASN1_bn_print(bp,"coefficient:",x->iqmp,m,off))
+                        goto err;
+                }
+        ret=1;
+err:
+        if (m != NULL) OPENSSL_free(m);
+        return(ret);
+        }
+
+static int rsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                                                        ASN1_PCTX *ctx)
+        {
+        return do_rsa_print(bp, pkey->pkey.rsa, indent, 0);
+        }
+
+
+static int rsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                                                        ASN1_PCTX *ctx)
+        {
+        return do_rsa_print(bp, pkey->pkey.rsa, indent, 1);
+        }
+
+
+static int rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
+        {
+        X509_ALGOR *alg = NULL;
+        switch (op)
+                {
+
+                case ASN1_PKEY_CTRL_PKCS7_SIGN:
+                if (arg1 == 0)
+                        PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, NULL, &alg);
+                break;
+
+                case ASN1_PKEY_CTRL_PKCS7_ENCRYPT:
+                if (arg1 == 0)
+                        PKCS7_RECIP_INFO_get0_alg(arg2, &alg);
+                break;
+#ifndef OPENSSL_NO_CMS
+                case ASN1_PKEY_CTRL_CMS_SIGN:
+                if (arg1 == 0)
+                        CMS_SignerInfo_get0_algs(arg2, NULL, NULL, NULL, &alg);
+                break;
+
+                case ASN1_PKEY_CTRL_CMS_ENVELOPE:
+                if (arg1 == 0)
+                        CMS_RecipientInfo_ktri_get0_algs(arg2, NULL, NULL, &alg);
+                break;
+#endif
+
+                case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
+                *(int *)arg2 = NID_sha1;
+                return 1;
+
+                default:
+                return -2;
+
+                }
+
+        if (alg)
+                X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption),
+                                                        V_ASN1_NULL, 0);
+
+        return 1;
+
+        }
+
+
+const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = 
+        {
+                {
+                EVP_PKEY_RSA,
+                EVP_PKEY_RSA,
+                ASN1_PKEY_SIGPARAM_NULL,
+
+                "RSA",
+                "OpenSSL RSA method",
+
+                rsa_pub_decode,
+                rsa_pub_encode,
+                rsa_pub_cmp,
+                rsa_pub_print,
+
+                rsa_priv_decode,
+                rsa_priv_encode,
+                rsa_priv_print,
+
+                int_rsa_size,
+                rsa_bits,
+
+                0,0,0,0,0,0,
+
+                int_rsa_free,
+                rsa_pkey_ctrl,
+                old_rsa_priv_decode,
+                old_rsa_priv_encode
+                },
+
+                {
+                EVP_PKEY_RSA2,
+                EVP_PKEY_RSA,
+                ASN1_PKEY_ALIAS
+                }
+        };
diff --git a/src/lib/libcrypto/rsa/rsa_locl.h b/src/lib/libcrypto/rsa/rsa_locl.h
new file mode 100644
index 0000000000..f5d2d56628
--- /dev/null
+++ b/src/lib/libcrypto/rsa/rsa_locl.h
@@ -0,0 +1,4 @@
+extern int int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
+                unsigned char *rm, size_t *prm_len,
+                const unsigned char *sigbuf, size_t siglen,
+                RSA *rsa);
diff --git a/src/lib/libcrypto/rsa/rsa_pmeth.c b/src/lib/libcrypto/rsa/rsa_pmeth.c
new file mode 100644
index 0000000000..c6892ecd09
--- /dev/null
+++ b/src/lib/libcrypto/rsa/rsa_pmeth.c
@@ -0,0 +1,587 @@
+/* crypto/rsa/rsa_pmeth.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2006.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/rsa.h>
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include "evp_locl.h"
+#include "rsa_locl.h"
+
+/* RSA pkey context structure */
+
+typedef struct
+        {
+        /* Key gen parameters */
+        int nbits;
+        BIGNUM *pub_exp;
+        /* Keygen callback info */
+        int gentmp[2];
+        /* RSA padding mode */
+        int pad_mode;
+        /* message digest */
+        const EVP_MD *md;
+        /* PSS/OAEP salt length */
+        int saltlen;
+        /* Temp buffer */
+        unsigned char *tbuf;
+        } RSA_PKEY_CTX;
+
+static int pkey_rsa_init(EVP_PKEY_CTX *ctx)
+        {
+        RSA_PKEY_CTX *rctx;
+        rctx = OPENSSL_malloc(sizeof(RSA_PKEY_CTX));
+        if (!rctx)
+                return 0;
+        rctx->nbits = 1024;
+        rctx->pub_exp = NULL;
+        rctx->pad_mode = RSA_PKCS1_PADDING;
+        rctx->md = NULL;
+        rctx->tbuf = NULL;
+
+        rctx->saltlen = -2;
+
+        ctx->data = rctx;
+        ctx->keygen_info = rctx->gentmp;
+        ctx->keygen_info_count = 2;
+        
+        return 1;
+        }
+
+static int pkey_rsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
+        {
+        RSA_PKEY_CTX *dctx, *sctx;
+        if (!pkey_rsa_init(dst))
+                return 0;
+        sctx = src->data;
+        dctx = dst->data;
+        dctx->nbits = sctx->nbits;
+        if (sctx->pub_exp)
+                {
+                dctx->pub_exp = BN_dup(sctx->pub_exp);
+                if (!dctx->pub_exp)
+                        return 0;
+                }
+        dctx->pad_mode = sctx->pad_mode;
+        dctx->md = sctx->md;
+        return 1;
+        }
+
+static int setup_tbuf(RSA_PKEY_CTX *ctx, EVP_PKEY_CTX *pk)
+        {
+        if (ctx->tbuf)
+                return 1;
+        ctx->tbuf = OPENSSL_malloc(EVP_PKEY_size(pk->pkey));
+        if (!ctx->tbuf)
+                return 0;
+        return 1;
+        }
+
+static void pkey_rsa_cleanup(EVP_PKEY_CTX *ctx)
+        {
+        RSA_PKEY_CTX *rctx = ctx->data;
+        if (rctx)
+                {
+                if (rctx->pub_exp)
+                        BN_free(rctx->pub_exp);
+                if (rctx->tbuf)
+                        OPENSSL_free(rctx->tbuf);
+                OPENSSL_free(rctx);
+                }
+        }
+
+static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+                                        const unsigned char *tbs, size_t tbslen)
+        {
+        int ret;
+        RSA_PKEY_CTX *rctx = ctx->data;
+        RSA *rsa = ctx->pkey->pkey.rsa;
+
+        if (rctx->md)
+                {
+                if (tbslen != (size_t)EVP_MD_size(rctx->md))
+                        {
+                        RSAerr(RSA_F_PKEY_RSA_SIGN,
+                                        RSA_R_INVALID_DIGEST_LENGTH);
+                        return -1;
+                        }
+                if (rctx->pad_mode == RSA_X931_PADDING)
+                        {
+                        if (!setup_tbuf(rctx, ctx))
+                                return -1;
+                        memcpy(rctx->tbuf, tbs, tbslen);
+                        rctx->tbuf[tbslen] =
+                                RSA_X931_hash_id(EVP_MD_type(rctx->md));
+                        ret = RSA_private_encrypt(tbslen + 1, rctx->tbuf,
+                                                sig, rsa, RSA_X931_PADDING);
+                        }
+                else if (rctx->pad_mode == RSA_PKCS1_PADDING)
+                        {
+                        unsigned int sltmp;
+                        ret = RSA_sign(EVP_MD_type(rctx->md),
+                                                tbs, tbslen, sig, &sltmp, rsa);
+                        if (ret <= 0)
+                                return ret;
+                        ret = sltmp;
+                        }
+                else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING)
+                        {
+                        if (!setup_tbuf(rctx, ctx))
+                                return -1;
+                        if (!RSA_padding_add_PKCS1_PSS(rsa, rctx->tbuf, tbs,
+                                                rctx->md, rctx->saltlen))
+                                return -1;
+                        ret = RSA_private_encrypt(RSA_size(rsa), rctx->tbuf,
+                                                sig, rsa, RSA_NO_PADDING);
+                        }
+                else
+                        return -1;
+                }
+        else
+                ret = RSA_private_encrypt(tbslen, tbs, sig, ctx->pkey->pkey.rsa,
+                                                        rctx->pad_mode);
+        if (ret < 0)
+                return ret;
+        *siglen = ret;
+        return 1;
+        }
+
+
+static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx,
+                                        unsigned char *rout, size_t *routlen,
+                                        const unsigned char *sig, size_t siglen)
+        {
+        int ret;
+        RSA_PKEY_CTX *rctx = ctx->data;
+
+        if (rctx->md)
+                {
+                if (rctx->pad_mode == RSA_X931_PADDING)
+                        {
+                        if (!setup_tbuf(rctx, ctx))
+                                return -1;
+                        ret = RSA_public_decrypt(siglen, sig,
+                                                rctx->tbuf, ctx->pkey->pkey.rsa,
+                                                RSA_X931_PADDING);
+                        if (ret < 1)
+                                return 0;
+                        ret--;
+                        if (rctx->tbuf[ret] !=
+                                RSA_X931_hash_id(EVP_MD_type(rctx->md)))
+                                {
+                                RSAerr(RSA_F_PKEY_RSA_VERIFYRECOVER,
+                                                RSA_R_ALGORITHM_MISMATCH);
+                                return 0;
+                                }
+                        if (ret != EVP_MD_size(rctx->md))
+                                {
+                                RSAerr(RSA_F_PKEY_RSA_VERIFYRECOVER,
+                                        RSA_R_INVALID_DIGEST_LENGTH);
+                                return 0;
+                                }
+                        if (rout)
+                                memcpy(rout, rctx->tbuf, ret);
+                        }
+                else if (rctx->pad_mode == RSA_PKCS1_PADDING)
+                        {
+                        size_t sltmp;
+                        ret = int_rsa_verify(EVP_MD_type(rctx->md),
+                                                NULL, 0, rout, &sltmp,
+                                        sig, siglen, ctx->pkey->pkey.rsa);
+                        if (ret <= 0)
+                                return 0;
+                        ret = sltmp;
+                        }
+                else
+                        return -1;
+                }
+        else
+                ret = RSA_public_decrypt(siglen, sig, rout, ctx->pkey->pkey.rsa,
+                                                        rctx->pad_mode);
+        if (ret < 0)
+                return ret;
+        *routlen = ret;
+        return 1;
+        }
+
+static int pkey_rsa_verify(EVP_PKEY_CTX *ctx,
+                                        const unsigned char *sig, size_t siglen,
+                                        const unsigned char *tbs, size_t tbslen)
+        {
+        RSA_PKEY_CTX *rctx = ctx->data;
+        RSA *rsa = ctx->pkey->pkey.rsa;
+        size_t rslen;
+        if (rctx->md)
+                {
+                if (rctx->pad_mode == RSA_PKCS1_PADDING)
+                        return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen,
+                                        sig, siglen, rsa);
+                if (rctx->pad_mode == RSA_X931_PADDING)
+                        {
+                        if (pkey_rsa_verifyrecover(ctx, NULL, &rslen,
+                                        sig, siglen) <= 0)
+                                return 0;
+                        }
+                else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING)
+                        {
+                        int ret;
+                        if (!setup_tbuf(rctx, ctx))
+                                return -1;
+                        ret = RSA_public_decrypt(siglen, sig, rctx->tbuf,
+                                                        rsa, RSA_NO_PADDING);
+                        if (ret <= 0)
+                                return 0;
+                        ret = RSA_verify_PKCS1_PSS(rsa, tbs, rctx->md,
+                                                rctx->tbuf, rctx->saltlen);
+                        if (ret <= 0)
+                                return 0;
+                        return 1;
+                        }
+                else
+                        return -1;
+                }
+        else
+                {
+                if (!setup_tbuf(rctx, ctx))
+                        return -1;
+                rslen = RSA_public_decrypt(siglen, sig, rctx->tbuf,
+                                                rsa, rctx->pad_mode);
+                if (rslen == 0)
+                        return 0;
+                }
+
+        if ((rslen != tbslen) || memcmp(tbs, rctx->tbuf, rslen))
+                return 0;
+
+        return 1;
+                        
+        }
+        
+
+static int pkey_rsa_encrypt(EVP_PKEY_CTX *ctx,
+                                        unsigned char *out, size_t *outlen,
+                                        const unsigned char *in, size_t inlen)
+        {
+        int ret;
+        RSA_PKEY_CTX *rctx = ctx->data;
+        ret = RSA_public_encrypt(inlen, in, out, ctx->pkey->pkey.rsa,
+                                                        rctx->pad_mode);
+        if (ret < 0)
+                return ret;
+        *outlen = ret;
+        return 1;
+        }
+
+static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx,
+                                        unsigned char *out, size_t *outlen,
+                                        const unsigned char *in, size_t inlen)
+        {
+        int ret;
+        RSA_PKEY_CTX *rctx = ctx->data;
+        ret = RSA_private_decrypt(inlen, in, out, ctx->pkey->pkey.rsa,
+                                                        rctx->pad_mode);
+        if (ret < 0)
+                return ret;
+        *outlen = ret;
+        return 1;
+        }
+
+static int check_padding_md(const EVP_MD *md, int padding)
+        {
+        if (!md)
+                return 1;
+
+        if (padding == RSA_NO_PADDING)
+                {
+                RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_PADDING_MODE);
+                return 0;
+                }
+
+        if (padding == RSA_X931_PADDING)
+                {
+                if (RSA_X931_hash_id(EVP_MD_type(md)) == -1)
+                        {
+                        RSAerr(RSA_F_CHECK_PADDING_MD,
+                                                RSA_R_INVALID_X931_DIGEST);
+                        return 0;
+                        }
+                return 1;
+                }
+
+        return 1;
+        }
+                        
+
+static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+        {
+        RSA_PKEY_CTX *rctx = ctx->data;
+        switch (type)
+                {
+                case EVP_PKEY_CTRL_RSA_PADDING:
+                if ((p1 >= RSA_PKCS1_PADDING) && (p1 <= RSA_PKCS1_PSS_PADDING))
+                        {
+                        if (!check_padding_md(rctx->md, p1))
+                                return 0;
+                        if (p1 == RSA_PKCS1_PSS_PADDING) 
+                                {
+                                if (!(ctx->operation &
+                                     (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY)))
+                                        goto bad_pad;
+                                if (!rctx->md)
+                                        rctx->md = EVP_sha1();
+                                }
+                        if (p1 == RSA_PKCS1_OAEP_PADDING) 
+                                {
+                                if (!(ctx->operation & EVP_PKEY_OP_TYPE_CRYPT))
+                                        goto bad_pad;
+                                if (!rctx->md)
+                                        rctx->md = EVP_sha1();
+                                }
+                        rctx->pad_mode = p1;
+                        return 1;
+                        }
+                bad_pad:
+                RSAerr(RSA_F_PKEY_RSA_CTRL,
+                                RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE);
+                return -2;
+
+                case EVP_PKEY_CTRL_RSA_PSS_SALTLEN:
+                if (p1 < -2)
+                        return -2;
+                if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING)
+                        {
+                        RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PSS_SALTLEN);
+                        return -2;
+                        }
+                rctx->saltlen = p1;
+                return 1;
+
+                case EVP_PKEY_CTRL_RSA_KEYGEN_BITS:
+                if (p1 < 256)
+                        {
+                        RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_KEYBITS);
+                        return -2;
+                        }
+                rctx->nbits = p1;
+                return 1;
+
+                case EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP:
+                if (!p2)
+                        return -2;
+                rctx->pub_exp = p2;
+                return 1;
+
+                case EVP_PKEY_CTRL_MD:
+                if (!check_padding_md(p2, rctx->pad_mode))
+                        return 0;
+                rctx->md = p2;
+                return 1;
+
+                case EVP_PKEY_CTRL_DIGESTINIT:
+                case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
+                case EVP_PKEY_CTRL_PKCS7_DECRYPT:
+                case EVP_PKEY_CTRL_PKCS7_SIGN:
+#ifndef OPENSSL_NO_CMS
+                case EVP_PKEY_CTRL_CMS_ENCRYPT:
+                case EVP_PKEY_CTRL_CMS_DECRYPT:
+                case EVP_PKEY_CTRL_CMS_SIGN:
+#endif
+                return 1;
+                case EVP_PKEY_CTRL_PEER_KEY:
+                        RSAerr(RSA_F_PKEY_RSA_CTRL,
+                        RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                        return -2;      
+
+                default:
+                return -2;
+
+                }
+        }
+                        
+static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx,
+                        const char *type, const char *value)
+        {
+        if (!value)
+                {
+                RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_VALUE_MISSING);
+                return 0;
+                }
+        if (!strcmp(type, "rsa_padding_mode"))
+                {
+                int pm;
+                if (!strcmp(value, "pkcs1"))
+                        pm = RSA_PKCS1_PADDING;
+                else if (!strcmp(value, "sslv23"))
+                        pm = RSA_SSLV23_PADDING;
+                else if (!strcmp(value, "none"))
+                        pm = RSA_NO_PADDING;
+                else if (!strcmp(value, "oeap"))
+                        pm = RSA_PKCS1_OAEP_PADDING;
+                else if (!strcmp(value, "x931"))
+                        pm = RSA_X931_PADDING;
+                else if (!strcmp(value, "pss"))
+                        pm = RSA_PKCS1_PSS_PADDING;
+                else
+                        {
+                        RSAerr(RSA_F_PKEY_RSA_CTRL_STR,
+                                                RSA_R_UNKNOWN_PADDING_TYPE);
+                        return -2;
+                        }
+                return EVP_PKEY_CTX_set_rsa_padding(ctx, pm);
+                }
+
+        if (!strcmp(type, "rsa_pss_saltlen"))
+                {
+                int saltlen;
+                saltlen = atoi(value);
+                return EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, saltlen);
+                }
+
+        if (!strcmp(type, "rsa_keygen_bits"))
+                {
+                int nbits;
+                nbits = atoi(value);
+                return EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, nbits);
+                }
+
+        if (!strcmp(type, "rsa_keygen_pubexp"))
+                {
+                int ret;
+                BIGNUM *pubexp = NULL;
+                if (!BN_asc2bn(&pubexp, value))
+                        return 0;
+                ret = EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp);
+                if (ret <= 0)
+                        BN_free(pubexp);
+                return ret;
+                }
+
+        return -2;
+        }
+
+static int pkey_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+        {
+        RSA *rsa = NULL;
+        RSA_PKEY_CTX *rctx = ctx->data;
+        BN_GENCB *pcb, cb;
+        int ret;
+        if (!rctx->pub_exp)
+                {
+                rctx->pub_exp = BN_new();
+                if (!rctx->pub_exp || !BN_set_word(rctx->pub_exp, RSA_F4))
+                        return 0;
+                }
+        rsa = RSA_new();
+        if (!rsa)
+                return 0;
+        if (ctx->pkey_gencb)
+                {
+                pcb = &cb;
+                evp_pkey_set_cb_translate(pcb, ctx);
+                }
+        else
+                pcb = NULL;
+        ret = RSA_generate_key_ex(rsa, rctx->nbits, rctx->pub_exp, pcb);
+        if (ret > 0)
+                EVP_PKEY_assign_RSA(pkey, rsa);
+        else
+                RSA_free(rsa);
+        return ret;
+        }
+
+const EVP_PKEY_METHOD rsa_pkey_meth = 
+        {
+        EVP_PKEY_RSA,
+        EVP_PKEY_FLAG_AUTOARGLEN,
+        pkey_rsa_init,
+        pkey_rsa_copy,
+        pkey_rsa_cleanup,
+
+        0,0,
+
+        0,
+        pkey_rsa_keygen,
+
+        0,
+        pkey_rsa_sign,
+
+        0,
+        pkey_rsa_verify,
+
+        0,
+        pkey_rsa_verifyrecover,
+
+
+        0,0,0,0,
+
+        0,
+        pkey_rsa_encrypt,
+
+        0,
+        pkey_rsa_decrypt,
+
+        0,0,
+
+        pkey_rsa_ctrl,
+        pkey_rsa_ctrl_str
+
+
+        };
diff --git a/src/lib/libcrypto/rsa/rsa_prn.c b/src/lib/libcrypto/rsa/rsa_prn.c
new file mode 100644
index 0000000000..224db0fae5
--- /dev/null
+++ b/src/lib/libcrypto/rsa/rsa_prn.c
@@ -0,0 +1,93 @@
+/* crypto/rsa/rsa_prn.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2006.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+
+#ifndef OPENSSL_NO_FP_API
+int RSA_print_fp(FILE *fp, const RSA *x, int off)
+        {
+        BIO *b;
+        int ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                {
+                RSAerr(RSA_F_RSA_PRINT_FP,ERR_R_BUF_LIB);
+                return(0);
+                }
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=RSA_print(b,x,off);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+
+int RSA_print(BIO *bp, const RSA *x, int off)
+        {
+        EVP_PKEY *pk;
+        int ret;
+        pk = EVP_PKEY_new();
+        if (!pk || !EVP_PKEY_set1_RSA(pk, (RSA *)x))
+                return 0;
+        ret = EVP_PKEY_print_private(bp, pk, off, NULL);
+        EVP_PKEY_free(pk);
+        return ret;
+        }
+
diff --git a/src/lib/libcrypto/rsa/rsa_pss.c b/src/lib/libcrypto/rsa/rsa_pss.c
index 9b993aca49..ac211e2ffe 100644
--- a/src/lib/libcrypto/rsa/rsa_pss.c
+++ b/src/lib/libcrypto/rsa/rsa_pss.c
@@ -81,7 +81,9 @@ int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
         EVP_MD_CTX ctx;
         unsigned char H_[EVP_MAX_MD_SIZE];
 
-        hLen = M_EVP_MD_size(Hash);
+        hLen = EVP_MD_size(Hash);
+        if (hLen < 0)
+                goto err;
         /*
          * Negative sLen has special meanings:
          *      -1      sLen == hLen
@@ -126,7 +128,8 @@ int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
                 RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, ERR_R_MALLOC_FAILURE);
                 goto err;
                 }
-        PKCS1_MGF1(DB, maskedDBLen, H, hLen, Hash);
+        if (PKCS1_MGF1(DB, maskedDBLen, H, hLen, Hash) < 0)
+                goto err;
         for (i = 0; i < maskedDBLen; i++)
                 DB[i] ^= EM[i];
         if (MSBits)
@@ -176,7 +179,9 @@ int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
         unsigned char *H, *salt = NULL, *p;
         EVP_MD_CTX ctx;
 
-        hLen = M_EVP_MD_size(Hash);
+        hLen = EVP_MD_size(Hash);
+        if (hLen < 0)
+                goto err;
         /*
          * Negative sLen has special meanings:
          *      -1      sLen == hLen
@@ -217,7 +222,7 @@ int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
                                 ERR_R_MALLOC_FAILURE);
                         goto err;
                         }
-                if (!RAND_bytes(salt, sLen))
+                if (RAND_bytes(salt, sLen) <= 0)
                         goto err;
                 }
         maskedDBLen = emLen - hLen - 1;
@@ -232,7 +237,8 @@ int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
         EVP_MD_CTX_cleanup(&ctx);
 
         /* Generate dbMask in place then perform XOR on it */
-        PKCS1_MGF1(EM, maskedDBLen, H, hLen, Hash);
+        if (PKCS1_MGF1(EM, maskedDBLen, H, hLen, Hash))
+                goto err;
 
         p = EM;
 
diff --git a/src/lib/libcrypto/s390xcap.c b/src/lib/libcrypto/s390xcap.c
new file mode 100644
index 0000000000..ffbe0235f9
--- /dev/null
+++ b/src/lib/libcrypto/s390xcap.c
@@ -0,0 +1,37 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <setjmp.h>
+#include <signal.h>
+
+extern unsigned long OPENSSL_s390xcap_P;
+
+static sigjmp_buf ill_jmp;
+static void ill_handler (int sig) { siglongjmp(ill_jmp,sig); }
+
+unsigned long OPENSSL_s390x_facilities(void);
+
+void OPENSSL_cpuid_setup(void)
+        {
+        sigset_t oset;
+        struct sigaction ill_act,oact;
+
+        if (OPENSSL_s390xcap_P) return;
+
+        memset(&ill_act,0,sizeof(ill_act));
+        ill_act.sa_handler = ill_handler;
+        sigfillset(&ill_act.sa_mask);
+        sigdelset(&ill_act.sa_mask,SIGILL);
+        sigdelset(&ill_act.sa_mask,SIGTRAP);
+        sigprocmask(SIG_SETMASK,&ill_act.sa_mask,&oset);
+        sigaction (SIGILL,&ill_act,&oact);
+
+        /* protection against missing store-facility-list-extended */
+        if (sigsetjmp(ill_jmp,0) == 0)
+                OPENSSL_s390xcap_P = OPENSSL_s390x_facilities();
+        else
+                OPENSSL_s390xcap_P = 1UL<<63;
+
+        sigaction (SIGILL,&oact,NULL);
+        sigprocmask(SIG_SETMASK,&oset,NULL);
+        }
diff --git a/src/lib/libcrypto/s390xcpuid.S b/src/lib/libcrypto/s390xcpuid.S
index 8500133ad0..b053c6a281 100644
--- a/src/lib/libcrypto/s390xcpuid.S
+++ b/src/lib/libcrypto/s390xcpuid.S
@@ -1,12 +1,5 @@
 .text
 
-.globl  OPENSSL_cpuid_setup
-.type   OPENSSL_cpuid_setup,@function
-.align  16
-OPENSSL_cpuid_setup:
-        br      %r14            # reserved for future
-.size   OPENSSL_cpuid_setup,.-OPENSSL_cpuid_setup
-
 .globl  OPENSSL_s390x_facilities
 .type   OPENSSL_s390x_facilities,@function
 .align  16
@@ -14,6 +7,8 @@ OPENSSL_s390x_facilities:
         lghi    %r0,0
         .long   0xb2b0f010      # stfle 16(%r15)
         lg      %r2,16(%r15)
+        larl    %r1,OPENSSL_s390xcap_P
+        stg     %r2,0(%r1)
         br      %r14
 .size   OPENSSL_s390x_facilities,.-OPENSSL_s390x_facilities
 
@@ -67,6 +62,8 @@ OPENSSL_cleanse:
         lghi    %r0,0
         clgr    %r3,%r4
         jh      .Lot
+        clgr    %r3,%r0
+        bcr     8,%r14
 .Little:
         stc     %r0,0(%r2)
         la      %r2,1(%r2)
@@ -88,3 +85,8 @@ OPENSSL_cleanse:
         jnz     .Little
         br      %r14
 .size   OPENSSL_cleanse,.-OPENSSL_cleanse
+
+.section        .init
+        brasl   %r14,OPENSSL_cpuid_setup
+
+.comm   OPENSSL_s390xcap_P,8,8
diff --git a/src/lib/libcrypto/sha/asm/sha1-armv4-large.pl b/src/lib/libcrypto/sha/asm/sha1-armv4-large.pl
new file mode 100644
index 0000000000..88861af641
--- /dev/null
+++ b/src/lib/libcrypto/sha/asm/sha1-armv4-large.pl
@@ -0,0 +1,234 @@
+#!/usr/bin/env perl
+
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# sha1_block procedure for ARMv4.
+#
+# January 2007.
+
+# Size/performance trade-off
+# ====================================================================
+# impl          size in bytes   comp cycles[*]  measured performance
+# ====================================================================
+# thumb         304             3212            4420
+# armv4-small   392/+29%        1958/+64%       2250/+96%
+# armv4-compact 740/+89%        1552/+26%       1840/+22%
+# armv4-large   1420/+92%       1307/+19%       1370/+34%[***]
+# full unroll   ~5100/+260%     ~1260/+4%       ~1300/+5%
+# ====================================================================
+# thumb         = same as 'small' but in Thumb instructions[**] and
+#                 with recurring code in two private functions;
+# small         = detached Xload/update, loops are folded;
+# compact       = detached Xload/update, 5x unroll;
+# large         = interleaved Xload/update, 5x unroll;
+# full unroll   = interleaved Xload/update, full unroll, estimated[!];
+#
+# [*]   Manually counted instructions in "grand" loop body. Measured
+#       performance is affected by prologue and epilogue overhead,
+#       i-cache availability, branch penalties, etc.
+# [**]  While each Thumb instruction is twice smaller, they are not as
+#       diverse as ARM ones: e.g., there are only two arithmetic
+#       instructions with 3 arguments, no [fixed] rotate, addressing
+#       modes are limited. As result it takes more instructions to do
+#       the same job in Thumb, therefore the code is never twice as
+#       small and always slower.
+# [***] which is also ~35% better than compiler generated code.
+
+$output=shift;
+open STDOUT,">$output";
+
+$ctx="r0";
+$inp="r1";
+$len="r2";
+$a="r3";
+$b="r4";
+$c="r5";
+$d="r6";
+$e="r7";
+$K="r8";
+$t0="r9";
+$t1="r10";
+$t2="r11";
+$t3="r12";
+$Xi="r14";
+@V=($a,$b,$c,$d,$e);
+
+# One can optimize this for aligned access on big-endian architecture,
+# but code's endian neutrality makes it too pretty:-)
+sub Xload {
+my ($a,$b,$c,$d,$e)=@_;
+$code.=<<___;
+        ldrb    $t0,[$inp],#4
+        ldrb    $t1,[$inp,#-3]
+        ldrb    $t2,[$inp,#-2]
+        ldrb    $t3,[$inp,#-1]
+        add     $e,$K,$e,ror#2                  @ E+=K_00_19
+        orr     $t0,$t1,$t0,lsl#8
+        add     $e,$e,$a,ror#27                 @ E+=ROR(A,27)
+        orr     $t0,$t2,$t0,lsl#8
+        eor     $t1,$c,$d                       @ F_xx_xx
+        orr     $t0,$t3,$t0,lsl#8
+        add     $e,$e,$t0                       @ E+=X[i]
+        str     $t0,[$Xi,#-4]!
+___
+}
+sub Xupdate {
+my ($a,$b,$c,$d,$e,$flag)=@_;
+$code.=<<___;
+        ldr     $t0,[$Xi,#15*4]
+        ldr     $t1,[$Xi,#13*4]
+        ldr     $t2,[$Xi,#7*4]
+        ldr     $t3,[$Xi,#2*4]
+        add     $e,$K,$e,ror#2                  @ E+=K_xx_xx
+        eor     $t0,$t0,$t1
+        eor     $t0,$t0,$t2
+        eor     $t0,$t0,$t3
+        add     $e,$e,$a,ror#27                 @ E+=ROR(A,27)
+___
+$code.=<<___ if (!defined($flag));
+        eor     $t1,$c,$d                       @ F_xx_xx, but not in 40_59
+___
+$code.=<<___;
+        mov     $t0,$t0,ror#31
+        add     $e,$e,$t0                       @ E+=X[i]
+        str     $t0,[$Xi,#-4]!
+___
+}
+
+sub BODY_00_15 {
+my ($a,$b,$c,$d,$e)=@_;
+        &Xload(@_);
+$code.=<<___;
+        and     $t1,$b,$t1,ror#2
+        eor     $t1,$t1,$d,ror#2                @ F_00_19(B,C,D)
+        add     $e,$e,$t1                       @ E+=F_00_19(B,C,D)
+___
+}
+
+sub BODY_16_19 {
+my ($a,$b,$c,$d,$e)=@_;
+        &Xupdate(@_);
+$code.=<<___;
+        and     $t1,$b,$t1,ror#2
+        eor     $t1,$t1,$d,ror#2                @ F_00_19(B,C,D)
+        add     $e,$e,$t1                       @ E+=F_00_19(B,C,D)
+___
+}
+
+sub BODY_20_39 {
+my ($a,$b,$c,$d,$e)=@_;
+        &Xupdate(@_);
+$code.=<<___;
+        eor     $t1,$b,$t1,ror#2                @ F_20_39(B,C,D)
+        add     $e,$e,$t1                       @ E+=F_20_39(B,C,D)
+___
+}
+
+sub BODY_40_59 {
+my ($a,$b,$c,$d,$e)=@_;
+        &Xupdate(@_,1);
+$code.=<<___;
+        and     $t1,$b,$c,ror#2
+        orr     $t2,$b,$c,ror#2
+        and     $t2,$t2,$d,ror#2
+        orr     $t1,$t1,$t2                     @ F_40_59(B,C,D)
+        add     $e,$e,$t1                       @ E+=F_40_59(B,C,D)
+___
+}
+
+$code=<<___;
+.text
+
+.global sha1_block_data_order
+.type   sha1_block_data_order,%function
+
+.align  2
+sha1_block_data_order:
+        stmdb   sp!,{r4-r12,lr}
+        add     $len,$inp,$len,lsl#6    @ $len to point at the end of $inp
+        ldmia   $ctx,{$a,$b,$c,$d,$e}
+.Lloop:
+        ldr     $K,.LK_00_19
+        mov     $Xi,sp
+        sub     sp,sp,#15*4
+        mov     $c,$c,ror#30
+        mov     $d,$d,ror#30
+        mov     $e,$e,ror#30            @ [6]
+.L_00_15:
+___
+for($i=0;$i<5;$i++) {
+        &BODY_00_15(@V);        unshift(@V,pop(@V));
+}
+$code.=<<___;
+        teq     $Xi,sp
+        bne     .L_00_15                @ [((11+4)*5+2)*3]
+___
+        &BODY_00_15(@V);        unshift(@V,pop(@V));
+        &BODY_16_19(@V);        unshift(@V,pop(@V));
+        &BODY_16_19(@V);        unshift(@V,pop(@V));
+        &BODY_16_19(@V);        unshift(@V,pop(@V));
+        &BODY_16_19(@V);        unshift(@V,pop(@V));
+$code.=<<___;
+
+        ldr     $K,.LK_20_39            @ [+15+16*4]
+        sub     sp,sp,#25*4
+        cmn     sp,#0                   @ [+3], clear carry to denote 20_39
+.L_20_39_or_60_79:
+___
+for($i=0;$i<5;$i++) {
+        &BODY_20_39(@V);        unshift(@V,pop(@V));
+}
+$code.=<<___;
+        teq     $Xi,sp                  @ preserve carry
+        bne     .L_20_39_or_60_79       @ [+((12+3)*5+2)*4]
+        bcs     .L_done                 @ [+((12+3)*5+2)*4], spare 300 bytes
+
+        ldr     $K,.LK_40_59
+        sub     sp,sp,#20*4             @ [+2]
+.L_40_59:
+___
+for($i=0;$i<5;$i++) {
+        &BODY_40_59(@V);        unshift(@V,pop(@V));
+}
+$code.=<<___;
+        teq     $Xi,sp
+        bne     .L_40_59                @ [+((12+5)*5+2)*4]
+
+        ldr     $K,.LK_60_79
+        sub     sp,sp,#20*4
+        cmp     sp,#0                   @ set carry to denote 60_79
+        b       .L_20_39_or_60_79       @ [+4], spare 300 bytes
+.L_done:
+        add     sp,sp,#80*4             @ "deallocate" stack frame
+        ldmia   $ctx,{$K,$t0,$t1,$t2,$t3}
+        add     $a,$K,$a
+        add     $b,$t0,$b
+        add     $c,$t1,$c,ror#2
+        add     $d,$t2,$d,ror#2
+        add     $e,$t3,$e,ror#2
+        stmia   $ctx,{$a,$b,$c,$d,$e}
+        teq     $inp,$len
+        bne     .Lloop                  @ [+18], total 1307
+
+        ldmia   sp!,{r4-r12,lr}
+        tst     lr,#1
+        moveq   pc,lr                   @ be binary compatible with V4, yet
+        bx      lr                      @ interoperable with Thumb ISA:-)
+.align  2
+.LK_00_19:      .word   0x5a827999
+.LK_20_39:      .word   0x6ed9eba1
+.LK_40_59:      .word   0x8f1bbcdc
+.LK_60_79:      .word   0xca62c1d6
+.size   sha1_block_data_order,.-sha1_block_data_order
+.asciz  "SHA1 block transform for ARMv4, CRYPTOGAMS by <appro\@openssl.org>"
+.align  2
+___
+
+$code =~ s/\bbx\s+lr\b/.word\t0xe12fff1e/gm;    # make it possible to compile with -march=armv4
+print $code;
+close STDOUT; # enforce flush
diff --git a/src/lib/libcrypto/sha/asm/sha1-ppc.pl b/src/lib/libcrypto/sha/asm/sha1-ppc.pl
new file mode 100755
index 0000000000..dcd0fcdfcf
--- /dev/null
+++ b/src/lib/libcrypto/sha/asm/sha1-ppc.pl
@@ -0,0 +1,319 @@
+#!/usr/bin/env perl
+
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# I let hardware handle unaligned input(*), except on page boundaries
+# (see below for details). Otherwise straightforward implementation
+# with X vector in register bank. The module is big-endian [which is
+# not big deal as there're no little-endian targets left around].
+#
+# (*) this means that this module is inappropriate for PPC403? Does
+#     anybody know if pre-POWER3 can sustain unaligned load?
+
+#                       -m64    -m32
+# ----------------------------------
+# PPC970,gcc-4.0.0      +76%    +59%
+# Power6,xlc-7          +68%    +33%
+
+$flavour = shift;
+
+if ($flavour =~ /64/) {
+        $SIZE_T =8;
+        $UCMP   ="cmpld";
+        $STU    ="stdu";
+        $POP    ="ld";
+        $PUSH   ="std";
+} elsif ($flavour =~ /32/) {
+        $SIZE_T =4;
+        $UCMP   ="cmplw";
+        $STU    ="stwu";
+        $POP    ="lwz";
+        $PUSH   ="stw";
+} else { die "nonsense $flavour"; }
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
+die "can't locate ppc-xlate.pl";
+
+open STDOUT,"| $^X $xlate $flavour ".shift || die "can't call $xlate: $!";
+
+$FRAME=24*$SIZE_T;
+
+$K  ="r0";
+$sp ="r1";
+$toc="r2";
+$ctx="r3";
+$inp="r4";
+$num="r5";
+$t0 ="r15";
+$t1 ="r6";
+
+$A  ="r7";
+$B  ="r8";
+$C  ="r9";
+$D  ="r10";
+$E  ="r11";
+$T  ="r12";
+
+@V=($A,$B,$C,$D,$E,$T);
+@X=("r16","r17","r18","r19","r20","r21","r22","r23",
+    "r24","r25","r26","r27","r28","r29","r30","r31");
+
+sub BODY_00_19 {
+my ($i,$a,$b,$c,$d,$e,$f)=@_;
+my $j=$i+1;
+$code.=<<___ if ($i==0);
+        lwz     @X[$i],`$i*4`($inp)
+___
+$code.=<<___ if ($i<15);
+        lwz     @X[$j],`$j*4`($inp)
+        add     $f,$K,$e
+        rotlwi  $e,$a,5
+        add     $f,$f,@X[$i]
+        and     $t0,$c,$b
+        add     $f,$f,$e
+        andc    $t1,$d,$b
+        rotlwi  $b,$b,30
+        or      $t0,$t0,$t1
+        add     $f,$f,$t0
+___
+$code.=<<___ if ($i>=15);
+        add     $f,$K,$e
+        rotlwi  $e,$a,5
+        xor     @X[$j%16],@X[$j%16],@X[($j+2)%16]
+        add     $f,$f,@X[$i%16]
+        and     $t0,$c,$b
+        xor     @X[$j%16],@X[$j%16],@X[($j+8)%16]
+        add     $f,$f,$e
+        andc    $t1,$d,$b
+        rotlwi  $b,$b,30
+        or      $t0,$t0,$t1
+        xor     @X[$j%16],@X[$j%16],@X[($j+13)%16]
+        add     $f,$f,$t0
+        rotlwi  @X[$j%16],@X[$j%16],1
+___
+}
+
+sub BODY_20_39 {
+my ($i,$a,$b,$c,$d,$e,$f)=@_;
+my $j=$i+1;
+$code.=<<___ if ($i<79);
+        add     $f,$K,$e
+        rotlwi  $e,$a,5
+        xor     @X[$j%16],@X[$j%16],@X[($j+2)%16]
+        add     $f,$f,@X[$i%16]
+        xor     $t0,$b,$c
+        xor     @X[$j%16],@X[$j%16],@X[($j+8)%16]
+        add     $f,$f,$e
+        rotlwi  $b,$b,30
+        xor     $t0,$t0,$d
+        xor     @X[$j%16],@X[$j%16],@X[($j+13)%16]
+        add     $f,$f,$t0
+        rotlwi  @X[$j%16],@X[$j%16],1
+___
+$code.=<<___ if ($i==79);
+        add     $f,$K,$e
+        rotlwi  $e,$a,5
+        lwz     r16,0($ctx)
+        add     $f,$f,@X[$i%16]
+        xor     $t0,$b,$c
+        lwz     r17,4($ctx)
+        add     $f,$f,$e
+        rotlwi  $b,$b,30
+        lwz     r18,8($ctx)
+        xor     $t0,$t0,$d
+        lwz     r19,12($ctx)
+        add     $f,$f,$t0
+        lwz     r20,16($ctx)
+___
+}
+
+sub BODY_40_59 {
+my ($i,$a,$b,$c,$d,$e,$f)=@_;
+my $j=$i+1;
+$code.=<<___;
+        add     $f,$K,$e
+        rotlwi  $e,$a,5
+        xor     @X[$j%16],@X[$j%16],@X[($j+2)%16]
+        add     $f,$f,@X[$i%16]
+        and     $t0,$b,$c
+        xor     @X[$j%16],@X[$j%16],@X[($j+8)%16]
+        add     $f,$f,$e
+        or      $t1,$b,$c
+        rotlwi  $b,$b,30
+        xor     @X[$j%16],@X[$j%16],@X[($j+13)%16]
+        and     $t1,$t1,$d
+        or      $t0,$t0,$t1
+        rotlwi  @X[$j%16],@X[$j%16],1
+        add     $f,$f,$t0
+___
+}
+
+$code=<<___;
+.machine        "any"
+.text
+
+.globl  .sha1_block_data_order
+.align  4
+.sha1_block_data_order:
+        mflr    r0
+        $STU    $sp,`-($FRAME+64)`($sp)
+        $PUSH   r0,`$FRAME-$SIZE_T*18`($sp)
+        $PUSH   r15,`$FRAME-$SIZE_T*17`($sp)
+        $PUSH   r16,`$FRAME-$SIZE_T*16`($sp)
+        $PUSH   r17,`$FRAME-$SIZE_T*15`($sp)
+        $PUSH   r18,`$FRAME-$SIZE_T*14`($sp)
+        $PUSH   r19,`$FRAME-$SIZE_T*13`($sp)
+        $PUSH   r20,`$FRAME-$SIZE_T*12`($sp)
+        $PUSH   r21,`$FRAME-$SIZE_T*11`($sp)
+        $PUSH   r22,`$FRAME-$SIZE_T*10`($sp)
+        $PUSH   r23,`$FRAME-$SIZE_T*9`($sp)
+        $PUSH   r24,`$FRAME-$SIZE_T*8`($sp)
+        $PUSH   r25,`$FRAME-$SIZE_T*7`($sp)
+        $PUSH   r26,`$FRAME-$SIZE_T*6`($sp)
+        $PUSH   r27,`$FRAME-$SIZE_T*5`($sp)
+        $PUSH   r28,`$FRAME-$SIZE_T*4`($sp)
+        $PUSH   r29,`$FRAME-$SIZE_T*3`($sp)
+        $PUSH   r30,`$FRAME-$SIZE_T*2`($sp)
+        $PUSH   r31,`$FRAME-$SIZE_T*1`($sp)
+        lwz     $A,0($ctx)
+        lwz     $B,4($ctx)
+        lwz     $C,8($ctx)
+        lwz     $D,12($ctx)
+        lwz     $E,16($ctx)
+        andi.   r0,$inp,3
+        bne     Lunaligned
+Laligned:
+        mtctr   $num
+        bl      Lsha1_block_private
+Ldone:
+        $POP    r0,`$FRAME-$SIZE_T*18`($sp)
+        $POP    r15,`$FRAME-$SIZE_T*17`($sp)
+        $POP    r16,`$FRAME-$SIZE_T*16`($sp)
+        $POP    r17,`$FRAME-$SIZE_T*15`($sp)
+        $POP    r18,`$FRAME-$SIZE_T*14`($sp)
+        $POP    r19,`$FRAME-$SIZE_T*13`($sp)
+        $POP    r20,`$FRAME-$SIZE_T*12`($sp)
+        $POP    r21,`$FRAME-$SIZE_T*11`($sp)
+        $POP    r22,`$FRAME-$SIZE_T*10`($sp)
+        $POP    r23,`$FRAME-$SIZE_T*9`($sp)
+        $POP    r24,`$FRAME-$SIZE_T*8`($sp)
+        $POP    r25,`$FRAME-$SIZE_T*7`($sp)
+        $POP    r26,`$FRAME-$SIZE_T*6`($sp)
+        $POP    r27,`$FRAME-$SIZE_T*5`($sp)
+        $POP    r28,`$FRAME-$SIZE_T*4`($sp)
+        $POP    r29,`$FRAME-$SIZE_T*3`($sp)
+        $POP    r30,`$FRAME-$SIZE_T*2`($sp)
+        $POP    r31,`$FRAME-$SIZE_T*1`($sp)
+        mtlr    r0
+        addi    $sp,$sp,`$FRAME+64`
+        blr
+___
+
+# PowerPC specification allows an implementation to be ill-behaved
+# upon unaligned access which crosses page boundary. "Better safe
+# than sorry" principle makes me treat it specially. But I don't
+# look for particular offending word, but rather for 64-byte input
+# block which crosses the boundary. Once found that block is aligned
+# and hashed separately...
+$code.=<<___;
+.align  4
+Lunaligned:
+        subfic  $t1,$inp,4096
+        andi.   $t1,$t1,4095    ; distance to closest page boundary
+        srwi.   $t1,$t1,6       ; t1/=64
+        beq     Lcross_page
+        $UCMP   $num,$t1
+        ble-    Laligned        ; didn't cross the page boundary
+        mtctr   $t1
+        subfc   $num,$t1,$num
+        bl      Lsha1_block_private
+Lcross_page:
+        li      $t1,16
+        mtctr   $t1
+        addi    r20,$sp,$FRAME  ; spot below the frame
+Lmemcpy:
+        lbz     r16,0($inp)
+        lbz     r17,1($inp)
+        lbz     r18,2($inp)
+        lbz     r19,3($inp)
+        addi    $inp,$inp,4
+        stb     r16,0(r20)
+        stb     r17,1(r20)
+        stb     r18,2(r20)
+        stb     r19,3(r20)
+        addi    r20,r20,4
+        bdnz    Lmemcpy
+
+        $PUSH   $inp,`$FRAME-$SIZE_T*19`($sp)
+        li      $t1,1
+        addi    $inp,$sp,$FRAME
+        mtctr   $t1
+        bl      Lsha1_block_private
+        $POP    $inp,`$FRAME-$SIZE_T*19`($sp)
+        addic.  $num,$num,-1
+        bne-    Lunaligned
+        b       Ldone
+___
+
+# This is private block function, which uses tailored calling
+# interface, namely upon entry SHA_CTX is pre-loaded to given
+# registers and counter register contains amount of chunks to
+# digest...
+$code.=<<___;
+.align  4
+Lsha1_block_private:
+___
+$code.=<<___;   # load K_00_19
+        lis     $K,0x5a82
+        ori     $K,$K,0x7999
+___
+for($i=0;$i<20;$i++)    { &BODY_00_19($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;   # load K_20_39
+        lis     $K,0x6ed9
+        ori     $K,$K,0xeba1
+___
+for(;$i<40;$i++)        { &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;   # load K_40_59
+        lis     $K,0x8f1b
+        ori     $K,$K,0xbcdc
+___
+for(;$i<60;$i++)        { &BODY_40_59($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;   # load K_60_79
+        lis     $K,0xca62
+        ori     $K,$K,0xc1d6
+___
+for(;$i<80;$i++)        { &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+        add     r16,r16,$E
+        add     r17,r17,$T
+        add     r18,r18,$A
+        add     r19,r19,$B
+        add     r20,r20,$C
+        stw     r16,0($ctx)
+        mr      $A,r16
+        stw     r17,4($ctx)
+        mr      $B,r17
+        stw     r18,8($ctx)
+        mr      $C,r18
+        stw     r19,12($ctx)
+        mr      $D,r19
+        stw     r20,16($ctx)
+        mr      $E,r20
+        addi    $inp,$inp,`16*4`
+        bdnz-   Lsha1_block_private
+        blr
+___
+$code.=<<___;
+.asciz  "SHA1 block transform for PPC, CRYPTOGAMS by <appro\@fy.chalmers.se>"
+___
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+print $code;
+close STDOUT;
diff --git a/src/lib/libcrypto/sha/asm/sha1-s390x.pl b/src/lib/libcrypto/sha/asm/sha1-s390x.pl
new file mode 100644
index 0000000000..4b17848287
--- /dev/null
+++ b/src/lib/libcrypto/sha/asm/sha1-s390x.pl
@@ -0,0 +1,226 @@
+#!/usr/bin/env perl
+
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# SHA1 block procedure for s390x.
+
+# April 2007.
+#
+# Performance is >30% better than gcc 3.3 generated code. But the real
+# twist is that SHA1 hardware support is detected and utilized. In
+# which case performance can reach further >4.5x for larger chunks.
+
+# January 2009.
+#
+# Optimize Xupdate for amount of memory references and reschedule
+# instructions to favour dual-issue z10 pipeline. On z10 hardware is
+# "only" ~2.3x faster than software.
+
+$kimdfunc=1;    # magic function code for kimd instruction
+
+$output=shift;
+open STDOUT,">$output";
+
+$K_00_39="%r0"; $K=$K_00_39;
+$K_40_79="%r1";
+$ctx="%r2";     $prefetch="%r2";
+$inp="%r3";
+$len="%r4";
+
+$A="%r5";
+$B="%r6";
+$C="%r7";
+$D="%r8";
+$E="%r9";       @V=($A,$B,$C,$D,$E);
+$t0="%r10";
+$t1="%r11";
+@X=("%r12","%r13","%r14");
+$sp="%r15";
+
+$frame=160+16*4;
+
+sub Xupdate {
+my $i=shift;
+
+$code.=<<___ if ($i==15);
+        lg      $prefetch,160($sp)      ### Xupdate(16) warm-up
+        lr      $X[0],$X[2]
+___
+return if ($i&1);       # Xupdate is vectorized and executed every 2nd cycle
+$code.=<<___ if ($i<16);
+        lg      $X[0],`$i*4`($inp)      ### Xload($i)
+        rllg    $X[1],$X[0],32
+___
+$code.=<<___ if ($i>=16);
+        xgr     $X[0],$prefetch         ### Xupdate($i)
+        lg      $prefetch,`160+4*(($i+2)%16)`($sp)
+        xg      $X[0],`160+4*(($i+8)%16)`($sp)
+        xgr     $X[0],$prefetch
+        rll     $X[0],$X[0],1
+        rllg    $X[1],$X[0],32
+        rll     $X[1],$X[1],1
+        rllg    $X[0],$X[1],32
+        lr      $X[2],$X[1]             # feedback
+___
+$code.=<<___ if ($i<=70);
+        stg     $X[0],`160+4*($i%16)`($sp)
+___
+unshift(@X,pop(@X));
+}
+
+sub BODY_00_19 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $xi=$X[1];
+
+        &Xupdate($i);
+$code.=<<___;
+        alr     $e,$K           ### $i
+        rll     $t1,$a,5
+        lr      $t0,$d
+        xr      $t0,$c
+        alr     $e,$t1
+        nr      $t0,$b
+        alr     $e,$xi
+        xr      $t0,$d
+        rll     $b,$b,30
+        alr     $e,$t0
+___
+}
+
+sub BODY_20_39 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $xi=$X[1];
+
+        &Xupdate($i);
+$code.=<<___;
+        alr     $e,$K           ### $i
+        rll     $t1,$a,5
+        lr      $t0,$b
+        alr     $e,$t1
+        xr      $t0,$c
+        alr     $e,$xi
+        xr      $t0,$d
+        rll     $b,$b,30
+        alr     $e,$t0
+___
+}
+
+sub BODY_40_59 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $xi=$X[1];
+
+        &Xupdate($i);
+$code.=<<___;
+        alr     $e,$K           ### $i
+        rll     $t1,$a,5
+        lr      $t0,$b
+        alr     $e,$t1
+        or      $t0,$c
+        lr      $t1,$b
+        nr      $t0,$d
+        nr      $t1,$c
+        alr     $e,$xi
+        or      $t0,$t1
+        rll     $b,$b,30
+        alr     $e,$t0
+___
+}
+
+$code.=<<___;
+.text
+.align  64
+.type   Ktable,\@object
+Ktable: .long   0x5a827999,0x6ed9eba1,0x8f1bbcdc,0xca62c1d6
+        .skip   48      #.long  0,0,0,0,0,0,0,0,0,0,0,0
+.size   Ktable,.-Ktable
+.globl  sha1_block_data_order
+.type   sha1_block_data_order,\@function
+sha1_block_data_order:
+___
+$code.=<<___ if ($kimdfunc);
+        larl    %r1,OPENSSL_s390xcap_P
+        lg      %r0,0(%r1)
+        tmhl    %r0,0x4000      # check for message-security assist
+        jz      .Lsoftware
+        lghi    %r0,0
+        la      %r1,16($sp)
+        .long   0xb93e0002      # kimd %r0,%r2
+        lg      %r0,16($sp)
+        tmhh    %r0,`0x8000>>$kimdfunc`
+        jz      .Lsoftware
+        lghi    %r0,$kimdfunc
+        lgr     %r1,$ctx
+        lgr     %r2,$inp
+        sllg    %r3,$len,6
+        .long   0xb93e0002      # kimd %r0,%r2
+        brc     1,.-4           # pay attention to "partial completion"
+        br      %r14
+.align  16
+.Lsoftware:
+___
+$code.=<<___;
+        lghi    %r1,-$frame
+        stg     $ctx,16($sp)
+        stmg    %r6,%r15,48($sp)
+        lgr     %r0,$sp
+        la      $sp,0(%r1,$sp)
+        stg     %r0,0($sp)
+
+        larl    $t0,Ktable
+        llgf    $A,0($ctx)
+        llgf    $B,4($ctx)
+        llgf    $C,8($ctx)
+        llgf    $D,12($ctx)
+        llgf    $E,16($ctx)
+
+        lg      $K_00_39,0($t0)
+        lg      $K_40_79,8($t0)
+
+.Lloop:
+        rllg    $K_00_39,$K_00_39,32
+___
+for ($i=0;$i<20;$i++)   { &BODY_00_19($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+        rllg    $K_00_39,$K_00_39,32
+___
+for (;$i<40;$i++)       { &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;   $K=$K_40_79;
+        rllg    $K_40_79,$K_40_79,32
+___
+for (;$i<60;$i++)       { &BODY_40_59($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+        rllg    $K_40_79,$K_40_79,32
+___
+for (;$i<80;$i++)       { &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+
+        lg      $ctx,`$frame+16`($sp)
+        la      $inp,64($inp)
+        al      $A,0($ctx)
+        al      $B,4($ctx)
+        al      $C,8($ctx)
+        al      $D,12($ctx)
+        al      $E,16($ctx)
+        st      $A,0($ctx)
+        st      $B,4($ctx)
+        st      $C,8($ctx)
+        st      $D,12($ctx)
+        st      $E,16($ctx)
+        brct    $len,.Lloop
+
+        lmg     %r6,%r15,`$frame+48`($sp)
+        br      %r14
+.size   sha1_block_data_order,.-sha1_block_data_order
+.string "SHA1 block transform for s390x, CRYPTOGAMS by <appro\@openssl.org>"
+.comm   OPENSSL_s390xcap_P,8,8
+___
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+
+print $code;
+close STDOUT;
diff --git a/src/lib/libcrypto/sha/asm/sha1-sparcv9.pl b/src/lib/libcrypto/sha/asm/sha1-sparcv9.pl
new file mode 100644
index 0000000000..8306fc88cc
--- /dev/null
+++ b/src/lib/libcrypto/sha/asm/sha1-sparcv9.pl
@@ -0,0 +1,283 @@
+#!/usr/bin/env perl
+
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# Performance improvement is not really impressive on pre-T1 CPU: +8%
+# over Sun C and +25% over gcc [3.3]. While on T1, a.k.a. Niagara, it
+# turned to be 40% faster than 64-bit code generated by Sun C 5.8 and
+# >2x than 64-bit code generated by gcc 3.4. And there is a gimmick.
+# X[16] vector is packed to 8 64-bit registers and as result nothing
+# is spilled on stack. In addition input data is loaded in compact
+# instruction sequence, thus minimizing the window when the code is
+# subject to [inter-thread] cache-thrashing hazard. The goal is to
+# ensure scalability on UltraSPARC T1, or rather to avoid decay when
+# amount of active threads exceeds the number of physical cores.
+
+$bits=32;
+for (@ARGV)     { $bits=64 if (/\-m64/ || /\-xarch\=v9/); }
+if ($bits==64)  { $bias=2047; $frame=192; }
+else            { $bias=0;    $frame=112; }
+
+$output=shift;
+open STDOUT,">$output";
+
+@X=("%o0","%o1","%o2","%o3","%o4","%o5","%g1","%o7");
+$rot1m="%g2";
+$tmp64="%g3";
+$Xi="%g4";
+$A="%l0";
+$B="%l1";
+$C="%l2";
+$D="%l3";
+$E="%l4";
+@V=($A,$B,$C,$D,$E);
+$K_00_19="%l5";
+$K_20_39="%l6";
+$K_40_59="%l7";
+$K_60_79="%g5";
+@K=($K_00_19,$K_20_39,$K_40_59,$K_60_79);
+
+$ctx="%i0";
+$inp="%i1";
+$len="%i2";
+$tmp0="%i3";
+$tmp1="%i4";
+$tmp2="%i5";
+
+sub BODY_00_15 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $xi=($i&1)?@X[($i/2)%8]:$Xi;
+
+$code.=<<___;
+        sll     $a,5,$tmp0              !! $i
+        add     @K[$i/20],$e,$e
+        srl     $a,27,$tmp1
+        add     $tmp0,$e,$e
+        and     $c,$b,$tmp0
+        add     $tmp1,$e,$e
+        sll     $b,30,$tmp2
+        andn    $d,$b,$tmp1
+        srl     $b,2,$b
+        or      $tmp1,$tmp0,$tmp1
+        or      $tmp2,$b,$b
+        add     $xi,$e,$e
+___
+if ($i&1 && $i<15) {
+        $code.=
+        "       srlx    @X[(($i+1)/2)%8],32,$Xi\n";
+}
+$code.=<<___;
+        add     $tmp1,$e,$e
+___
+}
+
+sub Xupdate {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=$i/2;
+
+if ($i&1) {
+$code.=<<___;
+        sll     $a,5,$tmp0              !! $i
+        add     @K[$i/20],$e,$e
+        srl     $a,27,$tmp1
+___
+} else {
+$code.=<<___;
+        sllx    @X[($j+6)%8],32,$Xi     ! Xupdate($i)
+        xor     @X[($j+1)%8],@X[$j%8],@X[$j%8]
+        srlx    @X[($j+7)%8],32,$tmp1
+        xor     @X[($j+4)%8],@X[$j%8],@X[$j%8]
+        sll     $a,5,$tmp0              !! $i
+        or      $tmp1,$Xi,$Xi
+        add     @K[$i/20],$e,$e         !!
+        xor     $Xi,@X[$j%8],@X[$j%8]
+        srlx    @X[$j%8],31,$Xi
+        add     @X[$j%8],@X[$j%8],@X[$j%8]
+        and     $Xi,$rot1m,$Xi
+        andn    @X[$j%8],$rot1m,@X[$j%8]
+        srl     $a,27,$tmp1             !!
+        or      $Xi,@X[$j%8],@X[$j%8]
+___
+}
+}
+
+sub BODY_16_19 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+
+        &Xupdate(@_);
+    if ($i&1) {
+        $xi=@X[($i/2)%8];
+    } else {
+        $xi=$Xi;
+        $code.="\tsrlx  @X[($i/2)%8],32,$xi\n";
+    }
+$code.=<<___;
+        add     $tmp0,$e,$e             !!
+        and     $c,$b,$tmp0
+        add     $tmp1,$e,$e
+        sll     $b,30,$tmp2
+        add     $xi,$e,$e
+        andn    $d,$b,$tmp1
+        srl     $b,2,$b
+        or      $tmp1,$tmp0,$tmp1
+        or      $tmp2,$b,$b
+        add     $tmp1,$e,$e
+___
+}
+
+sub BODY_20_39 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $xi;
+        &Xupdate(@_);
+    if ($i&1) {
+        $xi=@X[($i/2)%8];
+    } else {
+        $xi=$Xi;
+        $code.="\tsrlx  @X[($i/2)%8],32,$xi\n";
+    }
+$code.=<<___;
+        add     $tmp0,$e,$e             !!
+        xor     $c,$b,$tmp0
+        add     $tmp1,$e,$e
+        sll     $b,30,$tmp2
+        xor     $d,$tmp0,$tmp1
+        srl     $b,2,$b
+        add     $tmp1,$e,$e
+        or      $tmp2,$b,$b
+        add     $xi,$e,$e
+___
+}
+
+sub BODY_40_59 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $xi;
+        &Xupdate(@_);
+    if ($i&1) {
+        $xi=@X[($i/2)%8];
+    } else {
+        $xi=$Xi;
+        $code.="\tsrlx  @X[($i/2)%8],32,$xi\n";
+    }
+$code.=<<___;
+        add     $tmp0,$e,$e             !!
+        and     $c,$b,$tmp0
+        add     $tmp1,$e,$e
+        sll     $b,30,$tmp2
+        or      $c,$b,$tmp1
+        srl     $b,2,$b
+        and     $d,$tmp1,$tmp1
+        add     $xi,$e,$e
+        or      $tmp1,$tmp0,$tmp1
+        or      $tmp2,$b,$b
+        add     $tmp1,$e,$e
+___
+}
+
+$code.=<<___ if ($bits==64);
+.register       %g2,#scratch
+.register       %g3,#scratch
+___
+$code.=<<___;
+.section        ".text",#alloc,#execinstr
+
+.align  32
+.globl  sha1_block_data_order
+sha1_block_data_order:
+        save    %sp,-$frame,%sp
+        sllx    $len,6,$len
+        add     $inp,$len,$len
+
+        or      %g0,1,$rot1m
+        sllx    $rot1m,32,$rot1m
+        or      $rot1m,1,$rot1m
+
+        ld      [$ctx+0],$A
+        ld      [$ctx+4],$B
+        ld      [$ctx+8],$C
+        ld      [$ctx+12],$D
+        ld      [$ctx+16],$E
+        andn    $inp,7,$tmp0
+
+        sethi   %hi(0x5a827999),$K_00_19
+        or      $K_00_19,%lo(0x5a827999),$K_00_19
+        sethi   %hi(0x6ed9eba1),$K_20_39
+        or      $K_20_39,%lo(0x6ed9eba1),$K_20_39
+        sethi   %hi(0x8f1bbcdc),$K_40_59
+        or      $K_40_59,%lo(0x8f1bbcdc),$K_40_59
+        sethi   %hi(0xca62c1d6),$K_60_79
+        or      $K_60_79,%lo(0xca62c1d6),$K_60_79
+
+.Lloop:
+        ldx     [$tmp0+0],@X[0]
+        ldx     [$tmp0+16],@X[2]
+        ldx     [$tmp0+32],@X[4]
+        ldx     [$tmp0+48],@X[6]
+        and     $inp,7,$tmp1
+        ldx     [$tmp0+8],@X[1]
+        sll     $tmp1,3,$tmp1
+        ldx     [$tmp0+24],@X[3]
+        subcc   %g0,$tmp1,$tmp2 ! should be 64-$tmp1, but -$tmp1 works too
+        ldx     [$tmp0+40],@X[5]
+        bz,pt   %icc,.Laligned
+        ldx     [$tmp0+56],@X[7]
+
+        sllx    @X[0],$tmp1,@X[0]
+        ldx     [$tmp0+64],$tmp64
+___
+for($i=0;$i<7;$i++)
+{   $code.=<<___;
+        srlx    @X[$i+1],$tmp2,$Xi
+        sllx    @X[$i+1],$tmp1,@X[$i+1]
+        or      $Xi,@X[$i],@X[$i]
+___
+}
+$code.=<<___;
+        srlx    $tmp64,$tmp2,$tmp64
+        or      $tmp64,@X[7],@X[7]
+.Laligned:
+        srlx    @X[0],32,$Xi
+___
+for ($i=0;$i<16;$i++)   { &BODY_00_15($i,@V); unshift(@V,pop(@V)); }
+for (;$i<20;$i++)       { &BODY_16_19($i,@V); unshift(@V,pop(@V)); }
+for (;$i<40;$i++)       { &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+for (;$i<60;$i++)       { &BODY_40_59($i,@V); unshift(@V,pop(@V)); }
+for (;$i<80;$i++)       { &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+
+        ld      [$ctx+0],@X[0]
+        ld      [$ctx+4],@X[1]
+        ld      [$ctx+8],@X[2]
+        ld      [$ctx+12],@X[3]
+        add     $inp,64,$inp
+        ld      [$ctx+16],@X[4]
+        cmp     $inp,$len
+
+        add     $A,@X[0],$A
+        st      $A,[$ctx+0]
+        add     $B,@X[1],$B
+        st      $B,[$ctx+4]
+        add     $C,@X[2],$C
+        st      $C,[$ctx+8]
+        add     $D,@X[3],$D
+        st      $D,[$ctx+12]
+        add     $E,@X[4],$E
+        st      $E,[$ctx+16]
+
+        bne     `$bits==64?"%xcc":"%icc"`,.Lloop
+        andn    $inp,7,$tmp0
+
+        ret
+        restore
+.type   sha1_block_data_order,#function
+.size   sha1_block_data_order,(.-sha1_block_data_order)
+.asciz  "SHA1 block transform for SPARCv9, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+print $code;
+close STDOUT;
diff --git a/src/lib/libcrypto/sha/asm/sha1-sparcv9a.pl b/src/lib/libcrypto/sha/asm/sha1-sparcv9a.pl
new file mode 100644
index 0000000000..15eb854bad
--- /dev/null
+++ b/src/lib/libcrypto/sha/asm/sha1-sparcv9a.pl
@@ -0,0 +1,600 @@
+#!/usr/bin/env perl
+
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# January 2009
+#
+# Provided that UltraSPARC VIS instructions are pipe-lined(*) and
+# pairable(*) with IALU ones, offloading of Xupdate to the UltraSPARC
+# Graphic Unit would make it possible to achieve higher instruction-
+# level parallelism, ILP, and thus higher performance. It should be
+# explicitly noted that ILP is the keyword, and it means that this
+# code would be unsuitable for cores like UltraSPARC-Tx. The idea is
+# not really novel, Sun had VIS-powered implementation for a while.
+# Unlike Sun's implementation this one can process multiple unaligned
+# input blocks, and as such works as drop-in replacement for OpenSSL
+# sha1_block_data_order. Performance improvement was measured to be
+# 40% over pure IALU sha1-sparcv9.pl on UltraSPARC-IIi, but 12% on
+# UltraSPARC-III. See below for discussion...
+#
+# The module does not present direct interest for OpenSSL, because
+# it doesn't provide better performance on contemporary SPARCv9 CPUs,
+# UltraSPARC-Tx and SPARC64-V[II] to be specific. Those who feel they
+# absolutely must score on UltraSPARC-I-IV can simply replace
+# crypto/sha/asm/sha1-sparcv9.pl with this module.
+#
+# (*)   "Pipe-lined" means that even if it takes several cycles to
+#       complete, next instruction using same functional unit [but not
+#       depending on the result of the current instruction] can start
+#       execution without having to wait for the unit. "Pairable"
+#       means that two [or more] independent instructions can be
+#       issued at the very same time.
+
+$bits=32;
+for (@ARGV)     { $bits=64 if (/\-m64/ || /\-xarch\=v9/); }
+if ($bits==64)  { $bias=2047; $frame=192; }
+else            { $bias=0;    $frame=112; }
+
+$output=shift;
+open STDOUT,">$output";
+
+$ctx="%i0";
+$inp="%i1";
+$len="%i2";
+$tmp0="%i3";
+$tmp1="%i4";
+$tmp2="%i5";
+$tmp3="%g5";
+
+$base="%g1";
+$align="%g4";
+$Xfer="%o5";
+$nXfer=$tmp3;
+$Xi="%o7";
+
+$A="%l0";
+$B="%l1";
+$C="%l2";
+$D="%l3";
+$E="%l4";
+@V=($A,$B,$C,$D,$E);
+
+$Actx="%o0";
+$Bctx="%o1";
+$Cctx="%o2";
+$Dctx="%o3";
+$Ectx="%o4";
+
+$fmul="%f32";
+$VK_00_19="%f34";
+$VK_20_39="%f36";
+$VK_40_59="%f38";
+$VK_60_79="%f40";
+@VK=($VK_00_19,$VK_20_39,$VK_40_59,$VK_60_79);
+@X=("%f0", "%f1", "%f2", "%f3", "%f4", "%f5", "%f6", "%f7",
+    "%f8", "%f9","%f10","%f11","%f12","%f13","%f14","%f15","%f16");
+
+# This is reference 2x-parallelized VIS-powered Xupdate procedure. It
+# covers even K_NN_MM addition...
+sub Xupdate {
+my ($i)=@_;
+my $K=@VK[($i+16)/20];
+my $j=($i+16)%16;
+
+#       [ provided that GSR.alignaddr_offset is 5, $mul contains
+#         0x100ULL<<32|0x100 value and K_NN_MM are pre-loaded to
+#         chosen registers... ]
+$code.=<<___;
+        fxors           @X[($j+13)%16],@X[$j],@X[$j]    !-1/-1/-1:X[0]^=X[13]
+        fxors           @X[($j+14)%16],@X[$j+1],@X[$j+1]! 0/ 0/ 0:X[1]^=X[14]
+        fxor            @X[($j+2)%16],@X[($j+8)%16],%f18! 1/ 1/ 1:Tmp=X[2,3]^X[8,9]
+        fxor            %f18,@X[$j],@X[$j]              ! 2/ 4/ 3:X[0,1]^=X[2,3]^X[8,9]
+        faligndata      @X[$j],@X[$j],%f18              ! 3/ 7/ 5:Tmp=X[0,1]>>>24
+        fpadd32         @X[$j],@X[$j],@X[$j]            ! 4/ 8/ 6:X[0,1]<<=1
+        fmul8ulx16      %f18,$fmul,%f18                 ! 5/10/ 7:Tmp>>=7, Tmp&=1
+        ![fxors         %f15,%f2,%f2]
+        for             %f18,@X[$j],@X[$j]              ! 8/14/10:X[0,1]|=Tmp
+        ![fxors         %f0,%f3,%f3]                    !10/17/12:X[0] dependency
+        fpadd32         $K,@X[$j],%f20
+        std             %f20,[$Xfer+`4*$j`]
+___
+# The numbers delimited with slash are the earliest possible dispatch
+# cycles for given instruction assuming 1 cycle latency for simple VIS
+# instructions, such as on UltraSPARC-I&II, 3 cycles latency, such as
+# on UltraSPARC-III&IV, and 2 cycles latency(*), respectively. Being
+# 2x-parallelized the procedure is "worth" 5, 8.5 or 6 ticks per SHA1
+# round. As [long as] FPU/VIS instructions are perfectly pairable with
+# IALU ones, the round timing is defined by the maximum between VIS
+# and IALU timings. The latter varies from round to round and averages
+# out at 6.25 ticks. This means that USI&II should operate at IALU
+# rate, while USIII&IV - at VIS rate. This explains why performance
+# improvement varies among processors. Well, given that pure IALU
+# sha1-sparcv9.pl module exhibits virtually uniform performance of
+# ~9.3 cycles per SHA1 round. Timings mentioned above are theoretical
+# lower limits. Real-life performance was measured to be 6.6 cycles
+# per SHA1 round on USIIi and 8.3 on USIII. The latter is lower than
+# half-round VIS timing, because there are 16 Xupdate-free rounds,
+# which "push down" average theoretical timing to 8 cycles...
+
+# (*)   SPARC64-V[II] was originally believed to have 2 cycles VIS
+#       latency. Well, it might have, but it doesn't have dedicated
+#       VIS-unit. Instead, VIS instructions are executed by other
+#       functional units, ones used here - by IALU. This doesn't
+#       improve effective ILP...
+}
+
+# The reference Xupdate procedure is then "strained" over *pairs* of
+# BODY_NN_MM and kind of modulo-scheduled in respect to X[n]^=X[n+13]
+# and K_NN_MM addition. It's "running" 15 rounds ahead, which leaves
+# plenty of room to amortize for read-after-write hazard, as well as
+# to fetch and align input for the next spin. The VIS instructions are
+# scheduled for latency of 2 cycles, because there are not enough IALU
+# instructions to schedule for latency of 3, while scheduling for 1
+# would give no gain on USI&II anyway.
+
+sub BODY_00_19 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=$i&~1;
+my $k=($j+16+2)%16;     # ahead reference
+my $l=($j+16-2)%16;     # behind reference
+my $K=@VK[($j+16-2)/20];
+
+$j=($j+16)%16;
+
+$code.=<<___ if (!($i&1));
+        sll             $a,5,$tmp0                      !! $i
+        and             $c,$b,$tmp3
+        ld              [$Xfer+`4*($i%16)`],$Xi
+         fxors          @X[($j+14)%16],@X[$j+1],@X[$j+1]! 0/ 0/ 0:X[1]^=X[14]
+        srl             $a,27,$tmp1
+        add             $tmp0,$e,$e
+         fxor           @X[($j+2)%16],@X[($j+8)%16],%f18! 1/ 1/ 1:Tmp=X[2,3]^X[8,9]
+        sll             $b,30,$tmp2
+        add             $tmp1,$e,$e
+        andn            $d,$b,$tmp1
+        add             $Xi,$e,$e
+         fxor           %f18,@X[$j],@X[$j]              ! 2/ 4/ 3:X[0,1]^=X[2,3]^X[8,9]
+        srl             $b,2,$b
+        or              $tmp1,$tmp3,$tmp1
+        or              $tmp2,$b,$b
+        add             $tmp1,$e,$e
+         faligndata     @X[$j],@X[$j],%f18              ! 3/ 7/ 5:Tmp=X[0,1]>>>24
+___
+$code.=<<___ if ($i&1);
+        sll             $a,5,$tmp0                      !! $i
+        and             $c,$b,$tmp3
+        ld              [$Xfer+`4*($i%16)`],$Xi
+         fpadd32        @X[$j],@X[$j],@X[$j]            ! 4/ 8/ 6:X[0,1]<<=1
+        srl             $a,27,$tmp1
+        add             $tmp0,$e,$e
+         fmul8ulx16     %f18,$fmul,%f18                 ! 5/10/ 7:Tmp>>=7, Tmp&=1
+        sll             $b,30,$tmp2
+        add             $tmp1,$e,$e
+         fpadd32        $K,@X[$l],%f20                  !
+        andn            $d,$b,$tmp1
+        add             $Xi,$e,$e
+         fxors          @X[($k+13)%16],@X[$k],@X[$k]    !-1/-1/-1:X[0]^=X[13]
+        srl             $b,2,$b
+        or              $tmp1,$tmp3,$tmp1
+         fxor           %f18,@X[$j],@X[$j]              ! 8/14/10:X[0,1]|=Tmp
+        or              $tmp2,$b,$b
+        add             $tmp1,$e,$e
+___
+$code.=<<___ if ($i&1 && $i>=2);
+         std            %f20,[$Xfer+`4*$l`]             !
+___
+}
+
+sub BODY_20_39 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=$i&~1;
+my $k=($j+16+2)%16;     # ahead reference
+my $l=($j+16-2)%16;     # behind reference
+my $K=@VK[($j+16-2)/20];
+
+$j=($j+16)%16;
+
+$code.=<<___ if (!($i&1) && $i<64);
+        sll             $a,5,$tmp0                      !! $i
+        ld              [$Xfer+`4*($i%16)`],$Xi
+         fxors          @X[($j+14)%16],@X[$j+1],@X[$j+1]! 0/ 0/ 0:X[1]^=X[14]
+        srl             $a,27,$tmp1
+        add             $tmp0,$e,$e
+         fxor           @X[($j+2)%16],@X[($j+8)%16],%f18! 1/ 1/ 1:Tmp=X[2,3]^X[8,9]
+        xor             $c,$b,$tmp0
+        add             $tmp1,$e,$e
+        sll             $b,30,$tmp2
+        xor             $d,$tmp0,$tmp1
+         fxor           %f18,@X[$j],@X[$j]              ! 2/ 4/ 3:X[0,1]^=X[2,3]^X[8,9]
+        srl             $b,2,$b
+        add             $tmp1,$e,$e
+        or              $tmp2,$b,$b
+        add             $Xi,$e,$e
+         faligndata     @X[$j],@X[$j],%f18              ! 3/ 7/ 5:Tmp=X[0,1]>>>24
+___
+$code.=<<___ if ($i&1 && $i<64);
+        sll             $a,5,$tmp0                      !! $i
+        ld              [$Xfer+`4*($i%16)`],$Xi
+         fpadd32        @X[$j],@X[$j],@X[$j]            ! 4/ 8/ 6:X[0,1]<<=1
+        srl             $a,27,$tmp1
+        add             $tmp0,$e,$e
+         fmul8ulx16     %f18,$fmul,%f18                 ! 5/10/ 7:Tmp>>=7, Tmp&=1
+        xor             $c,$b,$tmp0
+        add             $tmp1,$e,$e
+         fpadd32        $K,@X[$l],%f20                  !
+        sll             $b,30,$tmp2
+        xor             $d,$tmp0,$tmp1
+         fxors          @X[($k+13)%16],@X[$k],@X[$k]    !-1/-1/-1:X[0]^=X[13]
+        srl             $b,2,$b
+        add             $tmp1,$e,$e
+         fxor           %f18,@X[$j],@X[$j]              ! 8/14/10:X[0,1]|=Tmp
+        or              $tmp2,$b,$b
+        add             $Xi,$e,$e
+         std            %f20,[$Xfer+`4*$l`]             !
+___
+$code.=<<___ if ($i==64);
+        sll             $a,5,$tmp0                      !! $i
+        ld              [$Xfer+`4*($i%16)`],$Xi
+         fpadd32        $K,@X[$l],%f20
+        srl             $a,27,$tmp1
+        add             $tmp0,$e,$e
+        xor             $c,$b,$tmp0
+        add             $tmp1,$e,$e
+        sll             $b,30,$tmp2
+        xor             $d,$tmp0,$tmp1
+         std            %f20,[$Xfer+`4*$l`]
+        srl             $b,2,$b
+        add             $tmp1,$e,$e
+        or              $tmp2,$b,$b
+        add             $Xi,$e,$e
+___
+$code.=<<___ if ($i>64);
+        sll             $a,5,$tmp0                      !! $i
+        ld              [$Xfer+`4*($i%16)`],$Xi
+        srl             $a,27,$tmp1
+        add             $tmp0,$e,$e
+        xor             $c,$b,$tmp0
+        add             $tmp1,$e,$e
+        sll             $b,30,$tmp2
+        xor             $d,$tmp0,$tmp1
+        srl             $b,2,$b
+        add             $tmp1,$e,$e
+        or              $tmp2,$b,$b
+        add             $Xi,$e,$e
+___
+}
+
+sub BODY_40_59 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=$i&~1;
+my $k=($j+16+2)%16;     # ahead reference
+my $l=($j+16-2)%16;     # behind reference
+my $K=@VK[($j+16-2)/20];
+
+$j=($j+16)%16;
+
+$code.=<<___ if (!($i&1));
+        sll             $a,5,$tmp0                      !! $i
+        ld              [$Xfer+`4*($i%16)`],$Xi
+         fxors          @X[($j+14)%16],@X[$j+1],@X[$j+1]! 0/ 0/ 0:X[1]^=X[14]
+        srl             $a,27,$tmp1
+        add             $tmp0,$e,$e
+         fxor           @X[($j+2)%16],@X[($j+8)%16],%f18! 1/ 1/ 1:Tmp=X[2,3]^X[8,9]
+        and             $c,$b,$tmp0
+        add             $tmp1,$e,$e
+        sll             $b,30,$tmp2
+        or              $c,$b,$tmp1
+         fxor           %f18,@X[$j],@X[$j]              ! 2/ 4/ 3:X[0,1]^=X[2,3]^X[8,9]
+        srl             $b,2,$b
+        and             $d,$tmp1,$tmp1
+        add             $Xi,$e,$e
+        or              $tmp1,$tmp0,$tmp1
+         faligndata     @X[$j],@X[$j],%f18              ! 3/ 7/ 5:Tmp=X[0,1]>>>24
+        or              $tmp2,$b,$b
+        add             $tmp1,$e,$e
+         fpadd32        @X[$j],@X[$j],@X[$j]            ! 4/ 8/ 6:X[0,1]<<=1
+___
+$code.=<<___ if ($i&1);
+        sll             $a,5,$tmp0                      !! $i
+        ld              [$Xfer+`4*($i%16)`],$Xi
+        srl             $a,27,$tmp1
+        add             $tmp0,$e,$e
+         fmul8ulx16     %f18,$fmul,%f18                 ! 5/10/ 7:Tmp>>=7, Tmp&=1
+        and             $c,$b,$tmp0
+        add             $tmp1,$e,$e
+         fpadd32        $K,@X[$l],%f20                  !
+        sll             $b,30,$tmp2
+        or              $c,$b,$tmp1
+         fxors          @X[($k+13)%16],@X[$k],@X[$k]    !-1/-1/-1:X[0]^=X[13]
+        srl             $b,2,$b
+        and             $d,$tmp1,$tmp1
+         fxor           %f18,@X[$j],@X[$j]              ! 8/14/10:X[0,1]|=Tmp
+        add             $Xi,$e,$e
+        or              $tmp1,$tmp0,$tmp1
+        or              $tmp2,$b,$b
+        add             $tmp1,$e,$e
+         std            %f20,[$Xfer+`4*$l`]             !
+___
+}
+
+# If there is more data to process, then we pre-fetch the data for
+# next iteration in last ten rounds...
+sub BODY_70_79 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=$i&~1;
+my $m=($i%8)*2;
+
+$j=($j+16)%16;
+
+$code.=<<___ if ($i==70);
+        sll             $a,5,$tmp0                      !! $i
+        ld              [$Xfer+`4*($i%16)`],$Xi
+        srl             $a,27,$tmp1
+        add             $tmp0,$e,$e
+         ldd            [$inp+64],@X[0]
+        xor             $c,$b,$tmp0
+        add             $tmp1,$e,$e
+        sll             $b,30,$tmp2
+        xor             $d,$tmp0,$tmp1
+        srl             $b,2,$b
+        add             $tmp1,$e,$e
+        or              $tmp2,$b,$b
+        add             $Xi,$e,$e
+
+        and             $inp,-64,$nXfer
+        inc             64,$inp
+        and             $nXfer,255,$nXfer
+        alignaddr       %g0,$align,%g0
+        add             $base,$nXfer,$nXfer
+___
+$code.=<<___ if ($i==71);
+        sll             $a,5,$tmp0                      !! $i
+        ld              [$Xfer+`4*($i%16)`],$Xi
+        srl             $a,27,$tmp1
+        add             $tmp0,$e,$e
+        xor             $c,$b,$tmp0
+        add             $tmp1,$e,$e
+        sll             $b,30,$tmp2
+        xor             $d,$tmp0,$tmp1
+        srl             $b,2,$b
+        add             $tmp1,$e,$e
+        or              $tmp2,$b,$b
+        add             $Xi,$e,$e
+___
+$code.=<<___ if ($i>=72);
+         faligndata     @X[$m],@X[$m+2],@X[$m]
+        sll             $a,5,$tmp0                      !! $i
+        ld              [$Xfer+`4*($i%16)`],$Xi
+        srl             $a,27,$tmp1
+        add             $tmp0,$e,$e
+        xor             $c,$b,$tmp0
+        add             $tmp1,$e,$e
+         fpadd32        $VK_00_19,@X[$m],%f20
+        sll             $b,30,$tmp2
+        xor             $d,$tmp0,$tmp1
+        srl             $b,2,$b
+        add             $tmp1,$e,$e
+        or              $tmp2,$b,$b
+        add             $Xi,$e,$e
+___
+$code.=<<___ if ($i<77);
+         ldd            [$inp+`8*($i+1-70)`],@X[2*($i+1-70)]
+___
+$code.=<<___ if ($i==77);       # redundant if $inp was aligned
+         add            $align,63,$tmp0
+         and            $tmp0,-8,$tmp0
+         ldd            [$inp+$tmp0],@X[16]
+___
+$code.=<<___ if ($i>=72);
+         std            %f20,[$nXfer+`4*$m`]
+___
+}
+
+$code.=<<___;
+.section        ".text",#alloc,#execinstr
+
+.align  64
+vis_const:
+.long   0x5a827999,0x5a827999   ! K_00_19
+.long   0x6ed9eba1,0x6ed9eba1   ! K_20_39
+.long   0x8f1bbcdc,0x8f1bbcdc   ! K_40_59
+.long   0xca62c1d6,0xca62c1d6   ! K_60_79
+.long   0x00000100,0x00000100
+.align  64
+.type   vis_const,#object
+.size   vis_const,(.-vis_const)
+
+.globl  sha1_block_data_order
+sha1_block_data_order:
+        save    %sp,-$frame,%sp
+        add     %fp,$bias-256,$base
+
+1:      call    .+8
+        add     %o7,vis_const-1b,$tmp0
+
+        ldd     [$tmp0+0],$VK_00_19
+        ldd     [$tmp0+8],$VK_20_39
+        ldd     [$tmp0+16],$VK_40_59
+        ldd     [$tmp0+24],$VK_60_79
+        ldd     [$tmp0+32],$fmul
+
+        ld      [$ctx+0],$Actx
+        and     $base,-256,$base
+        ld      [$ctx+4],$Bctx
+        sub     $base,$bias+$frame,%sp
+        ld      [$ctx+8],$Cctx
+        and     $inp,7,$align
+        ld      [$ctx+12],$Dctx
+        and     $inp,-8,$inp
+        ld      [$ctx+16],$Ectx
+
+        ! X[16] is maintained in FP register bank
+        alignaddr       %g0,$align,%g0
+        ldd             [$inp+0],@X[0]
+        sub             $inp,-64,$Xfer
+        ldd             [$inp+8],@X[2]
+        and             $Xfer,-64,$Xfer
+        ldd             [$inp+16],@X[4]
+        and             $Xfer,255,$Xfer
+        ldd             [$inp+24],@X[6]
+        add             $base,$Xfer,$Xfer
+        ldd             [$inp+32],@X[8]
+        ldd             [$inp+40],@X[10]
+        ldd             [$inp+48],@X[12]
+        brz,pt          $align,.Laligned
+        ldd             [$inp+56],@X[14]
+
+        ldd             [$inp+64],@X[16]
+        faligndata      @X[0],@X[2],@X[0]
+        faligndata      @X[2],@X[4],@X[2]
+        faligndata      @X[4],@X[6],@X[4]
+        faligndata      @X[6],@X[8],@X[6]
+        faligndata      @X[8],@X[10],@X[8]
+        faligndata      @X[10],@X[12],@X[10]
+        faligndata      @X[12],@X[14],@X[12]
+        faligndata      @X[14],@X[16],@X[14]
+
+.Laligned:
+        mov             5,$tmp0
+        dec             1,$len
+        alignaddr       %g0,$tmp0,%g0
+        fpadd32         $VK_00_19,@X[0],%f16
+        fpadd32         $VK_00_19,@X[2],%f18
+        fpadd32         $VK_00_19,@X[4],%f20
+        fpadd32         $VK_00_19,@X[6],%f22
+        fpadd32         $VK_00_19,@X[8],%f24
+        fpadd32         $VK_00_19,@X[10],%f26
+        fpadd32         $VK_00_19,@X[12],%f28
+        fpadd32         $VK_00_19,@X[14],%f30
+        std             %f16,[$Xfer+0]
+        mov             $Actx,$A
+        std             %f18,[$Xfer+8]
+        mov             $Bctx,$B
+        std             %f20,[$Xfer+16]
+        mov             $Cctx,$C
+        std             %f22,[$Xfer+24]
+        mov             $Dctx,$D
+        std             %f24,[$Xfer+32]
+        mov             $Ectx,$E
+        std             %f26,[$Xfer+40]
+        fxors           @X[13],@X[0],@X[0]
+        std             %f28,[$Xfer+48]
+        ba              .Loop
+        std             %f30,[$Xfer+56]
+.align  32
+.Loop:
+___
+for ($i=0;$i<20;$i++)   { &BODY_00_19($i,@V); unshift(@V,pop(@V)); }
+for (;$i<40;$i++)       { &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+for (;$i<60;$i++)       { &BODY_40_59($i,@V); unshift(@V,pop(@V)); }
+for (;$i<70;$i++)       { &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+        tst             $len
+        bz,pn           `$bits==32?"%icc":"%xcc"`,.Ltail
+        nop
+___
+for (;$i<80;$i++)       { &BODY_70_79($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+        add             $A,$Actx,$Actx
+        add             $B,$Bctx,$Bctx
+        add             $C,$Cctx,$Cctx
+        add             $D,$Dctx,$Dctx
+        add             $E,$Ectx,$Ectx
+        mov             5,$tmp0
+        fxors           @X[13],@X[0],@X[0]
+        mov             $Actx,$A
+        mov             $Bctx,$B
+        mov             $Cctx,$C
+        mov             $Dctx,$D
+        mov             $Ectx,$E
+        alignaddr       %g0,$tmp0,%g0   
+        dec             1,$len
+        ba              .Loop
+        mov             $nXfer,$Xfer
+
+.align  32
+.Ltail:
+___
+for($i=70;$i<80;$i++)   { &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+        add     $A,$Actx,$Actx
+        add     $B,$Bctx,$Bctx
+        add     $C,$Cctx,$Cctx
+        add     $D,$Dctx,$Dctx
+        add     $E,$Ectx,$Ectx
+
+        st      $Actx,[$ctx+0]
+        st      $Bctx,[$ctx+4]
+        st      $Cctx,[$ctx+8]
+        st      $Dctx,[$ctx+12]
+        st      $Ectx,[$ctx+16]
+
+        ret
+        restore
+.type   sha1_block_data_order,#function
+.size   sha1_block_data_order,(.-sha1_block_data_order)
+.asciz  "SHA1 block transform for SPARCv9a, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+# Purpose of these subroutines is to explicitly encode VIS instructions,
+# so that one can compile the module without having to specify VIS
+# extentions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
+# Idea is to reserve for option to produce "universal" binary and let
+# programmer detect if current CPU is VIS capable at run-time.
+sub unvis {
+my ($mnemonic,$rs1,$rs2,$rd)=@_;
+my $ref,$opf;
+my %visopf = (  "fmul8ulx16"    => 0x037,
+                "faligndata"    => 0x048,
+                "fpadd32"       => 0x052,
+                "fxor"          => 0x06c,
+                "fxors"         => 0x06d        );
+
+    $ref = "$mnemonic\t$rs1,$rs2,$rd";
+
+    if ($opf=$visopf{$mnemonic}) {
+        foreach ($rs1,$rs2,$rd) {
+            return $ref if (!/%f([0-9]{1,2})/);
+            $_=$1;
+            if ($1>=32) {
+                return $ref if ($1&1);
+                # re-encode for upper double register addressing
+                $_=($1|$1>>5)&31;
+            }
+        }
+
+        return  sprintf ".word\t0x%08x !%s",
+                        0x81b00000|$rd<<25|$rs1<<14|$opf<<5|$rs2,
+                        $ref;
+    } else {
+        return $ref;
+    }
+}
+sub unalignaddr {
+my ($mnemonic,$rs1,$rs2,$rd)=@_;
+my %bias = ( "g" => 0, "o" => 8, "l" => 16, "i" => 24 );
+my $ref="$mnemonic\t$rs1,$rs2,$rd";
+
+    foreach ($rs1,$rs2,$rd) {
+        if (/%([goli])([0-7])/) { $_=$bias{$1}+$2; }
+        else                    { return $ref; }
+    }
+    return  sprintf ".word\t0x%08x !%s",
+                    0x81b00300|$rd<<25|$rs1<<14|$rs2,
+                    $ref;
+}
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+$code =~ s/\b(f[^\s]*)\s+(%f[0-9]{1,2}),(%f[0-9]{1,2}),(%f[0-9]{1,2})/
+                &unvis($1,$2,$3,$4)
+          /gem;
+$code =~ s/\b(alignaddr)\s+(%[goli][0-7]),(%[goli][0-7]),(%[goli][0-7])/
+                &unalignaddr($1,$2,$3,$4)
+          /gem;
+print $code;
+close STDOUT;
diff --git a/src/lib/libcrypto/sha/asm/sha1-thumb.pl b/src/lib/libcrypto/sha/asm/sha1-thumb.pl
new file mode 100644
index 0000000000..7c9ea9b029
--- /dev/null
+++ b/src/lib/libcrypto/sha/asm/sha1-thumb.pl
@@ -0,0 +1,259 @@
+#!/usr/bin/env perl
+
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# sha1_block for Thumb.
+#
+# January 2007.
+#
+# The code does not present direct interest to OpenSSL, because of low
+# performance. Its purpose is to establish _size_ benchmark. Pretty
+# useless one I must say, because 30% or 88 bytes larger ARMv4 code
+# [avialable on demand] is almost _twice_ as fast. It should also be
+# noted that in-lining of .Lcommon and .Lrotate improves performance
+# by over 40%, while code increases by only 10% or 32 bytes. But once
+# again, the goal was to establish _size_ benchmark, not performance.
+
+$output=shift;
+open STDOUT,">$output";
+
+$inline=0;
+#$cheat_on_binutils=1;
+
+$t0="r0";
+$t1="r1";
+$t2="r2";
+$a="r3";
+$b="r4";
+$c="r5";
+$d="r6";
+$e="r7";
+$K="r8";        # "upper" registers can be used in add/sub and mov insns
+$ctx="r9";
+$inp="r10";
+$len="r11";
+$Xi="r12";
+
+sub common {
+<<___;
+        sub     $t0,#4
+        ldr     $t1,[$t0]
+        add     $e,$K                   @ E+=K_xx_xx
+        lsl     $t2,$a,#5
+        add     $t2,$e
+        lsr     $e,$a,#27
+        add     $t2,$e                  @ E+=ROR(A,27)
+        add     $t2,$t1                 @ E+=X[i]
+___
+}
+sub rotate {
+<<___;
+        mov     $e,$d                   @ E=D
+        mov     $d,$c                   @ D=C
+        lsl     $c,$b,#30
+        lsr     $b,$b,#2
+        orr     $c,$b                   @ C=ROR(B,2)
+        mov     $b,$a                   @ B=A
+        add     $a,$t2,$t1              @ A=E+F_xx_xx(B,C,D)
+___
+}
+
+sub BODY_00_19 {
+$code.=$inline?&common():"\tbl  .Lcommon\n";
+$code.=<<___;
+        mov     $t1,$c
+        eor     $t1,$d
+        and     $t1,$b
+        eor     $t1,$d                  @ F_00_19(B,C,D)
+___
+$code.=$inline?&rotate():"\tbl  .Lrotate\n";
+}
+
+sub BODY_20_39 {
+$code.=$inline?&common():"\tbl  .Lcommon\n";
+$code.=<<___;
+        mov     $t1,$b
+        eor     $t1,$c
+        eor     $t1,$d                  @ F_20_39(B,C,D)
+___
+$code.=$inline?&rotate():"\tbl  .Lrotate\n";
+}
+
+sub BODY_40_59 {
+$code.=$inline?&common():"\tbl  .Lcommon\n";
+$code.=<<___;
+        mov     $t1,$b
+        and     $t1,$c
+        mov     $e,$b
+        orr     $e,$c
+        and     $e,$d
+        orr     $t1,$e                  @ F_40_59(B,C,D)
+___
+$code.=$inline?&rotate():"\tbl  .Lrotate\n";
+}
+
+$code=<<___;
+.text
+.code   16
+
+.global sha1_block_data_order
+.type   sha1_block_data_order,%function
+
+.align  2
+sha1_block_data_order:
+___
+if ($cheat_on_binutils) {
+$code.=<<___;
+.code   32
+        add     r3,pc,#1
+        bx      r3                      @ switch to Thumb ISA
+.code   16
+___
+}
+$code.=<<___;
+        push    {r4-r7}
+        mov     r3,r8
+        mov     r4,r9
+        mov     r5,r10
+        mov     r6,r11
+        mov     r7,r12
+        push    {r3-r7,lr}
+        lsl     r2,#6
+        mov     $ctx,r0                 @ save context
+        mov     $inp,r1                 @ save inp
+        mov     $len,r2                 @ save len
+        add     $len,$inp               @ $len to point at inp end
+
+.Lloop:
+        mov     $Xi,sp
+        mov     $t2,sp
+        sub     $t2,#16*4               @ [3]
+.LXload:
+        ldrb    $a,[$t1,#0]             @ $t1 is r1 and holds inp
+        ldrb    $b,[$t1,#1]
+        ldrb    $c,[$t1,#2]
+        ldrb    $d,[$t1,#3]
+        lsl     $a,#24
+        lsl     $b,#16
+        lsl     $c,#8
+        orr     $a,$b
+        orr     $a,$c
+        orr     $a,$d
+        add     $t1,#4
+        push    {$a}
+        cmp     sp,$t2
+        bne     .LXload                 @ [+14*16]
+
+        mov     $inp,$t1                @ update $inp
+        sub     $t2,#32*4
+        sub     $t2,#32*4
+        mov     $e,#31                  @ [+4]
+.LXupdate:
+        ldr     $a,[sp,#15*4]
+        ldr     $b,[sp,#13*4]
+        ldr     $c,[sp,#7*4]
+        ldr     $d,[sp,#2*4]
+        eor     $a,$b
+        eor     $a,$c
+        eor     $a,$d
+        ror     $a,$e
+        push    {$a}
+        cmp     sp,$t2
+        bne     .LXupdate               @ [+(11+1)*64]
+
+        ldmia   $t0!,{$a,$b,$c,$d,$e}   @ $t0 is r0 and holds ctx
+        mov     $t0,$Xi
+
+        ldr     $t2,.LK_00_19
+        mov     $t1,$t0
+        sub     $t1,#20*4
+        mov     $Xi,$t1
+        mov     $K,$t2                  @ [+7+4]
+.L_00_19:
+___
+        &BODY_00_19();
+$code.=<<___;
+        cmp     $Xi,$t0
+        bne     .L_00_19                @ [+(2+9+4+2+8+2)*20]
+
+        ldr     $t2,.LK_20_39
+        mov     $t1,$t0
+        sub     $t1,#20*4
+        mov     $Xi,$t1
+        mov     $K,$t2                  @ [+5]
+.L_20_39_or_60_79:
+___
+        &BODY_20_39();
+$code.=<<___;
+        cmp     $Xi,$t0
+        bne     .L_20_39_or_60_79       @ [+(2+9+3+2+8+2)*20*2]
+        cmp     sp,$t0
+        beq     .Ldone                  @ [+2]
+
+        ldr     $t2,.LK_40_59
+        mov     $t1,$t0
+        sub     $t1,#20*4
+        mov     $Xi,$t1
+        mov     $K,$t2                  @ [+5]
+.L_40_59:
+___
+        &BODY_40_59();
+$code.=<<___;
+        cmp     $Xi,$t0
+        bne     .L_40_59                @ [+(2+9+6+2+8+2)*20]
+
+        ldr     $t2,.LK_60_79
+        mov     $Xi,sp
+        mov     $K,$t2
+        b       .L_20_39_or_60_79       @ [+4]
+.Ldone:
+        mov     $t0,$ctx
+        ldr     $t1,[$t0,#0]
+        ldr     $t2,[$t0,#4]
+        add     $a,$t1
+        ldr     $t1,[$t0,#8]
+        add     $b,$t2
+        ldr     $t2,[$t0,#12]
+        add     $c,$t1
+        ldr     $t1,[$t0,#16]
+        add     $d,$t2
+        add     $e,$t1
+        stmia   $t0!,{$a,$b,$c,$d,$e}   @ [+20]
+
+        add     sp,#80*4                @ deallocate stack frame
+        mov     $t0,$ctx                @ restore ctx
+        mov     $t1,$inp                @ restore inp
+        cmp     $t1,$len
+        beq     .Lexit
+        b       .Lloop                  @ [+6] total 3212 cycles
+.Lexit:
+        pop     {r2-r7}
+        mov     r8,r2
+        mov     r9,r3
+        mov     r10,r4
+        mov     r11,r5
+        mov     r12,r6
+        mov     lr,r7
+        pop     {r4-r7}
+        bx      lr
+.align  2
+___
+$code.=".Lcommon:\n".&common()."\tmov   pc,lr\n" if (!$inline);
+$code.=".Lrotate:\n".&rotate()."\tmov   pc,lr\n" if (!$inline);
+$code.=<<___;
+.align  2
+.LK_00_19:      .word   0x5a827999
+.LK_20_39:      .word   0x6ed9eba1
+.LK_40_59:      .word   0x8f1bbcdc
+.LK_60_79:      .word   0xca62c1d6
+.size   sha1_block_data_order,.-sha1_block_data_order
+.asciz  "SHA1 block transform for Thumb, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+print $code;
+close STDOUT; # enforce flush
diff --git a/src/lib/libcrypto/sha/asm/sha1-x86_64.pl b/src/lib/libcrypto/sha/asm/sha1-x86_64.pl
index f7ed67a726..4edc5ea9ad 100755
--- a/src/lib/libcrypto/sha/asm/sha1-x86_64.pl
+++ b/src/lib/libcrypto/sha/asm/sha1-x86_64.pl
@@ -29,14 +29,18 @@
 # Xeon P4       +65%            +0%             9.9
 # Core2         +60%            +10%            7.0
 
-$output=shift;
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
 
 $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
 ( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
 ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
 die "can't locate x86_64-xlate.pl";
 
-open STDOUT,"| $^X $xlate $output";
+open STDOUT,"| $^X $xlate $flavour $output";
 
 $ctx="%rdi";    # 1st arg
 $inp="%rsi";    # 2nd arg
@@ -69,13 +73,14 @@ $func:
         push    %rbx
         push    %rbp
         push    %r12
-        mov     %rsp,%rax
+        mov     %rsp,%r11
         mov     %rdi,$ctx       # reassigned argument
         sub     \$`8+16*4`,%rsp
         mov     %rsi,$inp       # reassigned argument
         and     \$-64,%rsp
         mov     %rdx,$num       # reassigned argument
-        mov     %rax,`16*4`(%rsp)
+        mov     %r11,`16*4`(%rsp)
+.Lprologue:
 
         mov     0($ctx),$A
         mov     4($ctx),$B
@@ -88,10 +93,12 @@ ___
 sub EPILOGUE {
 my $func=shift;
 $code.=<<___;
-        mov     `16*4`(%rsp),%rsp
-        pop     %r12
-        pop     %rbp
-        pop     %rbx
+        mov     `16*4`(%rsp),%rsi
+        mov     (%rsi),%r12
+        mov     8(%rsi),%rbp
+        mov     16(%rsi),%rbx
+        lea     24(%rsi),%rsp
+.Lepilogue:
         ret
 .size   $func,.-$func
 ___
@@ -233,7 +240,109 @@ ___
 &EPILOGUE("sha1_block_data_order");
 $code.=<<___;
 .asciz  "SHA1 block transform for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
+.align  16
+___
+
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#               CONTEXT *context,DISPATCHER_CONTEXT *disp)
+if ($win64) {
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+
+$code.=<<___;
+.extern __imp_RtlVirtualUnwind
+.type   se_handler,\@abi-omnipotent
+.align  16
+se_handler:
+        push    %rsi
+        push    %rdi
+        push    %rbx
+        push    %rbp
+        push    %r12
+        push    %r13
+        push    %r14
+        push    %r15
+        pushfq
+        sub     \$64,%rsp
+
+        mov     120($context),%rax      # pull context->Rax
+        mov     248($context),%rbx      # pull context->Rip
+
+        lea     .Lprologue(%rip),%r10
+        cmp     %r10,%rbx               # context->Rip<.Lprologue
+        jb      .Lin_prologue
+
+        mov     152($context),%rax      # pull context->Rsp
+
+        lea     .Lepilogue(%rip),%r10
+        cmp     %r10,%rbx               # context->Rip>=.Lepilogue
+        jae     .Lin_prologue
+
+        mov     `16*4`(%rax),%rax       # pull saved stack pointer
+        lea     24(%rax),%rax
+
+        mov     -8(%rax),%rbx
+        mov     -16(%rax),%rbp
+        mov     -24(%rax),%r12
+        mov     %rbx,144($context)      # restore context->Rbx
+        mov     %rbp,160($context)      # restore context->Rbp
+        mov     %r12,216($context)      # restore context->R12
+
+.Lin_prologue:
+        mov     8(%rax),%rdi
+        mov     16(%rax),%rsi
+        mov     %rax,152($context)      # restore context->Rsp
+        mov     %rsi,168($context)      # restore context->Rsi
+        mov     %rdi,176($context)      # restore context->Rdi
+
+        mov     40($disp),%rdi          # disp->ContextRecord
+        mov     $context,%rsi           # context
+        mov     \$154,%ecx              # sizeof(CONTEXT)
+        .long   0xa548f3fc              # cld; rep movsq
+
+        mov     $disp,%rsi
+        xor     %rcx,%rcx               # arg1, UNW_FLAG_NHANDLER
+        mov     8(%rsi),%rdx            # arg2, disp->ImageBase
+        mov     0(%rsi),%r8             # arg3, disp->ControlPc
+        mov     16(%rsi),%r9            # arg4, disp->FunctionEntry
+        mov     40(%rsi),%r10           # disp->ContextRecord
+        lea     56(%rsi),%r11           # &disp->HandlerData
+        lea     24(%rsi),%r12           # &disp->EstablisherFrame
+        mov     %r10,32(%rsp)           # arg5
+        mov     %r11,40(%rsp)           # arg6
+        mov     %r12,48(%rsp)           # arg7
+        mov     %rcx,56(%rsp)           # arg8, (NULL)
+        call    *__imp_RtlVirtualUnwind(%rip)
+
+        mov     \$1,%eax                # ExceptionContinueSearch
+        add     \$64,%rsp
+        popfq
+        pop     %r15
+        pop     %r14
+        pop     %r13
+        pop     %r12
+        pop     %rbp
+        pop     %rbx
+        pop     %rdi
+        pop     %rsi
+        ret
+.size   se_handler,.-se_handler
+
+.section        .pdata
+.align  4
+        .rva    .LSEH_begin_sha1_block_data_order
+        .rva    .LSEH_end_sha1_block_data_order
+        .rva    .LSEH_info_sha1_block_data_order
+
+.section        .xdata
+.align  8
+.LSEH_info_sha1_block_data_order:
+        .byte   9,0,0,0
+        .rva    se_handler
 ___
+}
 
 ####################################################################
 
diff --git a/src/lib/libcrypto/sha/asm/sha256-586.pl b/src/lib/libcrypto/sha/asm/sha256-586.pl
new file mode 100644
index 0000000000..ecc8b69c75
--- /dev/null
+++ b/src/lib/libcrypto/sha/asm/sha256-586.pl
@@ -0,0 +1,251 @@
+#!/usr/bin/env perl
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# SHA256 block transform for x86. September 2007.
+#
+# Performance in clock cycles per processed byte (less is better):
+#
+#               Pentium PIII    P4      AMD K8  Core2
+# gcc           46      36      41      27      26
+# icc           57      33      38      25      23      
+# x86 asm       40      30      35      20      20
+# x86_64 asm(*) -       -       21      15.8    16.5
+#
+# (*) x86_64 assembler performance is presented for reference
+#     purposes.
+#
+# Performance improvement over compiler generated code varies from
+# 10% to 40% [see above]. Not very impressive on some µ-archs, but
+# it's 5 times smaller and optimizies amount of writes.
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "x86asm.pl";
+
+&asm_init($ARGV[0],"sha512-586.pl",$ARGV[$#ARGV] eq "386");
+
+$A="eax";
+$E="edx";
+$T="ebx";
+$Aoff=&DWP(0,"esp");
+$Boff=&DWP(4,"esp");
+$Coff=&DWP(8,"esp");
+$Doff=&DWP(12,"esp");
+$Eoff=&DWP(16,"esp");
+$Foff=&DWP(20,"esp");
+$Goff=&DWP(24,"esp");
+$Hoff=&DWP(28,"esp");
+$Xoff=&DWP(32,"esp");
+$K256="ebp";
+
+sub BODY_00_15() {
+    my $in_16_63=shift;
+
+        &mov    ("ecx",$E);
+         &add   ($T,&DWP(4*(8+15+16-9),"esp"))  if ($in_16_63); # T += X[-7]
+        &ror    ("ecx",6);
+        &mov    ("edi",$E);
+        &ror    ("edi",11);
+         &mov   ("esi",$Foff);
+        &xor    ("ecx","edi");
+        &ror    ("edi",25-11);
+         &mov   (&DWP(4*(8+15),"esp"),$T)       if ($in_16_63); # save X[0]
+        &xor    ("ecx","edi");  # Sigma1(e)
+         &mov   ("edi",$Goff);
+        &add    ($T,"ecx");     # T += Sigma1(e)
+         &mov   ($Eoff,$E);     # modulo-scheduled
+
+        &xor    ("esi","edi");
+         &mov   ("ecx",$A);
+        &and    ("esi",$E);
+         &mov   ($E,$Doff);     # e becomes d, which is e in next iteration
+        &xor    ("esi","edi");  # Ch(e,f,g)
+         &mov   ("edi",$A);
+        &add    ($T,"esi");     # T += Ch(e,f,g)
+
+        &ror    ("ecx",2);
+         &add   ($T,$Hoff);     # T += h
+        &ror    ("edi",13);
+         &mov   ("esi",$Boff);
+        &xor    ("ecx","edi");
+        &ror    ("edi",22-13);
+         &add   ($E,$T);        # d += T
+        &xor    ("ecx","edi");  # Sigma0(a)
+         &mov   ("edi",$Coff);
+
+        &add    ($T,"ecx");     # T += Sigma0(a)
+         &mov   ($Aoff,$A);     # modulo-scheduled
+
+        &mov    ("ecx",$A);
+         &sub   ("esp",4);
+        &or     ($A,"esi");     # a becomes h, which is a in next iteration
+        &and    ("ecx","esi");
+        &and    ($A,"edi");
+         &mov   ("esi",&DWP(0,$K256));
+        &or     ($A,"ecx");     # h=Maj(a,b,c)
+
+        &add    ($K256,4);
+        &add    ($A,$T);        # h += T
+         &mov   ($T,&DWP(4*(8+15+16-1),"esp"))  if ($in_16_63); # preload T
+        &add    ($E,"esi");     # d += K256[i]
+        &add    ($A,"esi");     # h += K256[i]
+}
+
+&function_begin("sha256_block_data_order");
+        &mov    ("esi",wparam(0));      # ctx
+        &mov    ("edi",wparam(1));      # inp
+        &mov    ("eax",wparam(2));      # num
+        &mov    ("ebx","esp");          # saved sp
+
+        &call   (&label("pic_point"));  # make it PIC!
+&set_label("pic_point");
+        &blindpop($K256);
+        &lea    ($K256,&DWP(&label("K256")."-".&label("pic_point"),$K256));
+
+        &sub    ("esp",16);
+        &and    ("esp",-64);
+
+        &shl    ("eax",6);
+        &add    ("eax","edi");
+        &mov    (&DWP(0,"esp"),"esi");  # ctx
+        &mov    (&DWP(4,"esp"),"edi");  # inp
+        &mov    (&DWP(8,"esp"),"eax");  # inp+num*128
+        &mov    (&DWP(12,"esp"),"ebx"); # saved sp
+
+&set_label("loop",16);
+    # copy input block to stack reversing byte and dword order
+    for($i=0;$i<4;$i++) {
+        &mov    ("eax",&DWP($i*16+0,"edi"));
+        &mov    ("ebx",&DWP($i*16+4,"edi"));
+        &mov    ("ecx",&DWP($i*16+8,"edi"));
+        &mov    ("edx",&DWP($i*16+12,"edi"));
+        &bswap  ("eax");
+        &bswap  ("ebx");
+        &bswap  ("ecx");
+        &bswap  ("edx");
+        &push   ("eax");
+        &push   ("ebx");
+        &push   ("ecx");
+        &push   ("edx");
+    }
+        &add    ("edi",64);
+        &sub    ("esp",4*8);            # place for A,B,C,D,E,F,G,H
+        &mov    (&DWP(4*(8+16)+4,"esp"),"edi");
+
+        # copy ctx->h[0-7] to A,B,C,D,E,F,G,H on stack
+        &mov    ($A,&DWP(0,"esi"));
+        &mov    ("ebx",&DWP(4,"esi"));
+        &mov    ("ecx",&DWP(8,"esi"));
+        &mov    ("edi",&DWP(12,"esi"));
+        # &mov  ($Aoff,$A);
+        &mov    ($Boff,"ebx");
+        &mov    ($Coff,"ecx");
+        &mov    ($Doff,"edi");
+        &mov    ($E,&DWP(16,"esi"));    
+        &mov    ("ebx",&DWP(20,"esi"));
+        &mov    ("ecx",&DWP(24,"esi"));
+        &mov    ("edi",&DWP(28,"esi"));
+        # &mov  ($Eoff,$E);
+        &mov    ($Foff,"ebx");
+        &mov    ($Goff,"ecx");
+        &mov    ($Hoff,"edi");
+
+&set_label("00_15",16);
+        &mov    ($T,&DWP(4*(8+15),"esp"));
+
+        &BODY_00_15();
+
+        &cmp    ("esi",0xc19bf174);
+        &jne    (&label("00_15"));
+
+        &mov    ($T,&DWP(4*(8+15+16-1),"esp")); # preloaded in BODY_00_15(1)
+&set_label("16_63",16);
+        &mov    ("esi",$T);
+         &mov   ("ecx",&DWP(4*(8+15+16-14),"esp"));
+        &shr    ($T,3);
+        &ror    ("esi",7);
+        &xor    ($T,"esi");
+        &ror    ("esi",18-7);
+         &mov   ("edi","ecx");
+        &xor    ($T,"esi");                     # T = sigma0(X[-15])
+
+        &shr    ("ecx",10);
+         &mov   ("esi",&DWP(4*(8+15+16),"esp"));
+        &ror    ("edi",17);
+        &xor    ("ecx","edi");
+        &ror    ("edi",19-17);
+         &add   ($T,"esi");                     # T += X[-16]
+        &xor    ("edi","ecx")                   # sigma1(X[-2])
+
+        &add    ($T,"edi");                     # T += sigma1(X[-2])
+        # &add  ($T,&DWP(4*(8+15+16-9),"esp")); # T += X[-7], moved to BODY_00_15(1)
+        # &mov  (&DWP(4*(8+15),"esp"),$T);      # save X[0]
+
+        &BODY_00_15(1);
+
+        &cmp    ("esi",0xc67178f2);
+        &jne    (&label("16_63"));
+
+        &mov    ("esi",&DWP(4*(8+16+64)+0,"esp"));#ctx
+        # &mov  ($A,$Aoff);
+        &mov    ("ebx",$Boff);
+        &mov    ("ecx",$Coff);
+        &mov    ("edi",$Doff);
+        &add    ($A,&DWP(0,"esi"));
+        &add    ("ebx",&DWP(4,"esi"));
+        &add    ("ecx",&DWP(8,"esi"));
+        &add    ("edi",&DWP(12,"esi"));
+        &mov    (&DWP(0,"esi"),$A);
+        &mov    (&DWP(4,"esi"),"ebx");
+        &mov    (&DWP(8,"esi"),"ecx");
+        &mov    (&DWP(12,"esi"),"edi");
+        # &mov  ($E,$Eoff);
+        &mov    ("eax",$Foff);
+        &mov    ("ebx",$Goff);
+        &mov    ("ecx",$Hoff);
+        &mov    ("edi",&DWP(4*(8+16+64)+4,"esp"));#inp
+        &add    ($E,&DWP(16,"esi"));
+        &add    ("eax",&DWP(20,"esi"));
+        &add    ("ebx",&DWP(24,"esi"));
+        &add    ("ecx",&DWP(28,"esi"));
+        &mov    (&DWP(16,"esi"),$E);
+        &mov    (&DWP(20,"esi"),"eax");
+        &mov    (&DWP(24,"esi"),"ebx");
+        &mov    (&DWP(28,"esi"),"ecx");
+
+        &add    ("esp",4*(8+16+64));            # destroy frame
+        &sub    ($K256,4*64);                   # rewind K
+
+        &cmp    ("edi",&DWP(8,"esp"));          # are we done yet?
+        &jb     (&label("loop"));
+
+        &mov    ("esp",&DWP(12,"esp"));         # restore sp
+&function_end_A();
+
+&set_label("K256",64);  # Yes! I keep it in the code segment!
+        &data_word(0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5);
+        &data_word(0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5);
+        &data_word(0xd807aa98,0x12835b01,0x243185be,0x550c7dc3);
+        &data_word(0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174);
+        &data_word(0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc);
+        &data_word(0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da);
+        &data_word(0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7);
+        &data_word(0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967);
+        &data_word(0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13);
+        &data_word(0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85);
+        &data_word(0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3);
+        &data_word(0xd192e819,0xd6990624,0xf40e3585,0x106aa070);
+        &data_word(0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5);
+        &data_word(0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3);
+        &data_word(0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208);
+        &data_word(0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2);
+&function_end_B("sha256_block_data_order");
+&asciz("SHA256 block transform for x86, CRYPTOGAMS by <appro\@openssl.org>");
+
+&asm_finish();
diff --git a/src/lib/libcrypto/sha/asm/sha256-armv4.pl b/src/lib/libcrypto/sha/asm/sha256-armv4.pl
new file mode 100644
index 0000000000..48d846deec
--- /dev/null
+++ b/src/lib/libcrypto/sha/asm/sha256-armv4.pl
@@ -0,0 +1,181 @@
+#!/usr/bin/env perl
+
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# SHA256 block procedure for ARMv4. May 2007.
+
+# Performance is ~2x better than gcc 3.4 generated code and in "abso-
+# lute" terms is ~2250 cycles per 64-byte block or ~35 cycles per
+# byte.
+
+$output=shift;
+open STDOUT,">$output";
+
+$ctx="r0";      $t0="r0";
+$inp="r1";
+$len="r2";      $t1="r2";
+$T1="r3";
+$A="r4";
+$B="r5";
+$C="r6";
+$D="r7";
+$E="r8";
+$F="r9";
+$G="r10";
+$H="r11";
+@V=($A,$B,$C,$D,$E,$F,$G,$H);
+$t2="r12";
+$Ktbl="r14";
+
+@Sigma0=( 2,13,22);
+@Sigma1=( 6,11,25);
+@sigma0=( 7,18, 3);
+@sigma1=(17,19,10);
+
+sub BODY_00_15 {
+my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_;
+
+$code.=<<___ if ($i<16);
+        ldrb    $T1,[$inp,#3]                   @ $i
+        ldrb    $t2,[$inp,#2]
+        ldrb    $t1,[$inp,#1]
+        ldrb    $t0,[$inp],#4
+        orr     $T1,$T1,$t2,lsl#8
+        orr     $T1,$T1,$t1,lsl#16
+        orr     $T1,$T1,$t0,lsl#24
+        `"str   $inp,[sp,#17*4]"        if ($i==15)`
+___
+$code.=<<___;
+        ldr     $t2,[$Ktbl],#4                  @ *K256++
+        str     $T1,[sp,#`$i%16`*4]
+        mov     $t0,$e,ror#$Sigma1[0]
+        eor     $t0,$t0,$e,ror#$Sigma1[1]
+        eor     $t0,$t0,$e,ror#$Sigma1[2]       @ Sigma1(e)
+        add     $T1,$T1,$t0
+        eor     $t1,$f,$g
+        and     $t1,$t1,$e
+        eor     $t1,$t1,$g                      @ Ch(e,f,g)
+        add     $T1,$T1,$t1
+        add     $T1,$T1,$h
+        add     $T1,$T1,$t2
+        mov     $h,$a,ror#$Sigma0[0]
+        eor     $h,$h,$a,ror#$Sigma0[1]
+        eor     $h,$h,$a,ror#$Sigma0[2]         @ Sigma0(a)
+        orr     $t0,$a,$b
+        and     $t0,$t0,$c
+        and     $t1,$a,$b
+        orr     $t0,$t0,$t1                     @ Maj(a,b,c)
+        add     $h,$h,$t0
+        add     $d,$d,$T1
+        add     $h,$h,$T1
+___
+}
+
+sub BODY_16_XX {
+my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_;
+
+$code.=<<___;
+        ldr     $t1,[sp,#`($i+1)%16`*4] @ $i
+        ldr     $t2,[sp,#`($i+14)%16`*4]
+        ldr     $T1,[sp,#`($i+0)%16`*4]
+        ldr     $inp,[sp,#`($i+9)%16`*4]
+        mov     $t0,$t1,ror#$sigma0[0]
+        eor     $t0,$t0,$t1,ror#$sigma0[1]
+        eor     $t0,$t0,$t1,lsr#$sigma0[2]      @ sigma0(X[i+1])
+        mov     $t1,$t2,ror#$sigma1[0]
+        eor     $t1,$t1,$t2,ror#$sigma1[1]
+        eor     $t1,$t1,$t2,lsr#$sigma1[2]      @ sigma1(X[i+14])
+        add     $T1,$T1,$t0
+        add     $T1,$T1,$t1
+        add     $T1,$T1,$inp
+___
+        &BODY_00_15(@_);
+}
+
+$code=<<___;
+.text
+.code   32
+
+.type   K256,%object
+.align  5
+K256:
+.word   0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
+.word   0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
+.word   0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
+.word   0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
+.word   0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
+.word   0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
+.word   0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
+.word   0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
+.word   0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
+.word   0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
+.word   0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
+.word   0xd192e819,0xd6990624,0xf40e3585,0x106aa070
+.word   0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
+.word   0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
+.word   0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
+.word   0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
+.size   K256,.-K256
+
+.global sha256_block_data_order
+.type   sha256_block_data_order,%function
+sha256_block_data_order:
+        sub     r3,pc,#8                @ sha256_block_data_order
+        add     $len,$inp,$len,lsl#6    @ len to point at the end of inp
+        stmdb   sp!,{$ctx,$inp,$len,r4-r12,lr}
+        ldmia   $ctx,{$A,$B,$C,$D,$E,$F,$G,$H}
+        sub     $Ktbl,r3,#256           @ K256
+        sub     sp,sp,#16*4             @ alloca(X[16])
+.Loop:
+___
+for($i=0;$i<16;$i++)    { &BODY_00_15($i,@V); unshift(@V,pop(@V)); }
+$code.=".Lrounds_16_xx:\n";
+for (;$i<32;$i++)       { &BODY_16_XX($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+        and     $t2,$t2,#0xff
+        cmp     $t2,#0xf2
+        bne     .Lrounds_16_xx
+
+        ldr     $T1,[sp,#16*4]          @ pull ctx
+        ldr     $t0,[$T1,#0]
+        ldr     $t1,[$T1,#4]
+        ldr     $t2,[$T1,#8]
+        add     $A,$A,$t0
+        ldr     $t0,[$T1,#12]
+        add     $B,$B,$t1
+        ldr     $t1,[$T1,#16]
+        add     $C,$C,$t2
+        ldr     $t2,[$T1,#20]
+        add     $D,$D,$t0
+        ldr     $t0,[$T1,#24]
+        add     $E,$E,$t1
+        ldr     $t1,[$T1,#28]
+        add     $F,$F,$t2
+        ldr     $inp,[sp,#17*4]         @ pull inp
+        ldr     $t2,[sp,#18*4]          @ pull inp+len
+        add     $G,$G,$t0
+        add     $H,$H,$t1
+        stmia   $T1,{$A,$B,$C,$D,$E,$F,$G,$H}
+        cmp     $inp,$t2
+        sub     $Ktbl,$Ktbl,#256        @ rewind Ktbl
+        bne     .Loop
+
+        add     sp,sp,#`16+3`*4 @ destroy frame
+        ldmia   sp!,{r4-r12,lr}
+        tst     lr,#1
+        moveq   pc,lr                   @ be binary compatible with V4, yet
+        bx      lr                      @ interoperable with Thumb ISA:-)
+.size   sha256_block_data_order,.-sha256_block_data_order
+.asciz  "SHA256 block transform for ARMv4, CRYPTOGAMS by <appro\@openssl.org>"
+.align  2
+___
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+$code =~ s/\bbx\s+lr\b/.word\t0xe12fff1e/gm;    # make it possible to compile with -march=armv4
+print $code;
+close STDOUT; # enforce flush
diff --git a/src/lib/libcrypto/sha/asm/sha512-586.pl b/src/lib/libcrypto/sha/asm/sha512-586.pl
new file mode 100644
index 0000000000..5b9f3337ad
--- /dev/null
+++ b/src/lib/libcrypto/sha/asm/sha512-586.pl
@@ -0,0 +1,644 @@
+#!/usr/bin/env perl
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# SHA512 block transform for x86. September 2007.
+#
+# Performance in clock cycles per processed byte (less is better):
+#
+#               Pentium PIII    P4      AMD K8  Core2
+# gcc           100     75      116     54      66
+# icc           97      77      95      55      57
+# x86 asm       61      56      82      36      40
+# SSE2 asm      -       -       38      24      20
+# x86_64 asm(*) -       -       30      10.0    10.5
+#
+# (*) x86_64 assembler performance is presented for reference
+#     purposes.
+#
+# IALU code-path is optimized for elder Pentiums. On vanilla Pentium
+# performance improvement over compiler generated code reaches ~60%,
+# while on PIII - ~35%. On newer µ-archs improvement varies from 15%
+# to 50%, but it's less important as they are expected to execute SSE2
+# code-path, which is commonly ~2-3x faster [than compiler generated
+# code]. SSE2 code-path is as fast as original sha512-sse2.pl, even
+# though it does not use 128-bit operations. The latter means that
+# SSE2-aware kernel is no longer required to execute the code. Another
+# difference is that new code optimizes amount of writes, but at the
+# cost of increased data cache "footprint" by 1/2KB.
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "x86asm.pl";
+
+&asm_init($ARGV[0],"sha512-586.pl",$ARGV[$#ARGV] eq "386");
+
+$sse2=0;
+for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
+
+&external_label("OPENSSL_ia32cap_P") if ($sse2);
+
+$Tlo=&DWP(0,"esp");     $Thi=&DWP(4,"esp");
+$Alo=&DWP(8,"esp");     $Ahi=&DWP(8+4,"esp");
+$Blo=&DWP(16,"esp");    $Bhi=&DWP(16+4,"esp");
+$Clo=&DWP(24,"esp");    $Chi=&DWP(24+4,"esp");
+$Dlo=&DWP(32,"esp");    $Dhi=&DWP(32+4,"esp");
+$Elo=&DWP(40,"esp");    $Ehi=&DWP(40+4,"esp");
+$Flo=&DWP(48,"esp");    $Fhi=&DWP(48+4,"esp");
+$Glo=&DWP(56,"esp");    $Ghi=&DWP(56+4,"esp");
+$Hlo=&DWP(64,"esp");    $Hhi=&DWP(64+4,"esp");
+$K512="ebp";
+
+$Asse2=&QWP(0,"esp");
+$Bsse2=&QWP(8,"esp");
+$Csse2=&QWP(16,"esp");
+$Dsse2=&QWP(24,"esp");
+$Esse2=&QWP(32,"esp");
+$Fsse2=&QWP(40,"esp");
+$Gsse2=&QWP(48,"esp");
+$Hsse2=&QWP(56,"esp");
+
+$A="mm0";       # B-D and
+$E="mm4";       # F-H are commonly loaded to respectively mm1-mm3 and
+                # mm5-mm7, but it's done on on-demand basis...
+
+sub BODY_00_15_sse2 {
+    my $prefetch=shift;
+
+        &movq   ("mm5",$Fsse2);                 # load f
+        &movq   ("mm6",$Gsse2);                 # load g
+        &movq   ("mm7",$Hsse2);                 # load h
+
+        &movq   ("mm1",$E);                     # %mm1 is sliding right
+        &movq   ("mm2",$E);                     # %mm2 is sliding left
+        &psrlq  ("mm1",14);
+        &movq   ($Esse2,$E);                    # modulo-scheduled save e
+        &psllq  ("mm2",23);
+        &movq   ("mm3","mm1");                  # %mm3 is T1
+        &psrlq  ("mm1",4);
+        &pxor   ("mm3","mm2");
+        &psllq  ("mm2",23);
+        &pxor   ("mm3","mm1");
+        &psrlq  ("mm1",23);
+        &pxor   ("mm3","mm2");
+        &psllq  ("mm2",4);
+        &pxor   ("mm3","mm1");
+        &paddq  ("mm7",QWP(0,$K512));           # h+=K512[i]
+        &pxor   ("mm3","mm2");                  # T1=Sigma1_512(e)
+
+        &pxor   ("mm5","mm6");                  # f^=g
+        &movq   ("mm1",$Bsse2);                 # load b
+        &pand   ("mm5",$E);                     # f&=e
+        &movq   ("mm2",$Csse2);                 # load c
+        &pxor   ("mm5","mm6");                  # f^=g
+        &movq   ($E,$Dsse2);                    # e = load d
+        &paddq  ("mm3","mm5");                  # T1+=Ch(e,f,g)
+        &movq   (&QWP(0,"esp"),$A);             # modulo-scheduled save a
+        &paddq  ("mm3","mm7");                  # T1+=h
+
+        &movq   ("mm5",$A);                     # %mm5 is sliding right
+        &movq   ("mm6",$A);                     # %mm6 is sliding left
+        &paddq  ("mm3",&QWP(8*9,"esp"));        # T1+=X[0]
+        &psrlq  ("mm5",28);
+        &paddq  ($E,"mm3");                     # e += T1
+        &psllq  ("mm6",25);
+        &movq   ("mm7","mm5");                  # %mm7 is T2
+        &psrlq  ("mm5",6);
+        &pxor   ("mm7","mm6");
+        &psllq  ("mm6",5);
+        &pxor   ("mm7","mm5");
+        &psrlq  ("mm5",5);
+        &pxor   ("mm7","mm6");
+        &psllq  ("mm6",6);
+        &pxor   ("mm7","mm5");
+        &sub    ("esp",8);
+        &pxor   ("mm7","mm6");                  # T2=Sigma0_512(a)
+
+        &movq   ("mm5",$A);                     # %mm5=a
+        &por    ($A,"mm2");                     # a=a|c
+        &movq   ("mm6",&QWP(8*(9+16-14),"esp")) if ($prefetch);
+        &pand   ("mm5","mm2");                  # %mm5=a&c
+        &pand   ($A,"mm1");                     # a=(a|c)&b
+        &movq   ("mm2",&QWP(8*(9+16-1),"esp"))  if ($prefetch);
+        &por    ("mm5",$A);                     # %mm5=(a&c)|((a|c)&b)
+        &paddq  ("mm7","mm5");                  # T2+=Maj(a,b,c)
+        &movq   ($A,"mm3");                     # a=T1
+
+        &mov    (&LB("edx"),&BP(0,$K512));
+        &paddq  ($A,"mm7");                     # a+=T2
+        &add    ($K512,8);
+}
+
+sub BODY_00_15_x86 {
+        #define Sigma1(x)       (ROTR((x),14) ^ ROTR((x),18)  ^ ROTR((x),41))
+        #       LO              lo>>14^hi<<18 ^ lo>>18^hi<<14 ^ hi>>9^lo<<23
+        #       HI              hi>>14^lo<<18 ^ hi>>18^lo<<14 ^ lo>>9^hi<<23
+        &mov    ("ecx",$Elo);
+        &mov    ("edx",$Ehi);
+        &mov    ("esi","ecx");
+
+        &shr    ("ecx",9)       # lo>>9
+        &mov    ("edi","edx");
+        &shr    ("edx",9)       # hi>>9
+        &mov    ("ebx","ecx");
+        &shl    ("esi",14);     # lo<<14
+        &mov    ("eax","edx");
+        &shl    ("edi",14);     # hi<<14
+        &xor    ("ebx","esi");
+
+        &shr    ("ecx",14-9);   # lo>>14
+        &xor    ("eax","edi");
+        &shr    ("edx",14-9);   # hi>>14
+        &xor    ("eax","ecx");
+        &shl    ("esi",18-14);  # lo<<18
+        &xor    ("ebx","edx");
+        &shl    ("edi",18-14);  # hi<<18
+        &xor    ("ebx","esi");
+
+        &shr    ("ecx",18-14);  # lo>>18
+        &xor    ("eax","edi");
+        &shr    ("edx",18-14);  # hi>>18
+        &xor    ("eax","ecx");
+        &shl    ("esi",23-18);  # lo<<23
+        &xor    ("ebx","edx");
+        &shl    ("edi",23-18);  # hi<<23
+        &xor    ("eax","esi");
+        &xor    ("ebx","edi");                  # T1 = Sigma1(e)
+
+        &mov    ("ecx",$Flo);
+        &mov    ("edx",$Fhi);
+        &mov    ("esi",$Glo);
+        &mov    ("edi",$Ghi);
+         &add   ("eax",$Hlo);
+         &adc   ("ebx",$Hhi);                   # T1 += h
+        &xor    ("ecx","esi");
+        &xor    ("edx","edi");
+        &and    ("ecx",$Elo);
+        &and    ("edx",$Ehi);
+         &add   ("eax",&DWP(8*(9+15)+0,"esp"));
+         &adc   ("ebx",&DWP(8*(9+15)+4,"esp")); # T1 += X[0]
+        &xor    ("ecx","esi");
+        &xor    ("edx","edi");                  # Ch(e,f,g) = (f^g)&e)^g
+
+        &mov    ("esi",&DWP(0,$K512));
+        &mov    ("edi",&DWP(4,$K512));          # K[i]
+        &add    ("eax","ecx");
+        &adc    ("ebx","edx");                  # T1 += Ch(e,f,g)
+        &mov    ("ecx",$Dlo);
+        &mov    ("edx",$Dhi);
+        &add    ("eax","esi");
+        &adc    ("ebx","edi");                  # T1 += K[i]
+        &mov    ($Tlo,"eax");
+        &mov    ($Thi,"ebx");                   # put T1 away
+        &add    ("eax","ecx");
+        &adc    ("ebx","edx");                  # d += T1
+
+        #define Sigma0(x)       (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39))
+        #       LO              lo>>28^hi<<4  ^ hi>>2^lo<<30 ^ hi>>7^lo<<25
+        #       HI              hi>>28^lo<<4  ^ lo>>2^hi<<30 ^ lo>>7^hi<<25
+        &mov    ("ecx",$Alo);
+        &mov    ("edx",$Ahi);
+        &mov    ($Dlo,"eax");
+        &mov    ($Dhi,"ebx");
+        &mov    ("esi","ecx");
+
+        &shr    ("ecx",2)       # lo>>2
+        &mov    ("edi","edx");
+        &shr    ("edx",2)       # hi>>2
+        &mov    ("ebx","ecx");
+        &shl    ("esi",4);      # lo<<4
+        &mov    ("eax","edx");
+        &shl    ("edi",4);      # hi<<4
+        &xor    ("ebx","esi");
+
+        &shr    ("ecx",7-2);    # lo>>7
+        &xor    ("eax","edi");
+        &shr    ("edx",7-2);    # hi>>7
+        &xor    ("ebx","ecx");
+        &shl    ("esi",25-4);   # lo<<25
+        &xor    ("eax","edx");
+        &shl    ("edi",25-4);   # hi<<25
+        &xor    ("eax","esi");
+
+        &shr    ("ecx",28-7);   # lo>>28
+        &xor    ("ebx","edi");
+        &shr    ("edx",28-7);   # hi>>28
+        &xor    ("eax","ecx");
+        &shl    ("esi",30-25);  # lo<<30
+        &xor    ("ebx","edx");
+        &shl    ("edi",30-25);  # hi<<30
+        &xor    ("eax","esi");
+        &xor    ("ebx","edi");                  # Sigma0(a)
+
+        &mov    ("ecx",$Alo);
+        &mov    ("edx",$Ahi);
+        &mov    ("esi",$Blo);
+        &mov    ("edi",$Bhi);
+        &add    ("eax",$Tlo);
+        &adc    ("ebx",$Thi);                   # T1 = Sigma0(a)+T1
+        &or     ("ecx","esi");
+        &or     ("edx","edi");
+        &and    ("ecx",$Clo);
+        &and    ("edx",$Chi);
+        &and    ("esi",$Alo);
+        &and    ("edi",$Ahi);
+        &or     ("ecx","esi");
+        &or     ("edx","edi");                  # Maj(a,b,c) = ((a|b)&c)|(a&b)
+
+        &add    ("eax","ecx");
+        &adc    ("ebx","edx");                  # T1 += Maj(a,b,c)
+        &mov    ($Tlo,"eax");
+        &mov    ($Thi,"ebx");
+
+        &mov    (&LB("edx"),&BP(0,$K512));      # pre-fetch LSB of *K
+        &sub    ("esp",8);
+        &lea    ($K512,&DWP(8,$K512));          # K++
+}
+
+
+&function_begin("sha512_block_data_order");
+        &mov    ("esi",wparam(0));      # ctx
+        &mov    ("edi",wparam(1));      # inp
+        &mov    ("eax",wparam(2));      # num
+        &mov    ("ebx","esp");          # saved sp
+
+        &call   (&label("pic_point"));  # make it PIC!
+&set_label("pic_point");
+        &blindpop($K512);
+        &lea    ($K512,&DWP(&label("K512")."-".&label("pic_point"),$K512));
+
+        &sub    ("esp",16);
+        &and    ("esp",-64);
+
+        &shl    ("eax",7);
+        &add    ("eax","edi");
+        &mov    (&DWP(0,"esp"),"esi");  # ctx
+        &mov    (&DWP(4,"esp"),"edi");  # inp
+        &mov    (&DWP(8,"esp"),"eax");  # inp+num*128
+        &mov    (&DWP(12,"esp"),"ebx"); # saved sp
+
+if ($sse2) {
+        &picmeup("edx","OPENSSL_ia32cap_P",$K512,&label("K512"));
+        &bt     (&DWP(0,"edx"),26);
+        &jnc    (&label("loop_x86"));
+
+        # load ctx->h[0-7]
+        &movq   ($A,&QWP(0,"esi"));
+        &movq   ("mm1",&QWP(8,"esi"));
+        &movq   ("mm2",&QWP(16,"esi"));
+        &movq   ("mm3",&QWP(24,"esi"));
+        &movq   ($E,&QWP(32,"esi"));
+        &movq   ("mm5",&QWP(40,"esi"));
+        &movq   ("mm6",&QWP(48,"esi"));
+        &movq   ("mm7",&QWP(56,"esi"));
+        &sub    ("esp",8*10);
+
+&set_label("loop_sse2",16);
+        # &movq ($Asse2,$A);
+        &movq   ($Bsse2,"mm1");
+        &movq   ($Csse2,"mm2");
+        &movq   ($Dsse2,"mm3");
+        # &movq ($Esse2,$E);
+        &movq   ($Fsse2,"mm5");
+        &movq   ($Gsse2,"mm6");
+        &movq   ($Hsse2,"mm7");
+
+        &mov    ("ecx",&DWP(0,"edi"));
+        &mov    ("edx",&DWP(4,"edi"));
+        &add    ("edi",8);
+        &bswap  ("ecx");
+        &bswap  ("edx");
+        &mov    (&DWP(8*9+4,"esp"),"ecx");
+        &mov    (&DWP(8*9+0,"esp"),"edx");
+
+&set_label("00_14_sse2",16);
+        &mov    ("eax",&DWP(0,"edi"));
+        &mov    ("ebx",&DWP(4,"edi"));
+        &add    ("edi",8);
+        &bswap  ("eax");
+        &bswap  ("ebx");
+        &mov    (&DWP(8*8+4,"esp"),"eax");
+        &mov    (&DWP(8*8+0,"esp"),"ebx");
+
+        &BODY_00_15_sse2();
+
+        &cmp    (&LB("edx"),0x35);
+        &jne    (&label("00_14_sse2"));
+
+        &BODY_00_15_sse2(1);
+
+&set_label("16_79_sse2",16);
+        #&movq  ("mm2",&QWP(8*(9+16-1),"esp")); #prefetched in BODY_00_15 
+        #&movq  ("mm6",&QWP(8*(9+16-14),"esp"));
+        &movq   ("mm1","mm2");
+
+        &psrlq  ("mm2",1);
+        &movq   ("mm7","mm6");
+        &psrlq  ("mm6",6);
+        &movq   ("mm3","mm2");
+
+        &psrlq  ("mm2",7-1);
+        &movq   ("mm5","mm6");
+        &psrlq  ("mm6",19-6);
+        &pxor   ("mm3","mm2");
+
+        &psrlq  ("mm2",8-7);
+        &pxor   ("mm5","mm6");
+        &psrlq  ("mm6",61-19);
+        &pxor   ("mm3","mm2");
+
+        &movq   ("mm2",&QWP(8*(9+16),"esp"));
+
+        &psllq  ("mm1",56);
+        &pxor   ("mm5","mm6");
+        &psllq  ("mm7",3);
+        &pxor   ("mm3","mm1");
+
+        &paddq  ("mm2",&QWP(8*(9+16-9),"esp"));
+
+        &psllq  ("mm1",63-56);
+        &pxor   ("mm5","mm7");
+        &psllq  ("mm7",45-3);
+        &pxor   ("mm3","mm1");
+        &pxor   ("mm5","mm7");
+
+        &paddq  ("mm3","mm5");
+        &paddq  ("mm3","mm2");
+        &movq   (&QWP(8*9,"esp"),"mm3");
+
+        &BODY_00_15_sse2(1);
+
+        &cmp    (&LB("edx"),0x17);
+        &jne    (&label("16_79_sse2"));
+
+        # &movq ($A,$Asse2);
+        &movq   ("mm1",$Bsse2);
+        &movq   ("mm2",$Csse2);
+        &movq   ("mm3",$Dsse2);
+        # &movq ($E,$Esse2);
+        &movq   ("mm5",$Fsse2);
+        &movq   ("mm6",$Gsse2);
+        &movq   ("mm7",$Hsse2);
+
+        &paddq  ($A,&QWP(0,"esi"));
+        &paddq  ("mm1",&QWP(8,"esi"));
+        &paddq  ("mm2",&QWP(16,"esi"));
+        &paddq  ("mm3",&QWP(24,"esi"));
+        &paddq  ($E,&QWP(32,"esi"));
+        &paddq  ("mm5",&QWP(40,"esi"));
+        &paddq  ("mm6",&QWP(48,"esi"));
+        &paddq  ("mm7",&QWP(56,"esi"));
+
+        &movq   (&QWP(0,"esi"),$A);
+        &movq   (&QWP(8,"esi"),"mm1");
+        &movq   (&QWP(16,"esi"),"mm2");
+        &movq   (&QWP(24,"esi"),"mm3");
+        &movq   (&QWP(32,"esi"),$E);
+        &movq   (&QWP(40,"esi"),"mm5");
+        &movq   (&QWP(48,"esi"),"mm6");
+        &movq   (&QWP(56,"esi"),"mm7");
+
+        &add    ("esp",8*80);                   # destroy frame
+        &sub    ($K512,8*80);                   # rewind K
+
+        &cmp    ("edi",&DWP(8*10+8,"esp"));     # are we done yet?
+        &jb     (&label("loop_sse2"));
+
+        &emms   ();
+        &mov    ("esp",&DWP(8*10+12,"esp"));    # restore sp
+&function_end_A();
+}
+&set_label("loop_x86",16);
+    # copy input block to stack reversing byte and qword order
+    for ($i=0;$i<8;$i++) {
+        &mov    ("eax",&DWP($i*16+0,"edi"));
+        &mov    ("ebx",&DWP($i*16+4,"edi"));
+        &mov    ("ecx",&DWP($i*16+8,"edi"));
+        &mov    ("edx",&DWP($i*16+12,"edi"));
+        &bswap  ("eax");
+        &bswap  ("ebx");
+        &bswap  ("ecx");
+        &bswap  ("edx");
+        &push   ("eax");
+        &push   ("ebx");
+        &push   ("ecx");
+        &push   ("edx");
+    }
+        &add    ("edi",128);
+        &sub    ("esp",9*8);            # place for T,A,B,C,D,E,F,G,H
+        &mov    (&DWP(8*(9+16)+4,"esp"),"edi");
+
+        # copy ctx->h[0-7] to A,B,C,D,E,F,G,H on stack
+        &lea    ("edi",&DWP(8,"esp"));
+        &mov    ("ecx",16);
+        &data_word(0xA5F3F689);         # rep movsd
+
+&set_label("00_15_x86",16);
+        &BODY_00_15_x86();
+
+        &cmp    (&LB("edx"),0x94);
+        &jne    (&label("00_15_x86"));
+
+&set_label("16_79_x86",16);
+        #define sigma0(x)       (ROTR((x),1)  ^ ROTR((x),8)  ^ ((x)>>7))
+        #       LO              lo>>1^hi<<31  ^ lo>>8^hi<<24 ^ lo>>7^hi<<25
+        #       HI              hi>>1^lo<<31  ^ hi>>8^lo<<24 ^ hi>>7
+        &mov    ("ecx",&DWP(8*(9+15+16-1)+0,"esp"));
+        &mov    ("edx",&DWP(8*(9+15+16-1)+4,"esp"));
+        &mov    ("esi","ecx");
+
+        &shr    ("ecx",1)       # lo>>1
+        &mov    ("edi","edx");
+        &shr    ("edx",1)       # hi>>1
+        &mov    ("eax","ecx");
+        &shl    ("esi",24);     # lo<<24
+        &mov    ("ebx","edx");
+        &shl    ("edi",24);     # hi<<24
+        &xor    ("ebx","esi");
+
+        &shr    ("ecx",7-1);    # lo>>7
+        &xor    ("eax","edi");
+        &shr    ("edx",7-1);    # hi>>7
+        &xor    ("eax","ecx");
+        &shl    ("esi",31-24);  # lo<<31
+        &xor    ("ebx","edx");
+        &shl    ("edi",25-24);  # hi<<25
+        &xor    ("ebx","esi");
+
+        &shr    ("ecx",8-7);    # lo>>8
+        &xor    ("eax","edi");
+        &shr    ("edx",8-7);    # hi>>8
+        &xor    ("eax","ecx");
+        &shl    ("edi",31-25);  # hi<<31
+        &xor    ("ebx","edx");
+        &xor    ("eax","edi");                  # T1 = sigma0(X[-15])
+
+        &mov    (&DWP(0,"esp"),"eax");
+        &mov    (&DWP(4,"esp"),"ebx");          # put T1 away
+
+        #define sigma1(x)       (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6))
+        #       LO              lo>>19^hi<<13 ^ hi>>29^lo<<3 ^ lo>>6^hi<<26
+        #       HI              hi>>19^lo<<13 ^ lo>>29^hi<<3 ^ hi>>6
+        &mov    ("ecx",&DWP(8*(9+15+16-14)+0,"esp"));
+        &mov    ("edx",&DWP(8*(9+15+16-14)+4,"esp"));
+        &mov    ("esi","ecx");
+
+        &shr    ("ecx",6)       # lo>>6
+        &mov    ("edi","edx");
+        &shr    ("edx",6)       # hi>>6
+        &mov    ("eax","ecx");
+        &shl    ("esi",3);      # lo<<3
+        &mov    ("ebx","edx");
+        &shl    ("edi",3);      # hi<<3
+        &xor    ("eax","esi");
+
+        &shr    ("ecx",19-6);   # lo>>19
+        &xor    ("ebx","edi");
+        &shr    ("edx",19-6);   # hi>>19
+        &xor    ("eax","ecx");
+        &shl    ("esi",13-3);   # lo<<13
+        &xor    ("ebx","edx");
+        &shl    ("edi",13-3);   # hi<<13
+        &xor    ("ebx","esi");
+
+        &shr    ("ecx",29-19);  # lo>>29
+        &xor    ("eax","edi");
+        &shr    ("edx",29-19);  # hi>>29
+        &xor    ("ebx","ecx");
+        &shl    ("edi",26-13);  # hi<<26
+        &xor    ("eax","edx");
+        &xor    ("eax","edi");                  # sigma1(X[-2])
+
+        &mov    ("ecx",&DWP(8*(9+15+16)+0,"esp"));
+        &mov    ("edx",&DWP(8*(9+15+16)+4,"esp"));
+        &add    ("eax",&DWP(0,"esp"));
+        &adc    ("ebx",&DWP(4,"esp"));          # T1 = sigma1(X[-2])+T1
+        &mov    ("esi",&DWP(8*(9+15+16-9)+0,"esp"));
+        &mov    ("edi",&DWP(8*(9+15+16-9)+4,"esp"));
+        &add    ("eax","ecx");
+        &adc    ("ebx","edx");                  # T1 += X[-16]
+        &add    ("eax","esi");
+        &adc    ("ebx","edi");                  # T1 += X[-7]
+        &mov    (&DWP(8*(9+15)+0,"esp"),"eax");
+        &mov    (&DWP(8*(9+15)+4,"esp"),"ebx"); # save X[0]
+
+        &BODY_00_15_x86();
+
+        &cmp    (&LB("edx"),0x17);
+        &jne    (&label("16_79_x86"));
+
+        &mov    ("esi",&DWP(8*(9+16+80)+0,"esp"));# ctx
+        &mov    ("edi",&DWP(8*(9+16+80)+4,"esp"));# inp
+    for($i=0;$i<4;$i++) {
+        &mov    ("eax",&DWP($i*16+0,"esi"));
+        &mov    ("ebx",&DWP($i*16+4,"esi"));
+        &mov    ("ecx",&DWP($i*16+8,"esi"));
+        &mov    ("edx",&DWP($i*16+12,"esi"));
+        &add    ("eax",&DWP(8+($i*16)+0,"esp"));
+        &adc    ("ebx",&DWP(8+($i*16)+4,"esp"));
+        &mov    (&DWP($i*16+0,"esi"),"eax");
+        &mov    (&DWP($i*16+4,"esi"),"ebx");
+        &add    ("ecx",&DWP(8+($i*16)+8,"esp"));
+        &adc    ("edx",&DWP(8+($i*16)+12,"esp"));
+        &mov    (&DWP($i*16+8,"esi"),"ecx");
+        &mov    (&DWP($i*16+12,"esi"),"edx");
+    }
+        &add    ("esp",8*(9+16+80));            # destroy frame
+        &sub    ($K512,8*80);                   # rewind K
+
+        &cmp    ("edi",&DWP(8,"esp"));          # are we done yet?
+        &jb     (&label("loop_x86"));
+
+        &mov    ("esp",&DWP(12,"esp"));         # restore sp
+&function_end_A();
+
+&set_label("K512",64);  # Yes! I keep it in the code segment!
+        &data_word(0xd728ae22,0x428a2f98);      # u64
+        &data_word(0x23ef65cd,0x71374491);      # u64
+        &data_word(0xec4d3b2f,0xb5c0fbcf);      # u64
+        &data_word(0x8189dbbc,0xe9b5dba5);      # u64
+        &data_word(0xf348b538,0x3956c25b);      # u64
+        &data_word(0xb605d019,0x59f111f1);      # u64
+        &data_word(0xaf194f9b,0x923f82a4);      # u64
+        &data_word(0xda6d8118,0xab1c5ed5);      # u64
+        &data_word(0xa3030242,0xd807aa98);      # u64
+        &data_word(0x45706fbe,0x12835b01);      # u64
+        &data_word(0x4ee4b28c,0x243185be);      # u64
+        &data_word(0xd5ffb4e2,0x550c7dc3);      # u64
+        &data_word(0xf27b896f,0x72be5d74);      # u64
+        &data_word(0x3b1696b1,0x80deb1fe);      # u64
+        &data_word(0x25c71235,0x9bdc06a7);      # u64
+        &data_word(0xcf692694,0xc19bf174);      # u64
+        &data_word(0x9ef14ad2,0xe49b69c1);      # u64
+        &data_word(0x384f25e3,0xefbe4786);      # u64
+        &data_word(0x8b8cd5b5,0x0fc19dc6);      # u64
+        &data_word(0x77ac9c65,0x240ca1cc);      # u64
+        &data_word(0x592b0275,0x2de92c6f);      # u64
+        &data_word(0x6ea6e483,0x4a7484aa);      # u64
+        &data_word(0xbd41fbd4,0x5cb0a9dc);      # u64
+        &data_word(0x831153b5,0x76f988da);      # u64
+        &data_word(0xee66dfab,0x983e5152);      # u64
+        &data_word(0x2db43210,0xa831c66d);      # u64
+        &data_word(0x98fb213f,0xb00327c8);      # u64
+        &data_word(0xbeef0ee4,0xbf597fc7);      # u64
+        &data_word(0x3da88fc2,0xc6e00bf3);      # u64
+        &data_word(0x930aa725,0xd5a79147);      # u64
+        &data_word(0xe003826f,0x06ca6351);      # u64
+        &data_word(0x0a0e6e70,0x14292967);      # u64
+        &data_word(0x46d22ffc,0x27b70a85);      # u64
+        &data_word(0x5c26c926,0x2e1b2138);      # u64
+        &data_word(0x5ac42aed,0x4d2c6dfc);      # u64
+        &data_word(0x9d95b3df,0x53380d13);      # u64
+        &data_word(0x8baf63de,0x650a7354);      # u64
+        &data_word(0x3c77b2a8,0x766a0abb);      # u64
+        &data_word(0x47edaee6,0x81c2c92e);      # u64
+        &data_word(0x1482353b,0x92722c85);      # u64
+        &data_word(0x4cf10364,0xa2bfe8a1);      # u64
+        &data_word(0xbc423001,0xa81a664b);      # u64
+        &data_word(0xd0f89791,0xc24b8b70);      # u64
+        &data_word(0x0654be30,0xc76c51a3);      # u64
+        &data_word(0xd6ef5218,0xd192e819);      # u64
+        &data_word(0x5565a910,0xd6990624);      # u64
+        &data_word(0x5771202a,0xf40e3585);      # u64
+        &data_word(0x32bbd1b8,0x106aa070);      # u64
+        &data_word(0xb8d2d0c8,0x19a4c116);      # u64
+        &data_word(0x5141ab53,0x1e376c08);      # u64
+        &data_word(0xdf8eeb99,0x2748774c);      # u64
+        &data_word(0xe19b48a8,0x34b0bcb5);      # u64
+        &data_word(0xc5c95a63,0x391c0cb3);      # u64
+        &data_word(0xe3418acb,0x4ed8aa4a);      # u64
+        &data_word(0x7763e373,0x5b9cca4f);      # u64
+        &data_word(0xd6b2b8a3,0x682e6ff3);      # u64
+        &data_word(0x5defb2fc,0x748f82ee);      # u64
+        &data_word(0x43172f60,0x78a5636f);      # u64
+        &data_word(0xa1f0ab72,0x84c87814);      # u64
+        &data_word(0x1a6439ec,0x8cc70208);      # u64
+        &data_word(0x23631e28,0x90befffa);      # u64
+        &data_word(0xde82bde9,0xa4506ceb);      # u64
+        &data_word(0xb2c67915,0xbef9a3f7);      # u64
+        &data_word(0xe372532b,0xc67178f2);      # u64
+        &data_word(0xea26619c,0xca273ece);      # u64
+        &data_word(0x21c0c207,0xd186b8c7);      # u64
+        &data_word(0xcde0eb1e,0xeada7dd6);      # u64
+        &data_word(0xee6ed178,0xf57d4f7f);      # u64
+        &data_word(0x72176fba,0x06f067aa);      # u64
+        &data_word(0xa2c898a6,0x0a637dc5);      # u64
+        &data_word(0xbef90dae,0x113f9804);      # u64
+        &data_word(0x131c471b,0x1b710b35);      # u64
+        &data_word(0x23047d84,0x28db77f5);      # u64
+        &data_word(0x40c72493,0x32caab7b);      # u64
+        &data_word(0x15c9bebc,0x3c9ebe0a);      # u64
+        &data_word(0x9c100d4c,0x431d67c4);      # u64
+        &data_word(0xcb3e42b6,0x4cc5d4be);      # u64
+        &data_word(0xfc657e2a,0x597f299c);      # u64
+        &data_word(0x3ad6faec,0x5fcb6fab);      # u64
+        &data_word(0x4a475817,0x6c44198c);      # u64
+&function_end_B("sha512_block_data_order");
+&asciz("SHA512 block transform for x86, CRYPTOGAMS by <appro\@openssl.org>");
+
+&asm_finish();
diff --git a/src/lib/libcrypto/sha/asm/sha512-armv4.pl b/src/lib/libcrypto/sha/asm/sha512-armv4.pl
new file mode 100644
index 0000000000..4fbb94a914
--- /dev/null
+++ b/src/lib/libcrypto/sha/asm/sha512-armv4.pl
@@ -0,0 +1,399 @@
+#!/usr/bin/env perl
+
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# SHA512 block procedure for ARMv4. September 2007.
+
+# This code is ~4.5 (four and a half) times faster than code generated
+# by gcc 3.4 and it spends ~72 clock cycles per byte. 
+
+# Byte order [in]dependence. =========================================
+#
+# Caller is expected to maintain specific *dword* order in h[0-7],
+# namely with most significant dword at *lower* address, which is
+# reflected in below two parameters. *Byte* order within these dwords
+# in turn is whatever *native* byte order on current platform.
+$hi=0;
+$lo=4;
+# ====================================================================
+
+$output=shift;
+open STDOUT,">$output";
+
+$ctx="r0";
+$inp="r1";
+$len="r2";
+$Tlo="r3";
+$Thi="r4";
+$Alo="r5";
+$Ahi="r6";
+$Elo="r7";
+$Ehi="r8";
+$t0="r9";
+$t1="r10";
+$t2="r11";
+$t3="r12";
+############    r13 is stack pointer
+$Ktbl="r14";
+############    r15 is program counter
+
+$Aoff=8*0;
+$Boff=8*1;
+$Coff=8*2;
+$Doff=8*3;
+$Eoff=8*4;
+$Foff=8*5;
+$Goff=8*6;
+$Hoff=8*7;
+$Xoff=8*8;
+
+sub BODY_00_15() {
+my $magic = shift;
+$code.=<<___;
+        ldr     $t2,[sp,#$Hoff+0]       @ h.lo
+        ldr     $t3,[sp,#$Hoff+4]       @ h.hi
+        @ Sigma1(x)     (ROTR((x),14) ^ ROTR((x),18)  ^ ROTR((x),41))
+        @ LO            lo>>14^hi<<18 ^ lo>>18^hi<<14 ^ hi>>9^lo<<23
+        @ HI            hi>>14^lo<<18 ^ hi>>18^lo<<14 ^ lo>>9^hi<<23
+        mov     $t0,$Elo,lsr#14
+        mov     $t1,$Ehi,lsr#14
+        eor     $t0,$t0,$Ehi,lsl#18
+        eor     $t1,$t1,$Elo,lsl#18
+        eor     $t0,$t0,$Elo,lsr#18
+        eor     $t1,$t1,$Ehi,lsr#18
+        eor     $t0,$t0,$Ehi,lsl#14
+        eor     $t1,$t1,$Elo,lsl#14
+        eor     $t0,$t0,$Ehi,lsr#9
+        eor     $t1,$t1,$Elo,lsr#9
+        eor     $t0,$t0,$Elo,lsl#23
+        eor     $t1,$t1,$Ehi,lsl#23     @ Sigma1(e)
+        adds    $Tlo,$Tlo,$t0
+        adc     $Thi,$Thi,$t1           @ T += Sigma1(e)
+        adds    $Tlo,$Tlo,$t2
+        adc     $Thi,$Thi,$t3           @ T += h
+
+        ldr     $t0,[sp,#$Foff+0]       @ f.lo
+        ldr     $t1,[sp,#$Foff+4]       @ f.hi
+        ldr     $t2,[sp,#$Goff+0]       @ g.lo
+        ldr     $t3,[sp,#$Goff+4]       @ g.hi
+        str     $Elo,[sp,#$Eoff+0]
+        str     $Ehi,[sp,#$Eoff+4]
+        str     $Alo,[sp,#$Aoff+0]
+        str     $Ahi,[sp,#$Aoff+4]
+
+        eor     $t0,$t0,$t2
+        eor     $t1,$t1,$t3
+        and     $t0,$t0,$Elo
+        and     $t1,$t1,$Ehi
+        eor     $t0,$t0,$t2
+        eor     $t1,$t1,$t3             @ Ch(e,f,g)
+
+        ldr     $t2,[$Ktbl,#4]          @ K[i].lo
+        ldr     $t3,[$Ktbl,#0]          @ K[i].hi
+        ldr     $Elo,[sp,#$Doff+0]      @ d.lo
+        ldr     $Ehi,[sp,#$Doff+4]      @ d.hi
+
+        adds    $Tlo,$Tlo,$t0
+        adc     $Thi,$Thi,$t1           @ T += Ch(e,f,g)
+        adds    $Tlo,$Tlo,$t2
+        adc     $Thi,$Thi,$t3           @ T += K[i]
+        adds    $Elo,$Elo,$Tlo
+        adc     $Ehi,$Ehi,$Thi          @ d += T
+
+        and     $t0,$t2,#0xff
+        teq     $t0,#$magic
+        orreq   $Ktbl,$Ktbl,#1
+
+        ldr     $t2,[sp,#$Boff+0]       @ b.lo
+        ldr     $t3,[sp,#$Coff+0]       @ c.lo
+        @ Sigma0(x)     (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39))
+        @ LO            lo>>28^hi<<4  ^ hi>>2^lo<<30 ^ hi>>7^lo<<25
+        @ HI            hi>>28^lo<<4  ^ lo>>2^hi<<30 ^ lo>>7^hi<<25
+        mov     $t0,$Alo,lsr#28
+        mov     $t1,$Ahi,lsr#28
+        eor     $t0,$t0,$Ahi,lsl#4
+        eor     $t1,$t1,$Alo,lsl#4
+        eor     $t0,$t0,$Ahi,lsr#2
+        eor     $t1,$t1,$Alo,lsr#2
+        eor     $t0,$t0,$Alo,lsl#30
+        eor     $t1,$t1,$Ahi,lsl#30
+        eor     $t0,$t0,$Ahi,lsr#7
+        eor     $t1,$t1,$Alo,lsr#7
+        eor     $t0,$t0,$Alo,lsl#25
+        eor     $t1,$t1,$Ahi,lsl#25     @ Sigma0(a)
+        adds    $Tlo,$Tlo,$t0
+        adc     $Thi,$Thi,$t1           @ T += Sigma0(a)
+
+        and     $t0,$Alo,$t2
+        orr     $Alo,$Alo,$t2
+        ldr     $t1,[sp,#$Boff+4]       @ b.hi
+        ldr     $t2,[sp,#$Coff+4]       @ c.hi
+        and     $Alo,$Alo,$t3
+        orr     $Alo,$Alo,$t0           @ Maj(a,b,c).lo
+        and     $t3,$Ahi,$t1
+        orr     $Ahi,$Ahi,$t1
+        and     $Ahi,$Ahi,$t2
+        orr     $Ahi,$Ahi,$t3           @ Maj(a,b,c).hi
+        adds    $Alo,$Alo,$Tlo
+        adc     $Ahi,$Ahi,$Thi          @ h += T
+
+        sub     sp,sp,#8
+        add     $Ktbl,$Ktbl,#8
+___
+}
+$code=<<___;
+.text
+.code   32
+.type   K512,%object
+.align  5
+K512:
+.word   0x428a2f98,0xd728ae22, 0x71374491,0x23ef65cd
+.word   0xb5c0fbcf,0xec4d3b2f, 0xe9b5dba5,0x8189dbbc
+.word   0x3956c25b,0xf348b538, 0x59f111f1,0xb605d019
+.word   0x923f82a4,0xaf194f9b, 0xab1c5ed5,0xda6d8118
+.word   0xd807aa98,0xa3030242, 0x12835b01,0x45706fbe
+.word   0x243185be,0x4ee4b28c, 0x550c7dc3,0xd5ffb4e2
+.word   0x72be5d74,0xf27b896f, 0x80deb1fe,0x3b1696b1
+.word   0x9bdc06a7,0x25c71235, 0xc19bf174,0xcf692694
+.word   0xe49b69c1,0x9ef14ad2, 0xefbe4786,0x384f25e3
+.word   0x0fc19dc6,0x8b8cd5b5, 0x240ca1cc,0x77ac9c65
+.word   0x2de92c6f,0x592b0275, 0x4a7484aa,0x6ea6e483
+.word   0x5cb0a9dc,0xbd41fbd4, 0x76f988da,0x831153b5
+.word   0x983e5152,0xee66dfab, 0xa831c66d,0x2db43210
+.word   0xb00327c8,0x98fb213f, 0xbf597fc7,0xbeef0ee4
+.word   0xc6e00bf3,0x3da88fc2, 0xd5a79147,0x930aa725
+.word   0x06ca6351,0xe003826f, 0x14292967,0x0a0e6e70
+.word   0x27b70a85,0x46d22ffc, 0x2e1b2138,0x5c26c926
+.word   0x4d2c6dfc,0x5ac42aed, 0x53380d13,0x9d95b3df
+.word   0x650a7354,0x8baf63de, 0x766a0abb,0x3c77b2a8
+.word   0x81c2c92e,0x47edaee6, 0x92722c85,0x1482353b
+.word   0xa2bfe8a1,0x4cf10364, 0xa81a664b,0xbc423001
+.word   0xc24b8b70,0xd0f89791, 0xc76c51a3,0x0654be30
+.word   0xd192e819,0xd6ef5218, 0xd6990624,0x5565a910
+.word   0xf40e3585,0x5771202a, 0x106aa070,0x32bbd1b8
+.word   0x19a4c116,0xb8d2d0c8, 0x1e376c08,0x5141ab53
+.word   0x2748774c,0xdf8eeb99, 0x34b0bcb5,0xe19b48a8
+.word   0x391c0cb3,0xc5c95a63, 0x4ed8aa4a,0xe3418acb
+.word   0x5b9cca4f,0x7763e373, 0x682e6ff3,0xd6b2b8a3
+.word   0x748f82ee,0x5defb2fc, 0x78a5636f,0x43172f60
+.word   0x84c87814,0xa1f0ab72, 0x8cc70208,0x1a6439ec
+.word   0x90befffa,0x23631e28, 0xa4506ceb,0xde82bde9
+.word   0xbef9a3f7,0xb2c67915, 0xc67178f2,0xe372532b
+.word   0xca273ece,0xea26619c, 0xd186b8c7,0x21c0c207
+.word   0xeada7dd6,0xcde0eb1e, 0xf57d4f7f,0xee6ed178
+.word   0x06f067aa,0x72176fba, 0x0a637dc5,0xa2c898a6
+.word   0x113f9804,0xbef90dae, 0x1b710b35,0x131c471b
+.word   0x28db77f5,0x23047d84, 0x32caab7b,0x40c72493
+.word   0x3c9ebe0a,0x15c9bebc, 0x431d67c4,0x9c100d4c
+.word   0x4cc5d4be,0xcb3e42b6, 0x597f299c,0xfc657e2a
+.word   0x5fcb6fab,0x3ad6faec, 0x6c44198c,0x4a475817
+.size   K512,.-K512
+
+.global sha512_block_data_order
+.type   sha512_block_data_order,%function
+sha512_block_data_order:
+        sub     r3,pc,#8                @ sha512_block_data_order
+        add     $len,$inp,$len,lsl#7    @ len to point at the end of inp
+        stmdb   sp!,{r4-r12,lr}
+        sub     $Ktbl,r3,#640           @ K512
+        sub     sp,sp,#9*8
+
+        ldr     $Elo,[$ctx,#$Eoff+$lo]
+        ldr     $Ehi,[$ctx,#$Eoff+$hi]
+        ldr     $t0, [$ctx,#$Goff+$lo]
+        ldr     $t1, [$ctx,#$Goff+$hi]
+        ldr     $t2, [$ctx,#$Hoff+$lo]
+        ldr     $t3, [$ctx,#$Hoff+$hi]
+.Loop:
+        str     $t0, [sp,#$Goff+0]
+        str     $t1, [sp,#$Goff+4]
+        str     $t2, [sp,#$Hoff+0]
+        str     $t3, [sp,#$Hoff+4]
+        ldr     $Alo,[$ctx,#$Aoff+$lo]
+        ldr     $Ahi,[$ctx,#$Aoff+$hi]
+        ldr     $Tlo,[$ctx,#$Boff+$lo]
+        ldr     $Thi,[$ctx,#$Boff+$hi]
+        ldr     $t0, [$ctx,#$Coff+$lo]
+        ldr     $t1, [$ctx,#$Coff+$hi]
+        ldr     $t2, [$ctx,#$Doff+$lo]
+        ldr     $t3, [$ctx,#$Doff+$hi]
+        str     $Tlo,[sp,#$Boff+0]
+        str     $Thi,[sp,#$Boff+4]
+        str     $t0, [sp,#$Coff+0]
+        str     $t1, [sp,#$Coff+4]
+        str     $t2, [sp,#$Doff+0]
+        str     $t3, [sp,#$Doff+4]
+        ldr     $Tlo,[$ctx,#$Foff+$lo]
+        ldr     $Thi,[$ctx,#$Foff+$hi]
+        str     $Tlo,[sp,#$Foff+0]
+        str     $Thi,[sp,#$Foff+4]
+
+.L00_15:
+        ldrb    $Tlo,[$inp,#7]
+        ldrb    $t0, [$inp,#6]
+        ldrb    $t1, [$inp,#5]
+        ldrb    $t2, [$inp,#4]
+        ldrb    $Thi,[$inp,#3]
+        ldrb    $t3, [$inp,#2]
+        orr     $Tlo,$Tlo,$t0,lsl#8
+        ldrb    $t0, [$inp,#1]
+        orr     $Tlo,$Tlo,$t1,lsl#16
+        ldrb    $t1, [$inp],#8
+        orr     $Tlo,$Tlo,$t2,lsl#24
+        orr     $Thi,$Thi,$t3,lsl#8
+        orr     $Thi,$Thi,$t0,lsl#16
+        orr     $Thi,$Thi,$t1,lsl#24
+        str     $Tlo,[sp,#$Xoff+0]
+        str     $Thi,[sp,#$Xoff+4]
+___
+        &BODY_00_15(0x94);
+$code.=<<___;
+        tst     $Ktbl,#1
+        beq     .L00_15
+        bic     $Ktbl,$Ktbl,#1
+
+.L16_79:
+        ldr     $t0,[sp,#`$Xoff+8*(16-1)`+0]
+        ldr     $t1,[sp,#`$Xoff+8*(16-1)`+4]
+        ldr     $t2,[sp,#`$Xoff+8*(16-14)`+0]
+        ldr     $t3,[sp,#`$Xoff+8*(16-14)`+4]
+
+        @ sigma0(x)     (ROTR((x),1)  ^ ROTR((x),8)  ^ ((x)>>7))
+        @ LO            lo>>1^hi<<31  ^ lo>>8^hi<<24 ^ lo>>7^hi<<25
+        @ HI            hi>>1^lo<<31  ^ hi>>8^lo<<24 ^ hi>>7
+        mov     $Tlo,$t0,lsr#1
+        mov     $Thi,$t1,lsr#1
+        eor     $Tlo,$Tlo,$t1,lsl#31
+        eor     $Thi,$Thi,$t0,lsl#31
+        eor     $Tlo,$Tlo,$t0,lsr#8
+        eor     $Thi,$Thi,$t1,lsr#8
+        eor     $Tlo,$Tlo,$t1,lsl#24
+        eor     $Thi,$Thi,$t0,lsl#24
+        eor     $Tlo,$Tlo,$t0,lsr#7
+        eor     $Thi,$Thi,$t1,lsr#7
+        eor     $Tlo,$Tlo,$t1,lsl#25
+
+        @ sigma1(x)     (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6))
+        @ LO            lo>>19^hi<<13 ^ hi>>29^lo<<3 ^ lo>>6^hi<<26
+        @ HI            hi>>19^lo<<13 ^ lo>>29^hi<<3 ^ hi>>6
+        mov     $t0,$t2,lsr#19
+        mov     $t1,$t3,lsr#19
+        eor     $t0,$t0,$t3,lsl#13
+        eor     $t1,$t1,$t2,lsl#13
+        eor     $t0,$t0,$t3,lsr#29
+        eor     $t1,$t1,$t2,lsr#29
+        eor     $t0,$t0,$t2,lsl#3
+        eor     $t1,$t1,$t3,lsl#3
+        eor     $t0,$t0,$t2,lsr#6
+        eor     $t1,$t1,$t3,lsr#6
+        eor     $t0,$t0,$t3,lsl#26
+
+        ldr     $t2,[sp,#`$Xoff+8*(16-9)`+0]
+        ldr     $t3,[sp,#`$Xoff+8*(16-9)`+4]
+        adds    $Tlo,$Tlo,$t0
+        adc     $Thi,$Thi,$t1
+
+        ldr     $t0,[sp,#`$Xoff+8*16`+0]
+        ldr     $t1,[sp,#`$Xoff+8*16`+4]
+        adds    $Tlo,$Tlo,$t2
+        adc     $Thi,$Thi,$t3
+        adds    $Tlo,$Tlo,$t0
+        adc     $Thi,$Thi,$t1
+        str     $Tlo,[sp,#$Xoff+0]
+        str     $Thi,[sp,#$Xoff+4]
+___
+        &BODY_00_15(0x17);
+$code.=<<___;
+        tst     $Ktbl,#1
+        beq     .L16_79
+        bic     $Ktbl,$Ktbl,#1
+
+        ldr     $Tlo,[sp,#$Boff+0]
+        ldr     $Thi,[sp,#$Boff+4]
+        ldr     $t0, [$ctx,#$Aoff+$lo]
+        ldr     $t1, [$ctx,#$Aoff+$hi]
+        ldr     $t2, [$ctx,#$Boff+$lo]
+        ldr     $t3, [$ctx,#$Boff+$hi]
+        adds    $t0,$Alo,$t0
+        adc     $t1,$Ahi,$t1
+        adds    $t2,$Tlo,$t2
+        adc     $t3,$Thi,$t3
+        str     $t0, [$ctx,#$Aoff+$lo]
+        str     $t1, [$ctx,#$Aoff+$hi]
+        str     $t2, [$ctx,#$Boff+$lo]
+        str     $t3, [$ctx,#$Boff+$hi]
+
+        ldr     $Alo,[sp,#$Coff+0]
+        ldr     $Ahi,[sp,#$Coff+4]
+        ldr     $Tlo,[sp,#$Doff+0]
+        ldr     $Thi,[sp,#$Doff+4]
+        ldr     $t0, [$ctx,#$Coff+$lo]
+        ldr     $t1, [$ctx,#$Coff+$hi]
+        ldr     $t2, [$ctx,#$Doff+$lo]
+        ldr     $t3, [$ctx,#$Doff+$hi]
+        adds    $t0,$Alo,$t0
+        adc     $t1,$Ahi,$t1
+        adds    $t2,$Tlo,$t2
+        adc     $t3,$Thi,$t3
+        str     $t0, [$ctx,#$Coff+$lo]
+        str     $t1, [$ctx,#$Coff+$hi]
+        str     $t2, [$ctx,#$Doff+$lo]
+        str     $t3, [$ctx,#$Doff+$hi]
+
+        ldr     $Tlo,[sp,#$Foff+0]
+        ldr     $Thi,[sp,#$Foff+4]
+        ldr     $t0, [$ctx,#$Eoff+$lo]
+        ldr     $t1, [$ctx,#$Eoff+$hi]
+        ldr     $t2, [$ctx,#$Foff+$lo]
+        ldr     $t3, [$ctx,#$Foff+$hi]
+        adds    $Elo,$Elo,$t0
+        adc     $Ehi,$Ehi,$t1
+        adds    $t2,$Tlo,$t2
+        adc     $t3,$Thi,$t3
+        str     $Elo,[$ctx,#$Eoff+$lo]
+        str     $Ehi,[$ctx,#$Eoff+$hi]
+        str     $t2, [$ctx,#$Foff+$lo]
+        str     $t3, [$ctx,#$Foff+$hi]
+
+        ldr     $Alo,[sp,#$Goff+0]
+        ldr     $Ahi,[sp,#$Goff+4]
+        ldr     $Tlo,[sp,#$Hoff+0]
+        ldr     $Thi,[sp,#$Hoff+4]
+        ldr     $t0, [$ctx,#$Goff+$lo]
+        ldr     $t1, [$ctx,#$Goff+$hi]
+        ldr     $t2, [$ctx,#$Hoff+$lo]
+        ldr     $t3, [$ctx,#$Hoff+$hi]
+        adds    $t0,$Alo,$t0
+        adc     $t1,$Ahi,$t1
+        adds    $t2,$Tlo,$t2
+        adc     $t3,$Thi,$t3
+        str     $t0, [$ctx,#$Goff+$lo]
+        str     $t1, [$ctx,#$Goff+$hi]
+        str     $t2, [$ctx,#$Hoff+$lo]
+        str     $t3, [$ctx,#$Hoff+$hi]
+
+        add     sp,sp,#640
+        sub     $Ktbl,$Ktbl,#640
+
+        teq     $inp,$len
+        bne     .Loop
+
+        add     sp,sp,#8*9              @ destroy frame
+        ldmia   sp!,{r4-r12,lr}
+        tst     lr,#1
+        moveq   pc,lr                   @ be binary compatible with V4, yet
+        bx      lr                      @ interoperable with Thumb ISA:-)
+.size   sha512_block_data_order,.-sha512_block_data_order
+.asciz  "SHA512 block transform for ARMv4, CRYPTOGAMS by <appro\@openssl.org>"
+.align  2
+___
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+$code =~ s/\bbx\s+lr\b/.word\t0xe12fff1e/gm;    # make it possible to compile with -march=armv4
+print $code;
+close STDOUT; # enforce flush
diff --git a/src/lib/libcrypto/sha/asm/sha512-ppc.pl b/src/lib/libcrypto/sha/asm/sha512-ppc.pl
new file mode 100755
index 0000000000..768a6a6fad
--- /dev/null
+++ b/src/lib/libcrypto/sha/asm/sha512-ppc.pl
@@ -0,0 +1,462 @@
+#!/usr/bin/env perl
+
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# I let hardware handle unaligned input, except on page boundaries
+# (see below for details). Otherwise straightforward implementation
+# with X vector in register bank. The module is big-endian [which is
+# not big deal as there're no little-endian targets left around].
+
+#                       sha256          |       sha512
+#                       -m64    -m32    |       -m64    -m32
+# --------------------------------------+-----------------------
+# PPC970,gcc-4.0.0      +50%    +38%    |       +40%    +410%(*)
+# Power6,xlc-7          +150%   +90%    |       +100%   +430%(*)
+#
+# (*)   64-bit code in 32-bit application context, which actually is
+#       on TODO list. It should be noted that for safe deployment in
+#       32-bit *mutli-threaded* context asyncronous signals should be
+#       blocked upon entry to SHA512 block routine. This is because
+#       32-bit signaling procedure invalidates upper halves of GPRs.
+#       Context switch procedure preserves them, but not signaling:-(
+
+# Second version is true multi-thread safe. Trouble with the original
+# version was that it was using thread local storage pointer register.
+# Well, it scrupulously preserved it, but the problem would arise the
+# moment asynchronous signal was delivered and signal handler would
+# dereference the TLS pointer. While it's never the case in openssl
+# application or test suite, we have to respect this scenario and not
+# use TLS pointer register. Alternative would be to require caller to
+# block signals prior calling this routine. For the record, in 32-bit
+# context R2 serves as TLS pointer, while in 64-bit context - R13.
+
+$flavour=shift;
+$output =shift;
+
+if ($flavour =~ /64/) {
+        $SIZE_T=8;
+        $STU="stdu";
+        $UCMP="cmpld";
+        $SHL="sldi";
+        $POP="ld";
+        $PUSH="std";
+} elsif ($flavour =~ /32/) {
+        $SIZE_T=4;
+        $STU="stwu";
+        $UCMP="cmplw";
+        $SHL="slwi";
+        $POP="lwz";
+        $PUSH="stw";
+} else { die "nonsense $flavour"; }
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
+die "can't locate ppc-xlate.pl";
+
+open STDOUT,"| $^X $xlate $flavour $output" || die "can't call $xlate: $!";
+
+if ($output =~ /512/) {
+        $func="sha512_block_data_order";
+        $SZ=8;
+        @Sigma0=(28,34,39);
+        @Sigma1=(14,18,41);
+        @sigma0=(1,  8, 7);
+        @sigma1=(19,61, 6);
+        $rounds=80;
+        $LD="ld";
+        $ST="std";
+        $ROR="rotrdi";
+        $SHR="srdi";
+} else {
+        $func="sha256_block_data_order";
+        $SZ=4;
+        @Sigma0=( 2,13,22);
+        @Sigma1=( 6,11,25);
+        @sigma0=( 7,18, 3);
+        @sigma1=(17,19,10);
+        $rounds=64;
+        $LD="lwz";
+        $ST="stw";
+        $ROR="rotrwi";
+        $SHR="srwi";
+}
+
+$FRAME=32*$SIZE_T;
+
+$sp ="r1";
+$toc="r2";
+$ctx="r3";      # zapped by $a0
+$inp="r4";      # zapped by $a1
+$num="r5";      # zapped by $t0
+
+$T  ="r0";
+$a0 ="r3";
+$a1 ="r4";
+$t0 ="r5";
+$t1 ="r6";
+$Tbl="r7";
+
+$A  ="r8";
+$B  ="r9";
+$C  ="r10";
+$D  ="r11";
+$E  ="r12";
+$F  ="r13";     $F="r2" if ($SIZE_T==8);# reassigned to exempt TLS pointer
+$G  ="r14";
+$H  ="r15";
+
+@V=($A,$B,$C,$D,$E,$F,$G,$H);
+@X=("r16","r17","r18","r19","r20","r21","r22","r23",
+    "r24","r25","r26","r27","r28","r29","r30","r31");
+
+$inp="r31";     # reassigned $inp! aliases with @X[15]
+
+sub ROUND_00_15 {
+my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_;
+$code.=<<___;
+        $LD     $T,`$i*$SZ`($Tbl)
+        $ROR    $a0,$e,$Sigma1[0]
+        $ROR    $a1,$e,$Sigma1[1]
+        and     $t0,$f,$e
+        andc    $t1,$g,$e
+        add     $T,$T,$h
+        xor     $a0,$a0,$a1
+        $ROR    $a1,$a1,`$Sigma1[2]-$Sigma1[1]`
+        or      $t0,$t0,$t1             ; Ch(e,f,g)
+        add     $T,$T,@X[$i]
+        xor     $a0,$a0,$a1             ; Sigma1(e)
+        add     $T,$T,$t0
+        add     $T,$T,$a0
+
+        $ROR    $a0,$a,$Sigma0[0]
+        $ROR    $a1,$a,$Sigma0[1]
+        and     $t0,$a,$b
+        and     $t1,$a,$c
+        xor     $a0,$a0,$a1
+        $ROR    $a1,$a1,`$Sigma0[2]-$Sigma0[1]`
+        xor     $t0,$t0,$t1
+        and     $t1,$b,$c
+        xor     $a0,$a0,$a1             ; Sigma0(a)
+        add     $d,$d,$T
+        xor     $t0,$t0,$t1             ; Maj(a,b,c)
+        add     $h,$T,$a0
+        add     $h,$h,$t0
+
+___
+}
+
+sub ROUND_16_xx {
+my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_;
+$i-=16;
+$code.=<<___;
+        $ROR    $a0,@X[($i+1)%16],$sigma0[0]
+        $ROR    $a1,@X[($i+1)%16],$sigma0[1]
+        $ROR    $t0,@X[($i+14)%16],$sigma1[0]
+        $ROR    $t1,@X[($i+14)%16],$sigma1[1]
+        xor     $a0,$a0,$a1
+        $SHR    $a1,@X[($i+1)%16],$sigma0[2]
+        xor     $t0,$t0,$t1
+        $SHR    $t1,@X[($i+14)%16],$sigma1[2]
+        add     @X[$i],@X[$i],@X[($i+9)%16]
+        xor     $a0,$a0,$a1             ; sigma0(X[(i+1)&0x0f])
+        xor     $t0,$t0,$t1             ; sigma1(X[(i+14)&0x0f])
+        add     @X[$i],@X[$i],$a0
+        add     @X[$i],@X[$i],$t0
+___
+&ROUND_00_15($i,$a,$b,$c,$d,$e,$f,$g,$h);
+}
+
+$code=<<___;
+.machine        "any"
+.text
+
+.globl  $func
+.align  6
+$func:
+        mflr    r0
+        $STU    $sp,`-($FRAME+16*$SZ)`($sp)
+        $SHL    $num,$num,`log(16*$SZ)/log(2)`
+
+        $PUSH   $ctx,`$FRAME-$SIZE_T*22`($sp)
+
+        $PUSH   r0,`$FRAME-$SIZE_T*21`($sp)
+        $PUSH   $toc,`$FRAME-$SIZE_T*20`($sp)
+        $PUSH   r13,`$FRAME-$SIZE_T*19`($sp)
+        $PUSH   r14,`$FRAME-$SIZE_T*18`($sp)
+        $PUSH   r15,`$FRAME-$SIZE_T*17`($sp)
+        $PUSH   r16,`$FRAME-$SIZE_T*16`($sp)
+        $PUSH   r17,`$FRAME-$SIZE_T*15`($sp)
+        $PUSH   r18,`$FRAME-$SIZE_T*14`($sp)
+        $PUSH   r19,`$FRAME-$SIZE_T*13`($sp)
+        $PUSH   r20,`$FRAME-$SIZE_T*12`($sp)
+        $PUSH   r21,`$FRAME-$SIZE_T*11`($sp)
+        $PUSH   r22,`$FRAME-$SIZE_T*10`($sp)
+        $PUSH   r23,`$FRAME-$SIZE_T*9`($sp)
+        $PUSH   r24,`$FRAME-$SIZE_T*8`($sp)
+        $PUSH   r25,`$FRAME-$SIZE_T*7`($sp)
+        $PUSH   r26,`$FRAME-$SIZE_T*6`($sp)
+        $PUSH   r27,`$FRAME-$SIZE_T*5`($sp)
+        $PUSH   r28,`$FRAME-$SIZE_T*4`($sp)
+        $PUSH   r29,`$FRAME-$SIZE_T*3`($sp)
+        $PUSH   r30,`$FRAME-$SIZE_T*2`($sp)
+        $PUSH   r31,`$FRAME-$SIZE_T*1`($sp)
+
+        $LD     $A,`0*$SZ`($ctx)
+        mr      $inp,r4                         ; incarnate $inp
+        $LD     $B,`1*$SZ`($ctx)
+        $LD     $C,`2*$SZ`($ctx)
+        $LD     $D,`3*$SZ`($ctx)
+        $LD     $E,`4*$SZ`($ctx)
+        $LD     $F,`5*$SZ`($ctx)
+        $LD     $G,`6*$SZ`($ctx)
+        $LD     $H,`7*$SZ`($ctx)
+
+        b       LPICmeup
+LPICedup:
+        andi.   r0,$inp,3
+        bne     Lunaligned
+Laligned:
+        add     $num,$inp,$num
+        $PUSH   $num,`$FRAME-$SIZE_T*24`($sp)   ; end pointer
+        $PUSH   $inp,`$FRAME-$SIZE_T*23`($sp)   ; inp pointer
+        bl      Lsha2_block_private
+Ldone:
+        $POP    r0,`$FRAME-$SIZE_T*21`($sp)
+        $POP    $toc,`$FRAME-$SIZE_T*20`($sp)
+        $POP    r13,`$FRAME-$SIZE_T*19`($sp)
+        $POP    r14,`$FRAME-$SIZE_T*18`($sp)
+        $POP    r15,`$FRAME-$SIZE_T*17`($sp)
+        $POP    r16,`$FRAME-$SIZE_T*16`($sp)
+        $POP    r17,`$FRAME-$SIZE_T*15`($sp)
+        $POP    r18,`$FRAME-$SIZE_T*14`($sp)
+        $POP    r19,`$FRAME-$SIZE_T*13`($sp)
+        $POP    r20,`$FRAME-$SIZE_T*12`($sp)
+        $POP    r21,`$FRAME-$SIZE_T*11`($sp)
+        $POP    r22,`$FRAME-$SIZE_T*10`($sp)
+        $POP    r23,`$FRAME-$SIZE_T*9`($sp)
+        $POP    r24,`$FRAME-$SIZE_T*8`($sp)
+        $POP    r25,`$FRAME-$SIZE_T*7`($sp)
+        $POP    r26,`$FRAME-$SIZE_T*6`($sp)
+        $POP    r27,`$FRAME-$SIZE_T*5`($sp)
+        $POP    r28,`$FRAME-$SIZE_T*4`($sp)
+        $POP    r29,`$FRAME-$SIZE_T*3`($sp)
+        $POP    r30,`$FRAME-$SIZE_T*2`($sp)
+        $POP    r31,`$FRAME-$SIZE_T*1`($sp)
+        mtlr    r0
+        addi    $sp,$sp,`$FRAME+16*$SZ`
+        blr
+___
+
+# PowerPC specification allows an implementation to be ill-behaved
+# upon unaligned access which crosses page boundary. "Better safe
+# than sorry" principle makes me treat it specially. But I don't
+# look for particular offending word, but rather for the input
+# block which crosses the boundary. Once found that block is aligned
+# and hashed separately...
+$code.=<<___;
+.align  4
+Lunaligned:
+        subfic  $t1,$inp,4096
+        andi.   $t1,$t1,`4096-16*$SZ`   ; distance to closest page boundary
+        beq     Lcross_page
+        $UCMP   $num,$t1
+        ble-    Laligned                ; didn't cross the page boundary
+        subfc   $num,$t1,$num
+        add     $t1,$inp,$t1
+        $PUSH   $num,`$FRAME-$SIZE_T*25`($sp)   ; save real remaining num
+        $PUSH   $t1,`$FRAME-$SIZE_T*24`($sp)    ; intermediate end pointer
+        $PUSH   $inp,`$FRAME-$SIZE_T*23`($sp)   ; inp pointer
+        bl      Lsha2_block_private
+        ; $inp equals to the intermediate end pointer here
+        $POP    $num,`$FRAME-$SIZE_T*25`($sp)   ; restore real remaining num
+Lcross_page:
+        li      $t1,`16*$SZ/4`
+        mtctr   $t1
+        addi    r20,$sp,$FRAME                  ; aligned spot below the frame
+Lmemcpy:
+        lbz     r16,0($inp)
+        lbz     r17,1($inp)
+        lbz     r18,2($inp)
+        lbz     r19,3($inp)
+        addi    $inp,$inp,4
+        stb     r16,0(r20)
+        stb     r17,1(r20)
+        stb     r18,2(r20)
+        stb     r19,3(r20)
+        addi    r20,r20,4
+        bdnz    Lmemcpy
+
+        $PUSH   $inp,`$FRAME-$SIZE_T*26`($sp)   ; save real inp
+        addi    $t1,$sp,`$FRAME+16*$SZ`         ; fictitious end pointer
+        addi    $inp,$sp,$FRAME                 ; fictitious inp pointer
+        $PUSH   $num,`$FRAME-$SIZE_T*25`($sp)   ; save real num
+        $PUSH   $t1,`$FRAME-$SIZE_T*24`($sp)    ; end pointer
+        $PUSH   $inp,`$FRAME-$SIZE_T*23`($sp)   ; inp pointer
+        bl      Lsha2_block_private
+        $POP    $inp,`$FRAME-$SIZE_T*26`($sp)   ; restore real inp
+        $POP    $num,`$FRAME-$SIZE_T*25`($sp)   ; restore real num
+        addic.  $num,$num,`-16*$SZ`             ; num--
+        bne-    Lunaligned
+        b       Ldone
+___
+
+$code.=<<___;
+.align  4
+Lsha2_block_private:
+___
+for($i=0;$i<16;$i++) {
+$code.=<<___ if ($SZ==4);
+        lwz     @X[$i],`$i*$SZ`($inp)
+___
+# 64-bit loads are split to 2x32-bit ones, as CPU can't handle
+# unaligned 64-bit loads, only 32-bit ones...
+$code.=<<___ if ($SZ==8);
+        lwz     $t0,`$i*$SZ`($inp)
+        lwz     @X[$i],`$i*$SZ+4`($inp)
+        insrdi  @X[$i],$t0,32,0
+___
+        &ROUND_00_15($i,@V);
+        unshift(@V,pop(@V));
+}
+$code.=<<___;
+        li      $T,`$rounds/16-1`
+        mtctr   $T
+.align  4
+Lrounds:
+        addi    $Tbl,$Tbl,`16*$SZ`
+___
+for(;$i<32;$i++) {
+        &ROUND_16_xx($i,@V);
+        unshift(@V,pop(@V));
+}
+$code.=<<___;
+        bdnz-   Lrounds
+
+        $POP    $ctx,`$FRAME-$SIZE_T*22`($sp)
+        $POP    $inp,`$FRAME-$SIZE_T*23`($sp)   ; inp pointer
+        $POP    $num,`$FRAME-$SIZE_T*24`($sp)   ; end pointer
+        subi    $Tbl,$Tbl,`($rounds-16)*$SZ`    ; rewind Tbl
+
+        $LD     r16,`0*$SZ`($ctx)
+        $LD     r17,`1*$SZ`($ctx)
+        $LD     r18,`2*$SZ`($ctx)
+        $LD     r19,`3*$SZ`($ctx)
+        $LD     r20,`4*$SZ`($ctx)
+        $LD     r21,`5*$SZ`($ctx)
+        $LD     r22,`6*$SZ`($ctx)
+        addi    $inp,$inp,`16*$SZ`              ; advance inp
+        $LD     r23,`7*$SZ`($ctx)
+        add     $A,$A,r16
+        add     $B,$B,r17
+        $PUSH   $inp,`$FRAME-$SIZE_T*23`($sp)
+        add     $C,$C,r18
+        $ST     $A,`0*$SZ`($ctx)
+        add     $D,$D,r19
+        $ST     $B,`1*$SZ`($ctx)
+        add     $E,$E,r20
+        $ST     $C,`2*$SZ`($ctx)
+        add     $F,$F,r21
+        $ST     $D,`3*$SZ`($ctx)
+        add     $G,$G,r22
+        $ST     $E,`4*$SZ`($ctx)
+        add     $H,$H,r23
+        $ST     $F,`5*$SZ`($ctx)
+        $ST     $G,`6*$SZ`($ctx)
+        $UCMP   $inp,$num
+        $ST     $H,`7*$SZ`($ctx)
+        bne     Lsha2_block_private
+        blr
+___
+
+# Ugly hack here, because PPC assembler syntax seem to vary too
+# much from platforms to platform...
+$code.=<<___;
+.align  6
+LPICmeup:
+        bl      LPIC
+        addi    $Tbl,$Tbl,`64-4`        ; "distance" between . and last nop
+        b       LPICedup
+        nop
+        nop
+        nop
+        nop
+        nop
+LPIC:   mflr    $Tbl
+        blr
+        nop
+        nop
+        nop
+        nop
+        nop
+        nop
+___
+$code.=<<___ if ($SZ==8);
+        .long   0x428a2f98,0xd728ae22,0x71374491,0x23ef65cd
+        .long   0xb5c0fbcf,0xec4d3b2f,0xe9b5dba5,0x8189dbbc
+        .long   0x3956c25b,0xf348b538,0x59f111f1,0xb605d019
+        .long   0x923f82a4,0xaf194f9b,0xab1c5ed5,0xda6d8118
+        .long   0xd807aa98,0xa3030242,0x12835b01,0x45706fbe
+        .long   0x243185be,0x4ee4b28c,0x550c7dc3,0xd5ffb4e2
+        .long   0x72be5d74,0xf27b896f,0x80deb1fe,0x3b1696b1
+        .long   0x9bdc06a7,0x25c71235,0xc19bf174,0xcf692694
+        .long   0xe49b69c1,0x9ef14ad2,0xefbe4786,0x384f25e3
+        .long   0x0fc19dc6,0x8b8cd5b5,0x240ca1cc,0x77ac9c65
+        .long   0x2de92c6f,0x592b0275,0x4a7484aa,0x6ea6e483
+        .long   0x5cb0a9dc,0xbd41fbd4,0x76f988da,0x831153b5
+        .long   0x983e5152,0xee66dfab,0xa831c66d,0x2db43210
+        .long   0xb00327c8,0x98fb213f,0xbf597fc7,0xbeef0ee4
+        .long   0xc6e00bf3,0x3da88fc2,0xd5a79147,0x930aa725
+        .long   0x06ca6351,0xe003826f,0x14292967,0x0a0e6e70
+        .long   0x27b70a85,0x46d22ffc,0x2e1b2138,0x5c26c926
+        .long   0x4d2c6dfc,0x5ac42aed,0x53380d13,0x9d95b3df
+        .long   0x650a7354,0x8baf63de,0x766a0abb,0x3c77b2a8
+        .long   0x81c2c92e,0x47edaee6,0x92722c85,0x1482353b
+        .long   0xa2bfe8a1,0x4cf10364,0xa81a664b,0xbc423001
+        .long   0xc24b8b70,0xd0f89791,0xc76c51a3,0x0654be30
+        .long   0xd192e819,0xd6ef5218,0xd6990624,0x5565a910
+        .long   0xf40e3585,0x5771202a,0x106aa070,0x32bbd1b8
+        .long   0x19a4c116,0xb8d2d0c8,0x1e376c08,0x5141ab53
+        .long   0x2748774c,0xdf8eeb99,0x34b0bcb5,0xe19b48a8
+        .long   0x391c0cb3,0xc5c95a63,0x4ed8aa4a,0xe3418acb
+        .long   0x5b9cca4f,0x7763e373,0x682e6ff3,0xd6b2b8a3
+        .long   0x748f82ee,0x5defb2fc,0x78a5636f,0x43172f60
+        .long   0x84c87814,0xa1f0ab72,0x8cc70208,0x1a6439ec
+        .long   0x90befffa,0x23631e28,0xa4506ceb,0xde82bde9
+        .long   0xbef9a3f7,0xb2c67915,0xc67178f2,0xe372532b
+        .long   0xca273ece,0xea26619c,0xd186b8c7,0x21c0c207
+        .long   0xeada7dd6,0xcde0eb1e,0xf57d4f7f,0xee6ed178
+        .long   0x06f067aa,0x72176fba,0x0a637dc5,0xa2c898a6
+        .long   0x113f9804,0xbef90dae,0x1b710b35,0x131c471b
+        .long   0x28db77f5,0x23047d84,0x32caab7b,0x40c72493
+        .long   0x3c9ebe0a,0x15c9bebc,0x431d67c4,0x9c100d4c
+        .long   0x4cc5d4be,0xcb3e42b6,0x597f299c,0xfc657e2a
+        .long   0x5fcb6fab,0x3ad6faec,0x6c44198c,0x4a475817
+___
+$code.=<<___ if ($SZ==4);
+        .long   0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
+        .long   0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
+        .long   0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
+        .long   0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
+        .long   0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
+        .long   0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
+        .long   0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
+        .long   0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
+        .long   0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
+        .long   0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
+        .long   0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
+        .long   0xd192e819,0xd6990624,0xf40e3585,0x106aa070
+        .long   0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
+        .long   0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
+        .long   0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
+        .long   0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
+___
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+print $code;
+close STDOUT;
diff --git a/src/lib/libcrypto/sha/asm/sha512-s390x.pl b/src/lib/libcrypto/sha/asm/sha512-s390x.pl
new file mode 100644
index 0000000000..e7ef2d5a9f
--- /dev/null
+++ b/src/lib/libcrypto/sha/asm/sha512-s390x.pl
@@ -0,0 +1,301 @@
+#!/usr/bin/env perl
+
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# SHA256/512 block procedures for s390x.
+
+# April 2007.
+#
+# sha256_block_data_order is reportedly >3 times faster than gcc 3.3
+# generated code (must be a bug in compiler, as improvement is
+# "pathologically" high, in particular in comparison to other SHA
+# modules). But the real twist is that it detects if hardware support
+# for SHA256 is available and in such case utilizes it. Then the
+# performance can reach >6.5x of assembler one for larger chunks.
+#
+# sha512_block_data_order is ~70% faster than gcc 3.3 generated code.
+
+# January 2009.
+#
+# Add support for hardware SHA512 and reschedule instructions to
+# favour dual-issue z10 pipeline. Hardware SHA256/512 is ~4.7x faster
+# than software.
+
+$t0="%r0";
+$t1="%r1";
+$ctx="%r2";     $t2="%r2";
+$inp="%r3";
+$len="%r4";     # used as index in inner loop
+
+$A="%r5";
+$B="%r6";
+$C="%r7";
+$D="%r8";
+$E="%r9";
+$F="%r10";
+$G="%r11";
+$H="%r12";      @V=($A,$B,$C,$D,$E,$F,$G,$H);
+$tbl="%r13";
+$T1="%r14";
+$sp="%r15";
+
+$output=shift;
+open STDOUT,">$output";
+
+if ($output =~ /512/) {
+        $label="512";
+        $SZ=8;
+        $LD="lg";       # load from memory
+        $ST="stg";      # store to memory
+        $ADD="alg";     # add with memory operand
+        $ROT="rllg";    # rotate left
+        $SHR="srlg";    # logical right shift [see even at the end]
+        @Sigma0=(25,30,36);
+        @Sigma1=(23,46,50);
+        @sigma0=(56,63, 7);
+        @sigma1=( 3,45, 6);
+        $rounds=80;
+        $kimdfunc=3;    # 0 means unknown/unsupported/unimplemented/disabled
+} else {
+        $label="256";
+        $SZ=4;
+        $LD="llgf";     # load from memory
+        $ST="st";       # store to memory
+        $ADD="al";      # add with memory operand
+        $ROT="rll";     # rotate left
+        $SHR="srl";     # logical right shift
+        @Sigma0=(10,19,30);
+        @Sigma1=( 7,21,26);
+        @sigma0=(14,25, 3);
+        @sigma1=(13,15,10);
+        $rounds=64;
+        $kimdfunc=2;    # magic function code for kimd instruction
+}
+$Func="sha${label}_block_data_order";
+$Table="K${label}";
+$frame=160+16*$SZ;
+
+sub BODY_00_15 {
+my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_;
+
+$code.=<<___ if ($i<16);
+        $LD     $T1,`$i*$SZ`($inp)      ### $i
+___
+$code.=<<___;
+        $ROT    $t0,$e,$Sigma1[0]
+        $ROT    $t1,$e,$Sigma1[1]
+         lgr    $t2,$f
+        xgr     $t0,$t1
+        $ROT    $t1,$t1,`$Sigma1[2]-$Sigma1[1]`
+         xgr    $t2,$g
+        $ST     $T1,`160+$SZ*($i%16)`($sp)
+        xgr     $t0,$t1                 # Sigma1(e)
+        la      $T1,0($T1,$h)           # T1+=h
+         ngr    $t2,$e
+         lgr    $t1,$a
+        algr    $T1,$t0                 # T1+=Sigma1(e)
+        $ROT    $h,$a,$Sigma0[0]
+         xgr    $t2,$g                  # Ch(e,f,g)
+        $ADD    $T1,`$i*$SZ`($len,$tbl) # T1+=K[i]
+        $ROT    $t0,$a,$Sigma0[1]
+        algr    $T1,$t2                 # T1+=Ch(e,f,g)
+         ogr    $t1,$b
+        xgr     $h,$t0
+         lgr    $t2,$a
+         ngr    $t1,$c
+        $ROT    $t0,$t0,`$Sigma0[2]-$Sigma0[1]`
+        xgr     $h,$t0                  # h=Sigma0(a)
+         ngr    $t2,$b
+        algr    $h,$T1                  # h+=T1
+         ogr    $t2,$t1                 # Maj(a,b,c)
+        la      $d,0($d,$T1)            # d+=T1
+        algr    $h,$t2                  # h+=Maj(a,b,c)
+___
+}
+
+sub BODY_16_XX {
+my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_;
+
+$code.=<<___;
+        $LD     $T1,`160+$SZ*(($i+1)%16)`($sp)  ### $i
+        $LD     $t1,`160+$SZ*(($i+14)%16)`($sp)
+        $ROT    $t0,$T1,$sigma0[0]
+        $SHR    $T1,$sigma0[2]
+        $ROT    $t2,$t0,`$sigma0[1]-$sigma0[0]`
+        xgr     $T1,$t0
+        $ROT    $t0,$t1,$sigma1[0]
+        xgr     $T1,$t2                         # sigma0(X[i+1])
+        $SHR    $t1,$sigma1[2]
+        $ADD    $T1,`160+$SZ*($i%16)`($sp)      # +=X[i]
+        xgr     $t1,$t0
+        $ROT    $t0,$t0,`$sigma1[1]-$sigma1[0]`
+        $ADD    $T1,`160+$SZ*(($i+9)%16)`($sp)  # +=X[i+9]
+        xgr     $t1,$t0                         # sigma1(X[i+14])
+        algr    $T1,$t1                         # +=sigma1(X[i+14])
+___
+        &BODY_00_15(@_);
+}
+
+$code.=<<___;
+.text
+.align  64
+.type   $Table,\@object
+$Table:
+___
+$code.=<<___ if ($SZ==4);
+        .long   0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
+        .long   0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
+        .long   0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
+        .long   0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
+        .long   0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
+        .long   0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
+        .long   0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
+        .long   0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
+        .long   0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
+        .long   0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
+        .long   0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
+        .long   0xd192e819,0xd6990624,0xf40e3585,0x106aa070
+        .long   0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
+        .long   0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
+        .long   0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
+        .long   0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
+___
+$code.=<<___ if ($SZ==8);
+        .quad   0x428a2f98d728ae22,0x7137449123ef65cd
+        .quad   0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc
+        .quad   0x3956c25bf348b538,0x59f111f1b605d019
+        .quad   0x923f82a4af194f9b,0xab1c5ed5da6d8118
+        .quad   0xd807aa98a3030242,0x12835b0145706fbe
+        .quad   0x243185be4ee4b28c,0x550c7dc3d5ffb4e2
+        .quad   0x72be5d74f27b896f,0x80deb1fe3b1696b1
+        .quad   0x9bdc06a725c71235,0xc19bf174cf692694
+        .quad   0xe49b69c19ef14ad2,0xefbe4786384f25e3
+        .quad   0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65
+        .quad   0x2de92c6f592b0275,0x4a7484aa6ea6e483
+        .quad   0x5cb0a9dcbd41fbd4,0x76f988da831153b5
+        .quad   0x983e5152ee66dfab,0xa831c66d2db43210
+        .quad   0xb00327c898fb213f,0xbf597fc7beef0ee4
+        .quad   0xc6e00bf33da88fc2,0xd5a79147930aa725
+        .quad   0x06ca6351e003826f,0x142929670a0e6e70
+        .quad   0x27b70a8546d22ffc,0x2e1b21385c26c926
+        .quad   0x4d2c6dfc5ac42aed,0x53380d139d95b3df
+        .quad   0x650a73548baf63de,0x766a0abb3c77b2a8
+        .quad   0x81c2c92e47edaee6,0x92722c851482353b
+        .quad   0xa2bfe8a14cf10364,0xa81a664bbc423001
+        .quad   0xc24b8b70d0f89791,0xc76c51a30654be30
+        .quad   0xd192e819d6ef5218,0xd69906245565a910
+        .quad   0xf40e35855771202a,0x106aa07032bbd1b8
+        .quad   0x19a4c116b8d2d0c8,0x1e376c085141ab53
+        .quad   0x2748774cdf8eeb99,0x34b0bcb5e19b48a8
+        .quad   0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb
+        .quad   0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3
+        .quad   0x748f82ee5defb2fc,0x78a5636f43172f60
+        .quad   0x84c87814a1f0ab72,0x8cc702081a6439ec
+        .quad   0x90befffa23631e28,0xa4506cebde82bde9
+        .quad   0xbef9a3f7b2c67915,0xc67178f2e372532b
+        .quad   0xca273eceea26619c,0xd186b8c721c0c207
+        .quad   0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178
+        .quad   0x06f067aa72176fba,0x0a637dc5a2c898a6
+        .quad   0x113f9804bef90dae,0x1b710b35131c471b
+        .quad   0x28db77f523047d84,0x32caab7b40c72493
+        .quad   0x3c9ebe0a15c9bebc,0x431d67c49c100d4c
+        .quad   0x4cc5d4becb3e42b6,0x597f299cfc657e2a
+        .quad   0x5fcb6fab3ad6faec,0x6c44198c4a475817
+___
+$code.=<<___;
+.size   $Table,.-$Table
+.globl  $Func
+.type   $Func,\@function
+$Func:
+___
+$code.=<<___ if ($kimdfunc);
+        larl    %r1,OPENSSL_s390xcap_P
+        lg      %r0,0(%r1)
+        tmhl    %r0,0x4000      # check for message-security assist
+        jz      .Lsoftware
+        lghi    %r0,0
+        la      %r1,16($sp)
+        .long   0xb93e0002      # kimd %r0,%r2
+        lg      %r0,16($sp)
+        tmhh    %r0,`0x8000>>$kimdfunc`
+        jz      .Lsoftware
+        lghi    %r0,$kimdfunc
+        lgr     %r1,$ctx
+        lgr     %r2,$inp
+        sllg    %r3,$len,`log(16*$SZ)/log(2)`
+        .long   0xb93e0002      # kimd %r0,%r2
+        brc     1,.-4           # pay attention to "partial completion"
+        br      %r14
+.align  16
+.Lsoftware:
+___
+$code.=<<___;
+        sllg    $len,$len,`log(16*$SZ)/log(2)`
+        lghi    %r1,-$frame
+        agr     $len,$inp
+        stmg    $ctx,%r15,16($sp)
+        lgr     %r0,$sp
+        la      $sp,0(%r1,$sp)
+        stg     %r0,0($sp)
+
+        larl    $tbl,$Table
+        $LD     $A,`0*$SZ`($ctx)
+        $LD     $B,`1*$SZ`($ctx)
+        $LD     $C,`2*$SZ`($ctx)
+        $LD     $D,`3*$SZ`($ctx)
+        $LD     $E,`4*$SZ`($ctx)
+        $LD     $F,`5*$SZ`($ctx)
+        $LD     $G,`6*$SZ`($ctx)
+        $LD     $H,`7*$SZ`($ctx)
+
+.Lloop:
+        lghi    $len,0
+___
+for ($i=0;$i<16;$i++)   { &BODY_00_15($i,@V); unshift(@V,pop(@V)); }
+$code.=".Lrounds_16_xx:\n";
+for (;$i<32;$i++)       { &BODY_16_XX($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+        aghi    $len,`16*$SZ`
+        lghi    $t0,`($rounds-16)*$SZ`
+        clgr    $len,$t0
+        jne     .Lrounds_16_xx
+
+        lg      $ctx,`$frame+16`($sp)
+        la      $inp,`16*$SZ`($inp)
+        $ADD    $A,`0*$SZ`($ctx)
+        $ADD    $B,`1*$SZ`($ctx)
+        $ADD    $C,`2*$SZ`($ctx)
+        $ADD    $D,`3*$SZ`($ctx)
+        $ADD    $E,`4*$SZ`($ctx)
+        $ADD    $F,`5*$SZ`($ctx)
+        $ADD    $G,`6*$SZ`($ctx)
+        $ADD    $H,`7*$SZ`($ctx)
+        $ST     $A,`0*$SZ`($ctx)
+        $ST     $B,`1*$SZ`($ctx)
+        $ST     $C,`2*$SZ`($ctx)
+        $ST     $D,`3*$SZ`($ctx)
+        $ST     $E,`4*$SZ`($ctx)
+        $ST     $F,`5*$SZ`($ctx)
+        $ST     $G,`6*$SZ`($ctx)
+        $ST     $H,`7*$SZ`($ctx)
+        clg     $inp,`$frame+32`($sp)
+        jne     .Lloop
+
+        lmg     %r6,%r15,`$frame+48`($sp)       
+        br      %r14
+.size   $Func,.-$Func
+.string "SHA${label} block transform for s390x, CRYPTOGAMS by <appro\@openssl.org>"
+.comm   OPENSSL_s390xcap_P,8,8
+___
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+# unlike 32-bit shift 64-bit one takes three arguments
+$code =~ s/(srlg\s+)(%r[0-9]+),/$1$2,$2,/gm;
+
+print $code;
+close STDOUT;
diff --git a/src/lib/libcrypto/sha/asm/sha512-sparcv9.pl b/src/lib/libcrypto/sha/asm/sha512-sparcv9.pl
new file mode 100644
index 0000000000..54241aab50
--- /dev/null
+++ b/src/lib/libcrypto/sha/asm/sha512-sparcv9.pl
@@ -0,0 +1,593 @@
+#!/usr/bin/env perl
+
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# SHA256 performance improvement over compiler generated code varies
+# from 40% for Sun C [32-bit build] to 70% for gcc [3.3, 64-bit
+# build]. Just like in SHA1 module I aim to ensure scalability on
+# UltraSPARC T1 by packing X[16] to 8 64-bit registers.
+
+# SHA512 on pre-T1 UltraSPARC.
+#
+# Performance is >75% better than 64-bit code generated by Sun C and
+# over 2x than 32-bit code. X[16] resides on stack, but access to it
+# is scheduled for L2 latency and staged through 32 least significant
+# bits of %l0-%l7. The latter is done to achieve 32-/64-bit ABI
+# duality. Nevetheless it's ~40% faster than SHA256, which is pretty
+# good [optimal coefficient is 50%].
+#
+# SHA512 on UltraSPARC T1.
+#
+# It's not any faster than 64-bit code generated by Sun C 5.8. This is
+# because 64-bit code generator has the advantage of using 64-bit
+# loads(*) to access X[16], which I consciously traded for 32-/64-bit
+# ABI duality [as per above]. But it surpasses 32-bit Sun C generated
+# code by 60%, not to mention that it doesn't suffer from severe decay
+# when running 4 times physical cores threads and that it leaves gcc
+# [3.4] behind by over 4x factor! If compared to SHA256, single thread
+# performance is only 10% better, but overall throughput for maximum
+# amount of threads for given CPU exceeds corresponding one of SHA256
+# by 30% [again, optimal coefficient is 50%].
+#
+# (*)   Unlike pre-T1 UltraSPARC loads on T1 are executed strictly
+#       in-order, i.e. load instruction has to complete prior next
+#       instruction in given thread is executed, even if the latter is
+#       not dependent on load result! This means that on T1 two 32-bit
+#       loads are always slower than one 64-bit load. Once again this
+#       is unlike pre-T1 UltraSPARC, where, if scheduled appropriately,
+#       2x32-bit loads can be as fast as 1x64-bit ones.
+
+$bits=32;
+for (@ARGV)     { $bits=64 if (/\-m64/ || /\-xarch\=v9/); }
+if ($bits==64)  { $bias=2047; $frame=192; }
+else            { $bias=0;    $frame=112; }
+
+$output=shift;
+open STDOUT,">$output";
+
+if ($output =~ /512/) {
+        $label="512";
+        $SZ=8;
+        $LD="ldx";              # load from memory
+        $ST="stx";              # store to memory
+        $SLL="sllx";            # shift left logical
+        $SRL="srlx";            # shift right logical
+        @Sigma0=(28,34,39);
+        @Sigma1=(14,18,41);
+        @sigma0=( 7, 1, 8);     # right shift first
+        @sigma1=( 6,19,61);     # right shift first
+        $lastK=0x817;
+        $rounds=80;
+        $align=4;
+
+        $locals=16*$SZ;         # X[16]
+
+        $A="%o0";
+        $B="%o1";
+        $C="%o2";
+        $D="%o3";
+        $E="%o4";
+        $F="%o5";
+        $G="%g1";
+        $H="%o7";
+        @V=($A,$B,$C,$D,$E,$F,$G,$H);
+} else {
+        $label="256";
+        $SZ=4;
+        $LD="ld";               # load from memory
+        $ST="st";               # store to memory
+        $SLL="sll";             # shift left logical
+        $SRL="srl";             # shift right logical
+        @Sigma0=( 2,13,22);
+        @Sigma1=( 6,11,25);
+        @sigma0=( 3, 7,18);     # right shift first
+        @sigma1=(10,17,19);     # right shift first
+        $lastK=0x8f2;
+        $rounds=64;
+        $align=8;
+
+        $locals=0;              # X[16] is register resident
+        @X=("%o0","%o1","%o2","%o3","%o4","%o5","%g1","%o7");
+        
+        $A="%l0";
+        $B="%l1";
+        $C="%l2";
+        $D="%l3";
+        $E="%l4";
+        $F="%l5";
+        $G="%l6";
+        $H="%l7";
+        @V=($A,$B,$C,$D,$E,$F,$G,$H);
+}
+$T1="%g2";
+$tmp0="%g3";
+$tmp1="%g4";
+$tmp2="%g5";
+
+$ctx="%i0";
+$inp="%i1";
+$len="%i2";
+$Ktbl="%i3";
+$tmp31="%i4";
+$tmp32="%i5";
+
+########### SHA256
+$Xload = sub {
+my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_;
+
+    if ($i==0) {
+$code.=<<___;
+        ldx     [$inp+0],@X[0]
+        ldx     [$inp+16],@X[2]
+        ldx     [$inp+32],@X[4]
+        ldx     [$inp+48],@X[6]
+        ldx     [$inp+8],@X[1]
+        ldx     [$inp+24],@X[3]
+        subcc   %g0,$tmp31,$tmp32 ! should be 64-$tmp31, but -$tmp31 works too
+        ldx     [$inp+40],@X[5]
+        bz,pt   %icc,.Laligned
+        ldx     [$inp+56],@X[7]
+
+        sllx    @X[0],$tmp31,@X[0]
+        ldx     [$inp+64],$T1
+___
+for($j=0;$j<7;$j++)
+{   $code.=<<___;
+        srlx    @X[$j+1],$tmp32,$tmp1
+        sllx    @X[$j+1],$tmp31,@X[$j+1]
+        or      $tmp1,@X[$j],@X[$j]
+___
+}
+$code.=<<___;
+        srlx    $T1,$tmp32,$T1
+        or      $T1,@X[7],@X[7]
+.Laligned:
+___
+    }
+
+    if ($i&1) {
+        $code.="\tadd   @X[$i/2],$h,$T1\n";
+    } else {
+        $code.="\tsrlx  @X[$i/2],32,$T1\n\tadd  $h,$T1,$T1\n";
+    }
+} if ($SZ==4);
+
+########### SHA512
+$Xload = sub {
+my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_;
+my @pair=("%l".eval(($i*2)%8),"%l".eval(($i*2)%8+1),"%l".eval((($i+1)*2)%8));
+
+$code.=<<___ if ($i==0);
+        ld      [$inp+0],%l0
+        ld      [$inp+4],%l1
+        ld      [$inp+8],%l2
+        ld      [$inp+12],%l3
+        ld      [$inp+16],%l4
+        ld      [$inp+20],%l5
+        ld      [$inp+24],%l6
+        ld      [$inp+28],%l7
+___
+$code.=<<___ if ($i<15);
+        sllx    @pair[1],$tmp31,$tmp2   ! Xload($i)
+        add     $tmp31,32,$tmp0
+        sllx    @pair[0],$tmp0,$tmp1
+        `"ld    [$inp+".eval(32+0+$i*8)."],@pair[0]"    if ($i<12)`
+        srlx    @pair[2],$tmp32,@pair[1]
+        or      $tmp1,$tmp2,$tmp2
+        or      @pair[1],$tmp2,$tmp2
+        `"ld    [$inp+".eval(32+4+$i*8)."],@pair[1]"    if ($i<12)`
+        add     $h,$tmp2,$T1
+        $ST     $tmp2,[%sp+`$bias+$frame+$i*$SZ`]
+___
+$code.=<<___ if ($i==12);
+        brnz,a  $tmp31,.+8
+        ld      [$inp+128],%l0
+___
+$code.=<<___ if ($i==15);
+        ld      [%sp+`$bias+$frame+(($i+1+1)%16)*$SZ+0`],%l2
+        sllx    @pair[1],$tmp31,$tmp2   ! Xload($i)
+        add     $tmp31,32,$tmp0
+        ld      [%sp+`$bias+$frame+(($i+1+1)%16)*$SZ+4`],%l3
+        sllx    @pair[0],$tmp0,$tmp1
+        ld      [%sp+`$bias+$frame+(($i+1+9)%16)*$SZ+0`],%l4
+        srlx    @pair[2],$tmp32,@pair[1]
+        or      $tmp1,$tmp2,$tmp2
+        ld      [%sp+`$bias+$frame+(($i+1+9)%16)*$SZ+4`],%l5
+        or      @pair[1],$tmp2,$tmp2
+        ld      [%sp+`$bias+$frame+(($i+1+14)%16)*$SZ+0`],%l6
+        add     $h,$tmp2,$T1
+        $ST     $tmp2,[%sp+`$bias+$frame+$i*$SZ`]
+        ld      [%sp+`$bias+$frame+(($i+1+14)%16)*$SZ+4`],%l7
+        ld      [%sp+`$bias+$frame+(($i+1+0)%16)*$SZ+0`],%l0
+        ld      [%sp+`$bias+$frame+(($i+1+0)%16)*$SZ+4`],%l1
+___
+} if ($SZ==8);
+
+########### common
+sub BODY_00_15 {
+my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_;
+
+    if ($i<16) {
+        &$Xload(@_);
+    } else {
+        $code.="\tadd   $h,$T1,$T1\n";
+    }
+
+$code.=<<___;
+        $SRL    $e,@Sigma1[0],$h        !! $i
+        xor     $f,$g,$tmp2
+        $SLL    $e,`$SZ*8-@Sigma1[2]`,$tmp1
+        and     $e,$tmp2,$tmp2
+        $SRL    $e,@Sigma1[1],$tmp0
+        xor     $tmp1,$h,$h
+        $SLL    $e,`$SZ*8-@Sigma1[1]`,$tmp1
+        xor     $tmp0,$h,$h
+        $SRL    $e,@Sigma1[2],$tmp0
+        xor     $tmp1,$h,$h
+        $SLL    $e,`$SZ*8-@Sigma1[0]`,$tmp1
+        xor     $tmp0,$h,$h
+        xor     $g,$tmp2,$tmp2          ! Ch(e,f,g)
+        xor     $tmp1,$h,$tmp0          ! Sigma1(e)
+
+        $SRL    $a,@Sigma0[0],$h
+        add     $tmp2,$T1,$T1
+        $LD     [$Ktbl+`$i*$SZ`],$tmp2  ! K[$i]
+        $SLL    $a,`$SZ*8-@Sigma0[2]`,$tmp1
+        add     $tmp0,$T1,$T1
+        $SRL    $a,@Sigma0[1],$tmp0
+        xor     $tmp1,$h,$h
+        $SLL    $a,`$SZ*8-@Sigma0[1]`,$tmp1
+        xor     $tmp0,$h,$h
+        $SRL    $a,@Sigma0[2],$tmp0
+        xor     $tmp1,$h,$h     
+        $SLL    $a,`$SZ*8-@Sigma0[0]`,$tmp1
+        xor     $tmp0,$h,$h
+        xor     $tmp1,$h,$h             ! Sigma0(a)
+
+        or      $a,$b,$tmp0
+        and     $a,$b,$tmp1
+        and     $c,$tmp0,$tmp0
+        or      $tmp0,$tmp1,$tmp1       ! Maj(a,b,c)
+        add     $tmp2,$T1,$T1           ! +=K[$i]
+        add     $tmp1,$h,$h
+
+        add     $T1,$d,$d
+        add     $T1,$h,$h
+___
+}
+
+########### SHA256
+$BODY_16_XX = sub {
+my $i=@_[0];
+my $xi;
+
+    if ($i&1) {
+        $xi=$tmp32;
+        $code.="\tsrlx  @X[(($i+1)/2)%8],32,$xi\n";
+    } else {
+        $xi=@X[(($i+1)/2)%8];
+    }
+$code.=<<___;
+        srl     $xi,@sigma0[0],$T1              !! Xupdate($i)
+        sll     $xi,`32-@sigma0[2]`,$tmp1
+        srl     $xi,@sigma0[1],$tmp0
+        xor     $tmp1,$T1,$T1
+        sll     $tmp1,`@sigma0[2]-@sigma0[1]`,$tmp1
+        xor     $tmp0,$T1,$T1
+        srl     $xi,@sigma0[2],$tmp0
+        xor     $tmp1,$T1,$T1
+___
+    if ($i&1) {
+        $xi=@X[(($i+14)/2)%8];
+    } else {
+        $xi=$tmp32;
+        $code.="\tsrlx  @X[(($i+14)/2)%8],32,$xi\n";
+    }
+$code.=<<___;
+        srl     $xi,@sigma1[0],$tmp2
+        xor     $tmp0,$T1,$T1                   ! T1=sigma0(X[i+1])
+        sll     $xi,`32-@sigma1[2]`,$tmp1
+        srl     $xi,@sigma1[1],$tmp0
+        xor     $tmp1,$tmp2,$tmp2
+        sll     $tmp1,`@sigma1[2]-@sigma1[1]`,$tmp1
+        xor     $tmp0,$tmp2,$tmp2
+        srl     $xi,@sigma1[2],$tmp0
+        xor     $tmp1,$tmp2,$tmp2
+___
+    if ($i&1) {
+        $xi=@X[($i/2)%8];
+$code.=<<___;
+        srlx    @X[(($i+9)/2)%8],32,$tmp1       ! X[i+9]
+        xor     $tmp0,$tmp2,$tmp2               ! sigma1(X[i+14])
+        srl     @X[($i/2)%8],0,$tmp0
+        add     $xi,$T1,$T1                     ! +=X[i]
+        xor     $tmp0,@X[($i/2)%8],@X[($i/2)%8]
+        add     $tmp2,$T1,$T1
+        add     $tmp1,$T1,$T1
+
+        srl     $T1,0,$T1
+        or      $T1,@X[($i/2)%8],@X[($i/2)%8]
+___
+    } else {
+        $xi=@X[(($i+9)/2)%8];
+$code.=<<___;
+        srlx    @X[($i/2)%8],32,$tmp1           ! X[i]
+        xor     $tmp0,$tmp2,$tmp2               ! sigma1(X[i+14])
+        srl     @X[($i/2)%8],0,@X[($i/2)%8]
+        add     $xi,$T1,$T1                     ! +=X[i+9]
+        add     $tmp2,$T1,$T1
+        add     $tmp1,$T1,$T1
+
+        sllx    $T1,32,$tmp0
+        or      $tmp0,@X[($i/2)%8],@X[($i/2)%8]
+___
+    }
+    &BODY_00_15(@_);
+} if ($SZ==4);
+
+########### SHA512
+$BODY_16_XX = sub {
+my $i=@_[0];
+my @pair=("%l".eval(($i*2)%8),"%l".eval(($i*2)%8+1));
+
+$code.=<<___;
+        sllx    %l2,32,$tmp0            !! Xupdate($i)
+        or      %l3,$tmp0,$tmp0
+
+        srlx    $tmp0,@sigma0[0],$T1
+        ld      [%sp+`$bias+$frame+(($i+1+1)%16)*$SZ+0`],%l2
+        sllx    $tmp0,`64-@sigma0[2]`,$tmp1
+        ld      [%sp+`$bias+$frame+(($i+1+1)%16)*$SZ+4`],%l3
+        srlx    $tmp0,@sigma0[1],$tmp0
+        xor     $tmp1,$T1,$T1
+        sllx    $tmp1,`@sigma0[2]-@sigma0[1]`,$tmp1
+        xor     $tmp0,$T1,$T1
+        srlx    $tmp0,`@sigma0[2]-@sigma0[1]`,$tmp0
+        xor     $tmp1,$T1,$T1
+        sllx    %l6,32,$tmp2
+        xor     $tmp0,$T1,$T1           ! sigma0(X[$i+1])
+        or      %l7,$tmp2,$tmp2
+
+        srlx    $tmp2,@sigma1[0],$tmp1
+        ld      [%sp+`$bias+$frame+(($i+1+14)%16)*$SZ+0`],%l6
+        sllx    $tmp2,`64-@sigma1[2]`,$tmp0
+        ld      [%sp+`$bias+$frame+(($i+1+14)%16)*$SZ+4`],%l7
+        srlx    $tmp2,@sigma1[1],$tmp2
+        xor     $tmp0,$tmp1,$tmp1
+        sllx    $tmp0,`@sigma1[2]-@sigma1[1]`,$tmp0
+        xor     $tmp2,$tmp1,$tmp1
+        srlx    $tmp2,`@sigma1[2]-@sigma1[1]`,$tmp2
+        xor     $tmp0,$tmp1,$tmp1
+        sllx    %l4,32,$tmp0
+        xor     $tmp2,$tmp1,$tmp1       ! sigma1(X[$i+14])
+        ld      [%sp+`$bias+$frame+(($i+1+9)%16)*$SZ+0`],%l4
+        or      %l5,$tmp0,$tmp0
+        ld      [%sp+`$bias+$frame+(($i+1+9)%16)*$SZ+4`],%l5
+
+        sllx    %l0,32,$tmp2
+        add     $tmp1,$T1,$T1
+        ld      [%sp+`$bias+$frame+(($i+1+0)%16)*$SZ+0`],%l0
+        or      %l1,$tmp2,$tmp2
+        add     $tmp0,$T1,$T1           ! +=X[$i+9]
+        ld      [%sp+`$bias+$frame+(($i+1+0)%16)*$SZ+4`],%l1
+        add     $tmp2,$T1,$T1           ! +=X[$i]
+        $ST     $T1,[%sp+`$bias+$frame+($i%16)*$SZ`]
+___
+    &BODY_00_15(@_);
+} if ($SZ==8);
+
+$code.=<<___ if ($bits==64);
+.register       %g2,#scratch
+.register       %g3,#scratch
+___
+$code.=<<___;
+.section        ".text",#alloc,#execinstr
+
+.align  64
+K${label}:
+.type   K${label},#object
+___
+if ($SZ==4) {
+$code.=<<___;
+        .long   0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5
+        .long   0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5
+        .long   0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3
+        .long   0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174
+        .long   0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc
+        .long   0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da
+        .long   0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7
+        .long   0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967
+        .long   0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13
+        .long   0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85
+        .long   0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3
+        .long   0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070
+        .long   0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5
+        .long   0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3
+        .long   0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208
+        .long   0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
+___
+} else {
+$code.=<<___;
+        .long   0x428a2f98,0xd728ae22, 0x71374491,0x23ef65cd
+        .long   0xb5c0fbcf,0xec4d3b2f, 0xe9b5dba5,0x8189dbbc
+        .long   0x3956c25b,0xf348b538, 0x59f111f1,0xb605d019
+        .long   0x923f82a4,0xaf194f9b, 0xab1c5ed5,0xda6d8118
+        .long   0xd807aa98,0xa3030242, 0x12835b01,0x45706fbe
+        .long   0x243185be,0x4ee4b28c, 0x550c7dc3,0xd5ffb4e2
+        .long   0x72be5d74,0xf27b896f, 0x80deb1fe,0x3b1696b1
+        .long   0x9bdc06a7,0x25c71235, 0xc19bf174,0xcf692694
+        .long   0xe49b69c1,0x9ef14ad2, 0xefbe4786,0x384f25e3
+        .long   0x0fc19dc6,0x8b8cd5b5, 0x240ca1cc,0x77ac9c65
+        .long   0x2de92c6f,0x592b0275, 0x4a7484aa,0x6ea6e483
+        .long   0x5cb0a9dc,0xbd41fbd4, 0x76f988da,0x831153b5
+        .long   0x983e5152,0xee66dfab, 0xa831c66d,0x2db43210
+        .long   0xb00327c8,0x98fb213f, 0xbf597fc7,0xbeef0ee4
+        .long   0xc6e00bf3,0x3da88fc2, 0xd5a79147,0x930aa725
+        .long   0x06ca6351,0xe003826f, 0x14292967,0x0a0e6e70
+        .long   0x27b70a85,0x46d22ffc, 0x2e1b2138,0x5c26c926
+        .long   0x4d2c6dfc,0x5ac42aed, 0x53380d13,0x9d95b3df
+        .long   0x650a7354,0x8baf63de, 0x766a0abb,0x3c77b2a8
+        .long   0x81c2c92e,0x47edaee6, 0x92722c85,0x1482353b
+        .long   0xa2bfe8a1,0x4cf10364, 0xa81a664b,0xbc423001
+        .long   0xc24b8b70,0xd0f89791, 0xc76c51a3,0x0654be30
+        .long   0xd192e819,0xd6ef5218, 0xd6990624,0x5565a910
+        .long   0xf40e3585,0x5771202a, 0x106aa070,0x32bbd1b8
+        .long   0x19a4c116,0xb8d2d0c8, 0x1e376c08,0x5141ab53
+        .long   0x2748774c,0xdf8eeb99, 0x34b0bcb5,0xe19b48a8
+        .long   0x391c0cb3,0xc5c95a63, 0x4ed8aa4a,0xe3418acb
+        .long   0x5b9cca4f,0x7763e373, 0x682e6ff3,0xd6b2b8a3
+        .long   0x748f82ee,0x5defb2fc, 0x78a5636f,0x43172f60
+        .long   0x84c87814,0xa1f0ab72, 0x8cc70208,0x1a6439ec
+        .long   0x90befffa,0x23631e28, 0xa4506ceb,0xde82bde9
+        .long   0xbef9a3f7,0xb2c67915, 0xc67178f2,0xe372532b
+        .long   0xca273ece,0xea26619c, 0xd186b8c7,0x21c0c207
+        .long   0xeada7dd6,0xcde0eb1e, 0xf57d4f7f,0xee6ed178
+        .long   0x06f067aa,0x72176fba, 0x0a637dc5,0xa2c898a6
+        .long   0x113f9804,0xbef90dae, 0x1b710b35,0x131c471b
+        .long   0x28db77f5,0x23047d84, 0x32caab7b,0x40c72493
+        .long   0x3c9ebe0a,0x15c9bebc, 0x431d67c4,0x9c100d4c
+        .long   0x4cc5d4be,0xcb3e42b6, 0x597f299c,0xfc657e2a
+        .long   0x5fcb6fab,0x3ad6faec, 0x6c44198c,0x4a475817
+___
+}
+$code.=<<___;
+.size   K${label},.-K${label}
+.globl  sha${label}_block_data_order
+sha${label}_block_data_order:
+        save    %sp,`-$frame-$locals`,%sp
+        and     $inp,`$align-1`,$tmp31
+        sllx    $len,`log(16*$SZ)/log(2)`,$len
+        andn    $inp,`$align-1`,$inp
+        sll     $tmp31,3,$tmp31
+        add     $inp,$len,$len
+___
+$code.=<<___ if ($SZ==8); # SHA512
+        mov     32,$tmp32
+        sub     $tmp32,$tmp31,$tmp32
+___
+$code.=<<___;
+.Lpic:  call    .+8
+        add     %o7,K${label}-.Lpic,$Ktbl
+
+        $LD     [$ctx+`0*$SZ`],$A
+        $LD     [$ctx+`1*$SZ`],$B
+        $LD     [$ctx+`2*$SZ`],$C
+        $LD     [$ctx+`3*$SZ`],$D
+        $LD     [$ctx+`4*$SZ`],$E
+        $LD     [$ctx+`5*$SZ`],$F
+        $LD     [$ctx+`6*$SZ`],$G
+        $LD     [$ctx+`7*$SZ`],$H
+
+.Lloop:
+___
+for ($i=0;$i<16;$i++)   { &BODY_00_15($i,@V); unshift(@V,pop(@V)); }
+$code.=".L16_xx:\n";
+for (;$i<32;$i++)       { &$BODY_16_XX($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+        and     $tmp2,0xfff,$tmp2
+        cmp     $tmp2,$lastK
+        bne     .L16_xx
+        add     $Ktbl,`16*$SZ`,$Ktbl    ! Ktbl+=16
+
+___
+$code.=<<___ if ($SZ==4); # SHA256
+        $LD     [$ctx+`0*$SZ`],@X[0]
+        $LD     [$ctx+`1*$SZ`],@X[1]
+        $LD     [$ctx+`2*$SZ`],@X[2]
+        $LD     [$ctx+`3*$SZ`],@X[3]
+        $LD     [$ctx+`4*$SZ`],@X[4]
+        $LD     [$ctx+`5*$SZ`],@X[5]
+        $LD     [$ctx+`6*$SZ`],@X[6]
+        $LD     [$ctx+`7*$SZ`],@X[7]
+
+        add     $A,@X[0],$A
+        $ST     $A,[$ctx+`0*$SZ`]
+        add     $B,@X[1],$B
+        $ST     $B,[$ctx+`1*$SZ`]
+        add     $C,@X[2],$C
+        $ST     $C,[$ctx+`2*$SZ`]
+        add     $D,@X[3],$D
+        $ST     $D,[$ctx+`3*$SZ`]
+        add     $E,@X[4],$E
+        $ST     $E,[$ctx+`4*$SZ`]
+        add     $F,@X[5],$F
+        $ST     $F,[$ctx+`5*$SZ`]
+        add     $G,@X[6],$G
+        $ST     $G,[$ctx+`6*$SZ`]
+        add     $H,@X[7],$H
+        $ST     $H,[$ctx+`7*$SZ`]
+___
+$code.=<<___ if ($SZ==8); # SHA512
+        ld      [$ctx+`0*$SZ+0`],%l0
+        ld      [$ctx+`0*$SZ+4`],%l1
+        ld      [$ctx+`1*$SZ+0`],%l2
+        ld      [$ctx+`1*$SZ+4`],%l3
+        ld      [$ctx+`2*$SZ+0`],%l4
+        ld      [$ctx+`2*$SZ+4`],%l5
+        ld      [$ctx+`3*$SZ+0`],%l6
+
+        sllx    %l0,32,$tmp0
+        ld      [$ctx+`3*$SZ+4`],%l7
+        sllx    %l2,32,$tmp1
+        or      %l1,$tmp0,$tmp0
+        or      %l3,$tmp1,$tmp1
+        add     $tmp0,$A,$A
+        add     $tmp1,$B,$B
+        $ST     $A,[$ctx+`0*$SZ`]
+        sllx    %l4,32,$tmp2
+        $ST     $B,[$ctx+`1*$SZ`]
+        sllx    %l6,32,$T1
+        or      %l5,$tmp2,$tmp2
+        or      %l7,$T1,$T1
+        add     $tmp2,$C,$C
+        $ST     $C,[$ctx+`2*$SZ`]
+        add     $T1,$D,$D
+        $ST     $D,[$ctx+`3*$SZ`]
+
+        ld      [$ctx+`4*$SZ+0`],%l0
+        ld      [$ctx+`4*$SZ+4`],%l1
+        ld      [$ctx+`5*$SZ+0`],%l2
+        ld      [$ctx+`5*$SZ+4`],%l3
+        ld      [$ctx+`6*$SZ+0`],%l4
+        ld      [$ctx+`6*$SZ+4`],%l5
+        ld      [$ctx+`7*$SZ+0`],%l6
+
+        sllx    %l0,32,$tmp0
+        ld      [$ctx+`7*$SZ+4`],%l7
+        sllx    %l2,32,$tmp1
+        or      %l1,$tmp0,$tmp0
+        or      %l3,$tmp1,$tmp1
+        add     $tmp0,$E,$E
+        add     $tmp1,$F,$F
+        $ST     $E,[$ctx+`4*$SZ`]
+        sllx    %l4,32,$tmp2
+        $ST     $F,[$ctx+`5*$SZ`]
+        sllx    %l6,32,$T1
+        or      %l5,$tmp2,$tmp2
+        or      %l7,$T1,$T1
+        add     $tmp2,$G,$G
+        $ST     $G,[$ctx+`6*$SZ`]
+        add     $T1,$H,$H
+        $ST     $H,[$ctx+`7*$SZ`]
+___
+$code.=<<___;
+        add     $inp,`16*$SZ`,$inp              ! advance inp
+        cmp     $inp,$len
+        bne     `$bits==64?"%xcc":"%icc"`,.Lloop
+        sub     $Ktbl,`($rounds-16)*$SZ`,$Ktbl  ! rewind Ktbl
+
+        ret
+        restore
+.type   sha${label}_block_data_order,#function
+.size   sha${label}_block_data_order,(.-sha${label}_block_data_order)
+.asciz  "SHA${label} block transform for SPARCv9, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+print $code;
+close STDOUT;
diff --git a/src/lib/libcrypto/sha/asm/sha512-x86_64.pl b/src/lib/libcrypto/sha/asm/sha512-x86_64.pl
index b6252d31ec..e6643f8cf6 100755
--- a/src/lib/libcrypto/sha/asm/sha512-x86_64.pl
+++ b/src/lib/libcrypto/sha/asm/sha512-x86_64.pl
@@ -40,14 +40,18 @@
 # sha256_block:-( This is presumably because 64-bit shifts/rotates
 # apparently are not atomic instructions, but implemented in microcode.
 
-$output=shift;
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
 
 $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
 ( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
 ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
 die "can't locate x86_64-xlate.pl";
 
-open STDOUT,"| $^X $xlate $output";
+open STDOUT,"| $^X $xlate $flavour $output";
 
 if ($output =~ /512/) {
         $func="sha512_block_data_order";
@@ -186,7 +190,7 @@ $func:
         push    %r13
         push    %r14
         push    %r15
-        mov     %rsp,%rbp               # copy %rsp
+        mov     %rsp,%r11               # copy %rsp
         shl     \$4,%rdx                # num*16
         sub     \$$framesz,%rsp
         lea     ($inp,%rdx,$SZ),%rdx    # inp+num*16*$SZ
@@ -194,10 +198,10 @@ $func:
         mov     $ctx,$_ctx              # save ctx, 1st arg
         mov     $inp,$_inp              # save inp, 2nd arh
         mov     %rdx,$_end              # save end pointer, "3rd" arg
-        mov     %rbp,$_rsp              # save copy of %rsp
+        mov     %r11,$_rsp              # save copy of %rsp
+.Lprologue:
 
-        .picmeup $Tbl
-        lea     $TABLE-.($Tbl),$Tbl
+        lea     $TABLE(%rip),$Tbl
 
         mov     $SZ*0($ctx),$A
         mov     $SZ*1($ctx),$B
@@ -257,14 +261,15 @@ $code.=<<___;
         mov     $H,$SZ*7($ctx)
         jb      .Lloop
 
-        mov     $_rsp,%rsp
-        pop     %r15
-        pop     %r14
-        pop     %r13
-        pop     %r12
-        pop     %rbp
-        pop     %rbx
-
+        mov     $_rsp,%rsi
+        mov     (%rsi),%r15
+        mov     8(%rsi),%r14
+        mov     16(%rsi),%r13
+        mov     24(%rsi),%r12
+        mov     32(%rsi),%rbp
+        mov     40(%rsi),%rbx
+        lea     48(%rsi),%rsp
+.Lepilogue:
         ret
 .size   $func,.-$func
 ___
@@ -339,6 +344,113 @@ $TABLE:
 ___
 }
 
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#               CONTEXT *context,DISPATCHER_CONTEXT *disp)
+if ($win64) {
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+
+$code.=<<___;
+.extern __imp_RtlVirtualUnwind
+.type   se_handler,\@abi-omnipotent
+.align  16
+se_handler:
+        push    %rsi
+        push    %rdi
+        push    %rbx
+        push    %rbp
+        push    %r12
+        push    %r13
+        push    %r14
+        push    %r15
+        pushfq
+        sub     \$64,%rsp
+
+        mov     120($context),%rax      # pull context->Rax
+        mov     248($context),%rbx      # pull context->Rip
+
+        lea     .Lprologue(%rip),%r10
+        cmp     %r10,%rbx               # context->Rip<.Lprologue
+        jb      .Lin_prologue
+
+        mov     152($context),%rax      # pull context->Rsp
+
+        lea     .Lepilogue(%rip),%r10
+        cmp     %r10,%rbx               # context->Rip>=.Lepilogue
+        jae     .Lin_prologue
+
+        mov     16*$SZ+3*8(%rax),%rax   # pull $_rsp
+        lea     48(%rax),%rax
+
+        mov     -8(%rax),%rbx
+        mov     -16(%rax),%rbp
+        mov     -24(%rax),%r12
+        mov     -32(%rax),%r13
+        mov     -40(%rax),%r14
+        mov     -48(%rax),%r15
+        mov     %rbx,144($context)      # restore context->Rbx
+        mov     %rbp,160($context)      # restore context->Rbp
+        mov     %r12,216($context)      # restore context->R12
+        mov     %r13,224($context)      # restore context->R13
+        mov     %r14,232($context)      # restore context->R14
+        mov     %r15,240($context)      # restore context->R15
+
+.Lin_prologue:
+        mov     8(%rax),%rdi
+        mov     16(%rax),%rsi
+        mov     %rax,152($context)      # restore context->Rsp
+        mov     %rsi,168($context)      # restore context->Rsi
+        mov     %rdi,176($context)      # restore context->Rdi
+
+        mov     40($disp),%rdi          # disp->ContextRecord
+        mov     $context,%rsi           # context
+        mov     \$154,%ecx              # sizeof(CONTEXT)
+        .long   0xa548f3fc              # cld; rep movsq
+
+        mov     $disp,%rsi
+        xor     %rcx,%rcx               # arg1, UNW_FLAG_NHANDLER
+        mov     8(%rsi),%rdx            # arg2, disp->ImageBase
+        mov     0(%rsi),%r8             # arg3, disp->ControlPc
+        mov     16(%rsi),%r9            # arg4, disp->FunctionEntry
+        mov     40(%rsi),%r10           # disp->ContextRecord
+        lea     56(%rsi),%r11           # &disp->HandlerData
+        lea     24(%rsi),%r12           # &disp->EstablisherFrame
+        mov     %r10,32(%rsp)           # arg5
+        mov     %r11,40(%rsp)           # arg6
+        mov     %r12,48(%rsp)           # arg7
+        mov     %rcx,56(%rsp)           # arg8, (NULL)
+        call    *__imp_RtlVirtualUnwind(%rip)
+
+        mov     \$1,%eax                # ExceptionContinueSearch
+        add     \$64,%rsp
+        popfq
+        pop     %r15
+        pop     %r14
+        pop     %r13
+        pop     %r12
+        pop     %rbp
+        pop     %rbx
+        pop     %rdi
+        pop     %rsi
+        ret
+.size   se_handler,.-se_handler
+
+.section        .pdata
+.align  4
+        .rva    .LSEH_begin_$func
+        .rva    .LSEH_end_$func
+        .rva    .LSEH_info_$func
+
+.section        .xdata
+.align  8
+.LSEH_info_$func:
+        .byte   9,0,0,0
+        .rva    se_handler
+___
+}
+
 $code =~ s/\`([^\`]*)\`/eval $1/gem;
 print $code;
 close STDOUT;
diff --git a/src/lib/libcrypto/sha/sha256.c b/src/lib/libcrypto/sha/sha256.c
index 3256a83e98..8952d87673 100644
--- a/src/lib/libcrypto/sha/sha256.c
+++ b/src/lib/libcrypto/sha/sha256.c
@@ -12,39 +12,29 @@
 
 #include <openssl/crypto.h>
 #include <openssl/sha.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 #include <openssl/opensslv.h>
 
 const char SHA256_version[]="SHA-256" OPENSSL_VERSION_PTEXT;
 
 int SHA224_Init (SHA256_CTX *c)
         {
-#ifdef OPENSSL_FIPS
-        FIPS_selftest_check();
-#endif
+        memset (c,0,sizeof(*c));
         c->h[0]=0xc1059ed8UL;   c->h[1]=0x367cd507UL;
         c->h[2]=0x3070dd17UL;   c->h[3]=0xf70e5939UL;
         c->h[4]=0xffc00b31UL;   c->h[5]=0x68581511UL;
         c->h[6]=0x64f98fa7UL;   c->h[7]=0xbefa4fa4UL;
-        c->Nl=0;        c->Nh=0;
-        c->num=0;       c->md_len=SHA224_DIGEST_LENGTH;
+        c->md_len=SHA224_DIGEST_LENGTH;
         return 1;
         }
 
 int SHA256_Init (SHA256_CTX *c)
         {
-#ifdef OPENSSL_FIPS
-        FIPS_selftest_check();
-#endif
+        memset (c,0,sizeof(*c));
         c->h[0]=0x6a09e667UL;   c->h[1]=0xbb67ae85UL;
         c->h[2]=0x3c6ef372UL;   c->h[3]=0xa54ff53aUL;
         c->h[4]=0x510e527fUL;   c->h[5]=0x9b05688cUL;
         c->h[6]=0x1f83d9abUL;   c->h[7]=0x5be0cd19UL;
-        c->Nl=0;        c->Nh=0;
-        c->num=0;       c->md_len=SHA256_DIGEST_LENGTH;
+        c->md_len=SHA256_DIGEST_LENGTH;
         return 1;
         }
 
@@ -94,21 +84,21 @@ int SHA224_Final (unsigned char *md, SHA256_CTX *c)
  */
 #define HASH_MAKE_STRING(c,s)   do {    \
         unsigned long ll;               \
-        unsigned int  xn;               \
+        unsigned int  nn;               \
         switch ((c)->md_len)            \
         {   case SHA224_DIGEST_LENGTH:  \
-                for (xn=0;xn<SHA224_DIGEST_LENGTH/4;xn++)       \
-                {   ll=(c)->h[xn]; HOST_l2c(ll,(s));   }        \
+                for (nn=0;nn<SHA224_DIGEST_LENGTH/4;nn++)       \
+                {   ll=(c)->h[nn]; HOST_l2c(ll,(s));   }        \
                 break;                  \
             case SHA256_DIGEST_LENGTH:  \
-                for (xn=0;xn<SHA256_DIGEST_LENGTH/4;xn++)       \
-                {   ll=(c)->h[xn]; HOST_l2c(ll,(s));   }        \
+                for (nn=0;nn<SHA256_DIGEST_LENGTH/4;nn++)       \
+                {   ll=(c)->h[nn]; HOST_l2c(ll,(s));   }        \
                 break;                  \
             default:                    \
                 if ((c)->md_len > SHA256_DIGEST_LENGTH) \
                     return 0;                           \
-                for (xn=0;xn<(c)->md_len/4;xn++)                \
-                {   ll=(c)->h[xn]; HOST_l2c(ll,(s));   }        \
+                for (nn=0;nn<(c)->md_len/4;nn++)                \
+                {   ll=(c)->h[nn]; HOST_l2c(ll,(s));   }        \
                 break;                  \
         }                               \
         } while (0)
diff --git a/src/lib/libcrypto/sha/sha512.c b/src/lib/libcrypto/sha/sha512.c
index f5ed468b85..cbc0e58c48 100644
--- a/src/lib/libcrypto/sha/sha512.c
+++ b/src/lib/libcrypto/sha/sha512.c
@@ -5,10 +5,6 @@
  * ====================================================================
  */
 #include <openssl/opensslconf.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512)
 /*
  * IMPLEMENTATION NOTES.
@@ -65,9 +61,19 @@ const char SHA512_version[]="SHA-512" OPENSSL_VERSION_PTEXT;
 
 int SHA384_Init (SHA512_CTX *c)
         {
-#ifdef OPENSSL_FIPS
-        FIPS_selftest_check();
-#endif
+#if defined(SHA512_ASM) && (defined(__arm__) || defined(__arm))
+        /* maintain dword order required by assembler module */
+        unsigned int *h = (unsigned int *)c->h;
+
+        h[0]  = 0xcbbb9d5d; h[1]  = 0xc1059ed8;
+        h[2]  = 0x629a292a; h[3]  = 0x367cd507;
+        h[4]  = 0x9159015a; h[5]  = 0x3070dd17;
+        h[6]  = 0x152fecd8; h[7]  = 0xf70e5939;
+        h[8]  = 0x67332667; h[9]  = 0xffc00b31;
+        h[10] = 0x8eb44a87; h[11] = 0x68581511;
+        h[12] = 0xdb0c2e0d; h[13] = 0x64f98fa7;
+        h[14] = 0x47b5481d; h[15] = 0xbefa4fa4;
+#else
         c->h[0]=U64(0xcbbb9d5dc1059ed8);
         c->h[1]=U64(0x629a292a367cd507);
         c->h[2]=U64(0x9159015a3070dd17);
@@ -76,6 +82,7 @@ int SHA384_Init (SHA512_CTX *c)
         c->h[5]=U64(0x8eb44a8768581511);
         c->h[6]=U64(0xdb0c2e0d64f98fa7);
         c->h[7]=U64(0x47b5481dbefa4fa4);
+#endif
         c->Nl=0;        c->Nh=0;
         c->num=0;       c->md_len=SHA384_DIGEST_LENGTH;
         return 1;
@@ -83,9 +90,19 @@ int SHA384_Init (SHA512_CTX *c)
 
 int SHA512_Init (SHA512_CTX *c)
         {
-#ifdef OPENSSL_FIPS
-        FIPS_selftest_check();
-#endif
+#if defined(SHA512_ASM) && (defined(__arm__) || defined(__arm))
+        /* maintain dword order required by assembler module */
+        unsigned int *h = (unsigned int *)c->h;
+
+        h[0]  = 0x6a09e667; h[1]  = 0xf3bcc908;
+        h[2]  = 0xbb67ae85; h[3]  = 0x84caa73b;
+        h[4]  = 0x3c6ef372; h[5]  = 0xfe94f82b;
+        h[6]  = 0xa54ff53a; h[7]  = 0x5f1d36f1;
+        h[8]  = 0x510e527f; h[9]  = 0xade682d1;
+        h[10] = 0x9b05688c; h[11] = 0x2b3e6c1f;
+        h[12] = 0x1f83d9ab; h[13] = 0xfb41bd6b;
+        h[14] = 0x5be0cd19; h[15] = 0x137e2179;
+#else
         c->h[0]=U64(0x6a09e667f3bcc908);
         c->h[1]=U64(0xbb67ae8584caa73b);
         c->h[2]=U64(0x3c6ef372fe94f82b);
@@ -94,6 +111,7 @@ int SHA512_Init (SHA512_CTX *c)
         c->h[5]=U64(0x9b05688c2b3e6c1f);
         c->h[6]=U64(0x1f83d9abfb41bd6b);
         c->h[7]=U64(0x5be0cd19137e2179);
+#endif
         c->Nl=0;        c->Nh=0;
         c->num=0;       c->md_len=SHA512_DIGEST_LENGTH;
         return 1;
@@ -142,6 +160,24 @@ int SHA512_Final (unsigned char *md, SHA512_CTX *c)
 
         if (md==0) return 0;
 
+#if defined(SHA512_ASM) && (defined(__arm__) || defined(__arm))
+        /* recall assembler dword order... */
+        n = c->md_len;
+        if (n == SHA384_DIGEST_LENGTH || n == SHA512_DIGEST_LENGTH)
+                {
+                unsigned int *h = (unsigned int *)c->h, t;
+
+                for (n/=4;n;n--)
+                        {
+                        t = *(h++);
+                        *(md++) = (unsigned char)(t>>24);
+                        *(md++) = (unsigned char)(t>>16);
+                        *(md++) = (unsigned char)(t>>8);
+                        *(md++) = (unsigned char)(t);
+                        }
+                }
+        else    return 0;
+#else
         switch (c->md_len)
                 {
                 /* Let compiler decide if it's appropriate to unroll... */
@@ -178,7 +214,7 @@ int SHA512_Final (unsigned char *md, SHA512_CTX *c)
                 /* ... as well as make sure md_len is not abused. */
                 default:        return 0;
                 }
-
+#endif
         return 1;
         }
 
@@ -204,7 +240,7 @@ int SHA512_Update (SHA512_CTX *c, const void *_data, size_t len)
 
                 if (len < n)
                         {
-                        memcpy (p+c->num,data,len), c->num += len;
+                        memcpy (p+c->num,data,len), c->num += (unsigned int)len;
                         return 1;
                         }
                 else    {
@@ -314,7 +350,7 @@ static const SHA_LONG64 K512[80] = {
 #ifndef PEDANTIC
 # if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
 #  if defined(__x86_64) || defined(__x86_64__)
-#   define ROTR(a,n)    ({ unsigned long ret;           \
+#   define ROTR(a,n)    ({ SHA_LONG64 ret;              \
                                 asm ("rorq %1,%0"       \
                                 : "=r"(ret)             \
                                 : "J"(n),"0"(a)         \
@@ -337,20 +373,21 @@ static const SHA_LONG64 K512[80] = {
                                 ((SHA_LONG64)hi)<<32|lo;        })
 #   else
 #    define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\
-                         unsigned int hi=p[0],lo=p[1];                  \
+                         unsigned int hi=p[0],lo=p[1];          \
                                 asm ("bswapl %0; bswapl %1;"    \
                                 : "=r"(lo),"=r"(hi)             \
                                 : "0"(lo),"1"(hi));             \
                                 ((SHA_LONG64)hi)<<32|lo;        })
 #   endif
 #  elif (defined(_ARCH_PPC) && defined(__64BIT__)) || defined(_ARCH_PPC64)
-#   define ROTR(a,n)    ({ unsigned long ret;           \
+#   define ROTR(a,n)    ({ SHA_LONG64 ret;              \
                                 asm ("rotrdi %0,%1,%2"  \
                                 : "=r"(ret)             \
                                 : "r"(a),"K"(n)); ret;  })
 #  endif
 # elif defined(_MSC_VER)
 #  if defined(_WIN64)   /* applies to both IA-64 and AMD64 */
+#   pragma intrinsic(_rotr64)
 #   define ROTR(a,n)    _rotr64((a),n)
 #  endif
 #  if defined(_M_IX86) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
@@ -398,15 +435,66 @@ static const SHA_LONG64 K512[80] = {
 #define Ch(x,y,z)       (((x) & (y)) ^ ((~(x)) & (z)))
 #define Maj(x,y,z)      (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
 
-#if defined(OPENSSL_IA32_SSE2) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY)
-#define GO_FOR_SSE2(ctx,in,num)         do {            \
-        void    sha512_block_sse2(void *,const void *,size_t);  \
-        if (!(OPENSSL_ia32cap_P & (1<<26))) break;      \
-        sha512_block_sse2(ctx->h,in,num); return;       \
-                                        } while (0)
+
+#if defined(__i386) || defined(__i386__) || defined(_M_IX86)
+/*
+ * This code should give better results on 32-bit CPU with less than
+ * ~24 registers, both size and performance wise...
+ */
+static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num)
+        {
+        const SHA_LONG64 *W=in;
+        SHA_LONG64      A,E,T;
+        SHA_LONG64      X[9+80],*F;
+        int i;
+
+                        while (num--) {
+
+        F    = X+80;
+        A    = ctx->h[0];       F[1] = ctx->h[1];
+        F[2] = ctx->h[2];       F[3] = ctx->h[3];
+        E    = ctx->h[4];       F[5] = ctx->h[5];
+        F[6] = ctx->h[6];       F[7] = ctx->h[7];
+
+        for (i=0;i<16;i++,F--)
+                {
+#ifdef B_ENDIAN
+                T = W[i];
+#else
+                T = PULL64(W[i]);
 #endif
+                F[0] = A;
+                F[4] = E;
+                F[8] = T;
+                T   += F[7] + Sigma1(E) + Ch(E,F[5],F[6]) + K512[i];
+                E    = F[3] + T;
+                A    = T + Sigma0(A) + Maj(A,F[1],F[2]);
+                }
+
+        for (;i<80;i++,F--)
+                {
+                T    = sigma0(F[8+16-1]);
+                T   += sigma1(F[8+16-14]);
+                T   += F[8+16] + F[8+16-9];
+
+                F[0] = A;
+                F[4] = E;
+                F[8] = T;
+                T   += F[7] + Sigma1(E) + Ch(E,F[5],F[6]) + K512[i];
+                E    = F[3] + T;
+                A    = T + Sigma0(A) + Maj(A,F[1],F[2]);
+                }
 
-#ifdef OPENSSL_SMALL_FOOTPRINT
+        ctx->h[0] += A;         ctx->h[1] += F[1];
+        ctx->h[2] += F[2];      ctx->h[3] += F[3];
+        ctx->h[4] += E;         ctx->h[5] += F[5];
+        ctx->h[6] += F[6];      ctx->h[7] += F[7];
+
+                        W+=SHA_LBLOCK;
+                        }
+        }
+
+#elif defined(OPENSSL_SMALL_FOOTPRINT)
 
 static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num)
         {
@@ -415,10 +503,6 @@ static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num
         SHA_LONG64      X[16];
         int i;
 
-#ifdef GO_FOR_SSE2
-        GO_FOR_SSE2(ctx,in,num);
-#endif
-
                         while (num--) {
 
         a = ctx->h[0];  b = ctx->h[1];  c = ctx->h[2];  d = ctx->h[3];
@@ -463,11 +547,11 @@ static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num
         h = Sigma0(a) + Maj(a,b,c);                     \
         d += T1;        h += T1;                } while (0)
 
-#define ROUND_16_80(i,a,b,c,d,e,f,g,h,X)        do {    \
-        s0 = X[(i+1)&0x0f];     s0 = sigma0(s0);        \
-        s1 = X[(i+14)&0x0f];    s1 = sigma1(s1);        \
-        T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f];    \
-        ROUND_00_15(i,a,b,c,d,e,f,g,h);         } while (0)
+#define ROUND_16_80(i,j,a,b,c,d,e,f,g,h,X)      do {    \
+        s0 = X[(j+1)&0x0f];     s0 = sigma0(s0);        \
+        s1 = X[(j+14)&0x0f];    s1 = sigma1(s1);        \
+        T1 = X[(j)&0x0f] += s0 + s1 + X[(j+9)&0x0f];    \
+        ROUND_00_15(i+j,a,b,c,d,e,f,g,h);               } while (0)
 
 static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num)
         {
@@ -476,10 +560,6 @@ static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num
         SHA_LONG64      X[16];
         int i;
 
-#ifdef GO_FOR_SSE2
-        GO_FOR_SSE2(ctx,in,num);
-#endif
-
                         while (num--) {
 
         a = ctx->h[0];  b = ctx->h[1];  c = ctx->h[2];  d = ctx->h[3];
@@ -521,16 +601,24 @@ static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num
         T1 = X[15] = PULL64(W[15]);     ROUND_00_15(15,b,c,d,e,f,g,h,a);
 #endif
 
-        for (i=16;i<80;i+=8)
+        for (i=16;i<80;i+=16)
                 {
-                ROUND_16_80(i+0,a,b,c,d,e,f,g,h,X);
-                ROUND_16_80(i+1,h,a,b,c,d,e,f,g,X);
-                ROUND_16_80(i+2,g,h,a,b,c,d,e,f,X);
-                ROUND_16_80(i+3,f,g,h,a,b,c,d,e,X);
-                ROUND_16_80(i+4,e,f,g,h,a,b,c,d,X);
-                ROUND_16_80(i+5,d,e,f,g,h,a,b,c,X);
-                ROUND_16_80(i+6,c,d,e,f,g,h,a,b,X);
-                ROUND_16_80(i+7,b,c,d,e,f,g,h,a,X);
+                ROUND_16_80(i, 0,a,b,c,d,e,f,g,h,X);
+                ROUND_16_80(i, 1,h,a,b,c,d,e,f,g,X);
+                ROUND_16_80(i, 2,g,h,a,b,c,d,e,f,X);
+                ROUND_16_80(i, 3,f,g,h,a,b,c,d,e,X);
+                ROUND_16_80(i, 4,e,f,g,h,a,b,c,d,X);
+                ROUND_16_80(i, 5,d,e,f,g,h,a,b,c,X);
+                ROUND_16_80(i, 6,c,d,e,f,g,h,a,b,X);
+                ROUND_16_80(i, 7,b,c,d,e,f,g,h,a,X);
+                ROUND_16_80(i, 8,a,b,c,d,e,f,g,h,X);
+                ROUND_16_80(i, 9,h,a,b,c,d,e,f,g,X);
+                ROUND_16_80(i,10,g,h,a,b,c,d,e,f,X);
+                ROUND_16_80(i,11,f,g,h,a,b,c,d,e,X);
+                ROUND_16_80(i,12,e,f,g,h,a,b,c,d,X);
+                ROUND_16_80(i,13,d,e,f,g,h,a,b,c,X);
+                ROUND_16_80(i,14,c,d,e,f,g,h,a,b,X);
+                ROUND_16_80(i,15,b,c,d,e,f,g,h,a,X);
                 }
 
         ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d;
@@ -544,4 +632,10 @@ static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num
 
 #endif /* SHA512_ASM */
 
-#endif /* OPENSSL_NO_SHA512 */
+#else /* !OPENSSL_NO_SHA512 */
+
+#if defined(PEDANTIC) || defined(__DECC) || defined(OPENSSL_SYS_MACOSX)
+static void *dummy=&dummy;
+#endif
+
+#endif /* !OPENSSL_NO_SHA512 */
diff --git a/src/lib/libcrypto/sparccpuid.S b/src/lib/libcrypto/sparccpuid.S
index c17350fc89..aa8b11efc9 100644
--- a/src/lib/libcrypto/sparccpuid.S
+++ b/src/lib/libcrypto/sparccpuid.S
@@ -34,7 +34,8 @@ OPENSSL_wipe_cpu:
         nop
         call    .PIC.zero.up
         mov     .zero-(.-4),%o0
-        ldd     [%o0],%f0
+        ld      [%o0],%f0
+        ld      [%o0],%f1
 
         subcc   %g0,1,%o0
         ! Following is V9 "rd %ccr,%o0" instruction. However! V8
@@ -166,6 +167,7 @@ walk_reg_wins:
 
 .global OPENSSL_atomic_add
 .type   OPENSSL_atomic_add,#function
+.align  32
 OPENSSL_atomic_add:
 #ifndef ABI64
         subcc   %g0,1,%o2
@@ -177,7 +179,7 @@ OPENSSL_atomic_add:
         ba      .enter
         nop
 #ifdef __sun
-! Note that you don't have to link with libthread to call thr_yield,
+! Note that you do not have to link with libthread to call thr_yield,
 ! as libc provides a stub, which is overloaded the moment you link
 ! with *either* libpthread or libthread...
 #define YIELD_CPU       thr_yield
@@ -213,27 +215,106 @@ OPENSSL_atomic_add:
         sra     %o0,%g0,%o0     ! we return signed int, remember?
 .size   OPENSSL_atomic_add,.-OPENSSL_atomic_add
 
-.global OPENSSL_rdtsc
+.global _sparcv9_rdtick
+.align  32
+_sparcv9_rdtick:
         subcc   %g0,1,%o0
         .word   0x91408000      !rd     %ccr,%o0
         cmp     %o0,0x99
-        bne     .notsc
+        bne     .notick
         xor     %o0,%o0,%o0
-        save    %sp,FRAME-16,%sp
-        mov     513,%o0         !SI_PLATFORM
-        add     %sp,BIAS+16,%o1
-        call    sysinfo
-        mov     256,%o2
+        .word   0x91410000      !rd     %tick,%o0
+        retl
+        .word   0x93323020      !srlx   %o2,32,%o1
+.notick:
+        retl
+        xor     %o1,%o1,%o1
+.type   _sparcv9_rdtick,#function
+.size   _sparcv9_rdtick,.-_sparcv9_rdtick
 
-        add     %sp,BIAS-16,%o1
-        ld      [%o1],%l0
-        ld      [%o1+4],%l1
-        ld      [%o1+8],%l2
-        mov     %lo('SUNW'),%l3
-        ret
-        restore
-.notsc:
+.global OPENSSL_cleanse
+.align  32
+OPENSSL_cleanse:
+        cmp     %o1,14
+        nop
+#ifdef ABI64
+        bgu     %xcc,.Lot
+#else
+        bgu     .Lot
+#endif
+        cmp     %o1,0
+        bne     .Little
+        nop
+        retl
+        nop
+
+.Little:
+        stb     %g0,[%o0]
+        subcc   %o1,1,%o1
+        bnz     .Little
+        add     %o0,1,%o0
+        retl
+        nop
+.align  32
+.Lot:
+#ifndef ABI64
+        subcc   %g0,1,%g1
+        ! see above for explanation
+        .word   0x83408000      !rd     %ccr,%g1
+        cmp     %g1,0x99
+        bne     .v8lot
+        nop
+#endif
+
+.v9lot: andcc   %o0,7,%g0
+        bz      .v9aligned
+        nop
+        stb     %g0,[%o0]
+        sub     %o1,1,%o1
+        ba      .v9lot
+        add     %o0,1,%o0
+.align  16,0x01000000
+.v9aligned:
+        .word   0xc0720000      !stx    %g0,[%o0]
+        sub     %o1,8,%o1
+        andcc   %o1,-8,%g0
+#ifdef ABI64
+        .word   0x126ffffd      !bnz    %xcc,.v9aligned
+#else
+        .word   0x124ffffd      !bnz    %icc,.v9aligned
+#endif
+        add     %o0,8,%o0
+
+        cmp     %o1,0
+        bne     .Little
+        nop
         retl
         nop
-.type   OPENSSL_rdtsc,#function
-.size   OPENSSL_rdtsc,.-OPENSSL_atomic_add
+#ifndef ABI64
+.v8lot: andcc   %o0,3,%g0
+        bz      .v8aligned
+        nop
+        stb     %g0,[%o0]
+        sub     %o1,1,%o1
+        ba      .v8lot
+        add     %o0,1,%o0
+        nop
+.v8aligned:
+        st      %g0,[%o0]
+        sub     %o1,4,%o1
+        andcc   %o1,-4,%g0
+        bnz     .v8aligned
+        add     %o0,4,%o0
+
+        cmp     %o1,0
+        bne     .Little
+        nop
+        retl
+        nop
+#endif
+.type   OPENSSL_cleanse,#function
+.size   OPENSSL_cleanse,.-OPENSSL_cleanse
+
+.section        ".init",#alloc,#execinstr
+        call    OPENSSL_cpuid_setup
+        nop
diff --git a/src/lib/libcrypto/ts/ts.h b/src/lib/libcrypto/ts/ts.h
new file mode 100644
index 0000000000..190e8a1bf2
--- /dev/null
+++ b/src/lib/libcrypto/ts/ts.h
@@ -0,0 +1,861 @@
+/* crypto/ts/ts.h */
+/* Written by Zoltan Glozik (zglozik@opentsa.org) for the OpenSSL
+ * project 2002, 2003, 2004.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_TS_H
+#define HEADER_TS_H
+
+#include <openssl/opensslconf.h>
+#include <openssl/symhacks.h>
+#ifndef OPENSSL_NO_BUFFER
+#include <openssl/buffer.h>
+#endif
+#ifndef OPENSSL_NO_EVP
+#include <openssl/evp.h>
+#endif
+#ifndef OPENSSL_NO_BIO
+#include <openssl/bio.h>
+#endif
+#include <openssl/stack.h>
+#include <openssl/asn1.h>
+#include <openssl/safestack.h>
+
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
+
+#ifndef OPENSSL_NO_DH
+#include <openssl/dh.h>
+#endif
+
+#include <openssl/evp.h>
+
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#ifdef WIN32
+/* Under Win32 this is defined in wincrypt.h */
+#undef X509_NAME
+#endif
+
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+/*
+MessageImprint ::= SEQUENCE  {
+     hashAlgorithm                AlgorithmIdentifier,
+     hashedMessage                OCTET STRING  }
+*/
+
+typedef struct TS_msg_imprint_st
+        {
+        X509_ALGOR *hash_algo;
+        ASN1_OCTET_STRING *hashed_msg;
+        } TS_MSG_IMPRINT;
+
+/*
+TimeStampReq ::= SEQUENCE  {
+   version                  INTEGER  { v1(1) },
+   messageImprint           MessageImprint,
+     --a hash algorithm OID and the hash value of the data to be
+     --time-stamped
+   reqPolicy                TSAPolicyId                OPTIONAL,
+   nonce                    INTEGER                    OPTIONAL,
+   certReq                  BOOLEAN                    DEFAULT FALSE,
+   extensions               [0] IMPLICIT Extensions    OPTIONAL  }
+*/
+
+typedef struct TS_req_st
+        {
+        ASN1_INTEGER *version;
+        TS_MSG_IMPRINT *msg_imprint;
+        ASN1_OBJECT *policy_id;         /* OPTIONAL */
+        ASN1_INTEGER *nonce;            /* OPTIONAL */
+        ASN1_BOOLEAN cert_req;          /* DEFAULT FALSE */
+        STACK_OF(X509_EXTENSION) *extensions;   /* [0] OPTIONAL */
+        } TS_REQ;
+
+/*
+Accuracy ::= SEQUENCE {
+                seconds        INTEGER           OPTIONAL,
+                millis     [0] INTEGER  (1..999) OPTIONAL,
+                micros     [1] INTEGER  (1..999) OPTIONAL  }
+*/
+
+typedef struct TS_accuracy_st
+        {
+        ASN1_INTEGER *seconds;
+        ASN1_INTEGER *millis;
+        ASN1_INTEGER *micros;
+        } TS_ACCURACY;
+
+/*
+TSTInfo ::= SEQUENCE  {
+    version                      INTEGER  { v1(1) },
+    policy                       TSAPolicyId,
+    messageImprint               MessageImprint,
+      -- MUST have the same value as the similar field in
+      -- TimeStampReq
+    serialNumber                 INTEGER,
+     -- Time-Stamping users MUST be ready to accommodate integers
+     -- up to 160 bits.
+    genTime                      GeneralizedTime,
+    accuracy                     Accuracy                 OPTIONAL,
+    ordering                     BOOLEAN             DEFAULT FALSE,
+    nonce                        INTEGER                  OPTIONAL,
+      -- MUST be present if the similar field was present
+      -- in TimeStampReq.  In that case it MUST have the same value.
+    tsa                          [0] GeneralName          OPTIONAL,
+    extensions                   [1] IMPLICIT Extensions  OPTIONAL   }
+*/
+
+typedef struct TS_tst_info_st
+        {
+        ASN1_INTEGER *version;
+        ASN1_OBJECT *policy_id;
+        TS_MSG_IMPRINT *msg_imprint;
+        ASN1_INTEGER *serial;
+        ASN1_GENERALIZEDTIME *time;
+        TS_ACCURACY *accuracy;
+        ASN1_BOOLEAN ordering;
+        ASN1_INTEGER *nonce;
+        GENERAL_NAME *tsa;
+        STACK_OF(X509_EXTENSION) *extensions;
+        } TS_TST_INFO;  
+
+/*
+PKIStatusInfo ::= SEQUENCE {
+    status        PKIStatus,
+    statusString  PKIFreeText     OPTIONAL,
+    failInfo      PKIFailureInfo  OPTIONAL  }
+
+From RFC 1510 - section 3.1.1:
+PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String
+        -- text encoded as UTF-8 String (note:  each UTF8String SHOULD
+        -- include an RFC 1766 language tag to indicate the language
+        -- of the contained text)
+*/
+
+/* Possible values for status. See ts_resp_print.c && ts_resp_verify.c. */
+
+#define TS_STATUS_GRANTED                       0
+#define TS_STATUS_GRANTED_WITH_MODS             1
+#define TS_STATUS_REJECTION                     2
+#define TS_STATUS_WAITING                       3
+#define TS_STATUS_REVOCATION_WARNING            4
+#define TS_STATUS_REVOCATION_NOTIFICATION       5
+
+/* Possible values for failure_info. See ts_resp_print.c && ts_resp_verify.c */
+
+#define TS_INFO_BAD_ALG                 0
+#define TS_INFO_BAD_REQUEST             2
+#define TS_INFO_BAD_DATA_FORMAT         5
+#define TS_INFO_TIME_NOT_AVAILABLE      14
+#define TS_INFO_UNACCEPTED_POLICY       15
+#define TS_INFO_UNACCEPTED_EXTENSION    16
+#define TS_INFO_ADD_INFO_NOT_AVAILABLE  17
+#define TS_INFO_SYSTEM_FAILURE          25
+
+typedef struct TS_status_info_st
+        {
+        ASN1_INTEGER *status;
+        STACK_OF(ASN1_UTF8STRING) *text;
+        ASN1_BIT_STRING *failure_info;
+        } TS_STATUS_INFO;
+
+DECLARE_STACK_OF(ASN1_UTF8STRING)
+DECLARE_ASN1_SET_OF(ASN1_UTF8STRING)
+
+/*
+TimeStampResp ::= SEQUENCE  {
+     status                  PKIStatusInfo,
+     timeStampToken          TimeStampToken     OPTIONAL }
+*/
+
+typedef struct TS_resp_st
+        {
+        TS_STATUS_INFO *status_info;
+        PKCS7 *token;
+        TS_TST_INFO *tst_info;
+        } TS_RESP;
+
+/* The structure below would belong to the ESS component. */
+
+/*
+IssuerSerial ::= SEQUENCE {
+        issuer                   GeneralNames,
+        serialNumber             CertificateSerialNumber
+        }
+*/
+
+typedef struct ESS_issuer_serial
+        {
+        STACK_OF(GENERAL_NAME)  *issuer;
+        ASN1_INTEGER            *serial;
+        } ESS_ISSUER_SERIAL;
+
+/*
+ESSCertID ::=  SEQUENCE {
+        certHash                 Hash,
+        issuerSerial             IssuerSerial OPTIONAL
+}
+*/
+
+typedef struct ESS_cert_id
+        {
+        ASN1_OCTET_STRING *hash;        /* Always SHA-1 digest. */
+        ESS_ISSUER_SERIAL *issuer_serial;
+        } ESS_CERT_ID;
+
+DECLARE_STACK_OF(ESS_CERT_ID)
+DECLARE_ASN1_SET_OF(ESS_CERT_ID)
+
+/*
+SigningCertificate ::=  SEQUENCE {
+       certs        SEQUENCE OF ESSCertID,
+       policies     SEQUENCE OF PolicyInformation OPTIONAL
+}
+*/
+
+typedef struct ESS_signing_cert
+        {
+        STACK_OF(ESS_CERT_ID) *cert_ids;
+        STACK_OF(POLICYINFO) *policy_info;
+        } ESS_SIGNING_CERT;
+
+
+TS_REQ  *TS_REQ_new(void);
+void    TS_REQ_free(TS_REQ *a);
+int     i2d_TS_REQ(const TS_REQ *a, unsigned char **pp);
+TS_REQ  *d2i_TS_REQ(TS_REQ **a, const unsigned char **pp, long length);
+
+TS_REQ  *TS_REQ_dup(TS_REQ *a);
+
+TS_REQ  *d2i_TS_REQ_fp(FILE *fp, TS_REQ **a);
+int     i2d_TS_REQ_fp(FILE *fp, TS_REQ *a);
+TS_REQ  *d2i_TS_REQ_bio(BIO *fp, TS_REQ **a);
+int     i2d_TS_REQ_bio(BIO *fp, TS_REQ *a);
+
+TS_MSG_IMPRINT  *TS_MSG_IMPRINT_new(void);
+void            TS_MSG_IMPRINT_free(TS_MSG_IMPRINT *a);
+int             i2d_TS_MSG_IMPRINT(const TS_MSG_IMPRINT *a, unsigned char **pp);
+TS_MSG_IMPRINT  *d2i_TS_MSG_IMPRINT(TS_MSG_IMPRINT **a,
+                                    const unsigned char **pp, long length);
+
+TS_MSG_IMPRINT  *TS_MSG_IMPRINT_dup(TS_MSG_IMPRINT *a);
+
+TS_MSG_IMPRINT  *d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a);
+int             i2d_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT *a);
+TS_MSG_IMPRINT  *d2i_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT **a);
+int             i2d_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT *a);
+
+TS_RESP *TS_RESP_new(void);
+void    TS_RESP_free(TS_RESP *a);
+int     i2d_TS_RESP(const TS_RESP *a, unsigned char **pp);
+TS_RESP *d2i_TS_RESP(TS_RESP **a, const unsigned char **pp, long length);
+TS_TST_INFO *PKCS7_to_TS_TST_INFO(PKCS7 *token);
+TS_RESP *TS_RESP_dup(TS_RESP *a);
+
+TS_RESP *d2i_TS_RESP_fp(FILE *fp, TS_RESP **a);
+int     i2d_TS_RESP_fp(FILE *fp, TS_RESP *a);
+TS_RESP *d2i_TS_RESP_bio(BIO *fp, TS_RESP **a);
+int     i2d_TS_RESP_bio(BIO *fp, TS_RESP *a);
+
+TS_STATUS_INFO  *TS_STATUS_INFO_new(void);
+void            TS_STATUS_INFO_free(TS_STATUS_INFO *a);
+int             i2d_TS_STATUS_INFO(const TS_STATUS_INFO *a, unsigned char **pp);
+TS_STATUS_INFO  *d2i_TS_STATUS_INFO(TS_STATUS_INFO **a, 
+                                    const unsigned char **pp, long length);
+TS_STATUS_INFO  *TS_STATUS_INFO_dup(TS_STATUS_INFO *a);
+
+TS_TST_INFO     *TS_TST_INFO_new(void);
+void            TS_TST_INFO_free(TS_TST_INFO *a);
+int             i2d_TS_TST_INFO(const TS_TST_INFO *a, unsigned char **pp);
+TS_TST_INFO     *d2i_TS_TST_INFO(TS_TST_INFO **a, const unsigned char **pp,
+                                    long length);
+TS_TST_INFO     *TS_TST_INFO_dup(TS_TST_INFO *a);
+
+TS_TST_INFO     *d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a);
+int             i2d_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO *a);
+TS_TST_INFO     *d2i_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO **a);
+int             i2d_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO *a);
+
+TS_ACCURACY     *TS_ACCURACY_new(void);
+void            TS_ACCURACY_free(TS_ACCURACY *a);
+int             i2d_TS_ACCURACY(const TS_ACCURACY *a, unsigned char **pp);
+TS_ACCURACY     *d2i_TS_ACCURACY(TS_ACCURACY **a, const unsigned char **pp,
+                                    long length);
+TS_ACCURACY     *TS_ACCURACY_dup(TS_ACCURACY *a);
+
+ESS_ISSUER_SERIAL *ESS_ISSUER_SERIAL_new(void);
+void              ESS_ISSUER_SERIAL_free(ESS_ISSUER_SERIAL *a);
+int               i2d_ESS_ISSUER_SERIAL(const ESS_ISSUER_SERIAL *a,
+                                        unsigned char **pp);
+ESS_ISSUER_SERIAL *d2i_ESS_ISSUER_SERIAL(ESS_ISSUER_SERIAL **a,
+                                         const unsigned char **pp, long length);
+ESS_ISSUER_SERIAL *ESS_ISSUER_SERIAL_dup(ESS_ISSUER_SERIAL *a);
+
+ESS_CERT_ID     *ESS_CERT_ID_new(void);
+void            ESS_CERT_ID_free(ESS_CERT_ID *a);
+int             i2d_ESS_CERT_ID(const ESS_CERT_ID *a, unsigned char **pp);
+ESS_CERT_ID     *d2i_ESS_CERT_ID(ESS_CERT_ID **a, const unsigned char **pp,
+                                 long length);
+ESS_CERT_ID     *ESS_CERT_ID_dup(ESS_CERT_ID *a);
+
+ESS_SIGNING_CERT *ESS_SIGNING_CERT_new(void);
+void             ESS_SIGNING_CERT_free(ESS_SIGNING_CERT *a);
+int              i2d_ESS_SIGNING_CERT(const ESS_SIGNING_CERT *a, 
+                                      unsigned char **pp);
+ESS_SIGNING_CERT *d2i_ESS_SIGNING_CERT(ESS_SIGNING_CERT **a,
+                                       const unsigned char **pp, long length);
+ESS_SIGNING_CERT *ESS_SIGNING_CERT_dup(ESS_SIGNING_CERT *a);
+
+void ERR_load_TS_strings(void);
+
+int TS_REQ_set_version(TS_REQ *a, long version);
+long TS_REQ_get_version(const TS_REQ *a);
+
+int TS_REQ_set_msg_imprint(TS_REQ *a, TS_MSG_IMPRINT *msg_imprint);
+TS_MSG_IMPRINT *TS_REQ_get_msg_imprint(TS_REQ *a);
+
+int TS_MSG_IMPRINT_set_algo(TS_MSG_IMPRINT *a, X509_ALGOR *alg);
+X509_ALGOR *TS_MSG_IMPRINT_get_algo(TS_MSG_IMPRINT *a);
+
+int TS_MSG_IMPRINT_set_msg(TS_MSG_IMPRINT *a, unsigned char *d, int len);
+ASN1_OCTET_STRING *TS_MSG_IMPRINT_get_msg(TS_MSG_IMPRINT *a);
+
+int TS_REQ_set_policy_id(TS_REQ *a, ASN1_OBJECT *policy);
+ASN1_OBJECT *TS_REQ_get_policy_id(TS_REQ *a);
+
+int TS_REQ_set_nonce(TS_REQ *a, const ASN1_INTEGER *nonce);
+const ASN1_INTEGER *TS_REQ_get_nonce(const TS_REQ *a);
+
+int TS_REQ_set_cert_req(TS_REQ *a, int cert_req);
+int TS_REQ_get_cert_req(const TS_REQ *a);
+
+STACK_OF(X509_EXTENSION) *TS_REQ_get_exts(TS_REQ *a);
+void TS_REQ_ext_free(TS_REQ *a);
+int TS_REQ_get_ext_count(TS_REQ *a);
+int TS_REQ_get_ext_by_NID(TS_REQ *a, int nid, int lastpos);
+int TS_REQ_get_ext_by_OBJ(TS_REQ *a, ASN1_OBJECT *obj, int lastpos);
+int TS_REQ_get_ext_by_critical(TS_REQ *a, int crit, int lastpos);
+X509_EXTENSION *TS_REQ_get_ext(TS_REQ *a, int loc);
+X509_EXTENSION *TS_REQ_delete_ext(TS_REQ *a, int loc);
+int TS_REQ_add_ext(TS_REQ *a, X509_EXTENSION *ex, int loc);
+void *TS_REQ_get_ext_d2i(TS_REQ *a, int nid, int *crit, int *idx);
+
+/* Function declarations for TS_REQ defined in ts/ts_req_print.c */
+
+int TS_REQ_print_bio(BIO *bio, TS_REQ *a);
+
+/* Function declarations for TS_RESP defined in ts/ts_resp_utils.c */
+
+int TS_RESP_set_status_info(TS_RESP *a, TS_STATUS_INFO *info);
+TS_STATUS_INFO *TS_RESP_get_status_info(TS_RESP *a);
+
+/* Caller loses ownership of PKCS7 and TS_TST_INFO objects. */
+void TS_RESP_set_tst_info(TS_RESP *a, PKCS7 *p7, TS_TST_INFO *tst_info);
+PKCS7 *TS_RESP_get_token(TS_RESP *a);
+TS_TST_INFO *TS_RESP_get_tst_info(TS_RESP *a);
+
+int TS_TST_INFO_set_version(TS_TST_INFO *a, long version);
+long TS_TST_INFO_get_version(const TS_TST_INFO *a);
+
+int TS_TST_INFO_set_policy_id(TS_TST_INFO *a, ASN1_OBJECT *policy_id);
+ASN1_OBJECT *TS_TST_INFO_get_policy_id(TS_TST_INFO *a);
+
+int TS_TST_INFO_set_msg_imprint(TS_TST_INFO *a, TS_MSG_IMPRINT *msg_imprint);
+TS_MSG_IMPRINT *TS_TST_INFO_get_msg_imprint(TS_TST_INFO *a);
+
+int TS_TST_INFO_set_serial(TS_TST_INFO *a, const ASN1_INTEGER *serial);
+const ASN1_INTEGER *TS_TST_INFO_get_serial(const TS_TST_INFO *a);
+
+int TS_TST_INFO_set_time(TS_TST_INFO *a, const ASN1_GENERALIZEDTIME *gtime);
+const ASN1_GENERALIZEDTIME *TS_TST_INFO_get_time(const TS_TST_INFO *a);
+
+int TS_TST_INFO_set_accuracy(TS_TST_INFO *a, TS_ACCURACY *accuracy);
+TS_ACCURACY *TS_TST_INFO_get_accuracy(TS_TST_INFO *a);
+
+int TS_ACCURACY_set_seconds(TS_ACCURACY *a, const ASN1_INTEGER *seconds);
+const ASN1_INTEGER *TS_ACCURACY_get_seconds(const TS_ACCURACY *a);
+
+int TS_ACCURACY_set_millis(TS_ACCURACY *a, const ASN1_INTEGER *millis);
+const ASN1_INTEGER *TS_ACCURACY_get_millis(const TS_ACCURACY *a);
+
+int TS_ACCURACY_set_micros(TS_ACCURACY *a, const ASN1_INTEGER *micros);
+const ASN1_INTEGER *TS_ACCURACY_get_micros(const TS_ACCURACY *a);
+
+int TS_TST_INFO_set_ordering(TS_TST_INFO *a, int ordering);
+int TS_TST_INFO_get_ordering(const TS_TST_INFO *a);
+
+int TS_TST_INFO_set_nonce(TS_TST_INFO *a, const ASN1_INTEGER *nonce);
+const ASN1_INTEGER *TS_TST_INFO_get_nonce(const TS_TST_INFO *a);
+
+int TS_TST_INFO_set_tsa(TS_TST_INFO *a, GENERAL_NAME *tsa);
+GENERAL_NAME *TS_TST_INFO_get_tsa(TS_TST_INFO *a);
+
+STACK_OF(X509_EXTENSION) *TS_TST_INFO_get_exts(TS_TST_INFO *a);
+void TS_TST_INFO_ext_free(TS_TST_INFO *a);
+int TS_TST_INFO_get_ext_count(TS_TST_INFO *a);
+int TS_TST_INFO_get_ext_by_NID(TS_TST_INFO *a, int nid, int lastpos);
+int TS_TST_INFO_get_ext_by_OBJ(TS_TST_INFO *a, ASN1_OBJECT *obj, int lastpos);
+int TS_TST_INFO_get_ext_by_critical(TS_TST_INFO *a, int crit, int lastpos);
+X509_EXTENSION *TS_TST_INFO_get_ext(TS_TST_INFO *a, int loc);
+X509_EXTENSION *TS_TST_INFO_delete_ext(TS_TST_INFO *a, int loc);
+int TS_TST_INFO_add_ext(TS_TST_INFO *a, X509_EXTENSION *ex, int loc);
+void *TS_TST_INFO_get_ext_d2i(TS_TST_INFO *a, int nid, int *crit, int *idx);
+
+/* Declarations related to response generation, defined in ts/ts_resp_sign.c. */
+
+/* Optional flags for response generation. */
+
+/* Don't include the TSA name in response. */
+#define TS_TSA_NAME             0x01
+
+/* Set ordering to true in response. */
+#define TS_ORDERING             0x02
+
+/*
+ * Include the signer certificate and the other specified certificates in
+ * the ESS signing certificate attribute beside the PKCS7 signed data.
+ * Only the signer certificates is included by default.
+ */
+#define TS_ESS_CERT_ID_CHAIN    0x04
+
+/* Forward declaration. */
+struct TS_resp_ctx;
+
+/* This must return a unique number less than 160 bits long. */
+typedef ASN1_INTEGER *(*TS_serial_cb)(struct TS_resp_ctx *, void *);
+
+/* This must return the seconds and microseconds since Jan 1, 1970 in
+   the sec and usec variables allocated by the caller. 
+   Return non-zero for success and zero for failure. */
+typedef int (*TS_time_cb)(struct TS_resp_ctx *, void *, long *sec, long *usec);
+
+/* This must process the given extension.
+ * It can modify the TS_TST_INFO object of the context.
+ * Return values: !0 (processed), 0 (error, it must set the 
+ * status info/failure info of the response).
+ */
+typedef int (*TS_extension_cb)(struct TS_resp_ctx *, X509_EXTENSION *, void *);
+
+typedef struct TS_resp_ctx
+        {
+        X509            *signer_cert;
+        EVP_PKEY        *signer_key;
+        STACK_OF(X509)  *certs; /* Certs to include in signed data. */
+        STACK_OF(ASN1_OBJECT)   *policies;      /* Acceptable policies. */
+        ASN1_OBJECT     *default_policy; /* It may appear in policies, too. */
+        STACK_OF(EVP_MD)        *mds;   /* Acceptable message digests. */
+        ASN1_INTEGER    *seconds;       /* accuracy, 0 means not specified. */
+        ASN1_INTEGER    *millis;        /* accuracy, 0 means not specified. */
+        ASN1_INTEGER    *micros;        /* accuracy, 0 means not specified. */
+        unsigned        clock_precision_digits; /* fraction of seconds in
+                                                   time stamp token. */
+        unsigned        flags;          /* Optional info, see values above. */
+
+        /* Callback functions. */
+        TS_serial_cb serial_cb;
+        void *serial_cb_data;   /* User data for serial_cb. */
+        
+        TS_time_cb time_cb;
+        void *time_cb_data;     /* User data for time_cb. */
+        
+        TS_extension_cb extension_cb;
+        void *extension_cb_data;        /* User data for extension_cb. */
+
+        /* These members are used only while creating the response. */
+        TS_REQ          *request;
+        TS_RESP         *response;
+        TS_TST_INFO     *tst_info;
+        } TS_RESP_CTX;
+
+DECLARE_STACK_OF(EVP_MD)
+DECLARE_ASN1_SET_OF(EVP_MD)
+
+/* Creates a response context that can be used for generating responses. */
+TS_RESP_CTX *TS_RESP_CTX_new(void);
+void TS_RESP_CTX_free(TS_RESP_CTX *ctx);
+
+/* This parameter must be set. */
+int TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer);
+
+/* This parameter must be set. */
+int TS_RESP_CTX_set_signer_key(TS_RESP_CTX *ctx, EVP_PKEY *key);
+
+/* This parameter must be set. */
+int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *def_policy);
+
+/* No additional certs are included in the response by default. */
+int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs);
+
+/* Adds a new acceptable policy, only the default policy 
+   is accepted by default. */
+int TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *policy);
+
+/* Adds a new acceptable message digest. Note that no message digests 
+   are accepted by default. The md argument is shared with the caller. */
+int TS_RESP_CTX_add_md(TS_RESP_CTX *ctx, const EVP_MD *md);
+
+/* Accuracy is not included by default. */
+int TS_RESP_CTX_set_accuracy(TS_RESP_CTX *ctx,
+                             int secs, int millis, int micros);
+
+/* Clock precision digits, i.e. the number of decimal digits: 
+   '0' means sec, '3' msec, '6' usec, and so on. Default is 0. */ 
+int TS_RESP_CTX_set_clock_precision_digits(TS_RESP_CTX *ctx,
+                                           unsigned clock_precision_digits);
+/* At most we accept usec precision. */ 
+#define TS_MAX_CLOCK_PRECISION_DIGITS   6
+
+/* No flags are set by default. */
+void TS_RESP_CTX_add_flags(TS_RESP_CTX *ctx, int flags);
+
+/* Default callback always returns a constant. */
+void TS_RESP_CTX_set_serial_cb(TS_RESP_CTX *ctx, TS_serial_cb cb, void *data);
+
+/* Default callback uses the gettimeofday() and gmtime() system calls. */
+void TS_RESP_CTX_set_time_cb(TS_RESP_CTX *ctx, TS_time_cb cb, void *data);
+
+/* Default callback rejects all extensions. The extension callback is called 
+ * when the TS_TST_INFO object is already set up and not signed yet. */
+/* FIXME: extension handling is not tested yet. */
+void TS_RESP_CTX_set_extension_cb(TS_RESP_CTX *ctx, 
+                                  TS_extension_cb cb, void *data);
+
+/* The following methods can be used in the callbacks. */
+int TS_RESP_CTX_set_status_info(TS_RESP_CTX *ctx, 
+                                int status, const char *text);
+
+/* Sets the status info only if it is still TS_STATUS_GRANTED. */
+int TS_RESP_CTX_set_status_info_cond(TS_RESP_CTX *ctx, 
+                                     int status, const char *text);
+
+int TS_RESP_CTX_add_failure_info(TS_RESP_CTX *ctx, int failure);
+
+/* The get methods below can be used in the extension callback. */
+TS_REQ *TS_RESP_CTX_get_request(TS_RESP_CTX *ctx);
+
+TS_TST_INFO *TS_RESP_CTX_get_tst_info(TS_RESP_CTX *ctx);
+
+/* 
+ * Creates the signed TS_TST_INFO and puts it in TS_RESP.
+ * In case of errors it sets the status info properly.
+ * Returns NULL only in case of memory allocation/fatal error.
+ */
+TS_RESP *TS_RESP_create_response(TS_RESP_CTX *ctx, BIO *req_bio);
+
+/*
+ * Declarations related to response verification,
+ * they are defined in ts/ts_resp_verify.c.
+ */
+
+int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs,
+                             X509_STORE *store, X509 **signer_out);
+
+/* Context structure for the generic verify method. */
+
+/* Verify the signer's certificate and the signature of the response. */
+#define TS_VFY_SIGNATURE        (1u << 0)
+/* Verify the version number of the response. */
+#define TS_VFY_VERSION          (1u << 1)
+/* Verify if the policy supplied by the user matches the policy of the TSA. */
+#define TS_VFY_POLICY           (1u << 2)
+/* Verify the message imprint provided by the user. This flag should not be
+   specified with TS_VFY_DATA. */
+#define TS_VFY_IMPRINT          (1u << 3)
+/* Verify the message imprint computed by the verify method from the user
+   provided data and the MD algorithm of the response. This flag should not be
+   specified with TS_VFY_IMPRINT. */
+#define TS_VFY_DATA             (1u << 4)
+/* Verify the nonce value. */
+#define TS_VFY_NONCE            (1u << 5)
+/* Verify if the TSA name field matches the signer certificate. */
+#define TS_VFY_SIGNER           (1u << 6)
+/* Verify if the TSA name field equals to the user provided name. */
+#define TS_VFY_TSA_NAME         (1u << 7)
+
+/* You can use the following convenience constants. */
+#define TS_VFY_ALL_IMPRINT      (TS_VFY_SIGNATURE       \
+                                 | TS_VFY_VERSION       \
+                                 | TS_VFY_POLICY        \
+                                 | TS_VFY_IMPRINT       \
+                                 | TS_VFY_NONCE         \
+                                 | TS_VFY_SIGNER        \
+                                 | TS_VFY_TSA_NAME)
+#define TS_VFY_ALL_DATA         (TS_VFY_SIGNATURE       \
+                                 | TS_VFY_VERSION       \
+                                 | TS_VFY_POLICY        \
+                                 | TS_VFY_DATA          \
+                                 | TS_VFY_NONCE         \
+                                 | TS_VFY_SIGNER        \
+                                 | TS_VFY_TSA_NAME)
+
+typedef struct TS_verify_ctx
+        {
+        /* Set this to the union of TS_VFY_... flags you want to carry out. */
+        unsigned        flags;
+
+        /* Must be set only with TS_VFY_SIGNATURE. certs is optional. */
+        X509_STORE      *store;
+        STACK_OF(X509)  *certs;
+
+        /* Must be set only with TS_VFY_POLICY. */
+        ASN1_OBJECT     *policy;
+
+        /* Must be set only with TS_VFY_IMPRINT. If md_alg is NULL, 
+           the algorithm from the response is used. */
+        X509_ALGOR      *md_alg;
+        unsigned char   *imprint;
+        unsigned        imprint_len;
+
+        /* Must be set only with TS_VFY_DATA. */
+        BIO             *data;
+
+        /* Must be set only with TS_VFY_TSA_NAME. */
+        ASN1_INTEGER    *nonce;
+
+        /* Must be set only with TS_VFY_TSA_NAME. */
+        GENERAL_NAME    *tsa_name;
+        } TS_VERIFY_CTX;
+
+int TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response);
+int TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token);
+
+/*
+ * Declarations related to response verification context,
+ * they are defined in ts/ts_verify_ctx.c.
+ */
+
+/* Set all fields to zero. */
+TS_VERIFY_CTX *TS_VERIFY_CTX_new(void);
+void TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx);
+void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx);
+void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx);
+
+/* 
+ * If ctx is NULL, it allocates and returns a new object, otherwise
+ * it returns ctx. It initialises all the members as follows:
+ * flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE)
+ * certs = NULL
+ * store = NULL
+ * policy = policy from the request or NULL if absent (in this case
+ *      TS_VFY_POLICY is cleared from flags as well)
+ * md_alg = MD algorithm from request
+ * imprint, imprint_len = imprint from request
+ * data = NULL
+ * nonce, nonce_len = nonce from the request or NULL if absent (in this case
+ *      TS_VFY_NONCE is cleared from flags as well)
+ * tsa_name = NULL
+ * Important: after calling this method TS_VFY_SIGNATURE should be added!
+ */
+TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx);
+
+/* Function declarations for TS_RESP defined in ts/ts_resp_print.c */
+
+int TS_RESP_print_bio(BIO *bio, TS_RESP *a);
+int TS_STATUS_INFO_print_bio(BIO *bio, TS_STATUS_INFO *a);
+int TS_TST_INFO_print_bio(BIO *bio, TS_TST_INFO *a);
+
+/* Common utility functions defined in ts/ts_lib.c */
+
+int TS_ASN1_INTEGER_print_bio(BIO *bio, const ASN1_INTEGER *num);
+int TS_OBJ_print_bio(BIO *bio, const ASN1_OBJECT *obj);
+int TS_ext_print_bio(BIO *bio, const STACK_OF(X509_EXTENSION) *extensions);
+int TS_X509_ALGOR_print_bio(BIO *bio, const X509_ALGOR *alg);
+int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *msg);
+
+/* Function declarations for handling configuration options,
+   defined in ts/ts_conf.c */
+
+X509 *TS_CONF_load_cert(const char *file);
+STACK_OF(X509) *TS_CONF_load_certs(const char *file);
+EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass);
+const char *TS_CONF_get_tsa_section(CONF *conf, const char *section);
+int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb,
+                       TS_RESP_CTX *ctx);
+int TS_CONF_set_crypto_device(CONF *conf, const char *section,
+                              const char *device);
+int TS_CONF_set_default_engine(const char *name);
+int TS_CONF_set_signer_cert(CONF *conf, const char *section,
+                            const char *cert, TS_RESP_CTX *ctx);
+int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs,
+                      TS_RESP_CTX *ctx);
+int TS_CONF_set_signer_key(CONF *conf, const char *section,
+                           const char *key, const char *pass, TS_RESP_CTX *ctx);
+int TS_CONF_set_def_policy(CONF *conf, const char *section,
+                           const char *policy, TS_RESP_CTX *ctx);
+int TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx);
+int TS_CONF_set_digests(CONF *conf, const char *section, TS_RESP_CTX *ctx);
+int TS_CONF_set_accuracy(CONF *conf, const char *section, TS_RESP_CTX *ctx);
+int TS_CONF_set_clock_precision_digits(CONF *conf, const char *section,
+                                       TS_RESP_CTX *ctx);
+int TS_CONF_set_ordering(CONF *conf, const char *section, TS_RESP_CTX *ctx);
+int TS_CONF_set_tsa_name(CONF *conf, const char *section, TS_RESP_CTX *ctx);
+int TS_CONF_set_ess_cert_id_chain(CONF *conf, const char *section,
+                                  TS_RESP_CTX *ctx);
+
+/* -------------------------------------------------- */
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_TS_strings(void);
+
+/* Error codes for the TS functions. */
+
+/* Function codes. */
+#define TS_F_D2I_TS_RESP                                 147
+#define TS_F_DEF_SERIAL_CB                               110
+#define TS_F_DEF_TIME_CB                                 111
+#define TS_F_ESS_ADD_SIGNING_CERT                        112
+#define TS_F_ESS_CERT_ID_NEW_INIT                        113
+#define TS_F_ESS_SIGNING_CERT_NEW_INIT                   114
+#define TS_F_INT_TS_RESP_VERIFY_TOKEN                    149
+#define TS_F_PKCS7_TO_TS_TST_INFO                        148
+#define TS_F_TS_ACCURACY_SET_MICROS                      115
+#define TS_F_TS_ACCURACY_SET_MILLIS                      116
+#define TS_F_TS_ACCURACY_SET_SECONDS                     117
+#define TS_F_TS_CHECK_IMPRINTS                           100
+#define TS_F_TS_CHECK_NONCES                             101
+#define TS_F_TS_CHECK_POLICY                             102
+#define TS_F_TS_CHECK_SIGNING_CERTS                      103
+#define TS_F_TS_CHECK_STATUS_INFO                        104
+#define TS_F_TS_COMPUTE_IMPRINT                          145
+#define TS_F_TS_CONF_SET_DEFAULT_ENGINE                  146
+#define TS_F_TS_GET_STATUS_TEXT                          105
+#define TS_F_TS_MSG_IMPRINT_SET_ALGO                     118
+#define TS_F_TS_REQ_SET_MSG_IMPRINT                      119
+#define TS_F_TS_REQ_SET_NONCE                            120
+#define TS_F_TS_REQ_SET_POLICY_ID                        121
+#define TS_F_TS_RESP_CREATE_RESPONSE                     122
+#define TS_F_TS_RESP_CREATE_TST_INFO                     123
+#define TS_F_TS_RESP_CTX_ADD_FAILURE_INFO                124
+#define TS_F_TS_RESP_CTX_ADD_MD                          125
+#define TS_F_TS_RESP_CTX_ADD_POLICY                      126
+#define TS_F_TS_RESP_CTX_NEW                             127
+#define TS_F_TS_RESP_CTX_SET_ACCURACY                    128
+#define TS_F_TS_RESP_CTX_SET_CERTS                       129
+#define TS_F_TS_RESP_CTX_SET_DEF_POLICY                  130
+#define TS_F_TS_RESP_CTX_SET_SIGNER_CERT                 131
+#define TS_F_TS_RESP_CTX_SET_STATUS_INFO                 132
+#define TS_F_TS_RESP_GET_POLICY                          133
+#define TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION          134
+#define TS_F_TS_RESP_SET_STATUS_INFO                     135
+#define TS_F_TS_RESP_SET_TST_INFO                        150
+#define TS_F_TS_RESP_SIGN                                136
+#define TS_F_TS_RESP_VERIFY_SIGNATURE                    106
+#define TS_F_TS_RESP_VERIFY_TOKEN                        107
+#define TS_F_TS_TST_INFO_SET_ACCURACY                    137
+#define TS_F_TS_TST_INFO_SET_MSG_IMPRINT                 138
+#define TS_F_TS_TST_INFO_SET_NONCE                       139
+#define TS_F_TS_TST_INFO_SET_POLICY_ID                   140
+#define TS_F_TS_TST_INFO_SET_SERIAL                      141
+#define TS_F_TS_TST_INFO_SET_TIME                        142
+#define TS_F_TS_TST_INFO_SET_TSA                         143
+#define TS_F_TS_VERIFY                                   108
+#define TS_F_TS_VERIFY_CERT                              109
+#define TS_F_TS_VERIFY_CTX_NEW                           144
+
+/* Reason codes. */
+#define TS_R_BAD_PKCS7_TYPE                              132
+#define TS_R_BAD_TYPE                                    133
+#define TS_R_CERTIFICATE_VERIFY_ERROR                    100
+#define TS_R_COULD_NOT_SET_ENGINE                        127
+#define TS_R_COULD_NOT_SET_TIME                          115
+#define TS_R_D2I_TS_RESP_INT_FAILED                      128
+#define TS_R_DETACHED_CONTENT                            134
+#define TS_R_ESS_ADD_SIGNING_CERT_ERROR                  116
+#define TS_R_ESS_SIGNING_CERTIFICATE_ERROR               101
+#define TS_R_INVALID_NULL_POINTER                        102
+#define TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE          117
+#define TS_R_MESSAGE_IMPRINT_MISMATCH                    103
+#define TS_R_NONCE_MISMATCH                              104
+#define TS_R_NONCE_NOT_RETURNED                          105
+#define TS_R_NO_CONTENT                                  106
+#define TS_R_NO_TIME_STAMP_TOKEN                         107
+#define TS_R_PKCS7_ADD_SIGNATURE_ERROR                   118
+#define TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR                 119
+#define TS_R_PKCS7_TO_TS_TST_INFO_FAILED                 129
+#define TS_R_POLICY_MISMATCH                             108
+#define TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE      120
+#define TS_R_RESPONSE_SETUP_ERROR                        121
+#define TS_R_SIGNATURE_FAILURE                           109
+#define TS_R_THERE_MUST_BE_ONE_SIGNER                    110
+#define TS_R_TIME_SYSCALL_ERROR                          122
+#define TS_R_TOKEN_NOT_PRESENT                           130
+#define TS_R_TOKEN_PRESENT                               131
+#define TS_R_TSA_NAME_MISMATCH                           111
+#define TS_R_TSA_UNTRUSTED                               112
+#define TS_R_TST_INFO_SETUP_ERROR                        123
+#define TS_R_TS_DATASIGN                                 124
+#define TS_R_UNACCEPTABLE_POLICY                         125
+#define TS_R_UNSUPPORTED_MD_ALGORITHM                    126
+#define TS_R_UNSUPPORTED_VERSION                         113
+#define TS_R_WRONG_CONTENT_TYPE                          114
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libcrypto/ts/ts_asn1.c b/src/lib/libcrypto/ts/ts_asn1.c
new file mode 100644
index 0000000000..40b730c5e2
--- /dev/null
+++ b/src/lib/libcrypto/ts/ts_asn1.c
@@ -0,0 +1,322 @@
+/* crypto/ts/ts_asn1.c */
+/* Written by Nils Larsch for the OpenSSL project 2004.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/ts.h>
+#include <openssl/err.h>
+#include <openssl/asn1t.h>
+
+ASN1_SEQUENCE(TS_MSG_IMPRINT) = {
+        ASN1_SIMPLE(TS_MSG_IMPRINT, hash_algo, X509_ALGOR),
+        ASN1_SIMPLE(TS_MSG_IMPRINT, hashed_msg, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(TS_MSG_IMPRINT)
+
+IMPLEMENT_ASN1_FUNCTIONS_const(TS_MSG_IMPRINT)
+IMPLEMENT_ASN1_DUP_FUNCTION(TS_MSG_IMPRINT)
+#ifndef OPENSSL_NO_BIO
+TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *bp, TS_MSG_IMPRINT **a)
+        {
+        return ASN1_d2i_bio_of(TS_MSG_IMPRINT, TS_MSG_IMPRINT_new, d2i_TS_MSG_IMPRINT, bp, a);
+        }
+
+int i2d_TS_MSG_IMPRINT_bio(BIO *bp, TS_MSG_IMPRINT *a)
+{
+        return ASN1_i2d_bio_of_const(TS_MSG_IMPRINT, i2d_TS_MSG_IMPRINT, bp, a);
+}
+#endif
+#ifndef OPENSSL_NO_FP_API
+TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a)
+        {
+        return ASN1_d2i_fp_of(TS_MSG_IMPRINT, TS_MSG_IMPRINT_new, d2i_TS_MSG_IMPRINT, fp, a);
+        }
+
+int i2d_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT *a)
+        {
+        return ASN1_i2d_fp_of_const(TS_MSG_IMPRINT, i2d_TS_MSG_IMPRINT, fp, a);
+        }
+#endif
+
+ASN1_SEQUENCE(TS_REQ) = {
+        ASN1_SIMPLE(TS_REQ, version, ASN1_INTEGER),
+        ASN1_SIMPLE(TS_REQ, msg_imprint, TS_MSG_IMPRINT),
+        ASN1_OPT(TS_REQ, policy_id, ASN1_OBJECT),
+        ASN1_OPT(TS_REQ, nonce, ASN1_INTEGER),
+        ASN1_OPT(TS_REQ, cert_req, ASN1_FBOOLEAN),
+        ASN1_IMP_SEQUENCE_OF_OPT(TS_REQ, extensions, X509_EXTENSION, 0)
+} ASN1_SEQUENCE_END(TS_REQ)
+
+IMPLEMENT_ASN1_FUNCTIONS_const(TS_REQ)
+IMPLEMENT_ASN1_DUP_FUNCTION(TS_REQ)
+#ifndef OPENSSL_NO_BIO
+TS_REQ *d2i_TS_REQ_bio(BIO *bp, TS_REQ **a)
+        {
+        return ASN1_d2i_bio_of(TS_REQ, TS_REQ_new, d2i_TS_REQ, bp, a);
+        }
+
+int i2d_TS_REQ_bio(BIO *bp, TS_REQ *a)
+        {
+        return ASN1_i2d_bio_of_const(TS_REQ, i2d_TS_REQ, bp, a);
+        }
+#endif
+#ifndef OPENSSL_NO_FP_API
+TS_REQ *d2i_TS_REQ_fp(FILE *fp, TS_REQ **a)
+        {
+        return ASN1_d2i_fp_of(TS_REQ, TS_REQ_new, d2i_TS_REQ, fp, a);
+        }
+
+int i2d_TS_REQ_fp(FILE *fp, TS_REQ *a)
+        {
+        return ASN1_i2d_fp_of_const(TS_REQ, i2d_TS_REQ, fp, a);
+        }
+#endif
+
+ASN1_SEQUENCE(TS_ACCURACY) = {
+        ASN1_OPT(TS_ACCURACY, seconds, ASN1_INTEGER),
+        ASN1_IMP_OPT(TS_ACCURACY, millis, ASN1_INTEGER, 0),
+        ASN1_IMP_OPT(TS_ACCURACY, micros, ASN1_INTEGER, 1)
+} ASN1_SEQUENCE_END(TS_ACCURACY)
+
+IMPLEMENT_ASN1_FUNCTIONS_const(TS_ACCURACY)
+IMPLEMENT_ASN1_DUP_FUNCTION(TS_ACCURACY)
+
+ASN1_SEQUENCE(TS_TST_INFO) = {
+        ASN1_SIMPLE(TS_TST_INFO, version, ASN1_INTEGER),
+        ASN1_SIMPLE(TS_TST_INFO, policy_id, ASN1_OBJECT),
+        ASN1_SIMPLE(TS_TST_INFO, msg_imprint, TS_MSG_IMPRINT),
+        ASN1_SIMPLE(TS_TST_INFO, serial, ASN1_INTEGER),
+        ASN1_SIMPLE(TS_TST_INFO, time, ASN1_GENERALIZEDTIME),
+        ASN1_OPT(TS_TST_INFO, accuracy, TS_ACCURACY),
+        ASN1_OPT(TS_TST_INFO, ordering, ASN1_FBOOLEAN),
+        ASN1_OPT(TS_TST_INFO, nonce, ASN1_INTEGER),
+        ASN1_EXP_OPT(TS_TST_INFO, tsa, GENERAL_NAME, 0),
+        ASN1_IMP_SEQUENCE_OF_OPT(TS_TST_INFO, extensions, X509_EXTENSION, 1)
+} ASN1_SEQUENCE_END(TS_TST_INFO)
+
+IMPLEMENT_ASN1_FUNCTIONS_const(TS_TST_INFO)
+IMPLEMENT_ASN1_DUP_FUNCTION(TS_TST_INFO)
+#ifndef OPENSSL_NO_BIO
+TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *bp, TS_TST_INFO **a)
+        {
+        return ASN1_d2i_bio_of(TS_TST_INFO, TS_TST_INFO_new, d2i_TS_TST_INFO, bp, a);
+        }
+
+int i2d_TS_TST_INFO_bio(BIO *bp, TS_TST_INFO *a)
+        {
+        return ASN1_i2d_bio_of_const(TS_TST_INFO, i2d_TS_TST_INFO, bp, a);
+        }
+#endif
+#ifndef OPENSSL_NO_FP_API
+TS_TST_INFO *d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a)
+        {
+        return ASN1_d2i_fp_of(TS_TST_INFO, TS_TST_INFO_new, d2i_TS_TST_INFO, fp, a);
+        }
+
+int i2d_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO *a)
+        {
+        return ASN1_i2d_fp_of_const(TS_TST_INFO, i2d_TS_TST_INFO, fp, a);
+        }
+#endif
+
+ASN1_SEQUENCE(TS_STATUS_INFO) = {
+        ASN1_SIMPLE(TS_STATUS_INFO, status, ASN1_INTEGER),
+        ASN1_SEQUENCE_OF_OPT(TS_STATUS_INFO, text, ASN1_UTF8STRING),
+        ASN1_OPT(TS_STATUS_INFO, failure_info, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END(TS_STATUS_INFO)
+
+IMPLEMENT_ASN1_FUNCTIONS_const(TS_STATUS_INFO)
+IMPLEMENT_ASN1_DUP_FUNCTION(TS_STATUS_INFO)
+
+static int ts_resp_set_tst_info(TS_RESP *a)
+{
+        long    status;
+
+        status = ASN1_INTEGER_get(a->status_info->status);
+
+        if (a->token) {
+                if (status != 0 && status != 1) {
+                        TSerr(TS_F_TS_RESP_SET_TST_INFO, TS_R_TOKEN_PRESENT);
+                        return 0;
+                }
+                if (a->tst_info != NULL)
+                        TS_TST_INFO_free(a->tst_info);
+                a->tst_info = PKCS7_to_TS_TST_INFO(a->token);
+                if (!a->tst_info) {
+                        TSerr(TS_F_TS_RESP_SET_TST_INFO, TS_R_PKCS7_TO_TS_TST_INFO_FAILED);
+                        return 0;
+                }
+        } else if (status == 0 || status == 1) {
+                TSerr(TS_F_TS_RESP_SET_TST_INFO, TS_R_TOKEN_NOT_PRESENT);
+                return 0;
+        }
+
+        return 1;
+}
+
+static int ts_resp_cb(int op, ASN1_VALUE **pval, const ASN1_ITEM *it,
+        void *exarg)
+{
+        TS_RESP *ts_resp = (TS_RESP *)*pval;
+        if (op == ASN1_OP_NEW_POST) {
+                ts_resp->tst_info = NULL;
+        } else if (op == ASN1_OP_FREE_POST) {
+                if (ts_resp->tst_info != NULL)
+                        TS_TST_INFO_free(ts_resp->tst_info);
+        } else if (op == ASN1_OP_D2I_POST) {
+                if (ts_resp_set_tst_info(ts_resp) == 0)
+                        return 0;
+        }
+        return 1;
+}
+
+ASN1_SEQUENCE_cb(TS_RESP, ts_resp_cb) = {
+        ASN1_SIMPLE(TS_RESP, status_info, TS_STATUS_INFO),
+        ASN1_OPT(TS_RESP, token, PKCS7),
+} ASN1_SEQUENCE_END_cb(TS_RESP, TS_RESP)
+
+IMPLEMENT_ASN1_FUNCTIONS_const(TS_RESP)
+IMPLEMENT_ASN1_DUP_FUNCTION(TS_RESP)
+#ifndef OPENSSL_NO_BIO
+TS_RESP *d2i_TS_RESP_bio(BIO *bp, TS_RESP **a)
+        {
+        return ASN1_d2i_bio_of(TS_RESP, TS_RESP_new, d2i_TS_RESP, bp, a);
+        }
+
+int i2d_TS_RESP_bio(BIO *bp, TS_RESP *a)
+        {
+        return ASN1_i2d_bio_of_const(TS_RESP, i2d_TS_RESP, bp, a);
+        }
+#endif
+#ifndef OPENSSL_NO_FP_API
+TS_RESP *d2i_TS_RESP_fp(FILE *fp, TS_RESP **a)
+        {
+        return ASN1_d2i_fp_of(TS_RESP, TS_RESP_new, d2i_TS_RESP, fp, a);
+        }
+
+int i2d_TS_RESP_fp(FILE *fp, TS_RESP *a)
+        {
+        return ASN1_i2d_fp_of_const(TS_RESP, i2d_TS_RESP, fp, a);
+        }
+#endif
+
+ASN1_SEQUENCE(ESS_ISSUER_SERIAL) = {
+        ASN1_SEQUENCE_OF(ESS_ISSUER_SERIAL, issuer, GENERAL_NAME),
+        ASN1_SIMPLE(ESS_ISSUER_SERIAL, serial, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(ESS_ISSUER_SERIAL)
+
+IMPLEMENT_ASN1_FUNCTIONS_const(ESS_ISSUER_SERIAL)
+IMPLEMENT_ASN1_DUP_FUNCTION(ESS_ISSUER_SERIAL)
+
+ASN1_SEQUENCE(ESS_CERT_ID) = {
+        ASN1_SIMPLE(ESS_CERT_ID, hash, ASN1_OCTET_STRING),
+        ASN1_OPT(ESS_CERT_ID, issuer_serial, ESS_ISSUER_SERIAL)
+} ASN1_SEQUENCE_END(ESS_CERT_ID)
+
+IMPLEMENT_ASN1_FUNCTIONS_const(ESS_CERT_ID)
+IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID)
+
+ASN1_SEQUENCE(ESS_SIGNING_CERT) = {
+        ASN1_SEQUENCE_OF(ESS_SIGNING_CERT, cert_ids, ESS_CERT_ID),
+        ASN1_SEQUENCE_OF_OPT(ESS_SIGNING_CERT, policy_info, POLICYINFO)
+} ASN1_SEQUENCE_END(ESS_SIGNING_CERT)
+
+IMPLEMENT_ASN1_FUNCTIONS_const(ESS_SIGNING_CERT)
+IMPLEMENT_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT)
+
+/* Getting encapsulated TS_TST_INFO object from PKCS7. */
+TS_TST_INFO *PKCS7_to_TS_TST_INFO(PKCS7 *token)
+{
+        PKCS7_SIGNED *pkcs7_signed;
+        PKCS7 *enveloped;
+        ASN1_TYPE *tst_info_wrapper;
+        ASN1_OCTET_STRING *tst_info_der;
+        const unsigned char *p;
+
+        if (!PKCS7_type_is_signed(token))
+                {
+                TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_BAD_PKCS7_TYPE);
+                return NULL;
+                }
+
+        /* Content must be present. */
+        if (PKCS7_get_detached(token))
+                {
+                TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_DETACHED_CONTENT);
+                return NULL;
+                }
+
+        /* We have a signed data with content. */
+        pkcs7_signed = token->d.sign;
+        enveloped = pkcs7_signed->contents;
+        if (OBJ_obj2nid(enveloped->type) != NID_id_smime_ct_TSTInfo)
+                {
+                TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_BAD_PKCS7_TYPE);
+                return NULL;
+                }
+
+        /* We have a DER encoded TST_INFO as the signed data. */
+        tst_info_wrapper = enveloped->d.other;
+        if (tst_info_wrapper->type != V_ASN1_OCTET_STRING)
+                {
+                TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_BAD_TYPE);
+                return NULL;
+                }
+
+        /* We have the correct ASN1_OCTET_STRING type. */
+        tst_info_der = tst_info_wrapper->value.octet_string;
+        /* At last, decode the TST_INFO. */
+        p = tst_info_der->data;
+        return d2i_TS_TST_INFO(NULL, &p, tst_info_der->length);
+}
diff --git a/src/lib/libcrypto/ts/ts_conf.c b/src/lib/libcrypto/ts/ts_conf.c
new file mode 100644
index 0000000000..c39be76f28
--- /dev/null
+++ b/src/lib/libcrypto/ts/ts_conf.c
@@ -0,0 +1,507 @@
+/* crypto/ts/ts_conf.c */
+/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
+ * project 2002.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <string.h>
+
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/pem.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+#include <openssl/ts.h>
+
+/* Macro definitions for the configuration file. */
+
+#define BASE_SECTION                    "tsa"
+#define ENV_DEFAULT_TSA                 "default_tsa"
+#define ENV_SERIAL                      "serial"
+#define ENV_CRYPTO_DEVICE               "crypto_device"
+#define ENV_SIGNER_CERT                 "signer_cert"
+#define ENV_CERTS                       "certs"
+#define ENV_SIGNER_KEY                  "signer_key"
+#define ENV_DEFAULT_POLICY              "default_policy"
+#define ENV_OTHER_POLICIES              "other_policies"
+#define ENV_DIGESTS                     "digests"
+#define ENV_ACCURACY                    "accuracy"
+#define ENV_ORDERING                    "ordering"
+#define ENV_TSA_NAME                    "tsa_name"
+#define ENV_ESS_CERT_ID_CHAIN           "ess_cert_id_chain"
+#define ENV_VALUE_SECS                  "secs"
+#define ENV_VALUE_MILLISECS             "millisecs"
+#define ENV_VALUE_MICROSECS             "microsecs"
+#define ENV_CLOCK_PRECISION_DIGITS      "clock_precision_digits" 
+#define ENV_VALUE_YES                   "yes"
+#define ENV_VALUE_NO                    "no"
+
+/* Function definitions for certificate and key loading. */
+
+X509 *TS_CONF_load_cert(const char *file)
+        {
+        BIO *cert = NULL;
+        X509 *x = NULL;
+
+        if ((cert = BIO_new_file(file, "r")) == NULL) goto end;
+        x = PEM_read_bio_X509_AUX(cert, NULL, NULL, NULL);
+end:
+        if (x == NULL)
+                fprintf(stderr, "unable to load certificate: %s\n", file);
+        BIO_free(cert);
+        return x;
+        }
+
+STACK_OF(X509) *TS_CONF_load_certs(const char *file)
+        {
+        BIO *certs = NULL;
+        STACK_OF(X509) *othercerts = NULL;
+        STACK_OF(X509_INFO) *allcerts = NULL;
+        int i;
+
+        if (!(certs = BIO_new_file(file, "r"))) goto end;
+
+        if (!(othercerts = sk_X509_new_null())) goto end;
+        allcerts = PEM_X509_INFO_read_bio(certs, NULL, NULL, NULL);
+        for(i = 0; i < sk_X509_INFO_num(allcerts); i++)
+                {
+                X509_INFO *xi = sk_X509_INFO_value(allcerts, i);
+                if (xi->x509)
+                        {
+                        sk_X509_push(othercerts, xi->x509);
+                        xi->x509 = NULL;
+                        }
+                }
+end:
+        if (othercerts == NULL)
+                fprintf(stderr, "unable to load certificates: %s\n", file);
+        sk_X509_INFO_pop_free(allcerts, X509_INFO_free);
+        BIO_free(certs);
+        return othercerts;
+        }
+
+EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass)
+        {
+        BIO *key = NULL;
+        EVP_PKEY *pkey = NULL;
+
+        if (!(key = BIO_new_file(file, "r"))) goto end;
+        pkey = PEM_read_bio_PrivateKey(key, NULL, NULL, (char *) pass);
+ end:
+        if (pkey == NULL)
+                fprintf(stderr, "unable to load private key: %s\n", file);
+        BIO_free(key);
+        return pkey;
+        }
+
+/* Function definitions for handling configuration options. */
+
+static void TS_CONF_lookup_fail(const char *name, const char *tag)
+        {
+        fprintf(stderr, "variable lookup failed for %s::%s\n", name, tag);
+        }
+
+static void TS_CONF_invalid(const char *name, const char *tag)
+        {
+        fprintf(stderr, "invalid variable value for %s::%s\n", name, tag);
+        }
+
+const char *TS_CONF_get_tsa_section(CONF *conf, const char *section)
+        {
+        if (!section)
+                {
+                section = NCONF_get_string(conf, BASE_SECTION, ENV_DEFAULT_TSA);
+                if (!section)
+                        TS_CONF_lookup_fail(BASE_SECTION, ENV_DEFAULT_TSA);
+                }
+        return section;
+        }
+
+int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb,
+                       TS_RESP_CTX *ctx)
+        {
+        int ret = 0;
+        char *serial = NCONF_get_string(conf, section, ENV_SERIAL);
+        if (!serial)
+                {
+                TS_CONF_lookup_fail(section, ENV_SERIAL);
+                goto err;
+                }
+        TS_RESP_CTX_set_serial_cb(ctx, cb, serial);
+
+        ret = 1;
+ err:
+        return ret;
+        }
+
+#ifndef OPENSSL_NO_ENGINE
+
+int TS_CONF_set_crypto_device(CONF *conf, const char *section,
+                              const char *device)
+        {
+        int ret = 0;
+        
+        if (!device)
+                device = NCONF_get_string(conf, section,
+                                          ENV_CRYPTO_DEVICE);
+
+        if (device && !TS_CONF_set_default_engine(device))
+                {
+                TS_CONF_invalid(section, ENV_CRYPTO_DEVICE);
+                goto err;
+                }
+        ret = 1;
+ err:
+        return ret;
+        }
+
+int TS_CONF_set_default_engine(const char *name)
+        {
+        ENGINE *e = NULL;
+        int ret = 0;
+
+        /* Leave the default if builtin specified. */
+        if (strcmp(name, "builtin") == 0) return 1;
+
+        if (!(e = ENGINE_by_id(name))) goto err;
+        /* Enable the use of the NCipher HSM for forked children. */
+        if (strcmp(name, "chil") == 0) 
+                ENGINE_ctrl(e, ENGINE_CTRL_CHIL_SET_FORKCHECK, 1, 0, 0);
+        /* All the operations are going to be carried out by the engine. */
+        if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) goto err;
+        ret = 1;
+ err:
+        if (!ret)
+                {
+                TSerr(TS_F_TS_CONF_SET_DEFAULT_ENGINE, 
+                      TS_R_COULD_NOT_SET_ENGINE);
+                ERR_add_error_data(2, "engine:", name);
+                }
+        if (e) ENGINE_free(e);
+        return ret;
+        }
+
+#endif
+
+int TS_CONF_set_signer_cert(CONF *conf, const char *section,
+                            const char *cert, TS_RESP_CTX *ctx)
+        {
+        int ret = 0;
+        X509 *cert_obj = NULL;
+        if (!cert) 
+                cert = NCONF_get_string(conf, section, ENV_SIGNER_CERT);
+        if (!cert)
+                {
+                TS_CONF_lookup_fail(section, ENV_SIGNER_CERT);
+                goto err;
+                }
+        if (!(cert_obj = TS_CONF_load_cert(cert)))
+                goto err;
+        if (!TS_RESP_CTX_set_signer_cert(ctx, cert_obj))
+                goto err;
+
+        ret = 1;
+ err:
+        X509_free(cert_obj);
+        return ret;
+        }
+
+int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs,
+                      TS_RESP_CTX *ctx)
+        {
+        int ret = 0;
+        STACK_OF(X509) *certs_obj = NULL;
+        if (!certs) 
+                certs = NCONF_get_string(conf, section, ENV_CERTS);
+        /* Certificate chain is optional. */
+        if (!certs) goto end;
+        if (!(certs_obj = TS_CONF_load_certs(certs))) goto err;
+        if (!TS_RESP_CTX_set_certs(ctx, certs_obj)) goto err;
+ end:
+        ret = 1;
+ err:
+        sk_X509_pop_free(certs_obj, X509_free);
+        return ret;
+        }
+
+int TS_CONF_set_signer_key(CONF *conf, const char *section,
+                           const char *key, const char *pass,
+                           TS_RESP_CTX *ctx)
+        {
+        int ret = 0;
+        EVP_PKEY *key_obj = NULL;
+        if (!key) 
+                key = NCONF_get_string(conf, section, ENV_SIGNER_KEY);
+        if (!key)
+                {
+                TS_CONF_lookup_fail(section, ENV_SIGNER_KEY);
+                goto err;
+                }
+        if (!(key_obj = TS_CONF_load_key(key, pass))) goto err;
+        if (!TS_RESP_CTX_set_signer_key(ctx, key_obj)) goto err;
+
+        ret = 1;
+ err:
+        EVP_PKEY_free(key_obj);
+        return ret;
+        }
+
+int TS_CONF_set_def_policy(CONF *conf, const char *section,
+                           const char *policy, TS_RESP_CTX *ctx)
+        {
+        int ret = 0;
+        ASN1_OBJECT *policy_obj = NULL;
+        if (!policy) 
+                policy = NCONF_get_string(conf, section, 
+                                          ENV_DEFAULT_POLICY);
+        if (!policy)
+                {
+                TS_CONF_lookup_fail(section, ENV_DEFAULT_POLICY);
+                goto err;
+                }
+        if (!(policy_obj = OBJ_txt2obj(policy, 0)))
+                {
+                TS_CONF_invalid(section, ENV_DEFAULT_POLICY);
+                goto err;
+                }
+        if (!TS_RESP_CTX_set_def_policy(ctx, policy_obj))
+                goto err;
+
+        ret = 1;
+ err:
+        ASN1_OBJECT_free(policy_obj);
+        return ret;
+        }
+
+int TS_CONF_set_policies(CONF *conf, const char *section,
+                         TS_RESP_CTX *ctx)
+        {
+        int ret = 0;
+        int i;
+        STACK_OF(CONF_VALUE) *list = NULL;
+        char *policies = NCONF_get_string(conf, section, 
+                                          ENV_OTHER_POLICIES);
+        /* If no other policy is specified, that's fine. */
+        if (policies && !(list = X509V3_parse_list(policies)))
+                {
+                TS_CONF_invalid(section, ENV_OTHER_POLICIES);
+                goto err;
+                }
+        for (i = 0; i < sk_CONF_VALUE_num(list); ++i)
+                {
+                CONF_VALUE *val = sk_CONF_VALUE_value(list, i);
+                const char *extval = val->value ? val->value : val->name;
+                ASN1_OBJECT *objtmp;
+                if (!(objtmp = OBJ_txt2obj(extval, 0)))
+                        {
+                        TS_CONF_invalid(section, ENV_OTHER_POLICIES);
+                        goto err;
+                        }
+                if (!TS_RESP_CTX_add_policy(ctx, objtmp))
+                        goto err;
+                ASN1_OBJECT_free(objtmp);
+                }
+
+        ret = 1;
+ err:
+        sk_CONF_VALUE_pop_free(list, X509V3_conf_free);
+        return ret;
+        }
+
+int TS_CONF_set_digests(CONF *conf, const char *section,
+                        TS_RESP_CTX *ctx)
+        {
+        int ret = 0;
+        int i;
+        STACK_OF(CONF_VALUE) *list = NULL;
+        char *digests = NCONF_get_string(conf, section, ENV_DIGESTS);
+        if (!digests)
+                {
+                TS_CONF_lookup_fail(section, ENV_DIGESTS);
+                goto err;
+                }
+        if (!(list = X509V3_parse_list(digests)))
+                {
+                TS_CONF_invalid(section, ENV_DIGESTS);
+                goto err;
+                }
+        if (sk_CONF_VALUE_num(list) == 0)
+                {
+                TS_CONF_invalid(section, ENV_DIGESTS);
+                goto err;
+                }
+        for (i = 0; i < sk_CONF_VALUE_num(list); ++i)
+                {
+                CONF_VALUE *val = sk_CONF_VALUE_value(list, i);
+                const char *extval = val->value ? val->value : val->name;
+                const EVP_MD *md;
+                if (!(md = EVP_get_digestbyname(extval)))
+                        {
+                        TS_CONF_invalid(section, ENV_DIGESTS);
+                        goto err;
+                        }
+                if (!TS_RESP_CTX_add_md(ctx, md))
+                        goto err;
+                }
+
+        ret = 1;
+ err:
+        sk_CONF_VALUE_pop_free(list, X509V3_conf_free);
+        return ret;
+        }
+
+int TS_CONF_set_accuracy(CONF *conf, const char *section, TS_RESP_CTX *ctx)
+        {
+        int ret = 0;
+        int i;
+        int secs = 0, millis = 0, micros = 0;
+        STACK_OF(CONF_VALUE) *list = NULL;
+        char *accuracy = NCONF_get_string(conf, section, ENV_ACCURACY);
+
+        if (accuracy && !(list = X509V3_parse_list(accuracy)))
+                {
+                TS_CONF_invalid(section, ENV_ACCURACY);
+                goto err;
+                }
+        for (i = 0; i < sk_CONF_VALUE_num(list); ++i)
+                {
+                CONF_VALUE *val = sk_CONF_VALUE_value(list, i);
+                if (strcmp(val->name, ENV_VALUE_SECS) == 0) 
+                        {
+                        if (val->value) secs = atoi(val->value);
+                        }
+                else if (strcmp(val->name, ENV_VALUE_MILLISECS) == 0)
+                        {
+                        if (val->value) millis = atoi(val->value);
+                        }
+                else if (strcmp(val->name, ENV_VALUE_MICROSECS) == 0)
+                        {
+                        if (val->value) micros = atoi(val->value);
+                        }
+                else
+                        {
+                        TS_CONF_invalid(section, ENV_ACCURACY);
+                        goto err;
+                        }
+                }
+        if (!TS_RESP_CTX_set_accuracy(ctx, secs, millis, micros))
+                goto err;
+
+        ret = 1;
+ err:
+        sk_CONF_VALUE_pop_free(list, X509V3_conf_free);
+        return ret;
+        }
+
+int TS_CONF_set_clock_precision_digits(CONF *conf, const char *section,
+                                       TS_RESP_CTX *ctx)
+        {
+        int ret = 0;
+        long digits = 0;
+        
+        /* If not specified, set the default value to 0, i.e. sec  precision */
+        if (!NCONF_get_number_e(conf, section, ENV_CLOCK_PRECISION_DIGITS,
+                                &digits))
+                digits = 0;
+        if (digits < 0 || digits > TS_MAX_CLOCK_PRECISION_DIGITS)
+                {
+                TS_CONF_invalid(section, ENV_CLOCK_PRECISION_DIGITS);
+                goto err;
+                }
+
+        if (!TS_RESP_CTX_set_clock_precision_digits(ctx, digits))
+                goto err;
+
+        return 1;
+ err:
+        return ret;
+        }
+
+static int TS_CONF_add_flag(CONF *conf, const char *section, const char *field,
+                            int flag, TS_RESP_CTX *ctx)
+        {
+        /* Default is false. */
+        const char *value = NCONF_get_string(conf, section, field);
+        if (value)
+                {
+                if (strcmp(value, ENV_VALUE_YES) == 0)
+                        TS_RESP_CTX_add_flags(ctx, flag);
+                else if (strcmp(value, ENV_VALUE_NO) != 0)
+                        {
+                        TS_CONF_invalid(section, field);
+                        return 0;
+                        }
+                }
+
+        return 1;
+        }
+
+int TS_CONF_set_ordering(CONF *conf, const char *section, TS_RESP_CTX *ctx)
+        {
+        return TS_CONF_add_flag(conf, section, ENV_ORDERING, TS_ORDERING, ctx);
+        }
+
+int TS_CONF_set_tsa_name(CONF *conf, const char *section, TS_RESP_CTX *ctx)
+        {
+        return TS_CONF_add_flag(conf, section, ENV_TSA_NAME, TS_TSA_NAME, ctx);
+        }
+
+int TS_CONF_set_ess_cert_id_chain(CONF *conf, const char *section,
+                                  TS_RESP_CTX *ctx)
+        {
+        return TS_CONF_add_flag(conf, section, ENV_ESS_CERT_ID_CHAIN, 
+                                TS_ESS_CERT_ID_CHAIN, ctx);
+        }
diff --git a/src/lib/libcrypto/ts/ts_err.c b/src/lib/libcrypto/ts/ts_err.c
new file mode 100644
index 0000000000..a08b0ffa23
--- /dev/null
+++ b/src/lib/libcrypto/ts/ts_err.c
@@ -0,0 +1,179 @@
+/* crypto/ts/ts_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/ts.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_TS,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_TS,0,reason)
+
+static ERR_STRING_DATA TS_str_functs[]=
+        {
+{ERR_FUNC(TS_F_D2I_TS_RESP),    "d2i_TS_RESP"},
+{ERR_FUNC(TS_F_DEF_SERIAL_CB),  "DEF_SERIAL_CB"},
+{ERR_FUNC(TS_F_DEF_TIME_CB),    "DEF_TIME_CB"},
+{ERR_FUNC(TS_F_ESS_ADD_SIGNING_CERT),   "ESS_ADD_SIGNING_CERT"},
+{ERR_FUNC(TS_F_ESS_CERT_ID_NEW_INIT),   "ESS_CERT_ID_NEW_INIT"},
+{ERR_FUNC(TS_F_ESS_SIGNING_CERT_NEW_INIT),      "ESS_SIGNING_CERT_NEW_INIT"},
+{ERR_FUNC(TS_F_INT_TS_RESP_VERIFY_TOKEN),       "INT_TS_RESP_VERIFY_TOKEN"},
+{ERR_FUNC(TS_F_PKCS7_TO_TS_TST_INFO),   "PKCS7_to_TS_TST_INFO"},
+{ERR_FUNC(TS_F_TS_ACCURACY_SET_MICROS), "TS_ACCURACY_set_micros"},
+{ERR_FUNC(TS_F_TS_ACCURACY_SET_MILLIS), "TS_ACCURACY_set_millis"},
+{ERR_FUNC(TS_F_TS_ACCURACY_SET_SECONDS),        "TS_ACCURACY_set_seconds"},
+{ERR_FUNC(TS_F_TS_CHECK_IMPRINTS),      "TS_CHECK_IMPRINTS"},
+{ERR_FUNC(TS_F_TS_CHECK_NONCES),        "TS_CHECK_NONCES"},
+{ERR_FUNC(TS_F_TS_CHECK_POLICY),        "TS_CHECK_POLICY"},
+{ERR_FUNC(TS_F_TS_CHECK_SIGNING_CERTS), "TS_CHECK_SIGNING_CERTS"},
+{ERR_FUNC(TS_F_TS_CHECK_STATUS_INFO),   "TS_CHECK_STATUS_INFO"},
+{ERR_FUNC(TS_F_TS_COMPUTE_IMPRINT),     "TS_COMPUTE_IMPRINT"},
+{ERR_FUNC(TS_F_TS_CONF_SET_DEFAULT_ENGINE),     "TS_CONF_set_default_engine"},
+{ERR_FUNC(TS_F_TS_GET_STATUS_TEXT),     "TS_GET_STATUS_TEXT"},
+{ERR_FUNC(TS_F_TS_MSG_IMPRINT_SET_ALGO),        "TS_MSG_IMPRINT_set_algo"},
+{ERR_FUNC(TS_F_TS_REQ_SET_MSG_IMPRINT), "TS_REQ_set_msg_imprint"},
+{ERR_FUNC(TS_F_TS_REQ_SET_NONCE),       "TS_REQ_set_nonce"},
+{ERR_FUNC(TS_F_TS_REQ_SET_POLICY_ID),   "TS_REQ_set_policy_id"},
+{ERR_FUNC(TS_F_TS_RESP_CREATE_RESPONSE),        "TS_RESP_create_response"},
+{ERR_FUNC(TS_F_TS_RESP_CREATE_TST_INFO),        "TS_RESP_CREATE_TST_INFO"},
+{ERR_FUNC(TS_F_TS_RESP_CTX_ADD_FAILURE_INFO),   "TS_RESP_CTX_add_failure_info"},
+{ERR_FUNC(TS_F_TS_RESP_CTX_ADD_MD),     "TS_RESP_CTX_add_md"},
+{ERR_FUNC(TS_F_TS_RESP_CTX_ADD_POLICY), "TS_RESP_CTX_add_policy"},
+{ERR_FUNC(TS_F_TS_RESP_CTX_NEW),        "TS_RESP_CTX_new"},
+{ERR_FUNC(TS_F_TS_RESP_CTX_SET_ACCURACY),       "TS_RESP_CTX_set_accuracy"},
+{ERR_FUNC(TS_F_TS_RESP_CTX_SET_CERTS),  "TS_RESP_CTX_set_certs"},
+{ERR_FUNC(TS_F_TS_RESP_CTX_SET_DEF_POLICY),     "TS_RESP_CTX_set_def_policy"},
+{ERR_FUNC(TS_F_TS_RESP_CTX_SET_SIGNER_CERT),    "TS_RESP_CTX_set_signer_cert"},
+{ERR_FUNC(TS_F_TS_RESP_CTX_SET_STATUS_INFO),    "TS_RESP_CTX_set_status_info"},
+{ERR_FUNC(TS_F_TS_RESP_GET_POLICY),     "TS_RESP_GET_POLICY"},
+{ERR_FUNC(TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION),     "TS_RESP_SET_GENTIME_WITH_PRECISION"},
+{ERR_FUNC(TS_F_TS_RESP_SET_STATUS_INFO),        "TS_RESP_set_status_info"},
+{ERR_FUNC(TS_F_TS_RESP_SET_TST_INFO),   "TS_RESP_set_tst_info"},
+{ERR_FUNC(TS_F_TS_RESP_SIGN),   "TS_RESP_SIGN"},
+{ERR_FUNC(TS_F_TS_RESP_VERIFY_SIGNATURE),       "TS_RESP_verify_signature"},
+{ERR_FUNC(TS_F_TS_RESP_VERIFY_TOKEN),   "TS_RESP_verify_token"},
+{ERR_FUNC(TS_F_TS_TST_INFO_SET_ACCURACY),       "TS_TST_INFO_set_accuracy"},
+{ERR_FUNC(TS_F_TS_TST_INFO_SET_MSG_IMPRINT),    "TS_TST_INFO_set_msg_imprint"},
+{ERR_FUNC(TS_F_TS_TST_INFO_SET_NONCE),  "TS_TST_INFO_set_nonce"},
+{ERR_FUNC(TS_F_TS_TST_INFO_SET_POLICY_ID),      "TS_TST_INFO_set_policy_id"},
+{ERR_FUNC(TS_F_TS_TST_INFO_SET_SERIAL), "TS_TST_INFO_set_serial"},
+{ERR_FUNC(TS_F_TS_TST_INFO_SET_TIME),   "TS_TST_INFO_set_time"},
+{ERR_FUNC(TS_F_TS_TST_INFO_SET_TSA),    "TS_TST_INFO_set_tsa"},
+{ERR_FUNC(TS_F_TS_VERIFY),      "TS_VERIFY"},
+{ERR_FUNC(TS_F_TS_VERIFY_CERT), "TS_VERIFY_CERT"},
+{ERR_FUNC(TS_F_TS_VERIFY_CTX_NEW),      "TS_VERIFY_CTX_new"},
+{0,NULL}
+        };
+
+static ERR_STRING_DATA TS_str_reasons[]=
+        {
+{ERR_REASON(TS_R_BAD_PKCS7_TYPE)         ,"bad pkcs7 type"},
+{ERR_REASON(TS_R_BAD_TYPE)               ,"bad type"},
+{ERR_REASON(TS_R_CERTIFICATE_VERIFY_ERROR),"certificate verify error"},
+{ERR_REASON(TS_R_COULD_NOT_SET_ENGINE)   ,"could not set engine"},
+{ERR_REASON(TS_R_COULD_NOT_SET_TIME)     ,"could not set time"},
+{ERR_REASON(TS_R_D2I_TS_RESP_INT_FAILED) ,"d2i ts resp int failed"},
+{ERR_REASON(TS_R_DETACHED_CONTENT)       ,"detached content"},
+{ERR_REASON(TS_R_ESS_ADD_SIGNING_CERT_ERROR),"ess add signing cert error"},
+{ERR_REASON(TS_R_ESS_SIGNING_CERTIFICATE_ERROR),"ess signing certificate error"},
+{ERR_REASON(TS_R_INVALID_NULL_POINTER)   ,"invalid null pointer"},
+{ERR_REASON(TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE),"invalid signer certificate purpose"},
+{ERR_REASON(TS_R_MESSAGE_IMPRINT_MISMATCH),"message imprint mismatch"},
+{ERR_REASON(TS_R_NONCE_MISMATCH)         ,"nonce mismatch"},
+{ERR_REASON(TS_R_NONCE_NOT_RETURNED)     ,"nonce not returned"},
+{ERR_REASON(TS_R_NO_CONTENT)             ,"no content"},
+{ERR_REASON(TS_R_NO_TIME_STAMP_TOKEN)    ,"no time stamp token"},
+{ERR_REASON(TS_R_PKCS7_ADD_SIGNATURE_ERROR),"pkcs7 add signature error"},
+{ERR_REASON(TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR),"pkcs7 add signed attr error"},
+{ERR_REASON(TS_R_PKCS7_TO_TS_TST_INFO_FAILED),"pkcs7 to ts tst info failed"},
+{ERR_REASON(TS_R_POLICY_MISMATCH)        ,"policy mismatch"},
+{ERR_REASON(TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),"private key does not match certificate"},
+{ERR_REASON(TS_R_RESPONSE_SETUP_ERROR)   ,"response setup error"},
+{ERR_REASON(TS_R_SIGNATURE_FAILURE)      ,"signature failure"},
+{ERR_REASON(TS_R_THERE_MUST_BE_ONE_SIGNER),"there must be one signer"},
+{ERR_REASON(TS_R_TIME_SYSCALL_ERROR)     ,"time syscall error"},
+{ERR_REASON(TS_R_TOKEN_NOT_PRESENT)      ,"token not present"},
+{ERR_REASON(TS_R_TOKEN_PRESENT)          ,"token present"},
+{ERR_REASON(TS_R_TSA_NAME_MISMATCH)      ,"tsa name mismatch"},
+{ERR_REASON(TS_R_TSA_UNTRUSTED)          ,"tsa untrusted"},
+{ERR_REASON(TS_R_TST_INFO_SETUP_ERROR)   ,"tst info setup error"},
+{ERR_REASON(TS_R_TS_DATASIGN)            ,"ts datasign"},
+{ERR_REASON(TS_R_UNACCEPTABLE_POLICY)    ,"unacceptable policy"},
+{ERR_REASON(TS_R_UNSUPPORTED_MD_ALGORITHM),"unsupported md algorithm"},
+{ERR_REASON(TS_R_UNSUPPORTED_VERSION)    ,"unsupported version"},
+{ERR_REASON(TS_R_WRONG_CONTENT_TYPE)     ,"wrong content type"},
+{0,NULL}
+        };
+
+#endif
+
+void ERR_load_TS_strings(void)
+        {
+#ifndef OPENSSL_NO_ERR
+
+        if (ERR_func_error_string(TS_str_functs[0].error) == NULL)
+                {
+                ERR_load_strings(0,TS_str_functs);
+                ERR_load_strings(0,TS_str_reasons);
+                }
+#endif
+        }
diff --git a/src/lib/libcrypto/ts/ts_lib.c b/src/lib/libcrypto/ts/ts_lib.c
new file mode 100644
index 0000000000..e8608dbf71
--- /dev/null
+++ b/src/lib/libcrypto/ts/ts_lib.c
@@ -0,0 +1,145 @@
+/* crypto/ts/ts_lib.c */
+/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
+ * project 2002.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/bn.h>
+#include <openssl/x509v3.h>
+#include "ts.h"
+
+/* Local function declarations. */
+
+/* Function definitions. */
+
+int TS_ASN1_INTEGER_print_bio(BIO *bio, const ASN1_INTEGER *num)
+        {
+        BIGNUM num_bn;
+        int result = 0;
+        char *hex;
+
+        BN_init(&num_bn);
+        ASN1_INTEGER_to_BN(num, &num_bn);
+        if ((hex = BN_bn2hex(&num_bn))) 
+                {
+                result = BIO_write(bio, "0x", 2) > 0;
+                result = result && BIO_write(bio, hex, strlen(hex)) > 0;
+                OPENSSL_free(hex);
+                }
+        BN_free(&num_bn);
+
+        return result;
+        }
+
+int TS_OBJ_print_bio(BIO *bio, const ASN1_OBJECT *obj)
+        {
+        char obj_txt[128];
+
+        int len = OBJ_obj2txt(obj_txt, sizeof(obj_txt), obj, 0);
+        BIO_write(bio, obj_txt, len);
+        BIO_write(bio, "\n", 1);
+
+        return 1;
+        }
+
+int TS_ext_print_bio(BIO *bio, const STACK_OF(X509_EXTENSION) *extensions)
+        {
+        int i, critical, n;
+        X509_EXTENSION *ex;
+        ASN1_OBJECT *obj;
+
+        BIO_printf(bio, "Extensions:\n");
+        n = X509v3_get_ext_count(extensions);
+        for (i = 0; i < n; i++)
+                {
+                ex = X509v3_get_ext(extensions, i);
+                obj = X509_EXTENSION_get_object(ex);
+                i2a_ASN1_OBJECT(bio, obj);
+                critical = X509_EXTENSION_get_critical(ex);
+                BIO_printf(bio, ": %s\n", critical ? "critical" : "");
+                if (!X509V3_EXT_print(bio, ex, 0, 4))
+                        {
+                        BIO_printf(bio, "%4s", "");
+                        M_ASN1_OCTET_STRING_print(bio, ex->value);
+                        }
+                BIO_write(bio, "\n", 1);
+                }
+
+        return 1;
+        }
+
+int TS_X509_ALGOR_print_bio(BIO *bio, const X509_ALGOR *alg)
+        {
+        int i = OBJ_obj2nid(alg->algorithm);
+        return BIO_printf(bio, "Hash Algorithm: %s\n",
+                (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i));
+        }
+
+int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *a)
+        {
+        const ASN1_OCTET_STRING *msg;
+
+        TS_X509_ALGOR_print_bio(bio, TS_MSG_IMPRINT_get_algo(a));
+
+        BIO_printf(bio, "Message data:\n");
+        msg = TS_MSG_IMPRINT_get_msg(a);
+        BIO_dump_indent(bio, (const char *)M_ASN1_STRING_data(msg), 
+                        M_ASN1_STRING_length(msg), 4);
+
+        return 1;
+        }
diff --git a/src/lib/libcrypto/ts/ts_req_print.c b/src/lib/libcrypto/ts/ts_req_print.c
new file mode 100644
index 0000000000..eba12c3824
--- /dev/null
+++ b/src/lib/libcrypto/ts/ts_req_print.c
@@ -0,0 +1,102 @@
+/* crypto/ts/ts_req_print.c */
+/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
+ * project 2002.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/bn.h>
+#include <openssl/x509v3.h>
+#include <openssl/ts.h>
+
+/* Function definitions. */
+
+int TS_REQ_print_bio(BIO *bio, TS_REQ *a)
+        {
+        int v;
+        ASN1_OBJECT *policy_id;
+        const ASN1_INTEGER *nonce;
+
+        if (a == NULL) return 0;
+
+        v = TS_REQ_get_version(a);
+        BIO_printf(bio, "Version: %d\n", v);
+
+        TS_MSG_IMPRINT_print_bio(bio, TS_REQ_get_msg_imprint(a));
+
+        BIO_printf(bio, "Policy OID: ");
+        policy_id = TS_REQ_get_policy_id(a);
+        if (policy_id == NULL)
+                BIO_printf(bio, "unspecified\n");
+        else    
+                TS_OBJ_print_bio(bio, policy_id);
+
+        BIO_printf(bio, "Nonce: ");
+        nonce = TS_REQ_get_nonce(a);
+        if (nonce == NULL)
+                BIO_printf(bio, "unspecified");
+        else
+                TS_ASN1_INTEGER_print_bio(bio, nonce);
+        BIO_write(bio, "\n", 1);
+
+        BIO_printf(bio, "Certificate required: %s\n", 
+                   TS_REQ_get_cert_req(a) ? "yes" : "no");
+
+        TS_ext_print_bio(bio, TS_REQ_get_exts(a));
+
+        return 1;
+        }
diff --git a/src/lib/libcrypto/ts/ts_req_utils.c b/src/lib/libcrypto/ts/ts_req_utils.c
new file mode 100644
index 0000000000..43280c1587
--- /dev/null
+++ b/src/lib/libcrypto/ts/ts_req_utils.c
@@ -0,0 +1,234 @@
+/* crypto/ts/ts_req_utils.c */
+/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
+ * project 2002.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/x509v3.h>
+#include <openssl/ts.h>
+
+int TS_REQ_set_version(TS_REQ *a, long version)
+        {
+        return ASN1_INTEGER_set(a->version, version);
+        }
+
+long TS_REQ_get_version(const TS_REQ *a)
+        {
+        return ASN1_INTEGER_get(a->version);
+        }
+
+int TS_REQ_set_msg_imprint(TS_REQ *a, TS_MSG_IMPRINT *msg_imprint)
+        {
+        TS_MSG_IMPRINT *new_msg_imprint;
+
+        if (a->msg_imprint == msg_imprint)
+                return 1;
+        new_msg_imprint = TS_MSG_IMPRINT_dup(msg_imprint);
+        if (new_msg_imprint == NULL)
+                {
+                TSerr(TS_F_TS_REQ_SET_MSG_IMPRINT, ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        TS_MSG_IMPRINT_free(a->msg_imprint);
+        a->msg_imprint = new_msg_imprint;
+        return 1;
+        }
+
+TS_MSG_IMPRINT *TS_REQ_get_msg_imprint(TS_REQ *a)
+        {
+        return a->msg_imprint;
+        }
+
+int TS_MSG_IMPRINT_set_algo(TS_MSG_IMPRINT *a, X509_ALGOR *alg)
+        {
+        X509_ALGOR *new_alg;
+
+        if (a->hash_algo == alg)
+                return 1;
+        new_alg = X509_ALGOR_dup(alg);
+        if (new_alg == NULL)
+                {
+                TSerr(TS_F_TS_MSG_IMPRINT_SET_ALGO, ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        X509_ALGOR_free(a->hash_algo);
+        a->hash_algo = new_alg;
+        return 1;
+        }
+
+X509_ALGOR *TS_MSG_IMPRINT_get_algo(TS_MSG_IMPRINT *a)
+        {
+        return a->hash_algo;
+        }
+
+int TS_MSG_IMPRINT_set_msg(TS_MSG_IMPRINT *a, unsigned char *d, int len)
+        {
+        return ASN1_OCTET_STRING_set(a->hashed_msg, d, len);
+        }
+
+ASN1_OCTET_STRING *TS_MSG_IMPRINT_get_msg(TS_MSG_IMPRINT *a)
+        {
+        return a->hashed_msg;
+        }
+
+int TS_REQ_set_policy_id(TS_REQ *a, ASN1_OBJECT *policy)
+        {
+        ASN1_OBJECT *new_policy;
+
+        if (a->policy_id == policy)
+                return 1;
+        new_policy = OBJ_dup(policy);
+        if (new_policy == NULL)
+                {
+                TSerr(TS_F_TS_REQ_SET_POLICY_ID, ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        ASN1_OBJECT_free(a->policy_id);
+        a->policy_id = new_policy;
+        return 1;
+        }
+
+ASN1_OBJECT *TS_REQ_get_policy_id(TS_REQ *a)
+        {
+        return a->policy_id;
+        }
+
+int TS_REQ_set_nonce(TS_REQ *a, const ASN1_INTEGER *nonce)
+        {
+        ASN1_INTEGER *new_nonce;
+
+        if (a->nonce == nonce)
+                return 1;
+        new_nonce = ASN1_INTEGER_dup(nonce);
+        if (new_nonce == NULL)
+                {
+                TSerr(TS_F_TS_REQ_SET_NONCE, ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        ASN1_INTEGER_free(a->nonce);
+        a->nonce = new_nonce;
+        return 1;
+        }
+
+const ASN1_INTEGER *TS_REQ_get_nonce(const TS_REQ *a)
+        {
+        return a->nonce;
+        }
+
+int TS_REQ_set_cert_req(TS_REQ *a, int cert_req)
+        {
+        a->cert_req = cert_req ? 0xFF : 0x00;
+        return 1;
+        }
+
+int TS_REQ_get_cert_req(const TS_REQ *a)
+        {
+        return a->cert_req ? 1 : 0;
+        }
+
+STACK_OF(X509_EXTENSION) *TS_REQ_get_exts(TS_REQ *a)
+        {
+        return a->extensions;
+        }
+
+void TS_REQ_ext_free(TS_REQ *a)
+        {
+        if (!a) return;
+        sk_X509_EXTENSION_pop_free(a->extensions, X509_EXTENSION_free);
+        a->extensions = NULL;
+        }
+
+int TS_REQ_get_ext_count(TS_REQ *a)
+        {
+        return X509v3_get_ext_count(a->extensions);
+        }
+
+int TS_REQ_get_ext_by_NID(TS_REQ *a, int nid, int lastpos)
+        {
+        return X509v3_get_ext_by_NID(a->extensions, nid, lastpos);
+        }
+
+int TS_REQ_get_ext_by_OBJ(TS_REQ *a, ASN1_OBJECT *obj, int lastpos)
+        {
+        return X509v3_get_ext_by_OBJ(a->extensions, obj, lastpos);
+        }
+
+int TS_REQ_get_ext_by_critical(TS_REQ *a, int crit, int lastpos)
+        {
+        return X509v3_get_ext_by_critical(a->extensions, crit, lastpos);
+        }
+
+X509_EXTENSION *TS_REQ_get_ext(TS_REQ *a, int loc)
+        {
+        return X509v3_get_ext(a->extensions,loc);
+        }
+
+X509_EXTENSION *TS_REQ_delete_ext(TS_REQ *a, int loc)
+        {
+        return X509v3_delete_ext(a->extensions,loc);
+        }
+
+int TS_REQ_add_ext(TS_REQ *a, X509_EXTENSION *ex, int loc)
+        {
+        return X509v3_add_ext(&a->extensions,ex,loc) != NULL;
+        }
+
+void *TS_REQ_get_ext_d2i(TS_REQ *a, int nid, int *crit, int *idx)
+        {
+        return X509V3_get_d2i(a->extensions, nid, crit, idx);
+        }
diff --git a/src/lib/libcrypto/ts/ts_rsp_print.c b/src/lib/libcrypto/ts/ts_rsp_print.c
new file mode 100644
index 0000000000..21062517ba
--- /dev/null
+++ b/src/lib/libcrypto/ts/ts_rsp_print.c
@@ -0,0 +1,287 @@
+/* crypto/ts/ts_resp_print.c */
+/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
+ * project 2002.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/bn.h>
+#include <openssl/x509v3.h>
+#include "ts.h"
+
+struct status_map_st
+        {
+        int bit;
+        const char *text;
+        };
+
+/* Local function declarations. */
+
+static int TS_status_map_print(BIO *bio, struct status_map_st *a,
+                               ASN1_BIT_STRING *v);
+static int TS_ACCURACY_print_bio(BIO *bio, const TS_ACCURACY *accuracy);
+
+/* Function definitions. */
+
+int TS_RESP_print_bio(BIO *bio, TS_RESP *a)
+        {
+        TS_TST_INFO *tst_info;
+
+        BIO_printf(bio, "Status info:\n");
+        TS_STATUS_INFO_print_bio(bio, TS_RESP_get_status_info(a));
+
+        BIO_printf(bio, "\nTST info:\n");
+        tst_info = TS_RESP_get_tst_info(a);
+        if (tst_info != NULL)
+                TS_TST_INFO_print_bio(bio, TS_RESP_get_tst_info(a));
+        else
+                BIO_printf(bio, "Not included.\n");
+                
+        return 1;
+        }
+
+int TS_STATUS_INFO_print_bio(BIO *bio, TS_STATUS_INFO *a)
+        {
+        static const char *status_map[] =
+                {
+                "Granted.",
+                "Granted with modifications.",
+                "Rejected.",
+                "Waiting.",
+                "Revocation warning.",
+                "Revoked."
+                };
+        static struct status_map_st failure_map[] =
+                {
+                { TS_INFO_BAD_ALG,
+                "unrecognized or unsupported algorithm identifier" },
+                { TS_INFO_BAD_REQUEST,
+                "transaction not permitted or supported" },
+                { TS_INFO_BAD_DATA_FORMAT,
+                "the data submitted has the wrong format" },
+                { TS_INFO_TIME_NOT_AVAILABLE,
+                "the TSA's time source is not available" },
+                { TS_INFO_UNACCEPTED_POLICY,
+                "the requested TSA policy is not supported by the TSA" },
+                { TS_INFO_UNACCEPTED_EXTENSION,
+                "the requested extension is not supported by the TSA" },
+                { TS_INFO_ADD_INFO_NOT_AVAILABLE,
+                "the additional information requested could not be understood "
+                "or is not available" },
+                { TS_INFO_SYSTEM_FAILURE,
+                "the request cannot be handled due to system failure" },
+                { -1, NULL }
+                };
+        long status;
+        int i, lines = 0;
+
+        /* Printing status code. */
+        BIO_printf(bio, "Status: ");
+        status = ASN1_INTEGER_get(a->status);
+        if (0 <= status && status < (long)(sizeof(status_map)/sizeof(status_map[0])))
+                BIO_printf(bio, "%s\n", status_map[status]);
+        else
+                BIO_printf(bio, "out of bounds\n");
+        
+        /* Printing status description. */
+        BIO_printf(bio, "Status description: ");
+        for (i = 0; i < sk_ASN1_UTF8STRING_num(a->text); ++i)
+                {
+                if (i > 0)
+                        BIO_puts(bio, "\t");
+                ASN1_STRING_print_ex(bio, sk_ASN1_UTF8STRING_value(a->text, i),
+                                     0);
+                BIO_puts(bio, "\n");
+                }
+        if (i == 0)
+                BIO_printf(bio, "unspecified\n");
+
+        /* Printing failure information. */
+        BIO_printf(bio, "Failure info: ");
+        if (a->failure_info != NULL)
+                lines = TS_status_map_print(bio, failure_map,
+                                            a->failure_info);
+        if (lines == 0)
+                BIO_printf(bio, "unspecified");
+        BIO_printf(bio, "\n");
+
+        return 1;
+        }
+
+static int TS_status_map_print(BIO *bio, struct status_map_st *a,
+                               ASN1_BIT_STRING *v)
+        {
+        int lines = 0;
+
+        for (; a->bit >= 0; ++a)
+                {
+                if (ASN1_BIT_STRING_get_bit(v, a->bit))
+                        {
+                        if (++lines > 1)
+                                BIO_printf(bio, ", ");
+                        BIO_printf(bio, "%s", a->text);
+                        }
+                }
+
+        return lines;
+        }
+
+int TS_TST_INFO_print_bio(BIO *bio, TS_TST_INFO *a)
+        {
+        int v;
+        ASN1_OBJECT *policy_id;
+        const ASN1_INTEGER *serial;
+        const ASN1_GENERALIZEDTIME *gtime;
+        TS_ACCURACY *accuracy;
+        const ASN1_INTEGER *nonce;
+        GENERAL_NAME *tsa_name;
+
+        if (a == NULL) return 0;
+
+        /* Print version. */
+        v = TS_TST_INFO_get_version(a);
+        BIO_printf(bio, "Version: %d\n", v);
+
+        /* Print policy id. */
+        BIO_printf(bio, "Policy OID: ");
+        policy_id = TS_TST_INFO_get_policy_id(a);
+        TS_OBJ_print_bio(bio, policy_id);
+
+        /* Print message imprint. */
+        TS_MSG_IMPRINT_print_bio(bio, TS_TST_INFO_get_msg_imprint(a));
+
+        /* Print serial number. */
+        BIO_printf(bio, "Serial number: ");
+        serial = TS_TST_INFO_get_serial(a);
+        if (serial == NULL)
+                BIO_printf(bio, "unspecified");
+        else
+                TS_ASN1_INTEGER_print_bio(bio, serial);
+        BIO_write(bio, "\n", 1);
+
+        /* Print time stamp. */
+        BIO_printf(bio, "Time stamp: ");
+        gtime = TS_TST_INFO_get_time(a);
+        ASN1_GENERALIZEDTIME_print(bio, gtime);
+        BIO_write(bio, "\n", 1);
+
+        /* Print accuracy. */
+        BIO_printf(bio, "Accuracy: ");
+        accuracy = TS_TST_INFO_get_accuracy(a);
+        if (accuracy == NULL)
+                BIO_printf(bio, "unspecified");
+        else
+                TS_ACCURACY_print_bio(bio, accuracy);
+        BIO_write(bio, "\n", 1);
+
+        /* Print ordering. */
+        BIO_printf(bio, "Ordering: %s\n", 
+                   TS_TST_INFO_get_ordering(a) ? "yes" : "no");
+
+        /* Print nonce. */
+        BIO_printf(bio, "Nonce: ");
+        nonce = TS_TST_INFO_get_nonce(a);
+        if (nonce == NULL)
+                BIO_printf(bio, "unspecified");
+        else
+                TS_ASN1_INTEGER_print_bio(bio, nonce);
+        BIO_write(bio, "\n", 1);
+
+        /* Print TSA name. */
+        BIO_printf(bio, "TSA: ");
+        tsa_name = TS_TST_INFO_get_tsa(a);
+        if (tsa_name == NULL)
+                BIO_printf(bio, "unspecified");
+        else
+                {
+                STACK_OF(CONF_VALUE) *nval;
+                if ((nval = i2v_GENERAL_NAME(NULL, tsa_name, NULL)))
+                        X509V3_EXT_val_prn(bio, nval, 0, 0);
+                sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
+                }
+        BIO_write(bio, "\n", 1);
+
+        /* Print extensions. */
+        TS_ext_print_bio(bio, TS_TST_INFO_get_exts(a));
+
+        return 1;
+        }
+
+static int TS_ACCURACY_print_bio(BIO *bio, const TS_ACCURACY *accuracy)
+        {
+        const ASN1_INTEGER *seconds = TS_ACCURACY_get_seconds(accuracy);
+        const ASN1_INTEGER *millis = TS_ACCURACY_get_millis(accuracy);
+        const ASN1_INTEGER *micros = TS_ACCURACY_get_micros(accuracy);
+
+        if (seconds != NULL)
+                TS_ASN1_INTEGER_print_bio(bio, seconds);
+        else
+                BIO_printf(bio, "unspecified");
+        BIO_printf(bio, " seconds, ");
+        if (millis != NULL)
+                TS_ASN1_INTEGER_print_bio(bio, millis);
+        else
+                BIO_printf(bio, "unspecified");
+        BIO_printf(bio, " millis, ");
+        if (micros != NULL)
+                TS_ASN1_INTEGER_print_bio(bio, micros);
+        else
+                BIO_printf(bio, "unspecified");
+        BIO_printf(bio, " micros");
+
+        return 1;
+        }
diff --git a/src/lib/libcrypto/ts/ts_rsp_sign.c b/src/lib/libcrypto/ts/ts_rsp_sign.c
new file mode 100644
index 0000000000..b0f023c9d2
--- /dev/null
+++ b/src/lib/libcrypto/ts/ts_rsp_sign.c
@@ -0,0 +1,1020 @@
+/* crypto/ts/ts_resp_sign.c */
+/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
+ * project 2002.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include "cryptlib.h"
+
+#if defined(OPENSSL_SYS_UNIX)
+#include <sys/time.h>
+#endif
+
+#include <openssl/objects.h>
+#include <openssl/ts.h>
+#include <openssl/pkcs7.h>
+
+/* Private function declarations. */
+
+static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *, void *);
+static int def_time_cb(struct TS_resp_ctx *, void *, long *sec, long *usec);
+static int def_extension_cb(struct TS_resp_ctx *, X509_EXTENSION *, void *);
+
+static void TS_RESP_CTX_init(TS_RESP_CTX *ctx);
+static void TS_RESP_CTX_cleanup(TS_RESP_CTX *ctx);
+static int TS_RESP_check_request(TS_RESP_CTX *ctx);
+static ASN1_OBJECT *TS_RESP_get_policy(TS_RESP_CTX *ctx);
+static TS_TST_INFO *TS_RESP_create_tst_info(TS_RESP_CTX *ctx, 
+                                            ASN1_OBJECT *policy);
+static int TS_RESP_process_extensions(TS_RESP_CTX *ctx);
+static int TS_RESP_sign(TS_RESP_CTX *ctx);
+
+static ESS_SIGNING_CERT *ESS_SIGNING_CERT_new_init(X509 *signcert, 
+                                                   STACK_OF(X509) *certs);
+static ESS_CERT_ID *ESS_CERT_ID_new_init(X509 *cert, int issuer_needed);
+static int TS_TST_INFO_content_new(PKCS7 *p7);
+static int ESS_add_signing_cert(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc);
+
+static ASN1_GENERALIZEDTIME *TS_RESP_set_genTime_with_precision(
+        ASN1_GENERALIZEDTIME *, long, long, unsigned);
+
+/* Default callbacks for response generation. */
+
+static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *ctx, void *data)
+        {
+        ASN1_INTEGER *serial = ASN1_INTEGER_new();
+        if (!serial) goto err;
+        if (!ASN1_INTEGER_set(serial, 1)) goto err;
+        return serial;
+ err:
+        TSerr(TS_F_DEF_SERIAL_CB, ERR_R_MALLOC_FAILURE);
+        TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
+                                    "Error during serial number generation.");
+        return NULL;
+        }
+
+#if defined(OPENSSL_SYS_UNIX)
+
+/* Use the gettimeofday function call. */
+static int def_time_cb(struct TS_resp_ctx *ctx, void *data, 
+                       long *sec, long *usec)
+        {
+        struct timeval tv;
+        if (gettimeofday(&tv, NULL) != 0) 
+                {
+                TSerr(TS_F_DEF_TIME_CB, TS_R_TIME_SYSCALL_ERROR);
+                TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
+                                            "Time is not available.");
+                TS_RESP_CTX_add_failure_info(ctx, TS_INFO_TIME_NOT_AVAILABLE);
+                return 0;
+                }
+        /* Return time to caller. */
+        *sec = tv.tv_sec;
+        *usec = tv.tv_usec;
+
+        return 1;
+        }
+
+#else
+
+/* Use the time function call that provides only seconds precision. */
+static int def_time_cb(struct TS_resp_ctx *ctx, void *data, 
+                       long *sec, long *usec)
+        {
+        time_t t;
+        if (time(&t) == (time_t) -1)
+                {
+                TSerr(TS_F_DEF_TIME_CB, TS_R_TIME_SYSCALL_ERROR);
+                TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
+                                            "Time is not available.");
+                TS_RESP_CTX_add_failure_info(ctx, TS_INFO_TIME_NOT_AVAILABLE);
+                return 0;
+                }
+        /* Return time to caller, only second precision. */
+        *sec = (long) t;
+        *usec = 0;
+
+        return 1;
+        }
+
+#endif
+
+static int def_extension_cb(struct TS_resp_ctx *ctx, X509_EXTENSION *ext,
+                            void *data)
+        {
+        /* No extensions are processed here. */
+        TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
+                                    "Unsupported extension.");
+        TS_RESP_CTX_add_failure_info(ctx, TS_INFO_UNACCEPTED_EXTENSION);
+        return 0;
+        }
+
+/* TS_RESP_CTX management functions. */
+
+TS_RESP_CTX *TS_RESP_CTX_new()
+        {
+        TS_RESP_CTX *ctx;
+
+        if (!(ctx = (TS_RESP_CTX *) OPENSSL_malloc(sizeof(TS_RESP_CTX))))
+                {
+                TSerr(TS_F_TS_RESP_CTX_NEW, ERR_R_MALLOC_FAILURE);
+                return NULL;
+                }
+        memset(ctx, 0, sizeof(TS_RESP_CTX));
+
+        /* Setting default callbacks. */
+        ctx->serial_cb = def_serial_cb;
+        ctx->time_cb = def_time_cb;
+        ctx->extension_cb = def_extension_cb;
+
+        return ctx;
+        }
+
+void TS_RESP_CTX_free(TS_RESP_CTX *ctx)
+        {
+        if (!ctx) return;
+
+        X509_free(ctx->signer_cert);
+        EVP_PKEY_free(ctx->signer_key);
+        sk_X509_pop_free(ctx->certs, X509_free);
+        sk_ASN1_OBJECT_pop_free(ctx->policies, ASN1_OBJECT_free);
+        ASN1_OBJECT_free(ctx->default_policy);
+        sk_EVP_MD_free(ctx->mds);       /* No EVP_MD_free method exists. */
+        ASN1_INTEGER_free(ctx->seconds);
+        ASN1_INTEGER_free(ctx->millis);
+        ASN1_INTEGER_free(ctx->micros);
+        OPENSSL_free(ctx);
+        }
+
+int TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer)
+        {
+        if (X509_check_purpose(signer, X509_PURPOSE_TIMESTAMP_SIGN, 0) != 1)
+                {
+                TSerr(TS_F_TS_RESP_CTX_SET_SIGNER_CERT, 
+                      TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE);
+                return 0;
+                }
+        if (ctx->signer_cert) X509_free(ctx->signer_cert);
+        ctx->signer_cert = signer;
+        CRYPTO_add(&ctx->signer_cert->references, +1, CRYPTO_LOCK_X509);
+        return 1;
+        }
+
+int TS_RESP_CTX_set_signer_key(TS_RESP_CTX *ctx, EVP_PKEY *key)
+        {
+        if (ctx->signer_key) EVP_PKEY_free(ctx->signer_key);
+        ctx->signer_key = key;
+        CRYPTO_add(&ctx->signer_key->references, +1, CRYPTO_LOCK_EVP_PKEY);
+
+        return 1;
+        }
+
+int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *def_policy)
+        {
+        if (ctx->default_policy) ASN1_OBJECT_free(ctx->default_policy);
+        if (!(ctx->default_policy = OBJ_dup(def_policy))) goto err;
+        return 1;
+ err:
+        TSerr(TS_F_TS_RESP_CTX_SET_DEF_POLICY, ERR_R_MALLOC_FAILURE);
+        return 0;
+        }
+
+int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs)
+        {
+        int i;
+
+        if (ctx->certs)
+                {
+                sk_X509_pop_free(ctx->certs, X509_free);
+                ctx->certs = NULL;
+                }
+        if (!certs) return 1;
+        if (!(ctx->certs = sk_X509_dup(certs))) 
+                {
+                TSerr(TS_F_TS_RESP_CTX_SET_CERTS, ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        for (i = 0; i < sk_X509_num(ctx->certs); ++i)
+                {
+                X509 *cert = sk_X509_value(ctx->certs, i);
+                CRYPTO_add(&cert->references, +1, CRYPTO_LOCK_X509);
+                }
+
+        return 1;
+        }
+
+int TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *policy)
+        {
+        ASN1_OBJECT *copy = NULL;
+
+        /* Create new policy stack if necessary. */
+        if (!ctx->policies && !(ctx->policies = sk_ASN1_OBJECT_new_null())) 
+                goto err;
+        if (!(copy = OBJ_dup(policy))) goto err;
+        if (!sk_ASN1_OBJECT_push(ctx->policies, copy)) goto err;
+
+        return 1;
+ err:
+        TSerr(TS_F_TS_RESP_CTX_ADD_POLICY, ERR_R_MALLOC_FAILURE);
+        ASN1_OBJECT_free(copy);
+        return 0;
+        }
+
+int TS_RESP_CTX_add_md(TS_RESP_CTX *ctx, const EVP_MD *md)
+        {
+        /* Create new md stack if necessary. */
+        if (!ctx->mds && !(ctx->mds = sk_EVP_MD_new_null())) 
+                goto err;
+        /* Add the shared md, no copy needed. */
+        if (!sk_EVP_MD_push(ctx->mds, (EVP_MD *)md)) goto err;
+
+        return 1;
+ err:
+        TSerr(TS_F_TS_RESP_CTX_ADD_MD, ERR_R_MALLOC_FAILURE);
+        return 0;
+        }
+
+#define TS_RESP_CTX_accuracy_free(ctx)          \
+        ASN1_INTEGER_free(ctx->seconds);        \
+        ctx->seconds = NULL;                    \
+        ASN1_INTEGER_free(ctx->millis);         \
+        ctx->millis = NULL;                     \
+        ASN1_INTEGER_free(ctx->micros);         \
+        ctx->micros = NULL;
+
+int TS_RESP_CTX_set_accuracy(TS_RESP_CTX *ctx, 
+                             int secs, int millis, int micros)
+        {
+
+        TS_RESP_CTX_accuracy_free(ctx);
+        if (secs && (!(ctx->seconds = ASN1_INTEGER_new())
+                     || !ASN1_INTEGER_set(ctx->seconds, secs)))
+                goto err;
+        if (millis && (!(ctx->millis = ASN1_INTEGER_new())
+                       || !ASN1_INTEGER_set(ctx->millis, millis)))
+                goto err;
+        if (micros && (!(ctx->micros = ASN1_INTEGER_new())
+                       || !ASN1_INTEGER_set(ctx->micros, micros)))
+                goto err;
+
+        return 1;
+ err:
+        TS_RESP_CTX_accuracy_free(ctx);
+        TSerr(TS_F_TS_RESP_CTX_SET_ACCURACY, ERR_R_MALLOC_FAILURE);
+        return 0;
+        }
+
+void TS_RESP_CTX_add_flags(TS_RESP_CTX *ctx, int flags)
+        {
+        ctx->flags |= flags;
+        }
+
+void TS_RESP_CTX_set_serial_cb(TS_RESP_CTX *ctx, TS_serial_cb cb, void *data)
+        {
+        ctx->serial_cb = cb;
+        ctx->serial_cb_data = data;
+        }
+
+void TS_RESP_CTX_set_time_cb(TS_RESP_CTX *ctx, TS_time_cb cb, void *data)
+        {
+        ctx->time_cb = cb;
+        ctx->time_cb_data = data;
+        }
+
+void TS_RESP_CTX_set_extension_cb(TS_RESP_CTX *ctx, 
+                                  TS_extension_cb cb, void *data)
+        {
+        ctx->extension_cb = cb;
+        ctx->extension_cb_data = data;
+        }
+
+int TS_RESP_CTX_set_status_info(TS_RESP_CTX *ctx, 
+                                int status, const char *text)
+        {
+        TS_STATUS_INFO *si = NULL;
+        ASN1_UTF8STRING *utf8_text = NULL;
+        int ret = 0;
+
+        if (!(si = TS_STATUS_INFO_new())) goto err;
+        if (!ASN1_INTEGER_set(si->status, status)) goto err;
+        if (text)
+                {
+                if (!(utf8_text = ASN1_UTF8STRING_new())
+                    || !ASN1_STRING_set(utf8_text, text, strlen(text)))
+                        goto err;
+                if (!si->text && !(si->text = sk_ASN1_UTF8STRING_new_null()))
+                        goto err;
+                if (!sk_ASN1_UTF8STRING_push(si->text, utf8_text)) goto err;
+                utf8_text = NULL;       /* Ownership is lost. */
+                }
+        if (!TS_RESP_set_status_info(ctx->response, si)) goto err;
+        ret = 1;
+ err:
+        if (!ret)
+                TSerr(TS_F_TS_RESP_CTX_SET_STATUS_INFO, ERR_R_MALLOC_FAILURE);
+        TS_STATUS_INFO_free(si);
+        ASN1_UTF8STRING_free(utf8_text);
+        return ret;
+        }
+
+int TS_RESP_CTX_set_status_info_cond(TS_RESP_CTX *ctx, 
+                                     int status, const char *text)
+        {
+        int ret = 1;
+        TS_STATUS_INFO *si = TS_RESP_get_status_info(ctx->response);
+
+        if (ASN1_INTEGER_get(si->status) == TS_STATUS_GRANTED)
+                {
+                /* Status has not been set, set it now. */
+                ret = TS_RESP_CTX_set_status_info(ctx, status, text);
+                }
+        return ret;
+        }
+
+int TS_RESP_CTX_add_failure_info(TS_RESP_CTX *ctx, int failure)
+        {
+        TS_STATUS_INFO *si = TS_RESP_get_status_info(ctx->response);
+        if (!si->failure_info && !(si->failure_info = ASN1_BIT_STRING_new()))
+                goto err;
+        if (!ASN1_BIT_STRING_set_bit(si->failure_info, failure, 1))
+                goto err;
+        return 1;
+ err:
+        TSerr(TS_F_TS_RESP_CTX_ADD_FAILURE_INFO, ERR_R_MALLOC_FAILURE);
+        return 0;
+        }
+
+TS_REQ *TS_RESP_CTX_get_request(TS_RESP_CTX *ctx)
+        {
+        return ctx->request;
+        }
+
+TS_TST_INFO *TS_RESP_CTX_get_tst_info(TS_RESP_CTX *ctx)
+        {
+        return ctx->tst_info;
+        }
+
+int TS_RESP_CTX_set_clock_precision_digits(TS_RESP_CTX *ctx, unsigned precision)
+       {
+       if (precision > TS_MAX_CLOCK_PRECISION_DIGITS)
+               return 0;
+       ctx->clock_precision_digits = precision;
+       return 1;
+       }
+
+/* Main entry method of the response generation. */
+TS_RESP *TS_RESP_create_response(TS_RESP_CTX *ctx, BIO *req_bio)
+        {
+        ASN1_OBJECT *policy;
+        TS_RESP *response;
+        int result = 0;
+
+        TS_RESP_CTX_init(ctx);
+
+        /* Creating the response object. */
+        if (!(ctx->response = TS_RESP_new())) 
+                {
+                TSerr(TS_F_TS_RESP_CREATE_RESPONSE, ERR_R_MALLOC_FAILURE);
+                goto end;
+                }
+
+        /* Parsing DER request. */
+        if (!(ctx->request = d2i_TS_REQ_bio(req_bio, NULL)))
+                {
+                TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
+                                            "Bad request format or "
+                                            "system error.");
+                TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_DATA_FORMAT);
+                goto end;
+                }
+
+        /* Setting default status info. */
+        if (!TS_RESP_CTX_set_status_info(ctx, TS_STATUS_GRANTED, NULL))
+                goto end;
+
+        /* Checking the request format. */
+        if (!TS_RESP_check_request(ctx)) goto end;
+
+        /* Checking acceptable policies. */
+        if (!(policy = TS_RESP_get_policy(ctx))) goto end;
+
+        /* Creating the TS_TST_INFO object. */
+        if (!(ctx->tst_info = TS_RESP_create_tst_info(ctx, policy)))
+                goto end;
+
+        /* Processing extensions. */
+        if (!TS_RESP_process_extensions(ctx)) goto end;
+
+        /* Generating the signature. */
+        if (!TS_RESP_sign(ctx)) goto end;
+
+        /* Everything was successful. */
+        result = 1;
+ end:
+        if (!result)
+                {
+                TSerr(TS_F_TS_RESP_CREATE_RESPONSE, TS_R_RESPONSE_SETUP_ERROR);
+                if (ctx->response != NULL)
+                        {
+                        if (TS_RESP_CTX_set_status_info_cond(ctx,
+                                TS_STATUS_REJECTION, "Error during response "
+                                "generation.") == 0)
+                                {
+                                TS_RESP_free(ctx->response);
+                                ctx->response = NULL;
+                                }
+                        }
+                }
+        response = ctx->response;
+        ctx->response = NULL;   /* Ownership will be returned to caller. */
+        TS_RESP_CTX_cleanup(ctx);
+        return response;
+        }
+
+/* Initializes the variable part of the context. */
+static void TS_RESP_CTX_init(TS_RESP_CTX *ctx)
+        {
+        ctx->request = NULL;
+        ctx->response = NULL;
+        ctx->tst_info = NULL;
+        }
+
+/* Cleans up the variable part of the context. */
+static void TS_RESP_CTX_cleanup(TS_RESP_CTX *ctx)
+        {
+        TS_REQ_free(ctx->request);
+        ctx->request = NULL;
+        TS_RESP_free(ctx->response);
+        ctx->response = NULL;
+        TS_TST_INFO_free(ctx->tst_info);
+        ctx->tst_info = NULL;
+        }
+
+/* Checks the format and content of the request. */
+static int TS_RESP_check_request(TS_RESP_CTX *ctx)
+        {
+        TS_REQ *request = ctx->request;
+        TS_MSG_IMPRINT *msg_imprint;
+        X509_ALGOR *md_alg;
+        int md_alg_id;
+        const ASN1_OCTET_STRING *digest;
+        EVP_MD *md = NULL;
+        int i;
+
+        /* Checking request version. */
+        if (TS_REQ_get_version(request) != 1)
+                {
+                TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
+                                            "Bad request version.");
+                TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_REQUEST);
+                return 0;
+                }
+
+        /* Checking message digest algorithm. */
+        msg_imprint = TS_REQ_get_msg_imprint(request);
+        md_alg = TS_MSG_IMPRINT_get_algo(msg_imprint);
+        md_alg_id = OBJ_obj2nid(md_alg->algorithm);
+        for (i = 0; !md && i < sk_EVP_MD_num(ctx->mds); ++i)
+                {
+                EVP_MD *current_md = sk_EVP_MD_value(ctx->mds, i);
+                if (md_alg_id == EVP_MD_type(current_md))
+                        md = current_md;
+                }
+        if (!md)
+                {
+                TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
+                                            "Message digest algorithm is "
+                                            "not supported.");
+                TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_ALG);
+                return 0;
+                }
+
+        /* No message digest takes parameter. */
+        if (md_alg->parameter 
+            && ASN1_TYPE_get(md_alg->parameter) != V_ASN1_NULL)
+                {
+                TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
+                                            "Superfluous message digest "
+                                            "parameter.");
+                TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_ALG);
+                return 0;
+                }
+        /* Checking message digest size. */
+        digest = TS_MSG_IMPRINT_get_msg(msg_imprint);
+        if (digest->length != EVP_MD_size(md))
+                {
+                TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
+                                            "Bad message digest.");
+                TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_DATA_FORMAT);
+                return 0;
+                }
+
+        return 1;
+        }
+
+/* Returns the TSA policy based on the requested and acceptable policies. */
+static ASN1_OBJECT *TS_RESP_get_policy(TS_RESP_CTX *ctx)
+        {
+        ASN1_OBJECT *requested = TS_REQ_get_policy_id(ctx->request);
+        ASN1_OBJECT *policy = NULL;
+        int i;
+
+        if (ctx->default_policy == NULL)
+                {
+                TSerr(TS_F_TS_RESP_GET_POLICY, TS_R_INVALID_NULL_POINTER);
+                return NULL;
+                }
+        /* Return the default policy if none is requested or the default is
+           requested. */
+        if (!requested || !OBJ_cmp(requested, ctx->default_policy))
+                policy = ctx->default_policy;
+
+        /* Check if the policy is acceptable. */
+        for (i = 0; !policy && i < sk_ASN1_OBJECT_num(ctx->policies); ++i)
+                {
+                ASN1_OBJECT *current = sk_ASN1_OBJECT_value(ctx->policies, i);
+                if (!OBJ_cmp(requested, current))
+                        policy = current;
+                }
+        if (!policy)
+                {
+                TSerr(TS_F_TS_RESP_GET_POLICY, TS_R_UNACCEPTABLE_POLICY);
+                TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
+                                            "Requested policy is not "
+                                            "supported.");
+                TS_RESP_CTX_add_failure_info(ctx, TS_INFO_UNACCEPTED_POLICY);
+                }
+        return policy;
+        }
+
+/* Creates the TS_TST_INFO object based on the settings of the context. */
+static TS_TST_INFO *TS_RESP_create_tst_info(TS_RESP_CTX *ctx,
+                                            ASN1_OBJECT *policy)
+        {
+        int result = 0;
+        TS_TST_INFO *tst_info = NULL;
+        ASN1_INTEGER *serial = NULL;
+        ASN1_GENERALIZEDTIME *asn1_time = NULL;
+        long sec, usec;
+        TS_ACCURACY *accuracy = NULL;
+        const ASN1_INTEGER *nonce;
+        GENERAL_NAME *tsa_name = NULL;
+
+        if (!(tst_info = TS_TST_INFO_new())) goto end;
+        if (!TS_TST_INFO_set_version(tst_info, 1)) goto end;
+        if (!TS_TST_INFO_set_policy_id(tst_info, policy)) goto end;
+        if (!TS_TST_INFO_set_msg_imprint(tst_info, ctx->request->msg_imprint))
+                goto end;
+        if (!(serial = (*ctx->serial_cb)(ctx, ctx->serial_cb_data))
+            || !TS_TST_INFO_set_serial(tst_info, serial))
+                goto end;
+        if (!(*ctx->time_cb)(ctx, ctx->time_cb_data, &sec, &usec)
+            || !(asn1_time = TS_RESP_set_genTime_with_precision(NULL, 
+                                        sec, usec, 
+                                        ctx->clock_precision_digits))
+            || !TS_TST_INFO_set_time(tst_info, asn1_time))
+                goto end;
+
+        /* Setting accuracy if needed. */
+        if ((ctx->seconds || ctx->millis || ctx->micros) 
+            && !(accuracy = TS_ACCURACY_new()))
+                goto end;
+
+        if (ctx->seconds && !TS_ACCURACY_set_seconds(accuracy, ctx->seconds))
+                goto end;
+        if (ctx->millis && !TS_ACCURACY_set_millis(accuracy, ctx->millis))
+                goto end;
+        if (ctx->micros && !TS_ACCURACY_set_micros(accuracy, ctx->micros))
+                goto end;
+        if (accuracy && !TS_TST_INFO_set_accuracy(tst_info, accuracy)) 
+                goto end;
+
+        /* Setting ordering. */
+        if ((ctx->flags & TS_ORDERING) 
+            && !TS_TST_INFO_set_ordering(tst_info, 1))
+                goto end;
+        
+        /* Setting nonce if needed. */
+        if ((nonce = TS_REQ_get_nonce(ctx->request)) != NULL
+            && !TS_TST_INFO_set_nonce(tst_info, nonce))
+                goto end;
+
+        /* Setting TSA name to subject of signer certificate. */
+        if (ctx->flags & TS_TSA_NAME)
+                {
+                if (!(tsa_name = GENERAL_NAME_new())) goto end;
+                tsa_name->type = GEN_DIRNAME;
+                tsa_name->d.dirn = 
+                        X509_NAME_dup(ctx->signer_cert->cert_info->subject);
+                if (!tsa_name->d.dirn) goto end;
+                if (!TS_TST_INFO_set_tsa(tst_info, tsa_name)) goto end;
+                }
+
+        result = 1;
+ end:
+        if (!result)
+                {
+                TS_TST_INFO_free(tst_info);
+                tst_info = NULL;
+                TSerr(TS_F_TS_RESP_CREATE_TST_INFO, TS_R_TST_INFO_SETUP_ERROR);
+                TS_RESP_CTX_set_status_info_cond(ctx, TS_STATUS_REJECTION,
+                                                 "Error during TSTInfo "
+                                                 "generation.");
+                }
+        GENERAL_NAME_free(tsa_name);
+        TS_ACCURACY_free(accuracy);
+        ASN1_GENERALIZEDTIME_free(asn1_time);
+        ASN1_INTEGER_free(serial);
+        
+        return tst_info;
+        }
+
+/* Processing the extensions of the request. */
+static int TS_RESP_process_extensions(TS_RESP_CTX *ctx)
+        {
+        STACK_OF(X509_EXTENSION) *exts = TS_REQ_get_exts(ctx->request);
+        int i;
+        int ok = 1;
+
+        for (i = 0; ok && i < sk_X509_EXTENSION_num(exts); ++i)
+                {
+                X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i);
+                /* XXXXX The last argument was previously
+                   (void *)ctx->extension_cb, but ISO C doesn't permit
+                   converting a function pointer to void *.  For lack of
+                   better information, I'm placing a NULL there instead.
+                   The callback can pick its own address out from the ctx
+                   anyway...
+                */
+                ok = (*ctx->extension_cb)(ctx, ext, NULL);
+                }
+
+        return ok;
+        }
+
+/* Functions for signing the TS_TST_INFO structure of the context. */
+static int TS_RESP_sign(TS_RESP_CTX *ctx)
+        {
+        int ret = 0;
+        PKCS7 *p7 = NULL;
+        PKCS7_SIGNER_INFO *si;
+        STACK_OF(X509) *certs;  /* Certificates to include in sc. */
+        ESS_SIGNING_CERT *sc = NULL;
+        ASN1_OBJECT *oid;
+        BIO *p7bio = NULL;
+        int i;
+
+        /* Check if signcert and pkey match. */
+        if (!X509_check_private_key(ctx->signer_cert, ctx->signer_key)) {
+                TSerr(TS_F_TS_RESP_SIGN, 
+                      TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+                goto err;
+        }
+
+        /* Create a new PKCS7 signed object. */
+        if (!(p7 = PKCS7_new())) {
+                TSerr(TS_F_TS_RESP_SIGN, ERR_R_MALLOC_FAILURE);
+                goto err;
+        }
+        if (!PKCS7_set_type(p7, NID_pkcs7_signed)) goto err;
+
+        /* Force SignedData version to be 3 instead of the default 1. */
+        if (!ASN1_INTEGER_set(p7->d.sign->version, 3)) goto err;
+
+        /* Add signer certificate and optional certificate chain. */
+        if (TS_REQ_get_cert_req(ctx->request))
+                {
+                PKCS7_add_certificate(p7, ctx->signer_cert);
+                if (ctx->certs)
+                        {
+                        for(i = 0; i < sk_X509_num(ctx->certs); ++i) 
+                                {
+                                X509 *cert = sk_X509_value(ctx->certs, i);
+                                PKCS7_add_certificate(p7, cert);
+                                }
+                        }
+                }
+
+        /* Add a new signer info. */
+        if (!(si = PKCS7_add_signature(p7, ctx->signer_cert, 
+                                       ctx->signer_key, EVP_sha1())))
+                {
+                TSerr(TS_F_TS_RESP_SIGN, TS_R_PKCS7_ADD_SIGNATURE_ERROR);
+                goto err;
+                }
+
+        /* Add content type signed attribute to the signer info. */
+        oid = OBJ_nid2obj(NID_id_smime_ct_TSTInfo);
+        if (!PKCS7_add_signed_attribute(si, NID_pkcs9_contentType,
+                                        V_ASN1_OBJECT, oid))
+                {
+                TSerr(TS_F_TS_RESP_SIGN, TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR);
+                goto err;
+                }
+
+        /* Create the ESS SigningCertificate attribute which contains 
+           the signer certificate id and optionally the certificate chain. */
+        certs = ctx->flags & TS_ESS_CERT_ID_CHAIN ? ctx->certs : NULL;
+        if (!(sc = ESS_SIGNING_CERT_new_init(ctx->signer_cert, certs)))
+                goto err;
+
+        /* Add SigningCertificate signed attribute to the signer info. */
+        if (!ESS_add_signing_cert(si, sc))
+                {
+                TSerr(TS_F_TS_RESP_SIGN, TS_R_ESS_ADD_SIGNING_CERT_ERROR);
+                goto err;
+                }       
+
+        /* Add a new empty NID_id_smime_ct_TSTInfo encapsulated content. */
+        if (!TS_TST_INFO_content_new(p7)) goto err;
+
+        /* Add the DER encoded tst_info to the PKCS7 structure. */
+        if (!(p7bio = PKCS7_dataInit(p7, NULL))) {
+                TSerr(TS_F_TS_RESP_SIGN, ERR_R_MALLOC_FAILURE);
+                goto err;
+        }
+
+        /* Convert tst_info to DER. */
+        if (!i2d_TS_TST_INFO_bio(p7bio, ctx->tst_info))
+                {
+                TSerr(TS_F_TS_RESP_SIGN, TS_R_TS_DATASIGN);
+                goto err;
+                }
+
+        /* Create the signature and add it to the signer info. */
+        if (!PKCS7_dataFinal(p7, p7bio))
+                {
+                TSerr(TS_F_TS_RESP_SIGN, TS_R_TS_DATASIGN);
+                goto err;
+                }
+
+        /* Set new PKCS7 and TST_INFO objects. */
+        TS_RESP_set_tst_info(ctx->response, p7, ctx->tst_info);
+        p7 = NULL;              /* Ownership is lost. */
+        ctx->tst_info = NULL;   /* Ownership is lost. */
+
+        ret = 1;
+ err:
+        if (!ret)
+                TS_RESP_CTX_set_status_info_cond(ctx, TS_STATUS_REJECTION,
+                                                 "Error during signature "
+                                                 "generation.");
+        BIO_free_all(p7bio);
+        ESS_SIGNING_CERT_free(sc);
+        PKCS7_free(p7);
+        return ret;
+        }
+
+static ESS_SIGNING_CERT *ESS_SIGNING_CERT_new_init(X509 *signcert, 
+                                                   STACK_OF(X509) *certs)
+        {
+        ESS_CERT_ID *cid;
+        ESS_SIGNING_CERT *sc = NULL;
+        int i;
+
+        /* Creating the ESS_CERT_ID stack. */
+        if (!(sc = ESS_SIGNING_CERT_new())) goto err;
+        if (!sc->cert_ids && !(sc->cert_ids = sk_ESS_CERT_ID_new_null()))
+                goto err;
+
+        /* Adding the signing certificate id. */
+        if (!(cid = ESS_CERT_ID_new_init(signcert, 0))
+            || !sk_ESS_CERT_ID_push(sc->cert_ids, cid))
+                goto err;
+        /* Adding the certificate chain ids. */
+        for (i = 0; i < sk_X509_num(certs); ++i)
+                {
+                X509 *cert = sk_X509_value(certs, i);
+                if (!(cid = ESS_CERT_ID_new_init(cert, 1))
+                    || !sk_ESS_CERT_ID_push(sc->cert_ids, cid))
+                        goto err;
+                }
+
+        return sc;
+err:
+        ESS_SIGNING_CERT_free(sc);
+        TSerr(TS_F_ESS_SIGNING_CERT_NEW_INIT, ERR_R_MALLOC_FAILURE);
+        return NULL;
+        }
+
+static ESS_CERT_ID *ESS_CERT_ID_new_init(X509 *cert, int issuer_needed)
+        {
+        ESS_CERT_ID *cid = NULL;
+        GENERAL_NAME *name = NULL;
+        
+        /* Recompute SHA1 hash of certificate if necessary (side effect). */
+        X509_check_purpose(cert, -1, 0);
+
+        if (!(cid = ESS_CERT_ID_new())) goto err;
+        if (!ASN1_OCTET_STRING_set(cid->hash, cert->sha1_hash,
+                                   sizeof(cert->sha1_hash)))
+                goto err;
+
+        /* Setting the issuer/serial if requested. */
+        if (issuer_needed)
+                {
+                /* Creating issuer/serial structure. */
+                if (!cid->issuer_serial
+                    && !(cid->issuer_serial = ESS_ISSUER_SERIAL_new()))
+                        goto err;
+                /* Creating general name from the certificate issuer. */
+                if (!(name = GENERAL_NAME_new())) goto err;
+                name->type = GEN_DIRNAME;
+                if (!(name->d.dirn = X509_NAME_dup(cert->cert_info->issuer))) 
+                        goto err;
+                if (!sk_GENERAL_NAME_push(cid->issuer_serial->issuer, name)) 
+                        goto err;
+                name = NULL;    /* Ownership is lost. */
+                /* Setting the serial number. */
+                ASN1_INTEGER_free(cid->issuer_serial->serial);
+                if (!(cid->issuer_serial->serial = 
+                      ASN1_INTEGER_dup(cert->cert_info->serialNumber)))
+                        goto err;
+                }
+
+        return cid;
+err:
+        GENERAL_NAME_free(name);
+        ESS_CERT_ID_free(cid);
+        TSerr(TS_F_ESS_CERT_ID_NEW_INIT, ERR_R_MALLOC_FAILURE);
+        return NULL;
+        }
+
+static int TS_TST_INFO_content_new(PKCS7 *p7)
+        {
+        PKCS7 *ret = NULL;
+        ASN1_OCTET_STRING *octet_string = NULL;
+
+        /* Create new encapsulated NID_id_smime_ct_TSTInfo content. */
+        if (!(ret = PKCS7_new())) goto err;
+        if (!(ret->d.other = ASN1_TYPE_new())) goto err;
+        ret->type = OBJ_nid2obj(NID_id_smime_ct_TSTInfo);
+        if (!(octet_string = ASN1_OCTET_STRING_new())) goto err;
+        ASN1_TYPE_set(ret->d.other, V_ASN1_OCTET_STRING, octet_string);
+        octet_string = NULL;
+
+        /* Add encapsulated content to signed PKCS7 structure. */
+        if (!PKCS7_set_content(p7, ret)) goto err;
+
+        return 1;
+ err:
+        ASN1_OCTET_STRING_free(octet_string);
+        PKCS7_free(ret);
+        return 0;
+        }
+
+static int ESS_add_signing_cert(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc)
+        {
+        ASN1_STRING *seq = NULL;
+        unsigned char *p, *pp = NULL;
+        int len;
+
+        len = i2d_ESS_SIGNING_CERT(sc, NULL);
+        if (!(pp = (unsigned char *) OPENSSL_malloc(len)))
+                {
+                TSerr(TS_F_ESS_ADD_SIGNING_CERT, ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        p = pp;
+        i2d_ESS_SIGNING_CERT(sc, &p);
+        if (!(seq = ASN1_STRING_new()) || !ASN1_STRING_set(seq, pp, len))
+                {
+                TSerr(TS_F_ESS_ADD_SIGNING_CERT, ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        OPENSSL_free(pp); pp = NULL;
+        return PKCS7_add_signed_attribute(si, 
+                                          NID_id_smime_aa_signingCertificate,
+                                          V_ASN1_SEQUENCE, seq);
+ err:
+        ASN1_STRING_free(seq);
+        OPENSSL_free(pp);
+
+        return 0;
+        }
+
+
+static ASN1_GENERALIZEDTIME *
+TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time, 
+                                   long sec, long usec, unsigned precision)
+        {
+        time_t time_sec = (time_t) sec;
+        struct tm *tm = NULL;   
+        char genTime_str[17 + TS_MAX_CLOCK_PRECISION_DIGITS];
+        char *p = genTime_str;
+        char *p_end = genTime_str + sizeof(genTime_str);
+
+        if (precision > TS_MAX_CLOCK_PRECISION_DIGITS)
+                goto err;
+
+        
+        if (!(tm = gmtime(&time_sec)))
+                goto err;
+
+        /* 
+         * Put "genTime_str" in GeneralizedTime format.  We work around the 
+         * restrictions imposed by rfc3280 (i.e. "GeneralizedTime values MUST 
+         * NOT include fractional seconds") and OpenSSL related functions to 
+         * meet the rfc3161 requirement: "GeneralizedTime syntax can include 
+         * fraction-of-second details". 
+         */                   
+        p += BIO_snprintf(p, p_end - p,
+                          "%04d%02d%02d%02d%02d%02d",
+                          tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday, 
+                          tm->tm_hour, tm->tm_min, tm->tm_sec);
+        if (precision > 0)
+        {
+                /* Add fraction of seconds (leave space for dot and null). */
+                BIO_snprintf(p, 2 + precision, ".%ld", usec);
+                /* We cannot use the snprintf return value, 
+                   because it might have been truncated. */
+                p += strlen(p);
+
+                /* To make things a bit harder, X.690 | ISO/IEC 8825-1 provides
+                   the following restrictions for a DER-encoding, which OpenSSL
+                   (specifically ASN1_GENERALIZEDTIME_check() function) doesn't 
+                   support:
+                   "The encoding MUST terminate with a "Z" (which means "Zulu" 
+                   time). The decimal point element, if present, MUST be the 
+                   point option ".". The fractional-seconds elements, 
+                   if present, MUST omit all trailing 0's; 
+                   if the elements correspond to 0, they MUST be wholly
+                   omitted, and the decimal point element also MUST be
+                   omitted." */
+                /* Remove trailing zeros. The dot guarantees the exit
+                   condition of this loop even if all the digits are zero. */
+                while (*--p == '0')
+                        /* empty */;
+                /* p points to either the dot or the last non-zero digit. */
+                if (*p != '.') ++p;
+                }
+        /* Add the trailing Z and the terminating null. */
+        *p++ = 'Z';
+        *p++ = '\0';
+
+        /* Now call OpenSSL to check and set our genTime value */
+        if (!asn1_time && !(asn1_time = M_ASN1_GENERALIZEDTIME_new()))
+                goto err;
+        if (!ASN1_GENERALIZEDTIME_set_string(asn1_time, genTime_str))
+                {
+                ASN1_GENERALIZEDTIME_free(asn1_time);
+                goto err;
+                }
+
+        return asn1_time;
+ err:
+        TSerr(TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION, TS_R_COULD_NOT_SET_TIME);
+        return NULL;
+        }
diff --git a/src/lib/libcrypto/ts/ts_rsp_utils.c b/src/lib/libcrypto/ts/ts_rsp_utils.c
new file mode 100644
index 0000000000..401c1fdc51
--- /dev/null
+++ b/src/lib/libcrypto/ts/ts_rsp_utils.c
@@ -0,0 +1,409 @@
+/* crypto/ts/ts_resp_utils.c */
+/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
+ * project 2002.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/ts.h>
+#include <openssl/pkcs7.h>
+
+/* Function definitions. */
+
+int TS_RESP_set_status_info(TS_RESP *a, TS_STATUS_INFO *status_info)
+        {
+        TS_STATUS_INFO *new_status_info;
+
+        if (a->status_info == status_info)
+                return 1;
+        new_status_info = TS_STATUS_INFO_dup(status_info);
+        if (new_status_info == NULL)
+                {
+                TSerr(TS_F_TS_RESP_SET_STATUS_INFO, ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        TS_STATUS_INFO_free(a->status_info);
+        a->status_info = new_status_info;
+
+        return 1;
+        }
+
+TS_STATUS_INFO *TS_RESP_get_status_info(TS_RESP *a)
+        {
+        return a->status_info;
+        }
+
+/* Caller loses ownership of PKCS7 and TS_TST_INFO objects. */
+void TS_RESP_set_tst_info(TS_RESP *a, PKCS7 *p7, TS_TST_INFO *tst_info)
+        {
+        /* Set new PKCS7 and TST_INFO objects. */
+        PKCS7_free(a->token);
+        a->token = p7;
+        TS_TST_INFO_free(a->tst_info);
+        a->tst_info = tst_info;
+        }
+
+PKCS7 *TS_RESP_get_token(TS_RESP *a)
+        {
+        return a->token;
+        }
+
+TS_TST_INFO *TS_RESP_get_tst_info(TS_RESP *a)
+        {
+        return a->tst_info;
+        }
+
+int TS_TST_INFO_set_version(TS_TST_INFO *a, long version)
+        {
+        return ASN1_INTEGER_set(a->version, version);
+        }
+
+long TS_TST_INFO_get_version(const TS_TST_INFO *a)
+        {
+        return ASN1_INTEGER_get(a->version);
+        }
+
+int TS_TST_INFO_set_policy_id(TS_TST_INFO *a, ASN1_OBJECT *policy)
+        {
+        ASN1_OBJECT *new_policy;
+
+        if (a->policy_id == policy)
+                return 1;
+        new_policy = OBJ_dup(policy);
+        if (new_policy == NULL)
+                {
+                TSerr(TS_F_TS_TST_INFO_SET_POLICY_ID, ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        ASN1_OBJECT_free(a->policy_id);
+        a->policy_id = new_policy;
+        return 1;
+        }
+
+ASN1_OBJECT *TS_TST_INFO_get_policy_id(TS_TST_INFO *a)
+        {
+        return a->policy_id;
+        }
+
+int TS_TST_INFO_set_msg_imprint(TS_TST_INFO *a, TS_MSG_IMPRINT *msg_imprint)
+        {
+        TS_MSG_IMPRINT *new_msg_imprint;
+
+        if (a->msg_imprint == msg_imprint)
+                return 1;
+        new_msg_imprint = TS_MSG_IMPRINT_dup(msg_imprint);
+        if (new_msg_imprint == NULL)
+                {
+                TSerr(TS_F_TS_TST_INFO_SET_MSG_IMPRINT, ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        TS_MSG_IMPRINT_free(a->msg_imprint);
+        a->msg_imprint = new_msg_imprint;
+        return 1;
+        }
+
+TS_MSG_IMPRINT *TS_TST_INFO_get_msg_imprint(TS_TST_INFO *a)
+        {
+        return a->msg_imprint;
+        }
+
+int TS_TST_INFO_set_serial(TS_TST_INFO *a, const ASN1_INTEGER *serial)
+        {
+        ASN1_INTEGER *new_serial;
+
+        if (a->serial == serial)
+                return 1;
+        new_serial = ASN1_INTEGER_dup(serial);
+        if (new_serial == NULL)
+                {
+                TSerr(TS_F_TS_TST_INFO_SET_SERIAL, ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        ASN1_INTEGER_free(a->serial);
+        a->serial = new_serial;
+        return 1;
+        }
+
+const ASN1_INTEGER *TS_TST_INFO_get_serial(const TS_TST_INFO *a)
+        {
+        return a->serial;
+        }
+
+int TS_TST_INFO_set_time(TS_TST_INFO *a, const ASN1_GENERALIZEDTIME *gtime)
+        {
+        ASN1_GENERALIZEDTIME *new_time;
+
+        if (a->time == gtime)
+                return 1;
+        new_time = M_ASN1_GENERALIZEDTIME_dup(gtime);
+        if (new_time == NULL)
+                {
+                TSerr(TS_F_TS_TST_INFO_SET_TIME, ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        ASN1_GENERALIZEDTIME_free(a->time);
+        a->time = new_time;
+        return 1;
+        }
+
+const ASN1_GENERALIZEDTIME *TS_TST_INFO_get_time(const TS_TST_INFO *a)
+        {
+        return a->time;
+        }
+
+int TS_TST_INFO_set_accuracy(TS_TST_INFO *a, TS_ACCURACY *accuracy)
+        {
+        TS_ACCURACY *new_accuracy;
+
+        if (a->accuracy == accuracy)
+                return 1;
+        new_accuracy = TS_ACCURACY_dup(accuracy);
+        if (new_accuracy == NULL)
+                {
+                TSerr(TS_F_TS_TST_INFO_SET_ACCURACY, ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        TS_ACCURACY_free(a->accuracy);
+        a->accuracy = new_accuracy;
+        return 1;
+        }
+
+TS_ACCURACY *TS_TST_INFO_get_accuracy(TS_TST_INFO *a)
+        {
+        return a->accuracy;
+        }
+
+int TS_ACCURACY_set_seconds(TS_ACCURACY *a, const ASN1_INTEGER *seconds)
+        {
+        ASN1_INTEGER *new_seconds;
+
+        if (a->seconds == seconds)
+                return 1;
+        new_seconds = ASN1_INTEGER_dup(seconds);
+        if (new_seconds == NULL)
+                {
+                TSerr(TS_F_TS_ACCURACY_SET_SECONDS, ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        ASN1_INTEGER_free(a->seconds);
+        a->seconds = new_seconds;
+        return 1;
+        }
+
+const ASN1_INTEGER *TS_ACCURACY_get_seconds(const TS_ACCURACY *a)
+        {
+        return a->seconds;
+        }
+
+int TS_ACCURACY_set_millis(TS_ACCURACY *a, const ASN1_INTEGER *millis)
+        {
+        ASN1_INTEGER *new_millis = NULL;
+
+        if (a->millis == millis)
+                return 1;
+        if (millis != NULL)
+                {
+                new_millis = ASN1_INTEGER_dup(millis);
+                if (new_millis == NULL)
+                        {
+                        TSerr(TS_F_TS_ACCURACY_SET_MILLIS, 
+                              ERR_R_MALLOC_FAILURE);
+                        return 0;
+                        }
+                }
+        ASN1_INTEGER_free(a->millis);
+        a->millis = new_millis;
+        return 1;
+        }
+
+const ASN1_INTEGER *TS_ACCURACY_get_millis(const TS_ACCURACY *a)
+        {
+        return a->millis;
+        }
+
+int TS_ACCURACY_set_micros(TS_ACCURACY *a, const ASN1_INTEGER *micros)
+        {
+        ASN1_INTEGER *new_micros = NULL;
+
+        if (a->micros == micros)
+                return 1;
+        if (micros != NULL)
+                {
+                new_micros = ASN1_INTEGER_dup(micros);
+                if (new_micros == NULL)
+                        {
+                        TSerr(TS_F_TS_ACCURACY_SET_MICROS, 
+                              ERR_R_MALLOC_FAILURE);
+                        return 0;
+                        }
+                }
+        ASN1_INTEGER_free(a->micros);
+        a->micros = new_micros;
+        return 1;
+        }
+
+const ASN1_INTEGER *TS_ACCURACY_get_micros(const TS_ACCURACY *a)
+        {
+        return a->micros;
+        }
+
+int TS_TST_INFO_set_ordering(TS_TST_INFO *a, int ordering)
+        {
+        a->ordering = ordering ? 0xFF : 0x00;
+        return 1;
+        }
+
+int TS_TST_INFO_get_ordering(const TS_TST_INFO *a)
+        {
+        return a->ordering ? 1 : 0;
+        }
+
+int TS_TST_INFO_set_nonce(TS_TST_INFO *a, const ASN1_INTEGER *nonce)
+        {
+        ASN1_INTEGER *new_nonce;
+
+        if (a->nonce == nonce)
+                return 1;
+        new_nonce = ASN1_INTEGER_dup(nonce);
+        if (new_nonce == NULL)
+                {
+                TSerr(TS_F_TS_TST_INFO_SET_NONCE, ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        ASN1_INTEGER_free(a->nonce);
+        a->nonce = new_nonce;
+        return 1;
+        }
+
+const ASN1_INTEGER *TS_TST_INFO_get_nonce(const TS_TST_INFO *a)
+        {
+        return a->nonce;
+        }
+
+int TS_TST_INFO_set_tsa(TS_TST_INFO *a, GENERAL_NAME *tsa)
+        {
+        GENERAL_NAME *new_tsa;
+
+        if (a->tsa == tsa)
+                return 1;
+        new_tsa = GENERAL_NAME_dup(tsa);
+        if (new_tsa == NULL)
+                {
+                TSerr(TS_F_TS_TST_INFO_SET_TSA, ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        GENERAL_NAME_free(a->tsa);
+        a->tsa = new_tsa;
+        return 1;
+        }
+
+GENERAL_NAME *TS_TST_INFO_get_tsa(TS_TST_INFO *a)
+        {
+        return a->tsa;
+        }
+
+STACK_OF(X509_EXTENSION) *TS_TST_INFO_get_exts(TS_TST_INFO *a)
+        {
+        return a->extensions;
+        }
+
+void TS_TST_INFO_ext_free(TS_TST_INFO *a)
+        {
+        if (!a) return;
+        sk_X509_EXTENSION_pop_free(a->extensions, X509_EXTENSION_free);
+        a->extensions = NULL;
+        }
+
+int TS_TST_INFO_get_ext_count(TS_TST_INFO *a)
+        {
+        return X509v3_get_ext_count(a->extensions);
+        }
+
+int TS_TST_INFO_get_ext_by_NID(TS_TST_INFO *a, int nid, int lastpos)
+        {
+        return X509v3_get_ext_by_NID(a->extensions, nid, lastpos);
+        }
+
+int TS_TST_INFO_get_ext_by_OBJ(TS_TST_INFO *a, ASN1_OBJECT *obj, int lastpos)
+        {
+        return X509v3_get_ext_by_OBJ(a->extensions, obj, lastpos);
+        }
+
+int TS_TST_INFO_get_ext_by_critical(TS_TST_INFO *a, int crit, int lastpos)
+        {
+        return X509v3_get_ext_by_critical(a->extensions, crit, lastpos);
+        }
+
+X509_EXTENSION *TS_TST_INFO_get_ext(TS_TST_INFO *a, int loc)
+        {
+        return X509v3_get_ext(a->extensions,loc);
+        }
+
+X509_EXTENSION *TS_TST_INFO_delete_ext(TS_TST_INFO *a, int loc)
+        {
+        return X509v3_delete_ext(a->extensions,loc);
+        }
+
+int TS_TST_INFO_add_ext(TS_TST_INFO *a, X509_EXTENSION *ex, int loc)
+        {
+        return X509v3_add_ext(&a->extensions,ex,loc) != NULL;
+        }
+
+void *TS_TST_INFO_get_ext_d2i(TS_TST_INFO *a, int nid, int *crit, int *idx)
+        {
+        return X509V3_get_d2i(a->extensions, nid, crit, idx);
+        }
diff --git a/src/lib/libcrypto/ts/ts_rsp_verify.c b/src/lib/libcrypto/ts/ts_rsp_verify.c
new file mode 100644
index 0000000000..e1f3b534af
--- /dev/null
+++ b/src/lib/libcrypto/ts/ts_rsp_verify.c
@@ -0,0 +1,725 @@
+/* crypto/ts/ts_resp_verify.c */
+/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
+ * project 2002.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/ts.h>
+#include <openssl/pkcs7.h>
+
+/* Private function declarations. */
+
+static int TS_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted,
+                          X509 *signer, STACK_OF(X509) **chain);
+static int TS_check_signing_certs(PKCS7_SIGNER_INFO *si, STACK_OF(X509) *chain);
+static ESS_SIGNING_CERT *ESS_get_signing_cert(PKCS7_SIGNER_INFO *si);
+static int TS_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert);
+static int TS_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509_CINF *cinfo);
+static int int_TS_RESP_verify_token(TS_VERIFY_CTX *ctx, 
+                                 PKCS7 *token, TS_TST_INFO *tst_info);
+static int TS_check_status_info(TS_RESP *response);
+static char *TS_get_status_text(STACK_OF(ASN1_UTF8STRING) *text);
+static int TS_check_policy(ASN1_OBJECT *req_oid, TS_TST_INFO *tst_info);
+static int TS_compute_imprint(BIO *data, TS_TST_INFO *tst_info,
+                              X509_ALGOR **md_alg, 
+                              unsigned char **imprint, unsigned *imprint_len);
+static int TS_check_imprints(X509_ALGOR *algor_a, 
+                             unsigned char *imprint_a, unsigned len_a,
+                             TS_TST_INFO *tst_info);
+static int TS_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info);
+static int TS_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer);
+static int TS_find_name(STACK_OF(GENERAL_NAME) *gen_names, GENERAL_NAME *name);
+
+/*
+ * Local mapping between response codes and descriptions.
+ * Don't forget to change TS_STATUS_BUF_SIZE when modifying 
+ * the elements of this array.
+ */
+static const char *TS_status_text[] =
+        { "granted",
+          "grantedWithMods",
+          "rejection",
+          "waiting",
+          "revocationWarning",
+          "revocationNotification" };
+
+#define TS_STATUS_TEXT_SIZE     (sizeof(TS_status_text)/sizeof(*TS_status_text))
+
+/*
+ * This must be greater or equal to the sum of the strings in TS_status_text
+ * plus the number of its elements.
+ */
+#define TS_STATUS_BUF_SIZE      256
+
+static struct
+        {
+        int code;
+        const char *text;
+        } TS_failure_info[] =
+                { { TS_INFO_BAD_ALG, "badAlg" },
+                  { TS_INFO_BAD_REQUEST, "badRequest" },
+                  { TS_INFO_BAD_DATA_FORMAT, "badDataFormat" },
+                  { TS_INFO_TIME_NOT_AVAILABLE, "timeNotAvailable" },
+                  { TS_INFO_UNACCEPTED_POLICY, "unacceptedPolicy" },
+                  { TS_INFO_UNACCEPTED_EXTENSION, "unacceptedExtension" },
+                  { TS_INFO_ADD_INFO_NOT_AVAILABLE, "addInfoNotAvailable" },
+                  { TS_INFO_SYSTEM_FAILURE, "systemFailure" } };
+
+#define TS_FAILURE_INFO_SIZE    (sizeof(TS_failure_info) / \
+                                sizeof(*TS_failure_info))
+
+/* Functions for verifying a signed TS_TST_INFO structure. */
+
+/*
+ * This function carries out the following tasks:
+ *      - Checks if there is one and only one signer.
+ *      - Search for the signing certificate in 'certs' and in the response.
+ *      - Check the extended key usage and key usage fields of the signer
+ *      certificate (done by the path validation).
+ *      - Build and validate the certificate path.
+ *      - Check if the certificate path meets the requirements of the
+ *      SigningCertificate ESS signed attribute.
+ *      - Verify the signature value.
+ *      - Returns the signer certificate in 'signer', if 'signer' is not NULL.
+ */
+int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs,
+                             X509_STORE *store, X509 **signer_out)
+        {
+        STACK_OF(PKCS7_SIGNER_INFO) *sinfos = NULL;
+        PKCS7_SIGNER_INFO *si;
+        STACK_OF(X509) *signers = NULL;
+        X509    *signer;
+        STACK_OF(X509) *chain = NULL;
+        char    buf[4096];
+        int     i, j = 0, ret = 0;
+        BIO     *p7bio = NULL;
+
+        /* Some sanity checks first. */
+        if (!token)
+                {
+                TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_INVALID_NULL_POINTER);
+                goto err;
+                }
+
+        /* Check for the correct content type */
+        if(!PKCS7_type_is_signed(token))
+                {
+                TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_WRONG_CONTENT_TYPE);
+                goto err;
+                }
+
+        /* Check if there is one and only one signer. */
+        sinfos = PKCS7_get_signer_info(token);
+        if (!sinfos || sk_PKCS7_SIGNER_INFO_num(sinfos) != 1)
+                {
+                TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE,
+                      TS_R_THERE_MUST_BE_ONE_SIGNER);
+                goto err;
+                }
+        si = sk_PKCS7_SIGNER_INFO_value(sinfos, 0);
+
+        /* Check for no content: no data to verify signature. */
+        if (PKCS7_get_detached(token))
+                {
+                TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_NO_CONTENT);
+                goto err;
+                }
+        
+        /* Get hold of the signer certificate, search only internal
+           certificates if it was requested. */
+        signers = PKCS7_get0_signers(token, certs, 0);
+        if (!signers || sk_X509_num(signers) != 1) goto err;
+        signer = sk_X509_value(signers, 0);
+
+        /* Now verify the certificate. */
+        if (!TS_verify_cert(store, certs, signer, &chain)) goto err;
+
+        /* Check if the signer certificate is consistent with the
+           ESS extension. */
+        if (!TS_check_signing_certs(si, chain)) goto err;
+
+        /* Creating the message digest. */
+        p7bio = PKCS7_dataInit(token, NULL);
+
+        /* We now have to 'read' from p7bio to calculate digests etc. */
+        while ((i = BIO_read(p7bio,buf,sizeof(buf))) > 0);
+
+        /* Verifying the signature. */
+        j = PKCS7_signatureVerify(p7bio, token, si, signer);
+        if (j <= 0)
+                {
+                TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_SIGNATURE_FAILURE);
+                goto err;
+                }
+
+        /* Return the signer certificate if needed. */
+        if (signer_out)
+                {
+                *signer_out = signer;
+                CRYPTO_add(&signer->references, 1, CRYPTO_LOCK_X509);
+                }
+
+        ret = 1;
+
+ err:
+        BIO_free_all(p7bio);
+        sk_X509_pop_free(chain, X509_free);
+        sk_X509_free(signers);
+
+        return ret;
+        }
+
+/*
+ * The certificate chain is returned in chain. Caller is responsible for
+ * freeing the vector.
+ */
+static int TS_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted,
+                          X509 *signer, STACK_OF(X509) **chain)
+        {
+        X509_STORE_CTX  cert_ctx;
+        int i;
+        int ret = 1;
+
+        /* chain is an out argument. */
+        *chain = NULL;
+        X509_STORE_CTX_init(&cert_ctx, store, signer, untrusted);
+        X509_STORE_CTX_set_purpose(&cert_ctx, X509_PURPOSE_TIMESTAMP_SIGN);
+        i = X509_verify_cert(&cert_ctx);
+        if (i <= 0)
+                {
+                int j = X509_STORE_CTX_get_error(&cert_ctx);
+                TSerr(TS_F_TS_VERIFY_CERT, TS_R_CERTIFICATE_VERIFY_ERROR);
+                ERR_add_error_data(2, "Verify error:",
+                                   X509_verify_cert_error_string(j));
+                ret = 0;
+                }
+        else
+                {
+                /* Get a copy of the certificate chain. */
+                *chain = X509_STORE_CTX_get1_chain(&cert_ctx);
+                }
+
+        X509_STORE_CTX_cleanup(&cert_ctx);
+
+        return ret;
+        }
+
+static int TS_check_signing_certs(PKCS7_SIGNER_INFO *si, STACK_OF(X509) *chain)
+        {
+        ESS_SIGNING_CERT *ss = ESS_get_signing_cert(si);
+        STACK_OF(ESS_CERT_ID) *cert_ids = NULL;
+        X509 *cert;
+        int i = 0;
+        int ret = 0;
+
+        if (!ss) goto err;
+        cert_ids = ss->cert_ids;
+        /* The signer certificate must be the first in cert_ids. */
+        cert = sk_X509_value(chain, 0);
+        if (TS_find_cert(cert_ids, cert) != 0) goto err;
+        
+        /* Check the other certificates of the chain if there are more
+           than one certificate ids in cert_ids. */
+        if (sk_ESS_CERT_ID_num(cert_ids) > 1)
+                {
+                /* All the certificates of the chain must be in cert_ids. */
+                for (i = 1; i < sk_X509_num(chain); ++i)
+                        {
+                        cert = sk_X509_value(chain, i);
+                        if (TS_find_cert(cert_ids, cert) < 0) goto err;
+                        }
+                }
+        ret = 1;
+ err:
+        if (!ret)
+                TSerr(TS_F_TS_CHECK_SIGNING_CERTS, 
+                      TS_R_ESS_SIGNING_CERTIFICATE_ERROR);
+        ESS_SIGNING_CERT_free(ss);
+        return ret;
+        }
+
+static ESS_SIGNING_CERT *ESS_get_signing_cert(PKCS7_SIGNER_INFO *si)
+        {
+        ASN1_TYPE *attr;
+        const unsigned char *p;
+        attr = PKCS7_get_signed_attribute(si, 
+                                          NID_id_smime_aa_signingCertificate);
+        if (!attr) return NULL;
+        p = attr->value.sequence->data;
+        return d2i_ESS_SIGNING_CERT(NULL, &p, attr->value.sequence->length);
+        }
+
+/* Returns < 0 if certificate is not found, certificate index otherwise. */
+static int TS_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert)
+        {
+        int i;
+
+        if (!cert_ids || !cert) return -1;
+
+        /* Recompute SHA1 hash of certificate if necessary (side effect). */
+        X509_check_purpose(cert, -1, 0);
+
+        /* Look for cert in the cert_ids vector. */
+        for (i = 0; i < sk_ESS_CERT_ID_num(cert_ids); ++i)
+                {
+                ESS_CERT_ID *cid = sk_ESS_CERT_ID_value(cert_ids, i);
+
+                /* Check the SHA-1 hash first. */
+                if (cid->hash->length == sizeof(cert->sha1_hash)
+                    && !memcmp(cid->hash->data, cert->sha1_hash,
+                               sizeof(cert->sha1_hash)))
+                        {
+                        /* Check the issuer/serial as well if specified. */
+                        ESS_ISSUER_SERIAL *is = cid->issuer_serial;
+                        if (!is || !TS_issuer_serial_cmp(is, cert->cert_info))
+                                return i;
+                        }
+                }
+        
+        return -1;
+        }
+
+static int TS_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509_CINF *cinfo)
+        {
+        GENERAL_NAME *issuer;
+
+        if (!is || !cinfo || sk_GENERAL_NAME_num(is->issuer) != 1) return -1;
+
+        /* Check the issuer first. It must be a directory name. */
+        issuer = sk_GENERAL_NAME_value(is->issuer, 0);
+        if (issuer->type != GEN_DIRNAME 
+            || X509_NAME_cmp(issuer->d.dirn, cinfo->issuer))
+                return -1;
+
+        /* Check the serial number, too. */
+        if (ASN1_INTEGER_cmp(is->serial, cinfo->serialNumber))
+                return -1;
+
+        return 0;
+        }
+
+/*
+ * Verifies whether 'response' contains a valid response with regards 
+ * to the settings of the context:
+ *      - Gives an error message if the TS_TST_INFO is not present.
+ *      - Calls _TS_RESP_verify_token to verify the token content.
+ */
+int TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response)
+        {
+        PKCS7 *token = TS_RESP_get_token(response);
+        TS_TST_INFO *tst_info = TS_RESP_get_tst_info(response);
+        int ret = 0;
+
+        /* Check if we have a successful TS_TST_INFO object in place. */
+        if (!TS_check_status_info(response)) goto err;
+
+        /* Check the contents of the time stamp token. */
+        if (!int_TS_RESP_verify_token(ctx, token, tst_info))
+                goto err;
+
+        ret = 1;
+ err:
+        return ret;
+        }
+
+/*
+ * Tries to extract a TS_TST_INFO structure from the PKCS7 token and
+ * calls the internal int_TS_RESP_verify_token function for verifying it.
+ */
+int TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token)
+        {
+        TS_TST_INFO *tst_info = PKCS7_to_TS_TST_INFO(token);
+        int ret = 0;
+        if (tst_info)
+                {
+                ret = int_TS_RESP_verify_token(ctx, token, tst_info);
+                TS_TST_INFO_free(tst_info);
+                }
+        return ret;
+        }
+
+/*
+ * Verifies whether the 'token' contains a valid time stamp token 
+ * with regards to the settings of the context. Only those checks are
+ * carried out that are specified in the context:
+ *      - Verifies the signature of the TS_TST_INFO.
+ *      - Checks the version number of the response.
+ *      - Check if the requested and returned policies math.
+ *      - Check if the message imprints are the same.
+ *      - Check if the nonces are the same.
+ *      - Check if the TSA name matches the signer.
+ *      - Check if the TSA name is the expected TSA.
+ */
+static int int_TS_RESP_verify_token(TS_VERIFY_CTX *ctx, 
+                                 PKCS7 *token, TS_TST_INFO *tst_info)
+        {
+        X509 *signer = NULL;
+        GENERAL_NAME *tsa_name = TS_TST_INFO_get_tsa(tst_info);
+        X509_ALGOR *md_alg = NULL;
+        unsigned char *imprint = NULL;
+        unsigned imprint_len = 0;
+        int ret = 0;
+
+        /* Verify the signature. */
+        if ((ctx->flags & TS_VFY_SIGNATURE)
+            && !TS_RESP_verify_signature(token, ctx->certs, ctx->store,
+                                         &signer))
+                goto err;
+        
+        /* Check version number of response. */
+        if ((ctx->flags & TS_VFY_VERSION)
+            && TS_TST_INFO_get_version(tst_info) != 1)
+                {
+                TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_UNSUPPORTED_VERSION);
+                goto err;
+                }
+
+        /* Check policies. */
+        if ((ctx->flags & TS_VFY_POLICY)
+            && !TS_check_policy(ctx->policy, tst_info))
+                goto err;
+        
+        /* Check message imprints. */
+        if ((ctx->flags & TS_VFY_IMPRINT)
+            && !TS_check_imprints(ctx->md_alg, ctx->imprint, ctx->imprint_len,
+                                  tst_info)) 
+                goto err;
+
+        /* Compute and check message imprints. */
+        if ((ctx->flags & TS_VFY_DATA)
+            && (!TS_compute_imprint(ctx->data, tst_info,
+                                    &md_alg, &imprint, &imprint_len)
+            || !TS_check_imprints(md_alg, imprint, imprint_len, tst_info)))
+                goto err;
+
+        /* Check nonces. */
+        if ((ctx->flags & TS_VFY_NONCE)
+            && !TS_check_nonces(ctx->nonce, tst_info))
+                goto err;
+
+        /* Check whether TSA name and signer certificate match. */
+        if ((ctx->flags & TS_VFY_SIGNER)
+            && tsa_name && !TS_check_signer_name(tsa_name, signer))
+                {
+                TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_TSA_NAME_MISMATCH);
+                goto err;
+                }
+
+        /* Check whether the TSA is the expected one. */
+        if ((ctx->flags & TS_VFY_TSA_NAME)
+            && !TS_check_signer_name(ctx->tsa_name, signer))
+                {
+                TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_TSA_UNTRUSTED);
+                goto err;
+                }
+
+        ret = 1;
+ err:
+        X509_free(signer);
+        X509_ALGOR_free(md_alg);
+        OPENSSL_free(imprint);
+        return ret;
+        }
+
+static int TS_check_status_info(TS_RESP *response)
+        {
+        TS_STATUS_INFO *info = TS_RESP_get_status_info(response);
+        long status = ASN1_INTEGER_get(info->status);
+        const char *status_text = NULL;
+        char *embedded_status_text = NULL;
+        char failure_text[TS_STATUS_BUF_SIZE] = "";
+
+        /* Check if everything went fine. */
+        if (status == 0 || status == 1) return 1;
+
+        /* There was an error, get the description in status_text. */
+        if (0 <= status && status < (long)TS_STATUS_TEXT_SIZE)
+                status_text = TS_status_text[status];
+        else
+                status_text = "unknown code";
+
+        /* Set the embedded_status_text to the returned description. */
+        if (sk_ASN1_UTF8STRING_num(info->text) > 0
+            && !(embedded_status_text = TS_get_status_text(info->text)))
+                return 0;
+        
+        /* Filling in failure_text with the failure information. */
+        if (info->failure_info)
+                {
+                int i;
+                int first = 1;
+                for (i = 0; i < (int)TS_FAILURE_INFO_SIZE; ++i)
+                        {
+                        if (ASN1_BIT_STRING_get_bit(info->failure_info,
+                                                    TS_failure_info[i].code))
+                                {
+                                if (!first)
+                                        strcpy(failure_text, ",");
+                                else
+                                        first = 0;
+                                strcat(failure_text, TS_failure_info[i].text);
+                                }
+                        }
+                }
+        if (failure_text[0] == '\0')
+                strcpy(failure_text, "unspecified");
+
+        /* Making up the error string. */
+        TSerr(TS_F_TS_CHECK_STATUS_INFO, TS_R_NO_TIME_STAMP_TOKEN);
+        ERR_add_error_data(6,
+                           "status code: ", status_text,
+                           ", status text: ", embedded_status_text ? 
+                           embedded_status_text : "unspecified",
+                           ", failure codes: ", failure_text);
+        OPENSSL_free(embedded_status_text);
+
+        return 0;
+        }
+
+static char *TS_get_status_text(STACK_OF(ASN1_UTF8STRING) *text)
+        {
+        int i;
+        unsigned int length = 0;
+        char *result = NULL;
+        char *p;
+
+        /* Determine length first. */
+        for (i = 0; i < sk_ASN1_UTF8STRING_num(text); ++i)
+                {
+                ASN1_UTF8STRING *current = sk_ASN1_UTF8STRING_value(text, i);
+                length += ASN1_STRING_length(current);
+                length += 1;    /* separator character */
+                }
+        /* Allocate memory (closing '\0' included). */
+        if (!(result = OPENSSL_malloc(length)))
+                {
+                TSerr(TS_F_TS_GET_STATUS_TEXT, ERR_R_MALLOC_FAILURE);
+                return NULL;
+                }
+        /* Concatenate the descriptions. */
+        for (i = 0, p = result; i < sk_ASN1_UTF8STRING_num(text); ++i)
+                {
+                ASN1_UTF8STRING *current = sk_ASN1_UTF8STRING_value(text, i);
+                length = ASN1_STRING_length(current);
+                if (i > 0) *p++ = '/';
+                strncpy(p, (const char *)ASN1_STRING_data(current), length);
+                p += length;
+                }
+        /* We do have space for this, too. */
+        *p = '\0';
+        
+        return result;
+        }
+
+static int TS_check_policy(ASN1_OBJECT *req_oid, TS_TST_INFO *tst_info)
+        {
+        ASN1_OBJECT *resp_oid = TS_TST_INFO_get_policy_id(tst_info);
+
+        if (OBJ_cmp(req_oid, resp_oid) != 0)
+                {
+                TSerr(TS_F_TS_CHECK_POLICY, TS_R_POLICY_MISMATCH);
+                return 0;
+                }
+
+        return 1;
+        }
+
+static int TS_compute_imprint(BIO *data, TS_TST_INFO *tst_info,
+                              X509_ALGOR **md_alg, 
+                              unsigned char **imprint, unsigned *imprint_len)
+        {
+        TS_MSG_IMPRINT *msg_imprint = TS_TST_INFO_get_msg_imprint(tst_info);
+        X509_ALGOR *md_alg_resp = TS_MSG_IMPRINT_get_algo(msg_imprint);
+        const EVP_MD *md;
+        EVP_MD_CTX md_ctx;
+        unsigned char buffer[4096];
+        int length;
+
+        *md_alg = NULL;
+        *imprint = NULL;
+
+        /* Return the MD algorithm of the response. */
+        if (!(*md_alg = X509_ALGOR_dup(md_alg_resp))) goto err;
+
+        /* Getting the MD object. */
+        if (!(md = EVP_get_digestbyobj((*md_alg)->algorithm)))
+                {
+                TSerr(TS_F_TS_COMPUTE_IMPRINT, TS_R_UNSUPPORTED_MD_ALGORITHM);
+                goto err;
+                }
+
+        /* Compute message digest. */
+        length = EVP_MD_size(md);
+        if (length < 0)
+            goto err;
+        *imprint_len = length;
+        if (!(*imprint = OPENSSL_malloc(*imprint_len))) 
+                {
+                TSerr(TS_F_TS_COMPUTE_IMPRINT, ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+
+        EVP_DigestInit(&md_ctx, md);
+        while ((length = BIO_read(data, buffer, sizeof(buffer))) > 0)
+                {
+                EVP_DigestUpdate(&md_ctx, buffer, length);
+                }
+        EVP_DigestFinal(&md_ctx, *imprint, NULL);
+
+        return 1;
+ err:
+        X509_ALGOR_free(*md_alg);
+        OPENSSL_free(*imprint);
+        *imprint_len = 0;
+        return 0;
+        }
+
+static int TS_check_imprints(X509_ALGOR *algor_a, 
+                             unsigned char *imprint_a, unsigned len_a,
+                             TS_TST_INFO *tst_info)
+        {
+        TS_MSG_IMPRINT *b = TS_TST_INFO_get_msg_imprint(tst_info);
+        X509_ALGOR *algor_b = TS_MSG_IMPRINT_get_algo(b);
+        int ret = 0;
+
+        /* algor_a is optional. */
+        if (algor_a)
+                {
+                /* Compare algorithm OIDs. */
+                if (OBJ_cmp(algor_a->algorithm, algor_b->algorithm)) goto err;
+
+                /* The parameter must be NULL in both. */
+                if ((algor_a->parameter 
+                     && ASN1_TYPE_get(algor_a->parameter) != V_ASN1_NULL)
+                    || (algor_b->parameter
+                        && ASN1_TYPE_get(algor_b->parameter) != V_ASN1_NULL))
+                        goto err;
+                }
+
+        /* Compare octet strings. */
+        ret = len_a == (unsigned) ASN1_STRING_length(b->hashed_msg) &&
+                memcmp(imprint_a, ASN1_STRING_data(b->hashed_msg), len_a) == 0;
+ err:
+        if (!ret)
+                TSerr(TS_F_TS_CHECK_IMPRINTS, TS_R_MESSAGE_IMPRINT_MISMATCH);
+        return ret;
+        }
+
+static int TS_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info)
+        {
+        const ASN1_INTEGER *b = TS_TST_INFO_get_nonce(tst_info);
+
+        /* Error if nonce is missing. */
+        if (!b)
+                {
+                TSerr(TS_F_TS_CHECK_NONCES, TS_R_NONCE_NOT_RETURNED);
+                return 0;
+                }
+
+        /* No error if a nonce is returned without being requested. */
+        if (ASN1_INTEGER_cmp(a, b) != 0)
+                {
+                TSerr(TS_F_TS_CHECK_NONCES, TS_R_NONCE_MISMATCH);
+                return 0;
+                }
+
+        return 1;
+        }
+
+/* Check if the specified TSA name matches either the subject
+   or one of the subject alternative names of the TSA certificate. */
+static int TS_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer)
+        {
+        STACK_OF(GENERAL_NAME) *gen_names = NULL;
+        int idx = -1;
+        int found = 0;
+
+        /* Check the subject name first. */
+        if (tsa_name->type == GEN_DIRNAME 
+            && X509_name_cmp(tsa_name->d.dirn, signer->cert_info->subject) == 0)
+                return 1;
+
+        /* Check all the alternative names. */
+        gen_names = X509_get_ext_d2i(signer, NID_subject_alt_name,
+                                     NULL, &idx);
+        while (gen_names != NULL
+               && !(found = TS_find_name(gen_names, tsa_name) >= 0))
+                {
+                /* Get the next subject alternative name,
+                   although there should be no more than one. */
+                GENERAL_NAMES_free(gen_names);
+                gen_names = X509_get_ext_d2i(signer, NID_subject_alt_name,
+                                             NULL, &idx);
+                }
+        if (gen_names) GENERAL_NAMES_free(gen_names);
+        
+        return found;
+        }
+
+/* Returns 1 if name is in gen_names, 0 otherwise. */
+static int TS_find_name(STACK_OF(GENERAL_NAME) *gen_names, GENERAL_NAME *name)
+        {
+        int i, found;
+        for (i = 0, found = 0; !found && i < sk_GENERAL_NAME_num(gen_names);
+             ++i)
+                {
+                GENERAL_NAME *current = sk_GENERAL_NAME_value(gen_names, i);
+                found = GENERAL_NAME_cmp(current, name) == 0;
+                }
+        return found ? i - 1 : -1;
+        }
diff --git a/src/lib/libcrypto/ts/ts_verify_ctx.c b/src/lib/libcrypto/ts/ts_verify_ctx.c
new file mode 100644
index 0000000000..b079b50fc3
--- /dev/null
+++ b/src/lib/libcrypto/ts/ts_verify_ctx.c
@@ -0,0 +1,160 @@
+/* crypto/ts/ts_verify_ctx.c */
+/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
+ * project 2003.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <assert.h>
+#include "cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/ts.h>
+
+TS_VERIFY_CTX *TS_VERIFY_CTX_new(void)
+        {
+        TS_VERIFY_CTX *ctx = 
+                (TS_VERIFY_CTX *) OPENSSL_malloc(sizeof(TS_VERIFY_CTX));
+        if (ctx)
+                memset(ctx, 0, sizeof(TS_VERIFY_CTX));
+        else
+                TSerr(TS_F_TS_VERIFY_CTX_NEW, ERR_R_MALLOC_FAILURE);
+        return ctx;
+        }
+
+void TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx)
+        {
+        assert(ctx != NULL);
+        memset(ctx, 0, sizeof(TS_VERIFY_CTX));
+        }
+
+void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx)
+        {
+        if (!ctx) return;
+
+        TS_VERIFY_CTX_cleanup(ctx);
+        OPENSSL_free(ctx);
+        }
+
+void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx)
+        {
+        if (!ctx) return;
+
+        X509_STORE_free(ctx->store);
+        sk_X509_pop_free(ctx->certs, X509_free);
+
+        ASN1_OBJECT_free(ctx->policy);
+
+        X509_ALGOR_free(ctx->md_alg);
+        OPENSSL_free(ctx->imprint);
+        
+        BIO_free_all(ctx->data);
+
+        ASN1_INTEGER_free(ctx->nonce);
+
+        GENERAL_NAME_free(ctx->tsa_name);
+
+        TS_VERIFY_CTX_init(ctx);
+        }
+
+TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx)
+        {
+        TS_VERIFY_CTX *ret = ctx;
+        ASN1_OBJECT *policy;
+        TS_MSG_IMPRINT *imprint;
+        X509_ALGOR *md_alg;
+        ASN1_OCTET_STRING *msg;
+        const ASN1_INTEGER *nonce;
+
+        assert(req != NULL);
+        if (ret)
+                TS_VERIFY_CTX_cleanup(ret);
+        else
+                if (!(ret = TS_VERIFY_CTX_new())) return NULL;
+
+        /* Setting flags. */
+        ret->flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE);
+
+        /* Setting policy. */
+        if ((policy = TS_REQ_get_policy_id(req)) != NULL)
+                {
+                if (!(ret->policy = OBJ_dup(policy))) goto err;
+                }
+        else
+                ret->flags &= ~TS_VFY_POLICY;
+
+        /* Setting md_alg, imprint and imprint_len. */
+        imprint = TS_REQ_get_msg_imprint(req);
+        md_alg = TS_MSG_IMPRINT_get_algo(imprint);
+        if (!(ret->md_alg = X509_ALGOR_dup(md_alg))) goto err;
+        msg = TS_MSG_IMPRINT_get_msg(imprint);
+        ret->imprint_len = ASN1_STRING_length(msg);
+        if (!(ret->imprint = OPENSSL_malloc(ret->imprint_len))) goto err;
+        memcpy(ret->imprint, ASN1_STRING_data(msg), ret->imprint_len);
+
+        /* Setting nonce. */
+        if ((nonce = TS_REQ_get_nonce(req)) != NULL)
+                {
+                if (!(ret->nonce = ASN1_INTEGER_dup(nonce))) goto err;
+                }
+        else
+                ret->flags &= ~TS_VFY_NONCE;
+
+        return ret;
+ err:
+        if (ctx)
+                TS_VERIFY_CTX_cleanup(ctx);
+        else
+                TS_VERIFY_CTX_free(ret);
+        return NULL;
+        }
diff --git a/src/lib/libcrypto/whrlpool/asm/wp-mmx.pl b/src/lib/libcrypto/whrlpool/asm/wp-mmx.pl
new file mode 100644
index 0000000000..32cf16380b
--- /dev/null
+++ b/src/lib/libcrypto/whrlpool/asm/wp-mmx.pl
@@ -0,0 +1,493 @@
+#!/usr/bin/env perl
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. Rights for redistribution and usage in source and binary
+# forms are granted according to the OpenSSL license.
+# ====================================================================
+#
+# whirlpool_block_mmx implementation.
+#
+*SCALE=\(2); # 2 or 8, that is the question:-) Value of 8 results
+# in 16KB large table, which is tough on L1 cache, but eliminates
+# unaligned references to it. Value of 2 results in 4KB table, but
+# 7/8 of references to it are unaligned. AMD cores seem to be
+# allergic to the latter, while Intel ones - to former [see the
+# table]. I stick to value of 2 for two reasons: 1. smaller table
+# minimizes cache trashing and thus mitigates the hazard of side-
+# channel leakage similar to AES cache-timing one; 2. performance
+# gap among different µ-archs is smaller.
+#
+# Performance table lists rounded amounts of CPU cycles spent by
+# whirlpool_block_mmx routine on single 64 byte input block, i.e.
+# smaller is better and asymptotic throughput can be estimated by
+# multiplying 64 by CPU clock frequency and dividing by relevant
+# value from the given table:
+#
+#               $SCALE=2/8      icc8    gcc3    
+# Intel P4      3200/4600       4600(*) 6400
+# Intel PIII    2900/3000       4900    5400
+# AMD K[78]     2500/1800       9900    8200(**)
+#
+# (*)   I've sketched even non-MMX assembler, but for the record
+#       I've failed to beat the Intel compiler on P4, without using
+#       MMX that is...
+# (**)  ... on AMD on the other hand non-MMX assembler was observed
+#       to perform significantly better, but I figured this MMX
+#       implementation is even faster anyway, so why bother? As for
+#       pre-MMX AMD core[s], the improvement coefficient is more
+#       than likely to vary anyway and I don't know how. But the
+#       least I know is that gcc-generated code compiled with
+#       -DL_ENDIAN and -DOPENSSL_SMALL_FOOTPRINT [see C module for
+#       details] and optimized for Pentium was observed to perform
+#       *better* on Pentium 100 than unrolled non-MMX assembler
+#       loop... So we just say that I don't know if maintaining
+#       non-MMX implementation would actually pay off, but till
+#       opposite is proved "unlikely" is assumed.
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "x86asm.pl";
+
+&asm_init($ARGV[0],"wp-mmx.pl");
+
+sub L()  { &data_byte(@_); }
+sub LL()
+{       if      ($SCALE==2)     { &data_byte(@_); &data_byte(@_); }
+        elsif   ($SCALE==8)     { for ($i=0;$i<8;$i++) {
+                                        &data_byte(@_);
+                                        unshift(@_,pop(@_));
+                                  }
+                                }
+        else                    { die "unvalid SCALE value"; }
+}
+
+sub scale()
+{       if      ($SCALE==2)     { &lea(@_[0],&DWP(0,@_[1],@_[1])); }
+        elsif   ($SCALE==8)     { &lea(@_[0],&DWP(0,"",@_[1],8));  }
+        else                    { die "unvalid SCALE value";       }
+}
+
+sub row()
+{       if      ($SCALE==2)     { ((8-shift)&7); }
+        elsif   ($SCALE==8)     { (8*shift);     }
+        else                    { die "unvalid SCALE value"; }
+}
+
+$tbl="ebp";
+@mm=("mm0","mm1","mm2","mm3","mm4","mm5","mm6","mm7");
+
+&function_begin_B("whirlpool_block_mmx");
+        &push   ("ebp");
+        &push   ("ebx");
+        &push   ("esi");
+        &push   ("edi");
+
+        &mov    ("esi",&wparam(0));             # hash value
+        &mov    ("edi",&wparam(1));             # input data stream
+        &mov    ("ebp",&wparam(2));             # number of chunks in input
+
+        &mov    ("eax","esp");                  # copy stack pointer
+        &sub    ("esp",128+20);                 # allocate frame
+        &and    ("esp",-64);                    # align for cache-line
+
+        &lea    ("ebx",&DWP(128,"esp"));
+        &mov    (&DWP(0,"ebx"),"esi");          # save parameter block
+        &mov    (&DWP(4,"ebx"),"edi");
+        &mov    (&DWP(8,"ebx"),"ebp");
+        &mov    (&DWP(16,"ebx"),"eax");         # saved stack pointer
+
+        &call   (&label("pic_point"));
+&set_label("pic_point");
+        &blindpop($tbl);
+        &lea    ($tbl,&DWP(&label("table")."-".&label("pic_point"),$tbl));
+
+        &xor    ("ecx","ecx");
+        &xor    ("edx","edx");
+
+        for($i=0;$i<8;$i++) { &movq(@mm[$i],&QWP($i*8,"esi")); }    # L=H
+&set_label("outerloop");
+        for($i=0;$i<8;$i++) { &movq(&QWP($i*8,"esp"),@mm[$i]); }    # K=L
+        for($i=0;$i<8;$i++) { &pxor(@mm[$i],&QWP($i*8,"edi")); }    # L^=inp
+        for($i=0;$i<8;$i++) { &movq(&QWP(64+$i*8,"esp"),@mm[$i]); } # S=L
+
+        &xor    ("esi","esi");
+        &mov    (&DWP(12,"ebx"),"esi");         # zero round counter
+
+&set_label("round",16);
+        &movq   (@mm[0],&QWP(2048*$SCALE,$tbl,"esi",8));        # rc[r]
+        &mov    ("eax",&DWP(0,"esp"));
+        &mov    ("ebx",&DWP(4,"esp"));
+for($i=0;$i<8;$i++) {
+    my $func = ($i==0)? movq : pxor;
+        &movb   (&LB("ecx"),&LB("eax"));
+        &movb   (&LB("edx"),&HB("eax"));
+        &scale  ("esi","ecx");
+        &scale  ("edi","edx");
+        &shr    ("eax",16);
+        &pxor   (@mm[0],&QWP(&row(0),$tbl,"esi",8));
+        &$func  (@mm[1],&QWP(&row(1),$tbl,"edi",8));
+        &movb   (&LB("ecx"),&LB("eax"));
+        &movb   (&LB("edx"),&HB("eax"));
+        &mov    ("eax",&DWP(($i+1)*8,"esp"));
+        &scale  ("esi","ecx");
+        &scale  ("edi","edx");
+        &$func  (@mm[2],&QWP(&row(2),$tbl,"esi",8));
+        &$func  (@mm[3],&QWP(&row(3),$tbl,"edi",8));
+        &movb   (&LB("ecx"),&LB("ebx"));
+        &movb   (&LB("edx"),&HB("ebx"));
+        &scale  ("esi","ecx");
+        &scale  ("edi","edx");
+        &shr    ("ebx",16);
+        &$func  (@mm[4],&QWP(&row(4),$tbl,"esi",8));
+        &$func  (@mm[5],&QWP(&row(5),$tbl,"edi",8));
+        &movb   (&LB("ecx"),&LB("ebx"));
+        &movb   (&LB("edx"),&HB("ebx"));
+        &mov    ("ebx",&DWP(($i+1)*8+4,"esp"));
+        &scale  ("esi","ecx");
+        &scale  ("edi","edx");
+        &$func  (@mm[6],&QWP(&row(6),$tbl,"esi",8));
+        &$func  (@mm[7],&QWP(&row(7),$tbl,"edi",8));
+    push(@mm,shift(@mm));
+}
+
+        for($i=0;$i<8;$i++) { &movq(&QWP($i*8,"esp"),@mm[$i]); }    # K=L
+
+for($i=0;$i<8;$i++) {
+        &movb   (&LB("ecx"),&LB("eax"));
+        &movb   (&LB("edx"),&HB("eax"));
+        &scale  ("esi","ecx");
+        &scale  ("edi","edx");
+        &shr    ("eax",16);
+        &pxor   (@mm[0],&QWP(&row(0),$tbl,"esi",8));
+        &pxor   (@mm[1],&QWP(&row(1),$tbl,"edi",8));
+        &movb   (&LB("ecx"),&LB("eax"));
+        &movb   (&LB("edx"),&HB("eax"));
+        &mov    ("eax",&DWP(64+($i+1)*8,"esp"))         if ($i<7);
+        &scale  ("esi","ecx");
+        &scale  ("edi","edx");
+        &pxor   (@mm[2],&QWP(&row(2),$tbl,"esi",8));
+        &pxor   (@mm[3],&QWP(&row(3),$tbl,"edi",8));
+        &movb   (&LB("ecx"),&LB("ebx"));
+        &movb   (&LB("edx"),&HB("ebx"));
+        &scale  ("esi","ecx");
+        &scale  ("edi","edx");
+        &shr    ("ebx",16);
+        &pxor   (@mm[4],&QWP(&row(4),$tbl,"esi",8));
+        &pxor   (@mm[5],&QWP(&row(5),$tbl,"edi",8));
+        &movb   (&LB("ecx"),&LB("ebx"));
+        &movb   (&LB("edx"),&HB("ebx"));
+        &mov    ("ebx",&DWP(64+($i+1)*8+4,"esp"))       if ($i<7);
+        &scale  ("esi","ecx");
+        &scale  ("edi","edx");
+        &pxor   (@mm[6],&QWP(&row(6),$tbl,"esi",8));
+        &pxor   (@mm[7],&QWP(&row(7),$tbl,"edi",8));
+    push(@mm,shift(@mm));
+}
+        &lea    ("ebx",&DWP(128,"esp"));
+        &mov    ("esi",&DWP(12,"ebx"));         # pull round counter
+        &add    ("esi",1);
+        &cmp    ("esi",10);
+        &je     (&label("roundsdone"));
+
+        &mov    (&DWP(12,"ebx"),"esi");         # update round counter
+        for($i=0;$i<8;$i++) { &movq(&QWP(64+$i*8,"esp"),@mm[$i]); } # S=L
+        &jmp    (&label("round"));
+
+&set_label("roundsdone",16);
+        &mov    ("esi",&DWP(0,"ebx"));          # reload argument block
+        &mov    ("edi",&DWP(4,"ebx"));
+        &mov    ("eax",&DWP(8,"ebx"));
+
+        for($i=0;$i<8;$i++) { &pxor(@mm[$i],&QWP($i*8,"edi")); }    # L^=inp
+        for($i=0;$i<8;$i++) { &pxor(@mm[$i],&QWP($i*8,"esi")); }    # L^=H
+        for($i=0;$i<8;$i++) { &movq(&QWP($i*8,"esi"),@mm[$i]); }    # H=L
+
+        &lea    ("edi",&DWP(64,"edi"));         # inp+=64
+        &sub    ("eax",1);                      # num--
+        &jz     (&label("alldone"));
+        &mov    (&DWP(4,"ebx"),"edi");          # update argument block
+        &mov    (&DWP(8,"ebx"),"eax");
+        &jmp    (&label("outerloop"));
+
+&set_label("alldone");
+        &emms   ();
+        &mov    ("esp",&DWP(16,"ebx"));         # restore saved stack pointer
+        &pop    ("edi");
+        &pop    ("esi");
+        &pop    ("ebx");
+        &pop    ("ebp");
+        &ret    ();
+
+&align(64);
+&set_label("table");
+        &LL(0x18,0x18,0x60,0x18,0xc0,0x78,0x30,0xd8);
+        &LL(0x23,0x23,0x8c,0x23,0x05,0xaf,0x46,0x26);
+        &LL(0xc6,0xc6,0x3f,0xc6,0x7e,0xf9,0x91,0xb8);
+        &LL(0xe8,0xe8,0x87,0xe8,0x13,0x6f,0xcd,0xfb);
+        &LL(0x87,0x87,0x26,0x87,0x4c,0xa1,0x13,0xcb);
+        &LL(0xb8,0xb8,0xda,0xb8,0xa9,0x62,0x6d,0x11);
+        &LL(0x01,0x01,0x04,0x01,0x08,0x05,0x02,0x09);
+        &LL(0x4f,0x4f,0x21,0x4f,0x42,0x6e,0x9e,0x0d);
+        &LL(0x36,0x36,0xd8,0x36,0xad,0xee,0x6c,0x9b);
+        &LL(0xa6,0xa6,0xa2,0xa6,0x59,0x04,0x51,0xff);
+        &LL(0xd2,0xd2,0x6f,0xd2,0xde,0xbd,0xb9,0x0c);
+        &LL(0xf5,0xf5,0xf3,0xf5,0xfb,0x06,0xf7,0x0e);
+        &LL(0x79,0x79,0xf9,0x79,0xef,0x80,0xf2,0x96);
+        &LL(0x6f,0x6f,0xa1,0x6f,0x5f,0xce,0xde,0x30);
+        &LL(0x91,0x91,0x7e,0x91,0xfc,0xef,0x3f,0x6d);
+        &LL(0x52,0x52,0x55,0x52,0xaa,0x07,0xa4,0xf8);
+        &LL(0x60,0x60,0x9d,0x60,0x27,0xfd,0xc0,0x47);
+        &LL(0xbc,0xbc,0xca,0xbc,0x89,0x76,0x65,0x35);
+        &LL(0x9b,0x9b,0x56,0x9b,0xac,0xcd,0x2b,0x37);
+        &LL(0x8e,0x8e,0x02,0x8e,0x04,0x8c,0x01,0x8a);
+        &LL(0xa3,0xa3,0xb6,0xa3,0x71,0x15,0x5b,0xd2);
+        &LL(0x0c,0x0c,0x30,0x0c,0x60,0x3c,0x18,0x6c);
+        &LL(0x7b,0x7b,0xf1,0x7b,0xff,0x8a,0xf6,0x84);
+        &LL(0x35,0x35,0xd4,0x35,0xb5,0xe1,0x6a,0x80);
+        &LL(0x1d,0x1d,0x74,0x1d,0xe8,0x69,0x3a,0xf5);
+        &LL(0xe0,0xe0,0xa7,0xe0,0x53,0x47,0xdd,0xb3);
+        &LL(0xd7,0xd7,0x7b,0xd7,0xf6,0xac,0xb3,0x21);
+        &LL(0xc2,0xc2,0x2f,0xc2,0x5e,0xed,0x99,0x9c);
+        &LL(0x2e,0x2e,0xb8,0x2e,0x6d,0x96,0x5c,0x43);
+        &LL(0x4b,0x4b,0x31,0x4b,0x62,0x7a,0x96,0x29);
+        &LL(0xfe,0xfe,0xdf,0xfe,0xa3,0x21,0xe1,0x5d);
+        &LL(0x57,0x57,0x41,0x57,0x82,0x16,0xae,0xd5);
+        &LL(0x15,0x15,0x54,0x15,0xa8,0x41,0x2a,0xbd);
+        &LL(0x77,0x77,0xc1,0x77,0x9f,0xb6,0xee,0xe8);
+        &LL(0x37,0x37,0xdc,0x37,0xa5,0xeb,0x6e,0x92);
+        &LL(0xe5,0xe5,0xb3,0xe5,0x7b,0x56,0xd7,0x9e);
+        &LL(0x9f,0x9f,0x46,0x9f,0x8c,0xd9,0x23,0x13);
+        &LL(0xf0,0xf0,0xe7,0xf0,0xd3,0x17,0xfd,0x23);
+        &LL(0x4a,0x4a,0x35,0x4a,0x6a,0x7f,0x94,0x20);
+        &LL(0xda,0xda,0x4f,0xda,0x9e,0x95,0xa9,0x44);
+        &LL(0x58,0x58,0x7d,0x58,0xfa,0x25,0xb0,0xa2);
+        &LL(0xc9,0xc9,0x03,0xc9,0x06,0xca,0x8f,0xcf);
+        &LL(0x29,0x29,0xa4,0x29,0x55,0x8d,0x52,0x7c);
+        &LL(0x0a,0x0a,0x28,0x0a,0x50,0x22,0x14,0x5a);
+        &LL(0xb1,0xb1,0xfe,0xb1,0xe1,0x4f,0x7f,0x50);
+        &LL(0xa0,0xa0,0xba,0xa0,0x69,0x1a,0x5d,0xc9);
+        &LL(0x6b,0x6b,0xb1,0x6b,0x7f,0xda,0xd6,0x14);
+        &LL(0x85,0x85,0x2e,0x85,0x5c,0xab,0x17,0xd9);
+        &LL(0xbd,0xbd,0xce,0xbd,0x81,0x73,0x67,0x3c);
+        &LL(0x5d,0x5d,0x69,0x5d,0xd2,0x34,0xba,0x8f);
+        &LL(0x10,0x10,0x40,0x10,0x80,0x50,0x20,0x90);
+        &LL(0xf4,0xf4,0xf7,0xf4,0xf3,0x03,0xf5,0x07);
+        &LL(0xcb,0xcb,0x0b,0xcb,0x16,0xc0,0x8b,0xdd);
+        &LL(0x3e,0x3e,0xf8,0x3e,0xed,0xc6,0x7c,0xd3);
+        &LL(0x05,0x05,0x14,0x05,0x28,0x11,0x0a,0x2d);
+        &LL(0x67,0x67,0x81,0x67,0x1f,0xe6,0xce,0x78);
+        &LL(0xe4,0xe4,0xb7,0xe4,0x73,0x53,0xd5,0x97);
+        &LL(0x27,0x27,0x9c,0x27,0x25,0xbb,0x4e,0x02);
+        &LL(0x41,0x41,0x19,0x41,0x32,0x58,0x82,0x73);
+        &LL(0x8b,0x8b,0x16,0x8b,0x2c,0x9d,0x0b,0xa7);
+        &LL(0xa7,0xa7,0xa6,0xa7,0x51,0x01,0x53,0xf6);
+        &LL(0x7d,0x7d,0xe9,0x7d,0xcf,0x94,0xfa,0xb2);
+        &LL(0x95,0x95,0x6e,0x95,0xdc,0xfb,0x37,0x49);
+        &LL(0xd8,0xd8,0x47,0xd8,0x8e,0x9f,0xad,0x56);
+        &LL(0xfb,0xfb,0xcb,0xfb,0x8b,0x30,0xeb,0x70);
+        &LL(0xee,0xee,0x9f,0xee,0x23,0x71,0xc1,0xcd);
+        &LL(0x7c,0x7c,0xed,0x7c,0xc7,0x91,0xf8,0xbb);
+        &LL(0x66,0x66,0x85,0x66,0x17,0xe3,0xcc,0x71);
+        &LL(0xdd,0xdd,0x53,0xdd,0xa6,0x8e,0xa7,0x7b);
+        &LL(0x17,0x17,0x5c,0x17,0xb8,0x4b,0x2e,0xaf);
+        &LL(0x47,0x47,0x01,0x47,0x02,0x46,0x8e,0x45);
+        &LL(0x9e,0x9e,0x42,0x9e,0x84,0xdc,0x21,0x1a);
+        &LL(0xca,0xca,0x0f,0xca,0x1e,0xc5,0x89,0xd4);
+        &LL(0x2d,0x2d,0xb4,0x2d,0x75,0x99,0x5a,0x58);
+        &LL(0xbf,0xbf,0xc6,0xbf,0x91,0x79,0x63,0x2e);
+        &LL(0x07,0x07,0x1c,0x07,0x38,0x1b,0x0e,0x3f);
+        &LL(0xad,0xad,0x8e,0xad,0x01,0x23,0x47,0xac);
+        &LL(0x5a,0x5a,0x75,0x5a,0xea,0x2f,0xb4,0xb0);
+        &LL(0x83,0x83,0x36,0x83,0x6c,0xb5,0x1b,0xef);
+        &LL(0x33,0x33,0xcc,0x33,0x85,0xff,0x66,0xb6);
+        &LL(0x63,0x63,0x91,0x63,0x3f,0xf2,0xc6,0x5c);
+        &LL(0x02,0x02,0x08,0x02,0x10,0x0a,0x04,0x12);
+        &LL(0xaa,0xaa,0x92,0xaa,0x39,0x38,0x49,0x93);
+        &LL(0x71,0x71,0xd9,0x71,0xaf,0xa8,0xe2,0xde);
+        &LL(0xc8,0xc8,0x07,0xc8,0x0e,0xcf,0x8d,0xc6);
+        &LL(0x19,0x19,0x64,0x19,0xc8,0x7d,0x32,0xd1);
+        &LL(0x49,0x49,0x39,0x49,0x72,0x70,0x92,0x3b);
+        &LL(0xd9,0xd9,0x43,0xd9,0x86,0x9a,0xaf,0x5f);
+        &LL(0xf2,0xf2,0xef,0xf2,0xc3,0x1d,0xf9,0x31);
+        &LL(0xe3,0xe3,0xab,0xe3,0x4b,0x48,0xdb,0xa8);
+        &LL(0x5b,0x5b,0x71,0x5b,0xe2,0x2a,0xb6,0xb9);
+        &LL(0x88,0x88,0x1a,0x88,0x34,0x92,0x0d,0xbc);
+        &LL(0x9a,0x9a,0x52,0x9a,0xa4,0xc8,0x29,0x3e);
+        &LL(0x26,0x26,0x98,0x26,0x2d,0xbe,0x4c,0x0b);
+        &LL(0x32,0x32,0xc8,0x32,0x8d,0xfa,0x64,0xbf);
+        &LL(0xb0,0xb0,0xfa,0xb0,0xe9,0x4a,0x7d,0x59);
+        &LL(0xe9,0xe9,0x83,0xe9,0x1b,0x6a,0xcf,0xf2);
+        &LL(0x0f,0x0f,0x3c,0x0f,0x78,0x33,0x1e,0x77);
+        &LL(0xd5,0xd5,0x73,0xd5,0xe6,0xa6,0xb7,0x33);
+        &LL(0x80,0x80,0x3a,0x80,0x74,0xba,0x1d,0xf4);
+        &LL(0xbe,0xbe,0xc2,0xbe,0x99,0x7c,0x61,0x27);
+        &LL(0xcd,0xcd,0x13,0xcd,0x26,0xde,0x87,0xeb);
+        &LL(0x34,0x34,0xd0,0x34,0xbd,0xe4,0x68,0x89);
+        &LL(0x48,0x48,0x3d,0x48,0x7a,0x75,0x90,0x32);
+        &LL(0xff,0xff,0xdb,0xff,0xab,0x24,0xe3,0x54);
+        &LL(0x7a,0x7a,0xf5,0x7a,0xf7,0x8f,0xf4,0x8d);
+        &LL(0x90,0x90,0x7a,0x90,0xf4,0xea,0x3d,0x64);
+        &LL(0x5f,0x5f,0x61,0x5f,0xc2,0x3e,0xbe,0x9d);
+        &LL(0x20,0x20,0x80,0x20,0x1d,0xa0,0x40,0x3d);
+        &LL(0x68,0x68,0xbd,0x68,0x67,0xd5,0xd0,0x0f);
+        &LL(0x1a,0x1a,0x68,0x1a,0xd0,0x72,0x34,0xca);
+        &LL(0xae,0xae,0x82,0xae,0x19,0x2c,0x41,0xb7);
+        &LL(0xb4,0xb4,0xea,0xb4,0xc9,0x5e,0x75,0x7d);
+        &LL(0x54,0x54,0x4d,0x54,0x9a,0x19,0xa8,0xce);
+        &LL(0x93,0x93,0x76,0x93,0xec,0xe5,0x3b,0x7f);
+        &LL(0x22,0x22,0x88,0x22,0x0d,0xaa,0x44,0x2f);
+        &LL(0x64,0x64,0x8d,0x64,0x07,0xe9,0xc8,0x63);
+        &LL(0xf1,0xf1,0xe3,0xf1,0xdb,0x12,0xff,0x2a);
+        &LL(0x73,0x73,0xd1,0x73,0xbf,0xa2,0xe6,0xcc);
+        &LL(0x12,0x12,0x48,0x12,0x90,0x5a,0x24,0x82);
+        &LL(0x40,0x40,0x1d,0x40,0x3a,0x5d,0x80,0x7a);
+        &LL(0x08,0x08,0x20,0x08,0x40,0x28,0x10,0x48);
+        &LL(0xc3,0xc3,0x2b,0xc3,0x56,0xe8,0x9b,0x95);
+        &LL(0xec,0xec,0x97,0xec,0x33,0x7b,0xc5,0xdf);
+        &LL(0xdb,0xdb,0x4b,0xdb,0x96,0x90,0xab,0x4d);
+        &LL(0xa1,0xa1,0xbe,0xa1,0x61,0x1f,0x5f,0xc0);
+        &LL(0x8d,0x8d,0x0e,0x8d,0x1c,0x83,0x07,0x91);
+        &LL(0x3d,0x3d,0xf4,0x3d,0xf5,0xc9,0x7a,0xc8);
+        &LL(0x97,0x97,0x66,0x97,0xcc,0xf1,0x33,0x5b);
+        &LL(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00);
+        &LL(0xcf,0xcf,0x1b,0xcf,0x36,0xd4,0x83,0xf9);
+        &LL(0x2b,0x2b,0xac,0x2b,0x45,0x87,0x56,0x6e);
+        &LL(0x76,0x76,0xc5,0x76,0x97,0xb3,0xec,0xe1);
+        &LL(0x82,0x82,0x32,0x82,0x64,0xb0,0x19,0xe6);
+        &LL(0xd6,0xd6,0x7f,0xd6,0xfe,0xa9,0xb1,0x28);
+        &LL(0x1b,0x1b,0x6c,0x1b,0xd8,0x77,0x36,0xc3);
+        &LL(0xb5,0xb5,0xee,0xb5,0xc1,0x5b,0x77,0x74);
+        &LL(0xaf,0xaf,0x86,0xaf,0x11,0x29,0x43,0xbe);
+        &LL(0x6a,0x6a,0xb5,0x6a,0x77,0xdf,0xd4,0x1d);
+        &LL(0x50,0x50,0x5d,0x50,0xba,0x0d,0xa0,0xea);
+        &LL(0x45,0x45,0x09,0x45,0x12,0x4c,0x8a,0x57);
+        &LL(0xf3,0xf3,0xeb,0xf3,0xcb,0x18,0xfb,0x38);
+        &LL(0x30,0x30,0xc0,0x30,0x9d,0xf0,0x60,0xad);
+        &LL(0xef,0xef,0x9b,0xef,0x2b,0x74,0xc3,0xc4);
+        &LL(0x3f,0x3f,0xfc,0x3f,0xe5,0xc3,0x7e,0xda);
+        &LL(0x55,0x55,0x49,0x55,0x92,0x1c,0xaa,0xc7);
+        &LL(0xa2,0xa2,0xb2,0xa2,0x79,0x10,0x59,0xdb);
+        &LL(0xea,0xea,0x8f,0xea,0x03,0x65,0xc9,0xe9);
+        &LL(0x65,0x65,0x89,0x65,0x0f,0xec,0xca,0x6a);
+        &LL(0xba,0xba,0xd2,0xba,0xb9,0x68,0x69,0x03);
+        &LL(0x2f,0x2f,0xbc,0x2f,0x65,0x93,0x5e,0x4a);
+        &LL(0xc0,0xc0,0x27,0xc0,0x4e,0xe7,0x9d,0x8e);
+        &LL(0xde,0xde,0x5f,0xde,0xbe,0x81,0xa1,0x60);
+        &LL(0x1c,0x1c,0x70,0x1c,0xe0,0x6c,0x38,0xfc);
+        &LL(0xfd,0xfd,0xd3,0xfd,0xbb,0x2e,0xe7,0x46);
+        &LL(0x4d,0x4d,0x29,0x4d,0x52,0x64,0x9a,0x1f);
+        &LL(0x92,0x92,0x72,0x92,0xe4,0xe0,0x39,0x76);
+        &LL(0x75,0x75,0xc9,0x75,0x8f,0xbc,0xea,0xfa);
+        &LL(0x06,0x06,0x18,0x06,0x30,0x1e,0x0c,0x36);
+        &LL(0x8a,0x8a,0x12,0x8a,0x24,0x98,0x09,0xae);
+        &LL(0xb2,0xb2,0xf2,0xb2,0xf9,0x40,0x79,0x4b);
+        &LL(0xe6,0xe6,0xbf,0xe6,0x63,0x59,0xd1,0x85);
+        &LL(0x0e,0x0e,0x38,0x0e,0x70,0x36,0x1c,0x7e);
+        &LL(0x1f,0x1f,0x7c,0x1f,0xf8,0x63,0x3e,0xe7);
+        &LL(0x62,0x62,0x95,0x62,0x37,0xf7,0xc4,0x55);
+        &LL(0xd4,0xd4,0x77,0xd4,0xee,0xa3,0xb5,0x3a);
+        &LL(0xa8,0xa8,0x9a,0xa8,0x29,0x32,0x4d,0x81);
+        &LL(0x96,0x96,0x62,0x96,0xc4,0xf4,0x31,0x52);
+        &LL(0xf9,0xf9,0xc3,0xf9,0x9b,0x3a,0xef,0x62);
+        &LL(0xc5,0xc5,0x33,0xc5,0x66,0xf6,0x97,0xa3);
+        &LL(0x25,0x25,0x94,0x25,0x35,0xb1,0x4a,0x10);
+        &LL(0x59,0x59,0x79,0x59,0xf2,0x20,0xb2,0xab);
+        &LL(0x84,0x84,0x2a,0x84,0x54,0xae,0x15,0xd0);
+        &LL(0x72,0x72,0xd5,0x72,0xb7,0xa7,0xe4,0xc5);
+        &LL(0x39,0x39,0xe4,0x39,0xd5,0xdd,0x72,0xec);
+        &LL(0x4c,0x4c,0x2d,0x4c,0x5a,0x61,0x98,0x16);
+        &LL(0x5e,0x5e,0x65,0x5e,0xca,0x3b,0xbc,0x94);
+        &LL(0x78,0x78,0xfd,0x78,0xe7,0x85,0xf0,0x9f);
+        &LL(0x38,0x38,0xe0,0x38,0xdd,0xd8,0x70,0xe5);
+        &LL(0x8c,0x8c,0x0a,0x8c,0x14,0x86,0x05,0x98);
+        &LL(0xd1,0xd1,0x63,0xd1,0xc6,0xb2,0xbf,0x17);
+        &LL(0xa5,0xa5,0xae,0xa5,0x41,0x0b,0x57,0xe4);
+        &LL(0xe2,0xe2,0xaf,0xe2,0x43,0x4d,0xd9,0xa1);
+        &LL(0x61,0x61,0x99,0x61,0x2f,0xf8,0xc2,0x4e);
+        &LL(0xb3,0xb3,0xf6,0xb3,0xf1,0x45,0x7b,0x42);
+        &LL(0x21,0x21,0x84,0x21,0x15,0xa5,0x42,0x34);
+        &LL(0x9c,0x9c,0x4a,0x9c,0x94,0xd6,0x25,0x08);
+        &LL(0x1e,0x1e,0x78,0x1e,0xf0,0x66,0x3c,0xee);
+        &LL(0x43,0x43,0x11,0x43,0x22,0x52,0x86,0x61);
+        &LL(0xc7,0xc7,0x3b,0xc7,0x76,0xfc,0x93,0xb1);
+        &LL(0xfc,0xfc,0xd7,0xfc,0xb3,0x2b,0xe5,0x4f);
+        &LL(0x04,0x04,0x10,0x04,0x20,0x14,0x08,0x24);
+        &LL(0x51,0x51,0x59,0x51,0xb2,0x08,0xa2,0xe3);
+        &LL(0x99,0x99,0x5e,0x99,0xbc,0xc7,0x2f,0x25);
+        &LL(0x6d,0x6d,0xa9,0x6d,0x4f,0xc4,0xda,0x22);
+        &LL(0x0d,0x0d,0x34,0x0d,0x68,0x39,0x1a,0x65);
+        &LL(0xfa,0xfa,0xcf,0xfa,0x83,0x35,0xe9,0x79);
+        &LL(0xdf,0xdf,0x5b,0xdf,0xb6,0x84,0xa3,0x69);
+        &LL(0x7e,0x7e,0xe5,0x7e,0xd7,0x9b,0xfc,0xa9);
+        &LL(0x24,0x24,0x90,0x24,0x3d,0xb4,0x48,0x19);
+        &LL(0x3b,0x3b,0xec,0x3b,0xc5,0xd7,0x76,0xfe);
+        &LL(0xab,0xab,0x96,0xab,0x31,0x3d,0x4b,0x9a);
+        &LL(0xce,0xce,0x1f,0xce,0x3e,0xd1,0x81,0xf0);
+        &LL(0x11,0x11,0x44,0x11,0x88,0x55,0x22,0x99);
+        &LL(0x8f,0x8f,0x06,0x8f,0x0c,0x89,0x03,0x83);
+        &LL(0x4e,0x4e,0x25,0x4e,0x4a,0x6b,0x9c,0x04);
+        &LL(0xb7,0xb7,0xe6,0xb7,0xd1,0x51,0x73,0x66);
+        &LL(0xeb,0xeb,0x8b,0xeb,0x0b,0x60,0xcb,0xe0);
+        &LL(0x3c,0x3c,0xf0,0x3c,0xfd,0xcc,0x78,0xc1);
+        &LL(0x81,0x81,0x3e,0x81,0x7c,0xbf,0x1f,0xfd);
+        &LL(0x94,0x94,0x6a,0x94,0xd4,0xfe,0x35,0x40);
+        &LL(0xf7,0xf7,0xfb,0xf7,0xeb,0x0c,0xf3,0x1c);
+        &LL(0xb9,0xb9,0xde,0xb9,0xa1,0x67,0x6f,0x18);
+        &LL(0x13,0x13,0x4c,0x13,0x98,0x5f,0x26,0x8b);
+        &LL(0x2c,0x2c,0xb0,0x2c,0x7d,0x9c,0x58,0x51);
+        &LL(0xd3,0xd3,0x6b,0xd3,0xd6,0xb8,0xbb,0x05);
+        &LL(0xe7,0xe7,0xbb,0xe7,0x6b,0x5c,0xd3,0x8c);
+        &LL(0x6e,0x6e,0xa5,0x6e,0x57,0xcb,0xdc,0x39);
+        &LL(0xc4,0xc4,0x37,0xc4,0x6e,0xf3,0x95,0xaa);
+        &LL(0x03,0x03,0x0c,0x03,0x18,0x0f,0x06,0x1b);
+        &LL(0x56,0x56,0x45,0x56,0x8a,0x13,0xac,0xdc);
+        &LL(0x44,0x44,0x0d,0x44,0x1a,0x49,0x88,0x5e);
+        &LL(0x7f,0x7f,0xe1,0x7f,0xdf,0x9e,0xfe,0xa0);
+        &LL(0xa9,0xa9,0x9e,0xa9,0x21,0x37,0x4f,0x88);
+        &LL(0x2a,0x2a,0xa8,0x2a,0x4d,0x82,0x54,0x67);
+        &LL(0xbb,0xbb,0xd6,0xbb,0xb1,0x6d,0x6b,0x0a);
+        &LL(0xc1,0xc1,0x23,0xc1,0x46,0xe2,0x9f,0x87);
+        &LL(0x53,0x53,0x51,0x53,0xa2,0x02,0xa6,0xf1);
+        &LL(0xdc,0xdc,0x57,0xdc,0xae,0x8b,0xa5,0x72);
+        &LL(0x0b,0x0b,0x2c,0x0b,0x58,0x27,0x16,0x53);
+        &LL(0x9d,0x9d,0x4e,0x9d,0x9c,0xd3,0x27,0x01);
+        &LL(0x6c,0x6c,0xad,0x6c,0x47,0xc1,0xd8,0x2b);
+        &LL(0x31,0x31,0xc4,0x31,0x95,0xf5,0x62,0xa4);
+        &LL(0x74,0x74,0xcd,0x74,0x87,0xb9,0xe8,0xf3);
+        &LL(0xf6,0xf6,0xff,0xf6,0xe3,0x09,0xf1,0x15);
+        &LL(0x46,0x46,0x05,0x46,0x0a,0x43,0x8c,0x4c);
+        &LL(0xac,0xac,0x8a,0xac,0x09,0x26,0x45,0xa5);
+        &LL(0x89,0x89,0x1e,0x89,0x3c,0x97,0x0f,0xb5);
+        &LL(0x14,0x14,0x50,0x14,0xa0,0x44,0x28,0xb4);
+        &LL(0xe1,0xe1,0xa3,0xe1,0x5b,0x42,0xdf,0xba);
+        &LL(0x16,0x16,0x58,0x16,0xb0,0x4e,0x2c,0xa6);
+        &LL(0x3a,0x3a,0xe8,0x3a,0xcd,0xd2,0x74,0xf7);
+        &LL(0x69,0x69,0xb9,0x69,0x6f,0xd0,0xd2,0x06);
+        &LL(0x09,0x09,0x24,0x09,0x48,0x2d,0x12,0x41);
+        &LL(0x70,0x70,0xdd,0x70,0xa7,0xad,0xe0,0xd7);
+        &LL(0xb6,0xb6,0xe2,0xb6,0xd9,0x54,0x71,0x6f);
+        &LL(0xd0,0xd0,0x67,0xd0,0xce,0xb7,0xbd,0x1e);
+        &LL(0xed,0xed,0x93,0xed,0x3b,0x7e,0xc7,0xd6);
+        &LL(0xcc,0xcc,0x17,0xcc,0x2e,0xdb,0x85,0xe2);
+        &LL(0x42,0x42,0x15,0x42,0x2a,0x57,0x84,0x68);
+        &LL(0x98,0x98,0x5a,0x98,0xb4,0xc2,0x2d,0x2c);
+        &LL(0xa4,0xa4,0xaa,0xa4,0x49,0x0e,0x55,0xed);
+        &LL(0x28,0x28,0xa0,0x28,0x5d,0x88,0x50,0x75);
+        &LL(0x5c,0x5c,0x6d,0x5c,0xda,0x31,0xb8,0x86);
+        &LL(0xf8,0xf8,0xc7,0xf8,0x93,0x3f,0xed,0x6b);
+        &LL(0x86,0x86,0x22,0x86,0x44,0xa4,0x11,0xc2);
+
+        &L(0x18,0x23,0xc6,0xe8,0x87,0xb8,0x01,0x4f);    # rc[ROUNDS]
+        &L(0x36,0xa6,0xd2,0xf5,0x79,0x6f,0x91,0x52);
+        &L(0x60,0xbc,0x9b,0x8e,0xa3,0x0c,0x7b,0x35);
+        &L(0x1d,0xe0,0xd7,0xc2,0x2e,0x4b,0xfe,0x57);
+        &L(0x15,0x77,0x37,0xe5,0x9f,0xf0,0x4a,0xda);
+        &L(0x58,0xc9,0x29,0x0a,0xb1,0xa0,0x6b,0x85);
+        &L(0xbd,0x5d,0x10,0xf4,0xcb,0x3e,0x05,0x67);
+        &L(0xe4,0x27,0x41,0x8b,0xa7,0x7d,0x95,0xd8);
+        &L(0xfb,0xee,0x7c,0x66,0xdd,0x17,0x47,0x9e);
+        &L(0xca,0x2d,0xbf,0x07,0xad,0x5a,0x83,0x33);
+
+&function_end_B("whirlpool_block_mmx");
+&asm_finish(); 
diff --git a/src/lib/libcrypto/whrlpool/asm/wp-x86_64.pl b/src/lib/libcrypto/whrlpool/asm/wp-x86_64.pl
new file mode 100644
index 0000000000..87c0843dc1
--- /dev/null
+++ b/src/lib/libcrypto/whrlpool/asm/wp-x86_64.pl
@@ -0,0 +1,589 @@
+#!/usr/bin/env perl
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. Rights for redistribution and usage in source and binary
+# forms are granted according to the OpenSSL license.
+# ====================================================================
+#
+# whirlpool_block for x86_64.
+#
+# 2500 cycles per 64-byte input block on AMD64, which is *identical*
+# to 32-bit MMX version executed on same CPU. So why did I bother?
+# Well, it's faster than gcc 3.3.2 generated code by over 50%, and
+# over 80% faster than PathScale 1.4, an "ambitious" commercial
+# compiler. Furthermore it surpasses gcc 3.4.3 by 170% and Sun Studio
+# 10 - by 360%[!]... What is it with x86_64 compilers? It's not the
+# first example when they fail to generate more optimal code, when
+# I believe they had *all* chances to...
+#
+# Note that register and stack frame layout are virtually identical
+# to 32-bit MMX version, except that %r8-15 are used instead of
+# %mm0-8. You can even notice that K[i] and S[i] are loaded to
+# %eax:%ebx as pair of 32-bit values and not as single 64-bit one.
+# This is done in order to avoid 64-bit shift penalties on Intel
+# EM64T core. Speaking of which! I bet it's possible to improve
+# Opteron performance by compressing the table to 2KB and replacing
+# unaligned references with complementary rotations [which would
+# incidentally replace lea instructions], but it would definitely
+# just "kill" EM64T, because it has only 1 shifter/rotator [against
+# 3 on Opteron] and which is *unacceptably* slow with 64-bit
+# operand.
+
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; my $dir=$1; my $xlate;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+open STDOUT,"| $^X $xlate $flavour $output";
+
+sub L() { $code.=".byte ".join(',',@_)."\n"; }
+sub LL(){ $code.=".byte ".join(',',@_).",".join(',',@_)."\n"; }
+
+@mm=("%r8","%r9","%r10","%r11","%r12","%r13","%r14","%r15");
+
+$func="whirlpool_block";
+$table=".Ltable";
+
+$code=<<___;
+.text
+
+.globl  $func
+.type   $func,\@function,3
+.align  16
+$func:
+        push    %rbx
+        push    %rbp
+        push    %r12
+        push    %r13
+        push    %r14
+        push    %r15
+
+        mov     %rsp,%r11
+        sub     \$128+40,%rsp
+        and     \$-64,%rsp
+
+        lea     128(%rsp),%r10
+        mov     %rdi,0(%r10)            # save parameter block
+        mov     %rsi,8(%r10)
+        mov     %rdx,16(%r10)
+        mov     %r11,32(%r10)           # saved stack pointer
+.Lprologue:
+
+        mov     %r10,%rbx
+        lea     $table(%rip),%rbp
+
+        xor     %rcx,%rcx
+        xor     %rdx,%rdx
+___
+for($i=0;$i<8;$i++) { $code.="mov $i*8(%rdi),@mm[$i]\n"; }      # L=H
+$code.=".Louterloop:\n";
+for($i=0;$i<8;$i++) { $code.="mov @mm[$i],$i*8(%rsp)\n"; }      # K=L
+for($i=0;$i<8;$i++) { $code.="xor $i*8(%rsi),@mm[$i]\n"; }      # L^=inp
+for($i=0;$i<8;$i++) { $code.="mov @mm[$i],64+$i*8(%rsp)\n"; }   # S=L
+$code.=<<___;
+        xor     %rsi,%rsi
+        mov     %rsi,24(%rbx)           # zero round counter
+.align  16
+.Lround:
+        mov     4096(%rbp,%rsi,8),@mm[0]        # rc[r]
+        mov     0(%rsp),%eax
+        mov     4(%rsp),%ebx
+___
+for($i=0;$i<8;$i++) {
+    my $func = ($i==0)? "mov" : "xor";
+    $code.=<<___;
+        mov     %al,%cl
+        mov     %ah,%dl
+        lea     (%rcx,%rcx),%rsi
+        lea     (%rdx,%rdx),%rdi
+        shr     \$16,%eax
+        xor     0(%rbp,%rsi,8),@mm[0]
+        $func   7(%rbp,%rdi,8),@mm[1]
+        mov     %al,%cl
+        mov     %ah,%dl
+        mov     $i*8+8(%rsp),%eax               # ($i+1)*8
+        lea     (%rcx,%rcx),%rsi
+        lea     (%rdx,%rdx),%rdi
+        $func   6(%rbp,%rsi,8),@mm[2]
+        $func   5(%rbp,%rdi,8),@mm[3]
+        mov     %bl,%cl
+        mov     %bh,%dl
+        lea     (%rcx,%rcx),%rsi
+        lea     (%rdx,%rdx),%rdi
+        shr     \$16,%ebx
+        $func   4(%rbp,%rsi,8),@mm[4]
+        $func   3(%rbp,%rdi,8),@mm[5]
+        mov     %bl,%cl
+        mov     %bh,%dl
+        mov     $i*8+8+4(%rsp),%ebx             # ($i+1)*8+4
+        lea     (%rcx,%rcx),%rsi
+        lea     (%rdx,%rdx),%rdi
+        $func   2(%rbp,%rsi,8),@mm[6]
+        $func   1(%rbp,%rdi,8),@mm[7]
+___
+    push(@mm,shift(@mm));
+}
+for($i=0;$i<8;$i++) { $code.="mov @mm[$i],$i*8(%rsp)\n"; }      # K=L
+for($i=0;$i<8;$i++) {
+    $code.=<<___;
+        mov     %al,%cl
+        mov     %ah,%dl
+        lea     (%rcx,%rcx),%rsi
+        lea     (%rdx,%rdx),%rdi
+        shr     \$16,%eax
+        xor     0(%rbp,%rsi,8),@mm[0]
+        xor     7(%rbp,%rdi,8),@mm[1]
+        mov     %al,%cl
+        mov     %ah,%dl
+        `"mov   64+$i*8+8(%rsp),%eax"   if($i<7);`      # 64+($i+1)*8
+        lea     (%rcx,%rcx),%rsi
+        lea     (%rdx,%rdx),%rdi
+        xor     6(%rbp,%rsi,8),@mm[2]
+        xor     5(%rbp,%rdi,8),@mm[3]
+        mov     %bl,%cl
+        mov     %bh,%dl
+        lea     (%rcx,%rcx),%rsi
+        lea     (%rdx,%rdx),%rdi
+        shr     \$16,%ebx
+        xor     4(%rbp,%rsi,8),@mm[4]
+        xor     3(%rbp,%rdi,8),@mm[5]
+        mov     %bl,%cl
+        mov     %bh,%dl
+        `"mov   64+$i*8+8+4(%rsp),%ebx" if($i<7);`      # 64+($i+1)*8+4
+        lea     (%rcx,%rcx),%rsi
+        lea     (%rdx,%rdx),%rdi
+        xor     2(%rbp,%rsi,8),@mm[6]
+        xor     1(%rbp,%rdi,8),@mm[7]
+___
+    push(@mm,shift(@mm));
+}
+$code.=<<___;
+        lea     128(%rsp),%rbx
+        mov     24(%rbx),%rsi           # pull round counter
+        add     \$1,%rsi
+        cmp     \$10,%rsi
+        je      .Lroundsdone
+
+        mov     %rsi,24(%rbx)           # update round counter
+___
+for($i=0;$i<8;$i++) { $code.="mov @mm[$i],64+$i*8(%rsp)\n"; }   # S=L
+$code.=<<___;
+        jmp     .Lround
+.align  16
+.Lroundsdone:
+        mov     0(%rbx),%rdi            # reload argument block
+        mov     8(%rbx),%rsi
+        mov     16(%rbx),%rax
+___
+for($i=0;$i<8;$i++) { $code.="xor $i*8(%rsi),@mm[$i]\n"; }      # L^=inp
+for($i=0;$i<8;$i++) { $code.="xor $i*8(%rdi),@mm[$i]\n"; }      # L^=H
+for($i=0;$i<8;$i++) { $code.="mov @mm[$i],$i*8(%rdi)\n"; }      # H=L
+$code.=<<___;
+        lea     64(%rsi),%rsi           # inp+=64
+        sub     \$1,%rax                # num--
+        jz      .Lalldone
+        mov     %rsi,8(%rbx)            # update parameter block
+        mov     %rax,16(%rbx)
+        jmp     .Louterloop
+.Lalldone:
+        mov     32(%rbx),%rsi           # restore saved pointer
+        mov     (%rsi),%r15
+        mov     8(%rsi),%r14
+        mov     16(%rsi),%r13
+        mov     24(%rsi),%r12
+        mov     32(%rsi),%rbp
+        mov     40(%rsi),%rbx
+        lea     48(%rsi),%rsp
+.Lepilogue:
+        ret
+.size   $func,.-$func
+
+.align  64
+.type   $table,\@object
+$table:
+___
+        &LL(0x18,0x18,0x60,0x18,0xc0,0x78,0x30,0xd8);
+        &LL(0x23,0x23,0x8c,0x23,0x05,0xaf,0x46,0x26);
+        &LL(0xc6,0xc6,0x3f,0xc6,0x7e,0xf9,0x91,0xb8);
+        &LL(0xe8,0xe8,0x87,0xe8,0x13,0x6f,0xcd,0xfb);
+        &LL(0x87,0x87,0x26,0x87,0x4c,0xa1,0x13,0xcb);
+        &LL(0xb8,0xb8,0xda,0xb8,0xa9,0x62,0x6d,0x11);
+        &LL(0x01,0x01,0x04,0x01,0x08,0x05,0x02,0x09);
+        &LL(0x4f,0x4f,0x21,0x4f,0x42,0x6e,0x9e,0x0d);
+        &LL(0x36,0x36,0xd8,0x36,0xad,0xee,0x6c,0x9b);
+        &LL(0xa6,0xa6,0xa2,0xa6,0x59,0x04,0x51,0xff);
+        &LL(0xd2,0xd2,0x6f,0xd2,0xde,0xbd,0xb9,0x0c);
+        &LL(0xf5,0xf5,0xf3,0xf5,0xfb,0x06,0xf7,0x0e);
+        &LL(0x79,0x79,0xf9,0x79,0xef,0x80,0xf2,0x96);
+        &LL(0x6f,0x6f,0xa1,0x6f,0x5f,0xce,0xde,0x30);
+        &LL(0x91,0x91,0x7e,0x91,0xfc,0xef,0x3f,0x6d);
+        &LL(0x52,0x52,0x55,0x52,0xaa,0x07,0xa4,0xf8);
+        &LL(0x60,0x60,0x9d,0x60,0x27,0xfd,0xc0,0x47);
+        &LL(0xbc,0xbc,0xca,0xbc,0x89,0x76,0x65,0x35);
+        &LL(0x9b,0x9b,0x56,0x9b,0xac,0xcd,0x2b,0x37);
+        &LL(0x8e,0x8e,0x02,0x8e,0x04,0x8c,0x01,0x8a);
+        &LL(0xa3,0xa3,0xb6,0xa3,0x71,0x15,0x5b,0xd2);
+        &LL(0x0c,0x0c,0x30,0x0c,0x60,0x3c,0x18,0x6c);
+        &LL(0x7b,0x7b,0xf1,0x7b,0xff,0x8a,0xf6,0x84);
+        &LL(0x35,0x35,0xd4,0x35,0xb5,0xe1,0x6a,0x80);
+        &LL(0x1d,0x1d,0x74,0x1d,0xe8,0x69,0x3a,0xf5);
+        &LL(0xe0,0xe0,0xa7,0xe0,0x53,0x47,0xdd,0xb3);
+        &LL(0xd7,0xd7,0x7b,0xd7,0xf6,0xac,0xb3,0x21);
+        &LL(0xc2,0xc2,0x2f,0xc2,0x5e,0xed,0x99,0x9c);
+        &LL(0x2e,0x2e,0xb8,0x2e,0x6d,0x96,0x5c,0x43);
+        &LL(0x4b,0x4b,0x31,0x4b,0x62,0x7a,0x96,0x29);
+        &LL(0xfe,0xfe,0xdf,0xfe,0xa3,0x21,0xe1,0x5d);
+        &LL(0x57,0x57,0x41,0x57,0x82,0x16,0xae,0xd5);
+        &LL(0x15,0x15,0x54,0x15,0xa8,0x41,0x2a,0xbd);
+        &LL(0x77,0x77,0xc1,0x77,0x9f,0xb6,0xee,0xe8);
+        &LL(0x37,0x37,0xdc,0x37,0xa5,0xeb,0x6e,0x92);
+        &LL(0xe5,0xe5,0xb3,0xe5,0x7b,0x56,0xd7,0x9e);
+        &LL(0x9f,0x9f,0x46,0x9f,0x8c,0xd9,0x23,0x13);
+        &LL(0xf0,0xf0,0xe7,0xf0,0xd3,0x17,0xfd,0x23);
+        &LL(0x4a,0x4a,0x35,0x4a,0x6a,0x7f,0x94,0x20);
+        &LL(0xda,0xda,0x4f,0xda,0x9e,0x95,0xa9,0x44);
+        &LL(0x58,0x58,0x7d,0x58,0xfa,0x25,0xb0,0xa2);
+        &LL(0xc9,0xc9,0x03,0xc9,0x06,0xca,0x8f,0xcf);
+        &LL(0x29,0x29,0xa4,0x29,0x55,0x8d,0x52,0x7c);
+        &LL(0x0a,0x0a,0x28,0x0a,0x50,0x22,0x14,0x5a);
+        &LL(0xb1,0xb1,0xfe,0xb1,0xe1,0x4f,0x7f,0x50);
+        &LL(0xa0,0xa0,0xba,0xa0,0x69,0x1a,0x5d,0xc9);
+        &LL(0x6b,0x6b,0xb1,0x6b,0x7f,0xda,0xd6,0x14);
+        &LL(0x85,0x85,0x2e,0x85,0x5c,0xab,0x17,0xd9);
+        &LL(0xbd,0xbd,0xce,0xbd,0x81,0x73,0x67,0x3c);
+        &LL(0x5d,0x5d,0x69,0x5d,0xd2,0x34,0xba,0x8f);
+        &LL(0x10,0x10,0x40,0x10,0x80,0x50,0x20,0x90);
+        &LL(0xf4,0xf4,0xf7,0xf4,0xf3,0x03,0xf5,0x07);
+        &LL(0xcb,0xcb,0x0b,0xcb,0x16,0xc0,0x8b,0xdd);
+        &LL(0x3e,0x3e,0xf8,0x3e,0xed,0xc6,0x7c,0xd3);
+        &LL(0x05,0x05,0x14,0x05,0x28,0x11,0x0a,0x2d);
+        &LL(0x67,0x67,0x81,0x67,0x1f,0xe6,0xce,0x78);
+        &LL(0xe4,0xe4,0xb7,0xe4,0x73,0x53,0xd5,0x97);
+        &LL(0x27,0x27,0x9c,0x27,0x25,0xbb,0x4e,0x02);
+        &LL(0x41,0x41,0x19,0x41,0x32,0x58,0x82,0x73);
+        &LL(0x8b,0x8b,0x16,0x8b,0x2c,0x9d,0x0b,0xa7);
+        &LL(0xa7,0xa7,0xa6,0xa7,0x51,0x01,0x53,0xf6);
+        &LL(0x7d,0x7d,0xe9,0x7d,0xcf,0x94,0xfa,0xb2);
+        &LL(0x95,0x95,0x6e,0x95,0xdc,0xfb,0x37,0x49);
+        &LL(0xd8,0xd8,0x47,0xd8,0x8e,0x9f,0xad,0x56);
+        &LL(0xfb,0xfb,0xcb,0xfb,0x8b,0x30,0xeb,0x70);
+        &LL(0xee,0xee,0x9f,0xee,0x23,0x71,0xc1,0xcd);
+        &LL(0x7c,0x7c,0xed,0x7c,0xc7,0x91,0xf8,0xbb);
+        &LL(0x66,0x66,0x85,0x66,0x17,0xe3,0xcc,0x71);
+        &LL(0xdd,0xdd,0x53,0xdd,0xa6,0x8e,0xa7,0x7b);
+        &LL(0x17,0x17,0x5c,0x17,0xb8,0x4b,0x2e,0xaf);
+        &LL(0x47,0x47,0x01,0x47,0x02,0x46,0x8e,0x45);
+        &LL(0x9e,0x9e,0x42,0x9e,0x84,0xdc,0x21,0x1a);
+        &LL(0xca,0xca,0x0f,0xca,0x1e,0xc5,0x89,0xd4);
+        &LL(0x2d,0x2d,0xb4,0x2d,0x75,0x99,0x5a,0x58);
+        &LL(0xbf,0xbf,0xc6,0xbf,0x91,0x79,0x63,0x2e);
+        &LL(0x07,0x07,0x1c,0x07,0x38,0x1b,0x0e,0x3f);
+        &LL(0xad,0xad,0x8e,0xad,0x01,0x23,0x47,0xac);
+        &LL(0x5a,0x5a,0x75,0x5a,0xea,0x2f,0xb4,0xb0);
+        &LL(0x83,0x83,0x36,0x83,0x6c,0xb5,0x1b,0xef);
+        &LL(0x33,0x33,0xcc,0x33,0x85,0xff,0x66,0xb6);
+        &LL(0x63,0x63,0x91,0x63,0x3f,0xf2,0xc6,0x5c);
+        &LL(0x02,0x02,0x08,0x02,0x10,0x0a,0x04,0x12);
+        &LL(0xaa,0xaa,0x92,0xaa,0x39,0x38,0x49,0x93);
+        &LL(0x71,0x71,0xd9,0x71,0xaf,0xa8,0xe2,0xde);
+        &LL(0xc8,0xc8,0x07,0xc8,0x0e,0xcf,0x8d,0xc6);
+        &LL(0x19,0x19,0x64,0x19,0xc8,0x7d,0x32,0xd1);
+        &LL(0x49,0x49,0x39,0x49,0x72,0x70,0x92,0x3b);
+        &LL(0xd9,0xd9,0x43,0xd9,0x86,0x9a,0xaf,0x5f);
+        &LL(0xf2,0xf2,0xef,0xf2,0xc3,0x1d,0xf9,0x31);
+        &LL(0xe3,0xe3,0xab,0xe3,0x4b,0x48,0xdb,0xa8);
+        &LL(0x5b,0x5b,0x71,0x5b,0xe2,0x2a,0xb6,0xb9);
+        &LL(0x88,0x88,0x1a,0x88,0x34,0x92,0x0d,0xbc);
+        &LL(0x9a,0x9a,0x52,0x9a,0xa4,0xc8,0x29,0x3e);
+        &LL(0x26,0x26,0x98,0x26,0x2d,0xbe,0x4c,0x0b);
+        &LL(0x32,0x32,0xc8,0x32,0x8d,0xfa,0x64,0xbf);
+        &LL(0xb0,0xb0,0xfa,0xb0,0xe9,0x4a,0x7d,0x59);
+        &LL(0xe9,0xe9,0x83,0xe9,0x1b,0x6a,0xcf,0xf2);
+        &LL(0x0f,0x0f,0x3c,0x0f,0x78,0x33,0x1e,0x77);
+        &LL(0xd5,0xd5,0x73,0xd5,0xe6,0xa6,0xb7,0x33);
+        &LL(0x80,0x80,0x3a,0x80,0x74,0xba,0x1d,0xf4);
+        &LL(0xbe,0xbe,0xc2,0xbe,0x99,0x7c,0x61,0x27);
+        &LL(0xcd,0xcd,0x13,0xcd,0x26,0xde,0x87,0xeb);
+        &LL(0x34,0x34,0xd0,0x34,0xbd,0xe4,0x68,0x89);
+        &LL(0x48,0x48,0x3d,0x48,0x7a,0x75,0x90,0x32);
+        &LL(0xff,0xff,0xdb,0xff,0xab,0x24,0xe3,0x54);
+        &LL(0x7a,0x7a,0xf5,0x7a,0xf7,0x8f,0xf4,0x8d);
+        &LL(0x90,0x90,0x7a,0x90,0xf4,0xea,0x3d,0x64);
+        &LL(0x5f,0x5f,0x61,0x5f,0xc2,0x3e,0xbe,0x9d);
+        &LL(0x20,0x20,0x80,0x20,0x1d,0xa0,0x40,0x3d);
+        &LL(0x68,0x68,0xbd,0x68,0x67,0xd5,0xd0,0x0f);
+        &LL(0x1a,0x1a,0x68,0x1a,0xd0,0x72,0x34,0xca);
+        &LL(0xae,0xae,0x82,0xae,0x19,0x2c,0x41,0xb7);
+        &LL(0xb4,0xb4,0xea,0xb4,0xc9,0x5e,0x75,0x7d);
+        &LL(0x54,0x54,0x4d,0x54,0x9a,0x19,0xa8,0xce);
+        &LL(0x93,0x93,0x76,0x93,0xec,0xe5,0x3b,0x7f);
+        &LL(0x22,0x22,0x88,0x22,0x0d,0xaa,0x44,0x2f);
+        &LL(0x64,0x64,0x8d,0x64,0x07,0xe9,0xc8,0x63);
+        &LL(0xf1,0xf1,0xe3,0xf1,0xdb,0x12,0xff,0x2a);
+        &LL(0x73,0x73,0xd1,0x73,0xbf,0xa2,0xe6,0xcc);
+        &LL(0x12,0x12,0x48,0x12,0x90,0x5a,0x24,0x82);
+        &LL(0x40,0x40,0x1d,0x40,0x3a,0x5d,0x80,0x7a);
+        &LL(0x08,0x08,0x20,0x08,0x40,0x28,0x10,0x48);
+        &LL(0xc3,0xc3,0x2b,0xc3,0x56,0xe8,0x9b,0x95);
+        &LL(0xec,0xec,0x97,0xec,0x33,0x7b,0xc5,0xdf);
+        &LL(0xdb,0xdb,0x4b,0xdb,0x96,0x90,0xab,0x4d);
+        &LL(0xa1,0xa1,0xbe,0xa1,0x61,0x1f,0x5f,0xc0);
+        &LL(0x8d,0x8d,0x0e,0x8d,0x1c,0x83,0x07,0x91);
+        &LL(0x3d,0x3d,0xf4,0x3d,0xf5,0xc9,0x7a,0xc8);
+        &LL(0x97,0x97,0x66,0x97,0xcc,0xf1,0x33,0x5b);
+        &LL(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00);
+        &LL(0xcf,0xcf,0x1b,0xcf,0x36,0xd4,0x83,0xf9);
+        &LL(0x2b,0x2b,0xac,0x2b,0x45,0x87,0x56,0x6e);
+        &LL(0x76,0x76,0xc5,0x76,0x97,0xb3,0xec,0xe1);
+        &LL(0x82,0x82,0x32,0x82,0x64,0xb0,0x19,0xe6);
+        &LL(0xd6,0xd6,0x7f,0xd6,0xfe,0xa9,0xb1,0x28);
+        &LL(0x1b,0x1b,0x6c,0x1b,0xd8,0x77,0x36,0xc3);
+        &LL(0xb5,0xb5,0xee,0xb5,0xc1,0x5b,0x77,0x74);
+        &LL(0xaf,0xaf,0x86,0xaf,0x11,0x29,0x43,0xbe);
+        &LL(0x6a,0x6a,0xb5,0x6a,0x77,0xdf,0xd4,0x1d);
+        &LL(0x50,0x50,0x5d,0x50,0xba,0x0d,0xa0,0xea);
+        &LL(0x45,0x45,0x09,0x45,0x12,0x4c,0x8a,0x57);
+        &LL(0xf3,0xf3,0xeb,0xf3,0xcb,0x18,0xfb,0x38);
+        &LL(0x30,0x30,0xc0,0x30,0x9d,0xf0,0x60,0xad);
+        &LL(0xef,0xef,0x9b,0xef,0x2b,0x74,0xc3,0xc4);
+        &LL(0x3f,0x3f,0xfc,0x3f,0xe5,0xc3,0x7e,0xda);
+        &LL(0x55,0x55,0x49,0x55,0x92,0x1c,0xaa,0xc7);
+        &LL(0xa2,0xa2,0xb2,0xa2,0x79,0x10,0x59,0xdb);
+        &LL(0xea,0xea,0x8f,0xea,0x03,0x65,0xc9,0xe9);
+        &LL(0x65,0x65,0x89,0x65,0x0f,0xec,0xca,0x6a);
+        &LL(0xba,0xba,0xd2,0xba,0xb9,0x68,0x69,0x03);
+        &LL(0x2f,0x2f,0xbc,0x2f,0x65,0x93,0x5e,0x4a);
+        &LL(0xc0,0xc0,0x27,0xc0,0x4e,0xe7,0x9d,0x8e);
+        &LL(0xde,0xde,0x5f,0xde,0xbe,0x81,0xa1,0x60);
+        &LL(0x1c,0x1c,0x70,0x1c,0xe0,0x6c,0x38,0xfc);
+        &LL(0xfd,0xfd,0xd3,0xfd,0xbb,0x2e,0xe7,0x46);
+        &LL(0x4d,0x4d,0x29,0x4d,0x52,0x64,0x9a,0x1f);
+        &LL(0x92,0x92,0x72,0x92,0xe4,0xe0,0x39,0x76);
+        &LL(0x75,0x75,0xc9,0x75,0x8f,0xbc,0xea,0xfa);
+        &LL(0x06,0x06,0x18,0x06,0x30,0x1e,0x0c,0x36);
+        &LL(0x8a,0x8a,0x12,0x8a,0x24,0x98,0x09,0xae);
+        &LL(0xb2,0xb2,0xf2,0xb2,0xf9,0x40,0x79,0x4b);
+        &LL(0xe6,0xe6,0xbf,0xe6,0x63,0x59,0xd1,0x85);
+        &LL(0x0e,0x0e,0x38,0x0e,0x70,0x36,0x1c,0x7e);
+        &LL(0x1f,0x1f,0x7c,0x1f,0xf8,0x63,0x3e,0xe7);
+        &LL(0x62,0x62,0x95,0x62,0x37,0xf7,0xc4,0x55);
+        &LL(0xd4,0xd4,0x77,0xd4,0xee,0xa3,0xb5,0x3a);
+        &LL(0xa8,0xa8,0x9a,0xa8,0x29,0x32,0x4d,0x81);
+        &LL(0x96,0x96,0x62,0x96,0xc4,0xf4,0x31,0x52);
+        &LL(0xf9,0xf9,0xc3,0xf9,0x9b,0x3a,0xef,0x62);
+        &LL(0xc5,0xc5,0x33,0xc5,0x66,0xf6,0x97,0xa3);
+        &LL(0x25,0x25,0x94,0x25,0x35,0xb1,0x4a,0x10);
+        &LL(0x59,0x59,0x79,0x59,0xf2,0x20,0xb2,0xab);
+        &LL(0x84,0x84,0x2a,0x84,0x54,0xae,0x15,0xd0);
+        &LL(0x72,0x72,0xd5,0x72,0xb7,0xa7,0xe4,0xc5);
+        &LL(0x39,0x39,0xe4,0x39,0xd5,0xdd,0x72,0xec);
+        &LL(0x4c,0x4c,0x2d,0x4c,0x5a,0x61,0x98,0x16);
+        &LL(0x5e,0x5e,0x65,0x5e,0xca,0x3b,0xbc,0x94);
+        &LL(0x78,0x78,0xfd,0x78,0xe7,0x85,0xf0,0x9f);
+        &LL(0x38,0x38,0xe0,0x38,0xdd,0xd8,0x70,0xe5);
+        &LL(0x8c,0x8c,0x0a,0x8c,0x14,0x86,0x05,0x98);
+        &LL(0xd1,0xd1,0x63,0xd1,0xc6,0xb2,0xbf,0x17);
+        &LL(0xa5,0xa5,0xae,0xa5,0x41,0x0b,0x57,0xe4);
+        &LL(0xe2,0xe2,0xaf,0xe2,0x43,0x4d,0xd9,0xa1);
+        &LL(0x61,0x61,0x99,0x61,0x2f,0xf8,0xc2,0x4e);
+        &LL(0xb3,0xb3,0xf6,0xb3,0xf1,0x45,0x7b,0x42);
+        &LL(0x21,0x21,0x84,0x21,0x15,0xa5,0x42,0x34);
+        &LL(0x9c,0x9c,0x4a,0x9c,0x94,0xd6,0x25,0x08);
+        &LL(0x1e,0x1e,0x78,0x1e,0xf0,0x66,0x3c,0xee);
+        &LL(0x43,0x43,0x11,0x43,0x22,0x52,0x86,0x61);
+        &LL(0xc7,0xc7,0x3b,0xc7,0x76,0xfc,0x93,0xb1);
+        &LL(0xfc,0xfc,0xd7,0xfc,0xb3,0x2b,0xe5,0x4f);
+        &LL(0x04,0x04,0x10,0x04,0x20,0x14,0x08,0x24);
+        &LL(0x51,0x51,0x59,0x51,0xb2,0x08,0xa2,0xe3);
+        &LL(0x99,0x99,0x5e,0x99,0xbc,0xc7,0x2f,0x25);
+        &LL(0x6d,0x6d,0xa9,0x6d,0x4f,0xc4,0xda,0x22);
+        &LL(0x0d,0x0d,0x34,0x0d,0x68,0x39,0x1a,0x65);
+        &LL(0xfa,0xfa,0xcf,0xfa,0x83,0x35,0xe9,0x79);
+        &LL(0xdf,0xdf,0x5b,0xdf,0xb6,0x84,0xa3,0x69);
+        &LL(0x7e,0x7e,0xe5,0x7e,0xd7,0x9b,0xfc,0xa9);
+        &LL(0x24,0x24,0x90,0x24,0x3d,0xb4,0x48,0x19);
+        &LL(0x3b,0x3b,0xec,0x3b,0xc5,0xd7,0x76,0xfe);
+        &LL(0xab,0xab,0x96,0xab,0x31,0x3d,0x4b,0x9a);
+        &LL(0xce,0xce,0x1f,0xce,0x3e,0xd1,0x81,0xf0);
+        &LL(0x11,0x11,0x44,0x11,0x88,0x55,0x22,0x99);
+        &LL(0x8f,0x8f,0x06,0x8f,0x0c,0x89,0x03,0x83);
+        &LL(0x4e,0x4e,0x25,0x4e,0x4a,0x6b,0x9c,0x04);
+        &LL(0xb7,0xb7,0xe6,0xb7,0xd1,0x51,0x73,0x66);
+        &LL(0xeb,0xeb,0x8b,0xeb,0x0b,0x60,0xcb,0xe0);
+        &LL(0x3c,0x3c,0xf0,0x3c,0xfd,0xcc,0x78,0xc1);
+        &LL(0x81,0x81,0x3e,0x81,0x7c,0xbf,0x1f,0xfd);
+        &LL(0x94,0x94,0x6a,0x94,0xd4,0xfe,0x35,0x40);
+        &LL(0xf7,0xf7,0xfb,0xf7,0xeb,0x0c,0xf3,0x1c);
+        &LL(0xb9,0xb9,0xde,0xb9,0xa1,0x67,0x6f,0x18);
+        &LL(0x13,0x13,0x4c,0x13,0x98,0x5f,0x26,0x8b);
+        &LL(0x2c,0x2c,0xb0,0x2c,0x7d,0x9c,0x58,0x51);
+        &LL(0xd3,0xd3,0x6b,0xd3,0xd6,0xb8,0xbb,0x05);
+        &LL(0xe7,0xe7,0xbb,0xe7,0x6b,0x5c,0xd3,0x8c);
+        &LL(0x6e,0x6e,0xa5,0x6e,0x57,0xcb,0xdc,0x39);
+        &LL(0xc4,0xc4,0x37,0xc4,0x6e,0xf3,0x95,0xaa);
+        &LL(0x03,0x03,0x0c,0x03,0x18,0x0f,0x06,0x1b);
+        &LL(0x56,0x56,0x45,0x56,0x8a,0x13,0xac,0xdc);
+        &LL(0x44,0x44,0x0d,0x44,0x1a,0x49,0x88,0x5e);
+        &LL(0x7f,0x7f,0xe1,0x7f,0xdf,0x9e,0xfe,0xa0);
+        &LL(0xa9,0xa9,0x9e,0xa9,0x21,0x37,0x4f,0x88);
+        &LL(0x2a,0x2a,0xa8,0x2a,0x4d,0x82,0x54,0x67);
+        &LL(0xbb,0xbb,0xd6,0xbb,0xb1,0x6d,0x6b,0x0a);
+        &LL(0xc1,0xc1,0x23,0xc1,0x46,0xe2,0x9f,0x87);
+        &LL(0x53,0x53,0x51,0x53,0xa2,0x02,0xa6,0xf1);
+        &LL(0xdc,0xdc,0x57,0xdc,0xae,0x8b,0xa5,0x72);
+        &LL(0x0b,0x0b,0x2c,0x0b,0x58,0x27,0x16,0x53);
+        &LL(0x9d,0x9d,0x4e,0x9d,0x9c,0xd3,0x27,0x01);
+        &LL(0x6c,0x6c,0xad,0x6c,0x47,0xc1,0xd8,0x2b);
+        &LL(0x31,0x31,0xc4,0x31,0x95,0xf5,0x62,0xa4);
+        &LL(0x74,0x74,0xcd,0x74,0x87,0xb9,0xe8,0xf3);
+        &LL(0xf6,0xf6,0xff,0xf6,0xe3,0x09,0xf1,0x15);
+        &LL(0x46,0x46,0x05,0x46,0x0a,0x43,0x8c,0x4c);
+        &LL(0xac,0xac,0x8a,0xac,0x09,0x26,0x45,0xa5);
+        &LL(0x89,0x89,0x1e,0x89,0x3c,0x97,0x0f,0xb5);
+        &LL(0x14,0x14,0x50,0x14,0xa0,0x44,0x28,0xb4);
+        &LL(0xe1,0xe1,0xa3,0xe1,0x5b,0x42,0xdf,0xba);
+        &LL(0x16,0x16,0x58,0x16,0xb0,0x4e,0x2c,0xa6);
+        &LL(0x3a,0x3a,0xe8,0x3a,0xcd,0xd2,0x74,0xf7);
+        &LL(0x69,0x69,0xb9,0x69,0x6f,0xd0,0xd2,0x06);
+        &LL(0x09,0x09,0x24,0x09,0x48,0x2d,0x12,0x41);
+        &LL(0x70,0x70,0xdd,0x70,0xa7,0xad,0xe0,0xd7);
+        &LL(0xb6,0xb6,0xe2,0xb6,0xd9,0x54,0x71,0x6f);
+        &LL(0xd0,0xd0,0x67,0xd0,0xce,0xb7,0xbd,0x1e);
+        &LL(0xed,0xed,0x93,0xed,0x3b,0x7e,0xc7,0xd6);
+        &LL(0xcc,0xcc,0x17,0xcc,0x2e,0xdb,0x85,0xe2);
+        &LL(0x42,0x42,0x15,0x42,0x2a,0x57,0x84,0x68);
+        &LL(0x98,0x98,0x5a,0x98,0xb4,0xc2,0x2d,0x2c);
+        &LL(0xa4,0xa4,0xaa,0xa4,0x49,0x0e,0x55,0xed);
+        &LL(0x28,0x28,0xa0,0x28,0x5d,0x88,0x50,0x75);
+        &LL(0x5c,0x5c,0x6d,0x5c,0xda,0x31,0xb8,0x86);
+        &LL(0xf8,0xf8,0xc7,0xf8,0x93,0x3f,0xed,0x6b);
+        &LL(0x86,0x86,0x22,0x86,0x44,0xa4,0x11,0xc2);
+
+        &L(0x18,0x23,0xc6,0xe8,0x87,0xb8,0x01,0x4f);    # rc[ROUNDS]
+        &L(0x36,0xa6,0xd2,0xf5,0x79,0x6f,0x91,0x52);
+        &L(0x60,0xbc,0x9b,0x8e,0xa3,0x0c,0x7b,0x35);
+        &L(0x1d,0xe0,0xd7,0xc2,0x2e,0x4b,0xfe,0x57);
+        &L(0x15,0x77,0x37,0xe5,0x9f,0xf0,0x4a,0xda);
+        &L(0x58,0xc9,0x29,0x0a,0xb1,0xa0,0x6b,0x85);
+        &L(0xbd,0x5d,0x10,0xf4,0xcb,0x3e,0x05,0x67);
+        &L(0xe4,0x27,0x41,0x8b,0xa7,0x7d,0x95,0xd8);
+        &L(0xfb,0xee,0x7c,0x66,0xdd,0x17,0x47,0x9e);
+        &L(0xca,0x2d,0xbf,0x07,0xad,0x5a,0x83,0x33);
+
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#               CONTEXT *context,DISPATCHER_CONTEXT *disp)
+if ($win64) {
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+
+$code.=<<___;
+.extern __imp_RtlVirtualUnwind
+.type   se_handler,\@abi-omnipotent
+.align  16
+se_handler:
+        push    %rsi
+        push    %rdi
+        push    %rbx
+        push    %rbp
+        push    %r12
+        push    %r13
+        push    %r14
+        push    %r15
+        pushfq
+        sub     \$64,%rsp
+
+        mov     120($context),%rax      # pull context->Rax
+        mov     248($context),%rbx      # pull context->Rip
+
+        lea     .Lprologue(%rip),%r10
+        cmp     %r10,%rbx               # context->Rip<.Lprologue
+        jb      .Lin_prologue
+
+        mov     152($context),%rax      # pull context->Rsp
+
+        lea     .Lepilogue(%rip),%r10
+        cmp     %r10,%rbx               # context->Rip>=.Lepilogue
+        jae     .Lin_prologue
+
+        mov     128+32(%rax),%rax       # pull saved stack pointer
+        lea     48(%rax),%rax
+
+        mov     -8(%rax),%rbx
+        mov     -16(%rax),%rbp
+        mov     -24(%rax),%r12
+        mov     -32(%rax),%r13
+        mov     -40(%rax),%r14
+        mov     -48(%rax),%r15
+        mov     %rbx,144($context)      # restore context->Rbx
+        mov     %rbp,160($context)      # restore context->Rbp
+        mov     %r12,216($context)      # restore context->R12
+        mov     %r13,224($context)      # restore context->R13
+        mov     %r14,232($context)      # restore context->R14
+        mov     %r15,240($context)      # restore context->R15
+
+.Lin_prologue:
+        mov     8(%rax),%rdi
+        mov     16(%rax),%rsi
+        mov     %rax,152($context)      # restore context->Rsp
+        mov     %rsi,168($context)      # restore context->Rsi
+        mov     %rdi,176($context)      # restore context->Rdi
+
+        mov     40($disp),%rdi          # disp->ContextRecord
+        mov     $context,%rsi           # context
+        mov     \$154,%ecx              # sizeof(CONTEXT)
+        .long   0xa548f3fc              # cld; rep movsq
+
+        mov     $disp,%rsi
+        xor     %rcx,%rcx               # arg1, UNW_FLAG_NHANDLER
+        mov     8(%rsi),%rdx            # arg2, disp->ImageBase
+        mov     0(%rsi),%r8             # arg3, disp->ControlPc
+        mov     16(%rsi),%r9            # arg4, disp->FunctionEntry
+        mov     40(%rsi),%r10           # disp->ContextRecord
+        lea     56(%rsi),%r11           # &disp->HandlerData
+        lea     24(%rsi),%r12           # &disp->EstablisherFrame
+        mov     %r10,32(%rsp)           # arg5
+        mov     %r11,40(%rsp)           # arg6
+        mov     %r12,48(%rsp)           # arg7
+        mov     %rcx,56(%rsp)           # arg8, (NULL)
+        call    *__imp_RtlVirtualUnwind(%rip)
+
+        mov     \$1,%eax                # ExceptionContinueSearch
+        add     \$64,%rsp
+        popfq
+        pop     %r15
+        pop     %r14
+        pop     %r13
+        pop     %r12
+        pop     %rbp
+        pop     %rbx
+        pop     %rdi
+        pop     %rsi
+        ret
+.size   se_handler,.-se_handler
+
+.section        .pdata
+.align  4
+        .rva    .LSEH_begin_$func
+        .rva    .LSEH_end_$func
+        .rva    .LSEH_info_$func
+
+.section        .xdata
+.align  8
+.LSEH_info_$func:
+        .byte   9,0,0,0
+        .rva    se_handler
+___
+}
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+print $code;
+close STDOUT;
diff --git a/src/lib/libcrypto/whrlpool/whrlpool.h b/src/lib/libcrypto/whrlpool/whrlpool.h
new file mode 100644
index 0000000000..03c91da115
--- /dev/null
+++ b/src/lib/libcrypto/whrlpool/whrlpool.h
@@ -0,0 +1,38 @@
+#ifndef HEADER_WHRLPOOL_H
+#define HEADER_WHRLPOOL_H
+
+#include <openssl/e_os2.h>
+#include <stddef.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define WHIRLPOOL_DIGEST_LENGTH (512/8)
+#define WHIRLPOOL_BBLOCK        512
+#define WHIRLPOOL_COUNTER       (256/8)
+
+typedef struct  {
+        union   {
+                unsigned char   c[WHIRLPOOL_DIGEST_LENGTH];
+                /* double q is here to ensure 64-bit alignment */
+                double          q[WHIRLPOOL_DIGEST_LENGTH/sizeof(double)];
+                }       H;
+        unsigned char   data[WHIRLPOOL_BBLOCK/8];
+        unsigned int    bitoff;
+        size_t          bitlen[WHIRLPOOL_COUNTER/sizeof(size_t)];
+        } WHIRLPOOL_CTX;
+
+#ifndef OPENSSL_NO_WHIRLPOOL
+int WHIRLPOOL_Init      (WHIRLPOOL_CTX *c);
+int WHIRLPOOL_Update    (WHIRLPOOL_CTX *c,const void *inp,size_t bytes);
+void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c,const void *inp,size_t bits);
+int WHIRLPOOL_Final     (unsigned char *md,WHIRLPOOL_CTX *c);
+unsigned char *WHIRLPOOL(const void *inp,size_t bytes,unsigned char *md);
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/src/lib/libcrypto/whrlpool/wp_block.c b/src/lib/libcrypto/whrlpool/wp_block.c
new file mode 100644
index 0000000000..221f6cc59f
--- /dev/null
+++ b/src/lib/libcrypto/whrlpool/wp_block.c
@@ -0,0 +1,655 @@
+/**
+ * The Whirlpool hashing function.
+ *
+ * <P>
+ * <b>References</b>
+ *
+ * <P>
+ * The Whirlpool algorithm was developed by
+ * <a href="mailto:pbarreto@scopus.com.br">Paulo S. L. M. Barreto</a> and
+ * <a href="mailto:vincent.rijmen@cryptomathic.com">Vincent Rijmen</a>.
+ *
+ * See
+ *      P.S.L.M. Barreto, V. Rijmen,
+ *      ``The Whirlpool hashing function,''
+ *      NESSIE submission, 2000 (tweaked version, 2001),
+ *      <https://www.cosic.esat.kuleuven.ac.be/nessie/workshop/submissions/whirlpool.zip>
+ *
+ * Based on "@version 3.0 (2003.03.12)" by Paulo S.L.M. Barreto and
+ * Vincent Rijmen. Lookup "reference implementations" on
+ * <http://planeta.terra.com.br/informatica/paulobarreto/>
+ *
+ * =============================================================================
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
+ * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+ * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+ * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include "wp_locl.h"
+#include <string.h>
+
+typedef unsigned char           u8;
+#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32)
+typedef unsigned __int64        u64;
+#elif defined(__arch64__)
+typedef unsigned long           u64;
+#else
+typedef unsigned long long      u64;
+#endif
+
+#define ROUNDS  10
+
+#define STRICT_ALIGNMENT
+#if defined(__i386) || defined(__i386__) || \
+    defined(__x86_64) || defined(__x86_64__) || \
+    defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64)
+/* Well, formally there're couple of other architectures, which permit
+ * unaligned loads, specifically those not crossing cache lines, IA-64
+ * and PowerPC... */
+#  undef STRICT_ALIGNMENT
+#endif
+
+#undef SMALL_REGISTER_BANK
+#if defined(__i386) || defined(__i386__) || defined(_M_IX86)
+#  define SMALL_REGISTER_BANK
+#  if defined(WHIRLPOOL_ASM)
+#    ifndef OPENSSL_SMALL_FOOTPRINT
+#      define OPENSSL_SMALL_FOOTPRINT   /* it appears that for elder non-MMX
+                                           CPUs this is actually faster! */
+#    endif
+#    define GO_FOR_MMX(ctx,inp,num)     do {                    \
+        extern unsigned long OPENSSL_ia32cap_P;                 \
+        void whirlpool_block_mmx(void *,const void *,size_t);   \
+        if (!(OPENSSL_ia32cap_P & (1<<23)))     break;          \
+        whirlpool_block_mmx(ctx->H.c,inp,num);  return;         \
+                                        } while (0)
+#  endif
+#endif
+
+#undef ROTATE
+#if defined(_MSC_VER)
+#  if defined(_WIN64)   /* applies to both IA-64 and AMD64 */
+#    pragma intrinsic(_rotl64)
+#    define ROTATE(a,n) _rotl64((a),n)
+#  endif
+#elif defined(__GNUC__) && __GNUC__>=2
+#  if defined(__x86_64) || defined(__x86_64__)
+#    if defined(L_ENDIAN)
+#      define ROTATE(a,n)       ({ u64 ret; asm ("rolq %1,%0"   \
+                                   : "=r"(ret) : "J"(n),"0"(a) : "cc"); ret; })
+#    elif defined(B_ENDIAN)
+       /* Most will argue that x86_64 is always little-endian. Well,
+        * yes, but then we have stratus.com who has modified gcc to
+        * "emulate" big-endian on x86. Is there evidence that they
+        * [or somebody else] won't do same for x86_64? Naturally no.
+        * And this line is waiting ready for that brave soul:-) */
+#      define ROTATE(a,n)       ({ u64 ret; asm ("rorq %1,%0"   \
+                                   : "=r"(ret) : "J"(n),"0"(a) : "cc"); ret; })
+#    endif
+#  elif defined(__ia64) || defined(__ia64__)
+#    if defined(L_ENDIAN)
+#      define ROTATE(a,n)       ({ u64 ret; asm ("shrp %0=%1,%1,%2"     \
+                                   : "=r"(ret) : "r"(a),"M"(64-(n))); ret; })
+#    elif defined(B_ENDIAN)
+#      define ROTATE(a,n)       ({ u64 ret; asm ("shrp %0=%1,%1,%2"     \
+                                   : "=r"(ret) : "r"(a),"M"(n)); ret; })
+#    endif
+#  endif
+#endif
+
+#if defined(OPENSSL_SMALL_FOOTPRINT)
+#  if !defined(ROTATE)
+#    if defined(L_ENDIAN)       /* little-endians have to rotate left */
+#      define ROTATE(i,n)       ((i)<<(n) ^ (i)>>(64-n))
+#    elif defined(B_ENDIAN)     /* big-endians have to rotate right */
+#      define ROTATE(i,n)       ((i)>>(n) ^ (i)<<(64-n))
+#    endif
+#  endif
+#  if defined(ROTATE) && !defined(STRICT_ALIGNMENT)
+#    define STRICT_ALIGNMENT    /* ensure smallest table size */
+#  endif
+#endif
+
+/*
+ * Table size depends on STRICT_ALIGNMENT and whether or not endian-
+ * specific ROTATE macro is defined. If STRICT_ALIGNMENT is not
+ * defined, which is normally the case on x86[_64] CPUs, the table is
+ * 4KB large unconditionally. Otherwise if ROTATE is defined, the
+ * table is 2KB large, and otherwise - 16KB. 2KB table requires a
+ * whole bunch of additional rotations, but I'm willing to "trade,"
+ * because 16KB table certainly trashes L1 cache. I wish all CPUs
+ * could handle unaligned load as 4KB table doesn't trash the cache,
+ * nor does it require additional rotations.
+ */
+/*
+ * Note that every Cn macro expands as two loads: one byte load and
+ * one quadword load. One can argue that that many single-byte loads
+ * is too excessive, as one could load a quadword and "milk" it for
+ * eight 8-bit values instead. Well, yes, but in order to do so *and*
+ * avoid excessive loads you have to accomodate a handful of 64-bit
+ * values in the register bank and issue a bunch of shifts and mask.
+ * It's a tradeoff: loads vs. shift and mask in big register bank[!].
+ * On most CPUs eight single-byte loads are faster and I let other
+ * ones to depend on smart compiler to fold byte loads if beneficial.
+ * Hand-coded assembler would be another alternative:-)
+ */
+#ifdef STRICT_ALIGNMENT
+#  if defined(ROTATE)
+#    define N   1
+#    define LL(c0,c1,c2,c3,c4,c5,c6,c7) c0,c1,c2,c3,c4,c5,c6,c7
+#    define C0(K,i)     (Cx.q[K.c[(i)*8+0]])
+#    define C1(K,i)     ROTATE(Cx.q[K.c[(i)*8+1]],8)
+#    define C2(K,i)     ROTATE(Cx.q[K.c[(i)*8+2]],16)
+#    define C3(K,i)     ROTATE(Cx.q[K.c[(i)*8+3]],24)
+#    define C4(K,i)     ROTATE(Cx.q[K.c[(i)*8+4]],32)
+#    define C5(K,i)     ROTATE(Cx.q[K.c[(i)*8+5]],40)
+#    define C6(K,i)     ROTATE(Cx.q[K.c[(i)*8+6]],48)
+#    define C7(K,i)     ROTATE(Cx.q[K.c[(i)*8+7]],56)
+#  else
+#    define N   8
+#    define LL(c0,c1,c2,c3,c4,c5,c6,c7) c0,c1,c2,c3,c4,c5,c6,c7, \
+                                        c7,c0,c1,c2,c3,c4,c5,c6, \
+                                        c6,c7,c0,c1,c2,c3,c4,c5, \
+                                        c5,c6,c7,c0,c1,c2,c3,c4, \
+                                        c4,c5,c6,c7,c0,c1,c2,c3, \
+                                        c3,c4,c5,c6,c7,c0,c1,c2, \
+                                        c2,c3,c4,c5,c6,c7,c0,c1, \
+                                        c1,c2,c3,c4,c5,c6,c7,c0
+#    define C0(K,i)     (Cx.q[0+8*K.c[(i)*8+0]])
+#    define C1(K,i)     (Cx.q[1+8*K.c[(i)*8+1]])
+#    define C2(K,i)     (Cx.q[2+8*K.c[(i)*8+2]])
+#    define C3(K,i)     (Cx.q[3+8*K.c[(i)*8+3]])
+#    define C4(K,i)     (Cx.q[4+8*K.c[(i)*8+4]])
+#    define C5(K,i)     (Cx.q[5+8*K.c[(i)*8+5]])
+#    define C6(K,i)     (Cx.q[6+8*K.c[(i)*8+6]])
+#    define C7(K,i)     (Cx.q[7+8*K.c[(i)*8+7]])
+#  endif
+#else
+#  define N     2
+#  define LL(c0,c1,c2,c3,c4,c5,c6,c7)   c0,c1,c2,c3,c4,c5,c6,c7, \
+                                        c0,c1,c2,c3,c4,c5,c6,c7
+#  define C0(K,i)       (((u64*)(Cx.c+0))[2*K.c[(i)*8+0]])
+#  define C1(K,i)       (((u64*)(Cx.c+7))[2*K.c[(i)*8+1]])
+#  define C2(K,i)       (((u64*)(Cx.c+6))[2*K.c[(i)*8+2]])
+#  define C3(K,i)       (((u64*)(Cx.c+5))[2*K.c[(i)*8+3]])
+#  define C4(K,i)       (((u64*)(Cx.c+4))[2*K.c[(i)*8+4]])
+#  define C5(K,i)       (((u64*)(Cx.c+3))[2*K.c[(i)*8+5]])
+#  define C6(K,i)       (((u64*)(Cx.c+2))[2*K.c[(i)*8+6]])
+#  define C7(K,i)       (((u64*)(Cx.c+1))[2*K.c[(i)*8+7]])
+#endif
+
+static const
+union   {
+        u8      c[(256*N+ROUNDS)*sizeof(u64)];
+        u64     q[(256*N+ROUNDS)];
+        } Cx = { {
+        /* Note endian-neutral representation:-) */
+        LL(0x18,0x18,0x60,0x18,0xc0,0x78,0x30,0xd8),
+        LL(0x23,0x23,0x8c,0x23,0x05,0xaf,0x46,0x26),
+        LL(0xc6,0xc6,0x3f,0xc6,0x7e,0xf9,0x91,0xb8),
+        LL(0xe8,0xe8,0x87,0xe8,0x13,0x6f,0xcd,0xfb),
+        LL(0x87,0x87,0x26,0x87,0x4c,0xa1,0x13,0xcb),
+        LL(0xb8,0xb8,0xda,0xb8,0xa9,0x62,0x6d,0x11),
+        LL(0x01,0x01,0x04,0x01,0x08,0x05,0x02,0x09),
+        LL(0x4f,0x4f,0x21,0x4f,0x42,0x6e,0x9e,0x0d),
+        LL(0x36,0x36,0xd8,0x36,0xad,0xee,0x6c,0x9b),
+        LL(0xa6,0xa6,0xa2,0xa6,0x59,0x04,0x51,0xff),
+        LL(0xd2,0xd2,0x6f,0xd2,0xde,0xbd,0xb9,0x0c),
+        LL(0xf5,0xf5,0xf3,0xf5,0xfb,0x06,0xf7,0x0e),
+        LL(0x79,0x79,0xf9,0x79,0xef,0x80,0xf2,0x96),
+        LL(0x6f,0x6f,0xa1,0x6f,0x5f,0xce,0xde,0x30),
+        LL(0x91,0x91,0x7e,0x91,0xfc,0xef,0x3f,0x6d),
+        LL(0x52,0x52,0x55,0x52,0xaa,0x07,0xa4,0xf8),
+        LL(0x60,0x60,0x9d,0x60,0x27,0xfd,0xc0,0x47),
+        LL(0xbc,0xbc,0xca,0xbc,0x89,0x76,0x65,0x35),
+        LL(0x9b,0x9b,0x56,0x9b,0xac,0xcd,0x2b,0x37),
+        LL(0x8e,0x8e,0x02,0x8e,0x04,0x8c,0x01,0x8a),
+        LL(0xa3,0xa3,0xb6,0xa3,0x71,0x15,0x5b,0xd2),
+        LL(0x0c,0x0c,0x30,0x0c,0x60,0x3c,0x18,0x6c),
+        LL(0x7b,0x7b,0xf1,0x7b,0xff,0x8a,0xf6,0x84),
+        LL(0x35,0x35,0xd4,0x35,0xb5,0xe1,0x6a,0x80),
+        LL(0x1d,0x1d,0x74,0x1d,0xe8,0x69,0x3a,0xf5),
+        LL(0xe0,0xe0,0xa7,0xe0,0x53,0x47,0xdd,0xb3),
+        LL(0xd7,0xd7,0x7b,0xd7,0xf6,0xac,0xb3,0x21),
+        LL(0xc2,0xc2,0x2f,0xc2,0x5e,0xed,0x99,0x9c),
+        LL(0x2e,0x2e,0xb8,0x2e,0x6d,0x96,0x5c,0x43),
+        LL(0x4b,0x4b,0x31,0x4b,0x62,0x7a,0x96,0x29),
+        LL(0xfe,0xfe,0xdf,0xfe,0xa3,0x21,0xe1,0x5d),
+        LL(0x57,0x57,0x41,0x57,0x82,0x16,0xae,0xd5),
+        LL(0x15,0x15,0x54,0x15,0xa8,0x41,0x2a,0xbd),
+        LL(0x77,0x77,0xc1,0x77,0x9f,0xb6,0xee,0xe8),
+        LL(0x37,0x37,0xdc,0x37,0xa5,0xeb,0x6e,0x92),
+        LL(0xe5,0xe5,0xb3,0xe5,0x7b,0x56,0xd7,0x9e),
+        LL(0x9f,0x9f,0x46,0x9f,0x8c,0xd9,0x23,0x13),
+        LL(0xf0,0xf0,0xe7,0xf0,0xd3,0x17,0xfd,0x23),
+        LL(0x4a,0x4a,0x35,0x4a,0x6a,0x7f,0x94,0x20),
+        LL(0xda,0xda,0x4f,0xda,0x9e,0x95,0xa9,0x44),
+        LL(0x58,0x58,0x7d,0x58,0xfa,0x25,0xb0,0xa2),
+        LL(0xc9,0xc9,0x03,0xc9,0x06,0xca,0x8f,0xcf),
+        LL(0x29,0x29,0xa4,0x29,0x55,0x8d,0x52,0x7c),
+        LL(0x0a,0x0a,0x28,0x0a,0x50,0x22,0x14,0x5a),
+        LL(0xb1,0xb1,0xfe,0xb1,0xe1,0x4f,0x7f,0x50),
+        LL(0xa0,0xa0,0xba,0xa0,0x69,0x1a,0x5d,0xc9),
+        LL(0x6b,0x6b,0xb1,0x6b,0x7f,0xda,0xd6,0x14),
+        LL(0x85,0x85,0x2e,0x85,0x5c,0xab,0x17,0xd9),
+        LL(0xbd,0xbd,0xce,0xbd,0x81,0x73,0x67,0x3c),
+        LL(0x5d,0x5d,0x69,0x5d,0xd2,0x34,0xba,0x8f),
+        LL(0x10,0x10,0x40,0x10,0x80,0x50,0x20,0x90),
+        LL(0xf4,0xf4,0xf7,0xf4,0xf3,0x03,0xf5,0x07),
+        LL(0xcb,0xcb,0x0b,0xcb,0x16,0xc0,0x8b,0xdd),
+        LL(0x3e,0x3e,0xf8,0x3e,0xed,0xc6,0x7c,0xd3),
+        LL(0x05,0x05,0x14,0x05,0x28,0x11,0x0a,0x2d),
+        LL(0x67,0x67,0x81,0x67,0x1f,0xe6,0xce,0x78),
+        LL(0xe4,0xe4,0xb7,0xe4,0x73,0x53,0xd5,0x97),
+        LL(0x27,0x27,0x9c,0x27,0x25,0xbb,0x4e,0x02),
+        LL(0x41,0x41,0x19,0x41,0x32,0x58,0x82,0x73),
+        LL(0x8b,0x8b,0x16,0x8b,0x2c,0x9d,0x0b,0xa7),
+        LL(0xa7,0xa7,0xa6,0xa7,0x51,0x01,0x53,0xf6),
+        LL(0x7d,0x7d,0xe9,0x7d,0xcf,0x94,0xfa,0xb2),
+        LL(0x95,0x95,0x6e,0x95,0xdc,0xfb,0x37,0x49),
+        LL(0xd8,0xd8,0x47,0xd8,0x8e,0x9f,0xad,0x56),
+        LL(0xfb,0xfb,0xcb,0xfb,0x8b,0x30,0xeb,0x70),
+        LL(0xee,0xee,0x9f,0xee,0x23,0x71,0xc1,0xcd),
+        LL(0x7c,0x7c,0xed,0x7c,0xc7,0x91,0xf8,0xbb),
+        LL(0x66,0x66,0x85,0x66,0x17,0xe3,0xcc,0x71),
+        LL(0xdd,0xdd,0x53,0xdd,0xa6,0x8e,0xa7,0x7b),
+        LL(0x17,0x17,0x5c,0x17,0xb8,0x4b,0x2e,0xaf),
+        LL(0x47,0x47,0x01,0x47,0x02,0x46,0x8e,0x45),
+        LL(0x9e,0x9e,0x42,0x9e,0x84,0xdc,0x21,0x1a),
+        LL(0xca,0xca,0x0f,0xca,0x1e,0xc5,0x89,0xd4),
+        LL(0x2d,0x2d,0xb4,0x2d,0x75,0x99,0x5a,0x58),
+        LL(0xbf,0xbf,0xc6,0xbf,0x91,0x79,0x63,0x2e),
+        LL(0x07,0x07,0x1c,0x07,0x38,0x1b,0x0e,0x3f),
+        LL(0xad,0xad,0x8e,0xad,0x01,0x23,0x47,0xac),
+        LL(0x5a,0x5a,0x75,0x5a,0xea,0x2f,0xb4,0xb0),
+        LL(0x83,0x83,0x36,0x83,0x6c,0xb5,0x1b,0xef),
+        LL(0x33,0x33,0xcc,0x33,0x85,0xff,0x66,0xb6),
+        LL(0x63,0x63,0x91,0x63,0x3f,0xf2,0xc6,0x5c),
+        LL(0x02,0x02,0x08,0x02,0x10,0x0a,0x04,0x12),
+        LL(0xaa,0xaa,0x92,0xaa,0x39,0x38,0x49,0x93),
+        LL(0x71,0x71,0xd9,0x71,0xaf,0xa8,0xe2,0xde),
+        LL(0xc8,0xc8,0x07,0xc8,0x0e,0xcf,0x8d,0xc6),
+        LL(0x19,0x19,0x64,0x19,0xc8,0x7d,0x32,0xd1),
+        LL(0x49,0x49,0x39,0x49,0x72,0x70,0x92,0x3b),
+        LL(0xd9,0xd9,0x43,0xd9,0x86,0x9a,0xaf,0x5f),
+        LL(0xf2,0xf2,0xef,0xf2,0xc3,0x1d,0xf9,0x31),
+        LL(0xe3,0xe3,0xab,0xe3,0x4b,0x48,0xdb,0xa8),
+        LL(0x5b,0x5b,0x71,0x5b,0xe2,0x2a,0xb6,0xb9),
+        LL(0x88,0x88,0x1a,0x88,0x34,0x92,0x0d,0xbc),
+        LL(0x9a,0x9a,0x52,0x9a,0xa4,0xc8,0x29,0x3e),
+        LL(0x26,0x26,0x98,0x26,0x2d,0xbe,0x4c,0x0b),
+        LL(0x32,0x32,0xc8,0x32,0x8d,0xfa,0x64,0xbf),
+        LL(0xb0,0xb0,0xfa,0xb0,0xe9,0x4a,0x7d,0x59),
+        LL(0xe9,0xe9,0x83,0xe9,0x1b,0x6a,0xcf,0xf2),
+        LL(0x0f,0x0f,0x3c,0x0f,0x78,0x33,0x1e,0x77),
+        LL(0xd5,0xd5,0x73,0xd5,0xe6,0xa6,0xb7,0x33),
+        LL(0x80,0x80,0x3a,0x80,0x74,0xba,0x1d,0xf4),
+        LL(0xbe,0xbe,0xc2,0xbe,0x99,0x7c,0x61,0x27),
+        LL(0xcd,0xcd,0x13,0xcd,0x26,0xde,0x87,0xeb),
+        LL(0x34,0x34,0xd0,0x34,0xbd,0xe4,0x68,0x89),
+        LL(0x48,0x48,0x3d,0x48,0x7a,0x75,0x90,0x32),
+        LL(0xff,0xff,0xdb,0xff,0xab,0x24,0xe3,0x54),
+        LL(0x7a,0x7a,0xf5,0x7a,0xf7,0x8f,0xf4,0x8d),
+        LL(0x90,0x90,0x7a,0x90,0xf4,0xea,0x3d,0x64),
+        LL(0x5f,0x5f,0x61,0x5f,0xc2,0x3e,0xbe,0x9d),
+        LL(0x20,0x20,0x80,0x20,0x1d,0xa0,0x40,0x3d),
+        LL(0x68,0x68,0xbd,0x68,0x67,0xd5,0xd0,0x0f),
+        LL(0x1a,0x1a,0x68,0x1a,0xd0,0x72,0x34,0xca),
+        LL(0xae,0xae,0x82,0xae,0x19,0x2c,0x41,0xb7),
+        LL(0xb4,0xb4,0xea,0xb4,0xc9,0x5e,0x75,0x7d),
+        LL(0x54,0x54,0x4d,0x54,0x9a,0x19,0xa8,0xce),
+        LL(0x93,0x93,0x76,0x93,0xec,0xe5,0x3b,0x7f),
+        LL(0x22,0x22,0x88,0x22,0x0d,0xaa,0x44,0x2f),
+        LL(0x64,0x64,0x8d,0x64,0x07,0xe9,0xc8,0x63),
+        LL(0xf1,0xf1,0xe3,0xf1,0xdb,0x12,0xff,0x2a),
+        LL(0x73,0x73,0xd1,0x73,0xbf,0xa2,0xe6,0xcc),
+        LL(0x12,0x12,0x48,0x12,0x90,0x5a,0x24,0x82),
+        LL(0x40,0x40,0x1d,0x40,0x3a,0x5d,0x80,0x7a),
+        LL(0x08,0x08,0x20,0x08,0x40,0x28,0x10,0x48),
+        LL(0xc3,0xc3,0x2b,0xc3,0x56,0xe8,0x9b,0x95),
+        LL(0xec,0xec,0x97,0xec,0x33,0x7b,0xc5,0xdf),
+        LL(0xdb,0xdb,0x4b,0xdb,0x96,0x90,0xab,0x4d),
+        LL(0xa1,0xa1,0xbe,0xa1,0x61,0x1f,0x5f,0xc0),
+        LL(0x8d,0x8d,0x0e,0x8d,0x1c,0x83,0x07,0x91),
+        LL(0x3d,0x3d,0xf4,0x3d,0xf5,0xc9,0x7a,0xc8),
+        LL(0x97,0x97,0x66,0x97,0xcc,0xf1,0x33,0x5b),
+        LL(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
+        LL(0xcf,0xcf,0x1b,0xcf,0x36,0xd4,0x83,0xf9),
+        LL(0x2b,0x2b,0xac,0x2b,0x45,0x87,0x56,0x6e),
+        LL(0x76,0x76,0xc5,0x76,0x97,0xb3,0xec,0xe1),
+        LL(0x82,0x82,0x32,0x82,0x64,0xb0,0x19,0xe6),
+        LL(0xd6,0xd6,0x7f,0xd6,0xfe,0xa9,0xb1,0x28),
+        LL(0x1b,0x1b,0x6c,0x1b,0xd8,0x77,0x36,0xc3),
+        LL(0xb5,0xb5,0xee,0xb5,0xc1,0x5b,0x77,0x74),
+        LL(0xaf,0xaf,0x86,0xaf,0x11,0x29,0x43,0xbe),
+        LL(0x6a,0x6a,0xb5,0x6a,0x77,0xdf,0xd4,0x1d),
+        LL(0x50,0x50,0x5d,0x50,0xba,0x0d,0xa0,0xea),
+        LL(0x45,0x45,0x09,0x45,0x12,0x4c,0x8a,0x57),
+        LL(0xf3,0xf3,0xeb,0xf3,0xcb,0x18,0xfb,0x38),
+        LL(0x30,0x30,0xc0,0x30,0x9d,0xf0,0x60,0xad),
+        LL(0xef,0xef,0x9b,0xef,0x2b,0x74,0xc3,0xc4),
+        LL(0x3f,0x3f,0xfc,0x3f,0xe5,0xc3,0x7e,0xda),
+        LL(0x55,0x55,0x49,0x55,0x92,0x1c,0xaa,0xc7),
+        LL(0xa2,0xa2,0xb2,0xa2,0x79,0x10,0x59,0xdb),
+        LL(0xea,0xea,0x8f,0xea,0x03,0x65,0xc9,0xe9),
+        LL(0x65,0x65,0x89,0x65,0x0f,0xec,0xca,0x6a),
+        LL(0xba,0xba,0xd2,0xba,0xb9,0x68,0x69,0x03),
+        LL(0x2f,0x2f,0xbc,0x2f,0x65,0x93,0x5e,0x4a),
+        LL(0xc0,0xc0,0x27,0xc0,0x4e,0xe7,0x9d,0x8e),
+        LL(0xde,0xde,0x5f,0xde,0xbe,0x81,0xa1,0x60),
+        LL(0x1c,0x1c,0x70,0x1c,0xe0,0x6c,0x38,0xfc),
+        LL(0xfd,0xfd,0xd3,0xfd,0xbb,0x2e,0xe7,0x46),
+        LL(0x4d,0x4d,0x29,0x4d,0x52,0x64,0x9a,0x1f),
+        LL(0x92,0x92,0x72,0x92,0xe4,0xe0,0x39,0x76),
+        LL(0x75,0x75,0xc9,0x75,0x8f,0xbc,0xea,0xfa),
+        LL(0x06,0x06,0x18,0x06,0x30,0x1e,0x0c,0x36),
+        LL(0x8a,0x8a,0x12,0x8a,0x24,0x98,0x09,0xae),
+        LL(0xb2,0xb2,0xf2,0xb2,0xf9,0x40,0x79,0x4b),
+        LL(0xe6,0xe6,0xbf,0xe6,0x63,0x59,0xd1,0x85),
+        LL(0x0e,0x0e,0x38,0x0e,0x70,0x36,0x1c,0x7e),
+        LL(0x1f,0x1f,0x7c,0x1f,0xf8,0x63,0x3e,0xe7),
+        LL(0x62,0x62,0x95,0x62,0x37,0xf7,0xc4,0x55),
+        LL(0xd4,0xd4,0x77,0xd4,0xee,0xa3,0xb5,0x3a),
+        LL(0xa8,0xa8,0x9a,0xa8,0x29,0x32,0x4d,0x81),
+        LL(0x96,0x96,0x62,0x96,0xc4,0xf4,0x31,0x52),
+        LL(0xf9,0xf9,0xc3,0xf9,0x9b,0x3a,0xef,0x62),
+        LL(0xc5,0xc5,0x33,0xc5,0x66,0xf6,0x97,0xa3),
+        LL(0x25,0x25,0x94,0x25,0x35,0xb1,0x4a,0x10),
+        LL(0x59,0x59,0x79,0x59,0xf2,0x20,0xb2,0xab),
+        LL(0x84,0x84,0x2a,0x84,0x54,0xae,0x15,0xd0),
+        LL(0x72,0x72,0xd5,0x72,0xb7,0xa7,0xe4,0xc5),
+        LL(0x39,0x39,0xe4,0x39,0xd5,0xdd,0x72,0xec),
+        LL(0x4c,0x4c,0x2d,0x4c,0x5a,0x61,0x98,0x16),
+        LL(0x5e,0x5e,0x65,0x5e,0xca,0x3b,0xbc,0x94),
+        LL(0x78,0x78,0xfd,0x78,0xe7,0x85,0xf0,0x9f),
+        LL(0x38,0x38,0xe0,0x38,0xdd,0xd8,0x70,0xe5),
+        LL(0x8c,0x8c,0x0a,0x8c,0x14,0x86,0x05,0x98),
+        LL(0xd1,0xd1,0x63,0xd1,0xc6,0xb2,0xbf,0x17),
+        LL(0xa5,0xa5,0xae,0xa5,0x41,0x0b,0x57,0xe4),
+        LL(0xe2,0xe2,0xaf,0xe2,0x43,0x4d,0xd9,0xa1),
+        LL(0x61,0x61,0x99,0x61,0x2f,0xf8,0xc2,0x4e),
+        LL(0xb3,0xb3,0xf6,0xb3,0xf1,0x45,0x7b,0x42),
+        LL(0x21,0x21,0x84,0x21,0x15,0xa5,0x42,0x34),
+        LL(0x9c,0x9c,0x4a,0x9c,0x94,0xd6,0x25,0x08),
+        LL(0x1e,0x1e,0x78,0x1e,0xf0,0x66,0x3c,0xee),
+        LL(0x43,0x43,0x11,0x43,0x22,0x52,0x86,0x61),
+        LL(0xc7,0xc7,0x3b,0xc7,0x76,0xfc,0x93,0xb1),
+        LL(0xfc,0xfc,0xd7,0xfc,0xb3,0x2b,0xe5,0x4f),
+        LL(0x04,0x04,0x10,0x04,0x20,0x14,0x08,0x24),
+        LL(0x51,0x51,0x59,0x51,0xb2,0x08,0xa2,0xe3),
+        LL(0x99,0x99,0x5e,0x99,0xbc,0xc7,0x2f,0x25),
+        LL(0x6d,0x6d,0xa9,0x6d,0x4f,0xc4,0xda,0x22),
+        LL(0x0d,0x0d,0x34,0x0d,0x68,0x39,0x1a,0x65),
+        LL(0xfa,0xfa,0xcf,0xfa,0x83,0x35,0xe9,0x79),
+        LL(0xdf,0xdf,0x5b,0xdf,0xb6,0x84,0xa3,0x69),
+        LL(0x7e,0x7e,0xe5,0x7e,0xd7,0x9b,0xfc,0xa9),
+        LL(0x24,0x24,0x90,0x24,0x3d,0xb4,0x48,0x19),
+        LL(0x3b,0x3b,0xec,0x3b,0xc5,0xd7,0x76,0xfe),
+        LL(0xab,0xab,0x96,0xab,0x31,0x3d,0x4b,0x9a),
+        LL(0xce,0xce,0x1f,0xce,0x3e,0xd1,0x81,0xf0),
+        LL(0x11,0x11,0x44,0x11,0x88,0x55,0x22,0x99),
+        LL(0x8f,0x8f,0x06,0x8f,0x0c,0x89,0x03,0x83),
+        LL(0x4e,0x4e,0x25,0x4e,0x4a,0x6b,0x9c,0x04),
+        LL(0xb7,0xb7,0xe6,0xb7,0xd1,0x51,0x73,0x66),
+        LL(0xeb,0xeb,0x8b,0xeb,0x0b,0x60,0xcb,0xe0),
+        LL(0x3c,0x3c,0xf0,0x3c,0xfd,0xcc,0x78,0xc1),
+        LL(0x81,0x81,0x3e,0x81,0x7c,0xbf,0x1f,0xfd),
+        LL(0x94,0x94,0x6a,0x94,0xd4,0xfe,0x35,0x40),
+        LL(0xf7,0xf7,0xfb,0xf7,0xeb,0x0c,0xf3,0x1c),
+        LL(0xb9,0xb9,0xde,0xb9,0xa1,0x67,0x6f,0x18),
+        LL(0x13,0x13,0x4c,0x13,0x98,0x5f,0x26,0x8b),
+        LL(0x2c,0x2c,0xb0,0x2c,0x7d,0x9c,0x58,0x51),
+        LL(0xd3,0xd3,0x6b,0xd3,0xd6,0xb8,0xbb,0x05),
+        LL(0xe7,0xe7,0xbb,0xe7,0x6b,0x5c,0xd3,0x8c),
+        LL(0x6e,0x6e,0xa5,0x6e,0x57,0xcb,0xdc,0x39),
+        LL(0xc4,0xc4,0x37,0xc4,0x6e,0xf3,0x95,0xaa),
+        LL(0x03,0x03,0x0c,0x03,0x18,0x0f,0x06,0x1b),
+        LL(0x56,0x56,0x45,0x56,0x8a,0x13,0xac,0xdc),
+        LL(0x44,0x44,0x0d,0x44,0x1a,0x49,0x88,0x5e),
+        LL(0x7f,0x7f,0xe1,0x7f,0xdf,0x9e,0xfe,0xa0),
+        LL(0xa9,0xa9,0x9e,0xa9,0x21,0x37,0x4f,0x88),
+        LL(0x2a,0x2a,0xa8,0x2a,0x4d,0x82,0x54,0x67),
+        LL(0xbb,0xbb,0xd6,0xbb,0xb1,0x6d,0x6b,0x0a),
+        LL(0xc1,0xc1,0x23,0xc1,0x46,0xe2,0x9f,0x87),
+        LL(0x53,0x53,0x51,0x53,0xa2,0x02,0xa6,0xf1),
+        LL(0xdc,0xdc,0x57,0xdc,0xae,0x8b,0xa5,0x72),
+        LL(0x0b,0x0b,0x2c,0x0b,0x58,0x27,0x16,0x53),
+        LL(0x9d,0x9d,0x4e,0x9d,0x9c,0xd3,0x27,0x01),
+        LL(0x6c,0x6c,0xad,0x6c,0x47,0xc1,0xd8,0x2b),
+        LL(0x31,0x31,0xc4,0x31,0x95,0xf5,0x62,0xa4),
+        LL(0x74,0x74,0xcd,0x74,0x87,0xb9,0xe8,0xf3),
+        LL(0xf6,0xf6,0xff,0xf6,0xe3,0x09,0xf1,0x15),
+        LL(0x46,0x46,0x05,0x46,0x0a,0x43,0x8c,0x4c),
+        LL(0xac,0xac,0x8a,0xac,0x09,0x26,0x45,0xa5),
+        LL(0x89,0x89,0x1e,0x89,0x3c,0x97,0x0f,0xb5),
+        LL(0x14,0x14,0x50,0x14,0xa0,0x44,0x28,0xb4),
+        LL(0xe1,0xe1,0xa3,0xe1,0x5b,0x42,0xdf,0xba),
+        LL(0x16,0x16,0x58,0x16,0xb0,0x4e,0x2c,0xa6),
+        LL(0x3a,0x3a,0xe8,0x3a,0xcd,0xd2,0x74,0xf7),
+        LL(0x69,0x69,0xb9,0x69,0x6f,0xd0,0xd2,0x06),
+        LL(0x09,0x09,0x24,0x09,0x48,0x2d,0x12,0x41),
+        LL(0x70,0x70,0xdd,0x70,0xa7,0xad,0xe0,0xd7),
+        LL(0xb6,0xb6,0xe2,0xb6,0xd9,0x54,0x71,0x6f),
+        LL(0xd0,0xd0,0x67,0xd0,0xce,0xb7,0xbd,0x1e),
+        LL(0xed,0xed,0x93,0xed,0x3b,0x7e,0xc7,0xd6),
+        LL(0xcc,0xcc,0x17,0xcc,0x2e,0xdb,0x85,0xe2),
+        LL(0x42,0x42,0x15,0x42,0x2a,0x57,0x84,0x68),
+        LL(0x98,0x98,0x5a,0x98,0xb4,0xc2,0x2d,0x2c),
+        LL(0xa4,0xa4,0xaa,0xa4,0x49,0x0e,0x55,0xed),
+        LL(0x28,0x28,0xa0,0x28,0x5d,0x88,0x50,0x75),
+        LL(0x5c,0x5c,0x6d,0x5c,0xda,0x31,0xb8,0x86),
+        LL(0xf8,0xf8,0xc7,0xf8,0x93,0x3f,0xed,0x6b),
+        LL(0x86,0x86,0x22,0x86,0x44,0xa4,0x11,0xc2),
+#define RC      (&(Cx.q[256*N]))
+        0x18,0x23,0xc6,0xe8,0x87,0xb8,0x01,0x4f,        /* rc[ROUNDS] */
+        0x36,0xa6,0xd2,0xf5,0x79,0x6f,0x91,0x52,
+        0x60,0xbc,0x9b,0x8e,0xa3,0x0c,0x7b,0x35,
+        0x1d,0xe0,0xd7,0xc2,0x2e,0x4b,0xfe,0x57,
+        0x15,0x77,0x37,0xe5,0x9f,0xf0,0x4a,0xda,
+        0x58,0xc9,0x29,0x0a,0xb1,0xa0,0x6b,0x85,
+        0xbd,0x5d,0x10,0xf4,0xcb,0x3e,0x05,0x67,
+        0xe4,0x27,0x41,0x8b,0xa7,0x7d,0x95,0xd8,
+        0xfb,0xee,0x7c,0x66,0xdd,0x17,0x47,0x9e,
+        0xca,0x2d,0xbf,0x07,0xad,0x5a,0x83,0x33
+        }
+};
+
+void whirlpool_block(WHIRLPOOL_CTX *ctx,const void *inp,size_t n)
+        {
+        int     r;
+        const u8 *p=inp;
+        union   { u64 q[8]; u8 c[64]; } S,K,*H=(void *)ctx->H.q;
+
+#ifdef GO_FOR_MMX
+        GO_FOR_MMX(ctx,inp,n);
+#endif
+                                                        do {
+#ifdef OPENSSL_SMALL_FOOTPRINT
+        u64     L[8];
+        int     i;
+
+        for (i=0;i<64;i++)      S.c[i] = (K.c[i] = H->c[i]) ^ p[i];
+        for (r=0;r<ROUNDS;r++)
+                {
+                for (i=0;i<8;i++)
+                        {
+                        L[i]  = i ? 0 : RC[r];
+                        L[i] ^= C0(K,i)       ^ C1(K,(i-1)&7) ^
+                                C2(K,(i-2)&7) ^ C3(K,(i-3)&7) ^
+                                C4(K,(i-4)&7) ^ C5(K,(i-5)&7) ^
+                                C6(K,(i-6)&7) ^ C7(K,(i-7)&7);
+                        }
+                memcpy (K.q,L,64);
+                for (i=0;i<8;i++)
+                        {
+                        L[i] ^= C0(S,i)       ^ C1(S,(i-1)&7) ^
+                                C2(S,(i-2)&7) ^ C3(S,(i-3)&7) ^
+                                C4(S,(i-4)&7) ^ C5(S,(i-5)&7) ^
+                                C6(S,(i-6)&7) ^ C7(S,(i-7)&7);
+                        }
+                memcpy (S.q,L,64);
+                }
+        for (i=0;i<64;i++)      H->c[i] ^= S.c[i] ^ p[i];
+#else
+        u64     L0,L1,L2,L3,L4,L5,L6,L7;
+
+#ifdef STRICT_ALIGNMENT
+        if ((size_t)p & 7)
+                {
+                memcpy (S.c,p,64);
+                S.q[0] ^= (K.q[0] = H->q[0]);
+                S.q[1] ^= (K.q[1] = H->q[1]);
+                S.q[2] ^= (K.q[2] = H->q[2]);
+                S.q[3] ^= (K.q[3] = H->q[3]);
+                S.q[4] ^= (K.q[4] = H->q[4]);
+                S.q[5] ^= (K.q[5] = H->q[5]);
+                S.q[6] ^= (K.q[6] = H->q[6]);
+                S.q[7] ^= (K.q[7] = H->q[7]);
+                }
+        else
+#endif
+                {
+                const u64 *pa = (const u64*)p;
+                S.q[0] = (K.q[0] = H->q[0]) ^ pa[0];
+                S.q[1] = (K.q[1] = H->q[1]) ^ pa[1];
+                S.q[2] = (K.q[2] = H->q[2]) ^ pa[2];
+                S.q[3] = (K.q[3] = H->q[3]) ^ pa[3];
+                S.q[4] = (K.q[4] = H->q[4]) ^ pa[4];
+                S.q[5] = (K.q[5] = H->q[5]) ^ pa[5];
+                S.q[6] = (K.q[6] = H->q[6]) ^ pa[6];
+                S.q[7] = (K.q[7] = H->q[7]) ^ pa[7];
+                }
+
+        for(r=0;r<ROUNDS;r++)
+                {
+#ifdef SMALL_REGISTER_BANK
+                L0 =    C0(K,0) ^ C1(K,7) ^ C2(K,6) ^ C3(K,5) ^
+                        C4(K,4) ^ C5(K,3) ^ C6(K,2) ^ C7(K,1) ^ RC[r];
+                L1 =    C0(K,1) ^ C1(K,0) ^ C2(K,7) ^ C3(K,6) ^
+                        C4(K,5) ^ C5(K,4) ^ C6(K,3) ^ C7(K,2);
+                L2 =    C0(K,2) ^ C1(K,1) ^ C2(K,0) ^ C3(K,7) ^
+                        C4(K,6) ^ C5(K,5) ^ C6(K,4) ^ C7(K,3);
+                L3 =    C0(K,3) ^ C1(K,2) ^ C2(K,1) ^ C3(K,0) ^
+                        C4(K,7) ^ C5(K,6) ^ C6(K,5) ^ C7(K,4);
+                L4 =    C0(K,4) ^ C1(K,3) ^ C2(K,2) ^ C3(K,1) ^
+                        C4(K,0) ^ C5(K,7) ^ C6(K,6) ^ C7(K,5);
+                L5 =    C0(K,5) ^ C1(K,4) ^ C2(K,3) ^ C3(K,2) ^
+                        C4(K,1) ^ C5(K,0) ^ C6(K,7) ^ C7(K,6);
+                L6 =    C0(K,6) ^ C1(K,5) ^ C2(K,4) ^ C3(K,3) ^
+                        C4(K,2) ^ C5(K,1) ^ C6(K,0) ^ C7(K,7);
+                L7 =    C0(K,7) ^ C1(K,6) ^ C2(K,5) ^ C3(K,4) ^
+                        C4(K,3) ^ C5(K,2) ^ C6(K,1) ^ C7(K,0);
+
+                K.q[0] = L0; K.q[1] = L1; K.q[2] = L2; K.q[3] = L3;
+                K.q[4] = L4; K.q[5] = L5; K.q[6] = L6; K.q[7] = L7;
+
+                L0 ^=   C0(S,0) ^ C1(S,7) ^ C2(S,6) ^ C3(S,5) ^
+                        C4(S,4) ^ C5(S,3) ^ C6(S,2) ^ C7(S,1);
+                L1 ^=   C0(S,1) ^ C1(S,0) ^ C2(S,7) ^ C3(S,6) ^
+                        C4(S,5) ^ C5(S,4) ^ C6(S,3) ^ C7(S,2);
+                L2 ^=   C0(S,2) ^ C1(S,1) ^ C2(S,0) ^ C3(S,7) ^
+                        C4(S,6) ^ C5(S,5) ^ C6(S,4) ^ C7(S,3);
+                L3 ^=   C0(S,3) ^ C1(S,2) ^ C2(S,1) ^ C3(S,0) ^
+                        C4(S,7) ^ C5(S,6) ^ C6(S,5) ^ C7(S,4);
+                L4 ^=   C0(S,4) ^ C1(S,3) ^ C2(S,2) ^ C3(S,1) ^
+                        C4(S,0) ^ C5(S,7) ^ C6(S,6) ^ C7(S,5);
+                L5 ^=   C0(S,5) ^ C1(S,4) ^ C2(S,3) ^ C3(S,2) ^
+                        C4(S,1) ^ C5(S,0) ^ C6(S,7) ^ C7(S,6);
+                L6 ^=   C0(S,6) ^ C1(S,5) ^ C2(S,4) ^ C3(S,3) ^
+                        C4(S,2) ^ C5(S,1) ^ C6(S,0) ^ C7(S,7);
+                L7 ^=   C0(S,7) ^ C1(S,6) ^ C2(S,5) ^ C3(S,4) ^
+                        C4(S,3) ^ C5(S,2) ^ C6(S,1) ^ C7(S,0);
+
+                S.q[0] = L0; S.q[1] = L1; S.q[2] = L2; S.q[3] = L3;
+                S.q[4] = L4; S.q[5] = L5; S.q[6] = L6; S.q[7] = L7;
+#else
+                L0  = C0(K,0); L1  = C1(K,0); L2  = C2(K,0); L3  = C3(K,0);
+                L4  = C4(K,0); L5  = C5(K,0); L6  = C6(K,0); L7  = C7(K,0);
+                L0 ^= RC[r];
+
+                L1 ^= C0(K,1); L2 ^= C1(K,1); L3 ^= C2(K,1); L4 ^= C3(K,1);
+                L5 ^= C4(K,1); L6 ^= C5(K,1); L7 ^= C6(K,1); L0 ^= C7(K,1);
+
+                L2 ^= C0(K,2); L3 ^= C1(K,2); L4 ^= C2(K,2); L5 ^= C3(K,2);
+                L6 ^= C4(K,2); L7 ^= C5(K,2); L0 ^= C6(K,2); L1 ^= C7(K,2);
+
+                L3 ^= C0(K,3); L4 ^= C1(K,3); L5 ^= C2(K,3); L6 ^= C3(K,3);
+                L7 ^= C4(K,3); L0 ^= C5(K,3); L1 ^= C6(K,3); L2 ^= C7(K,3);
+
+                L4 ^= C0(K,4); L5 ^= C1(K,4); L6 ^= C2(K,4); L7 ^= C3(K,4);
+                L0 ^= C4(K,4); L1 ^= C5(K,4); L2 ^= C6(K,4); L3 ^= C7(K,4);
+
+                L5 ^= C0(K,5); L6 ^= C1(K,5); L7 ^= C2(K,5); L0 ^= C3(K,5);
+                L1 ^= C4(K,5); L2 ^= C5(K,5); L3 ^= C6(K,5); L4 ^= C7(K,5);
+
+                L6 ^= C0(K,6); L7 ^= C1(K,6); L0 ^= C2(K,6); L1 ^= C3(K,6);
+                L2 ^= C4(K,6); L3 ^= C5(K,6); L4 ^= C6(K,6); L5 ^= C7(K,6);
+
+                L7 ^= C0(K,7); L0 ^= C1(K,7); L1 ^= C2(K,7); L2 ^= C3(K,7);
+                L3 ^= C4(K,7); L4 ^= C5(K,7); L5 ^= C6(K,7); L6 ^= C7(K,7);
+
+                K.q[0] = L0; K.q[1] = L1; K.q[2] = L2; K.q[3] = L3;
+                K.q[4] = L4; K.q[5] = L5; K.q[6] = L6; K.q[7] = L7;
+
+                L0 ^= C0(S,0); L1 ^= C1(S,0); L2 ^= C2(S,0); L3 ^= C3(S,0);
+                L4 ^= C4(S,0); L5 ^= C5(S,0); L6 ^= C6(S,0); L7 ^= C7(S,0);
+
+                L1 ^= C0(S,1); L2 ^= C1(S,1); L3 ^= C2(S,1); L4 ^= C3(S,1);
+                L5 ^= C4(S,1); L6 ^= C5(S,1); L7 ^= C6(S,1); L0 ^= C7(S,1);
+
+                L2 ^= C0(S,2); L3 ^= C1(S,2); L4 ^= C2(S,2); L5 ^= C3(S,2);
+                L6 ^= C4(S,2); L7 ^= C5(S,2); L0 ^= C6(S,2); L1 ^= C7(S,2);
+
+                L3 ^= C0(S,3); L4 ^= C1(S,3); L5 ^= C2(S,3); L6 ^= C3(S,3);
+                L7 ^= C4(S,3); L0 ^= C5(S,3); L1 ^= C6(S,3); L2 ^= C7(S,3);
+
+                L4 ^= C0(S,4); L5 ^= C1(S,4); L6 ^= C2(S,4); L7 ^= C3(S,4);
+                L0 ^= C4(S,4); L1 ^= C5(S,4); L2 ^= C6(S,4); L3 ^= C7(S,4);
+
+                L5 ^= C0(S,5); L6 ^= C1(S,5); L7 ^= C2(S,5); L0 ^= C3(S,5);
+                L1 ^= C4(S,5); L2 ^= C5(S,5); L3 ^= C6(S,5); L4 ^= C7(S,5);
+
+                L6 ^= C0(S,6); L7 ^= C1(S,6); L0 ^= C2(S,6); L1 ^= C3(S,6);
+                L2 ^= C4(S,6); L3 ^= C5(S,6); L4 ^= C6(S,6); L5 ^= C7(S,6);
+
+                L7 ^= C0(S,7); L0 ^= C1(S,7); L1 ^= C2(S,7); L2 ^= C3(S,7);
+                L3 ^= C4(S,7); L4 ^= C5(S,7); L5 ^= C6(S,7); L6 ^= C7(S,7);
+
+                S.q[0] = L0; S.q[1] = L1; S.q[2] = L2; S.q[3] = L3;
+                S.q[4] = L4; S.q[5] = L5; S.q[6] = L6; S.q[7] = L7;
+#endif
+                }
+
+#ifdef STRICT_ALIGNMENT
+        if ((size_t)p & 7)
+                {
+                int i;
+                for(i=0;i<64;i++)       H->c[i] ^= S.c[i] ^ p[i];
+                }
+        else
+#endif
+                {
+                const u64 *pa=(const u64 *)p;
+                H->q[0] ^= S.q[0] ^ pa[0];
+                H->q[1] ^= S.q[1] ^ pa[1];
+                H->q[2] ^= S.q[2] ^ pa[2];
+                H->q[3] ^= S.q[3] ^ pa[3];
+                H->q[4] ^= S.q[4] ^ pa[4];
+                H->q[5] ^= S.q[5] ^ pa[5];
+                H->q[6] ^= S.q[6] ^ pa[6];
+                H->q[7] ^= S.q[7] ^ pa[7];
+                }
+#endif
+                                                        p += 64;
+                                                        } while(--n);
+        }
diff --git a/src/lib/libcrypto/whrlpool/wp_dgst.c b/src/lib/libcrypto/whrlpool/wp_dgst.c
new file mode 100644
index 0000000000..ee5c5c1bf3
--- /dev/null
+++ b/src/lib/libcrypto/whrlpool/wp_dgst.c
@@ -0,0 +1,264 @@
+/**
+ * The Whirlpool hashing function.
+ *
+ * <P>
+ * <b>References</b>
+ *
+ * <P>
+ * The Whirlpool algorithm was developed by
+ * <a href="mailto:pbarreto@scopus.com.br">Paulo S. L. M. Barreto</a> and
+ * <a href="mailto:vincent.rijmen@cryptomathic.com">Vincent Rijmen</a>.
+ *
+ * See
+ *      P.S.L.M. Barreto, V. Rijmen,
+ *      ``The Whirlpool hashing function,''
+ *      NESSIE submission, 2000 (tweaked version, 2001),
+ *      <https://www.cosic.esat.kuleuven.ac.be/nessie/workshop/submissions/whirlpool.zip>
+ *
+ * Based on "@version 3.0 (2003.03.12)" by Paulo S.L.M. Barreto and
+ * Vincent Rijmen. Lookup "reference implementations" on
+ * <http://planeta.terra.com.br/informatica/paulobarreto/>
+ *
+ * =============================================================================
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
+ * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+ * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+ * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+/*
+ * OpenSSL-specific implementation notes.
+ *
+ * WHIRLPOOL_Update as well as one-stroke WHIRLPOOL both expect
+ * number of *bytes* as input length argument. Bit-oriented routine
+ * as specified by authors is called WHIRLPOOL_BitUpdate[!] and
+ * does not have one-stroke counterpart.
+ *
+ * WHIRLPOOL_BitUpdate implements byte-oriented loop, essentially
+ * to serve WHIRLPOOL_Update. This is done for performance.
+ *
+ * Unlike authors' reference implementation, block processing
+ * routine whirlpool_block is designed to operate on multi-block
+ * input. This is done for perfomance.
+ */
+
+#include "wp_locl.h"
+#include <string.h>
+
+int WHIRLPOOL_Init      (WHIRLPOOL_CTX *c)
+        {
+        memset (c,0,sizeof(*c));
+        return(1);
+        }
+
+int WHIRLPOOL_Update    (WHIRLPOOL_CTX *c,const void *_inp,size_t bytes)
+        {
+        /* Well, largest suitable chunk size actually is
+         * (1<<(sizeof(size_t)*8-3))-64, but below number
+         * is large enough for not to care about excessive
+         * calls to WHIRLPOOL_BitUpdate... */
+        size_t chunk = ((size_t)1)<<(sizeof(size_t)*8-4);
+        const unsigned char *inp = _inp;
+
+        while (bytes>=chunk)
+                {
+                WHIRLPOOL_BitUpdate(c,inp,chunk*8);
+                bytes -= chunk;
+                inp   += chunk;
+                }
+        if (bytes)
+                WHIRLPOOL_BitUpdate(c,inp,bytes*8);
+
+        return(1);
+        }
+
+void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c,const void *_inp,size_t bits)
+        {
+        size_t          n;
+        unsigned int    bitoff = c->bitoff,
+                        bitrem = bitoff%8,
+                        inpgap = (8-(unsigned int)bits%8)&7;
+        const unsigned char *inp=_inp;
+
+        /* This 256-bit increment procedure relies on the size_t
+         * being natural size of CPU register, so that we don't
+         * have to mask the value in order to detect overflows. */
+        c->bitlen[0] += bits;
+        if (c->bitlen[0] < bits)        /* overflow */
+                {
+                n = 1;
+                do  {   c->bitlen[n]++;
+                    } while(c->bitlen[n]==0
+                            && ++n<(WHIRLPOOL_COUNTER/sizeof(size_t)));
+                }
+
+#ifndef OPENSSL_SMALL_FOOTPRINT
+        reconsider:
+        if (inpgap==0 && bitrem==0)     /* byte-oriented loop */
+                {
+                while (bits)
+                        {
+                        if (bitoff==0 && (n=bits/WHIRLPOOL_BBLOCK))
+                                {
+                                whirlpool_block(c,inp,n);
+                                inp  += n*WHIRLPOOL_BBLOCK/8;
+                                bits %= WHIRLPOOL_BBLOCK;
+                                }
+                        else
+                                {
+                                unsigned int byteoff = bitoff/8;
+
+                                bitrem = WHIRLPOOL_BBLOCK - bitoff;/* re-use bitrem */
+                                if (bits >= bitrem)
+                                        {
+                                        bits -= bitrem;
+                                        bitrem /= 8;
+                                        memcpy(c->data+byteoff,inp,bitrem);
+                                        inp  += bitrem;
+                                        whirlpool_block(c,c->data,1);
+                                        bitoff = 0;
+                                        }
+                                else
+                                        {
+                                        memcpy(c->data+byteoff,inp,bits/8);
+                                        bitoff += (unsigned int)bits;
+                                        bits = 0;
+                                        }
+                                c->bitoff = bitoff;
+                                }
+                        }
+                }
+        else                            /* bit-oriented loop */
+#endif
+                {
+                /*
+                           inp
+                           |
+                           +-------+-------+-------
+                              |||||||||||||||||||||
+                           +-------+-------+-------
+                +-------+-------+-------+-------+-------
+                ||||||||||||||                          c->data
+                +-------+-------+-------+-------+-------
+                        |
+                        c->bitoff/8
+                */
+                while (bits)
+                        {
+                        unsigned int    byteoff = bitoff/8;
+                        unsigned char   b;
+
+#ifndef OPENSSL_SMALL_FOOTPRINT
+                        if (bitrem==inpgap)
+                                {
+                                c->data[byteoff++] |= inp[0] & (0xff>>inpgap);
+                                inpgap = 8-inpgap;
+                                bitoff += inpgap;  bitrem = 0;  /* bitoff%8 */
+                                bits   -= inpgap;  inpgap = 0;  /* bits%8   */
+                                inp++;
+                                if (bitoff==WHIRLPOOL_BBLOCK)
+                                        {
+                                        whirlpool_block(c,c->data,1);
+                                        bitoff = 0;
+                                        }
+                                c->bitoff = bitoff;
+                                goto reconsider;
+                                }
+                        else
+#endif
+                        if (bits>=8)
+                                {
+                                b  = ((inp[0]<<inpgap) | (inp[1]>>(8-inpgap)));
+                                b &= 0xff;
+                                if (bitrem)     c->data[byteoff++] |= b>>bitrem;
+                                else            c->data[byteoff++]  = b;
+                                bitoff += 8;
+                                bits   -= 8;
+                                inp++;
+                                if (bitoff>=WHIRLPOOL_BBLOCK)
+                                        {
+                                        whirlpool_block(c,c->data,1);
+                                        byteoff  = 0;
+                                        bitoff  %= WHIRLPOOL_BBLOCK;
+                                        }
+                                if (bitrem)     c->data[byteoff] = b<<(8-bitrem);
+                                }
+                        else    /* remaining less than 8 bits */
+                                {
+                                b = (inp[0]<<inpgap)&0xff;
+                                if (bitrem)     c->data[byteoff++] |= b>>bitrem;
+                                else            c->data[byteoff++]  = b;
+                                bitoff += (unsigned int)bits;
+                                if (bitoff==WHIRLPOOL_BBLOCK)
+                                        {
+                                        whirlpool_block(c,c->data,1);
+                                        byteoff  = 0;
+                                        bitoff  %= WHIRLPOOL_BBLOCK;
+                                        }
+                                if (bitrem)     c->data[byteoff] = b<<(8-bitrem);
+                                bits = 0;
+                                }
+                        c->bitoff = bitoff;
+                        }
+                }
+        }
+
+int WHIRLPOOL_Final     (unsigned char *md,WHIRLPOOL_CTX *c)
+        {
+        unsigned int    bitoff  = c->bitoff,
+                        byteoff = bitoff/8;
+        size_t          i,j,v;
+        unsigned char  *p;
+
+        bitoff %= 8;
+        if (bitoff)     c->data[byteoff] |= 0x80>>bitoff;
+        else            c->data[byteoff]  = 0x80;
+        byteoff++;
+
+        /* pad with zeros */
+        if (byteoff > (WHIRLPOOL_BBLOCK/8-WHIRLPOOL_COUNTER))
+                {
+                if (byteoff<WHIRLPOOL_BBLOCK/8)
+                        memset(&c->data[byteoff],0,WHIRLPOOL_BBLOCK/8-byteoff);
+                whirlpool_block(c,c->data,1);
+                byteoff = 0;
+                }
+        if (byteoff < (WHIRLPOOL_BBLOCK/8-WHIRLPOOL_COUNTER))
+                memset(&c->data[byteoff],0,
+                        (WHIRLPOOL_BBLOCK/8-WHIRLPOOL_COUNTER)-byteoff);
+        /* smash 256-bit c->bitlen in big-endian order */
+        p = &c->data[WHIRLPOOL_BBLOCK/8-1];     /* last byte in c->data */
+        for(i=0;i<WHIRLPOOL_COUNTER/sizeof(size_t);i++)
+                for(v=c->bitlen[i],j=0;j<sizeof(size_t);j++,v>>=8)
+                        *p-- = (unsigned char)(v&0xff);
+
+        whirlpool_block(c,c->data,1);
+
+        if (md) {
+                memcpy(md,c->H.c,WHIRLPOOL_DIGEST_LENGTH);
+                memset(c,0,sizeof(*c));
+                return(1);
+                }
+        return(0);
+        }
+
+unsigned char *WHIRLPOOL(const void *inp, size_t bytes,unsigned char *md)
+        {
+        WHIRLPOOL_CTX ctx;
+        static unsigned char m[WHIRLPOOL_DIGEST_LENGTH];
+
+        if (md == NULL) md=m;
+        WHIRLPOOL_Init(&ctx);
+        WHIRLPOOL_Update(&ctx,inp,bytes);
+        WHIRLPOOL_Final(md,&ctx);
+        return(md);
+        }
diff --git a/src/lib/libcrypto/whrlpool/wp_locl.h b/src/lib/libcrypto/whrlpool/wp_locl.h
new file mode 100644
index 0000000000..94e56a39f1
--- /dev/null
+++ b/src/lib/libcrypto/whrlpool/wp_locl.h
@@ -0,0 +1,3 @@
+#include <openssl/whrlpool.h>
+
+void whirlpool_block(WHIRLPOOL_CTX *,const void *,size_t);
diff --git a/src/lib/libcrypto/x509/x509_vpm.c b/src/lib/libcrypto/x509/x509_vpm.c
index 2b06718aec..dfd89d89fa 100644
--- a/src/lib/libcrypto/x509/x509_vpm.c
+++ b/src/lib/libcrypto/x509/x509_vpm.c
@@ -74,6 +74,7 @@ static void x509_verify_param_zero(X509_VERIFY_PARAM *param)
         param->name = NULL;
         param->purpose = 0;
         param->trust = 0;
+        /*param->inh_flags = X509_VP_FLAG_DEFAULT;*/
         param->inh_flags = 0;
         param->flags = 0;
         param->depth = -1;
@@ -198,8 +199,12 @@ int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest,
 int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to,
                                                 const X509_VERIFY_PARAM *from)
         {
+        unsigned long save_flags = to->inh_flags;
+        int ret;
         to->inh_flags |= X509_VP_FLAG_DEFAULT;
-        return X509_VERIFY_PARAM_inherit(to, from);
+        ret = X509_VERIFY_PARAM_inherit(to, from);
+        to->inh_flags = save_flags;
+        return ret;
         }
 
 int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name)
@@ -324,7 +329,7 @@ static const X509_VERIFY_PARAM default_table[] = {
         NULL            /* policies */
         },
         {
-        "pkcs7",                        /* S/MIME signing parameters */
+        "pkcs7",                        /* S/MIME sign parameters */
         0,                              /* Check time */
         0,                              /* internal flags */
         0,                              /* flags */
@@ -334,7 +339,7 @@ static const X509_VERIFY_PARAM default_table[] = {
         NULL                            /* policies */
         },
         {
-        "smime_sign",                   /* S/MIME signing parameters */
+        "smime_sign",                   /* S/MIME sign parameters */
         0,                              /* Check time */
         0,                              /* internal flags */
         0,                              /* flags */
@@ -366,12 +371,17 @@ static const X509_VERIFY_PARAM default_table[] = {
 
 static STACK_OF(X509_VERIFY_PARAM) *param_table = NULL;
 
-static int table_cmp(const void *pa, const void *pb)
+static int table_cmp(const X509_VERIFY_PARAM *a, const X509_VERIFY_PARAM *b)
+
         {
-        const X509_VERIFY_PARAM *a = pa, *b = pb;
         return strcmp(a->name, b->name);
         }
 
+DECLARE_OBJ_BSEARCH_CMP_FN(X509_VERIFY_PARAM, X509_VERIFY_PARAM,
+                           table);
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(X509_VERIFY_PARAM, X509_VERIFY_PARAM,
+                             table);
+
 static int param_cmp(const X509_VERIFY_PARAM * const *a,
                         const X509_VERIFY_PARAM * const *b)
         {
@@ -407,6 +417,7 @@ const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name)
         {
         int idx;
         X509_VERIFY_PARAM pm;
+
         pm.name = (char *)name;
         if (param_table)
                 {
@@ -414,11 +425,8 @@ const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name)
                 if (idx != -1)
                         return sk_X509_VERIFY_PARAM_value(param_table, idx);
                 }
-        return (const X509_VERIFY_PARAM *) OBJ_bsearch((char *)&pm,
-                                (char *)&default_table,
-                                sizeof(default_table)/sizeof(X509_VERIFY_PARAM),
-                                sizeof(X509_VERIFY_PARAM),
-                                table_cmp);
+        return OBJ_bsearch_table(&pm, default_table,
+                           sizeof(default_table)/sizeof(X509_VERIFY_PARAM));
         }
 
 void X509_VERIFY_PARAM_table_cleanup(void)
diff --git a/src/lib/libcrypto/x509v3/pcy_cache.c b/src/lib/libcrypto/x509v3/pcy_cache.c
index 1030931b71..172b7e7ee4 100644
--- a/src/lib/libcrypto/x509v3/pcy_cache.c
+++ b/src/lib/libcrypto/x509v3/pcy_cache.c
@@ -139,7 +139,6 @@ static int policy_cache_new(X509 *x)
                 return 0;
         cache->anyPolicy = NULL;
         cache->data = NULL;
-        cache->maps = NULL;
         cache->any_skip = -1;
         cache->explicit_skip = -1;
         cache->map_skip = -1;
diff --git a/src/lib/libcrypto/x509v3/pcy_int.h b/src/lib/libcrypto/x509v3/pcy_int.h
index 3780de4fcd..ccff92846e 100644
--- a/src/lib/libcrypto/x509v3/pcy_int.h
+++ b/src/lib/libcrypto/x509v3/pcy_int.h
@@ -56,12 +56,10 @@
  *
  */
 
-DECLARE_STACK_OF(X509_POLICY_DATA)
-DECLARE_STACK_OF(X509_POLICY_REF)
-DECLARE_STACK_OF(X509_POLICY_NODE)
 
 typedef struct X509_POLICY_DATA_st X509_POLICY_DATA;
-typedef struct X509_POLICY_REF_st X509_POLICY_REF;
+
+DECLARE_STACK_OF(X509_POLICY_DATA)
 
 /* Internal structures */
 
@@ -110,16 +108,6 @@ struct X509_POLICY_DATA_st
 
 #define POLICY_DATA_FLAG_CRITICAL               0x10
 
-/* This structure is an entry from a table of mapped policies which
- * cross reference the policy it refers to.
- */
-
-struct X509_POLICY_REF_st
-        {
-        ASN1_OBJECT *subjectDomainPolicy;
-        const X509_POLICY_DATA *data;
-        };
-
 /* This structure is cached with a certificate */
 
 struct X509_POLICY_CACHE_st {
@@ -127,8 +115,6 @@ struct X509_POLICY_CACHE_st {
         X509_POLICY_DATA *anyPolicy;
         /* other policy data */
         STACK_OF(X509_POLICY_DATA) *data;
-        /* If policyMappings extension present a table of mapped policies */
-        STACK_OF(X509_POLICY_REF) *maps;
         /* If InhibitAnyPolicy present this is its value or -1 if absent. */
         long any_skip;
         /* If policyConstraints and requireExplicitPolicy present this is its
@@ -193,7 +179,7 @@ struct X509_POLICY_TREE_st
 
 /* Internal functions */
 
-X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, ASN1_OBJECT *id,
+X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, const ASN1_OBJECT *id,
                                                                 int crit);
 void policy_data_free(X509_POLICY_DATA *data);
 
@@ -209,15 +195,18 @@ void policy_cache_init(void);
 void policy_cache_free(X509_POLICY_CACHE *cache);
 
 X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level,
+                                        const X509_POLICY_NODE *parent, 
                                         const ASN1_OBJECT *id);
 
 X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk,
                                                 const ASN1_OBJECT *id);
 
 X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
-                        X509_POLICY_DATA *data,
+                        const X509_POLICY_DATA *data,
                         X509_POLICY_NODE *parent,
                         X509_POLICY_TREE *tree);
 void policy_node_free(X509_POLICY_NODE *node);
+int policy_node_match(const X509_POLICY_LEVEL *lvl,
+                      const X509_POLICY_NODE *node, const ASN1_OBJECT *oid);
 
 const X509_POLICY_CACHE *policy_cache_set(X509 *x);
diff --git a/src/lib/libcrypto/x509v3/pcy_map.c b/src/lib/libcrypto/x509v3/pcy_map.c
index f28796e6d4..21163b529d 100644
--- a/src/lib/libcrypto/x509v3/pcy_map.c
+++ b/src/lib/libcrypto/x509v3/pcy_map.c
@@ -62,31 +62,6 @@
 
 #include "pcy_int.h"
 
-static int ref_cmp(const X509_POLICY_REF * const *a,
-                        const X509_POLICY_REF * const *b)
-        {
-        return OBJ_cmp((*a)->subjectDomainPolicy, (*b)->subjectDomainPolicy);
-        }
-
-static void policy_map_free(X509_POLICY_REF *map)
-        {
-        if (map->subjectDomainPolicy)
-                ASN1_OBJECT_free(map->subjectDomainPolicy);
-        OPENSSL_free(map);
-        }
-
-static X509_POLICY_REF *policy_map_find(X509_POLICY_CACHE *cache, ASN1_OBJECT *id)
-        {
-        X509_POLICY_REF tmp;
-        int idx;
-        tmp.subjectDomainPolicy = id;
-
-        idx = sk_X509_POLICY_REF_find(cache->maps, &tmp);
-        if (idx == -1)
-                return NULL;
-        return sk_X509_POLICY_REF_value(cache->maps, idx);
-        }
-
 /* Set policy mapping entries in cache.
  * Note: this modifies the passed POLICY_MAPPINGS structure
  */
@@ -94,7 +69,6 @@ static X509_POLICY_REF *policy_map_find(X509_POLICY_CACHE *cache, ASN1_OBJECT *i
 int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps)
         {
         POLICY_MAPPING *map;
-        X509_POLICY_REF *ref = NULL;
         X509_POLICY_DATA *data;
         X509_POLICY_CACHE *cache = x->policy_cache;
         int i;
@@ -104,7 +78,6 @@ int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps)
                 ret = -1;
                 goto bad_mapping;
                 }
-        cache->maps = sk_X509_POLICY_REF_new(ref_cmp);
         for (i = 0; i < sk_POLICY_MAPPING_num(maps); i++)
                 {
                 map = sk_POLICY_MAPPING_value(maps, i);
@@ -116,13 +89,6 @@ int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps)
                         goto bad_mapping;
                         }
 
-                /* If we've already mapped from this OID bad mapping */
-                if (policy_map_find(cache, map->subjectDomainPolicy) != NULL)
-                        {
-                        ret = -1;
-                        goto bad_mapping;
-                        }
-
                 /* Attempt to find matching policy data */
                 data = policy_cache_find_data(cache, map->issuerDomainPolicy);
                 /* If we don't have anyPolicy can't map */
@@ -138,7 +104,7 @@ int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps)
                         if (!data)
                                 goto bad_mapping;
                         data->qualifier_set = cache->anyPolicy->qualifier_set;
-                        map->issuerDomainPolicy = NULL;
+                        /*map->issuerDomainPolicy = NULL;*/
                         data->flags |= POLICY_DATA_FLAG_MAPPED_ANY;
                         data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
                         if (!sk_X509_POLICY_DATA_push(cache->data, data))
@@ -149,23 +115,10 @@ int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps)
                         }
                 else
                         data->flags |= POLICY_DATA_FLAG_MAPPED;
-
                 if (!sk_ASN1_OBJECT_push(data->expected_policy_set, 
                                                 map->subjectDomainPolicy))
                         goto bad_mapping;
-                
-                ref = OPENSSL_malloc(sizeof(X509_POLICY_REF));
-                if (!ref)
-                        goto bad_mapping;
-
-                ref->subjectDomainPolicy = map->subjectDomainPolicy;
                 map->subjectDomainPolicy = NULL;
-                ref->data = data;
-
-                if (!sk_X509_POLICY_REF_push(cache->maps, ref))
-                        goto bad_mapping;
-
-                ref = NULL;
 
                 }
 
@@ -173,13 +126,6 @@ int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps)
         bad_mapping:
         if (ret == -1)
                 x->ex_flags |= EXFLAG_INVALID_POLICY;
-        if (ref)
-                policy_map_free(ref);
-        if (ret <= 0)
-                {
-                sk_X509_POLICY_REF_pop_free(cache->maps, policy_map_free);
-                cache->maps = NULL;
-                }
         sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free);
         return ret;
 
diff --git a/src/lib/libcrypto/x509v3/pcy_node.c b/src/lib/libcrypto/x509v3/pcy_node.c
index 6587cb05ab..bd1e7f1ae8 100644
--- a/src/lib/libcrypto/x509v3/pcy_node.c
+++ b/src/lib/libcrypto/x509v3/pcy_node.c
@@ -92,13 +92,25 @@ X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *nodes,
         }
 
 X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level,
+                                        const X509_POLICY_NODE *parent, 
                                         const ASN1_OBJECT *id)
         {
-        return tree_find_sk(level->nodes, id);
+        X509_POLICY_NODE *node;
+        int i;
+        for (i = 0; i < sk_X509_POLICY_NODE_num(level->nodes); i++)
+                {
+                node = sk_X509_POLICY_NODE_value(level->nodes, i);
+                if (node->parent == parent)
+                        {
+                        if (!OBJ_cmp(node->data->valid_policy, id))
+                                return node;
+                        }
+                }
+        return NULL;
         }
 
 X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
-                        X509_POLICY_DATA *data,
+                        const X509_POLICY_DATA *data,
                         X509_POLICY_NODE *parent,
                         X509_POLICY_TREE *tree)
         {
@@ -155,4 +167,31 @@ void policy_node_free(X509_POLICY_NODE *node)
         OPENSSL_free(node);
         }
 
+/* See if a policy node matches a policy OID. If mapping enabled look through
+ * expected policy set otherwise just valid policy.
+ */
+
+int policy_node_match(const X509_POLICY_LEVEL *lvl,
+                      const X509_POLICY_NODE *node, const ASN1_OBJECT *oid)
+        {
+        int i;
+        ASN1_OBJECT *policy_oid;
+        const X509_POLICY_DATA *x = node->data;
+
+        if (        (lvl->flags & X509_V_FLAG_INHIBIT_MAP)
+                || !(x->flags & POLICY_DATA_FLAG_MAP_MASK))
+                {
+                if (!OBJ_cmp(x->valid_policy, oid))
+                        return 1;
+                return 0;
+                }
+
+        for (i = 0; i < sk_ASN1_OBJECT_num(x->expected_policy_set); i++)
+                {
+                policy_oid = sk_ASN1_OBJECT_value(x->expected_policy_set, i);
+                if (!OBJ_cmp(policy_oid, oid))
+                        return 1;
+                }
+        return 0;
 
+        }
diff --git a/src/lib/libcrypto/x509v3/v3_ncons.c b/src/lib/libcrypto/x509v3/v3_ncons.c
index 4e706be3e1..689df46acd 100644
--- a/src/lib/libcrypto/x509v3/v3_ncons.c
+++ b/src/lib/libcrypto/x509v3/v3_ncons.c
@@ -63,15 +63,22 @@
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>
 
-static void *v2i_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method,
-                                X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-static int i2r_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method, 
+static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
+                                  X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, 
                                 void *a, BIO *bp, int ind);
-static int do_i2r_name_constraints(X509V3_EXT_METHOD *method,
-                                STACK_OF(GENERAL_SUBTREE) *trees,
-                                        BIO *bp, int ind, char *name);
+static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method,
+                                   STACK_OF(GENERAL_SUBTREE) *trees,
+                                   BIO *bp, int ind, char *name);
 static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip);
 
+static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc);
+static int nc_match_single(GENERAL_NAME *sub, GENERAL_NAME *gen);
+static int nc_dn(X509_NAME *sub, X509_NAME *nm);
+static int nc_dns(ASN1_IA5STRING *sub, ASN1_IA5STRING *dns);
+static int nc_email(ASN1_IA5STRING *sub, ASN1_IA5STRING *eml);
+static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base);
+
 const X509V3_EXT_METHOD v3_name_constraints = {
         NID_name_constraints, 0,
         ASN1_ITEM_ref(NAME_CONSTRAINTS),
@@ -99,8 +106,8 @@ ASN1_SEQUENCE(NAME_CONSTRAINTS) = {
 IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE)
 IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)
 
-static void *v2i_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method,
-                                X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
+                                  X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
         {
         int i;
         CONF_VALUE tval, *val;
@@ -155,8 +162,8 @@ static void *v2i_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method,
 
         
 
-static int i2r_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method,
-                                void *a, BIO *bp, int ind)
+static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a,
+                                BIO *bp, int ind)
         {
         NAME_CONSTRAINTS *ncons = a;
         do_i2r_name_constraints(method, ncons->permittedSubtrees,
@@ -166,9 +173,9 @@ static int i2r_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method,
         return 1;
         }
 
-static int do_i2r_name_constraints(X509V3_EXT_METHOD *method,
-                                STACK_OF(GENERAL_SUBTREE) *trees,
-                                        BIO *bp, int ind, char *name)
+static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method,
+                                   STACK_OF(GENERAL_SUBTREE) *trees,
+                                   BIO *bp, int ind, char *name)
         {
         GENERAL_SUBTREE *tree;
         int i;
@@ -218,3 +225,282 @@ static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip)
         return 1;
         }
 
+/* Check a certificate conforms to a specified set of constraints.
+ * Return values:
+ *  X509_V_OK: All constraints obeyed.
+ *  X509_V_ERR_PERMITTED_VIOLATION: Permitted subtree violation.
+ *  X509_V_ERR_EXCLUDED_VIOLATION: Excluded subtree violation.
+ *  X509_V_ERR_SUBTREE_MINMAX: Min or max values present and matching type.
+ *  X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE:  Unsupported constraint type.
+ *  X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: bad unsupported constraint syntax.
+ *  X509_V_ERR_UNSUPPORTED_NAME_SYNTAX: bad or unsupported syntax of name
+
+ */
+
+int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc)
+        {
+        int r, i;
+        X509_NAME *nm;
+
+        nm = X509_get_subject_name(x);
+
+        if (X509_NAME_entry_count(nm) > 0)
+                {
+                GENERAL_NAME gntmp;
+                gntmp.type = GEN_DIRNAME;
+                gntmp.d.directoryName = nm;
+
+                r = nc_match(&gntmp, nc);
+
+                if (r != X509_V_OK)
+                        return r;
+
+                gntmp.type = GEN_EMAIL;
+
+
+                /* Process any email address attributes in subject name */
+
+                for (i = -1;;)
+                        {
+                        X509_NAME_ENTRY *ne;
+                        i = X509_NAME_get_index_by_NID(nm,
+                                                       NID_pkcs9_emailAddress,
+                                                       i);
+                        if (i == -1)
+                                break;
+                        ne = X509_NAME_get_entry(nm, i);
+                        gntmp.d.rfc822Name = X509_NAME_ENTRY_get_data(ne);
+                        if (gntmp.d.rfc822Name->type != V_ASN1_IA5STRING)
+                                return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
+
+                        r = nc_match(&gntmp, nc);
+
+                        if (r != X509_V_OK)
+                                return r;
+                        }
+                
+                }
+
+        for (i = 0; i < sk_GENERAL_NAME_num(x->altname); i++)
+                {
+                GENERAL_NAME *gen = sk_GENERAL_NAME_value(x->altname, i);
+                r = nc_match(gen, nc);
+                if (r != X509_V_OK)
+                        return r;
+                }
+
+        return X509_V_OK;
+
+        }
+
+static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc)
+        {
+        GENERAL_SUBTREE *sub;
+        int i, r, match = 0;
+
+        /* Permitted subtrees: if any subtrees exist of matching the type
+         * at least one subtree must match.
+         */
+
+        for (i = 0; i < sk_GENERAL_SUBTREE_num(nc->permittedSubtrees); i++)
+                {
+                sub = sk_GENERAL_SUBTREE_value(nc->permittedSubtrees, i);
+                if (gen->type != sub->base->type)
+                        continue;
+                if (sub->minimum || sub->maximum)
+                        return X509_V_ERR_SUBTREE_MINMAX;
+                /* If we already have a match don't bother trying any more */
+                if (match == 2)
+                        continue;
+                if (match == 0)
+                        match = 1;
+                r = nc_match_single(gen, sub->base);
+                if (r == X509_V_OK)
+                        match = 2;
+                else if (r != X509_V_ERR_PERMITTED_VIOLATION)
+                        return r;
+                }
+
+        if (match == 1)
+                return X509_V_ERR_PERMITTED_VIOLATION;
+
+        /* Excluded subtrees: must not match any of these */
+
+        for (i = 0; i < sk_GENERAL_SUBTREE_num(nc->excludedSubtrees); i++)
+                {
+                sub = sk_GENERAL_SUBTREE_value(nc->excludedSubtrees, i);
+                if (gen->type != sub->base->type)
+                        continue;
+                if (sub->minimum || sub->maximum)
+                        return X509_V_ERR_SUBTREE_MINMAX;
+
+                r = nc_match_single(gen, sub->base);
+                if (r == X509_V_OK)
+                        return X509_V_ERR_EXCLUDED_VIOLATION;
+                else if (r != X509_V_ERR_PERMITTED_VIOLATION)
+                        return r;
+
+                }
+
+        return X509_V_OK;
+
+        }
+
+static int nc_match_single(GENERAL_NAME *gen, GENERAL_NAME *base)
+        {
+        switch(base->type)
+                {
+                case GEN_DIRNAME:
+                return nc_dn(gen->d.directoryName, base->d.directoryName);
+
+                case GEN_DNS:
+                return nc_dns(gen->d.dNSName, base->d.dNSName);
+
+                case GEN_EMAIL:
+                return nc_email(gen->d.rfc822Name, base->d.rfc822Name);
+
+                case GEN_URI:
+                return nc_uri(gen->d.uniformResourceIdentifier,
+                                        base->d.uniformResourceIdentifier);
+
+                default:
+                return X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE;
+                }
+
+        }
+
+/* directoryName name constraint matching.
+ * The canonical encoding of X509_NAME makes this comparison easy. It is
+ * matched if the subtree is a subset of the name.
+ */
+
+static int nc_dn(X509_NAME *nm, X509_NAME *base)
+        {
+        /* Ensure canonical encodings are up to date.  */
+        if (nm->modified && i2d_X509_NAME(nm, NULL) < 0)
+                return X509_V_ERR_OUT_OF_MEM;
+        if (base->modified && i2d_X509_NAME(base, NULL) < 0)
+                return X509_V_ERR_OUT_OF_MEM;
+        if (base->canon_enclen > nm->canon_enclen)
+                return X509_V_ERR_PERMITTED_VIOLATION;
+        if (memcmp(base->canon_enc, nm->canon_enc, base->canon_enclen))
+                return X509_V_ERR_PERMITTED_VIOLATION;
+        return X509_V_OK;
+        }
+
+static int nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base)
+        {
+        char *baseptr = (char *)base->data;
+        char *dnsptr = (char *)dns->data;
+        /* Empty matches everything */
+        if (!*baseptr)
+                return X509_V_OK;
+        /* Otherwise can add zero or more components on the left so
+         * compare RHS and if dns is longer and expect '.' as preceding
+         * character.
+         */
+        if (dns->length > base->length)
+                {
+                dnsptr += dns->length - base->length;
+                if (dnsptr[-1] != '.')
+                        return X509_V_ERR_PERMITTED_VIOLATION;
+                }
+
+        if (strcasecmp(baseptr, dnsptr))
+                        return X509_V_ERR_PERMITTED_VIOLATION;
+
+        return X509_V_OK;
+
+        }
+
+static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base)
+        {
+        const char *baseptr = (char *)base->data;
+        const char *emlptr = (char *)eml->data;
+
+        const char *baseat = strchr(baseptr, '@');
+        const char *emlat = strchr(emlptr, '@');
+        if (!emlat)
+                return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
+        /* Special case: inital '.' is RHS match */
+        if (!baseat && (*baseptr == '.'))
+                {
+                if (eml->length > base->length)
+                        {
+                        emlptr += eml->length - base->length;
+                        if (!strcasecmp(baseptr, emlptr))
+                                return X509_V_OK;
+                        }
+                return X509_V_ERR_PERMITTED_VIOLATION;
+                }
+
+        /* If we have anything before '@' match local part */
+
+        if (baseat)
+                {
+                if (baseat != baseptr)
+                        {
+                        if ((baseat - baseptr) != (emlat - emlptr))
+                                return X509_V_ERR_PERMITTED_VIOLATION;
+                        /* Case sensitive match of local part */
+                        if (strncmp(baseptr, emlptr, emlat - emlptr))
+                                return X509_V_ERR_PERMITTED_VIOLATION;
+                        }
+                /* Position base after '@' */
+                baseptr = baseat + 1;
+                }
+        emlptr = emlat + 1;
+        /* Just have hostname left to match: case insensitive */
+        if (strcasecmp(baseptr, emlptr))
+                return X509_V_ERR_PERMITTED_VIOLATION;
+
+        return X509_V_OK;
+
+        }
+
+static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base)
+        {
+        const char *baseptr = (char *)base->data;
+        const char *hostptr = (char *)uri->data;
+        const char *p = strchr(hostptr, ':');
+        int hostlen;
+        /* Check for foo:// and skip past it */
+        if (!p || (p[1] != '/') || (p[2] != '/'))
+                return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
+        hostptr = p + 3;
+
+        /* Determine length of hostname part of URI */
+
+        /* Look for a port indicator as end of hostname first */
+
+        p = strchr(hostptr, ':');
+        /* Otherwise look for trailing slash */
+        if (!p)
+                p = strchr(hostptr, '/');
+
+        if (!p)
+                hostlen = strlen(hostptr);
+        else
+                hostlen = p - hostptr;
+
+        if (hostlen == 0)
+                return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
+
+        /* Special case: inital '.' is RHS match */
+        if (*baseptr == '.')
+                {
+                if (hostlen > base->length)
+                        {
+                        p = hostptr + hostlen - base->length;
+                        if (!strncasecmp(p, baseptr, base->length))
+                                return X509_V_OK;
+                        }
+                return X509_V_ERR_PERMITTED_VIOLATION;
+                }
+
+        if ((base->length != (int)hostlen) || strncasecmp(hostptr, baseptr, hostlen))
+                return X509_V_ERR_PERMITTED_VIOLATION;
+
+        return X509_V_OK;
+
+        }
diff --git a/src/lib/libcrypto/x509v3/v3_pci.c b/src/lib/libcrypto/x509v3/v3_pci.c
index 601211f416..0dcfa004fe 100644
--- a/src/lib/libcrypto/x509v3/v3_pci.c
+++ b/src/lib/libcrypto/x509v3/v3_pci.c
@@ -82,7 +82,7 @@ static int process_pci_value(CONF_VALUE *val,
                 {
                 if (*language)
                         {
-                        X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED);
+                        X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED);
                         X509V3_conf_err(val);
                         return 0;
                         }
@@ -97,7 +97,7 @@ static int process_pci_value(CONF_VALUE *val,
                 {
                 if (*pathlen)
                         {
-                        X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED);
+                        X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED);
                         X509V3_conf_err(val);
                         return 0;
                         }
@@ -128,7 +128,12 @@ static int process_pci_value(CONF_VALUE *val,
                         unsigned char *tmp_data2 =
                                 string_to_hex(val->value + 4, &val_len);
 
-                        if (!tmp_data2) goto err;
+                        if (!tmp_data2) 
+                                {
+                                X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_ILLEGAL_HEX_DIGIT);
+                                X509V3_conf_err(val);
+                                goto err;
+                                }
 
                         tmp_data = OPENSSL_realloc((*policy)->data,
                                 (*policy)->length + val_len + 1);
@@ -140,6 +145,17 @@ static int process_pci_value(CONF_VALUE *val,
                                 (*policy)->length += val_len;
                                 (*policy)->data[(*policy)->length] = '\0';
                                 }
+                        else
+                                {
+                                OPENSSL_free(tmp_data2);
+                                /* realloc failure implies the original data space is b0rked too! */
+                                (*policy)->data = NULL;
+                                (*policy)->length = 0;
+                                X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE);
+                                X509V3_conf_err(val);
+                                goto err;
+                                }
+                        OPENSSL_free(tmp_data2);
                         }
                 else if (strncmp(val->value, "file:", 5) == 0)
                         {
@@ -169,6 +185,7 @@ static int process_pci_value(CONF_VALUE *val,
                                 (*policy)->length += n;
                                 (*policy)->data[(*policy)->length] = '\0';
                                 }
+                        BIO_free_all(b);
 
                         if (n < 0)
                                 {
@@ -190,6 +207,15 @@ static int process_pci_value(CONF_VALUE *val,
                                 (*policy)->length += val_len;
                                 (*policy)->data[(*policy)->length] = '\0';
                                 }
+                        else
+                                {
+                                /* realloc failure implies the original data space is b0rked too! */
+                                (*policy)->data = NULL;
+                                (*policy)->length = 0;
+                                X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE);
+                                X509V3_conf_err(val);
+                                goto err;
+                                }
                         }
                 else
                         {
diff --git a/src/lib/libcrypto/x509v3/v3_pcons.c b/src/lib/libcrypto/x509v3/v3_pcons.c
index 86c0ff70e6..30ca652351 100644
--- a/src/lib/libcrypto/x509v3/v3_pcons.c
+++ b/src/lib/libcrypto/x509v3/v3_pcons.c
@@ -64,10 +64,12 @@
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>
 
-static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method,
-                                void *bcons, STACK_OF(CONF_VALUE) *extlist);
-static void *v2i_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method,
-                                X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
+static STACK_OF(CONF_VALUE) *
+i2v_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *bcons,
+                       STACK_OF(CONF_VALUE) *extlist);
+static void *v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method,
+                                    X509V3_CTX *ctx,
+                                    STACK_OF(CONF_VALUE) *values);
 
 const X509V3_EXT_METHOD v3_policy_constraints = {
 NID_policy_constraints, 0,
@@ -88,8 +90,9 @@ ASN1_SEQUENCE(POLICY_CONSTRAINTS) = {
 IMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS)
 
 
-static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method,
-             void *a, STACK_OF(CONF_VALUE) *extlist)
+static STACK_OF(CONF_VALUE) *
+i2v_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a,
+                       STACK_OF(CONF_VALUE) *extlist)
 {
         POLICY_CONSTRAINTS *pcons = a;
         X509V3_add_value_int("Require Explicit Policy",
@@ -99,8 +102,9 @@ static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method,
         return extlist;
 }
 
-static void *v2i_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method,
-             X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values)
+static void *v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method,
+                                    X509V3_CTX *ctx,
+                                    STACK_OF(CONF_VALUE) *values)
 {
         POLICY_CONSTRAINTS *pcons=NULL;
         CONF_VALUE *val;
diff --git a/src/lib/libcrypto/x509v3/v3_pmaps.c b/src/lib/libcrypto/x509v3/v3_pmaps.c
index da03bbc35d..865bcd3980 100644
--- a/src/lib/libcrypto/x509v3/v3_pmaps.c
+++ b/src/lib/libcrypto/x509v3/v3_pmaps.c
@@ -63,10 +63,11 @@
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>
 
-static void *v2i_POLICY_MAPPINGS(X509V3_EXT_METHOD *method,
-                                X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(X509V3_EXT_METHOD *method,
-                                void *pmps, STACK_OF(CONF_VALUE) *extlist);
+static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method,
+                                 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+static STACK_OF(CONF_VALUE) *
+i2v_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, void *pmps,
+                    STACK_OF(CONF_VALUE) *extlist);
 
 const X509V3_EXT_METHOD v3_policy_mappings = {
         NID_policy_mappings, 0,
@@ -92,8 +93,9 @@ ASN1_ITEM_TEMPLATE_END(POLICY_MAPPINGS)
 IMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING)
 
 
-static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(X509V3_EXT_METHOD *method,
-                void *a, STACK_OF(CONF_VALUE) *ext_list)
+static STACK_OF(CONF_VALUE) *
+i2v_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, void *a,
+                    STACK_OF(CONF_VALUE) *ext_list)
 {
         POLICY_MAPPINGS *pmaps = a;
         POLICY_MAPPING *pmap;
@@ -109,8 +111,8 @@ static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(X509V3_EXT_METHOD *method,
         return ext_list;
 }
 
-static void *v2i_POLICY_MAPPINGS(X509V3_EXT_METHOD *method,
-                                X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method,
+                                 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
 {
         POLICY_MAPPINGS *pmaps;
         POLICY_MAPPING *pmap;
diff --git a/src/lib/libcrypto/x86cpuid.pl b/src/lib/libcrypto/x86cpuid.pl
index 4408ef2936..a7464af19b 100644
--- a/src/lib/libcrypto/x86cpuid.pl
+++ b/src/lib/libcrypto/x86cpuid.pl
@@ -1,6 +1,7 @@
 #!/usr/bin/env perl
 
-push(@INC,"perlasm");
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC, "${dir}perlasm", "perlasm");
 require "x86asm.pl";
 
 &asm_init($ARGV[0],"x86cpuid");
@@ -22,38 +23,90 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
         &jnc    (&label("done"));
         &xor    ("eax","eax");
         &cpuid  ();
+        &mov    ("edi","eax");          # max value for standard query level
+
         &xor    ("eax","eax");
         &cmp    ("ebx",0x756e6547);     # "Genu"
-        &data_byte(0x0f,0x95,0xc0);     #&setne (&LB("eax"));
+        &setne  (&LB("eax"));
         &mov    ("ebp","eax");
         &cmp    ("edx",0x49656e69);     # "ineI"
-        &data_byte(0x0f,0x95,0xc0);     #&setne (&LB("eax"));
+        &setne  (&LB("eax"));
         &or     ("ebp","eax");
         &cmp    ("ecx",0x6c65746e);     # "ntel"
-        &data_byte(0x0f,0x95,0xc0);     #&setne (&LB("eax"));
-        &or     ("ebp","eax");
+        &setne  (&LB("eax"));
+        &or     ("ebp","eax");          # 0 indicates Intel CPU
+        &jz     (&label("intel"));
+
+        &cmp    ("ebx",0x68747541);     # "Auth"
+        &setne  (&LB("eax"));
+        &mov    ("esi","eax");
+        &cmp    ("edx",0x69746E65);     # "enti"
+        &setne  (&LB("eax"));
+        &or     ("esi","eax");
+        &cmp    ("ecx",0x444D4163);     # "cAMD"
+        &setne  (&LB("eax"));
+        &or     ("esi","eax");          # 0 indicates AMD CPU
+        &jnz    (&label("intel"));
+
+        # AMD specific
+        &mov    ("eax",0x80000000);
+        &cpuid  ();
+        &cmp    ("eax",0x80000008);
+        &jb     (&label("intel"));
+
+        &mov    ("eax",0x80000008);
+        &cpuid  ();
+        &movz   ("esi",&LB("ecx"));     # number of cores - 1
+        &inc    ("esi");                # number of cores
+
+        &mov    ("eax",1);
+        &cpuid  ();
+        &bt     ("edx",28);
+        &jnc    (&label("done"));
+        &shr    ("ebx",16);
+        &and    ("ebx",0xff);
+        &cmp    ("ebx","esi");
+        &ja     (&label("done"));
+        &and    ("edx",0xefffffff);     # clear hyper-threading bit
+        &jmp    (&label("done"));
+        
+&set_label("intel");
+        &cmp    ("edi",4);
+        &mov    ("edi",-1);
+        &jb     (&label("nocacheinfo"));
+
+        &mov    ("eax",4);
+        &mov    ("ecx",0);              # query L1D
+        &cpuid  ();
+        &mov    ("edi","eax");
+        &shr    ("edi",14);
+        &and    ("edi",0xfff);          # number of cores -1 per L1D
+
+&set_label("nocacheinfo");
         &mov    ("eax",1);
         &cpuid  ();
         &cmp    ("ebp",0);
         &jne    (&label("notP4"));
-        &and    ("eax",15<<8);          # familiy ID
-        &cmp    ("eax",15<<8);          # P4?
+        &and    (&HB("eax"),15);        # familiy ID
+        &cmp    (&HB("eax"),15);        # P4?
         &jne    (&label("notP4"));
         &or     ("edx",1<<20);          # use reserved bit to engage RC4_CHAR
 &set_label("notP4");
         &bt     ("edx",28);             # test hyper-threading bit
         &jnc    (&label("done"));
+        &and    ("edx",0xefffffff);
+        &cmp    ("edi",0);
+        &je     (&label("done"));
+
+        &or     ("edx",0x10000000);
         &shr    ("ebx",16);
-        &and    ("ebx",0xff);
-        &cmp    ("ebx",1);              # see if cache is shared(*)
+        &cmp    (&LB("ebx"),1);
         &ja     (&label("done"));
         &and    ("edx",0xefffffff);     # clear hyper-threading bit if not
 &set_label("done");
         &mov    ("eax","edx");
         &mov    ("edx","ecx");
 &function_end("OPENSSL_ia32_cpuid");
-# (*)   on Core2 this value is set to 2 denoting the fact that L2
-#       cache is shared between cores.
 
 &external_label("OPENSSL_ia32cap_P");
 
@@ -220,6 +273,40 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
         }
 &function_end_B("OPENSSL_indirect_call");
 
+&function_begin_B("OPENSSL_cleanse");
+        &mov    ("edx",&wparam(0));
+        &mov    ("ecx",&wparam(1));
+        &xor    ("eax","eax");
+        &cmp    ("ecx",7);
+        &jae    (&label("lot"));
+        &cmp    ("ecx",0);
+        &je     (&label("ret"));
+&set_label("little");
+        &mov    (&BP(0,"edx"),"al");
+        &sub    ("ecx",1);
+        &lea    ("edx",&DWP(1,"edx"));
+        &jnz    (&label("little"));
+&set_label("ret");
+        &ret    ();
+
+&set_label("lot",16);
+        &test   ("edx",3);
+        &jz     (&label("aligned"));
+        &mov    (&BP(0,"edx"),"al");
+        &lea    ("ecx",&DWP(-1,"ecx"));
+        &lea    ("edx",&DWP(1,"edx"));
+        &jmp    (&label("lot"));
+&set_label("aligned");
+        &mov    (&DWP(0,"edx"),"eax");
+        &lea    ("ecx",&DWP(-4,"ecx"));
+        &test   ("ecx",-4);
+        &lea    ("edx",&DWP(4,"edx"));
+        &jnz    (&label("aligned"));
+        &cmp    ("ecx",0);
+        &jne    (&label("little"));
+        &ret    ();
+&function_end_B("OPENSSL_cleanse");
+
 &initseg("OPENSSL_cpuid_setup");
 
 &asm_finish();
diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c
index 15a201a25c..4ce4064cc9 100644
--- a/src/lib/libssl/d1_both.c
+++ b/src/lib/libssl/d1_both.c
@@ -123,6 +123,37 @@
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 
+#define RSMBLY_BITMASK_SIZE(msg_len) (((msg_len) + 7) / 8)
+
+#define RSMBLY_BITMASK_MARK(bitmask, start, end) { \
+                        if ((end) - (start) <= 8) { \
+                                long ii; \
+                                for (ii = (start); ii < (end); ii++) bitmask[((ii) >> 3)] |= (1 << ((ii) & 7)); \
+                        } else { \
+                                long ii; \
+                                bitmask[((start) >> 3)] |= bitmask_start_values[((start) & 7)]; \
+                                for (ii = (((start) >> 3) + 1); ii < ((((end) - 1)) >> 3); ii++) bitmask[ii] = 0xff; \
+                                bitmask[(((end) - 1) >> 3)] |= bitmask_end_values[((end) & 7)]; \
+                        } }
+
+#define RSMBLY_BITMASK_IS_COMPLETE(bitmask, msg_len, is_complete) { \
+                        long ii; \
+                        OPENSSL_assert((msg_len) > 0); \
+                        is_complete = 1; \
+                        if (bitmask[(((msg_len) - 1) >> 3)] != bitmask_end_values[((msg_len) & 7)]) is_complete = 0; \
+                        if (is_complete) for (ii = (((msg_len) - 1) >> 3) - 1; ii >= 0 ; ii--) \
+                                if (bitmask[ii] != 0xff) { is_complete = 0; break; } }
+
+#if 0
+#define RSMBLY_BITMASK_PRINT(bitmask, msg_len) { \
+                        long ii; \
+                        printf("bitmask: "); for (ii = 0; ii < (msg_len); ii++) \
+                        printf("%d ", (bitmask[ii >> 3] & (1 << (ii & 7))) >> (ii & 7)); \
+                        printf("\n"); }
+#endif
+
+static unsigned char bitmask_start_values[] = {0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80};
+static unsigned char bitmask_end_values[]   = {0x00, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f};
 
 /* XDTLS:  figure out the right values */
 static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28};
@@ -136,15 +167,15 @@ static unsigned char *dtls1_write_message_header(SSL *s,
 static void dtls1_set_message_header_int(SSL *s, unsigned char mt,
         unsigned long len, unsigned short seq_num, unsigned long frag_off, 
         unsigned long frag_len);
-static int dtls1_retransmit_buffered_messages(SSL *s);
 static long dtls1_get_message_fragment(SSL *s, int st1, int stn, 
         long max, int *ok);
 
 static hm_fragment *
-dtls1_hm_fragment_new(unsigned long frag_len)
+dtls1_hm_fragment_new(unsigned long frag_len, int reassembly)
         {
         hm_fragment *frag = NULL;
         unsigned char *buf = NULL;
+        unsigned char *bitmask = NULL;
 
         frag = (hm_fragment *)OPENSSL_malloc(sizeof(hm_fragment));
         if ( frag == NULL)
@@ -163,6 +194,21 @@ dtls1_hm_fragment_new(unsigned long frag_len)
         /* zero length fragment gets zero frag->fragment */
         frag->fragment = buf;
 
+        /* Initialize reassembly bitmask if necessary */
+        if (reassembly)
+                {
+                bitmask = (unsigned char *)OPENSSL_malloc(RSMBLY_BITMASK_SIZE(frag_len));
+                if (bitmask == NULL)
+                        {
+                        if (buf != NULL) OPENSSL_free(buf);
+                        OPENSSL_free(frag);
+                        return NULL;
+                        }
+                memset(bitmask, 0, RSMBLY_BITMASK_SIZE(frag_len));
+                }
+
+        frag->reassembly = bitmask;
+
         return frag;
         }
 
@@ -170,6 +216,7 @@ static void
 dtls1_hm_fragment_free(hm_fragment *frag)
         {
         if (frag->fragment) OPENSSL_free(frag->fragment);
+        if (frag->reassembly) OPENSSL_free(frag->reassembly);
         OPENSSL_free(frag);
         }
 
@@ -178,7 +225,7 @@ int dtls1_do_write(SSL *s, int type)
         {
         int ret;
         int curr_mtu;
-        unsigned int len, frag_off;
+        unsigned int len, frag_off, mac_size, blocksize;
 
         /* AHA!  Figure out the MTU, and stick to the right size */
         if ( ! (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
@@ -226,11 +273,22 @@ int dtls1_do_write(SSL *s, int type)
                 OPENSSL_assert(s->init_num == 
                         (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);
 
+        if (s->write_hash)
+                mac_size = EVP_MD_CTX_size(s->write_hash);
+        else
+                mac_size = 0;
+
+        if (s->enc_write_ctx && 
+                (EVP_CIPHER_mode( s->enc_write_ctx->cipher) & EVP_CIPH_CBC_MODE))
+                blocksize = 2 * EVP_CIPHER_block_size(s->enc_write_ctx->cipher);
+        else
+                blocksize = 0;
+
         frag_off = 0;
         while( s->init_num)
                 {
                 curr_mtu = s->d1->mtu - BIO_wpending(SSL_get_wbio(s)) - 
-                        DTLS1_RT_HEADER_LENGTH;
+                        DTLS1_RT_HEADER_LENGTH - mac_size - blocksize;
 
                 if ( curr_mtu <= DTLS1_HM_HEADER_LENGTH)
                         {
@@ -238,7 +296,8 @@ int dtls1_do_write(SSL *s, int type)
                         ret = BIO_flush(SSL_get_wbio(s));
                         if ( ret <= 0)
                                 return ret;
-                        curr_mtu = s->d1->mtu - DTLS1_RT_HEADER_LENGTH;
+                        curr_mtu = s->d1->mtu - DTLS1_RT_HEADER_LENGTH -
+                                mac_size - blocksize;
                         }
 
                 if ( s->init_num > curr_mtu)
@@ -280,7 +339,7 @@ int dtls1_do_write(SSL *s, int type)
                          * retransmit 
                          */
                         if ( BIO_ctrl(SSL_get_wbio(s),
-                                BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL))
+                                BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0 )
                                 s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
                                         BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
                         else
@@ -301,7 +360,7 @@ int dtls1_do_write(SSL *s, int type)
                                 const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
                                 int xlen;
 
-                                if (frag_off == 0 && s->client_version != DTLS1_BAD_VER)
+                                if (frag_off == 0 && s->version != DTLS1_BAD_VER)
                                         {
                                         /* reconstruct message header is if it
                                          * is being sent in single fragment */
@@ -352,6 +411,8 @@ long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
         {
         int i, al;
         struct hm_header_st *msg_hdr;
+        unsigned char *p;
+        unsigned long msg_len;
 
         /* s3->tmp is used to store messages that are unexpected, caused
          * by the absence of an optional handshake message */
@@ -371,76 +432,55 @@ long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
                 }
 
         msg_hdr = &s->d1->r_msg_hdr;
-        do
-                {
-                if ( msg_hdr->frag_off == 0)
-                        {
-                        /* s->d1->r_message_header.msg_len = 0; */
-                        memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
-                        }
+        memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
 
-                i = dtls1_get_message_fragment(s, st1, stn, max, ok);
-                if ( i == DTLS1_HM_BAD_FRAGMENT ||
-                        i == DTLS1_HM_FRAGMENT_RETRY)  /* bad fragment received */
-                        continue;
-                else if ( i <= 0 && !*ok)
-                        return i;
+again:
+        i = dtls1_get_message_fragment(s, st1, stn, max, ok);
+        if ( i == DTLS1_HM_BAD_FRAGMENT ||
+                i == DTLS1_HM_FRAGMENT_RETRY)  /* bad fragment received */
+                goto again;
+        else if ( i <= 0 && !*ok)
+                return i;
 
-                /* Note that s->init_sum is used as a counter summing
-                 * up fragments' lengths: as soon as they sum up to
-                 * handshake packet length, we assume we have got all
-                 * the fragments. Overlapping fragments would cause
-                 * premature termination, so we don't expect overlaps.
-                 * Well, handling overlaps would require something more
-                 * drastic. Indeed, as it is now there is no way to
-                 * tell if out-of-order fragment from the middle was
-                 * the last. '>=' is the best/least we can do to control
-                 * the potential damage caused by malformed overlaps. */
-                if ((unsigned int)s->init_num >= msg_hdr->msg_len)
-                        {
-                        unsigned char *p = (unsigned char *)s->init_buf->data;
-                        unsigned long msg_len = msg_hdr->msg_len;
-
-                        /* reconstruct message header as if it was
-                         * sent in single fragment */
-                        *(p++) = msg_hdr->type;
-                        l2n3(msg_len,p);
-                        s2n (msg_hdr->seq,p);
-                        l2n3(0,p);
-                        l2n3(msg_len,p);
-                        if (s->client_version != DTLS1_BAD_VER)
-                                p       -= DTLS1_HM_HEADER_LENGTH,
-                                msg_len += DTLS1_HM_HEADER_LENGTH;
-
-                        ssl3_finish_mac(s, p, msg_len);
-                        if (s->msg_callback)
-                                s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
-                                        p, msg_len,
-                                        s, s->msg_callback_arg);
-
-                        memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
-
-                        s->d1->handshake_read_seq++;
-                        /* we just read a handshake message from the other side:
-                         * this means that we don't need to retransmit of the
-                         * buffered messages.  
-                         * XDTLS: may be able clear out this
-                         * buffer a little sooner (i.e if an out-of-order
-                         * handshake message/record is received at the record
-                         * layer.  
-                         * XDTLS: exception is that the server needs to
-                         * know that change cipher spec and finished messages
-                         * have been received by the client before clearing this
-                         * buffer.  this can simply be done by waiting for the
-                         * first data  segment, but is there a better way?  */
-                        dtls1_clear_record_buffer(s);
-
-                        s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
-                        return s->init_num;
-                        }
-                else
-                        msg_hdr->frag_off = i;
-                } while(1) ;
+        p = (unsigned char *)s->init_buf->data;
+        msg_len = msg_hdr->msg_len;
+
+        /* reconstruct message header */
+        *(p++) = msg_hdr->type;
+        l2n3(msg_len,p);
+        s2n (msg_hdr->seq,p);
+        l2n3(0,p);
+        l2n3(msg_len,p);
+        if (s->version != DTLS1_BAD_VER) {
+                p       -= DTLS1_HM_HEADER_LENGTH;
+                msg_len += DTLS1_HM_HEADER_LENGTH;
+        }
+
+        ssl3_finish_mac(s, p, msg_len);
+        if (s->msg_callback)
+                s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
+                        p, msg_len,
+                        s, s->msg_callback_arg);
+
+        memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
+
+        s->d1->handshake_read_seq++;
+        /* we just read a handshake message from the other side:
+         * this means that we don't need to retransmit of the
+         * buffered messages.  
+         * XDTLS: may be able clear out this
+         * buffer a little sooner (i.e if an out-of-order
+         * handshake message/record is received at the record
+         * layer.  
+         * XDTLS: exception is that the server needs to
+         * know that change cipher spec and finished messages
+         * have been received by the client before clearing this
+         * buffer.  this can simply be done by waiting for the
+         * first data  segment, but is there a better way?  */
+        dtls1_clear_record_buffer(s);
+
+        s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
+        return s->init_num;
 
 f_err:
         ssl3_send_alert(s,SSL3_AL_FATAL,al);
@@ -474,7 +514,7 @@ static int dtls1_preprocess_fragment(SSL *s,struct hm_header_st *msg_hdr,int max
                 {
                 /* msg_len is limited to 2^24, but is effectively checked
                  * against max above */
-                if (!BUF_MEM_grow_clean(s->init_buf,(int)msg_len+DTLS1_HM_HEADER_LENGTH))
+                if (!BUF_MEM_grow_clean(s->init_buf,msg_len+DTLS1_HM_HEADER_LENGTH))
                         {
                         SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,ERR_R_BUF_LIB);
                         return SSL_AD_INTERNAL_ERROR;
@@ -516,9 +556,14 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
                 return 0;
 
         frag = (hm_fragment *)item->data;
+        
+        /* Don't return if reassembly still in progress */
+        if (frag->reassembly != NULL)
+                return 0;
 
         if ( s->d1->handshake_read_seq == frag->msg_header.seq)
                 {
+                unsigned long frag_len = frag->msg_header.frag_len;
                 pqueue_pop(s->d1->buffered_messages);
 
                 al=dtls1_preprocess_fragment(s,&frag->msg_header,max);
@@ -536,7 +581,7 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
                 if (al==0)
                         {
                         *ok = 1;
-                        return frag->msg_header.frag_len;
+                        return frag_len;
                         }
 
                 ssl3_send_alert(s,SSL3_AL_FATAL,al);
@@ -550,18 +595,50 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
 
 
 static int
-dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
-{
-        int i=-1;
+dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
+        {
         hm_fragment *frag = NULL;
         pitem *item = NULL;
-        PQ_64BIT seq64;
-        unsigned long frag_len = msg_hdr->frag_len;
+        int i = -1, is_complete;
+        unsigned char seq64be[8];
+        unsigned long frag_len = msg_hdr->frag_len, max_len;
 
         if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len)
                 goto err;
 
-        if (msg_hdr->seq <= s->d1->handshake_read_seq)
+        /* Determine maximum allowed message size. Depends on (user set)
+         * maximum certificate length, but 16k is minimum.
+         */
+        if (DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH < s->max_cert_list)
+                max_len = s->max_cert_list;
+        else
+                max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH;
+
+        if ((msg_hdr->frag_off+frag_len) > max_len)
+                goto err;
+
+        /* Try to find item in queue */
+        memset(seq64be,0,sizeof(seq64be));
+        seq64be[6] = (unsigned char) (msg_hdr->seq>>8);
+        seq64be[7] = (unsigned char) msg_hdr->seq;
+        item = pqueue_find(s->d1->buffered_messages, seq64be);
+
+        if (item == NULL)
+                {
+                frag = dtls1_hm_fragment_new(msg_hdr->msg_len, 1);
+                if ( frag == NULL)
+                        goto err;
+                memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
+                frag->msg_header.frag_len = frag->msg_header.msg_len;
+                frag->msg_header.frag_off = 0;
+                }
+        else
+                frag = (hm_fragment*) item->data;
+
+        /* If message is already reassembled, this must be a
+         * retransmit and can be dropped.
+         */
+        if (frag->reassembly == NULL)
                 {
                 unsigned char devnull [256];
 
@@ -573,32 +650,128 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
                         if (i<=0) goto err;
                         frag_len -= i;
                         }
+                return DTLS1_HM_FRAGMENT_RETRY;
                 }
 
-        frag = dtls1_hm_fragment_new(frag_len);
-        if ( frag == NULL)
+        /* read the body of the fragment (header has already been read */
+        i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
+                frag->fragment + msg_hdr->frag_off,frag_len,0);
+        if (i<=0 || (unsigned long)i!=frag_len)
                 goto err;
 
-        memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
+        RSMBLY_BITMASK_MARK(frag->reassembly, (long)msg_hdr->frag_off,
+                            (long)(msg_hdr->frag_off + frag_len));
 
-        if (frag_len)
+        RSMBLY_BITMASK_IS_COMPLETE(frag->reassembly, (long)msg_hdr->msg_len,
+                                   is_complete);
+
+        if (is_complete)
+                {
+                OPENSSL_free(frag->reassembly);
+                frag->reassembly = NULL;
+                }
+
+        if (item == NULL)
                 {
-                /* read the body of the fragment (header has already been read */
-                i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
-                        frag->fragment,frag_len,0);
-                if (i<=0 || (unsigned long)i!=frag_len)
+                memset(seq64be,0,sizeof(seq64be));
+                seq64be[6] = (unsigned char)(msg_hdr->seq>>8);
+                seq64be[7] = (unsigned char)(msg_hdr->seq);
+
+                item = pitem_new(seq64be, frag);
+                if (item == NULL)
+                        {
                         goto err;
+                        i = -1;
+                        }
+
+                pqueue_insert(s->d1->buffered_messages, item);
                 }
 
-        pq_64bit_init(&seq64);
-        pq_64bit_assign_word(&seq64, msg_hdr->seq);
+        return DTLS1_HM_FRAGMENT_RETRY;
+
+err:
+        if (frag != NULL) dtls1_hm_fragment_free(frag);
+        if (item != NULL) OPENSSL_free(item);
+        *ok = 0;
+        return i;
+        }
+
 
-        item = pitem_new(seq64, frag);
-        pq_64bit_free(&seq64);
-        if ( item == NULL)
+static int
+dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
+{
+        int i=-1;
+        hm_fragment *frag = NULL;
+        pitem *item = NULL;
+        unsigned char seq64be[8];
+        unsigned long frag_len = msg_hdr->frag_len;
+
+        if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len)
                 goto err;
 
-        pqueue_insert(s->d1->buffered_messages, item);
+        /* Try to find item in queue, to prevent duplicate entries */
+        memset(seq64be,0,sizeof(seq64be));
+        seq64be[6] = (unsigned char) (msg_hdr->seq>>8);
+        seq64be[7] = (unsigned char) msg_hdr->seq;
+        item = pqueue_find(s->d1->buffered_messages, seq64be);
+
+        /* If we already have an entry and this one is a fragment,
+         * don't discard it and rather try to reassemble it.
+         */
+        if (item != NULL && frag_len < msg_hdr->msg_len)
+                item = NULL;
+
+        /* Discard the message if sequence number was already there, is
+         * too far in the future, already in the queue or if we received
+         * a FINISHED before the SERVER_HELLO, which then must be a stale
+         * retransmit.
+         */
+        if (msg_hdr->seq <= s->d1->handshake_read_seq ||
+                msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL ||
+                (s->d1->handshake_read_seq == 0 && msg_hdr->type == SSL3_MT_FINISHED))
+                {
+                unsigned char devnull [256];
+
+                while (frag_len)
+                        {
+                        i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
+                                devnull,
+                                frag_len>sizeof(devnull)?sizeof(devnull):frag_len,0);
+                        if (i<=0) goto err;
+                        frag_len -= i;
+                        }
+                }
+        else
+                {
+                if (frag_len && frag_len < msg_hdr->msg_len)
+                        return dtls1_reassemble_fragment(s, msg_hdr, ok);
+
+                frag = dtls1_hm_fragment_new(frag_len, 0);
+                if ( frag == NULL)
+                        goto err;
+
+                memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
+
+                if (frag_len)
+                        {
+                        /* read the body of the fragment (header has already been read */
+                        i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
+                                frag->fragment,frag_len,0);
+                        if (i<=0 || (unsigned long)i!=frag_len)
+                                goto err;
+                        }
+
+                memset(seq64be,0,sizeof(seq64be));
+                seq64be[6] = (unsigned char)(msg_hdr->seq>>8);
+                seq64be[7] = (unsigned char)(msg_hdr->seq);
+
+                item = pitem_new(seq64be, frag);
+                if ( item == NULL)
+                        goto err;
+
+                pqueue_insert(s->d1->buffered_messages, item);
+                }
+
         return DTLS1_HM_FRAGMENT_RETRY;
 
 err:
@@ -613,14 +786,14 @@ static long
 dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
         {
         unsigned char wire[DTLS1_HM_HEADER_LENGTH];
-        unsigned long l, frag_off, frag_len;
+        unsigned long len, frag_off, frag_len;
         int i,al;
         struct hm_header_st msg_hdr;
 
         /* see if we have the required fragment already */
         if ((frag_len = dtls1_retrieve_buffered_fragment(s,max,ok)) || *ok)
                 {
-                if (*ok)        s->init_num += frag_len;
+                if (*ok)        s->init_num = frag_len;
                 return frag_len;
                 }
 
@@ -645,10 +818,13 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
         if ( msg_hdr.seq != s->d1->handshake_read_seq)
                 return dtls1_process_out_of_seq_message(s, &msg_hdr, ok);
 
-        l = msg_hdr.msg_len;
+        len = msg_hdr.msg_len;
         frag_off = msg_hdr.frag_off;
         frag_len = msg_hdr.frag_len;
 
+        if (frag_len && frag_len < len)
+                return dtls1_reassemble_fragment(s, &msg_hdr, ok);
+
         if (!s->server && s->d1->r_msg_hdr.frag_off == 0 &&
                 wire[0] == SSL3_MT_HELLO_REQUEST)
                 {
@@ -708,7 +884,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
          * s->init_buf->data, but as a counter summing up fragments'
          * lengths: as soon as they sum up to handshake packet
          * length, we assume we have got all the fragments. */
-        s->init_num += frag_len;
+        s->init_num = frag_len;
         return frag_len;
 
 f_err:
@@ -731,14 +907,30 @@ int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen)
                 p= &(d[DTLS1_HM_HEADER_LENGTH]);
 
                 i=s->method->ssl3_enc->final_finish_mac(s,
-                        &(s->s3->finish_dgst1),
-                        &(s->s3->finish_dgst2),
                         sender,slen,s->s3->tmp.finish_md);
                 s->s3->tmp.finish_md_len = i;
                 memcpy(p, s->s3->tmp.finish_md, i);
                 p+=i;
                 l=i;
 
+        /* Copy the finished so we can use it for
+         * renegotiation checks
+         */
+        if(s->type == SSL_ST_CONNECT)
+                {
+                OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
+                memcpy(s->s3->previous_client_finished, 
+                       s->s3->tmp.finish_md, i);
+                s->s3->previous_client_finished_len=i;
+                }
+        else
+                {
+                OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
+                memcpy(s->s3->previous_server_finished, 
+                       s->s3->tmp.finish_md, i);
+                s->s3->previous_server_finished_len=i;
+                }
+
 #ifdef OPENSSL_SYS_WIN16
                 /* MSVC 1.5 does not clear the top bytes of the word unless
                  * I do this.
@@ -779,12 +971,11 @@ int dtls1_send_change_cipher_spec(SSL *s, int a, int b)
                 s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
                 s->init_num=DTLS1_CCS_HEADER_LENGTH;
 
-                if (s->client_version == DTLS1_BAD_VER)
-                        {
+                if (s->version == DTLS1_BAD_VER) {
                         s->d1->next_handshake_write_seq++;
                         s2n(s->d1->handshake_write_seq,p);
                         s->init_num+=2;
-                        }
+                }
 
                 s->init_off=0;
 
@@ -801,14 +992,30 @@ int dtls1_send_change_cipher_spec(SSL *s, int a, int b)
         return(dtls1_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC));
         }
 
+static int dtls1_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x)
+        {
+        int n;
+        unsigned char *p;
+
+        n=i2d_X509(x,NULL);
+        if (!BUF_MEM_grow_clean(buf,(int)(n+(*l)+3)))
+                {
+                SSLerr(SSL_F_DTLS1_ADD_CERT_TO_BUF,ERR_R_BUF_LIB);
+                return 0;
+                }
+        p=(unsigned char *)&(buf->data[*l]);
+        l2n3(n,p);
+        i2d_X509(x,&p);
+        *l+=n+3;
+
+        return 1;
+        }
 unsigned long dtls1_output_cert_chain(SSL *s, X509 *x)
         {
         unsigned char *p;
-        int n,i;
+        int i;
         unsigned long l= 3 + DTLS1_HM_HEADER_LENGTH;
         BUF_MEM *buf;
-        X509_STORE_CTX xs_ctx;
-        X509_OBJECT obj;
 
         /* TLSv1 sends a chain with nothing in it, instead of an alert */
         buf=s->init_buf;
@@ -819,54 +1026,35 @@ unsigned long dtls1_output_cert_chain(SSL *s, X509 *x)
                 }
         if (x != NULL)
                 {
-                if(!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL))
-                        {
-                        SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB);
-                        return(0);
-                        }
-
-                for (;;)
-                        {
-                        n=i2d_X509(x,NULL);
-                        if (!BUF_MEM_grow_clean(buf,(int)(n+l+3)))
-                                {
-                                SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
-                                return(0);
-                                }
-                        p=(unsigned char *)&(buf->data[l]);
-                        l2n3(n,p);
-                        i2d_X509(x,&p);
-                        l+=n+3;
-                        if (X509_NAME_cmp(X509_get_subject_name(x),
-                                X509_get_issuer_name(x)) == 0) break;
-
-                        i=X509_STORE_get_by_subject(&xs_ctx,X509_LU_X509,
-                                X509_get_issuer_name(x),&obj);
-                        if (i <= 0) break;
-                        x=obj.data.x509;
-                        /* Count is one too high since the X509_STORE_get uped the
-                         * ref count */
-                        X509_free(x);
-                        }
-
-                X509_STORE_CTX_cleanup(&xs_ctx);
-                }
-
-        /* Thawte special :-) */
-        if (s->ctx->extra_certs != NULL)
+                X509_STORE_CTX xs_ctx;
+
+                if (!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,x,NULL))
+                        {
+                        SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB);
+                        return(0);
+                        }
+  
+                X509_verify_cert(&xs_ctx);
+                /* Don't leave errors in the queue */
+                ERR_clear_error();
+                for (i=0; i < sk_X509_num(xs_ctx.chain); i++)
+                        {
+                        x = sk_X509_value(xs_ctx.chain, i);
+
+                        if (!dtls1_add_cert_to_buf(buf, &l, x))
+                                {
+                                X509_STORE_CTX_cleanup(&xs_ctx);
+                                return 0;
+                                }
+                        }
+                X509_STORE_CTX_cleanup(&xs_ctx);
+                }
+        /* Thawte special :-) */
         for (i=0; i<sk_X509_num(s->ctx->extra_certs); i++)
                 {
                 x=sk_X509_value(s->ctx->extra_certs,i);
-                n=i2d_X509(x,NULL);
-                if (!BUF_MEM_grow_clean(buf,(int)(n+l+3)))
-                        {
-                        SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
-                        return(0);
-                        }
-                p=(unsigned char *)&(buf->data[l]);
-                l2n3(n,p);
-                i2d_X509(x,&p);
-                l+=n+3;
+                if (!dtls1_add_cert_to_buf(buf, &l, x))
+                        return 0;
                 }
 
         l-= (3 + DTLS1_HM_HEADER_LENGTH);
@@ -883,18 +1071,13 @@ unsigned long dtls1_output_cert_chain(SSL *s, X509 *x)
 
 int dtls1_read_failed(SSL *s, int code)
         {
-        DTLS1_STATE *state;
-        BIO *bio;
-        int send_alert = 0;
-
         if ( code > 0)
                 {
                 fprintf( stderr, "invalid state reached %s:%d", __FILE__, __LINE__);
                 return 1;
                 }
 
-        bio = SSL_get_rbio(s);
-        if ( ! BIO_dgram_recv_timedout(bio))
+        if (!dtls1_is_timer_expired(s))
                 {
                 /* not a timeout, none of our business, 
                    let higher layers handle this.  in fact it's probably an error */
@@ -907,23 +1090,6 @@ int dtls1_read_failed(SSL *s, int code)
                 return code;
                 }
 
-        state = s->d1;
-        state->timeout.num_alerts++;
-        if ( state->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT)
-                {
-                /* fail the connection, enough alerts have been sent */
-                SSLerr(SSL_F_DTLS1_READ_FAILED,SSL_R_READ_TIMEOUT_EXPIRED);
-                return 0;
-                }
-
-        state->timeout.read_timeouts++;
-        if ( state->timeout.read_timeouts > DTLS1_TMO_READ_COUNT)
-                {
-                send_alert = 1;
-                state->timeout.read_timeouts = 1;
-                }
-
-
 #if 0 /* for now, each alert contains only one record number */
         item = pqueue_peek(state->rcvd_records);
         if ( item )
@@ -934,16 +1100,29 @@ int dtls1_read_failed(SSL *s, int code)
 #endif
 
 #if 0  /* no more alert sending, just retransmit the last set of messages */
-                if ( send_alert)
-                        ssl3_send_alert(s,SSL3_AL_WARNING,
-                                DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
+        if ( state->timeout.read_timeouts >= DTLS1_TMO_READ_COUNT)
+                ssl3_send_alert(s,SSL3_AL_WARNING,
+                        DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
 #endif
 
-        return dtls1_retransmit_buffered_messages(s) ;
+        return dtls1_handle_timeout(s);
         }
 
+int
+dtls1_get_queue_priority(unsigned short seq, int is_ccs)
+        {
+        /* The index of the retransmission queue actually is the message sequence number,
+         * since the queue only contains messages of a single handshake. However, the
+         * ChangeCipherSpec has no message sequence number and so using only the sequence
+         * will result in the CCS and Finished having the same index. To prevent this,
+         * the sequence number is multiplied by 2. In case of a CCS 1 is subtracted.
+         * This does not only differ CSS and Finished, it also maintains the order of the
+         * index (important for priority queues) and fits in the unsigned short variable.
+         */     
+        return seq * 2 - is_ccs;
+        }
 
-static int
+int
 dtls1_retransmit_buffered_messages(SSL *s)
         {
         pqueue sent = s->d1->sent_messages;
@@ -957,8 +1136,9 @@ dtls1_retransmit_buffered_messages(SSL *s)
         for ( item = pqueue_next(&iter); item != NULL; item = pqueue_next(&iter))
                 {
                 frag = (hm_fragment *)item->data;
-                if ( dtls1_retransmit_message(s, frag->msg_header.seq, 0, &found) <= 0 &&
-                        found)
+                        if ( dtls1_retransmit_message(s,
+                                (unsigned short)dtls1_get_queue_priority(frag->msg_header.seq, frag->msg_header.is_ccs),
+                                0, &found) <= 0 && found)
                         {
                         fprintf(stderr, "dtls1_retransmit_message() failed\n");
                         return -1;
@@ -973,22 +1153,20 @@ dtls1_buffer_message(SSL *s, int is_ccs)
         {
         pitem *item;
         hm_fragment *frag;
-        PQ_64BIT seq64;
-        unsigned int epoch = s->d1->w_epoch;
+        unsigned char seq64be[8];
 
         /* this function is called immediately after a message has 
          * been serialized */
         OPENSSL_assert(s->init_off == 0);
 
-        frag = dtls1_hm_fragment_new(s->init_num);
+        frag = dtls1_hm_fragment_new(s->init_num, 0);
 
         memcpy(frag->fragment, s->init_buf->data, s->init_num);
 
         if ( is_ccs)
                 {
                 OPENSSL_assert(s->d1->w_msg_hdr.msg_len + 
-                        DTLS1_CCS_HEADER_LENGTH <= (unsigned int)s->init_num);
-                epoch++;
+                               ((s->version==DTLS1_VERSION)?DTLS1_CCS_HEADER_LENGTH:3) == (unsigned int)s->init_num);
                 }
         else
                 {
@@ -1003,11 +1181,20 @@ dtls1_buffer_message(SSL *s, int is_ccs)
         frag->msg_header.frag_len = s->d1->w_msg_hdr.msg_len;
         frag->msg_header.is_ccs = is_ccs;
 
-        pq_64bit_init(&seq64);
-        pq_64bit_assign_word(&seq64, epoch<<16 | frag->msg_header.seq);
-
-        item = pitem_new(seq64, frag);
-        pq_64bit_free(&seq64);
+        /* save current state*/
+        frag->msg_header.saved_retransmit_state.enc_write_ctx = s->enc_write_ctx;
+        frag->msg_header.saved_retransmit_state.write_hash = s->write_hash;
+        frag->msg_header.saved_retransmit_state.compress = s->compress;
+        frag->msg_header.saved_retransmit_state.session = s->session;
+        frag->msg_header.saved_retransmit_state.epoch = s->d1->w_epoch;
+        
+        memset(seq64be,0,sizeof(seq64be));
+        seq64be[6] = (unsigned char)(dtls1_get_queue_priority(frag->msg_header.seq,
+                                                                                                                  frag->msg_header.is_ccs)>>8);
+        seq64be[7] = (unsigned char)(dtls1_get_queue_priority(frag->msg_header.seq,
+                                                                                                                  frag->msg_header.is_ccs));
+
+        item = pitem_new(seq64be, frag);
         if ( item == NULL)
                 {
                 dtls1_hm_fragment_free(frag);
@@ -1033,7 +1220,9 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
         pitem *item;
         hm_fragment *frag ;
         unsigned long header_length;
-        PQ_64BIT seq64;
+        unsigned char seq64be[8];
+        struct dtls1_retransmit_state saved_state;
+        unsigned char save_write_sequence[8];
 
         /*
           OPENSSL_assert(s->init_num == 0);
@@ -1041,11 +1230,11 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
          */
 
         /* XDTLS:  the requested message ought to be found, otherwise error */
-        pq_64bit_init(&seq64);
-        pq_64bit_assign_word(&seq64, seq);
+        memset(seq64be,0,sizeof(seq64be));
+        seq64be[6] = (unsigned char)(seq>>8);
+        seq64be[7] = (unsigned char)seq;
 
-        item = pqueue_find(s->d1->sent_messages, seq64);
-        pq_64bit_free(&seq64);
+        item = pqueue_find(s->d1->sent_messages, seq64be);
         if ( item == NULL)
                 {
                 fprintf(stderr, "retransmit:  message %d non-existant\n", seq);
@@ -1069,9 +1258,45 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
                 frag->msg_header.msg_len, frag->msg_header.seq, 0, 
                 frag->msg_header.frag_len);
 
+        /* save current state */
+        saved_state.enc_write_ctx = s->enc_write_ctx;
+        saved_state.write_hash = s->write_hash;
+        saved_state.compress = s->compress;
+        saved_state.session = s->session;
+        saved_state.epoch = s->d1->w_epoch;
+        saved_state.epoch = s->d1->w_epoch;
+        
         s->d1->retransmitting = 1;
+        
+        /* restore state in which the message was originally sent */
+        s->enc_write_ctx = frag->msg_header.saved_retransmit_state.enc_write_ctx;
+        s->write_hash = frag->msg_header.saved_retransmit_state.write_hash;
+        s->compress = frag->msg_header.saved_retransmit_state.compress;
+        s->session = frag->msg_header.saved_retransmit_state.session;
+        s->d1->w_epoch = frag->msg_header.saved_retransmit_state.epoch;
+        
+        if (frag->msg_header.saved_retransmit_state.epoch == saved_state.epoch - 1)
+        {
+                memcpy(save_write_sequence, s->s3->write_sequence, sizeof(s->s3->write_sequence));
+                memcpy(s->s3->write_sequence, s->d1->last_write_sequence, sizeof(s->s3->write_sequence));
+        }
+        
         ret = dtls1_do_write(s, frag->msg_header.is_ccs ? 
-                SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE);
+                                                 SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE);
+        
+        /* restore current state */
+        s->enc_write_ctx = saved_state.enc_write_ctx;
+        s->write_hash = saved_state.write_hash;
+        s->compress = saved_state.compress;
+        s->session = saved_state.session;
+        s->d1->w_epoch = saved_state.epoch;
+        
+        if (frag->msg_header.saved_retransmit_state.epoch == saved_state.epoch - 1)
+        {
+                memcpy(s->d1->last_write_sequence, s->s3->write_sequence, sizeof(s->s3->write_sequence));
+                memcpy(s->s3->write_sequence, save_write_sequence, sizeof(s->s3->write_sequence));
+        }
+
         s->d1->retransmitting = 0;
 
         (void)BIO_flush(SSL_get_wbio(s));
@@ -1160,7 +1385,7 @@ dtls1_min_mtu(void)
 static unsigned int 
 dtls1_guess_mtu(unsigned int curr_mtu)
         {
-        size_t i;
+        unsigned int i;
 
         if ( curr_mtu == 0 )
                 return g_probable_mtu[0] ;
diff --git a/src/lib/libssl/d1_enc.c b/src/lib/libssl/d1_enc.c
index cf3332e4e4..8fa57347a9 100644
--- a/src/lib/libssl/d1_enc.c
+++ b/src/lib/libssl/d1_enc.c
@@ -136,8 +136,12 @@ int dtls1_enc(SSL *s, int send)
 
         if (send)
                 {
-                if (s->write_hash != NULL)
-                        n=EVP_MD_size(s->write_hash);
+                if (EVP_MD_CTX_md(s->write_hash))
+                        {
+                        n=EVP_MD_CTX_size(s->write_hash);
+                        if (n < 0)
+                                return -1;
+                        }
                 ds=s->enc_write_ctx;
                 rec= &(s->s3->wrec);
                 if (s->enc_write_ctx == NULL)
@@ -151,15 +155,19 @@ int dtls1_enc(SSL *s, int send)
                                         __FILE__, __LINE__);
                         else if ( EVP_CIPHER_block_size(ds->cipher) > 1)
                                 {
-                                if (!RAND_bytes(rec->input, EVP_CIPHER_block_size(ds->cipher)))
+                                if (RAND_bytes(rec->input, EVP_CIPHER_block_size(ds->cipher)) <= 0)
                                         return -1;
                                 }
                         }
                 }
         else
                 {
-                if (s->read_hash != NULL)
-                        n=EVP_MD_size(s->read_hash);
+                if (EVP_MD_CTX_md(s->read_hash))
+                        {
+                        n=EVP_MD_CTX_size(s->read_hash);
+                        if (n < 0)
+                                return -1;
+                        }
                 ds=s->enc_read_ctx;
                 rec= &(s->s3->rrec);
                 if (s->enc_read_ctx == NULL)
@@ -206,11 +214,10 @@ int dtls1_enc(SSL *s, int send)
                 {
                 unsigned long ui;
                 printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n",
-                        (void *)ds,rec->data,rec->input,l);
-                printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%ld %ld], %d iv_len\n",
+                        ds,rec->data,rec->input,l);
+                printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n",
                         ds->buf_len, ds->cipher->key_len,
-                        (unsigned long)DES_KEY_SZ,
-                        (unsigned long)DES_SCHEDULE_SZ,
+                        DES_KEY_SZ, DES_SCHEDULE_SZ,
                         ds->cipher->iv_len);
                 printf("\t\tIV: ");
                 for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]);
@@ -235,10 +242,10 @@ int dtls1_enc(SSL *s, int send)
 
 #ifdef KSSL_DEBUG
                 {
-                unsigned long ki;
+                unsigned long i;
                 printf("\trec->data=");
-                for (ki=0; ki<l; ki++)
-                        printf(" %02x", rec->data[ki]);  printf("\n");
+                for (i=0; i<l; i++)
+                        printf(" %02x", rec->data[i]);  printf("\n");
                 }
 #endif  /* KSSL_DEBUG */
 
diff --git a/src/lib/libssl/d1_lib.c b/src/lib/libssl/d1_lib.c
index 3568e97a87..96b220e87c 100644
--- a/src/lib/libssl/d1_lib.c
+++ b/src/lib/libssl/d1_lib.c
@@ -58,10 +58,17 @@
  */
 
 #include <stdio.h>
+#define USE_SOCKETS
 #include <openssl/objects.h>
 #include "ssl_locl.h"
 
+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS)
+#include <sys/timeb.h>
+#endif
+
+static void get_current_time(struct timeval *t);
 const char dtls1_version_str[]="DTLSv1" OPENSSL_VERSION_PTEXT;
+int dtls1_listen(SSL *s, struct sockaddr *client);
 
 SSL3_ENC_METHOD DTLSv1_enc_data={
     dtls1_enc,
@@ -84,11 +91,6 @@ long dtls1_default_timeout(void)
         return(60*60*2);
         }
 
-IMPLEMENT_dtls1_meth_func(dtlsv1_base_method,
-                        ssl_undefined_function,
-                        ssl_undefined_function,
-                        ssl_bad_method)
-
 int dtls1_new(SSL *s)
         {
         DTLS1_STATE *d1;
@@ -98,22 +100,12 @@ int dtls1_new(SSL *s)
         memset(d1,0, sizeof *d1);
 
         /* d1->handshake_epoch=0; */
-#if defined(OPENSSL_SYS_VMS) || defined(VMS_TEST)
-        d1->bitmap.length=64;
-#else
-        d1->bitmap.length=sizeof(d1->bitmap.map) * 8;
-#endif
-        pq_64bit_init(&(d1->bitmap.map));
-        pq_64bit_init(&(d1->bitmap.max_seq_num));
-        
-        d1->next_bitmap.length = d1->bitmap.length;
-        pq_64bit_init(&(d1->next_bitmap.map));
-        pq_64bit_init(&(d1->next_bitmap.max_seq_num));
 
         d1->unprocessed_rcds.q=pqueue_new();
         d1->processed_rcds.q=pqueue_new();
         d1->buffered_messages = pqueue_new();
         d1->sent_messages=pqueue_new();
+        d1->buffered_app_data.q=pqueue_new();
 
         if ( s->server)
                 {
@@ -121,12 +113,13 @@ int dtls1_new(SSL *s)
                 }
 
         if( ! d1->unprocessed_rcds.q || ! d1->processed_rcds.q 
-        || ! d1->buffered_messages || ! d1->sent_messages)
+        || ! d1->buffered_messages || ! d1->sent_messages || ! d1->buffered_app_data.q)
                 {
         if ( d1->unprocessed_rcds.q) pqueue_free(d1->unprocessed_rcds.q);
         if ( d1->processed_rcds.q) pqueue_free(d1->processed_rcds.q);
         if ( d1->buffered_messages) pqueue_free(d1->buffered_messages);
                 if ( d1->sent_messages) pqueue_free(d1->sent_messages);
+                if ( d1->buffered_app_data.q) pqueue_free(d1->buffered_app_data.q);
                 OPENSSL_free(d1);
                 return (0);
                 }
@@ -175,11 +168,14 @@ void dtls1_free(SSL *s)
         }
         pqueue_free(s->d1->sent_messages);
 
-        pq_64bit_free(&(s->d1->bitmap.map));
-        pq_64bit_free(&(s->d1->bitmap.max_seq_num));
-
-        pq_64bit_free(&(s->d1->next_bitmap.map));
-        pq_64bit_free(&(s->d1->next_bitmap.max_seq_num));
+        while ( (item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL)
+                {
+                frag = (hm_fragment *)item->data;
+                OPENSSL_free(frag->fragment);
+                OPENSSL_free(frag);
+                pitem_free(item);
+                }
+        pqueue_free(s->d1->buffered_app_data.q);
 
         OPENSSL_free(s->d1);
         }
@@ -187,7 +183,36 @@ void dtls1_free(SSL *s)
 void dtls1_clear(SSL *s)
         {
         ssl3_clear(s);
-        s->version=DTLS1_VERSION;
+        if (s->options & SSL_OP_CISCO_ANYCONNECT)
+                s->version=DTLS1_BAD_VER;
+        else
+                s->version=DTLS1_VERSION;
+        }
+
+long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg)
+        {
+        int ret=0;
+
+        switch (cmd)
+                {
+        case DTLS_CTRL_GET_TIMEOUT:
+                if (dtls1_get_timeout(s, (struct timeval*) parg) != NULL)
+                        {
+                        ret = 1;
+                        }
+                break;
+        case DTLS_CTRL_HANDLE_TIMEOUT:
+                ret = dtls1_handle_timeout(s);
+                break;
+        case DTLS_CTRL_LISTEN:
+                ret = dtls1_listen(s, parg);
+                break;
+
+        default:
+                ret = ssl3_ctrl(s, cmd, larg, parg);
+                break;
+                }
+        return(ret);
         }
 
 /*
@@ -197,15 +222,173 @@ void dtls1_clear(SSL *s)
  * to explicitly list their SSL_* codes. Currently RC4 is the only one
  * available, but if new ones emerge, they will have to be added...
  */
-SSL_CIPHER *dtls1_get_cipher(unsigned int u)
+const SSL_CIPHER *dtls1_get_cipher(unsigned int u)
         {
-        SSL_CIPHER *ciph = ssl3_get_cipher(u);
+        const SSL_CIPHER *ciph = ssl3_get_cipher(u);
 
         if (ciph != NULL)
                 {
-                if ((ciph->algorithms&SSL_ENC_MASK) == SSL_RC4)
+                if (ciph->algorithm_enc == SSL_RC4)
                         return NULL;
                 }
 
         return ciph;
         }
+
+void dtls1_start_timer(SSL *s)
+        {
+        /* If timer is not set, initialize duration with 1 second */
+        if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0)
+                {
+                s->d1->timeout_duration = 1;
+                }
+        
+        /* Set timeout to current time */
+        get_current_time(&(s->d1->next_timeout));
+
+        /* Add duration to current time */
+        s->d1->next_timeout.tv_sec += s->d1->timeout_duration;
+        BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout));
+        }
+
+struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft)
+        {
+        struct timeval timenow;
+
+        /* If no timeout is set, just return NULL */
+        if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0)
+                {
+                return NULL;
+                }
+
+        /* Get current time */
+        get_current_time(&timenow);
+
+        /* If timer already expired, set remaining time to 0 */
+        if (s->d1->next_timeout.tv_sec < timenow.tv_sec ||
+                (s->d1->next_timeout.tv_sec == timenow.tv_sec &&
+                 s->d1->next_timeout.tv_usec <= timenow.tv_usec))
+                {
+                memset(timeleft, 0, sizeof(struct timeval));
+                return timeleft;
+                }
+
+        /* Calculate time left until timer expires */
+        memcpy(timeleft, &(s->d1->next_timeout), sizeof(struct timeval));
+        timeleft->tv_sec -= timenow.tv_sec;
+        timeleft->tv_usec -= timenow.tv_usec;
+        if (timeleft->tv_usec < 0)
+                {
+                timeleft->tv_sec--;
+                timeleft->tv_usec += 1000000;
+                }
+
+        /* If remaining time is less than 15 ms, set it to 0
+         * to prevent issues because of small devergences with
+         * socket timeouts.
+         */
+        if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000)
+                {
+                memset(timeleft, 0, sizeof(struct timeval));
+                }
+        
+
+        return timeleft;
+        }
+
+int dtls1_is_timer_expired(SSL *s)
+        {
+        struct timeval timeleft;
+
+        /* Get time left until timeout, return false if no timer running */
+        if (dtls1_get_timeout(s, &timeleft) == NULL)
+                {
+                return 0;
+                }
+
+        /* Return false if timer is not expired yet */
+        if (timeleft.tv_sec > 0 || timeleft.tv_usec > 0)
+                {
+                return 0;
+                }
+
+        /* Timer expired, so return true */     
+        return 1;
+        }
+
+void dtls1_double_timeout(SSL *s)
+        {
+        s->d1->timeout_duration *= 2;
+        if (s->d1->timeout_duration > 60)
+                s->d1->timeout_duration = 60;
+        dtls1_start_timer(s);
+        }
+
+void dtls1_stop_timer(SSL *s)
+        {
+        /* Reset everything */
+        memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));
+        s->d1->timeout_duration = 1;
+        BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout));
+        }
+
+int dtls1_handle_timeout(SSL *s)
+        {
+        DTLS1_STATE *state;
+
+        /* if no timer is expired, don't do anything */
+        if (!dtls1_is_timer_expired(s))
+                {
+                return 0;
+                }
+
+        dtls1_double_timeout(s);
+        state = s->d1;
+        state->timeout.num_alerts++;
+        if ( state->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT)
+                {
+                /* fail the connection, enough alerts have been sent */
+                SSLerr(SSL_F_DTLS1_HANDLE_TIMEOUT,SSL_R_READ_TIMEOUT_EXPIRED);
+                return 0;
+                }
+
+        state->timeout.read_timeouts++;
+        if ( state->timeout.read_timeouts > DTLS1_TMO_READ_COUNT)
+                {
+                state->timeout.read_timeouts = 1;
+                }
+
+        dtls1_start_timer(s);
+        return dtls1_retransmit_buffered_messages(s);
+        }
+
+static void get_current_time(struct timeval *t)
+{
+#ifdef OPENSSL_SYS_WIN32
+        struct _timeb tb;
+        _ftime(&tb);
+        t->tv_sec = (long)tb.time;
+        t->tv_usec = (long)tb.millitm * 1000;
+#elif defined(OPENSSL_SYS_VMS)
+        struct timeb tb;
+        ftime(&tb);
+        t->tv_sec = (long)tb.time;
+        t->tv_usec = (long)tb.millitm * 1000;
+#else
+        gettimeofday(t, NULL);
+#endif
+}
+
+int dtls1_listen(SSL *s, struct sockaddr *client)
+        {
+        int ret;
+
+        SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
+        s->d1->listen = 1;
+
+        ret = SSL_accept(s);
+        if (ret <= 0) return ret;
+        
+        (void) BIO_dgram_get_peer(SSL_get_rbio(s), client);
+        return 1;
+        }
diff --git a/src/lib/libssl/d1_meth.c b/src/lib/libssl/d1_meth.c
index 8a6cf31947..5c4004bfe3 100644
--- a/src/lib/libssl/d1_meth.c
+++ b/src/lib/libssl/d1_meth.c
@@ -61,8 +61,8 @@
 #include <openssl/objects.h>
 #include "ssl_locl.h"
 
-static SSL_METHOD *dtls1_get_method(int ver);
-static SSL_METHOD *dtls1_get_method(int ver)
+static const SSL_METHOD *dtls1_get_method(int ver);
+static const SSL_METHOD *dtls1_get_method(int ver)
         {
         if (ver == DTLS1_VERSION)
                 return(DTLSv1_method());
diff --git a/src/lib/libssl/t1_reneg.c b/src/lib/libssl/t1_reneg.c
new file mode 100644
index 0000000000..9c2cc3c712
--- /dev/null
+++ b/src/lib/libssl/t1_reneg.c
@@ -0,0 +1,292 @@
+/* ssl/t1_reneg.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2009 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include <openssl/objects.h>
+#include "ssl_locl.h"
+
+/* Add the client's renegotiation binding */
+int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
+                                        int maxlen)
+    {
+    if(p)
+        {
+        if((s->s3->previous_client_finished_len+1) > maxlen)
+            {
+            SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATE_EXT_TOO_LONG);
+            return 0;
+            }
+            
+        /* Length byte */
+        *p = s->s3->previous_client_finished_len;
+        p++;
+
+        memcpy(p, s->s3->previous_client_finished,
+               s->s3->previous_client_finished_len);
+#ifdef OPENSSL_RI_DEBUG
+    fprintf(stderr, "%s RI extension sent by client\n",
+                s->s3->previous_client_finished_len ? "Non-empty" : "Empty");
+#endif
+        }
+    
+    *len=s->s3->previous_client_finished_len + 1;
+
+ 
+    return 1;
+    }
+
+/* Parse the client's renegotiation binding and abort if it's not
+   right */
+int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,
+                                          int *al)
+    {
+    int ilen;
+
+    /* Parse the length byte */
+    if(len < 1)
+        {
+        SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_ENCODING_ERR);
+        *al=SSL_AD_ILLEGAL_PARAMETER;
+        return 0;
+        }
+    ilen = *d;
+    d++;
+
+    /* Consistency check */
+    if((ilen+1) != len)
+        {
+        SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_ENCODING_ERR);
+        *al=SSL_AD_ILLEGAL_PARAMETER;
+        return 0;
+        }
+
+    /* Check that the extension matches */
+    if(ilen != s->s3->previous_client_finished_len)
+        {
+        SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);
+        *al=SSL_AD_HANDSHAKE_FAILURE;
+        return 0;
+        }
+    
+    if(memcmp(d, s->s3->previous_client_finished,
+              s->s3->previous_client_finished_len))
+        {
+        SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);
+        *al=SSL_AD_HANDSHAKE_FAILURE;
+        return 0;
+        }
+#ifdef OPENSSL_RI_DEBUG
+    fprintf(stderr, "%s RI extension received by server\n",
+                                ilen ? "Non-empty" : "Empty");
+#endif
+
+    s->s3->send_connection_binding=1;
+
+    return 1;
+    }
+
+/* Add the server's renegotiation binding */
+int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
+                                        int maxlen)
+    {
+    if(p)
+        {
+        if((s->s3->previous_client_finished_len +
+            s->s3->previous_server_finished_len + 1) > maxlen)
+            {
+            SSLerr(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATE_EXT_TOO_LONG);
+            return 0;
+            }
+        
+        /* Length byte */
+        *p = s->s3->previous_client_finished_len + s->s3->previous_server_finished_len;
+        p++;
+
+        memcpy(p, s->s3->previous_client_finished,
+               s->s3->previous_client_finished_len);
+        p += s->s3->previous_client_finished_len;
+
+        memcpy(p, s->s3->previous_server_finished,
+               s->s3->previous_server_finished_len);
+#ifdef OPENSSL_RI_DEBUG
+    fprintf(stderr, "%s RI extension sent by server\n",
+                s->s3->previous_client_finished_len ? "Non-empty" : "Empty");
+#endif
+        }
+    
+    *len=s->s3->previous_client_finished_len
+        + s->s3->previous_server_finished_len + 1;
+    
+    return 1;
+    }
+
+/* Parse the server's renegotiation binding and abort if it's not
+   right */
+int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,
+                                          int *al)
+    {
+    int expected_len=s->s3->previous_client_finished_len
+        + s->s3->previous_server_finished_len;
+    int ilen;
+
+    /* Check for logic errors */
+    OPENSSL_assert(!expected_len || s->s3->previous_client_finished_len);
+    OPENSSL_assert(!expected_len || s->s3->previous_server_finished_len);
+    
+    /* Parse the length byte */
+    if(len < 1)
+        {
+        SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_ENCODING_ERR);
+        *al=SSL_AD_ILLEGAL_PARAMETER;
+        return 0;
+        }
+    ilen = *d;
+    d++;
+
+    /* Consistency check */
+    if(ilen+1 != len)
+        {
+        SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_ENCODING_ERR);
+        *al=SSL_AD_ILLEGAL_PARAMETER;
+        return 0;
+        }
+    
+    /* Check that the extension matches */
+    if(ilen != expected_len)
+        {
+        SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);
+        *al=SSL_AD_HANDSHAKE_FAILURE;
+        return 0;
+        }
+
+    if(memcmp(d, s->s3->previous_client_finished,
+              s->s3->previous_client_finished_len))
+        {
+        SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);
+        *al=SSL_AD_HANDSHAKE_FAILURE;
+        return 0;
+        }
+    d += s->s3->previous_client_finished_len;
+
+    if(memcmp(d, s->s3->previous_server_finished,
+              s->s3->previous_server_finished_len))
+        {
+        SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);
+        *al=SSL_AD_ILLEGAL_PARAMETER;
+        return 0;
+        }
+#ifdef OPENSSL_RI_DEBUG
+    fprintf(stderr, "%s RI extension received by client\n",
+                                ilen ? "Non-empty" : "Empty");
+#endif
+    s->s3->send_connection_binding=1;
+
+    return 1;
+    }
diff --git a/src/lib/libssl/test/CAss.cnf b/src/lib/libssl/test/CAss.cnf
index 546e660626..20f8f05e3d 100644
--- a/src/lib/libssl/test/CAss.cnf
+++ b/src/lib/libssl/test/CAss.cnf
@@ -7,7 +7,7 @@ RANDFILE		= ./.rnd
 
 ####################################################################
 [ req ]
-default_bits            = 1024
+default_bits            = 512
 default_keyfile         = keySS.pem
 distinguished_name      = req_distinguished_name
 encrypt_rsa_key         = no
diff --git a/src/lib/libssl/test/CAtsa.cnf b/src/lib/libssl/test/CAtsa.cnf
new file mode 100644
index 0000000000..f5a275bfc2
--- /dev/null
+++ b/src/lib/libssl/test/CAtsa.cnf
@@ -0,0 +1,163 @@
+
+#
+# This config is used by the Time Stamp Authority tests.
+#
+
+RANDFILE                = ./.rnd
+
+# Extra OBJECT IDENTIFIER info:
+oid_section             = new_oids
+
+TSDNSECT                = ts_cert_dn
+INDEX                   = 1
+
+[ new_oids ]
+
+# Policies used by the TSA tests.
+tsa_policy1 = 1.2.3.4.1
+tsa_policy2 = 1.2.3.4.5.6
+tsa_policy3 = 1.2.3.4.5.7
+
+#----------------------------------------------------------------------
+[ ca ]
+default_ca      = CA_default            # The default ca section
+
+[ CA_default ]
+
+dir             = ./demoCA
+certs           = $dir/certs            # Where the issued certs are kept
+database        = $dir/index.txt        # database index file.
+new_certs_dir   = $dir/newcerts         # default place for new certs.
+
+certificate     = $dir/cacert.pem       # The CA certificate
+serial          = $dir/serial           # The current serial number
+private_key     = $dir/private/cakey.pem# The private key
+RANDFILE        = $dir/private/.rand    # private random number file
+
+default_days    = 365                   # how long to certify for
+default_md      = sha1                  # which md to use.
+preserve        = no                    # keep passed DN ordering
+
+policy          = policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName             = supplied
+stateOrProvinceName     = supplied
+organizationName        = supplied
+organizationalUnitName  = optional
+commonName              = supplied
+emailAddress            = optional
+
+#----------------------------------------------------------------------
+[ req ]
+default_bits            = 1024
+default_md              = sha1
+distinguished_name      = $ENV::TSDNSECT
+encrypt_rsa_key         = no
+prompt                  = no
+# attributes            = req_attributes
+x509_extensions = v3_ca # The extentions to add to the self signed cert
+
+string_mask = nombstr
+
+[ ts_ca_dn ]
+countryName                     = HU
+stateOrProvinceName             = Budapest
+localityName                    = Budapest
+organizationName                = Gov-CA Ltd.
+commonName                      = ca1
+
+[ ts_cert_dn ]
+countryName                     = HU
+stateOrProvinceName             = Budapest
+localityName                    = Buda
+organizationName                = Hun-TSA Ltd.
+commonName                      = tsa$ENV::INDEX
+
+[ tsa_cert ]
+
+# TSA server cert is not a CA cert.
+basicConstraints=CA:FALSE
+
+# The following key usage flags are needed for TSA server certificates.
+keyUsage = nonRepudiation, digitalSignature
+extendedKeyUsage = critical,timeStamping
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+[ non_tsa_cert ]
+
+# This is not a CA cert and not a TSA cert, either (timeStamping usage missing)
+basicConstraints=CA:FALSE
+
+# The following key usage flags are needed for TSA server certificates.
+keyUsage = nonRepudiation, digitalSignature
+# timeStamping is not supported by this certificate
+# extendedKeyUsage = critical,timeStamping
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature
+
+[ v3_ca ]
+
+# Extensions for a typical CA
+
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+basicConstraints = critical,CA:true
+keyUsage = cRLSign, keyCertSign
+
+#----------------------------------------------------------------------
+[ tsa ]
+
+default_tsa = tsa_config1       # the default TSA section
+
+[ tsa_config1 ]
+
+# These are used by the TSA reply generation only.
+dir             = .                     # TSA root directory
+serial          = $dir/tsa_serial       # The current serial number (mandatory)
+signer_cert     = $dir/tsa_cert1.pem    # The TSA signing certificate
+                                        # (optional)
+certs           = $dir/tsaca.pem        # Certificate chain to include in reply
+                                        # (optional)
+signer_key      = $dir/tsa_key1.pem     # The TSA private key (optional)
+
+default_policy  = tsa_policy1           # Policy if request did not specify it
+                                        # (optional)
+other_policies  = tsa_policy2, tsa_policy3      # acceptable policies (optional)
+digests         = md5, sha1             # Acceptable message digests (mandatory)
+accuracy        = secs:1, millisecs:500, microsecs:100  # (optional)
+ordering                = yes   # Is ordering defined for timestamps?
+                                # (optional, default: no)
+tsa_name                = yes   # Must the TSA name be included in the reply?
+                                # (optional, default: no)
+ess_cert_id_chain       = yes   # Must the ESS cert id chain be included?
+                                # (optional, default: no)
+
+[ tsa_config2 ]
+
+# This configuration uses a certificate which doesn't have timeStamping usage.
+# These are used by the TSA reply generation only.
+dir             = .                     # TSA root directory
+serial          = $dir/tsa_serial       # The current serial number (mandatory)
+signer_cert     = $dir/tsa_cert2.pem    # The TSA signing certificate
+                                        # (optional)
+certs           = $dir/demoCA/cacert.pem# Certificate chain to include in reply
+                                        # (optional)
+signer_key      = $dir/tsa_key2.pem     # The TSA private key (optional)
+
+default_policy  = tsa_policy1           # Policy if request did not specify it
+                                        # (optional)
+other_policies  = tsa_policy2, tsa_policy3      # acceptable policies (optional)
+digests         = md5, sha1             # Acceptable message digests (mandatory)
diff --git a/src/lib/libssl/test/Uss.cnf b/src/lib/libssl/test/Uss.cnf
index 98b2e054b7..0c0ebb5f67 100644
--- a/src/lib/libssl/test/Uss.cnf
+++ b/src/lib/libssl/test/Uss.cnf
@@ -7,7 +7,7 @@ RANDFILE		= ./.rnd
 
 ####################################################################
 [ req ]
-default_bits            = 1024
+default_bits            = 512
 default_keyfile         = keySS.pem
 distinguished_name      = req_distinguished_name
 encrypt_rsa_key         = no
diff --git a/src/lib/libssl/test/asn1test.c b/src/lib/libssl/test/asn1test.c
new file mode 100755
index 0000000000..9f53d80344
--- /dev/null
+++ b/src/lib/libssl/test/asn1test.c
@@ -0,0 +1,22 @@
+#include <openssl/x509.h>
+#include <openssl/asn1_mac.h>
+
+typedef struct X
+    {
+    STACK_OF(X509_EXTENSION) *ext;
+    } X;
+
+/* This isn't meant to run particularly, it's just to test type checking */
+int main(int argc, char **argv)
+    {
+    X *x = NULL;
+    unsigned char **pp = NULL;
+
+    M_ASN1_I2D_vars(x);
+    M_ASN1_I2D_len_SEQUENCE_opt_type(X509_EXTENSION, x->ext,
+                                     i2d_X509_EXTENSION);
+    M_ASN1_I2D_seq_total();
+    M_ASN1_I2D_put_SEQUENCE_opt_type(X509_EXTENSION, x->ext,
+                                     i2d_X509_EXTENSION);
+    M_ASN1_I2D_finish();
+    }
diff --git a/src/lib/libssl/test/cms-test.pl b/src/lib/libssl/test/cms-test.pl
index a84e089ddc..9c50dff3e9 100644
--- a/src/lib/libssl/test/cms-test.pl
+++ b/src/lib/libssl/test/cms-test.pl
@@ -54,8 +54,12 @@
 # OpenSSL PKCS#7 and CMS implementations.
 
 my $ossl_path;
-
-if ( -f "../apps/openssl" ) {
+my $redir = " 2>cms.err 1>cms.out";
+# Make MSYS work
+if ( $^O eq "MSWin32" && -f "../apps/openssl.exe" ) {
+    $ossl_path = "cmd /c ..\\apps\\openssl";
+}
+elsif ( -f "../apps/openssl$ENV{EXE_EXT}" ) {
     $ossl_path = "../util/shlib_wrap.sh ../apps/openssl";
 }
 elsif ( -f "..\\out32dll\\openssl.exe" ) {
@@ -232,7 +236,7 @@ my @smime_cms_tests = (
     [
         "signed content MIME format, RSA key, signed receipt request",
         "-sign -in smcont.txt -signer $smdir/smrsa1.pem -nodetach"
-          . " -receipt_request_to test@openssl.org -receipt_request_all"
+          . " -receipt_request_to test\@openssl.org -receipt_request_all"
           . " -out test.cms",
         "-verify -in test.cms "
           . " -CAfile $smdir/smroot.pem -out smtst.txt"
@@ -333,10 +337,6 @@ my @smime_cms_comp_tests = (
 
 );
 
-print "PKCS#7 <=> PKCS#7 consistency tests\n";
-
-run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $pk7cmd, $pk7cmd );
-
 print "CMS => PKCS#7 compatibility tests\n";
 
 run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $pk7cmd );
@@ -386,14 +386,14 @@ sub run_smime_tests {
                 $rscmd =~ s/-stream//;  
                 $rvcmd =~ s/-stream//;
                 }
-        system("$scmd$rscmd 2>cms.err 1>cms.out");
+        system("$scmd$rscmd$redir");
         if ($?) {
             print "$tnam: generation error\n";
             $$rv++;
             exit 1 if $halt_err;
             next;
         }
-        system("$vcmd$rvcmd 2>cms.err 1>cms.out");
+        system("$vcmd$rvcmd$redir");
         if ($?) {
             print "$tnam: verify error\n";
             $$rv++;
diff --git a/src/lib/libssl/test/pkits-test.pl b/src/lib/libssl/test/pkits-test.pl
new file mode 100644
index 0000000000..69dffa16f9
--- /dev/null
+++ b/src/lib/libssl/test/pkits-test.pl
@@ -0,0 +1,940 @@
+# test/pkits-test.pl
+# Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+# project.
+#
+# ====================================================================
+# Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in
+#    the documentation and/or other materials provided with the
+#    distribution.
+#
+# 3. All advertising materials mentioning features or use of this
+#    software must display the following acknowledgment:
+#    "This product includes software developed by the OpenSSL Project
+#    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+#
+# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+#    endorse or promote products derived from this software without
+#    prior written permission. For written permission, please contact
+#    licensing@OpenSSL.org.
+#
+# 5. Products derived from this software may not be called "OpenSSL"
+#    nor may "OpenSSL" appear in their names without prior written
+#    permission of the OpenSSL Project.
+#
+# 6. Redistributions of any form whatsoever must retain the following
+#    acknowledgment:
+#    "This product includes software developed by the OpenSSL Project
+#    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+#
+# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+# PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+# OF THE POSSIBILITY OF SUCH DAMAGE.
+# ====================================================================
+
+# Perl utility to run PKITS tests for RFC3280 compliance. 
+
+my $ossl_path;
+
+if ( -f "../apps/openssl" ) {
+    $ossl_path = "../util/shlib_wrap.sh ../apps/openssl";
+}
+elsif ( -f "..\\out32dll\\openssl.exe" ) {
+    $ossl_path = "..\\out32dll\\openssl.exe";
+}
+elsif ( -f "..\\out32\\openssl.exe" ) {
+    $ossl_path = "..\\out32\\openssl.exe";
+}
+else {
+    die "Can't find OpenSSL executable";
+}
+
+my $pkitsdir = "pkits/smime";
+my $pkitsta = "pkits/certs/TrustAnchorRootCertificate.crt";
+
+die "Can't find PKITS test data" if !-d $pkitsdir;
+
+my $nist1 = "2.16.840.1.101.3.2.1.48.1";
+my $nist2 = "2.16.840.1.101.3.2.1.48.2";
+my $nist3 = "2.16.840.1.101.3.2.1.48.3";
+my $nist4 = "2.16.840.1.101.3.2.1.48.4";
+my $nist5 = "2.16.840.1.101.3.2.1.48.5";
+my $nist6 = "2.16.840.1.101.3.2.1.48.6";
+
+my $apolicy = "X509v3 Any Policy";
+
+# This table contains the chapter headings of the accompanying PKITS
+# document. They provide useful informational output and their names
+# can be converted into the filename to test.
+
+my @testlists = (
+    [ "4.1", "Signature Verification" ],
+    [ "4.1.1", "Valid Signatures Test1",                        0 ],
+    [ "4.1.2", "Invalid CA Signature Test2",                    7 ],
+    [ "4.1.3", "Invalid EE Signature Test3",                    7 ],
+    [ "4.1.4", "Valid DSA Signatures Test4",                    0 ],
+    [ "4.1.5", "Valid DSA Parameter Inheritance Test5",         0 ],
+    [ "4.1.6", "Invalid DSA Signature Test6",                   7 ],
+    [ "4.2",   "Validity Periods" ],
+    [ "4.2.1", "Invalid CA notBefore Date Test1",               9 ],
+    [ "4.2.2", "Invalid EE notBefore Date Test2",               9 ],
+    [ "4.2.3", "Valid pre2000 UTC notBefore Date Test3",        0 ],
+    [ "4.2.4", "Valid GeneralizedTime notBefore Date Test4",    0 ],
+    [ "4.2.5", "Invalid CA notAfter Date Test5",                10 ],
+    [ "4.2.6", "Invalid EE notAfter Date Test6",                10 ],
+    [ "4.2.7", "Invalid pre2000 UTC EE notAfter Date Test7",    10 ],
+    [ "4.2.8", "Valid GeneralizedTime notAfter Date Test8",     0 ],
+    [ "4.3",   "Verifying Name Chaining" ],
+    [ "4.3.1", "Invalid Name Chaining EE Test1",                20 ],
+    [ "4.3.2", "Invalid Name Chaining Order Test2",             20 ],
+    [ "4.3.3", "Valid Name Chaining Whitespace Test3",          0 ],
+    [ "4.3.4", "Valid Name Chaining Whitespace Test4",          0 ],
+    [ "4.3.5", "Valid Name Chaining Capitalization Test5",      0 ],
+    [ "4.3.6", "Valid Name Chaining UIDs Test6",                0 ],
+    [ "4.3.7", "Valid RFC3280 Mandatory Attribute Types Test7", 0 ],
+    [ "4.3.8", "Valid RFC3280 Optional Attribute Types Test8",  0 ],
+    [ "4.3.9", "Valid UTF8String Encoded Names Test9",          0 ],
+    [ "4.3.10", "Valid Rollover from PrintableString to UTF8String Test10", 0 ],
+    [ "4.3.11", "Valid UTF8String Case Insensitive Match Test11",           0 ],
+    [ "4.4",    "Basic Certificate Revocation Tests" ],
+    [ "4.4.1",  "Missing CRL Test1",                                        3 ],
+    [ "4.4.2", "Invalid Revoked CA Test2",          23 ],
+    [ "4.4.3", "Invalid Revoked EE Test3",          23 ],
+    [ "4.4.4", "Invalid Bad CRL Signature Test4",   8 ],
+    [ "4.4.5", "Invalid Bad CRL Issuer Name Test5", 3 ],
+    [ "4.4.6", "Invalid Wrong CRL Test6",           3 ],
+    [ "4.4.7", "Valid Two CRLs Test7",              0 ],
+
+    # The test document suggests these should return certificate revoked...
+    # Subsquent discussion has concluded they should not due to unhandle
+    # critical CRL extensions.
+    [ "4.4.8", "Invalid Unknown CRL Entry Extension Test8", 36 ],
+    [ "4.4.9", "Invalid Unknown CRL Extension Test9",       36 ],
+
+    [ "4.4.10", "Invalid Unknown CRL Extension Test10",             36 ],
+    [ "4.4.11", "Invalid Old CRL nextUpdate Test11",                12 ],
+    [ "4.4.12", "Invalid pre2000 CRL nextUpdate Test12",            12 ],
+    [ "4.4.13", "Valid GeneralizedTime CRL nextUpdate Test13",      0 ],
+    [ "4.4.14", "Valid Negative Serial Number Test14",              0 ],
+    [ "4.4.15", "Invalid Negative Serial Number Test15",            23 ],
+    [ "4.4.16", "Valid Long Serial Number Test16",                  0 ],
+    [ "4.4.17", "Valid Long Serial Number Test17",                  0 ],
+    [ "4.4.18", "Invalid Long Serial Number Test18",                23 ],
+    [ "4.4.19", "Valid Separate Certificate and CRL Keys Test19",   0 ],
+    [ "4.4.20", "Invalid Separate Certificate and CRL Keys Test20", 23 ],
+
+    # CRL path is revoked so get a CRL path validation error
+    [ "4.4.21", "Invalid Separate Certificate and CRL Keys Test21",      54 ],
+    [ "4.5",    "Verifying Paths with Self-Issued Certificates" ],
+    [ "4.5.1",  "Valid Basic Self-Issued Old With New Test1",            0 ],
+    [ "4.5.2",  "Invalid Basic Self-Issued Old With New Test2",          23 ],
+    [ "4.5.3",  "Valid Basic Self-Issued New With Old Test3",            0 ],
+    [ "4.5.4",  "Valid Basic Self-Issued New With Old Test4",            0 ],
+    [ "4.5.5",  "Invalid Basic Self-Issued New With Old Test5",          23 ],
+    [ "4.5.6",  "Valid Basic Self-Issued CRL Signing Key Test6",         0 ],
+    [ "4.5.7",  "Invalid Basic Self-Issued CRL Signing Key Test7",       23 ],
+    [ "4.5.8",  "Invalid Basic Self-Issued CRL Signing Key Test8",       20 ],
+    [ "4.6",    "Verifying Basic Constraints" ],
+    [ "4.6.1",  "Invalid Missing basicConstraints Test1",                24 ],
+    [ "4.6.2",  "Invalid cA False Test2",                                24 ],
+    [ "4.6.3",  "Invalid cA False Test3",                                24 ],
+    [ "4.6.4",  "Valid basicConstraints Not Critical Test4",             0 ],
+    [ "4.6.5",  "Invalid pathLenConstraint Test5",                       25 ],
+    [ "4.6.6",  "Invalid pathLenConstraint Test6",                       25 ],
+    [ "4.6.7",  "Valid pathLenConstraint Test7",                         0 ],
+    [ "4.6.8",  "Valid pathLenConstraint Test8",                         0 ],
+    [ "4.6.9",  "Invalid pathLenConstraint Test9",                       25 ],
+    [ "4.6.10", "Invalid pathLenConstraint Test10",                      25 ],
+    [ "4.6.11", "Invalid pathLenConstraint Test11",                      25 ],
+    [ "4.6.12", "Invalid pathLenConstraint Test12",                      25 ],
+    [ "4.6.13", "Valid pathLenConstraint Test13",                        0 ],
+    [ "4.6.14", "Valid pathLenConstraint Test14",                        0 ],
+    [ "4.6.15", "Valid Self-Issued pathLenConstraint Test15",            0 ],
+    [ "4.6.16", "Invalid Self-Issued pathLenConstraint Test16",          25 ],
+    [ "4.6.17", "Valid Self-Issued pathLenConstraint Test17",            0 ],
+    [ "4.7",    "Key Usage" ],
+    [ "4.7.1",  "Invalid keyUsage Critical keyCertSign False Test1",     20 ],
+    [ "4.7.2",  "Invalid keyUsage Not Critical keyCertSign False Test2", 20 ],
+    [ "4.7.3",  "Valid keyUsage Not Critical Test3",                     0 ],
+    [ "4.7.4",  "Invalid keyUsage Critical cRLSign False Test4",         35 ],
+    [ "4.7.5",  "Invalid keyUsage Not Critical cRLSign False Test5",     35 ],
+
+    # Certificate policy tests need special handling. They can have several
+    # sub tests and we need to check the outputs are correct.
+
+    [ "4.8", "Certificate Policies" ],
+    [
+        "4.8.1.1",
+        "All Certificates Same Policy Test1",
+        "-policy anyPolicy -explicit_policy",
+        "True", $nist1, $nist1, 0
+    ],
+    [
+        "4.8.1.2",
+        "All Certificates Same Policy Test1",
+        "-policy $nist1 -explicit_policy",
+        "True", $nist1, $nist1, 0
+    ],
+    [
+        "4.8.1.3",
+        "All Certificates Same Policy Test1",
+        "-policy $nist2 -explicit_policy",
+        "True", $nist1, "<empty>", 43
+    ],
+    [
+        "4.8.1.4",
+        "All Certificates Same Policy Test1",
+        "-policy $nist1 -policy $nist2 -explicit_policy",
+        "True", $nist1, $nist1, 0
+    ],
+    [
+        "4.8.2.1",
+        "All Certificates No Policies Test2",
+        "-policy anyPolicy",
+        "False", "<empty>", "<empty>", 0
+    ],
+    [
+        "4.8.2.2",
+        "All Certificates No Policies Test2",
+        "-policy anyPolicy -explicit_policy",
+        "True", "<empty>", "<empty>", 43
+    ],
+    [
+        "4.8.3.1",
+        "Different Policies Test3",
+        "-policy anyPolicy",
+        "False", "<empty>", "<empty>", 0
+    ],
+    [
+        "4.8.3.2",
+        "Different Policies Test3",
+        "-policy anyPolicy -explicit_policy",
+        "True", "<empty>", "<empty>", 43
+    ],
+    [
+        "4.8.3.3",
+        "Different Policies Test3",
+        "-policy $nist1 -policy $nist2 -explicit_policy",
+        "True", "<empty>", "<empty>", 43
+    ],
+
+    [
+        "4.8.4",
+        "Different Policies Test4",
+        "-policy anyPolicy",
+        "True", "<empty>", "<empty>", 43
+    ],
+    [
+        "4.8.5",
+        "Different Policies Test5",
+        "-policy anyPolicy",
+        "True", "<empty>", "<empty>", 43
+    ],
+    [
+        "4.8.6.1",
+        "Overlapping Policies Test6",
+        "-policy anyPolicy",
+        "True", $nist1, $nist1, 0
+    ],
+    [
+        "4.8.6.2",
+        "Overlapping Policies Test6",
+        "-policy $nist1",
+        "True", $nist1, $nist1, 0
+    ],
+    [
+        "4.8.6.3",
+        "Overlapping Policies Test6",
+        "-policy $nist2",
+        "True", $nist1, "<empty>", 43
+    ],
+    [
+        "4.8.7",
+        "Different Policies Test7",
+        "-policy anyPolicy",
+        "True", "<empty>", "<empty>", 43
+    ],
+    [
+        "4.8.8",
+        "Different Policies Test8",
+        "-policy anyPolicy",
+        "True", "<empty>", "<empty>", 43
+    ],
+    [
+        "4.8.9",
+        "Different Policies Test9",
+        "-policy anyPolicy",
+        "True", "<empty>", "<empty>", 43
+    ],
+    [
+        "4.8.10.1",
+        "All Certificates Same Policies Test10",
+        "-policy $nist1",
+        "True", "$nist1:$nist2", "$nist1", 0
+    ],
+    [
+        "4.8.10.2",
+        "All Certificates Same Policies Test10",
+        "-policy $nist2",
+        "True", "$nist1:$nist2", "$nist2", 0
+    ],
+    [
+        "4.8.10.3",
+        "All Certificates Same Policies Test10",
+        "-policy anyPolicy",
+        "True", "$nist1:$nist2", "$nist1:$nist2", 0
+    ],
+    [
+        "4.8.11.1",
+        "All Certificates AnyPolicy Test11",
+        "-policy anyPolicy",
+        "True", "$apolicy", "$apolicy", 0
+    ],
+    [
+        "4.8.11.2",
+        "All Certificates AnyPolicy Test11",
+        "-policy $nist1",
+        "True", "$apolicy", "$nist1", 0
+    ],
+    [
+        "4.8.12",
+        "Different Policies Test12",
+        "-policy anyPolicy",
+        "True", "<empty>", "<empty>", 43
+    ],
+    [
+        "4.8.13.1",
+        "All Certificates Same Policies Test13",
+        "-policy $nist1",
+        "True", "$nist1:$nist2:$nist3", "$nist1", 0
+    ],
+    [
+        "4.8.13.2",
+        "All Certificates Same Policies Test13",
+        "-policy $nist2",
+        "True", "$nist1:$nist2:$nist3", "$nist2", 0
+    ],
+    [
+        "4.8.13.3",
+        "All Certificates Same Policies Test13",
+        "-policy $nist3",
+        "True", "$nist1:$nist2:$nist3", "$nist3", 0
+    ],
+    [
+        "4.8.14.1",       "AnyPolicy Test14",
+        "-policy $nist1", "True",
+        "$nist1",         "$nist1",
+        0
+    ],
+    [
+        "4.8.14.2",       "AnyPolicy Test14",
+        "-policy $nist2", "True",
+        "$nist1",         "<empty>",
+        43
+    ],
+    [
+        "4.8.15",
+        "User Notice Qualifier Test15",
+        "-policy anyPolicy",
+        "False", "$nist1", "$nist1", 0
+    ],
+    [
+        "4.8.16",
+        "User Notice Qualifier Test16",
+        "-policy anyPolicy",
+        "False", "$nist1", "$nist1", 0
+    ],
+    [
+        "4.8.17",
+        "User Notice Qualifier Test17",
+        "-policy anyPolicy",
+        "False", "$nist1", "$nist1", 0
+    ],
+    [
+        "4.8.18.1",
+        "User Notice Qualifier Test18",
+        "-policy $nist1",
+        "True", "$nist1:$nist2", "$nist1", 0
+    ],
+    [
+        "4.8.18.2",
+        "User Notice Qualifier Test18",
+        "-policy $nist2",
+        "True", "$nist1:$nist2", "$nist2", 0
+    ],
+    [
+        "4.8.19",
+        "User Notice Qualifier Test19",
+        "-policy anyPolicy",
+        "False", "$nist1", "$nist1", 0
+    ],
+    [
+        "4.8.20",
+        "CPS Pointer Qualifier Test20",
+        "-policy anyPolicy -explicit_policy",
+        "True", "$nist1", "$nist1", 0
+    ],
+    [ "4.9", "Require Explicit Policy" ],
+    [
+        "4.9.1",
+        "Valid RequireExplicitPolicy Test1",
+        "-policy anyPolicy",
+        "False", "<empty>", "<empty>", 0
+    ],
+    [
+        "4.9.2",
+        "Valid RequireExplicitPolicy Test2",
+        "-policy anyPolicy",
+        "False", "<empty>", "<empty>", 0
+    ],
+    [
+        "4.9.3",
+        "Invalid RequireExplicitPolicy Test3",
+        "-policy anyPolicy",
+        "True", "<empty>", "<empty>", 43
+    ],
+    [
+        "4.9.4",
+        "Valid RequireExplicitPolicy Test4",
+        "-policy anyPolicy",
+        "True", "$nist1", "$nist1", 0
+    ],
+    [
+        "4.9.5",
+        "Invalid RequireExplicitPolicy Test5",
+        "-policy anyPolicy",
+        "True", "<empty>", "<empty>", 43
+    ],
+    [
+        "4.9.6",
+        "Valid Self-Issued requireExplicitPolicy Test6",
+        "-policy anyPolicy",
+        "False", "<empty>", "<empty>", 0
+    ],
+    [
+        "4.9.7",
+        "Invalid Self-Issued requireExplicitPolicy Test7",
+        "-policy anyPolicy",
+        "True", "<empty>", "<empty>", 43
+    ],
+    [
+        "4.9.8",
+        "Invalid Self-Issued requireExplicitPolicy Test8",
+        "-policy anyPolicy",
+        "True", "<empty>", "<empty>", 43
+    ],
+    [ "4.10", "Policy Mappings" ],
+    [
+        "4.10.1.1",
+        "Valid Policy Mapping Test1",
+        "-policy $nist1",
+        "True", "$nist1", "$nist1", 0
+    ],
+    [
+        "4.10.1.2",
+        "Valid Policy Mapping Test1",
+        "-policy $nist2",
+        "True", "$nist1", "<empty>", 43
+    ],
+    [
+        "4.10.1.3",
+        "Valid Policy Mapping Test1",
+        "-policy anyPolicy -inhibit_map",
+        "True", "<empty>", "<empty>", 43
+    ],
+    [
+        "4.10.2.1",
+        "Invalid Policy Mapping Test2",
+        "-policy anyPolicy",
+        "True", "<empty>", "<empty>", 43
+    ],
+    [
+        "4.10.2.2",
+        "Invalid Policy Mapping Test2",
+        "-policy anyPolicy -inhibit_map",
+        "True", "<empty>", "<empty>", 43
+    ],
+    [
+        "4.10.3.1",
+        "Valid Policy Mapping Test3",
+        "-policy $nist1",
+        "True", "$nist2", "<empty>", 43
+    ],
+    [
+        "4.10.3.2",
+        "Valid Policy Mapping Test3",
+        "-policy $nist2",
+        "True", "$nist2", "$nist2", 0
+    ],
+    [
+        "4.10.4",
+        "Invalid Policy Mapping Test4",
+        "-policy anyPolicy",
+        "True", "<empty>", "<empty>", 43
+    ],
+    [
+        "4.10.5.1",
+        "Valid Policy Mapping Test5",
+        "-policy $nist1",
+        "True", "$nist1", "$nist1", 0
+    ],
+    [
+        "4.10.5.2",
+        "Valid Policy Mapping Test5",
+        "-policy $nist6",
+        "True", "$nist1", "<empty>", 43
+    ],
+    [
+        "4.10.6.1",
+        "Valid Policy Mapping Test6",
+        "-policy $nist1",
+        "True", "$nist1", "$nist1", 0
+    ],
+    [
+        "4.10.6.2",
+        "Valid Policy Mapping Test6",
+        "-policy $nist6",
+        "True", "$nist1", "<empty>", 43
+    ],
+    [ "4.10.7", "Invalid Mapping From anyPolicy Test7", 42 ],
+    [ "4.10.8", "Invalid Mapping To anyPolicy Test8",   42 ],
+    [
+        "4.10.9",
+        "Valid Policy Mapping Test9",
+        "-policy anyPolicy",
+        "True", "$nist1", "$nist1", 0
+    ],
+    [
+        "4.10.10",
+        "Invalid Policy Mapping Test10",
+        "-policy anyPolicy",
+        "True", "<empty>", "<empty>", 43
+    ],
+    [
+        "4.10.11",
+        "Valid Policy Mapping Test11",
+        "-policy anyPolicy",
+        "True", "$nist1", "$nist1", 0
+    ],
+
+    # TODO: check notice display
+    [
+        "4.10.12.1",
+        "Valid Policy Mapping Test12",
+        "-policy $nist1",
+        "True", "$nist1:$nist2", "$nist1", 0
+    ],
+
+    # TODO: check notice display
+    [
+        "4.10.12.2",
+        "Valid Policy Mapping Test12",
+        "-policy $nist2",
+        "True", "$nist1:$nist2", "$nist2", 0
+    ],
+    [
+        "4.10.13",
+        "Valid Policy Mapping Test13",
+        "-policy anyPolicy",
+        "True", "$nist1", "$nist1", 0
+    ],
+
+    # TODO: check notice display
+    [
+        "4.10.14",
+        "Valid Policy Mapping Test14",
+        "-policy anyPolicy",
+        "True", "$nist1", "$nist1", 0
+    ],
+    [ "4.11", "Inhibit Policy Mapping" ],
+    [
+        "4.11.1",
+        "Invalid inhibitPolicyMapping Test1",
+        "-policy anyPolicy",
+        "True", "<empty>", "<empty>", 43
+    ],
+    [
+        "4.11.2",
+        "Valid inhibitPolicyMapping Test2",
+        "-policy anyPolicy",
+        "True", "$nist1", "$nist1", 0
+    ],
+    [
+        "4.11.3",
+        "Invalid inhibitPolicyMapping Test3",
+        "-policy anyPolicy",
+        "True", "<empty>", "<empty>", 43
+    ],
+    [
+        "4.11.4",
+        "Valid inhibitPolicyMapping Test4",
+        "-policy anyPolicy",
+        "True", "$nist2", "$nist2", 0
+    ],
+    [
+        "4.11.5",
+        "Invalid inhibitPolicyMapping Test5",
+        "-policy anyPolicy",
+        "True", "<empty>", "<empty>", 43
+    ],
+    [
+        "4.11.6",
+        "Invalid inhibitPolicyMapping Test6",
+        "-policy anyPolicy",
+        "True", "<empty>", "<empty>", 43
+    ],
+    [
+        "4.11.7",
+        "Valid Self-Issued inhibitPolicyMapping Test7",
+        "-policy anyPolicy",
+        "True", "$nist1", "$nist1", 0
+    ],
+    [
+        "4.11.8",
+        "Invalid Self-Issued inhibitPolicyMapping Test8",
+        "-policy anyPolicy",
+        "True", "<empty>", "<empty>", 43
+    ],
+    [
+        "4.11.9",
+        "Invalid Self-Issued inhibitPolicyMapping Test9",
+        "-policy anyPolicy",
+        "True", "<empty>", "<empty>", 43
+    ],
+    [
+        "4.11.10",
+        "Invalid Self-Issued inhibitPolicyMapping Test10",
+        "-policy anyPolicy",
+        "True", "<empty>", "<empty>", 43
+    ],
+    [
+        "4.11.11",
+        "Invalid Self-Issued inhibitPolicyMapping Test11",
+        "-policy anyPolicy",
+        "True", "<empty>", "<empty>", 43
+    ],
+    [ "4.12", "Inhibit Any Policy" ],
+    [
+        "4.12.1",
+        "Invalid inhibitAnyPolicy Test1",
+        "-policy anyPolicy",
+        "True", "<empty>", "<empty>", 43
+    ],
+    [
+        "4.12.2",
+        "Valid inhibitAnyPolicy Test2",
+        "-policy anyPolicy",
+        "True", "$nist1", "$nist1", 0
+    ],
+    [
+        "4.12.3.1",
+        "inhibitAnyPolicy Test3",
+        "-policy anyPolicy",
+        "True", "$nist1", "$nist1", 0
+    ],
+    [
+        "4.12.3.2",
+        "inhibitAnyPolicy Test3",
+        "-policy anyPolicy -inhibit_any",
+        "True", "<empty>", "<empty>", 43
+    ],
+    [
+        "4.12.4",
+        "Invalid inhibitAnyPolicy Test4",
+        "-policy anyPolicy",
+        "True", "<empty>", "<empty>", 43
+    ],
+    [
+        "4.12.5",
+        "Invalid inhibitAnyPolicy Test5",
+        "-policy anyPolicy",
+        "True", "<empty>", "<empty>", 43
+    ],
+    [
+        "4.12.6",
+        "Invalid inhibitAnyPolicy Test6",
+        "-policy anyPolicy",
+        "True", "<empty>", "<empty>", 43
+    ],
+    [ "4.12.7",  "Valid Self-Issued inhibitAnyPolicy Test7",      0 ],
+    [ "4.12.8",  "Invalid Self-Issued inhibitAnyPolicy Test8",    43 ],
+    [ "4.12.9",  "Valid Self-Issued inhibitAnyPolicy Test9",      0 ],
+    [ "4.12.10", "Invalid Self-Issued inhibitAnyPolicy Test10",   43 ],
+    [ "4.13",    "Name Constraints" ],
+    [ "4.13.1",  "Valid DN nameConstraints Test1",                0 ],
+    [ "4.13.2",  "Invalid DN nameConstraints Test2",              47 ],
+    [ "4.13.3",  "Invalid DN nameConstraints Test3",              47 ],
+    [ "4.13.4",  "Valid DN nameConstraints Test4",                0 ],
+    [ "4.13.5",  "Valid DN nameConstraints Test5",                0 ],
+    [ "4.13.6",  "Valid DN nameConstraints Test6",                0 ],
+    [ "4.13.7",  "Invalid DN nameConstraints Test7",              48 ],
+    [ "4.13.8",  "Invalid DN nameConstraints Test8",              48 ],
+    [ "4.13.9",  "Invalid DN nameConstraints Test9",              48 ],
+    [ "4.13.10", "Invalid DN nameConstraints Test10",             48 ],
+    [ "4.13.11", "Valid DN nameConstraints Test11",               0 ],
+    [ "4.13.12", "Invalid DN nameConstraints Test12",             47 ],
+    [ "4.13.13", "Invalid DN nameConstraints Test13",             47 ],
+    [ "4.13.14", "Valid DN nameConstraints Test14",               0 ],
+    [ "4.13.15", "Invalid DN nameConstraints Test15",             48 ],
+    [ "4.13.16", "Invalid DN nameConstraints Test16",             48 ],
+    [ "4.13.17", "Invalid DN nameConstraints Test17",             48 ],
+    [ "4.13.18", "Valid DN nameConstraints Test18",               0 ],
+    [ "4.13.19", "Valid Self-Issued DN nameConstraints Test19",   0 ],
+    [ "4.13.20", "Invalid Self-Issued DN nameConstraints Test20", 47 ],
+    [ "4.13.21", "Valid RFC822 nameConstraints Test21",           0 ],
+    [ "4.13.22", "Invalid RFC822 nameConstraints Test22",         47 ],
+    [ "4.13.23", "Valid RFC822 nameConstraints Test23",           0 ],
+    [ "4.13.24", "Invalid RFC822 nameConstraints Test24",         47 ],
+    [ "4.13.25", "Valid RFC822 nameConstraints Test25",           0 ],
+    [ "4.13.26", "Invalid RFC822 nameConstraints Test26",         48 ],
+    [ "4.13.27", "Valid DN and RFC822 nameConstraints Test27",    0 ],
+    [ "4.13.28", "Invalid DN and RFC822 nameConstraints Test28",  47 ],
+    [ "4.13.29", "Invalid DN and RFC822 nameConstraints Test29",  47 ],
+    [ "4.13.30", "Valid DNS nameConstraints Test30",              0 ],
+    [ "4.13.31", "Invalid DNS nameConstraints Test31",            47 ],
+    [ "4.13.32", "Valid DNS nameConstraints Test32",              0 ],
+    [ "4.13.33", "Invalid DNS nameConstraints Test33",            48 ],
+    [ "4.13.34", "Valid URI nameConstraints Test34",              0 ],
+    [ "4.13.35", "Invalid URI nameConstraints Test35",            47 ],
+    [ "4.13.36", "Valid URI nameConstraints Test36",              0 ],
+    [ "4.13.37", "Invalid URI nameConstraints Test37",            48 ],
+    [ "4.13.38", "Invalid DNS nameConstraints Test38",            47 ],
+    [ "4.14",    "Distribution Points" ],
+    [ "4.14.1",  "Valid distributionPoint Test1",                 0 ],
+    [ "4.14.2",  "Invalid distributionPoint Test2",               23 ],
+    [ "4.14.3",  "Invalid distributionPoint Test3",               44 ],
+    [ "4.14.4",  "Valid distributionPoint Test4",                 0 ],
+    [ "4.14.5",  "Valid distributionPoint Test5",                 0 ],
+    [ "4.14.6",  "Invalid distributionPoint Test6",               23 ],
+    [ "4.14.7",  "Valid distributionPoint Test7",                 0 ],
+    [ "4.14.8",  "Invalid distributionPoint Test8",               44 ],
+    [ "4.14.9",  "Invalid distributionPoint Test9",               44 ],
+    [ "4.14.10", "Valid No issuingDistributionPoint Test10",      0 ],
+    [ "4.14.11", "Invalid onlyContainsUserCerts CRL Test11",      44 ],
+    [ "4.14.12", "Invalid onlyContainsCACerts CRL Test12",        44 ],
+    [ "4.14.13", "Valid onlyContainsCACerts CRL Test13",          0 ],
+    [ "4.14.14", "Invalid onlyContainsAttributeCerts Test14",     44 ],
+    [ "4.14.15", "Invalid onlySomeReasons Test15",                23 ],
+    [ "4.14.16", "Invalid onlySomeReasons Test16",                23 ],
+    [ "4.14.17", "Invalid onlySomeReasons Test17",                3 ],
+    [ "4.14.18", "Valid onlySomeReasons Test18",                  0 ],
+    [ "4.14.19", "Valid onlySomeReasons Test19",                  0 ],
+    [ "4.14.20", "Invalid onlySomeReasons Test20",                23 ],
+    [ "4.14.21", "Invalid onlySomeReasons Test21",                23 ],
+    [ "4.14.22", "Valid IDP with indirectCRL Test22",             0 ],
+    [ "4.14.23", "Invalid IDP with indirectCRL Test23",           23 ],
+    [ "4.14.24", "Valid IDP with indirectCRL Test24",             0 ],
+    [ "4.14.25", "Valid IDP with indirectCRL Test25",             0 ],
+    [ "4.14.26", "Invalid IDP with indirectCRL Test26",           44 ],
+    [ "4.14.27", "Invalid cRLIssuer Test27",                      3 ],
+    [ "4.14.28", "Valid cRLIssuer Test28",                        0 ],
+    [ "4.14.29", "Valid cRLIssuer Test29",                        0 ],
+
+    # Although this test is valid it has a circular dependency. As a result
+    # an attempt is made to reursively checks a CRL path and rejected due to
+    # a CRL path validation error. PKITS notes suggest this test does not
+    # need to be run due to this issue.
+    [ "4.14.30", "Valid cRLIssuer Test30",                                 54 ],
+    [ "4.14.31", "Invalid cRLIssuer Test31",                               23 ],
+    [ "4.14.32", "Invalid cRLIssuer Test32",                               23 ],
+    [ "4.14.33", "Valid cRLIssuer Test33",                                 0 ],
+    [ "4.14.34", "Invalid cRLIssuer Test34",                               23 ],
+    [ "4.14.35", "Invalid cRLIssuer Test35",                               44 ],
+    [ "4.15",    "Delta-CRLs" ],
+    [ "4.15.1",  "Invalid deltaCRLIndicator No Base Test1",                3 ],
+    [ "4.15.2",  "Valid delta-CRL Test2",                                  0 ],
+    [ "4.15.3",  "Invalid delta-CRL Test3",                                23 ],
+    [ "4.15.4",  "Invalid delta-CRL Test4",                                23 ],
+    [ "4.15.5",  "Valid delta-CRL Test5",                                  0 ],
+    [ "4.15.6",  "Invalid delta-CRL Test6",                                23 ],
+    [ "4.15.7",  "Valid delta-CRL Test7",                                  0 ],
+    [ "4.15.8",  "Valid delta-CRL Test8",                                  0 ],
+    [ "4.15.9",  "Invalid delta-CRL Test9",                                23 ],
+    [ "4.15.10", "Invalid delta-CRL Test10",                               12 ],
+    [ "4.16",    "Private Certificate Extensions" ],
+    [ "4.16.1",  "Valid Unknown Not Critical Certificate Extension Test1", 0 ],
+    [ "4.16.2",  "Invalid Unknown Critical Certificate Extension Test2",   34 ],
+);
+
+
+my $verbose = 1;
+
+my $numtest = 0;
+my $numfail = 0;
+
+my $ossl = "ossl/apps/openssl";
+
+my $ossl_cmd = "$ossl_path cms -verify -verify_retcode ";
+$ossl_cmd .= "-CAfile pkitsta.pem -crl_check_all -x509_strict ";
+$ossl_cmd .= "-policy_check -extended_crl -use_deltas -out /dev/null 2>&1 ";
+
+system "$ossl_path x509 -inform DER -in $pkitsta -out pkitsta.pem";
+
+die "Can't create trust anchor file" if $?;
+
+print "Running PKITS tests:\n" if $verbose;
+
+foreach (@testlists) {
+    my $argnum = @$_;
+    if ( $argnum == 2 ) {
+        my ( $tnum, $title ) = @$_;
+        print "$tnum $title\n" if $verbose;
+    }
+    elsif ( $argnum == 3 ) {
+        my ( $tnum, $title, $exp_ret ) = @$_;
+        my $filename = $title;
+        $exp_ret += 32 if $exp_ret;
+        $filename =~ tr/ -//d;
+        $filename = "Signed${filename}.eml";
+        if ( !-f "$pkitsdir/$filename" ) {
+            print "\"$filename\" not found\n";
+        }
+        else {
+            my $ret;
+            my $test_fail = 0;
+            my $errmsg    = "";
+            my $cmd       = $ossl_cmd;
+            $cmd .= "-in $pkitsdir/$filename -policy anyPolicy";
+            my $cmdout = `$cmd`;
+            $ret = $? >> 8;
+            if ( $? & 0xff ) {
+                $errmsg .= "Abnormal OpenSSL termination\n";
+                $test_fail = 1;
+            }
+            if ( $exp_ret != $ret ) {
+                $errmsg .= "Return code:$ret, ";
+                $errmsg .= "expected $exp_ret\n";
+                $test_fail = 1;
+            }
+            if ($test_fail) {
+                print "$tnum $title : Failed!\n";
+                print "Filename: $pkitsdir/$filename\n";
+                print $errmsg;
+                print "Command output:\n$cmdout\n";
+                $numfail++;
+            }
+            $numtest++;
+        }
+    }
+    elsif ( $argnum == 7 ) {
+        my ( $tnum, $title, $exargs, $exp_epol, $exp_aset, $exp_uset, $exp_ret )
+          = @$_;
+        my $filename = $title;
+        $exp_ret += 32 if $exp_ret;
+        $filename =~ tr/ -//d;
+        $filename = "Signed${filename}.eml";
+        if ( !-f "$pkitsdir/$filename" ) {
+            print "\"$filename\" not found\n";
+        }
+        else {
+            my $ret;
+            my $cmdout    = "";
+            my $errmsg    = "";
+            my $epol      = "";
+            my $aset      = "";
+            my $uset      = "";
+            my $pol       = -1;
+            my $test_fail = 0;
+            my $cmd       = $ossl_cmd;
+            $cmd .= "-in $pkitsdir/$filename $exargs -policy_print";
+            @oparr = `$cmd`;
+            $ret   = $? >> 8;
+
+            if ( $? & 0xff ) {
+                $errmsg .= "Abnormal OpenSSL termination\n";
+                $test_fail = 1;
+            }
+            foreach (@oparr) {
+                my $test_failed = 0;
+                $cmdout .= $_;
+                if (/^Require explicit Policy: (.*)$/) {
+                    $epol = $1;
+                }
+                if (/^Authority Policies/) {
+                    if (/empty/) {
+                        $aset = "<empty>";
+                    }
+                    else {
+                        $pol = 1;
+                    }
+                }
+                $test_fail = 1 if (/leak/i);
+                if (/^User Policies/) {
+                    if (/empty/) {
+                        $uset = "<empty>";
+                    }
+                    else {
+                        $pol = 2;
+                    }
+                }
+                if (/\s+Policy: (.*)$/) {
+                    if ( $pol == 1 ) {
+                        $aset .= ":" if $aset ne "";
+                        $aset .= $1;
+                    }
+                    elsif ( $pol == 2 ) {
+                        $uset .= ":" if $uset ne "";
+                        $uset .= $1;
+                    }
+                }
+            }
+
+            if ( $epol ne $exp_epol ) {
+                $errmsg .= "Explicit policy:$epol, ";
+                $errmsg .= "expected $exp_epol\n";
+                $test_fail = 1;
+            }
+            if ( $aset ne $exp_aset ) {
+                $errmsg .= "Authority policy set :$aset, ";
+                $errmsg .= "expected $exp_aset\n";
+                $test_fail = 1;
+            }
+            if ( $uset ne $exp_uset ) {
+                $errmsg .= "User policy set :$uset, ";
+                $errmsg .= "expected $exp_uset\n";
+                $test_fail = 1;
+            }
+
+            if ( $exp_ret != $ret ) {
+                print "Return code:$ret, expected $exp_ret\n";
+                $test_fail = 1;
+            }
+
+            if ($test_fail) {
+                print "$tnum $title : Failed!\n";
+                print "Filename: $pkitsdir/$filename\n";
+                print "Command output:\n$cmdout\n";
+                $numfail++;
+            }
+            $numtest++;
+        }
+    }
+}
+
+if ($numfail) {
+    print "$numfail tests failed out of $numtest\n";
+}
+else {
+    print "All Tests Successful.\n";
+}
+
+unlink "pkitsta.pem";
+
diff --git a/src/lib/libssl/test/test_padlock b/src/lib/libssl/test/test_padlock
new file mode 100755
index 0000000000..5c0f21043c
--- /dev/null
+++ b/src/lib/libssl/test/test_padlock
@@ -0,0 +1,64 @@
+#!/bin/sh
+
+PROG=$1
+
+if [ -x $PROG ]; then
+    if expr "x`$PROG version`" : "xOpenSSL" > /dev/null; then
+        :
+    else
+        echo "$PROG is not OpenSSL executable"
+        exit 1
+    fi
+else
+    echo "$PROG is not executable"
+    exit 1;
+fi
+
+if $PROG engine padlock | grep -v no-ACE; then
+
+    HASH=`cat $PROG | $PROG dgst -hex`
+
+    ACE_ALGS="  aes-128-ecb aes-192-ecb aes-256-ecb \
+                aes-128-cbc aes-192-cbc aes-256-cbc \
+                aes-128-cfb aes-192-cfb aes-256-cfb \
+                aes-128-ofb aes-192-ofb aes-256-ofb"
+
+    nerr=0
+
+    for alg in $ACE_ALGS; do
+        echo $alg
+        TEST=`( cat $PROG | \
+                $PROG enc -e -k "$HASH" -$alg -bufsize 999 -engine padlock | \
+                $PROG enc -d -k "$HASH" -$alg | \
+                $PROG dgst -hex ) 2>/dev/null`
+        if [ "$TEST" != "$HASH" ]; then
+                echo "-$alg encrypt test failed"
+                nerr=`expr $nerr + 1`
+        fi
+        TEST=`( cat $PROG | \
+                $PROG enc -e -k "$HASH" -$alg | \
+                $PROG enc -d -k "$HASH" -$alg -bufsize 999 -engine padlock | \
+                $PROG dgst -hex ) 2>/dev/null`
+        if [ "$TEST" != "$HASH" ]; then
+                echo "-$alg decrypt test failed"
+                nerr=`expr $nerr + 1`
+        fi
+        TEST=`( cat $PROG | \
+                $PROG enc -e -k "$HASH" -$alg -engine padlock | \
+                $PROG enc -d -k "$HASH" -$alg -engine padlock | \
+                $PROG dgst -hex ) 2>/dev/null`
+        if [ "$TEST" != "$HASH" ]; then
+                echo "-$alg en/decrypt test failed"
+                nerr=`expr $nerr + 1`
+        fi
+    done
+
+    if [ $nerr -gt 0 ]; then
+        echo "PadLock ACE test failed."
+        exit 1;
+    fi
+else
+    echo "PadLock ACE is not available"
+fi
+
+exit 0
diff --git a/src/lib/libssl/test/testtsa b/src/lib/libssl/test/testtsa
new file mode 100644
index 0000000000..bb653b5f73
--- /dev/null
+++ b/src/lib/libssl/test/testtsa
@@ -0,0 +1,238 @@
+#!/bin/sh
+
+#
+# A few very basic tests for the 'ts' time stamping authority command.
+#
+
+SH="/bin/sh"
+if test "$OSTYPE" = msdosdjgpp; then
+    PATH="../apps\;$PATH"
+else
+    PATH="../apps:$PATH"
+fi
+export SH PATH
+
+OPENSSL_CONF="../CAtsa.cnf"
+export OPENSSL_CONF
+# Because that's what ../apps/CA.sh really looks at
+SSLEAY_CONFIG="-config $OPENSSL_CONF"
+export SSLEAY_CONFIG
+
+OPENSSL="`pwd`/../util/opensslwrap.sh"
+export OPENSSL
+
+error () {
+
+    echo "TSA test failed!" >&2
+    exit 1
+}
+
+setup_dir () {
+
+    rm -rf tsa 2>/dev/null
+    mkdir tsa
+    cd ./tsa
+}
+
+clean_up_dir () {
+
+    cd ..
+    rm -rf tsa
+}
+
+create_ca () {
+
+    echo "Creating a new CA for the TSA tests..."
+    TSDNSECT=ts_ca_dn
+    export TSDNSECT   
+    ../../util/shlib_wrap.sh ../../apps/openssl req -new -x509 -nodes \
+        -out tsaca.pem -keyout tsacakey.pem
+    test $? != 0 && error
+}
+
+create_tsa_cert () {
+
+    INDEX=$1
+    export INDEX
+    EXT=$2
+    TSDNSECT=ts_cert_dn
+    export TSDNSECT   
+
+    ../../util/shlib_wrap.sh ../../apps/openssl req -new \
+        -out tsa_req${INDEX}.pem -keyout tsa_key${INDEX}.pem
+    test $? != 0 && error
+echo Using extension $EXT
+    ../../util/shlib_wrap.sh ../../apps/openssl x509 -req \
+        -in tsa_req${INDEX}.pem -out tsa_cert${INDEX}.pem \
+        -CA tsaca.pem -CAkey tsacakey.pem -CAcreateserial \
+        -extfile $OPENSSL_CONF -extensions $EXT
+    test $? != 0 && error
+}
+
+print_request () {
+
+    ../../util/shlib_wrap.sh ../../apps/openssl ts -query -in $1 -text
+}
+
+create_time_stamp_request1 () {
+
+    ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../testtsa -policy tsa_policy1 -cert -out req1.tsq
+    test $? != 0 && error
+}
+
+create_time_stamp_request2 () {
+
+    ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../testtsa -policy tsa_policy2 -no_nonce \
+        -out req2.tsq
+    test $? != 0 && error
+}
+
+create_time_stamp_request3 () {
+
+    ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../CAtsa.cnf -no_nonce -out req3.tsq
+    test $? != 0 && error
+}
+
+print_response () {
+
+    ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $1 -text
+    test $? != 0 && error
+}
+
+create_time_stamp_response () {
+
+    ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -section $3 -queryfile $1 -out $2
+    test $? != 0 && error
+}
+
+time_stamp_response_token_test () {
+
+    RESPONSE2=$2.copy.tsr
+    TOKEN_DER=$2.token.der
+    ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $TOKEN_DER -token_out
+    test $? != 0 && error
+    ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $TOKEN_DER -token_in -out $RESPONSE2
+    test $? != 0 && error
+    cmp $RESPONSE2 $2
+    test $? != 0 && error
+    ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -text -token_out
+    test $? != 0 && error
+    ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $TOKEN_DER -token_in -text -token_out
+    test $? != 0 && error
+    ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -queryfile $1 -text -token_out
+    test $? != 0 && error
+}
+
+verify_time_stamp_response () {
+
+    ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \
+        -untrusted tsa_cert1.pem
+    test $? != 0 && error
+    ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2 -CAfile tsaca.pem \
+        -untrusted tsa_cert1.pem
+    test $? != 0 && error
+}
+
+verify_time_stamp_token () {
+
+    # create the token from the response first
+    ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $2.token -token_out
+    test $? != 0 && error
+    ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2.token -token_in \
+        -CAfile tsaca.pem -untrusted tsa_cert1.pem
+    test $? != 0 && error
+    ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2.token -token_in \
+        -CAfile tsaca.pem -untrusted tsa_cert1.pem
+    test $? != 0 && error
+}
+
+verify_time_stamp_response_fail () {
+
+    ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \
+        -untrusted tsa_cert1.pem
+    # Checks if the verification failed, as it should have.
+    test $? = 0 && error
+    echo Ok
+}
+
+# main functions
+
+echo "Setting up TSA test directory..."
+setup_dir
+
+echo "Creating CA for TSA tests..."
+create_ca
+
+echo "Creating tsa_cert1.pem TSA server cert..."
+create_tsa_cert 1 tsa_cert
+
+echo "Creating tsa_cert2.pem non-TSA server cert..."
+create_tsa_cert 2 non_tsa_cert
+
+echo "Creating req1.req time stamp request for file testtsa..."
+create_time_stamp_request1
+
+echo "Printing req1.req..."
+print_request req1.tsq
+
+echo "Generating valid response for req1.req..."
+create_time_stamp_response req1.tsq resp1.tsr tsa_config1
+
+echo "Printing response..."
+print_response resp1.tsr
+
+echo "Verifying valid response..."
+verify_time_stamp_response req1.tsq resp1.tsr ../testtsa
+
+echo "Verifying valid token..."
+verify_time_stamp_token req1.tsq resp1.tsr ../testtsa
+
+# The tests below are commented out, because invalid signer certificates
+# can no longer be specified in the config file.
+
+# echo "Generating _invalid_ response for req1.req..."
+# create_time_stamp_response req1.tsq resp1_bad.tsr tsa_config2
+
+# echo "Printing response..."
+# print_response resp1_bad.tsr
+
+# echo "Verifying invalid response, it should fail..."
+# verify_time_stamp_response_fail req1.tsq resp1_bad.tsr
+
+echo "Creating req2.req time stamp request for file testtsa..."
+create_time_stamp_request2
+
+echo "Printing req2.req..."
+print_request req2.tsq
+
+echo "Generating valid response for req2.req..."
+create_time_stamp_response req2.tsq resp2.tsr tsa_config1
+
+echo "Checking '-token_in' and '-token_out' options with '-reply'..."
+time_stamp_response_token_test req2.tsq resp2.tsr
+
+echo "Printing response..."
+print_response resp2.tsr
+
+echo "Verifying valid response..."
+verify_time_stamp_response req2.tsq resp2.tsr ../testtsa
+
+echo "Verifying response against wrong request, it should fail..."
+verify_time_stamp_response_fail req1.tsq resp2.tsr
+
+echo "Verifying response against wrong request, it should fail..."
+verify_time_stamp_response_fail req2.tsq resp1.tsr
+
+echo "Creating req3.req time stamp request for file CAtsa.cnf..."
+create_time_stamp_request3
+
+echo "Printing req3.req..."
+print_request req3.tsq
+
+echo "Verifying response against wrong request, it should fail..."
+verify_time_stamp_response_fail req3.tsq resp1.tsr
+
+echo "Cleaning up..."
+clean_up_dir
+
+exit 0