Import OpenSSL 1.0.1g

134 files changed, 3912 insertions, 1395 deletions

diff --git a/src/lib/libcrypto/ecdh/Makefile b/src/lib/libcrypto/ecdh/Makefile
index 65d8904ee8..ba05fea05c 100644
--- a/src/lib/libcrypto/ecdh/Makefile
+++ b/src/lib/libcrypto/ecdh/Makefile
@@ -84,17 +84,12 @@ ech_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 ech_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 ech_err.o: ech_err.c
 ech_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-ech_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-ech_key.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-ech_key.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-ech_key.o: ../../include/openssl/engine.h ../../include/openssl/evp.h
-ech_key.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-ech_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-ech_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-ech_key.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-ech_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-ech_key.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-ech_key.o: ../../include/openssl/x509_vfy.h ech_key.c ech_locl.h
+ech_key.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ech_key.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+ech_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+ech_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+ech_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ech_key.o: ech_key.c ech_locl.h
 ech_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 ech_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 ech_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
diff --git a/src/lib/libcrypto/engine/eng_rdrand.c b/src/lib/libcrypto/engine/eng_rdrand.c
index a9ba5ae6f9..4e9e91d54b 100644
--- a/src/lib/libcrypto/engine/eng_rdrand.c
+++ b/src/lib/libcrypto/engine/eng_rdrand.c
@@ -104,6 +104,7 @@ static int bind_helper(ENGINE *e)
         {
         if (!ENGINE_set_id(e, engine_e_rdrand_id) ||
             !ENGINE_set_name(e, engine_e_rdrand_name) ||
+            !ENGINE_set_flags(e, ENGINE_FLAGS_NO_REGISTER_ALL) ||
             !ENGINE_set_init_function(e, rdrand_init) ||
             !ENGINE_set_RAND(e, &rdrand_meth) )
                 return 0;
diff --git a/src/lib/libcrypto/mdc2/mdc2dgst.c b/src/lib/libcrypto/mdc2/mdc2dgst.c
index b74bb1a759..d66ed6a1c6 100644
--- a/src/lib/libcrypto/mdc2/mdc2dgst.c
+++ b/src/lib/libcrypto/mdc2/mdc2dgst.c
@@ -59,9 +59,9 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <openssl/crypto.h>
 #include <openssl/des.h>
 #include <openssl/mdc2.h>
-#include <openssl/crypto.h>
 
 #undef c2l
 #define c2l(c,l)        (l =((DES_LONG)(*((c)++)))    , \
diff --git a/src/lib/libcrypto/modes/Makefile b/src/lib/libcrypto/modes/Makefile
index c825b12f25..3d8bafd571 100644
--- a/src/lib/libcrypto/modes/Makefile
+++ b/src/lib/libcrypto/modes/Makefile
@@ -53,7 +53,10 @@ ghash-x86_64.s:	asm/ghash-x86_64.pl
 ghash-sparcv9.s:        asm/ghash-sparcv9.pl
         $(PERL) asm/ghash-sparcv9.pl $@ $(CFLAGS)
 ghash-alpha.s:  asm/ghash-alpha.pl
-        $(PERL) $< | $(CC) -E - | tee $@ > /dev/null
+        (preproc=/tmp/$$$$.$@; trap "rm $$preproc" INT; \
+        $(PERL) asm/ghash-alpha.pl > $$preproc && \
+        $(CC) -E $$preproc > $@ && rm $$preproc)
+
 ghash-parisc.s: asm/ghash-parisc.pl
         $(PERL) asm/ghash-parisc.pl $(PERLASM_SCHEME) $@
 
diff --git a/src/lib/libcrypto/perlasm/x86masm.pl b/src/lib/libcrypto/perlasm/x86masm.pl
index 96b1b73e1a..f937d07c87 100644
--- a/src/lib/libcrypto/perlasm/x86masm.pl
+++ b/src/lib/libcrypto/perlasm/x86masm.pl
@@ -33,6 +33,7 @@ sub ::generic
 sub ::call      { &::emit("call",(&::islabel($_[0]) or "$nmdecor$_[0]")); }
 sub ::call_ptr  { &::emit("call",@_);   }
 sub ::jmp_ptr   { &::emit("jmp",@_);    }
+sub ::lock      { &::data_byte(0xf0);   }
 
 sub get_mem
 { my($size,$addr,$reg1,$reg2,$idx)=@_;
diff --git a/src/lib/libcrypto/rc5/asm/rc5-586.pl b/src/lib/libcrypto/rc5/asm/rc5-586.pl
index edff1d1e64..61ac6effc6 100644
--- a/src/lib/libcrypto/rc5/asm/rc5-586.pl
+++ b/src/lib/libcrypto/rc5/asm/rc5-586.pl
@@ -1,6 +1,7 @@
 #!/usr/local/bin/perl
 
-push(@INC,"perlasm","../../perlasm");
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
 require "x86asm.pl";
 require "cbc.pl";
 
diff --git a/src/lib/libcrypto/rc5/rc5_ecb.c b/src/lib/libcrypto/rc5/rc5_ecb.c
new file mode 100644
index 0000000000..e72b535507
--- /dev/null
+++ b/src/lib/libcrypto/rc5/rc5_ecb.c
@@ -0,0 +1,80 @@
+/* crypto/rc5/rc5_ecb.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/rc5.h>
+#include "rc5_locl.h"
+#include <openssl/opensslv.h>
+
+const char RC5_version[]="RC5" OPENSSL_VERSION_PTEXT;
+
+void RC5_32_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                        RC5_32_KEY *ks, int encrypt)
+        {
+        unsigned long l,d[2];
+
+        c2l(in,l); d[0]=l;
+        c2l(in,l); d[1]=l;
+        if (encrypt)
+                RC5_32_encrypt(d,ks);
+        else
+                RC5_32_decrypt(d,ks);
+        l=d[0]; l2c(l,out);
+        l=d[1]; l2c(l,out);
+        l=d[0]=d[1]=0;
+        }
+
diff --git a/src/lib/libcrypto/rc5/rc5_enc.c b/src/lib/libcrypto/rc5/rc5_enc.c
new file mode 100644
index 0000000000..f327d32a76
--- /dev/null
+++ b/src/lib/libcrypto/rc5/rc5_enc.c
@@ -0,0 +1,215 @@
+/* crypto/rc5/rc5_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/rc5.h>
+#include "rc5_locl.h"
+
+void RC5_32_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                        long length, RC5_32_KEY *ks, unsigned char *iv,
+                        int encrypt)
+        {
+        register unsigned long tin0,tin1;
+        register unsigned long tout0,tout1,xor0,xor1;
+        register long l=length;
+        unsigned long tin[2];
+
+        if (encrypt)
+                {
+                c2l(iv,tout0);
+                c2l(iv,tout1);
+                iv-=8;
+                for (l-=8; l>=0; l-=8)
+                        {
+                        c2l(in,tin0);
+                        c2l(in,tin1);
+                        tin0^=tout0;
+                        tin1^=tout1;
+                        tin[0]=tin0;
+                        tin[1]=tin1;
+                        RC5_32_encrypt(tin,ks);
+                        tout0=tin[0]; l2c(tout0,out);
+                        tout1=tin[1]; l2c(tout1,out);
+                        }
+                if (l != -8)
+                        {
+                        c2ln(in,tin0,tin1,l+8);
+                        tin0^=tout0;
+                        tin1^=tout1;
+                        tin[0]=tin0;
+                        tin[1]=tin1;
+                        RC5_32_encrypt(tin,ks);
+                        tout0=tin[0]; l2c(tout0,out);
+                        tout1=tin[1]; l2c(tout1,out);
+                        }
+                l2c(tout0,iv);
+                l2c(tout1,iv);
+                }
+        else
+                {
+                c2l(iv,xor0);
+                c2l(iv,xor1);
+                iv-=8;
+                for (l-=8; l>=0; l-=8)
+                        {
+                        c2l(in,tin0); tin[0]=tin0;
+                        c2l(in,tin1); tin[1]=tin1;
+                        RC5_32_decrypt(tin,ks);
+                        tout0=tin[0]^xor0;
+                        tout1=tin[1]^xor1;
+                        l2c(tout0,out);
+                        l2c(tout1,out);
+                        xor0=tin0;
+                        xor1=tin1;
+                        }
+                if (l != -8)
+                        {
+                        c2l(in,tin0); tin[0]=tin0;
+                        c2l(in,tin1); tin[1]=tin1;
+                        RC5_32_decrypt(tin,ks);
+                        tout0=tin[0]^xor0;
+                        tout1=tin[1]^xor1;
+                        l2cn(tout0,tout1,out,l+8);
+                        xor0=tin0;
+                        xor1=tin1;
+                        }
+                l2c(xor0,iv);
+                l2c(xor1,iv);
+                }
+        tin0=tin1=tout0=tout1=xor0=xor1=0;
+        tin[0]=tin[1]=0;
+        }
+
+void RC5_32_encrypt(unsigned long *d, RC5_32_KEY *key)
+        {
+        RC5_32_INT a,b,*s;
+
+        s=key->data;
+
+        a=d[0]+s[0];
+        b=d[1]+s[1];
+        E_RC5_32(a,b,s, 2);
+        E_RC5_32(a,b,s, 4);
+        E_RC5_32(a,b,s, 6);
+        E_RC5_32(a,b,s, 8);
+        E_RC5_32(a,b,s,10);
+        E_RC5_32(a,b,s,12);
+        E_RC5_32(a,b,s,14);
+        E_RC5_32(a,b,s,16);
+        if (key->rounds == 12)
+                {
+                E_RC5_32(a,b,s,18);
+                E_RC5_32(a,b,s,20);
+                E_RC5_32(a,b,s,22);
+                E_RC5_32(a,b,s,24);
+                }
+        else if (key->rounds == 16)
+                {
+                /* Do a full expansion to avoid a jump */
+                E_RC5_32(a,b,s,18);
+                E_RC5_32(a,b,s,20);
+                E_RC5_32(a,b,s,22);
+                E_RC5_32(a,b,s,24);
+                E_RC5_32(a,b,s,26);
+                E_RC5_32(a,b,s,28);
+                E_RC5_32(a,b,s,30);
+                E_RC5_32(a,b,s,32);
+                }
+        d[0]=a;
+        d[1]=b;
+        }
+
+void RC5_32_decrypt(unsigned long *d, RC5_32_KEY *key)
+        {
+        RC5_32_INT a,b,*s;
+
+        s=key->data;
+
+        a=d[0];
+        b=d[1];
+        if (key->rounds == 16) 
+                {
+                D_RC5_32(a,b,s,32);
+                D_RC5_32(a,b,s,30);
+                D_RC5_32(a,b,s,28);
+                D_RC5_32(a,b,s,26);
+                /* Do a full expansion to avoid a jump */
+                D_RC5_32(a,b,s,24);
+                D_RC5_32(a,b,s,22);
+                D_RC5_32(a,b,s,20);
+                D_RC5_32(a,b,s,18);
+                }
+        else if (key->rounds == 12)
+                {
+                D_RC5_32(a,b,s,24);
+                D_RC5_32(a,b,s,22);
+                D_RC5_32(a,b,s,20);
+                D_RC5_32(a,b,s,18);
+                }
+        D_RC5_32(a,b,s,16);
+        D_RC5_32(a,b,s,14);
+        D_RC5_32(a,b,s,12);
+        D_RC5_32(a,b,s,10);
+        D_RC5_32(a,b,s, 8);
+        D_RC5_32(a,b,s, 6);
+        D_RC5_32(a,b,s, 4);
+        D_RC5_32(a,b,s, 2);
+        d[0]=a-s[0];
+        d[1]=b-s[1];
+        }
+
diff --git a/src/lib/libcrypto/rc5/rc5_skey.c b/src/lib/libcrypto/rc5/rc5_skey.c
new file mode 100644
index 0000000000..a2e00a41c5
--- /dev/null
+++ b/src/lib/libcrypto/rc5/rc5_skey.c
@@ -0,0 +1,113 @@
+/* crypto/rc5/rc5_skey.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/rc5.h>
+#include "rc5_locl.h"
+
+void RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data,
+                    int rounds)
+        {
+        RC5_32_INT L[64],l,ll,A,B,*S,k;
+        int i,j,m,c,t,ii,jj;
+
+        if (    (rounds != RC5_16_ROUNDS) &&
+                (rounds != RC5_12_ROUNDS) &&
+                (rounds != RC5_8_ROUNDS))
+                rounds=RC5_16_ROUNDS;
+
+        key->rounds=rounds;
+        S= &(key->data[0]);
+        j=0;
+        for (i=0; i<=(len-8); i+=8)
+                {
+                c2l(data,l);
+                L[j++]=l;
+                c2l(data,l);
+                L[j++]=l;
+                }
+        ii=len-i;
+        if (ii)
+                {
+                k=len&0x07;
+                c2ln(data,l,ll,k);
+                L[j+0]=l;
+                L[j+1]=ll;
+                }
+
+        c=(len+3)/4;
+        t=(rounds+1)*2;
+        S[0]=RC5_32_P;
+        for (i=1; i<t; i++)
+                S[i]=(S[i-1]+RC5_32_Q)&RC5_32_MASK;
+
+        j=(t>c)?t:c;
+        j*=3;
+        ii=jj=0;
+        A=B=0;
+        for (i=0; i<j; i++)
+                {
+                k=(S[ii]+A+B)&RC5_32_MASK;
+                A=S[ii]=ROTATE_l32(k,3);
+                m=(int)(A+B);
+                k=(L[jj]+A+B)&RC5_32_MASK;
+                B=L[jj]=ROTATE_l32(k,m);
+                if (++ii >= t) ii=0;
+                if (++jj >= c) jj=0;
+                }
+        }
+
diff --git a/src/lib/libcrypto/rc5/rc5cfb64.c b/src/lib/libcrypto/rc5/rc5cfb64.c
new file mode 100644
index 0000000000..3a8b60bc7a
--- /dev/null
+++ b/src/lib/libcrypto/rc5/rc5cfb64.c
@@ -0,0 +1,122 @@
+/* crypto/rc5/rc5cfb64.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/rc5.h>
+#include "rc5_locl.h"
+
+/* The input and output encrypted as though 64bit cfb mode is being
+ * used.  The extra state information to record how much of the
+ * 64bit block we have used is contained in *num;
+ */
+
+void RC5_32_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                          long length, RC5_32_KEY *schedule,
+                          unsigned char *ivec, int *num, int encrypt)
+        {
+        register unsigned long v0,v1,t;
+        register int n= *num;
+        register long l=length;
+        unsigned long ti[2];
+        unsigned char *iv,c,cc;
+
+        iv=(unsigned char *)ivec;
+        if (encrypt)
+                {
+                while (l--)
+                        {
+                        if (n == 0)
+                                {
+                                c2l(iv,v0); ti[0]=v0;
+                                c2l(iv,v1); ti[1]=v1;
+                                RC5_32_encrypt((unsigned long *)ti,schedule);
+                                iv=(unsigned char *)ivec;
+                                t=ti[0]; l2c(t,iv);
+                                t=ti[1]; l2c(t,iv);
+                                iv=(unsigned char *)ivec;
+                                }
+                        c= *(in++)^iv[n];
+                        *(out++)=c;
+                        iv[n]=c;
+                        n=(n+1)&0x07;
+                        }
+                }
+        else
+                {
+                while (l--)
+                        {
+                        if (n == 0)
+                                {
+                                c2l(iv,v0); ti[0]=v0;
+                                c2l(iv,v1); ti[1]=v1;
+                                RC5_32_encrypt((unsigned long *)ti,schedule);
+                                iv=(unsigned char *)ivec;
+                                t=ti[0]; l2c(t,iv);
+                                t=ti[1]; l2c(t,iv);
+                                iv=(unsigned char *)ivec;
+                                }
+                        cc= *(in++);
+                        c=iv[n];
+                        iv[n]=cc;
+                        *(out++)=c^cc;
+                        n=(n+1)&0x07;
+                        }
+                }
+        v0=v1=ti[0]=ti[1]=t=c=cc=0;
+        *num=n;
+        }
+
diff --git a/src/lib/libcrypto/rc5/rc5ofb64.c b/src/lib/libcrypto/rc5/rc5ofb64.c
new file mode 100644
index 0000000000..d412215f3c
--- /dev/null
+++ b/src/lib/libcrypto/rc5/rc5ofb64.c
@@ -0,0 +1,111 @@
+/* crypto/rc5/rc5ofb64.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/rc5.h>
+#include "rc5_locl.h"
+
+/* The input and output encrypted as though 64bit ofb mode is being
+ * used.  The extra state information to record how much of the
+ * 64bit block we have used is contained in *num;
+ */
+void RC5_32_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                          long length, RC5_32_KEY *schedule,
+                          unsigned char *ivec, int *num)
+        {
+        register unsigned long v0,v1,t;
+        register int n= *num;
+        register long l=length;
+        unsigned char d[8];
+        register char *dp;
+        unsigned long ti[2];
+        unsigned char *iv;
+        int save=0;
+
+        iv=(unsigned char *)ivec;
+        c2l(iv,v0);
+        c2l(iv,v1);
+        ti[0]=v0;
+        ti[1]=v1;
+        dp=(char *)d;
+        l2c(v0,dp);
+        l2c(v1,dp);
+        while (l--)
+                {
+                if (n == 0)
+                        {
+                        RC5_32_encrypt((unsigned long *)ti,schedule);
+                        dp=(char *)d;
+                        t=ti[0]; l2c(t,dp);
+                        t=ti[1]; l2c(t,dp);
+                        save++;
+                        }
+                *(out++)= *(in++)^d[n];
+                n=(n+1)&0x07;
+                }
+        if (save)
+                {
+                v0=ti[0];
+                v1=ti[1];
+                iv=(unsigned char *)ivec;
+                l2c(v0,iv);
+                l2c(v1,iv);
+                }
+        t=v0=v1=ti[0]=ti[1]=0;
+        *num=n;
+        }
+
diff --git a/src/lib/libcrypto/rc5/rc5speed.c b/src/lib/libcrypto/rc5/rc5speed.c
new file mode 100644
index 0000000000..8e363be535
--- /dev/null
+++ b/src/lib/libcrypto/rc5/rc5speed.c
@@ -0,0 +1,277 @@
+/* crypto/rc5/rc5speed.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
+/* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
+
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
+#define TIMES
+#endif
+
+#include <stdio.h>
+
+#include <openssl/e_os2.h>
+#include OPENSSL_UNISTD_IO
+OPENSSL_DECLARE_EXIT
+
+#ifndef OPENSSL_SYS_NETWARE
+#include <signal.h>
+#endif
+
+#ifndef _IRIX
+#include <time.h>
+#endif
+#ifdef TIMES
+#include <sys/types.h>
+#include <sys/times.h>
+#endif
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.                           -- Richard Levitte */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+#undef TIMES
+#endif
+
+#ifndef TIMES
+#include <sys/timeb.h>
+#endif
+
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
+#include <limits.h>
+#include <sys/param.h>
+#endif
+
+#include <openssl/rc5.h>
+
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+#ifndef CLK_TCK
+#define HZ      100.0
+#else /* CLK_TCK */
+#define HZ ((double)CLK_TCK)
+#endif
+#endif
+
+#define BUFSIZE ((long)1024)
+long run=0;
+
+double Time_F(int s);
+#ifdef SIGALRM
+#if defined(__STDC__) || defined(sgi) || defined(_AIX)
+#define SIGRETTYPE void
+#else
+#define SIGRETTYPE int
+#endif
+
+SIGRETTYPE sig_done(int sig);
+SIGRETTYPE sig_done(int sig)
+        {
+        signal(SIGALRM,sig_done);
+        run=0;
+#ifdef LINT
+        sig=sig;
+#endif
+        }
+#endif
+
+#define START   0
+#define STOP    1
+
+double Time_F(int s)
+        {
+        double ret;
+#ifdef TIMES
+        static struct tms tstart,tend;
+
+        if (s == START)
+                {
+                times(&tstart);
+                return(0);
+                }
+        else
+                {
+                times(&tend);
+                ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#else /* !times() */
+        static struct timeb tstart,tend;
+        long i;
+
+        if (s == START)
+                {
+                ftime(&tstart);
+                return(0);
+                }
+        else
+                {
+                ftime(&tend);
+                i=(long)tend.millitm-(long)tstart.millitm;
+                ret=((double)(tend.time-tstart.time))+((double)i)/1e3;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#endif
+        }
+
+int main(int argc, char **argv)
+        {
+        long count;
+        static unsigned char buf[BUFSIZE];
+        static unsigned char key[] ={
+                        0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
+                        0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10,
+                        };
+        RC5_32_KEY sch;
+        double a,b,c,d;
+#ifndef SIGALRM
+        long ca,cb,cc;
+#endif
+
+#ifndef TIMES
+        printf("To get the most accurate results, try to run this\n");
+        printf("program when this computer is idle.\n");
+#endif
+
+#ifndef SIGALRM
+        printf("First we calculate the approximate speed ...\n");
+        RC5_32_set_key(&sch,16,key,12);
+        count=10;
+        do      {
+                long i;
+                unsigned long data[2];
+
+                count*=2;
+                Time_F(START);
+                for (i=count; i; i--)
+                        RC5_32_encrypt(data,&sch);
+                d=Time_F(STOP);
+                } while (d < 3.0);
+        ca=count/512;
+        cb=count;
+        cc=count*8/BUFSIZE+1;
+        printf("Doing RC5_32_set_key %ld times\n",ca);
+#define COND(d) (count != (d))
+#define COUNT(d) (d)
+#else
+#define COND(c) (run)
+#define COUNT(d) (count)
+        signal(SIGALRM,sig_done);
+        printf("Doing RC5_32_set_key for 10 seconds\n");
+        alarm(10);
+#endif
+
+        Time_F(START);
+        for (count=0,run=1; COND(ca); count+=4)
+                {
+                RC5_32_set_key(&sch,16,key,12);
+                RC5_32_set_key(&sch,16,key,12);
+                RC5_32_set_key(&sch,16,key,12);
+                RC5_32_set_key(&sch,16,key,12);
+                }
+        d=Time_F(STOP);
+        printf("%ld RC5_32_set_key's in %.2f seconds\n",count,d);
+        a=((double)COUNT(ca))/d;
+
+#ifdef SIGALRM
+        printf("Doing RC5_32_encrypt's for 10 seconds\n");
+        alarm(10);
+#else
+        printf("Doing RC5_32_encrypt %ld times\n",cb);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(cb); count+=4)
+                {
+                unsigned long data[2];
+
+                RC5_32_encrypt(data,&sch);
+                RC5_32_encrypt(data,&sch);
+                RC5_32_encrypt(data,&sch);
+                RC5_32_encrypt(data,&sch);
+                }
+        d=Time_F(STOP);
+        printf("%ld RC5_32_encrypt's in %.2f second\n",count,d);
+        b=((double)COUNT(cb)*8)/d;
+
+#ifdef SIGALRM
+        printf("Doing RC5_32_cbc_encrypt on %ld byte blocks for 10 seconds\n",
+                BUFSIZE);
+        alarm(10);
+#else
+        printf("Doing RC5_32_cbc_encrypt %ld times on %ld byte blocks\n",cc,
+                BUFSIZE);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(cc); count++)
+                RC5_32_cbc_encrypt(buf,buf,BUFSIZE,&sch,
+                        &(key[0]),RC5_ENCRYPT);
+        d=Time_F(STOP);
+        printf("%ld RC5_32_cbc_encrypt's of %ld byte blocks in %.2f second\n",
+                count,BUFSIZE,d);
+        c=((double)COUNT(cc)*BUFSIZE)/d;
+
+        printf("RC5_32/12/16 set_key       per sec = %12.2f (%9.3fuS)\n",a,1.0e6/a);
+        printf("RC5_32/12/16 raw ecb bytes per sec = %12.2f (%9.3fuS)\n",b,8.0e6/b);
+        printf("RC5_32/12/16 cbc     bytes per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c);
+        exit(0);
+#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
+        return(0);
+#endif
+        }
diff --git a/src/lib/libcrypto/srp/srp_grps.h b/src/lib/libcrypto/srp/srp_grps.h
index d77c9fff4b..8e3c35e3f5 100644
--- a/src/lib/libcrypto/srp/srp_grps.h
+++ b/src/lib/libcrypto/srp/srp_grps.h
@@ -1,22 +1,22 @@
 /* start of generated data */
 
 static BN_ULONG bn_group_1024_value[] = {
-        bn_pack4(9FC6,1D2F,C0EB,06E3),
-        bn_pack4(FD51,38FE,8376,435B),
-        bn_pack4(2FD4,CBF4,976E,AA9A),
-        bn_pack4(68ED,BC3C,0572,6CC0),
-        bn_pack4(C529,F566,660E,57EC),
-        bn_pack4(8255,9B29,7BCF,1885),
-        bn_pack4(CE8E,F4AD,69B1,5D49),
-        bn_pack4(5DC7,D7B4,6154,D6B6),
-        bn_pack4(8E49,5C1D,6089,DAD1),
-        bn_pack4(E0D5,D8E2,50B9,8BE4),
-        bn_pack4(383B,4813,D692,C6E0),
-        bn_pack4(D674,DF74,96EA,81D3),
-        bn_pack4(9EA2,314C,9C25,6576),
-        bn_pack4(6072,6187,75FF,3C0B),
-        bn_pack4(9C33,F80A,FA8F,C5E8),
-        bn_pack4(EEAF,0AB9,ADB3,8DD6)
+        bn_pack4(0x9FC6,0x1D2F,0xC0EB,0x06E3),
+        bn_pack4(0xFD51,0x38FE,0x8376,0x435B),
+        bn_pack4(0x2FD4,0xCBF4,0x976E,0xAA9A),
+        bn_pack4(0x68ED,0xBC3C,0x0572,0x6CC0),
+        bn_pack4(0xC529,0xF566,0x660E,0x57EC),
+        bn_pack4(0x8255,0x9B29,0x7BCF,0x1885),
+        bn_pack4(0xCE8E,0xF4AD,0x69B1,0x5D49),
+        bn_pack4(0x5DC7,0xD7B4,0x6154,0xD6B6),
+        bn_pack4(0x8E49,0x5C1D,0x6089,0xDAD1),
+        bn_pack4(0xE0D5,0xD8E2,0x50B9,0x8BE4),
+        bn_pack4(0x383B,0x4813,0xD692,0xC6E0),
+        bn_pack4(0xD674,0xDF74,0x96EA,0x81D3),
+        bn_pack4(0x9EA2,0x314C,0x9C25,0x6576),
+        bn_pack4(0x6072,0x6187,0x75FF,0x3C0B),
+        bn_pack4(0x9C33,0xF80A,0xFA8F,0xC5E8),
+        bn_pack4(0xEEAF,0x0AB9,0xADB3,0x8DD6)
 };
 static BIGNUM bn_group_1024 = {
         bn_group_1024_value,
@@ -27,30 +27,30 @@ static BIGNUM bn_group_1024 = {
 };
 
 static BN_ULONG bn_group_1536_value[] = {
-        bn_pack4(CF76,E3FE,D135,F9BB),
-        bn_pack4(1518,0F93,499A,234D),
-        bn_pack4(8CE7,A28C,2442,C6F3),
-        bn_pack4(5A02,1FFF,5E91,479E),
-        bn_pack4(7F8A,2FE9,B8B5,292E),
-        bn_pack4(837C,264A,E3A9,BEB8),
-        bn_pack4(E442,734A,F7CC,B7AE),
-        bn_pack4(6577,2E43,7D6C,7F8C),
-        bn_pack4(DB2F,D53D,24B7,C486),
-        bn_pack4(6EDF,0195,3934,9627),
-        bn_pack4(158B,FD3E,2B9C,8CF5),
-        bn_pack4(764E,3F4B,53DD,9DA1),
-        bn_pack4(4754,8381,DBC5,B1FC),
-        bn_pack4(9B60,9E0B,E3BA,B63D),
-        bn_pack4(8134,B1C8,B979,8914),
-        bn_pack4(DF02,8A7C,EC67,F0D0),
-        bn_pack4(80B6,55BB,9A22,E8DC),
-        bn_pack4(1558,903B,A0D0,F843),
-        bn_pack4(51C6,A94B,E460,7A29),
-        bn_pack4(5F4F,5F55,6E27,CBDE),
-        bn_pack4(BEEE,A961,4B19,CC4D),
-        bn_pack4(DBA5,1DF4,99AC,4C80),
-        bn_pack4(B1F1,2A86,17A4,7BBB),
-        bn_pack4(9DEF,3CAF,B939,277A)
+        bn_pack4(0xCF76,0xE3FE,0xD135,0xF9BB),
+        bn_pack4(0x1518,0x0F93,0x499A,0x234D),
+        bn_pack4(0x8CE7,0xA28C,0x2442,0xC6F3),
+        bn_pack4(0x5A02,0x1FFF,0x5E91,0x479E),
+        bn_pack4(0x7F8A,0x2FE9,0xB8B5,0x292E),
+        bn_pack4(0x837C,0x264A,0xE3A9,0xBEB8),
+        bn_pack4(0xE442,0x734A,0xF7CC,0xB7AE),
+        bn_pack4(0x6577,0x2E43,0x7D6C,0x7F8C),
+        bn_pack4(0xDB2F,0xD53D,0x24B7,0xC486),
+        bn_pack4(0x6EDF,0x0195,0x3934,0x9627),
+        bn_pack4(0x158B,0xFD3E,0x2B9C,0x8CF5),
+        bn_pack4(0x764E,0x3F4B,0x53DD,0x9DA1),
+        bn_pack4(0x4754,0x8381,0xDBC5,0xB1FC),
+        bn_pack4(0x9B60,0x9E0B,0xE3BA,0xB63D),
+        bn_pack4(0x8134,0xB1C8,0xB979,0x8914),
+        bn_pack4(0xDF02,0x8A7C,0xEC67,0xF0D0),
+        bn_pack4(0x80B6,0x55BB,0x9A22,0xE8DC),
+        bn_pack4(0x1558,0x903B,0xA0D0,0xF843),
+        bn_pack4(0x51C6,0xA94B,0xE460,0x7A29),
+        bn_pack4(0x5F4F,0x5F55,0x6E27,0xCBDE),
+        bn_pack4(0xBEEE,0xA961,0x4B19,0xCC4D),
+        bn_pack4(0xDBA5,0x1DF4,0x99AC,0x4C80),
+        bn_pack4(0xB1F1,0x2A86,0x17A4,0x7BBB),
+        bn_pack4(0x9DEF,0x3CAF,0xB939,0x277A)
 };
 static BIGNUM bn_group_1536 = {
         bn_group_1536_value,
@@ -61,38 +61,38 @@ static BIGNUM bn_group_1536 = {
 };
 
 static BN_ULONG bn_group_2048_value[] = {
-        bn_pack4(0FA7,111F,9E4A,FF73),
-        bn_pack4(9B65,E372,FCD6,8EF2),
-        bn_pack4(35DE,236D,525F,5475),
-        bn_pack4(94B5,C803,D89F,7AE4),
-        bn_pack4(71AE,35F8,E9DB,FBB6),
-        bn_pack4(2A56,98F3,A8D0,C382),
-        bn_pack4(9CCC,041C,7BC3,08D8),
-        bn_pack4(AF87,4E73,03CE,5329),
-        bn_pack4(6160,2790,04E5,7AE6),
-        bn_pack4(032C,FBDB,F52F,B378),
-        bn_pack4(5EA7,7A27,75D2,ECFA),
-        bn_pack4(5445,23B5,24B0,D57D),
-        bn_pack4(5B9D,32E6,88F8,7748),
-        bn_pack4(F1D2,B907,8717,461A),
-        bn_pack4(76BD,207A,436C,6481),
-        bn_pack4(CA97,B43A,23FB,8016),
-        bn_pack4(1D28,1E44,6B14,773B),
-        bn_pack4(7359,D041,D5C3,3EA7),
-        bn_pack4(A80D,740A,DBF4,FF74),
-        bn_pack4(55F9,7993,EC97,5EEA),
-        bn_pack4(2918,A996,2F0B,93B8),
-        bn_pack4(661A,05FB,D5FA,AAE8),
-        bn_pack4(CF60,9517,9A16,3AB3),
-        bn_pack4(E808,3969,EDB7,67B0),
-        bn_pack4(CD7F,48A9,DA04,FD50),
-        bn_pack4(D523,12AB,4B03,310D),
-        bn_pack4(8193,E075,7767,A13D),
-        bn_pack4(A373,29CB,B4A0,99ED),
-        bn_pack4(FC31,9294,3DB5,6050),
-        bn_pack4(AF72,B665,1987,EE07),
-        bn_pack4(F166,DE5E,1389,582F),
-        bn_pack4(AC6B,DB41,324A,9A9B)
+        bn_pack4(0x0FA7,0x111F,0x9E4A,0xFF73),
+        bn_pack4(0x9B65,0xE372,0xFCD6,0x8EF2),
+        bn_pack4(0x35DE,0x236D,0x525F,0x5475),
+        bn_pack4(0x94B5,0xC803,0xD89F,0x7AE4),
+        bn_pack4(0x71AE,0x35F8,0xE9DB,0xFBB6),
+        bn_pack4(0x2A56,0x98F3,0xA8D0,0xC382),
+        bn_pack4(0x9CCC,0x041C,0x7BC3,0x08D8),
+        bn_pack4(0xAF87,0x4E73,0x03CE,0x5329),
+        bn_pack4(0x6160,0x2790,0x04E5,0x7AE6),
+        bn_pack4(0x032C,0xFBDB,0xF52F,0xB378),
+        bn_pack4(0x5EA7,0x7A27,0x75D2,0xECFA),
+        bn_pack4(0x5445,0x23B5,0x24B0,0xD57D),
+        bn_pack4(0x5B9D,0x32E6,0x88F8,0x7748),
+        bn_pack4(0xF1D2,0xB907,0x8717,0x461A),
+        bn_pack4(0x76BD,0x207A,0x436C,0x6481),
+        bn_pack4(0xCA97,0xB43A,0x23FB,0x8016),
+        bn_pack4(0x1D28,0x1E44,0x6B14,0x773B),
+        bn_pack4(0x7359,0xD041,0xD5C3,0x3EA7),
+        bn_pack4(0xA80D,0x740A,0xDBF4,0xFF74),
+        bn_pack4(0x55F9,0x7993,0xEC97,0x5EEA),
+        bn_pack4(0x2918,0xA996,0x2F0B,0x93B8),
+        bn_pack4(0x661A,0x05FB,0xD5FA,0xAAE8),
+        bn_pack4(0xCF60,0x9517,0x9A16,0x3AB3),
+        bn_pack4(0xE808,0x3969,0xEDB7,0x67B0),
+        bn_pack4(0xCD7F,0x48A9,0xDA04,0xFD50),
+        bn_pack4(0xD523,0x12AB,0x4B03,0x310D),
+        bn_pack4(0x8193,0xE075,0x7767,0xA13D),
+        bn_pack4(0xA373,0x29CB,0xB4A0,0x99ED),
+        bn_pack4(0xFC31,0x9294,0x3DB5,0x6050),
+        bn_pack4(0xAF72,0xB665,0x1987,0xEE07),
+        bn_pack4(0xF166,0xDE5E,0x1389,0x582F),
+        bn_pack4(0xAC6B,0xDB41,0x324A,0x9A9B)
 };
 static BIGNUM bn_group_2048 = {
         bn_group_2048_value,
@@ -103,54 +103,54 @@ static BIGNUM bn_group_2048 = {
 };
 
 static BN_ULONG bn_group_3072_value[] = {
-        bn_pack4(FFFF,FFFF,FFFF,FFFF),
-        bn_pack4(4B82,D120,A93A,D2CA),
-        bn_pack4(43DB,5BFC,E0FD,108E),
-        bn_pack4(08E2,4FA0,74E5,AB31),
-        bn_pack4(7709,88C0,BAD9,46E2),
-        bn_pack4(BBE1,1757,7A61,5D6C),
-        bn_pack4(521F,2B18,177B,200C),
-        bn_pack4(D876,0273,3EC8,6A64),
-        bn_pack4(F12F,FA06,D98A,0864),
-        bn_pack4(CEE3,D226,1AD2,EE6B),
-        bn_pack4(1E8C,94E0,4A25,619D),
-        bn_pack4(ABF5,AE8C,DB09,33D7),
-        bn_pack4(B397,0F85,A6E1,E4C7),
-        bn_pack4(8AEA,7157,5D06,0C7D),
-        bn_pack4(ECFB,8504,58DB,EF0A),
-        bn_pack4(A855,21AB,DF1C,BA64),
-        bn_pack4(AD33,170D,0450,7A33),
-        bn_pack4(1572,8E5A,8AAA,C42D),
-        bn_pack4(15D2,2618,98FA,0510),
-        bn_pack4(3995,497C,EA95,6AE5),
-        bn_pack4(DE2B,CBF6,9558,1718),
-        bn_pack4(B5C5,5DF0,6F4C,52C9),
-        bn_pack4(9B27,83A2,EC07,A28F),
-        bn_pack4(E39E,772C,180E,8603),
-        bn_pack4(3290,5E46,2E36,CE3B),
-        bn_pack4(F174,6C08,CA18,217C),
-        bn_pack4(670C,354E,4ABC,9804),
-        bn_pack4(9ED5,2907,7096,966D),
-        bn_pack4(1C62,F356,2085,52BB),
-        bn_pack4(8365,5D23,DCA3,AD96),
-        bn_pack4(6916,3FA8,FD24,CF5F),
-        bn_pack4(98DA,4836,1C55,D39A),
-        bn_pack4(C200,7CB8,A163,BF05),
-        bn_pack4(4928,6651,ECE4,5B3D),
-        bn_pack4(AE9F,2411,7C4B,1FE6),
-        bn_pack4(EE38,6BFB,5A89,9FA5),
-        bn_pack4(0BFF,5CB6,F406,B7ED),
-        bn_pack4(F44C,42E9,A637,ED6B),
-        bn_pack4(E485,B576,625E,7EC6),
-        bn_pack4(4FE1,356D,6D51,C245),
-        bn_pack4(302B,0A6D,F25F,1437),
-        bn_pack4(EF95,19B3,CD3A,431B),
-        bn_pack4(514A,0879,8E34,04DD),
-        bn_pack4(020B,BEA6,3B13,9B22),
-        bn_pack4(2902,4E08,8A67,CC74),
-        bn_pack4(C4C6,628B,80DC,1CD1),
-        bn_pack4(C90F,DAA2,2168,C234),
-        bn_pack4(FFFF,FFFF,FFFF,FFFF)
+        bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF),
+        bn_pack4(0x4B82,0xD120,0xA93A,0xD2CA),
+        bn_pack4(0x43DB,0x5BFC,0xE0FD,0x108E),
+        bn_pack4(0x08E2,0x4FA0,0x74E5,0xAB31),
+        bn_pack4(0x7709,0x88C0,0xBAD9,0x46E2),
+        bn_pack4(0xBBE1,0x1757,0x7A61,0x5D6C),
+        bn_pack4(0x521F,0x2B18,0x177B,0x200C),
+        bn_pack4(0xD876,0x0273,0x3EC8,0x6A64),
+        bn_pack4(0xF12F,0xFA06,0xD98A,0x0864),
+        bn_pack4(0xCEE3,0xD226,0x1AD2,0xEE6B),
+        bn_pack4(0x1E8C,0x94E0,0x4A25,0x619D),
+        bn_pack4(0xABF5,0xAE8C,0xDB09,0x33D7),
+        bn_pack4(0xB397,0x0F85,0xA6E1,0xE4C7),
+        bn_pack4(0x8AEA,0x7157,0x5D06,0x0C7D),
+        bn_pack4(0xECFB,0x8504,0x58DB,0xEF0A),
+        bn_pack4(0xA855,0x21AB,0xDF1C,0xBA64),
+        bn_pack4(0xAD33,0x170D,0x0450,0x7A33),
+        bn_pack4(0x1572,0x8E5A,0x8AAA,0xC42D),
+        bn_pack4(0x15D2,0x2618,0x98FA,0x0510),
+        bn_pack4(0x3995,0x497C,0xEA95,0x6AE5),
+        bn_pack4(0xDE2B,0xCBF6,0x9558,0x1718),
+        bn_pack4(0xB5C5,0x5DF0,0x6F4C,0x52C9),
+        bn_pack4(0x9B27,0x83A2,0xEC07,0xA28F),
+        bn_pack4(0xE39E,0x772C,0x180E,0x8603),
+        bn_pack4(0x3290,0x5E46,0x2E36,0xCE3B),
+        bn_pack4(0xF174,0x6C08,0xCA18,0x217C),
+        bn_pack4(0x670C,0x354E,0x4ABC,0x9804),
+        bn_pack4(0x9ED5,0x2907,0x7096,0x966D),
+        bn_pack4(0x1C62,0xF356,0x2085,0x52BB),
+        bn_pack4(0x8365,0x5D23,0xDCA3,0xAD96),
+        bn_pack4(0x6916,0x3FA8,0xFD24,0xCF5F),
+        bn_pack4(0x98DA,0x4836,0x1C55,0xD39A),
+        bn_pack4(0xC200,0x7CB8,0xA163,0xBF05),
+        bn_pack4(0x4928,0x6651,0xECE4,0x5B3D),
+        bn_pack4(0xAE9F,0x2411,0x7C4B,0x1FE6),
+        bn_pack4(0xEE38,0x6BFB,0x5A89,0x9FA5),
+        bn_pack4(0x0BFF,0x5CB6,0xF406,0xB7ED),
+        bn_pack4(0xF44C,0x42E9,0xA637,0xED6B),
+        bn_pack4(0xE485,0xB576,0x625E,0x7EC6),
+        bn_pack4(0x4FE1,0x356D,0x6D51,0xC245),
+        bn_pack4(0x302B,0x0A6D,0xF25F,0x1437),
+        bn_pack4(0xEF95,0x19B3,0xCD3A,0x431B),
+        bn_pack4(0x514A,0x0879,0x8E34,0x04DD),
+        bn_pack4(0x020B,0xBEA6,0x3B13,0x9B22),
+        bn_pack4(0x2902,0x4E08,0x8A67,0xCC74),
+        bn_pack4(0xC4C6,0x628B,0x80DC,0x1CD1),
+        bn_pack4(0xC90F,0xDAA2,0x2168,0xC234),
+        bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF)
 };
 static BIGNUM bn_group_3072 = {
         bn_group_3072_value,
@@ -161,70 +161,70 @@ static BIGNUM bn_group_3072 = {
 };
 
 static BN_ULONG bn_group_4096_value[] = {
-        bn_pack4(FFFF,FFFF,FFFF,FFFF),
-        bn_pack4(4DF4,35C9,3406,3199),
-        bn_pack4(86FF,B7DC,90A6,C08F),
-        bn_pack4(93B4,EA98,8D8F,DDC1),
-        bn_pack4(D006,9127,D5B0,5AA9),
-        bn_pack4(B81B,DD76,2170,481C),
-        bn_pack4(1F61,2970,CEE2,D7AF),
-        bn_pack4(233B,A186,515B,E7ED),
-        bn_pack4(99B2,964F,A090,C3A2),
-        bn_pack4(287C,5947,4E6B,C05D),
-        bn_pack4(2E8E,FC14,1FBE,CAA6),
-        bn_pack4(DBBB,C2DB,04DE,8EF9),
-        bn_pack4(2583,E9CA,2AD4,4CE8),
-        bn_pack4(1A94,6834,B615,0BDA),
-        bn_pack4(99C3,2718,6AF4,E23C),
-        bn_pack4(8871,9A10,BDBA,5B26),
-        bn_pack4(1A72,3C12,A787,E6D7),
-        bn_pack4(4B82,D120,A921,0801),
-        bn_pack4(43DB,5BFC,E0FD,108E),
-        bn_pack4(08E2,4FA0,74E5,AB31),
-        bn_pack4(7709,88C0,BAD9,46E2),
-        bn_pack4(BBE1,1757,7A61,5D6C),
-        bn_pack4(521F,2B18,177B,200C),
-        bn_pack4(D876,0273,3EC8,6A64),
-        bn_pack4(F12F,FA06,D98A,0864),
-        bn_pack4(CEE3,D226,1AD2,EE6B),
-        bn_pack4(1E8C,94E0,4A25,619D),
-        bn_pack4(ABF5,AE8C,DB09,33D7),
-        bn_pack4(B397,0F85,A6E1,E4C7),
-        bn_pack4(8AEA,7157,5D06,0C7D),
-        bn_pack4(ECFB,8504,58DB,EF0A),
-        bn_pack4(A855,21AB,DF1C,BA64),
-        bn_pack4(AD33,170D,0450,7A33),
-        bn_pack4(1572,8E5A,8AAA,C42D),
-        bn_pack4(15D2,2618,98FA,0510),
-        bn_pack4(3995,497C,EA95,6AE5),
-        bn_pack4(DE2B,CBF6,9558,1718),
-        bn_pack4(B5C5,5DF0,6F4C,52C9),
-        bn_pack4(9B27,83A2,EC07,A28F),
-        bn_pack4(E39E,772C,180E,8603),
-        bn_pack4(3290,5E46,2E36,CE3B),
-        bn_pack4(F174,6C08,CA18,217C),
-        bn_pack4(670C,354E,4ABC,9804),
-        bn_pack4(9ED5,2907,7096,966D),
-        bn_pack4(1C62,F356,2085,52BB),
-        bn_pack4(8365,5D23,DCA3,AD96),
-        bn_pack4(6916,3FA8,FD24,CF5F),
-        bn_pack4(98DA,4836,1C55,D39A),
-        bn_pack4(C200,7CB8,A163,BF05),
-        bn_pack4(4928,6651,ECE4,5B3D),
-        bn_pack4(AE9F,2411,7C4B,1FE6),
-        bn_pack4(EE38,6BFB,5A89,9FA5),
-        bn_pack4(0BFF,5CB6,F406,B7ED),
-        bn_pack4(F44C,42E9,A637,ED6B),
-        bn_pack4(E485,B576,625E,7EC6),
-        bn_pack4(4FE1,356D,6D51,C245),
-        bn_pack4(302B,0A6D,F25F,1437),
-        bn_pack4(EF95,19B3,CD3A,431B),
-        bn_pack4(514A,0879,8E34,04DD),
-        bn_pack4(020B,BEA6,3B13,9B22),
-        bn_pack4(2902,4E08,8A67,CC74),
-        bn_pack4(C4C6,628B,80DC,1CD1),
-        bn_pack4(C90F,DAA2,2168,C234),
-        bn_pack4(FFFF,FFFF,FFFF,FFFF)
+        bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF),
+        bn_pack4(0x4DF4,0x35C9,0x3406,0x3199),
+        bn_pack4(0x86FF,0xB7DC,0x90A6,0xC08F),
+        bn_pack4(0x93B4,0xEA98,0x8D8F,0xDDC1),
+        bn_pack4(0xD006,0x9127,0xD5B0,0x5AA9),
+        bn_pack4(0xB81B,0xDD76,0x2170,0x481C),
+        bn_pack4(0x1F61,0x2970,0xCEE2,0xD7AF),
+        bn_pack4(0x233B,0xA186,0x515B,0xE7ED),
+        bn_pack4(0x99B2,0x964F,0xA090,0xC3A2),
+        bn_pack4(0x287C,0x5947,0x4E6B,0xC05D),
+        bn_pack4(0x2E8E,0xFC14,0x1FBE,0xCAA6),
+        bn_pack4(0xDBBB,0xC2DB,0x04DE,0x8EF9),
+        bn_pack4(0x2583,0xE9CA,0x2AD4,0x4CE8),
+        bn_pack4(0x1A94,0x6834,0xB615,0x0BDA),
+        bn_pack4(0x99C3,0x2718,0x6AF4,0xE23C),
+        bn_pack4(0x8871,0x9A10,0xBDBA,0x5B26),
+        bn_pack4(0x1A72,0x3C12,0xA787,0xE6D7),
+        bn_pack4(0x4B82,0xD120,0xA921,0x0801),
+        bn_pack4(0x43DB,0x5BFC,0xE0FD,0x108E),
+        bn_pack4(0x08E2,0x4FA0,0x74E5,0xAB31),
+        bn_pack4(0x7709,0x88C0,0xBAD9,0x46E2),
+        bn_pack4(0xBBE1,0x1757,0x7A61,0x5D6C),
+        bn_pack4(0x521F,0x2B18,0x177B,0x200C),
+        bn_pack4(0xD876,0x0273,0x3EC8,0x6A64),
+        bn_pack4(0xF12F,0xFA06,0xD98A,0x0864),
+        bn_pack4(0xCEE3,0xD226,0x1AD2,0xEE6B),
+        bn_pack4(0x1E8C,0x94E0,0x4A25,0x619D),
+        bn_pack4(0xABF5,0xAE8C,0xDB09,0x33D7),
+        bn_pack4(0xB397,0x0F85,0xA6E1,0xE4C7),
+        bn_pack4(0x8AEA,0x7157,0x5D06,0x0C7D),
+        bn_pack4(0xECFB,0x8504,0x58DB,0xEF0A),
+        bn_pack4(0xA855,0x21AB,0xDF1C,0xBA64),
+        bn_pack4(0xAD33,0x170D,0x0450,0x7A33),
+        bn_pack4(0x1572,0x8E5A,0x8AAA,0xC42D),
+        bn_pack4(0x15D2,0x2618,0x98FA,0x0510),
+        bn_pack4(0x3995,0x497C,0xEA95,0x6AE5),
+        bn_pack4(0xDE2B,0xCBF6,0x9558,0x1718),
+        bn_pack4(0xB5C5,0x5DF0,0x6F4C,0x52C9),
+        bn_pack4(0x9B27,0x83A2,0xEC07,0xA28F),
+        bn_pack4(0xE39E,0x772C,0x180E,0x8603),
+        bn_pack4(0x3290,0x5E46,0x2E36,0xCE3B),
+        bn_pack4(0xF174,0x6C08,0xCA18,0x217C),
+        bn_pack4(0x670C,0x354E,0x4ABC,0x9804),
+        bn_pack4(0x9ED5,0x2907,0x7096,0x966D),
+        bn_pack4(0x1C62,0xF356,0x2085,0x52BB),
+        bn_pack4(0x8365,0x5D23,0xDCA3,0xAD96),
+        bn_pack4(0x6916,0x3FA8,0xFD24,0xCF5F),
+        bn_pack4(0x98DA,0x4836,0x1C55,0xD39A),
+        bn_pack4(0xC200,0x7CB8,0xA163,0xBF05),
+        bn_pack4(0x4928,0x6651,0xECE4,0x5B3D),
+        bn_pack4(0xAE9F,0x2411,0x7C4B,0x1FE6),
+        bn_pack4(0xEE38,0x6BFB,0x5A89,0x9FA5),
+        bn_pack4(0x0BFF,0x5CB6,0xF406,0xB7ED),
+        bn_pack4(0xF44C,0x42E9,0xA637,0xED6B),
+        bn_pack4(0xE485,0xB576,0x625E,0x7EC6),
+        bn_pack4(0x4FE1,0x356D,0x6D51,0xC245),
+        bn_pack4(0x302B,0x0A6D,0xF25F,0x1437),
+        bn_pack4(0xEF95,0x19B3,0xCD3A,0x431B),
+        bn_pack4(0x514A,0x0879,0x8E34,0x04DD),
+        bn_pack4(0x020B,0xBEA6,0x3B13,0x9B22),
+        bn_pack4(0x2902,0x4E08,0x8A67,0xCC74),
+        bn_pack4(0xC4C6,0x628B,0x80DC,0x1CD1),
+        bn_pack4(0xC90F,0xDAA2,0x2168,0xC234),
+        bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF)
 };
 static BIGNUM bn_group_4096 = {
         bn_group_4096_value,
@@ -235,102 +235,102 @@ static BIGNUM bn_group_4096 = {
 };
 
 static BN_ULONG bn_group_6144_value[] = {
-        bn_pack4(FFFF,FFFF,FFFF,FFFF),
-        bn_pack4(E694,F91E,6DCC,4024),
-        bn_pack4(12BF,2D5B,0B74,74D6),
-        bn_pack4(043E,8F66,3F48,60EE),
-        bn_pack4(387F,E8D7,6E3C,0468),
-        bn_pack4(DA56,C9EC,2EF2,9632),
-        bn_pack4(EB19,CCB1,A313,D55C),
-        bn_pack4(F550,AA3D,8A1F,BFF0),
-        bn_pack4(06A1,D58B,B7C5,DA76),
-        bn_pack4(A797,15EE,F29B,E328),
-        bn_pack4(14CC,5ED2,0F80,37E0),
-        bn_pack4(CC8F,6D7E,BF48,E1D8),
-        bn_pack4(4BD4,07B2,2B41,54AA),
-        bn_pack4(0F1D,45B7,FF58,5AC5),
-        bn_pack4(23A9,7A7E,36CC,88BE),
-        bn_pack4(59E7,C97F,BEC7,E8F3),
-        bn_pack4(B5A8,4031,900B,1C9E),
-        bn_pack4(D55E,702F,4698,0C82),
-        bn_pack4(F482,D7CE,6E74,FEF6),
-        bn_pack4(F032,EA15,D172,1D03),
-        bn_pack4(5983,CA01,C64B,92EC),
-        bn_pack4(6FB8,F401,378C,D2BF),
-        bn_pack4(3320,5151,2BD7,AF42),
-        bn_pack4(DB7F,1447,E6CC,254B),
-        bn_pack4(44CE,6CBA,CED4,BB1B),
-        bn_pack4(DA3E,DBEB,CF9B,14ED),
-        bn_pack4(1797,27B0,865A,8918),
-        bn_pack4(B06A,53ED,9027,D831),
-        bn_pack4(E5DB,382F,4130,01AE),
-        bn_pack4(F8FF,9406,AD9E,530E),
-        bn_pack4(C975,1E76,3DBA,37BD),
-        bn_pack4(C1D4,DCB2,6026,46DE),
-        bn_pack4(36C3,FAB4,D27C,7026),
-        bn_pack4(4DF4,35C9,3402,8492),
-        bn_pack4(86FF,B7DC,90A6,C08F),
-        bn_pack4(93B4,EA98,8D8F,DDC1),
-        bn_pack4(D006,9127,D5B0,5AA9),
-        bn_pack4(B81B,DD76,2170,481C),
-        bn_pack4(1F61,2970,CEE2,D7AF),
-        bn_pack4(233B,A186,515B,E7ED),
-        bn_pack4(99B2,964F,A090,C3A2),
-        bn_pack4(287C,5947,4E6B,C05D),
-        bn_pack4(2E8E,FC14,1FBE,CAA6),
-        bn_pack4(DBBB,C2DB,04DE,8EF9),
-        bn_pack4(2583,E9CA,2AD4,4CE8),
-        bn_pack4(1A94,6834,B615,0BDA),
-        bn_pack4(99C3,2718,6AF4,E23C),
-        bn_pack4(8871,9A10,BDBA,5B26),
-        bn_pack4(1A72,3C12,A787,E6D7),
-        bn_pack4(4B82,D120,A921,0801),
-        bn_pack4(43DB,5BFC,E0FD,108E),
-        bn_pack4(08E2,4FA0,74E5,AB31),
-        bn_pack4(7709,88C0,BAD9,46E2),
-        bn_pack4(BBE1,1757,7A61,5D6C),
-        bn_pack4(521F,2B18,177B,200C),
-        bn_pack4(D876,0273,3EC8,6A64),
-        bn_pack4(F12F,FA06,D98A,0864),
-        bn_pack4(CEE3,D226,1AD2,EE6B),
-        bn_pack4(1E8C,94E0,4A25,619D),
-        bn_pack4(ABF5,AE8C,DB09,33D7),
-        bn_pack4(B397,0F85,A6E1,E4C7),
-        bn_pack4(8AEA,7157,5D06,0C7D),
-        bn_pack4(ECFB,8504,58DB,EF0A),
-        bn_pack4(A855,21AB,DF1C,BA64),
-        bn_pack4(AD33,170D,0450,7A33),
-        bn_pack4(1572,8E5A,8AAA,C42D),
-        bn_pack4(15D2,2618,98FA,0510),
-        bn_pack4(3995,497C,EA95,6AE5),
-        bn_pack4(DE2B,CBF6,9558,1718),
-        bn_pack4(B5C5,5DF0,6F4C,52C9),
-        bn_pack4(9B27,83A2,EC07,A28F),
-        bn_pack4(E39E,772C,180E,8603),
-        bn_pack4(3290,5E46,2E36,CE3B),
-        bn_pack4(F174,6C08,CA18,217C),
-        bn_pack4(670C,354E,4ABC,9804),
-        bn_pack4(9ED5,2907,7096,966D),
-        bn_pack4(1C62,F356,2085,52BB),
-        bn_pack4(8365,5D23,DCA3,AD96),
-        bn_pack4(6916,3FA8,FD24,CF5F),
-        bn_pack4(98DA,4836,1C55,D39A),
-        bn_pack4(C200,7CB8,A163,BF05),
-        bn_pack4(4928,6651,ECE4,5B3D),
-        bn_pack4(AE9F,2411,7C4B,1FE6),
-        bn_pack4(EE38,6BFB,5A89,9FA5),
-        bn_pack4(0BFF,5CB6,F406,B7ED),
-        bn_pack4(F44C,42E9,A637,ED6B),
-        bn_pack4(E485,B576,625E,7EC6),
-        bn_pack4(4FE1,356D,6D51,C245),
-        bn_pack4(302B,0A6D,F25F,1437),
-        bn_pack4(EF95,19B3,CD3A,431B),
-        bn_pack4(514A,0879,8E34,04DD),
-        bn_pack4(020B,BEA6,3B13,9B22),
-        bn_pack4(2902,4E08,8A67,CC74),
-        bn_pack4(C4C6,628B,80DC,1CD1),
-        bn_pack4(C90F,DAA2,2168,C234),
-        bn_pack4(FFFF,FFFF,FFFF,FFFF)
+        bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF),
+        bn_pack4(0xE694,0xF91E,0x6DCC,0x4024),
+        bn_pack4(0x12BF,0x2D5B,0x0B74,0x74D6),
+        bn_pack4(0x043E,0x8F66,0x3F48,0x60EE),
+        bn_pack4(0x387F,0xE8D7,0x6E3C,0x0468),
+        bn_pack4(0xDA56,0xC9EC,0x2EF2,0x9632),
+        bn_pack4(0xEB19,0xCCB1,0xA313,0xD55C),
+        bn_pack4(0xF550,0xAA3D,0x8A1F,0xBFF0),
+        bn_pack4(0x06A1,0xD58B,0xB7C5,0xDA76),
+        bn_pack4(0xA797,0x15EE,0xF29B,0xE328),
+        bn_pack4(0x14CC,0x5ED2,0x0F80,0x37E0),
+        bn_pack4(0xCC8F,0x6D7E,0xBF48,0xE1D8),
+        bn_pack4(0x4BD4,0x07B2,0x2B41,0x54AA),
+        bn_pack4(0x0F1D,0x45B7,0xFF58,0x5AC5),
+        bn_pack4(0x23A9,0x7A7E,0x36CC,0x88BE),
+        bn_pack4(0x59E7,0xC97F,0xBEC7,0xE8F3),
+        bn_pack4(0xB5A8,0x4031,0x900B,0x1C9E),
+        bn_pack4(0xD55E,0x702F,0x4698,0x0C82),
+        bn_pack4(0xF482,0xD7CE,0x6E74,0xFEF6),
+        bn_pack4(0xF032,0xEA15,0xD172,0x1D03),
+        bn_pack4(0x5983,0xCA01,0xC64B,0x92EC),
+        bn_pack4(0x6FB8,0xF401,0x378C,0xD2BF),
+        bn_pack4(0x3320,0x5151,0x2BD7,0xAF42),
+        bn_pack4(0xDB7F,0x1447,0xE6CC,0x254B),
+        bn_pack4(0x44CE,0x6CBA,0xCED4,0xBB1B),
+        bn_pack4(0xDA3E,0xDBEB,0xCF9B,0x14ED),
+        bn_pack4(0x1797,0x27B0,0x865A,0x8918),
+        bn_pack4(0xB06A,0x53ED,0x9027,0xD831),
+        bn_pack4(0xE5DB,0x382F,0x4130,0x01AE),
+        bn_pack4(0xF8FF,0x9406,0xAD9E,0x530E),
+        bn_pack4(0xC975,0x1E76,0x3DBA,0x37BD),
+        bn_pack4(0xC1D4,0xDCB2,0x6026,0x46DE),
+        bn_pack4(0x36C3,0xFAB4,0xD27C,0x7026),
+        bn_pack4(0x4DF4,0x35C9,0x3402,0x8492),
+        bn_pack4(0x86FF,0xB7DC,0x90A6,0xC08F),
+        bn_pack4(0x93B4,0xEA98,0x8D8F,0xDDC1),
+        bn_pack4(0xD006,0x9127,0xD5B0,0x5AA9),
+        bn_pack4(0xB81B,0xDD76,0x2170,0x481C),
+        bn_pack4(0x1F61,0x2970,0xCEE2,0xD7AF),
+        bn_pack4(0x233B,0xA186,0x515B,0xE7ED),
+        bn_pack4(0x99B2,0x964F,0xA090,0xC3A2),
+        bn_pack4(0x287C,0x5947,0x4E6B,0xC05D),
+        bn_pack4(0x2E8E,0xFC14,0x1FBE,0xCAA6),
+        bn_pack4(0xDBBB,0xC2DB,0x04DE,0x8EF9),
+        bn_pack4(0x2583,0xE9CA,0x2AD4,0x4CE8),
+        bn_pack4(0x1A94,0x6834,0xB615,0x0BDA),
+        bn_pack4(0x99C3,0x2718,0x6AF4,0xE23C),
+        bn_pack4(0x8871,0x9A10,0xBDBA,0x5B26),
+        bn_pack4(0x1A72,0x3C12,0xA787,0xE6D7),
+        bn_pack4(0x4B82,0xD120,0xA921,0x0801),
+        bn_pack4(0x43DB,0x5BFC,0xE0FD,0x108E),
+        bn_pack4(0x08E2,0x4FA0,0x74E5,0xAB31),
+        bn_pack4(0x7709,0x88C0,0xBAD9,0x46E2),
+        bn_pack4(0xBBE1,0x1757,0x7A61,0x5D6C),
+        bn_pack4(0x521F,0x2B18,0x177B,0x200C),
+        bn_pack4(0xD876,0x0273,0x3EC8,0x6A64),
+        bn_pack4(0xF12F,0xFA06,0xD98A,0x0864),
+        bn_pack4(0xCEE3,0xD226,0x1AD2,0xEE6B),
+        bn_pack4(0x1E8C,0x94E0,0x4A25,0x619D),
+        bn_pack4(0xABF5,0xAE8C,0xDB09,0x33D7),
+        bn_pack4(0xB397,0x0F85,0xA6E1,0xE4C7),
+        bn_pack4(0x8AEA,0x7157,0x5D06,0x0C7D),
+        bn_pack4(0xECFB,0x8504,0x58DB,0xEF0A),
+        bn_pack4(0xA855,0x21AB,0xDF1C,0xBA64),
+        bn_pack4(0xAD33,0x170D,0x0450,0x7A33),
+        bn_pack4(0x1572,0x8E5A,0x8AAA,0xC42D),
+        bn_pack4(0x15D2,0x2618,0x98FA,0x0510),
+        bn_pack4(0x3995,0x497C,0xEA95,0x6AE5),
+        bn_pack4(0xDE2B,0xCBF6,0x9558,0x1718),
+        bn_pack4(0xB5C5,0x5DF0,0x6F4C,0x52C9),
+        bn_pack4(0x9B27,0x83A2,0xEC07,0xA28F),
+        bn_pack4(0xE39E,0x772C,0x180E,0x8603),
+        bn_pack4(0x3290,0x5E46,0x2E36,0xCE3B),
+        bn_pack4(0xF174,0x6C08,0xCA18,0x217C),
+        bn_pack4(0x670C,0x354E,0x4ABC,0x9804),
+        bn_pack4(0x9ED5,0x2907,0x7096,0x966D),
+        bn_pack4(0x1C62,0xF356,0x2085,0x52BB),
+        bn_pack4(0x8365,0x5D23,0xDCA3,0xAD96),
+        bn_pack4(0x6916,0x3FA8,0xFD24,0xCF5F),
+        bn_pack4(0x98DA,0x4836,0x1C55,0xD39A),
+        bn_pack4(0xC200,0x7CB8,0xA163,0xBF05),
+        bn_pack4(0x4928,0x6651,0xECE4,0x5B3D),
+        bn_pack4(0xAE9F,0x2411,0x7C4B,0x1FE6),
+        bn_pack4(0xEE38,0x6BFB,0x5A89,0x9FA5),
+        bn_pack4(0x0BFF,0x5CB6,0xF406,0xB7ED),
+        bn_pack4(0xF44C,0x42E9,0xA637,0xED6B),
+        bn_pack4(0xE485,0xB576,0x625E,0x7EC6),
+        bn_pack4(0x4FE1,0x356D,0x6D51,0xC245),
+        bn_pack4(0x302B,0x0A6D,0xF25F,0x1437),
+        bn_pack4(0xEF95,0x19B3,0xCD3A,0x431B),
+        bn_pack4(0x514A,0x0879,0x8E34,0x04DD),
+        bn_pack4(0x020B,0xBEA6,0x3B13,0x9B22),
+        bn_pack4(0x2902,0x4E08,0x8A67,0xCC74),
+        bn_pack4(0xC4C6,0x628B,0x80DC,0x1CD1),
+        bn_pack4(0xC90F,0xDAA2,0x2168,0xC234),
+        bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF)
 };
 static BIGNUM bn_group_6144 = {
         bn_group_6144_value,
@@ -341,134 +341,134 @@ static BIGNUM bn_group_6144 = {
 };
 
 static BN_ULONG bn_group_8192_value[] = {
-        bn_pack4(FFFF,FFFF,FFFF,FFFF),
-        bn_pack4(60C9,80DD,98ED,D3DF),
-        bn_pack4(C81F,56E8,80B9,6E71),
-        bn_pack4(9E30,50E2,7656,94DF),
-        bn_pack4(9558,E447,5677,E9AA),
-        bn_pack4(C919,0DA6,FC02,6E47),
-        bn_pack4(889A,002E,D5EE,382B),
-        bn_pack4(4009,438B,481C,6CD7),
-        bn_pack4(3590,46F4,EB87,9F92),
-        bn_pack4(FAF3,6BC3,1ECF,A268),
-        bn_pack4(B1D5,10BD,7EE7,4D73),
-        bn_pack4(F9AB,4819,5DED,7EA1),
-        bn_pack4(64F3,1CC5,0846,851D),
-        bn_pack4(4597,E899,A025,5DC1),
-        bn_pack4(DF31,0EE0,74AB,6A36),
-        bn_pack4(6D2A,13F8,3F44,F82D),
-        bn_pack4(062B,3CF5,B3A2,78A6),
-        bn_pack4(7968,3303,ED5B,DD3A),
-        bn_pack4(FA9D,4B7F,A2C0,87E8),
-        bn_pack4(4BCB,C886,2F83,85DD),
-        bn_pack4(3473,FC64,6CEA,306B),
-        bn_pack4(13EB,57A8,1A23,F0C7),
-        bn_pack4(2222,2E04,A403,7C07),
-        bn_pack4(E3FD,B8BE,FC84,8AD9),
-        bn_pack4(238F,16CB,E39D,652D),
-        bn_pack4(3423,B474,2BF1,C978),
-        bn_pack4(3AAB,639C,5AE4,F568),
-        bn_pack4(2576,F693,6BA4,2466),
-        bn_pack4(741F,A7BF,8AFC,47ED),
-        bn_pack4(3BC8,32B6,8D9D,D300),
-        bn_pack4(D8BE,C4D0,73B9,31BA),
-        bn_pack4(3877,7CB6,A932,DF8C),
-        bn_pack4(74A3,926F,12FE,E5E4),
-        bn_pack4(E694,F91E,6DBE,1159),
-        bn_pack4(12BF,2D5B,0B74,74D6),
-        bn_pack4(043E,8F66,3F48,60EE),
-        bn_pack4(387F,E8D7,6E3C,0468),
-        bn_pack4(DA56,C9EC,2EF2,9632),
-        bn_pack4(EB19,CCB1,A313,D55C),
-        bn_pack4(F550,AA3D,8A1F,BFF0),
-        bn_pack4(06A1,D58B,B7C5,DA76),
-        bn_pack4(A797,15EE,F29B,E328),
-        bn_pack4(14CC,5ED2,0F80,37E0),
-        bn_pack4(CC8F,6D7E,BF48,E1D8),
-        bn_pack4(4BD4,07B2,2B41,54AA),
-        bn_pack4(0F1D,45B7,FF58,5AC5),
-        bn_pack4(23A9,7A7E,36CC,88BE),
-        bn_pack4(59E7,C97F,BEC7,E8F3),
-        bn_pack4(B5A8,4031,900B,1C9E),
-        bn_pack4(D55E,702F,4698,0C82),
-        bn_pack4(F482,D7CE,6E74,FEF6),
-        bn_pack4(F032,EA15,D172,1D03),
-        bn_pack4(5983,CA01,C64B,92EC),
-        bn_pack4(6FB8,F401,378C,D2BF),
-        bn_pack4(3320,5151,2BD7,AF42),
-        bn_pack4(DB7F,1447,E6CC,254B),
-        bn_pack4(44CE,6CBA,CED4,BB1B),
-        bn_pack4(DA3E,DBEB,CF9B,14ED),
-        bn_pack4(1797,27B0,865A,8918),
-        bn_pack4(B06A,53ED,9027,D831),
-        bn_pack4(E5DB,382F,4130,01AE),
-        bn_pack4(F8FF,9406,AD9E,530E),
-        bn_pack4(C975,1E76,3DBA,37BD),
-        bn_pack4(C1D4,DCB2,6026,46DE),
-        bn_pack4(36C3,FAB4,D27C,7026),
-        bn_pack4(4DF4,35C9,3402,8492),
-        bn_pack4(86FF,B7DC,90A6,C08F),
-        bn_pack4(93B4,EA98,8D8F,DDC1),
-        bn_pack4(D006,9127,D5B0,5AA9),
-        bn_pack4(B81B,DD76,2170,481C),
-        bn_pack4(1F61,2970,CEE2,D7AF),
-        bn_pack4(233B,A186,515B,E7ED),
-        bn_pack4(99B2,964F,A090,C3A2),
-        bn_pack4(287C,5947,4E6B,C05D),
-        bn_pack4(2E8E,FC14,1FBE,CAA6),
-        bn_pack4(DBBB,C2DB,04DE,8EF9),
-        bn_pack4(2583,E9CA,2AD4,4CE8),
-        bn_pack4(1A94,6834,B615,0BDA),
-        bn_pack4(99C3,2718,6AF4,E23C),
-        bn_pack4(8871,9A10,BDBA,5B26),
-        bn_pack4(1A72,3C12,A787,E6D7),
-        bn_pack4(4B82,D120,A921,0801),
-        bn_pack4(43DB,5BFC,E0FD,108E),
-        bn_pack4(08E2,4FA0,74E5,AB31),
-        bn_pack4(7709,88C0,BAD9,46E2),
-        bn_pack4(BBE1,1757,7A61,5D6C),
-        bn_pack4(521F,2B18,177B,200C),
-        bn_pack4(D876,0273,3EC8,6A64),
-        bn_pack4(F12F,FA06,D98A,0864),
-        bn_pack4(CEE3,D226,1AD2,EE6B),
-        bn_pack4(1E8C,94E0,4A25,619D),
-        bn_pack4(ABF5,AE8C,DB09,33D7),
-        bn_pack4(B397,0F85,A6E1,E4C7),
-        bn_pack4(8AEA,7157,5D06,0C7D),
-        bn_pack4(ECFB,8504,58DB,EF0A),
-        bn_pack4(A855,21AB,DF1C,BA64),
-        bn_pack4(AD33,170D,0450,7A33),
-        bn_pack4(1572,8E5A,8AAA,C42D),
-        bn_pack4(15D2,2618,98FA,0510),
-        bn_pack4(3995,497C,EA95,6AE5),
-        bn_pack4(DE2B,CBF6,9558,1718),
-        bn_pack4(B5C5,5DF0,6F4C,52C9),
-        bn_pack4(9B27,83A2,EC07,A28F),
-        bn_pack4(E39E,772C,180E,8603),
-        bn_pack4(3290,5E46,2E36,CE3B),
-        bn_pack4(F174,6C08,CA18,217C),
-        bn_pack4(670C,354E,4ABC,9804),
-        bn_pack4(9ED5,2907,7096,966D),
-        bn_pack4(1C62,F356,2085,52BB),
-        bn_pack4(8365,5D23,DCA3,AD96),
-        bn_pack4(6916,3FA8,FD24,CF5F),
-        bn_pack4(98DA,4836,1C55,D39A),
-        bn_pack4(C200,7CB8,A163,BF05),
-        bn_pack4(4928,6651,ECE4,5B3D),
-        bn_pack4(AE9F,2411,7C4B,1FE6),
-        bn_pack4(EE38,6BFB,5A89,9FA5),
-        bn_pack4(0BFF,5CB6,F406,B7ED),
-        bn_pack4(F44C,42E9,A637,ED6B),
-        bn_pack4(E485,B576,625E,7EC6),
-        bn_pack4(4FE1,356D,6D51,C245),
-        bn_pack4(302B,0A6D,F25F,1437),
-        bn_pack4(EF95,19B3,CD3A,431B),
-        bn_pack4(514A,0879,8E34,04DD),
-        bn_pack4(020B,BEA6,3B13,9B22),
-        bn_pack4(2902,4E08,8A67,CC74),
-        bn_pack4(C4C6,628B,80DC,1CD1),
-        bn_pack4(C90F,DAA2,2168,C234),
-        bn_pack4(FFFF,FFFF,FFFF,FFFF)
+        bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF),
+        bn_pack4(0x60C9,0x80DD,0x98ED,0xD3DF),
+        bn_pack4(0xC81F,0x56E8,0x80B9,0x6E71),
+        bn_pack4(0x9E30,0x50E2,0x7656,0x94DF),
+        bn_pack4(0x9558,0xE447,0x5677,0xE9AA),
+        bn_pack4(0xC919,0x0DA6,0xFC02,0x6E47),
+        bn_pack4(0x889A,0x002E,0xD5EE,0x382B),
+        bn_pack4(0x4009,0x438B,0x481C,0x6CD7),
+        bn_pack4(0x3590,0x46F4,0xEB87,0x9F92),
+        bn_pack4(0xFAF3,0x6BC3,0x1ECF,0xA268),
+        bn_pack4(0xB1D5,0x10BD,0x7EE7,0x4D73),
+        bn_pack4(0xF9AB,0x4819,0x5DED,0x7EA1),
+        bn_pack4(0x64F3,0x1CC5,0x0846,0x851D),
+        bn_pack4(0x4597,0xE899,0xA025,0x5DC1),
+        bn_pack4(0xDF31,0x0EE0,0x74AB,0x6A36),
+        bn_pack4(0x6D2A,0x13F8,0x3F44,0xF82D),
+        bn_pack4(0x062B,0x3CF5,0xB3A2,0x78A6),
+        bn_pack4(0x7968,0x3303,0xED5B,0xDD3A),
+        bn_pack4(0xFA9D,0x4B7F,0xA2C0,0x87E8),
+        bn_pack4(0x4BCB,0xC886,0x2F83,0x85DD),
+        bn_pack4(0x3473,0xFC64,0x6CEA,0x306B),
+        bn_pack4(0x13EB,0x57A8,0x1A23,0xF0C7),
+        bn_pack4(0x2222,0x2E04,0xA403,0x7C07),
+        bn_pack4(0xE3FD,0xB8BE,0xFC84,0x8AD9),
+        bn_pack4(0x238F,0x16CB,0xE39D,0x652D),
+        bn_pack4(0x3423,0xB474,0x2BF1,0xC978),
+        bn_pack4(0x3AAB,0x639C,0x5AE4,0xF568),
+        bn_pack4(0x2576,0xF693,0x6BA4,0x2466),
+        bn_pack4(0x741F,0xA7BF,0x8AFC,0x47ED),
+        bn_pack4(0x3BC8,0x32B6,0x8D9D,0xD300),
+        bn_pack4(0xD8BE,0xC4D0,0x73B9,0x31BA),
+        bn_pack4(0x3877,0x7CB6,0xA932,0xDF8C),
+        bn_pack4(0x74A3,0x926F,0x12FE,0xE5E4),
+        bn_pack4(0xE694,0xF91E,0x6DBE,0x1159),
+        bn_pack4(0x12BF,0x2D5B,0x0B74,0x74D6),
+        bn_pack4(0x043E,0x8F66,0x3F48,0x60EE),
+        bn_pack4(0x387F,0xE8D7,0x6E3C,0x0468),
+        bn_pack4(0xDA56,0xC9EC,0x2EF2,0x9632),
+        bn_pack4(0xEB19,0xCCB1,0xA313,0xD55C),
+        bn_pack4(0xF550,0xAA3D,0x8A1F,0xBFF0),
+        bn_pack4(0x06A1,0xD58B,0xB7C5,0xDA76),
+        bn_pack4(0xA797,0x15EE,0xF29B,0xE328),
+        bn_pack4(0x14CC,0x5ED2,0x0F80,0x37E0),
+        bn_pack4(0xCC8F,0x6D7E,0xBF48,0xE1D8),
+        bn_pack4(0x4BD4,0x07B2,0x2B41,0x54AA),
+        bn_pack4(0x0F1D,0x45B7,0xFF58,0x5AC5),
+        bn_pack4(0x23A9,0x7A7E,0x36CC,0x88BE),
+        bn_pack4(0x59E7,0xC97F,0xBEC7,0xE8F3),
+        bn_pack4(0xB5A8,0x4031,0x900B,0x1C9E),
+        bn_pack4(0xD55E,0x702F,0x4698,0x0C82),
+        bn_pack4(0xF482,0xD7CE,0x6E74,0xFEF6),
+        bn_pack4(0xF032,0xEA15,0xD172,0x1D03),
+        bn_pack4(0x5983,0xCA01,0xC64B,0x92EC),
+        bn_pack4(0x6FB8,0xF401,0x378C,0xD2BF),
+        bn_pack4(0x3320,0x5151,0x2BD7,0xAF42),
+        bn_pack4(0xDB7F,0x1447,0xE6CC,0x254B),
+        bn_pack4(0x44CE,0x6CBA,0xCED4,0xBB1B),
+        bn_pack4(0xDA3E,0xDBEB,0xCF9B,0x14ED),
+        bn_pack4(0x1797,0x27B0,0x865A,0x8918),
+        bn_pack4(0xB06A,0x53ED,0x9027,0xD831),
+        bn_pack4(0xE5DB,0x382F,0x4130,0x01AE),
+        bn_pack4(0xF8FF,0x9406,0xAD9E,0x530E),
+        bn_pack4(0xC975,0x1E76,0x3DBA,0x37BD),
+        bn_pack4(0xC1D4,0xDCB2,0x6026,0x46DE),
+        bn_pack4(0x36C3,0xFAB4,0xD27C,0x7026),
+        bn_pack4(0x4DF4,0x35C9,0x3402,0x8492),
+        bn_pack4(0x86FF,0xB7DC,0x90A6,0xC08F),
+        bn_pack4(0x93B4,0xEA98,0x8D8F,0xDDC1),
+        bn_pack4(0xD006,0x9127,0xD5B0,0x5AA9),
+        bn_pack4(0xB81B,0xDD76,0x2170,0x481C),
+        bn_pack4(0x1F61,0x2970,0xCEE2,0xD7AF),
+        bn_pack4(0x233B,0xA186,0x515B,0xE7ED),
+        bn_pack4(0x99B2,0x964F,0xA090,0xC3A2),
+        bn_pack4(0x287C,0x5947,0x4E6B,0xC05D),
+        bn_pack4(0x2E8E,0xFC14,0x1FBE,0xCAA6),
+        bn_pack4(0xDBBB,0xC2DB,0x04DE,0x8EF9),
+        bn_pack4(0x2583,0xE9CA,0x2AD4,0x4CE8),
+        bn_pack4(0x1A94,0x6834,0xB615,0x0BDA),
+        bn_pack4(0x99C3,0x2718,0x6AF4,0xE23C),
+        bn_pack4(0x8871,0x9A10,0xBDBA,0x5B26),
+        bn_pack4(0x1A72,0x3C12,0xA787,0xE6D7),
+        bn_pack4(0x4B82,0xD120,0xA921,0x0801),
+        bn_pack4(0x43DB,0x5BFC,0xE0FD,0x108E),
+        bn_pack4(0x08E2,0x4FA0,0x74E5,0xAB31),
+        bn_pack4(0x7709,0x88C0,0xBAD9,0x46E2),
+        bn_pack4(0xBBE1,0x1757,0x7A61,0x5D6C),
+        bn_pack4(0x521F,0x2B18,0x177B,0x200C),
+        bn_pack4(0xD876,0x0273,0x3EC8,0x6A64),
+        bn_pack4(0xF12F,0xFA06,0xD98A,0x0864),
+        bn_pack4(0xCEE3,0xD226,0x1AD2,0xEE6B),
+        bn_pack4(0x1E8C,0x94E0,0x4A25,0x619D),
+        bn_pack4(0xABF5,0xAE8C,0xDB09,0x33D7),
+        bn_pack4(0xB397,0x0F85,0xA6E1,0xE4C7),
+        bn_pack4(0x8AEA,0x7157,0x5D06,0x0C7D),
+        bn_pack4(0xECFB,0x8504,0x58DB,0xEF0A),
+        bn_pack4(0xA855,0x21AB,0xDF1C,0xBA64),
+        bn_pack4(0xAD33,0x170D,0x0450,0x7A33),
+        bn_pack4(0x1572,0x8E5A,0x8AAA,0xC42D),
+        bn_pack4(0x15D2,0x2618,0x98FA,0x0510),
+        bn_pack4(0x3995,0x497C,0xEA95,0x6AE5),
+        bn_pack4(0xDE2B,0xCBF6,0x9558,0x1718),
+        bn_pack4(0xB5C5,0x5DF0,0x6F4C,0x52C9),
+        bn_pack4(0x9B27,0x83A2,0xEC07,0xA28F),
+        bn_pack4(0xE39E,0x772C,0x180E,0x8603),
+        bn_pack4(0x3290,0x5E46,0x2E36,0xCE3B),
+        bn_pack4(0xF174,0x6C08,0xCA18,0x217C),
+        bn_pack4(0x670C,0x354E,0x4ABC,0x9804),
+        bn_pack4(0x9ED5,0x2907,0x7096,0x966D),
+        bn_pack4(0x1C62,0xF356,0x2085,0x52BB),
+        bn_pack4(0x8365,0x5D23,0xDCA3,0xAD96),
+        bn_pack4(0x6916,0x3FA8,0xFD24,0xCF5F),
+        bn_pack4(0x98DA,0x4836,0x1C55,0xD39A),
+        bn_pack4(0xC200,0x7CB8,0xA163,0xBF05),
+        bn_pack4(0x4928,0x6651,0xECE4,0x5B3D),
+        bn_pack4(0xAE9F,0x2411,0x7C4B,0x1FE6),
+        bn_pack4(0xEE38,0x6BFB,0x5A89,0x9FA5),
+        bn_pack4(0x0BFF,0x5CB6,0xF406,0xB7ED),
+        bn_pack4(0xF44C,0x42E9,0xA637,0xED6B),
+        bn_pack4(0xE485,0xB576,0x625E,0x7EC6),
+        bn_pack4(0x4FE1,0x356D,0x6D51,0xC245),
+        bn_pack4(0x302B,0x0A6D,0xF25F,0x1437),
+        bn_pack4(0xEF95,0x19B3,0xCD3A,0x431B),
+        bn_pack4(0x514A,0x0879,0x8E34,0x04DD),
+        bn_pack4(0x020B,0xBEA6,0x3B13,0x9B22),
+        bn_pack4(0x2902,0x4E08,0x8A67,0xCC74),
+        bn_pack4(0xC4C6,0x628B,0x80DC,0x1CD1),
+        bn_pack4(0xC90F,0xDAA2,0x2168,0xC234),
+        bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF)
 };
 static BIGNUM bn_group_8192 = {
         bn_group_8192_value,
diff --git a/src/lib/libcrypto/srp/srp_lib.c b/src/lib/libcrypto/srp/srp_lib.c
index 92cea98dcd..7c1dcc5111 100644
--- a/src/lib/libcrypto/srp/srp_lib.c
+++ b/src/lib/libcrypto/srp/srp_lib.c
@@ -63,13 +63,17 @@
 #include <openssl/evp.h>
 
 #if (BN_BYTES == 8)
-#define bn_pack4(a1,a2,a3,a4) 0x##a1##a2##a3##a4##ul
-#endif
-#if (BN_BYTES == 4)
-#define bn_pack4(a1,a2,a3,a4)  0x##a3##a4##ul, 0x##a1##a2##ul
-#endif
-#if (BN_BYTES == 2)
-#define bn_pack4(a1,a2,a3,a4) 0x##a4##u,0x##a3##u,0x##a2##u,0x##a1##u
+# if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
+#  define bn_pack4(a1,a2,a3,a4) ((a1##UI64<<48)|(a2##UI64<<32)|(a3##UI64<<16)|a4##UI64)
+# elif defined(__arch64__)
+#  define bn_pack4(a1,a2,a3,a4) ((a1##UL<<48)|(a2##UL<<32)|(a3##UL<<16)|a4##UL)
+# else
+#  define bn_pack4(a1,a2,a3,a4) ((a1##ULL<<48)|(a2##ULL<<32)|(a3##ULL<<16)|a4##ULL)
+# endif
+#elif (BN_BYTES == 4)
+# define bn_pack4(a1,a2,a3,a4)  ((a3##UL<<16)|a4##UL), ((a1##UL<<16)|a2##UL)
+#else
+# error "unsupported BN_BYTES"
 #endif
 
 
diff --git a/src/lib/libcrypto/srp/srp_vfy.c b/src/lib/libcrypto/srp/srp_vfy.c
index c8be907d7f..4a3d13edf6 100644
--- a/src/lib/libcrypto/srp/srp_vfy.c
+++ b/src/lib/libcrypto/srp/srp_vfy.c
@@ -390,7 +390,7 @@ int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file)
                 }
         for (i = 0; i < sk_OPENSSL_PSTRING_num(tmpdb->data); i++)
                 {
-                pp = (char **)sk_OPENSSL_PSTRING_value(tmpdb->data,i);
+                pp = sk_OPENSSL_PSTRING_value(tmpdb->data,i);
                 if (pp[DB_srptype][0] == DB_SRP_INDEX)
                         {
                         /*we add this couple in the internal Stack */
@@ -581,7 +581,8 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt,
         if (*salt == NULL)
                 {
                 char *tmp_salt;
-                if ((tmp_salt = (char *)OPENSSL_malloc(SRP_RANDOM_SALT_LEN * 2)) == NULL)
+
+                if ((tmp_salt = OPENSSL_malloc(SRP_RANDOM_SALT_LEN * 2)) == NULL)
                         {
                         OPENSSL_free(vf);
                         goto err;
diff --git a/src/lib/libssl/src/apps/cms.c b/src/lib/libssl/src/apps/cms.c
index d754140987..5f77f8fbb0 100644
--- a/src/lib/libssl/src/apps/cms.c
+++ b/src/lib/libssl/src/apps/cms.c
@@ -233,6 +233,8 @@ int MAIN(int argc, char **argv)
                 else if (!strcmp(*args,"-camellia256"))
                                 cipher = EVP_camellia_256_cbc();
 #endif
+                else if (!strcmp (*args, "-debug_decrypt")) 
+                                flags |= CMS_DEBUG_DECRYPT;
                 else if (!strcmp (*args, "-text")) 
                                 flags |= CMS_TEXT;
                 else if (!strcmp (*args, "-nointern")) 
@@ -1039,6 +1041,8 @@ int MAIN(int argc, char **argv)
         ret = 4;
         if (operation == SMIME_DECRYPT)
                 {
+                if (flags & CMS_DEBUG_DECRYPT)
+                        CMS_decrypt(cms, NULL, NULL, NULL, NULL, flags);
 
                 if (secret_key)
                         {
diff --git a/src/lib/libssl/src/apps/ecparam.c b/src/lib/libssl/src/apps/ecparam.c
index 465480bedd..976ebef12b 100644
--- a/src/lib/libssl/src/apps/ecparam.c
+++ b/src/lib/libssl/src/apps/ecparam.c
@@ -105,7 +105,7 @@
  *                    in the asn1 der encoding
  *                    possible values: named_curve (default)
  *                                     explicit
- * -no_seed         - if 'explicit' parameters are choosen do not use the seed
+ * -no_seed         - if 'explicit' parameters are chosen do not use the seed
  * -genkey          - generate ec key
  * -rand file       - files to use for random number input
  * -engine e        - use engine e, possibly a hardware device
@@ -286,7 +286,7 @@ bad:
                 BIO_printf(bio_err, "                                   "
                                 " explicit\n");
                 BIO_printf(bio_err, " -no_seed          if 'explicit'"
-                                " parameters are choosen do not"
+                                " parameters are chosen do not"
                                 " use the seed\n");
                 BIO_printf(bio_err, " -genkey           generate ec"
                                 " key\n");
diff --git a/src/lib/libssl/src/apps/srp.c b/src/lib/libssl/src/apps/srp.c
index 80e1b8a660..9c7ae184db 100644
--- a/src/lib/libssl/src/apps/srp.c
+++ b/src/lib/libssl/src/apps/srp.c
@@ -125,13 +125,13 @@ static int get_index(CA_DB *db, char* id, char type)
         if (type == DB_SRP_INDEX) 
         for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
                 {
-                pp = (char **)sk_OPENSSL_PSTRING_value(db->db->data, i);
-                if (pp[DB_srptype][0] == DB_SRP_INDEX  && !strcmp(id, pp[DB_srpid])) 
+                pp = sk_OPENSSL_PSTRING_value(db->db->data,i);
+                if (pp[DB_srptype][0] == DB_SRP_INDEX  && !strcmp(id,pp[DB_srpid])) 
                         return i;
                 }
         else for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
                 {
-                pp = (char **)sk_OPENSSL_PSTRING_value(db->db->data, i);
+                pp = sk_OPENSSL_PSTRING_value(db->db->data,i);
 
                 if (pp[DB_srptype][0] != DB_SRP_INDEX && !strcmp(id,pp[DB_srpid])) 
                         return i;
@@ -145,7 +145,7 @@ static void print_entry(CA_DB *db, BIO *bio, int indx, int verbose, char *s)
         if (indx >= 0 && verbose)
                 {
                 int j;
-                char **pp = (char **)sk_OPENSSL_PSTRING_value(db->db->data, indx);
+                char **pp = sk_OPENSSL_PSTRING_value(db->db->data, indx);
                 BIO_printf(bio, "%s \"%s\"\n", s, pp[DB_srpid]);
                 for (j = 0; j < DB_NUMBER; j++)
                         {
@@ -163,7 +163,7 @@ static void print_user(CA_DB *db, BIO *bio, int userindex, int verbose)
         {
         if (verbose > 0)
                 {
-                char **pp = (char **)sk_OPENSSL_PSTRING_value(db->db->data, userindex);
+                char **pp = sk_OPENSSL_PSTRING_value(db->db->data,userindex);
 
                 if (pp[DB_srptype][0] != 'I')
                         {
@@ -517,7 +517,7 @@ bad:
         /* Lets check some fields */
         for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
                 {
-                pp = (char **)sk_OPENSSL_PSTRING_value(db->db->data, i);
+                pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
         
                 if (pp[DB_srptype][0] == DB_SRP_INDEX)
                         {
@@ -533,8 +533,8 @@ bad:
 
         if (gNindex >= 0)
                 {
-                gNrow = (char **)sk_OPENSSL_PSTRING_value(db->db->data, gNindex);
-                print_entry(db, bio_err, gNindex, verbose > 1, "Default g and N") ;
+                gNrow = sk_OPENSSL_PSTRING_value(db->db->data,gNindex);
+                print_entry(db, bio_err, gNindex, verbose > 1, "Default g and N");
                 }
         else if (maxgN > 0 && !SRP_get_default_gN(gN))
                 {
@@ -587,7 +587,7 @@ bad:
                         if (userindex >= 0)
                                 {
                                 /* reactivation of a new user */
-                                char **row = (char **)sk_OPENSSL_PSTRING_value(db->db->data, userindex);
+                                char **row = sk_OPENSSL_PSTRING_value(db->db->data, userindex);
                                 BIO_printf(bio_err, "user \"%s\" reactivated.\n", user);
                                 row[DB_srptype][0] = 'V';
 
@@ -634,7 +634,7 @@ bad:
                         else
                                 {
 
-                                char **row = (char **)sk_OPENSSL_PSTRING_value(db->db->data, userindex);
+                                char **row = sk_OPENSSL_PSTRING_value(db->db->data, userindex);
                                 char type = row[DB_srptype][0];
                                 if (type == 'v')
                                         {
@@ -664,9 +664,9 @@ bad:
 
                                         if (!(gNid=srp_create_user(user,&(row[DB_srpverifier]), &(row[DB_srpsalt]),gNrow?gNrow[DB_srpsalt]:NULL, gNrow?gNrow[DB_srpverifier]:NULL, passout, bio_err,verbose)))
                                                 {
-                                                        BIO_printf(bio_err, "Cannot create srp verifier for user \"%s\", operation abandoned.\n", user);
-                                                        errors++;
-                                                        goto err;
+                                                BIO_printf(bio_err, "Cannot create srp verifier for user \"%s\", operation abandoned.\n", user);
+                                                errors++;
+                                                goto err;
                                                 }
 
                                         row[DB_srptype][0] = 'v';
@@ -689,7 +689,7 @@ bad:
                                 }
                         else
                                 {
-                                char **xpp = (char **)sk_OPENSSL_PSTRING_value(db->db->data, userindex);
+                                char **xpp = sk_OPENSSL_PSTRING_value(db->db->data,userindex);
                                 BIO_printf(bio_err, "user \"%s\" revoked. t\n", user);
 
                                 xpp[DB_srptype][0] = 'R';
@@ -714,7 +714,7 @@ bad:
                 /* Lets check some fields */
                 for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
                         {
-                        pp = (char **)sk_OPENSSL_PSTRING_value(db->db->data, i);
+                        pp = sk_OPENSSL_PSTRING_value(db->db->data,i);
         
                         if (pp[DB_srptype][0] == 'v')
                                 {
diff --git a/src/lib/libssl/src/crypto/aes/asm/aes-mips.pl b/src/lib/libssl/src/crypto/aes/asm/aes-mips.pl
index 2ce6deffc8..e52395421b 100644
--- a/src/lib/libssl/src/crypto/aes/asm/aes-mips.pl
+++ b/src/lib/libssl/src/crypto/aes/asm/aes-mips.pl
@@ -1036,9 +1036,9 @@ _mips_AES_set_encrypt_key:
         nop
 .end    _mips_AES_set_encrypt_key
 
-.globl  AES_set_encrypt_key
-.ent    AES_set_encrypt_key
-AES_set_encrypt_key:
+.globl  private_AES_set_encrypt_key
+.ent    private_AES_set_encrypt_key
+private_AES_set_encrypt_key:
         .frame  $sp,$FRAMESIZE,$ra
         .mask   $SAVED_REGS_MASK,-$SZREG
         .set    noreorder
@@ -1060,7 +1060,7 @@ $code.=<<___ if ($flavour =~ /nubi/i);	# optimize non-nubi prologue
 ___
 $code.=<<___ if ($flavour !~ /o32/i);   # non-o32 PIC-ification
         .cplocal        $Tbl
-        .cpsetup        $pf,$zero,AES_set_encrypt_key
+        .cpsetup        $pf,$zero,private_AES_set_encrypt_key
 ___
 $code.=<<___;
         .set    reorder
@@ -1083,7 +1083,7 @@ ___
 $code.=<<___;
         jr      $ra
         $PTR_ADD $sp,$FRAMESIZE
-.end    AES_set_encrypt_key
+.end    private_AES_set_encrypt_key
 ___
 
 my ($head,$tail)=($inp,$bits);
@@ -1091,9 +1091,9 @@ my ($tp1,$tp2,$tp4,$tp8,$tp9,$tpb,$tpd,$tpe)=($a4,$a5,$a6,$a7,$s0,$s1,$s2,$s3);
 my ($m,$x80808080,$x7f7f7f7f,$x1b1b1b1b)=($at,$t0,$t1,$t2);
 $code.=<<___;
 .align  5
-.globl  AES_set_decrypt_key
-.ent    AES_set_decrypt_key
-AES_set_decrypt_key:
+.globl  private_AES_set_decrypt_key
+.ent    private_AES_set_decrypt_key
+private_AES_set_decrypt_key:
         .frame  $sp,$FRAMESIZE,$ra
         .mask   $SAVED_REGS_MASK,-$SZREG
         .set    noreorder
@@ -1115,7 +1115,7 @@ $code.=<<___ if ($flavour =~ /nubi/i);	# optimize non-nubi prologue
 ___
 $code.=<<___ if ($flavour !~ /o32/i);   # non-o32 PIC-ification
         .cplocal        $Tbl
-        .cpsetup        $pf,$zero,AES_set_decrypt_key
+        .cpsetup        $pf,$zero,private_AES_set_decrypt_key
 ___
 $code.=<<___;
         .set    reorder
@@ -1226,7 +1226,7 @@ ___
 $code.=<<___;
         jr      $ra
         $PTR_ADD $sp,$FRAMESIZE
-.end    AES_set_decrypt_key
+.end    private_AES_set_decrypt_key
 ___
 }}}
 
diff --git a/src/lib/libssl/src/crypto/aes/asm/aes-parisc.pl b/src/lib/libssl/src/crypto/aes/asm/aes-parisc.pl
index c36b6a2270..714dcfbbe3 100644
--- a/src/lib/libssl/src/crypto/aes/asm/aes-parisc.pl
+++ b/src/lib/libssl/src/crypto/aes/asm/aes-parisc.pl
@@ -1015,7 +1015,8 @@ foreach (split("\n",$code)) {
                 $SIZE_T==4 ? sprintf("extru%s,%d,8,",$1,31-$2)
                 :            sprintf("extrd,u%s,%d,8,",$1,63-$2)/e;
 
-        s/,\*/,/ if ($SIZE_T==4);
+        s/,\*/,/                        if ($SIZE_T==4);
+        s/\bbv\b(.*\(%r2\))/bve$1/      if ($SIZE_T==8);
         print $_,"\n";
 }
 close STDOUT;
diff --git a/src/lib/libssl/src/crypto/aes/asm/aes-s390x.pl b/src/lib/libssl/src/crypto/aes/asm/aes-s390x.pl
index 445a1e6762..e75dcd0315 100644
--- a/src/lib/libssl/src/crypto/aes/asm/aes-s390x.pl
+++ b/src/lib/libssl/src/crypto/aes/asm/aes-s390x.pl
@@ -1598,11 +1598,11 @@ $code.=<<___ if(1);
         lghi    $s1,0x7f
         nr      $s1,%r0
         lghi    %r0,0                   # query capability vector
-        la      %r1,2*$SIZE_T($sp)
+        la      %r1,$tweak-16($sp)
         .long   0xb92e0042              # km %r4,%r2
         llihh   %r1,0x8000
         srlg    %r1,%r1,32($s1)         # check for 32+function code
-        ng      %r1,2*$SIZE_T($sp)
+        ng      %r1,$tweak-16($sp)
         lgr     %r0,$s0                 # restore the function code
         la      %r1,0($key1)            # restore $key1
         jz      .Lxts_km_vanilla
@@ -1628,7 +1628,7 @@ $code.=<<___ if(1);
 
         lrvg    $s0,$tweak+0($sp)       # load the last tweak
         lrvg    $s1,$tweak+8($sp)
-        stmg    %r0,%r3,$tweak-32(%r1)  # wipe copy of the key
+        stmg    %r0,%r3,$tweak-32($sp)  # wipe copy of the key
 
         nill    %r0,0xffdf              # switch back to original function code
         la      %r1,0($key1)            # restore pointer to $key1
@@ -1684,11 +1684,9 @@ $code.=<<___;
         lghi    $i1,0x87
         srag    $i2,$s1,63              # broadcast upper bit
         ngr     $i1,$i2                 # rem
-        srlg    $i2,$s0,63              # carry bit from lower half
-        sllg    $s0,$s0,1
-        sllg    $s1,$s1,1
+        algr    $s0,$s0
+        alcgr   $s1,$s1
         xgr     $s0,$i1
-        ogr     $s1,$i2
 .Lxts_km_start:
         lrvgr   $i1,$s0                 # flip byte order
         lrvgr   $i2,$s1
@@ -1745,11 +1743,9 @@ $code.=<<___;
         lghi    $i1,0x87
         srag    $i2,$s1,63              # broadcast upper bit
         ngr     $i1,$i2                 # rem
-        srlg    $i2,$s0,63              # carry bit from lower half
-        sllg    $s0,$s0,1
-        sllg    $s1,$s1,1
+        algr    $s0,$s0
+        alcgr   $s1,$s1
         xgr     $s0,$i1
-        ogr     $s1,$i2
 
         ltr     $len,$len               # clear zero flag
         br      $ra
@@ -1781,8 +1777,8 @@ $code.=<<___ if (!$softonly);
         clr     %r0,%r1
         jl      .Lxts_enc_software
 
+        st${g}  $ra,5*$SIZE_T($sp)
         stm${g} %r6,$s3,6*$SIZE_T($sp)
-        st${g}  $ra,14*$SIZE_T($sp)
 
         sllg    $len,$len,4             # $len&=~15
         slgr    $out,$inp
@@ -1830,9 +1826,9 @@ $code.=<<___ if (!$softonly);
         stg     $i2,8($i3)
 
 .Lxts_enc_km_done:
-        l${g}   $ra,14*$SIZE_T($sp)
-        st${g}  $sp,$tweak($sp)         # wipe tweak
-        st${g}  $sp,$tweak($sp)
+        stg     $sp,$tweak+0($sp)       # wipe tweak
+        stg     $sp,$tweak+8($sp)
+        l${g}   $ra,5*$SIZE_T($sp)
         lm${g}  %r6,$s3,6*$SIZE_T($sp)
         br      $ra
 .align  16
@@ -1843,12 +1839,11 @@ $code.=<<___;
 
         slgr    $out,$inp
 
-        xgr     $s0,$s0                 # clear upper half
-        xgr     $s1,$s1
-        lrv     $s0,$stdframe+4($sp)    # load secno
-        lrv     $s1,$stdframe+0($sp)
-        xgr     $s2,$s2
-        xgr     $s3,$s3
+        l${g}   $s3,$stdframe($sp)      # ivp
+        llgf    $s0,0($s3)              # load iv
+        llgf    $s1,4($s3)
+        llgf    $s2,8($s3)
+        llgf    $s3,12($s3)
         stm${g} %r2,%r5,2*$SIZE_T($sp)
         la      $key,0($key2)
         larl    $tbl,AES_Te
@@ -1864,11 +1859,9 @@ $code.=<<___;
         lghi    %r1,0x87
         srag    %r0,$s3,63              # broadcast upper bit
         ngr     %r1,%r0                 # rem
-        srlg    %r0,$s1,63              # carry bit from lower half
-        sllg    $s1,$s1,1
-        sllg    $s3,$s3,1
+        algr    $s1,$s1
+        alcgr   $s3,$s3
         xgr     $s1,%r1
-        ogr     $s3,%r0
         lrvgr   $s1,$s1                 # flip byte order
         lrvgr   $s3,$s3
         srlg    $s0,$s1,32              # smash the tweak to 4x32-bits 
@@ -1917,11 +1910,9 @@ $code.=<<___;
         lghi    %r1,0x87
         srag    %r0,$s3,63              # broadcast upper bit
         ngr     %r1,%r0                 # rem
-        srlg    %r0,$s1,63              # carry bit from lower half
-        sllg    $s1,$s1,1
-        sllg    $s3,$s3,1
+        algr    $s1,$s1
+        alcgr   $s3,$s3
         xgr     $s1,%r1
-        ogr     $s3,%r0
         lrvgr   $s1,$s1                 # flip byte order
         lrvgr   $s3,$s3
         srlg    $s0,$s1,32              # smash the tweak to 4x32-bits 
@@ -1956,7 +1947,8 @@ $code.=<<___;
 .size   AES_xts_encrypt,.-AES_xts_encrypt
 ___
 # void AES_xts_decrypt(const char *inp,char *out,size_t len,
-#       const AES_KEY *key1, const AES_KEY *key2,u64 secno);
+#       const AES_KEY *key1, const AES_KEY *key2,
+#       const unsigned char iv[16]);
 #
 $code.=<<___;
 .globl  AES_xts_decrypt
@@ -1988,8 +1980,8 @@ $code.=<<___ if (!$softonly);
         clr     %r0,%r1
         jl      .Lxts_dec_software
 
+        st${g}  $ra,5*$SIZE_T($sp)
         stm${g} %r6,$s3,6*$SIZE_T($sp)
-        st${g}  $ra,14*$SIZE_T($sp)
 
         nill    $len,0xfff0             # $len&=~15
         slgr    $out,$inp
@@ -2028,11 +2020,9 @@ $code.=<<___ if (!$softonly);
         lghi    $i1,0x87
         srag    $i2,$s1,63              # broadcast upper bit
         ngr     $i1,$i2                 # rem
-        srlg    $i2,$s0,63              # carry bit from lower half
-        sllg    $s0,$s0,1
-        sllg    $s1,$s1,1
+        algr    $s0,$s0
+        alcgr   $s1,$s1
         xgr     $s0,$i1
-        ogr     $s1,$i2
         lrvgr   $i1,$s0                 # flip byte order
         lrvgr   $i2,$s1
 
@@ -2075,9 +2065,9 @@ $code.=<<___ if (!$softonly);
         stg     $s2,0($i3)
         stg     $s3,8($i3)
 .Lxts_dec_km_done:
-        l${g}   $ra,14*$SIZE_T($sp)
-        st${g}  $sp,$tweak($sp)         # wipe tweak
-        st${g}  $sp,$tweak($sp)
+        stg     $sp,$tweak+0($sp)       # wipe tweak
+        stg     $sp,$tweak+8($sp)
+        l${g}   $ra,5*$SIZE_T($sp)
         lm${g}  %r6,$s3,6*$SIZE_T($sp)
         br      $ra
 .align  16
@@ -2089,12 +2079,11 @@ $code.=<<___;
         srlg    $len,$len,4
         slgr    $out,$inp
 
-        xgr     $s0,$s0                 # clear upper half
-        xgr     $s1,$s1
-        lrv     $s0,$stdframe+4($sp)    # load secno
-        lrv     $s1,$stdframe+0($sp)
-        xgr     $s2,$s2
-        xgr     $s3,$s3
+        l${g}   $s3,$stdframe($sp)      # ivp
+        llgf    $s0,0($s3)              # load iv
+        llgf    $s1,4($s3)
+        llgf    $s2,8($s3)
+        llgf    $s3,12($s3)
         stm${g} %r2,%r5,2*$SIZE_T($sp)
         la      $key,0($key2)
         larl    $tbl,AES_Te
@@ -2113,11 +2102,9 @@ $code.=<<___;
         lghi    %r1,0x87
         srag    %r0,$s3,63              # broadcast upper bit
         ngr     %r1,%r0                 # rem
-        srlg    %r0,$s1,63              # carry bit from lower half
-        sllg    $s1,$s1,1
-        sllg    $s3,$s3,1
+        algr    $s1,$s1
+        alcgr   $s3,$s3
         xgr     $s1,%r1
-        ogr     $s3,%r0
         lrvgr   $s1,$s1                 # flip byte order
         lrvgr   $s3,$s3
         srlg    $s0,$s1,32              # smash the tweak to 4x32-bits 
@@ -2156,11 +2143,9 @@ $code.=<<___;
         lghi    %r1,0x87
         srag    %r0,$s3,63              # broadcast upper bit
         ngr     %r1,%r0                 # rem
-        srlg    %r0,$s1,63              # carry bit from lower half
-        sllg    $s1,$s1,1
-        sllg    $s3,$s3,1
+        algr    $s1,$s1
+        alcgr   $s3,$s3
         xgr     $s1,%r1
-        ogr     $s3,%r0
         lrvgr   $i2,$s1                 # flip byte order
         lrvgr   $i3,$s3
         stmg    $i2,$i3,$tweak($sp)     # save the 1st tweak
@@ -2176,11 +2161,9 @@ $code.=<<___;
         lghi    %r1,0x87
         srag    %r0,$s3,63              # broadcast upper bit
         ngr     %r1,%r0                 # rem
-        srlg    %r0,$s1,63              # carry bit from lower half
-        sllg    $s1,$s1,1
-        sllg    $s3,$s3,1
+        algr    $s1,$s1
+        alcgr   $s3,$s3
         xgr     $s1,%r1
-        ogr     $s3,%r0
         lrvgr   $s1,$s1                 # flip byte order
         lrvgr   $s3,$s3
         srlg    $s0,$s1,32              # smash the tweak to 4x32-bits
diff --git a/src/lib/libssl/src/crypto/aes/asm/aes-x86_64.pl b/src/lib/libssl/src/crypto/aes/asm/aes-x86_64.pl
index 48fa857d5b..34cbb5d844 100755
--- a/src/lib/libssl/src/crypto/aes/asm/aes-x86_64.pl
+++ b/src/lib/libssl/src/crypto/aes/asm/aes-x86_64.pl
@@ -36,7 +36,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
 ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
 die "can't locate x86_64-xlate.pl";
 
-open STDOUT,"| $^X $xlate $flavour $output";
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
 
 $verticalspin=1;        # unlike 32-bit version $verticalspin performs
                         # ~15% better on both AMD and Intel cores
diff --git a/src/lib/libssl/src/crypto/aes/asm/aesni-sha1-x86_64.pl b/src/lib/libssl/src/crypto/aes/asm/aesni-sha1-x86_64.pl
index c6f6b3334a..3c8f6c19e7 100644
--- a/src/lib/libssl/src/crypto/aes/asm/aesni-sha1-x86_64.pl
+++ b/src/lib/libssl/src/crypto/aes/asm/aesni-sha1-x86_64.pl
@@ -69,7 +69,8 @@ $avx=1 if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
            `ml64 2>&1` =~ /Version ([0-9]+)\./ &&
            $1>=10);
 
-open STDOUT,"| $^X $xlate $flavour $output";
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
 
 # void aesni_cbc_sha1_enc(const void *inp,
 #                       void *out,
diff --git a/src/lib/libssl/src/crypto/aes/asm/aesni-x86_64.pl b/src/lib/libssl/src/crypto/aes/asm/aesni-x86_64.pl
index 499f3b3f42..0dbb194b8d 100644
--- a/src/lib/libssl/src/crypto/aes/asm/aesni-x86_64.pl
+++ b/src/lib/libssl/src/crypto/aes/asm/aesni-x86_64.pl
@@ -172,7 +172,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
 ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
 die "can't locate x86_64-xlate.pl";
 
-open STDOUT,"| $^X $xlate $flavour $output";
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
 
 $movkey = $PREFIX eq "aesni" ? "movups" : "movups";
 @_4args=$win64? ("%rcx","%rdx","%r8", "%r9") :  # Win64 order
diff --git a/src/lib/libssl/src/crypto/aes/asm/bsaes-x86_64.pl b/src/lib/libssl/src/crypto/aes/asm/bsaes-x86_64.pl
index c9c6312fa7..41b90f0844 100644
--- a/src/lib/libssl/src/crypto/aes/asm/bsaes-x86_64.pl
+++ b/src/lib/libssl/src/crypto/aes/asm/bsaes-x86_64.pl
@@ -83,9 +83,9 @@
 # Add decryption procedure. Performance in CPU cycles spent to decrypt
 # one byte out of 4096-byte buffer with 128-bit key is:
 #
-# Core 2        11.0
-# Nehalem       9.16
-# Atom          20.9
+# Core 2        9.83
+# Nehalem       7.74
+# Atom          19.0
 #
 # November 2011.
 #
@@ -105,7 +105,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
 ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
 die "can't locate x86_64-xlate.pl";
 
-open STDOUT,"| $^X $xlate $flavour $output";
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
 
 my ($inp,$out,$len,$key,$ivp)=("%rdi","%rsi","%rdx","%rcx");
 my @XMM=map("%xmm$_",(15,0..14));       # best on Atom, +10% over (0..15)
@@ -455,6 +456,7 @@ sub MixColumns {
 # modified to emit output in order suitable for feeding back to aesenc[last]
 my @x=@_[0..7];
 my @t=@_[8..15];
+my $inv=@_[16]; # optional
 $code.=<<___;
         pshufd  \$0x93, @x[0], @t[0]    # x0 <<< 32
         pshufd  \$0x93, @x[1], @t[1]
@@ -496,7 +498,8 @@ $code.=<<___;
         pxor    @t[4], @t[0]
          pshufd \$0x4E, @x[2], @x[6]
         pxor    @t[5], @t[1]
-
+___
+$code.=<<___ if (!$inv);
         pxor    @t[3], @x[4]
         pxor    @t[7], @x[5]
         pxor    @t[6], @x[3]
@@ -504,9 +507,20 @@ $code.=<<___;
         pxor    @t[2], @x[6]
          movdqa @t[1], @x[7]
 ___
+$code.=<<___ if ($inv);
+        pxor    @x[4], @t[3]
+        pxor    @t[7], @x[5]
+        pxor    @x[3], @t[6]
+         movdqa @t[0], @x[3]
+        pxor    @t[2], @x[6]
+         movdqa @t[6], @x[2]
+         movdqa @t[1], @x[7]
+         movdqa @x[6], @x[4]
+         movdqa @t[3], @x[6]
+___
 }
 
-sub InvMixColumns {
+sub InvMixColumns_orig {
 my @x=@_[0..7];
 my @t=@_[8..15];
 
@@ -660,6 +674,54 @@ $code.=<<___;
 ___
 }
 
+sub InvMixColumns {
+my @x=@_[0..7];
+my @t=@_[8..15];
+
+# Thanks to Jussi Kivilinna for providing pointer to
+#
+# | 0e 0b 0d 09 |   | 02 03 01 01 |   | 05 00 04 00 |
+# | 09 0e 0b 0d | = | 01 02 03 01 | x | 00 05 00 04 |
+# | 0d 09 0e 0b |   | 01 01 02 03 |   | 04 00 05 00 |
+# | 0b 0d 09 0e |   | 03 01 01 02 |   | 00 04 00 05 |
+
+$code.=<<___;
+        # multiplication by 0x05-0x00-0x04-0x00
+        pshufd  \$0x4E, @x[0], @t[0]
+        pshufd  \$0x4E, @x[6], @t[6]
+        pxor    @x[0], @t[0]
+        pshufd  \$0x4E, @x[7], @t[7]
+        pxor    @x[6], @t[6]
+        pshufd  \$0x4E, @x[1], @t[1]
+        pxor    @x[7], @t[7]
+        pshufd  \$0x4E, @x[2], @t[2]
+        pxor    @x[1], @t[1]
+        pshufd  \$0x4E, @x[3], @t[3]
+        pxor    @x[2], @t[2]
+         pxor   @t[6], @x[0]
+         pxor   @t[6], @x[1]
+        pshufd  \$0x4E, @x[4], @t[4]
+        pxor    @x[3], @t[3]
+         pxor   @t[0], @x[2]
+         pxor   @t[1], @x[3]
+        pshufd  \$0x4E, @x[5], @t[5]
+        pxor    @x[4], @t[4]
+         pxor   @t[7], @x[1]
+         pxor   @t[2], @x[4]
+        pxor    @x[5], @t[5]
+
+         pxor   @t[7], @x[2]
+         pxor   @t[6], @x[3]
+         pxor   @t[6], @x[4]
+         pxor   @t[3], @x[5]
+         pxor   @t[4], @x[6]
+         pxor   @t[7], @x[4]
+         pxor   @t[7], @x[5]
+         pxor   @t[5], @x[7]
+___
+        &MixColumns     (@x,@t,1);      # flipped 2<->3 and 4<->6
+}
+
 sub aesenc {                            # not used
 my @b=@_[0..7];
 my @t=@_[8..15];
@@ -2027,6 +2089,8 @@ ___
 #       const unsigned char iv[16]);
 #
 my ($twmask,$twres,$twtmp)=@XMM[13..15];
+$arg6=~s/d$//;
+
 $code.=<<___;
 .globl  bsaes_xts_encrypt
 .type   bsaes_xts_encrypt,\@abi-omnipotent
diff --git a/src/lib/libssl/src/crypto/aes/asm/vpaes-x86_64.pl b/src/lib/libssl/src/crypto/aes/asm/vpaes-x86_64.pl
index 37998db5e1..bd7f45b850 100644
--- a/src/lib/libssl/src/crypto/aes/asm/vpaes-x86_64.pl
+++ b/src/lib/libssl/src/crypto/aes/asm/vpaes-x86_64.pl
@@ -56,7 +56,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
 ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
 die "can't locate x86_64-xlate.pl";
 
-open STDOUT,"| $^X $xlate $flavour $output";
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
 
 $PREFIX="vpaes";
 
@@ -1059,7 +1060,7 @@ _vpaes_consts:
 .Lk_dsbo:       # decryption sbox final output
         .quad   0x1387EA537EF94000, 0xC7AA6DB9D4943E2D
         .quad   0x12D7560F93441D00, 0xCA4B8159D8C58E9C
-.asciz  "Vector Permutaion AES for x86_64/SSSE3, Mike Hamburg (Stanford University)"
+.asciz  "Vector Permutation AES for x86_64/SSSE3, Mike Hamburg (Stanford University)"
 .align  64
 .size   _vpaes_consts,.-_vpaes_consts
 ___
diff --git a/src/lib/libssl/src/crypto/armcap.c b/src/lib/libssl/src/crypto/armcap.c
index 5258d2fbdd..9abaf396e5 100644
--- a/src/lib/libssl/src/crypto/armcap.c
+++ b/src/lib/libssl/src/crypto/armcap.c
@@ -23,7 +23,7 @@ unsigned int _armv7_tick(void);
 
 unsigned int OPENSSL_rdtsc(void)
         {
-        if (OPENSSL_armcap_P|ARMV7_TICK)
+        if (OPENSSL_armcap_P & ARMV7_TICK)
                 return _armv7_tick();
         else
                 return 0;
diff --git a/src/lib/libssl/src/crypto/bio/bss_dgram.c b/src/lib/libssl/src/crypto/bio/bss_dgram.c
index 1b1e4bec81..54c012c47d 100644
--- a/src/lib/libssl/src/crypto/bio/bss_dgram.c
+++ b/src/lib/libssl/src/crypto/bio/bss_dgram.c
@@ -77,10 +77,20 @@
 #define OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE 0xc0
 #endif
 
-#ifdef OPENSSL_SYS_LINUX
+#if defined(OPENSSL_SYS_LINUX) && !defined(IP_MTU)
 #define IP_MTU      14 /* linux is lame */
 #endif
 
+#if defined(__FreeBSD__) && defined(IN6_IS_ADDR_V4MAPPED)
+/* Standard definition causes type-punning problems. */
+#undef IN6_IS_ADDR_V4MAPPED
+#define s6_addr32 __u6_addr.__u6_addr32
+#define IN6_IS_ADDR_V4MAPPED(a)               \
+        (((a)->s6_addr32[0] == 0) &&          \
+         ((a)->s6_addr32[1] == 0) &&          \
+         ((a)->s6_addr32[2] == htonl(0x0000ffff)))
+#endif
+
 #ifdef WATT32
 #define sock_write SockWrite  /* Watt-32 uses same names */
 #define sock_read  SockRead
@@ -255,7 +265,7 @@ static void dgram_adjust_rcv_timeout(BIO *b)
         {
 #if defined(SO_RCVTIMEO)
         bio_dgram_data *data = (bio_dgram_data *)b->ptr;
-        int sz = sizeof(int);
+        union { size_t s; int i; } sz = {0};
 
         /* Is a timer active? */
         if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0)
@@ -265,8 +275,10 @@ static void dgram_adjust_rcv_timeout(BIO *b)
                 /* Read current socket timeout */
 #ifdef OPENSSL_SYS_WINDOWS
                 int timeout;
+
+                sz.i = sizeof(timeout);
                 if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
-                                           (void*)&timeout, &sz) < 0)
+                                           (void*)&timeout, &sz.i) < 0)
                         { perror("getsockopt"); }
                 else
                         {
@@ -274,9 +286,12 @@ static void dgram_adjust_rcv_timeout(BIO *b)
                         data->socket_timeout.tv_usec = (timeout % 1000) * 1000;
                         }
 #else
+                sz.i = sizeof(data->socket_timeout);
                 if ( getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, 
                                                 &(data->socket_timeout), (void *)&sz) < 0)
                         { perror("getsockopt"); }
+                else if (sizeof(sz.s)!=sizeof(sz.i) && sz.i==0)
+                        OPENSSL_assert(sz.s<=sizeof(data->socket_timeout));
 #endif
 
                 /* Get current time */
@@ -445,11 +460,10 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
         int *ip;
         struct sockaddr *to = NULL;
         bio_dgram_data *data = NULL;
-#if defined(IP_MTU_DISCOVER) || defined(IP_MTU)
-        long sockopt_val = 0;
-        unsigned int sockopt_len = 0;
-#endif
-#ifdef OPENSSL_SYS_LINUX
+#if defined(OPENSSL_SYS_LINUX) && (defined(IP_MTU_DISCOVER) || defined(IP_MTU))
+        int sockopt_val = 0;
+        socklen_t sockopt_len;  /* assume that system supporting IP_MTU is
+                                 * modern enough to define socklen_t */
         socklen_t addr_len;
         union   {
                 struct sockaddr sa;
@@ -531,7 +545,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
                 break;
                 /* (Linux)kernel sets DF bit on outgoing IP packets */
         case BIO_CTRL_DGRAM_MTU_DISCOVER:
-#ifdef OPENSSL_SYS_LINUX
+#if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DO)
                 addr_len = (socklen_t)sizeof(addr);
                 memset((void *)&addr, 0, sizeof(addr));
                 if (getsockname(b->num, &addr.sa, &addr_len) < 0)
@@ -539,7 +553,6 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
                         ret = 0;
                         break;
                         }
-                sockopt_len = sizeof(sockopt_val);
                 switch (addr.sa.sa_family)
                         {
                 case AF_INET:
@@ -548,7 +561,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
                                 &sockopt_val, sizeof(sockopt_val))) < 0)
                                 perror("setsockopt");
                         break;
-#if OPENSSL_USE_IPV6 && defined(IPV6_MTU_DISCOVER)
+#if OPENSSL_USE_IPV6 && defined(IPV6_MTU_DISCOVER) && defined(IPV6_PMTUDISC_DO)
                 case AF_INET6:
                         sockopt_val = IPV6_PMTUDISC_DO;
                         if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER,
@@ -565,7 +578,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
                 break;
 #endif
         case BIO_CTRL_DGRAM_QUERY_MTU:
-#ifdef OPENSSL_SYS_LINUX
+#if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU)
                 addr_len = (socklen_t)sizeof(addr);
                 memset((void *)&addr, 0, sizeof(addr));
                 if (getsockname(b->num, &addr.sa, &addr_len) < 0)
@@ -727,12 +740,15 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
 #endif
                 break;
         case BIO_CTRL_DGRAM_GET_RECV_TIMEOUT:
-#ifdef OPENSSL_SYS_WINDOWS
                 {
-                int timeout, sz = sizeof(timeout);
+                union { size_t s; int i; } sz = {0};
+#ifdef OPENSSL_SYS_WINDOWS
+                int timeout;
                 struct timeval *tv = (struct timeval *)ptr;
+
+                sz.i = sizeof(timeout);
                 if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
-                        (void*)&timeout, &sz) < 0)
+                        (void*)&timeout, &sz.i) < 0)
                         { perror("getsockopt"); ret = -1; }
                 else
                         {
@@ -740,12 +756,20 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
                         tv->tv_usec = (timeout % 1000) * 1000;
                         ret = sizeof(*tv);
                         }
-                }
 #else
+                sz.i = sizeof(struct timeval);
                 if ( getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, 
-                        ptr, (void *)&ret) < 0)
+                        ptr, (void *)&sz) < 0)
                         { perror("getsockopt"); ret = -1; }
+                else if (sizeof(sz.s)!=sizeof(sz.i) && sz.i==0)
+                        {
+                        OPENSSL_assert(sz.s<=sizeof(struct timeval));
+                        ret = (int)sz.s;
+                        }
+                else
+                        ret = sz.i;
 #endif
+                }
                 break;
 #endif
 #if defined(SO_SNDTIMEO)
@@ -765,12 +789,15 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
 #endif
                 break;
         case BIO_CTRL_DGRAM_GET_SEND_TIMEOUT:
-#ifdef OPENSSL_SYS_WINDOWS
                 {
-                int timeout, sz = sizeof(timeout);
+                union { size_t s; int i; } sz = {0};
+#ifdef OPENSSL_SYS_WINDOWS
+                int timeout;
                 struct timeval *tv = (struct timeval *)ptr;
+
+                sz.i = sizeof(timeout);
                 if (getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
-                        (void*)&timeout, &sz) < 0)
+                        (void*)&timeout, &sz.i) < 0)
                         { perror("getsockopt"); ret = -1; }
                 else
                         {
@@ -778,12 +805,20 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
                         tv->tv_usec = (timeout % 1000) * 1000;
                         ret = sizeof(*tv);
                         }
-                }
 #else
+                sz.i = sizeof(struct timeval);
                 if ( getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, 
-                        ptr, (void *)&ret) < 0)
+                        ptr, (void *)&sz) < 0)
                         { perror("getsockopt"); ret = -1; }
+                else if (sizeof(sz.s)!=sizeof(sz.i) && sz.i==0)
+                        {
+                        OPENSSL_assert(sz.s<=sizeof(struct timeval));
+                        ret = (int)sz.s;
+                        }
+                else
+                        ret = sz.i;
 #endif
+                }
                 break;
 #endif
         case BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP:
@@ -871,8 +906,8 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag)
         memset(authchunks, 0, sizeof(sockopt_len));
         ret = getsockopt(fd, IPPROTO_SCTP, SCTP_LOCAL_AUTH_CHUNKS, authchunks, &sockopt_len);
         OPENSSL_assert(ret >= 0);
-        
-        for (p = (unsigned char*) authchunks + sizeof(sctp_assoc_t);
+
+        for (p = (unsigned char*) authchunks->gauth_chunks;
              p < (unsigned char*) authchunks + sockopt_len;
              p += sizeof(uint8_t))
                 {
@@ -955,7 +990,6 @@ static int dgram_sctp_free(BIO *a)
 #ifdef SCTP_AUTHENTICATION_EVENT
 void dgram_sctp_handle_auth_free_key_event(BIO *b, union sctp_notification *snp)
         {
-        unsigned int sockopt_len = 0;
         int ret;
         struct sctp_authkey_event* authkeyevent = &snp->sn_auth_event;
 
@@ -965,9 +999,8 @@ void dgram_sctp_handle_auth_free_key_event(BIO *b, union sctp_notification *snp)
 
                 /* delete key */
                 authkeyid.scact_keynumber = authkeyevent->auth_keynumber;
-                sockopt_len = sizeof(struct sctp_authkeyid);
                 ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DELETE_KEY,
-                      &authkeyid, sockopt_len);
+                      &authkeyid, sizeof(struct sctp_authkeyid));
                 }
         }
 #endif
@@ -1164,7 +1197,7 @@ static int dgram_sctp_read(BIO *b, char *out, int outl)
                         ii = getsockopt(b->num, IPPROTO_SCTP, SCTP_PEER_AUTH_CHUNKS, authchunks, &optlen);
                         OPENSSL_assert(ii >= 0);
 
-                        for (p = (unsigned char*) authchunks + sizeof(sctp_assoc_t);
+                        for (p = (unsigned char*) authchunks->gauth_chunks;
                                  p < (unsigned char*) authchunks + optlen;
                                  p += sizeof(uint8_t))
                                 {
@@ -1298,7 +1331,7 @@ static long dgram_sctp_ctrl(BIO *b, int cmd, long num, void *ptr)
         {
         long ret=1;
         bio_dgram_sctp_data *data = NULL;
-        unsigned int sockopt_len = 0;
+        socklen_t sockopt_len = 0;
         struct sctp_authkeyid authkeyid;
         struct sctp_authkey *authkey;
 
diff --git a/src/lib/libssl/src/crypto/bn/asm/mips-mont.pl b/src/lib/libssl/src/crypto/bn/asm/mips-mont.pl
index b944a12b8e..caae04ed3a 100644
--- a/src/lib/libssl/src/crypto/bn/asm/mips-mont.pl
+++ b/src/lib/libssl/src/crypto/bn/asm/mips-mont.pl
@@ -133,7 +133,7 @@ $code.=<<___;
         bnez    $at,1f
         li      $t0,0
         slt     $at,$num,17     # on in-order CPU
-        bnezl   $at,bn_mul_mont_internal
+        bnez    $at,bn_mul_mont_internal
         nop
 1:      jr      $ra
         li      $a0,0
diff --git a/src/lib/libssl/src/crypto/bn/asm/mips.pl b/src/lib/libssl/src/crypto/bn/asm/mips.pl
index c162a3ec23..d2f3ef7bbf 100644
--- a/src/lib/libssl/src/crypto/bn/asm/mips.pl
+++ b/src/lib/libssl/src/crypto/bn/asm/mips.pl
@@ -140,10 +140,10 @@ $code.=<<___;
         .set    reorder
         li      $minus4,-4
         and     $ta0,$a2,$minus4
-        $LD     $t0,0($a1)
         beqz    $ta0,.L_bn_mul_add_words_tail
 
 .L_bn_mul_add_words_loop:
+        $LD     $t0,0($a1)
         $MULTU  $t0,$a3
         $LD     $t1,0($a0)
         $LD     $t2,$BNSZ($a1)
@@ -200,10 +200,9 @@ $code.=<<___;
         $ADDU   $v0,$ta2
         sltu    $at,$ta3,$at
         $ST     $ta3,-$BNSZ($a0)
-        $ADDU   $v0,$at
         .set    noreorder
-        bgtzl   $ta0,.L_bn_mul_add_words_loop
-        $LD     $t0,0($a1)
+        bgtz    $ta0,.L_bn_mul_add_words_loop
+        $ADDU   $v0,$at
 
         beqz    $a2,.L_bn_mul_add_words_return
         nop
@@ -300,10 +299,10 @@ $code.=<<___;
         .set    reorder
         li      $minus4,-4
         and     $ta0,$a2,$minus4
-        $LD     $t0,0($a1)
         beqz    $ta0,.L_bn_mul_words_tail
 
 .L_bn_mul_words_loop:
+        $LD     $t0,0($a1)
         $MULTU  $t0,$a3
         $LD     $t2,$BNSZ($a1)
         $LD     $ta0,2*$BNSZ($a1)
@@ -341,10 +340,9 @@ $code.=<<___;
         $ADDU   $v0,$at
         sltu    $ta3,$v0,$at
         $ST     $v0,-$BNSZ($a0)
-        $ADDU   $v0,$ta3,$ta2
         .set    noreorder
-        bgtzl   $ta0,.L_bn_mul_words_loop
-        $LD     $t0,0($a1)
+        bgtz    $ta0,.L_bn_mul_words_loop
+        $ADDU   $v0,$ta3,$ta2
 
         beqz    $a2,.L_bn_mul_words_return
         nop
@@ -429,10 +427,10 @@ $code.=<<___;
         .set    reorder
         li      $minus4,-4
         and     $ta0,$a2,$minus4
-        $LD     $t0,0($a1)
         beqz    $ta0,.L_bn_sqr_words_tail
 
 .L_bn_sqr_words_loop:
+        $LD     $t0,0($a1)
         $MULTU  $t0,$t0
         $LD     $t2,$BNSZ($a1)
         $LD     $ta0,2*$BNSZ($a1)
@@ -463,11 +461,10 @@ $code.=<<___;
         mflo    $ta3
         mfhi    $ta2
         $ST     $ta3,-2*$BNSZ($a0)
-        $ST     $ta2,-$BNSZ($a0)
 
         .set    noreorder
-        bgtzl   $ta0,.L_bn_sqr_words_loop
-        $LD     $t0,0($a1)
+        bgtz    $ta0,.L_bn_sqr_words_loop
+        $ST     $ta2,-$BNSZ($a0)
 
         beqz    $a2,.L_bn_sqr_words_return
         nop
@@ -547,10 +544,10 @@ $code.=<<___;
         .set    reorder
         li      $minus4,-4
         and     $at,$a3,$minus4
-        $LD     $t0,0($a1)
         beqz    $at,.L_bn_add_words_tail
 
 .L_bn_add_words_loop:
+        $LD     $t0,0($a1)
         $LD     $ta0,0($a2)
         subu    $a3,4
         $LD     $t1,$BNSZ($a1)
@@ -589,11 +586,10 @@ $code.=<<___;
         $ADDU   $t3,$ta3,$v0
         sltu    $v0,$t3,$ta3
         $ST     $t3,-$BNSZ($a0)
-        $ADDU   $v0,$t9
         
         .set    noreorder
-        bgtzl   $at,.L_bn_add_words_loop
-        $LD     $t0,0($a1)
+        bgtz    $at,.L_bn_add_words_loop
+        $ADDU   $v0,$t9
 
         beqz    $a3,.L_bn_add_words_return
         nop
@@ -679,10 +675,10 @@ $code.=<<___;
         .set    reorder
         li      $minus4,-4
         and     $at,$a3,$minus4
-        $LD     $t0,0($a1)
         beqz    $at,.L_bn_sub_words_tail
 
 .L_bn_sub_words_loop:
+        $LD     $t0,0($a1)
         $LD     $ta0,0($a2)
         subu    $a3,4
         $LD     $t1,$BNSZ($a1)
@@ -722,11 +718,10 @@ $code.=<<___;
         $SUBU   $t3,$ta3,$v0
         sgtu    $v0,$t3,$ta3
         $ST     $t3,-$BNSZ($a0)
-        $ADDU   $v0,$t9
 
         .set    noreorder
-        bgtzl   $at,.L_bn_sub_words_loop
-        $LD     $t0,0($a1)
+        bgtz    $at,.L_bn_sub_words_loop
+        $ADDU   $v0,$t9
 
         beqz    $a3,.L_bn_sub_words_return
         nop
@@ -819,7 +814,7 @@ ___
 $code.=<<___;
         .set    reorder
         move    $ta3,$ra
-        bal     bn_div_words
+        bal     bn_div_words_internal
         move    $ra,$ta3
         $MULTU  $ta2,$v0
         $LD     $t2,-2*$BNSZ($a3)
@@ -840,8 +835,9 @@ $code.=<<___;
         sltu    $ta0,$a1,$a2
         or      $t8,$ta0
         .set    noreorder
-        beqzl   $at,.L_bn_div_3_words_inner_loop
+        beqz    $at,.L_bn_div_3_words_inner_loop
         $SUBU   $v0,1
+        $ADDU   $v0,1
         .set    reorder
 .L_bn_div_3_words_inner_loop_done:
         .set    noreorder
@@ -902,7 +898,8 @@ $code.=<<___;
         and     $t2,$a0
         $SRL    $at,$a1,$t1
         .set    noreorder
-        bnezl   $t2,.+8
+        beqz    $t2,.+12
+        nop
         break   6               # signal overflow
         .set    reorder
         $SLL    $a0,$t9
@@ -917,7 +914,8 @@ $code.=<<___;
         $SRL    $DH,$a2,4*$BNSZ # bits
         sgeu    $at,$a0,$a2
         .set    noreorder
-        bnezl   $at,.+8
+        beqz    $at,.+12
+        nop
         $SUBU   $a0,$a2
         .set    reorder
 
diff --git a/src/lib/libssl/src/crypto/bn/asm/modexp512-x86_64.pl b/src/lib/libssl/src/crypto/bn/asm/modexp512-x86_64.pl
index 54aeb01921..bfd6e97541 100644
--- a/src/lib/libssl/src/crypto/bn/asm/modexp512-x86_64.pl
+++ b/src/lib/libssl/src/crypto/bn/asm/modexp512-x86_64.pl
@@ -68,7 +68,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
 ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
 die "can't locate x86_64-xlate.pl";
 
-open STDOUT,"| $^X $xlate $flavour $output";
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
 
 use strict;
 my $code=".text\n\n";
diff --git a/src/lib/libssl/src/crypto/bn/asm/parisc-mont.pl b/src/lib/libssl/src/crypto/bn/asm/parisc-mont.pl
index 4a766a87fb..c02ef6f014 100644
--- a/src/lib/libssl/src/crypto/bn/asm/parisc-mont.pl
+++ b/src/lib/libssl/src/crypto/bn/asm/parisc-mont.pl
@@ -40,7 +40,7 @@
 # of arithmetic operations, most notably multiplications. It requires
 # more memory references, most notably to tp[num], but this doesn't
 # seem to exhaust memory port capacity. And indeed, dedicated PA-RISC
-# 2.0 code path, provides virtually same performance as pa-risc2[W].s:
+# 2.0 code path provides virtually same performance as pa-risc2[W].s:
 # it's ~10% better for shortest key length and ~10% worse for longest
 # one.
 #
@@ -988,6 +988,8 @@ foreach (split("\n",$code)) {
         # assemble 2.0 instructions in 32-bit mode...
         s/^\s+([a-z]+)([\S]*)\s+([\S]*)/&assemble($1,$2,$3)/e if ($BN_SZ==4);
 
+        s/\bbv\b/bve/gm if ($SIZE_T==8);
+
         print $_,"\n";
 }
 close STDOUT;
diff --git a/src/lib/libssl/src/crypto/bn/asm/x86_64-gf2m.pl b/src/lib/libssl/src/crypto/bn/asm/x86_64-gf2m.pl
index 1658acbbdd..226c66c35e 100644
--- a/src/lib/libssl/src/crypto/bn/asm/x86_64-gf2m.pl
+++ b/src/lib/libssl/src/crypto/bn/asm/x86_64-gf2m.pl
@@ -31,7 +31,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
 ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
 die "can't locate x86_64-xlate.pl";
 
-open STDOUT,"| $^X $xlate $flavour $output";
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
 
 ($lo,$hi)=("%rax","%rdx");      $a=$lo;
 ($i0,$i1)=("%rsi","%rdi");
diff --git a/src/lib/libssl/src/crypto/bn/asm/x86_64-mont.pl b/src/lib/libssl/src/crypto/bn/asm/x86_64-mont.pl
index 5d79b35e1c..17fb94c84c 100755
--- a/src/lib/libssl/src/crypto/bn/asm/x86_64-mont.pl
+++ b/src/lib/libssl/src/crypto/bn/asm/x86_64-mont.pl
@@ -40,7 +40,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
 ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
 die "can't locate x86_64-xlate.pl";
 
-open STDOUT,"| $^X $xlate $flavour $output";
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
 
 # int bn_mul_mont(
 $rp="%rdi";     # BN_ULONG *rp,
diff --git a/src/lib/libssl/src/crypto/bn/asm/x86_64-mont5.pl b/src/lib/libssl/src/crypto/bn/asm/x86_64-mont5.pl
index 057cda28aa..dae0fe2453 100755
--- a/src/lib/libssl/src/crypto/bn/asm/x86_64-mont5.pl
+++ b/src/lib/libssl/src/crypto/bn/asm/x86_64-mont5.pl
@@ -28,7 +28,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
 ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
 die "can't locate x86_64-xlate.pl";
 
-open STDOUT,"| $^X $xlate $flavour $output";
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
 
 # int bn_mul_mont_gather5(
 $rp="%rdi";     # BN_ULONG *rp,
@@ -900,8 +901,8 @@ $code.=<<___;
         jnz     .Lgather
 ___
 $code.=<<___ if ($win64);
-        movaps  %xmm6,(%rsp)
-        movaps  %xmm7,0x10(%rsp)
+        movaps  (%rsp),%xmm6
+        movaps  0x10(%rsp),%xmm7
         lea     0x28(%rsp),%rsp
 ___
 $code.=<<___;
diff --git a/src/lib/libssl/src/crypto/bn/bn_nist.c b/src/lib/libssl/src/crypto/bn/bn_nist.c
index 43caee4770..e22968d4a3 100644
--- a/src/lib/libssl/src/crypto/bn/bn_nist.c
+++ b/src/lib/libssl/src/crypto/bn/bn_nist.c
@@ -286,26 +286,25 @@ const BIGNUM *BN_get0_nist_prime_521(void)
         }
 
 
-static void nist_cp_bn_0(BN_ULONG *buf, BN_ULONG *a, int top, int max)
+static void nist_cp_bn_0(BN_ULONG *dst, const BN_ULONG *src, int top, int max)
         {
         int i;
-        BN_ULONG *_tmp1 = (buf), *_tmp2 = (a);
 
 #ifdef BN_DEBUG
         OPENSSL_assert(top <= max);
 #endif
-        for (i = (top); i != 0; i--)
-                *_tmp1++ = *_tmp2++;
-        for (i = (max) - (top); i != 0; i--)
-                *_tmp1++ = (BN_ULONG) 0;
+        for (i = 0; i < top; i++)
+                dst[i] = src[i];
+        for (; i < max; i++)
+                dst[i] = 0;
         }
 
-static void nist_cp_bn(BN_ULONG *buf, BN_ULONG *a, int top)
+static void nist_cp_bn(BN_ULONG *dst, const BN_ULONG *src, int top)
         { 
         int i;
-        BN_ULONG *_tmp1 = (buf), *_tmp2 = (a);
-        for (i = (top); i != 0; i--)
-                *_tmp1++ = *_tmp2++;
+
+        for (i = 0; i < top; i++)
+                dst[i] = src[i];
         }
 
 #if BN_BITS2 == 64
@@ -451,8 +450,9 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
          */
         mask  = 0-(PTR_SIZE_INT)bn_sub_words(c_d,r_d,_nist_p_192[0],BN_NIST_192_TOP);
         mask &= 0-(PTR_SIZE_INT)carry;
+        res   = c_d;
         res   = (BN_ULONG *)
-         (((PTR_SIZE_INT)c_d&~mask) | ((PTR_SIZE_INT)r_d&mask));
+         (((PTR_SIZE_INT)res&~mask) | ((PTR_SIZE_INT)r_d&mask));
         nist_cp_bn(r_d, res, BN_NIST_192_TOP);
         r->top = BN_NIST_192_TOP;
         bn_correct_top(r);
@@ -479,8 +479,11 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
         int     top = a->top, i;
         int     carry;
         BN_ULONG *r_d, *a_d = a->d;
-        BN_ULONG buf[BN_NIST_224_TOP],
-                 c_d[BN_NIST_224_TOP],
+        union   {
+                BN_ULONG        bn[BN_NIST_224_TOP];
+                unsigned int    ui[BN_NIST_224_TOP*sizeof(BN_ULONG)/sizeof(unsigned int)];
+                } buf;
+        BN_ULONG c_d[BN_NIST_224_TOP],
                 *res;
         PTR_SIZE_INT mask;
         union { bn_addsub_f f; PTR_SIZE_INT p; } u;
@@ -519,18 +522,18 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
         /* copy upper 256 bits of 448 bit number ... */
         nist_cp_bn_0(c_d, a_d + (BN_NIST_224_TOP-1), top - (BN_NIST_224_TOP-1), BN_NIST_224_TOP);
         /* ... and right shift by 32 to obtain upper 224 bits */
-        nist_set_224(buf, c_d, 14, 13, 12, 11, 10, 9, 8);
+        nist_set_224(buf.bn, c_d, 14, 13, 12, 11, 10, 9, 8);
         /* truncate lower part to 224 bits too */
         r_d[BN_NIST_224_TOP-1] &= BN_MASK2l;
 #else
-        nist_cp_bn_0(buf, a_d + BN_NIST_224_TOP, top - BN_NIST_224_TOP, BN_NIST_224_TOP);
+        nist_cp_bn_0(buf.bn, a_d + BN_NIST_224_TOP, top - BN_NIST_224_TOP, BN_NIST_224_TOP);
 #endif
 
 #if defined(NIST_INT64) && BN_BITS2!=64
         {
         NIST_INT64              acc;    /* accumulator */
         unsigned int            *rp=(unsigned int *)r_d;
-        const unsigned int      *bp=(const unsigned int *)buf;
+        const unsigned int      *bp=(const unsigned int *)buf.ui;
 
         acc  = rp[0];   acc -= bp[7-7];
                         acc -= bp[11-7]; rp[0] = (unsigned int)acc; acc >>= 32;
@@ -565,13 +568,13 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
         {
         BN_ULONG t_d[BN_NIST_224_TOP];
 
-        nist_set_224(t_d, buf, 10, 9, 8, 7, 0, 0, 0);
+        nist_set_224(t_d, buf.bn, 10, 9, 8, 7, 0, 0, 0);
         carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP);
-        nist_set_224(t_d, buf, 0, 13, 12, 11, 0, 0, 0);
+        nist_set_224(t_d, buf.bn, 0, 13, 12, 11, 0, 0, 0);
         carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP);
-        nist_set_224(t_d, buf, 13, 12, 11, 10, 9, 8, 7);
+        nist_set_224(t_d, buf.bn, 13, 12, 11, 10, 9, 8, 7);
         carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP);
-        nist_set_224(t_d, buf, 0, 0, 0, 0, 13, 12, 11);
+        nist_set_224(t_d, buf.bn, 0, 0, 0, 0, 13, 12, 11);
         carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP);
 
 #if BN_BITS2==64
@@ -606,7 +609,8 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
         /* otherwise it's effectively same as in BN_nist_mod_192... */
         mask  = 0-(PTR_SIZE_INT)(*u.f)(c_d,r_d,_nist_p_224[0],BN_NIST_224_TOP);
         mask &= 0-(PTR_SIZE_INT)carry;
-        res   = (BN_ULONG *)(((PTR_SIZE_INT)c_d&~mask) |
+        res   = c_d;
+        res   = (BN_ULONG *)(((PTR_SIZE_INT)res&~mask) |
          ((PTR_SIZE_INT)r_d&mask));
         nist_cp_bn(r_d, res, BN_NIST_224_TOP);
         r->top = BN_NIST_224_TOP;
@@ -805,7 +809,8 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 
         mask  = 0-(PTR_SIZE_INT)(*u.f)(c_d,r_d,_nist_p_256[0],BN_NIST_256_TOP);
         mask &= 0-(PTR_SIZE_INT)carry;
-        res   = (BN_ULONG *)(((PTR_SIZE_INT)c_d&~mask) |
+        res   = c_d;
+        res   = (BN_ULONG *)(((PTR_SIZE_INT)res&~mask) |
          ((PTR_SIZE_INT)r_d&mask));
         nist_cp_bn(r_d, res, BN_NIST_256_TOP);
         r->top = BN_NIST_256_TOP;
@@ -1026,7 +1031,8 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 
         mask  = 0-(PTR_SIZE_INT)(*u.f)(c_d,r_d,_nist_p_384[0],BN_NIST_384_TOP);
         mask &= 0-(PTR_SIZE_INT)carry;
-        res   = (BN_ULONG *)(((PTR_SIZE_INT)c_d&~mask) |
+        res   = c_d;
+        res   = (BN_ULONG *)(((PTR_SIZE_INT)res&~mask) |
          ((PTR_SIZE_INT)r_d&mask));
         nist_cp_bn(r_d, res, BN_NIST_384_TOP);
         r->top = BN_NIST_384_TOP;
@@ -1092,7 +1098,8 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 
         bn_add_words(r_d,r_d,t_d,BN_NIST_521_TOP);
         mask = 0-(PTR_SIZE_INT)bn_sub_words(t_d,r_d,_nist_p_521,BN_NIST_521_TOP);
-        res  = (BN_ULONG *)(((PTR_SIZE_INT)t_d&~mask) |
+        res  = t_d;
+        res  = (BN_ULONG *)(((PTR_SIZE_INT)res&~mask) |
          ((PTR_SIZE_INT)r_d&mask));
         nist_cp_bn(r_d,res,BN_NIST_521_TOP);
         r->top = BN_NIST_521_TOP;
diff --git a/src/lib/libssl/src/crypto/camellia/asm/cmll-x86_64.pl b/src/lib/libssl/src/crypto/camellia/asm/cmll-x86_64.pl
index 76955e4726..9f4b82fa48 100644
--- a/src/lib/libssl/src/crypto/camellia/asm/cmll-x86_64.pl
+++ b/src/lib/libssl/src/crypto/camellia/asm/cmll-x86_64.pl
@@ -40,7 +40,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
 ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
 die "can't locate x86_64-xlate.pl";
 
-open STDOUT,"| $^X $xlate $flavour $output";
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
 
 sub hi() { my $r=shift; $r =~ s/%[er]([a-d])x/%\1h/;    $r; }
 sub lo() { my $r=shift; $r =~ s/%[er]([a-d])x/%\1l/;
diff --git a/src/lib/libssl/src/crypto/cms/cms_cd.c b/src/lib/libssl/src/crypto/cms/cms_cd.c
index a5fc2c4e2b..2021688101 100644
--- a/src/lib/libssl/src/crypto/cms/cms_cd.c
+++ b/src/lib/libssl/src/crypto/cms/cms_cd.c
@@ -58,7 +58,9 @@
 #include <openssl/err.h>
 #include <openssl/cms.h>
 #include <openssl/bio.h>
+#ifndef OPENSSL_NO_COMP
 #include <openssl/comp.h>
+#endif
 #include "cms_lcl.h"
 
 DECLARE_ASN1_ITEM(CMS_CompressedData)
diff --git a/src/lib/libssl/src/crypto/cms/cms_enc.c b/src/lib/libssl/src/crypto/cms/cms_enc.c
index f873ce3794..bebeaf29c7 100644
--- a/src/lib/libssl/src/crypto/cms/cms_enc.c
+++ b/src/lib/libssl/src/crypto/cms/cms_enc.c
@@ -74,7 +74,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
         X509_ALGOR *calg = ec->contentEncryptionAlgorithm;
         unsigned char iv[EVP_MAX_IV_LENGTH], *piv = NULL;
         unsigned char *tkey = NULL;
-        size_t tkeylen;
+        size_t tkeylen = 0;
 
         int ok = 0;
 
diff --git a/src/lib/libssl/src/crypto/cms/cms_lib.c b/src/lib/libssl/src/crypto/cms/cms_lib.c
index f88e8f3b52..ba08279a04 100644
--- a/src/lib/libssl/src/crypto/cms/cms_lib.c
+++ b/src/lib/libssl/src/crypto/cms/cms_lib.c
@@ -411,9 +411,7 @@ int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
                  * algorithm  OID instead of digest.
                  */
                         || EVP_MD_pkey_type(EVP_MD_CTX_md(mtmp)) == nid)
-                        {
                         return EVP_MD_CTX_copy_ex(mctx, mtmp);
-                        }
                 chain = BIO_next(chain);
                 }
         }
@@ -467,8 +465,6 @@ int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert)
         pcerts = cms_get0_certificate_choices(cms);
         if (!pcerts)
                 return 0;
-        if (!pcerts)
-                return 0;
         for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++)
                 {
                 cch = sk_CMS_CertificateChoices_value(*pcerts, i);
diff --git a/src/lib/libssl/src/crypto/ec/ec2_mult.c b/src/lib/libssl/src/crypto/ec/ec2_mult.c
index 26f4a783fc..1c575dc47a 100644
--- a/src/lib/libssl/src/crypto/ec/ec2_mult.c
+++ b/src/lib/libssl/src/crypto/ec/ec2_mult.c
@@ -208,11 +208,15 @@ static int gf2m_Mxy(const EC_GROUP *group, const BIGNUM *x, const BIGNUM *y, BIG
         return ret;
         }
 
+
 /* Computes scalar*point and stores the result in r.
  * point can not equal r.
- * Uses algorithm 2P of
+ * Uses a modified algorithm 2P of
  *     Lopez, J. and Dahab, R.  "Fast multiplication on elliptic curves over 
  *     GF(2^m) without precomputation" (CHES '99, LNCS 1717).
+ *
+ * To protect against side-channel attack the function uses constant time swap,
+ * avoiding conditional branches.
  */
 static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
         const EC_POINT *point, BN_CTX *ctx)
@@ -246,6 +250,11 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r,
         x2 = &r->X;
         z2 = &r->Y;
 
+        bn_wexpand(x1, group->field.top);
+        bn_wexpand(z1, group->field.top);
+        bn_wexpand(x2, group->field.top);
+        bn_wexpand(z2, group->field.top);
+
         if (!BN_GF2m_mod_arr(x1, &point->X, group->poly)) goto err; /* x1 = x */
         if (!BN_one(z1)) goto err; /* z1 = 1 */
         if (!group->meth->field_sqr(group, z2, x1, ctx)) goto err; /* z2 = x1^2 = x^2 */
@@ -270,16 +279,12 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r,
                 word = scalar->d[i];
                 while (mask)
                         {
-                        if (word & mask)
-                                {
-                                if (!gf2m_Madd(group, &point->X, x1, z1, x2, z2, ctx)) goto err;
-                                if (!gf2m_Mdouble(group, x2, z2, ctx)) goto err;
-                                }
-                        else
-                                {
-                                if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err;
-                                if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err;
-                                }
+                        BN_consttime_swap(word & mask, x1, x2, group->field.top);
+                        BN_consttime_swap(word & mask, z1, z2, group->field.top);
+                        if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err;
+                        if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err;
+                        BN_consttime_swap(word & mask, x1, x2, group->field.top);
+                        BN_consttime_swap(word & mask, z1, z2, group->field.top);
                         mask >>= 1;
                         }
                 mask = BN_TBIT;
diff --git a/src/lib/libssl/src/crypto/ec/ec_ameth.c b/src/lib/libssl/src/crypto/ec/ec_ameth.c
index 83909c1853..0ce4524076 100644
--- a/src/lib/libssl/src/crypto/ec/ec_ameth.c
+++ b/src/lib/libssl/src/crypto/ec/ec_ameth.c
@@ -88,7 +88,7 @@ static int eckey_param2type(int *pptype, void **ppval, EC_KEY *ec_key)
                 if (!pstr)
                         return 0;
                 pstr->length = i2d_ECParameters(ec_key, &pstr->data);
-                if (pstr->length < 0)
+                if (pstr->length <= 0)
                         {
                         ASN1_STRING_free(pstr);
                         ECerr(EC_F_ECKEY_PARAM2TYPE, ERR_R_EC_LIB);
diff --git a/src/lib/libssl/src/crypto/ec/ec_asn1.c b/src/lib/libssl/src/crypto/ec/ec_asn1.c
index 175eec5342..145807b611 100644
--- a/src/lib/libssl/src/crypto/ec/ec_asn1.c
+++ b/src/lib/libssl/src/crypto/ec/ec_asn1.c
@@ -89,7 +89,8 @@ int EC_GROUP_get_trinomial_basis(const EC_GROUP *group, unsigned int *k)
         if (group == NULL)
                 return 0;
 
-        if (EC_GROUP_method_of(group)->group_set_curve != ec_GF2m_simple_group_set_curve
+        if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) !=
+            NID_X9_62_characteristic_two_field
             || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] == 0)))
                 {
                 ECerr(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
@@ -107,7 +108,8 @@ int EC_GROUP_get_pentanomial_basis(const EC_GROUP *group, unsigned int *k1,
         if (group == NULL)
                 return 0;
 
-        if (EC_GROUP_method_of(group)->group_set_curve != ec_GF2m_simple_group_set_curve
+        if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) !=
+            NID_X9_62_characteristic_two_field
             || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] != 0) && (group->poly[3] != 0) && (group->poly[4] == 0)))
                 {
                 ECerr(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
diff --git a/src/lib/libssl/src/crypto/ec/ec_key.c b/src/lib/libssl/src/crypto/ec/ec_key.c
index bf9fd2dc2c..7fa247593d 100644
--- a/src/lib/libssl/src/crypto/ec/ec_key.c
+++ b/src/lib/libssl/src/crypto/ec/ec_key.c
@@ -520,18 +520,27 @@ void EC_KEY_set_conv_form(EC_KEY *key, point_conversion_form_t cform)
 void *EC_KEY_get_key_method_data(EC_KEY *key,
         void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *))
         {
-        return EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func);
+        void *ret;
+
+        CRYPTO_r_lock(CRYPTO_LOCK_EC);
+        ret = EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func);
+        CRYPTO_r_unlock(CRYPTO_LOCK_EC);
+
+        return ret;
         }
 
-void EC_KEY_insert_key_method_data(EC_KEY *key, void *data,
+void *EC_KEY_insert_key_method_data(EC_KEY *key, void *data,
         void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *))
         {
         EC_EXTRA_DATA *ex_data;
+
         CRYPTO_w_lock(CRYPTO_LOCK_EC);
         ex_data = EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func);
         if (ex_data == NULL)
                 EC_EX_DATA_set_data(&key->method_data, data, dup_func, free_func, clear_free_func);
         CRYPTO_w_unlock(CRYPTO_LOCK_EC);
+
+        return ex_data;
         }
 
 void EC_KEY_set_asn1_flag(EC_KEY *key, int flag)
diff --git a/src/lib/libssl/src/crypto/ec/ec_pmeth.c b/src/lib/libssl/src/crypto/ec/ec_pmeth.c
index d1ed66c37e..66ee397d86 100644
--- a/src/lib/libssl/src/crypto/ec/ec_pmeth.c
+++ b/src/lib/libssl/src/crypto/ec/ec_pmeth.c
@@ -188,7 +188,7 @@ static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
 
         pubkey = EC_KEY_get0_public_key(ctx->peerkey->pkey.ec);
 
-        /* NB: unlike PKS#3 DH, if *outlen is less than maximum size this is
+        /* NB: unlike PKCS#3 DH, if *outlen is less than maximum size this is
          * not an error, the result is truncated.
          */
 
diff --git a/src/lib/libssl/src/crypto/ecdh/Makefile b/src/lib/libssl/src/crypto/ecdh/Makefile
index 65d8904ee8..ba05fea05c 100644
--- a/src/lib/libssl/src/crypto/ecdh/Makefile
+++ b/src/lib/libssl/src/crypto/ecdh/Makefile
@@ -84,17 +84,12 @@ ech_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 ech_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 ech_err.o: ech_err.c
 ech_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-ech_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-ech_key.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-ech_key.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-ech_key.o: ../../include/openssl/engine.h ../../include/openssl/evp.h
-ech_key.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-ech_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-ech_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-ech_key.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-ech_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-ech_key.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-ech_key.o: ../../include/openssl/x509_vfy.h ech_key.c ech_locl.h
+ech_key.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ech_key.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+ech_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+ech_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+ech_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ech_key.o: ech_key.c ech_locl.h
 ech_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 ech_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 ech_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
diff --git a/src/lib/libssl/src/crypto/ecdh/ech_key.c b/src/lib/libssl/src/crypto/ecdh/ech_key.c
index f44da9298b..2988899ea2 100644
--- a/src/lib/libssl/src/crypto/ecdh/ech_key.c
+++ b/src/lib/libssl/src/crypto/ecdh/ech_key.c
@@ -68,9 +68,6 @@
  */
 
 #include "ech_locl.h"
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
 
 int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
         EC_KEY *eckey,
diff --git a/src/lib/libssl/src/crypto/ecdh/ech_lib.c b/src/lib/libssl/src/crypto/ecdh/ech_lib.c
index dadbfd3c49..0644431b75 100644
--- a/src/lib/libssl/src/crypto/ecdh/ech_lib.c
+++ b/src/lib/libssl/src/crypto/ecdh/ech_lib.c
@@ -222,8 +222,15 @@ ECDH_DATA *ecdh_check(EC_KEY *key)
                 ecdh_data = (ECDH_DATA *)ecdh_data_new();
                 if (ecdh_data == NULL)
                         return NULL;
-                EC_KEY_insert_key_method_data(key, (void *)ecdh_data,
-                        ecdh_data_dup, ecdh_data_free, ecdh_data_free);
+                data = EC_KEY_insert_key_method_data(key, (void *)ecdh_data,
+                           ecdh_data_dup, ecdh_data_free, ecdh_data_free);
+                if (data != NULL)
+                        {
+                        /* Another thread raced us to install the key_method
+                         * data and won. */
+                        ecdh_data_free(ecdh_data);
+                        ecdh_data = (ECDH_DATA *)data;
+                        }
         }
         else
                 ecdh_data = (ECDH_DATA *)data;
diff --git a/src/lib/libssl/src/crypto/ecdsa/ecs_lib.c b/src/lib/libssl/src/crypto/ecdsa/ecs_lib.c
index e477da430b..814a6bf404 100644
--- a/src/lib/libssl/src/crypto/ecdsa/ecs_lib.c
+++ b/src/lib/libssl/src/crypto/ecdsa/ecs_lib.c
@@ -200,8 +200,15 @@ ECDSA_DATA *ecdsa_check(EC_KEY *key)
                 ecdsa_data = (ECDSA_DATA *)ecdsa_data_new();
                 if (ecdsa_data == NULL)
                         return NULL;
-                EC_KEY_insert_key_method_data(key, (void *)ecdsa_data,
-                        ecdsa_data_dup, ecdsa_data_free, ecdsa_data_free);
+                data = EC_KEY_insert_key_method_data(key, (void *)ecdsa_data,
+                           ecdsa_data_dup, ecdsa_data_free, ecdsa_data_free);
+                if (data != NULL)
+                        {
+                        /* Another thread raced us to install the key_method
+                         * data and won. */
+                        ecdsa_data_free(ecdsa_data);
+                        ecdsa_data = (ECDSA_DATA *)data;
+                        }
         }
         else
                 ecdsa_data = (ECDSA_DATA *)data;
diff --git a/src/lib/libssl/src/crypto/engine/eng_rdrand.c b/src/lib/libssl/src/crypto/engine/eng_rdrand.c
index a9ba5ae6f9..4e9e91d54b 100644
--- a/src/lib/libssl/src/crypto/engine/eng_rdrand.c
+++ b/src/lib/libssl/src/crypto/engine/eng_rdrand.c
@@ -104,6 +104,7 @@ static int bind_helper(ENGINE *e)
         {
         if (!ENGINE_set_id(e, engine_e_rdrand_id) ||
             !ENGINE_set_name(e, engine_e_rdrand_name) ||
+            !ENGINE_set_flags(e, ENGINE_FLAGS_NO_REGISTER_ALL) ||
             !ENGINE_set_init_function(e, rdrand_init) ||
             !ENGINE_set_RAND(e, &rdrand_meth) )
                 return 0;
diff --git a/src/lib/libssl/src/crypto/evp/e_aes_cbc_hmac_sha1.c b/src/lib/libssl/src/crypto/evp/e_aes_cbc_hmac_sha1.c
index 710fb79baf..fb2c884a78 100644
--- a/src/lib/libssl/src/crypto/evp/e_aes_cbc_hmac_sha1.c
+++ b/src/lib/libssl/src/crypto/evp/e_aes_cbc_hmac_sha1.c
@@ -1,5 +1,5 @@
 /* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2011-2013 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -90,6 +90,10 @@ typedef struct
         defined(_M_AMD64)       || defined(_M_X64)      || \
         defined(__INTEL__)      )
 
+#if defined(__GNUC__) && __GNUC__>=2 && !defined(PEDANTIC)
+# define BSWAP(x) ({ unsigned int r=(x); asm ("bswapl %0":"=r"(r):"0"(r)); r; })
+#endif
+
 extern unsigned int OPENSSL_ia32cap_P[2];
 #define AESNI_CAPABLE   (1<<(57-32))
 
@@ -167,6 +171,9 @@ static void sha1_update(SHA_CTX *c,const void *data,size_t len)
                 SHA1_Update(c,ptr,res);
 }
 
+#ifdef SHA1_Update
+#undef SHA1_Update
+#endif
 #define SHA1_Update sha1_update
 
 static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
@@ -184,6 +191,8 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
         sha_off = SHA_CBLOCK-key->md.num;
 #endif
 
+        key->payload_length = NO_PAYLOAD_LENGTH;
+
         if (len%AES_BLOCK_SIZE) return 0;
 
         if (ctx->encrypt) {
@@ -234,47 +243,211 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                         &key->ks,ctx->iv,1);
                 }
         } else {
-                unsigned char mac[SHA_DIGEST_LENGTH];
+                union { unsigned int  u[SHA_DIGEST_LENGTH/sizeof(unsigned int)];
+                        unsigned char c[32+SHA_DIGEST_LENGTH]; } mac, *pmac;
+
+                /* arrange cache line alignment */
+                pmac = (void *)(((size_t)mac.c+31)&((size_t)0-32));
 
                 /* decrypt HMAC|padding at once */
                 aesni_cbc_encrypt(in,out,len,
                                 &key->ks,ctx->iv,0);
 
                 if (plen) {     /* "TLS" mode of operation */
-                        /* figure out payload length */
-                        if (len<(size_t)(out[len-1]+1+SHA_DIGEST_LENGTH))
-                                return 0;
-
-                        len -= (out[len-1]+1+SHA_DIGEST_LENGTH);
+                        size_t inp_len, mask, j, i;
+                        unsigned int res, maxpad, pad, bitlen;
+                        int ret = 1;
+                        union { unsigned int  u[SHA_LBLOCK];
+                                unsigned char c[SHA_CBLOCK]; }
+                                *data = (void *)key->md.data;
 
                         if ((key->aux.tls_aad[plen-4]<<8|key->aux.tls_aad[plen-3])
-                            >= TLS1_1_VERSION) {
-                                len -= AES_BLOCK_SIZE;
+                            >= TLS1_1_VERSION)
                                 iv = AES_BLOCK_SIZE;
-                        }
 
-                        key->aux.tls_aad[plen-2] = len>>8;
-                        key->aux.tls_aad[plen-1] = len;
+                        if (len<(iv+SHA_DIGEST_LENGTH+1))
+                                return 0;
+
+                        /* omit explicit iv */
+                        out += iv;
+                        len -= iv;
+
+                        /* figure out payload length */
+                        pad = out[len-1];
+                        maxpad = len-(SHA_DIGEST_LENGTH+1);
+                        maxpad |= (255-maxpad)>>(sizeof(maxpad)*8-8);
+                        maxpad &= 255;
+
+                        inp_len = len - (SHA_DIGEST_LENGTH+pad+1);
+                        mask = (0-((inp_len-len)>>(sizeof(inp_len)*8-1)));
+                        inp_len &= mask;
+                        ret &= (int)mask;
+
+                        key->aux.tls_aad[plen-2] = inp_len>>8;
+                        key->aux.tls_aad[plen-1] = inp_len;
 
-                        /* calculate HMAC and verify it */
+                        /* calculate HMAC */
                         key->md = key->head;
                         SHA1_Update(&key->md,key->aux.tls_aad,plen);
-                        SHA1_Update(&key->md,out+iv,len);
-                        SHA1_Final(mac,&key->md);
 
+#if 1
+                        len -= SHA_DIGEST_LENGTH;               /* amend mac */
+                        if (len>=(256+SHA_CBLOCK)) {
+                                j = (len-(256+SHA_CBLOCK))&(0-SHA_CBLOCK);
+                                j += SHA_CBLOCK-key->md.num;
+                                SHA1_Update(&key->md,out,j);
+                                out += j;
+                                len -= j;
+                                inp_len -= j;
+                        }
+
+                        /* but pretend as if we hashed padded payload */
+                        bitlen = key->md.Nl+(inp_len<<3);       /* at most 18 bits */
+#ifdef BSWAP
+                        bitlen = BSWAP(bitlen);
+#else
+                        mac.c[0] = 0;
+                        mac.c[1] = (unsigned char)(bitlen>>16);
+                        mac.c[2] = (unsigned char)(bitlen>>8);
+                        mac.c[3] = (unsigned char)bitlen;
+                        bitlen = mac.u[0];
+#endif
+
+                        pmac->u[0]=0;
+                        pmac->u[1]=0;
+                        pmac->u[2]=0;
+                        pmac->u[3]=0;
+                        pmac->u[4]=0;
+
+                        for (res=key->md.num, j=0;j<len;j++) {
+                                size_t c = out[j];
+                                mask = (j-inp_len)>>(sizeof(j)*8-8);
+                                c &= mask;
+                                c |= 0x80&~mask&~((inp_len-j)>>(sizeof(j)*8-8));
+                                data->c[res++]=(unsigned char)c;
+
+                                if (res!=SHA_CBLOCK) continue;
+
+                                /* j is not incremented yet */
+                                mask = 0-((inp_len+7-j)>>(sizeof(j)*8-1));
+                                data->u[SHA_LBLOCK-1] |= bitlen&mask;
+                                sha1_block_data_order(&key->md,data,1);
+                                mask &= 0-((j-inp_len-72)>>(sizeof(j)*8-1));
+                                pmac->u[0] |= key->md.h0 & mask;
+                                pmac->u[1] |= key->md.h1 & mask;
+                                pmac->u[2] |= key->md.h2 & mask;
+                                pmac->u[3] |= key->md.h3 & mask;
+                                pmac->u[4] |= key->md.h4 & mask;
+                                res=0;
+                        }
+
+                        for(i=res;i<SHA_CBLOCK;i++,j++) data->c[i]=0;
+
+                        if (res>SHA_CBLOCK-8) {
+                                mask = 0-((inp_len+8-j)>>(sizeof(j)*8-1));
+                                data->u[SHA_LBLOCK-1] |= bitlen&mask;
+                                sha1_block_data_order(&key->md,data,1);
+                                mask &= 0-((j-inp_len-73)>>(sizeof(j)*8-1));
+                                pmac->u[0] |= key->md.h0 & mask;
+                                pmac->u[1] |= key->md.h1 & mask;
+                                pmac->u[2] |= key->md.h2 & mask;
+                                pmac->u[3] |= key->md.h3 & mask;
+                                pmac->u[4] |= key->md.h4 & mask;
+
+                                memset(data,0,SHA_CBLOCK);
+                                j+=64;
+                        }
+                        data->u[SHA_LBLOCK-1] = bitlen;
+                        sha1_block_data_order(&key->md,data,1);
+                        mask = 0-((j-inp_len-73)>>(sizeof(j)*8-1));
+                        pmac->u[0] |= key->md.h0 & mask;
+                        pmac->u[1] |= key->md.h1 & mask;
+                        pmac->u[2] |= key->md.h2 & mask;
+                        pmac->u[3] |= key->md.h3 & mask;
+                        pmac->u[4] |= key->md.h4 & mask;
+
+#ifdef BSWAP
+                        pmac->u[0] = BSWAP(pmac->u[0]);
+                        pmac->u[1] = BSWAP(pmac->u[1]);
+                        pmac->u[2] = BSWAP(pmac->u[2]);
+                        pmac->u[3] = BSWAP(pmac->u[3]);
+                        pmac->u[4] = BSWAP(pmac->u[4]);
+#else
+                        for (i=0;i<5;i++) {
+                                res = pmac->u[i];
+                                pmac->c[4*i+0]=(unsigned char)(res>>24);
+                                pmac->c[4*i+1]=(unsigned char)(res>>16);
+                                pmac->c[4*i+2]=(unsigned char)(res>>8);
+                                pmac->c[4*i+3]=(unsigned char)res;
+                        }
+#endif
+                        len += SHA_DIGEST_LENGTH;
+#else
+                        SHA1_Update(&key->md,out,inp_len);
+                        res = key->md.num;
+                        SHA1_Final(pmac->c,&key->md);
+
+                        {
+                        unsigned int inp_blocks, pad_blocks;
+
+                        /* but pretend as if we hashed padded payload */
+                        inp_blocks = 1+((SHA_CBLOCK-9-res)>>(sizeof(res)*8-1));
+                        res += (unsigned int)(len-inp_len);
+                        pad_blocks = res / SHA_CBLOCK;
+                        res %= SHA_CBLOCK;
+                        pad_blocks += 1+((SHA_CBLOCK-9-res)>>(sizeof(res)*8-1));
+                        for (;inp_blocks<pad_blocks;inp_blocks++)
+                                sha1_block_data_order(&key->md,data,1);
+                        }
+#endif
                         key->md = key->tail;
-                        SHA1_Update(&key->md,mac,SHA_DIGEST_LENGTH);
-                        SHA1_Final(mac,&key->md);
+                        SHA1_Update(&key->md,pmac->c,SHA_DIGEST_LENGTH);
+                        SHA1_Final(pmac->c,&key->md);
 
-                        if (memcmp(out+iv+len,mac,SHA_DIGEST_LENGTH))
-                                return 0;
+                        /* verify HMAC */
+                        out += inp_len;
+                        len -= inp_len;
+#if 1
+                        {
+                        unsigned char *p = out+len-1-maxpad-SHA_DIGEST_LENGTH;
+                        size_t off = out-p;
+                        unsigned int c, cmask;
+
+                        maxpad += SHA_DIGEST_LENGTH;
+                        for (res=0,i=0,j=0;j<maxpad;j++) {
+                                c = p[j];
+                                cmask = ((int)(j-off-SHA_DIGEST_LENGTH))>>(sizeof(int)*8-1);
+                                res |= (c^pad)&~cmask;  /* ... and padding */
+                                cmask &= ((int)(off-1-j))>>(sizeof(int)*8-1);
+                                res |= (c^pmac->c[i])&cmask;
+                                i += 1&cmask;
+                        }
+                        maxpad -= SHA_DIGEST_LENGTH;
+
+                        res = 0-((0-res)>>(sizeof(res)*8-1));
+                        ret &= (int)~res;
+                        }
+#else
+                        for (res=0,i=0;i<SHA_DIGEST_LENGTH;i++)
+                                res |= out[i]^pmac->c[i];
+                        res = 0-((0-res)>>(sizeof(res)*8-1));
+                        ret &= (int)~res;
+
+                        /* verify padding */
+                        pad = (pad&~res) | (maxpad&res);
+                        out = out+len-1-pad;
+                        for (res=0,i=0;i<pad;i++)
+                                res |= out[i]^pad;
+
+                        res = (0-res)>>(sizeof(res)*8-1);
+                        ret &= (int)~res;
+#endif
+                        return ret;
                 } else {
                         SHA1_Update(&key->md,out,len);
                 }
         }
 
-        key->payload_length = NO_PAYLOAD_LENGTH;
-
         return 1;
         }
 
@@ -309,6 +482,8 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void
                 SHA1_Init(&key->tail);
                 SHA1_Update(&key->tail,hmac_key,sizeof(hmac_key));
 
+                OPENSSL_cleanse(hmac_key,sizeof(hmac_key));
+
                 return 1;
                 }
         case EVP_CTRL_AEAD_TLS1_AAD:
diff --git a/src/lib/libssl/src/crypto/md5/asm/md5-x86_64.pl b/src/lib/libssl/src/crypto/md5/asm/md5-x86_64.pl
index 867885435e..f11224d172 100755
--- a/src/lib/libssl/src/crypto/md5/asm/md5-x86_64.pl
+++ b/src/lib/libssl/src/crypto/md5/asm/md5-x86_64.pl
@@ -120,7 +120,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; my $dir=$1; my $xlate;
 die "can't locate x86_64-xlate.pl";
 
 no warnings qw(uninitialized);
-open STDOUT,"| $^X $xlate $flavour $output";
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
 
 $code .= <<EOF;
 .text
diff --git a/src/lib/libssl/src/crypto/mdc2/mdc2dgst.c b/src/lib/libssl/src/crypto/mdc2/mdc2dgst.c
index b74bb1a759..d66ed6a1c6 100644
--- a/src/lib/libssl/src/crypto/mdc2/mdc2dgst.c
+++ b/src/lib/libssl/src/crypto/mdc2/mdc2dgst.c
@@ -59,9 +59,9 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <openssl/crypto.h>
 #include <openssl/des.h>
 #include <openssl/mdc2.h>
-#include <openssl/crypto.h>
 
 #undef c2l
 #define c2l(c,l)        (l =((DES_LONG)(*((c)++)))    , \
diff --git a/src/lib/libssl/src/crypto/modes/Makefile b/src/lib/libssl/src/crypto/modes/Makefile
index c825b12f25..3d8bafd571 100644
--- a/src/lib/libssl/src/crypto/modes/Makefile
+++ b/src/lib/libssl/src/crypto/modes/Makefile
@@ -53,7 +53,10 @@ ghash-x86_64.s:	asm/ghash-x86_64.pl
 ghash-sparcv9.s:        asm/ghash-sparcv9.pl
         $(PERL) asm/ghash-sparcv9.pl $@ $(CFLAGS)
 ghash-alpha.s:  asm/ghash-alpha.pl
-        $(PERL) $< | $(CC) -E - | tee $@ > /dev/null
+        (preproc=/tmp/$$$$.$@; trap "rm $$preproc" INT; \
+        $(PERL) asm/ghash-alpha.pl > $$preproc && \
+        $(CC) -E $$preproc > $@ && rm $$preproc)
+
 ghash-parisc.s: asm/ghash-parisc.pl
         $(PERL) asm/ghash-parisc.pl $(PERLASM_SCHEME) $@
 
diff --git a/src/lib/libssl/src/crypto/modes/asm/ghash-alpha.pl b/src/lib/libssl/src/crypto/modes/asm/ghash-alpha.pl
index 6358b2750f..aa36029386 100644
--- a/src/lib/libssl/src/crypto/modes/asm/ghash-alpha.pl
+++ b/src/lib/libssl/src/crypto/modes/asm/ghash-alpha.pl
@@ -266,8 +266,8 @@ gcm_gmult_4bit:
         ldq     $Xlo,8($Xi)
         ldq     $Xhi,0($Xi)
 
-        br      $rem_4bit,.Lpic1
-.Lpic1: lda     $rem_4bit,rem_4bit-.Lpic1($rem_4bit)
+        bsr     $t0,picmeup
+        nop
 ___
 
         &loop();
@@ -341,8 +341,8 @@ gcm_ghash_4bit:
         ldq     $Xhi,0($Xi)
         ldq     $Xlo,8($Xi)
 
-        br      $rem_4bit,.Lpic2
-.Lpic2: lda     $rem_4bit,rem_4bit-.Lpic2($rem_4bit)
+        bsr     $t0,picmeup
+        nop
 
 .Louter:
         extql   $inhi,$inp,$inhi
@@ -436,11 +436,20 @@ $code.=<<___;
 .end    gcm_ghash_4bit
 
 .align  4
+.ent    picmeup
+picmeup:
+        .frame  sp,0,$t0
+        .prologue 0
+        br      $rem_4bit,.Lpic
+.Lpic:  lda     $rem_4bit,12($rem_4bit)
+        ret     ($t0)
+.end    picmeup
+        nop
 rem_4bit:
-        .quad   0x0000<<48, 0x1C20<<48, 0x3840<<48, 0x2460<<48
-        .quad   0x7080<<48, 0x6CA0<<48, 0x48C0<<48, 0x54E0<<48
-        .quad   0xE100<<48, 0xFD20<<48, 0xD940<<48, 0xC560<<48
-        .quad   0x9180<<48, 0x8DA0<<48, 0xA9C0<<48, 0xB5E0<<48
+        .long   0,0x0000<<16, 0,0x1C20<<16, 0,0x3840<<16, 0,0x2460<<16
+        .long   0,0x7080<<16, 0,0x6CA0<<16, 0,0x48C0<<16, 0,0x54E0<<16
+        .long   0,0xE100<<16, 0,0xFD20<<16, 0,0xD940<<16, 0,0xC560<<16
+        .long   0,0x9180<<16, 0,0x8DA0<<16, 0,0xA9C0<<16, 0,0xB5E0<<16
 .ascii  "GHASH for Alpha, CRYPTOGAMS by <appro\@openssl.org>"
 .align  4
 
diff --git a/src/lib/libssl/src/crypto/modes/asm/ghash-parisc.pl b/src/lib/libssl/src/crypto/modes/asm/ghash-parisc.pl
index 8c7454ee93..d5ad96b403 100644
--- a/src/lib/libssl/src/crypto/modes/asm/ghash-parisc.pl
+++ b/src/lib/libssl/src/crypto/modes/asm/ghash-parisc.pl
@@ -724,6 +724,7 @@ foreach (split("\n",$code)) {
                 s/cmpb,\*/comb,/;
                 s/,\*/,/;
         }
+        s/\bbv\b/bve/   if ($SIZE_T==8);
         print $_,"\n";
 }
 
diff --git a/src/lib/libssl/src/crypto/modes/asm/ghash-x86.pl b/src/lib/libssl/src/crypto/modes/asm/ghash-x86.pl
index 6b09669d47..83c727e07f 100644
--- a/src/lib/libssl/src/crypto/modes/asm/ghash-x86.pl
+++ b/src/lib/libssl/src/crypto/modes/asm/ghash-x86.pl
@@ -635,7 +635,7 @@ sub mmx_loop() {
     { my @lo  = ("mm0","mm1","mm2");
       my @hi  = ("mm3","mm4","mm5");
       my @tmp = ("mm6","mm7");
-      my $off1=0,$off2=0,$i;
+      my ($off1,$off2,$i) = (0,0,);
 
       &add      ($Htbl,128);                    # optimize for size
       &lea      ("edi",&DWP(16+128,"esp"));
@@ -883,7 +883,7 @@ sub reduction_alg9 {	# 17/13 times faster than Intel version
 my ($Xhi,$Xi) = @_;
 
         # 1st phase
-        &movdqa         ($T1,$Xi)               #
+        &movdqa         ($T1,$Xi);              #
         &psllq          ($Xi,1);
         &pxor           ($Xi,$T1);              #
         &psllq          ($Xi,5);                #
@@ -1019,7 +1019,7 @@ my ($Xhi,$Xi) = @_;
         &movdqa         ($Xhn,$Xn);
          &pxor          ($Xhi,$T1);             # "Ii+Xi", consume early
 
-          &movdqa       ($T1,$Xi)               #&reduction_alg9($Xhi,$Xi); 1st phase
+          &movdqa       ($T1,$Xi);              #&reduction_alg9($Xhi,$Xi); 1st phase
           &psllq        ($Xi,1);
           &pxor         ($Xi,$T1);              #
           &psllq        ($Xi,5);                #
diff --git a/src/lib/libssl/src/crypto/modes/asm/ghash-x86_64.pl b/src/lib/libssl/src/crypto/modes/asm/ghash-x86_64.pl
index a5ae180882..38d779edbc 100644
--- a/src/lib/libssl/src/crypto/modes/asm/ghash-x86_64.pl
+++ b/src/lib/libssl/src/crypto/modes/asm/ghash-x86_64.pl
@@ -50,7 +50,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
 ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
 die "can't locate x86_64-xlate.pl";
 
-open STDOUT,"| $^X $xlate $flavour $output";
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
 
 # common register layout
 $nlo="%rax";
diff --git a/src/lib/libssl/src/crypto/modes/cbc128.c b/src/lib/libssl/src/crypto/modes/cbc128.c
index 3d3782cbe1..0e54f75470 100644
--- a/src/lib/libssl/src/crypto/modes/cbc128.c
+++ b/src/lib/libssl/src/crypto/modes/cbc128.c
@@ -117,7 +117,7 @@ void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out,
                         unsigned char ivec[16], block128_f block)
 {
         size_t n;
-        union { size_t align; unsigned char c[16]; } tmp;
+        union { size_t t[16/sizeof(size_t)]; unsigned char c[16]; } tmp;
 
         assert(in && out && key && ivec);
 
@@ -137,11 +137,13 @@ void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out,
                                 out += 16;
                         }
                 }
-                else {
+                else  if (16%sizeof(size_t) == 0) { /* always true */
                         while (len>=16) {
+                                size_t *out_t=(size_t *)out, *iv_t=(size_t *)iv;
+
                                 (*block)(in, out, key);
-                                for(n=0; n<16; n+=sizeof(size_t))
-                                        *(size_t *)(out+n) ^= *(size_t *)(iv+n);
+                                for(n=0; n<16/sizeof(size_t); n++)
+                                        out_t[n] ^= iv_t[n];
                                 iv = in;
                                 len -= 16;
                                 in  += 16;
@@ -165,15 +167,16 @@ void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out,
                                 out += 16;
                         }
                 }
-                else {
-                        size_t c;
+                else if (16%sizeof(size_t) == 0) { /* always true */
                         while (len>=16) {
+                                size_t c, *out_t=(size_t *)out, *ivec_t=(size_t *)ivec;
+                                const size_t *in_t=(const size_t *)in;
+
                                 (*block)(in, tmp.c, key);
-                                for(n=0; n<16; n+=sizeof(size_t)) {
-                                        c = *(size_t *)(in+n);
-                                        *(size_t *)(out+n) =
-                                        *(size_t *)(tmp.c+n) ^ *(size_t *)(ivec+n);
-                                        *(size_t *)(ivec+n) = c;
+                                for(n=0; n<16/sizeof(size_t); n++) {
+                                        c = in_t[n];
+                                        out_t[n] = tmp.t[n] ^ ivec_t[n];
+                                        ivec_t[n] = c;
                                 }
                                 len -= 16;
                                 in  += 16;
diff --git a/src/lib/libssl/src/crypto/modes/ccm128.c b/src/lib/libssl/src/crypto/modes/ccm128.c
index c9b35e5b35..3ce11d0d98 100644
--- a/src/lib/libssl/src/crypto/modes/ccm128.c
+++ b/src/lib/libssl/src/crypto/modes/ccm128.c
@@ -87,7 +87,7 @@ int CRYPTO_ccm128_setiv(CCM128_CONTEXT *ctx,
                 ctx->nonce.c[11] = (u8)(mlen>>(32%(sizeof(mlen)*8)));
         }
         else
-                *(u32*)(&ctx->nonce.c[8]) = 0;
+                ctx->nonce.u[1] = 0;
 
         ctx->nonce.c[12] = (u8)(mlen>>24);
         ctx->nonce.c[13] = (u8)(mlen>>16);
diff --git a/src/lib/libssl/src/crypto/modes/cts128.c b/src/lib/libssl/src/crypto/modes/cts128.c
index c0e1f3696c..2d583de6f6 100644
--- a/src/lib/libssl/src/crypto/modes/cts128.c
+++ b/src/lib/libssl/src/crypto/modes/cts128.c
@@ -108,12 +108,8 @@ size_t CRYPTO_cts128_encrypt(const unsigned char *in, unsigned char *out,
         (*cbc)(in,out-16,residue,key,ivec,1);
         memcpy(out,tmp.c,residue);
 #else
-        {
-        size_t n;
-        for (n=0; n<16; n+=sizeof(size_t))
-                *(size_t *)(tmp.c+n) = 0;
+        memset(tmp.c,0,sizeof(tmp));
         memcpy(tmp.c,in,residue);
-        }
         memcpy(out,out-16,residue);
         (*cbc)(tmp.c,out-16,16,key,ivec,1);
 #endif
@@ -144,12 +140,8 @@ size_t CRYPTO_nistcts128_encrypt(const unsigned char *in, unsigned char *out,
 #if defined(CBC_HANDLES_TRUNCATED_IO)
         (*cbc)(in,out-16+residue,residue,key,ivec,1);
 #else
-        {
-        size_t n;
-        for (n=0; n<16; n+=sizeof(size_t))
-                *(size_t *)(tmp.c+n) = 0;
+        memset(tmp.c,0,sizeof(tmp));
         memcpy(tmp.c,in,residue);
-        }
         (*cbc)(tmp.c,out-16+residue,16,key,ivec,1);
 #endif
         return len+residue;
@@ -177,8 +169,7 @@ size_t CRYPTO_cts128_decrypt_block(const unsigned char *in, unsigned char *out,
 
         (*block)(in,tmp.c+16,key);
 
-        for (n=0; n<16; n+=sizeof(size_t))
-                *(size_t *)(tmp.c+n) = *(size_t *)(tmp.c+16+n);
+        memcpy(tmp.c,tmp.c+16,16);
         memcpy(tmp.c,in+16,residue);
         (*block)(tmp.c,tmp.c,key);
 
@@ -220,8 +211,7 @@ size_t CRYPTO_nistcts128_decrypt_block(const unsigned char *in, unsigned char *o
 
         (*block)(in+residue,tmp.c+16,key);
 
-        for (n=0; n<16; n+=sizeof(size_t))
-                *(size_t *)(tmp.c+n) = *(size_t *)(tmp.c+16+n);
+        memcpy(tmp.c,tmp.c+16,16);
         memcpy(tmp.c,in,residue);
         (*block)(tmp.c,tmp.c,key);
 
@@ -240,7 +230,7 @@ size_t CRYPTO_nistcts128_decrypt_block(const unsigned char *in, unsigned char *o
 size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out,
                         size_t len, const void *key,
                         unsigned char ivec[16], cbc128_f cbc)
-{       size_t residue, n;
+{       size_t residue;
         union { size_t align; unsigned char c[32]; } tmp;
 
         assert (in && out && key && ivec);
@@ -257,8 +247,7 @@ size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out,
                 out += len;
         }
 
-        for (n=16; n<32; n+=sizeof(size_t))
-                *(size_t *)(tmp.c+n) = 0;
+        memset(tmp.c,0,sizeof(tmp));
         /* this places in[16] at &tmp.c[16] and decrypted block at &tmp.c[0] */
         (*cbc)(in,tmp.c,16,key,tmp.c+16,0);
 
@@ -275,7 +264,7 @@ size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out,
 size_t CRYPTO_nistcts128_decrypt(const unsigned char *in, unsigned char *out,
                         size_t len, const void *key,
                         unsigned char ivec[16], cbc128_f cbc)
-{       size_t residue, n;
+{       size_t residue;
         union { size_t align; unsigned char c[32]; } tmp;
 
         assert (in && out && key && ivec);
@@ -297,8 +286,7 @@ size_t CRYPTO_nistcts128_decrypt(const unsigned char *in, unsigned char *out,
                 out += len;
         }
 
-        for (n=16; n<32; n+=sizeof(size_t))
-                *(size_t *)(tmp.c+n) = 0;
+        memset(tmp.c,0,sizeof(tmp));
         /* this places in[16] at &tmp.c[16] and decrypted block at &tmp.c[0] */
         (*cbc)(in+residue,tmp.c,16,key,tmp.c+16,0);
 
diff --git a/src/lib/libssl/src/crypto/modes/gcm128.c b/src/lib/libssl/src/crypto/modes/gcm128.c
index 7d6d034970..e1dc2b0f47 100644
--- a/src/lib/libssl/src/crypto/modes/gcm128.c
+++ b/src/lib/libssl/src/crypto/modes/gcm128.c
@@ -723,7 +723,7 @@ void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx,void *key,block128_f block)
 #  endif
         gcm_init_4bit(ctx->Htable,ctx->H.u);
 #  if   defined(GHASH_ASM_X86)                  /* x86 only */
-#   if defined(OPENSSL_IA32_SSE2)
+#   if  defined(OPENSSL_IA32_SSE2)
         if (OPENSSL_ia32cap_P[0]&(1<<25)) {     /* check SSE bit */
 #   else
         if (OPENSSL_ia32cap_P[0]&(1<<23)) {     /* check MMX bit */
@@ -810,7 +810,11 @@ void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx,const unsigned char *iv,size_t len)
                 GCM_MUL(ctx,Yi);
 
                 if (is_endian.little)
+#ifdef BSWAP4
+                        ctr = BSWAP4(ctx->Yi.d[3]);
+#else
                         ctr = GETU32(ctx->Yi.c+12);
+#endif
                 else
                         ctr = ctx->Yi.d[3];
         }
@@ -818,7 +822,11 @@ void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx,const unsigned char *iv,size_t len)
         (*ctx->block)(ctx->Yi.c,ctx->EK0.c,ctx->key);
         ++ctr;
         if (is_endian.little)
+#ifdef BSWAP4
+                ctx->Yi.d[3] = BSWAP4(ctr);
+#else
                 PUTU32(ctx->Yi.c+12,ctr);
+#endif
         else
                 ctx->Yi.d[3] = ctr;
 }
@@ -913,7 +921,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
         }
 
         if (is_endian.little)
+#ifdef BSWAP4
+                ctr = BSWAP4(ctx->Yi.d[3]);
+#else
                 ctr = GETU32(ctx->Yi.c+12);
+#endif
         else
                 ctr = ctx->Yi.d[3];
 
@@ -941,15 +953,21 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
                     size_t j=GHASH_CHUNK;
 
                     while (j) {
+                        size_t *out_t=(size_t *)out;
+                        const size_t *in_t=(const size_t *)in;
+
                         (*block)(ctx->Yi.c,ctx->EKi.c,key);
                         ++ctr;
                         if (is_endian.little)
+#ifdef BSWAP4
+                                ctx->Yi.d[3] = BSWAP4(ctr);
+#else
                                 PUTU32(ctx->Yi.c+12,ctr);
+#endif
                         else
                                 ctx->Yi.d[3] = ctr;
-                        for (i=0; i<16; i+=sizeof(size_t))
-                                *(size_t *)(out+i) =
-                                *(size_t *)(in+i)^*(size_t *)(ctx->EKi.c+i);
+                        for (i=0; i<16/sizeof(size_t); ++i)
+                                out_t[i] = in_t[i] ^ ctx->EKi.t[i];
                         out += 16;
                         in  += 16;
                         j   -= 16;
@@ -961,15 +979,21 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
                     size_t j=i;
 
                     while (len>=16) {
+                        size_t *out_t=(size_t *)out;
+                        const size_t *in_t=(const size_t *)in;
+
                         (*block)(ctx->Yi.c,ctx->EKi.c,key);
                         ++ctr;
                         if (is_endian.little)
+#ifdef BSWAP4
+                                ctx->Yi.d[3] = BSWAP4(ctr);
+#else
                                 PUTU32(ctx->Yi.c+12,ctr);
+#endif
                         else
                                 ctx->Yi.d[3] = ctr;
-                        for (i=0; i<16; i+=sizeof(size_t))
-                                *(size_t *)(out+i) =
-                                *(size_t *)(in+i)^*(size_t *)(ctx->EKi.c+i);
+                        for (i=0; i<16/sizeof(size_t); ++i)
+                                out_t[i] = in_t[i] ^ ctx->EKi.t[i];
                         out += 16;
                         in  += 16;
                         len -= 16;
@@ -978,16 +1002,22 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
                 }
 #else
                 while (len>=16) {
+                        size_t *out_t=(size_t *)out;
+                        const size_t *in_t=(const size_t *)in;
+
                         (*block)(ctx->Yi.c,ctx->EKi.c,key);
                         ++ctr;
                         if (is_endian.little)
+#ifdef BSWAP4
+                                ctx->Yi.d[3] = BSWAP4(ctr);
+#else
                                 PUTU32(ctx->Yi.c+12,ctr);
+#endif
                         else
                                 ctx->Yi.d[3] = ctr;
-                        for (i=0; i<16; i+=sizeof(size_t))
-                                *(size_t *)(ctx->Xi.c+i) ^=
-                                *(size_t *)(out+i) =
-                                *(size_t *)(in+i)^*(size_t *)(ctx->EKi.c+i);
+                        for (i=0; i<16/sizeof(size_t); ++i)
+                                ctx->Xi.t[i] ^=
+                                out_t[i] = in_t[i]^ctx->EKi.t[i];
                         GCM_MUL(ctx,Xi);
                         out += 16;
                         in  += 16;
@@ -998,7 +1028,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
                         (*block)(ctx->Yi.c,ctx->EKi.c,key);
                         ++ctr;
                         if (is_endian.little)
+#ifdef BSWAP4
+                                ctx->Yi.d[3] = BSWAP4(ctr);
+#else
                                 PUTU32(ctx->Yi.c+12,ctr);
+#endif
                         else
                                 ctx->Yi.d[3] = ctr;
                         while (len--) {
@@ -1016,7 +1050,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
                         (*block)(ctx->Yi.c,ctx->EKi.c,key);
                         ++ctr;
                         if (is_endian.little)
+#ifdef BSWAP4
+                                ctx->Yi.d[3] = BSWAP4(ctr);
+#else
                                 PUTU32(ctx->Yi.c+12,ctr);
+#endif
                         else
                                 ctx->Yi.d[3] = ctr;
                 }
@@ -1060,7 +1098,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
         }
 
         if (is_endian.little)
+#ifdef BSWAP4
+                ctr = BSWAP4(ctx->Yi.d[3]);
+#else
                 ctr = GETU32(ctx->Yi.c+12);
+#endif
         else
                 ctr = ctx->Yi.d[3];
 
@@ -1091,15 +1133,21 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
 
                     GHASH(ctx,in,GHASH_CHUNK);
                     while (j) {
+                        size_t *out_t=(size_t *)out;
+                        const size_t *in_t=(const size_t *)in;
+
                         (*block)(ctx->Yi.c,ctx->EKi.c,key);
                         ++ctr;
                         if (is_endian.little)
+#ifdef BSWAP4
+                                ctx->Yi.d[3] = BSWAP4(ctr);
+#else
                                 PUTU32(ctx->Yi.c+12,ctr);
+#endif
                         else
                                 ctx->Yi.d[3] = ctr;
-                        for (i=0; i<16; i+=sizeof(size_t))
-                                *(size_t *)(out+i) =
-                                *(size_t *)(in+i)^*(size_t *)(ctx->EKi.c+i);
+                        for (i=0; i<16/sizeof(size_t); ++i)
+                                out_t[i] = in_t[i]^ctx->EKi.t[i];
                         out += 16;
                         in  += 16;
                         j   -= 16;
@@ -1109,15 +1157,21 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
                 if ((i = (len&(size_t)-16))) {
                     GHASH(ctx,in,i);
                     while (len>=16) {
+                        size_t *out_t=(size_t *)out;
+                        const size_t *in_t=(const size_t *)in;
+
                         (*block)(ctx->Yi.c,ctx->EKi.c,key);
                         ++ctr;
                         if (is_endian.little)
+#ifdef BSWAP4
+                                ctx->Yi.d[3] = BSWAP4(ctr);
+#else
                                 PUTU32(ctx->Yi.c+12,ctr);
+#endif
                         else
                                 ctx->Yi.d[3] = ctr;
-                        for (i=0; i<16; i+=sizeof(size_t))
-                                *(size_t *)(out+i) =
-                                *(size_t *)(in+i)^*(size_t *)(ctx->EKi.c+i);
+                        for (i=0; i<16/sizeof(size_t); ++i)
+                                out_t[i] = in_t[i]^ctx->EKi.t[i];
                         out += 16;
                         in  += 16;
                         len -= 16;
@@ -1125,16 +1179,23 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
                 }
 #else
                 while (len>=16) {
+                        size_t *out_t=(size_t *)out;
+                        const size_t *in_t=(const size_t *)in;
+
                         (*block)(ctx->Yi.c,ctx->EKi.c,key);
                         ++ctr;
                         if (is_endian.little)
+#ifdef BSWAP4
+                                ctx->Yi.d[3] = BSWAP4(ctr);
+#else
                                 PUTU32(ctx->Yi.c+12,ctr);
+#endif
                         else
                                 ctx->Yi.d[3] = ctr;
-                        for (i=0; i<16; i+=sizeof(size_t)) {
-                                size_t c = *(size_t *)(in+i);
-                                *(size_t *)(out+i) = c^*(size_t *)(ctx->EKi.c+i);
-                                *(size_t *)(ctx->Xi.c+i) ^= c;
+                        for (i=0; i<16/sizeof(size_t); ++i) {
+                                size_t c = in[i];
+                                out[i] = c^ctx->EKi.t[i];
+                                ctx->Xi.t[i] ^= c;
                         }
                         GCM_MUL(ctx,Xi);
                         out += 16;
@@ -1146,7 +1207,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
                         (*block)(ctx->Yi.c,ctx->EKi.c,key);
                         ++ctr;
                         if (is_endian.little)
+#ifdef BSWAP4
+                                ctx->Yi.d[3] = BSWAP4(ctr);
+#else
                                 PUTU32(ctx->Yi.c+12,ctr);
+#endif
                         else
                                 ctx->Yi.d[3] = ctr;
                         while (len--) {
@@ -1167,7 +1232,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
                         (*block)(ctx->Yi.c,ctx->EKi.c,key);
                         ++ctr;
                         if (is_endian.little)
+#ifdef BSWAP4
+                                ctx->Yi.d[3] = BSWAP4(ctr);
+#else
                                 PUTU32(ctx->Yi.c+12,ctr);
+#endif
                         else
                                 ctx->Yi.d[3] = ctr;
                 }
@@ -1212,7 +1281,11 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
         }
 
         if (is_endian.little)
+#ifdef BSWAP4
+                ctr = BSWAP4(ctx->Yi.d[3]);
+#else
                 ctr = GETU32(ctx->Yi.c+12);
+#endif
         else
                 ctr = ctx->Yi.d[3];
 
@@ -1234,7 +1307,11 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
                 (*stream)(in,out,GHASH_CHUNK/16,key,ctx->Yi.c);
                 ctr += GHASH_CHUNK/16;
                 if (is_endian.little)
+#ifdef BSWAP4
+                        ctx->Yi.d[3] = BSWAP4(ctr);
+#else
                         PUTU32(ctx->Yi.c+12,ctr);
+#endif
                 else
                         ctx->Yi.d[3] = ctr;
                 GHASH(ctx,out,GHASH_CHUNK);
@@ -1249,7 +1326,11 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
                 (*stream)(in,out,j,key,ctx->Yi.c);
                 ctr += (unsigned int)j;
                 if (is_endian.little)
+#ifdef BSWAP4
+                        ctx->Yi.d[3] = BSWAP4(ctr);
+#else
                         PUTU32(ctx->Yi.c+12,ctr);
+#endif
                 else
                         ctx->Yi.d[3] = ctr;
                 in  += i;
@@ -1269,7 +1350,11 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
                 (*ctx->block)(ctx->Yi.c,ctx->EKi.c,key);
                 ++ctr;
                 if (is_endian.little)
+#ifdef BSWAP4
+                        ctx->Yi.d[3] = BSWAP4(ctr);
+#else
                         PUTU32(ctx->Yi.c+12,ctr);
+#endif
                 else
                         ctx->Yi.d[3] = ctr;
                 while (len--) {
@@ -1311,7 +1396,11 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
         }
 
         if (is_endian.little)
+#ifdef BSWAP4
+                ctr = BSWAP4(ctx->Yi.d[3]);
+#else
                 ctr = GETU32(ctx->Yi.c+12);
+#endif
         else
                 ctr = ctx->Yi.d[3];
 
@@ -1336,7 +1425,11 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
                 (*stream)(in,out,GHASH_CHUNK/16,key,ctx->Yi.c);
                 ctr += GHASH_CHUNK/16;
                 if (is_endian.little)
+#ifdef BSWAP4
+                        ctx->Yi.d[3] = BSWAP4(ctr);
+#else
                         PUTU32(ctx->Yi.c+12,ctr);
+#endif
                 else
                         ctx->Yi.d[3] = ctr;
                 out += GHASH_CHUNK;
@@ -1362,7 +1455,11 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
                 (*stream)(in,out,j,key,ctx->Yi.c);
                 ctr += (unsigned int)j;
                 if (is_endian.little)
+#ifdef BSWAP4
+                        ctx->Yi.d[3] = BSWAP4(ctr);
+#else
                         PUTU32(ctx->Yi.c+12,ctr);
+#endif
                 else
                         ctx->Yi.d[3] = ctr;
                 out += i;
@@ -1373,7 +1470,11 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
                 (*ctx->block)(ctx->Yi.c,ctx->EKi.c,key);
                 ++ctr;
                 if (is_endian.little)
+#ifdef BSWAP4
+                        ctx->Yi.d[3] = BSWAP4(ctr);
+#else
                         PUTU32(ctx->Yi.c+12,ctr);
+#endif
                 else
                         ctx->Yi.d[3] = ctr;
                 while (len--) {
@@ -1398,7 +1499,7 @@ int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx,const unsigned char *tag,
         void (*gcm_gmult_p)(u64 Xi[2],const u128 Htable[16])    = ctx->gmult;
 #endif
 
-        if (ctx->mres)
+        if (ctx->mres || ctx->ares)
                 GCM_MUL(ctx,Xi);
 
         if (is_endian.little) {
@@ -1669,6 +1770,46 @@ static const u8	IV18[]={0x93,0x13,0x22,0x5d,0xf8,0x84,0x06,0xe5,0x55,0x90,0x9c,0
                         0xa2,0x41,0x89,0x97,0x20,0x0e,0xf8,0x2e,0x44,0xae,0x7e,0x3f},
                 T18[]= {0xa4,0x4a,0x82,0x66,0xee,0x1c,0x8e,0xb0,0xc8,0xb5,0xd4,0xcf,0x5a,0xe9,0xf1,0x9a};
 
+/* Test Case 19 */
+#define K19 K1
+#define P19 P1
+#define IV19 IV1
+#define C19 C1
+static const u8 A19[]= {0xd9,0x31,0x32,0x25,0xf8,0x84,0x06,0xe5,0xa5,0x59,0x09,0xc5,0xaf,0xf5,0x26,0x9a,
+                        0x86,0xa7,0xa9,0x53,0x15,0x34,0xf7,0xda,0x2e,0x4c,0x30,0x3d,0x8a,0x31,0x8a,0x72,
+                        0x1c,0x3c,0x0c,0x95,0x95,0x68,0x09,0x53,0x2f,0xcf,0x0e,0x24,0x49,0xa6,0xb5,0x25,
+                        0xb1,0x6a,0xed,0xf5,0xaa,0x0d,0xe6,0x57,0xba,0x63,0x7b,0x39,0x1a,0xaf,0xd2,0x55,
+                        0x52,0x2d,0xc1,0xf0,0x99,0x56,0x7d,0x07,0xf4,0x7f,0x37,0xa3,0x2a,0x84,0x42,0x7d,
+                        0x64,0x3a,0x8c,0xdc,0xbf,0xe5,0xc0,0xc9,0x75,0x98,0xa2,0xbd,0x25,0x55,0xd1,0xaa,
+                        0x8c,0xb0,0x8e,0x48,0x59,0x0d,0xbb,0x3d,0xa7,0xb0,0x8b,0x10,0x56,0x82,0x88,0x38,
+                        0xc5,0xf6,0x1e,0x63,0x93,0xba,0x7a,0x0a,0xbc,0xc9,0xf6,0x62,0x89,0x80,0x15,0xad},
+                T19[]= {0x5f,0xea,0x79,0x3a,0x2d,0x6f,0x97,0x4d,0x37,0xe6,0x8e,0x0c,0xb8,0xff,0x94,0x92};
+
+/* Test Case 20 */
+#define K20 K1
+#define A20 A1
+static const u8 IV20[64]={0xff,0xff,0xff,0xff}, /* this results in 0xff in counter LSB */
+                P20[288],
+                C20[]= {0x56,0xb3,0x37,0x3c,0xa9,0xef,0x6e,0x4a,0x2b,0x64,0xfe,0x1e,0x9a,0x17,0xb6,0x14,
+                        0x25,0xf1,0x0d,0x47,0xa7,0x5a,0x5f,0xce,0x13,0xef,0xc6,0xbc,0x78,0x4a,0xf2,0x4f,
+                        0x41,0x41,0xbd,0xd4,0x8c,0xf7,0xc7,0x70,0x88,0x7a,0xfd,0x57,0x3c,0xca,0x54,0x18,
+                        0xa9,0xae,0xff,0xcd,0x7c,0x5c,0xed,0xdf,0xc6,0xa7,0x83,0x97,0xb9,0xa8,0x5b,0x49,
+                        0x9d,0xa5,0x58,0x25,0x72,0x67,0xca,0xab,0x2a,0xd0,0xb2,0x3c,0xa4,0x76,0xa5,0x3c,
+                        0xb1,0x7f,0xb4,0x1c,0x4b,0x8b,0x47,0x5c,0xb4,0xf3,0xf7,0x16,0x50,0x94,0xc2,0x29,
+                        0xc9,0xe8,0xc4,0xdc,0x0a,0x2a,0x5f,0xf1,0x90,0x3e,0x50,0x15,0x11,0x22,0x13,0x76,
+                        0xa1,0xcd,0xb8,0x36,0x4c,0x50,0x61,0xa2,0x0c,0xae,0x74,0xbc,0x4a,0xcd,0x76,0xce,
+                        0xb0,0xab,0xc9,0xfd,0x32,0x17,0xef,0x9f,0x8c,0x90,0xbe,0x40,0x2d,0xdf,0x6d,0x86,
+                        0x97,0xf4,0xf8,0x80,0xdf,0xf1,0x5b,0xfb,0x7a,0x6b,0x28,0x24,0x1e,0xc8,0xfe,0x18,
+                        0x3c,0x2d,0x59,0xe3,0xf9,0xdf,0xff,0x65,0x3c,0x71,0x26,0xf0,0xac,0xb9,0xe6,0x42,
+                        0x11,0xf4,0x2b,0xae,0x12,0xaf,0x46,0x2b,0x10,0x70,0xbe,0xf1,0xab,0x5e,0x36,0x06,
+                        0x87,0x2c,0xa1,0x0d,0xee,0x15,0xb3,0x24,0x9b,0x1a,0x1b,0x95,0x8f,0x23,0x13,0x4c,
+                        0x4b,0xcc,0xb7,0xd0,0x32,0x00,0xbc,0xe4,0x20,0xa2,0xf8,0xeb,0x66,0xdc,0xf3,0x64,
+                        0x4d,0x14,0x23,0xc1,0xb5,0x69,0x90,0x03,0xc1,0x3e,0xce,0xf4,0xbf,0x38,0xa3,0xb6,
+                        0x0e,0xed,0xc3,0x40,0x33,0xba,0xc1,0x90,0x27,0x83,0xdc,0x6d,0x89,0xe2,0xe7,0x74,
+                        0x18,0x8a,0x43,0x9c,0x7e,0xbc,0xc0,0x67,0x2d,0xbd,0xa4,0xdd,0xcf,0xb2,0x79,0x46,
+                        0x13,0xb0,0xbe,0x41,0x31,0x5e,0xf7,0x78,0x70,0x8a,0x70,0xee,0x7d,0x75,0x16,0x5c},
+                T20[]= {0x8b,0x30,0x7f,0x6b,0x33,0x28,0x6d,0x0a,0xb0,0x26,0xa9,0xed,0x3f,0xe1,0xe8,0x5f};
+
 #define TEST_CASE(n)    do {                                    \
         u8 out[sizeof(P##n)];                                   \
         AES_set_encrypt_key(K##n,sizeof(K##n)*8,&key);          \
@@ -1713,6 +1854,8 @@ int main()
         TEST_CASE(16);
         TEST_CASE(17);
         TEST_CASE(18);
+        TEST_CASE(19);
+        TEST_CASE(20);
 
 #ifdef OPENSSL_CPUID_OBJ
         {
@@ -1743,11 +1886,16 @@ int main()
                         ctr_t/(double)sizeof(buf),
                         (gcm_t-ctr_t)/(double)sizeof(buf));
 #ifdef GHASH
-        GHASH(&ctx,buf.c,sizeof(buf));
+        {
+        void (*gcm_ghash_p)(u64 Xi[2],const u128 Htable[16],
+                                const u8 *inp,size_t len)       = ctx.ghash;
+
+        GHASH((&ctx),buf.c,sizeof(buf));
         start = OPENSSL_rdtsc();
-        for (i=0;i<100;++i) GHASH(&ctx,buf.c,sizeof(buf));
+        for (i=0;i<100;++i) GHASH((&ctx),buf.c,sizeof(buf));
         gcm_t = OPENSSL_rdtsc() - start;
         printf("%.2f\n",gcm_t/(double)sizeof(buf)/(double)i);
+        }
 #endif
         }
 #endif
diff --git a/src/lib/libssl/src/crypto/modes/modes_lcl.h b/src/lib/libssl/src/crypto/modes/modes_lcl.h
index b6dc3c336f..9d83e12844 100644
--- a/src/lib/libssl/src/crypto/modes/modes_lcl.h
+++ b/src/lib/libssl/src/crypto/modes/modes_lcl.h
@@ -29,10 +29,7 @@ typedef unsigned char u8;
 #if defined(__i386)     || defined(__i386__)    || \
     defined(__x86_64)   || defined(__x86_64__)  || \
     defined(_M_IX86)    || defined(_M_AMD64)    || defined(_M_X64) || \
-    defined(__s390__)   || defined(__s390x__)   || \
-    ( (defined(__arm__) || defined(__arm)) && \
-      (defined(__ARM_ARCH_7__)  || defined(__ARM_ARCH_7A__) || \
-       defined(__ARM_ARCH_7R__) || defined(__ARM_ARCH_7M__)) )
+    defined(__s390__)   || defined(__s390x__)
 # undef STRICT_ALIGNMENT
 #endif
 
@@ -101,8 +98,8 @@ typedef struct { u64 hi,lo; } u128;
 
 struct gcm128_context {
         /* Following 6 names follow names in GCM specification */
-        union { u64 u[2]; u32 d[4]; u8 c[16]; } Yi,EKi,EK0,len,
-                                                Xi,H;
+        union { u64 u[2]; u32 d[4]; u8 c[16]; size_t t[16/sizeof(size_t)]; }
+          Yi,EKi,EK0,len,Xi,H;
         /* Relative position of Xi, H and pre-computed Htable is used
          * in some assembler modules, i.e. don't change the order! */
 #if TABLE_BITS==8
diff --git a/src/lib/libssl/src/crypto/pariscid.pl b/src/lib/libssl/src/crypto/pariscid.pl
index 477ec9b87d..bfc56fdc7f 100644
--- a/src/lib/libssl/src/crypto/pariscid.pl
+++ b/src/lib/libssl/src/crypto/pariscid.pl
@@ -97,33 +97,33 @@ OPENSSL_cleanse
         .PROC
         .CALLINFO       NO_CALLS
         .ENTRY
-        cmpib,*=        0,$len,Ldone
+        cmpib,*=        0,$len,L\$done
         nop
-        cmpib,*>>=      15,$len,Little
+        cmpib,*>>=      15,$len,L\$ittle
         ldi             $SIZE_T-1,%r1
 
-Lalign
+L\$align
         and,*<>         $inp,%r1,%r28
-        b,n             Laligned
+        b,n             L\$aligned
         stb             %r0,0($inp)
         ldo             -1($len),$len
-        b               Lalign
+        b               L\$align
         ldo             1($inp),$inp
 
-Laligned
+L\$aligned
         andcm           $len,%r1,%r28
-Lot
+L\$ot
         $ST             %r0,0($inp)
-        addib,*<>       -$SIZE_T,%r28,Lot
+        addib,*<>       -$SIZE_T,%r28,L\$ot
         ldo             $SIZE_T($inp),$inp
 
         and,*<>         $len,%r1,$len
-        b,n             Ldone
-Little
+        b,n             L\$done
+L\$ittle
         stb             %r0,0($inp)
-        addib,*<>       -1,$len,Little
+        addib,*<>       -1,$len,L\$ittle
         ldo             1($inp),$inp
-Ldone
+L\$done
         bv              ($rp)
         .EXIT
         nop
@@ -151,7 +151,7 @@ OPENSSL_instrument_bus
         ldw             0($out),$tick
         add             $diff,$tick,$tick
         stw             $tick,0($out)
-Loop
+L\$oop
         mfctl           %cr16,$tick
         sub             $tick,$lasttick,$diff
         copy            $tick,$lasttick
@@ -161,7 +161,7 @@ Loop
         add             $diff,$tick,$tick
         stw             $tick,0($out)
 
-        addib,<>        -1,$cnt,Loop
+        addib,<>        -1,$cnt,L\$oop
         addi            4,$out,$out
 
         bv              ($rp)
@@ -190,14 +190,14 @@ OPENSSL_instrument_bus2
         mfctl           %cr16,$tick
         sub             $tick,$lasttick,$diff
         copy            $tick,$lasttick
-Loop2
+L\$oop2
         copy            $diff,$lastdiff
         fdc             0($out)
         ldw             0($out),$tick
         add             $diff,$tick,$tick
         stw             $tick,0($out)
 
-        addib,=         -1,$max,Ldone2
+        addib,=         -1,$max,L\$done2
         nop
 
         mfctl           %cr16,$tick
@@ -208,17 +208,18 @@ Loop2
 
         ldi             1,%r1
         xor             %r1,$tick,$tick
-        addb,<>         $tick,$cnt,Loop2
+        addb,<>         $tick,$cnt,L\$oop2
         shladd,l        $tick,2,$out,$out
-Ldone2
+L\$done2
         bv              ($rp)
         .EXIT
         add             $rv,$cnt,$rv
         .PROCEND
 ___
 }
-$code =~ s/cmpib,\*/comib,/gm if ($SIZE_T==4);
-$code =~ s/,\*/,/gm if ($SIZE_T==4);
+$code =~ s/cmpib,\*/comib,/gm   if ($SIZE_T==4);
+$code =~ s/,\*/,/gm             if ($SIZE_T==4);
+$code =~ s/\bbv\b/bve/gm        if ($SIZE_T==8);
 print $code;
 close STDOUT;
 
diff --git a/src/lib/libssl/src/crypto/perlasm/x86masm.pl b/src/lib/libssl/src/crypto/perlasm/x86masm.pl
index 96b1b73e1a..f937d07c87 100644
--- a/src/lib/libssl/src/crypto/perlasm/x86masm.pl
+++ b/src/lib/libssl/src/crypto/perlasm/x86masm.pl
@@ -33,6 +33,7 @@ sub ::generic
 sub ::call      { &::emit("call",(&::islabel($_[0]) or "$nmdecor$_[0]")); }
 sub ::call_ptr  { &::emit("call",@_);   }
 sub ::jmp_ptr   { &::emit("jmp",@_);    }
+sub ::lock      { &::data_byte(0xf0);   }
 
 sub get_mem
 { my($size,$addr,$reg1,$reg2,$idx)=@_;
diff --git a/src/lib/libssl/src/crypto/pkcs7/bio_pk7.c b/src/lib/libssl/src/crypto/pkcs7/bio_pk7.c
index c8d06d6cdc..0fd31e730f 100644
--- a/src/lib/libssl/src/crypto/pkcs7/bio_pk7.c
+++ b/src/lib/libssl/src/crypto/pkcs7/bio_pk7.c
@@ -56,7 +56,7 @@
 #include <openssl/pkcs7.h>
 #include <openssl/bio.h>
 
-#ifndef OPENSSL_SYSNAME_NETWARE
+#if !defined(OPENSSL_SYSNAME_NETWARE) && !defined(OPENSSL_SYSNAME_VXWORKS)
 #include <memory.h>
 #endif
 #include <stdio.h>
diff --git a/src/lib/libssl/src/crypto/ppccap.c b/src/lib/libssl/src/crypto/ppccap.c
index ab89ccaa12..f71ba66aa3 100644
--- a/src/lib/libssl/src/crypto/ppccap.c
+++ b/src/lib/libssl/src/crypto/ppccap.c
@@ -3,6 +3,7 @@
 #include <string.h>
 #include <setjmp.h>
 #include <signal.h>
+#include <unistd.h>
 #include <crypto.h>
 #include <openssl/bn.h>
 
@@ -53,6 +54,7 @@ static sigjmp_buf ill_jmp;
 static void ill_handler (int sig) { siglongjmp(ill_jmp,sig); }
 
 void OPENSSL_ppc64_probe(void);
+void OPENSSL_altivec_probe(void);
 
 void OPENSSL_cpuid_setup(void)
         {
@@ -82,6 +84,15 @@ void OPENSSL_cpuid_setup(void)
 
         OPENSSL_ppccap_P = 0;
 
+#if defined(_AIX)
+        if (sizeof(size_t)==4
+# if defined(_SC_AIX_KERNEL_BITMODE)
+            && sysconf(_SC_AIX_KERNEL_BITMODE)!=64
+# endif
+           )
+                return;
+#endif
+
         memset(&ill_act,0,sizeof(ill_act));
         ill_act.sa_handler = ill_handler;
         ill_act.sa_mask    = all_masked;
diff --git a/src/lib/libssl/src/crypto/rc4/asm/rc4-md5-x86_64.pl b/src/lib/libssl/src/crypto/rc4/asm/rc4-md5-x86_64.pl
index 7f684092d4..272fa91e1a 100644
--- a/src/lib/libssl/src/crypto/rc4/asm/rc4-md5-x86_64.pl
+++ b/src/lib/libssl/src/crypto/rc4/asm/rc4-md5-x86_64.pl
@@ -51,7 +51,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; my $dir=$1; my $xlate;
 ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
 die "can't locate x86_64-xlate.pl";
 
-open STDOUT,"| $^X $xlate $flavour $output";
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
 
 my ($dat,$in0,$out,$ctx,$inp,$len, $func,$nargs);
 
diff --git a/src/lib/libssl/src/crypto/rc4/asm/rc4-parisc.pl b/src/lib/libssl/src/crypto/rc4/asm/rc4-parisc.pl
index 9165067080..ad7e65651c 100644
--- a/src/lib/libssl/src/crypto/rc4/asm/rc4-parisc.pl
+++ b/src/lib/libssl/src/crypto/rc4/asm/rc4-parisc.pl
@@ -307,7 +307,8 @@ L\$opts
         .STRINGZ "RC4 for PA-RISC, CRYPTOGAMS by <appro\@openssl.org>"
 ___
 $code =~ s/\`([^\`]*)\`/eval $1/gem;
-$code =~ s/cmpib,\*/comib,/gm if ($SIZE_T==4);
+$code =~ s/cmpib,\*/comib,/gm   if ($SIZE_T==4);
+$code =~ s/\bbv\b/bve/gm        if ($SIZE_T==8);
 
 print $code;
 close STDOUT;
diff --git a/src/lib/libssl/src/crypto/rc4/asm/rc4-x86_64.pl b/src/lib/libssl/src/crypto/rc4/asm/rc4-x86_64.pl
index d6eac205e9..75750dbf33 100755
--- a/src/lib/libssl/src/crypto/rc4/asm/rc4-x86_64.pl
+++ b/src/lib/libssl/src/crypto/rc4/asm/rc4-x86_64.pl
@@ -112,7 +112,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
 ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
 die "can't locate x86_64-xlate.pl";
 
-open STDOUT,"| $^X $xlate $flavour $output";
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
 
 $dat="%rdi";        # arg1
 $len="%rsi";        # arg2
diff --git a/src/lib/libssl/src/crypto/rc5/asm/rc5-586.pl b/src/lib/libssl/src/crypto/rc5/asm/rc5-586.pl
index edff1d1e64..61ac6effc6 100644
--- a/src/lib/libssl/src/crypto/rc5/asm/rc5-586.pl
+++ b/src/lib/libssl/src/crypto/rc5/asm/rc5-586.pl
@@ -1,6 +1,7 @@
 #!/usr/local/bin/perl
 
-push(@INC,"perlasm","../../perlasm");
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
 require "x86asm.pl";
 require "cbc.pl";
 
diff --git a/src/lib/libssl/src/crypto/rc5/rc5_ecb.c b/src/lib/libssl/src/crypto/rc5/rc5_ecb.c
new file mode 100644
index 0000000000..e72b535507
--- /dev/null
+++ b/src/lib/libssl/src/crypto/rc5/rc5_ecb.c
@@ -0,0 +1,80 @@
+/* crypto/rc5/rc5_ecb.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/rc5.h>
+#include "rc5_locl.h"
+#include <openssl/opensslv.h>
+
+const char RC5_version[]="RC5" OPENSSL_VERSION_PTEXT;
+
+void RC5_32_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                        RC5_32_KEY *ks, int encrypt)
+        {
+        unsigned long l,d[2];
+
+        c2l(in,l); d[0]=l;
+        c2l(in,l); d[1]=l;
+        if (encrypt)
+                RC5_32_encrypt(d,ks);
+        else
+                RC5_32_decrypt(d,ks);
+        l=d[0]; l2c(l,out);
+        l=d[1]; l2c(l,out);
+        l=d[0]=d[1]=0;
+        }
+
diff --git a/src/lib/libssl/src/crypto/rc5/rc5_enc.c b/src/lib/libssl/src/crypto/rc5/rc5_enc.c
new file mode 100644
index 0000000000..f327d32a76
--- /dev/null
+++ b/src/lib/libssl/src/crypto/rc5/rc5_enc.c
@@ -0,0 +1,215 @@
+/* crypto/rc5/rc5_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/rc5.h>
+#include "rc5_locl.h"
+
+void RC5_32_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                        long length, RC5_32_KEY *ks, unsigned char *iv,
+                        int encrypt)
+        {
+        register unsigned long tin0,tin1;
+        register unsigned long tout0,tout1,xor0,xor1;
+        register long l=length;
+        unsigned long tin[2];
+
+        if (encrypt)
+                {
+                c2l(iv,tout0);
+                c2l(iv,tout1);
+                iv-=8;
+                for (l-=8; l>=0; l-=8)
+                        {
+                        c2l(in,tin0);
+                        c2l(in,tin1);
+                        tin0^=tout0;
+                        tin1^=tout1;
+                        tin[0]=tin0;
+                        tin[1]=tin1;
+                        RC5_32_encrypt(tin,ks);
+                        tout0=tin[0]; l2c(tout0,out);
+                        tout1=tin[1]; l2c(tout1,out);
+                        }
+                if (l != -8)
+                        {
+                        c2ln(in,tin0,tin1,l+8);
+                        tin0^=tout0;
+                        tin1^=tout1;
+                        tin[0]=tin0;
+                        tin[1]=tin1;
+                        RC5_32_encrypt(tin,ks);
+                        tout0=tin[0]; l2c(tout0,out);
+                        tout1=tin[1]; l2c(tout1,out);
+                        }
+                l2c(tout0,iv);
+                l2c(tout1,iv);
+                }
+        else
+                {
+                c2l(iv,xor0);
+                c2l(iv,xor1);
+                iv-=8;
+                for (l-=8; l>=0; l-=8)
+                        {
+                        c2l(in,tin0); tin[0]=tin0;
+                        c2l(in,tin1); tin[1]=tin1;
+                        RC5_32_decrypt(tin,ks);
+                        tout0=tin[0]^xor0;
+                        tout1=tin[1]^xor1;
+                        l2c(tout0,out);
+                        l2c(tout1,out);
+                        xor0=tin0;
+                        xor1=tin1;
+                        }
+                if (l != -8)
+                        {
+                        c2l(in,tin0); tin[0]=tin0;
+                        c2l(in,tin1); tin[1]=tin1;
+                        RC5_32_decrypt(tin,ks);
+                        tout0=tin[0]^xor0;
+                        tout1=tin[1]^xor1;
+                        l2cn(tout0,tout1,out,l+8);
+                        xor0=tin0;
+                        xor1=tin1;
+                        }
+                l2c(xor0,iv);
+                l2c(xor1,iv);
+                }
+        tin0=tin1=tout0=tout1=xor0=xor1=0;
+        tin[0]=tin[1]=0;
+        }
+
+void RC5_32_encrypt(unsigned long *d, RC5_32_KEY *key)
+        {
+        RC5_32_INT a,b,*s;
+
+        s=key->data;
+
+        a=d[0]+s[0];
+        b=d[1]+s[1];
+        E_RC5_32(a,b,s, 2);
+        E_RC5_32(a,b,s, 4);
+        E_RC5_32(a,b,s, 6);
+        E_RC5_32(a,b,s, 8);
+        E_RC5_32(a,b,s,10);
+        E_RC5_32(a,b,s,12);
+        E_RC5_32(a,b,s,14);
+        E_RC5_32(a,b,s,16);
+        if (key->rounds == 12)
+                {
+                E_RC5_32(a,b,s,18);
+                E_RC5_32(a,b,s,20);
+                E_RC5_32(a,b,s,22);
+                E_RC5_32(a,b,s,24);
+                }
+        else if (key->rounds == 16)
+                {
+                /* Do a full expansion to avoid a jump */
+                E_RC5_32(a,b,s,18);
+                E_RC5_32(a,b,s,20);
+                E_RC5_32(a,b,s,22);
+                E_RC5_32(a,b,s,24);
+                E_RC5_32(a,b,s,26);
+                E_RC5_32(a,b,s,28);
+                E_RC5_32(a,b,s,30);
+                E_RC5_32(a,b,s,32);
+                }
+        d[0]=a;
+        d[1]=b;
+        }
+
+void RC5_32_decrypt(unsigned long *d, RC5_32_KEY *key)
+        {
+        RC5_32_INT a,b,*s;
+
+        s=key->data;
+
+        a=d[0];
+        b=d[1];
+        if (key->rounds == 16) 
+                {
+                D_RC5_32(a,b,s,32);
+                D_RC5_32(a,b,s,30);
+                D_RC5_32(a,b,s,28);
+                D_RC5_32(a,b,s,26);
+                /* Do a full expansion to avoid a jump */
+                D_RC5_32(a,b,s,24);
+                D_RC5_32(a,b,s,22);
+                D_RC5_32(a,b,s,20);
+                D_RC5_32(a,b,s,18);
+                }
+        else if (key->rounds == 12)
+                {
+                D_RC5_32(a,b,s,24);
+                D_RC5_32(a,b,s,22);
+                D_RC5_32(a,b,s,20);
+                D_RC5_32(a,b,s,18);
+                }
+        D_RC5_32(a,b,s,16);
+        D_RC5_32(a,b,s,14);
+        D_RC5_32(a,b,s,12);
+        D_RC5_32(a,b,s,10);
+        D_RC5_32(a,b,s, 8);
+        D_RC5_32(a,b,s, 6);
+        D_RC5_32(a,b,s, 4);
+        D_RC5_32(a,b,s, 2);
+        d[0]=a-s[0];
+        d[1]=b-s[1];
+        }
+
diff --git a/src/lib/libssl/src/crypto/rc5/rc5_skey.c b/src/lib/libssl/src/crypto/rc5/rc5_skey.c
new file mode 100644
index 0000000000..a2e00a41c5
--- /dev/null
+++ b/src/lib/libssl/src/crypto/rc5/rc5_skey.c
@@ -0,0 +1,113 @@
+/* crypto/rc5/rc5_skey.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/rc5.h>
+#include "rc5_locl.h"
+
+void RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data,
+                    int rounds)
+        {
+        RC5_32_INT L[64],l,ll,A,B,*S,k;
+        int i,j,m,c,t,ii,jj;
+
+        if (    (rounds != RC5_16_ROUNDS) &&
+                (rounds != RC5_12_ROUNDS) &&
+                (rounds != RC5_8_ROUNDS))
+                rounds=RC5_16_ROUNDS;
+
+        key->rounds=rounds;
+        S= &(key->data[0]);
+        j=0;
+        for (i=0; i<=(len-8); i+=8)
+                {
+                c2l(data,l);
+                L[j++]=l;
+                c2l(data,l);
+                L[j++]=l;
+                }
+        ii=len-i;
+        if (ii)
+                {
+                k=len&0x07;
+                c2ln(data,l,ll,k);
+                L[j+0]=l;
+                L[j+1]=ll;
+                }
+
+        c=(len+3)/4;
+        t=(rounds+1)*2;
+        S[0]=RC5_32_P;
+        for (i=1; i<t; i++)
+                S[i]=(S[i-1]+RC5_32_Q)&RC5_32_MASK;
+
+        j=(t>c)?t:c;
+        j*=3;
+        ii=jj=0;
+        A=B=0;
+        for (i=0; i<j; i++)
+                {
+                k=(S[ii]+A+B)&RC5_32_MASK;
+                A=S[ii]=ROTATE_l32(k,3);
+                m=(int)(A+B);
+                k=(L[jj]+A+B)&RC5_32_MASK;
+                B=L[jj]=ROTATE_l32(k,m);
+                if (++ii >= t) ii=0;
+                if (++jj >= c) jj=0;
+                }
+        }
+
diff --git a/src/lib/libssl/src/crypto/rc5/rc5cfb64.c b/src/lib/libssl/src/crypto/rc5/rc5cfb64.c
new file mode 100644
index 0000000000..3a8b60bc7a
--- /dev/null
+++ b/src/lib/libssl/src/crypto/rc5/rc5cfb64.c
@@ -0,0 +1,122 @@
+/* crypto/rc5/rc5cfb64.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/rc5.h>
+#include "rc5_locl.h"
+
+/* The input and output encrypted as though 64bit cfb mode is being
+ * used.  The extra state information to record how much of the
+ * 64bit block we have used is contained in *num;
+ */
+
+void RC5_32_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                          long length, RC5_32_KEY *schedule,
+                          unsigned char *ivec, int *num, int encrypt)
+        {
+        register unsigned long v0,v1,t;
+        register int n= *num;
+        register long l=length;
+        unsigned long ti[2];
+        unsigned char *iv,c,cc;
+
+        iv=(unsigned char *)ivec;
+        if (encrypt)
+                {
+                while (l--)
+                        {
+                        if (n == 0)
+                                {
+                                c2l(iv,v0); ti[0]=v0;
+                                c2l(iv,v1); ti[1]=v1;
+                                RC5_32_encrypt((unsigned long *)ti,schedule);
+                                iv=(unsigned char *)ivec;
+                                t=ti[0]; l2c(t,iv);
+                                t=ti[1]; l2c(t,iv);
+                                iv=(unsigned char *)ivec;
+                                }
+                        c= *(in++)^iv[n];
+                        *(out++)=c;
+                        iv[n]=c;
+                        n=(n+1)&0x07;
+                        }
+                }
+        else
+                {
+                while (l--)
+                        {
+                        if (n == 0)
+                                {
+                                c2l(iv,v0); ti[0]=v0;
+                                c2l(iv,v1); ti[1]=v1;
+                                RC5_32_encrypt((unsigned long *)ti,schedule);
+                                iv=(unsigned char *)ivec;
+                                t=ti[0]; l2c(t,iv);
+                                t=ti[1]; l2c(t,iv);
+                                iv=(unsigned char *)ivec;
+                                }
+                        cc= *(in++);
+                        c=iv[n];
+                        iv[n]=cc;
+                        *(out++)=c^cc;
+                        n=(n+1)&0x07;
+                        }
+                }
+        v0=v1=ti[0]=ti[1]=t=c=cc=0;
+        *num=n;
+        }
+
diff --git a/src/lib/libssl/src/crypto/rc5/rc5ofb64.c b/src/lib/libssl/src/crypto/rc5/rc5ofb64.c
new file mode 100644
index 0000000000..d412215f3c
--- /dev/null
+++ b/src/lib/libssl/src/crypto/rc5/rc5ofb64.c
@@ -0,0 +1,111 @@
+/* crypto/rc5/rc5ofb64.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/rc5.h>
+#include "rc5_locl.h"
+
+/* The input and output encrypted as though 64bit ofb mode is being
+ * used.  The extra state information to record how much of the
+ * 64bit block we have used is contained in *num;
+ */
+void RC5_32_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                          long length, RC5_32_KEY *schedule,
+                          unsigned char *ivec, int *num)
+        {
+        register unsigned long v0,v1,t;
+        register int n= *num;
+        register long l=length;
+        unsigned char d[8];
+        register char *dp;
+        unsigned long ti[2];
+        unsigned char *iv;
+        int save=0;
+
+        iv=(unsigned char *)ivec;
+        c2l(iv,v0);
+        c2l(iv,v1);
+        ti[0]=v0;
+        ti[1]=v1;
+        dp=(char *)d;
+        l2c(v0,dp);
+        l2c(v1,dp);
+        while (l--)
+                {
+                if (n == 0)
+                        {
+                        RC5_32_encrypt((unsigned long *)ti,schedule);
+                        dp=(char *)d;
+                        t=ti[0]; l2c(t,dp);
+                        t=ti[1]; l2c(t,dp);
+                        save++;
+                        }
+                *(out++)= *(in++)^d[n];
+                n=(n+1)&0x07;
+                }
+        if (save)
+                {
+                v0=ti[0];
+                v1=ti[1];
+                iv=(unsigned char *)ivec;
+                l2c(v0,iv);
+                l2c(v1,iv);
+                }
+        t=v0=v1=ti[0]=ti[1]=0;
+        *num=n;
+        }
+
diff --git a/src/lib/libssl/src/crypto/rc5/rc5speed.c b/src/lib/libssl/src/crypto/rc5/rc5speed.c
new file mode 100644
index 0000000000..8e363be535
--- /dev/null
+++ b/src/lib/libssl/src/crypto/rc5/rc5speed.c
@@ -0,0 +1,277 @@
+/* crypto/rc5/rc5speed.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
+/* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
+
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
+#define TIMES
+#endif
+
+#include <stdio.h>
+
+#include <openssl/e_os2.h>
+#include OPENSSL_UNISTD_IO
+OPENSSL_DECLARE_EXIT
+
+#ifndef OPENSSL_SYS_NETWARE
+#include <signal.h>
+#endif
+
+#ifndef _IRIX
+#include <time.h>
+#endif
+#ifdef TIMES
+#include <sys/types.h>
+#include <sys/times.h>
+#endif
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.                           -- Richard Levitte */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+#undef TIMES
+#endif
+
+#ifndef TIMES
+#include <sys/timeb.h>
+#endif
+
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
+#include <limits.h>
+#include <sys/param.h>
+#endif
+
+#include <openssl/rc5.h>
+
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+#ifndef CLK_TCK
+#define HZ      100.0
+#else /* CLK_TCK */
+#define HZ ((double)CLK_TCK)
+#endif
+#endif
+
+#define BUFSIZE ((long)1024)
+long run=0;
+
+double Time_F(int s);
+#ifdef SIGALRM
+#if defined(__STDC__) || defined(sgi) || defined(_AIX)
+#define SIGRETTYPE void
+#else
+#define SIGRETTYPE int
+#endif
+
+SIGRETTYPE sig_done(int sig);
+SIGRETTYPE sig_done(int sig)
+        {
+        signal(SIGALRM,sig_done);
+        run=0;
+#ifdef LINT
+        sig=sig;
+#endif
+        }
+#endif
+
+#define START   0
+#define STOP    1
+
+double Time_F(int s)
+        {
+        double ret;
+#ifdef TIMES
+        static struct tms tstart,tend;
+
+        if (s == START)
+                {
+                times(&tstart);
+                return(0);
+                }
+        else
+                {
+                times(&tend);
+                ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#else /* !times() */
+        static struct timeb tstart,tend;
+        long i;
+
+        if (s == START)
+                {
+                ftime(&tstart);
+                return(0);
+                }
+        else
+                {
+                ftime(&tend);
+                i=(long)tend.millitm-(long)tstart.millitm;
+                ret=((double)(tend.time-tstart.time))+((double)i)/1e3;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#endif
+        }
+
+int main(int argc, char **argv)
+        {
+        long count;
+        static unsigned char buf[BUFSIZE];
+        static unsigned char key[] ={
+                        0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
+                        0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10,
+                        };
+        RC5_32_KEY sch;
+        double a,b,c,d;
+#ifndef SIGALRM
+        long ca,cb,cc;
+#endif
+
+#ifndef TIMES
+        printf("To get the most accurate results, try to run this\n");
+        printf("program when this computer is idle.\n");
+#endif
+
+#ifndef SIGALRM
+        printf("First we calculate the approximate speed ...\n");
+        RC5_32_set_key(&sch,16,key,12);
+        count=10;
+        do      {
+                long i;
+                unsigned long data[2];
+
+                count*=2;
+                Time_F(START);
+                for (i=count; i; i--)
+                        RC5_32_encrypt(data,&sch);
+                d=Time_F(STOP);
+                } while (d < 3.0);
+        ca=count/512;
+        cb=count;
+        cc=count*8/BUFSIZE+1;
+        printf("Doing RC5_32_set_key %ld times\n",ca);
+#define COND(d) (count != (d))
+#define COUNT(d) (d)
+#else
+#define COND(c) (run)
+#define COUNT(d) (count)
+        signal(SIGALRM,sig_done);
+        printf("Doing RC5_32_set_key for 10 seconds\n");
+        alarm(10);
+#endif
+
+        Time_F(START);
+        for (count=0,run=1; COND(ca); count+=4)
+                {
+                RC5_32_set_key(&sch,16,key,12);
+                RC5_32_set_key(&sch,16,key,12);
+                RC5_32_set_key(&sch,16,key,12);
+                RC5_32_set_key(&sch,16,key,12);
+                }
+        d=Time_F(STOP);
+        printf("%ld RC5_32_set_key's in %.2f seconds\n",count,d);
+        a=((double)COUNT(ca))/d;
+
+#ifdef SIGALRM
+        printf("Doing RC5_32_encrypt's for 10 seconds\n");
+        alarm(10);
+#else
+        printf("Doing RC5_32_encrypt %ld times\n",cb);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(cb); count+=4)
+                {
+                unsigned long data[2];
+
+                RC5_32_encrypt(data,&sch);
+                RC5_32_encrypt(data,&sch);
+                RC5_32_encrypt(data,&sch);
+                RC5_32_encrypt(data,&sch);
+                }
+        d=Time_F(STOP);
+        printf("%ld RC5_32_encrypt's in %.2f second\n",count,d);
+        b=((double)COUNT(cb)*8)/d;
+
+#ifdef SIGALRM
+        printf("Doing RC5_32_cbc_encrypt on %ld byte blocks for 10 seconds\n",
+                BUFSIZE);
+        alarm(10);
+#else
+        printf("Doing RC5_32_cbc_encrypt %ld times on %ld byte blocks\n",cc,
+                BUFSIZE);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(cc); count++)
+                RC5_32_cbc_encrypt(buf,buf,BUFSIZE,&sch,
+                        &(key[0]),RC5_ENCRYPT);
+        d=Time_F(STOP);
+        printf("%ld RC5_32_cbc_encrypt's of %ld byte blocks in %.2f second\n",
+                count,BUFSIZE,d);
+        c=((double)COUNT(cc)*BUFSIZE)/d;
+
+        printf("RC5_32/12/16 set_key       per sec = %12.2f (%9.3fuS)\n",a,1.0e6/a);
+        printf("RC5_32/12/16 raw ecb bytes per sec = %12.2f (%9.3fuS)\n",b,8.0e6/b);
+        printf("RC5_32/12/16 cbc     bytes per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c);
+        exit(0);
+#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
+        return(0);
+#endif
+        }
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_ameth.c b/src/lib/libssl/src/crypto/rsa/rsa_ameth.c
index 2460910ab2..5a2062f903 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_ameth.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_ameth.c
@@ -351,27 +351,27 @@ static int rsa_pss_param_print(BIO *bp, RSA_PSS_PARAMS *pss,
 
         if (!BIO_indent(bp, indent, 128))
                 goto err;
-        if (BIO_puts(bp, "Salt Length: ") <= 0)
+        if (BIO_puts(bp, "Salt Length: 0x") <= 0)
                         goto err;
         if (pss->saltLength)
                 {
                 if (i2a_ASN1_INTEGER(bp, pss->saltLength) <= 0)
                         goto err;
                 }
-        else if (BIO_puts(bp, "20 (default)") <= 0)
+        else if (BIO_puts(bp, "0x14 (default)") <= 0)
                 goto err;
         BIO_puts(bp, "\n");
 
         if (!BIO_indent(bp, indent, 128))
                 goto err;
-        if (BIO_puts(bp, "Trailer Field: ") <= 0)
+        if (BIO_puts(bp, "Trailer Field: 0x") <= 0)
                         goto err;
         if (pss->trailerField)
                 {
                 if (i2a_ASN1_INTEGER(bp, pss->trailerField) <= 0)
                         goto err;
                 }
-        else if (BIO_puts(bp, "0xbc (default)") <= 0)
+        else if (BIO_puts(bp, "BC (default)") <= 0)
                 goto err;
         BIO_puts(bp, "\n");
         
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_pmeth.c b/src/lib/libssl/src/crypto/rsa/rsa_pmeth.c
index 5b2ecf56ad..157aa5c41d 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_pmeth.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_pmeth.c
@@ -611,6 +611,8 @@ static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx,
                         pm = RSA_NO_PADDING;
                 else if (!strcmp(value, "oeap"))
                         pm = RSA_PKCS1_OAEP_PADDING;
+                else if (!strcmp(value, "oaep"))
+                        pm = RSA_PKCS1_OAEP_PADDING;
                 else if (!strcmp(value, "x931"))
                         pm = RSA_X931_PADDING;
                 else if (!strcmp(value, "pss"))
diff --git a/src/lib/libssl/src/crypto/sha/asm/sha1-armv4-large.pl b/src/lib/libssl/src/crypto/sha/asm/sha1-armv4-large.pl
index fe8207f77f..33da3e0e3c 100644
--- a/src/lib/libssl/src/crypto/sha/asm/sha1-armv4-large.pl
+++ b/src/lib/libssl/src/crypto/sha/asm/sha1-armv4-large.pl
@@ -177,6 +177,7 @@ for($i=0;$i<5;$i++) {
 $code.=<<___;
         teq     $Xi,sp
         bne     .L_00_15                @ [((11+4)*5+2)*3]
+        sub     sp,sp,#25*4
 ___
         &BODY_00_15(@V);        unshift(@V,pop(@V));
         &BODY_16_19(@V);        unshift(@V,pop(@V));
@@ -186,7 +187,6 @@ ___
 $code.=<<___;
 
         ldr     $K,.LK_20_39            @ [+15+16*4]
-        sub     sp,sp,#25*4
         cmn     sp,#0                   @ [+3], clear carry to denote 20_39
 .L_20_39_or_60_79:
 ___
diff --git a/src/lib/libssl/src/crypto/sha/asm/sha1-parisc.pl b/src/lib/libssl/src/crypto/sha/asm/sha1-parisc.pl
index 6d7bf495b2..6e5a328a6f 100644
--- a/src/lib/libssl/src/crypto/sha/asm/sha1-parisc.pl
+++ b/src/lib/libssl/src/crypto/sha/asm/sha1-parisc.pl
@@ -254,6 +254,7 @@ $code.=<<___;
 ___
 
 $code =~ s/\`([^\`]*)\`/eval $1/gem;
-$code =~ s/,\*/,/gm if ($SIZE_T==4);
+$code =~ s/,\*/,/gm             if ($SIZE_T==4);
+$code =~ s/\bbv\b/bve/gm        if ($SIZE_T==8);
 print $code;
 close STDOUT;
diff --git a/src/lib/libssl/src/crypto/sha/asm/sha1-sparcv9a.pl b/src/lib/libssl/src/crypto/sha/asm/sha1-sparcv9a.pl
index 85e8d68086..e65291bbd9 100644
--- a/src/lib/libssl/src/crypto/sha/asm/sha1-sparcv9a.pl
+++ b/src/lib/libssl/src/crypto/sha/asm/sha1-sparcv9a.pl
@@ -549,7 +549,7 @@ ___
 # programmer detect if current CPU is VIS capable at run-time.
 sub unvis {
 my ($mnemonic,$rs1,$rs2,$rd)=@_;
-my $ref,$opf;
+my ($ref,$opf);
 my %visopf = (  "fmul8ulx16"    => 0x037,
                 "faligndata"    => 0x048,
                 "fpadd32"       => 0x052,
diff --git a/src/lib/libssl/src/crypto/sha/asm/sha1-x86_64.pl b/src/lib/libssl/src/crypto/sha/asm/sha1-x86_64.pl
index f27c1e3fb0..f15c7ec39b 100755
--- a/src/lib/libssl/src/crypto/sha/asm/sha1-x86_64.pl
+++ b/src/lib/libssl/src/crypto/sha/asm/sha1-x86_64.pl
@@ -82,7 +82,8 @@ $avx=1 if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
            `ml64 2>&1` =~ /Version ([0-9]+)\./ &&
            $1>=10);
 
-open STDOUT,"| $^X $xlate $flavour $output";
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
 
 $ctx="%rdi";    # 1st arg
 $inp="%rsi";    # 2nd arg
@@ -744,7 +745,7 @@ $code.=<<___;
         mov     %rdi,$ctx       # reassigned argument
         mov     %rsi,$inp       # reassigned argument
         mov     %rdx,$num       # reassigned argument
-        vzeroall
+        vzeroupper
 
         shl     \$6,$num
         add     $inp,$num
@@ -1037,7 +1038,7 @@ ___
         &Xtail_avx(\&body_20_39);
 
 $code.=<<___;
-        vzeroall
+        vzeroupper
 
         add     0($ctx),$A                      # update context
         add     4($ctx),@T[0]
diff --git a/src/lib/libssl/src/crypto/sha/asm/sha512-586.pl b/src/lib/libssl/src/crypto/sha/asm/sha512-586.pl
index 5b9f3337ad..7eab6a5b88 100644
--- a/src/lib/libssl/src/crypto/sha/asm/sha512-586.pl
+++ b/src/lib/libssl/src/crypto/sha/asm/sha512-586.pl
@@ -142,9 +142,9 @@ sub BODY_00_15_x86 {
         &mov    ("edx",$Ehi);
         &mov    ("esi","ecx");
 
-        &shr    ("ecx",9)       # lo>>9
+        &shr    ("ecx",9);      # lo>>9
         &mov    ("edi","edx");
-        &shr    ("edx",9)       # hi>>9
+        &shr    ("edx",9);      # hi>>9
         &mov    ("ebx","ecx");
         &shl    ("esi",14);     # lo<<14
         &mov    ("eax","edx");
@@ -207,9 +207,9 @@ sub BODY_00_15_x86 {
         &mov    ($Dhi,"ebx");
         &mov    ("esi","ecx");
 
-        &shr    ("ecx",2)       # lo>>2
+        &shr    ("ecx",2);      # lo>>2
         &mov    ("edi","edx");
-        &shr    ("edx",2)       # hi>>2
+        &shr    ("edx",2);      # hi>>2
         &mov    ("ebx","ecx");
         &shl    ("esi",4);      # lo<<4
         &mov    ("eax","edx");
@@ -452,9 +452,9 @@ if ($sse2) {
         &mov    ("edx",&DWP(8*(9+15+16-1)+4,"esp"));
         &mov    ("esi","ecx");
 
-        &shr    ("ecx",1)       # lo>>1
+        &shr    ("ecx",1);      # lo>>1
         &mov    ("edi","edx");
-        &shr    ("edx",1)       # hi>>1
+        &shr    ("edx",1);      # hi>>1
         &mov    ("eax","ecx");
         &shl    ("esi",24);     # lo<<24
         &mov    ("ebx","edx");
@@ -488,9 +488,9 @@ if ($sse2) {
         &mov    ("edx",&DWP(8*(9+15+16-14)+4,"esp"));
         &mov    ("esi","ecx");
 
-        &shr    ("ecx",6)       # lo>>6
+        &shr    ("ecx",6);      # lo>>6
         &mov    ("edi","edx");
-        &shr    ("edx",6)       # hi>>6
+        &shr    ("edx",6);      # hi>>6
         &mov    ("eax","ecx");
         &shl    ("esi",3);      # lo<<3
         &mov    ("ebx","edx");
diff --git a/src/lib/libssl/src/crypto/sha/asm/sha512-mips.pl b/src/lib/libssl/src/crypto/sha/asm/sha512-mips.pl
index ba5b250890..ffa053bb7d 100644
--- a/src/lib/libssl/src/crypto/sha/asm/sha512-mips.pl
+++ b/src/lib/libssl/src/crypto/sha/asm/sha512-mips.pl
@@ -351,7 +351,7 @@ $code.=<<___;
         $ST     $G,6*$SZ($ctx)
         $ST     $H,7*$SZ($ctx)
 
-        bnel    $inp,@X[15],.Loop
+        bne     $inp,@X[15],.Loop
         $PTR_SUB $Ktbl,`($rounds-16)*$SZ`       # rewind $Ktbl
 
         $REG_L  $ra,$FRAMESIZE-1*$SZREG($sp)
diff --git a/src/lib/libssl/src/crypto/sha/asm/sha512-parisc.pl b/src/lib/libssl/src/crypto/sha/asm/sha512-parisc.pl
index e24ee58ae9..fc0e15b3c0 100755
--- a/src/lib/libssl/src/crypto/sha/asm/sha512-parisc.pl
+++ b/src/lib/libssl/src/crypto/sha/asm/sha512-parisc.pl
@@ -785,6 +785,8 @@ foreach (split("\n",$code)) {
 
         s/cmpb,\*/comb,/ if ($SIZE_T==4);
 
+        s/\bbv\b/bve/    if ($SIZE_T==8);
+
         print $_,"\n";
 }
 
diff --git a/src/lib/libssl/src/crypto/sha/asm/sha512-x86_64.pl b/src/lib/libssl/src/crypto/sha/asm/sha512-x86_64.pl
index f611a2d898..8d51678557 100755
--- a/src/lib/libssl/src/crypto/sha/asm/sha512-x86_64.pl
+++ b/src/lib/libssl/src/crypto/sha/asm/sha512-x86_64.pl
@@ -51,7 +51,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
 ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
 die "can't locate x86_64-xlate.pl";
 
-open STDOUT,"| $^X $xlate $flavour $output";
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
 
 if ($output =~ /512/) {
         $func="sha512_block_data_order";
diff --git a/src/lib/libssl/src/crypto/sha/sha256.c b/src/lib/libssl/src/crypto/sha/sha256.c
index f88d3d6dad..4eae074849 100644
--- a/src/lib/libssl/src/crypto/sha/sha256.c
+++ b/src/lib/libssl/src/crypto/sha/sha256.c
@@ -88,17 +88,17 @@ int SHA224_Final (unsigned char *md, SHA256_CTX *c)
         switch ((c)->md_len)            \
         {   case SHA224_DIGEST_LENGTH:  \
                 for (nn=0;nn<SHA224_DIGEST_LENGTH/4;nn++)       \
-                {   ll=(c)->h[nn]; HOST_l2c(ll,(s));   }        \
+                {   ll=(c)->h[nn]; (void)HOST_l2c(ll,(s));   }  \
                 break;                  \
             case SHA256_DIGEST_LENGTH:  \
                 for (nn=0;nn<SHA256_DIGEST_LENGTH/4;nn++)       \
-                {   ll=(c)->h[nn]; HOST_l2c(ll,(s));   }        \
+                {   ll=(c)->h[nn]; (void)HOST_l2c(ll,(s));   }  \
                 break;                  \
             default:                    \
                 if ((c)->md_len > SHA256_DIGEST_LENGTH) \
                     return 0;                           \
                 for (nn=0;nn<(c)->md_len/4;nn++)                \
-                {   ll=(c)->h[nn]; HOST_l2c(ll,(s));   }        \
+                {   ll=(c)->h[nn]; (void)HOST_l2c(ll,(s));   }  \
                 break;                  \
         }                               \
         } while (0)
diff --git a/src/lib/libssl/src/crypto/sha/sha512.c b/src/lib/libssl/src/crypto/sha/sha512.c
index 50dd7dc744..50c229ddeb 100644
--- a/src/lib/libssl/src/crypto/sha/sha512.c
+++ b/src/lib/libssl/src/crypto/sha/sha512.c
@@ -232,7 +232,14 @@ int SHA384_Update (SHA512_CTX *c, const void *data, size_t len)
 {   return SHA512_Update (c,data,len);   }
 
 void SHA512_Transform (SHA512_CTX *c, const unsigned char *data)
-{   sha512_block_data_order (c,data,1);  }
+        {
+#ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
+        if ((size_t)data%sizeof(c->u.d[0]) != 0)
+                memcpy(c->u.p,data,sizeof(c->u.p)),
+                data = c->u.p;
+#endif
+        sha512_block_data_order (c,data,1);
+        }
 
 unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md)
         {
diff --git a/src/lib/libssl/src/crypto/sparccpuid.S b/src/lib/libssl/src/crypto/sparccpuid.S
index ae61f7f5ce..0cc247e489 100644
--- a/src/lib/libssl/src/crypto/sparccpuid.S
+++ b/src/lib/libssl/src/crypto/sparccpuid.S
@@ -235,10 +235,10 @@ _sparcv9_rdtick:
 .global _sparcv9_vis1_probe
 .align  8
 _sparcv9_vis1_probe:
-        .word   0x81b00d80      !fxor   %f0,%f0,%f0
         add     %sp,BIAS+2,%o1
-        retl
         .word   0xc19a5a40      !ldda   [%o1]ASI_FP16_P,%f0
+        retl
+        .word   0x81b00d80      !fxor   %f0,%f0,%f0
 .type   _sparcv9_vis1_probe,#function
 .size   _sparcv9_vis1_probe,.-_sparcv9_vis1_probe
 
diff --git a/src/lib/libssl/src/crypto/srp/srp_grps.h b/src/lib/libssl/src/crypto/srp/srp_grps.h
index d77c9fff4b..8e3c35e3f5 100644
--- a/src/lib/libssl/src/crypto/srp/srp_grps.h
+++ b/src/lib/libssl/src/crypto/srp/srp_grps.h
@@ -1,22 +1,22 @@
 /* start of generated data */
 
 static BN_ULONG bn_group_1024_value[] = {
-        bn_pack4(9FC6,1D2F,C0EB,06E3),
-        bn_pack4(FD51,38FE,8376,435B),
-        bn_pack4(2FD4,CBF4,976E,AA9A),
-        bn_pack4(68ED,BC3C,0572,6CC0),
-        bn_pack4(C529,F566,660E,57EC),
-        bn_pack4(8255,9B29,7BCF,1885),
-        bn_pack4(CE8E,F4AD,69B1,5D49),
-        bn_pack4(5DC7,D7B4,6154,D6B6),
-        bn_pack4(8E49,5C1D,6089,DAD1),
-        bn_pack4(E0D5,D8E2,50B9,8BE4),
-        bn_pack4(383B,4813,D692,C6E0),
-        bn_pack4(D674,DF74,96EA,81D3),
-        bn_pack4(9EA2,314C,9C25,6576),
-        bn_pack4(6072,6187,75FF,3C0B),
-        bn_pack4(9C33,F80A,FA8F,C5E8),
-        bn_pack4(EEAF,0AB9,ADB3,8DD6)
+        bn_pack4(0x9FC6,0x1D2F,0xC0EB,0x06E3),
+        bn_pack4(0xFD51,0x38FE,0x8376,0x435B),
+        bn_pack4(0x2FD4,0xCBF4,0x976E,0xAA9A),
+        bn_pack4(0x68ED,0xBC3C,0x0572,0x6CC0),
+        bn_pack4(0xC529,0xF566,0x660E,0x57EC),
+        bn_pack4(0x8255,0x9B29,0x7BCF,0x1885),
+        bn_pack4(0xCE8E,0xF4AD,0x69B1,0x5D49),
+        bn_pack4(0x5DC7,0xD7B4,0x6154,0xD6B6),
+        bn_pack4(0x8E49,0x5C1D,0x6089,0xDAD1),
+        bn_pack4(0xE0D5,0xD8E2,0x50B9,0x8BE4),
+        bn_pack4(0x383B,0x4813,0xD692,0xC6E0),
+        bn_pack4(0xD674,0xDF74,0x96EA,0x81D3),
+        bn_pack4(0x9EA2,0x314C,0x9C25,0x6576),
+        bn_pack4(0x6072,0x6187,0x75FF,0x3C0B),
+        bn_pack4(0x9C33,0xF80A,0xFA8F,0xC5E8),
+        bn_pack4(0xEEAF,0x0AB9,0xADB3,0x8DD6)
 };
 static BIGNUM bn_group_1024 = {
         bn_group_1024_value,
@@ -27,30 +27,30 @@ static BIGNUM bn_group_1024 = {
 };
 
 static BN_ULONG bn_group_1536_value[] = {
-        bn_pack4(CF76,E3FE,D135,F9BB),
-        bn_pack4(1518,0F93,499A,234D),
-        bn_pack4(8CE7,A28C,2442,C6F3),
-        bn_pack4(5A02,1FFF,5E91,479E),
-        bn_pack4(7F8A,2FE9,B8B5,292E),
-        bn_pack4(837C,264A,E3A9,BEB8),
-        bn_pack4(E442,734A,F7CC,B7AE),
-        bn_pack4(6577,2E43,7D6C,7F8C),
-        bn_pack4(DB2F,D53D,24B7,C486),
-        bn_pack4(6EDF,0195,3934,9627),
-        bn_pack4(158B,FD3E,2B9C,8CF5),
-        bn_pack4(764E,3F4B,53DD,9DA1),
-        bn_pack4(4754,8381,DBC5,B1FC),
-        bn_pack4(9B60,9E0B,E3BA,B63D),
-        bn_pack4(8134,B1C8,B979,8914),
-        bn_pack4(DF02,8A7C,EC67,F0D0),
-        bn_pack4(80B6,55BB,9A22,E8DC),
-        bn_pack4(1558,903B,A0D0,F843),
-        bn_pack4(51C6,A94B,E460,7A29),
-        bn_pack4(5F4F,5F55,6E27,CBDE),
-        bn_pack4(BEEE,A961,4B19,CC4D),
-        bn_pack4(DBA5,1DF4,99AC,4C80),
-        bn_pack4(B1F1,2A86,17A4,7BBB),
-        bn_pack4(9DEF,3CAF,B939,277A)
+        bn_pack4(0xCF76,0xE3FE,0xD135,0xF9BB),
+        bn_pack4(0x1518,0x0F93,0x499A,0x234D),
+        bn_pack4(0x8CE7,0xA28C,0x2442,0xC6F3),
+        bn_pack4(0x5A02,0x1FFF,0x5E91,0x479E),
+        bn_pack4(0x7F8A,0x2FE9,0xB8B5,0x292E),
+        bn_pack4(0x837C,0x264A,0xE3A9,0xBEB8),
+        bn_pack4(0xE442,0x734A,0xF7CC,0xB7AE),
+        bn_pack4(0x6577,0x2E43,0x7D6C,0x7F8C),
+        bn_pack4(0xDB2F,0xD53D,0x24B7,0xC486),
+        bn_pack4(0x6EDF,0x0195,0x3934,0x9627),
+        bn_pack4(0x158B,0xFD3E,0x2B9C,0x8CF5),
+        bn_pack4(0x764E,0x3F4B,0x53DD,0x9DA1),
+        bn_pack4(0x4754,0x8381,0xDBC5,0xB1FC),
+        bn_pack4(0x9B60,0x9E0B,0xE3BA,0xB63D),
+        bn_pack4(0x8134,0xB1C8,0xB979,0x8914),
+        bn_pack4(0xDF02,0x8A7C,0xEC67,0xF0D0),
+        bn_pack4(0x80B6,0x55BB,0x9A22,0xE8DC),
+        bn_pack4(0x1558,0x903B,0xA0D0,0xF843),
+        bn_pack4(0x51C6,0xA94B,0xE460,0x7A29),
+        bn_pack4(0x5F4F,0x5F55,0x6E27,0xCBDE),
+        bn_pack4(0xBEEE,0xA961,0x4B19,0xCC4D),
+        bn_pack4(0xDBA5,0x1DF4,0x99AC,0x4C80),
+        bn_pack4(0xB1F1,0x2A86,0x17A4,0x7BBB),
+        bn_pack4(0x9DEF,0x3CAF,0xB939,0x277A)
 };
 static BIGNUM bn_group_1536 = {
         bn_group_1536_value,
@@ -61,38 +61,38 @@ static BIGNUM bn_group_1536 = {
 };
 
 static BN_ULONG bn_group_2048_value[] = {
-        bn_pack4(0FA7,111F,9E4A,FF73),
-        bn_pack4(9B65,E372,FCD6,8EF2),
-        bn_pack4(35DE,236D,525F,5475),
-        bn_pack4(94B5,C803,D89F,7AE4),
-        bn_pack4(71AE,35F8,E9DB,FBB6),
-        bn_pack4(2A56,98F3,A8D0,C382),
-        bn_pack4(9CCC,041C,7BC3,08D8),
-        bn_pack4(AF87,4E73,03CE,5329),
-        bn_pack4(6160,2790,04E5,7AE6),
-        bn_pack4(032C,FBDB,F52F,B378),
-        bn_pack4(5EA7,7A27,75D2,ECFA),
-        bn_pack4(5445,23B5,24B0,D57D),
-        bn_pack4(5B9D,32E6,88F8,7748),
-        bn_pack4(F1D2,B907,8717,461A),
-        bn_pack4(76BD,207A,436C,6481),
-        bn_pack4(CA97,B43A,23FB,8016),
-        bn_pack4(1D28,1E44,6B14,773B),
-        bn_pack4(7359,D041,D5C3,3EA7),
-        bn_pack4(A80D,740A,DBF4,FF74),
-        bn_pack4(55F9,7993,EC97,5EEA),
-        bn_pack4(2918,A996,2F0B,93B8),
-        bn_pack4(661A,05FB,D5FA,AAE8),
-        bn_pack4(CF60,9517,9A16,3AB3),
-        bn_pack4(E808,3969,EDB7,67B0),
-        bn_pack4(CD7F,48A9,DA04,FD50),
-        bn_pack4(D523,12AB,4B03,310D),
-        bn_pack4(8193,E075,7767,A13D),
-        bn_pack4(A373,29CB,B4A0,99ED),
-        bn_pack4(FC31,9294,3DB5,6050),
-        bn_pack4(AF72,B665,1987,EE07),
-        bn_pack4(F166,DE5E,1389,582F),
-        bn_pack4(AC6B,DB41,324A,9A9B)
+        bn_pack4(0x0FA7,0x111F,0x9E4A,0xFF73),
+        bn_pack4(0x9B65,0xE372,0xFCD6,0x8EF2),
+        bn_pack4(0x35DE,0x236D,0x525F,0x5475),
+        bn_pack4(0x94B5,0xC803,0xD89F,0x7AE4),
+        bn_pack4(0x71AE,0x35F8,0xE9DB,0xFBB6),
+        bn_pack4(0x2A56,0x98F3,0xA8D0,0xC382),
+        bn_pack4(0x9CCC,0x041C,0x7BC3,0x08D8),
+        bn_pack4(0xAF87,0x4E73,0x03CE,0x5329),
+        bn_pack4(0x6160,0x2790,0x04E5,0x7AE6),
+        bn_pack4(0x032C,0xFBDB,0xF52F,0xB378),
+        bn_pack4(0x5EA7,0x7A27,0x75D2,0xECFA),
+        bn_pack4(0x5445,0x23B5,0x24B0,0xD57D),
+        bn_pack4(0x5B9D,0x32E6,0x88F8,0x7748),
+        bn_pack4(0xF1D2,0xB907,0x8717,0x461A),
+        bn_pack4(0x76BD,0x207A,0x436C,0x6481),
+        bn_pack4(0xCA97,0xB43A,0x23FB,0x8016),
+        bn_pack4(0x1D28,0x1E44,0x6B14,0x773B),
+        bn_pack4(0x7359,0xD041,0xD5C3,0x3EA7),
+        bn_pack4(0xA80D,0x740A,0xDBF4,0xFF74),
+        bn_pack4(0x55F9,0x7993,0xEC97,0x5EEA),
+        bn_pack4(0x2918,0xA996,0x2F0B,0x93B8),
+        bn_pack4(0x661A,0x05FB,0xD5FA,0xAAE8),
+        bn_pack4(0xCF60,0x9517,0x9A16,0x3AB3),
+        bn_pack4(0xE808,0x3969,0xEDB7,0x67B0),
+        bn_pack4(0xCD7F,0x48A9,0xDA04,0xFD50),
+        bn_pack4(0xD523,0x12AB,0x4B03,0x310D),
+        bn_pack4(0x8193,0xE075,0x7767,0xA13D),
+        bn_pack4(0xA373,0x29CB,0xB4A0,0x99ED),
+        bn_pack4(0xFC31,0x9294,0x3DB5,0x6050),
+        bn_pack4(0xAF72,0xB665,0x1987,0xEE07),
+        bn_pack4(0xF166,0xDE5E,0x1389,0x582F),
+        bn_pack4(0xAC6B,0xDB41,0x324A,0x9A9B)
 };
 static BIGNUM bn_group_2048 = {
         bn_group_2048_value,
@@ -103,54 +103,54 @@ static BIGNUM bn_group_2048 = {
 };
 
 static BN_ULONG bn_group_3072_value[] = {
-        bn_pack4(FFFF,FFFF,FFFF,FFFF),
-        bn_pack4(4B82,D120,A93A,D2CA),
-        bn_pack4(43DB,5BFC,E0FD,108E),
-        bn_pack4(08E2,4FA0,74E5,AB31),
-        bn_pack4(7709,88C0,BAD9,46E2),
-        bn_pack4(BBE1,1757,7A61,5D6C),
-        bn_pack4(521F,2B18,177B,200C),
-        bn_pack4(D876,0273,3EC8,6A64),
-        bn_pack4(F12F,FA06,D98A,0864),
-        bn_pack4(CEE3,D226,1AD2,EE6B),
-        bn_pack4(1E8C,94E0,4A25,619D),
-        bn_pack4(ABF5,AE8C,DB09,33D7),
-        bn_pack4(B397,0F85,A6E1,E4C7),
-        bn_pack4(8AEA,7157,5D06,0C7D),
-        bn_pack4(ECFB,8504,58DB,EF0A),
-        bn_pack4(A855,21AB,DF1C,BA64),
-        bn_pack4(AD33,170D,0450,7A33),
-        bn_pack4(1572,8E5A,8AAA,C42D),
-        bn_pack4(15D2,2618,98FA,0510),
-        bn_pack4(3995,497C,EA95,6AE5),
-        bn_pack4(DE2B,CBF6,9558,1718),
-        bn_pack4(B5C5,5DF0,6F4C,52C9),
-        bn_pack4(9B27,83A2,EC07,A28F),
-        bn_pack4(E39E,772C,180E,8603),
-        bn_pack4(3290,5E46,2E36,CE3B),
-        bn_pack4(F174,6C08,CA18,217C),
-        bn_pack4(670C,354E,4ABC,9804),
-        bn_pack4(9ED5,2907,7096,966D),
-        bn_pack4(1C62,F356,2085,52BB),
-        bn_pack4(8365,5D23,DCA3,AD96),
-        bn_pack4(6916,3FA8,FD24,CF5F),
-        bn_pack4(98DA,4836,1C55,D39A),
-        bn_pack4(C200,7CB8,A163,BF05),
-        bn_pack4(4928,6651,ECE4,5B3D),
-        bn_pack4(AE9F,2411,7C4B,1FE6),
-        bn_pack4(EE38,6BFB,5A89,9FA5),
-        bn_pack4(0BFF,5CB6,F406,B7ED),
-        bn_pack4(F44C,42E9,A637,ED6B),
-        bn_pack4(E485,B576,625E,7EC6),
-        bn_pack4(4FE1,356D,6D51,C245),
-        bn_pack4(302B,0A6D,F25F,1437),
-        bn_pack4(EF95,19B3,CD3A,431B),
-        bn_pack4(514A,0879,8E34,04DD),
-        bn_pack4(020B,BEA6,3B13,9B22),
-        bn_pack4(2902,4E08,8A67,CC74),
-        bn_pack4(C4C6,628B,80DC,1CD1),
-        bn_pack4(C90F,DAA2,2168,C234),
-        bn_pack4(FFFF,FFFF,FFFF,FFFF)
+        bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF),
+        bn_pack4(0x4B82,0xD120,0xA93A,0xD2CA),
+        bn_pack4(0x43DB,0x5BFC,0xE0FD,0x108E),
+        bn_pack4(0x08E2,0x4FA0,0x74E5,0xAB31),
+        bn_pack4(0x7709,0x88C0,0xBAD9,0x46E2),
+        bn_pack4(0xBBE1,0x1757,0x7A61,0x5D6C),
+        bn_pack4(0x521F,0x2B18,0x177B,0x200C),
+        bn_pack4(0xD876,0x0273,0x3EC8,0x6A64),
+        bn_pack4(0xF12F,0xFA06,0xD98A,0x0864),
+        bn_pack4(0xCEE3,0xD226,0x1AD2,0xEE6B),
+        bn_pack4(0x1E8C,0x94E0,0x4A25,0x619D),
+        bn_pack4(0xABF5,0xAE8C,0xDB09,0x33D7),
+        bn_pack4(0xB397,0x0F85,0xA6E1,0xE4C7),
+        bn_pack4(0x8AEA,0x7157,0x5D06,0x0C7D),
+        bn_pack4(0xECFB,0x8504,0x58DB,0xEF0A),
+        bn_pack4(0xA855,0x21AB,0xDF1C,0xBA64),
+        bn_pack4(0xAD33,0x170D,0x0450,0x7A33),
+        bn_pack4(0x1572,0x8E5A,0x8AAA,0xC42D),
+        bn_pack4(0x15D2,0x2618,0x98FA,0x0510),
+        bn_pack4(0x3995,0x497C,0xEA95,0x6AE5),
+        bn_pack4(0xDE2B,0xCBF6,0x9558,0x1718),
+        bn_pack4(0xB5C5,0x5DF0,0x6F4C,0x52C9),
+        bn_pack4(0x9B27,0x83A2,0xEC07,0xA28F),
+        bn_pack4(0xE39E,0x772C,0x180E,0x8603),
+        bn_pack4(0x3290,0x5E46,0x2E36,0xCE3B),
+        bn_pack4(0xF174,0x6C08,0xCA18,0x217C),
+        bn_pack4(0x670C,0x354E,0x4ABC,0x9804),
+        bn_pack4(0x9ED5,0x2907,0x7096,0x966D),
+        bn_pack4(0x1C62,0xF356,0x2085,0x52BB),
+        bn_pack4(0x8365,0x5D23,0xDCA3,0xAD96),
+        bn_pack4(0x6916,0x3FA8,0xFD24,0xCF5F),
+        bn_pack4(0x98DA,0x4836,0x1C55,0xD39A),
+        bn_pack4(0xC200,0x7CB8,0xA163,0xBF05),
+        bn_pack4(0x4928,0x6651,0xECE4,0x5B3D),
+        bn_pack4(0xAE9F,0x2411,0x7C4B,0x1FE6),
+        bn_pack4(0xEE38,0x6BFB,0x5A89,0x9FA5),
+        bn_pack4(0x0BFF,0x5CB6,0xF406,0xB7ED),
+        bn_pack4(0xF44C,0x42E9,0xA637,0xED6B),
+        bn_pack4(0xE485,0xB576,0x625E,0x7EC6),
+        bn_pack4(0x4FE1,0x356D,0x6D51,0xC245),
+        bn_pack4(0x302B,0x0A6D,0xF25F,0x1437),
+        bn_pack4(0xEF95,0x19B3,0xCD3A,0x431B),
+        bn_pack4(0x514A,0x0879,0x8E34,0x04DD),
+        bn_pack4(0x020B,0xBEA6,0x3B13,0x9B22),
+        bn_pack4(0x2902,0x4E08,0x8A67,0xCC74),
+        bn_pack4(0xC4C6,0x628B,0x80DC,0x1CD1),
+        bn_pack4(0xC90F,0xDAA2,0x2168,0xC234),
+        bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF)
 };
 static BIGNUM bn_group_3072 = {
         bn_group_3072_value,
@@ -161,70 +161,70 @@ static BIGNUM bn_group_3072 = {
 };
 
 static BN_ULONG bn_group_4096_value[] = {
-        bn_pack4(FFFF,FFFF,FFFF,FFFF),
-        bn_pack4(4DF4,35C9,3406,3199),
-        bn_pack4(86FF,B7DC,90A6,C08F),
-        bn_pack4(93B4,EA98,8D8F,DDC1),
-        bn_pack4(D006,9127,D5B0,5AA9),
-        bn_pack4(B81B,DD76,2170,481C),
-        bn_pack4(1F61,2970,CEE2,D7AF),
-        bn_pack4(233B,A186,515B,E7ED),
-        bn_pack4(99B2,964F,A090,C3A2),
-        bn_pack4(287C,5947,4E6B,C05D),
-        bn_pack4(2E8E,FC14,1FBE,CAA6),
-        bn_pack4(DBBB,C2DB,04DE,8EF9),
-        bn_pack4(2583,E9CA,2AD4,4CE8),
-        bn_pack4(1A94,6834,B615,0BDA),
-        bn_pack4(99C3,2718,6AF4,E23C),
-        bn_pack4(8871,9A10,BDBA,5B26),
-        bn_pack4(1A72,3C12,A787,E6D7),
-        bn_pack4(4B82,D120,A921,0801),
-        bn_pack4(43DB,5BFC,E0FD,108E),
-        bn_pack4(08E2,4FA0,74E5,AB31),
-        bn_pack4(7709,88C0,BAD9,46E2),
-        bn_pack4(BBE1,1757,7A61,5D6C),
-        bn_pack4(521F,2B18,177B,200C),
-        bn_pack4(D876,0273,3EC8,6A64),
-        bn_pack4(F12F,FA06,D98A,0864),
-        bn_pack4(CEE3,D226,1AD2,EE6B),
-        bn_pack4(1E8C,94E0,4A25,619D),
-        bn_pack4(ABF5,AE8C,DB09,33D7),
-        bn_pack4(B397,0F85,A6E1,E4C7),
-        bn_pack4(8AEA,7157,5D06,0C7D),
-        bn_pack4(ECFB,8504,58DB,EF0A),
-        bn_pack4(A855,21AB,DF1C,BA64),
-        bn_pack4(AD33,170D,0450,7A33),
-        bn_pack4(1572,8E5A,8AAA,C42D),
-        bn_pack4(15D2,2618,98FA,0510),
-        bn_pack4(3995,497C,EA95,6AE5),
-        bn_pack4(DE2B,CBF6,9558,1718),
-        bn_pack4(B5C5,5DF0,6F4C,52C9),
-        bn_pack4(9B27,83A2,EC07,A28F),
-        bn_pack4(E39E,772C,180E,8603),
-        bn_pack4(3290,5E46,2E36,CE3B),
-        bn_pack4(F174,6C08,CA18,217C),
-        bn_pack4(670C,354E,4ABC,9804),
-        bn_pack4(9ED5,2907,7096,966D),
-        bn_pack4(1C62,F356,2085,52BB),
-        bn_pack4(8365,5D23,DCA3,AD96),
-        bn_pack4(6916,3FA8,FD24,CF5F),
-        bn_pack4(98DA,4836,1C55,D39A),
-        bn_pack4(C200,7CB8,A163,BF05),
-        bn_pack4(4928,6651,ECE4,5B3D),
-        bn_pack4(AE9F,2411,7C4B,1FE6),
-        bn_pack4(EE38,6BFB,5A89,9FA5),
-        bn_pack4(0BFF,5CB6,F406,B7ED),
-        bn_pack4(F44C,42E9,A637,ED6B),
-        bn_pack4(E485,B576,625E,7EC6),
-        bn_pack4(4FE1,356D,6D51,C245),
-        bn_pack4(302B,0A6D,F25F,1437),
-        bn_pack4(EF95,19B3,CD3A,431B),
-        bn_pack4(514A,0879,8E34,04DD),
-        bn_pack4(020B,BEA6,3B13,9B22),
-        bn_pack4(2902,4E08,8A67,CC74),
-        bn_pack4(C4C6,628B,80DC,1CD1),
-        bn_pack4(C90F,DAA2,2168,C234),
-        bn_pack4(FFFF,FFFF,FFFF,FFFF)
+        bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF),
+        bn_pack4(0x4DF4,0x35C9,0x3406,0x3199),
+        bn_pack4(0x86FF,0xB7DC,0x90A6,0xC08F),
+        bn_pack4(0x93B4,0xEA98,0x8D8F,0xDDC1),
+        bn_pack4(0xD006,0x9127,0xD5B0,0x5AA9),
+        bn_pack4(0xB81B,0xDD76,0x2170,0x481C),
+        bn_pack4(0x1F61,0x2970,0xCEE2,0xD7AF),
+        bn_pack4(0x233B,0xA186,0x515B,0xE7ED),
+        bn_pack4(0x99B2,0x964F,0xA090,0xC3A2),
+        bn_pack4(0x287C,0x5947,0x4E6B,0xC05D),
+        bn_pack4(0x2E8E,0xFC14,0x1FBE,0xCAA6),
+        bn_pack4(0xDBBB,0xC2DB,0x04DE,0x8EF9),
+        bn_pack4(0x2583,0xE9CA,0x2AD4,0x4CE8),
+        bn_pack4(0x1A94,0x6834,0xB615,0x0BDA),
+        bn_pack4(0x99C3,0x2718,0x6AF4,0xE23C),
+        bn_pack4(0x8871,0x9A10,0xBDBA,0x5B26),
+        bn_pack4(0x1A72,0x3C12,0xA787,0xE6D7),
+        bn_pack4(0x4B82,0xD120,0xA921,0x0801),
+        bn_pack4(0x43DB,0x5BFC,0xE0FD,0x108E),
+        bn_pack4(0x08E2,0x4FA0,0x74E5,0xAB31),
+        bn_pack4(0x7709,0x88C0,0xBAD9,0x46E2),
+        bn_pack4(0xBBE1,0x1757,0x7A61,0x5D6C),
+        bn_pack4(0x521F,0x2B18,0x177B,0x200C),
+        bn_pack4(0xD876,0x0273,0x3EC8,0x6A64),
+        bn_pack4(0xF12F,0xFA06,0xD98A,0x0864),
+        bn_pack4(0xCEE3,0xD226,0x1AD2,0xEE6B),
+        bn_pack4(0x1E8C,0x94E0,0x4A25,0x619D),
+        bn_pack4(0xABF5,0xAE8C,0xDB09,0x33D7),
+        bn_pack4(0xB397,0x0F85,0xA6E1,0xE4C7),
+        bn_pack4(0x8AEA,0x7157,0x5D06,0x0C7D),
+        bn_pack4(0xECFB,0x8504,0x58DB,0xEF0A),
+        bn_pack4(0xA855,0x21AB,0xDF1C,0xBA64),
+        bn_pack4(0xAD33,0x170D,0x0450,0x7A33),
+        bn_pack4(0x1572,0x8E5A,0x8AAA,0xC42D),
+        bn_pack4(0x15D2,0x2618,0x98FA,0x0510),
+        bn_pack4(0x3995,0x497C,0xEA95,0x6AE5),
+        bn_pack4(0xDE2B,0xCBF6,0x9558,0x1718),
+        bn_pack4(0xB5C5,0x5DF0,0x6F4C,0x52C9),
+        bn_pack4(0x9B27,0x83A2,0xEC07,0xA28F),
+        bn_pack4(0xE39E,0x772C,0x180E,0x8603),
+        bn_pack4(0x3290,0x5E46,0x2E36,0xCE3B),
+        bn_pack4(0xF174,0x6C08,0xCA18,0x217C),
+        bn_pack4(0x670C,0x354E,0x4ABC,0x9804),
+        bn_pack4(0x9ED5,0x2907,0x7096,0x966D),
+        bn_pack4(0x1C62,0xF356,0x2085,0x52BB),
+        bn_pack4(0x8365,0x5D23,0xDCA3,0xAD96),
+        bn_pack4(0x6916,0x3FA8,0xFD24,0xCF5F),
+        bn_pack4(0x98DA,0x4836,0x1C55,0xD39A),
+        bn_pack4(0xC200,0x7CB8,0xA163,0xBF05),
+        bn_pack4(0x4928,0x6651,0xECE4,0x5B3D),
+        bn_pack4(0xAE9F,0x2411,0x7C4B,0x1FE6),
+        bn_pack4(0xEE38,0x6BFB,0x5A89,0x9FA5),
+        bn_pack4(0x0BFF,0x5CB6,0xF406,0xB7ED),
+        bn_pack4(0xF44C,0x42E9,0xA637,0xED6B),
+        bn_pack4(0xE485,0xB576,0x625E,0x7EC6),
+        bn_pack4(0x4FE1,0x356D,0x6D51,0xC245),
+        bn_pack4(0x302B,0x0A6D,0xF25F,0x1437),
+        bn_pack4(0xEF95,0x19B3,0xCD3A,0x431B),
+        bn_pack4(0x514A,0x0879,0x8E34,0x04DD),
+        bn_pack4(0x020B,0xBEA6,0x3B13,0x9B22),
+        bn_pack4(0x2902,0x4E08,0x8A67,0xCC74),
+        bn_pack4(0xC4C6,0x628B,0x80DC,0x1CD1),
+        bn_pack4(0xC90F,0xDAA2,0x2168,0xC234),
+        bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF)
 };
 static BIGNUM bn_group_4096 = {
         bn_group_4096_value,
@@ -235,102 +235,102 @@ static BIGNUM bn_group_4096 = {
 };
 
 static BN_ULONG bn_group_6144_value[] = {
-        bn_pack4(FFFF,FFFF,FFFF,FFFF),
-        bn_pack4(E694,F91E,6DCC,4024),
-        bn_pack4(12BF,2D5B,0B74,74D6),
-        bn_pack4(043E,8F66,3F48,60EE),
-        bn_pack4(387F,E8D7,6E3C,0468),
-        bn_pack4(DA56,C9EC,2EF2,9632),
-        bn_pack4(EB19,CCB1,A313,D55C),
-        bn_pack4(F550,AA3D,8A1F,BFF0),
-        bn_pack4(06A1,D58B,B7C5,DA76),
-        bn_pack4(A797,15EE,F29B,E328),
-        bn_pack4(14CC,5ED2,0F80,37E0),
-        bn_pack4(CC8F,6D7E,BF48,E1D8),
-        bn_pack4(4BD4,07B2,2B41,54AA),
-        bn_pack4(0F1D,45B7,FF58,5AC5),
-        bn_pack4(23A9,7A7E,36CC,88BE),
-        bn_pack4(59E7,C97F,BEC7,E8F3),
-        bn_pack4(B5A8,4031,900B,1C9E),
-        bn_pack4(D55E,702F,4698,0C82),
-        bn_pack4(F482,D7CE,6E74,FEF6),
-        bn_pack4(F032,EA15,D172,1D03),
-        bn_pack4(5983,CA01,C64B,92EC),
-        bn_pack4(6FB8,F401,378C,D2BF),
-        bn_pack4(3320,5151,2BD7,AF42),
-        bn_pack4(DB7F,1447,E6CC,254B),
-        bn_pack4(44CE,6CBA,CED4,BB1B),
-        bn_pack4(DA3E,DBEB,CF9B,14ED),
-        bn_pack4(1797,27B0,865A,8918),
-        bn_pack4(B06A,53ED,9027,D831),
-        bn_pack4(E5DB,382F,4130,01AE),
-        bn_pack4(F8FF,9406,AD9E,530E),
-        bn_pack4(C975,1E76,3DBA,37BD),
-        bn_pack4(C1D4,DCB2,6026,46DE),
-        bn_pack4(36C3,FAB4,D27C,7026),
-        bn_pack4(4DF4,35C9,3402,8492),
-        bn_pack4(86FF,B7DC,90A6,C08F),
-        bn_pack4(93B4,EA98,8D8F,DDC1),
-        bn_pack4(D006,9127,D5B0,5AA9),
-        bn_pack4(B81B,DD76,2170,481C),
-        bn_pack4(1F61,2970,CEE2,D7AF),
-        bn_pack4(233B,A186,515B,E7ED),
-        bn_pack4(99B2,964F,A090,C3A2),
-        bn_pack4(287C,5947,4E6B,C05D),
-        bn_pack4(2E8E,FC14,1FBE,CAA6),
-        bn_pack4(DBBB,C2DB,04DE,8EF9),
-        bn_pack4(2583,E9CA,2AD4,4CE8),
-        bn_pack4(1A94,6834,B615,0BDA),
-        bn_pack4(99C3,2718,6AF4,E23C),
-        bn_pack4(8871,9A10,BDBA,5B26),
-        bn_pack4(1A72,3C12,A787,E6D7),
-        bn_pack4(4B82,D120,A921,0801),
-        bn_pack4(43DB,5BFC,E0FD,108E),
-        bn_pack4(08E2,4FA0,74E5,AB31),
-        bn_pack4(7709,88C0,BAD9,46E2),
-        bn_pack4(BBE1,1757,7A61,5D6C),
-        bn_pack4(521F,2B18,177B,200C),
-        bn_pack4(D876,0273,3EC8,6A64),
-        bn_pack4(F12F,FA06,D98A,0864),
-        bn_pack4(CEE3,D226,1AD2,EE6B),
-        bn_pack4(1E8C,94E0,4A25,619D),
-        bn_pack4(ABF5,AE8C,DB09,33D7),
-        bn_pack4(B397,0F85,A6E1,E4C7),
-        bn_pack4(8AEA,7157,5D06,0C7D),
-        bn_pack4(ECFB,8504,58DB,EF0A),
-        bn_pack4(A855,21AB,DF1C,BA64),
-        bn_pack4(AD33,170D,0450,7A33),
-        bn_pack4(1572,8E5A,8AAA,C42D),
-        bn_pack4(15D2,2618,98FA,0510),
-        bn_pack4(3995,497C,EA95,6AE5),
-        bn_pack4(DE2B,CBF6,9558,1718),
-        bn_pack4(B5C5,5DF0,6F4C,52C9),
-        bn_pack4(9B27,83A2,EC07,A28F),
-        bn_pack4(E39E,772C,180E,8603),
-        bn_pack4(3290,5E46,2E36,CE3B),
-        bn_pack4(F174,6C08,CA18,217C),
-        bn_pack4(670C,354E,4ABC,9804),
-        bn_pack4(9ED5,2907,7096,966D),
-        bn_pack4(1C62,F356,2085,52BB),
-        bn_pack4(8365,5D23,DCA3,AD96),
-        bn_pack4(6916,3FA8,FD24,CF5F),
-        bn_pack4(98DA,4836,1C55,D39A),
-        bn_pack4(C200,7CB8,A163,BF05),
-        bn_pack4(4928,6651,ECE4,5B3D),
-        bn_pack4(AE9F,2411,7C4B,1FE6),
-        bn_pack4(EE38,6BFB,5A89,9FA5),
-        bn_pack4(0BFF,5CB6,F406,B7ED),
-        bn_pack4(F44C,42E9,A637,ED6B),
-        bn_pack4(E485,B576,625E,7EC6),
-        bn_pack4(4FE1,356D,6D51,C245),
-        bn_pack4(302B,0A6D,F25F,1437),
-        bn_pack4(EF95,19B3,CD3A,431B),
-        bn_pack4(514A,0879,8E34,04DD),
-        bn_pack4(020B,BEA6,3B13,9B22),
-        bn_pack4(2902,4E08,8A67,CC74),
-        bn_pack4(C4C6,628B,80DC,1CD1),
-        bn_pack4(C90F,DAA2,2168,C234),
-        bn_pack4(FFFF,FFFF,FFFF,FFFF)
+        bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF),
+        bn_pack4(0xE694,0xF91E,0x6DCC,0x4024),
+        bn_pack4(0x12BF,0x2D5B,0x0B74,0x74D6),
+        bn_pack4(0x043E,0x8F66,0x3F48,0x60EE),
+        bn_pack4(0x387F,0xE8D7,0x6E3C,0x0468),
+        bn_pack4(0xDA56,0xC9EC,0x2EF2,0x9632),
+        bn_pack4(0xEB19,0xCCB1,0xA313,0xD55C),
+        bn_pack4(0xF550,0xAA3D,0x8A1F,0xBFF0),
+        bn_pack4(0x06A1,0xD58B,0xB7C5,0xDA76),
+        bn_pack4(0xA797,0x15EE,0xF29B,0xE328),
+        bn_pack4(0x14CC,0x5ED2,0x0F80,0x37E0),
+        bn_pack4(0xCC8F,0x6D7E,0xBF48,0xE1D8),
+        bn_pack4(0x4BD4,0x07B2,0x2B41,0x54AA),
+        bn_pack4(0x0F1D,0x45B7,0xFF58,0x5AC5),
+        bn_pack4(0x23A9,0x7A7E,0x36CC,0x88BE),
+        bn_pack4(0x59E7,0xC97F,0xBEC7,0xE8F3),
+        bn_pack4(0xB5A8,0x4031,0x900B,0x1C9E),
+        bn_pack4(0xD55E,0x702F,0x4698,0x0C82),
+        bn_pack4(0xF482,0xD7CE,0x6E74,0xFEF6),
+        bn_pack4(0xF032,0xEA15,0xD172,0x1D03),
+        bn_pack4(0x5983,0xCA01,0xC64B,0x92EC),
+        bn_pack4(0x6FB8,0xF401,0x378C,0xD2BF),
+        bn_pack4(0x3320,0x5151,0x2BD7,0xAF42),
+        bn_pack4(0xDB7F,0x1447,0xE6CC,0x254B),
+        bn_pack4(0x44CE,0x6CBA,0xCED4,0xBB1B),
+        bn_pack4(0xDA3E,0xDBEB,0xCF9B,0x14ED),
+        bn_pack4(0x1797,0x27B0,0x865A,0x8918),
+        bn_pack4(0xB06A,0x53ED,0x9027,0xD831),
+        bn_pack4(0xE5DB,0x382F,0x4130,0x01AE),
+        bn_pack4(0xF8FF,0x9406,0xAD9E,0x530E),
+        bn_pack4(0xC975,0x1E76,0x3DBA,0x37BD),
+        bn_pack4(0xC1D4,0xDCB2,0x6026,0x46DE),
+        bn_pack4(0x36C3,0xFAB4,0xD27C,0x7026),
+        bn_pack4(0x4DF4,0x35C9,0x3402,0x8492),
+        bn_pack4(0x86FF,0xB7DC,0x90A6,0xC08F),
+        bn_pack4(0x93B4,0xEA98,0x8D8F,0xDDC1),
+        bn_pack4(0xD006,0x9127,0xD5B0,0x5AA9),
+        bn_pack4(0xB81B,0xDD76,0x2170,0x481C),
+        bn_pack4(0x1F61,0x2970,0xCEE2,0xD7AF),
+        bn_pack4(0x233B,0xA186,0x515B,0xE7ED),
+        bn_pack4(0x99B2,0x964F,0xA090,0xC3A2),
+        bn_pack4(0x287C,0x5947,0x4E6B,0xC05D),
+        bn_pack4(0x2E8E,0xFC14,0x1FBE,0xCAA6),
+        bn_pack4(0xDBBB,0xC2DB,0x04DE,0x8EF9),
+        bn_pack4(0x2583,0xE9CA,0x2AD4,0x4CE8),
+        bn_pack4(0x1A94,0x6834,0xB615,0x0BDA),
+        bn_pack4(0x99C3,0x2718,0x6AF4,0xE23C),
+        bn_pack4(0x8871,0x9A10,0xBDBA,0x5B26),
+        bn_pack4(0x1A72,0x3C12,0xA787,0xE6D7),
+        bn_pack4(0x4B82,0xD120,0xA921,0x0801),
+        bn_pack4(0x43DB,0x5BFC,0xE0FD,0x108E),
+        bn_pack4(0x08E2,0x4FA0,0x74E5,0xAB31),
+        bn_pack4(0x7709,0x88C0,0xBAD9,0x46E2),
+        bn_pack4(0xBBE1,0x1757,0x7A61,0x5D6C),
+        bn_pack4(0x521F,0x2B18,0x177B,0x200C),
+        bn_pack4(0xD876,0x0273,0x3EC8,0x6A64),
+        bn_pack4(0xF12F,0xFA06,0xD98A,0x0864),
+        bn_pack4(0xCEE3,0xD226,0x1AD2,0xEE6B),
+        bn_pack4(0x1E8C,0x94E0,0x4A25,0x619D),
+        bn_pack4(0xABF5,0xAE8C,0xDB09,0x33D7),
+        bn_pack4(0xB397,0x0F85,0xA6E1,0xE4C7),
+        bn_pack4(0x8AEA,0x7157,0x5D06,0x0C7D),
+        bn_pack4(0xECFB,0x8504,0x58DB,0xEF0A),
+        bn_pack4(0xA855,0x21AB,0xDF1C,0xBA64),
+        bn_pack4(0xAD33,0x170D,0x0450,0x7A33),
+        bn_pack4(0x1572,0x8E5A,0x8AAA,0xC42D),
+        bn_pack4(0x15D2,0x2618,0x98FA,0x0510),
+        bn_pack4(0x3995,0x497C,0xEA95,0x6AE5),
+        bn_pack4(0xDE2B,0xCBF6,0x9558,0x1718),
+        bn_pack4(0xB5C5,0x5DF0,0x6F4C,0x52C9),
+        bn_pack4(0x9B27,0x83A2,0xEC07,0xA28F),
+        bn_pack4(0xE39E,0x772C,0x180E,0x8603),
+        bn_pack4(0x3290,0x5E46,0x2E36,0xCE3B),
+        bn_pack4(0xF174,0x6C08,0xCA18,0x217C),
+        bn_pack4(0x670C,0x354E,0x4ABC,0x9804),
+        bn_pack4(0x9ED5,0x2907,0x7096,0x966D),
+        bn_pack4(0x1C62,0xF356,0x2085,0x52BB),
+        bn_pack4(0x8365,0x5D23,0xDCA3,0xAD96),
+        bn_pack4(0x6916,0x3FA8,0xFD24,0xCF5F),
+        bn_pack4(0x98DA,0x4836,0x1C55,0xD39A),
+        bn_pack4(0xC200,0x7CB8,0xA163,0xBF05),
+        bn_pack4(0x4928,0x6651,0xECE4,0x5B3D),
+        bn_pack4(0xAE9F,0x2411,0x7C4B,0x1FE6),
+        bn_pack4(0xEE38,0x6BFB,0x5A89,0x9FA5),
+        bn_pack4(0x0BFF,0x5CB6,0xF406,0xB7ED),
+        bn_pack4(0xF44C,0x42E9,0xA637,0xED6B),
+        bn_pack4(0xE485,0xB576,0x625E,0x7EC6),
+        bn_pack4(0x4FE1,0x356D,0x6D51,0xC245),
+        bn_pack4(0x302B,0x0A6D,0xF25F,0x1437),
+        bn_pack4(0xEF95,0x19B3,0xCD3A,0x431B),
+        bn_pack4(0x514A,0x0879,0x8E34,0x04DD),
+        bn_pack4(0x020B,0xBEA6,0x3B13,0x9B22),
+        bn_pack4(0x2902,0x4E08,0x8A67,0xCC74),
+        bn_pack4(0xC4C6,0x628B,0x80DC,0x1CD1),
+        bn_pack4(0xC90F,0xDAA2,0x2168,0xC234),
+        bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF)
 };
 static BIGNUM bn_group_6144 = {
         bn_group_6144_value,
@@ -341,134 +341,134 @@ static BIGNUM bn_group_6144 = {
 };
 
 static BN_ULONG bn_group_8192_value[] = {
-        bn_pack4(FFFF,FFFF,FFFF,FFFF),
-        bn_pack4(60C9,80DD,98ED,D3DF),
-        bn_pack4(C81F,56E8,80B9,6E71),
-        bn_pack4(9E30,50E2,7656,94DF),
-        bn_pack4(9558,E447,5677,E9AA),
-        bn_pack4(C919,0DA6,FC02,6E47),
-        bn_pack4(889A,002E,D5EE,382B),
-        bn_pack4(4009,438B,481C,6CD7),
-        bn_pack4(3590,46F4,EB87,9F92),
-        bn_pack4(FAF3,6BC3,1ECF,A268),
-        bn_pack4(B1D5,10BD,7EE7,4D73),
-        bn_pack4(F9AB,4819,5DED,7EA1),
-        bn_pack4(64F3,1CC5,0846,851D),
-        bn_pack4(4597,E899,A025,5DC1),
-        bn_pack4(DF31,0EE0,74AB,6A36),
-        bn_pack4(6D2A,13F8,3F44,F82D),
-        bn_pack4(062B,3CF5,B3A2,78A6),
-        bn_pack4(7968,3303,ED5B,DD3A),
-        bn_pack4(FA9D,4B7F,A2C0,87E8),
-        bn_pack4(4BCB,C886,2F83,85DD),
-        bn_pack4(3473,FC64,6CEA,306B),
-        bn_pack4(13EB,57A8,1A23,F0C7),
-        bn_pack4(2222,2E04,A403,7C07),
-        bn_pack4(E3FD,B8BE,FC84,8AD9),
-        bn_pack4(238F,16CB,E39D,652D),
-        bn_pack4(3423,B474,2BF1,C978),
-        bn_pack4(3AAB,639C,5AE4,F568),
-        bn_pack4(2576,F693,6BA4,2466),
-        bn_pack4(741F,A7BF,8AFC,47ED),
-        bn_pack4(3BC8,32B6,8D9D,D300),
-        bn_pack4(D8BE,C4D0,73B9,31BA),
-        bn_pack4(3877,7CB6,A932,DF8C),
-        bn_pack4(74A3,926F,12FE,E5E4),
-        bn_pack4(E694,F91E,6DBE,1159),
-        bn_pack4(12BF,2D5B,0B74,74D6),
-        bn_pack4(043E,8F66,3F48,60EE),
-        bn_pack4(387F,E8D7,6E3C,0468),
-        bn_pack4(DA56,C9EC,2EF2,9632),
-        bn_pack4(EB19,CCB1,A313,D55C),
-        bn_pack4(F550,AA3D,8A1F,BFF0),
-        bn_pack4(06A1,D58B,B7C5,DA76),
-        bn_pack4(A797,15EE,F29B,E328),
-        bn_pack4(14CC,5ED2,0F80,37E0),
-        bn_pack4(CC8F,6D7E,BF48,E1D8),
-        bn_pack4(4BD4,07B2,2B41,54AA),
-        bn_pack4(0F1D,45B7,FF58,5AC5),
-        bn_pack4(23A9,7A7E,36CC,88BE),
-        bn_pack4(59E7,C97F,BEC7,E8F3),
-        bn_pack4(B5A8,4031,900B,1C9E),
-        bn_pack4(D55E,702F,4698,0C82),
-        bn_pack4(F482,D7CE,6E74,FEF6),
-        bn_pack4(F032,EA15,D172,1D03),
-        bn_pack4(5983,CA01,C64B,92EC),
-        bn_pack4(6FB8,F401,378C,D2BF),
-        bn_pack4(3320,5151,2BD7,AF42),
-        bn_pack4(DB7F,1447,E6CC,254B),
-        bn_pack4(44CE,6CBA,CED4,BB1B),
-        bn_pack4(DA3E,DBEB,CF9B,14ED),
-        bn_pack4(1797,27B0,865A,8918),
-        bn_pack4(B06A,53ED,9027,D831),
-        bn_pack4(E5DB,382F,4130,01AE),
-        bn_pack4(F8FF,9406,AD9E,530E),
-        bn_pack4(C975,1E76,3DBA,37BD),
-        bn_pack4(C1D4,DCB2,6026,46DE),
-        bn_pack4(36C3,FAB4,D27C,7026),
-        bn_pack4(4DF4,35C9,3402,8492),
-        bn_pack4(86FF,B7DC,90A6,C08F),
-        bn_pack4(93B4,EA98,8D8F,DDC1),
-        bn_pack4(D006,9127,D5B0,5AA9),
-        bn_pack4(B81B,DD76,2170,481C),
-        bn_pack4(1F61,2970,CEE2,D7AF),
-        bn_pack4(233B,A186,515B,E7ED),
-        bn_pack4(99B2,964F,A090,C3A2),
-        bn_pack4(287C,5947,4E6B,C05D),
-        bn_pack4(2E8E,FC14,1FBE,CAA6),
-        bn_pack4(DBBB,C2DB,04DE,8EF9),
-        bn_pack4(2583,E9CA,2AD4,4CE8),
-        bn_pack4(1A94,6834,B615,0BDA),
-        bn_pack4(99C3,2718,6AF4,E23C),
-        bn_pack4(8871,9A10,BDBA,5B26),
-        bn_pack4(1A72,3C12,A787,E6D7),
-        bn_pack4(4B82,D120,A921,0801),
-        bn_pack4(43DB,5BFC,E0FD,108E),
-        bn_pack4(08E2,4FA0,74E5,AB31),
-        bn_pack4(7709,88C0,BAD9,46E2),
-        bn_pack4(BBE1,1757,7A61,5D6C),
-        bn_pack4(521F,2B18,177B,200C),
-        bn_pack4(D876,0273,3EC8,6A64),
-        bn_pack4(F12F,FA06,D98A,0864),
-        bn_pack4(CEE3,D226,1AD2,EE6B),
-        bn_pack4(1E8C,94E0,4A25,619D),
-        bn_pack4(ABF5,AE8C,DB09,33D7),
-        bn_pack4(B397,0F85,A6E1,E4C7),
-        bn_pack4(8AEA,7157,5D06,0C7D),
-        bn_pack4(ECFB,8504,58DB,EF0A),
-        bn_pack4(A855,21AB,DF1C,BA64),
-        bn_pack4(AD33,170D,0450,7A33),
-        bn_pack4(1572,8E5A,8AAA,C42D),
-        bn_pack4(15D2,2618,98FA,0510),
-        bn_pack4(3995,497C,EA95,6AE5),
-        bn_pack4(DE2B,CBF6,9558,1718),
-        bn_pack4(B5C5,5DF0,6F4C,52C9),
-        bn_pack4(9B27,83A2,EC07,A28F),
-        bn_pack4(E39E,772C,180E,8603),
-        bn_pack4(3290,5E46,2E36,CE3B),
-        bn_pack4(F174,6C08,CA18,217C),
-        bn_pack4(670C,354E,4ABC,9804),
-        bn_pack4(9ED5,2907,7096,966D),
-        bn_pack4(1C62,F356,2085,52BB),
-        bn_pack4(8365,5D23,DCA3,AD96),
-        bn_pack4(6916,3FA8,FD24,CF5F),
-        bn_pack4(98DA,4836,1C55,D39A),
-        bn_pack4(C200,7CB8,A163,BF05),
-        bn_pack4(4928,6651,ECE4,5B3D),
-        bn_pack4(AE9F,2411,7C4B,1FE6),
-        bn_pack4(EE38,6BFB,5A89,9FA5),
-        bn_pack4(0BFF,5CB6,F406,B7ED),
-        bn_pack4(F44C,42E9,A637,ED6B),
-        bn_pack4(E485,B576,625E,7EC6),
-        bn_pack4(4FE1,356D,6D51,C245),
-        bn_pack4(302B,0A6D,F25F,1437),
-        bn_pack4(EF95,19B3,CD3A,431B),
-        bn_pack4(514A,0879,8E34,04DD),
-        bn_pack4(020B,BEA6,3B13,9B22),
-        bn_pack4(2902,4E08,8A67,CC74),
-        bn_pack4(C4C6,628B,80DC,1CD1),
-        bn_pack4(C90F,DAA2,2168,C234),
-        bn_pack4(FFFF,FFFF,FFFF,FFFF)
+        bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF),
+        bn_pack4(0x60C9,0x80DD,0x98ED,0xD3DF),
+        bn_pack4(0xC81F,0x56E8,0x80B9,0x6E71),
+        bn_pack4(0x9E30,0x50E2,0x7656,0x94DF),
+        bn_pack4(0x9558,0xE447,0x5677,0xE9AA),
+        bn_pack4(0xC919,0x0DA6,0xFC02,0x6E47),
+        bn_pack4(0x889A,0x002E,0xD5EE,0x382B),
+        bn_pack4(0x4009,0x438B,0x481C,0x6CD7),
+        bn_pack4(0x3590,0x46F4,0xEB87,0x9F92),
+        bn_pack4(0xFAF3,0x6BC3,0x1ECF,0xA268),
+        bn_pack4(0xB1D5,0x10BD,0x7EE7,0x4D73),
+        bn_pack4(0xF9AB,0x4819,0x5DED,0x7EA1),
+        bn_pack4(0x64F3,0x1CC5,0x0846,0x851D),
+        bn_pack4(0x4597,0xE899,0xA025,0x5DC1),
+        bn_pack4(0xDF31,0x0EE0,0x74AB,0x6A36),
+        bn_pack4(0x6D2A,0x13F8,0x3F44,0xF82D),
+        bn_pack4(0x062B,0x3CF5,0xB3A2,0x78A6),
+        bn_pack4(0x7968,0x3303,0xED5B,0xDD3A),
+        bn_pack4(0xFA9D,0x4B7F,0xA2C0,0x87E8),
+        bn_pack4(0x4BCB,0xC886,0x2F83,0x85DD),
+        bn_pack4(0x3473,0xFC64,0x6CEA,0x306B),
+        bn_pack4(0x13EB,0x57A8,0x1A23,0xF0C7),
+        bn_pack4(0x2222,0x2E04,0xA403,0x7C07),
+        bn_pack4(0xE3FD,0xB8BE,0xFC84,0x8AD9),
+        bn_pack4(0x238F,0x16CB,0xE39D,0x652D),
+        bn_pack4(0x3423,0xB474,0x2BF1,0xC978),
+        bn_pack4(0x3AAB,0x639C,0x5AE4,0xF568),
+        bn_pack4(0x2576,0xF693,0x6BA4,0x2466),
+        bn_pack4(0x741F,0xA7BF,0x8AFC,0x47ED),
+        bn_pack4(0x3BC8,0x32B6,0x8D9D,0xD300),
+        bn_pack4(0xD8BE,0xC4D0,0x73B9,0x31BA),
+        bn_pack4(0x3877,0x7CB6,0xA932,0xDF8C),
+        bn_pack4(0x74A3,0x926F,0x12FE,0xE5E4),
+        bn_pack4(0xE694,0xF91E,0x6DBE,0x1159),
+        bn_pack4(0x12BF,0x2D5B,0x0B74,0x74D6),
+        bn_pack4(0x043E,0x8F66,0x3F48,0x60EE),
+        bn_pack4(0x387F,0xE8D7,0x6E3C,0x0468),
+        bn_pack4(0xDA56,0xC9EC,0x2EF2,0x9632),
+        bn_pack4(0xEB19,0xCCB1,0xA313,0xD55C),
+        bn_pack4(0xF550,0xAA3D,0x8A1F,0xBFF0),
+        bn_pack4(0x06A1,0xD58B,0xB7C5,0xDA76),
+        bn_pack4(0xA797,0x15EE,0xF29B,0xE328),
+        bn_pack4(0x14CC,0x5ED2,0x0F80,0x37E0),
+        bn_pack4(0xCC8F,0x6D7E,0xBF48,0xE1D8),
+        bn_pack4(0x4BD4,0x07B2,0x2B41,0x54AA),
+        bn_pack4(0x0F1D,0x45B7,0xFF58,0x5AC5),
+        bn_pack4(0x23A9,0x7A7E,0x36CC,0x88BE),
+        bn_pack4(0x59E7,0xC97F,0xBEC7,0xE8F3),
+        bn_pack4(0xB5A8,0x4031,0x900B,0x1C9E),
+        bn_pack4(0xD55E,0x702F,0x4698,0x0C82),
+        bn_pack4(0xF482,0xD7CE,0x6E74,0xFEF6),
+        bn_pack4(0xF032,0xEA15,0xD172,0x1D03),
+        bn_pack4(0x5983,0xCA01,0xC64B,0x92EC),
+        bn_pack4(0x6FB8,0xF401,0x378C,0xD2BF),
+        bn_pack4(0x3320,0x5151,0x2BD7,0xAF42),
+        bn_pack4(0xDB7F,0x1447,0xE6CC,0x254B),
+        bn_pack4(0x44CE,0x6CBA,0xCED4,0xBB1B),
+        bn_pack4(0xDA3E,0xDBEB,0xCF9B,0x14ED),
+        bn_pack4(0x1797,0x27B0,0x865A,0x8918),
+        bn_pack4(0xB06A,0x53ED,0x9027,0xD831),
+        bn_pack4(0xE5DB,0x382F,0x4130,0x01AE),
+        bn_pack4(0xF8FF,0x9406,0xAD9E,0x530E),
+        bn_pack4(0xC975,0x1E76,0x3DBA,0x37BD),
+        bn_pack4(0xC1D4,0xDCB2,0x6026,0x46DE),
+        bn_pack4(0x36C3,0xFAB4,0xD27C,0x7026),
+        bn_pack4(0x4DF4,0x35C9,0x3402,0x8492),
+        bn_pack4(0x86FF,0xB7DC,0x90A6,0xC08F),
+        bn_pack4(0x93B4,0xEA98,0x8D8F,0xDDC1),
+        bn_pack4(0xD006,0x9127,0xD5B0,0x5AA9),
+        bn_pack4(0xB81B,0xDD76,0x2170,0x481C),
+        bn_pack4(0x1F61,0x2970,0xCEE2,0xD7AF),
+        bn_pack4(0x233B,0xA186,0x515B,0xE7ED),
+        bn_pack4(0x99B2,0x964F,0xA090,0xC3A2),
+        bn_pack4(0x287C,0x5947,0x4E6B,0xC05D),
+        bn_pack4(0x2E8E,0xFC14,0x1FBE,0xCAA6),
+        bn_pack4(0xDBBB,0xC2DB,0x04DE,0x8EF9),
+        bn_pack4(0x2583,0xE9CA,0x2AD4,0x4CE8),
+        bn_pack4(0x1A94,0x6834,0xB615,0x0BDA),
+        bn_pack4(0x99C3,0x2718,0x6AF4,0xE23C),
+        bn_pack4(0x8871,0x9A10,0xBDBA,0x5B26),
+        bn_pack4(0x1A72,0x3C12,0xA787,0xE6D7),
+        bn_pack4(0x4B82,0xD120,0xA921,0x0801),
+        bn_pack4(0x43DB,0x5BFC,0xE0FD,0x108E),
+        bn_pack4(0x08E2,0x4FA0,0x74E5,0xAB31),
+        bn_pack4(0x7709,0x88C0,0xBAD9,0x46E2),
+        bn_pack4(0xBBE1,0x1757,0x7A61,0x5D6C),
+        bn_pack4(0x521F,0x2B18,0x177B,0x200C),
+        bn_pack4(0xD876,0x0273,0x3EC8,0x6A64),
+        bn_pack4(0xF12F,0xFA06,0xD98A,0x0864),
+        bn_pack4(0xCEE3,0xD226,0x1AD2,0xEE6B),
+        bn_pack4(0x1E8C,0x94E0,0x4A25,0x619D),
+        bn_pack4(0xABF5,0xAE8C,0xDB09,0x33D7),
+        bn_pack4(0xB397,0x0F85,0xA6E1,0xE4C7),
+        bn_pack4(0x8AEA,0x7157,0x5D06,0x0C7D),
+        bn_pack4(0xECFB,0x8504,0x58DB,0xEF0A),
+        bn_pack4(0xA855,0x21AB,0xDF1C,0xBA64),
+        bn_pack4(0xAD33,0x170D,0x0450,0x7A33),
+        bn_pack4(0x1572,0x8E5A,0x8AAA,0xC42D),
+        bn_pack4(0x15D2,0x2618,0x98FA,0x0510),
+        bn_pack4(0x3995,0x497C,0xEA95,0x6AE5),
+        bn_pack4(0xDE2B,0xCBF6,0x9558,0x1718),
+        bn_pack4(0xB5C5,0x5DF0,0x6F4C,0x52C9),
+        bn_pack4(0x9B27,0x83A2,0xEC07,0xA28F),
+        bn_pack4(0xE39E,0x772C,0x180E,0x8603),
+        bn_pack4(0x3290,0x5E46,0x2E36,0xCE3B),
+        bn_pack4(0xF174,0x6C08,0xCA18,0x217C),
+        bn_pack4(0x670C,0x354E,0x4ABC,0x9804),
+        bn_pack4(0x9ED5,0x2907,0x7096,0x966D),
+        bn_pack4(0x1C62,0xF356,0x2085,0x52BB),
+        bn_pack4(0x8365,0x5D23,0xDCA3,0xAD96),
+        bn_pack4(0x6916,0x3FA8,0xFD24,0xCF5F),
+        bn_pack4(0x98DA,0x4836,0x1C55,0xD39A),
+        bn_pack4(0xC200,0x7CB8,0xA163,0xBF05),
+        bn_pack4(0x4928,0x6651,0xECE4,0x5B3D),
+        bn_pack4(0xAE9F,0x2411,0x7C4B,0x1FE6),
+        bn_pack4(0xEE38,0x6BFB,0x5A89,0x9FA5),
+        bn_pack4(0x0BFF,0x5CB6,0xF406,0xB7ED),
+        bn_pack4(0xF44C,0x42E9,0xA637,0xED6B),
+        bn_pack4(0xE485,0xB576,0x625E,0x7EC6),
+        bn_pack4(0x4FE1,0x356D,0x6D51,0xC245),
+        bn_pack4(0x302B,0x0A6D,0xF25F,0x1437),
+        bn_pack4(0xEF95,0x19B3,0xCD3A,0x431B),
+        bn_pack4(0x514A,0x0879,0x8E34,0x04DD),
+        bn_pack4(0x020B,0xBEA6,0x3B13,0x9B22),
+        bn_pack4(0x2902,0x4E08,0x8A67,0xCC74),
+        bn_pack4(0xC4C6,0x628B,0x80DC,0x1CD1),
+        bn_pack4(0xC90F,0xDAA2,0x2168,0xC234),
+        bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF)
 };
 static BIGNUM bn_group_8192 = {
         bn_group_8192_value,
diff --git a/src/lib/libssl/src/crypto/srp/srp_lib.c b/src/lib/libssl/src/crypto/srp/srp_lib.c
index 92cea98dcd..7c1dcc5111 100644
--- a/src/lib/libssl/src/crypto/srp/srp_lib.c
+++ b/src/lib/libssl/src/crypto/srp/srp_lib.c
@@ -63,13 +63,17 @@
 #include <openssl/evp.h>
 
 #if (BN_BYTES == 8)
-#define bn_pack4(a1,a2,a3,a4) 0x##a1##a2##a3##a4##ul
-#endif
-#if (BN_BYTES == 4)
-#define bn_pack4(a1,a2,a3,a4)  0x##a3##a4##ul, 0x##a1##a2##ul
-#endif
-#if (BN_BYTES == 2)
-#define bn_pack4(a1,a2,a3,a4) 0x##a4##u,0x##a3##u,0x##a2##u,0x##a1##u
+# if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
+#  define bn_pack4(a1,a2,a3,a4) ((a1##UI64<<48)|(a2##UI64<<32)|(a3##UI64<<16)|a4##UI64)
+# elif defined(__arch64__)
+#  define bn_pack4(a1,a2,a3,a4) ((a1##UL<<48)|(a2##UL<<32)|(a3##UL<<16)|a4##UL)
+# else
+#  define bn_pack4(a1,a2,a3,a4) ((a1##ULL<<48)|(a2##ULL<<32)|(a3##ULL<<16)|a4##ULL)
+# endif
+#elif (BN_BYTES == 4)
+# define bn_pack4(a1,a2,a3,a4)  ((a3##UL<<16)|a4##UL), ((a1##UL<<16)|a2##UL)
+#else
+# error "unsupported BN_BYTES"
 #endif
 
 
diff --git a/src/lib/libssl/src/crypto/srp/srp_vfy.c b/src/lib/libssl/src/crypto/srp/srp_vfy.c
index c8be907d7f..4a3d13edf6 100644
--- a/src/lib/libssl/src/crypto/srp/srp_vfy.c
+++ b/src/lib/libssl/src/crypto/srp/srp_vfy.c
@@ -390,7 +390,7 @@ int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file)
                 }
         for (i = 0; i < sk_OPENSSL_PSTRING_num(tmpdb->data); i++)
                 {
-                pp = (char **)sk_OPENSSL_PSTRING_value(tmpdb->data,i);
+                pp = sk_OPENSSL_PSTRING_value(tmpdb->data,i);
                 if (pp[DB_srptype][0] == DB_SRP_INDEX)
                         {
                         /*we add this couple in the internal Stack */
@@ -581,7 +581,8 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt,
         if (*salt == NULL)
                 {
                 char *tmp_salt;
-                if ((tmp_salt = (char *)OPENSSL_malloc(SRP_RANDOM_SALT_LEN * 2)) == NULL)
+
+                if ((tmp_salt = OPENSSL_malloc(SRP_RANDOM_SALT_LEN * 2)) == NULL)
                         {
                         OPENSSL_free(vf);
                         goto err;
diff --git a/src/lib/libssl/src/crypto/whrlpool/asm/wp-mmx.pl b/src/lib/libssl/src/crypto/whrlpool/asm/wp-mmx.pl
index 32cf16380b..cb2381c22b 100644
--- a/src/lib/libssl/src/crypto/whrlpool/asm/wp-mmx.pl
+++ b/src/lib/libssl/src/crypto/whrlpool/asm/wp-mmx.pl
@@ -119,7 +119,7 @@ $tbl="ebp";
         &mov    ("eax",&DWP(0,"esp"));
         &mov    ("ebx",&DWP(4,"esp"));
 for($i=0;$i<8;$i++) {
-    my $func = ($i==0)? movq : pxor;
+    my $func = ($i==0)? \&movq : \&pxor;
         &movb   (&LB("ecx"),&LB("eax"));
         &movb   (&LB("edx"),&HB("eax"));
         &scale  ("esi","ecx");
diff --git a/src/lib/libssl/src/crypto/whrlpool/asm/wp-x86_64.pl b/src/lib/libssl/src/crypto/whrlpool/asm/wp-x86_64.pl
index 87c0843dc1..24b2ff60c3 100644
--- a/src/lib/libssl/src/crypto/whrlpool/asm/wp-x86_64.pl
+++ b/src/lib/libssl/src/crypto/whrlpool/asm/wp-x86_64.pl
@@ -41,7 +41,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; my $dir=$1; my $xlate;
 ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
 die "can't locate x86_64-xlate.pl";
 
-open STDOUT,"| $^X $xlate $flavour $output";
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
 
 sub L() { $code.=".byte ".join(',',@_)."\n"; }
 sub LL(){ $code.=".byte ".join(',',@_).",".join(',',@_)."\n"; }
diff --git a/src/lib/libssl/src/crypto/x86_64cpuid.pl b/src/lib/libssl/src/crypto/x86_64cpuid.pl
index 7b7b93b223..6ebfd017ea 100644
--- a/src/lib/libssl/src/crypto/x86_64cpuid.pl
+++ b/src/lib/libssl/src/crypto/x86_64cpuid.pl
@@ -11,7 +11,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
 ( $xlate="${dir}perlasm/x86_64-xlate.pl" and -f $xlate) or
 die "can't locate x86_64-xlate.pl";
 
-open STDOUT,"| $^X $xlate $flavour $output";
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
 
 ($arg1,$arg2,$arg3,$arg4)=$win64?("%rcx","%rdx","%r8", "%r9") : # Win64 order
                                  ("%rdi","%rsi","%rdx","%rcx"); # Unix order
diff --git a/src/lib/libssl/src/crypto/x86cpuid.pl b/src/lib/libssl/src/crypto/x86cpuid.pl
index 39fd8f2293..b270b44337 100644
--- a/src/lib/libssl/src/crypto/x86cpuid.pl
+++ b/src/lib/libssl/src/crypto/x86cpuid.pl
@@ -67,6 +67,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
         &inc    ("esi");                # number of cores
 
         &mov    ("eax",1);
+        &xor    ("ecx","ecx");
         &cpuid  ();
         &bt     ("edx",28);
         &jnc    (&label("generic"));
@@ -91,6 +92,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
 
 &set_label("nocacheinfo");
         &mov    ("eax",1);
+        &xor    ("ecx","ecx");
         &cpuid  ();
         &and    ("edx",0xbfefffff);     # force reserved bits #20, #30 to 0
         &cmp    ("ebp",0);
@@ -165,7 +167,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
         &jnz    (&label("nohalt"));     # not enough privileges
 
         &pushf  ();
-        &pop    ("eax")
+        &pop    ("eax");
         &bt     ("eax",9);
         &jnc    (&label("nohalt"));     # interrupts are disabled
 
@@ -280,7 +282,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
 #       arguments is 1 or 2!
 &function_begin_B("OPENSSL_indirect_call");
         {
-        my $i,$max=7;           # $max has to be chosen as 4*n-1
+        my ($max,$i)=(7,);      # $max has to be chosen as 4*n-1
                                 # in order to preserve eventual
                                 # stack alignment
         &push   ("ebp");
diff --git a/src/lib/libssl/src/demos/cms/cms_comp.c b/src/lib/libssl/src/demos/cms/cms_comp.c
index b7943e813b..01bf092546 100644
--- a/src/lib/libssl/src/demos/cms/cms_comp.c
+++ b/src/lib/libssl/src/demos/cms/cms_comp.c
@@ -10,7 +10,7 @@ int main(int argc, char **argv)
         int ret = 1;
 
         /*
-         * On OpenSSL 0.9.9 only:
+         * On OpenSSL 1.0.0+ only:
          * for streaming set CMS_STREAM
          */
         int flags = CMS_STREAM;
diff --git a/src/lib/libssl/src/demos/cms/cms_dec.c b/src/lib/libssl/src/demos/cms/cms_dec.c
index 7ddf653269..9fee0a3ebf 100644
--- a/src/lib/libssl/src/demos/cms/cms_dec.c
+++ b/src/lib/libssl/src/demos/cms/cms_dec.c
@@ -47,7 +47,7 @@ int main(int argc, char **argv)
                 goto err;
 
         /* Decrypt S/MIME message */
-        if (!CMS_decrypt(cms, rkey, rcert, out, NULL, 0))
+        if (!CMS_decrypt(cms, rkey, rcert, NULL, out, 0))
                 goto err;
 
         ret = 0;
diff --git a/src/lib/libssl/src/demos/cms/cms_sign.c b/src/lib/libssl/src/demos/cms/cms_sign.c
index 42f762034b..6823c34a0e 100644
--- a/src/lib/libssl/src/demos/cms/cms_sign.c
+++ b/src/lib/libssl/src/demos/cms/cms_sign.c
@@ -12,7 +12,7 @@ int main(int argc, char **argv)
         int ret = 1;
 
         /* For simple S/MIME signing use CMS_DETACHED.
-         * On OpenSSL 0.9.9 only:
+         * On OpenSSL 1.0.0 only:
          * for streaming detached set CMS_DETACHED|CMS_STREAM
          * for streaming non-detached set CMS_STREAM
          */
diff --git a/src/lib/libssl/src/doc/apps/ec.pod b/src/lib/libssl/src/doc/apps/ec.pod
index ba6dc4689b..5c7b45d4e7 100644
--- a/src/lib/libssl/src/doc/apps/ec.pod
+++ b/src/lib/libssl/src/doc/apps/ec.pod
@@ -41,7 +41,7 @@ PKCS#8 private key format use the B<pkcs8> command.
 
 This specifies the input format. The B<DER> option with a private key uses
 an ASN.1 DER encoded SEC1 private key. When used with a public key it
-uses the SubjectPublicKeyInfo structur as specified in RFC 3280.
+uses the SubjectPublicKeyInfo structure as specified in RFC 3280.
 The B<PEM> form is the default format: it consists of the B<DER> format base64
 encoded with additional header and footer lines. In the case of a private key
 PKCS#8 format is also accepted.
diff --git a/src/lib/libssl/src/doc/apps/ts.pod b/src/lib/libssl/src/doc/apps/ts.pod
index 7fb6caa96e..d6aa47d314 100644
--- a/src/lib/libssl/src/doc/apps/ts.pod
+++ b/src/lib/libssl/src/doc/apps/ts.pod
@@ -352,7 +352,7 @@ switch always overrides the settings in the config file.
 
 This is the main section and it specifies the name of another section
 that contains all the options for the B<-reply> command. This default
-section can be overriden with the B<-section> command line switch. (Optional)
+section can be overridden with the B<-section> command line switch. (Optional)
 
 =item B<oid_file>
 
@@ -453,7 +453,7 @@ included. Default is no. (Optional)
 =head1 ENVIRONMENT VARIABLES
 
 B<OPENSSL_CONF> contains the path of the configuration file and can be
-overriden by the B<-config> command line option.
+overridden by the B<-config> command line option.
 
 =head1 EXAMPLES
 
diff --git a/src/lib/libssl/src/doc/apps/tsget.pod b/src/lib/libssl/src/doc/apps/tsget.pod
index b05957beea..56db985c4b 100644
--- a/src/lib/libssl/src/doc/apps/tsget.pod
+++ b/src/lib/libssl/src/doc/apps/tsget.pod
@@ -124,7 +124,7 @@ The name of an EGD socket to get random data from. (Optional)
 =item [request]...
 
 List of files containing B<RFC 3161> DER-encoded time stamp requests. If no
-requests are specifed only one request will be sent to the server and it will be
+requests are specified only one request will be sent to the server and it will be
 read from the standard input. (Optional)
 
 =back
diff --git a/src/lib/libssl/src/doc/crypto/BN_BLINDING_new.pod b/src/lib/libssl/src/doc/crypto/BN_BLINDING_new.pod
index 5f51fdb470..da06e44461 100644
--- a/src/lib/libssl/src/doc/crypto/BN_BLINDING_new.pod
+++ b/src/lib/libssl/src/doc/crypto/BN_BLINDING_new.pod
@@ -48,7 +48,7 @@ necessary parameters are set, by re-creating the blinding parameters.
 
 BN_BLINDING_convert_ex() multiplies B<n> with the blinding factor B<A>.
 If B<r> is not NULL a copy the inverse blinding factor B<Ai> will be
-returned in B<r> (this is useful if a B<RSA> object is shared amoung
+returned in B<r> (this is useful if a B<RSA> object is shared among
 several threads). BN_BLINDING_invert_ex() multiplies B<n> with the
 inverse blinding factor B<Ai>. If B<r> is not NULL it will be used as
 the inverse blinding.
diff --git a/src/lib/libssl/src/doc/crypto/EVP_PKEY_CTX_ctrl.pod b/src/lib/libssl/src/doc/crypto/EVP_PKEY_CTX_ctrl.pod
index f2f455990f..13b91f1e6e 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_PKEY_CTX_ctrl.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_PKEY_CTX_ctrl.pod
@@ -117,7 +117,7 @@ L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>,
 L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
 L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
 L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
-L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>,
+L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>,
 L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 
 L<EVP_PKEY_keygen(3)|EVP_PKEY_keygen(3)> 
 
diff --git a/src/lib/libssl/src/doc/crypto/EVP_PKEY_decrypt.pod b/src/lib/libssl/src/doc/crypto/EVP_PKEY_decrypt.pod
index 42b2a8c44e..847983237b 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_PKEY_decrypt.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_PKEY_decrypt.pod
@@ -83,7 +83,7 @@ L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
 L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>,
 L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
 L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
-L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>,
+L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>,
 L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 
 
 =head1 HISTORY
diff --git a/src/lib/libssl/src/doc/crypto/EVP_PKEY_derive.pod b/src/lib/libssl/src/doc/crypto/EVP_PKEY_derive.pod
index d9d6d76c72..27464be571 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_PKEY_derive.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_PKEY_derive.pod
@@ -84,7 +84,7 @@ L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>,
 L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
 L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
 L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
-L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>,
+L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>,
 
 =head1 HISTORY
 
diff --git a/src/lib/libssl/src/doc/crypto/EVP_PKEY_encrypt.pod b/src/lib/libssl/src/doc/crypto/EVP_PKEY_encrypt.pod
index 91c9c5d0a5..e495a81242 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_PKEY_encrypt.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_PKEY_encrypt.pod
@@ -83,7 +83,7 @@ L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
 L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
 L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
 L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
-L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>,
+L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>,
 L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 
 
 =head1 HISTORY
diff --git a/src/lib/libssl/src/doc/crypto/EVP_PKEY_get_default_digest.pod b/src/lib/libssl/src/doc/crypto/EVP_PKEY_get_default_digest.pod
index 1a9c7954c5..8ff597d44a 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_PKEY_get_default_digest.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_PKEY_get_default_digest.pod
@@ -32,7 +32,7 @@ public key algorithm.
 L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
 L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
 L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
-L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>,
+L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>,
 
 =head1 HISTORY
 
diff --git a/src/lib/libssl/src/doc/crypto/EVP_PKEY_keygen.pod b/src/lib/libssl/src/doc/crypto/EVP_PKEY_keygen.pod
index 37c6fe9503..fd431ace6d 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_PKEY_keygen.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_PKEY_keygen.pod
@@ -151,7 +151,7 @@ L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>,
 L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
 L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
 L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
-L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>,
+L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>,
 L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 
 
 =head1 HISTORY
diff --git a/src/lib/libssl/src/doc/crypto/EVP_PKEY_sign.pod b/src/lib/libssl/src/doc/crypto/EVP_PKEY_sign.pod
index 2fb52c3486..a044f2c131 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_PKEY_sign.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_PKEY_sign.pod
@@ -86,7 +86,7 @@ L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
 L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>,
 L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
 L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
-L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>,
+L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>,
 L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 
 
 =head1 HISTORY
diff --git a/src/lib/libssl/src/doc/crypto/EVP_PKEY_verify.pod b/src/lib/libssl/src/doc/crypto/EVP_PKEY_verify.pod
index f93e5fc6c3..90612ba2f0 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_PKEY_verify.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_PKEY_verify.pod
@@ -81,7 +81,7 @@ L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
 L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>,
 L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
 L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
-L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>,
+L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>,
 L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 
 
 =head1 HISTORY
diff --git a/src/lib/libssl/src/doc/crypto/EVP_PKEY_verify_recover.pod b/src/lib/libssl/src/doc/crypto/EVP_PKEY_verify_recover.pod
new file mode 100644
index 0000000000..23a28a9c43
--- /dev/null
+++ b/src/lib/libssl/src/doc/crypto/EVP_PKEY_verify_recover.pod
@@ -0,0 +1,103 @@
+=pod
+
+=head1 NAME
+
+EVP_PKEY_verify_recover_init, EVP_PKEY_verify_recover - recover signature using a public key algorithm
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx,
+                        unsigned char *rout, size_t *routlen,
+                        const unsigned char *sig, size_t siglen);
+
+=head1 DESCRIPTION
+
+The EVP_PKEY_verify_recover_init() function initializes a public key algorithm
+context using key B<pkey> for a verify recover operation.
+
+The EVP_PKEY_verify_recover() function recovers signed data
+using B<ctx>. The signature is specified using the B<sig> and
+B<siglen> parameters. If B<rout> is B<NULL> then the maximum size of the output
+buffer is written to the B<routlen> parameter. If B<rout> is not B<NULL> then
+before the call the B<routlen> parameter should contain the length of the
+B<rout> buffer, if the call is successful recovered data is written to
+B<rout> and the amount of data written to B<routlen>.
+
+=head1 NOTES
+
+Normally an application is only interested in whether a signature verification
+operation is successful in those cases the EVP_verify() function should be 
+used.
+
+Sometimes however it is useful to obtain the data originally signed using a
+signing operation. Only certain public key algorithms can recover a signature
+in this way (for example RSA in PKCS padding mode).
+
+After the call to EVP_PKEY_verify_recover_init() algorithm specific control
+operations can be performed to set any appropriate parameters for the
+operation.
+
+The function EVP_PKEY_verify_recover() can be called more than once on the same
+context if several operations are performed using the same parameters.
+
+=head1 RETURN VALUES
+
+EVP_PKEY_verify_recover_init() and EVP_PKEY_verify_recover() return 1 for success
+and 0 or a negative value for failure. In particular a return value of -2
+indicates the operation is not supported by the public key algorithm.
+
+=head1 EXAMPLE
+
+Recover digest originally signed using PKCS#1 and SHA256 digest:
+
+ #include <openssl/evp.h>
+ #include <openssl/rsa.h>
+
+ EVP_PKEY_CTX *ctx;
+ unsigned char *rout, *sig;
+ size_t routlen, siglen; 
+ EVP_PKEY *verify_key;
+ /* NB: assumes verify_key, sig and siglen are already set up
+  * and that verify_key is an RSA public key
+  */
+ ctx = EVP_PKEY_CTX_new(verify_key);
+ if (!ctx)
+        /* Error occurred */
+ if (EVP_PKEY_verify_recover_init(ctx) <= 0)
+        /* Error */
+ if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
+        /* Error */
+ if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)
+        /* Error */
+
+ /* Determine buffer length */
+ if (EVP_PKEY_verify_recover(ctx, NULL, &routlen, sig, siglen) <= 0)
+        /* Error */
+
+ rout = OPENSSL_malloc(routlen);
+
+ if (!rout)
+        /* malloc failure */
+ 
+ if (EVP_PKEY_verify_recover(ctx, rout, &routlen, sig, siglen) <= 0)
+        /* Error */
+
+ /* Recovered data is routlen bytes written to buffer rout */
+
+=head1 SEE ALSO
+
+L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
+L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>,
+L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
+L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
+L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
+L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 
+
+=head1 HISTORY
+
+These functions were first added to OpenSSL 1.0.0.
+
+=cut
diff --git a/src/lib/libssl/src/doc/crypto/X509_STORE_CTX_get_error.pod b/src/lib/libssl/src/doc/crypto/X509_STORE_CTX_get_error.pod
index a883f6c097..60e8332ae9 100644
--- a/src/lib/libssl/src/doc/crypto/X509_STORE_CTX_get_error.pod
+++ b/src/lib/libssl/src/doc/crypto/X509_STORE_CTX_get_error.pod
@@ -278,6 +278,8 @@ happen if extended CRL checking is enabled.
 an application specific error. This will never be returned unless explicitly
 set by an application.
 
+=back
+
 =head1 NOTES
 
 The above functions should be used instead of directly referencing the fields
diff --git a/src/lib/libssl/src/doc/crypto/X509_VERIFY_PARAM_set_flags.pod b/src/lib/libssl/src/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
index b68eece033..46cac2bea2 100644
--- a/src/lib/libssl/src/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
+++ b/src/lib/libssl/src/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
@@ -113,7 +113,7 @@ a special status code is set to the verification callback. This permits it
 to examine the valid policy tree and perform additional checks or simply
 log it for debugging purposes.
 
-By default some addtional features such as indirect CRLs and CRLs signed by
+By default some additional features such as indirect CRLs and CRLs signed by
 different keys are disabled. If B<X509_V_FLAG_EXTENDED_CRL_SUPPORT> is set
 they are enabled.
 
diff --git a/src/lib/libssl/src/doc/crypto/ecdsa.pod b/src/lib/libssl/src/doc/crypto/ecdsa.pod
index 20edff97ff..59a5916de1 100644
--- a/src/lib/libssl/src/doc/crypto/ecdsa.pod
+++ b/src/lib/libssl/src/doc/crypto/ecdsa.pod
@@ -95,7 +95,7 @@ is ignored.
 
 ECDSA_verify() verifies that the signature in B<sig> of size
 B<siglen> is a valid ECDSA signature of the hash value
-value B<dgst> of size B<dgstlen> using the public key B<eckey>.
+B<dgst> of size B<dgstlen> using the public key B<eckey>.
 The parameter B<type> is ignored.
 
 ECDSA_do_sign() is wrapper function for ECDSA_do_sign_ex with B<kinv>
@@ -131,16 +131,12 @@ specific)
 
  int        ret;
  ECDSA_SIG *sig;
- EC_KEY    *eckey = EC_KEY_new();
+ EC_KEY    *eckey;
+ eckey = EC_KEY_new_by_curve_name(NID_secp192k1);
  if (eckey == NULL)
         {
         /* error */
         }
- key->group = EC_GROUP_new_by_nid(NID_secp192k1);
- if (key->group == NULL)
-        {
-        /* error */
-        }
  if (!EC_KEY_generate_key(eckey))
         {
         /* error */
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_use_psk_identity_hint.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
index b80e25be7e..7e60df5ba8 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
@@ -81,6 +81,8 @@ SSL_CTX_use_psk_identity_hint() and SSL_use_psk_identity_hint() return
 
 Return values from the server callback are interpreted as follows:
 
+=over 4
+
 =item > 0
 
 PSK identity was found and the server callback has provided the PSK
@@ -99,4 +101,6 @@ completely.
 PSK identity was not found. An "unknown_psk_identity" alert message
 will be sent and the connection setup fails.
 
+=back
+
 =cut
diff --git a/src/lib/libssl/src/engines/ccgost/gost89.c b/src/lib/libssl/src/engines/ccgost/gost89.c
index 7ebae0f71f..b0568c6b3c 100644
--- a/src/lib/libssl/src/engines/ccgost/gost89.c
+++ b/src/lib/libssl/src/engines/ccgost/gost89.c
@@ -369,7 +369,13 @@ int gost_mac(gost_ctx *ctx,int mac_len,const unsigned char *data,
                 memset(buf2,0,8);
                 memcpy(buf2,data+i,data_len-i);
                 mac_block(ctx,buffer,buf2);
-                }       
+                i+=8;
+                }
+        if (i==8)
+                {
+                memset(buf2,0,8);
+                mac_block(ctx,buffer,buf2);
+                }
         get_mac(buffer,mac_len,mac);
         return 1;
         }
@@ -389,7 +395,13 @@ int gost_mac_iv(gost_ctx *ctx,int mac_len,const unsigned char *iv,const unsigned
                 memset(buf2,0,8);
                 memcpy(buf2,data+i,data_len-i);
                 mac_block(ctx,buffer,buf2);
+                i+=8;
                 }       
+        if (i==8)
+                {
+                memset(buf2,0,8);
+                mac_block(ctx,buffer,buf2);
+                }
         get_mac(buffer,mac_len,mac);
         return 1;
         }
diff --git a/src/lib/libssl/src/engines/ccgost/gost89.h b/src/lib/libssl/src/engines/ccgost/gost89.h
index 2157852519..8da2407b03 100644
--- a/src/lib/libssl/src/engines/ccgost/gost89.h
+++ b/src/lib/libssl/src/engines/ccgost/gost89.h
@@ -87,10 +87,6 @@ extern gost_subst_block Gost28147_CryptoProParamSetB;
 extern gost_subst_block Gost28147_CryptoProParamSetC;
 extern gost_subst_block Gost28147_CryptoProParamSetD;
 extern const byte CryptoProKeyMeshingKey[]; 
-#if __LONG_MAX__ > 2147483647L 
 typedef unsigned int word32; 
-#else 
-typedef unsigned long word32; 
-#endif 
 
 #endif
diff --git a/src/lib/libssl/src/engines/ccgost/gost_crypt.c b/src/lib/libssl/src/engines/ccgost/gost_crypt.c
index cde58c0e9b..52aef15acf 100644
--- a/src/lib/libssl/src/engines/ccgost/gost_crypt.c
+++ b/src/lib/libssl/src/engines/ccgost/gost_crypt.c
@@ -11,6 +11,14 @@
 #include <openssl/rand.h>
 #include "e_gost_err.h"
 #include "gost_lcl.h"
+
+#if !defined(CCGOST_DEBUG) && !defined(DEBUG)
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
+#endif
+#include <assert.h>
+
 static int gost_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, 
         const unsigned char *iv, int enc);
 static int      gost_cipher_init_cpa(EVP_CIPHER_CTX *ctx, const unsigned char *key,
@@ -206,12 +214,13 @@ int gost_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 static void gost_crypt_mesh (void *ctx,unsigned char *iv,unsigned char *buf)
         {
         struct ossl_gost_cipher_ctx *c = ctx;
-        if (c->count&&c->key_meshing && c->count%1024==0)
+        assert(c->count%8 == 0 && c->count <= 1024);
+        if (c->key_meshing && c->count==1024)
                 {
                 cryptopro_key_meshing(&(c->cctx),iv);
                 }       
         gostcrypt(&(c->cctx),iv,buf);
-        c->count+=8;
+        c->count = c->count%1024 + 8;
         }
 
 static void gost_cnt_next (void *ctx, unsigned char *iv, unsigned char *buf)
@@ -219,7 +228,8 @@ static void gost_cnt_next (void *ctx, unsigned char *iv, unsigned char *buf)
         struct ossl_gost_cipher_ctx *c = ctx;
         word32 g,go;
         unsigned char buf1[8];
-        if (c->count && c->key_meshing && c->count %1024 ==0)
+        assert(c->count%8 == 0 && c->count <= 1024);
+        if (c->key_meshing && c->count==1024)
                 {
                 cryptopro_key_meshing(&(c->cctx),iv);
                 }
@@ -248,7 +258,7 @@ static void gost_cnt_next (void *ctx, unsigned char *iv, unsigned char *buf)
         buf1[7]=(unsigned char)((g>>24)&0xff);
         memcpy(iv,buf1,8);
         gostcrypt(&(c->cctx),buf1,buf);
-        c->count +=8;
+        c->count = c->count%1024 + 8;
         }
 
 /* GOST encryption in CFB mode */
@@ -511,12 +521,13 @@ static void mac_block_mesh(struct ossl_gost_imit_ctx *c,const unsigned char *dat
          * interpret internal state of MAC algorithm as iv during keymeshing
          * (but does initialize internal state from iv in key transport
          */
-        if (c->key_meshing&& c->count && c->count %1024 ==0)
+        assert(c->count%8 == 0 && c->count <= 1024);
+        if (c->key_meshing && c->count==1024)
                 {
                 cryptopro_key_meshing(&(c->cctx),buffer);
                 }
         mac_block(&(c->cctx),c->buffer,data);
-        c->count +=8;
+        c->count = c->count%1024 + 8;
         }
 
 int gost_imit_update(EVP_MD_CTX *ctx, const void *data, size_t count)
@@ -565,6 +576,12 @@ int gost_imit_final(EVP_MD_CTX *ctx,unsigned char *md)
                 GOSTerr(GOST_F_GOST_IMIT_FINAL, GOST_R_MAC_KEY_NOT_SET);
                 return 0;
         }
+        if (c->count==0 && c->bytes_left)
+                {
+                unsigned char buffer[8];
+                memset(buffer, 0, 8);
+                gost_imit_update(ctx, buffer, 8);
+                }
         if (c->bytes_left)
                 {
                 int i;
diff --git a/src/lib/libssl/src/engines/ccgost/gost_eng.c b/src/lib/libssl/src/engines/ccgost/gost_eng.c
index d2cbe3b831..8f29bf6f85 100644
--- a/src/lib/libssl/src/engines/ccgost/gost_eng.c
+++ b/src/lib/libssl/src/engines/ccgost/gost_eng.c
@@ -64,6 +64,13 @@ static int gost_engine_finish(ENGINE *e)
 static int gost_engine_destroy(ENGINE *e)
         { 
         gost_param_free();
+
+        pmeth_GostR3410_94 = NULL;
+        pmeth_GostR3410_2001 = NULL;
+        pmeth_Gost28147_MAC = NULL;
+        ameth_GostR3410_94 = NULL;
+        ameth_GostR3410_2001 = NULL;
+        ameth_Gost28147_MAC = NULL;
         return 1;
         }
 
@@ -71,6 +78,11 @@ static int bind_gost (ENGINE *e,const char *id)
         {
         int ret = 0;
         if (id && strcmp(id, engine_gost_id)) return 0;
+        if (ameth_GostR3410_94)
+                {
+                printf("GOST engine already loaded\n");
+                goto end;
+                }
 
         if (!ENGINE_set_id(e, engine_gost_id)) 
                 {
@@ -263,7 +275,10 @@ static ENGINE *engine_gost(void)
         
 void ENGINE_load_gost(void)
         {
-        ENGINE *toadd =engine_gost();
+        ENGINE *toadd;
+        if (pmeth_GostR3410_94)
+                return;
+        toadd = engine_gost();
         if (!toadd) return;
         ENGINE_add(toadd);
         ENGINE_free(toadd);
diff --git a/src/lib/libssl/src/engines/ccgost/gost_lcl.h b/src/lib/libssl/src/engines/ccgost/gost_lcl.h
index 437a48cc86..00aa42cea4 100644
--- a/src/lib/libssl/src/engines/ccgost/gost_lcl.h
+++ b/src/lib/libssl/src/engines/ccgost/gost_lcl.h
@@ -136,7 +136,7 @@ extern EVP_MD imit_gost_cpa;
 /* Cipher context used for EVP_CIPHER operation */
 struct ossl_gost_cipher_ctx {
         int paramNID;
-        off_t count;
+        unsigned int count;
         int key_meshing;
         gost_ctx cctx;
 };      
@@ -151,7 +151,7 @@ struct ossl_gost_imit_ctx {
         gost_ctx cctx;
         unsigned char buffer[8];
         unsigned char partial_block[8];
-        off_t count;
+        unsigned int count;
         int key_meshing;
         int bytes_left;
         int key_set;
diff --git a/src/lib/libssl/src/engines/ccgost/gosthash.c b/src/lib/libssl/src/engines/ccgost/gosthash.c
index a5c0662ffc..91b2ce8829 100644
--- a/src/lib/libssl/src/engines/ccgost/gosthash.c
+++ b/src/lib/libssl/src/engines/ccgost/gosthash.c
@@ -42,7 +42,7 @@ static void circle_xor8 (const byte *w, byte *k)
         byte buf[8];
         int i;
         memcpy(buf,w,8);
-        memcpy(k,w+8,24);
+        memmove(k,w+8,24);
         for(i=0;i<8;i++) 
                 k[i+24]=buf[i]^k[i];
         }
@@ -180,8 +180,6 @@ int start_hash(gost_hash_ctx *ctx)
  */
 int hash_block(gost_hash_ctx *ctx,const byte *block, size_t length)
         {
-        const byte *curptr=block;
-        const byte *barrier=block+(length-32);/* Last byte we can safely hash*/
         if (ctx->left)
                 {
                 /*There are some bytes from previous step*/
@@ -196,24 +194,25 @@ int hash_block(gost_hash_ctx *ctx,const byte *block, size_t length)
                         {
                         return 1;
                         }       
-                curptr=block+add_bytes;
+                block+=add_bytes;
+                length-=add_bytes;
                 hash_step(ctx->cipher_ctx,ctx->H,ctx->remainder);
                 add_blocks(32,ctx->S,ctx->remainder);
                 ctx->len+=32;
                 ctx->left=0;
                 }
-        while (curptr<=barrier)
+        while (length>=32)
                 {       
-                hash_step(ctx->cipher_ctx,ctx->H,curptr);
+                hash_step(ctx->cipher_ctx,ctx->H,block);
                         
-                add_blocks(32,ctx->S,curptr);
+                add_blocks(32,ctx->S,block);
                 ctx->len+=32;
-                curptr+=32;
+                block+=32;
+                length-=32;
                 }       
-        if (curptr!=block+length)
+        if (length)
                 {
-                ctx->left=block+length-curptr;
-                memcpy(ctx->remainder,curptr,ctx->left);
+                memcpy(ctx->remainder,block,ctx->left=length);
                 }       
         return 1;       
         }
diff --git a/src/lib/libssl/src/engines/e_capi.c b/src/lib/libssl/src/engines/e_capi.c
index bfedde0eb0..c1085b56cd 100644
--- a/src/lib/libssl/src/engines/e_capi.c
+++ b/src/lib/libssl/src/engines/e_capi.c
@@ -1432,10 +1432,13 @@ static PCCERT_CONTEXT capi_find_cert(CAPI_CTX *ctx, const char *id, HCERTSTORE h
 static CAPI_KEY *capi_get_key(CAPI_CTX *ctx, const char *contname, char *provname, DWORD ptype, DWORD keyspec)
         {
         CAPI_KEY *key;
+    DWORD dwFlags = 0; 
         key = OPENSSL_malloc(sizeof(CAPI_KEY));
         CAPI_trace(ctx, "capi_get_key, contname=%s, provname=%s, type=%d\n", 
                                                 contname, provname, ptype);
-        if (!CryptAcquireContextA(&key->hprov, contname, provname, ptype, 0))
+    if(ctx->store_flags & CERT_SYSTEM_STORE_LOCAL_MACHINE)
+        dwFlags = CRYPT_MACHINE_KEYSET;
+    if (!CryptAcquireContextA(&key->hprov, contname, provname, ptype, dwFlags)) 
                 {
                 CAPIerr(CAPI_F_CAPI_GET_KEY, CAPI_R_CRYPTACQUIRECONTEXT_ERROR);
                 capi_addlasterror();
diff --git a/src/lib/libssl/src/ssl/d1_both.c b/src/lib/libssl/src/ssl/d1_both.c
index de8bab873f..2e8cf681ed 100644
--- a/src/lib/libssl/src/ssl/d1_both.c
+++ b/src/lib/libssl/src/ssl/d1_both.c
@@ -214,6 +214,12 @@ dtls1_hm_fragment_new(unsigned long frag_len, int reassembly)
 static void
 dtls1_hm_fragment_free(hm_fragment *frag)
         {
+
+        if (frag->msg_header.is_ccs)
+                {
+                EVP_CIPHER_CTX_free(frag->msg_header.saved_retransmit_state.enc_write_ctx);
+                EVP_MD_CTX_destroy(frag->msg_header.saved_retransmit_state.write_hash);
+                }
         if (frag->fragment) OPENSSL_free(frag->fragment);
         if (frag->reassembly) OPENSSL_free(frag->reassembly);
         OPENSSL_free(frag);
@@ -313,9 +319,10 @@ int dtls1_do_write(SSL *s, int type)
                                 s->init_off -= DTLS1_HM_HEADER_LENGTH;
                                 s->init_num += DTLS1_HM_HEADER_LENGTH;
 
-                                /* write atleast DTLS1_HM_HEADER_LENGTH bytes */
-                                if ( len <= DTLS1_HM_HEADER_LENGTH)  
-                                        len += DTLS1_HM_HEADER_LENGTH;
+                                if ( s->init_num > curr_mtu)
+                                        len = curr_mtu;
+                                else
+                                        len = s->init_num;
                                 }
 
                         dtls1_fix_message_header(s, frag_off, 
@@ -1452,26 +1459,36 @@ dtls1_process_heartbeat(SSL *s)
         unsigned int payload;
         unsigned int padding = 16; /* Use minimum padding */
 
-        /* Read type and payload length first */
-        hbtype = *p++;
-        n2s(p, payload);
-        pl = p;
-
         if (s->msg_callback)
                 s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
                         &s->s3->rrec.data[0], s->s3->rrec.length,
                         s, s->msg_callback_arg);
 
+        /* Read type and payload length first */
+        if (1 + 2 + 16 > s->s3->rrec.length)
+                return 0; /* silently discard */
+        hbtype = *p++;
+        n2s(p, payload);
+        if (1 + 2 + payload + 16 > s->s3->rrec.length)
+                return 0; /* silently discard per RFC 6520 sec. 4 */
+        pl = p;
+
         if (hbtype == TLS1_HB_REQUEST)
                 {
                 unsigned char *buffer, *bp;
+                unsigned int write_length = 1 /* heartbeat type */ +
+                                            2 /* heartbeat length */ +
+                                            payload + padding;
                 int r;
 
+                if (write_length > SSL3_RT_MAX_PLAIN_LENGTH)
+                        return 0;
+
                 /* Allocate memory for the response, size is 1 byte
                  * message type, plus 2 bytes payload length, plus
                  * payload, plus padding
                  */
-                buffer = OPENSSL_malloc(1 + 2 + payload + padding);
+                buffer = OPENSSL_malloc(write_length);
                 bp = buffer;
 
                 /* Enter response type, length and copy payload */
@@ -1482,11 +1499,11 @@ dtls1_process_heartbeat(SSL *s)
                 /* Random padding */
                 RAND_pseudo_bytes(bp, padding);
 
-                r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding);
+                r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length);
 
                 if (r >= 0 && s->msg_callback)
                         s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
-                                buffer, 3 + payload + padding,
+                                buffer, write_length,
                                 s, s->msg_callback_arg);
 
                 OPENSSL_free(buffer);
diff --git a/src/lib/libssl/src/ssl/d1_clnt.c b/src/lib/libssl/src/ssl/d1_clnt.c
index a6ed09c51d..48e5e06bde 100644
--- a/src/lib/libssl/src/ssl/d1_clnt.c
+++ b/src/lib/libssl/src/ssl/d1_clnt.c
@@ -538,13 +538,6 @@ int dtls1_connect(SSL *s)
                                 SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);
                         if (ret <= 0) goto end;
 
-#ifndef OPENSSL_NO_SCTP
-                        /* Change to new shared key of SCTP-Auth,
-                         * will be ignored if no SCTP used.
-                         */
-                        BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
-#endif
-
                         s->state=SSL3_ST_CW_FINISHED_A;
                         s->init_num=0;
 
@@ -571,6 +564,16 @@ int dtls1_connect(SSL *s)
                                 goto end;
                                 }
                         
+#ifndef OPENSSL_NO_SCTP
+                                if (s->hit)
+                                        {
+                                        /* Change to new shared key of SCTP-Auth,
+                                         * will be ignored if no SCTP used.
+                                         */
+                                        BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
+                                        }
+#endif
+
                         dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
                         break;
 
@@ -613,6 +616,13 @@ int dtls1_connect(SSL *s)
                                 }
                         else
                                 {
+#ifndef OPENSSL_NO_SCTP
+                                /* Change to new shared key of SCTP-Auth,
+                                 * will be ignored if no SCTP used.
+                                 */
+                                BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
+#endif
+
 #ifndef OPENSSL_NO_TLSEXT
                                 /* Allow NewSessionTicket if ticket expected */
                                 if (s->tlsext_ticket_expected)
@@ -773,7 +783,7 @@ int dtls1_client_hello(SSL *s)
         unsigned char *buf;
         unsigned char *p,*d;
         unsigned int i,j;
-        unsigned long Time,l;
+        unsigned long l;
         SSL_COMP *comp;
 
         buf=(unsigned char *)s->init_buf->data;
@@ -798,13 +808,11 @@ int dtls1_client_hello(SSL *s)
 
                 /* if client_random is initialized, reuse it, we are
                  * required to use same upon reply to HelloVerify */
-                for (i=0;p[i]=='\0' && i<sizeof(s->s3->client_random);i++) ;
+                for (i=0;p[i]=='\0' && i<sizeof(s->s3->client_random);i++)
+                        ;
                 if (i==sizeof(s->s3->client_random))
-                        {
-                        Time=(unsigned long)time(NULL); /* Time */
-                        l2n(Time,p);
-                        RAND_pseudo_bytes(p,sizeof(s->s3->client_random)-4);
-                        }
+                        ssl_fill_hello_random(s, 0, p,
+                                              sizeof(s->s3->client_random));
 
                 /* Do the message type and length last */
                 d=p= &(buf[DTLS1_HM_HEADER_LENGTH]);
diff --git a/src/lib/libssl/src/ssl/d1_enc.c b/src/lib/libssl/src/ssl/d1_enc.c
index 07a5e97ce5..712c4647f2 100644
--- a/src/lib/libssl/src/ssl/d1_enc.c
+++ b/src/lib/libssl/src/ssl/d1_enc.c
@@ -126,20 +126,28 @@
 #include <openssl/des.h>
 #endif
 
+/* dtls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
+ *
+ * Returns:
+ *   0: (in non-constant time) if the record is publically invalid (i.e. too
+ *       short etc).
+ *   1: if the record's padding is valid / the encryption was successful.
+ *   -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
+ *       an internal error occured. */
 int dtls1_enc(SSL *s, int send)
         {
         SSL3_RECORD *rec;
         EVP_CIPHER_CTX *ds;
         unsigned long l;
-        int bs,i,ii,j,k,n=0;
+        int bs,i,j,k,mac_size=0;
         const EVP_CIPHER *enc;
 
         if (send)
                 {
                 if (EVP_MD_CTX_md(s->write_hash))
                         {
-                        n=EVP_MD_CTX_size(s->write_hash);
-                        if (n < 0)
+                        mac_size=EVP_MD_CTX_size(s->write_hash);
+                        if (mac_size < 0)
                                 return -1;
                         }
                 ds=s->enc_write_ctx;
@@ -164,9 +172,8 @@ int dtls1_enc(SSL *s, int send)
                 {
                 if (EVP_MD_CTX_md(s->read_hash))
                         {
-                        n=EVP_MD_CTX_size(s->read_hash);
-                        if (n < 0)
-                                return -1;
+                        mac_size=EVP_MD_CTX_size(s->read_hash);
+                        OPENSSL_assert(mac_size >= 0);
                         }
                 ds=s->enc_read_ctx;
                 rec= &(s->s3->rrec);
@@ -231,7 +238,7 @@ int dtls1_enc(SSL *s, int send)
                 if (!send)
                         {
                         if (l == 0 || l%bs != 0)
-                                return -1;
+                                return 0;
                         }
                 
                 EVP_Cipher(ds,rec->data,rec->input,l);
@@ -246,43 +253,7 @@ int dtls1_enc(SSL *s, int send)
 #endif  /* KSSL_DEBUG */
 
                 if ((bs != 1) && !send)
-                        {
-                        ii=i=rec->data[l-1]; /* padding_length */
-                        i++;
-                        if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
-                                {
-                                /* First packet is even in size, so check */
-                                if ((memcmp(s->s3->read_sequence,
-                                        "\0\0\0\0\0\0\0\0",8) == 0) && !(ii & 1))
-                                        s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG;
-                                if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
-                                        i--;
-                                }
-                        /* TLS 1.0 does not bound the number of padding bytes by the block size.
-                         * All of them must have value 'padding_length'. */
-                        if (i + bs > (int)rec->length)
-                                {
-                                /* Incorrect padding. SSLerr() and ssl3_alert are done
-                                 * by caller: we don't want to reveal whether this is
-                                 * a decryption error or a MAC verification failure
-                                 * (see http://www.openssl.org/~bodo/tls-cbc.txt) 
-                                 */
-                                return -1;
-                                }
-                        for (j=(int)(l-i); j<(int)l; j++)
-                                {
-                                if (rec->data[j] != ii)
-                                        {
-                                        /* Incorrect padding */
-                                        return -1;
-                                        }
-                                }
-                        rec->length-=i;
-
-                        rec->data += bs;    /* skip the implicit IV */
-                        rec->input += bs;
-                        rec->length -= bs;
-                        }
+                        return tls1_cbc_remove_padding(s, rec, bs, mac_size);
                 }
         return(1);
         }
diff --git a/src/lib/libssl/src/ssl/d1_lib.c b/src/lib/libssl/src/ssl/d1_lib.c
index f61f718183..106939f241 100644
--- a/src/lib/libssl/src/ssl/d1_lib.c
+++ b/src/lib/libssl/src/ssl/d1_lib.c
@@ -196,6 +196,7 @@ void dtls1_free(SSL *s)
         pqueue_free(s->d1->buffered_app_data.q);
 
         OPENSSL_free(s->d1);
+        s->d1 = NULL;
         }
 
 void dtls1_clear(SSL *s)
diff --git a/src/lib/libssl/src/ssl/d1_pkt.c b/src/lib/libssl/src/ssl/d1_pkt.c
index 987af60835..8186462d4a 100644
--- a/src/lib/libssl/src/ssl/d1_pkt.c
+++ b/src/lib/libssl/src/ssl/d1_pkt.c
@@ -376,15 +376,11 @@ static int
 dtls1_process_record(SSL *s)
 {
         int i,al;
-        int clear=0;
         int enc_err;
         SSL_SESSION *sess;
         SSL3_RECORD *rr;
-        unsigned int mac_size;
+        unsigned int mac_size, orig_len;
         unsigned char md[EVP_MAX_MD_SIZE];
-        int decryption_failed_or_bad_record_mac = 0;
-        unsigned char *mac = NULL;
-
 
         rr= &(s->s3->rrec);
         sess = s->session;
@@ -416,12 +412,16 @@ dtls1_process_record(SSL *s)
         rr->data=rr->input;
 
         enc_err = s->method->ssl3_enc->enc(s,0);
-        if (enc_err <= 0)
+        /* enc_err is:
+         *    0: (in non-constant time) if the record is publically invalid.
+         *    1: if the padding is valid
+         *    -1: if the padding is invalid */
+        if (enc_err == 0)
                 {
-                /* To minimize information leaked via timing, we will always
-                 * perform all computations before discarding the message.
-                 */
-                decryption_failed_or_bad_record_mac = 1;
+                /* For DTLS we simply ignore bad packets. */
+                rr->length = 0;
+                s->packet_length = 0;
+                goto err;
                 }
 
 #ifdef TLS_DEBUG
@@ -431,45 +431,62 @@ printf("\n");
 #endif
 
         /* r->length is now the compressed data plus mac */
-        if (    (sess == NULL) ||
-                (s->enc_read_ctx == NULL) ||
-                (s->read_hash == NULL))
-                clear=1;
-
-        if (!clear)
+        if ((sess != NULL) &&
+            (s->enc_read_ctx != NULL) &&
+            (EVP_MD_CTX_md(s->read_hash) != NULL))
                 {
-                /* !clear => s->read_hash != NULL => mac_size != -1 */
-                int t;
-                t=EVP_MD_CTX_size(s->read_hash);
-                OPENSSL_assert(t >= 0);
-                mac_size=t;
-
-                if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+mac_size)
+                /* s->read_hash != NULL => mac_size != -1 */
+                unsigned char *mac = NULL;
+                unsigned char mac_tmp[EVP_MAX_MD_SIZE];
+                mac_size=EVP_MD_CTX_size(s->read_hash);
+                OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
+
+                /* kludge: *_cbc_remove_padding passes padding length in rr->type */
+                orig_len = rr->length+((unsigned int)rr->type>>8);
+
+                /* orig_len is the length of the record before any padding was
+                 * removed. This is public information, as is the MAC in use,
+                 * therefore we can safely process the record in a different
+                 * amount of time if it's too short to possibly contain a MAC.
+                 */
+                if (orig_len < mac_size ||
+                    /* CBC records must have a padding length byte too. */
+                    (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
+                     orig_len < mac_size+1))
                         {
-#if 0 /* OK only for stream ciphers (then rr->length is visible from ciphertext anyway) */
-                        al=SSL_AD_RECORD_OVERFLOW;
-                        SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
+                        al=SSL_AD_DECODE_ERROR;
+                        SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT);
                         goto f_err;
-#else
-                        decryption_failed_or_bad_record_mac = 1;
-#endif                  
                         }
-                /* check the MAC for rr->input (it's in mac_size bytes at the tail) */
-                if (rr->length >= mac_size)
+
+                if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE)
                         {
+                        /* We update the length so that the TLS header bytes
+                         * can be constructed correctly but we need to extract
+                         * the MAC in constant time from within the record,
+                         * without leaking the contents of the padding bytes.
+                         * */
+                        mac = mac_tmp;
+                        ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len);
                         rr->length -= mac_size;
-                        mac = &rr->data[rr->length];
                         }
                 else
-                        rr->length = 0;
-                i=s->method->ssl3_enc->mac(s,md,0);
-                if (i < 0 || mac == NULL || memcmp(md, mac, mac_size) != 0)
                         {
-                        decryption_failed_or_bad_record_mac = 1;
+                        /* In this case there's no padding, so |orig_len|
+                         * equals |rec->length| and we checked that there's
+                         * enough bytes for |mac_size| above. */
+                        rr->length -= mac_size;
+                        mac = &rr->data[rr->length];
                         }
+
+                i=s->method->ssl3_enc->mac(s,md,0 /* not send */);
+                if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0)
+                        enc_err = -1;
+                if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+mac_size)
+                        enc_err = -1;
                 }
 
-        if (decryption_failed_or_bad_record_mac)
+        if (enc_err < 0)
                 {
                 /* decryption failed, silently discard message */
                 rr->length = 0;
@@ -830,6 +847,12 @@ start:
                         }
                 }
 
+        if (s->d1->listen && rr->type != SSL3_RT_HANDSHAKE)
+                {
+                rr->length = 0;
+                goto start;
+                }
+
         /* we now have a packet which can be read and processed */
 
         if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
@@ -1034,6 +1057,7 @@ start:
                         !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
                         !s->s3->renegotiate)
                         {
+                        s->d1->handshake_read_seq++;
                         s->new_session = 1;
                         ssl3_renegotiate(s);
                         if (ssl3_renegotiate_check(s))
diff --git a/src/lib/libssl/src/ssl/d1_srtp.c b/src/lib/libssl/src/ssl/d1_srtp.c
index 928935bd8b..ab9c41922c 100644
--- a/src/lib/libssl/src/ssl/d1_srtp.c
+++ b/src/lib/libssl/src/ssl/d1_srtp.c
@@ -115,11 +115,12 @@
   Copyright (C) 2011, RTFM, Inc.
 */
 
-#ifndef OPENSSL_NO_SRTP
-
 #include <stdio.h>
 #include <openssl/objects.h>
 #include "ssl_locl.h"
+
+#ifndef OPENSSL_NO_SRTP
+
 #include "srtp.h"
 
 
diff --git a/src/lib/libssl/src/ssl/d1_srvr.c b/src/lib/libssl/src/ssl/d1_srvr.c
index 29421da9aa..9975e20873 100644
--- a/src/lib/libssl/src/ssl/d1_srvr.c
+++ b/src/lib/libssl/src/ssl/d1_srvr.c
@@ -276,10 +276,11 @@ int dtls1_accept(SSL *s)
                 case SSL3_ST_SW_HELLO_REQ_B:
 
                         s->shutdown=0;
+                        dtls1_clear_record_buffer(s);
                         dtls1_start_timer(s);
                         ret=dtls1_send_hello_request(s);
                         if (ret <= 0) goto end;
-                        s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C;
+                        s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A;
                         s->state=SSL3_ST_SW_FLUSH;
                         s->init_num=0;
 
@@ -721,10 +722,13 @@ int dtls1_accept(SSL *s)
                         if (ret <= 0) goto end;
 
 #ifndef OPENSSL_NO_SCTP
-                        /* Change to new shared key of SCTP-Auth,
-                         * will be ignored if no SCTP used.
-                         */
-                        BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
+                        if (!s->hit)
+                                {
+                                /* Change to new shared key of SCTP-Auth,
+                                 * will be ignored if no SCTP used.
+                                 */
+                                BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
+                                }
 #endif
 
                         s->state=SSL3_ST_SW_FINISHED_A;
@@ -749,7 +753,16 @@ int dtls1_accept(SSL *s)
                         if (ret <= 0) goto end;
                         s->state=SSL3_ST_SW_FLUSH;
                         if (s->hit)
+                                {
                                 s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
+
+#ifndef OPENSSL_NO_SCTP
+                                /* Change to new shared key of SCTP-Auth,
+                                 * will be ignored if no SCTP used.
+                                 */
+                                BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
+#endif
+                                }
                         else
                                 {
                                 s->s3->tmp.next_state=SSL_ST_OK;
@@ -912,15 +925,13 @@ int dtls1_send_server_hello(SSL *s)
         unsigned char *p,*d;
         int i;
         unsigned int sl;
-        unsigned long l,Time;
+        unsigned long l;
 
         if (s->state == SSL3_ST_SW_SRVR_HELLO_A)
                 {
                 buf=(unsigned char *)s->init_buf->data;
                 p=s->s3->server_random;
-                Time=(unsigned long)time(NULL);                 /* Time */
-                l2n(Time,p);
-                RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4);
+                ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE);
                 /* Do the message type and length last */
                 d=p= &(buf[DTLS1_HM_HEADER_LENGTH]);
 
diff --git a/src/lib/libssl/src/ssl/dtls1.h b/src/lib/libssl/src/ssl/dtls1.h
index 5008bf6081..e65d501191 100644
--- a/src/lib/libssl/src/ssl/dtls1.h
+++ b/src/lib/libssl/src/ssl/dtls1.h
@@ -57,8 +57,8 @@
  *
  */
 
-#ifndef HEADER_DTLS1_H 
-#define HEADER_DTLS1_H 
+#ifndef HEADER_DTLS1_H
+#define HEADER_DTLS1_H
 
 #include <openssl/buffer.h>
 #include <openssl/pqueue.h>
@@ -72,8 +72,12 @@
 #elif defined(OPENSSL_SYS_NETWARE) && !defined(_WINSOCK2API_)
 #include <sys/timeval.h>
 #else
+#if defined(OPENSSL_SYS_VXWORKS)
+#include <sys/times.h>
+#else
 #include <sys/time.h>
 #endif
+#endif
 
 #ifdef  __cplusplus
 extern "C" {
diff --git a/src/lib/libssl/src/ssl/tls_srp.c b/src/lib/libssl/src/ssl/tls_srp.c
index 8512c4daf6..2315a7c0a2 100644
--- a/src/lib/libssl/src/ssl/tls_srp.c
+++ b/src/lib/libssl/src/ssl/tls_srp.c
@@ -242,7 +242,8 @@ int SSL_srp_server_param_with_username(SSL *s, int *ad)
                 (s->srp_ctx.v == NULL))
                 return SSL3_AL_FATAL;
 
-        RAND_bytes(b, sizeof(b));
+        if (RAND_bytes(b, sizeof(b)) <= 0)
+                return SSL3_AL_FATAL;
         s->srp_ctx.b = BN_bin2bn(b,sizeof(b),NULL);
         OPENSSL_cleanse(b,sizeof(b));
 
diff --git a/src/lib/libssl/src/test/cms-test.pl b/src/lib/libssl/src/test/cms-test.pl
index c938bcf00d..dfef799be2 100644
--- a/src/lib/libssl/src/test/cms-test.pl
+++ b/src/lib/libssl/src/test/cms-test.pl
@@ -415,8 +415,10 @@ sub run_smime_tests {
 }
 
 sub cmp_files {
+    use FileHandle;
     my ( $f1, $f2 ) = @_;
-    my ( $fp1, $fp2 );
+    my $fp1 = FileHandle->new();
+    my $fp2 = FileHandle->new();
 
     my ( $rd1, $rd2 );