520 files changed, 50508 insertions, 14675 deletions
diff --git a/src/lib/libcrypto/aes/aes.h b/src/lib/libcrypto/aes/aes.h
index 450f2b4051..d2c99730fe 100644
--- a/src/lib/libcrypto/aes/aes.h
+++ b/src/lib/libcrypto/aes/aes.h
@@ -58,6 +58,8 @@
 #error AES is disabled.
 #endif
+#include <stddef.h>
 #define AES_ENCRYPT     1
 #define AES_DECRYPT     0
@@ -66,10 +68,6 @@
 #define AES_MAXNR 14
 #define AES_BLOCK_SIZE 16
-#ifdef OPENSSL_FIPS
-#define FIPS_AES_SIZE_T int
-#endif
 #ifdef  __cplusplus
 extern "C" {
 #endif
@@ -100,37 +98,32 @@ void AES_decrypt(const unsigned char *in, unsigned char *out,
 void AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
        const AES_KEY *key, const int enc);
 void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
-        const unsigned long length, const AES_KEY *key,
+        size_t length, const AES_KEY *key,
        unsigned char *ivec, const int enc);
 void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
-        const unsigned long length, const AES_KEY *key,
+        size_t length, const AES_KEY *key,
        unsigned char *ivec, int *num, const int enc);
 void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out,
-        const unsigned long length, const AES_KEY *key,
+        size_t length, const AES_KEY *key,
        unsigned char *ivec, int *num, const int enc);
 void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,
-        const unsigned long length, const AES_KEY *key,
+        size_t length, const AES_KEY *key,
        unsigned char *ivec, int *num, const int enc);
-void AES_cfbr_encrypt_block(const unsigned char *in,unsigned char *out,
-                            const int nbits,const AES_KEY *key,
-                            unsigned char *ivec,const int enc);
 void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
-        const unsigned long length, const AES_KEY *key,
+        size_t length, const AES_KEY *key,
        unsigned char *ivec, int *num);
 void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
-        const unsigned long length, const AES_KEY *key,
+        size_t length, const AES_KEY *key,
        unsigned char ivec[AES_BLOCK_SIZE],
        unsigned char ecount_buf[AES_BLOCK_SIZE],
        unsigned int *num);
-/* For IGE, see also http://www.links.org/files/openssl-ige.pdf */
 /* NB: the IV is _two_ blocks long */
 void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
-                     const unsigned long length, const AES_KEY *key,
+                     size_t length, const AES_KEY *key,
                     unsigned char *ivec, const int enc);
 /* NB: the IV is _four_ blocks long */
 void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
-                        const unsigned long length, const AES_KEY *key,
+                        size_t length, const AES_KEY *key,
                        const AES_KEY *key2, const unsigned char *ivec,
                        const int enc);
@@ -141,6 +134,7 @@ int AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
                unsigned char *out,
                const unsigned char *in, unsigned int inlen);
 #ifdef  __cplusplus
 }
 #endif
diff --git a/src/lib/libcrypto/aes/aes_cbc.c b/src/lib/libcrypto/aes/aes_cbc.c
index 373864cd4b..227f75625d 100644
--- a/src/lib/libcrypto/aes/aes_cbc.c
+++ b/src/lib/libcrypto/aes/aes_cbc.c
@@ -49,85 +49,15 @@
 *
 */
-#ifndef AES_DEBUG
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
-#endif
-#include <assert.h>
 #include <openssl/aes.h>
-#include "aes_locl.h"
+#include <openssl/modes.h>
-#if !defined(OPENSSL_FIPS_AES_ASM)
 void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
-                     const unsigned long length, const AES_KEY *key,
+                     size_t len, const AES_KEY *key,
                     unsigned char *ivec, const int enc) {
-        unsigned long n;
+        if (enc)
-        unsigned long len = length;
+                CRYPTO_cbc128_encrypt(in,out,len,key,ivec,(block128_f)AES_encrypt);
-        unsigned char tmp[AES_BLOCK_SIZE];
+        else
-        const unsigned char *iv = ivec;
+                CRYPTO_cbc128_decrypt(in,out,len,key,ivec,(block128_f)AES_decrypt);
-        assert(in && out && key && ivec);
-        assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc));
-        if (AES_ENCRYPT == enc) {
-                while (len >= AES_BLOCK_SIZE) {
-                        for(n=0; n < AES_BLOCK_SIZE; ++n)
-                                out[n] = in[n] ^ iv[n];
-                        AES_encrypt(out, out, key);
-                        iv = out;
-                        len -= AES_BLOCK_SIZE;
-                        in += AES_BLOCK_SIZE;
-                        out += AES_BLOCK_SIZE;
-                }
-                if (len) {
-                        for(n=0; n < len; ++n)
-                                out[n] = in[n] ^ iv[n];
-                        for(n=len; n < AES_BLOCK_SIZE; ++n)
-                                out[n] = iv[n];
-                        AES_encrypt(out, out, key);
-                        iv = out;
-                }
-                memcpy(ivec,iv,AES_BLOCK_SIZE);
-        } else if (in != out) {
-                while (len >= AES_BLOCK_SIZE) {
-                        AES_decrypt(in, out, key);
-                        for(n=0; n < AES_BLOCK_SIZE; ++n)
-                                out[n] ^= iv[n];
-                        iv = in;
-                        len -= AES_BLOCK_SIZE;
-                        in  += AES_BLOCK_SIZE;
-                        out += AES_BLOCK_SIZE;
-                }
-                if (len) {
-                        AES_decrypt(in,tmp,key);
-                        for(n=0; n < len; ++n)
-                                out[n] = tmp[n] ^ iv[n];
-                        iv = in;
-                }
-                memcpy(ivec,iv,AES_BLOCK_SIZE);
-        } else {
-                while (len >= AES_BLOCK_SIZE) {
-                        memcpy(tmp, in, AES_BLOCK_SIZE);
-                        AES_decrypt(in, out, key);
-                        for(n=0; n < AES_BLOCK_SIZE; ++n)
-                                out[n] ^= ivec[n];
-                        memcpy(ivec, tmp, AES_BLOCK_SIZE);
-                        len -= AES_BLOCK_SIZE;
-                        in += AES_BLOCK_SIZE;
-                        out += AES_BLOCK_SIZE;
-                }
-                if (len) {
-                        memcpy(tmp, in, AES_BLOCK_SIZE);
-                        AES_decrypt(tmp, out, key);
-                        for(n=0; n < len; ++n)
-                                out[n] ^= ivec[n];
-                        for(n=len; n < AES_BLOCK_SIZE; ++n)
-                                out[n] = tmp[n];
-                        memcpy(ivec, tmp, AES_BLOCK_SIZE);
-                }
-        }
 }
-#endif
diff --git a/src/lib/libcrypto/aes/aes_cfb.c b/src/lib/libcrypto/aes/aes_cfb.c
index 49f0411010..0c6d058ce7 100644
--- a/src/lib/libcrypto/aes/aes_cfb.c
+++ b/src/lib/libcrypto/aes/aes_cfb.c
@@ -1,6 +1,6 @@
 /* crypto/aes/aes_cfb.c -*- mode:C; c-file-style: "eay" -*- */
 /* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2002-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -48,73 +48,9 @@
 * ====================================================================
 *
 */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-#ifndef AES_DEBUG
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
-#endif
-#include <assert.h>
 #include <openssl/aes.h>
-#include "aes_locl.h"
+#include <openssl/modes.h>
-#include "e_os.h"
 /* The input and output encrypted as though 128bit cfb mode is being
 * used.  The extra state information to record how much of the
@@ -122,104 +58,24 @@
 */
 void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
-        const unsigned long length, const AES_KEY *key,
+        size_t length, const AES_KEY *key,
        unsigned char *ivec, int *num, const int enc) {
-        unsigned int n;
+        CRYPTO_cfb128_encrypt(in,out,length,key,ivec,num,enc,(block128_f)AES_encrypt);
-        unsigned long l = length;
-        unsigned char c;
-        assert(in && out && key && ivec && num);
-        n = *num;
-        if (enc) {
-                while (l--) {
-                        if (n == 0) {
-                                AES_encrypt(ivec, ivec, key);
-                        }
-                        ivec[n] = *(out++) = *(in++) ^ ivec[n];
-                        n = (n+1) % AES_BLOCK_SIZE;
-                }
-        } else {
-                while (l--) {
-                        if (n == 0) {
-                                AES_encrypt(ivec, ivec, key);
-                        }
-                        c = *(in);
-                        *(out++) = *(in++) ^ ivec[n];
-                        ivec[n] = c;
-                        n = (n+1) % AES_BLOCK_SIZE;
-                }
-        }
-        *num=n;
 }
-/* This expects a single block of size nbits for both in and out. Note that
-   it corrupts any extra bits in the last byte of out */
-void AES_cfbr_encrypt_block(const unsigned char *in,unsigned char *out,
-                            const int nbits,const AES_KEY *key,
-                            unsigned char *ivec,const int enc)
-    {
-    int n,rem,num;
-    unsigned char ovec[AES_BLOCK_SIZE*2];
-    if (nbits<=0 || nbits>128) return;
-        /* fill in the first half of the new IV with the current IV */
-        memcpy(ovec,ivec,AES_BLOCK_SIZE);
-        /* construct the new IV */
-        AES_encrypt(ivec,ivec,key);
-        num = (nbits+7)/8;
-        if (enc)        /* encrypt the input */
-            for(n=0 ; n < num ; ++n)
-                out[n] = (ovec[AES_BLOCK_SIZE+n] = in[n] ^ ivec[n]);
-        else            /* decrypt the input */
-            for(n=0 ; n < num ; ++n)
-                out[n] = (ovec[AES_BLOCK_SIZE+n] = in[n]) ^ ivec[n];
-        /* shift ovec left... */
-        rem = nbits%8;
-        num = nbits/8;
-        if(rem==0)
-            memcpy(ivec,ovec+num,AES_BLOCK_SIZE);
-        else
-            for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
-                ivec[n] = ovec[n+num]<<rem | ovec[n+num+1]>>(8-rem);
-    /* it is not necessary to cleanse ovec, since the IV is not secret */
-    }
 /* N.B. This expects the input to be packed, MS bit first */
 void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out,
-                      const unsigned long length, const AES_KEY *key,
+                      size_t length, const AES_KEY *key,
                      unsigned char *ivec, int *num, const int enc)
    {
-    unsigned int n;
+    CRYPTO_cfb128_1_encrypt(in,out,length,key,ivec,num,enc,(block128_f)AES_encrypt);
-    unsigned char c[1],d[1];
-    assert(in && out && key && ivec && num);
-    assert(*num == 0);
-    memset(out,0,(length+7)/8);
-    for(n=0 ; n < length ; ++n)
-        {
-        c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;
-        AES_cfbr_encrypt_block(c,d,1,key,ivec,enc);
-        out[n/8]=(out[n/8]&~(1 << (7-n%8)))|((d[0]&0x80) >> (n%8));
-        }
    }
 void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,
-                      const unsigned long length, const AES_KEY *key,
+                      size_t length, const AES_KEY *key,
                      unsigned char *ivec, int *num, const int enc)
    {
-    unsigned int n;
+    CRYPTO_cfb128_8_encrypt(in,out,length,key,ivec,num,enc,(block128_f)AES_encrypt);
-    assert(in && out && key && ivec && num);
-    assert(*num == 0);
-    for(n=0 ; n < length ; ++n)
-        AES_cfbr_encrypt_block(&in[n],&out[n],8,key,ivec,enc);
    }
diff --git a/src/lib/libcrypto/aes/aes_core.c b/src/lib/libcrypto/aes/aes_core.c
index cffdd4daec..a7ec54f4da 100644
--- a/src/lib/libcrypto/aes/aes_core.c
+++ b/src/lib/libcrypto/aes/aes_core.c
@@ -37,12 +37,9 @@
 #include <stdlib.h>
 #include <openssl/aes.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 #include "aes_locl.h"
+#ifndef AES_ASM
 /*
 Te0[x] = S [x].[02, 01, 01, 03];
 Te1[x] = S [x].[03, 02, 01, 01];
@@ -635,10 +632,6 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
        int i = 0;
        u32 temp;
-#ifdef OPENSSL_FIPS
-        FIPS_selftest_check();
-#endif
        if (!userKey || !key)
                return -1;
        if (bits != 128 && bits != 192 && bits != 256)
@@ -781,7 +774,6 @@ int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
        return 0;
 }
-#ifndef AES_ASM
 /*
 * Encrypt a single block
 * in and out can overlap
@@ -1164,4 +1156,203 @@ void AES_decrypt(const unsigned char *in, unsigned char *out,
        PUTU32(out + 12, s3);
 }
+#else /* AES_ASM */
+static const u8 Te4[256] = {
+    0x63U, 0x7cU, 0x77U, 0x7bU, 0xf2U, 0x6bU, 0x6fU, 0xc5U,
+    0x30U, 0x01U, 0x67U, 0x2bU, 0xfeU, 0xd7U, 0xabU, 0x76U,
+    0xcaU, 0x82U, 0xc9U, 0x7dU, 0xfaU, 0x59U, 0x47U, 0xf0U,
+    0xadU, 0xd4U, 0xa2U, 0xafU, 0x9cU, 0xa4U, 0x72U, 0xc0U,
+    0xb7U, 0xfdU, 0x93U, 0x26U, 0x36U, 0x3fU, 0xf7U, 0xccU,
+    0x34U, 0xa5U, 0xe5U, 0xf1U, 0x71U, 0xd8U, 0x31U, 0x15U,
+    0x04U, 0xc7U, 0x23U, 0xc3U, 0x18U, 0x96U, 0x05U, 0x9aU,
+    0x07U, 0x12U, 0x80U, 0xe2U, 0xebU, 0x27U, 0xb2U, 0x75U,
+    0x09U, 0x83U, 0x2cU, 0x1aU, 0x1bU, 0x6eU, 0x5aU, 0xa0U,
+    0x52U, 0x3bU, 0xd6U, 0xb3U, 0x29U, 0xe3U, 0x2fU, 0x84U,
+    0x53U, 0xd1U, 0x00U, 0xedU, 0x20U, 0xfcU, 0xb1U, 0x5bU,
+    0x6aU, 0xcbU, 0xbeU, 0x39U, 0x4aU, 0x4cU, 0x58U, 0xcfU,
+    0xd0U, 0xefU, 0xaaU, 0xfbU, 0x43U, 0x4dU, 0x33U, 0x85U,
+    0x45U, 0xf9U, 0x02U, 0x7fU, 0x50U, 0x3cU, 0x9fU, 0xa8U,
+    0x51U, 0xa3U, 0x40U, 0x8fU, 0x92U, 0x9dU, 0x38U, 0xf5U,
+    0xbcU, 0xb6U, 0xdaU, 0x21U, 0x10U, 0xffU, 0xf3U, 0xd2U,
+    0xcdU, 0x0cU, 0x13U, 0xecU, 0x5fU, 0x97U, 0x44U, 0x17U,
+    0xc4U, 0xa7U, 0x7eU, 0x3dU, 0x64U, 0x5dU, 0x19U, 0x73U,
+    0x60U, 0x81U, 0x4fU, 0xdcU, 0x22U, 0x2aU, 0x90U, 0x88U,
+    0x46U, 0xeeU, 0xb8U, 0x14U, 0xdeU, 0x5eU, 0x0bU, 0xdbU,
+    0xe0U, 0x32U, 0x3aU, 0x0aU, 0x49U, 0x06U, 0x24U, 0x5cU,
+    0xc2U, 0xd3U, 0xacU, 0x62U, 0x91U, 0x95U, 0xe4U, 0x79U,
+    0xe7U, 0xc8U, 0x37U, 0x6dU, 0x8dU, 0xd5U, 0x4eU, 0xa9U,
+    0x6cU, 0x56U, 0xf4U, 0xeaU, 0x65U, 0x7aU, 0xaeU, 0x08U,
+    0xbaU, 0x78U, 0x25U, 0x2eU, 0x1cU, 0xa6U, 0xb4U, 0xc6U,
+    0xe8U, 0xddU, 0x74U, 0x1fU, 0x4bU, 0xbdU, 0x8bU, 0x8aU,
+    0x70U, 0x3eU, 0xb5U, 0x66U, 0x48U, 0x03U, 0xf6U, 0x0eU,
+    0x61U, 0x35U, 0x57U, 0xb9U, 0x86U, 0xc1U, 0x1dU, 0x9eU,
+    0xe1U, 0xf8U, 0x98U, 0x11U, 0x69U, 0xd9U, 0x8eU, 0x94U,
+    0x9bU, 0x1eU, 0x87U, 0xe9U, 0xceU, 0x55U, 0x28U, 0xdfU,
+    0x8cU, 0xa1U, 0x89U, 0x0dU, 0xbfU, 0xe6U, 0x42U, 0x68U,
+    0x41U, 0x99U, 0x2dU, 0x0fU, 0xb0U, 0x54U, 0xbbU, 0x16U
+};
+static const u32 rcon[] = {
+        0x01000000, 0x02000000, 0x04000000, 0x08000000,
+        0x10000000, 0x20000000, 0x40000000, 0x80000000,
+        0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
+};
+/**
+ * Expand the cipher key into the encryption key schedule.
+ */
+int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+                        AES_KEY *key) {
+        u32 *rk;
+        int i = 0;
+        u32 temp;
+        if (!userKey || !key)
+                return -1;
+        if (bits != 128 && bits != 192 && bits != 256)
+                return -2;
+        rk = key->rd_key;
+        if (bits==128)
+                key->rounds = 10;
+        else if (bits==192)
+                key->rounds = 12;
+        else
+                key->rounds = 14;
+        rk[0] = GETU32(userKey     );
+        rk[1] = GETU32(userKey +  4);
+        rk[2] = GETU32(userKey +  8);
+        rk[3] = GETU32(userKey + 12);
+        if (bits == 128) {
+                while (1) {
+                        temp  = rk[3];
+                        rk[4] = rk[0] ^
+                                (Te4[(temp >> 16) & 0xff] << 24) ^
+                                (Te4[(temp >>  8) & 0xff] << 16) ^
+                                (Te4[(temp      ) & 0xff] << 8) ^
+                                (Te4[(temp >> 24)       ]) ^
+                                rcon[i];
+                        rk[5] = rk[1] ^ rk[4];
+                        rk[6] = rk[2] ^ rk[5];
+                        rk[7] = rk[3] ^ rk[6];
+                        if (++i == 10) {
+                                return 0;
+                        }
+                        rk += 4;
+                }
+        }
+        rk[4] = GETU32(userKey + 16);
+        rk[5] = GETU32(userKey + 20);
+        if (bits == 192) {
+                while (1) {
+                        temp = rk[ 5];
+                        rk[ 6] = rk[ 0] ^
+                                (Te4[(temp >> 16) & 0xff] << 24) ^
+                                (Te4[(temp >>  8) & 0xff] << 16) ^
+                                (Te4[(temp      ) & 0xff] << 8) ^
+                                (Te4[(temp >> 24)       ]) ^
+                                rcon[i];
+                        rk[ 7] = rk[ 1] ^ rk[ 6];
+                        rk[ 8] = rk[ 2] ^ rk[ 7];
+                        rk[ 9] = rk[ 3] ^ rk[ 8];
+                        if (++i == 8) {
+                                return 0;
+                        }
+                        rk[10] = rk[ 4] ^ rk[ 9];
+                        rk[11] = rk[ 5] ^ rk[10];
+                        rk += 6;
+                }
+        }
+        rk[6] = GETU32(userKey + 24);
+        rk[7] = GETU32(userKey + 28);
+        if (bits == 256) {
+                while (1) {
+                        temp = rk[ 7];
+                        rk[ 8] = rk[ 0] ^
+                                (Te4[(temp >> 16) & 0xff] << 24) ^
+                                (Te4[(temp >>  8) & 0xff] << 16) ^
+                                (Te4[(temp      ) & 0xff] << 8) ^
+                                (Te4[(temp >> 24)       ]) ^
+                                rcon[i];
+                        rk[ 9] = rk[ 1] ^ rk[ 8];
+                        rk[10] = rk[ 2] ^ rk[ 9];
+                        rk[11] = rk[ 3] ^ rk[10];
+                        if (++i == 7) {
+                                return 0;
+                        }
+                        temp = rk[11];
+                        rk[12] = rk[ 4] ^
+                                (Te4[(temp >> 24)       ] << 24) ^
+                                (Te4[(temp >> 16) & 0xff] << 16) ^
+                                (Te4[(temp >>  8) & 0xff] << 8) ^
+                                (Te4[(temp      ) & 0xff]);
+                        rk[13] = rk[ 5] ^ rk[12];
+                        rk[14] = rk[ 6] ^ rk[13];
+                        rk[15] = rk[ 7] ^ rk[14];
+                        rk += 8;
+                }
+        }
+        return 0;
+}
+/**
+ * Expand the cipher key into the decryption key schedule.
+ */
+int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+                         AES_KEY *key) {
+        u32 *rk;
+        int i, j, status;
+        u32 temp;
+        /* first, start with an encryption schedule */
+        status = AES_set_encrypt_key(userKey, bits, key);
+        if (status < 0)
+                return status;
+        rk = key->rd_key;
+        /* invert the order of the round keys: */
+        for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) {
+                temp = rk[i    ]; rk[i    ] = rk[j    ]; rk[j    ] = temp;
+                temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp;
+                temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp;
+                temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp;
+        }
+        /* apply the inverse MixColumn transform to all round keys but the first and the last: */
+        for (i = 1; i < (key->rounds); i++) {
+                rk += 4;
+                for (j = 0; j < 4; j++) {
+                        u32 tp1, tp2, tp4, tp8, tp9, tpb, tpd, tpe, m;
+                        tp1 = rk[j];
+                        m = tp1 & 0x80808080;
+                        tp2 = ((tp1 & 0x7f7f7f7f) << 1) ^
+                                ((m - (m >> 7)) & 0x1b1b1b1b);
+                        m = tp2 & 0x80808080;
+                        tp4 = ((tp2 & 0x7f7f7f7f) << 1) ^
+                                ((m - (m >> 7)) & 0x1b1b1b1b);
+                        m = tp4 & 0x80808080;
+                        tp8 = ((tp4 & 0x7f7f7f7f) << 1) ^
+                                ((m - (m >> 7)) & 0x1b1b1b1b);
+                        tp9 = tp8 ^ tp1;
+                        tpb = tp9 ^ tp2;
+                        tpd = tp9 ^ tp4;
+                        tpe = tp8 ^ tp4 ^ tp2;
+#if defined(ROTATE)
+                        rk[j] = tpe ^ ROTATE(tpd,16) ^
+                                ROTATE(tp9,24) ^ ROTATE(tpb,8);
+#else
+                        rk[j] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^ 
+                                (tp9 >> 8) ^ (tp9 << 24) ^
+                                (tpb >> 24) ^ (tpb << 8);
+#endif
+                }
+        }
+        return 0;
+}
 #endif /* AES_ASM */
diff --git a/src/lib/libcrypto/aes/aes_ctr.c b/src/lib/libcrypto/aes/aes_ctr.c
index f36982be1e..7c9d165d8a 100644
--- a/src/lib/libcrypto/aes/aes_ctr.c
+++ b/src/lib/libcrypto/aes/aes_ctr.c
@@ -49,91 +49,13 @@
 *
 */
-#ifndef AES_DEBUG
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
-#endif
-#include <assert.h>
 #include <openssl/aes.h>
-#include "aes_locl.h"
+#include <openssl/modes.h>
-/* NOTE: the IV/counter CTR mode is big-endian.  The rest of the AES code
- * is endian-neutral. */
-/* increment counter (128-bit int) by 1 */
-static void AES_ctr128_inc(unsigned char *counter) {
-        unsigned long c;
-        /* Grab bottom dword of counter and increment */
-        c = GETU32(counter + 12);
-        c++;    c &= 0xFFFFFFFF;
-        PUTU32(counter + 12, c);
-        /* if no overflow, we're done */
-        if (c)
-                return;
-        /* Grab 1st dword of counter and increment */
-        c = GETU32(counter +  8);
-        c++;    c &= 0xFFFFFFFF;
-        PUTU32(counter +  8, c);
-        /* if no overflow, we're done */
-        if (c)
-                return;
-        /* Grab 2nd dword of counter and increment */
-        c = GETU32(counter +  4);
-        c++;    c &= 0xFFFFFFFF;
-        PUTU32(counter +  4, c);
-        /* if no overflow, we're done */
-        if (c)
-                return;
-        /* Grab top dword of counter and increment */
-        c = GETU32(counter +  0);
-        c++;    c &= 0xFFFFFFFF;
-        PUTU32(counter +  0, c);
-}
-/* The input encrypted as though 128bit counter mode is being
- * used.  The extra state information to record how much of the
- * 128bit block we have used is contained in *num, and the
- * encrypted counter is kept in ecount_buf.  Both *num and
- * ecount_buf must be initialised with zeros before the first
- * call to AES_ctr128_encrypt().
- *
- * This algorithm assumes that the counter is in the x lower bits
- * of the IV (ivec), and that the application has full control over
- * overflow and the rest of the IV.  This implementation takes NO
- * responsability for checking that the counter doesn't overflow
- * into the rest of the IV when incremented.
- */
 void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
-        const unsigned long length, const AES_KEY *key,
+                        size_t length, const AES_KEY *key,
-        unsigned char ivec[AES_BLOCK_SIZE],
+                        unsigned char ivec[AES_BLOCK_SIZE],
-        unsigned char ecount_buf[AES_BLOCK_SIZE],
+                        unsigned char ecount_buf[AES_BLOCK_SIZE],
-        unsigned int *num) {
+                        unsigned int *num) {
+        CRYPTO_ctr128_encrypt(in,out,length,key,ivec,ecount_buf,num,(block128_f)AES_encrypt);
-        unsigned int n;
-        unsigned long l=length;
-        assert(in && out && key && counter && num);
-        assert(*num < AES_BLOCK_SIZE);
-        n = *num;
-        while (l--) {
-                if (n == 0) {
-                        AES_encrypt(ivec, ecount_buf, key);
-                        AES_ctr128_inc(ivec);
-                }
-                *(out++) = *(in++) ^ ecount_buf[n];
-                n = (n+1) % AES_BLOCK_SIZE;
-        }
-        *num=n;
 }
diff --git a/src/lib/libcrypto/aes/aes_ige.c b/src/lib/libcrypto/aes/aes_ige.c
index 45d7096181..c161351e65 100644
--- a/src/lib/libcrypto/aes/aes_ige.c
+++ b/src/lib/libcrypto/aes/aes_ige.c
@@ -77,11 +77,11 @@ typedef struct {
 /* N.B. The IV for this mode is _twice_ the block size */
 void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
-                                         const unsigned long length, const AES_KEY *key,
+                                         size_t length, const AES_KEY *key,
                                         unsigned char *ivec, const int enc)
        {
-        unsigned long n;
+        size_t n;
-        unsigned long len;
+        size_t len = length;
        OPENSSL_assert(in && out && key && ivec);
        OPENSSL_assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc));
@@ -211,12 +211,12 @@ void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
 /* N.B. The IV for this mode is _four times_ the block size */
 void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
-                                                const unsigned long length, const AES_KEY *key,
+                                                size_t length, const AES_KEY *key,
                                                const AES_KEY *key2, const unsigned char *ivec,
                                                const int enc)
        {
-        unsigned long n;
+        size_t n;
-        unsigned long len = length;
+        size_t len = length;
        unsigned char tmp[AES_BLOCK_SIZE];
        unsigned char tmp2[AES_BLOCK_SIZE];
        unsigned char tmp3[AES_BLOCK_SIZE];
diff --git a/src/lib/libcrypto/aes/aes_ofb.c b/src/lib/libcrypto/aes/aes_ofb.c
index f358bb39e2..50bf0b8325 100644
--- a/src/lib/libcrypto/aes/aes_ofb.c
+++ b/src/lib/libcrypto/aes/aes_ofb.c
@@ -1,6 +1,6 @@
 /* crypto/aes/aes_ofb.c -*- mode:C; c-file-style: "eay" -*- */
 /* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2002-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -48,95 +48,13 @@
 * ====================================================================
 *
 */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-#ifndef AES_DEBUG
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
-#endif
-#include <assert.h>
 #include <openssl/aes.h>
-#include "aes_locl.h"
+#include <openssl/modes.h>
-/* The input and output encrypted as though 128bit ofb mode is being
- * used.  The extra state information to record how much of the
- * 128bit block we have used is contained in *num;
- */
 void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
-        const unsigned long length, const AES_KEY *key,
+        size_t length, const AES_KEY *key,
-        unsigned char *ivec, int *num) {
+        unsigned char *ivec, int *num)
+{
-        unsigned int n;
+        CRYPTO_ofb128_encrypt(in,out,length,key,ivec,num,(block128_f)AES_encrypt);
-        unsigned long l=length;
-        assert(in && out && key && ivec && num);
-        n = *num;
-        while (l--) {
-                if (n == 0) {
-                        AES_encrypt(ivec, ivec, key);
-                }
-                *(out++) = *(in++) ^ ivec[n];
-                n = (n+1) % AES_BLOCK_SIZE;
-        }
-        *num=n;
 }
diff --git a/src/lib/libcrypto/aes/asm/aes-586.pl b/src/lib/libcrypto/aes/asm/aes-586.pl
index 3bc46a968e..aab40e6f1c 100644
--- a/src/lib/libcrypto/aes/asm/aes-586.pl
+++ b/src/lib/libcrypto/aes/asm/aes-586.pl
@@ -2,11 +2,12 @@
 #
 # ====================================================================
 # Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. Rights for redistribution and usage in source and binary
+# project. The module is, however, dual licensed under OpenSSL and
-# forms are granted according to the OpenSSL license.
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
 # ====================================================================
 #
-# Version 3.6.
+# Version 4.3.
 #
 # You might fail to appreciate this module performance from the first
 # try. If compared to "vanilla" linux-ia32-icc target, i.e. considered
@@ -81,11 +82,117 @@
 # AMD K8        20                      19
 # PIII          25                      23
 # Pentium       81                      78
+#
-push(@INC,"perlasm","../../perlasm");
+# Version 3.7 reimplements outer rounds as "compact." Meaning that
+# first and last rounds reference compact 256 bytes S-box. This means
+# that first round consumes a lot more CPU cycles and that encrypt
+# and decrypt performance becomes asymmetric. Encrypt performance
+# drops by 10-12%, while decrypt - by 20-25%:-( 256 bytes S-box is
+# aggressively pre-fetched.
+#
+# Version 4.0 effectively rolls back to 3.6 and instead implements
+# additional set of functions, _[x86|sse]_AES_[en|de]crypt_compact,
+# which use exclusively 256 byte S-box. These functions are to be
+# called in modes not concealing plain text, such as ECB, or when
+# we're asked to process smaller amount of data [or unconditionally
+# on hyper-threading CPU]. Currently it's called unconditionally from
+# AES_[en|de]crypt, which affects all modes, but CBC. CBC routine
+# still needs to be modified to switch between slower and faster
+# mode when appropriate... But in either case benchmark landscape
+# changes dramatically and below numbers are CPU cycles per processed
+# byte for 128-bit key.
+#
+#               ECB encrypt     ECB decrypt     CBC large chunk
+# P4            56[60]          84[100]         23
+# AMD K8        48[44]          70[79]          18
+# PIII          41[50]          61[91]          24
+# Core 2        32[38]          45[70]          18.5
+# Pentium       120             160             77
+#
+# Version 4.1 switches to compact S-box even in key schedule setup.
+#
+# Version 4.2 prefetches compact S-box in every SSE round or in other
+# words every cache-line is *guaranteed* to be accessed within ~50
+# cycles window. Why just SSE? Because it's needed on hyper-threading
+# CPU! Which is also why it's prefetched with 64 byte stride. Best
+# part is that it has no negative effect on performance:-)  
+#
+# Version 4.3 implements switch between compact and non-compact block
+# functions in AES_cbc_encrypt depending on how much data was asked
+# to be processed in one stroke.
+#
+######################################################################
+# Timing attacks are classified in two classes: synchronous when
+# attacker consciously initiates cryptographic operation and collects
+# timing data of various character afterwards, and asynchronous when
+# malicious code is executed on same CPU simultaneously with AES,
+# instruments itself and performs statistical analysis of this data.
+#
+# As far as synchronous attacks go the root to the AES timing
+# vulnerability is twofold. Firstly, of 256 S-box elements at most 160
+# are referred to in single 128-bit block operation. Well, in C
+# implementation with 4 distinct tables it's actually as little as 40
+# references per 256 elements table, but anyway... Secondly, even
+# though S-box elements are clustered into smaller amount of cache-
+# lines, smaller than 160 and even 40, it turned out that for certain
+# plain-text pattern[s] or simply put chosen plain-text and given key
+# few cache-lines remain unaccessed during block operation. Now, if
+# attacker can figure out this access pattern, he can deduct the key
+# [or at least part of it]. The natural way to mitigate this kind of
+# attacks is to minimize the amount of cache-lines in S-box and/or
+# prefetch them to ensure that every one is accessed for more uniform
+# timing. But note that *if* plain-text was concealed in such way that
+# input to block function is distributed *uniformly*, then attack
+# wouldn't apply. Now note that some encryption modes, most notably
+# CBC, do mask the plain-text in this exact way [secure cipher output
+# is distributed uniformly]. Yes, one still might find input that
+# would reveal the information about given key, but if amount of
+# candidate inputs to be tried is larger than amount of possible key
+# combinations then attack becomes infeasible. This is why revised
+# AES_cbc_encrypt "dares" to switch to larger S-box when larger chunk
+# of data is to be processed in one stroke. The current size limit of
+# 512 bytes is chosen to provide same [diminishigly low] probability
+# for cache-line to remain untouched in large chunk operation with
+# large S-box as for single block operation with compact S-box and
+# surely needs more careful consideration...
+#
+# As for asynchronous attacks. There are two flavours: attacker code
+# being interleaved with AES on hyper-threading CPU at *instruction*
+# level, and two processes time sharing single core. As for latter.
+# Two vectors. 1. Given that attacker process has higher priority,
+# yield execution to process performing AES just before timer fires
+# off the scheduler, immediately regain control of CPU and analyze the
+# cache state. For this attack to be efficient attacker would have to
+# effectively slow down the operation by several *orders* of magnitute,
+# by ratio of time slice to duration of handful of AES rounds, which
+# unlikely to remain unnoticed. Not to mention that this also means
+# that he would spend correspondigly more time to collect enough
+# statistical data to mount the attack. It's probably appropriate to
+# say that if adeversary reckons that this attack is beneficial and
+# risks to be noticed, you probably have larger problems having him
+# mere opportunity. In other words suggested code design expects you
+# to preclude/mitigate this attack by overall system security design.
+# 2. Attacker manages to make his code interrupt driven. In order for
+# this kind of attack to be feasible, interrupt rate has to be high
+# enough, again comparable to duration of handful of AES rounds. But
+# is there interrupt source of such rate? Hardly, not even 1Gbps NIC
+# generates interrupts at such raging rate...
+#
+# And now back to the former, hyper-threading CPU or more specifically
+# Intel P4. Recall that asynchronous attack implies that malicious
+# code instruments itself. And naturally instrumentation granularity
+# has be noticeably lower than duration of codepath accessing S-box.
+# Given that all cache-lines are accessed during that time that is.
+# Current implementation accesses *all* cache-lines within ~50 cycles
+# window, which is actually *less* than RDTSC latency on Intel P4!
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
 require "x86asm.pl";
-&asm_init($ARGV[0],"aes-586.pl",$ARGV[$#ARGV] eq "386");
+&asm_init($ARGV[0],"aes-586.pl",$x86only = $ARGV[$#ARGV] eq "386");
+&static_label("AES_Te");
+&static_label("AES_Td");
 $s0="eax";
 $s1="ebx";
@@ -93,21 +200,36 @@ $s2="ecx";
 $s3="edx";
 $key="edi";
 $acc="esi";
+$tbl="ebp";
+# stack frame layout in _[x86|sse]_AES_* routines, frame is allocated
+# by caller
+$__ra=&DWP(0,"esp");    # return address
+$__s0=&DWP(4,"esp");    # s0 backing store
+$__s1=&DWP(8,"esp");    # s1 backing store
+$__s2=&DWP(12,"esp");   # s2 backing store
+$__s3=&DWP(16,"esp");   # s3 backing store
+$__key=&DWP(20,"esp");  # pointer to key schedule
+$__end=&DWP(24,"esp");  # pointer to end of key schedule
+$__tbl=&DWP(28,"esp");  # %ebp backing store
+# stack frame layout in AES_[en|crypt] routines, which differs from
+# above by 4 and overlaps by %ebp backing store
+$_tbl=&DWP(24,"esp");
+$_esp=&DWP(28,"esp");
-$compromise=0;          # $compromise=128 abstains from copying key
+sub _data_word() { my $i; while(defined($i=shift)) { &data_word($i,$i); } }
-                        # schedule to stack when encrypting inputs
-                        # shorter than 128 bytes at the cost of
+$speed_limit=512;       # chunks smaller than $speed_limit are
-                        # risksing aliasing with S-boxes. In return
+                        # processed with compact routine in CBC mode
-                        # you get way better, up to +70%, small block
-                        # performance.
 $small_footprint=1;     # $small_footprint=1 code is ~5% slower [on
                        # recent �-archs], but ~5 times smaller!
                        # I favor compact code to minimize cache
                        # contention and in hope to "collect" 5% back
                        # in real-life applications...
 $vertical_spin=0;       # shift "verticaly" defaults to 0, because of
                        # its proof-of-concept status...
 # Note that there is no decvert(), as well as last encryption round is
 # performed with "horizontal" shifts. This is because this "vertical"
 # implementation [one which groups shifts on a given $s[i] to form a
@@ -170,17 +292,484 @@ sub encvert()
        &movz   ($v0,&HB($v1));
        &and    ($v1,0xFF);
        &xor    ($s[3],&DWP(2,$te,$v1,8));              # s1>>16
-         &mov   ($key,&DWP(12,"esp"));                  # reincarnate v1 as key
+         &mov   ($key,$__key);                          # reincarnate v1 as key
        &xor    ($s[2],&DWP(1,$te,$v0,8));              # s1>>24
 }
+# Another experimental routine, which features "horizontal spin," but
+# eliminates one reference to stack. Strangely enough runs slower...
+sub enchoriz()
+{ my $v0 = $key, $v1 = $acc;
+        &movz   ($v0,&LB($s0));                 #  3, 2, 1, 0*
+        &rotr   ($s2,8);                        #  8,11,10, 9
+        &mov    ($v1,&DWP(0,$te,$v0,8));        #  0
+        &movz   ($v0,&HB($s1));                 #  7, 6, 5*, 4
+        &rotr   ($s3,16);                       # 13,12,15,14
+        &xor    ($v1,&DWP(3,$te,$v0,8));        #  5
+        &movz   ($v0,&HB($s2));                 #  8,11,10*, 9
+        &rotr   ($s0,16);                       #  1, 0, 3, 2
+        &xor    ($v1,&DWP(2,$te,$v0,8));        # 10
+        &movz   ($v0,&HB($s3));                 # 13,12,15*,14
+        &xor    ($v1,&DWP(1,$te,$v0,8));        # 15, t[0] collected
+        &mov    ($__s0,$v1);                    # t[0] saved
+        &movz   ($v0,&LB($s1));                 #  7, 6, 5, 4*
+        &shr    ($s1,16);                       #  -, -, 7, 6
+        &mov    ($v1,&DWP(0,$te,$v0,8));        #  4
+        &movz   ($v0,&LB($s3));                 # 13,12,15,14*
+        &xor    ($v1,&DWP(2,$te,$v0,8));        # 14
+        &movz   ($v0,&HB($s0));                 #  1, 0, 3*, 2
+        &and    ($s3,0xffff0000);               # 13,12, -, -
+        &xor    ($v1,&DWP(1,$te,$v0,8));        #  3
+        &movz   ($v0,&LB($s2));                 #  8,11,10, 9*
+        &or     ($s3,$s1);                      # 13,12, 7, 6
+        &xor    ($v1,&DWP(3,$te,$v0,8));        #  9, t[1] collected
+        &mov    ($s1,$v1);                      #  s[1]=t[1]
+        &movz   ($v0,&LB($s0));                 #  1, 0, 3, 2*
+        &shr    ($s2,16);                       #  -, -, 8,11
+        &mov    ($v1,&DWP(2,$te,$v0,8));        #  2
+        &movz   ($v0,&HB($s3));                 # 13,12, 7*, 6
+        &xor    ($v1,&DWP(1,$te,$v0,8));        #  7
+        &movz   ($v0,&HB($s2));                 #  -, -, 8*,11
+        &xor    ($v1,&DWP(0,$te,$v0,8));        #  8
+        &mov    ($v0,$s3);
+        &shr    ($v0,24);                       # 13
+        &xor    ($v1,&DWP(3,$te,$v0,8));        # 13, t[2] collected
+        &movz   ($v0,&LB($s2));                 #  -, -, 8,11*
+        &shr    ($s0,24);                       #  1*
+        &mov    ($s2,&DWP(1,$te,$v0,8));        # 11
+        &xor    ($s2,&DWP(3,$te,$s0,8));        #  1
+        &mov    ($s0,$__s0);                    # s[0]=t[0]
+        &movz   ($v0,&LB($s3));                 # 13,12, 7, 6*
+        &shr    ($s3,16);                       #   ,  ,13,12
+        &xor    ($s2,&DWP(2,$te,$v0,8));        #  6
+        &mov    ($key,$__key);                  # reincarnate v0 as key
+        &and    ($s3,0xff);                     #   ,  ,13,12*
+        &mov    ($s3,&DWP(0,$te,$s3,8));        # 12
+        &xor    ($s3,$s2);                      # s[2]=t[3] collected
+        &mov    ($s2,$v1);                      # s[2]=t[2]
+}
+# More experimental code... SSE one... Even though this one eliminates
+# *all* references to stack, it's not faster...
+sub sse_encbody()
+{
+        &movz   ($acc,&LB("eax"));              #  0
+        &mov    ("ecx",&DWP(0,$tbl,$acc,8));    #  0
+        &pshufw ("mm2","mm0",0x0d);             #  7, 6, 3, 2
+        &movz   ("edx",&HB("eax"));             #  1
+        &mov    ("edx",&DWP(3,$tbl,"edx",8));   #  1
+        &shr    ("eax",16);                     #  5, 4
+        &movz   ($acc,&LB("ebx"));              # 10
+        &xor    ("ecx",&DWP(2,$tbl,$acc,8));    # 10
+        &pshufw ("mm6","mm4",0x08);             # 13,12, 9, 8
+        &movz   ($acc,&HB("ebx"));              # 11
+        &xor    ("edx",&DWP(1,$tbl,$acc,8));    # 11
+        &shr    ("ebx",16);                     # 15,14
+        &movz   ($acc,&HB("eax"));              #  5
+        &xor    ("ecx",&DWP(3,$tbl,$acc,8));    #  5
+        &movq   ("mm3",QWP(16,$key));
+        &movz   ($acc,&HB("ebx"));              # 15
+        &xor    ("ecx",&DWP(1,$tbl,$acc,8));    # 15
+        &movd   ("mm0","ecx");                  # t[0] collected
+        &movz   ($acc,&LB("eax"));              #  4
+        &mov    ("ecx",&DWP(0,$tbl,$acc,8));    #  4
+        &movd   ("eax","mm2");                  #  7, 6, 3, 2
+        &movz   ($acc,&LB("ebx"));              # 14
+        &xor    ("ecx",&DWP(2,$tbl,$acc,8));    # 14
+        &movd   ("ebx","mm6");                  # 13,12, 9, 8
+        &movz   ($acc,&HB("eax"));              #  3
+        &xor    ("ecx",&DWP(1,$tbl,$acc,8));    #  3
+        &movz   ($acc,&HB("ebx"));              #  9
+        &xor    ("ecx",&DWP(3,$tbl,$acc,8));    #  9
+        &movd   ("mm1","ecx");                  # t[1] collected
+        &movz   ($acc,&LB("eax"));              #  2
+        &mov    ("ecx",&DWP(2,$tbl,$acc,8));    #  2
+        &shr    ("eax",16);                     #  7, 6
+        &punpckldq      ("mm0","mm1");          # t[0,1] collected
+        &movz   ($acc,&LB("ebx"));              #  8
+        &xor    ("ecx",&DWP(0,$tbl,$acc,8));    #  8
+        &shr    ("ebx",16);                     # 13,12
+        &movz   ($acc,&HB("eax"));              #  7
+        &xor    ("ecx",&DWP(1,$tbl,$acc,8));    #  7
+        &pxor   ("mm0","mm3");
+        &movz   ("eax",&LB("eax"));             #  6
+        &xor    ("edx",&DWP(2,$tbl,"eax",8));   #  6
+        &pshufw ("mm1","mm0",0x08);             #  5, 4, 1, 0
+        &movz   ($acc,&HB("ebx"));              # 13
+        &xor    ("ecx",&DWP(3,$tbl,$acc,8));    # 13
+        &xor    ("ecx",&DWP(24,$key));          # t[2]
+        &movd   ("mm4","ecx");                  # t[2] collected
+        &movz   ("ebx",&LB("ebx"));             # 12
+        &xor    ("edx",&DWP(0,$tbl,"ebx",8));   # 12
+        &shr    ("ecx",16);
+        &movd   ("eax","mm1");                  #  5, 4, 1, 0
+        &mov    ("ebx",&DWP(28,$key));          # t[3]
+        &xor    ("ebx","edx");
+        &movd   ("mm5","ebx");                  # t[3] collected
+        &and    ("ebx",0xffff0000);
+        &or     ("ebx","ecx");
+        &punpckldq      ("mm4","mm5");          # t[2,3] collected
+}
+######################################################################
+# "Compact" block function
+######################################################################
+sub enccompact()
+{ my $Fn = mov;
+  while ($#_>5) { pop(@_); $Fn=sub{}; }
+  my ($i,$te,@s)=@_;
+  my $tmp = $key;
+  my $out = $i==3?$s[0]:$acc;
+        # $Fn is used in first compact round and its purpose is to
+        # void restoration of some values from stack, so that after
+        # 4xenccompact with extra argument $key value is left there...
+        if ($i==3)  {   &$Fn    ($key,$__key);                  }##%edx
+        else        {   &mov    ($out,$s[0]);                   }
+                        &and    ($out,0xFF);
+        if ($i==1)  {   &shr    ($s[0],16);                     }#%ebx[1]
+        if ($i==2)  {   &shr    ($s[0],24);                     }#%ecx[2]
+                        &movz   ($out,&BP(-128,$te,$out,1));
+        if ($i==3)  {   $tmp=$s[1];                             }##%eax
+                        &movz   ($tmp,&HB($s[1]));
+                        &movz   ($tmp,&BP(-128,$te,$tmp,1));
+                        &shl    ($tmp,8);
+                        &xor    ($out,$tmp);
+        if ($i==3)  {   $tmp=$s[2]; &mov ($s[1],$__s0);         }##%ebx
+        else        {   &mov    ($tmp,$s[2]);
+                        &shr    ($tmp,16);                      }
+        if ($i==2)  {   &and    ($s[1],0xFF);                   }#%edx[2]
+                        &and    ($tmp,0xFF);
+                        &movz   ($tmp,&BP(-128,$te,$tmp,1));
+                        &shl    ($tmp,16);
+                        &xor    ($out,$tmp);
+        if ($i==3)  {   $tmp=$s[3]; &mov ($s[2],$__s1);         }##%ecx
+        elsif($i==2){   &movz   ($tmp,&HB($s[3]));              }#%ebx[2]
+        else        {   &mov    ($tmp,$s[3]);
+                        &shr    ($tmp,24);                      }
+                        &movz   ($tmp,&BP(-128,$te,$tmp,1));
+                        &shl    ($tmp,24);
+                        &xor    ($out,$tmp);
+        if ($i<2)   {   &mov    (&DWP(4+4*$i,"esp"),$out);      }
+        if ($i==3)  {   &mov    ($s[3],$acc);                   }
+        &comment();
+}
+sub enctransform()
+{ my @s = ($s0,$s1,$s2,$s3);
+  my $i = shift;
+  my $tmp = $tbl;
+  my $r2  = $key ;
+        &mov    ($acc,$s[$i]);
+        &and    ($acc,0x80808080);
+        &mov    ($tmp,$acc);
+        &shr    ($tmp,7);
+        &lea    ($r2,&DWP(0,$s[$i],$s[$i]));
+        &sub    ($acc,$tmp);
+        &and    ($r2,0xfefefefe);
+        &and    ($acc,0x1b1b1b1b);
+        &mov    ($tmp,$s[$i]);
+        &xor    ($acc,$r2);     # r2
+        &xor    ($s[$i],$acc);  # r0 ^ r2
+        &rotl   ($s[$i],24);
+        &xor    ($s[$i],$acc)   # ROTATE(r2^r0,24) ^ r2
+        &rotr   ($tmp,16);
+        &xor    ($s[$i],$tmp);
+        &rotr   ($tmp,8);
+        &xor    ($s[$i],$tmp);
+}
+&function_begin_B("_x86_AES_encrypt_compact");
+        # note that caller is expected to allocate stack frame for me!
+        &mov    ($__key,$key);                  # save key
+        &xor    ($s0,&DWP(0,$key));             # xor with key
+        &xor    ($s1,&DWP(4,$key));
+        &xor    ($s2,&DWP(8,$key));
+        &xor    ($s3,&DWP(12,$key));
+        &mov    ($acc,&DWP(240,$key));          # load key->rounds
+        &lea    ($acc,&DWP(-2,$acc,$acc));
+        &lea    ($acc,&DWP(0,$key,$acc,8));
+        &mov    ($__end,$acc);                  # end of key schedule
+        # prefetch Te4
+        &mov    ($key,&DWP(0-128,$tbl));
+        &mov    ($acc,&DWP(32-128,$tbl));
+        &mov    ($key,&DWP(64-128,$tbl));
+        &mov    ($acc,&DWP(96-128,$tbl));
+        &mov    ($key,&DWP(128-128,$tbl));
+        &mov    ($acc,&DWP(160-128,$tbl));
+        &mov    ($key,&DWP(192-128,$tbl));
+        &mov    ($acc,&DWP(224-128,$tbl));
+        &set_label("loop",16);
+                &enccompact(0,$tbl,$s0,$s1,$s2,$s3,1);
+                &enccompact(1,$tbl,$s1,$s2,$s3,$s0,1);
+                &enccompact(2,$tbl,$s2,$s3,$s0,$s1,1);
+                &enccompact(3,$tbl,$s3,$s0,$s1,$s2,1);
+                &enctransform(2);
+                &enctransform(3);
+                &enctransform(0);
+                &enctransform(1);
+                &mov    ($key,$__key);
+                &mov    ($tbl,$__tbl);
+                &add    ($key,16);              # advance rd_key
+                &xor    ($s0,&DWP(0,$key));
+                &xor    ($s1,&DWP(4,$key));
+                &xor    ($s2,&DWP(8,$key));
+                &xor    ($s3,&DWP(12,$key));
+        &cmp    ($key,$__end);
+        &mov    ($__key,$key);
+        &jb     (&label("loop"));
+        &enccompact(0,$tbl,$s0,$s1,$s2,$s3);
+        &enccompact(1,$tbl,$s1,$s2,$s3,$s0);
+        &enccompact(2,$tbl,$s2,$s3,$s0,$s1);
+        &enccompact(3,$tbl,$s3,$s0,$s1,$s2);
+        &xor    ($s0,&DWP(16,$key));
+        &xor    ($s1,&DWP(20,$key));
+        &xor    ($s2,&DWP(24,$key));
+        &xor    ($s3,&DWP(28,$key));
+        &ret    ();
+&function_end_B("_x86_AES_encrypt_compact");
+######################################################################
+# "Compact" SSE block function.
+######################################################################
+#
+# Performance is not actually extraordinary in comparison to pure
+# x86 code. In particular encrypt performance is virtually the same.
+# Decrypt performance on the other hand is 15-20% better on newer
+# �-archs [but we're thankful for *any* improvement here], and ~50%
+# better on PIII:-) And additionally on the pros side this code
+# eliminates redundant references to stack and thus relieves/
+# minimizes the pressure on the memory bus.
+#
+# MMX register layout                           lsb
+# +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+# |          mm4          |          mm0          |
+# +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+# |     s3    |     s2    |     s1    |     s0    |    
+# +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+# |15|14|13|12|11|10| 9| 8| 7| 6| 5| 4| 3| 2| 1| 0|
+# +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+#
+# Indexes translate as s[N/4]>>(8*(N%4)), e.g. 5 means s1>>8.
+# In this terms encryption and decryption "compact" permutation
+# matrices can be depicted as following:
+#
+# encryption              lsb   # decryption              lsb
+# +----++----+----+----+----+   # +----++----+----+----+----+
+# | t0 || 15 | 10 |  5 |  0 |   # | t0 ||  7 | 10 | 13 |  0 |
+# +----++----+----+----+----+   # +----++----+----+----+----+
+# | t1 ||  3 | 14 |  9 |  4 |   # | t1 || 11 | 14 |  1 |  4 |
+# +----++----+----+----+----+   # +----++----+----+----+----+
+# | t2 ||  7 |  2 | 13 |  8 |   # | t2 || 15 |  2 |  5 |  8 |
+# +----++----+----+----+----+   # +----++----+----+----+----+
+# | t3 || 11 |  6 |  1 | 12 |   # | t3 ||  3 |  6 |  9 | 12 |
+# +----++----+----+----+----+   # +----++----+----+----+----+
+#
+######################################################################
+# Why not xmm registers? Short answer. It was actually tested and
+# was not any faster, but *contrary*, most notably on Intel CPUs.
+# Longer answer. Main advantage of using mm registers is that movd
+# latency is lower, especially on Intel P4. While arithmetic
+# instructions are twice as many, they can be scheduled every cycle
+# and not every second one when they are operating on xmm register,
+# so that "arithmetic throughput" remains virtually the same. And
+# finally the code can be executed even on elder SSE-only CPUs:-)
+sub sse_enccompact()
+{
+        &pshufw ("mm1","mm0",0x08);             #  5, 4, 1, 0
+        &pshufw ("mm5","mm4",0x0d);             # 15,14,11,10
+        &movd   ("eax","mm1");                  #  5, 4, 1, 0
+        &movd   ("ebx","mm5");                  # 15,14,11,10
+        &movz   ($acc,&LB("eax"));              #  0
+        &movz   ("ecx",&BP(-128,$tbl,$acc,1));  #  0
+        &pshufw ("mm2","mm0",0x0d);             #  7, 6, 3, 2
+        &movz   ("edx",&HB("eax"));             #  1
+        &movz   ("edx",&BP(-128,$tbl,"edx",1)); #  1
+        &shl    ("edx",8);                      #  1
+        &shr    ("eax",16);                     #  5, 4
+        &movz   ($acc,&LB("ebx"));              # 10
+        &movz   ($acc,&BP(-128,$tbl,$acc,1));   # 10
+        &shl    ($acc,16);                      # 10
+        &or     ("ecx",$acc);                   # 10
+        &pshufw ("mm6","mm4",0x08);             # 13,12, 9, 8
+        &movz   ($acc,&HB("ebx"));              # 11
+        &movz   ($acc,&BP(-128,$tbl,$acc,1));   # 11
+        &shl    ($acc,24);                      # 11
+        &or     ("edx",$acc);                   # 11
+        &shr    ("ebx",16);                     # 15,14
+        &movz   ($acc,&HB("eax"));              #  5
+        &movz   ($acc,&BP(-128,$tbl,$acc,1));   #  5
+        &shl    ($acc,8);                       #  5
+        &or     ("ecx",$acc);                   #  5
+        &movz   ($acc,&HB("ebx"));              # 15
+        &movz   ($acc,&BP(-128,$tbl,$acc,1));   # 15
+        &shl    ($acc,24);                      # 15
+        &or     ("ecx",$acc);                   # 15
+        &movd   ("mm0","ecx");                  # t[0] collected
+        &movz   ($acc,&LB("eax"));              #  4
+        &movz   ("ecx",&BP(-128,$tbl,$acc,1));  #  4
+        &movd   ("eax","mm2");                  #  7, 6, 3, 2
+        &movz   ($acc,&LB("ebx"));              # 14
+        &movz   ($acc,&BP(-128,$tbl,$acc,1));   # 14
+        &shl    ($acc,16);                      # 14
+        &or     ("ecx",$acc);                   # 14
+        &movd   ("ebx","mm6");                  # 13,12, 9, 8
+        &movz   ($acc,&HB("eax"));              #  3
+        &movz   ($acc,&BP(-128,$tbl,$acc,1));   #  3
+        &shl    ($acc,24);                      #  3
+        &or     ("ecx",$acc);                   #  3
+        &movz   ($acc,&HB("ebx"));              #  9
+        &movz   ($acc,&BP(-128,$tbl,$acc,1));   #  9
+        &shl    ($acc,8);                       #  9
+        &or     ("ecx",$acc);                   #  9
+        &movd   ("mm1","ecx");                  # t[1] collected
+        &movz   ($acc,&LB("ebx"));              #  8
+        &movz   ("ecx",&BP(-128,$tbl,$acc,1));  #  8
+        &shr    ("ebx",16);                     # 13,12
+        &movz   ($acc,&LB("eax"));              #  2
+        &movz   ($acc,&BP(-128,$tbl,$acc,1));   #  2
+        &shl    ($acc,16);                      #  2
+        &or     ("ecx",$acc);                   #  2
+        &shr    ("eax",16);                     #  7, 6
+        &punpckldq      ("mm0","mm1");          # t[0,1] collected
+        &movz   ($acc,&HB("eax"));              #  7
+        &movz   ($acc,&BP(-128,$tbl,$acc,1));   #  7
+        &shl    ($acc,24);                      #  7
+        &or     ("ecx",$acc);                   #  7
+        &and    ("eax",0xff);                   #  6
+        &movz   ("eax",&BP(-128,$tbl,"eax",1)); #  6
+        &shl    ("eax",16);                     #  6
+        &or     ("edx","eax");                  #  6
+        &movz   ($acc,&HB("ebx"));              # 13
+        &movz   ($acc,&BP(-128,$tbl,$acc,1));   # 13
+        &shl    ($acc,8);                       # 13
+        &or     ("ecx",$acc);                   # 13
+        &movd   ("mm4","ecx");                  # t[2] collected
+        &and    ("ebx",0xff);                   # 12
+        &movz   ("ebx",&BP(-128,$tbl,"ebx",1)); # 12
+        &or     ("edx","ebx");                  # 12
+        &movd   ("mm5","edx");                  # t[3] collected
+        &punpckldq      ("mm4","mm5");          # t[2,3] collected
+}
+                                        if (!$x86only) {
+&function_begin_B("_sse_AES_encrypt_compact");
+        &pxor   ("mm0",&QWP(0,$key));   #  7, 6, 5, 4, 3, 2, 1, 0
+        &pxor   ("mm4",&QWP(8,$key));   # 15,14,13,12,11,10, 9, 8
+        # note that caller is expected to allocate stack frame for me!
+        &mov    ($acc,&DWP(240,$key));          # load key->rounds
+        &lea    ($acc,&DWP(-2,$acc,$acc));
+        &lea    ($acc,&DWP(0,$key,$acc,8));
+        &mov    ($__end,$acc);                  # end of key schedule
+        &mov    ($s0,0x1b1b1b1b);               # magic constant
+        &mov    (&DWP(8,"esp"),$s0);
+        &mov    (&DWP(12,"esp"),$s0);
+        # prefetch Te4
+        &mov    ($s0,&DWP(0-128,$tbl));
+        &mov    ($s1,&DWP(32-128,$tbl));
+        &mov    ($s2,&DWP(64-128,$tbl));
+        &mov    ($s3,&DWP(96-128,$tbl));
+        &mov    ($s0,&DWP(128-128,$tbl));
+        &mov    ($s1,&DWP(160-128,$tbl));
+        &mov    ($s2,&DWP(192-128,$tbl));
+        &mov    ($s3,&DWP(224-128,$tbl));
+        &set_label("loop",16);
+                &sse_enccompact();
+                &add    ($key,16);
+                &cmp    ($key,$__end);
+                &ja     (&label("out"));
+                &movq   ("mm2",&QWP(8,"esp"));
+                &pxor   ("mm3","mm3");          &pxor   ("mm7","mm7");
+                &movq   ("mm1","mm0");          &movq   ("mm5","mm4");  # r0
+                &pcmpgtb("mm3","mm0");          &pcmpgtb("mm7","mm4");
+                &pand   ("mm3","mm2");          &pand   ("mm7","mm2");
+                &pshufw ("mm2","mm0",0xb1);     &pshufw ("mm6","mm4",0xb1);# ROTATE(r0,16)
+                &paddb  ("mm0","mm0");          &paddb  ("mm4","mm4");
+                &pxor   ("mm0","mm3");          &pxor   ("mm4","mm7");  # = r2
+                &pshufw ("mm3","mm2",0xb1);     &pshufw ("mm7","mm6",0xb1);# r0
+                &pxor   ("mm1","mm0");          &pxor   ("mm5","mm4");  # r0^r2
+                &pxor   ("mm0","mm2");          &pxor   ("mm4","mm6");  # ^= ROTATE(r0,16)
+                &movq   ("mm2","mm3");          &movq   ("mm6","mm7");
+                &pslld  ("mm3",8);              &pslld  ("mm7",8);
+                &psrld  ("mm2",24);             &psrld  ("mm6",24);
+                &pxor   ("mm0","mm3");          &pxor   ("mm4","mm7");  # ^= r0<<8
+                &pxor   ("mm0","mm2");          &pxor   ("mm4","mm6");  # ^= r0>>24
+                &movq   ("mm3","mm1");          &movq   ("mm7","mm5");
+                &movq   ("mm2",&QWP(0,$key));   &movq   ("mm6",&QWP(8,$key));
+                &psrld  ("mm1",8);              &psrld  ("mm5",8);
+                &mov    ($s0,&DWP(0-128,$tbl));
+                &pslld  ("mm3",24);             &pslld  ("mm7",24);
+                &mov    ($s1,&DWP(64-128,$tbl));
+                &pxor   ("mm0","mm1");          &pxor   ("mm4","mm5");  # ^= (r2^r0)<<8
+                &mov    ($s2,&DWP(128-128,$tbl));
+                &pxor   ("mm0","mm3");          &pxor   ("mm4","mm7");  # ^= (r2^r0)>>24
+                &mov    ($s3,&DWP(192-128,$tbl));
+                &pxor   ("mm0","mm2");          &pxor   ("mm4","mm6");
+        &jmp    (&label("loop"));
+        &set_label("out",16);
+        &pxor   ("mm0",&QWP(0,$key));
+        &pxor   ("mm4",&QWP(8,$key));
+        &ret    ();
+&function_end_B("_sse_AES_encrypt_compact");
+                                        }
+######################################################################
+# Vanilla block function.
+######################################################################
 sub encstep()
 { my ($i,$te,@s) = @_;
  my $tmp = $key;
  my $out = $i==3?$s[0]:$acc;
        # lines marked with #%e?x[i] denote "reordered" instructions...
-        if ($i==3)  {   &mov    ($key,&DWP(12,"esp"));          }##%edx
+        if ($i==3)  {   &mov    ($key,$__key);                  }##%edx
        else        {   &mov    ($out,$s[0]);
                        &and    ($out,0xFF);                    }
        if ($i==1)  {   &shr    ($s[0],16);                     }#%ebx[1]
@@ -191,14 +780,14 @@ sub encstep()
                        &movz   ($tmp,&HB($s[1]));
                        &xor    ($out,&DWP(3,$te,$tmp,8));
-        if ($i==3)  {   $tmp=$s[2]; &mov ($s[1],&DWP(4,"esp")); }##%ebx
+        if ($i==3)  {   $tmp=$s[2]; &mov ($s[1],$__s0);         }##%ebx
        else        {   &mov    ($tmp,$s[2]);
                        &shr    ($tmp,16);                      }
        if ($i==2)  {   &and    ($s[1],0xFF);                   }#%edx[2]
                        &and    ($tmp,0xFF);
                        &xor    ($out,&DWP(2,$te,$tmp,8));
-        if ($i==3)  {   $tmp=$s[3]; &mov ($s[2],&DWP(8,"esp")); }##%ecx
+        if ($i==3)  {   $tmp=$s[3]; &mov ($s[2],$__s1);         }##%ecx
        elsif($i==2){   &movz   ($tmp,&HB($s[3]));              }#%ebx[2]
        else        {   &mov    ($tmp,$s[3]); 
                        &shr    ($tmp,24)                       }
@@ -213,7 +802,7 @@ sub enclast()
  my $tmp = $key;
  my $out = $i==3?$s[0]:$acc;
-        if ($i==3)  {   &mov    ($key,&DWP(12,"esp"));          }##%edx
+        if ($i==3)  {   &mov    ($key,$__key);                  }##%edx
        else        {   &mov    ($out,$s[0]);                   }
                        &and    ($out,0xFF);
        if ($i==1)  {   &shr    ($s[0],16);                     }#%ebx[1]
@@ -227,8 +816,8 @@ sub enclast()
                        &and    ($tmp,0x0000ff00);
                        &xor    ($out,$tmp);
-        if ($i==3)  {   $tmp=$s[2]; &mov ($s[1],&DWP(4,"esp")); }##%ebx
+        if ($i==3)  {   $tmp=$s[2]; &mov ($s[1],$__s0);         }##%ebx
-        else        {   mov     ($tmp,$s[2]);
+        else        {   &mov    ($tmp,$s[2]);
                        &shr    ($tmp,16);                      }
        if ($i==2)  {   &and    ($s[1],0xFF);                   }#%edx[2]
                        &and    ($tmp,0xFF);
@@ -236,7 +825,7 @@ sub enclast()
                        &and    ($tmp,0x00ff0000);
                        &xor    ($out,$tmp);
-        if ($i==3)  {   $tmp=$s[3]; &mov ($s[2],&DWP(8,"esp")); }##%ecx
+        if ($i==3)  {   $tmp=$s[3]; &mov ($s[2],$__s1);         }##%ecx
        elsif($i==2){   &movz   ($tmp,&HB($s[3]));              }#%ebx[2]
        else        {   &mov    ($tmp,$s[3]);
                        &shr    ($tmp,24);                      }
@@ -247,9 +836,6 @@ sub enclast()
        if ($i==3)  {   &mov    ($s[3],$acc);                   }
 }
-sub _data_word() { my $i; while(defined($i=shift)) { &data_word($i,$i); } }
-&public_label("AES_Te");
 &function_begin_B("_x86_AES_encrypt");
        if ($vertical_spin) {
                # I need high parts of volatile registers to be accessible...
@@ -258,7 +844,7 @@ sub _data_word() { my $i; while(defined($i=shift)) { &data_word($i,$i); } }
        }
        # note that caller is expected to allocate stack frame for me!
-        &mov    (&DWP(12,"esp"),$key);          # save key
+        &mov    ($__key,$key);                  # save key
        &xor    ($s0,&DWP(0,$key));             # xor with key
        &xor    ($s1,&DWP(4,$key));
@@ -270,24 +856,24 @@ sub _data_word() { my $i; while(defined($i=shift)) { &data_word($i,$i); } }
        if ($small_footprint) {
            &lea        ($acc,&DWP(-2,$acc,$acc));
            &lea        ($acc,&DWP(0,$key,$acc,8));
-            &mov        (&DWP(16,"esp"),$acc);  # end of key schedule
+            &mov        ($__end,$acc);          # end of key schedule
-            &align      (4);
-            &set_label("loop");
+            &set_label("loop",16);
                if ($vertical_spin) {
-                    &encvert("ebp",$s0,$s1,$s2,$s3);
+                    &encvert($tbl,$s0,$s1,$s2,$s3);
                } else {
-                    &encstep(0,"ebp",$s0,$s1,$s2,$s3);
+                    &encstep(0,$tbl,$s0,$s1,$s2,$s3);
-                    &encstep(1,"ebp",$s1,$s2,$s3,$s0);
+                    &encstep(1,$tbl,$s1,$s2,$s3,$s0);
-                    &encstep(2,"ebp",$s2,$s3,$s0,$s1);
+                    &encstep(2,$tbl,$s2,$s3,$s0,$s1);
-                    &encstep(3,"ebp",$s3,$s0,$s1,$s2);
+                    &encstep(3,$tbl,$s3,$s0,$s1,$s2);
                }
                &add    ($key,16);              # advance rd_key
                &xor    ($s0,&DWP(0,$key));
                &xor    ($s1,&DWP(4,$key));
                &xor    ($s2,&DWP(8,$key));
                &xor    ($s3,&DWP(12,$key));
-            &cmp        ($key,&DWP(16,"esp"));
+            &cmp        ($key,$__end);
-            &mov        (&DWP(12,"esp"),$key);
+            &mov        ($__key,$key);
            &jb         (&label("loop"));
        }
        else {
@@ -296,15 +882,15 @@ sub _data_word() { my $i; while(defined($i=shift)) { &data_word($i,$i); } }
            &cmp        ($acc,12);
            &jle        (&label("12rounds"));
-        &set_label("14rounds");
+        &set_label("14rounds",4);
            for ($i=1;$i<3;$i++) {
                if ($vertical_spin) {
-                    &encvert("ebp",$s0,$s1,$s2,$s3);
+                    &encvert($tbl,$s0,$s1,$s2,$s3);
                } else {
-                    &encstep(0,"ebp",$s0,$s1,$s2,$s3);
+                    &encstep(0,$tbl,$s0,$s1,$s2,$s3);
-                    &encstep(1,"ebp",$s1,$s2,$s3,$s0);
+                    &encstep(1,$tbl,$s1,$s2,$s3,$s0);
-                    &encstep(2,"ebp",$s2,$s3,$s0,$s1);
+                    &encstep(2,$tbl,$s2,$s3,$s0,$s1);
-                    &encstep(3,"ebp",$s3,$s0,$s1,$s2);
+                    &encstep(3,$tbl,$s3,$s0,$s1,$s2);
                }
                &xor    ($s0,&DWP(16*$i+0,$key));
                &xor    ($s1,&DWP(16*$i+4,$key));
@@ -312,16 +898,16 @@ sub _data_word() { my $i; while(defined($i=shift)) { &data_word($i,$i); } }
                &xor    ($s3,&DWP(16*$i+12,$key));
            }
            &add        ($key,32);
-            &mov        (&DWP(12,"esp"),$key);  # advance rd_key
+            &mov        ($__key,$key);          # advance rd_key
-        &set_label("12rounds");
+        &set_label("12rounds",4);
            for ($i=1;$i<3;$i++) {
                if ($vertical_spin) {
-                    &encvert("ebp",$s0,$s1,$s2,$s3);
+                    &encvert($tbl,$s0,$s1,$s2,$s3);
                } else {
-                    &encstep(0,"ebp",$s0,$s1,$s2,$s3);
+                    &encstep(0,$tbl,$s0,$s1,$s2,$s3);
-                    &encstep(1,"ebp",$s1,$s2,$s3,$s0);
+                    &encstep(1,$tbl,$s1,$s2,$s3,$s0);
-                    &encstep(2,"ebp",$s2,$s3,$s0,$s1);
+                    &encstep(2,$tbl,$s2,$s3,$s0,$s1);
-                    &encstep(3,"ebp",$s3,$s0,$s1,$s2);
+                    &encstep(3,$tbl,$s3,$s0,$s1,$s2);
                }
                &xor    ($s0,&DWP(16*$i+0,$key));
                &xor    ($s1,&DWP(16*$i+4,$key));
@@ -329,16 +915,16 @@ sub _data_word() { my $i; while(defined($i=shift)) { &data_word($i,$i); } }
                &xor    ($s3,&DWP(16*$i+12,$key));
            }
            &add        ($key,32);
-            &mov        (&DWP(12,"esp"),$key);  # advance rd_key
+            &mov        ($__key,$key);          # advance rd_key
-        &set_label("10rounds");
+        &set_label("10rounds",4);
            for ($i=1;$i<10;$i++) {
                if ($vertical_spin) {
-                    &encvert("ebp",$s0,$s1,$s2,$s3);
+                    &encvert($tbl,$s0,$s1,$s2,$s3);
                } else {
-                    &encstep(0,"ebp",$s0,$s1,$s2,$s3);
+                    &encstep(0,$tbl,$s0,$s1,$s2,$s3);
-                    &encstep(1,"ebp",$s1,$s2,$s3,$s0);
+                    &encstep(1,$tbl,$s1,$s2,$s3,$s0);
-                    &encstep(2,"ebp",$s2,$s3,$s0,$s1);
+                    &encstep(2,$tbl,$s2,$s3,$s0,$s1);
-                    &encstep(3,"ebp",$s3,$s0,$s1,$s2);
+                    &encstep(3,$tbl,$s3,$s0,$s1,$s2);
                }
                &xor    ($s0,&DWP(16*$i+0,$key));
                &xor    ($s1,&DWP(16*$i+4,$key));
@@ -352,10 +938,10 @@ sub _data_word() { my $i; while(defined($i=shift)) { &data_word($i,$i); } }
            &mov        ($s1="ebx",$key="edi");
            &mov        ($s2="ecx",$acc="esi");
        }
-        &enclast(0,"ebp",$s0,$s1,$s2,$s3);
+        &enclast(0,$tbl,$s0,$s1,$s2,$s3);
-        &enclast(1,"ebp",$s1,$s2,$s3,$s0);
+        &enclast(1,$tbl,$s1,$s2,$s3,$s0);
-        &enclast(2,"ebp",$s2,$s3,$s0,$s1);
+        &enclast(2,$tbl,$s2,$s3,$s0,$s1);
-        &enclast(3,"ebp",$s3,$s0,$s1,$s2);
+        &enclast(3,$tbl,$s3,$s0,$s1,$s2);
        &add    ($key,$small_footprint?16:160);
        &xor    ($s0,&DWP(0,$key));
@@ -430,38 +1016,198 @@ sub _data_word() { my $i; while(defined($i=shift)) { &data_word($i,$i); } }
        &_data_word(0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0);
        &_data_word(0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e);
        &_data_word(0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c);
+#Te4    # four copies of Te4 to choose from to avoid L1 aliasing
+        &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
+        &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
+        &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
+        &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
+        &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
+        &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
+        &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
+        &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
+        &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
+        &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
+        &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
+        &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
+        &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
+        &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
+        &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
+        &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
+        &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
+        &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
+        &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
+        &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
+        &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
+        &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
+        &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
+        &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
+        &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
+        &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
+        &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
+        &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
+        &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
+        &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
+        &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
+        &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
+        &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
+        &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
+        &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
+        &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
+        &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
+        &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
+        &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
+        &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
+        &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
+        &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
+        &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
+        &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
+        &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
+        &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
+        &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
+        &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
+        &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
+        &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
+        &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
+        &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
+        &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
+        &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
+        &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
+        &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
+        &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
+        &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
+        &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
+        &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
+        &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
+        &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
+        &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
+        &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
+        &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
+        &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
+        &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
+        &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
+        &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
+        &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
+        &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
+        &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
+        &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
+        &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
+        &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
+        &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
+        &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
+        &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
+        &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
+        &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
+        &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
+        &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
+        &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
+        &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
+        &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
+        &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
+        &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
+        &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
+        &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
+        &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
+        &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
+        &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
+        &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
+        &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
+        &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
+        &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
+        &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
+        &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
+        &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
+        &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
+        &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
+        &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
+        &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
+        &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
+        &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
+        &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
+        &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
+        &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
+        &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
+        &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
+        &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
+        &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
+        &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
+        &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
+        &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
+        &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
+        &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
+        &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
+        &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
+        &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
+        &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
+        &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
+        &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
+        &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
+        &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
+        &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
+        &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
+        &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
 #rcon:
        &data_word(0x00000001, 0x00000002, 0x00000004, 0x00000008);
        &data_word(0x00000010, 0x00000020, 0x00000040, 0x00000080);
-        &data_word(0x0000001b, 0x00000036, 0, 0, 0, 0, 0, 0);
+        &data_word(0x0000001b, 0x00000036, 0x00000000, 0x00000000);
+        &data_word(0x00000000, 0x00000000, 0x00000000, 0x00000000);
 &function_end_B("_x86_AES_encrypt");
 # void AES_encrypt (const void *inp,void *out,const AES_KEY *key);
-&public_label("AES_Te");
 &function_begin("AES_encrypt");
        &mov    ($acc,&wparam(0));              # load inp
        &mov    ($key,&wparam(2));              # load key
        &mov    ($s0,"esp");
-        &sub    ("esp",24);
+        &sub    ("esp",36);
-        &and    ("esp",-64);
+        &and    ("esp",-64);                    # align to cache-line
-        &add    ("esp",4);
-        &mov    (&DWP(16,"esp"),$s0);
+        # place stack frame just "above" the key schedule
+        &lea    ($s1,&DWP(-64-63,$key));
+        &sub    ($s1,"esp");
+        &neg    ($s1);
+        &and    ($s1,0x3C0);    # modulo 1024, but aligned to cache-line
+        &sub    ("esp",$s1);
+        &add    ("esp",4);      # 4 is reserved for caller's return address
+        &mov    ($_esp,$s0);                    # save stack pointer
        &call   (&label("pic_point"));          # make it PIC!
        &set_label("pic_point");
-        &blindpop("ebp");
+        &blindpop($tbl);
-        &lea    ("ebp",&DWP(&label("AES_Te")."-".&label("pic_point"),"ebp"));
+        &picmeup($s0,"OPENSSL_ia32cap_P",$tbl,&label("pic_point")) if (!$x86only);
+        &lea    ($tbl,&DWP(&label("AES_Te")."-".&label("pic_point"),$tbl));
+        # pick Te4 copy which can't "overlap" with stack frame or key schedule
+        &lea    ($s1,&DWP(768-4,"esp"));
+        &sub    ($s1,$tbl);
+        &and    ($s1,0x300);
+        &lea    ($tbl,&DWP(2048+128,$tbl,$s1));
+                                        if (!$x86only) {
+        &bt     (&DWP(0,$s0),25);       # check for SSE bit
+        &jnc    (&label("x86"));
+        &movq   ("mm0",&QWP(0,$acc));
+        &movq   ("mm4",&QWP(8,$acc));
+        &call   ("_sse_AES_encrypt_compact");
+        &mov    ("esp",$_esp);                  # restore stack pointer
+        &mov    ($acc,&wparam(1));              # load out
+        &movq   (&QWP(0,$acc),"mm0");           # write output data
+        &movq   (&QWP(8,$acc),"mm4");
+        &emms   ();
+        &function_end_A();
+                                        }
+        &set_label("x86",16);
+        &mov    ($_tbl,$tbl);
        &mov    ($s0,&DWP(0,$acc));             # load input data
        &mov    ($s1,&DWP(4,$acc));
        &mov    ($s2,&DWP(8,$acc));
        &mov    ($s3,&DWP(12,$acc));
+        &call   ("_x86_AES_encrypt_compact");
-        &call   ("_x86_AES_encrypt");
+        &mov    ("esp",$_esp);                  # restore stack pointer
-        &mov    ("esp",&DWP(16,"esp"));
        &mov    ($acc,&wparam(1));              # load out
        &mov    (&DWP(0,$acc),$s0);             # write output data
        &mov    (&DWP(4,$acc),$s1);
@@ -469,7 +1215,370 @@ sub _data_word() { my $i; while(defined($i=shift)) { &data_word($i,$i); } }
        &mov    (&DWP(12,$acc),$s3);
 &function_end("AES_encrypt");
-#------------------------------------------------------------------#
+#--------------------------------------------------------------------#
+######################################################################
+# "Compact" block function
+######################################################################
+sub deccompact()
+{ my $Fn = mov;
+  while ($#_>5) { pop(@_); $Fn=sub{}; }
+  my ($i,$td,@s)=@_;
+  my $tmp = $key;
+  my $out = $i==3?$s[0]:$acc;
+        # $Fn is used in first compact round and its purpose is to
+        # void restoration of some values from stack, so that after
+        # 4xdeccompact with extra argument $key, $s0 and $s1 values
+        # are left there...
+        if($i==3)   {   &$Fn    ($key,$__key);                  }
+        else        {   &mov    ($out,$s[0]);                   }
+                        &and    ($out,0xFF);
+                        &movz   ($out,&BP(-128,$td,$out,1));
+        if ($i==3)  {   $tmp=$s[1];                             }
+                        &movz   ($tmp,&HB($s[1]));
+                        &movz   ($tmp,&BP(-128,$td,$tmp,1));
+                        &shl    ($tmp,8);
+                        &xor    ($out,$tmp);
+        if ($i==3)  {   $tmp=$s[2]; &mov ($s[1],$acc);          }
+        else        {   mov     ($tmp,$s[2]);                   }
+                        &shr    ($tmp,16);
+                        &and    ($tmp,0xFF);
+                        &movz   ($tmp,&BP(-128,$td,$tmp,1));
+                        &shl    ($tmp,16);
+                        &xor    ($out,$tmp);
+        if ($i==3)  {   $tmp=$s[3]; &$Fn ($s[2],$__s1);         }
+        else        {   &mov    ($tmp,$s[3]);                   }
+                        &shr    ($tmp,24);
+                        &movz   ($tmp,&BP(-128,$td,$tmp,1));
+                        &shl    ($tmp,24);
+                        &xor    ($out,$tmp);
+        if ($i<2)   {   &mov    (&DWP(4+4*$i,"esp"),$out);      }
+        if ($i==3)  {   &$Fn    ($s[3],$__s0);                  }
+}
+# must be called with 2,3,0,1 as argument sequence!!!
+sub dectransform()
+{ my @s = ($s0,$s1,$s2,$s3);
+  my $i = shift;
+  my $tmp = $key;
+  my $tp2 = @s[($i+2)%4]; $tp2 = @s[2] if ($i==1);
+  my $tp4 = @s[($i+3)%4]; $tp4 = @s[3] if ($i==1);
+  my $tp8 = $tbl;
+        &mov    ($acc,$s[$i]);
+        &and    ($acc,0x80808080);
+        &mov    ($tmp,$acc);
+        &shr    ($tmp,7);
+        &lea    ($tp2,&DWP(0,$s[$i],$s[$i]));
+        &sub    ($acc,$tmp);
+        &and    ($tp2,0xfefefefe);
+        &and    ($acc,0x1b1b1b1b);
+        &xor    ($acc,$tp2);
+        &mov    ($tp2,$acc);
+        &and    ($acc,0x80808080);
+        &mov    ($tmp,$acc);
+        &shr    ($tmp,7);
+        &lea    ($tp4,&DWP(0,$tp2,$tp2));
+        &sub    ($acc,$tmp);
+        &and    ($tp4,0xfefefefe);
+        &and    ($acc,0x1b1b1b1b);
+         &xor   ($tp2,$s[$i]);  # tp2^tp1
+        &xor    ($acc,$tp4);
+        &mov    ($tp4,$acc);
+        &and    ($acc,0x80808080);
+        &mov    ($tmp,$acc);
+        &shr    ($tmp,7);
+        &lea    ($tp8,&DWP(0,$tp4,$tp4));
+        &sub    ($acc,$tmp);
+        &and    ($tp8,0xfefefefe);
+        &and    ($acc,0x1b1b1b1b);
+         &xor   ($tp4,$s[$i]);  # tp4^tp1
+         &rotl  ($s[$i],8);     # = ROTATE(tp1,8)
+        &xor    ($tp8,$acc);
+        &xor    ($s[$i],$tp2);
+        &xor    ($tp2,$tp8);
+        &rotl   ($tp2,24);
+        &xor    ($s[$i],$tp4);
+        &xor    ($tp4,$tp8);
+        &rotl   ($tp4,16);
+        &xor    ($s[$i],$tp8);  # ^= tp8^(tp4^tp1)^(tp2^tp1)
+        &rotl   ($tp8,8);
+        &xor    ($s[$i],$tp2);  # ^= ROTATE(tp8^tp2^tp1,24)
+        &xor    ($s[$i],$tp4);  # ^= ROTATE(tp8^tp4^tp1,16)
+         &mov   ($s[0],$__s0)                   if($i==2); #prefetch $s0
+         &mov   ($s[1],$__s1)                   if($i==3); #prefetch $s1
+         &mov   ($s[2],$__s2)                   if($i==1);
+        &xor    ($s[$i],$tp8);  # ^= ROTATE(tp8,8)
+        &mov    ($s[3],$__s3)                   if($i==1);
+        &mov    (&DWP(4+4*$i,"esp"),$s[$i])     if($i>=2);
+}
+&function_begin_B("_x86_AES_decrypt_compact");
+        # note that caller is expected to allocate stack frame for me!
+        &mov    ($__key,$key);                  # save key
+        &xor    ($s0,&DWP(0,$key));             # xor with key
+        &xor    ($s1,&DWP(4,$key));
+        &xor    ($s2,&DWP(8,$key));
+        &xor    ($s3,&DWP(12,$key));
+        &mov    ($acc,&DWP(240,$key));          # load key->rounds
+        &lea    ($acc,&DWP(-2,$acc,$acc));
+        &lea    ($acc,&DWP(0,$key,$acc,8));
+        &mov    ($__end,$acc);                  # end of key schedule
+        # prefetch Td4
+        &mov    ($key,&DWP(0-128,$tbl));
+        &mov    ($acc,&DWP(32-128,$tbl));
+        &mov    ($key,&DWP(64-128,$tbl));
+        &mov    ($acc,&DWP(96-128,$tbl));
+        &mov    ($key,&DWP(128-128,$tbl));
+        &mov    ($acc,&DWP(160-128,$tbl));
+        &mov    ($key,&DWP(192-128,$tbl));
+        &mov    ($acc,&DWP(224-128,$tbl));
+        &set_label("loop",16);
+                &deccompact(0,$tbl,$s0,$s3,$s2,$s1,1);
+                &deccompact(1,$tbl,$s1,$s0,$s3,$s2,1);
+                &deccompact(2,$tbl,$s2,$s1,$s0,$s3,1);
+                &deccompact(3,$tbl,$s3,$s2,$s1,$s0,1);
+                &dectransform(2);
+                &dectransform(3);
+                &dectransform(0);
+                &dectransform(1);
+                &mov    ($key,$__key);
+                &mov    ($tbl,$__tbl);
+                &add    ($key,16);              # advance rd_key
+                &xor    ($s0,&DWP(0,$key));
+                &xor    ($s1,&DWP(4,$key));
+                &xor    ($s2,&DWP(8,$key));
+                &xor    ($s3,&DWP(12,$key));
+        &cmp    ($key,$__end);
+        &mov    ($__key,$key);
+        &jb     (&label("loop"));
+        &deccompact(0,$tbl,$s0,$s3,$s2,$s1);
+        &deccompact(1,$tbl,$s1,$s0,$s3,$s2);
+        &deccompact(2,$tbl,$s2,$s1,$s0,$s3);
+        &deccompact(3,$tbl,$s3,$s2,$s1,$s0);
+        &xor    ($s0,&DWP(16,$key));
+        &xor    ($s1,&DWP(20,$key));
+        &xor    ($s2,&DWP(24,$key));
+        &xor    ($s3,&DWP(28,$key));
+        &ret    ();
+&function_end_B("_x86_AES_decrypt_compact");
+######################################################################
+# "Compact" SSE block function.
+######################################################################
+sub sse_deccompact()
+{
+        &pshufw ("mm1","mm0",0x0c);             #  7, 6, 1, 0
+        &movd   ("eax","mm1");                  #  7, 6, 1, 0
+        &pshufw ("mm5","mm4",0x09);             # 13,12,11,10
+        &movz   ($acc,&LB("eax"));              #  0
+        &movz   ("ecx",&BP(-128,$tbl,$acc,1));  #  0
+        &movd   ("ebx","mm5");                  # 13,12,11,10
+        &movz   ("edx",&HB("eax"));             #  1
+        &movz   ("edx",&BP(-128,$tbl,"edx",1)); #  1
+        &shl    ("edx",8);                      #  1
+        &pshufw ("mm2","mm0",0x06);             #  3, 2, 5, 4
+        &movz   ($acc,&LB("ebx"));              # 10
+        &movz   ($acc,&BP(-128,$tbl,$acc,1));   # 10
+        &shl    ($acc,16);                      # 10
+        &or     ("ecx",$acc);                   # 10
+        &shr    ("eax",16);                     #  7, 6
+        &movz   ($acc,&HB("ebx"));              # 11
+        &movz   ($acc,&BP(-128,$tbl,$acc,1));   # 11
+        &shl    ($acc,24);                      # 11
+        &or     ("edx",$acc);                   # 11
+        &shr    ("ebx",16);                     # 13,12
+        &pshufw ("mm6","mm4",0x03);             # 9, 8,15,14
+        &movz   ($acc,&HB("eax"));              #  7
+        &movz   ($acc,&BP(-128,$tbl,$acc,1));   #  7
+        &shl    ($acc,24);                      #  7
+        &or     ("ecx",$acc);                   #  7
+        &movz   ($acc,&HB("ebx"));              # 13
+        &movz   ($acc,&BP(-128,$tbl,$acc,1));   # 13
+        &shl    ($acc,8);                       # 13
+        &or     ("ecx",$acc);                   # 13
+        &movd   ("mm0","ecx");                  # t[0] collected
+        &movz   ($acc,&LB("eax"));              #  6
+        &movd   ("eax","mm2");                  #  3, 2, 5, 4
+        &movz   ("ecx",&BP(-128,$tbl,$acc,1));  #  6
+        &shl    ("ecx",16);                     #  6
+        &movz   ($acc,&LB("ebx"));              # 12
+        &movd   ("ebx","mm6");                  #  9, 8,15,14
+        &movz   ($acc,&BP(-128,$tbl,$acc,1));   # 12
+        &or     ("ecx",$acc);                   # 12
+        &movz   ($acc,&LB("eax"));              #  4
+        &movz   ($acc,&BP(-128,$tbl,$acc,1));   #  4
+        &or     ("edx",$acc);                   #  4
+        &movz   ($acc,&LB("ebx"));              # 14
+        &movz   ($acc,&BP(-128,$tbl,$acc,1));   # 14
+        &shl    ($acc,16);                      # 14
+        &or     ("edx",$acc);                   # 14
+        &movd   ("mm1","edx");                  # t[1] collected
+        &movz   ($acc,&HB("eax"));              #  5
+        &movz   ("edx",&BP(-128,$tbl,$acc,1));  #  5
+        &shl    ("edx",8);                      #  5
+        &movz   ($acc,&HB("ebx"));              # 15
+        &shr    ("eax",16);                     #  3, 2
+        &movz   ($acc,&BP(-128,$tbl,$acc,1));   # 15
+        &shl    ($acc,24);                      # 15
+        &or     ("edx",$acc);                   # 15
+        &shr    ("ebx",16);                     #  9, 8
+        &punpckldq      ("mm0","mm1");          # t[0,1] collected
+        &movz   ($acc,&HB("ebx"));              #  9
+        &movz   ($acc,&BP(-128,$tbl,$acc,1));   #  9
+        &shl    ($acc,8);                       #  9
+        &or     ("ecx",$acc);                   #  9
+        &and    ("ebx",0xff);                   #  8
+        &movz   ("ebx",&BP(-128,$tbl,"ebx",1)); #  8
+        &or     ("edx","ebx");                  #  8
+        &movz   ($acc,&LB("eax"));              #  2
+        &movz   ($acc,&BP(-128,$tbl,$acc,1));   #  2
+        &shl    ($acc,16);                      #  2
+        &or     ("edx",$acc);                   #  2
+        &movd   ("mm4","edx");                  # t[2] collected
+        &movz   ("eax",&HB("eax"));             #  3
+        &movz   ("eax",&BP(-128,$tbl,"eax",1)); #  3
+        &shl    ("eax",24);                     #  3
+        &or     ("ecx","eax");                  #  3
+        &movd   ("mm5","ecx");                  # t[3] collected
+        &punpckldq      ("mm4","mm5");          # t[2,3] collected
+}
+                                        if (!$x86only) {
+&function_begin_B("_sse_AES_decrypt_compact");
+        &pxor   ("mm0",&QWP(0,$key));   #  7, 6, 5, 4, 3, 2, 1, 0
+        &pxor   ("mm4",&QWP(8,$key));   # 15,14,13,12,11,10, 9, 8
+        # note that caller is expected to allocate stack frame for me!
+        &mov    ($acc,&DWP(240,$key));          # load key->rounds
+        &lea    ($acc,&DWP(-2,$acc,$acc));
+        &lea    ($acc,&DWP(0,$key,$acc,8));
+        &mov    ($__end,$acc);                  # end of key schedule
+        &mov    ($s0,0x1b1b1b1b);               # magic constant
+        &mov    (&DWP(8,"esp"),$s0);
+        &mov    (&DWP(12,"esp"),$s0);
+        # prefetch Td4
+        &mov    ($s0,&DWP(0-128,$tbl));
+        &mov    ($s1,&DWP(32-128,$tbl));
+        &mov    ($s2,&DWP(64-128,$tbl));
+        &mov    ($s3,&DWP(96-128,$tbl));
+        &mov    ($s0,&DWP(128-128,$tbl));
+        &mov    ($s1,&DWP(160-128,$tbl));
+        &mov    ($s2,&DWP(192-128,$tbl));
+        &mov    ($s3,&DWP(224-128,$tbl));
+        &set_label("loop",16);
+                &sse_deccompact();
+                &add    ($key,16);
+                &cmp    ($key,$__end);
+                &ja     (&label("out"));
+                # ROTATE(x^y,N) == ROTATE(x,N)^ROTATE(y,N)
+                &movq   ("mm3","mm0");          &movq   ("mm7","mm4");
+                &movq   ("mm2","mm0",1);        &movq   ("mm6","mm4",1);
+                &movq   ("mm1","mm0");          &movq   ("mm5","mm4");
+                &pshufw ("mm0","mm0",0xb1);     &pshufw ("mm4","mm4",0xb1);# = ROTATE(tp0,16)
+                &pslld  ("mm2",8);              &pslld  ("mm6",8);
+                &psrld  ("mm3",8);              &psrld  ("mm7",8);
+                &pxor   ("mm0","mm2");          &pxor   ("mm4","mm6");  # ^= tp0<<8
+                &pxor   ("mm0","mm3");          &pxor   ("mm4","mm7");  # ^= tp0>>8
+                &pslld  ("mm2",16);             &pslld  ("mm6",16);
+                &psrld  ("mm3",16);             &psrld  ("mm7",16);
+                &pxor   ("mm0","mm2");          &pxor   ("mm4","mm6");  # ^= tp0<<24
+                &pxor   ("mm0","mm3");          &pxor   ("mm4","mm7");  # ^= tp0>>24
+                &movq   ("mm3",&QWP(8,"esp"));
+                &pxor   ("mm2","mm2");          &pxor   ("mm6","mm6");
+                &pcmpgtb("mm2","mm1");          &pcmpgtb("mm6","mm5");
+                &pand   ("mm2","mm3");          &pand   ("mm6","mm3");
+                &paddb  ("mm1","mm1");          &paddb  ("mm5","mm5");
+                &pxor   ("mm1","mm2");          &pxor   ("mm5","mm6");  # tp2
+                &movq   ("mm3","mm1");          &movq   ("mm7","mm5");
+                &movq   ("mm2","mm1");          &movq   ("mm6","mm5");
+                &pxor   ("mm0","mm1");          &pxor   ("mm4","mm5");  # ^= tp2
+                &pslld  ("mm3",24);             &pslld  ("mm7",24);
+                &psrld  ("mm2",8);              &psrld  ("mm6",8);
+                &pxor   ("mm0","mm3");          &pxor   ("mm4","mm7");  # ^= tp2<<24
+                &pxor   ("mm0","mm2");          &pxor   ("mm4","mm6");  # ^= tp2>>8
+                &movq   ("mm2",&QWP(8,"esp"));
+                &pxor   ("mm3","mm3");          &pxor   ("mm7","mm7");
+                &pcmpgtb("mm3","mm1");          &pcmpgtb("mm7","mm5");
+                &pand   ("mm3","mm2");          &pand   ("mm7","mm2");
+                &paddb  ("mm1","mm1");          &paddb  ("mm5","mm5");
+                &pxor   ("mm1","mm3");          &pxor   ("mm5","mm7");  # tp4
+                &pshufw ("mm3","mm1",0xb1);     &pshufw ("mm7","mm5",0xb1);
+                &pxor   ("mm0","mm1");          &pxor   ("mm4","mm5");  # ^= tp4
+                &pxor   ("mm0","mm3");          &pxor   ("mm4","mm7");  # ^= ROTATE(tp4,16)     
+                &pxor   ("mm3","mm3");          &pxor   ("mm7","mm7");
+                &pcmpgtb("mm3","mm1");          &pcmpgtb("mm7","mm5");
+                &pand   ("mm3","mm2");          &pand   ("mm7","mm2");
+                &paddb  ("mm1","mm1");          &paddb  ("mm5","mm5");
+                &pxor   ("mm1","mm3");          &pxor   ("mm5","mm7");  # tp8
+                &pxor   ("mm0","mm1");          &pxor   ("mm4","mm5");  # ^= tp8
+                &movq   ("mm3","mm1");          &movq   ("mm7","mm5");
+                &pshufw ("mm2","mm1",0xb1);     &pshufw ("mm6","mm5",0xb1);
+                &pxor   ("mm0","mm2");          &pxor   ("mm4","mm6");  # ^= ROTATE(tp8,16)
+                &pslld  ("mm1",8);              &pslld  ("mm5",8);
+                &psrld  ("mm3",8);              &psrld  ("mm7",8);
+                &movq   ("mm2",&QWP(0,$key));   &movq   ("mm6",&QWP(8,$key));
+                &pxor   ("mm0","mm1");          &pxor   ("mm4","mm5");  # ^= tp8<<8
+                &pxor   ("mm0","mm3");          &pxor   ("mm4","mm7");  # ^= tp8>>8
+                &mov    ($s0,&DWP(0-128,$tbl));
+                &pslld  ("mm1",16);             &pslld  ("mm5",16);
+                &mov    ($s1,&DWP(64-128,$tbl));
+                &psrld  ("mm3",16);             &psrld  ("mm7",16);
+                &mov    ($s2,&DWP(128-128,$tbl));
+                &pxor   ("mm0","mm1");          &pxor   ("mm4","mm5");  # ^= tp8<<24
+                &mov    ($s3,&DWP(192-128,$tbl));
+                &pxor   ("mm0","mm3");          &pxor   ("mm4","mm7");  # ^= tp8>>24
+                &pxor   ("mm0","mm2");          &pxor   ("mm4","mm6");
+        &jmp    (&label("loop"));
+        &set_label("out",16);
+        &pxor   ("mm0",&QWP(0,$key));
+        &pxor   ("mm4",&QWP(8,$key));
+        &ret    ();
+&function_end_B("_sse_AES_decrypt_compact");
+                                        }
+######################################################################
+# Vanilla block function.
+######################################################################
 sub decstep()
 { my ($i,$td,@s) = @_;
@@ -480,7 +1589,7 @@ sub decstep()
        # optimal... or rather that all attempts to reorder didn't
        # result in better performance [which by the way is not a
        # bit lower than ecryption].
-        if($i==3)   {   &mov    ($key,&DWP(12,"esp"));          }
+        if($i==3)   {   &mov    ($key,$__key);                  }
        else        {   &mov    ($out,$s[0]);                   }
                        &and    ($out,0xFF);
                        &mov    ($out,&DWP(0,$td,$out,8));
@@ -495,12 +1604,12 @@ sub decstep()
                        &and    ($tmp,0xFF);
                        &xor    ($out,&DWP(2,$td,$tmp,8));
-        if ($i==3)  {   $tmp=$s[3]; &mov ($s[2],&DWP(8,"esp")); }
+        if ($i==3)  {   $tmp=$s[3]; &mov ($s[2],$__s1);         }
        else        {   &mov    ($tmp,$s[3]);                   }
                        &shr    ($tmp,24);
                        &xor    ($out,&DWP(1,$td,$tmp,8));
        if ($i<2)   {   &mov    (&DWP(4+4*$i,"esp"),$out);      }
-        if ($i==3)  {   &mov    ($s[3],&DWP(4,"esp"));          }
+        if ($i==3)  {   &mov    ($s[3],$__s0);                  }
                        &comment();
 }
@@ -509,14 +1618,24 @@ sub declast()
  my $tmp = $key;
  my $out = $i==3?$s[0]:$acc;
-        if($i==3)   {   &mov    ($key,&DWP(12,"esp"));          }
+        if($i==0)   {   &lea    ($td,&DWP(2048+128,$td));
+                        &mov    ($tmp,&DWP(0-128,$td));
+                        &mov    ($acc,&DWP(32-128,$td));
+                        &mov    ($tmp,&DWP(64-128,$td));
+                        &mov    ($acc,&DWP(96-128,$td));
+                        &mov    ($tmp,&DWP(128-128,$td));
+                        &mov    ($acc,&DWP(160-128,$td));
+                        &mov    ($tmp,&DWP(192-128,$td));
+                        &mov    ($acc,&DWP(224-128,$td));
+                        &lea    ($td,&DWP(-128,$td));           }
+        if($i==3)   {   &mov    ($key,$__key);                  }
        else        {   &mov    ($out,$s[0]);                   }
                        &and    ($out,0xFF);
-                        &movz   ($out,&BP(2048,$td,$out,1));
+                        &movz   ($out,&BP(0,$td,$out,1));
        if ($i==3)  {   $tmp=$s[1];                             }
                        &movz   ($tmp,&HB($s[1]));
-                        &movz   ($tmp,&BP(2048,$td,$tmp,1));
+                        &movz   ($tmp,&BP(0,$td,$tmp,1));
                        &shl    ($tmp,8);
                        &xor    ($out,$tmp);
@@ -524,24 +1643,24 @@ sub declast()
        else        {   mov     ($tmp,$s[2]);                   }
                        &shr    ($tmp,16);
                        &and    ($tmp,0xFF);
-                        &movz   ($tmp,&BP(2048,$td,$tmp,1));
+                        &movz   ($tmp,&BP(0,$td,$tmp,1));
                        &shl    ($tmp,16);
                        &xor    ($out,$tmp);
-        if ($i==3)  {   $tmp=$s[3]; &mov ($s[2],&DWP(8,"esp")); }
+        if ($i==3)  {   $tmp=$s[3]; &mov ($s[2],$__s1);         }
        else        {   &mov    ($tmp,$s[3]);                   }
                        &shr    ($tmp,24);
-                        &movz   ($tmp,&BP(2048,$td,$tmp,1));
+                        &movz   ($tmp,&BP(0,$td,$tmp,1));
                        &shl    ($tmp,24);
                        &xor    ($out,$tmp);
        if ($i<2)   {   &mov    (&DWP(4+4*$i,"esp"),$out);      }
-        if ($i==3)  {   &mov    ($s[3],&DWP(4,"esp"));          }
+        if ($i==3)  {   &mov    ($s[3],$__s0);
+                        &lea    ($td,&DWP(-2048,$td));          }
 }
-&public_label("AES_Td");
 &function_begin_B("_x86_AES_decrypt");
        # note that caller is expected to allocate stack frame for me!
-        &mov    (&DWP(12,"esp"),$key);          # save key
+        &mov    ($__key,$key);                  # save key
        &xor    ($s0,&DWP(0,$key));             # xor with key
        &xor    ($s1,&DWP(4,$key));
@@ -553,20 +1672,19 @@ sub declast()
        if ($small_footprint) {
            &lea        ($acc,&DWP(-2,$acc,$acc));
            &lea        ($acc,&DWP(0,$key,$acc,8));
-            &mov        (&DWP(16,"esp"),$acc);  # end of key schedule
+            &mov        ($__end,$acc);          # end of key schedule
-            &align      (4);
+            &set_label("loop",16);
-            &set_label("loop");
+                &decstep(0,$tbl,$s0,$s3,$s2,$s1);
-                &decstep(0,"ebp",$s0,$s3,$s2,$s1);
+                &decstep(1,$tbl,$s1,$s0,$s3,$s2);
-                &decstep(1,"ebp",$s1,$s0,$s3,$s2);
+                &decstep(2,$tbl,$s2,$s1,$s0,$s3);
-                &decstep(2,"ebp",$s2,$s1,$s0,$s3);
+                &decstep(3,$tbl,$s3,$s2,$s1,$s0);
-                &decstep(3,"ebp",$s3,$s2,$s1,$s0);
                &add    ($key,16);              # advance rd_key
                &xor    ($s0,&DWP(0,$key));
                &xor    ($s1,&DWP(4,$key));
                &xor    ($s2,&DWP(8,$key));
                &xor    ($s3,&DWP(12,$key));
-            &cmp        ($key,&DWP(16,"esp"));
+            &cmp        ($key,$__end);
-            &mov        (&DWP(12,"esp"),$key);
+            &mov        ($__key,$key);
            &jb         (&label("loop"));
        }
        else {
@@ -575,38 +1693,38 @@ sub declast()
            &cmp        ($acc,12);
            &jle        (&label("12rounds"));
-        &set_label("14rounds");
+        &set_label("14rounds",4);
            for ($i=1;$i<3;$i++) {
-                &decstep(0,"ebp",$s0,$s3,$s2,$s1);
+                &decstep(0,$tbl,$s0,$s3,$s2,$s1);
-                &decstep(1,"ebp",$s1,$s0,$s3,$s2);
+                &decstep(1,$tbl,$s1,$s0,$s3,$s2);
-                &decstep(2,"ebp",$s2,$s1,$s0,$s3);
+                &decstep(2,$tbl,$s2,$s1,$s0,$s3);
-                &decstep(3,"ebp",$s3,$s2,$s1,$s0);
+                &decstep(3,$tbl,$s3,$s2,$s1,$s0);
                &xor    ($s0,&DWP(16*$i+0,$key));
                &xor    ($s1,&DWP(16*$i+4,$key));
                &xor    ($s2,&DWP(16*$i+8,$key));
                &xor    ($s3,&DWP(16*$i+12,$key));
            }
            &add        ($key,32);
-            &mov        (&DWP(12,"esp"),$key);  # advance rd_key
+            &mov        ($__key,$key);          # advance rd_key
-        &set_label("12rounds");
+        &set_label("12rounds",4);
            for ($i=1;$i<3;$i++) {
-                &decstep(0,"ebp",$s0,$s3,$s2,$s1);
+                &decstep(0,$tbl,$s0,$s3,$s2,$s1);
-                &decstep(1,"ebp",$s1,$s0,$s3,$s2);
+                &decstep(1,$tbl,$s1,$s0,$s3,$s2);
-                &decstep(2,"ebp",$s2,$s1,$s0,$s3);
+                &decstep(2,$tbl,$s2,$s1,$s0,$s3);
-                &decstep(3,"ebp",$s3,$s2,$s1,$s0);
+                &decstep(3,$tbl,$s3,$s2,$s1,$s0);
                &xor    ($s0,&DWP(16*$i+0,$key));
                &xor    ($s1,&DWP(16*$i+4,$key));
                &xor    ($s2,&DWP(16*$i+8,$key));
                &xor    ($s3,&DWP(16*$i+12,$key));
            }
            &add        ($key,32);
-            &mov        (&DWP(12,"esp"),$key);  # advance rd_key
+            &mov        ($__key,$key);          # advance rd_key
-        &set_label("10rounds");
+        &set_label("10rounds",4);
            for ($i=1;$i<10;$i++) {
-                &decstep(0,"ebp",$s0,$s3,$s2,$s1);
+                &decstep(0,$tbl,$s0,$s3,$s2,$s1);
-                &decstep(1,"ebp",$s1,$s0,$s3,$s2);
+                &decstep(1,$tbl,$s1,$s0,$s3,$s2);
-                &decstep(2,"ebp",$s2,$s1,$s0,$s3);
+                &decstep(2,$tbl,$s2,$s1,$s0,$s3);
-                &decstep(3,"ebp",$s3,$s2,$s1,$s0);
+                &decstep(3,$tbl,$s3,$s2,$s1,$s0);
                &xor    ($s0,&DWP(16*$i+0,$key));
                &xor    ($s1,&DWP(16*$i+4,$key));
                &xor    ($s2,&DWP(16*$i+8,$key));
@@ -614,10 +1732,10 @@ sub declast()
            }
        }
-        &declast(0,"ebp",$s0,$s3,$s2,$s1);
+        &declast(0,$tbl,$s0,$s3,$s2,$s1);
-        &declast(1,"ebp",$s1,$s0,$s3,$s2);
+        &declast(1,$tbl,$s1,$s0,$s3,$s2);
-        &declast(2,"ebp",$s2,$s1,$s0,$s3);
+        &declast(2,$tbl,$s2,$s1,$s0,$s3);
-        &declast(3,"ebp",$s3,$s2,$s1,$s0);
+        &declast(3,$tbl,$s3,$s2,$s1,$s0);
        &add    ($key,$small_footprint?16:160);
        &xor    ($s0,&DWP(0,$key));
@@ -692,7 +1810,107 @@ sub declast()
        &_data_word(0x72c31d16, 0x0c25e2bc, 0x8b493c28, 0x41950dff);
        &_data_word(0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664);
        &_data_word(0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0);
-#Td4:
+#Td4:   # four copies of Td4 to choose from to avoid L1 aliasing
+        &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
+        &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
+        &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
+        &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
+        &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
+        &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
+        &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
+        &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
+        &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
+        &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
+        &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
+        &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
+        &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
+        &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
+        &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
+        &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
+        &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
+        &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
+        &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
+        &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
+        &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
+        &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
+        &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
+        &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
+        &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
+        &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
+        &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
+        &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
+        &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
+        &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
+        &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
+        &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
+        &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
+        &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
+        &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
+        &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
+        &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
+        &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
+        &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
+        &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
+        &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
+        &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
+        &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
+        &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
+        &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
+        &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
+        &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
+        &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
+        &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
+        &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
+        &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
+        &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
+        &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
+        &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
+        &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
+        &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
+        &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
+        &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
+        &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
+        &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
+        &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
+        &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
+        &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
+        &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
+        &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
+        &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
+        &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
+        &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
+        &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
+        &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
+        &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
+        &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
+        &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
+        &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
+        &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
+        &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
+        &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
+        &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
+        &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
+        &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
+        &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
+        &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
+        &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
+        &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
+        &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
+        &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
+        &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
+        &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
+        &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
+        &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
+        &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
+        &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
+        &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
+        &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
+        &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
+        &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
        &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
        &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
        &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
@@ -728,43 +1946,57 @@ sub declast()
 &function_end_B("_x86_AES_decrypt");
 # void AES_decrypt (const void *inp,void *out,const AES_KEY *key);
-&public_label("AES_Td");
 &function_begin("AES_decrypt");
        &mov    ($acc,&wparam(0));              # load inp
        &mov    ($key,&wparam(2));              # load key
        &mov    ($s0,"esp");
-        &sub    ("esp",24);
+        &sub    ("esp",36);
-        &and    ("esp",-64);
+        &and    ("esp",-64);                    # align to cache-line
-        &add    ("esp",4);
-        &mov    (&DWP(16,"esp"),$s0);
+        # place stack frame just "above" the key schedule
+        &lea    ($s1,&DWP(-64-63,$key));
+        &sub    ($s1,"esp");
+        &neg    ($s1);
+        &and    ($s1,0x3C0);    # modulo 1024, but aligned to cache-line
+        &sub    ("esp",$s1);
+        &add    ("esp",4);      # 4 is reserved for caller's return address
+        &mov    ($_esp,$s0);    # save stack pointer
        &call   (&label("pic_point"));          # make it PIC!
        &set_label("pic_point");
-        &blindpop("ebp");
+        &blindpop($tbl);
-        &lea    ("ebp",&DWP(&label("AES_Td")."-".&label("pic_point"),"ebp"));
+        &picmeup($s0,"OPENSSL_ia32cap_P",$tbl,&label("pic_point")) if(!$x86only);
+        &lea    ($tbl,&DWP(&label("AES_Td")."-".&label("pic_point"),$tbl));
-        # prefetch Td4
-        &lea    ("ebp",&DWP(2048+128,"ebp"));
+        # pick Td4 copy which can't "overlap" with stack frame or key schedule
-        &mov    ($s0,&DWP(0-128,"ebp"));
+        &lea    ($s1,&DWP(768-4,"esp"));
-        &mov    ($s1,&DWP(32-128,"ebp"));
+        &sub    ($s1,$tbl);
-        &mov    ($s2,&DWP(64-128,"ebp"));
+        &and    ($s1,0x300);
-        &mov    ($s3,&DWP(96-128,"ebp"));
+        &lea    ($tbl,&DWP(2048+128,$tbl,$s1));
-        &mov    ($s0,&DWP(128-128,"ebp"));
-        &mov    ($s1,&DWP(160-128,"ebp"));
+                                        if (!$x86only) {
-        &mov    ($s2,&DWP(192-128,"ebp"));
+        &bt     (&DWP(0,$s0),25);       # check for SSE bit
-        &mov    ($s3,&DWP(224-128,"ebp"));
+        &jnc    (&label("x86"));
-        &lea    ("ebp",&DWP(-2048-128,"ebp"));
+        &movq   ("mm0",&QWP(0,$acc));
+        &movq   ("mm4",&QWP(8,$acc));
+        &call   ("_sse_AES_decrypt_compact");
+        &mov    ("esp",$_esp);                  # restore stack pointer
+        &mov    ($acc,&wparam(1));              # load out
+        &movq   (&QWP(0,$acc),"mm0");           # write output data
+        &movq   (&QWP(8,$acc),"mm4");
+        &emms   ();
+        &function_end_A();
+                                        }
+        &set_label("x86",16);
+        &mov    ($_tbl,$tbl);
        &mov    ($s0,&DWP(0,$acc));             # load input data
        &mov    ($s1,&DWP(4,$acc));
        &mov    ($s2,&DWP(8,$acc));
        &mov    ($s3,&DWP(12,$acc));
+        &call   ("_x86_AES_decrypt_compact");
-        &call   ("_x86_AES_decrypt");
+        &mov    ("esp",$_esp);                  # restore stack pointer
-        &mov    ("esp",&DWP(16,"esp"));
        &mov    ($acc,&wparam(1));              # load out
        &mov    (&DWP(0,$acc),$s0);             # write output data
        &mov    (&DWP(4,$acc),$s1);
@@ -777,126 +2009,136 @@ sub declast()
 #                       unsigned char *ivp,const int enc);
 {
 # stack frame layout
-# -4(%esp)      0(%esp)         return address
+#             -4(%esp)          # return address         0(%esp)
-# 0(%esp)       4(%esp)         tmp1
+#              0(%esp)          # s0 backing store       4(%esp)        
-# 4(%esp)       8(%esp)         tmp2
+#              4(%esp)          # s1 backing store       8(%esp)
-# 8(%esp)       12(%esp)        key
+#              8(%esp)          # s2 backing store      12(%esp)
-# 12(%esp)      16(%esp)        end of key schedule
+#             12(%esp)          # s3 backing store      16(%esp)
-my $_esp=&DWP(16,"esp");        #saved %esp
+#             16(%esp)          # key backup            20(%esp)
-my $_inp=&DWP(20,"esp");        #copy of wparam(0)
+#             20(%esp)          # end of key schedule   24(%esp)
-my $_out=&DWP(24,"esp");        #copy of wparam(1)
+#             24(%esp)          # %ebp backup           28(%esp)
-my $_len=&DWP(28,"esp");        #copy of wparam(2)
+#             28(%esp)          # %esp backup
-my $_key=&DWP(32,"esp");        #copy of wparam(3)
+my $_inp=&DWP(32,"esp");        # copy of wparam(0)
-my $_ivp=&DWP(36,"esp");        #copy of wparam(4)
+my $_out=&DWP(36,"esp");        # copy of wparam(1)
-my $_tmp=&DWP(40,"esp");        #volatile variable
+my $_len=&DWP(40,"esp");        # copy of wparam(2)
-my $ivec=&DWP(44,"esp");        #ivec[16]
+my $_key=&DWP(44,"esp");        # copy of wparam(3)
-my $aes_key=&DWP(60,"esp");     #copy of aes_key
+my $_ivp=&DWP(48,"esp");        # copy of wparam(4)
-my $mark=&DWP(60+240,"esp");    #copy of aes_key->rounds
+my $_tmp=&DWP(52,"esp");        # volatile variable
+#
-&public_label("AES_Te");
+my $ivec=&DWP(60,"esp");        # ivec[16]
-&public_label("AES_Td");
+my $aes_key=&DWP(76,"esp");     # copy of aes_key
+my $mark=&DWP(76+240,"esp");    # copy of aes_key->rounds
 &function_begin("AES_cbc_encrypt");
        &mov    ($s2 eq "ecx"? $s2 : "",&wparam(2));    # load len
        &cmp    ($s2,0);
-        &je     (&label("enc_out"));
+        &je     (&label("drop_out"));
        &call   (&label("pic_point"));          # make it PIC!
        &set_label("pic_point");
-        &blindpop("ebp");
+        &blindpop($tbl);
+        &picmeup($s0,"OPENSSL_ia32cap_P",$tbl,&label("pic_point")) if(!$x86only);
-        &pushf  ();
-        &cld    ();
        &cmp    (&wparam(5),0);
-        &je     (&label("DECRYPT"));
+        &lea    ($tbl,&DWP(&label("AES_Te")."-".&label("pic_point"),$tbl));
+        &jne    (&label("picked_te"));
-        &lea    ("ebp",&DWP(&label("AES_Te")."-".&label("pic_point"),"ebp"));
+        &lea    ($tbl,&DWP(&label("AES_Td")."-".&label("AES_Te"),$tbl));
+        &set_label("picked_te");
-        # allocate aligned stack frame...
+        # one can argue if this is required
-        &lea    ($key,&DWP(-64-244,"esp"));
+        &pushf  ();
-        &and    ($key,-64);
+        &cld    ();
-        # ... and make sure it doesn't alias with AES_Te modulo 4096
+        &cmp    ($s2,$speed_limit);
-        &mov    ($s0,"ebp");
+        &jb     (&label("slow_way"));
-        &lea    ($s1,&DWP(2048,"ebp"));
+        &test   ($s2,15);
-        &mov    ($s3,$key);
+        &jnz    (&label("slow_way"));
+                                        if (!$x86only) {
+        &bt     (&DWP(0,$s0),28);       # check for hyper-threading bit
+        &jc     (&label("slow_way"));
+                                        }
+        # pre-allocate aligned stack frame...
+        &lea    ($acc,&DWP(-80-244,"esp"));
+        &and    ($acc,-64);
+        # ... and make sure it doesn't alias with $tbl modulo 4096
+        &mov    ($s0,$tbl);
+        &lea    ($s1,&DWP(2048+256,$tbl));
+        &mov    ($s3,$acc);
        &and    ($s0,0xfff);            # s = %ebp&0xfff
-        &and    ($s1,0xfff);            # e = (%ebp+2048)&0xfff
+        &and    ($s1,0xfff);            # e = (%ebp+2048+256)&0xfff
        &and    ($s3,0xfff);            # p = %esp&0xfff
        &cmp    ($s3,$s1);              # if (p>=e) %esp =- (p-e);
-        &jb     (&label("te_break_out"));
+        &jb     (&label("tbl_break_out"));
        &sub    ($s3,$s1);
-        &sub    ($key,$s3);
+        &sub    ($acc,$s3);
-        &jmp    (&label("te_ok"));
+        &jmp    (&label("tbl_ok"));
-        &set_label("te_break_out");     # else %esp -= (p-s)&0xfff + framesz;
+        &set_label("tbl_break_out",4);  # else %esp -= (p-s)&0xfff + framesz;
        &sub    ($s3,$s0);
        &and    ($s3,0xfff);
-        &add    ($s3,64+256);
+        &add    ($s3,384);
-        &sub    ($key,$s3);
+        &sub    ($acc,$s3);
-        &align  (4);
+        &set_label("tbl_ok",4);
-        &set_label("te_ok");
-        &mov    ($s0,&wparam(0));       # load inp
-        &mov    ($s1,&wparam(1));       # load out
-        &mov    ($s3,&wparam(3));       # load key
-        &mov    ($acc,&wparam(4));      # load ivp
-        &exch   ("esp",$key);
+        &lea    ($s3,&wparam(0));       # obtain pointer to parameter block
+        &exch   ("esp",$acc);           # allocate stack frame
        &add    ("esp",4);              # reserve for return address!
-        &mov    ($_esp,$key);           # save %esp
+        &mov    ($_tbl,$tbl);           # save %ebp
+        &mov    ($_esp,$acc);           # save %esp
+        &mov    ($s0,&DWP(0,$s3));      # load inp
+        &mov    ($s1,&DWP(4,$s3));      # load out
+        #&mov   ($s2,&DWP(8,$s3));      # load len
+        &mov    ($key,&DWP(12,$s3));    # load key
+        &mov    ($acc,&DWP(16,$s3));    # load ivp
+        &mov    ($s3,&DWP(20,$s3));     # load enc flag
        &mov    ($_inp,$s0);            # save copy of inp
        &mov    ($_out,$s1);            # save copy of out
        &mov    ($_len,$s2);            # save copy of len
-        &mov    ($_key,$s3);            # save copy of key
+        &mov    ($_key,$key);           # save copy of key
        &mov    ($_ivp,$acc);           # save copy of ivp
        &mov    ($mark,0);              # copy of aes_key->rounds = 0;
-        if ($compromise) {
-                &cmp    ($s2,$compromise);
-                &jb     (&label("skip_ecopy"));
-        }
        # do we copy key schedule to stack?
-        &mov    ($s1 eq "ebx" ? $s1 : "",$s3);
+        &mov    ($s1 eq "ebx" ? $s1 : "",$key);
        &mov    ($s2 eq "ecx" ? $s2 : "",244/4);
-        &sub    ($s1,"ebp");
+        &sub    ($s1,$tbl);
-        &mov    ("esi",$s3);
+        &mov    ("esi",$key);
        &and    ($s1,0xfff);
        &lea    ("edi",$aes_key);
-        &cmp    ($s1,2048);
+        &cmp    ($s1,2048+256);
-        &jb     (&label("do_ecopy"));
+        &jb     (&label("do_copy"));
        &cmp    ($s1,4096-244);
-        &jb     (&label("skip_ecopy"));
+        &jb     (&label("skip_copy"));
-        &align  (4);
+        &set_label("do_copy",4);
-        &set_label("do_ecopy");
                &mov    ($_key,"edi");
                &data_word(0xA5F3F689); # rep movsd
-        &set_label("skip_ecopy");
+        &set_label("skip_copy");
-        &mov    ($acc,$s0);
        &mov    ($key,16);
-        &align  (4);
+        &set_label("prefetch_tbl",4);
-        &set_label("prefetch_te");
+                &mov    ($s0,&DWP(0,$tbl));
-                &mov    ($s0,&DWP(0,"ebp"));
+                &mov    ($s1,&DWP(32,$tbl));
-                &mov    ($s1,&DWP(32,"ebp"));
+                &mov    ($s2,&DWP(64,$tbl));
-                &mov    ($s2,&DWP(64,"ebp"));
+                &mov    ($acc,&DWP(96,$tbl));
-                &mov    ($s3,&DWP(96,"ebp"));
+                &lea    ($tbl,&DWP(128,$tbl));
-                &lea    ("ebp",&DWP(128,"ebp"));
+                &sub    ($key,1);
-                &dec    ($key);
+        &jnz    (&label("prefetch_tbl"));
-        &jnz    (&label("prefetch_te"));
+        &sub    ($tbl,2048);
-        &sub    ("ebp",2048);
+        &mov    ($acc,$_inp);
-        &mov    ($s2,$_len);
        &mov    ($key,$_ivp);
-        &test   ($s2,0xFFFFFFF0);
-        &jz     (&label("enc_tail"));           # short input...
+        &cmp    ($s3,0);
+        &je     (&label("fast_decrypt"));
+#----------------------------- ENCRYPT -----------------------------#
        &mov    ($s0,&DWP(0,$key));             # load iv
        &mov    ($s1,&DWP(4,$key));
-        &align  (4);
+        &set_label("fast_enc_loop",16);
-        &set_label("enc_loop");
                &mov    ($s2,&DWP(8,$key));
                &mov    ($s3,&DWP(12,$key));
@@ -916,22 +2158,16 @@ my $mark=&DWP(60+240,"esp");	#copy of aes_key->rounds
                &mov    (&DWP(8,$key),$s2);
                &mov    (&DWP(12,$key),$s3);
+                &lea    ($acc,&DWP(16,$acc));   # advance inp
                &mov    ($s2,$_len);            # load len
-                &lea    ($acc,&DWP(16,$acc));
                &mov    ($_inp,$acc);           # save inp
+                &lea    ($s3,&DWP(16,$key));    # advance out
-                &lea    ($s3,&DWP(16,$key));
                &mov    ($_out,$s3);            # save out
+                &sub    ($s2,16);               # decrease len
-                &sub    ($s2,16);
-                &test   ($s2,0xFFFFFFF0);
                &mov    ($_len,$s2);            # save len
-        &jnz    (&label("enc_loop"));
+        &jnz    (&label("fast_enc_loop"));
-        &test   ($s2,15);
-        &jnz    (&label("enc_tail"));
        &mov    ($acc,$_ivp);           # load ivp
-        &mov    ($s2,&DWP(8,$key));     # restore last dwords
+        &mov    ($s2,&DWP(8,$key));     # restore last 2 dwords
        &mov    ($s3,&DWP(12,$key));
        &mov    (&DWP(0,$acc),$s0);     # save ivec
        &mov    (&DWP(4,$acc),$s1);
@@ -949,125 +2185,20 @@ my $mark=&DWP(60+240,"esp");	#copy of aes_key->rounds
        &set_label("skip_ezero")
        &mov    ("esp",$_esp);
        &popf   ();
-    &set_label("enc_out");
+    &set_label("drop_out");
        &function_end_A();
        &pushf  ();                     # kludge, never executed
-    &align      (4);
-    &set_label("enc_tail");
-        &mov    ($s0,$key eq "edi" ? $key : "");
-        &mov    ($key,$_out);                   # load out
-        &push   ($s0);                          # push ivp
-        &mov    ($s1,16);
-        &sub    ($s1,$s2);
-        &cmp    ($key,$acc);                    # compare with inp
-        &je     (&label("enc_in_place"));
-        &align  (4);
-        &data_word(0xA4F3F689); # rep movsb     # copy input
-        &jmp    (&label("enc_skip_in_place"));
-    &set_label("enc_in_place");
-        &lea    ($key,&DWP(0,$key,$s2));
-    &set_label("enc_skip_in_place");
-        &mov    ($s2,$s1);
-        &xor    ($s0,$s0);
-        &align  (4);
-        &data_word(0xAAF3F689); # rep stosb     # zero tail
-        &pop    ($key);                         # pop ivp
-        &mov    ($acc,$_out);                   # output as input
-        &mov    ($s0,&DWP(0,$key));
-        &mov    ($s1,&DWP(4,$key));
-        &mov    ($_len,16);                     # len=16
-        &jmp    (&label("enc_loop"));           # one more spin...
 #----------------------------- DECRYPT -----------------------------#
-&align  (4);
+&set_label("fast_decrypt",16);
-&set_label("DECRYPT");
-        &lea    ("ebp",&DWP(&label("AES_Td")."-".&label("pic_point"),"ebp"));
-        # allocate aligned stack frame...
-        &lea    ($key,&DWP(-64-244,"esp"));
-        &and    ($key,-64);
-        # ... and make sure it doesn't alias with AES_Td modulo 4096
-        &mov    ($s0,"ebp");
-        &lea    ($s1,&DWP(2048+256,"ebp"));
-        &mov    ($s3,$key);
-        &and    ($s0,0xfff);            # s = %ebp&0xfff
-        &and    ($s1,0xfff);            # e = (%ebp+2048+256)&0xfff
-        &and    ($s3,0xfff);            # p = %esp&0xfff
-        &cmp    ($s3,$s1);              # if (p>=e) %esp =- (p-e);
-        &jb     (&label("td_break_out"));
-        &sub    ($s3,$s1);
-        &sub    ($key,$s3);
-        &jmp    (&label("td_ok"));
-        &set_label("td_break_out");     # else %esp -= (p-s)&0xfff + framesz;
-        &sub    ($s3,$s0);
-        &and    ($s3,0xfff);
-        &add    ($s3,64+256);
-        &sub    ($key,$s3);
-        &align  (4);
-        &set_label("td_ok");
-        &mov    ($s0,&wparam(0));       # load inp
-        &mov    ($s1,&wparam(1));       # load out
-        &mov    ($s3,&wparam(3));       # load key
-        &mov    ($acc,&wparam(4));      # load ivp
-        &exch   ("esp",$key);
-        &add    ("esp",4);              # reserve for return address!
-        &mov    ($_esp,$key);           # save %esp
-        &mov    ($_inp,$s0);            # save copy of inp
-        &mov    ($_out,$s1);            # save copy of out
-        &mov    ($_len,$s2);            # save copy of len
-        &mov    ($_key,$s3);            # save copy of key
-        &mov    ($_ivp,$acc);           # save copy of ivp
-        &mov    ($mark,0);              # copy of aes_key->rounds = 0;
-        if ($compromise) {
-                &cmp    ($s2,$compromise);
-                &jb     (&label("skip_dcopy"));
-        }
-        # do we copy key schedule to stack?
-        &mov    ($s1 eq "ebx" ? $s1 : "",$s3);
-        &mov    ($s2 eq "ecx" ? $s2 : "",244/4);
-        &sub    ($s1,"ebp");
-        &mov    ("esi",$s3);
-        &and    ($s1,0xfff);
-        &lea    ("edi",$aes_key);
-        &cmp    ($s1,2048+256);
-        &jb     (&label("do_dcopy"));
-        &cmp    ($s1,4096-244);
-        &jb     (&label("skip_dcopy"));
-        &align  (4);
-        &set_label("do_dcopy");
-                &mov    ($_key,"edi");
-                &data_word(0xA5F3F689); # rep movsd
-        &set_label("skip_dcopy");
-        &mov    ($acc,$s0);
-        &mov    ($key,18);
-        &align  (4);
-        &set_label("prefetch_td");
-                &mov    ($s0,&DWP(0,"ebp"));
-                &mov    ($s1,&DWP(32,"ebp"));
-                &mov    ($s2,&DWP(64,"ebp"));
-                &mov    ($s3,&DWP(96,"ebp"));
-                &lea    ("ebp",&DWP(128,"ebp"));
-                &dec    ($key);
-        &jnz    (&label("prefetch_td"));
-        &sub    ("ebp",2048+256);
        &cmp    ($acc,$_out);
-        &je     (&label("dec_in_place"));       # in-place processing...
+        &je     (&label("fast_dec_in_place"));  # in-place processing...
-        &mov    ($key,$_ivp);           # load ivp
        &mov    ($_tmp,$key);
        &align  (4);
-        &set_label("dec_loop");
+        &set_label("fast_dec_loop",16);
                &mov    ($s0,&DWP(0,$acc));     # read input
                &mov    ($s1,&DWP(4,$acc));
                &mov    ($s2,&DWP(8,$acc));
@@ -1083,27 +2214,24 @@ my $mark=&DWP(60+240,"esp");	#copy of aes_key->rounds
                &xor    ($s2,&DWP(8,$key));
                &xor    ($s3,&DWP(12,$key));
-                &sub    ($acc,16);
-                &jc     (&label("dec_partial"));
-                &mov    ($_len,$acc);           # save len
-                &mov    ($acc,$_inp);           # load inp
                &mov    ($key,$_out);           # load out
+                &mov    ($acc,$_inp);           # load inp
                &mov    (&DWP(0,$key),$s0);     # write output
                &mov    (&DWP(4,$key),$s1);
                &mov    (&DWP(8,$key),$s2);
                &mov    (&DWP(12,$key),$s3);
+                &mov    ($s2,$_len);            # load len
                &mov    ($_tmp,$acc);           # save ivp
-                &lea    ($acc,&DWP(16,$acc));
+                &lea    ($acc,&DWP(16,$acc));   # advance inp
                &mov    ($_inp,$acc);           # save inp
+                &lea    ($key,&DWP(16,$key));   # advance out
-                &lea    ($key,&DWP(16,$key));
                &mov    ($_out,$key);           # save out
+                &sub    ($s2,16);               # decrease len
-        &jnz    (&label("dec_loop"));
+                &mov    ($_len,$s2);            # save len
+        &jnz    (&label("fast_dec_loop"));
        &mov    ($key,$_tmp);           # load temp ivp
-    &set_label("dec_end");
        &mov    ($acc,$_ivp);           # load user ivp
        &mov    ($s0,&DWP(0,$key));     # load iv
        &mov    ($s1,&DWP(4,$key));
@@ -1113,31 +2241,16 @@ my $mark=&DWP(60+240,"esp");	#copy of aes_key->rounds
        &mov    (&DWP(4,$acc),$s1);
        &mov    (&DWP(8,$acc),$s2);
        &mov    (&DWP(12,$acc),$s3);
-        &jmp    (&label("dec_out"));
+        &jmp    (&label("fast_dec_out"));
-    &align      (4);
+    &set_label("fast_dec_in_place",16);
-    &set_label("dec_partial");
+        &set_label("fast_dec_in_place_loop");
-        &lea    ($key,$ivec);
-        &mov    (&DWP(0,$key),$s0);     # dump output to stack
-        &mov    (&DWP(4,$key),$s1);
-        &mov    (&DWP(8,$key),$s2);
-        &mov    (&DWP(12,$key),$s3);
-        &lea    ($s2 eq "ecx" ? $s2 : "",&DWP(16,$acc));
-        &mov    ($acc eq "esi" ? $acc : "",$key);
-        &mov    ($key eq "edi" ? $key : "",$_out);      # load out
-        &data_word(0xA4F3F689); # rep movsb             # copy output
-        &mov    ($key,$_inp);                           # use inp as temp ivp
-        &jmp    (&label("dec_end"));
-    &align      (4);
-    &set_label("dec_in_place");
-        &set_label("dec_in_place_loop");
-                &lea    ($key,$ivec);
                &mov    ($s0,&DWP(0,$acc));     # read input
                &mov    ($s1,&DWP(4,$acc));
                &mov    ($s2,&DWP(8,$acc));
                &mov    ($s3,&DWP(12,$acc));
+                &lea    ($key,$ivec);
                &mov    (&DWP(0,$key),$s0);     # copy to temp
                &mov    (&DWP(4,$key),$s1);
                &mov    (&DWP(8,$key),$s2);
@@ -1158,7 +2271,7 @@ my $mark=&DWP(60+240,"esp");	#copy of aes_key->rounds
                &mov    (&DWP(8,$acc),$s2);
                &mov    (&DWP(12,$acc),$s3);
-                &lea    ($acc,&DWP(16,$acc));
+                &lea    ($acc,&DWP(16,$acc));   # advance out
                &mov    ($_out,$acc);           # save out
                &lea    ($acc,$ivec);
@@ -1173,40 +2286,340 @@ my $mark=&DWP(60+240,"esp");	#copy of aes_key->rounds
                &mov    (&DWP(12,$key),$s3);
                &mov    ($acc,$_inp);           # load inp
+                &mov    ($s2,$_len);            # load len
+                &lea    ($acc,&DWP(16,$acc));   # advance inp
+                &mov    ($_inp,$acc);           # save inp
+                &sub    ($s2,16);               # decrease len
+                &mov    ($_len,$s2);            # save len
+        &jnz    (&label("fast_dec_in_place_loop"));
+    &set_label("fast_dec_out",4);
+        &cmp    ($mark,0);              # was the key schedule copied?
+        &mov    ("edi",$_key);
+        &je     (&label("skip_dzero"));
+        # zero copy of key schedule
+        &mov    ("ecx",240/4);
+        &xor    ("eax","eax");
+        &align  (4);
+        &data_word(0xABF3F689); # rep stosd
+        &set_label("skip_dzero")
+        &mov    ("esp",$_esp);
+        &popf   ();
+        &function_end_A();
+        &pushf  ();                     # kludge, never executed
+#--------------------------- SLOW ROUTINE ---------------------------#
+&set_label("slow_way",16);
+        &mov    ($s0,&DWP(0,$s0)) if (!$x86only);# load OPENSSL_ia32cap
+        &mov    ($key,&wparam(3));      # load key
+        # pre-allocate aligned stack frame...
+        &lea    ($acc,&DWP(-80,"esp"));
+        &and    ($acc,-64);
+        # ... and make sure it doesn't alias with $key modulo 1024
+        &lea    ($s1,&DWP(-80-63,$key));
+        &sub    ($s1,$acc);
+        &neg    ($s1);
+        &and    ($s1,0x3C0);    # modulo 1024, but aligned to cache-line
+        &sub    ($acc,$s1);
+        # pick S-box copy which can't overlap with stack frame or $key
+        &lea    ($s1,&DWP(768,$acc));
+        &sub    ($s1,$tbl);
+        &and    ($s1,0x300);
+        &lea    ($tbl,&DWP(2048+128,$tbl,$s1));
+        &lea    ($s3,&wparam(0));       # pointer to parameter block
+        &exch   ("esp",$acc);
+        &add    ("esp",4);              # reserve for return address!
+        &mov    ($_tbl,$tbl);           # save %ebp
+        &mov    ($_esp,$acc);           # save %esp
+        &mov    ($_tmp,$s0);            # save OPENSSL_ia32cap
+        &mov    ($s0,&DWP(0,$s3));      # load inp
+        &mov    ($s1,&DWP(4,$s3));      # load out
+        #&mov   ($s2,&DWP(8,$s3));      # load len
+        #&mov   ($key,&DWP(12,$s3));    # load key
+        &mov    ($acc,&DWP(16,$s3));    # load ivp
+        &mov    ($s3,&DWP(20,$s3));     # load enc flag
+        &mov    ($_inp,$s0);            # save copy of inp
+        &mov    ($_out,$s1);            # save copy of out
+        &mov    ($_len,$s2);            # save copy of len
+        &mov    ($_key,$key);           # save copy of key
+        &mov    ($_ivp,$acc);           # save copy of ivp
+        &mov    ($key,$acc);
+        &mov    ($acc,$s0);
+        &cmp    ($s3,0);
+        &je     (&label("slow_decrypt"));
+#--------------------------- SLOW ENCRYPT ---------------------------#
+        &cmp    ($s2,16);
+        &mov    ($s3,$s1);
+        &jb     (&label("slow_enc_tail"));
+                                        if (!$x86only) {
+        &bt     ($_tmp,25);             # check for SSE bit
+        &jnc    (&label("slow_enc_x86"));
-                &lea    ($acc,&DWP(16,$acc));
+        &movq   ("mm0",&QWP(0,$key));   # load iv
+        &movq   ("mm4",&QWP(8,$key));
+        &set_label("slow_enc_loop_sse",16);
+                &pxor   ("mm0",&QWP(0,$acc));   # xor input data
+                &pxor   ("mm4",&QWP(8,$acc));
+                &mov    ($key,$_key);
+                &call   ("_sse_AES_encrypt_compact");
+                &mov    ($acc,$_inp);           # load inp
+                &mov    ($key,$_out);           # load out
+                &mov    ($s2,$_len);            # load len
+                &movq   (&QWP(0,$key),"mm0");   # save output data
+                &movq   (&QWP(8,$key),"mm4");
+                &lea    ($acc,&DWP(16,$acc));   # advance inp
                &mov    ($_inp,$acc);           # save inp
+                &lea    ($s3,&DWP(16,$key));    # advance out
+                &mov    ($_out,$s3);            # save out
+                &sub    ($s2,16);               # decrease len
+                &cmp    ($s2,16);
+                &mov    ($_len,$s2);            # save len
+        &jae    (&label("slow_enc_loop_sse"));
+        &test   ($s2,15);
+        &jnz    (&label("slow_enc_tail"));
+        &mov    ($acc,$_ivp);           # load ivp
+        &movq   (&QWP(0,$acc),"mm0");   # save ivec
+        &movq   (&QWP(8,$acc),"mm4");
+        &emms   ();
+        &mov    ("esp",$_esp);
+        &popf   ();
+        &function_end_A();
+        &pushf  ();                     # kludge, never executed
+                                        }
+    &set_label("slow_enc_x86",16);
+        &mov    ($s0,&DWP(0,$key));     # load iv
+        &mov    ($s1,&DWP(4,$key));
+        &set_label("slow_enc_loop_x86",4);
+                &mov    ($s2,&DWP(8,$key));
+                &mov    ($s3,&DWP(12,$key));
+                &xor    ($s0,&DWP(0,$acc));     # xor input data
+                &xor    ($s1,&DWP(4,$acc));
+                &xor    ($s2,&DWP(8,$acc));
+                &xor    ($s3,&DWP(12,$acc));
+                &mov    ($key,$_key);           # load key
+                &call   ("_x86_AES_encrypt_compact");
+                &mov    ($acc,$_inp);           # load inp
+                &mov    ($key,$_out);           # load out
+                &mov    (&DWP(0,$key),$s0);     # save output data
+                &mov    (&DWP(4,$key),$s1);
+                &mov    (&DWP(8,$key),$s2);
+                &mov    (&DWP(12,$key),$s3);
                &mov    ($s2,$_len);            # load len
-                &sub    ($s2,16);
+                &lea    ($acc,&DWP(16,$acc));   # advance inp
-                &jc     (&label("dec_in_place_partial"));
+                &mov    ($_inp,$acc);           # save inp
+                &lea    ($s3,&DWP(16,$key));    # advance out
+                &mov    ($_out,$s3);            # save out
+                &sub    ($s2,16);               # decrease len
+                &cmp    ($s2,16);
                &mov    ($_len,$s2);            # save len
-        &jnz    (&label("dec_in_place_loop"));
+        &jae    (&label("slow_enc_loop_x86"));
-        &jmp    (&label("dec_out"));
+        &test   ($s2,15);
+        &jnz    (&label("slow_enc_tail"));
-    &align      (4);
+        &mov    ($acc,$_ivp);           # load ivp
-    &set_label("dec_in_place_partial");
+        &mov    ($s2,&DWP(8,$key));     # restore last dwords
-        # one can argue if this is actually required...
+        &mov    ($s3,&DWP(12,$key));
-        &mov    ($key eq "edi" ? $key : "",$_out);
+        &mov    (&DWP(0,$acc),$s0);     # save ivec
-        &lea    ($acc eq "esi" ? $acc : "",$ivec);
+        &mov    (&DWP(4,$acc),$s1);
+        &mov    (&DWP(8,$acc),$s2);
+        &mov    (&DWP(12,$acc),$s3);
+        &mov    ("esp",$_esp);
+        &popf   ();
+        &function_end_A();
+        &pushf  ();                     # kludge, never executed
+    &set_label("slow_enc_tail",16);
+        &emms   ()      if (!$x86only);
+        &mov    ($key eq "edi"? $key:"",$s3);   # load out to edi
+        &mov    ($s1,16);
+        &sub    ($s1,$s2);
+        &cmp    ($key,$acc eq "esi"? $acc:"");  # compare with inp
+        &je     (&label("enc_in_place"));
+        &align  (4);
+        &data_word(0xA4F3F689); # rep movsb     # copy input
+        &jmp    (&label("enc_skip_in_place"));
+    &set_label("enc_in_place");
        &lea    ($key,&DWP(0,$key,$s2));
-        &lea    ($acc,&DWP(16,$acc,$s2));
+    &set_label("enc_skip_in_place");
-        &neg    ($s2 eq "ecx" ? $s2 : "");
+        &mov    ($s2,$s1);
-        &data_word(0xA4F3F689); # rep movsb     # restore tail
+        &xor    ($s0,$s0);
+        &align  (4);
-    &align      (4);
+        &data_word(0xAAF3F689); # rep stosb     # zero tail
-    &set_label("dec_out");
-    &cmp        ($mark,0);              # was the key schedule copied?
+        &mov    ($key,$_ivp);                   # restore ivp
-    &mov        ("edi",$_key);
+        &mov    ($acc,$s3);                     # output as input
-    &je         (&label("skip_dzero"));
+        &mov    ($s0,&DWP(0,$key));
-    # zero copy of key schedule
+        &mov    ($s1,&DWP(4,$key));
-    &mov        ("ecx",240/4);
+        &mov    ($_len,16);                     # len=16
-    &xor        ("eax","eax");
+        &jmp    (&label("slow_enc_loop_x86"));  # one more spin...
-    &align      (4);
-    &data_word(0xABF3F689);     # rep stosd
+#--------------------------- SLOW DECRYPT ---------------------------#
-    &set_label("skip_dzero")
+&set_label("slow_decrypt",16);
-    &mov        ("esp",$_esp);
+                                        if (!$x86only) {
-    &popf       ();
+        &bt     ($_tmp,25);             # check for SSE bit
+        &jnc    (&label("slow_dec_loop_x86"));
+        &set_label("slow_dec_loop_sse",4);
+                &movq   ("mm0",&QWP(0,$acc));   # read input
+                &movq   ("mm4",&QWP(8,$acc));
+                &mov    ($key,$_key);
+                &call   ("_sse_AES_decrypt_compact");
+                &mov    ($acc,$_inp);           # load inp
+                &lea    ($s0,$ivec);
+                &mov    ($s1,$_out);            # load out
+                &mov    ($s2,$_len);            # load len
+                &mov    ($key,$_ivp);           # load ivp
+                &movq   ("mm1",&QWP(0,$acc));   # re-read input
+                &movq   ("mm5",&QWP(8,$acc));
+                &pxor   ("mm0",&QWP(0,$key));   # xor iv
+                &pxor   ("mm4",&QWP(8,$key));
+                &movq   (&QWP(0,$key),"mm1");   # copy input to iv
+                &movq   (&QWP(8,$key),"mm5");
+                &sub    ($s2,16);               # decrease len
+                &jc     (&label("slow_dec_partial_sse"));
+                &movq   (&QWP(0,$s1),"mm0");    # write output
+                &movq   (&QWP(8,$s1),"mm4");
+                &lea    ($s1,&DWP(16,$s1));     # advance out
+                &mov    ($_out,$s1);            # save out
+                &lea    ($acc,&DWP(16,$acc));   # advance inp
+                &mov    ($_inp,$acc);           # save inp
+                &mov    ($_len,$s2);            # save len
+        &jnz    (&label("slow_dec_loop_sse"));
+        &emms   ();
+        &mov    ("esp",$_esp);
+        &popf   ();
+        &function_end_A();
+        &pushf  ();                     # kludge, never executed
+    &set_label("slow_dec_partial_sse",16);
+        &movq   (&QWP(0,$s0),"mm0");    # save output to temp
+        &movq   (&QWP(8,$s0),"mm4");
+        &emms   ();
+        &add    ($s2 eq "ecx" ? "ecx":"",16);
+        &mov    ("edi",$s1);            # out
+        &mov    ("esi",$s0);            # temp
+        &align  (4);
+        &data_word(0xA4F3F689);         # rep movsb # copy partial output
+        &mov    ("esp",$_esp);
+        &popf   ();
+        &function_end_A();
+        &pushf  ();                     # kludge, never executed
+                                        }
+        &set_label("slow_dec_loop_x86",16);
+                &mov    ($s0,&DWP(0,$acc));     # read input
+                &mov    ($s1,&DWP(4,$acc));
+                &mov    ($s2,&DWP(8,$acc));
+                &mov    ($s3,&DWP(12,$acc));
+                &lea    ($key,$ivec);
+                &mov    (&DWP(0,$key),$s0);     # copy to temp
+                &mov    (&DWP(4,$key),$s1);
+                &mov    (&DWP(8,$key),$s2);
+                &mov    (&DWP(12,$key),$s3);
+                &mov    ($key,$_key);           # load key
+                &call   ("_x86_AES_decrypt_compact");
+                &mov    ($key,$_ivp);           # load ivp
+                &mov    ($acc,$_len);           # load len
+                &xor    ($s0,&DWP(0,$key));     # xor iv
+                &xor    ($s1,&DWP(4,$key));
+                &xor    ($s2,&DWP(8,$key));
+                &xor    ($s3,&DWP(12,$key));
+                &sub    ($acc,16);
+                &jc     (&label("slow_dec_partial_x86"));
+                &mov    ($_len,$acc);           # save len
+                &mov    ($acc,$_out);           # load out
+                &mov    (&DWP(0,$acc),$s0);     # write output
+                &mov    (&DWP(4,$acc),$s1);
+                &mov    (&DWP(8,$acc),$s2);
+                &mov    (&DWP(12,$acc),$s3);
+                &lea    ($acc,&DWP(16,$acc));   # advance out
+                &mov    ($_out,$acc);           # save out
+                &lea    ($acc,$ivec);
+                &mov    ($s0,&DWP(0,$acc));     # read temp
+                &mov    ($s1,&DWP(4,$acc));
+                &mov    ($s2,&DWP(8,$acc));
+                &mov    ($s3,&DWP(12,$acc));
+                &mov    (&DWP(0,$key),$s0);     # copy it to iv
+                &mov    (&DWP(4,$key),$s1);
+                &mov    (&DWP(8,$key),$s2);
+                &mov    (&DWP(12,$key),$s3);
+                &mov    ($acc,$_inp);           # load inp
+                &lea    ($acc,&DWP(16,$acc));   # advance inp
+                &mov    ($_inp,$acc);           # save inp
+        &jnz    (&label("slow_dec_loop_x86"));
+        &mov    ("esp",$_esp);
+        &popf   ();
+        &function_end_A();
+        &pushf  ();                     # kludge, never executed
+    &set_label("slow_dec_partial_x86",16);
+        &lea    ($acc,$ivec);
+        &mov    (&DWP(0,$acc),$s0);     # save output to temp
+        &mov    (&DWP(4,$acc),$s1);
+        &mov    (&DWP(8,$acc),$s2);
+        &mov    (&DWP(12,$acc),$s3);
+        &mov    ($acc,$_inp);
+        &mov    ($s0,&DWP(0,$acc));     # re-read input
+        &mov    ($s1,&DWP(4,$acc));
+        &mov    ($s2,&DWP(8,$acc));
+        &mov    ($s3,&DWP(12,$acc));
+        &mov    (&DWP(0,$key),$s0);     # copy it to iv
+        &mov    (&DWP(4,$key),$s1);
+        &mov    (&DWP(8,$key),$s2);
+        &mov    (&DWP(12,$key),$s3);
+        &mov    ("ecx",$_len);
+        &mov    ("edi",$_out);
+        &lea    ("esi",$ivec);
+        &align  (4);
+        &data_word(0xA4F3F689);         # rep movsb # copy partial output
+        &mov    ("esp",$_esp);
+        &popf   ();
 &function_end("AES_cbc_encrypt");
 }
@@ -1215,35 +2628,31 @@ my $mark=&DWP(60+240,"esp");	#copy of aes_key->rounds
 sub enckey()
 {
        &movz   ("esi",&LB("edx"));             # rk[i]>>0
-        &mov    ("ebx",&DWP(2,"ebp","esi",8));
+        &movz   ("ebx",&BP(-128,$tbl,"esi",1));
        &movz   ("esi",&HB("edx"));             # rk[i]>>8
-        &and    ("ebx",0xFF000000);
+        &shl    ("ebx",24);
        &xor    ("eax","ebx");
-        &mov    ("ebx",&DWP(2,"ebp","esi",8));
+        &movz   ("ebx",&BP(-128,$tbl,"esi",1));
        &shr    ("edx",16);
-        &and    ("ebx",0x000000FF);
        &movz   ("esi",&LB("edx"));             # rk[i]>>16
        &xor    ("eax","ebx");
-        &mov    ("ebx",&DWP(0,"ebp","esi",8));
+        &movz   ("ebx",&BP(-128,$tbl,"esi",1));
        &movz   ("esi",&HB("edx"));             # rk[i]>>24
-        &and    ("ebx",0x0000FF00);
+        &shl    ("ebx",8);
        &xor    ("eax","ebx");
-        &mov    ("ebx",&DWP(0,"ebp","esi",8));
+        &movz   ("ebx",&BP(-128,$tbl,"esi",1));
-        &and    ("ebx",0x00FF0000);
+        &shl    ("ebx",16);
        &xor    ("eax","ebx");
-        &xor    ("eax",&DWP(2048,"ebp","ecx",4));       # rcon
+        &xor    ("eax",&DWP(1024-128,$tbl,"ecx",4));    # rcon
 }
-# int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+&function_begin("_x86_AES_set_encrypt_key");
-#                        AES_KEY *key)
+        &mov    ("esi",&wparam(1));             # user supplied key
-&public_label("AES_Te");
+        &mov    ("edi",&wparam(3));             # private key schedule
-&function_begin("AES_set_encrypt_key");
-        &mov    ("esi",&wparam(0));             # user supplied key
-        &mov    ("edi",&wparam(2));             # private key schedule
        &test   ("esi",-1);
        &jz     (&label("badpointer"));
@@ -1252,10 +2661,21 @@ sub enckey()
        &call   (&label("pic_point"));
        &set_label("pic_point");
-        &blindpop("ebp");
+        &blindpop($tbl);
-        &lea    ("ebp",&DWP(&label("AES_Te")."-".&label("pic_point"),"ebp"));
+        &lea    ($tbl,&DWP(&label("AES_Te")."-".&label("pic_point"),$tbl));
+        &lea    ($tbl,&DWP(2048+128,$tbl));
-        &mov    ("ecx",&wparam(1));             # number of bits in key
+        # prefetch Te4
+        &mov    ("eax",&DWP(0-128,$tbl));
+        &mov    ("ebx",&DWP(32-128,$tbl));
+        &mov    ("ecx",&DWP(64-128,$tbl));
+        &mov    ("edx",&DWP(96-128,$tbl));
+        &mov    ("eax",&DWP(128-128,$tbl));
+        &mov    ("ebx",&DWP(160-128,$tbl));
+        &mov    ("ecx",&DWP(192-128,$tbl));
+        &mov    ("edx",&DWP(224-128,$tbl));
+        &mov    ("ecx",&wparam(2));             # number of bits in key
        &cmp    ("ecx",128);
        &je     (&label("10rounds"));
        &cmp    ("ecx",192);
@@ -1394,24 +2814,23 @@ sub enckey()
                &mov    ("edx","eax");
                &mov    ("eax",&DWP(16,"edi"));         # rk[4]
                &movz   ("esi",&LB("edx"));             # rk[11]>>0
-                &mov    ("ebx",&DWP(2,"ebp","esi",8));
+                &movz   ("ebx",&BP(-128,$tbl,"esi",1));
                &movz   ("esi",&HB("edx"));             # rk[11]>>8
-                &and    ("ebx",0x000000FF);
                &xor    ("eax","ebx");
-                &mov    ("ebx",&DWP(0,"ebp","esi",8));
+                &movz   ("ebx",&BP(-128,$tbl,"esi",1));
                &shr    ("edx",16);
-                &and    ("ebx",0x0000FF00);
+                &shl    ("ebx",8);
                &movz   ("esi",&LB("edx"));             # rk[11]>>16
                &xor    ("eax","ebx");
-                &mov    ("ebx",&DWP(0,"ebp","esi",8));
+                &movz   ("ebx",&BP(-128,$tbl,"esi",1));
                &movz   ("esi",&HB("edx"));             # rk[11]>>24
-                &and    ("ebx",0x00FF0000);
+                &shl    ("ebx",16);
                &xor    ("eax","ebx");
-                &mov    ("ebx",&DWP(2,"ebp","esi",8));
+                &movz   ("ebx",&BP(-128,$tbl,"esi",1));
-                &and    ("ebx",0xFF000000);
+                &shl    ("ebx",24);
                &xor    ("eax","ebx");
                &mov    (&DWP(48,"edi"),"eax");         # rk[12]
@@ -1433,43 +2852,74 @@ sub enckey()
    &set_label("badpointer");
        &mov    ("eax",-1);
    &set_label("exit");
-&function_end("AES_set_encrypt_key");
+&function_end("_x86_AES_set_encrypt_key");
-sub deckey()
+# int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
-{ my ($i,$ptr,$te,$td) = @_;
+#                        AES_KEY *key)
+&function_begin_B("AES_set_encrypt_key");
+        &call   ("_x86_AES_set_encrypt_key");
+        &ret    ();
+&function_end_B("AES_set_encrypt_key");
-        &mov    ("eax",&DWP($i,$ptr));
+sub deckey()
-        &mov    ("edx","eax");
+{ my ($i,$key,$tp1,$tp2,$tp4,$tp8) = @_;
-        &movz   ("ebx",&HB("eax"));
+  my $tmp = $tbl;
-        &shr    ("edx",16);
-        &and    ("eax",0xFF);
+        &mov    ($acc,$tp1);
-        &movz   ("eax",&BP(2,$te,"eax",8));
+        &and    ($acc,0x80808080);
-        &movz   ("ebx",&BP(2,$te,"ebx",8));
+        &mov    ($tmp,$acc);
-        &mov    ("eax",&DWP(0,$td,"eax",8));
+        &shr    ($tmp,7);
-        &xor    ("eax",&DWP(3,$td,"ebx",8));
+        &lea    ($tp2,&DWP(0,$tp1,$tp1));
-        &movz   ("ebx",&HB("edx"));
+        &sub    ($acc,$tmp);
-        &and    ("edx",0xFF);
+        &and    ($tp2,0xfefefefe);
-        &movz   ("edx",&BP(2,$te,"edx",8));
+        &and    ($acc,0x1b1b1b1b);
-        &movz   ("ebx",&BP(2,$te,"ebx",8));
+        &xor    ($acc,$tp2);
-        &xor    ("eax",&DWP(2,$td,"edx",8));
+        &mov    ($tp2,$acc);
-        &xor    ("eax",&DWP(1,$td,"ebx",8));
-        &mov    (&DWP($i,$ptr),"eax");
+        &and    ($acc,0x80808080);
+        &mov    ($tmp,$acc);
+        &shr    ($tmp,7);
+        &lea    ($tp4,&DWP(0,$tp2,$tp2));
+        &sub    ($acc,$tmp);
+        &and    ($tp4,0xfefefefe);
+        &and    ($acc,0x1b1b1b1b);
+         &xor   ($tp2,$tp1);    # tp2^tp1
+        &xor    ($acc,$tp4);
+        &mov    ($tp4,$acc);
+        &and    ($acc,0x80808080);
+        &mov    ($tmp,$acc);
+        &shr    ($tmp,7);
+        &lea    ($tp8,&DWP(0,$tp4,$tp4));
+         &xor   ($tp4,$tp1);    # tp4^tp1
+        &sub    ($acc,$tmp);
+        &and    ($tp8,0xfefefefe);
+        &and    ($acc,0x1b1b1b1b);
+         &rotl  ($tp1,8);       # = ROTATE(tp1,8)
+        &xor    ($tp8,$acc);
+        &mov    ($tmp,&DWP(4*($i+1),$key));     # modulo-scheduled load
+        &xor    ($tp1,$tp2);
+        &xor    ($tp2,$tp8);
+        &xor    ($tp1,$tp4);
+        &rotl   ($tp2,24);
+        &xor    ($tp4,$tp8);
+        &xor    ($tp1,$tp8);    # ^= tp8^(tp4^tp1)^(tp2^tp1)
+        &rotl   ($tp4,16);
+        &xor    ($tp1,$tp2);    # ^= ROTATE(tp8^tp2^tp1,24)
+        &rotl   ($tp8,8);
+        &xor    ($tp1,$tp4);    # ^= ROTATE(tp8^tp4^tp1,16)
+        &mov    ($tp2,$tmp);
+        &xor    ($tp1,$tp8);    # ^= ROTATE(tp8,8)
+        &mov    (&DWP(4*$i,$key),$tp1);
 }
 # int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
 #                        AES_KEY *key)
-&public_label("AES_Td");
-&public_label("AES_Te");
 &function_begin_B("AES_set_decrypt_key");
-        &mov    ("eax",&wparam(0));
+        &call   ("_x86_AES_set_encrypt_key");
-        &mov    ("ecx",&wparam(1));
-        &mov    ("edx",&wparam(2));
-        &sub    ("esp",12);
-        &mov    (&DWP(0,"esp"),"eax");
-        &mov    (&DWP(4,"esp"),"ecx");
-        &mov    (&DWP(8,"esp"),"edx");
-        &call   ("AES_set_encrypt_key");
-        &add    ("esp",12);
        &cmp    ("eax",0);
        &je     (&label("proceed"));
        &ret    ();
@@ -1485,8 +2935,7 @@ sub deckey()
        &lea    ("ecx",&DWP(0,"","ecx",4));
        &lea    ("edi",&DWP(0,"esi","ecx",4));  # pointer to last chunk
-        &align  (4);
+        &set_label("invert",4);                 # invert order of chunks
-        &set_label("invert");                   # invert order of chunks
                &mov    ("eax",&DWP(0,"esi"));
                &mov    ("ebx",&DWP(4,"esi"));
                &mov    ("ecx",&DWP(0,"edi"));
@@ -1508,26 +2957,24 @@ sub deckey()
                &cmp    ("esi","edi");
        &jne    (&label("invert"));
-        &call   (&label("pic_point"));
+        &mov    ($key,&wparam(2));
-        &set_label("pic_point");
+        &mov    ($acc,&DWP(240,$key));          # pull number of rounds
-        blindpop("ebp");
+        &lea    ($acc,&DWP(-2,$acc,$acc));
-        &lea    ("edi",&DWP(&label("AES_Td")."-".&label("pic_point"),"ebp"));
+        &lea    ($acc,&DWP(0,$key,$acc,8));
-        &lea    ("ebp",&DWP(&label("AES_Te")."-".&label("pic_point"),"ebp"));
+        &mov    (&wparam(2),$acc);
-        &mov    ("esi",&wparam(2));
+        &mov    ($s0,&DWP(16,$key));            # modulo-scheduled load
-        &mov    ("ecx",&DWP(240,"esi"));        # pull number of rounds
+        &set_label("permute",4);                # permute the key schedule
-        &dec    ("ecx");
+                &add    ($key,16);
-        &align  (4);
+                &deckey (0,$key,$s0,$s1,$s2,$s3);
-        &set_label("permute");                  # permute the key schedule
+                &deckey (1,$key,$s1,$s2,$s3,$s0);
-                &add    ("esi",16);
+                &deckey (2,$key,$s2,$s3,$s0,$s1);
-                &deckey (0,"esi","ebp","edi");
+                &deckey (3,$key,$s3,$s0,$s1,$s2);
-                &deckey (4,"esi","ebp","edi");
+                &cmp    ($key,&wparam(2));
-                &deckey (8,"esi","ebp","edi");
+        &jb     (&label("permute"));
-                &deckey (12,"esi","ebp","edi");
-                &dec    ("ecx");
-        &jnz    (&label("permute"));
        &xor    ("eax","eax");                  # return success
 &function_end("AES_set_decrypt_key");
+&asciz("AES for x86, CRYPTOGAMS by <appro\@openssl.org>");
 &asm_finish();
diff --git a/src/lib/libcrypto/aes/asm/aes-armv4.pl b/src/lib/libcrypto/aes/asm/aes-armv4.pl
index 15742c1ec5..690244111a 100644
--- a/src/lib/libcrypto/aes/asm/aes-armv4.pl
+++ b/src/lib/libcrypto/aes/asm/aes-armv4.pl
@@ -1024,6 +1024,7 @@ _armv4_AES_decrypt:
        mov     pc,lr                   @ return
 .size   _armv4_AES_decrypt,.-_armv4_AES_decrypt
 .asciz  "AES for ARMv4, CRYPTOGAMS by <appro\@openssl.org>"
+.align  2
 ___
 $code =~ s/\bbx\s+lr\b/.word\t0xe12fff1e/gm;    # make it possible to compile with -march=armv4
diff --git a/src/lib/libcrypto/aes/asm/aes-ppc.pl b/src/lib/libcrypto/aes/asm/aes-ppc.pl
index ce427655ef..f82c5e1814 100644
--- a/src/lib/libcrypto/aes/asm/aes-ppc.pl
+++ b/src/lib/libcrypto/aes/asm/aes-ppc.pl
@@ -16,6 +16,19 @@
 # at 1/2 of ppc_AES_encrypt speed, while ppc_AES_decrypt_compact -
 # at 1/3 of ppc_AES_decrypt.
+# February 2010
+#
+# Rescheduling instructions to favour Power6 pipeline gives 10%
+# performance improvement on the platfrom in question (and marginal
+# improvement even on others). It should be noted that Power6 fails
+# to process byte in 18 cycles, only in 23, because it fails to issue
+# 4 load instructions in two cycles, only in 3. As result non-compact
+# block subroutines are 25% slower than one would expect. Compact
+# functions scale better, because they have pure computational part,
+# which scales perfectly with clock frequency. To be specific
+# ppc_AES_encrypt_compact operates at 42 cycles per byte, while
+# ppc_AES_decrypt_compact - at 55 (in 64-bit build).
 $flavour = shift;
 if ($flavour =~ /64/) {
@@ -376,7 +389,7 @@ $code.=<<___;
        addi    $sp,$sp,$FRAME
        blr
-.align  4
+.align  5
 Lppc_AES_encrypt:
        lwz     $acc00,240($key)
        lwz     $t0,0($key)
@@ -397,46 +410,46 @@ Lppc_AES_encrypt:
 Lenc_loop:
        rlwinm  $acc00,$s0,`32-24+3`,21,28
        rlwinm  $acc01,$s1,`32-24+3`,21,28
-        lwz     $t0,0($key)
-        lwz     $t1,4($key)
        rlwinm  $acc02,$s2,`32-24+3`,21,28
        rlwinm  $acc03,$s3,`32-24+3`,21,28
-        lwz     $t2,8($key)
+        lwz     $t0,0($key)
-        lwz     $t3,12($key)
+        lwz     $t1,4($key)
        rlwinm  $acc04,$s1,`32-16+3`,21,28
        rlwinm  $acc05,$s2,`32-16+3`,21,28
-        lwzx    $acc00,$Tbl0,$acc00
+        lwz     $t2,8($key)
-        lwzx    $acc01,$Tbl0,$acc01
+        lwz     $t3,12($key)
        rlwinm  $acc06,$s3,`32-16+3`,21,28
        rlwinm  $acc07,$s0,`32-16+3`,21,28
-        lwzx    $acc02,$Tbl0,$acc02
+        lwzx    $acc00,$Tbl0,$acc00
-        lwzx    $acc03,$Tbl0,$acc03
+        lwzx    $acc01,$Tbl0,$acc01
        rlwinm  $acc08,$s2,`32-8+3`,21,28
        rlwinm  $acc09,$s3,`32-8+3`,21,28
-        lwzx    $acc04,$Tbl1,$acc04
+        lwzx    $acc02,$Tbl0,$acc02
-        lwzx    $acc05,$Tbl1,$acc05
+        lwzx    $acc03,$Tbl0,$acc03
        rlwinm  $acc10,$s0,`32-8+3`,21,28
        rlwinm  $acc11,$s1,`32-8+3`,21,28
-        lwzx    $acc06,$Tbl1,$acc06
+        lwzx    $acc04,$Tbl1,$acc04
-        lwzx    $acc07,$Tbl1,$acc07
+        lwzx    $acc05,$Tbl1,$acc05
        rlwinm  $acc12,$s3,`0+3`,21,28
        rlwinm  $acc13,$s0,`0+3`,21,28
-        lwzx    $acc08,$Tbl2,$acc08
+        lwzx    $acc06,$Tbl1,$acc06
-        lwzx    $acc09,$Tbl2,$acc09
+        lwzx    $acc07,$Tbl1,$acc07
        rlwinm  $acc14,$s1,`0+3`,21,28
        rlwinm  $acc15,$s2,`0+3`,21,28
-        lwzx    $acc10,$Tbl2,$acc10
+        lwzx    $acc08,$Tbl2,$acc08
-        lwzx    $acc11,$Tbl2,$acc11
+        lwzx    $acc09,$Tbl2,$acc09
        xor     $t0,$t0,$acc00
        xor     $t1,$t1,$acc01
-        lwzx    $acc12,$Tbl3,$acc12
+        lwzx    $acc10,$Tbl2,$acc10
-        lwzx    $acc13,$Tbl3,$acc13
+        lwzx    $acc11,$Tbl2,$acc11
        xor     $t2,$t2,$acc02
        xor     $t3,$t3,$acc03
-        lwzx    $acc14,$Tbl3,$acc14
+        lwzx    $acc12,$Tbl3,$acc12
-        lwzx    $acc15,$Tbl3,$acc15
+        lwzx    $acc13,$Tbl3,$acc13
        xor     $t0,$t0,$acc04
        xor     $t1,$t1,$acc05
+        lwzx    $acc14,$Tbl3,$acc14
+        lwzx    $acc15,$Tbl3,$acc15
        xor     $t2,$t2,$acc06
        xor     $t3,$t3,$acc07
        xor     $t0,$t0,$acc08
@@ -452,60 +465,60 @@ Lenc_loop:
        addi    $Tbl2,$Tbl0,2048
        nop
-        lwz     $acc08,`2048+0`($Tbl0)  ! prefetch Te4
-        lwz     $acc09,`2048+32`($Tbl0)
-        lwz     $acc10,`2048+64`($Tbl0)
-        lwz     $acc11,`2048+96`($Tbl0)
-        lwz     $acc08,`2048+128`($Tbl0)
-        lwz     $acc09,`2048+160`($Tbl0)
-        lwz     $acc10,`2048+192`($Tbl0)
-        lwz     $acc11,`2048+224`($Tbl0)
-        rlwinm  $acc00,$s0,`32-24`,24,31
-        rlwinm  $acc01,$s1,`32-24`,24,31
        lwz     $t0,0($key)
        lwz     $t1,4($key)
-        rlwinm  $acc02,$s2,`32-24`,24,31
+        rlwinm  $acc00,$s0,`32-24`,24,31
-        rlwinm  $acc03,$s3,`32-24`,24,31
+        rlwinm  $acc01,$s1,`32-24`,24,31
        lwz     $t2,8($key)
        lwz     $t3,12($key)
+        rlwinm  $acc02,$s2,`32-24`,24,31
+        rlwinm  $acc03,$s3,`32-24`,24,31
+        lwz     $acc08,`2048+0`($Tbl0)  ! prefetch Te4
+        lwz     $acc09,`2048+32`($Tbl0)
        rlwinm  $acc04,$s1,`32-16`,24,31
        rlwinm  $acc05,$s2,`32-16`,24,31
-        lbzx    $acc00,$Tbl2,$acc00
+        lwz     $acc10,`2048+64`($Tbl0)
-        lbzx    $acc01,$Tbl2,$acc01
+        lwz     $acc11,`2048+96`($Tbl0)
        rlwinm  $acc06,$s3,`32-16`,24,31
        rlwinm  $acc07,$s0,`32-16`,24,31
-        lbzx    $acc02,$Tbl2,$acc02
+        lwz     $acc12,`2048+128`($Tbl0)
-        lbzx    $acc03,$Tbl2,$acc03
+        lwz     $acc13,`2048+160`($Tbl0)
        rlwinm  $acc08,$s2,`32-8`,24,31
        rlwinm  $acc09,$s3,`32-8`,24,31
-        lbzx    $acc04,$Tbl2,$acc04
+        lwz     $acc14,`2048+192`($Tbl0)
-        lbzx    $acc05,$Tbl2,$acc05
+        lwz     $acc15,`2048+224`($Tbl0)
        rlwinm  $acc10,$s0,`32-8`,24,31
        rlwinm  $acc11,$s1,`32-8`,24,31
-        lbzx    $acc06,$Tbl2,$acc06
+        lbzx    $acc00,$Tbl2,$acc00
-        lbzx    $acc07,$Tbl2,$acc07
+        lbzx    $acc01,$Tbl2,$acc01
        rlwinm  $acc12,$s3,`0`,24,31
        rlwinm  $acc13,$s0,`0`,24,31
-        lbzx    $acc08,$Tbl2,$acc08
+        lbzx    $acc02,$Tbl2,$acc02
-        lbzx    $acc09,$Tbl2,$acc09
+        lbzx    $acc03,$Tbl2,$acc03
        rlwinm  $acc14,$s1,`0`,24,31
        rlwinm  $acc15,$s2,`0`,24,31
-        lbzx    $acc10,$Tbl2,$acc10
+        lbzx    $acc04,$Tbl2,$acc04
-        lbzx    $acc11,$Tbl2,$acc11
+        lbzx    $acc05,$Tbl2,$acc05
        rlwinm  $s0,$acc00,24,0,7
        rlwinm  $s1,$acc01,24,0,7
-        lbzx    $acc12,$Tbl2,$acc12
+        lbzx    $acc06,$Tbl2,$acc06
-        lbzx    $acc13,$Tbl2,$acc13
+        lbzx    $acc07,$Tbl2,$acc07
        rlwinm  $s2,$acc02,24,0,7
        rlwinm  $s3,$acc03,24,0,7
-        lbzx    $acc14,$Tbl2,$acc14
+        lbzx    $acc08,$Tbl2,$acc08
-        lbzx    $acc15,$Tbl2,$acc15
+        lbzx    $acc09,$Tbl2,$acc09
        rlwimi  $s0,$acc04,16,8,15
        rlwimi  $s1,$acc05,16,8,15
+        lbzx    $acc10,$Tbl2,$acc10
+        lbzx    $acc11,$Tbl2,$acc11
        rlwimi  $s2,$acc06,16,8,15
        rlwimi  $s3,$acc07,16,8,15
+        lbzx    $acc12,$Tbl2,$acc12
+        lbzx    $acc13,$Tbl2,$acc13
        rlwimi  $s0,$acc08,8,16,23
        rlwimi  $s1,$acc09,8,16,23
+        lbzx    $acc14,$Tbl2,$acc14
+        lbzx    $acc15,$Tbl2,$acc15
        rlwimi  $s2,$acc10,8,16,23
        rlwimi  $s3,$acc11,8,16,23
        or      $s0,$s0,$acc12
@@ -542,40 +555,40 @@ Lenc_compact_loop:
        rlwinm  $acc01,$s1,`32-24`,24,31
        rlwinm  $acc02,$s2,`32-24`,24,31
        rlwinm  $acc03,$s3,`32-24`,24,31
-        lbzx    $acc00,$Tbl1,$acc00
-        lbzx    $acc01,$Tbl1,$acc01
        rlwinm  $acc04,$s1,`32-16`,24,31
        rlwinm  $acc05,$s2,`32-16`,24,31
-        lbzx    $acc02,$Tbl1,$acc02
-        lbzx    $acc03,$Tbl1,$acc03
        rlwinm  $acc06,$s3,`32-16`,24,31
        rlwinm  $acc07,$s0,`32-16`,24,31
-        lbzx    $acc04,$Tbl1,$acc04
+        lbzx    $acc00,$Tbl1,$acc00
-        lbzx    $acc05,$Tbl1,$acc05
+        lbzx    $acc01,$Tbl1,$acc01
        rlwinm  $acc08,$s2,`32-8`,24,31
        rlwinm  $acc09,$s3,`32-8`,24,31
-        lbzx    $acc06,$Tbl1,$acc06
+        lbzx    $acc02,$Tbl1,$acc02
-        lbzx    $acc07,$Tbl1,$acc07
+        lbzx    $acc03,$Tbl1,$acc03
        rlwinm  $acc10,$s0,`32-8`,24,31
        rlwinm  $acc11,$s1,`32-8`,24,31
-        lbzx    $acc08,$Tbl1,$acc08
+        lbzx    $acc04,$Tbl1,$acc04
-        lbzx    $acc09,$Tbl1,$acc09
+        lbzx    $acc05,$Tbl1,$acc05
        rlwinm  $acc12,$s3,`0`,24,31
        rlwinm  $acc13,$s0,`0`,24,31
-        lbzx    $acc10,$Tbl1,$acc10
+        lbzx    $acc06,$Tbl1,$acc06
-        lbzx    $acc11,$Tbl1,$acc11
+        lbzx    $acc07,$Tbl1,$acc07
        rlwinm  $acc14,$s1,`0`,24,31
        rlwinm  $acc15,$s2,`0`,24,31
-        lbzx    $acc12,$Tbl1,$acc12
+        lbzx    $acc08,$Tbl1,$acc08
-        lbzx    $acc13,$Tbl1,$acc13
+        lbzx    $acc09,$Tbl1,$acc09
        rlwinm  $s0,$acc00,24,0,7
        rlwinm  $s1,$acc01,24,0,7
-        lbzx    $acc14,$Tbl1,$acc14
+        lbzx    $acc10,$Tbl1,$acc10
-        lbzx    $acc15,$Tbl1,$acc15
+        lbzx    $acc11,$Tbl1,$acc11
        rlwinm  $s2,$acc02,24,0,7
        rlwinm  $s3,$acc03,24,0,7
+        lbzx    $acc12,$Tbl1,$acc12
+        lbzx    $acc13,$Tbl1,$acc13
        rlwimi  $s0,$acc04,16,8,15
        rlwimi  $s1,$acc05,16,8,15
+        lbzx    $acc14,$Tbl1,$acc14
+        lbzx    $acc15,$Tbl1,$acc15
        rlwimi  $s2,$acc06,16,8,15
        rlwimi  $s3,$acc07,16,8,15
        rlwimi  $s0,$acc08,8,16,23
@@ -725,7 +738,7 @@ Lenc_compact_done:
        addi    $sp,$sp,$FRAME
        blr
-.align  4
+.align  5
 Lppc_AES_decrypt:
        lwz     $acc00,240($key)
        lwz     $t0,0($key)
@@ -746,46 +759,46 @@ Lppc_AES_decrypt:
 Ldec_loop:
        rlwinm  $acc00,$s0,`32-24+3`,21,28
        rlwinm  $acc01,$s1,`32-24+3`,21,28
-        lwz     $t0,0($key)
-        lwz     $t1,4($key)
        rlwinm  $acc02,$s2,`32-24+3`,21,28
        rlwinm  $acc03,$s3,`32-24+3`,21,28
-        lwz     $t2,8($key)
+        lwz     $t0,0($key)
-        lwz     $t3,12($key)
+        lwz     $t1,4($key)
        rlwinm  $acc04,$s3,`32-16+3`,21,28
        rlwinm  $acc05,$s0,`32-16+3`,21,28
-        lwzx    $acc00,$Tbl0,$acc00
+        lwz     $t2,8($key)
-        lwzx    $acc01,$Tbl0,$acc01
+        lwz     $t3,12($key)
        rlwinm  $acc06,$s1,`32-16+3`,21,28
        rlwinm  $acc07,$s2,`32-16+3`,21,28
-        lwzx    $acc02,$Tbl0,$acc02
+        lwzx    $acc00,$Tbl0,$acc00
-        lwzx    $acc03,$Tbl0,$acc03
+        lwzx    $acc01,$Tbl0,$acc01
        rlwinm  $acc08,$s2,`32-8+3`,21,28
        rlwinm  $acc09,$s3,`32-8+3`,21,28
-        lwzx    $acc04,$Tbl1,$acc04
+        lwzx    $acc02,$Tbl0,$acc02
-        lwzx    $acc05,$Tbl1,$acc05
+        lwzx    $acc03,$Tbl0,$acc03
        rlwinm  $acc10,$s0,`32-8+3`,21,28
        rlwinm  $acc11,$s1,`32-8+3`,21,28
-        lwzx    $acc06,$Tbl1,$acc06
+        lwzx    $acc04,$Tbl1,$acc04
-        lwzx    $acc07,$Tbl1,$acc07
+        lwzx    $acc05,$Tbl1,$acc05
        rlwinm  $acc12,$s1,`0+3`,21,28
        rlwinm  $acc13,$s2,`0+3`,21,28
-        lwzx    $acc08,$Tbl2,$acc08
+        lwzx    $acc06,$Tbl1,$acc06
-        lwzx    $acc09,$Tbl2,$acc09
+        lwzx    $acc07,$Tbl1,$acc07
        rlwinm  $acc14,$s3,`0+3`,21,28
        rlwinm  $acc15,$s0,`0+3`,21,28
-        lwzx    $acc10,$Tbl2,$acc10
+        lwzx    $acc08,$Tbl2,$acc08
-        lwzx    $acc11,$Tbl2,$acc11
+        lwzx    $acc09,$Tbl2,$acc09
        xor     $t0,$t0,$acc00
        xor     $t1,$t1,$acc01
-        lwzx    $acc12,$Tbl3,$acc12
+        lwzx    $acc10,$Tbl2,$acc10
-        lwzx    $acc13,$Tbl3,$acc13
+        lwzx    $acc11,$Tbl2,$acc11
        xor     $t2,$t2,$acc02
        xor     $t3,$t3,$acc03
-        lwzx    $acc14,$Tbl3,$acc14
+        lwzx    $acc12,$Tbl3,$acc12
-        lwzx    $acc15,$Tbl3,$acc15
+        lwzx    $acc13,$Tbl3,$acc13
        xor     $t0,$t0,$acc04
        xor     $t1,$t1,$acc05
+        lwzx    $acc14,$Tbl3,$acc14
+        lwzx    $acc15,$Tbl3,$acc15
        xor     $t2,$t2,$acc06
        xor     $t3,$t3,$acc07
        xor     $t0,$t0,$acc08
@@ -801,56 +814,56 @@ Ldec_loop:
        addi    $Tbl2,$Tbl0,2048
        nop
-        lwz     $acc08,`2048+0`($Tbl0)  ! prefetch Td4
-        lwz     $acc09,`2048+32`($Tbl0)
-        lwz     $acc10,`2048+64`($Tbl0)
-        lwz     $acc11,`2048+96`($Tbl0)
-        lwz     $acc08,`2048+128`($Tbl0)
-        lwz     $acc09,`2048+160`($Tbl0)
-        lwz     $acc10,`2048+192`($Tbl0)
-        lwz     $acc11,`2048+224`($Tbl0)
-        rlwinm  $acc00,$s0,`32-24`,24,31
-        rlwinm  $acc01,$s1,`32-24`,24,31
        lwz     $t0,0($key)
        lwz     $t1,4($key)
-        rlwinm  $acc02,$s2,`32-24`,24,31
+        rlwinm  $acc00,$s0,`32-24`,24,31
-        rlwinm  $acc03,$s3,`32-24`,24,31
+        rlwinm  $acc01,$s1,`32-24`,24,31
        lwz     $t2,8($key)
        lwz     $t3,12($key)
+        rlwinm  $acc02,$s2,`32-24`,24,31
+        rlwinm  $acc03,$s3,`32-24`,24,31
+        lwz     $acc08,`2048+0`($Tbl0)  ! prefetch Td4
+        lwz     $acc09,`2048+32`($Tbl0)
        rlwinm  $acc04,$s3,`32-16`,24,31
        rlwinm  $acc05,$s0,`32-16`,24,31
+        lwz     $acc10,`2048+64`($Tbl0)
+        lwz     $acc11,`2048+96`($Tbl0)
        lbzx    $acc00,$Tbl2,$acc00
        lbzx    $acc01,$Tbl2,$acc01
+        lwz     $acc12,`2048+128`($Tbl0)
+        lwz     $acc13,`2048+160`($Tbl0)
        rlwinm  $acc06,$s1,`32-16`,24,31
        rlwinm  $acc07,$s2,`32-16`,24,31
-        lbzx    $acc02,$Tbl2,$acc02
+        lwz     $acc14,`2048+192`($Tbl0)
-        lbzx    $acc03,$Tbl2,$acc03
+        lwz     $acc15,`2048+224`($Tbl0)
        rlwinm  $acc08,$s2,`32-8`,24,31
        rlwinm  $acc09,$s3,`32-8`,24,31
-        lbzx    $acc04,$Tbl2,$acc04
+        lbzx    $acc02,$Tbl2,$acc02
-        lbzx    $acc05,$Tbl2,$acc05
+        lbzx    $acc03,$Tbl2,$acc03
        rlwinm  $acc10,$s0,`32-8`,24,31
        rlwinm  $acc11,$s1,`32-8`,24,31
-        lbzx    $acc06,$Tbl2,$acc06
+        lbzx    $acc04,$Tbl2,$acc04
-        lbzx    $acc07,$Tbl2,$acc07
+        lbzx    $acc05,$Tbl2,$acc05
        rlwinm  $acc12,$s1,`0`,24,31
        rlwinm  $acc13,$s2,`0`,24,31
-        lbzx    $acc08,$Tbl2,$acc08
+        lbzx    $acc06,$Tbl2,$acc06
-        lbzx    $acc09,$Tbl2,$acc09
+        lbzx    $acc07,$Tbl2,$acc07
        rlwinm  $acc14,$s3,`0`,24,31
        rlwinm  $acc15,$s0,`0`,24,31
-        lbzx    $acc10,$Tbl2,$acc10
+        lbzx    $acc08,$Tbl2,$acc08
-        lbzx    $acc11,$Tbl2,$acc11
+        lbzx    $acc09,$Tbl2,$acc09
        rlwinm  $s0,$acc00,24,0,7
        rlwinm  $s1,$acc01,24,0,7
-        lbzx    $acc12,$Tbl2,$acc12
+        lbzx    $acc10,$Tbl2,$acc10
-        lbzx    $acc13,$Tbl2,$acc13
+        lbzx    $acc11,$Tbl2,$acc11
        rlwinm  $s2,$acc02,24,0,7
        rlwinm  $s3,$acc03,24,0,7
-        lbzx    $acc14,$Tbl2,$acc14
+        lbzx    $acc12,$Tbl2,$acc12
-        lbzx    $acc15,$Tbl2,$acc15
+        lbzx    $acc13,$Tbl2,$acc13
        rlwimi  $s0,$acc04,16,8,15
        rlwimi  $s1,$acc05,16,8,15
+        lbzx    $acc14,$Tbl2,$acc14
+        lbzx    $acc15,$Tbl2,$acc15
        rlwimi  $s2,$acc06,16,8,15
        rlwimi  $s3,$acc07,16,8,15
        rlwimi  $s0,$acc08,8,16,23
@@ -897,40 +910,40 @@ Ldec_compact_loop:
        rlwinm  $acc01,$s1,`32-24`,24,31
        rlwinm  $acc02,$s2,`32-24`,24,31
        rlwinm  $acc03,$s3,`32-24`,24,31
-        lbzx    $acc00,$Tbl1,$acc00
-        lbzx    $acc01,$Tbl1,$acc01
        rlwinm  $acc04,$s3,`32-16`,24,31
        rlwinm  $acc05,$s0,`32-16`,24,31
-        lbzx    $acc02,$Tbl1,$acc02
-        lbzx    $acc03,$Tbl1,$acc03
        rlwinm  $acc06,$s1,`32-16`,24,31
        rlwinm  $acc07,$s2,`32-16`,24,31
-        lbzx    $acc04,$Tbl1,$acc04
+        lbzx    $acc00,$Tbl1,$acc00
-        lbzx    $acc05,$Tbl1,$acc05
+        lbzx    $acc01,$Tbl1,$acc01
        rlwinm  $acc08,$s2,`32-8`,24,31
        rlwinm  $acc09,$s3,`32-8`,24,31
-        lbzx    $acc06,$Tbl1,$acc06
+        lbzx    $acc02,$Tbl1,$acc02
-        lbzx    $acc07,$Tbl1,$acc07
+        lbzx    $acc03,$Tbl1,$acc03
        rlwinm  $acc10,$s0,`32-8`,24,31
        rlwinm  $acc11,$s1,`32-8`,24,31
-        lbzx    $acc08,$Tbl1,$acc08
+        lbzx    $acc04,$Tbl1,$acc04
-        lbzx    $acc09,$Tbl1,$acc09
+        lbzx    $acc05,$Tbl1,$acc05
        rlwinm  $acc12,$s1,`0`,24,31
        rlwinm  $acc13,$s2,`0`,24,31
-        lbzx    $acc10,$Tbl1,$acc10
+        lbzx    $acc06,$Tbl1,$acc06
-        lbzx    $acc11,$Tbl1,$acc11
+        lbzx    $acc07,$Tbl1,$acc07
        rlwinm  $acc14,$s3,`0`,24,31
        rlwinm  $acc15,$s0,`0`,24,31
-        lbzx    $acc12,$Tbl1,$acc12
+        lbzx    $acc08,$Tbl1,$acc08
-        lbzx    $acc13,$Tbl1,$acc13
+        lbzx    $acc09,$Tbl1,$acc09
        rlwinm  $s0,$acc00,24,0,7
        rlwinm  $s1,$acc01,24,0,7
-        lbzx    $acc14,$Tbl1,$acc14
+        lbzx    $acc10,$Tbl1,$acc10
-        lbzx    $acc15,$Tbl1,$acc15
+        lbzx    $acc11,$Tbl1,$acc11
        rlwinm  $s2,$acc02,24,0,7
        rlwinm  $s3,$acc03,24,0,7
+        lbzx    $acc12,$Tbl1,$acc12
+        lbzx    $acc13,$Tbl1,$acc13
        rlwimi  $s0,$acc04,16,8,15
        rlwimi  $s1,$acc05,16,8,15
+        lbzx    $acc14,$Tbl1,$acc14
+        lbzx    $acc15,$Tbl1,$acc15
        rlwimi  $s2,$acc06,16,8,15
        rlwimi  $s3,$acc07,16,8,15
        rlwimi  $s0,$acc08,8,16,23
diff --git a/src/lib/libcrypto/aes/asm/aes-s390x.pl b/src/lib/libcrypto/aes/asm/aes-s390x.pl
index 4b27afd92f..7e01889298 100644
--- a/src/lib/libcrypto/aes/asm/aes-s390x.pl
+++ b/src/lib/libcrypto/aes/asm/aes-s390x.pl
@@ -765,6 +765,11 @@ $code.=<<___ if (!$softonly);
        srl     %r5,6
        ar      %r5,%r0
+        larl    %r1,OPENSSL_s390xcap_P
+        lg      %r0,0(%r1)
+        tmhl    %r0,0x4000      # check for message-security assist
+        jz      .Lekey_internal
        lghi    %r0,0           # query capability vector
        la      %r1,16($sp)
        .long   0xb92f0042      # kmc %r4,%r2
@@ -1323,6 +1328,7 @@ $code.=<<___;
 4:      ex      $len,0($s1)
        j       .Lcbc_dec_exit
 .size   AES_cbc_encrypt,.-AES_cbc_encrypt
+.comm  OPENSSL_s390xcap_P,8,8
 ___
 }
 $code.=<<___;
diff --git a/src/lib/libcrypto/aes/asm/aes-x86_64.pl b/src/lib/libcrypto/aes/asm/aes-x86_64.pl
index f616f1751f..a545e892ae 100755
--- a/src/lib/libcrypto/aes/asm/aes-x86_64.pl
+++ b/src/lib/libcrypto/aes/asm/aes-x86_64.pl
@@ -2,11 +2,12 @@
 #
 # ====================================================================
 # Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. Rights for redistribution and usage in source and binary
+# project. The module is, however, dual licensed under OpenSSL and
-# forms are granted according to the OpenSSL license.
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
 # ====================================================================
 #
-# Version 1.2.
+# Version 2.1.
 #
 # aes-*-cbc benchmarks are improved by >70% [compared to gcc 3.3.2 on
 # Opteron 240 CPU] plus all the bells-n-whistles from 32-bit version
@@ -17,17 +18,29 @@
 #
 # Performance in number of cycles per processed byte for 128-bit key:
 #
-#               ECB             CBC encrypt
+#               ECB encrypt     ECB decrypt     CBC large chunk
-# AMD64         13.7            13.0(*)
+# AMD64         33              41              13.0
-# EM64T         20.2            18.6(*)
+# EM64T         38              59              18.6(*)
+# Core 2        30              43              14.5(*)
 #
-# (*)   CBC benchmarks are better than ECB thanks to custom ABI used
+# (*) with hyper-threading off
-#       by the private block encryption function.
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+open STDOUT,"| $^X $xlate $flavour $output";
 $verticalspin=1;        # unlike 32-bit version $verticalspin performs
                        # ~15% better on both AMD and Intel cores
-$output=shift;
+$speed_limit=512;       # see aes-586.pl for details
-open STDOUT,"| $^X ../perlasm/x86_64-xlate.pl $output";
 $code=".text\n";
@@ -35,9 +48,9 @@ $s0="%eax";
 $s1="%ebx";
 $s2="%ecx";
 $s3="%edx";
-$acc0="%esi";
+$acc0="%esi";   $mask80="%rsi";
-$acc1="%edi";
+$acc1="%edi";   $maskfe="%rdi";
-$acc2="%ebp";
+$acc2="%ebp";   $mask1b="%rbp";
 $inp="%r8";
 $out="%r9";
 $t0="%r10d";
@@ -51,6 +64,8 @@ sub hi() { my $r=shift;	$r =~ s/%[er]([a-d])x/%\1h/;	$r; }
 sub lo() { my $r=shift; $r =~ s/%[er]([a-d])x/%\1l/;
                        $r =~ s/%[er]([sd]i)/%\1l/;
                        $r =~ s/%(r[0-9]+)[d]?/%\1b/;   $r; }
+sub LO() { my $r=shift; $r =~ s/%r([a-z]+)/%e\1/;
+                        $r =~ s/%r([0-9]+)/%r\1d/;      $r; }
 sub _data_word()
 { my $i;
    while(defined($i=shift)) { $code.=sprintf".long\t0x%08x,0x%08x\n",$i,$i; }
@@ -138,22 +153,17 @@ $code.=<<___;
        movzb   `&lo("$s0")`,$acc0
        movzb   `&lo("$s1")`,$acc1
        movzb   `&lo("$s2")`,$acc2
-        mov     2($sbox,$acc0,8),$t0
+        movzb   2($sbox,$acc0,8),$t0
-        mov     2($sbox,$acc1,8),$t1
+        movzb   2($sbox,$acc1,8),$t1
-        mov     2($sbox,$acc2,8),$t2
+        movzb   2($sbox,$acc2,8),$t2
-        and     \$0x000000ff,$t0
-        and     \$0x000000ff,$t1
-        and     \$0x000000ff,$t2
        movzb   `&lo("$s3")`,$acc0
        movzb   `&hi("$s1")`,$acc1
        movzb   `&hi("$s2")`,$acc2
-        mov     2($sbox,$acc0,8),$t3
+        movzb   2($sbox,$acc0,8),$t3
        mov     0($sbox,$acc1,8),$acc1  #$t0
        mov     0($sbox,$acc2,8),$acc2  #$t1
-        and     \$0x000000ff,$t3
        and     \$0x0000ff00,$acc1
        and     \$0x0000ff00,$acc2
@@ -345,6 +355,234 @@ $code.=<<___;
 .size   _x86_64_AES_encrypt,.-_x86_64_AES_encrypt
 ___
+# it's possible to implement this by shifting tN by 8, filling least
+# significant byte with byte load and finally bswap-ing at the end,
+# but such partial register load kills Core 2...
+sub enccompactvert()
+{ my ($t3,$t4,$t5)=("%r8d","%r9d","%r13d");
+$code.=<<___;
+        movzb   `&lo("$s0")`,$t0
+        movzb   `&lo("$s1")`,$t1
+        movzb   `&lo("$s2")`,$t2
+        movzb   ($sbox,$t0,1),$t0
+        movzb   ($sbox,$t1,1),$t1
+        movzb   ($sbox,$t2,1),$t2
+        movzb   `&lo("$s3")`,$t3
+        movzb   `&hi("$s1")`,$acc0
+        movzb   `&hi("$s2")`,$acc1
+        movzb   ($sbox,$t3,1),$t3
+        movzb   ($sbox,$acc0,1),$t4     #$t0
+        movzb   ($sbox,$acc1,1),$t5     #$t1
+        movzb   `&hi("$s3")`,$acc2
+        movzb   `&hi("$s0")`,$acc0
+        shr     \$16,$s2
+        movzb   ($sbox,$acc2,1),$acc2   #$t2
+        movzb   ($sbox,$acc0,1),$acc0   #$t3
+        shr     \$16,$s3
+        movzb   `&lo("$s2")`,$acc1
+        shl     \$8,$t4
+        shl     \$8,$t5
+        movzb   ($sbox,$acc1,1),$acc1   #$t0
+        xor     $t4,$t0
+        xor     $t5,$t1
+        movzb   `&lo("$s3")`,$t4
+        shr     \$16,$s0
+        shr     \$16,$s1
+        movzb   `&lo("$s0")`,$t5
+        shl     \$8,$acc2
+        shl     \$8,$acc0
+        movzb   ($sbox,$t4,1),$t4       #$t1
+        movzb   ($sbox,$t5,1),$t5       #$t2
+        xor     $acc2,$t2
+        xor     $acc0,$t3
+        movzb   `&lo("$s1")`,$acc2
+        movzb   `&hi("$s3")`,$acc0
+        shl     \$16,$acc1
+        movzb   ($sbox,$acc2,1),$acc2   #$t3
+        movzb   ($sbox,$acc0,1),$acc0   #$t0
+        xor     $acc1,$t0
+        movzb   `&hi("$s0")`,$acc1
+        shr     \$8,$s2
+        shr     \$8,$s1
+        movzb   ($sbox,$acc1,1),$acc1   #$t1
+        movzb   ($sbox,$s2,1),$s3       #$t3
+        movzb   ($sbox,$s1,1),$s2       #$t2
+        shl     \$16,$t4
+        shl     \$16,$t5
+        shl     \$16,$acc2
+        xor     $t4,$t1
+        xor     $t5,$t2
+        xor     $acc2,$t3
+        shl     \$24,$acc0
+        shl     \$24,$acc1
+        shl     \$24,$s3
+        xor     $acc0,$t0
+        shl     \$24,$s2
+        xor     $acc1,$t1
+        mov     $t0,$s0
+        mov     $t1,$s1
+        xor     $t2,$s2
+        xor     $t3,$s3
+___
+}
+sub enctransform_ref()
+{ my $sn = shift;
+  my ($acc,$r2,$tmp)=("%r8d","%r9d","%r13d");
+$code.=<<___;
+        mov     $sn,$acc
+        and     \$0x80808080,$acc
+        mov     $acc,$tmp
+        shr     \$7,$tmp
+        lea     ($sn,$sn),$r2
+        sub     $tmp,$acc
+        and     \$0xfefefefe,$r2
+        and     \$0x1b1b1b1b,$acc
+        mov     $sn,$tmp
+        xor     $acc,$r2
+        xor     $r2,$sn
+        rol     \$24,$sn
+        xor     $r2,$sn
+        ror     \$16,$tmp
+        xor     $tmp,$sn
+        ror     \$8,$tmp
+        xor     $tmp,$sn
+___
+}
+# unlike decrypt case it does not pay off to parallelize enctransform
+sub enctransform()
+{ my ($t3,$r20,$r21)=($acc2,"%r8d","%r9d");
+$code.=<<___;
+        mov     $s0,$acc0
+        mov     $s1,$acc1
+        and     \$0x80808080,$acc0
+        and     \$0x80808080,$acc1
+        mov     $acc0,$t0
+        mov     $acc1,$t1
+        shr     \$7,$t0
+        lea     ($s0,$s0),$r20
+        shr     \$7,$t1
+        lea     ($s1,$s1),$r21
+        sub     $t0,$acc0
+        sub     $t1,$acc1
+        and     \$0xfefefefe,$r20
+        and     \$0xfefefefe,$r21
+        and     \$0x1b1b1b1b,$acc0
+        and     \$0x1b1b1b1b,$acc1
+        mov     $s0,$t0
+        mov     $s1,$t1
+        xor     $acc0,$r20
+        xor     $acc1,$r21
+        xor     $r20,$s0
+        xor     $r21,$s1
+         mov    $s2,$acc0
+         mov    $s3,$acc1
+        rol     \$24,$s0
+        rol     \$24,$s1
+         and    \$0x80808080,$acc0
+         and    \$0x80808080,$acc1
+        xor     $r20,$s0
+        xor     $r21,$s1
+         mov    $acc0,$t2
+         mov    $acc1,$t3
+        ror     \$16,$t0
+        ror     \$16,$t1
+         shr    \$7,$t2
+         lea    ($s2,$s2),$r20
+        xor     $t0,$s0
+        xor     $t1,$s1
+         shr    \$7,$t3
+         lea    ($s3,$s3),$r21
+        ror     \$8,$t0
+        ror     \$8,$t1
+         sub    $t2,$acc0
+         sub    $t3,$acc1
+        xor     $t0,$s0
+        xor     $t1,$s1
+        and     \$0xfefefefe,$r20
+        and     \$0xfefefefe,$r21
+        and     \$0x1b1b1b1b,$acc0
+        and     \$0x1b1b1b1b,$acc1
+        mov     $s2,$t2
+        mov     $s3,$t3
+        xor     $acc0,$r20
+        xor     $acc1,$r21
+        xor     $r20,$s2
+        xor     $r21,$s3
+        rol     \$24,$s2
+        rol     \$24,$s3
+        xor     $r20,$s2
+        xor     $r21,$s3
+        mov     0($sbox),$acc0                  # prefetch Te4
+        ror     \$16,$t2
+        ror     \$16,$t3
+        mov     64($sbox),$acc1
+        xor     $t2,$s2
+        xor     $t3,$s3
+        mov     128($sbox),$r20
+        ror     \$8,$t2
+        ror     \$8,$t3
+        mov     192($sbox),$r21
+        xor     $t2,$s2
+        xor     $t3,$s3
+___
+}
+$code.=<<___;
+.type   _x86_64_AES_encrypt_compact,\@abi-omnipotent
+.align  16
+_x86_64_AES_encrypt_compact:
+        lea     128($sbox),$inp                 # size optimization
+        mov     0-128($inp),$acc1               # prefetch Te4
+        mov     32-128($inp),$acc2
+        mov     64-128($inp),$t0
+        mov     96-128($inp),$t1
+        mov     128-128($inp),$acc1
+        mov     160-128($inp),$acc2
+        mov     192-128($inp),$t0
+        mov     224-128($inp),$t1
+        jmp     .Lenc_loop_compact
+.align  16
+.Lenc_loop_compact:
+                xor     0($key),$s0             # xor with key
+                xor     4($key),$s1
+                xor     8($key),$s2
+                xor     12($key),$s3
+                lea     16($key),$key
+___
+                &enccompactvert();
+$code.=<<___;
+                cmp     16(%rsp),$key
+                je      .Lenc_compact_done
+___
+                &enctransform();
+$code.=<<___;
+        jmp     .Lenc_loop_compact
+.align  16
+.Lenc_compact_done:
+        xor     0($key),$s0
+        xor     4($key),$s1
+        xor     8($key),$s2
+        xor     12($key),$s3
+        .byte   0xf3,0xc3                       # rep ret
+.size   _x86_64_AES_encrypt_compact,.-_x86_64_AES_encrypt_compact
+___
 # void AES_encrypt (const void *inp,void *out,const AES_KEY *key);
 $code.=<<___;
 .globl  AES_encrypt
@@ -358,31 +596,57 @@ AES_encrypt:
        push    %r14
        push    %r15
-        mov     %rdx,$key
+        # allocate frame "above" key schedule
-        mov     %rdi,$inp
+        mov     %rsp,%r10
-        mov     %rsi,$out
+        lea     -63(%rdx),%rcx  # %rdx is key argument
+        and     \$-64,%rsp
-        .picmeup        $sbox
+        sub     %rsp,%rcx
-        lea     AES_Te-.($sbox),$sbox
+        neg     %rcx
+        and     \$0x3c0,%rcx
-        mov     0($inp),$s0
+        sub     %rcx,%rsp
-        mov     4($inp),$s1
+        sub     \$32,%rsp
-        mov     8($inp),$s2
-        mov     12($inp),$s3
-        call    _x86_64_AES_encrypt
+        mov     %rsi,16(%rsp)   # save out
+        mov     %r10,24(%rsp)   # save real stack pointer
+.Lenc_prologue:
-        mov     $s0,0($out)
+        mov     %rdx,$key
+        mov     240($key),$rnds # load rounds
+        mov     0(%rdi),$s0     # load input vector
+        mov     4(%rdi),$s1
+        mov     8(%rdi),$s2
+        mov     12(%rdi),$s3
+        shl     \$4,$rnds
+        lea     ($key,$rnds),%rbp
+        mov     $key,(%rsp)     # key schedule
+        mov     %rbp,8(%rsp)    # end of key schedule
+        # pick Te4 copy which can't "overlap" with stack frame or key schedule
+        lea     .LAES_Te+2048(%rip),$sbox
+        lea     768(%rsp),%rbp
+        sub     $sbox,%rbp
+        and     \$0x300,%rbp
+        lea     ($sbox,%rbp),$sbox
+        call    _x86_64_AES_encrypt_compact
+        mov     16(%rsp),$out   # restore out
+        mov     24(%rsp),%rsi   # restore saved stack pointer
+        mov     $s0,0($out)     # write output vector
        mov     $s1,4($out)
        mov     $s2,8($out)
        mov     $s3,12($out)
-        pop     %r15
+        mov     (%rsi),%r15
-        pop     %r14
+        mov     8(%rsi),%r14
-        pop     %r13
+        mov     16(%rsi),%r13
-        pop     %r12
+        mov     24(%rsi),%r12
-        pop     %rbp
+        mov     32(%rsi),%rbp
-        pop     %rbx
+        mov     40(%rsi),%rbx
+        lea     48(%rsi),%rsp
+.Lenc_epilogue:
        ret
 .size   AES_encrypt,.-AES_encrypt
 ___
@@ -453,19 +717,20 @@ sub declastvert()
 { my $t3="%r8d";        # zaps $inp!
 $code.=<<___;
+        lea     2048($sbox),$sbox       # size optimization
        movzb   `&lo("$s0")`,$acc0
        movzb   `&lo("$s1")`,$acc1
        movzb   `&lo("$s2")`,$acc2
-        movzb   2048($sbox,$acc0,1),$t0
+        movzb   ($sbox,$acc0,1),$t0
-        movzb   2048($sbox,$acc1,1),$t1
+        movzb   ($sbox,$acc1,1),$t1
-        movzb   2048($sbox,$acc2,1),$t2
+        movzb   ($sbox,$acc2,1),$t2
        movzb   `&lo("$s3")`,$acc0
        movzb   `&hi("$s3")`,$acc1
        movzb   `&hi("$s0")`,$acc2
-        movzb   2048($sbox,$acc0,1),$t3
+        movzb   ($sbox,$acc0,1),$t3
-        movzb   2048($sbox,$acc1,1),$acc1       #$t0
+        movzb   ($sbox,$acc1,1),$acc1   #$t0
-        movzb   2048($sbox,$acc2,1),$acc2       #$t1
+        movzb   ($sbox,$acc2,1),$acc2   #$t1
        shl     \$8,$acc1
        shl     \$8,$acc2
@@ -477,8 +742,8 @@ $code.=<<___;
        movzb   `&hi("$s1")`,$acc0
        movzb   `&hi("$s2")`,$acc1
        shr     \$16,$s0
-        movzb   2048($sbox,$acc0,1),$acc0       #$t2
+        movzb   ($sbox,$acc0,1),$acc0   #$t2
-        movzb   2048($sbox,$acc1,1),$acc1       #$t3
+        movzb   ($sbox,$acc1,1),$acc1   #$t3
        shl     \$8,$acc0
        shl     \$8,$acc1
@@ -490,9 +755,9 @@ $code.=<<___;
        movzb   `&lo("$s2")`,$acc0
        movzb   `&lo("$s3")`,$acc1
        movzb   `&lo("$s0")`,$acc2
-        movzb   2048($sbox,$acc0,1),$acc0       #$t0
+        movzb   ($sbox,$acc0,1),$acc0   #$t0
-        movzb   2048($sbox,$acc1,1),$acc1       #$t1
+        movzb   ($sbox,$acc1,1),$acc1   #$t1
-        movzb   2048($sbox,$acc2,1),$acc2       #$t2
+        movzb   ($sbox,$acc2,1),$acc2   #$t2
        shl     \$16,$acc0
        shl     \$16,$acc1
@@ -505,9 +770,9 @@ $code.=<<___;
        movzb   `&lo("$s1")`,$acc0
        movzb   `&hi("$s1")`,$acc1
        movzb   `&hi("$s2")`,$acc2
-        movzb   2048($sbox,$acc0,1),$acc0       #$t3
+        movzb   ($sbox,$acc0,1),$acc0   #$t3
-        movzb   2048($sbox,$acc1,1),$acc1       #$t0
+        movzb   ($sbox,$acc1,1),$acc1   #$t0
-        movzb   2048($sbox,$acc2,1),$acc2       #$t1
+        movzb   ($sbox,$acc2,1),$acc2   #$t1
        shl     \$16,$acc0
        shl     \$24,$acc1
@@ -520,8 +785,8 @@ $code.=<<___;
        movzb   `&hi("$s3")`,$acc0
        movzb   `&hi("$s0")`,$acc1
        mov     16+12($key),$s3
-        movzb   2048($sbox,$acc0,1),$acc0       #$t2
+        movzb   ($sbox,$acc0,1),$acc0   #$t2
-        movzb   2048($sbox,$acc1,1),$acc1       #$t3
+        movzb   ($sbox,$acc1,1),$acc1   #$t3
        mov     16+0($key),$s0
        shl     \$24,$acc0
@@ -532,6 +797,7 @@ $code.=<<___;
        mov     16+4($key),$s1
        mov     16+8($key),$s2
+        lea     -2048($sbox),$sbox
        xor     $t0,$s0
        xor     $t1,$s1
        xor     $t2,$s2
@@ -659,6 +925,260 @@ $code.=<<___;
 .size   _x86_64_AES_decrypt,.-_x86_64_AES_decrypt
 ___
+sub deccompactvert()
+{ my ($t3,$t4,$t5)=("%r8d","%r9d","%r13d");
+$code.=<<___;
+        movzb   `&lo("$s0")`,$t0
+        movzb   `&lo("$s1")`,$t1
+        movzb   `&lo("$s2")`,$t2
+        movzb   ($sbox,$t0,1),$t0
+        movzb   ($sbox,$t1,1),$t1
+        movzb   ($sbox,$t2,1),$t2
+        movzb   `&lo("$s3")`,$t3
+        movzb   `&hi("$s3")`,$acc0
+        movzb   `&hi("$s0")`,$acc1
+        movzb   ($sbox,$t3,1),$t3
+        movzb   ($sbox,$acc0,1),$t4     #$t0
+        movzb   ($sbox,$acc1,1),$t5     #$t1
+        movzb   `&hi("$s1")`,$acc2
+        movzb   `&hi("$s2")`,$acc0
+        shr     \$16,$s2
+        movzb   ($sbox,$acc2,1),$acc2   #$t2
+        movzb   ($sbox,$acc0,1),$acc0   #$t3
+        shr     \$16,$s3
+        movzb   `&lo("$s2")`,$acc1
+        shl     \$8,$t4
+        shl     \$8,$t5
+        movzb   ($sbox,$acc1,1),$acc1   #$t0
+        xor     $t4,$t0
+        xor     $t5,$t1
+        movzb   `&lo("$s3")`,$t4
+        shr     \$16,$s0
+        shr     \$16,$s1
+        movzb   `&lo("$s0")`,$t5
+        shl     \$8,$acc2
+        shl     \$8,$acc0
+        movzb   ($sbox,$t4,1),$t4       #$t1
+        movzb   ($sbox,$t5,1),$t5       #$t2
+        xor     $acc2,$t2
+        xor     $acc0,$t3
+        movzb   `&lo("$s1")`,$acc2
+        movzb   `&hi("$s1")`,$acc0
+        shl     \$16,$acc1
+        movzb   ($sbox,$acc2,1),$acc2   #$t3
+        movzb   ($sbox,$acc0,1),$acc0   #$t0
+        xor     $acc1,$t0
+        movzb   `&hi("$s2")`,$acc1
+        shl     \$16,$t4
+        shl     \$16,$t5
+        movzb   ($sbox,$acc1,1),$s1     #$t1
+        xor     $t4,$t1
+        xor     $t5,$t2
+        movzb   `&hi("$s3")`,$acc1
+        shr     \$8,$s0
+        shl     \$16,$acc2
+        movzb   ($sbox,$acc1,1),$s2     #$t2
+        movzb   ($sbox,$s0,1),$s3       #$t3
+        xor     $acc2,$t3
+        shl     \$24,$acc0
+        shl     \$24,$s1
+        shl     \$24,$s2
+        xor     $acc0,$t0
+        shl     \$24,$s3
+        xor     $t1,$s1
+        mov     $t0,$s0
+        xor     $t2,$s2
+        xor     $t3,$s3
+___
+}
+# parallelized version! input is pair of 64-bit values: %rax=s1.s0
+# and %rcx=s3.s2, output is four 32-bit values in %eax=s0, %ebx=s1,
+# %ecx=s2 and %edx=s3.
+sub dectransform()
+{ my ($tp10,$tp20,$tp40,$tp80,$acc0)=("%rax","%r8", "%r9", "%r10","%rbx");
+  my ($tp18,$tp28,$tp48,$tp88,$acc8)=("%rcx","%r11","%r12","%r13","%rdx");
+  my $prefetch = shift;
+$code.=<<___;
+        mov     $tp10,$acc0
+        mov     $tp18,$acc8
+        and     $mask80,$acc0
+        and     $mask80,$acc8
+        mov     $acc0,$tp40
+        mov     $acc8,$tp48
+        shr     \$7,$tp40
+        lea     ($tp10,$tp10),$tp20
+        shr     \$7,$tp48
+        lea     ($tp18,$tp18),$tp28
+        sub     $tp40,$acc0
+        sub     $tp48,$acc8
+        and     $maskfe,$tp20
+        and     $maskfe,$tp28
+        and     $mask1b,$acc0
+        and     $mask1b,$acc8
+        xor     $tp20,$acc0
+        xor     $tp28,$acc8
+        mov     $acc0,$tp20
+        mov     $acc8,$tp28
+        and     $mask80,$acc0
+        and     $mask80,$acc8
+        mov     $acc0,$tp80
+        mov     $acc8,$tp88
+        shr     \$7,$tp80
+        lea     ($tp20,$tp20),$tp40
+        shr     \$7,$tp88
+        lea     ($tp28,$tp28),$tp48
+        sub     $tp80,$acc0
+        sub     $tp88,$acc8
+        and     $maskfe,$tp40
+        and     $maskfe,$tp48
+        and     $mask1b,$acc0
+        and     $mask1b,$acc8
+        xor     $tp40,$acc0
+        xor     $tp48,$acc8
+        mov     $acc0,$tp40
+        mov     $acc8,$tp48
+        and     $mask80,$acc0
+        and     $mask80,$acc8
+        mov     $acc0,$tp80
+        mov     $acc8,$tp88
+        shr     \$7,$tp80
+         xor    $tp10,$tp20             # tp2^=tp1
+        shr     \$7,$tp88
+         xor    $tp18,$tp28             # tp2^=tp1
+        sub     $tp80,$acc0
+        sub     $tp88,$acc8
+        lea     ($tp40,$tp40),$tp80
+        lea     ($tp48,$tp48),$tp88
+         xor    $tp10,$tp40             # tp4^=tp1
+         xor    $tp18,$tp48             # tp4^=tp1
+        and     $maskfe,$tp80
+        and     $maskfe,$tp88
+        and     $mask1b,$acc0
+        and     $mask1b,$acc8
+        xor     $acc0,$tp80
+        xor     $acc8,$tp88
+        xor     $tp80,$tp10             # tp1^=tp8
+        xor     $tp88,$tp18             # tp1^=tp8
+        xor     $tp80,$tp20             # tp2^tp1^=tp8
+        xor     $tp88,$tp28             # tp2^tp1^=tp8
+        mov     $tp10,$acc0
+        mov     $tp18,$acc8
+        xor     $tp80,$tp40             # tp4^tp1^=tp8
+        xor     $tp88,$tp48             # tp4^tp1^=tp8
+        shr     \$32,$acc0
+        shr     \$32,$acc8
+        xor     $tp20,$tp80             # tp8^=tp8^tp2^tp1=tp2^tp1
+        xor     $tp28,$tp88             # tp8^=tp8^tp2^tp1=tp2^tp1
+        rol     \$8,`&LO("$tp10")`      # ROTATE(tp1^tp8,8)
+        rol     \$8,`&LO("$tp18")`      # ROTATE(tp1^tp8,8)
+        xor     $tp40,$tp80             # tp2^tp1^=tp8^tp4^tp1=tp8^tp4^tp2
+        xor     $tp48,$tp88             # tp2^tp1^=tp8^tp4^tp1=tp8^tp4^tp2
+        rol     \$8,`&LO("$acc0")`      # ROTATE(tp1^tp8,8)
+        rol     \$8,`&LO("$acc8")`      # ROTATE(tp1^tp8,8)
+        xor     `&LO("$tp80")`,`&LO("$tp10")`
+        xor     `&LO("$tp88")`,`&LO("$tp18")`
+        shr     \$32,$tp80
+        shr     \$32,$tp88
+        xor     `&LO("$tp80")`,`&LO("$acc0")`
+        xor     `&LO("$tp88")`,`&LO("$acc8")`
+        mov     $tp20,$tp80
+        mov     $tp28,$tp88
+        shr     \$32,$tp80
+        shr     \$32,$tp88
+        rol     \$24,`&LO("$tp20")`     # ROTATE(tp2^tp1^tp8,24)
+        rol     \$24,`&LO("$tp28")`     # ROTATE(tp2^tp1^tp8,24)
+        rol     \$24,`&LO("$tp80")`     # ROTATE(tp2^tp1^tp8,24)
+        rol     \$24,`&LO("$tp88")`     # ROTATE(tp2^tp1^tp8,24)
+        xor     `&LO("$tp20")`,`&LO("$tp10")`
+        xor     `&LO("$tp28")`,`&LO("$tp18")`
+        mov     $tp40,$tp20
+        mov     $tp48,$tp28
+        xor     `&LO("$tp80")`,`&LO("$acc0")`
+        xor     `&LO("$tp88")`,`&LO("$acc8")`
+        `"mov   0($sbox),$mask80"       if ($prefetch)`
+        shr     \$32,$tp20
+        shr     \$32,$tp28
+        `"mov   64($sbox),$maskfe"      if ($prefetch)`
+        rol     \$16,`&LO("$tp40")`     # ROTATE(tp4^tp1^tp8,16)
+        rol     \$16,`&LO("$tp48")`     # ROTATE(tp4^tp1^tp8,16)
+        `"mov   128($sbox),$mask1b"     if ($prefetch)`
+        rol     \$16,`&LO("$tp20")`     # ROTATE(tp4^tp1^tp8,16)
+        rol     \$16,`&LO("$tp28")`     # ROTATE(tp4^tp1^tp8,16)
+        `"mov   192($sbox),$tp80"       if ($prefetch)`
+        xor     `&LO("$tp40")`,`&LO("$tp10")`
+        xor     `&LO("$tp48")`,`&LO("$tp18")`
+        `"mov   256($sbox),$tp88"       if ($prefetch)`
+        xor     `&LO("$tp20")`,`&LO("$acc0")`
+        xor     `&LO("$tp28")`,`&LO("$acc8")`
+___
+}
+$code.=<<___;
+.type   _x86_64_AES_decrypt_compact,\@abi-omnipotent
+.align  16
+_x86_64_AES_decrypt_compact:
+        lea     128($sbox),$inp                 # size optimization
+        mov     0-128($inp),$acc1               # prefetch Td4
+        mov     32-128($inp),$acc2
+        mov     64-128($inp),$t0
+        mov     96-128($inp),$t1
+        mov     128-128($inp),$acc1
+        mov     160-128($inp),$acc2
+        mov     192-128($inp),$t0
+        mov     224-128($inp),$t1
+        jmp     .Ldec_loop_compact
+.align  16
+.Ldec_loop_compact:
+                xor     0($key),$s0             # xor with key
+                xor     4($key),$s1
+                xor     8($key),$s2
+                xor     12($key),$s3
+                lea     16($key),$key
+___
+                &deccompactvert();
+$code.=<<___;
+                cmp     16(%rsp),$key
+                je      .Ldec_compact_done
+                mov     256+0($sbox),$mask80
+                shl     \$32,%rbx
+                shl     \$32,%rdx
+                mov     256+8($sbox),$maskfe
+                or      %rbx,%rax
+                or      %rdx,%rcx
+                mov     256+16($sbox),$mask1b
+___
+                &dectransform(1);
+$code.=<<___;
+        jmp     .Ldec_loop_compact
+.align  16
+.Ldec_compact_done:
+        xor     0($key),$s0
+        xor     4($key),$s1
+        xor     8($key),$s2
+        xor     12($key),$s3
+        .byte   0xf3,0xc3                       # rep ret
+.size   _x86_64_AES_decrypt_compact,.-_x86_64_AES_decrypt_compact
+___
 # void AES_decrypt (const void *inp,void *out,const AES_KEY *key);
 $code.=<<___;
 .globl  AES_decrypt
@@ -672,43 +1192,59 @@ AES_decrypt:
        push    %r14
        push    %r15
-        mov     %rdx,$key
+        # allocate frame "above" key schedule
-        mov     %rdi,$inp
+        mov     %rsp,%r10
-        mov     %rsi,$out
+        lea     -63(%rdx),%rcx  # %rdx is key argument
+        and     \$-64,%rsp
+        sub     %rsp,%rcx
+        neg     %rcx
+        and     \$0x3c0,%rcx
+        sub     %rcx,%rsp
+        sub     \$32,%rsp
+        mov     %rsi,16(%rsp)   # save out
+        mov     %r10,24(%rsp)   # save real stack pointer
+.Ldec_prologue:
-        .picmeup        $sbox
+        mov     %rdx,$key
-        lea     AES_Td-.($sbox),$sbox
+        mov     240($key),$rnds # load rounds
-        # prefetch Td4
+        mov     0(%rdi),$s0     # load input vector
-        lea     2048+128($sbox),$sbox;
+        mov     4(%rdi),$s1
-        mov     0-128($sbox),$s0
+        mov     8(%rdi),$s2
-        mov     32-128($sbox),$s1
+        mov     12(%rdi),$s3
-        mov     64-128($sbox),$s2
-        mov     96-128($sbox),$s3
+        shl     \$4,$rnds
-        mov     128-128($sbox),$s0
+        lea     ($key,$rnds),%rbp
-        mov     160-128($sbox),$s1
+        mov     $key,(%rsp)     # key schedule
-        mov     192-128($sbox),$s2
+        mov     %rbp,8(%rsp)    # end of key schedule
-        mov     224-128($sbox),$s3
-        lea     -2048-128($sbox),$sbox;
+        # pick Td4 copy which can't "overlap" with stack frame or key schedule
+        lea     .LAES_Td+2048(%rip),$sbox
-        mov     0($inp),$s0
+        lea     768(%rsp),%rbp
-        mov     4($inp),$s1
+        sub     $sbox,%rbp
-        mov     8($inp),$s2
+        and     \$0x300,%rbp
-        mov     12($inp),$s3
+        lea     ($sbox,%rbp),$sbox
+        shr     \$3,%rbp        # recall "magic" constants!
-        call    _x86_64_AES_decrypt
+        add     %rbp,$sbox
-        mov     $s0,0($out)
+        call    _x86_64_AES_decrypt_compact
+        mov     16(%rsp),$out   # restore out
+        mov     24(%rsp),%rsi   # restore saved stack pointer
+        mov     $s0,0($out)     # write output vector
        mov     $s1,4($out)
        mov     $s2,8($out)
        mov     $s3,12($out)
-        pop     %r15
+        mov     (%rsi),%r15
-        pop     %r14
+        mov     8(%rsi),%r14
-        pop     %r13
+        mov     16(%rsi),%r13
-        pop     %r12
+        mov     24(%rsi),%r12
-        pop     %rbp
+        mov     32(%rsi),%rbp
-        pop     %rbx
+        mov     40(%rsi),%rbx
+        lea     48(%rsi),%rsp
+.Ldec_epilogue:
        ret
 .size   AES_decrypt,.-AES_decrypt
 ___
@@ -718,27 +1254,26 @@ sub enckey()
 {
 $code.=<<___;
        movz    %dl,%esi                # rk[i]>>0
-        mov     2(%rbp,%rsi,8),%ebx
+        movzb   -128(%rbp,%rsi),%ebx
        movz    %dh,%esi                # rk[i]>>8
-        and     \$0xFF000000,%ebx
+        shl     \$24,%ebx
        xor     %ebx,%eax
-        mov     2(%rbp,%rsi,8),%ebx
+        movzb   -128(%rbp,%rsi),%ebx
        shr     \$16,%edx
-        and     \$0x000000FF,%ebx
        movz    %dl,%esi                # rk[i]>>16
        xor     %ebx,%eax
-        mov     0(%rbp,%rsi,8),%ebx
+        movzb   -128(%rbp,%rsi),%ebx
        movz    %dh,%esi                # rk[i]>>24
-        and     \$0x0000FF00,%ebx
+        shl     \$8,%ebx
        xor     %ebx,%eax
-        mov     0(%rbp,%rsi,8),%ebx
+        movzb   -128(%rbp,%rsi),%ebx
-        and     \$0x00FF0000,%ebx
+        shl     \$16,%ebx
        xor     %ebx,%eax
-        xor     2048(%rbp,%rcx,4),%eax          # rcon
+        xor     1024-128(%rbp,%rcx,4),%eax              # rcon
 ___
 }
@@ -751,7 +1286,29 @@ $code.=<<___;
 AES_set_encrypt_key:
        push    %rbx
        push    %rbp
+        push    %r12                    # redundant, but allows to share 
+        push    %r13                    # exception handler...
+        push    %r14
+        push    %r15
+        sub     \$8,%rsp
+.Lenc_key_prologue:
+        call    _x86_64_AES_set_encrypt_key
+        mov     8(%rsp),%r15
+        mov     16(%rsp),%r14
+        mov     24(%rsp),%r13
+        mov     32(%rsp),%r12
+        mov     40(%rsp),%rbp
+        mov     48(%rsp),%rbx
+        add     \$56,%rsp
+.Lenc_key_epilogue:
+        ret
+.size   AES_set_encrypt_key,.-AES_set_encrypt_key
+.type   _x86_64_AES_set_encrypt_key,\@abi-omnipotent
+.align  16
+_x86_64_AES_set_encrypt_key:
        mov     %esi,%ecx                       # %ecx=bits
        mov     %rdi,%rsi                       # %rsi=userKey
        mov     %rdx,%rdi                       # %rdi=key
@@ -761,8 +1318,18 @@ AES_set_encrypt_key:
        test    \$-1,%rdi
        jz      .Lbadpointer
-        .picmeup %rbp
+        lea     .LAES_Te(%rip),%rbp
-        lea     AES_Te-.(%rbp),%rbp
+        lea     2048+128(%rbp),%rbp
+        # prefetch Te4
+        mov     0-128(%rbp),%eax
+        mov     32-128(%rbp),%ebx
+        mov     64-128(%rbp),%r8d
+        mov     96-128(%rbp),%edx
+        mov     128-128(%rbp),%eax
+        mov     160-128(%rbp),%ebx
+        mov     192-128(%rbp),%r8d
+        mov     224-128(%rbp),%edx
        cmp     \$128,%ecx
        je      .L10rounds
@@ -774,15 +1341,12 @@ AES_set_encrypt_key:
        jmp     .Lexit
 .L10rounds:
-        mov     0(%rsi),%eax                    # copy first 4 dwords
+        mov     0(%rsi),%rax                    # copy first 4 dwords
-        mov     4(%rsi),%ebx
+        mov     8(%rsi),%rdx
-        mov     8(%rsi),%ecx
+        mov     %rax,0(%rdi)
-        mov     12(%rsi),%edx
+        mov     %rdx,8(%rdi)
-        mov     %eax,0(%rdi)
-        mov     %ebx,4(%rdi)
-        mov     %ecx,8(%rdi)
-        mov     %edx,12(%rdi)
+        shr     \$32,%rdx
        xor     %ecx,%ecx
        jmp     .L10shortcut
 .align  4
@@ -810,19 +1374,14 @@ $code.=<<___;
        jmp     .Lexit
 .L12rounds:
-        mov     0(%rsi),%eax                    # copy first 6 dwords
+        mov     0(%rsi),%rax                    # copy first 6 dwords
-        mov     4(%rsi),%ebx
+        mov     8(%rsi),%rbx
-        mov     8(%rsi),%ecx
+        mov     16(%rsi),%rdx
-        mov     12(%rsi),%edx
+        mov     %rax,0(%rdi)
-        mov     %eax,0(%rdi)
+        mov     %rbx,8(%rdi)
-        mov     %ebx,4(%rdi)
+        mov     %rdx,16(%rdi)
-        mov     %ecx,8(%rdi)
-        mov     %edx,12(%rdi)
+        shr     \$32,%rdx
-        mov     16(%rsi),%ecx
-        mov     20(%rsi),%edx
-        mov     %ecx,16(%rdi)
-        mov     %edx,20(%rdi)
        xor     %ecx,%ecx
        jmp     .L12shortcut
 .align  4
@@ -858,30 +1417,23 @@ $code.=<<___;
        jmp     .Lexit
 .L14rounds:             
-        mov     0(%rsi),%eax                    # copy first 8 dwords
+        mov     0(%rsi),%rax                    # copy first 8 dwords
-        mov     4(%rsi),%ebx
+        mov     8(%rsi),%rbx
-        mov     8(%rsi),%ecx
+        mov     16(%rsi),%rcx
-        mov     12(%rsi),%edx
+        mov     24(%rsi),%rdx
-        mov     %eax,0(%rdi)
+        mov     %rax,0(%rdi)
-        mov     %ebx,4(%rdi)
+        mov     %rbx,8(%rdi)
-        mov     %ecx,8(%rdi)
+        mov     %rcx,16(%rdi)
-        mov     %edx,12(%rdi)
+        mov     %rdx,24(%rdi)
-        mov     16(%rsi),%eax
-        mov     20(%rsi),%ebx
+        shr     \$32,%rdx
-        mov     24(%rsi),%ecx
-        mov     28(%rsi),%edx
-        mov     %eax,16(%rdi)
-        mov     %ebx,20(%rdi)
-        mov     %ecx,24(%rdi)
-        mov     %edx,28(%rdi)
        xor     %ecx,%ecx
        jmp     .L14shortcut
 .align  4
 .L14loop:
+                mov     0(%rdi),%eax                    # rk[0]
                mov     28(%rdi),%edx                   # rk[4]
 .L14shortcut:
-                mov     0(%rdi),%eax                    # rk[0]
 ___
                &enckey ();
 $code.=<<___;
@@ -900,24 +1452,23 @@ $code.=<<___;
                mov     %eax,%edx
                mov     16(%rdi),%eax                   # rk[4]
                movz    %dl,%esi                        # rk[11]>>0
-                mov     2(%rbp,%rsi,8),%ebx
+                movzb   -128(%rbp,%rsi),%ebx
                movz    %dh,%esi                        # rk[11]>>8
-                and     \$0x000000FF,%ebx
                xor     %ebx,%eax
-                mov     0(%rbp,%rsi,8),%ebx
+                movzb   -128(%rbp,%rsi),%ebx
                shr     \$16,%edx
-                and     \$0x0000FF00,%ebx
+                shl     \$8,%ebx
                movz    %dl,%esi                        # rk[11]>>16
                xor     %ebx,%eax
-                mov     0(%rbp,%rsi,8),%ebx
+                movzb   -128(%rbp,%rsi),%ebx
                movz    %dh,%esi                        # rk[11]>>24
-                and     \$0x00FF0000,%ebx
+                shl     \$16,%ebx
                xor     %ebx,%eax
-                mov     2(%rbp,%rsi,8),%ebx
+                movzb   -128(%rbp,%rsi),%ebx
-                and     \$0xFF000000,%ebx
+                shl     \$24,%ebx
                xor     %ebx,%eax
                mov     %eax,48(%rdi)                   # rk[12]
@@ -938,31 +1489,61 @@ $code.=<<___;
 .Lbadpointer:
        mov     \$-1,%rax
 .Lexit:
-        pop     %rbp
+        .byte   0xf3,0xc3                       # rep ret
-        pop     %rbx
+.size   _x86_64_AES_set_encrypt_key,.-_x86_64_AES_set_encrypt_key
-        ret
-.size   AES_set_encrypt_key,.-AES_set_encrypt_key
 ___
-sub deckey()
+sub deckey_ref()
 { my ($i,$ptr,$te,$td) = @_;
+  my ($tp1,$tp2,$tp4,$tp8,$acc)=("%eax","%ebx","%edi","%edx","%r8d");
 $code.=<<___;
-        mov     $i($ptr),%eax
+        mov     $i($ptr),$tp1
-        mov     %eax,%edx
+        mov     $tp1,$acc
-        movz    %ah,%ebx
+        and     \$0x80808080,$acc
-        shr     \$16,%edx
+        mov     $acc,$tp4
-        and     \$0xFF,%eax
+        shr     \$7,$tp4
-        movzb   2($te,%rax,8),%rax
+        lea     0($tp1,$tp1),$tp2
-        movzb   2($te,%rbx,8),%rbx
+        sub     $tp4,$acc
-        mov     0($td,%rax,8),%eax
+        and     \$0xfefefefe,$tp2
-        xor     3($td,%rbx,8),%eax
+        and     \$0x1b1b1b1b,$acc
-        movzb   %dh,%ebx
+        xor     $tp2,$acc
-        and     \$0xFF,%edx
+        mov     $acc,$tp2
-        movzb   2($te,%rdx,8),%rdx
-        movzb   2($te,%rbx,8),%rbx
+        and     \$0x80808080,$acc
-        xor     2($td,%rdx,8),%eax
+        mov     $acc,$tp8
-        xor     1($td,%rbx,8),%eax
+        shr     \$7,$tp8
-        mov     %eax,$i($ptr)
+        lea     0($tp2,$tp2),$tp4
+        sub     $tp8,$acc
+        and     \$0xfefefefe,$tp4
+        and     \$0x1b1b1b1b,$acc
+         xor    $tp1,$tp2               # tp2^tp1
+        xor     $tp4,$acc
+        mov     $acc,$tp4
+        and     \$0x80808080,$acc
+        mov     $acc,$tp8
+        shr     \$7,$tp8
+        sub     $tp8,$acc
+        lea     0($tp4,$tp4),$tp8
+         xor    $tp1,$tp4               # tp4^tp1
+        and     \$0xfefefefe,$tp8
+        and     \$0x1b1b1b1b,$acc
+        xor     $acc,$tp8
+        xor     $tp8,$tp1               # tp1^tp8
+        rol     \$8,$tp1                # ROTATE(tp1^tp8,8)
+        xor     $tp8,$tp2               # tp2^tp1^tp8
+        xor     $tp8,$tp4               # tp4^tp1^tp8
+        xor     $tp2,$tp8
+        xor     $tp4,$tp8               # tp8^(tp8^tp4^tp1)^(tp8^tp2^tp1)=tp8^tp4^tp2
+        xor     $tp8,$tp1
+        rol     \$24,$tp2               # ROTATE(tp2^tp1^tp8,24)
+        xor     $tp2,$tp1
+        rol     \$16,$tp4               # ROTATE(tp4^tp1^tp8,16)
+        xor     $tp4,$tp1
+        mov     $tp1,$i($ptr)
 ___
 }
@@ -973,19 +1554,23 @@ $code.=<<___;
 .type   AES_set_decrypt_key,\@function,3
 .align  16
 AES_set_decrypt_key:
-        push    %rdx
+        push    %rbx
-        call    AES_set_encrypt_key
+        push    %rbp
-        cmp     \$0,%eax
+        push    %r12
-        je      .Lproceed
+        push    %r13
-        lea     24(%rsp),%rsp
+        push    %r14
-        ret
+        push    %r15
-.Lproceed:
+        push    %rdx                    # save key schedule
+.Ldec_key_prologue:
+        call    _x86_64_AES_set_encrypt_key
        mov     (%rsp),%r8              # restore key schedule
-        mov     %rbx,(%rsp)
+        cmp     \$0,%eax
+        jne     .Labort
-        mov     240(%r8),%ecx           # pull number of rounds
+        mov     240(%r8),%r14d          # pull number of rounds
        xor     %rdi,%rdi
-        lea     (%rdi,%rcx,4),%rcx
+        lea     (%rdi,%r14d,4),%rcx
        mov     %r8,%rsi
        lea     (%r8,%rcx,4),%rdi       # pointer to last chunk
 .align  4
@@ -1003,27 +1588,39 @@ AES_set_decrypt_key:
                cmp     %rsi,%rdi
        jne     .Linvert
-        .picmeup %r9
+        lea     .LAES_Te+2048+1024(%rip),%rax   # rcon
-        lea     AES_Td-.(%r9),%rdi
-        lea     AES_Te-AES_Td(%rdi),%r9
-        mov     %r8,%rsi
+        mov     40(%rax),$mask80
-        mov     240(%r8),%ecx           # pull number of rounds
+        mov     48(%rax),$maskfe
-        sub     \$1,%ecx
+        mov     56(%rax),$mask1b
+        mov     %r8,$key
+        sub     \$1,%r14d
 .align  4
 .Lpermute:
-                lea     16(%rsi),%rsi
+                lea     16($key),$key
+                mov     0($key),%rax
+                mov     8($key),%rcx
 ___
-                &deckey (0,"%rsi","%r9","%rdi");
+                &dectransform ();
-                &deckey (4,"%rsi","%r9","%rdi");
-                &deckey (8,"%rsi","%r9","%rdi");
-                &deckey (12,"%rsi","%r9","%rdi");
 $code.=<<___;
-                sub     \$1,%ecx
+                mov     %eax,0($key)
+                mov     %ebx,4($key)
+                mov     %ecx,8($key)
+                mov     %edx,12($key)
+                sub     \$1,%r14d
        jnz     .Lpermute
        xor     %rax,%rax
-        pop     %rbx
+.Labort:
+        mov     8(%rsp),%r15
+        mov     16(%rsp),%r14
+        mov     24(%rsp),%r13
+        mov     32(%rsp),%r12
+        mov     40(%rsp),%rbp
+        mov     48(%rsp),%rbx
+        add     \$56,%rsp
+.Ldec_key_epilogue:
        ret
 .size   AES_set_decrypt_key,.-AES_set_decrypt_key
 ___
@@ -1034,47 +1631,59 @@ ___
 {
 # stack frame layout
 # -8(%rsp)              return address
-my $_rsp="0(%rsp)";             # saved %rsp
+my $keyp="0(%rsp)";             # one to pass as $key
-my $_len="8(%rsp)";             # copy of 3rd parameter, length
+my $keyend="8(%rsp)";           # &(keyp->rd_key[4*keyp->rounds])
-my $_key="16(%rsp)";            # copy of 4th parameter, key
+my $_rsp="16(%rsp)";            # saved %rsp
-my $_ivp="24(%rsp)";            # copy of 5th parameter, ivp
+my $_inp="24(%rsp)";            # copy of 1st parameter, inp
-my $keyp="32(%rsp)";            # one to pass as $key
+my $_out="32(%rsp)";            # copy of 2nd parameter, out
-my $ivec="40(%rsp)";            # ivec[16]
+my $_len="40(%rsp)";            # copy of 3rd parameter, length
-my $aes_key="56(%rsp)";         # copy of aes_key
+my $_key="48(%rsp)";            # copy of 4th parameter, key
-my $mark="56+240(%rsp)";        # copy of aes_key->rounds
+my $_ivp="56(%rsp)";            # copy of 5th parameter, ivp
+my $ivec="64(%rsp)";            # ivec[16]
+my $aes_key="80(%rsp)";         # copy of aes_key
+my $mark="80+240(%rsp)";        # copy of aes_key->rounds
 $code.=<<___;
 .globl  AES_cbc_encrypt
 .type   AES_cbc_encrypt,\@function,6
 .align  16
+.extern OPENSSL_ia32cap_P
 AES_cbc_encrypt:
        cmp     \$0,%rdx        # check length
-        je      .Lcbc_just_ret
+        je      .Lcbc_epilogue
+        pushfq
        push    %rbx
        push    %rbp
        push    %r12
        push    %r13
        push    %r14
        push    %r15
-        pushfq
+.Lcbc_prologue:
        cld
        mov     %r9d,%r9d       # clear upper half of enc
-        .picmeup $sbox
+        lea     .LAES_Te(%rip),$sbox
-.Lcbc_pic_point:
        cmp     \$0,%r9
-        je      .LDECRYPT
+        jne     .Lcbc_picked_te
+        lea     .LAES_Td(%rip),$sbox
-        lea     AES_Te-.Lcbc_pic_point($sbox),$sbox
+.Lcbc_picked_te:
+        mov     OPENSSL_ia32cap_P(%rip),%r10d
+        cmp     \$$speed_limit,%rdx
+        jb      .Lcbc_slow_prologue
+        test    \$15,%rdx
+        jnz     .Lcbc_slow_prologue
+        bt      \$28,%r10d
+        jc      .Lcbc_slow_prologue
        # allocate aligned stack frame...
-        lea     -64-248(%rsp),$key
+        lea     -88-248(%rsp),$key
        and     \$-64,$key
-        # ... and make it doesn't alias with AES_Te modulo 4096
+        # ... and make sure it doesn't alias with AES_T[ed] modulo 4096
        mov     $sbox,%r10
-        lea     2048($sbox),%r11
+        lea     2304($sbox),%r11
        mov     $key,%r12
        and     \$0xFFF,%r10    # s = $sbox&0xfff
        and     \$0xFFF,%r11    # e = ($sbox+2048)&0xfff
@@ -1094,22 +1703,27 @@ AES_cbc_encrypt:
 .Lcbc_te_ok:
        xchg    %rsp,$key
-        add     \$8,%rsp        # reserve for return address!
+        #add    \$8,%rsp        # reserve for return address!
        mov     $key,$_rsp      # save %rsp
+.Lcbc_fast_body:
+        mov     %rdi,$_inp      # save copy of inp
+        mov     %rsi,$_out      # save copy of out
        mov     %rdx,$_len      # save copy of len
        mov     %rcx,$_key      # save copy of key
        mov     %r8,$_ivp       # save copy of ivp
        movl    \$0,$mark       # copy of aes_key->rounds = 0;
        mov     %r8,%rbp        # rearrange input arguments
+        mov     %r9,%rbx
        mov     %rsi,$out
        mov     %rdi,$inp
        mov     %rcx,$key
+        mov     240($key),%eax          # key->rounds
        # do we copy key schedule to stack?
        mov     $key,%r10
        sub     $sbox,%r10
        and     \$0xfff,%r10
-        cmp     \$2048,%r10
+        cmp     \$2304,%r10
        jb      .Lcbc_do_ecopy
        cmp     \$4096-248,%r10
        jb      .Lcbc_skip_ecopy
@@ -1120,12 +1734,11 @@ AES_cbc_encrypt:
                lea     $aes_key,$key
                mov     \$240/8,%ecx
                .long   0x90A548F3      # rep movsq
-                mov     (%rsi),%eax     # copy aes_key->rounds
+                mov     %eax,(%rdi)     # copy aes_key->rounds
-                mov     %eax,(%rdi)
 .Lcbc_skip_ecopy:
        mov     $key,$keyp      # save key pointer
-        mov     \$16,%ecx
+        mov     \$18,%ecx
 .align  4
 .Lcbc_prefetch_te:
                mov     0($sbox),%r10
@@ -1135,184 +1748,77 @@ AES_cbc_encrypt:
                lea     128($sbox),$sbox
                sub     \$1,%ecx
        jnz     .Lcbc_prefetch_te
-        sub     \$2048,$sbox
+        lea     -2304($sbox),$sbox
-        test    \$-16,%rdx              # check upon length
+        cmp     \$0,%rbx
-        mov     %rdx,%r10
+        je      .LFAST_DECRYPT
+#----------------------------- ENCRYPT -----------------------------#
        mov     0(%rbp),$s0             # load iv
        mov     4(%rbp),$s1
        mov     8(%rbp),$s2
        mov     12(%rbp),$s3
-        jz      .Lcbc_enc_tail          # short input...
 .align  4
-.Lcbc_enc_loop:
+.Lcbc_fast_enc_loop:
                xor     0($inp),$s0
                xor     4($inp),$s1
                xor     8($inp),$s2
                xor     12($inp),$s3
-                mov     $inp,$ivec      # if ($verticalspin) save inp
                mov     $keyp,$key      # restore key
+                mov     $inp,$_inp      # if ($verticalspin) save inp
                call    _x86_64_AES_encrypt
-                mov     $ivec,$inp      # if ($verticalspin) restore inp
+                mov     $_inp,$inp      # if ($verticalspin) restore inp
+                mov     $_len,%r10
                mov     $s0,0($out)
                mov     $s1,4($out)
                mov     $s2,8($out)
                mov     $s3,12($out)
-                mov     $_len,%r10
                lea     16($inp),$inp
                lea     16($out),$out
                sub     \$16,%r10
                test    \$-16,%r10
                mov     %r10,$_len
-        jnz     .Lcbc_enc_loop
+        jnz     .Lcbc_fast_enc_loop
-        test    \$15,%r10
-        jnz     .Lcbc_enc_tail
        mov     $_ivp,%rbp      # restore ivp
        mov     $s0,0(%rbp)     # save ivec
        mov     $s1,4(%rbp)
        mov     $s2,8(%rbp)
        mov     $s3,12(%rbp)
-.align  4
+        jmp     .Lcbc_fast_cleanup
-.Lcbc_cleanup:
-        cmpl    \$0,$mark       # was the key schedule copied?
-        lea     $aes_key,%rdi
-        mov     $_rsp,%rsp
-        je      .Lcbc_exit
-                mov     \$240/8,%ecx
-                xor     %rax,%rax
-                .long   0x90AB48F3      # rep stosq
-.Lcbc_exit:
-        popfq
-        pop     %r15
-        pop     %r14
-        pop     %r13
-        pop     %r12
-        pop     %rbp
-        pop     %rbx
-.Lcbc_just_ret:
-        ret
-.align  4
-.Lcbc_enc_tail:
-        mov     %rax,%r11
-        mov     %rcx,%r12
-        mov     %r10,%rcx
-        mov     $inp,%rsi
-        mov     $out,%rdi
-        .long   0xF689A4F3              # rep movsb
-        mov     \$16,%rcx               # zero tail
-        sub     %r10,%rcx
-        xor     %rax,%rax
-        .long   0xF689AAF3              # rep stosb
-        mov     $out,$inp               # this is not a mistake!
-        movq    \$16,$_len              # len=16
-        mov     %r11,%rax
-        mov     %r12,%rcx
-        jmp     .Lcbc_enc_loop          # one more spin...
 #----------------------------- DECRYPT -----------------------------#
 .align  16
-.LDECRYPT:
+.LFAST_DECRYPT:
-        lea     AES_Td-.Lcbc_pic_point($sbox),$sbox
-        # allocate aligned stack frame...
-        lea     -64-248(%rsp),$key
-        and     \$-64,$key
-        # ... and make it doesn't alias with AES_Td modulo 4096
-        mov     $sbox,%r10
-        lea     2304($sbox),%r11
-        mov     $key,%r12
-        and     \$0xFFF,%r10    # s = $sbox&0xfff
-        and     \$0xFFF,%r11    # e = ($sbox+2048+256)&0xfff
-        and     \$0xFFF,%r12    # p = %rsp&0xfff
-        cmp     %r11,%r12       # if (p=>e) %rsp =- (p-e);
-        jb      .Lcbc_td_break_out
-        sub     %r11,%r12
-        sub     %r12,$key
-        jmp     .Lcbc_td_ok
-.Lcbc_td_break_out:             # else %rsp -= (p-s)&0xfff + framesz
-        sub     %r10,%r12
-        and     \$0xFFF,%r12
-        add     \$320,%r12
-        sub     %r12,$key
-.align  4
-.Lcbc_td_ok:
-        xchg    %rsp,$key
-        add     \$8,%rsp        # reserve for return address!
-        mov     $key,$_rsp      # save %rsp
-        mov     %rdx,$_len      # save copy of len
-        mov     %rcx,$_key      # save copy of key
-        mov     %r8,$_ivp       # save copy of ivp
-        movl    \$0,$mark       # copy of aes_key->rounds = 0;
-        mov     %r8,%rbp        # rearrange input arguments
-        mov     %rsi,$out
-        mov     %rdi,$inp
-        mov     %rcx,$key
-        # do we copy key schedule to stack?
-        mov     $key,%r10
-        sub     $sbox,%r10
-        and     \$0xfff,%r10
-        cmp     \$2304,%r10
-        jb      .Lcbc_do_dcopy
-        cmp     \$4096-248,%r10
-        jb      .Lcbc_skip_dcopy
-.align  4
-.Lcbc_do_dcopy:
-                mov     $key,%rsi
-                lea     $aes_key,%rdi
-                lea     $aes_key,$key
-                mov     \$240/8,%ecx
-                .long   0x90A548F3      # rep movsq
-                mov     (%rsi),%eax     # copy aes_key->rounds
-                mov     %eax,(%rdi)
-.Lcbc_skip_dcopy:
-        mov     $key,$keyp      # save key pointer
-        mov     \$18,%ecx
-.align  4
-.Lcbc_prefetch_td:
-                mov     0($sbox),%r10
-                mov     32($sbox),%r11
-                mov     64($sbox),%r12
-                mov     96($sbox),%r13
-                lea     128($sbox),$sbox
-                sub     \$1,%ecx
-        jnz     .Lcbc_prefetch_td
-        sub     \$2304,$sbox
        cmp     $inp,$out
-        je      .Lcbc_dec_in_place
+        je      .Lcbc_fast_dec_in_place
        mov     %rbp,$ivec
 .align  4
-.Lcbc_dec_loop:
+.Lcbc_fast_dec_loop:
-                mov     0($inp),$s0             # read input
+                mov     0($inp),$s0     # read input
                mov     4($inp),$s1
                mov     8($inp),$s2
                mov     12($inp),$s3
-                mov     $inp,8+$ivec    # if ($verticalspin) save inp
                mov     $keyp,$key      # restore key
+                mov     $inp,$_inp      # if ($verticalspin) save inp
                call    _x86_64_AES_decrypt
                mov     $ivec,%rbp      # load ivp
-                mov     8+$ivec,$inp    # if ($verticalspin) restore inp
+                mov     $_inp,$inp      # if ($verticalspin) restore inp
+                mov     $_len,%r10      # load len
                xor     0(%rbp),$s0     # xor iv
                xor     4(%rbp),$s1
                xor     8(%rbp),$s2
                xor     12(%rbp),$s3
                mov     $inp,%rbp       # current input, next iv
-                mov     $_len,%r10      # load len
                sub     \$16,%r10
-                jc      .Lcbc_dec_partial
                mov     %r10,$_len      # update len
                mov     %rbp,$ivec      # update ivp
@@ -1323,81 +1829,281 @@ AES_cbc_encrypt:
                lea     16($inp),$inp
                lea     16($out),$out
-        jnz     .Lcbc_dec_loop
+        jnz     .Lcbc_fast_dec_loop
-.Lcbc_dec_end:
        mov     $_ivp,%r12              # load user ivp
        mov     0(%rbp),%r10            # load iv
        mov     8(%rbp),%r11
        mov     %r10,0(%r12)            # copy back to user
        mov     %r11,8(%r12)
-        jmp     .Lcbc_cleanup
+        jmp     .Lcbc_fast_cleanup
-.align  4
-.Lcbc_dec_partial:
-        mov     $s0,0+$ivec             # dump output to stack
-        mov     $s1,4+$ivec
-        mov     $s2,8+$ivec
-        mov     $s3,12+$ivec
-        mov     $out,%rdi
-        lea     $ivec,%rsi
-        mov     \$16,%rcx
-        add     %r10,%rcx               # number of bytes to copy
-        .long   0xF689A4F3              # rep movsb
-        jmp     .Lcbc_dec_end
 .align  16
-.Lcbc_dec_in_place:
+.Lcbc_fast_dec_in_place:
+        mov     0(%rbp),%r10            # copy iv to stack
+        mov     8(%rbp),%r11
+        mov     %r10,0+$ivec
+        mov     %r11,8+$ivec
+.align  4
+.Lcbc_fast_dec_in_place_loop:
                mov     0($inp),$s0     # load input
                mov     4($inp),$s1
                mov     8($inp),$s2
                mov     12($inp),$s3
+                mov     $keyp,$key      # restore key
+                mov     $inp,$_inp      # if ($verticalspin) save inp
-                mov     $inp,$ivec      # if ($verticalspin) save inp
-                mov     $keyp,$key
                call    _x86_64_AES_decrypt
-                mov     $ivec,$inp      # if ($verticalspin) restore inp
+                mov     $_inp,$inp      # if ($verticalspin) restore inp
-                mov     $_ivp,%rbp
+                mov     $_len,%r10
-                xor     0(%rbp),$s0
+                xor     0+$ivec,$s0
-                xor     4(%rbp),$s1
+                xor     4+$ivec,$s1
-                xor     8(%rbp),$s2
+                xor     8+$ivec,$s2
-                xor     12(%rbp),$s3
+                xor     12+$ivec,$s3
+                mov     0($inp),%r11    # load input
+                mov     8($inp),%r12
+                sub     \$16,%r10
+                jz      .Lcbc_fast_dec_in_place_done
-                mov     0($inp),%r10    # copy input to iv
+                mov     %r11,0+$ivec    # copy input to iv
-                mov     8($inp),%r11
+                mov     %r12,8+$ivec
-                mov     %r10,0(%rbp)
-                mov     %r11,8(%rbp)
                mov     $s0,0($out)     # save output [zaps input]
                mov     $s1,4($out)
                mov     $s2,8($out)
                mov     $s3,12($out)
-                mov     $_len,%rcx
                lea     16($inp),$inp
                lea     16($out),$out
-                sub     \$16,%rcx
+                mov     %r10,$_len
-                jc      .Lcbc_dec_in_place_partial
+        jmp     .Lcbc_fast_dec_in_place_loop
-                mov     %rcx,$_len
+.Lcbc_fast_dec_in_place_done:
-        jnz     .Lcbc_dec_in_place
+        mov     $_ivp,%rdi
-        jmp     .Lcbc_cleanup
+        mov     %r11,0(%rdi)    # copy iv back to user
+        mov     %r12,8(%rdi)
+        mov     $s0,0($out)     # save output [zaps input]
+        mov     $s1,4($out)
+        mov     $s2,8($out)
+        mov     $s3,12($out)
 .align  4
-.Lcbc_dec_in_place_partial:
+.Lcbc_fast_cleanup:
-        # one can argue if this is actually required
+        cmpl    \$0,$mark       # was the key schedule copied?
-        lea     ($out,%rcx),%rdi
+        lea     $aes_key,%rdi
-        lea     (%rbp,%rcx),%rsi
+        je      .Lcbc_exit
-        neg     %rcx
+                mov     \$240/8,%ecx
-        .long   0xF689A4F3      # rep movsb     # restore tail
+                xor     %rax,%rax
-        jmp     .Lcbc_cleanup
+                .long   0x90AB48F3      # rep stosq
+        jmp     .Lcbc_exit
+#--------------------------- SLOW ROUTINE ---------------------------#
+.align  16
+.Lcbc_slow_prologue:
+        # allocate aligned stack frame...
+        lea     -88(%rsp),%rbp
+        and     \$-64,%rbp
+        # ... just "above" key schedule
+        lea     -88-63(%rcx),%r10
+        sub     %rbp,%r10
+        neg     %r10
+        and     \$0x3c0,%r10
+        sub     %r10,%rbp
+        xchg    %rsp,%rbp
+        #add    \$8,%rsp        # reserve for return address!
+        mov     %rbp,$_rsp      # save %rsp
+.Lcbc_slow_body:
+        #mov    %rdi,$_inp      # save copy of inp
+        #mov    %rsi,$_out      # save copy of out
+        #mov    %rdx,$_len      # save copy of len
+        #mov    %rcx,$_key      # save copy of key
+        mov     %r8,$_ivp       # save copy of ivp
+        mov     %r8,%rbp        # rearrange input arguments
+        mov     %r9,%rbx
+        mov     %rsi,$out
+        mov     %rdi,$inp
+        mov     %rcx,$key
+        mov     %rdx,%r10
+        mov     240($key),%eax
+        mov     $key,$keyp      # save key pointer
+        shl     \$4,%eax
+        lea     ($key,%rax),%rax
+        mov     %rax,$keyend
+        # pick Te4 copy which can't "overlap" with stack frame or key scdedule
+        lea     2048($sbox),$sbox
+        lea     768-8(%rsp),%rax
+        sub     $sbox,%rax
+        and     \$0x300,%rax
+        lea     ($sbox,%rax),$sbox
+        cmp     \$0,%rbx
+        je      .LSLOW_DECRYPT
+#--------------------------- SLOW ENCRYPT ---------------------------#
+        test    \$-16,%r10              # check upon length
+        mov     0(%rbp),$s0             # load iv
+        mov     4(%rbp),$s1
+        mov     8(%rbp),$s2
+        mov     12(%rbp),$s3
+        jz      .Lcbc_slow_enc_tail     # short input...
+.align  4
+.Lcbc_slow_enc_loop:
+                xor     0($inp),$s0
+                xor     4($inp),$s1
+                xor     8($inp),$s2
+                xor     12($inp),$s3
+                mov     $keyp,$key      # restore key
+                mov     $inp,$_inp      # save inp
+                mov     $out,$_out      # save out
+                mov     %r10,$_len      # save len
+                call    _x86_64_AES_encrypt_compact
+                mov     $_inp,$inp      # restore inp
+                mov     $_out,$out      # restore out
+                mov     $_len,%r10      # restore len
+                mov     $s0,0($out)
+                mov     $s1,4($out)
+                mov     $s2,8($out)
+                mov     $s3,12($out)
+                lea     16($inp),$inp
+                lea     16($out),$out
+                sub     \$16,%r10
+                test    \$-16,%r10
+        jnz     .Lcbc_slow_enc_loop
+        test    \$15,%r10
+        jnz     .Lcbc_slow_enc_tail
+        mov     $_ivp,%rbp      # restore ivp
+        mov     $s0,0(%rbp)     # save ivec
+        mov     $s1,4(%rbp)
+        mov     $s2,8(%rbp)
+        mov     $s3,12(%rbp)
+        jmp     .Lcbc_exit
+.align  4
+.Lcbc_slow_enc_tail:
+        mov     %rax,%r11
+        mov     %rcx,%r12
+        mov     %r10,%rcx
+        mov     $inp,%rsi
+        mov     $out,%rdi
+        .long   0x9066A4F3              # rep movsb
+        mov     \$16,%rcx               # zero tail
+        sub     %r10,%rcx
+        xor     %rax,%rax
+        .long   0x9066AAF3              # rep stosb
+        mov     $out,$inp               # this is not a mistake!
+        mov     \$16,%r10               # len=16
+        mov     %r11,%rax
+        mov     %r12,%rcx
+        jmp     .Lcbc_slow_enc_loop     # one more spin...
+#--------------------------- SLOW DECRYPT ---------------------------#
+.align  16
+.LSLOW_DECRYPT:
+        shr     \$3,%rax
+        add     %rax,$sbox              # recall "magic" constants!
+        mov     0(%rbp),%r11            # copy iv to stack
+        mov     8(%rbp),%r12
+        mov     %r11,0+$ivec
+        mov     %r12,8+$ivec
+.align  4
+.Lcbc_slow_dec_loop:
+                mov     0($inp),$s0     # load input
+                mov     4($inp),$s1
+                mov     8($inp),$s2
+                mov     12($inp),$s3
+                mov     $keyp,$key      # restore key
+                mov     $inp,$_inp      # save inp
+                mov     $out,$_out      # save out
+                mov     %r10,$_len      # save len
+                call    _x86_64_AES_decrypt_compact
+                mov     $_inp,$inp      # restore inp
+                mov     $_out,$out      # restore out
+                mov     $_len,%r10
+                xor     0+$ivec,$s0
+                xor     4+$ivec,$s1
+                xor     8+$ivec,$s2
+                xor     12+$ivec,$s3
+                mov     0($inp),%r11    # load input
+                mov     8($inp),%r12
+                sub     \$16,%r10
+                jc      .Lcbc_slow_dec_partial
+                jz      .Lcbc_slow_dec_done
+                mov     %r11,0+$ivec    # copy input to iv
+                mov     %r12,8+$ivec
+                mov     $s0,0($out)     # save output [can zap input]
+                mov     $s1,4($out)
+                mov     $s2,8($out)
+                mov     $s3,12($out)
+                lea     16($inp),$inp
+                lea     16($out),$out
+        jmp     .Lcbc_slow_dec_loop
+.Lcbc_slow_dec_done:
+        mov     $_ivp,%rdi
+        mov     %r11,0(%rdi)            # copy iv back to user
+        mov     %r12,8(%rdi)
+        mov     $s0,0($out)             # save output [can zap input]
+        mov     $s1,4($out)
+        mov     $s2,8($out)
+        mov     $s3,12($out)
+        jmp     .Lcbc_exit
+.align  4
+.Lcbc_slow_dec_partial:
+        mov     $_ivp,%rdi
+        mov     %r11,0(%rdi)            # copy iv back to user
+        mov     %r12,8(%rdi)
+        mov     $s0,0+$ivec             # save output to stack
+        mov     $s1,4+$ivec
+        mov     $s2,8+$ivec
+        mov     $s3,12+$ivec
+        mov     $out,%rdi
+        lea     $ivec,%rsi
+        lea     16(%r10),%rcx
+        .long   0x9066A4F3      # rep movsb
+        jmp     .Lcbc_exit
+.align  16
+.Lcbc_exit:
+        mov     $_rsp,%rsi
+        mov     (%rsi),%r15
+        mov     8(%rsi),%r14
+        mov     16(%rsi),%r13
+        mov     24(%rsi),%r12
+        mov     32(%rsi),%rbp
+        mov     40(%rsi),%rbx
+        lea     48(%rsi),%rsp
+.Lcbc_popfq:
+        popfq
+.Lcbc_epilogue:
+        ret
 .size   AES_cbc_encrypt,.-AES_cbc_encrypt
 ___
 }
 $code.=<<___;
-.globl  AES_Te
 .align  64
-AES_Te:
+.LAES_Te:
 ___
        &_data_word(0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6);
        &_data_word(0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591);
@@ -1463,16 +2169,149 @@ ___
        &_data_word(0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0);
        &_data_word(0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e);
        &_data_word(0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c);
+#Te4    # four copies of Te4 to choose from to avoid L1 aliasing
+        &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
+        &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
+        &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
+        &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
+        &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
+        &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
+        &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
+        &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
+        &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
+        &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
+        &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
+        &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
+        &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
+        &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
+        &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
+        &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
+        &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
+        &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
+        &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
+        &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
+        &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
+        &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
+        &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
+        &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
+        &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
+        &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
+        &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
+        &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
+        &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
+        &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
+        &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
+        &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
+        &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
+        &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
+        &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
+        &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
+        &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
+        &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
+        &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
+        &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
+        &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
+        &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
+        &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
+        &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
+        &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
+        &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
+        &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
+        &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
+        &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
+        &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
+        &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
+        &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
+        &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
+        &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
+        &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
+        &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
+        &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
+        &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
+        &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
+        &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
+        &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
+        &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
+        &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
+        &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
+        &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
+        &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
+        &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
+        &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
+        &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
+        &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
+        &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
+        &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
+        &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
+        &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
+        &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
+        &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
+        &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
+        &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
+        &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
+        &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
+        &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
+        &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
+        &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
+        &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
+        &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
+        &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
+        &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
+        &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
+        &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
+        &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
+        &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
+        &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
+        &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
+        &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
+        &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
+        &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
+        &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
+        &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
+        &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
+        &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
+        &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
+        &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
+        &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
+        &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
+        &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
+        &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
+        &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
+        &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
+        &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
+        &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
+        &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
+        &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
+        &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
+        &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
+        &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
+        &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
+        &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
+        &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
+        &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
+        &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
+        &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
+        &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
+        &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
+        &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
+        &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
+        &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
+        &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
+        &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
 #rcon:
 $code.=<<___;
        .long   0x00000001, 0x00000002, 0x00000004, 0x00000008
        .long   0x00000010, 0x00000020, 0x00000040, 0x00000080
-        .long   0x0000001b, 0x00000036, 0, 0, 0, 0, 0, 0
+        .long   0x0000001b, 0x00000036, 0x80808080, 0x80808080
+        .long   0xfefefefe, 0xfefefefe, 0x1b1b1b1b, 0x1b1b1b1b
 ___
 $code.=<<___;
-.globl  AES_Td
 .align  64
-AES_Td:
+.LAES_Td:
 ___
        &_data_word(0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a);
        &_data_word(0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b);
@@ -1538,7 +2377,116 @@ ___
        &_data_word(0x72c31d16, 0x0c25e2bc, 0x8b493c28, 0x41950dff);
        &_data_word(0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664);
        &_data_word(0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0);
-#Td4:
+#Td4:   # four copies of Td4 to choose from to avoid L1 aliasing
+        &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
+        &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
+        &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
+        &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
+        &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
+        &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
+        &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
+        &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
+        &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
+        &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
+        &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
+        &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
+        &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
+        &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
+        &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
+        &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
+        &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
+        &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
+        &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
+        &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
+        &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
+        &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
+        &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
+        &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
+        &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
+        &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
+        &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
+        &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
+        &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
+        &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
+        &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
+        &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
+$code.=<<___;
+        .long   0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe
+        .long   0x1b1b1b1b, 0x1b1b1b1b, 0, 0
+___
+        &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
+        &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
+        &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
+        &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
+        &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
+        &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
+        &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
+        &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
+        &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
+        &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
+        &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
+        &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
+        &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
+        &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
+        &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
+        &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
+        &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
+        &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
+        &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
+        &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
+        &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
+        &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
+        &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
+        &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
+        &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
+        &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
+        &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
+        &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
+        &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
+        &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
+        &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
+        &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
+$code.=<<___;
+        .long   0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe
+        .long   0x1b1b1b1b, 0x1b1b1b1b, 0, 0
+___
+        &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
+        &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
+        &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
+        &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
+        &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
+        &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
+        &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
+        &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
+        &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
+        &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
+        &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
+        &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
+        &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
+        &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
+        &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
+        &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
+        &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
+        &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
+        &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
+        &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
+        &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
+        &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
+        &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
+        &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
+        &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
+        &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
+        &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
+        &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
+        &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
+        &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
+        &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
+        &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
+$code.=<<___;
+        .long   0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe
+        .long   0x1b1b1b1b, 0x1b1b1b1b, 0, 0
+___
        &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
        &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
        &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
@@ -1571,6 +2519,288 @@ ___
        &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
        &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
        &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
+$code.=<<___;
+        .long   0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe
+        .long   0x1b1b1b1b, 0x1b1b1b1b, 0, 0
+.asciz  "AES for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
+.align  64
+___
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#               CONTEXT *context,DISPATCHER_CONTEXT *disp)
+if ($win64) {
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+$code.=<<___;
+.extern __imp_RtlVirtualUnwind
+.type   block_se_handler,\@abi-omnipotent
+.align  16
+block_se_handler:
+        push    %rsi
+        push    %rdi
+        push    %rbx
+        push    %rbp
+        push    %r12
+        push    %r13
+        push    %r14
+        push    %r15
+        pushfq
+        sub     \$64,%rsp
+        mov     120($context),%rax      # pull context->Rax
+        mov     248($context),%rbx      # pull context->Rip
+        mov     8($disp),%rsi           # disp->ImageBase
+        mov     56($disp),%r11          # disp->HandlerData
+        mov     0(%r11),%r10d           # HandlerData[0]
+        lea     (%rsi,%r10),%r10        # prologue label
+        cmp     %r10,%rbx               # context->Rip<prologue label
+        jb      .Lin_block_prologue
+        mov     152($context),%rax      # pull context->Rsp
+        mov     4(%r11),%r10d           # HandlerData[1]
+        lea     (%rsi,%r10),%r10        # epilogue label
+        cmp     %r10,%rbx               # context->Rip>=epilogue label
+        jae     .Lin_block_prologue
+        mov     24(%rax),%rax           # pull saved real stack pointer
+        lea     48(%rax),%rax           # adjust...
+        mov     -8(%rax),%rbx
+        mov     -16(%rax),%rbp
+        mov     -24(%rax),%r12
+        mov     -32(%rax),%r13
+        mov     -40(%rax),%r14
+        mov     -48(%rax),%r15
+        mov     %rbx,144($context)      # restore context->Rbx
+        mov     %rbp,160($context)      # restore context->Rbp
+        mov     %r12,216($context)      # restore context->R12
+        mov     %r13,224($context)      # restore context->R13
+        mov     %r14,232($context)      # restore context->R14
+        mov     %r15,240($context)      # restore context->R15
+.Lin_block_prologue:
+        mov     8(%rax),%rdi
+        mov     16(%rax),%rsi
+        mov     %rax,152($context)      # restore context->Rsp
+        mov     %rsi,168($context)      # restore context->Rsi
+        mov     %rdi,176($context)      # restore context->Rdi
+        jmp     .Lcommon_seh_exit
+.size   block_se_handler,.-block_se_handler
+.type   key_se_handler,\@abi-omnipotent
+.align  16
+key_se_handler:
+        push    %rsi
+        push    %rdi
+        push    %rbx
+        push    %rbp
+        push    %r12
+        push    %r13
+        push    %r14
+        push    %r15
+        pushfq
+        sub     \$64,%rsp
+        mov     120($context),%rax      # pull context->Rax
+        mov     248($context),%rbx      # pull context->Rip
+        mov     8($disp),%rsi           # disp->ImageBase
+        mov     56($disp),%r11          # disp->HandlerData
+        mov     0(%r11),%r10d           # HandlerData[0]
+        lea     (%rsi,%r10),%r10        # prologue label
+        cmp     %r10,%rbx               # context->Rip<prologue label
+        jb      .Lin_key_prologue
+        mov     152($context),%rax      # pull context->Rsp
+        mov     4(%r11),%r10d           # HandlerData[1]
+        lea     (%rsi,%r10),%r10        # epilogue label
+        cmp     %r10,%rbx               # context->Rip>=epilogue label
+        jae     .Lin_key_prologue
+        lea     56(%rax),%rax
+        mov     -8(%rax),%rbx
+        mov     -16(%rax),%rbp
+        mov     -24(%rax),%r12
+        mov     -32(%rax),%r13
+        mov     -40(%rax),%r14
+        mov     -48(%rax),%r15
+        mov     %rbx,144($context)      # restore context->Rbx
+        mov     %rbp,160($context)      # restore context->Rbp
+        mov     %r12,216($context)      # restore context->R12
+        mov     %r13,224($context)      # restore context->R13
+        mov     %r14,232($context)      # restore context->R14
+        mov     %r15,240($context)      # restore context->R15
+.Lin_key_prologue:
+        mov     8(%rax),%rdi
+        mov     16(%rax),%rsi
+        mov     %rax,152($context)      # restore context->Rsp
+        mov     %rsi,168($context)      # restore context->Rsi
+        mov     %rdi,176($context)      # restore context->Rdi
+        jmp     .Lcommon_seh_exit
+.size   key_se_handler,.-key_se_handler
+.type   cbc_se_handler,\@abi-omnipotent
+.align  16
+cbc_se_handler:
+        push    %rsi
+        push    %rdi
+        push    %rbx
+        push    %rbp
+        push    %r12
+        push    %r13
+        push    %r14
+        push    %r15
+        pushfq
+        sub     \$64,%rsp
+        mov     120($context),%rax      # pull context->Rax
+        mov     248($context),%rbx      # pull context->Rip
+        lea     .Lcbc_prologue(%rip),%r10
+        cmp     %r10,%rbx               # context->Rip<.Lcbc_prologue
+        jb      .Lin_cbc_prologue
+        lea     .Lcbc_fast_body(%rip),%r10
+        cmp     %r10,%rbx               # context->Rip<.Lcbc_fast_body
+        jb      .Lin_cbc_frame_setup
+        lea     .Lcbc_slow_prologue(%rip),%r10
+        cmp     %r10,%rbx               # context->Rip<.Lcbc_slow_prologue
+        jb      .Lin_cbc_body
+        lea     .Lcbc_slow_body(%rip),%r10
+        cmp     %r10,%rbx               # context->Rip<.Lcbc_slow_body
+        jb      .Lin_cbc_frame_setup
+.Lin_cbc_body:
+        mov     152($context),%rax      # pull context->Rsp
+        lea     .Lcbc_epilogue(%rip),%r10
+        cmp     %r10,%rbx               # context->Rip>=.Lcbc_epilogue
+        jae     .Lin_cbc_prologue
+        lea     8(%rax),%rax
+        lea     .Lcbc_popfq(%rip),%r10
+        cmp     %r10,%rbx               # context->Rip>=.Lcbc_popfq
+        jae     .Lin_cbc_prologue
+        mov     `16-8`(%rax),%rax       # biased $_rsp
+        lea     56(%rax),%rax
+.Lin_cbc_frame_setup:
+        mov     -16(%rax),%rbx
+        mov     -24(%rax),%rbp
+        mov     -32(%rax),%r12
+        mov     -40(%rax),%r13
+        mov     -48(%rax),%r14
+        mov     -56(%rax),%r15
+        mov     %rbx,144($context)      # restore context->Rbx
+        mov     %rbp,160($context)      # restore context->Rbp
+        mov     %r12,216($context)      # restore context->R12
+        mov     %r13,224($context)      # restore context->R13
+        mov     %r14,232($context)      # restore context->R14
+        mov     %r15,240($context)      # restore context->R15
+.Lin_cbc_prologue:
+        mov     8(%rax),%rdi
+        mov     16(%rax),%rsi
+        mov     %rax,152($context)      # restore context->Rsp
+        mov     %rsi,168($context)      # restore context->Rsi
+        mov     %rdi,176($context)      # restore context->Rdi
+.Lcommon_seh_exit:
+        mov     40($disp),%rdi          # disp->ContextRecord
+        mov     $context,%rsi           # context
+        mov     \$`1232/8`,%ecx         # sizeof(CONTEXT)
+        .long   0xa548f3fc              # cld; rep movsq
+        mov     $disp,%rsi
+        xor     %rcx,%rcx               # arg1, UNW_FLAG_NHANDLER
+        mov     8(%rsi),%rdx            # arg2, disp->ImageBase
+        mov     0(%rsi),%r8             # arg3, disp->ControlPc
+        mov     16(%rsi),%r9            # arg4, disp->FunctionEntry
+        mov     40(%rsi),%r10           # disp->ContextRecord
+        lea     56(%rsi),%r11           # &disp->HandlerData
+        lea     24(%rsi),%r12           # &disp->EstablisherFrame
+        mov     %r10,32(%rsp)           # arg5
+        mov     %r11,40(%rsp)           # arg6
+        mov     %r12,48(%rsp)           # arg7
+        mov     %rcx,56(%rsp)           # arg8, (NULL)
+        call    *__imp_RtlVirtualUnwind(%rip)
+        mov     \$1,%eax                # ExceptionContinueSearch
+        add     \$64,%rsp
+        popfq
+        pop     %r15
+        pop     %r14
+        pop     %r13
+        pop     %r12
+        pop     %rbp
+        pop     %rbx
+        pop     %rdi
+        pop     %rsi
+        ret
+.size   cbc_se_handler,.-cbc_se_handler
+.section        .pdata
+.align  4
+        .rva    .LSEH_begin_AES_encrypt
+        .rva    .LSEH_end_AES_encrypt
+        .rva    .LSEH_info_AES_encrypt
+        .rva    .LSEH_begin_AES_decrypt
+        .rva    .LSEH_end_AES_decrypt
+        .rva    .LSEH_info_AES_decrypt
+        .rva    .LSEH_begin_AES_set_encrypt_key
+        .rva    .LSEH_end_AES_set_encrypt_key
+        .rva    .LSEH_info_AES_set_encrypt_key
+        .rva    .LSEH_begin_AES_set_decrypt_key
+        .rva    .LSEH_end_AES_set_decrypt_key
+        .rva    .LSEH_info_AES_set_decrypt_key
+        .rva    .LSEH_begin_AES_cbc_encrypt
+        .rva    .LSEH_end_AES_cbc_encrypt
+        .rva    .LSEH_info_AES_cbc_encrypt
+.section        .xdata
+.align  8
+.LSEH_info_AES_encrypt:
+        .byte   9,0,0,0
+        .rva    block_se_handler
+        .rva    .Lenc_prologue,.Lenc_epilogue   # HandlerData[]
+.LSEH_info_AES_decrypt:
+        .byte   9,0,0,0
+        .rva    block_se_handler
+        .rva    .Ldec_prologue,.Ldec_epilogue   # HandlerData[]
+.LSEH_info_AES_set_encrypt_key:
+        .byte   9,0,0,0
+        .rva    key_se_handler
+        .rva    .Lenc_key_prologue,.Lenc_key_epilogue   # HandlerData[]
+.LSEH_info_AES_set_decrypt_key:
+        .byte   9,0,0,0
+        .rva    key_se_handler
+        .rva    .Ldec_key_prologue,.Ldec_key_epilogue   # HandlerData[]
+.LSEH_info_AES_cbc_encrypt:
+        .byte   9,0,0,0
+        .rva    cbc_se_handler
+___
+}
 $code =~ s/\`([^\`]*)\`/eval($1)/gem;
diff --git a/src/lib/libcrypto/asn1/a_bitstr.c b/src/lib/libcrypto/asn1/a_bitstr.c
index 0fb9ce0c2a..34179960b8 100644
--- a/src/lib/libcrypto/asn1/a_bitstr.c
+++ b/src/lib/libcrypto/asn1/a_bitstr.c
@@ -223,3 +223,26 @@ int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n)
        return((a->data[w]&v) != 0);
        }
+/*
+ * Checks if the given bit string contains only bits specified by 
+ * the flags vector. Returns 0 if there is at least one bit set in 'a'
+ * which is not specified in 'flags', 1 otherwise.
+ * 'len' is the length of 'flags'.
+ */
+int ASN1_BIT_STRING_check(ASN1_BIT_STRING *a,
+                          unsigned char *flags, int flags_len)
+        {
+        int i, ok;
+        /* Check if there is one bit set at all. */
+        if (!a || !a->data) return 1;
+        /* Check each byte of the internal representation of the bit string. */
+        ok = 1;
+        for (i = 0; i < a->length && ok; ++i)
+                {
+                unsigned char mask = i < flags_len ? ~flags[i] : 0xff;
+                /* We are done if there is an unneeded bit set. */
+                ok = (a->data[i] & mask) == 0;
+                }
+        return ok;
+        }
diff --git a/src/lib/libcrypto/asn1/a_dup.c b/src/lib/libcrypto/asn1/a_dup.c
index 199d50f521..d98992548a 100644
--- a/src/lib/libcrypto/asn1/a_dup.c
+++ b/src/lib/libcrypto/asn1/a_dup.c
@@ -62,7 +62,7 @@
 #ifndef NO_OLD_ASN1
-void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, char *x)
+void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, void *x)
        {
        unsigned char *b,*p;
        const unsigned char *p2;
diff --git a/src/lib/libcrypto/asn1/a_int.c b/src/lib/libcrypto/asn1/a_int.c
index f8d198efb1..c6fd204ae3 100644
--- a/src/lib/libcrypto/asn1/a_int.c
+++ b/src/lib/libcrypto/asn1/a_int.c
@@ -61,10 +61,10 @@
 #include <openssl/asn1.h>
 #include <openssl/bn.h>
-ASN1_INTEGER *ASN1_INTEGER_dup(ASN1_INTEGER *x)
+ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x)
 { return M_ASN1_INTEGER_dup(x);}
-int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y)
+int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y)
        { 
        int neg, ret;
        /* Compare signs */
@@ -373,7 +373,7 @@ int ASN1_INTEGER_set(ASN1_INTEGER *a, long v)
        return(1);
        }
-long ASN1_INTEGER_get(ASN1_INTEGER *a)
+long ASN1_INTEGER_get(const ASN1_INTEGER *a)
        {
        int neg=0,i;
        long r=0;
@@ -402,7 +402,7 @@ long ASN1_INTEGER_get(ASN1_INTEGER *a)
        return(r);
        }
-ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai)
+ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai)
        {
        ASN1_INTEGER *ret;
        int len,j;
@@ -444,7 +444,7 @@ err:
        return(NULL);
        }
-BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai, BIGNUM *bn)
+BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn)
        {
        BIGNUM *ret;
diff --git a/src/lib/libcrypto/asn1/a_mbstr.c b/src/lib/libcrypto/asn1/a_mbstr.c
index 1bcd046893..1538e0a4fc 100644
--- a/src/lib/libcrypto/asn1/a_mbstr.c
+++ b/src/lib/libcrypto/asn1/a_mbstr.c
@@ -93,7 +93,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
        int str_type;
        int ret;
        char free_out;
-        int outform, outlen;
+        int outform, outlen = 0;
        ASN1_STRING *dest;
        unsigned char *p;
        int nchar;
diff --git a/src/lib/libcrypto/asn1/a_object.c b/src/lib/libcrypto/asn1/a_object.c
index dc980421d0..e5fbe7cbb1 100644
--- a/src/lib/libcrypto/asn1/a_object.c
+++ b/src/lib/libcrypto/asn1/a_object.c
@@ -281,8 +281,6 @@ ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
        return ret;
 err:
        ASN1err(ASN1_F_D2I_ASN1_OBJECT,i);
-        if ((ret != NULL) && ((a == NULL) || (*a != ret)))
-                ASN1_OBJECT_free(ret);
        return(NULL);
 }
 ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
@@ -290,7 +288,19 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
        {
        ASN1_OBJECT *ret=NULL;
        const unsigned char *p;
+        unsigned char *data;
        int i;
+        /* Sanity check OID encoding: can't have leading 0x80 in
+         * subidentifiers, see: X.690 8.19.2
+         */
+        for (i = 0, p = *pp + 1; i < len - 1; i++, p++)
+                {
+                if (*p == 0x80 && (!i || !(p[-1] & 0x80)))
+                        {
+                        ASN1err(ASN1_F_C2I_ASN1_OBJECT,ASN1_R_INVALID_OBJECT_ENCODING);
+                        return NULL;
+                        }
+                }
        /* only the ASN1_OBJECTs from the 'table' will have values
         * for ->sn or ->ln */
@@ -302,15 +312,22 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
        else    ret=(*a);
        p= *pp;
-        if ((ret->data == NULL) || (ret->length < len))
+        /* detach data from object */
+        data = (unsigned char *)ret->data;
+        ret->data = NULL;
+        /* once detached we can change it */
+        if ((data == NULL) || (ret->length < len))
                {
-                if (ret->data != NULL) OPENSSL_free(ret->data);
+                ret->length=0;
-                ret->data=(unsigned char *)OPENSSL_malloc(len ? (int)len : 1);
+                if (data != NULL) OPENSSL_free(data);
-                ret->flags|=ASN1_OBJECT_FLAG_DYNAMIC_DATA;
+                data=(unsigned char *)OPENSSL_malloc(len ? (int)len : 1);
-                if (ret->data == NULL)
+                if (data == NULL)
                        { i=ERR_R_MALLOC_FAILURE; goto err; }
+                ret->flags|=ASN1_OBJECT_FLAG_DYNAMIC_DATA;
                }
-        memcpy(ret->data,p,(int)len);
+        memcpy(data,p,(int)len);
+        /* reattach data to object, after which it remains const */
+        ret->data  =data;
        ret->length=(int)len;
        ret->sn=NULL;
        ret->ln=NULL;
@@ -359,7 +376,7 @@ void ASN1_OBJECT_free(ASN1_OBJECT *a)
                }
        if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA)
                {
-                if (a->data != NULL) OPENSSL_free(a->data);
+                if (a->data != NULL) OPENSSL_free((void *)a->data);
                a->data=NULL;
                a->length=0;
                }
diff --git a/src/lib/libcrypto/asn1/a_octet.c b/src/lib/libcrypto/asn1/a_octet.c
index 24fd0f8e5a..e8725e44f1 100644
--- a/src/lib/libcrypto/asn1/a_octet.c
+++ b/src/lib/libcrypto/asn1/a_octet.c
@@ -60,10 +60,10 @@
 #include "cryptlib.h"
 #include <openssl/asn1.h>
-ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *x)
+ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(const ASN1_OCTET_STRING *x)
 { return M_ASN1_OCTET_STRING_dup(x); }
-int ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b)
+int ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a, const ASN1_OCTET_STRING *b)
 { return M_ASN1_OCTET_STRING_cmp(a, b); }
 int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *x, const unsigned char *d, int len)
diff --git a/src/lib/libcrypto/asn1/a_set.c b/src/lib/libcrypto/asn1/a_set.c
index 958558c204..d726c8d3a8 100644
--- a/src/lib/libcrypto/asn1/a_set.c
+++ b/src/lib/libcrypto/asn1/a_set.c
@@ -85,8 +85,9 @@ static int SetBlobCmp(const void *elem1, const void *elem2 )
    }
 /* int is_set:  if TRUE, then sort the contents (i.e. it isn't a SEQUENCE)    */
-int i2d_ASN1_SET(STACK *a, unsigned char **pp, i2d_of_void *i2d, int ex_tag,
+int i2d_ASN1_SET(STACK_OF(OPENSSL_BLOCK) *a, unsigned char **pp,
-                 int ex_class, int is_set)
+                 i2d_of_void *i2d, int ex_tag, int ex_class,
+                 int is_set)
        {
        int ret=0,r;
        int i;
@@ -96,8 +97,8 @@ int i2d_ASN1_SET(STACK *a, unsigned char **pp, i2d_of_void *i2d, int ex_tag,
        int totSize;
        if (a == NULL) return(0);
-        for (i=sk_num(a)-1; i>=0; i--)
+        for (i=sk_OPENSSL_BLOCK_num(a)-1; i>=0; i--)
-                ret+=i2d(sk_value(a,i),NULL);
+                ret+=i2d(sk_OPENSSL_BLOCK_value(a,i),NULL);
        r=ASN1_object_size(1,ret,ex_tag);
        if (pp == NULL) return(r);
@@ -108,10 +109,10 @@ int i2d_ASN1_SET(STACK *a, unsigned char **pp, i2d_of_void *i2d, int ex_tag,
        /* And then again by Ben */
        /* And again by Steve */
-        if(!is_set || (sk_num(a) < 2))
+        if(!is_set || (sk_OPENSSL_BLOCK_num(a) < 2))
                {
-                for (i=0; i<sk_num(a); i++)
+                for (i=0; i<sk_OPENSSL_BLOCK_num(a); i++)
-                        i2d(sk_value(a,i),&p);
+                        i2d(sk_OPENSSL_BLOCK_value(a,i),&p);
                *pp=p;
                return(r);
@@ -119,17 +120,17 @@ int i2d_ASN1_SET(STACK *a, unsigned char **pp, i2d_of_void *i2d, int ex_tag,
        pStart  = p; /* Catch the beg of Setblobs*/
                /* In this array we will store the SET blobs */
-                rgSetBlob = (MYBLOB *)OPENSSL_malloc(sk_num(a) * sizeof(MYBLOB));
+                rgSetBlob = OPENSSL_malloc(sk_OPENSSL_BLOCK_num(a) * sizeof(MYBLOB));
                if (rgSetBlob == NULL)
                        {
                        ASN1err(ASN1_F_I2D_ASN1_SET,ERR_R_MALLOC_FAILURE);
                        return(0);
                        }
-        for (i=0; i<sk_num(a); i++)
+        for (i=0; i<sk_OPENSSL_BLOCK_num(a); i++)
                {
                rgSetBlob[i].pbData = p;  /* catch each set encode blob */
-                i2d(sk_value(a,i),&p);
+                i2d(sk_OPENSSL_BLOCK_value(a,i),&p);
                rgSetBlob[i].cbData = p - rgSetBlob[i].pbData; /* Length of this
 SetBlob
 */
@@ -139,7 +140,7 @@ SetBlob
 /* Now we have to sort the blobs. I am using a simple algo.
    *Sort ptrs *Copy to temp-mem *Copy from temp-mem to user-mem*/
-        qsort( rgSetBlob, sk_num(a), sizeof(MYBLOB), SetBlobCmp);
+        qsort( rgSetBlob, sk_OPENSSL_BLOCK_num(a), sizeof(MYBLOB), SetBlobCmp);
                if (!(pTempMem = OPENSSL_malloc(totSize)))
                        {
                        ASN1err(ASN1_F_I2D_ASN1_SET,ERR_R_MALLOC_FAILURE);
@@ -148,7 +149,7 @@ SetBlob
 /* Copy to temp mem */
        p = pTempMem;
-        for(i=0; i<sk_num(a); ++i)
+        for(i=0; i<sk_OPENSSL_BLOCK_num(a); ++i)
                {
                memcpy(p, rgSetBlob[i].pbData, rgSetBlob[i].cbData);
                p += rgSetBlob[i].cbData;
@@ -162,16 +163,18 @@ SetBlob
        return(r);
        }
-STACK *d2i_ASN1_SET(STACK **a, const unsigned char **pp, long length,
+STACK_OF(OPENSSL_BLOCK) *d2i_ASN1_SET(STACK_OF(OPENSSL_BLOCK) **a,
-                    d2i_of_void *d2i, void (*free_func)(void *), int ex_tag,
+                              const unsigned char **pp,
-                    int ex_class)
+                              long length, d2i_of_void *d2i,
+                              void (*free_func)(OPENSSL_BLOCK), int ex_tag,
+                              int ex_class)
        {
        ASN1_const_CTX c;
-        STACK *ret=NULL;
+        STACK_OF(OPENSSL_BLOCK) *ret=NULL;
        if ((a == NULL) || ((*a) == NULL))
                {
-                if ((ret=sk_new_null()) == NULL)
+                if ((ret=sk_OPENSSL_BLOCK_new_null()) == NULL)
                        {
                        ASN1err(ASN1_F_D2I_ASN1_SET,ERR_R_MALLOC_FAILURE);
                        goto err;
@@ -216,10 +219,10 @@ STACK *d2i_ASN1_SET(STACK **a, const unsigned char **pp, long length,
                if ((s=d2i(NULL,&c.p,c.slen)) == NULL)
                        {
                        ASN1err(ASN1_F_D2I_ASN1_SET,ASN1_R_ERROR_PARSING_SET_ELEMENT);
-                        asn1_add_error(*pp,(int)(c.q- *pp));
+                        asn1_add_error(*pp,(int)(c.p- *pp));
                        goto err;
                        }
-                if (!sk_push(ret,s)) goto err;
+                if (!sk_OPENSSL_BLOCK_push(ret,s)) goto err;
                }
        if (a != NULL) (*a)=ret;
        *pp=c.p;
@@ -228,9 +231,9 @@ err:
        if ((ret != NULL) && ((a == NULL) || (*a != ret)))
                {
                if (free_func != NULL)
-                        sk_pop_free(ret,free_func);
+                        sk_OPENSSL_BLOCK_pop_free(ret,free_func);
                else
-                        sk_free(ret);
+                        sk_OPENSSL_BLOCK_free(ret);
                }
        return(NULL);
        }
diff --git a/src/lib/libcrypto/asn1/a_sign.c b/src/lib/libcrypto/asn1/a_sign.c
index 4dee45fbb8..ff63bfc7be 100644
--- a/src/lib/libcrypto/asn1/a_sign.c
+++ b/src/lib/libcrypto/asn1/a_sign.c
@@ -123,6 +123,7 @@
 #include <openssl/x509.h>
 #include <openssl/objects.h>
 #include <openssl/buffer.h>
+#include "asn1_locl.h"
 #ifndef NO_ASN1_OLD
@@ -218,45 +219,47 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
        {
        EVP_MD_CTX ctx;
        unsigned char *buf_in=NULL,*buf_out=NULL;
-        int i,inl=0,outl=0,outll=0;
+        int inl=0,outl=0,outll=0;
-        X509_ALGOR *a;
+        int signid, paramtype;
-        EVP_MD_CTX_init(&ctx);
+        if (type == NULL)
-        for (i=0; i<2; i++)
                {
-                if (i == 0)
+                int def_nid;
-                        a=algor1;
+                if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) > 0)
-                else
+                        type = EVP_get_digestbynid(def_nid);
-                        a=algor2;
+                }
-                if (a == NULL) continue;
-                if (type->pkey_type == NID_dsaWithSHA1 ||
+        if (type == NULL)
-                        type->pkey_type == NID_ecdsa_with_SHA1)
+                {
-                        {
+                ASN1err(ASN1_F_ASN1_ITEM_SIGN, ASN1_R_NO_DEFAULT_DIGEST);
-                        /* special case: RFC 3279 tells us to omit 'parameters'
+                return 0;
-                         * with id-dsa-with-sha1 and ecdsa-with-SHA1 */
+                }
-                        ASN1_TYPE_free(a->parameter);
-                        a->parameter = NULL;
+        if (type->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE)
-                        }
+                {
-                else if ((a->parameter == NULL) || 
+                if (!pkey->ameth ||
-                        (a->parameter->type != V_ASN1_NULL))
+                        !OBJ_find_sigid_by_algs(&signid, EVP_MD_nid(type),
-                        {
+                                                pkey->ameth->pkey_id))
-                        ASN1_TYPE_free(a->parameter);
-                        if ((a->parameter=ASN1_TYPE_new()) == NULL) goto err;
-                        a->parameter->type=V_ASN1_NULL;
-                        }
-                ASN1_OBJECT_free(a->algorithm);
-                a->algorithm=OBJ_nid2obj(type->pkey_type);
-                if (a->algorithm == NULL)
-                        {
-                        ASN1err(ASN1_F_ASN1_ITEM_SIGN,ASN1_R_UNKNOWN_OBJECT_TYPE);
-                        goto err;
-                        }
-                if (a->algorithm->length == 0)
                        {
-                        ASN1err(ASN1_F_ASN1_ITEM_SIGN,ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
+                        ASN1err(ASN1_F_ASN1_ITEM_SIGN,
-                        goto err;
+                                ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
+                        return 0;
                        }
                }
+        else
+                signid = type->pkey_type;
+        if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL)
+                paramtype = V_ASN1_NULL;
+        else
+                paramtype = V_ASN1_UNDEF;
+        if (algor1)
+                X509_ALGOR_set0(algor1, OBJ_nid2obj(signid), paramtype, NULL);
+        if (algor2)
+                X509_ALGOR_set0(algor2, OBJ_nid2obj(signid), paramtype, NULL);
+        EVP_MD_CTX_init(&ctx);
        inl=ASN1_item_i2d(asn,&buf_in, it);
        outll=outl=EVP_PKEY_size(pkey);
        buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl);
@@ -267,12 +270,7 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
                goto err;
                }
-        if (!EVP_SignInit_ex(&ctx,type, NULL))
+        EVP_SignInit_ex(&ctx,type, NULL);
-                {
-                outl=0;
-                ASN1err(ASN1_F_ASN1_ITEM_SIGN,ERR_R_EVP_LIB);
-                goto err;
-                }
        EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);
        if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,
                        (unsigned int *)&outl,pkey))
diff --git a/src/lib/libcrypto/asn1/a_strnid.c b/src/lib/libcrypto/asn1/a_strnid.c
index fe515b52ba..753021a7a2 100644
--- a/src/lib/libcrypto/asn1/a_strnid.c
+++ b/src/lib/libcrypto/asn1/a_strnid.c
@@ -67,7 +67,6 @@ static STACK_OF(ASN1_STRING_TABLE) *stable = NULL;
 static void st_free(ASN1_STRING_TABLE *tbl);
 static int sk_table_cmp(const ASN1_STRING_TABLE * const *a,
                        const ASN1_STRING_TABLE * const *b);
-static int table_cmp(const void *a, const void *b);
 /* This is the global mask for the mbstring functions: this is use to
@@ -158,7 +157,7 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in,
 /* This table must be kept in NID order */
-static ASN1_STRING_TABLE tbl_standard[] = {
+static const ASN1_STRING_TABLE tbl_standard[] = {
 {NID_commonName,                1, ub_common_name, DIRSTRING_TYPE, 0},
 {NID_countryName,               2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
 {NID_localityName,              1, ub_locality_name, DIRSTRING_TYPE, 0},
@@ -186,22 +185,23 @@ static int sk_table_cmp(const ASN1_STRING_TABLE * const *a,
        return (*a)->nid - (*b)->nid;
 }
-static int table_cmp(const void *a, const void *b)
+DECLARE_OBJ_BSEARCH_CMP_FN(ASN1_STRING_TABLE, ASN1_STRING_TABLE, table);
+static int table_cmp(const ASN1_STRING_TABLE *a, const ASN1_STRING_TABLE *b)
 {
-        const ASN1_STRING_TABLE *sa = a, *sb = b;
+        return a->nid - b->nid;
-        return sa->nid - sb->nid;
 }
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(ASN1_STRING_TABLE, ASN1_STRING_TABLE, table);
 ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid)
 {
        int idx;
        ASN1_STRING_TABLE *ttmp;
        ASN1_STRING_TABLE fnd;
        fnd.nid = nid;
-        ttmp = (ASN1_STRING_TABLE *) OBJ_bsearch((char *)&fnd,
+        ttmp = OBJ_bsearch_table(&fnd, tbl_standard, 
-                                        (char *)tbl_standard, 
+                           sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE));
-                        sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE),
-                        sizeof(ASN1_STRING_TABLE), table_cmp);
        if(ttmp) return ttmp;
        if(!stable) return NULL;
        idx = sk_ASN1_STRING_TABLE_find(stable, &fnd);
diff --git a/src/lib/libcrypto/asn1/a_time.c b/src/lib/libcrypto/asn1/a_time.c
index 159681fbcb..e2eb9b243e 100644
--- a/src/lib/libcrypto/asn1/a_time.c
+++ b/src/lib/libcrypto/asn1/a_time.c
@@ -100,18 +100,29 @@ int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **pp)
 ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t)
        {
+        return ASN1_TIME_adj(s, t, 0, 0);
+        }
+ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t,
+                                int offset_day, long offset_sec)
+        {
        struct tm *ts;
        struct tm data;
        ts=OPENSSL_gmtime(&t,&data);
        if (ts == NULL)
                {
-                ASN1err(ASN1_F_ASN1_TIME_SET, ASN1_R_ERROR_GETTING_TIME);
+                ASN1err(ASN1_F_ASN1_TIME_ADJ, ASN1_R_ERROR_GETTING_TIME);
                return NULL;
                }
+        if (offset_day || offset_sec)
+                { 
+                if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec))
+                        return NULL;
+                }
        if((ts->tm_year >= 50) && (ts->tm_year < 150))
-                                        return ASN1_UTCTIME_set(s, t);
+                        return ASN1_UTCTIME_adj(s, t, offset_day, offset_sec);
-        return ASN1_GENERALIZEDTIME_set(s,t);
+        return ASN1_GENERALIZEDTIME_adj(s, t, offset_day, offset_sec);
        }
 int ASN1_TIME_check(ASN1_TIME *t)
@@ -162,3 +173,26 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZE
        return ret;
        }
+int ASN1_TIME_set_string(ASN1_TIME *s, const char *str)
+        {
+        ASN1_TIME t;
+        t.length = strlen(str);
+        t.data = (unsigned char *)str;
+        t.flags = 0;
+        
+        t.type = V_ASN1_UTCTIME;
+        if (!ASN1_TIME_check(&t))
+                {
+                t.type = V_ASN1_GENERALIZEDTIME;
+                if (!ASN1_TIME_check(&t))
+                        return 0;
+                }
+        
+        if (s && !ASN1_STRING_copy((ASN1_STRING *)s, (ASN1_STRING *)&t))
+                        return 0;
+        return 1;
+        }
diff --git a/src/lib/libcrypto/asn1/a_type.c b/src/lib/libcrypto/asn1/a_type.c
index 36beceacdb..a45d2f9d12 100644
--- a/src/lib/libcrypto/asn1/a_type.c
+++ b/src/lib/libcrypto/asn1/a_type.c
@@ -77,7 +77,10 @@ void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value)
                ASN1_primitive_free((ASN1_VALUE **)tmp_a, NULL);
                }
        a->type=type;
-        a->value.ptr=value;
+        if (type == V_ASN1_BOOLEAN)
+                a->value.boolean = value ? 0xff : 0;
+        else
+                a->value.ptr=value;
        }
 int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value)
@@ -98,7 +101,7 @@ int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value)
        else
                {
                ASN1_STRING *sdup;
-                sdup = ASN1_STRING_dup((ASN1_STRING *)value);
+                sdup = ASN1_STRING_dup(value);
                if (!sdup)
                        return 0;
                ASN1_TYPE_set(a, type, sdup);
@@ -108,3 +111,49 @@ int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value)
 IMPLEMENT_STACK_OF(ASN1_TYPE)
 IMPLEMENT_ASN1_SET_OF(ASN1_TYPE)
+/* Returns 0 if they are equal, != 0 otherwise. */
+int ASN1_TYPE_cmp(ASN1_TYPE *a, ASN1_TYPE *b)
+        {
+        int result = -1;
+        if (!a || !b || a->type != b->type) return -1;
+        switch (a->type)
+                {
+        case V_ASN1_OBJECT:
+                result = OBJ_cmp(a->value.object, b->value.object);
+                break;
+        case V_ASN1_NULL:
+                result = 0;     /* They do not have content. */
+                break;
+        case V_ASN1_INTEGER:
+        case V_ASN1_NEG_INTEGER:
+        case V_ASN1_ENUMERATED:
+        case V_ASN1_NEG_ENUMERATED:
+        case V_ASN1_BIT_STRING:
+        case V_ASN1_OCTET_STRING:
+        case V_ASN1_SEQUENCE:
+        case V_ASN1_SET:
+        case V_ASN1_NUMERICSTRING:
+        case V_ASN1_PRINTABLESTRING:
+        case V_ASN1_T61STRING:
+        case V_ASN1_VIDEOTEXSTRING:
+        case V_ASN1_IA5STRING:
+        case V_ASN1_UTCTIME:
+        case V_ASN1_GENERALIZEDTIME:
+        case V_ASN1_GRAPHICSTRING:
+        case V_ASN1_VISIBLESTRING:
+        case V_ASN1_GENERALSTRING:
+        case V_ASN1_UNIVERSALSTRING:
+        case V_ASN1_BMPSTRING:
+        case V_ASN1_UTF8STRING:
+        case V_ASN1_OTHER:
+        default:
+                result = ASN1_STRING_cmp((ASN1_STRING *) a->value.ptr,
+                                         (ASN1_STRING *) b->value.ptr);
+                break;
+                }
+        return result;
+        }
diff --git a/src/lib/libcrypto/asn1/a_verify.c b/src/lib/libcrypto/asn1/a_verify.c
index da3efaaf8d..cecdb13c70 100644
--- a/src/lib/libcrypto/asn1/a_verify.c
+++ b/src/lib/libcrypto/asn1/a_verify.c
@@ -60,6 +60,7 @@
 #include <time.h>
 #include "cryptlib.h"
+#include "asn1_locl.h"
 #ifndef NO_SYS_TYPES_H
 # include <sys/types.h>
@@ -100,12 +101,7 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
        p=buf_in;
        i2d(data,&p);
-        if (!EVP_VerifyInit_ex(&ctx,type, NULL))
+        EVP_VerifyInit_ex(&ctx,type, NULL);
-                {
-                ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB);
-                ret=0;
-                goto err;
-                }
        EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
        OPENSSL_cleanse(buf_in,(unsigned int)inl);
@@ -134,19 +130,34 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat
             void *asn, EVP_PKEY *pkey)
        {
        EVP_MD_CTX ctx;
-        const EVP_MD *type;
+        const EVP_MD *type = NULL;
        unsigned char *buf_in=NULL;
-        int ret= -1,i,inl;
+        int ret= -1,inl;
+        int mdnid, pknid;
        EVP_MD_CTX_init(&ctx);
-        i=OBJ_obj2nid(a->algorithm);
-        type=EVP_get_digestbyname(OBJ_nid2sn(i));
+        /* Convert signature OID into digest and public key OIDs */
+        if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->algorithm), &mdnid, &pknid))
+                {
+                ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM);
+                goto err;
+                }
+        type=EVP_get_digestbynid(mdnid);
        if (type == NULL)
                {
                ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
                goto err;
                }
+        /* Check public key OID matches public key type */
+        if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id)
+                {
+                ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_WRONG_PUBLIC_KEY_TYPE);
+                goto err;
+                }
        if (!EVP_VerifyInit_ex(&ctx,type, NULL))
                {
                ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);
diff --git a/src/lib/libcrypto/asn1/ameth_lib.c b/src/lib/libcrypto/asn1/ameth_lib.c
index 18957c669e..9a8b6cc222 100644
--- a/src/lib/libcrypto/asn1/ameth_lib.c
+++ b/src/lib/libcrypto/asn1/ameth_lib.c
@@ -301,6 +301,8 @@ EVP_PKEY_ASN1_METHOD* EVP_PKEY_asn1_new(int id, int flags,
                if (!ameth->info)
                        goto err;
                }
+        else
+                ameth->info = NULL;
        if (pem_str)
                {
@@ -308,6 +310,8 @@ EVP_PKEY_ASN1_METHOD* EVP_PKEY_asn1_new(int id, int flags,
                if (!ameth->pem_str)
                        goto err;
                }
+        else
+                ameth->pem_str = NULL;
        ameth->pub_decode = 0;
        ameth->pub_encode = 0;
diff --git a/src/lib/libcrypto/asn1/asn1.h b/src/lib/libcrypto/asn1/asn1.h
index e3385226d4..f7718b5a94 100644
--- a/src/lib/libcrypto/asn1/asn1.h
+++ b/src/lib/libcrypto/asn1/asn1.h
@@ -213,7 +213,7 @@ typedef struct asn1_object_st
        const char *sn,*ln;
        int nid;
        int length;
-        unsigned char *data;
+        const unsigned char *data;      /* data remains const after init */
        int flags;      /* Should we free this one */
        } ASN1_OBJECT;
@@ -228,8 +228,12 @@ typedef struct asn1_object_st
 * complete and is a place holder for content when it had all been 
 * accessed. The flag will be reset when content has been written to it.
 */
-#define ASN1_STRING_FLAG_CONT 0x020 
+#define ASN1_STRING_FLAG_CONT 0x020 
+/* This flag is used by ASN1 code to indicate an ASN1_STRING is an MSTRING
+ * type.
+ */
+#define ASN1_STRING_FLAG_MSTRING 0x040 
 /* This is the base type that holds just about everything :-) */
 typedef struct asn1_string_st
        {
@@ -330,6 +334,13 @@ typedef struct ASN1_VALUE_st ASN1_VALUE;
        type *name##_new(void); \
        void name##_free(type *a);
+#define DECLARE_ASN1_PRINT_FUNCTION(stname) \
+        DECLARE_ASN1_PRINT_FUNCTION_fname(stname, stname)
+#define DECLARE_ASN1_PRINT_FUNCTION_fname(stname, fname) \
+        int fname##_print_ctx(BIO *out, stname *x, int indent, \
+                                         const ASN1_PCTX *pctx);
 #define D2I_OF(type) type *(*)(type **,const unsigned char **,long)
 #define I2D_OF(type) int (*)(type *,unsigned char **)
 #define I2D_OF_const(type) int (*)(const type *,unsigned char **)
@@ -534,28 +545,23 @@ typedef struct asn1_type_st
                 * contain the set or sequence bytes */
                ASN1_STRING *           set;
                ASN1_STRING *           sequence;
-                ASN1_VALUE  *           asn1_value;
+                ASN1_VALUE *            asn1_value;
                } value;
        } ASN1_TYPE;
 DECLARE_STACK_OF(ASN1_TYPE)
 DECLARE_ASN1_SET_OF(ASN1_TYPE)
-typedef struct asn1_method_st
+typedef STACK_OF(ASN1_TYPE) ASN1_SEQUENCE_ANY;
-        {
-        i2d_of_void *i2d;
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY)
-        d2i_of_void *d2i;
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SET_ANY)
-        void *(*create)(void);
-        void (*destroy)(void *);
+typedef struct NETSCAPE_X509_st
-        } ASN1_METHOD;
-/* This is used when parsing some Netscape objects */
-typedef struct asn1_header_st
        {
        ASN1_OCTET_STRING *header;
-        void *data;
+        X509 *cert;
-        ASN1_METHOD *meth;
+        } NETSCAPE_X509;
-        } ASN1_HEADER;
 /* This is used to contain a list of bit names */
 typedef struct BIT_STRING_BITNAME_st {
@@ -575,32 +581,34 @@ typedef struct BIT_STRING_BITNAME_st {
                ASN1_STRING_type_new(V_ASN1_BIT_STRING)
 #define M_ASN1_BIT_STRING_free(a)       ASN1_STRING_free((ASN1_STRING *)a)
 #define M_ASN1_BIT_STRING_dup(a) (ASN1_BIT_STRING *)\
-                ASN1_STRING_dup((ASN1_STRING *)a)
+                ASN1_STRING_dup((const ASN1_STRING *)a)
 #define M_ASN1_BIT_STRING_cmp(a,b) ASN1_STRING_cmp(\
-                (ASN1_STRING *)a,(ASN1_STRING *)b)
+                (const ASN1_STRING *)a,(const ASN1_STRING *)b)
 #define M_ASN1_BIT_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c)
 #define M_ASN1_INTEGER_new()    (ASN1_INTEGER *)\
                ASN1_STRING_type_new(V_ASN1_INTEGER)
 #define M_ASN1_INTEGER_free(a)          ASN1_STRING_free((ASN1_STRING *)a)
-#define M_ASN1_INTEGER_dup(a) (ASN1_INTEGER *)ASN1_STRING_dup((ASN1_STRING *)a)
+#define M_ASN1_INTEGER_dup(a) (ASN1_INTEGER *)\
+                ASN1_STRING_dup((const ASN1_STRING *)a)
 #define M_ASN1_INTEGER_cmp(a,b) ASN1_STRING_cmp(\
-                (ASN1_STRING *)a,(ASN1_STRING *)b)
+                (const ASN1_STRING *)a,(const ASN1_STRING *)b)
 #define M_ASN1_ENUMERATED_new() (ASN1_ENUMERATED *)\
                ASN1_STRING_type_new(V_ASN1_ENUMERATED)
 #define M_ASN1_ENUMERATED_free(a)       ASN1_STRING_free((ASN1_STRING *)a)
-#define M_ASN1_ENUMERATED_dup(a) (ASN1_ENUMERATED *)ASN1_STRING_dup((ASN1_STRING *)a)
+#define M_ASN1_ENUMERATED_dup(a) (ASN1_ENUMERATED *)\
+                ASN1_STRING_dup((const ASN1_STRING *)a)
 #define M_ASN1_ENUMERATED_cmp(a,b)      ASN1_STRING_cmp(\
-                (ASN1_STRING *)a,(ASN1_STRING *)b)
+                (const ASN1_STRING *)a,(const ASN1_STRING *)b)
 #define M_ASN1_OCTET_STRING_new()       (ASN1_OCTET_STRING *)\
                ASN1_STRING_type_new(V_ASN1_OCTET_STRING)
 #define M_ASN1_OCTET_STRING_free(a)     ASN1_STRING_free((ASN1_STRING *)a)
 #define M_ASN1_OCTET_STRING_dup(a) (ASN1_OCTET_STRING *)\
-                ASN1_STRING_dup((ASN1_STRING *)a)
+                ASN1_STRING_dup((const ASN1_STRING *)a)
 #define M_ASN1_OCTET_STRING_cmp(a,b) ASN1_STRING_cmp(\
-                (ASN1_STRING *)a,(ASN1_STRING *)b)
+                (const ASN1_STRING *)a,(const ASN1_STRING *)b)
 #define M_ASN1_OCTET_STRING_set(a,b,c)  ASN1_STRING_set((ASN1_STRING *)a,b,c)
 #define M_ASN1_OCTET_STRING_print(a,b)  ASN1_STRING_print(a,(ASN1_STRING *)b)
 #define M_i2d_ASN1_OCTET_STRING(a,pp) \
@@ -684,7 +692,7 @@ typedef struct BIT_STRING_BITNAME_st {
                ASN1_STRING_type_new(V_ASN1_IA5STRING)
 #define M_ASN1_IA5STRING_free(a)        ASN1_STRING_free((ASN1_STRING *)a)
 #define M_ASN1_IA5STRING_dup(a) \
-                        (ASN1_IA5STRING *)ASN1_STRING_dup((ASN1_STRING *)a)
+                (ASN1_IA5STRING *)ASN1_STRING_dup((const ASN1_STRING *)a)
 #define M_i2d_ASN1_IA5STRING(a,pp) \
                i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_IA5STRING,\
                        V_ASN1_UNIVERSAL)
@@ -695,18 +703,20 @@ typedef struct BIT_STRING_BITNAME_st {
 #define M_ASN1_UTCTIME_new()    (ASN1_UTCTIME *)\
                ASN1_STRING_type_new(V_ASN1_UTCTIME)
 #define M_ASN1_UTCTIME_free(a)  ASN1_STRING_free((ASN1_STRING *)a)
-#define M_ASN1_UTCTIME_dup(a) (ASN1_UTCTIME *)ASN1_STRING_dup((ASN1_STRING *)a)
+#define M_ASN1_UTCTIME_dup(a) (ASN1_UTCTIME *)\
+                ASN1_STRING_dup((const ASN1_STRING *)a)
 #define M_ASN1_GENERALIZEDTIME_new()    (ASN1_GENERALIZEDTIME *)\
                ASN1_STRING_type_new(V_ASN1_GENERALIZEDTIME)
 #define M_ASN1_GENERALIZEDTIME_free(a)  ASN1_STRING_free((ASN1_STRING *)a)
 #define M_ASN1_GENERALIZEDTIME_dup(a) (ASN1_GENERALIZEDTIME *)ASN1_STRING_dup(\
-        (ASN1_STRING *)a)
+        (const ASN1_STRING *)a)
 #define M_ASN1_TIME_new()       (ASN1_TIME *)\
                ASN1_STRING_type_new(V_ASN1_UTCTIME)
 #define M_ASN1_TIME_free(a)     ASN1_STRING_free((ASN1_STRING *)a)
-#define M_ASN1_TIME_dup(a) (ASN1_TIME *)ASN1_STRING_dup((ASN1_STRING *)a)
+#define M_ASN1_TIME_dup(a) (ASN1_TIME *)\
+        ASN1_STRING_dup((const ASN1_STRING *)a)
 #define M_ASN1_GENERALSTRING_new()      (ASN1_GENERALSTRING *)\
                ASN1_STRING_type_new(V_ASN1_GENERALSTRING)
@@ -767,6 +777,7 @@ DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE)
 int ASN1_TYPE_get(ASN1_TYPE *a);
 void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
 int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value);
+int            ASN1_TYPE_cmp(ASN1_TYPE *a, ASN1_TYPE *b);
 ASN1_OBJECT *   ASN1_OBJECT_new(void );
 void            ASN1_OBJECT_free(ASN1_OBJECT *a);
@@ -783,14 +794,15 @@ DECLARE_ASN1_SET_OF(ASN1_OBJECT)
 ASN1_STRING *   ASN1_STRING_new(void);
 void            ASN1_STRING_free(ASN1_STRING *a);
-ASN1_STRING *   ASN1_STRING_dup(ASN1_STRING *a);
+int             ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str);
+ASN1_STRING *   ASN1_STRING_dup(const ASN1_STRING *a);
 ASN1_STRING *   ASN1_STRING_type_new(int type );
-int             ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b);
+int             ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b);
  /* Since this is used to store all sorts of things, via macros, for now, make
     its data void * */
 int             ASN1_STRING_set(ASN1_STRING *str, const void *data, int len);
 void            ASN1_STRING_set0(ASN1_STRING *str, void *data, int len);
-int ASN1_STRING_length(ASN1_STRING *x);
+int ASN1_STRING_length(const ASN1_STRING *x);
 void ASN1_STRING_length_set(ASN1_STRING *x, int n);
 int ASN1_STRING_type(ASN1_STRING *x);
 unsigned char * ASN1_STRING_data(ASN1_STRING *x);
@@ -803,6 +815,8 @@ int		ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d,
                        int length );
 int             ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value);
 int             ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n);
+int            ASN1_BIT_STRING_check(ASN1_BIT_STRING *a,
+                                     unsigned char *flags, int flags_len);
 #ifndef OPENSSL_NO_BIO
 int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,
@@ -821,13 +835,15 @@ ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a,const unsigned char **pp,
                        long length);
 ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a,const unsigned char **pp,
                        long length);
-ASN1_INTEGER *  ASN1_INTEGER_dup(ASN1_INTEGER *x);
+ASN1_INTEGER *  ASN1_INTEGER_dup(const ASN1_INTEGER *x);
-int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y);
+int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y);
 DECLARE_ASN1_FUNCTIONS(ASN1_ENUMERATED)
 int ASN1_UTCTIME_check(ASN1_UTCTIME *a);
 ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s,time_t t);
+ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
+                                int offset_day, long offset_sec);
 int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str);
 int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t);
 #if 0
@@ -836,11 +852,13 @@ time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s);
 int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a);
 ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,time_t t);
+ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s,
+             time_t t, int offset_day, long offset_sec);
 int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str);
 DECLARE_ASN1_FUNCTIONS(ASN1_OCTET_STRING)
-ASN1_OCTET_STRING *     ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *a);
+ASN1_OCTET_STRING *     ASN1_OCTET_STRING_dup(const ASN1_OCTET_STRING *a);
-int     ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b);
+int     ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a, const ASN1_OCTET_STRING *b);
 int     ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, const unsigned char *data, int len);
 DECLARE_ASN1_FUNCTIONS(ASN1_VISIBLESTRING)
@@ -867,14 +885,20 @@ DECLARE_ASN1_FUNCTIONS(ASN1_TIME)
 DECLARE_ASN1_ITEM(ASN1_OCTET_STRING_NDEF)
 ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s,time_t t);
+ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s,time_t t,
+                                int offset_day, long offset_sec);
 int ASN1_TIME_check(ASN1_TIME *t);
 ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out);
+int ASN1_TIME_set_string(ASN1_TIME *s, const char *str);
-int i2d_ASN1_SET(STACK *a, unsigned char **pp,
+int i2d_ASN1_SET(STACK_OF(OPENSSL_BLOCK) *a, unsigned char **pp,
-                 i2d_of_void *i2d, int ex_tag, int ex_class, int is_set);
+                 i2d_of_void *i2d, int ex_tag, int ex_class,
-STACK * d2i_ASN1_SET(STACK **a, const unsigned char **pp, long length,
+                 int is_set);
-                     d2i_of_void *d2i, void (*free_func)(void *),
+STACK_OF(OPENSSL_BLOCK) *d2i_ASN1_SET(STACK_OF(OPENSSL_BLOCK) **a,
-                     int ex_tag, int ex_class);
+                              const unsigned char **pp,
+                              long length, d2i_of_void *d2i,
+                              void (*free_func)(OPENSSL_BLOCK), int ex_tag,
+                              int ex_class);
 #ifndef OPENSSL_NO_BIO
 int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a);
@@ -892,9 +916,9 @@ ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data,int len,
        const char *sn, const char *ln);
 int ASN1_INTEGER_set(ASN1_INTEGER *a, long v);
-long ASN1_INTEGER_get(ASN1_INTEGER *a);
+long ASN1_INTEGER_get(const ASN1_INTEGER *a);
-ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai);
+ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai);
-BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai,BIGNUM *bn);
+BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai,BIGNUM *bn);
 int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v);
 long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a);
@@ -928,7 +952,7 @@ int ASN1_put_eoc(unsigned char **pp);
 int ASN1_object_size(int constructed, int length, int tag);
 /* Used to implement other functions */
-void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, char *x);
+void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, void *x);
 #define ASN1_dup_of(type,i2d,d2i,x) \
    ((type*)ASN1_dup(CHECKED_I2D_OF(type, i2d), \
@@ -999,29 +1023,23 @@ int ASN1_i2d_bio(i2d_of_void *i2d,BIO *out, unsigned char *x);
                  CHECKED_PTR_OF(const type, x)))
 int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x);
-int ASN1_UTCTIME_print(BIO *fp,ASN1_UTCTIME *a);
+int ASN1_UTCTIME_print(BIO *fp, const ASN1_UTCTIME *a);
-int ASN1_GENERALIZEDTIME_print(BIO *fp,ASN1_GENERALIZEDTIME *a);
+int ASN1_GENERALIZEDTIME_print(BIO *fp, const ASN1_GENERALIZEDTIME *a);
-int ASN1_TIME_print(BIO *fp,ASN1_TIME *a);
+int ASN1_TIME_print(BIO *fp, const ASN1_TIME *a);
-int ASN1_STRING_print(BIO *bp,ASN1_STRING *v);
+int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v);
 int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags);
+int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num,
+                                unsigned char *buf, int off);
 int ASN1_parse(BIO *bp,const unsigned char *pp,long len,int indent);
 int ASN1_parse_dump(BIO *bp,const unsigned char *pp,long len,int indent,int dump);
 #endif
 const char *ASN1_tag2str(int tag);
-/* Used to load and write netscape format cert/key */
+/* Used to load and write netscape format cert */
-int i2d_ASN1_HEADER(ASN1_HEADER *a,unsigned char **pp);
-ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER **a,const unsigned char **pp, long length);
-ASN1_HEADER *ASN1_HEADER_new(void );
-void ASN1_HEADER_free(ASN1_HEADER *a);
-int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s);
+DECLARE_ASN1_FUNCTIONS(NETSCAPE_X509)
-/* Not used that much at this point, except for the first two */
+int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s);
-ASN1_METHOD *X509_asn1_meth(void);
-ASN1_METHOD *RSAPrivateKey_asn1_meth(void);
-ASN1_METHOD *ASN1_IA5STRING_asn1_meth(void);
-ASN1_METHOD *ASN1_BIT_STRING_asn1_meth(void);
 int ASN1_TYPE_set_octetstring(ASN1_TYPE *a,
        unsigned char *data, int len);
@@ -1032,9 +1050,9 @@ int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num,
 int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a,long *num,
        unsigned char *data, int max_len);
-STACK *ASN1_seq_unpack(const unsigned char *buf, int len,
+STACK_OF(OPENSSL_BLOCK) *ASN1_seq_unpack(const unsigned char *buf, int len,
-                       d2i_of_void *d2i, void (*free_func)(void *));
+                                 d2i_of_void *d2i, void (*free_func)(OPENSSL_BLOCK));
-unsigned char *ASN1_seq_pack(STACK *safes, i2d_of_void *i2d,
+unsigned char *ASN1_seq_pack(STACK_OF(OPENSSL_BLOCK) *safes, i2d_of_void *i2d,
                             unsigned char **buf, int *len );
 void *ASN1_unpack_string(ASN1_STRING *oct, d2i_of_void *d2i);
 void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it);
@@ -1077,15 +1095,58 @@ void ASN1_add_oid_module(void);
 ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf);
 ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf);
-typedef int asn1_output_data_fn(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
+/* ASN1 Print flags */
-                                        const ASN1_ITEM *it);
+/* Indicate missing OPTIONAL fields */
-int int_smime_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
+#define ASN1_PCTX_FLAGS_SHOW_ABSENT             0x001   
+/* Mark start and end of SEQUENCE */
+#define ASN1_PCTX_FLAGS_SHOW_SEQUENCE           0x002
+/* Mark start and end of SEQUENCE/SET OF */
+#define ASN1_PCTX_FLAGS_SHOW_SSOF               0x004
+/* Show the ASN1 type of primitives */
+#define ASN1_PCTX_FLAGS_SHOW_TYPE               0x008
+/* Don't show ASN1 type of ANY */
+#define ASN1_PCTX_FLAGS_NO_ANY_TYPE             0x010
+/* Don't show ASN1 type of MSTRINGs */
+#define ASN1_PCTX_FLAGS_NO_MSTRING_TYPE         0x020
+/* Don't show field names in SEQUENCE */
+#define ASN1_PCTX_FLAGS_NO_FIELD_NAME           0x040
+/* Show structure names of each SEQUENCE field */
+#define ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME  0x080
+/* Don't show structure name even at top level */
+#define ASN1_PCTX_FLAGS_NO_STRUCT_NAME          0x100
+int ASN1_item_print(BIO *out, ASN1_VALUE *ifld, int indent,
+                                const ASN1_ITEM *it, const ASN1_PCTX *pctx);
+ASN1_PCTX *ASN1_PCTX_new(void);
+void ASN1_PCTX_free(ASN1_PCTX *p);
+unsigned long ASN1_PCTX_get_flags(ASN1_PCTX *p);
+void ASN1_PCTX_set_flags(ASN1_PCTX *p, unsigned long flags);
+unsigned long ASN1_PCTX_get_nm_flags(ASN1_PCTX *p);
+void ASN1_PCTX_set_nm_flags(ASN1_PCTX *p, unsigned long flags);
+unsigned long ASN1_PCTX_get_cert_flags(ASN1_PCTX *p);
+void ASN1_PCTX_set_cert_flags(ASN1_PCTX *p, unsigned long flags);
+unsigned long ASN1_PCTX_get_oid_flags(ASN1_PCTX *p);
+void ASN1_PCTX_set_oid_flags(ASN1_PCTX *p, unsigned long flags);
+unsigned long ASN1_PCTX_get_str_flags(ASN1_PCTX *p);
+void ASN1_PCTX_set_str_flags(ASN1_PCTX *p, unsigned long flags);
+BIO_METHOD *BIO_f_asn1(void);
+BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it);
+int i2d_ASN1_bio_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
+                                const ASN1_ITEM *it);
+int PEM_write_bio_ASN1_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
+                                const char *hdr,
+                                const ASN1_ITEM *it);
+int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
                                int ctype_nid, int econt_nid,
                                STACK_OF(X509_ALGOR) *mdalgs,
-                                asn1_output_data_fn *data_fn,
                                const ASN1_ITEM *it);
 ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it);
+int SMIME_crlf_copy(BIO *in, BIO *out, int flags);
+int SMIME_text(BIO *in, BIO *out);
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
@@ -1116,6 +1177,7 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_F_ASN1_ENUMERATED_TO_BN                     113
 #define ASN1_F_ASN1_EX_C2I                               204
 #define ASN1_F_ASN1_FIND_END                             190
+#define ASN1_F_ASN1_GENERALIZEDTIME_ADJ                  216
 #define ASN1_F_ASN1_GENERALIZEDTIME_SET                  185
 #define ASN1_F_ASN1_GENERATE_V3                          178
 #define ASN1_F_ASN1_GET_OBJECT                           114
@@ -1136,7 +1198,7 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_F_ASN1_ITEM_VERIFY                          197
 #define ASN1_F_ASN1_MBSTRING_NCOPY                       122
 #define ASN1_F_ASN1_OBJECT_NEW                           123
-#define ASN1_F_ASN1_OUTPUT_DATA                          207
+#define ASN1_F_ASN1_OUTPUT_DATA                          214
 #define ASN1_F_ASN1_PACK_STRING                          124
 #define ASN1_F_ASN1_PCTX_NEW                             205
 #define ASN1_F_ASN1_PKCS5_PBE_SET                        125
@@ -1150,14 +1212,17 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_F_ASN1_TEMPLATE_EX_D2I                      132
 #define ASN1_F_ASN1_TEMPLATE_NEW                         133
 #define ASN1_F_ASN1_TEMPLATE_NOEXP_D2I                   131
+#define ASN1_F_ASN1_TIME_ADJ                             217
 #define ASN1_F_ASN1_TIME_SET                             175
 #define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING             134
 #define ASN1_F_ASN1_TYPE_GET_OCTETSTRING                 135
 #define ASN1_F_ASN1_UNPACK_STRING                        136
+#define ASN1_F_ASN1_UTCTIME_ADJ                          218
 #define ASN1_F_ASN1_UTCTIME_SET                          187
 #define ASN1_F_ASN1_VERIFY                               137
-#define ASN1_F_B64_READ_ASN1                             208
+#define ASN1_F_B64_READ_ASN1                             209
-#define ASN1_F_B64_WRITE_ASN1                            209
+#define ASN1_F_B64_WRITE_ASN1                            210
+#define ASN1_F_BIO_NEW_NDEF                              208
 #define ASN1_F_BITSTR_CB                                 180
 #define ASN1_F_BN_TO_ASN1_ENUMERATED                     138
 #define ASN1_F_BN_TO_ASN1_INTEGER                        139
@@ -1176,6 +1241,7 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_F_D2I_ASN1_TYPE_BYTES                       149
 #define ASN1_F_D2I_ASN1_UINTEGER                         150
 #define ASN1_F_D2I_ASN1_UTCTIME                          151
+#define ASN1_F_D2I_AUTOPRIVATEKEY                        207
 #define ASN1_F_D2I_NETSCAPE_RSA                          152
 #define ASN1_F_D2I_NETSCAPE_RSA_2                        153
 #define ASN1_F_D2I_PRIVATEKEY                            154
@@ -1185,6 +1251,7 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_F_D2I_X509                                  156
 #define ASN1_F_D2I_X509_CINF                             157
 #define ASN1_F_D2I_X509_PKEY                             159
+#define ASN1_F_I2D_ASN1_BIO_STREAM                       211
 #define ASN1_F_I2D_ASN1_SET                              188
 #define ASN1_F_I2D_ASN1_TIME                             160
 #define ASN1_F_I2D_DSA_PUBKEY                            161
@@ -1196,10 +1263,11 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_F_LONG_C2I                                  166
 #define ASN1_F_OID_MODULE_INIT                           174
 #define ASN1_F_PARSE_TAGGING                             182
-#define ASN1_F_PKCS5_PBE2_SET                            167
+#define ASN1_F_PKCS5_PBE2_SET_IV                         167
 #define ASN1_F_PKCS5_PBE_SET                             202
-#define ASN1_F_SMIME_READ_ASN1                           210
+#define ASN1_F_PKCS5_PBE_SET0_ALGOR                      215
-#define ASN1_F_SMIME_TEXT                                211
+#define ASN1_F_SMIME_READ_ASN1                           212
+#define ASN1_F_SMIME_TEXT                                213
 #define ASN1_F_X509_CINF_NEW                             168
 #define ASN1_F_X509_CRL_ADD0_REVOKED                     169
 #define ASN1_F_X509_INFO_NEW                             170
@@ -1211,14 +1279,14 @@ void ERR_load_ASN1_strings(void);
 /* Reason codes. */
 #define ASN1_R_ADDING_OBJECT                             171
-#define ASN1_R_ASN1_PARSE_ERROR                          198
+#define ASN1_R_ASN1_PARSE_ERROR                          203
-#define ASN1_R_ASN1_SIG_PARSE_ERROR                      199
+#define ASN1_R_ASN1_SIG_PARSE_ERROR                      204
 #define ASN1_R_AUX_ERROR                                 100
 #define ASN1_R_BAD_CLASS                                 101
 #define ASN1_R_BAD_OBJECT_HEADER                         102
 #define ASN1_R_BAD_PASSWORD_READ                         103
 #define ASN1_R_BAD_TAG                                   104
-#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH                 210
+#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH                 214
 #define ASN1_R_BN_LIB                                    105
 #define ASN1_R_BOOLEAN_IS_WRONG_LENGTH                   106
 #define ASN1_R_BUFFER_TOO_SMALL                          107
@@ -1227,6 +1295,7 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_R_DECODE_ERROR                              110
 #define ASN1_R_DECODING_ERROR                            111
 #define ASN1_R_DEPTH_EXCEEDED                            174
+#define ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED         198
 #define ASN1_R_ENCODE_ERROR                              112
 #define ASN1_R_ERROR_GETTING_TIME                        173
 #define ASN1_R_ERROR_LOADING_SECTION                     172
@@ -1260,9 +1329,10 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG                128
 #define ASN1_R_INVALID_BMPSTRING_LENGTH                  129
 #define ASN1_R_INVALID_DIGIT                             130
-#define ASN1_R_INVALID_MIME_TYPE                         200
+#define ASN1_R_INVALID_MIME_TYPE                         205
 #define ASN1_R_INVALID_MODIFIER                          186
 #define ASN1_R_INVALID_NUMBER                            187
+#define ASN1_R_INVALID_OBJECT_ENCODING                   216
 #define ASN1_R_INVALID_SEPARATOR                         131
 #define ASN1_R_INVALID_TIME_FORMAT                       132
 #define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH            133
@@ -1270,9 +1340,9 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_R_IV_TOO_LARGE                              135
 #define ASN1_R_LENGTH_ERROR                              136
 #define ASN1_R_LIST_ERROR                                188
-#define ASN1_R_MIME_NO_CONTENT_TYPE                      201
+#define ASN1_R_MIME_NO_CONTENT_TYPE                      206
-#define ASN1_R_MIME_PARSE_ERROR                          202
+#define ASN1_R_MIME_PARSE_ERROR                          207
-#define ASN1_R_MIME_SIG_PARSE_ERROR                      203
+#define ASN1_R_MIME_SIG_PARSE_ERROR                      208
 #define ASN1_R_MISSING_EOC                               137
 #define ASN1_R_MISSING_SECOND_NUMBER                     138
 #define ASN1_R_MISSING_VALUE                             189
@@ -1282,11 +1352,12 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_R_NON_HEX_CHARACTERS                        141
 #define ASN1_R_NOT_ASCII_FORMAT                          190
 #define ASN1_R_NOT_ENOUGH_DATA                           142
-#define ASN1_R_NO_CONTENT_TYPE                           204
+#define ASN1_R_NO_CONTENT_TYPE                           209
+#define ASN1_R_NO_DEFAULT_DIGEST                         201
 #define ASN1_R_NO_MATCHING_CHOICE_TYPE                   143
-#define ASN1_R_NO_MULTIPART_BODY_FAILURE                 205
+#define ASN1_R_NO_MULTIPART_BODY_FAILURE                 210
-#define ASN1_R_NO_MULTIPART_BOUNDARY                     206
+#define ASN1_R_NO_MULTIPART_BOUNDARY                     211
-#define ASN1_R_NO_SIG_CONTENT_TYPE                       207
+#define ASN1_R_NO_SIG_CONTENT_TYPE                       212
 #define ASN1_R_NULL_IS_WRONG_LENGTH                      144
 #define ASN1_R_OBJECT_NOT_ASCII_FORMAT                   191
 #define ASN1_R_ODD_NUMBER_OF_CHARS                       145
@@ -1296,8 +1367,8 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_R_SEQUENCE_NOT_CONSTRUCTED                  149
 #define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG              192
 #define ASN1_R_SHORT_LINE                                150
-#define ASN1_R_SIG_INVALID_MIME_TYPE                     208
+#define ASN1_R_SIG_INVALID_MIME_TYPE                     213
-#define ASN1_R_STREAMING_NOT_SUPPORTED                   209
+#define ASN1_R_STREAMING_NOT_SUPPORTED                   202
 #define ASN1_R_STRING_TOO_LONG                           151
 #define ASN1_R_STRING_TOO_SHORT                          152
 #define ASN1_R_TAG_VALUE_TOO_HIGH                        153
@@ -1308,11 +1379,12 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_R_UNABLE_TO_DECODE_RSA_KEY                  157
 #define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY          158
 #define ASN1_R_UNEXPECTED_EOC                            159
-#define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH           211
+#define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH           215
 #define ASN1_R_UNKNOWN_FORMAT                            160
 #define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM          161
 #define ASN1_R_UNKNOWN_OBJECT_TYPE                       162
 #define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE                   163
+#define ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM               199
 #define ASN1_R_UNKNOWN_TAG                               194
 #define ASN1_R_UNKOWN_FORMAT                             195
 #define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE           164
@@ -1320,6 +1392,7 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM          166
 #define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE               167
 #define ASN1_R_UNSUPPORTED_TYPE                          196
+#define ASN1_R_WRONG_PUBLIC_KEY_TYPE                     200
 #define ASN1_R_WRONG_TAG                                 168
 #define ASN1_R_WRONG_TYPE                                169
diff --git a/src/lib/libcrypto/asn1/asn1_err.c b/src/lib/libcrypto/asn1/asn1_err.c
index 5f5de98eed..6e04d08f31 100644
--- a/src/lib/libcrypto/asn1/asn1_err.c
+++ b/src/lib/libcrypto/asn1/asn1_err.c
@@ -1,6 +1,6 @@
 /* crypto/asn1/asn1_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2009 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -90,10 +90,11 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_FUNC(ASN1_F_ASN1_ENUMERATED_TO_BN),        "ASN1_ENUMERATED_to_BN"},
 {ERR_FUNC(ASN1_F_ASN1_EX_C2I),  "ASN1_EX_C2I"},
 {ERR_FUNC(ASN1_F_ASN1_FIND_END),        "ASN1_FIND_END"},
+{ERR_FUNC(ASN1_F_ASN1_GENERALIZEDTIME_ADJ),     "ASN1_GENERALIZEDTIME_adj"},
 {ERR_FUNC(ASN1_F_ASN1_GENERALIZEDTIME_SET),     "ASN1_GENERALIZEDTIME_set"},
 {ERR_FUNC(ASN1_F_ASN1_GENERATE_V3),     "ASN1_generate_v3"},
 {ERR_FUNC(ASN1_F_ASN1_GET_OBJECT),      "ASN1_get_object"},
-{ERR_FUNC(ASN1_F_ASN1_HEADER_NEW),      "ASN1_HEADER_new"},
+{ERR_FUNC(ASN1_F_ASN1_HEADER_NEW),      "ASN1_HEADER_NEW"},
 {ERR_FUNC(ASN1_F_ASN1_I2D_BIO), "ASN1_i2d_bio"},
 {ERR_FUNC(ASN1_F_ASN1_I2D_FP),  "ASN1_i2d_fp"},
 {ERR_FUNC(ASN1_F_ASN1_INTEGER_SET),     "ASN1_INTEGER_set"},
@@ -112,7 +113,7 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_FUNC(ASN1_F_ASN1_OBJECT_NEW),      "ASN1_OBJECT_new"},
 {ERR_FUNC(ASN1_F_ASN1_OUTPUT_DATA),     "ASN1_OUTPUT_DATA"},
 {ERR_FUNC(ASN1_F_ASN1_PACK_STRING),     "ASN1_pack_string"},
-{ERR_FUNC(ASN1_F_ASN1_PCTX_NEW),        "ASN1_PCTX_NEW"},
+{ERR_FUNC(ASN1_F_ASN1_PCTX_NEW),        "ASN1_PCTX_new"},
 {ERR_FUNC(ASN1_F_ASN1_PKCS5_PBE_SET),   "ASN1_PKCS5_PBE_SET"},
 {ERR_FUNC(ASN1_F_ASN1_SEQ_PACK),        "ASN1_seq_pack"},
 {ERR_FUNC(ASN1_F_ASN1_SEQ_UNPACK),      "ASN1_seq_unpack"},
@@ -124,14 +125,17 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_EX_D2I), "ASN1_TEMPLATE_EX_D2I"},
 {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NEW),    "ASN1_TEMPLATE_NEW"},
 {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I),      "ASN1_TEMPLATE_NOEXP_D2I"},
+{ERR_FUNC(ASN1_F_ASN1_TIME_ADJ),        "ASN1_TIME_adj"},
 {ERR_FUNC(ASN1_F_ASN1_TIME_SET),        "ASN1_TIME_set"},
 {ERR_FUNC(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING),        "ASN1_TYPE_get_int_octetstring"},
 {ERR_FUNC(ASN1_F_ASN1_TYPE_GET_OCTETSTRING),    "ASN1_TYPE_get_octetstring"},
 {ERR_FUNC(ASN1_F_ASN1_UNPACK_STRING),   "ASN1_unpack_string"},
+{ERR_FUNC(ASN1_F_ASN1_UTCTIME_ADJ),     "ASN1_UTCTIME_adj"},
 {ERR_FUNC(ASN1_F_ASN1_UTCTIME_SET),     "ASN1_UTCTIME_set"},
 {ERR_FUNC(ASN1_F_ASN1_VERIFY),  "ASN1_verify"},
 {ERR_FUNC(ASN1_F_B64_READ_ASN1),        "B64_READ_ASN1"},
 {ERR_FUNC(ASN1_F_B64_WRITE_ASN1),       "B64_WRITE_ASN1"},
+{ERR_FUNC(ASN1_F_BIO_NEW_NDEF), "BIO_new_NDEF"},
 {ERR_FUNC(ASN1_F_BITSTR_CB),    "BITSTR_CB"},
 {ERR_FUNC(ASN1_F_BN_TO_ASN1_ENUMERATED),        "BN_to_ASN1_ENUMERATED"},
 {ERR_FUNC(ASN1_F_BN_TO_ASN1_INTEGER),   "BN_to_ASN1_INTEGER"},
@@ -143,13 +147,14 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_FUNC(ASN1_F_D2I_ASN1_BOOLEAN),     "d2i_ASN1_BOOLEAN"},
 {ERR_FUNC(ASN1_F_D2I_ASN1_BYTES),       "d2i_ASN1_bytes"},
 {ERR_FUNC(ASN1_F_D2I_ASN1_GENERALIZEDTIME),     "D2I_ASN1_GENERALIZEDTIME"},
-{ERR_FUNC(ASN1_F_D2I_ASN1_HEADER),      "d2i_ASN1_HEADER"},
+{ERR_FUNC(ASN1_F_D2I_ASN1_HEADER),      "D2I_ASN1_HEADER"},
 {ERR_FUNC(ASN1_F_D2I_ASN1_INTEGER),     "D2I_ASN1_INTEGER"},
 {ERR_FUNC(ASN1_F_D2I_ASN1_OBJECT),      "d2i_ASN1_OBJECT"},
 {ERR_FUNC(ASN1_F_D2I_ASN1_SET), "d2i_ASN1_SET"},
 {ERR_FUNC(ASN1_F_D2I_ASN1_TYPE_BYTES),  "d2i_ASN1_type_bytes"},
 {ERR_FUNC(ASN1_F_D2I_ASN1_UINTEGER),    "d2i_ASN1_UINTEGER"},
 {ERR_FUNC(ASN1_F_D2I_ASN1_UTCTIME),     "D2I_ASN1_UTCTIME"},
+{ERR_FUNC(ASN1_F_D2I_AUTOPRIVATEKEY),   "d2i_AutoPrivateKey"},
 {ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA),     "d2i_Netscape_RSA"},
 {ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA_2),   "D2I_NETSCAPE_RSA_2"},
 {ERR_FUNC(ASN1_F_D2I_PRIVATEKEY),       "d2i_PrivateKey"},
@@ -159,6 +164,7 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_FUNC(ASN1_F_D2I_X509),     "D2I_X509"},
 {ERR_FUNC(ASN1_F_D2I_X509_CINF),        "D2I_X509_CINF"},
 {ERR_FUNC(ASN1_F_D2I_X509_PKEY),        "d2i_X509_PKEY"},
+{ERR_FUNC(ASN1_F_I2D_ASN1_BIO_STREAM),  "i2d_ASN1_bio_stream"},
 {ERR_FUNC(ASN1_F_I2D_ASN1_SET), "i2d_ASN1_SET"},
 {ERR_FUNC(ASN1_F_I2D_ASN1_TIME),        "I2D_ASN1_TIME"},
 {ERR_FUNC(ASN1_F_I2D_DSA_PUBKEY),       "i2d_DSA_PUBKEY"},
@@ -170,8 +176,9 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_FUNC(ASN1_F_LONG_C2I),     "LONG_C2I"},
 {ERR_FUNC(ASN1_F_OID_MODULE_INIT),      "OID_MODULE_INIT"},
 {ERR_FUNC(ASN1_F_PARSE_TAGGING),        "PARSE_TAGGING"},
-{ERR_FUNC(ASN1_F_PKCS5_PBE2_SET),       "PKCS5_pbe2_set"},
+{ERR_FUNC(ASN1_F_PKCS5_PBE2_SET_IV),    "PKCS5_pbe2_set_iv"},
 {ERR_FUNC(ASN1_F_PKCS5_PBE_SET),        "PKCS5_pbe_set"},
+{ERR_FUNC(ASN1_F_PKCS5_PBE_SET0_ALGOR), "PKCS5_pbe_set0_algor"},
 {ERR_FUNC(ASN1_F_SMIME_READ_ASN1),      "SMIME_read_ASN1"},
 {ERR_FUNC(ASN1_F_SMIME_TEXT),   "SMIME_text"},
 {ERR_FUNC(ASN1_F_X509_CINF_NEW),        "X509_CINF_NEW"},
@@ -204,6 +211,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ERR_REASON(ASN1_R_DECODE_ERROR)         ,"decode error"},
 {ERR_REASON(ASN1_R_DECODING_ERROR)       ,"decoding error"},
 {ERR_REASON(ASN1_R_DEPTH_EXCEEDED)       ,"depth exceeded"},
+{ERR_REASON(ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED),"digest and key type not supported"},
 {ERR_REASON(ASN1_R_ENCODE_ERROR)         ,"encode error"},
 {ERR_REASON(ASN1_R_ERROR_GETTING_TIME)   ,"error getting time"},
 {ERR_REASON(ASN1_R_ERROR_LOADING_SECTION),"error loading section"},
@@ -240,6 +248,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ERR_REASON(ASN1_R_INVALID_MIME_TYPE)    ,"invalid mime type"},
 {ERR_REASON(ASN1_R_INVALID_MODIFIER)     ,"invalid modifier"},
 {ERR_REASON(ASN1_R_INVALID_NUMBER)       ,"invalid number"},
+{ERR_REASON(ASN1_R_INVALID_OBJECT_ENCODING),"invalid object encoding"},
 {ERR_REASON(ASN1_R_INVALID_SEPARATOR)    ,"invalid separator"},
 {ERR_REASON(ASN1_R_INVALID_TIME_FORMAT)  ,"invalid time format"},
 {ERR_REASON(ASN1_R_INVALID_UNIVERSALSTRING_LENGTH),"invalid universalstring length"},
@@ -260,6 +269,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ERR_REASON(ASN1_R_NOT_ASCII_FORMAT)     ,"not ascii format"},
 {ERR_REASON(ASN1_R_NOT_ENOUGH_DATA)      ,"not enough data"},
 {ERR_REASON(ASN1_R_NO_CONTENT_TYPE)      ,"no content type"},
+{ERR_REASON(ASN1_R_NO_DEFAULT_DIGEST)    ,"no default digest"},
 {ERR_REASON(ASN1_R_NO_MATCHING_CHOICE_TYPE),"no matching choice type"},
 {ERR_REASON(ASN1_R_NO_MULTIPART_BODY_FAILURE),"no multipart body failure"},
 {ERR_REASON(ASN1_R_NO_MULTIPART_BOUNDARY),"no multipart boundary"},
@@ -290,6 +300,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ERR_REASON(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM),"unknown message digest algorithm"},
 {ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE)  ,"unknown object type"},
 {ERR_REASON(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE),"unknown public key type"},
+{ERR_REASON(ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM),"unknown signature algorithm"},
 {ERR_REASON(ASN1_R_UNKNOWN_TAG)          ,"unknown tag"},
 {ERR_REASON(ASN1_R_UNKOWN_FORMAT)        ,"unkown format"},
 {ERR_REASON(ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE),"unsupported any defined by type"},
@@ -297,6 +308,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ERR_REASON(ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM),"unsupported encryption algorithm"},
 {ERR_REASON(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE),"unsupported public key type"},
 {ERR_REASON(ASN1_R_UNSUPPORTED_TYPE)     ,"unsupported type"},
+{ERR_REASON(ASN1_R_WRONG_PUBLIC_KEY_TYPE),"wrong public key type"},
 {ERR_REASON(ASN1_R_WRONG_TAG)            ,"wrong tag"},
 {ERR_REASON(ASN1_R_WRONG_TYPE)           ,"wrong type"},
 {0,NULL}
diff --git a/src/lib/libcrypto/asn1/asn1_gen.c b/src/lib/libcrypto/asn1/asn1_gen.c
index 2da38292c8..4fc241908f 100644
--- a/src/lib/libcrypto/asn1/asn1_gen.c
+++ b/src/lib/libcrypto/asn1/asn1_gen.c
@@ -227,6 +227,8 @@ ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf)
        /* Allocate buffer for new encoding */
        new_der = OPENSSL_malloc(len);
+        if (!new_der)
+                goto err;
        /* Generate tagged encoding */
@@ -245,8 +247,14 @@ ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf)
        /* If IMPLICIT, output tag */
        if (asn1_tags.imp_tag != -1)
+                {
+                if (asn1_tags.imp_class == V_ASN1_UNIVERSAL 
+                    && (asn1_tags.imp_tag == V_ASN1_SEQUENCE
+                     || asn1_tags.imp_tag == V_ASN1_SET) )
+                        hdr_constructed = V_ASN1_CONSTRUCTED;
                ASN1_put_object(&p, hdr_constructed, hdr_len,
                                        asn1_tags.imp_tag, asn1_tags.imp_class);
+                }
        /* Copy across original encoding */
        memcpy(p, cpy_start, cpy_len);
@@ -439,13 +447,15 @@ static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass)
 static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf)
        {
-        ASN1_TYPE *ret = NULL, *typ = NULL;
+        ASN1_TYPE *ret = NULL;
        STACK_OF(ASN1_TYPE) *sk = NULL;
        STACK_OF(CONF_VALUE) *sect = NULL;
-        unsigned char *der = NULL, *p;
+        unsigned char *der = NULL;
        int derlen;
-        int i, is_set;
+        int i;
        sk = sk_ASN1_TYPE_new_null();
+        if (!sk)
+                goto bad;
        if (section)
                {
                if (!cnf)
@@ -455,28 +465,23 @@ static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf)
                        goto bad;
                for (i = 0; i < sk_CONF_VALUE_num(sect); i++)
                        {
-                        typ = ASN1_generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf);
+                        ASN1_TYPE *typ = ASN1_generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf);
                        if (!typ)
                                goto bad;
-                        sk_ASN1_TYPE_push(sk, typ);
+                        if (!sk_ASN1_TYPE_push(sk, typ))
-                        typ = NULL;
+                                goto bad;
                        }
                }
        /* Now we has a STACK of the components, convert to the correct form */
        if (utype == V_ASN1_SET)
-                is_set = 1;
+                derlen = i2d_ASN1_SET_ANY(sk, &der);
        else
-                is_set = 0;
+                derlen = i2d_ASN1_SEQUENCE_ANY(sk, &der);
-        derlen = i2d_ASN1_SET_OF_ASN1_TYPE(sk, NULL, i2d_ASN1_TYPE, utype,
+        if (derlen < 0)
-                                           V_ASN1_UNIVERSAL, is_set);
+                goto bad;
-        der = OPENSSL_malloc(derlen);
-        p = der;
-        i2d_ASN1_SET_OF_ASN1_TYPE(sk, &p, i2d_ASN1_TYPE, utype,
-                                  V_ASN1_UNIVERSAL, is_set);
        if (!(ret = ASN1_TYPE_new()))
                goto bad;
@@ -498,8 +503,6 @@ static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf)
        if (sk)
                sk_ASN1_TYPE_pop_free(sk, ASN1_TYPE_free);
-        if (typ)
-                ASN1_TYPE_free(typ);
        if (sect)
                X509V3_section_free(cnf, sect);
@@ -549,7 +552,7 @@ static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, int exp_cons
 static int asn1_str2tag(const char *tagstr, int len)
        {
        unsigned int i;
-        static struct tag_name_st *tntmp, tnst [] = {
+        static const struct tag_name_st *tntmp, tnst [] = {
                ASN1_GEN_STR("BOOL", V_ASN1_BOOLEAN),
                ASN1_GEN_STR("BOOLEAN", V_ASN1_BOOLEAN),
                ASN1_GEN_STR("NULL", V_ASN1_NULL),
@@ -584,6 +587,8 @@ static int asn1_str2tag(const char *tagstr, int len)
                ASN1_GEN_STR("TELETEXSTRING", V_ASN1_T61STRING),
                ASN1_GEN_STR("GeneralString", V_ASN1_GENERALSTRING),
                ASN1_GEN_STR("GENSTR", V_ASN1_GENERALSTRING),
+                ASN1_GEN_STR("NUMERIC", V_ASN1_NUMERICSTRING),
+                ASN1_GEN_STR("NUMERICSTRING", V_ASN1_NUMERICSTRING),
                /* Special cases */
                ASN1_GEN_STR("SEQUENCE", V_ASN1_SEQUENCE),
@@ -729,6 +734,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype)
                case V_ASN1_VISIBLESTRING:
                case V_ASN1_UNIVERSALSTRING:
                case V_ASN1_GENERALSTRING:
+                case V_ASN1_NUMERICSTRING:
                if (format == ASN1_GEN_FORMAT_ASCII)
                        format = MBSTRING_ASC;
diff --git a/src/lib/libcrypto/asn1/asn1_lib.c b/src/lib/libcrypto/asn1/asn1_lib.c
index 5af559ef8d..1bcb44aee2 100644
--- a/src/lib/libcrypto/asn1/asn1_lib.c
+++ b/src/lib/libcrypto/asn1/asn1_lib.c
@@ -340,20 +340,31 @@ int asn1_GetSequence(ASN1_const_CTX *c, long *length)
        return(1);
        }
-ASN1_STRING *ASN1_STRING_dup(ASN1_STRING *str)
+int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str)
        {
-        ASN1_STRING *ret;
+        if (str == NULL)
+                return 0;
+        dst->type = str->type;
+        if (!ASN1_STRING_set(dst,str->data,str->length))
+                return 0;
+        dst->flags = str->flags;
+        return 1;
+        }
-        if (str == NULL) return(NULL);
+ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *str)
-        if ((ret=ASN1_STRING_type_new(str->type)) == NULL)
+        {
-                return(NULL);
+        ASN1_STRING *ret;
-        if (!ASN1_STRING_set(ret,str->data,str->length))
+        if (!str)
+                 return NULL;
+        ret=ASN1_STRING_new();
+        if (!ret)
+                return NULL;
+        if (!ASN1_STRING_copy(ret,str))
                {
                ASN1_STRING_free(ret);
-                return(NULL);
+                return NULL;
                }
-        ret->flags = str->flags;
+        return ret;
-        return(ret);
        }
 int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len)
@@ -427,11 +438,12 @@ ASN1_STRING *ASN1_STRING_type_new(int type)
 void ASN1_STRING_free(ASN1_STRING *a)
        {
        if (a == NULL) return;
-        if (a->data != NULL) OPENSSL_free(a->data);
+        if (a->data && !(a->flags & ASN1_STRING_FLAG_NDEF))
+                OPENSSL_free(a->data);
        OPENSSL_free(a);
        }
-int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b)
+int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
        {
        int i;
@@ -457,7 +469,7 @@ void asn1_add_error(const unsigned char *address, int offset)
        ERR_add_error_data(4,"address=",buf1," offset=",buf2);
        }
-int ASN1_STRING_length(ASN1_STRING *x)
+int ASN1_STRING_length(const ASN1_STRING *x)
 { return M_ASN1_STRING_length(x); }
 void ASN1_STRING_length_set(ASN1_STRING *x, int len)
diff --git a/src/lib/libcrypto/asn1/asn1_mac.h b/src/lib/libcrypto/asn1/asn1_mac.h
index d958ca60d9..87bd0e9e1d 100644
--- a/src/lib/libcrypto/asn1/asn1_mac.h
+++ b/src/lib/libcrypto/asn1/asn1_mac.h
@@ -153,6 +153,13 @@ err:\
                M_ASN1_D2I_get(b,func); \
                }
+#define M_ASN1_D2I_get_int_opt(b,func,type) \
+        if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) \
+                == (V_ASN1_UNIVERSAL|(type)))) \
+                { \
+                M_ASN1_D2I_get_int(b,func); \
+                }
 #define M_ASN1_D2I_get_imp(b,func, type) \
        M_ASN1_next=(_tmp& V_ASN1_CONSTRUCTED)|type; \
        c.q=c.p; \
diff --git a/src/lib/libcrypto/asn1/asn1_par.c b/src/lib/libcrypto/asn1/asn1_par.c
index 8657f73d66..aaca69aebd 100644
--- a/src/lib/libcrypto/asn1/asn1_par.c
+++ b/src/lib/libcrypto/asn1/asn1_par.c
@@ -70,9 +70,8 @@ static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
             int indent)
        {
        static const char fmt[]="%-18s";
-        static const char fmt2[]="%2d %-15s";
        char str[128];
-        const char *p,*p2=NULL;
+        const char *p;
        if (constructed & V_ASN1_CONSTRUCTED)
                p="cons: ";
@@ -93,14 +92,8 @@ static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
        else
                p = ASN1_tag2str(tag);
-        if (p2 != NULL)
+        if (BIO_printf(bp,fmt,p) <= 0)
-                {
+                goto err;
-                if (BIO_printf(bp,fmt2,tag,p2) <= 0) goto err;
-                }
-        else
-                {
-                if (BIO_printf(bp,fmt,p) <= 0) goto err;
-                }
        return(1);
 err:
        return(0);
@@ -246,7 +239,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offse
                                ii=d2i_ASN1_BOOLEAN(NULL,&opp,len+hl);
                                if (ii < 0)
                                        {
-                                        if (BIO_write(bp,"Bad boolean\n",12))
+                                        if (BIO_write(bp,"Bad boolean\n",12) <= 0)
                                                goto end;
                                        }
                                BIO_printf(bp,":%d",ii);
@@ -424,7 +417,7 @@ end:
 const char *ASN1_tag2str(int tag)
 {
-        static const char *tag2str[] = {
+        static const char * const tag2str[] = {
         "EOC", "BOOLEAN", "INTEGER", "BIT STRING", "OCTET STRING", /* 0-4 */
         "NULL", "OBJECT", "OBJECT DESCRIPTOR", "EXTERNAL", "REAL", /* 5-9 */
         "ENUMERATED", "<ASN1 11>", "UTF8STRING", "<ASN1 13>",      /* 10-13 */
diff --git a/src/lib/libcrypto/asn1/asn1t.h b/src/lib/libcrypto/asn1/asn1t.h
index ac14f9415b..d230e4bf70 100644
--- a/src/lib/libcrypto/asn1/asn1t.h
+++ b/src/lib/libcrypto/asn1/asn1t.h
@@ -3,7 +3,7 @@
 * project 2000.
 */
 /* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -218,6 +218,18 @@ extern "C" {
                #stname \
        ASN1_ITEM_end(tname)
+#define ASN1_NDEF_SEQUENCE_END_cb(stname, tname) \
+        ;\
+        ASN1_ITEM_start(tname) \
+                ASN1_ITYPE_NDEF_SEQUENCE,\
+                V_ASN1_SEQUENCE,\
+                tname##_seq_tt,\
+                sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
+                &tname##_aux,\
+                sizeof(stname),\
+                #stname \
+        ASN1_ITEM_end(tname)
 /* This pair helps declare a CHOICE type. We can do:
 *
@@ -651,8 +663,13 @@ typedef int ASN1_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM
 typedef int ASN1_ex_new_func(ASN1_VALUE **pval, const ASN1_ITEM *it);
 typedef void ASN1_ex_free_func(ASN1_VALUE **pval, const ASN1_ITEM *it);
+typedef int ASN1_ex_print_func(BIO *out, ASN1_VALUE **pval, 
+                                                int indent, const char *fname, 
+                                                const ASN1_PCTX *pctx);
 typedef int ASN1_primitive_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
 typedef int ASN1_primitive_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
+typedef int ASN1_primitive_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it, int indent, const ASN1_PCTX *pctx);
 typedef struct ASN1_COMPAT_FUNCS_st {
        ASN1_new_func *asn1_new;
@@ -668,6 +685,7 @@ typedef struct ASN1_EXTERN_FUNCS_st {
        ASN1_ex_free_func *asn1_ex_clear;
        ASN1_ex_d2i *asn1_ex_d2i;
        ASN1_ex_i2d *asn1_ex_i2d;
+        ASN1_ex_print_func *asn1_ex_print;
 } ASN1_EXTERN_FUNCS;
 typedef struct ASN1_PRIMITIVE_FUNCS_st {
@@ -678,6 +696,7 @@ typedef struct ASN1_PRIMITIVE_FUNCS_st {
        ASN1_ex_free_func *prim_clear;
        ASN1_primitive_c2i *prim_c2i;
        ASN1_primitive_i2c *prim_i2c;
+        ASN1_primitive_print *prim_print;
 } ASN1_PRIMITIVE_FUNCS;
 /* This is the ASN1_AUX structure: it handles various
@@ -697,7 +716,8 @@ typedef struct ASN1_PRIMITIVE_FUNCS_st {
 * then an external type is more appropriate.
 */
-typedef int ASN1_aux_cb(int operation, ASN1_VALUE **in, const ASN1_ITEM *it);
+typedef int ASN1_aux_cb(int operation, ASN1_VALUE **in, const ASN1_ITEM *it,
+                                void *exarg);
 typedef struct ASN1_AUX_st {
        void *app_data;
@@ -708,6 +728,23 @@ typedef struct ASN1_AUX_st {
        int enc_offset;         /* Offset of ASN1_ENCODING structure */
 } ASN1_AUX;
+/* For print related callbacks exarg points to this structure */
+typedef struct ASN1_PRINT_ARG_st {
+        BIO *out;
+        int indent;
+        const ASN1_PCTX *pctx;
+} ASN1_PRINT_ARG;
+/* For streaming related callbacks exarg points to this structure */
+typedef struct ASN1_STREAM_ARG_st {
+        /* BIO to stream through */
+        BIO *out;
+        /* BIO with filters appended */
+        BIO *ndef_bio;
+        /* Streaming I/O boundary */
+        unsigned char **boundary;
+} ASN1_STREAM_ARG;
 /* Flags in ASN1_AUX */
 /* Use a reference count */
@@ -727,6 +764,12 @@ typedef struct ASN1_AUX_st {
 #define ASN1_OP_D2I_POST        5
 #define ASN1_OP_I2D_PRE         6
 #define ASN1_OP_I2D_POST        7
+#define ASN1_OP_PRINT_PRE       8
+#define ASN1_OP_PRINT_POST      9
+#define ASN1_OP_STREAM_PRE      10
+#define ASN1_OP_STREAM_POST     11
+#define ASN1_OP_DETACHED_PRE    12
+#define ASN1_OP_DETACHED_POST   13
 /* Macro to implement a primitive type */
 #define IMPLEMENT_ASN1_TYPE(stname) IMPLEMENT_ASN1_TYPE_ex(stname, stname, 0)
@@ -782,9 +825,22 @@ typedef struct ASN1_AUX_st {
 #define IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name(stname, itname) \
                        IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname)
+#define IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(stname) \
+                IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(static, stname, stname, stname)
 #define IMPLEMENT_ASN1_ALLOC_FUNCTIONS(stname) \
                IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, stname, stname)
+#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(pre, stname, itname, fname) \
+        pre stname *fname##_new(void) \
+        { \
+                return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \
+        } \
+        pre void fname##_free(stname *a) \
+        { \
+                ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \
+        }
 #define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) \
        stname *fname##_new(void) \
        { \
@@ -834,6 +890,17 @@ typedef struct ASN1_AUX_st {
        return ASN1_item_dup(ASN1_ITEM_rptr(stname), x); \
        }
+#define IMPLEMENT_ASN1_PRINT_FUNCTION(stname) \
+        IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, stname, stname)
+#define IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, itname, fname) \
+        int fname##_print_ctx(BIO *out, stname *x, int indent, \
+                                                const ASN1_PCTX *pctx) \
+        { \
+                return ASN1_item_print(out, (ASN1_VALUE *)x, indent, \
+                        ASN1_ITEM_rptr(itname), pctx); \
+        } 
 #define IMPLEMENT_ASN1_FUNCTIONS_const(name) \
                IMPLEMENT_ASN1_FUNCTIONS_const_fname(name, name, name)
diff --git a/src/lib/libcrypto/asn1/asn_mime.c b/src/lib/libcrypto/asn1/asn_mime.c
index d8d9e76cc0..c1d1b12291 100644
--- a/src/lib/libcrypto/asn1/asn_mime.c
+++ b/src/lib/libcrypto/asn1/asn_mime.c
@@ -59,6 +59,7 @@
 #include <openssl/x509.h>
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
+#include "asn1_locl.h"
 /* Generalised MIME like utilities for streaming ASN1. Although many
 * have a PKCS7/CMS like flavour others are more general purpose.
@@ -86,6 +87,8 @@ STACK_OF(MIME_PARAM) *params;		/* Zero or more parameters */
 DECLARE_STACK_OF(MIME_HEADER)
 IMPLEMENT_STACK_OF(MIME_HEADER)
+static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
+                                        const ASN1_ITEM *it);
 static char * strip_ends(char *name);
 static char * strip_start(char *name);
 static char * strip_end(char *name);
@@ -107,6 +110,39 @@ static void mime_hdr_free(MIME_HEADER *hdr);
 #define MAX_SMLEN 1024
 #define mime_debug(x) /* x */
+/* Output an ASN1 structure in BER format streaming if necessary */
+int i2d_ASN1_bio_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
+                                const ASN1_ITEM *it)
+        {
+        /* If streaming create stream BIO and copy all content through it */
+        if (flags & SMIME_STREAM)
+                {
+                BIO *bio, *tbio;
+                bio = BIO_new_NDEF(out, val, it);
+                if (!bio)
+                        {
+                        ASN1err(ASN1_F_I2D_ASN1_BIO_STREAM,ERR_R_MALLOC_FAILURE);
+                        return 0;
+                        }
+                SMIME_crlf_copy(in, bio, flags);
+                (void)BIO_flush(bio);
+                /* Free up successive BIOs until we hit the old output BIO */
+                do
+                        {
+                        tbio = BIO_pop(bio);
+                        BIO_free(bio);
+                        bio = tbio;
+                        } while (bio != out);
+                }
+        /* else just write out ASN1 structure which will have all content
+         * stored internally
+         */
+        else
+                ASN1_item_i2d_bio(it, out, val);
+        return 1;
+        }
 /* Base 64 read and write of ASN1 structure */
 static int B64_write_ASN1(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
@@ -123,13 +159,26 @@ static int B64_write_ASN1(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
        /* prepend the b64 BIO so all data is base64 encoded.
         */
        out = BIO_push(b64, out);
-        r = ASN1_item_i2d_bio(it, out, val);
+        r = i2d_ASN1_bio_stream(out, val, in, flags, it);
        (void)BIO_flush(out);
        BIO_pop(out);
        BIO_free(b64);
        return r;
        }
+/* Streaming ASN1 PEM write */
+int PEM_write_bio_ASN1_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
+                                const char *hdr,
+                                const ASN1_ITEM *it)
+        {
+        int r;
+        BIO_printf(out, "-----BEGIN %s-----\n", hdr);
+        r = B64_write_ASN1(out, val, in, flags, it);
+        BIO_printf(out, "-----END %s-----\n", hdr);
+        return r;
+        }
 static ASN1_VALUE *b64_read_asn1(BIO *bio, const ASN1_ITEM *it)
 {
        BIO *b64;
@@ -152,7 +201,8 @@ static ASN1_VALUE *b64_read_asn1(BIO *bio, const ASN1_ITEM *it)
 static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs)
        {
-        int i, have_unknown = 0, write_comma, md_nid;
+        const EVP_MD *md;
+        int i, have_unknown = 0, write_comma, ret = 0, md_nid;
        have_unknown = 0;
        write_comma = 0;
        for (i = 0; i < sk_X509_ALGOR_num(mdalgs); i++)
@@ -161,6 +211,21 @@ static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs)
                        BIO_write(out, ",", 1);
                write_comma = 1;
                md_nid = OBJ_obj2nid(sk_X509_ALGOR_value(mdalgs, i)->algorithm);
+                md = EVP_get_digestbynid(md_nid);
+                if (md && md->md_ctrl)
+                        {
+                        int rv;
+                        char *micstr;
+                        rv = md->md_ctrl(NULL, EVP_MD_CTRL_MICALG, 0, &micstr);
+                        if (rv > 0)
+                                {
+                                BIO_puts(out, micstr);
+                                OPENSSL_free(micstr);
+                                continue;
+                                }
+                        if (rv != -2)
+                                goto err;
+                        }
                switch(md_nid)
                        {
                        case NID_sha1:
@@ -183,6 +248,11 @@ static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs)
                        BIO_puts(out, "sha-512");
                        break;
+                        case NID_id_GostR3411_94:
+                        BIO_puts(out, "gostr3411-94");
+                                goto err;
+                        break;
                        default:
                        if (have_unknown)
                                write_comma = 0;
@@ -196,16 +266,18 @@ static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs)
                        }
                }
-        return 1;
+        ret = 1;
+        err:
+        return ret;
        }
 /* SMIME sender */
-int int_smime_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
+int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
                                int ctype_nid, int econt_nid,
                                STACK_OF(X509_ALGOR) *mdalgs,
-                                asn1_output_data_fn *data_fn,
                                const ASN1_ITEM *it)
 {
        char bound[33], c;
@@ -243,7 +315,7 @@ int int_smime_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
                                                mime_eol, mime_eol);
                /* Now write out the first part */
                BIO_printf(bio, "------%s%s", bound, mime_eol);
-                if (!data_fn(bio, data, val, flags, it))
+                if (!asn1_output_data(bio, data, val, flags, it))
                        return 0;
                BIO_printf(bio, "%s------%s%s", mime_eol, bound, mime_eol);
@@ -296,8 +368,6 @@ int int_smime_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
        return 1;
 }
-#if 0
 /* Handle output of ASN1 data */
@@ -350,8 +420,6 @@ static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
        }
-#endif
 /* SMIME reader: handle multipart/signed and opaque signing.
 * in multipart case the content is placed in a memory BIO
 * pointed to by "bcont". In opaque this is set to NULL
diff --git a/src/lib/libcrypto/asn1/asn_pack.c b/src/lib/libcrypto/asn1/asn_pack.c
index f1a5a05632..ad738217d7 100644
--- a/src/lib/libcrypto/asn1/asn_pack.c
+++ b/src/lib/libcrypto/asn1/asn_pack.c
@@ -66,10 +66,10 @@
 /* Turn an ASN1 encoded SEQUENCE OF into a STACK of structures */
-STACK *ASN1_seq_unpack(const unsigned char *buf, int len,
+STACK_OF(OPENSSL_BLOCK) *ASN1_seq_unpack(const unsigned char *buf, int len,
-                       d2i_of_void *d2i,void (*free_func)(void *))
+                         d2i_of_void *d2i, void (*free_func)(OPENSSL_BLOCK))
 {
-    STACK *sk;
+    STACK_OF(OPENSSL_BLOCK) *sk;
    const unsigned char *pbuf;
    pbuf =  buf;
    if (!(sk = d2i_ASN1_SET(NULL, &pbuf, len, d2i, free_func,
@@ -82,7 +82,7 @@ STACK *ASN1_seq_unpack(const unsigned char *buf, int len,
 * OPENSSL_malloc'ed buffer
 */
-unsigned char *ASN1_seq_pack(STACK *safes, i2d_of_void *i2d,
+unsigned char *ASN1_seq_pack(STACK_OF(OPENSSL_BLOCK) *safes, i2d_of_void *i2d,
                             unsigned char **buf, int *len)
 {
        int safelen;
diff --git a/src/lib/libcrypto/asn1/charmap.h b/src/lib/libcrypto/asn1/charmap.h
index bd020a9562..b55e638725 100644
--- a/src/lib/libcrypto/asn1/charmap.h
+++ b/src/lib/libcrypto/asn1/charmap.h
@@ -2,7 +2,7 @@
 * Mask of various character properties
 */
-static unsigned char char_type[] = {
+static const unsigned char char_type[] = {
 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
 120, 0, 1,40, 0, 0, 0,16,16,16, 0,25,25,16,16,16,
diff --git a/src/lib/libcrypto/asn1/d2i_pr.c b/src/lib/libcrypto/asn1/d2i_pr.c
index 207ccda5ac..2828944777 100644
--- a/src/lib/libcrypto/asn1/d2i_pr.c
+++ b/src/lib/libcrypto/asn1/d2i_pr.c
@@ -61,16 +61,12 @@
 #include <openssl/bn.h>
 #include <openssl/evp.h>
 #include <openssl/objects.h>
-#include <openssl/asn1.h>
+#ifndef OPENSSL_NO_ENGINE
-#ifndef OPENSSL_NO_RSA
+#include <openssl/engine.h>
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_EC
-#include <openssl/ec.h>
 #endif
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include "asn1_locl.h"
 EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
             long length)
@@ -85,47 +81,43 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
                        return(NULL);
                        }
                }
-        else    ret= *a;
+        else
-        ret->save_type=type;
-        ret->type=EVP_PKEY_type(type);
-        switch (ret->type)
                {
-#ifndef OPENSSL_NO_RSA
+                ret= *a;
-        case EVP_PKEY_RSA:
+#ifndef OPENSSL_NO_ENGINE
-                if ((ret->pkey.rsa=d2i_RSAPrivateKey(NULL,
+                if (ret->engine)
-                        (const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */
                        {
-                        ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB);
+                        ENGINE_finish(ret->engine);
-                        goto err;
+                        ret->engine = NULL;
                        }
-                break;
 #endif
-#ifndef OPENSSL_NO_DSA
+                }
-        case EVP_PKEY_DSA:
-                if ((ret->pkey.dsa=d2i_DSAPrivateKey(NULL,
+        if (!EVP_PKEY_set_type(ret, type))
-                        (const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */
+                {
+                ASN1err(ASN1_F_D2I_PRIVATEKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
+                goto err;
+                }
+        if (!ret->ameth->old_priv_decode ||
+                        !ret->ameth->old_priv_decode(ret, pp, length))
+                {
+                if (ret->ameth->priv_decode) 
                        {
-                        ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB);
+                        PKCS8_PRIV_KEY_INFO *p8=NULL;
-                        goto err;
+                        p8=d2i_PKCS8_PRIV_KEY_INFO(NULL,pp,length);
-                        }
+                        if (!p8) goto err;
-                break;
+                        EVP_PKEY_free(ret);
-#endif
+                        ret = EVP_PKCS82PKEY(p8);
-#ifndef OPENSSL_NO_EC
+                        PKCS8_PRIV_KEY_INFO_free(p8);
-        case EVP_PKEY_EC:
-                if ((ret->pkey.ec = d2i_ECPrivateKey(NULL, 
+                        } 
-                        (const unsigned char **)pp, length)) == NULL)
+                else 
                        {
-                        ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB);
+                        ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB);
                        goto err;
                        }
-                break;
+                }       
-#endif
-        default:
-                ASN1err(ASN1_F_D2I_PRIVATEKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
-                goto err;
-                /* break; */
-                }
        if (a != NULL) (*a)=ret;
        return(ret);
 err:
@@ -146,8 +138,7 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
         * by analyzing it we can determine the passed structure: this
         * assumes the input is surrounded by an ASN1 SEQUENCE.
         */
-        inkey = d2i_ASN1_SET_OF_ASN1_TYPE(NULL, &p, length, d2i_ASN1_TYPE, 
+        inkey = d2i_ASN1_SEQUENCE_ANY(NULL, &p, length);
-                        ASN1_TYPE_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
        /* Since we only need to discern "traditional format" RSA and DSA
         * keys we can just count the elements.
         */
@@ -155,6 +146,24 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
                keytype = EVP_PKEY_DSA;
        else if (sk_ASN1_TYPE_num(inkey) == 4)
                keytype = EVP_PKEY_EC;
+        else if (sk_ASN1_TYPE_num(inkey) == 3)  
+                { /* This seems to be PKCS8, not traditional format */
+                        PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL,pp,length);
+                        EVP_PKEY *ret;
+                        sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
+                        if (!p8) 
+                                {
+                                ASN1err(ASN1_F_D2I_AUTOPRIVATEKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
+                                return NULL;
+                                }
+                        ret = EVP_PKCS82PKEY(p8);
+                        PKCS8_PRIV_KEY_INFO_free(p8);
+                        if (a) {
+                                *a = ret;
+                        }       
+                        return ret;
+                }
        else keytype = EVP_PKEY_RSA;
        sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
        return d2i_PrivateKey(keytype, a, pp, length);
diff --git a/src/lib/libcrypto/asn1/d2i_pu.c b/src/lib/libcrypto/asn1/d2i_pu.c
index 3694f51a8c..c8f39ceb03 100644
--- a/src/lib/libcrypto/asn1/d2i_pu.c
+++ b/src/lib/libcrypto/asn1/d2i_pu.c
@@ -87,9 +87,13 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp,
                }
        else    ret= *a;
-        ret->save_type=type;
+        if (!EVP_PKEY_set_type(ret, type))
-        ret->type=EVP_PKEY_type(type);
+                {
-        switch (ret->type)
+                ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_EVP_LIB);
+                goto err;
+                }
+        switch (EVP_PKEY_id(ret))
                {
 #ifndef OPENSSL_NO_RSA
        case EVP_PKEY_RSA:
diff --git a/src/lib/libcrypto/asn1/i2d_pr.c b/src/lib/libcrypto/asn1/i2d_pr.c
index 0be52c5b76..e398b62666 100644
--- a/src/lib/libcrypto/asn1/i2d_pr.c
+++ b/src/lib/libcrypto/asn1/i2d_pr.c
@@ -58,41 +58,22 @@
 #include <stdio.h>
 #include "cryptlib.h"
-#include <openssl/bn.h>
 #include <openssl/evp.h>
-#include <openssl/objects.h>
+#include <openssl/x509.h>
-#ifndef OPENSSL_NO_RSA
+#include "asn1_locl.h"
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_EC
-#include <openssl/ec.h>
-#endif
 int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp)
        {
-#ifndef OPENSSL_NO_RSA
+        if (a->ameth && a->ameth->old_priv_encode)
-        if (a->type == EVP_PKEY_RSA)
                {
-                return(i2d_RSAPrivateKey(a->pkey.rsa,pp));
+                return a->ameth->old_priv_encode(a, pp);
                }
-        else
+        if (a->ameth && a->ameth->priv_encode) {
-#endif
+                PKCS8_PRIV_KEY_INFO *p8 = EVP_PKEY2PKCS8(a);
-#ifndef OPENSSL_NO_DSA
+                int ret = i2d_PKCS8_PRIV_KEY_INFO(p8,pp);
-        if (a->type == EVP_PKEY_DSA)
+                PKCS8_PRIV_KEY_INFO_free(p8);
-                {
+                return ret;
-                return(i2d_DSAPrivateKey(a->pkey.dsa,pp));
+        }       
-                }
-#endif
-#ifndef OPENSSL_NO_EC
-        if (a->type == EVP_PKEY_EC)
-                {
-                return(i2d_ECPrivateKey(a->pkey.ec, pp));
-                }
-#endif
        ASN1err(ASN1_F_I2D_PRIVATEKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
        return(-1);
        }
diff --git a/src/lib/libcrypto/asn1/nsseq.c b/src/lib/libcrypto/asn1/nsseq.c
index e551c57d59..b8c4202230 100644
--- a/src/lib/libcrypto/asn1/nsseq.c
+++ b/src/lib/libcrypto/asn1/nsseq.c
@@ -3,7 +3,7 @@
 * project 1999.
 */
 /* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -62,7 +62,8 @@
 #include <openssl/x509.h>
 #include <openssl/objects.h>
-static int nsseq_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+static int nsseq_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                                                        void *exarg)
 {
        if(operation == ASN1_OP_NEW_POST) {
                NETSCAPE_CERT_SEQUENCE *nsseq;
diff --git a/src/lib/libcrypto/asn1/p5_pbe.c b/src/lib/libcrypto/asn1/p5_pbe.c
index c4582f8041..94bc38b99f 100644
--- a/src/lib/libcrypto/asn1/p5_pbe.c
+++ b/src/lib/libcrypto/asn1/p5_pbe.c
@@ -71,61 +71,78 @@ ASN1_SEQUENCE(PBEPARAM) = {
 IMPLEMENT_ASN1_FUNCTIONS(PBEPARAM)
-/* Return an algorithm identifier for a PKCS#5 PBE algorithm */
-X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt,
+/* Set an algorithm identifier for a PKCS#5 PBE algorithm */
-             int saltlen)
-{
+int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
+                                const unsigned char *salt, int saltlen)
+        {
        PBEPARAM *pbe=NULL;
-        ASN1_OBJECT *al;
+        ASN1_STRING *pbe_str=NULL;
-        X509_ALGOR *algor;
+        unsigned char *sstr;
-        ASN1_TYPE *astype=NULL;
-        if (!(pbe = PBEPARAM_new ())) {
+        pbe = PBEPARAM_new();
-                ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
+        if (!pbe)
+                {
+                ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR,ERR_R_MALLOC_FAILURE);
                goto err;
-        }
+                }
-        if(iter <= 0) iter = PKCS5_DEFAULT_ITER;
+        if(iter <= 0)
-        if (!ASN1_INTEGER_set(pbe->iter, iter)) {
+                iter = PKCS5_DEFAULT_ITER;
-                ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
+        if (!ASN1_INTEGER_set(pbe->iter, iter))
+                {
+                ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR,ERR_R_MALLOC_FAILURE);
                goto err;
-        }
+                }
-        if (!saltlen) saltlen = PKCS5_SALT_LEN;
+        if (!saltlen)
-        if (!(pbe->salt->data = OPENSSL_malloc (saltlen))) {
+                saltlen = PKCS5_SALT_LEN;
-                ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
+        if (!ASN1_STRING_set(pbe->salt, NULL, saltlen))
+                {
+                ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR,ERR_R_MALLOC_FAILURE);
                goto err;
-        }
+                }
-        pbe->salt->length = saltlen;
+        sstr = ASN1_STRING_data(pbe->salt);
-        if (salt) memcpy (pbe->salt->data, salt, saltlen);
+        if (salt)
-        else if (RAND_pseudo_bytes (pbe->salt->data, saltlen) < 0)
+                memcpy(sstr, salt, saltlen);
+        else if (RAND_pseudo_bytes(sstr, saltlen) < 0)
                goto err;
-        if (!(astype = ASN1_TYPE_new())) {
+        if(!ASN1_item_pack(pbe, ASN1_ITEM_rptr(PBEPARAM), &pbe_str))
-                ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
+                {
+                ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR,ERR_R_MALLOC_FAILURE);
                goto err;
-        }
+                }
-        astype->type = V_ASN1_SEQUENCE;
+        PBEPARAM_free(pbe);
-        if(!ASN1_pack_string_of(PBEPARAM, pbe, i2d_PBEPARAM,
-                                &astype->value.sequence)) {
-                ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-        PBEPARAM_free (pbe);
        pbe = NULL;
-        
-        al = OBJ_nid2obj(alg); /* never need to free al */
-        if (!(algor = X509_ALGOR_new())) {
-                ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-        ASN1_OBJECT_free(algor->algorithm);
-        algor->algorithm = al;
-        algor->parameter = astype;
-        return (algor);
+        if (X509_ALGOR_set0(algor, OBJ_nid2obj(alg), V_ASN1_SEQUENCE, pbe_str))
+                return 1;
 err:
-        if (pbe != NULL) PBEPARAM_free(pbe);
+        if (pbe != NULL)
-        if (astype != NULL) ASN1_TYPE_free(astype);
+                PBEPARAM_free(pbe);
+        if (pbe_str != NULL)
+                ASN1_STRING_free(pbe_str);
+        return 0;
+        }
+/* Return an algorithm identifier for a PKCS#5 PBE algorithm */
+X509_ALGOR *PKCS5_pbe_set(int alg, int iter,
+                                const unsigned char *salt, int saltlen)
+        {
+        X509_ALGOR *ret;
+        ret = X509_ALGOR_new();
+        if (!ret)
+                {
+                ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
+                return NULL;
+                }
+        if (PKCS5_pbe_set0_algor(ret, alg, iter, salt, saltlen)) 
+                return ret;
+        X509_ALGOR_free(ret);
        return NULL;
-}
+        }
diff --git a/src/lib/libcrypto/asn1/p5_pbev2.c b/src/lib/libcrypto/asn1/p5_pbev2.c
index 2b0516afee..cb49b6651d 100644
--- a/src/lib/libcrypto/asn1/p5_pbev2.c
+++ b/src/lib/libcrypto/asn1/p5_pbev2.c
@@ -82,10 +82,13 @@ IMPLEMENT_ASN1_FUNCTIONS(PBKDF2PARAM)
 /* Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm:
 * yes I know this is horrible!
+ *
+ * Extended version to allow application supplied PRF NID and IV.
 */
-X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
+X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
-                                 unsigned char *salt, int saltlen)
+                                 unsigned char *salt, int saltlen,
+                                 unsigned char *aiv, int prf_nid)
 {
        X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL;
        int alg_nid;
@@ -98,7 +101,7 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
        alg_nid = EVP_CIPHER_type(cipher);
        if(alg_nid == NID_undef) {
-                ASN1err(ASN1_F_PKCS5_PBE2_SET,
+                ASN1err(ASN1_F_PKCS5_PBE2_SET_IV,
                                ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
                goto err;
        }
@@ -113,20 +116,33 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
        if(!(scheme->parameter = ASN1_TYPE_new())) goto merr;
        /* Create random IV */
-        if (EVP_CIPHER_iv_length(cipher) &&
+        if (EVP_CIPHER_iv_length(cipher))
-                RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0)
+                {
-                goto err;
+                if (aiv)
+                        memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher));
+                else if (RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0)
+                        goto err;
+                }
        EVP_CIPHER_CTX_init(&ctx);
-        /* Dummy cipherinit to just setup the IV */
+        /* Dummy cipherinit to just setup the IV, and PRF */
        EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0);
        if(EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) {
-                ASN1err(ASN1_F_PKCS5_PBE2_SET,
+                ASN1err(ASN1_F_PKCS5_PBE2_SET_IV,
                                        ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
                EVP_CIPHER_CTX_cleanup(&ctx);
                goto err;
        }
+        /* If prf NID unspecified see if cipher has a preference.
+         * An error is OK here: just means use default PRF.
+         */
+        if ((prf_nid == -1) && 
+        EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0)
+                {
+                ERR_clear_error();
+                prf_nid = NID_hmacWithSHA1;
+                }
        EVP_CIPHER_CTX_cleanup(&ctx);
        if(!(kdf = PBKDF2PARAM_new())) goto merr;
@@ -154,7 +170,15 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
                                 EVP_CIPHER_key_length(cipher))) goto merr;
        }
-        /* prf can stay NULL because we are using hmacWithSHA1 */
+        /* prf can stay NULL if we are using hmacWithSHA1 */
+        if (prf_nid != NID_hmacWithSHA1)
+                {
+                kdf->prf = X509_ALGOR_new();
+                if (!kdf->prf)
+                        goto merr;
+                X509_ALGOR_set0(kdf->prf, OBJ_nid2obj(prf_nid),
+                                        V_ASN1_NULL, NULL);
+                }
        /* Now setup the PBE2PARAM keyfunc structure */
@@ -164,7 +188,7 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
        if(!(pbe2->keyfunc->parameter = ASN1_TYPE_new())) goto merr;
-        if(!ASN1_pack_string_of(PBKDF2PARAM, kdf, i2d_PBKDF2PARAM,
+        if(!ASN1_item_pack(kdf, ASN1_ITEM_rptr(PBKDF2PARAM),
                         &pbe2->keyfunc->parameter->value.sequence)) goto merr;
        pbe2->keyfunc->parameter->type = V_ASN1_SEQUENCE;
@@ -180,7 +204,7 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
        /* Encode PBE2PARAM into parameter */
-        if(!ASN1_pack_string_of(PBE2PARAM, pbe2, i2d_PBE2PARAM,
+        if(!ASN1_item_pack(pbe2, ASN1_ITEM_rptr(PBE2PARAM),
                                 &ret->parameter->value.sequence)) goto merr;
        ret->parameter->type = V_ASN1_SEQUENCE;
@@ -190,7 +214,7 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
        return ret;
        merr:
-        ASN1err(ASN1_F_PKCS5_PBE2_SET,ERR_R_MALLOC_FAILURE);
+        ASN1err(ASN1_F_PKCS5_PBE2_SET_IV,ERR_R_MALLOC_FAILURE);
        err:
        PBE2PARAM_free(pbe2);
@@ -203,3 +227,9 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
        return NULL;
 }
+X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
+                                 unsigned char *salt, int saltlen)
+        {
+        return PKCS5_pbe2_set_iv(cipher, iter, salt, saltlen, NULL, -1);
+        }
diff --git a/src/lib/libcrypto/asn1/p8_pkey.c b/src/lib/libcrypto/asn1/p8_pkey.c
index 0a1957556e..17b68d386d 100644
--- a/src/lib/libcrypto/asn1/p8_pkey.c
+++ b/src/lib/libcrypto/asn1/p8_pkey.c
@@ -3,7 +3,7 @@
 * project 1999.
 */
 /* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -62,7 +62,8 @@
 #include <openssl/x509.h>
 /* Minor tweak to operation: zero private key data */
-static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                                                        void *exarg)
 {
        /* Since the structure must still be valid use ASN1_OP_FREE_PRE */
        if(operation == ASN1_OP_FREE_PRE) {
@@ -82,3 +83,73 @@ ASN1_SEQUENCE_cb(PKCS8_PRIV_KEY_INFO, pkey_cb) = {
 } ASN1_SEQUENCE_END_cb(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO)
 IMPLEMENT_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)
+int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj,
+                                        int version,
+                                        int ptype, void *pval,
+                                        unsigned char *penc, int penclen)
+        {
+        unsigned char **ppenc = NULL;
+        if (version >= 0)
+                {
+                if (!ASN1_INTEGER_set(priv->version, version))
+                        return 0;
+                }
+        if (penc)
+                {
+                int pmtype;
+                ASN1_OCTET_STRING *oct;
+                oct = ASN1_OCTET_STRING_new();
+                if (!oct)
+                        return 0;
+                oct->data = penc;
+                ppenc = &oct->data;
+                oct->length = penclen;
+                if (priv->broken == PKCS8_NO_OCTET)
+                        pmtype = V_ASN1_SEQUENCE;
+                else
+                        pmtype = V_ASN1_OCTET_STRING;
+                ASN1_TYPE_set(priv->pkey, pmtype, oct);
+                }
+        if (!X509_ALGOR_set0(priv->pkeyalg, aobj, ptype, pval))
+                {
+                /* If call fails do not swallow 'enc' */
+                if (ppenc)
+                        *ppenc = NULL;
+                return 0;
+                }
+        return 1;
+        }
+int PKCS8_pkey_get0(ASN1_OBJECT **ppkalg,
+                const unsigned char **pk, int *ppklen,
+                X509_ALGOR **pa,
+                PKCS8_PRIV_KEY_INFO *p8)
+        {
+        if (ppkalg)
+                *ppkalg = p8->pkeyalg->algorithm;
+        if(p8->pkey->type == V_ASN1_OCTET_STRING)
+                {
+                p8->broken = PKCS8_OK;
+                if (pk)
+                        {
+                        *pk = p8->pkey->value.octet_string->data;
+                        *ppklen = p8->pkey->value.octet_string->length;
+                        }
+                }
+        else if (p8->pkey->type == V_ASN1_SEQUENCE)
+                {
+                p8->broken = PKCS8_NO_OCTET;
+                if (pk)
+                        {
+                        *pk = p8->pkey->value.sequence->data;
+                        *ppklen = p8->pkey->value.sequence->length;
+                        }
+                }
+        else
+                return 0;
+        if (pa)
+                *pa = p8->pkeyalg;
+        return 1;
+        }
diff --git a/src/lib/libcrypto/asn1/t_pkey.c b/src/lib/libcrypto/asn1/t_pkey.c
index afb95d6712..9dd18f6579 100644
--- a/src/lib/libcrypto/asn1/t_pkey.c
+++ b/src/lib/libcrypto/asn1/t_pkey.c
@@ -55,520 +55,15 @@
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * Binary polynomial ECC support in OpenSSL originally developed by 
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/objects.h>
 #include <openssl/buffer.h>
 #include <openssl/bn.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_EC
-#include <openssl/ec.h>
-#endif
-static int print(BIO *fp,const char *str, const BIGNUM *num,
-                unsigned char *buf,int off);
-#ifndef OPENSSL_NO_EC
-static int print_bin(BIO *fp, const char *str, const unsigned char *num,
-                size_t len, int off);
-#endif
-#ifndef OPENSSL_NO_RSA
-#ifndef OPENSSL_NO_FP_API
-int RSA_print_fp(FILE *fp, const RSA *x, int off)
-        {
-        BIO *b;
-        int ret;
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-                {
-                RSAerr(RSA_F_RSA_PRINT_FP,ERR_R_BUF_LIB);
-                return(0);
-                }
-        BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=RSA_print(b,x,off);
-        BIO_free(b);
-        return(ret);
-        }
-#endif
-int RSA_print(BIO *bp, const RSA *x, int off)
-        {
-        char str[128];
-        const char *s;
-        unsigned char *m=NULL;
-        int ret=0, mod_len = 0;
-        size_t buf_len=0, i;
-        if (x->n)
-                buf_len = (size_t)BN_num_bytes(x->n);
-        if (x->e)
-                if (buf_len < (i = (size_t)BN_num_bytes(x->e)))
-                        buf_len = i;
-        if (x->d)
-                if (buf_len < (i = (size_t)BN_num_bytes(x->d)))
-                        buf_len = i;
-        if (x->p)
-                if (buf_len < (i = (size_t)BN_num_bytes(x->p)))
-                        buf_len = i;
-        if (x->q)
-                if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
-                        buf_len = i;
-        if (x->dmp1)
-                if (buf_len < (i = (size_t)BN_num_bytes(x->dmp1)))
-                        buf_len = i;
-        if (x->dmq1)
-                if (buf_len < (i = (size_t)BN_num_bytes(x->dmq1)))
-                        buf_len = i;
-        if (x->iqmp)
-                if (buf_len < (i = (size_t)BN_num_bytes(x->iqmp)))
-                        buf_len = i;
-        m=(unsigned char *)OPENSSL_malloc(buf_len+10);
-        if (m == NULL)
-                {
-                RSAerr(RSA_F_RSA_PRINT,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-        if (x->n != NULL)
-                mod_len = BN_num_bits(x->n);
-        if (x->d != NULL)
-                {
-                if(!BIO_indent(bp,off,128))
-                   goto err;
-                if (BIO_printf(bp,"Private-Key: (%d bit)\n", mod_len)
-                        <= 0) goto err;
-                }
-        if (x->d == NULL)
-                BIO_snprintf(str,sizeof str,"Modulus (%d bit):", mod_len);
-        else
-                BUF_strlcpy(str,"modulus:",sizeof str);
-        if (!print(bp,str,x->n,m,off)) goto err;
-        s=(x->d == NULL)?"Exponent:":"publicExponent:";
-        if ((x->e != NULL) && !print(bp,s,x->e,m,off))
-                goto err;
-        if ((x->d != NULL) && !print(bp,"privateExponent:",x->d,m,off))
-                goto err;
-        if ((x->p != NULL) && !print(bp,"prime1:",x->p,m,off))
-                goto err;
-        if ((x->q != NULL) && !print(bp,"prime2:",x->q,m,off))
-                goto err;
-        if ((x->dmp1 != NULL) && !print(bp,"exponent1:",x->dmp1,m,off))
-                goto err;
-        if ((x->dmq1 != NULL) && !print(bp,"exponent2:",x->dmq1,m,off))
-                goto err;
-        if ((x->iqmp != NULL) && !print(bp,"coefficient:",x->iqmp,m,off))
-                goto err;
-        ret=1;
-err:
-        if (m != NULL) OPENSSL_free(m);
-        return(ret);
-        }
-#endif /* OPENSSL_NO_RSA */
-#ifndef OPENSSL_NO_DSA
-#ifndef OPENSSL_NO_FP_API
-int DSA_print_fp(FILE *fp, const DSA *x, int off)
-        {
-        BIO *b;
-        int ret;
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-                {
-                DSAerr(DSA_F_DSA_PRINT_FP,ERR_R_BUF_LIB);
-                return(0);
-                }
-        BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=DSA_print(b,x,off);
-        BIO_free(b);
-        return(ret);
-        }
-#endif
-int DSA_print(BIO *bp, const DSA *x, int off)
-        {
-        unsigned char *m=NULL;
-        int ret=0;
-        size_t buf_len=0,i;
-        if (x->p)
-                buf_len = (size_t)BN_num_bytes(x->p);
-        else
-                {
-                DSAerr(DSA_F_DSA_PRINT,DSA_R_MISSING_PARAMETERS);
-                goto err;
-                }
-        if (x->q)
-                if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
-                        buf_len = i;
-        if (x->g)
-                if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
-                        buf_len = i;
-        if (x->priv_key)
-                if (buf_len < (i = (size_t)BN_num_bytes(x->priv_key)))
-                        buf_len = i;
-        if (x->pub_key)
-                if (buf_len < (i = (size_t)BN_num_bytes(x->pub_key)))
-                        buf_len = i;
-        m=(unsigned char *)OPENSSL_malloc(buf_len+10);
-        if (m == NULL)
-                {
-                DSAerr(DSA_F_DSA_PRINT,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-        if (x->priv_key != NULL)
-                {
-                if(!BIO_indent(bp,off,128))
-                   goto err;
-                if (BIO_printf(bp,"Private-Key: (%d bit)\n",BN_num_bits(x->p))
-                        <= 0) goto err;
-                }
-        if ((x->priv_key != NULL) && !print(bp,"priv:",x->priv_key,m,off))
-                goto err;
-        if ((x->pub_key  != NULL) && !print(bp,"pub: ",x->pub_key,m,off))
-                goto err;
-        if ((x->p != NULL) && !print(bp,"P:   ",x->p,m,off)) goto err;
-        if ((x->q != NULL) && !print(bp,"Q:   ",x->q,m,off)) goto err;
-        if ((x->g != NULL) && !print(bp,"G:   ",x->g,m,off)) goto err;
-        ret=1;
-err:
-        if (m != NULL) OPENSSL_free(m);
-        return(ret);
-        }
-#endif /* !OPENSSL_NO_DSA */
-#ifndef OPENSSL_NO_EC
-#ifndef OPENSSL_NO_FP_API
-int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off)
-        {
-        BIO *b;
-        int ret;
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-                {
-                ECerr(EC_F_ECPKPARAMETERS_PRINT_FP,ERR_R_BUF_LIB);
-                return(0);
-                }
-        BIO_set_fp(b, fp, BIO_NOCLOSE);
-        ret = ECPKParameters_print(b, x, off);
-        BIO_free(b);
-        return(ret);
-        }
-int EC_KEY_print_fp(FILE *fp, const EC_KEY *x, int off)
-        {
-        BIO *b;
-        int ret;
- 
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-                {
-                ECerr(EC_F_EC_KEY_PRINT_FP, ERR_R_BIO_LIB);
-                return(0);
-                }
-        BIO_set_fp(b, fp, BIO_NOCLOSE);
-        ret = EC_KEY_print(b, x, off);
-        BIO_free(b);
-        return(ret);
-        }
-#endif
-int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off)
-        {
-        unsigned char *buffer=NULL;
-        size_t  buf_len=0, i;
-        int     ret=0, reason=ERR_R_BIO_LIB;
-        BN_CTX  *ctx=NULL;
-        const EC_POINT *point=NULL;
-        BIGNUM  *p=NULL, *a=NULL, *b=NULL, *gen=NULL,
-                *order=NULL, *cofactor=NULL;
-        const unsigned char *seed;
-        size_t  seed_len=0;
-        
-        static const char *gen_compressed = "Generator (compressed):";
-        static const char *gen_uncompressed = "Generator (uncompressed):";
-        static const char *gen_hybrid = "Generator (hybrid):";
- 
-        if (!x)
-                {
-                reason = ERR_R_PASSED_NULL_PARAMETER;
-                goto err;
-                }
-        if (EC_GROUP_get_asn1_flag(x))
-                {
-                /* the curve parameter are given by an asn1 OID */
-                int nid;
-                if (!BIO_indent(bp, off, 128))
-                        goto err;
-                nid = EC_GROUP_get_curve_name(x);
-                if (nid == 0)
-                        goto err;
-                if (BIO_printf(bp, "ASN1 OID: %s", OBJ_nid2sn(nid)) <= 0)
-                        goto err;
-                if (BIO_printf(bp, "\n") <= 0)
-                        goto err;
-                }
-        else
-                {
-                /* explicit parameters */
-                int is_char_two = 0;
-                point_conversion_form_t form;
-                int tmp_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(x));
-                if (tmp_nid == NID_X9_62_characteristic_two_field)
-                        is_char_two = 1;
-                if ((p = BN_new()) == NULL || (a = BN_new()) == NULL ||
-                        (b = BN_new()) == NULL || (order = BN_new()) == NULL ||
-                        (cofactor = BN_new()) == NULL)
-                        {
-                        reason = ERR_R_MALLOC_FAILURE;
-                        goto err;
-                        }
-                if (is_char_two)
-                        {
-                        if (!EC_GROUP_get_curve_GF2m(x, p, a, b, ctx))
-                                {
-                                reason = ERR_R_EC_LIB;
-                                goto err;
-                                }
-                        }
-                else /* prime field */
-                        {
-                        if (!EC_GROUP_get_curve_GFp(x, p, a, b, ctx))
-                                {
-                                reason = ERR_R_EC_LIB;
-                                goto err;
-                                }
-                        }
-                if ((point = EC_GROUP_get0_generator(x)) == NULL)
-                        {
-                        reason = ERR_R_EC_LIB;
-                        goto err;
-                        }
-                if (!EC_GROUP_get_order(x, order, NULL) || 
-                        !EC_GROUP_get_cofactor(x, cofactor, NULL))
-                        {
-                        reason = ERR_R_EC_LIB;
-                        goto err;
-                        }
-                
-                form = EC_GROUP_get_point_conversion_form(x);
-                if ((gen = EC_POINT_point2bn(x, point, 
-                                form, NULL, ctx)) == NULL)
-                        {
-                        reason = ERR_R_EC_LIB;
-                        goto err;
-                        }
-                buf_len = (size_t)BN_num_bytes(p);
-                if (buf_len < (i = (size_t)BN_num_bytes(a)))
-                        buf_len = i;
-                if (buf_len < (i = (size_t)BN_num_bytes(b)))
-                        buf_len = i;
-                if (buf_len < (i = (size_t)BN_num_bytes(gen)))
-                        buf_len = i;
-                if (buf_len < (i = (size_t)BN_num_bytes(order)))
-                        buf_len = i;
-                if (buf_len < (i = (size_t)BN_num_bytes(cofactor))) 
-                        buf_len = i;
-                if ((seed = EC_GROUP_get0_seed(x)) != NULL)
-                        seed_len = EC_GROUP_get_seed_len(x);
-                buf_len += 10;
-                if ((buffer = OPENSSL_malloc(buf_len)) == NULL)
-                        {
-                        reason = ERR_R_MALLOC_FAILURE;
-                        goto err;
-                        }
-                if (!BIO_indent(bp, off, 128))
-                        goto err;
-                /* print the 'short name' of the field type */
-                if (BIO_printf(bp, "Field Type: %s\n", OBJ_nid2sn(tmp_nid))
-                        <= 0)
-                        goto err;  
-                if (is_char_two)
-                        {
-                        /* print the 'short name' of the base type OID */
-                        int basis_type = EC_GROUP_get_basis_type(x);
-                        if (basis_type == 0)
-                                goto err;
-                        if (!BIO_indent(bp, off, 128))
-                                goto err;
-                        if (BIO_printf(bp, "Basis Type: %s\n", 
-                                OBJ_nid2sn(basis_type)) <= 0)
-                                goto err;
-                        /* print the polynomial */
-                        if ((p != NULL) && !print(bp, "Polynomial:", p, buffer,
-                                off))
-                                goto err;
-                        }
-                else
-                        {
-                        if ((p != NULL) && !print(bp, "Prime:", p, buffer,off))
-                                goto err;
-                        }
-                if ((a != NULL) && !print(bp, "A:   ", a, buffer, off)) 
-                        goto err;
-                if ((b != NULL) && !print(bp, "B:   ", b, buffer, off))
-                        goto err;
-                if (form == POINT_CONVERSION_COMPRESSED)
-                        {
-                        if ((gen != NULL) && !print(bp, gen_compressed, gen,
-                                buffer, off))
-                                goto err;
-                        }
-                else if (form == POINT_CONVERSION_UNCOMPRESSED)
-                        {
-                        if ((gen != NULL) && !print(bp, gen_uncompressed, gen,
-                                buffer, off))
-                                goto err;
-                        }
-                else /* form == POINT_CONVERSION_HYBRID */
-                        {
-                        if ((gen != NULL) && !print(bp, gen_hybrid, gen,
-                                buffer, off))
-                                goto err;
-                        }
-                if ((order != NULL) && !print(bp, "Order: ", order, 
-                        buffer, off)) goto err;
-                if ((cofactor != NULL) && !print(bp, "Cofactor: ", cofactor, 
-                        buffer, off)) goto err;
-                if (seed && !print_bin(bp, "Seed:", seed, seed_len, off))
-                        goto err;
-                }
-        ret=1;
-err:
-        if (!ret)
-                ECerr(EC_F_ECPKPARAMETERS_PRINT, reason);
-        if (p) 
-                BN_free(p);
-        if (a) 
-                BN_free(a);
-        if (b)
-                BN_free(b);
-        if (gen)
-                BN_free(gen);
-        if (order)
-                BN_free(order);
-        if (cofactor)
-                BN_free(cofactor);
-        if (ctx)
-                BN_CTX_free(ctx);
-        if (buffer != NULL) 
-                OPENSSL_free(buffer);
-        return(ret);    
-        }
-int EC_KEY_print(BIO *bp, const EC_KEY *x, int off)
+int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num,
-        {
+                        unsigned char *buf, int off)
-        unsigned char *buffer=NULL;
-        size_t  buf_len=0, i;
-        int     ret=0, reason=ERR_R_BIO_LIB;
-        BIGNUM  *pub_key=NULL, *order=NULL;
-        BN_CTX  *ctx=NULL;
-        const EC_GROUP *group;
-        const EC_POINT *public_key;
-        const BIGNUM *priv_key;
- 
-        if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL)
-                {
-                reason = ERR_R_PASSED_NULL_PARAMETER;
-                goto err;
-                }
-        public_key = EC_KEY_get0_public_key(x);
-        if ((pub_key = EC_POINT_point2bn(group, public_key,
-                EC_KEY_get_conv_form(x), NULL, ctx)) == NULL)
-                {
-                reason = ERR_R_EC_LIB;
-                goto err;
-                }
-        buf_len = (size_t)BN_num_bytes(pub_key);
-        priv_key = EC_KEY_get0_private_key(x);
-        if (priv_key != NULL)
-                {
-                if ((i = (size_t)BN_num_bytes(priv_key)) > buf_len)
-                        buf_len = i;
-                }
-        buf_len += 10;
-        if ((buffer = OPENSSL_malloc(buf_len)) == NULL)
-                {
-                reason = ERR_R_MALLOC_FAILURE;
-                goto err;
-                }
-        if (priv_key != NULL)
-                {
-                if (!BIO_indent(bp, off, 128))
-                        goto err;
-                if ((order = BN_new()) == NULL)
-                        goto err;
-                if (!EC_GROUP_get_order(group, order, NULL))
-                        goto err;
-                if (BIO_printf(bp, "Private-Key: (%d bit)\n", 
-                        BN_num_bits(order)) <= 0) goto err;
-                }
-  
-        if ((priv_key != NULL) && !print(bp, "priv:", priv_key, 
-                buffer, off))
-                goto err;
-        if ((pub_key != NULL) && !print(bp, "pub: ", pub_key,
-                buffer, off))
-                goto err;
-        if (!ECPKParameters_print(bp, group, off))
-                goto err;
-        ret=1;
-err:
-        if (!ret)
-                ECerr(EC_F_EC_KEY_PRINT, reason);
-        if (pub_key) 
-                BN_free(pub_key);
-        if (order)
-                BN_free(order);
-        if (ctx)
-                BN_CTX_free(ctx);
-        if (buffer != NULL)
-                OPENSSL_free(buffer);
-        return(ret);
-        }
-#endif /* OPENSSL_NO_EC */
-static int print(BIO *bp, const char *number, const BIGNUM *num, unsigned char *buf,
-             int off)
        {
        int n,i;
        const char *neg;
@@ -617,223 +112,3 @@ static int print(BIO *bp, const char *number, const BIGNUM *num, unsigned char *
                }
        return(1);
        }
-#ifndef OPENSSL_NO_EC
-static int print_bin(BIO *fp, const char *name, const unsigned char *buf,
-                size_t len, int off)
-        {
-        size_t i;
-        char str[128];
-        if (buf == NULL)
-                return 1;
-        if (off)
-                {
-                if (off > 128)
-                        off=128;
-                memset(str,' ',off);
-                if (BIO_write(fp, str, off) <= 0)
-                        return 0;
-                }
-        if (BIO_printf(fp,"%s", name) <= 0)
-                return 0;
-        for (i=0; i<len; i++)
-                {
-                if ((i%15) == 0)
-                        {
-                        str[0]='\n';
-                        memset(&(str[1]),' ',off+4);
-                        if (BIO_write(fp, str, off+1+4) <= 0)
-                                return 0;
-                        }
-                if (BIO_printf(fp,"%02x%s",buf[i],((i+1) == len)?"":":") <= 0)
-                        return 0;
-                }
-        if (BIO_write(fp,"\n",1) <= 0)
-                return 0;
-        return 1;
-        }
-#endif
-#ifndef OPENSSL_NO_DH
-#ifndef OPENSSL_NO_FP_API
-int DHparams_print_fp(FILE *fp, const DH *x)
-        {
-        BIO *b;
-        int ret;
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-                {
-                DHerr(DH_F_DHPARAMS_PRINT_FP,ERR_R_BUF_LIB);
-                return(0);
-                }
-        BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=DHparams_print(b, x);
-        BIO_free(b);
-        return(ret);
-        }
-#endif
-int DHparams_print(BIO *bp, const DH *x)
-        {
-        unsigned char *m=NULL;
-        int reason=ERR_R_BUF_LIB,ret=0;
-        size_t buf_len=0, i;
-        if (x->p)
-                buf_len = (size_t)BN_num_bytes(x->p);
-        else
-                {
-                reason = ERR_R_PASSED_NULL_PARAMETER;
-                goto err;
-                }
-        if (x->g)
-                if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
-                        buf_len = i;
-        m=(unsigned char *)OPENSSL_malloc(buf_len+10);
-        if (m == NULL)
-                {
-                reason=ERR_R_MALLOC_FAILURE;
-                goto err;
-                }
-        if (BIO_printf(bp,"Diffie-Hellman-Parameters: (%d bit)\n",
-                BN_num_bits(x->p)) <= 0)
-                goto err;
-        if (!print(bp,"prime:",x->p,m,4)) goto err;
-        if (!print(bp,"generator:",x->g,m,4)) goto err;
-        if (x->length != 0)
-                {
-                if (BIO_printf(bp,"    recommended-private-length: %d bits\n",
-                        (int)x->length) <= 0) goto err;
-                }
-        ret=1;
-        if (0)
-                {
-err:
-                DHerr(DH_F_DHPARAMS_PRINT,reason);
-                }
-        if (m != NULL) OPENSSL_free(m);
-        return(ret);
-        }
-#endif
-#ifndef OPENSSL_NO_DSA
-#ifndef OPENSSL_NO_FP_API
-int DSAparams_print_fp(FILE *fp, const DSA *x)
-        {
-        BIO *b;
-        int ret;
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-                {
-                DSAerr(DSA_F_DSAPARAMS_PRINT_FP,ERR_R_BUF_LIB);
-                return(0);
-                }
-        BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=DSAparams_print(b, x);
-        BIO_free(b);
-        return(ret);
-        }
-#endif
-int DSAparams_print(BIO *bp, const DSA *x)
-        {
-        unsigned char *m=NULL;
-        int ret=0;
-        size_t buf_len=0,i;
-        if (x->p)
-                buf_len = (size_t)BN_num_bytes(x->p);
-        else
-                {
-                DSAerr(DSA_F_DSAPARAMS_PRINT,DSA_R_MISSING_PARAMETERS);
-                goto err;
-                }
-        if (x->q)
-                if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
-                        buf_len = i;
-        if (x->g)
-                if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
-                        buf_len = i;
-        m=(unsigned char *)OPENSSL_malloc(buf_len+10);
-        if (m == NULL)
-                {
-                DSAerr(DSA_F_DSAPARAMS_PRINT,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-        if (BIO_printf(bp,"DSA-Parameters: (%d bit)\n",
-                BN_num_bits(x->p)) <= 0)
-                goto err;
-        if (!print(bp,"p:",x->p,m,4)) goto err;
-        if ((x->q != NULL) && !print(bp,"q:",x->q,m,4)) goto err;
-        if ((x->g != NULL) && !print(bp,"g:",x->g,m,4)) goto err;
-        ret=1;
-err:
-        if (m != NULL) OPENSSL_free(m);
-        return(ret);
-        }
-#endif /* !OPENSSL_NO_DSA */
-#ifndef OPENSSL_NO_EC
-#ifndef OPENSSL_NO_FP_API
-int ECParameters_print_fp(FILE *fp, const EC_KEY *x)
-        {
-        BIO *b;
-        int ret;
- 
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-                {
-                ECerr(EC_F_ECPARAMETERS_PRINT_FP, ERR_R_BIO_LIB);
-                return(0);
-                }
-        BIO_set_fp(b, fp, BIO_NOCLOSE);
-        ret = ECParameters_print(b, x);
-        BIO_free(b);
-        return(ret);
-        }
-#endif
-int ECParameters_print(BIO *bp, const EC_KEY *x)
-        {
-        int     reason=ERR_R_EC_LIB, ret=0;
-        BIGNUM  *order=NULL;
-        const EC_GROUP *group;
- 
-        if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL)
-                {
-                reason = ERR_R_PASSED_NULL_PARAMETER;;
-                goto err;
-                }
-        if ((order = BN_new()) == NULL)
-                {
-                reason = ERR_R_MALLOC_FAILURE;
-                goto err;
-                }
-        if (!EC_GROUP_get_order(group, order, NULL))
-                {
-                reason = ERR_R_EC_LIB;
-                goto err;
-                }
- 
-        if (BIO_printf(bp, "ECDSA-Parameters: (%d bit)\n", 
-                BN_num_bits(order)) <= 0)
-                goto err;
-        if (!ECPKParameters_print(bp, group, 4))
-                goto err;
-        ret=1;
-err:
-        if (order)
-                BN_free(order);
-        ECerr(EC_F_ECPARAMETERS_PRINT, reason);
-        return(ret);
-        }
-  
-#endif
diff --git a/src/lib/libcrypto/asn1/t_req.c b/src/lib/libcrypto/asn1/t_req.c
index 5557e06584..ea1794e3e0 100644
--- a/src/lib/libcrypto/asn1/t_req.c
+++ b/src/lib/libcrypto/asn1/t_req.c
@@ -149,34 +149,10 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, unsigned long
                        ERR_print_errors(bp);
                        }
                else
-#ifndef OPENSSL_NO_RSA
-                if (pkey->type == EVP_PKEY_RSA)
-                        {
-                        BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
-                        BN_num_bits(pkey->pkey.rsa->n));
-                        RSA_print(bp,pkey->pkey.rsa,16);
-                        }
-                else
-#endif
-#ifndef OPENSSL_NO_DSA
-                if (pkey->type == EVP_PKEY_DSA)
                        {
-                        BIO_printf(bp,"%12sDSA Public Key:\n","");
+                        EVP_PKEY_print_public(bp, pkey, 16, NULL);
-                        DSA_print(bp,pkey->pkey.dsa,16);
+                        EVP_PKEY_free(pkey);
                        }
-                else
-#endif
-#ifndef OPENSSL_NO_EC
-                if (pkey->type == EVP_PKEY_EC)
-                {
-                        BIO_printf(bp, "%12sEC Public Key: \n","");
-                        EC_KEY_print(bp, pkey->pkey.ec, 16);
-                }
-        else
-#endif
-                        BIO_printf(bp,"%12sUnknown Public Key:\n","");
-                EVP_PKEY_free(pkey);
                }
        if(!(cflag & X509_FLAG_NO_ATTRIBUTES))
diff --git a/src/lib/libcrypto/asn1/t_spki.c b/src/lib/libcrypto/asn1/t_spki.c
index a73369b949..079c081a81 100644
--- a/src/lib/libcrypto/asn1/t_spki.c
+++ b/src/lib/libcrypto/asn1/t_spki.c
@@ -82,36 +82,11 @@ int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki)
                                (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i));
        pkey = X509_PUBKEY_get(spki->spkac->pubkey);
        if(!pkey) BIO_printf(out, "  Unable to load public key\n");
-        else {
+        else
-#ifndef OPENSSL_NO_RSA
-                if (pkey->type == EVP_PKEY_RSA)
-                        {
-                        BIO_printf(out,"  RSA Public Key: (%d bit)\n",
-                                BN_num_bits(pkey->pkey.rsa->n));
-                        RSA_print(out,pkey->pkey.rsa,2);
-                        }
-                else 
-#endif
-#ifndef OPENSSL_NO_DSA
-                if (pkey->type == EVP_PKEY_DSA)
-                {
-                BIO_printf(out,"  DSA Public Key:\n");
-                DSA_print(out,pkey->pkey.dsa,2);
-                }
-                else
-#endif
-#ifndef OPENSSL_NO_EC
-                if (pkey->type == EVP_PKEY_EC)
                {
-                        BIO_printf(out, "  EC Public Key:\n");
+                EVP_PKEY_print_public(out, pkey, 4, NULL);
-                        EC_KEY_print(out, pkey->pkey.ec,2);
-                }
-                else
-#endif
-                        BIO_printf(out,"  Unknown Public Key:\n");
                EVP_PKEY_free(pkey);
-        }
+                }
        chal = spki->spkac->challenge;
        if(chal->length)
                BIO_printf(out, "  Challenge String: %s\n", chal->data);
diff --git a/src/lib/libcrypto/asn1/t_x509.c b/src/lib/libcrypto/asn1/t_x509.c
index 8f746f9c05..e061f2ffad 100644
--- a/src/lib/libcrypto/asn1/t_x509.c
+++ b/src/lib/libcrypto/asn1/t_x509.c
@@ -111,7 +111,6 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag)
        ASN1_INTEGER *bs;
        EVP_PKEY *pkey=NULL;
        const char *neg;
-        ASN1_STRING *str=NULL;
        if((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
                        mlch = '\n';
@@ -215,34 +214,10 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag)
                        ERR_print_errors(bp);
                        }
                else
-#ifndef OPENSSL_NO_RSA
-                if (pkey->type == EVP_PKEY_RSA)
-                        {
-                        BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
-                        BN_num_bits(pkey->pkey.rsa->n));
-                        RSA_print(bp,pkey->pkey.rsa,16);
-                        }
-                else
-#endif
-#ifndef OPENSSL_NO_DSA
-                if (pkey->type == EVP_PKEY_DSA)
-                        {
-                        BIO_printf(bp,"%12sDSA Public Key:\n","");
-                        DSA_print(bp,pkey->pkey.dsa,16);
-                        }
-                else
-#endif
-#ifndef OPENSSL_NO_EC
-                if (pkey->type == EVP_PKEY_EC)
                        {
-                        BIO_printf(bp, "%12sEC Public Key:\n","");
+                        EVP_PKEY_print_public(bp, pkey, 16, NULL);
-                        EC_KEY_print(bp, pkey->pkey.ec, 16);
+                        EVP_PKEY_free(pkey);
                        }
-                else
-#endif
-                        BIO_printf(bp,"%12sUnknown Public Key:\n","");
-                EVP_PKEY_free(pkey);
                }
        if (!(cflag & X509_FLAG_NO_EXTENSIONS))
@@ -259,7 +234,6 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag)
                }
        ret=1;
 err:
-        if (str != NULL) ASN1_STRING_free(str);
        if (m != NULL) OPENSSL_free(m);
        return(ret);
        }
@@ -329,14 +303,15 @@ int X509_signature_print(BIO *bp, X509_ALGOR *sigalg, ASN1_STRING *sig)
        return 1;
 }
-int ASN1_STRING_print(BIO *bp, ASN1_STRING *v)
+int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v)
        {
        int i,n;
-        char buf[80],*p;
+        char buf[80];
+        const char *p;
        if (v == NULL) return(0);
        n=0;
-        p=(char *)v->data;
+        p=(const char *)v->data;
        for (i=0; i<v->length; i++)
                {
                if ((p[i] > '~') || ((p[i] < ' ') &&
@@ -358,7 +333,7 @@ int ASN1_STRING_print(BIO *bp, ASN1_STRING *v)
        return(1);
        }
-int ASN1_TIME_print(BIO *bp, ASN1_TIME *tm)
+int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm)
 {
        if(tm->type == V_ASN1_UTCTIME) return ASN1_UTCTIME_print(bp, tm);
        if(tm->type == V_ASN1_GENERALIZEDTIME)
@@ -373,12 +348,14 @@ static const char *mon[12]=
    "Jul","Aug","Sep","Oct","Nov","Dec"
    };
-int ASN1_GENERALIZEDTIME_print(BIO *bp, ASN1_GENERALIZEDTIME *tm)
+int ASN1_GENERALIZEDTIME_print(BIO *bp, const ASN1_GENERALIZEDTIME *tm)
        {
        char *v;
        int gmt=0;
        int i;
        int y=0,M=0,d=0,h=0,m=0,s=0;
+        char *f = NULL;
+        int f_len = 0;
        i=tm->length;
        v=(char *)tm->data;
@@ -396,10 +373,21 @@ int ASN1_GENERALIZEDTIME_print(BIO *bp, ASN1_GENERALIZEDTIME *tm)
        if (tm->length >= 14 &&
            (v[12] >= '0') && (v[12] <= '9') &&
            (v[13] >= '0') && (v[13] <= '9'))
+                {
                s=  (v[12]-'0')*10+(v[13]-'0');
+                /* Check for fractions of seconds. */
+                if (tm->length >= 15 && v[14] == '.')
+                        {
+                        int l = tm->length;
+                        f = &v[14];     /* The decimal point. */
+                        f_len = 1;
+                        while (14 + f_len < l && f[f_len] >= '0' && f[f_len] <= '9')
+                                ++f_len;
+                        }
+                }
-        if (BIO_printf(bp,"%s %2d %02d:%02d:%02d %d%s",
+        if (BIO_printf(bp,"%s %2d %02d:%02d:%02d%.*s %d%s",
-                mon[M-1],d,h,m,s,y,(gmt)?" GMT":"") <= 0)
+                mon[M-1],d,h,m,s,f_len,f,y,(gmt)?" GMT":"") <= 0)
                return(0);
        else
                return(1);
@@ -408,15 +396,15 @@ err:
        return(0);
        }
-int ASN1_UTCTIME_print(BIO *bp, ASN1_UTCTIME *tm)
+int ASN1_UTCTIME_print(BIO *bp, const ASN1_UTCTIME *tm)
        {
-        char *v;
+        const char *v;
        int gmt=0;
        int i;
        int y=0,M=0,d=0,h=0,m=0,s=0;
        i=tm->length;
-        v=(char *)tm->data;
+        v=(const char *)tm->data;
        if (i < 10) goto err;
        if (v[i-1] == 'Z') gmt=1;
diff --git a/src/lib/libcrypto/asn1/tasn_dec.c b/src/lib/libcrypto/asn1/tasn_dec.c
index 48bc1c0d4d..3bee439968 100644
--- a/src/lib/libcrypto/asn1/tasn_dec.c
+++ b/src/lib/libcrypto/asn1/tasn_dec.c
@@ -114,6 +114,8 @@ unsigned long ASN1_tag2bit(int tag)
 /* Macro to initialize and invalidate the cache */
 #define asn1_tlc_clear(c)       if (c) (c)->valid = 0
+/* Version to avoid compiler warning about 'c' always non-NULL */
+#define asn1_tlc_clear_nc(c)    (c)->valid = 0
 /* Decode an ASN1 item, this currently behaves just 
 * like a standard 'd2i' function. 'in' points to 
@@ -130,7 +132,7 @@ ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval,
        ASN1_VALUE *ptmpval = NULL;
        if (!pval)
                pval = &ptmpval;
-        c.valid = 0;
+        asn1_tlc_clear_nc(&c);
        if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0) 
                return *pval;
        return NULL;
@@ -140,7 +142,7 @@ int ASN1_template_d2i(ASN1_VALUE **pval,
                const unsigned char **in, long len, const ASN1_TEMPLATE *tt)
        {
        ASN1_TLC c;
-        c.valid = 0;
+        asn1_tlc_clear_nc(&c);
        return asn1_template_ex_d2i(pval, in, len, tt, 0, &c);
        }
@@ -306,7 +308,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
                case ASN1_ITYPE_CHOICE:
-                if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it))
+                if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
                                goto auxerr;
                /* Allocate structure */
@@ -356,7 +358,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
                asn1_set_choice_selector(pval, i, it);
                *in = p;
-                if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it))
+                if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL))
                                goto auxerr;
                return 1;
@@ -403,7 +405,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
                        goto err;
                        }
-                if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it))
+                if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
                                goto auxerr;
                /* Get each field entry */
@@ -505,7 +507,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
                if (!asn1_enc_save(pval, *in, p - *in, it))
                        goto auxerr;
                *in = p;
-                if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it))
+                if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL))
                                goto auxerr;
                return 1;
@@ -665,11 +667,12 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
                else
                        {
                        /* We've got a valid STACK: free up any items present */
-                        STACK *sktmp = (STACK *)*val;
+                        STACK_OF(ASN1_VALUE) *sktmp
+                            = (STACK_OF(ASN1_VALUE) *)*val;
                        ASN1_VALUE *vtmp;
-                        while(sk_num(sktmp) > 0)
+                        while(sk_ASN1_VALUE_num(sktmp) > 0)
                                {
-                                vtmp = (ASN1_VALUE *)sk_pop(sktmp);
+                                vtmp = sk_ASN1_VALUE_pop(sktmp);
                                ASN1_item_ex_free(&vtmp,
                                                ASN1_ITEM_ptr(tt->item));
                                }
@@ -710,7 +713,8 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
                                goto err;
                                }
                        len -= p - q;
-                        if (!sk_push((STACK *)*val, (char *)skfield))
+                        if (!sk_ASN1_VALUE_push((STACK_OF(ASN1_VALUE) *)*val,
+                                                skfield))
                                {
                                ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
                                                ERR_R_MALLOC_FAILURE);
diff --git a/src/lib/libcrypto/asn1/tasn_enc.c b/src/lib/libcrypto/asn1/tasn_enc.c
index 2721f904a6..936ad1f767 100644
--- a/src/lib/libcrypto/asn1/tasn_enc.c
+++ b/src/lib/libcrypto/asn1/tasn_enc.c
@@ -158,7 +158,7 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
                return asn1_i2d_ex_primitive(pval, out, it, -1, aclass);
                case ASN1_ITYPE_CHOICE:
-                if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it))
+                if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it, NULL))
                                return 0;
                i = asn1_get_choice_selector(pval, it);
                if ((i >= 0) && (i < it->tcount))
@@ -171,7 +171,7 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
                                                                -1, aclass);
                        }
                /* Fixme: error condition if selector out of range */
-                if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it))
+                if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it, NULL))
                                return 0;
                break;
@@ -216,7 +216,7 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
                        aclass = (aclass & ~ASN1_TFLG_TAG_CLASS)
                                        | V_ASN1_UNIVERSAL;
                        }
-                if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it))
+                if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it, NULL))
                                return 0;
                /* First work out sequence content length */
                for (i = 0, tt = it->templates; i < it->tcount; tt++, i++)
@@ -250,7 +250,7 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
                        }
                if (ndef == 2)
                        ASN1_put_eoc(out);
-                if (asn1_cb  && !asn1_cb(ASN1_OP_I2D_POST, pval, it))
+                if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it, NULL))
                                return 0;
                return seqlen;
@@ -569,7 +569,8 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype,
        ASN1_STRING *strtmp;
        ASN1_OBJECT *otmp;
        int utype;
-        unsigned char *cont, c;
+        const unsigned char *cont;
+        unsigned char c;
        int len;
        const ASN1_PRIMITIVE_FUNCS *pf;
        pf = it->funcs;
diff --git a/src/lib/libcrypto/asn1/tasn_fre.c b/src/lib/libcrypto/asn1/tasn_fre.c
index d7c017fa1d..77d3092d31 100644
--- a/src/lib/libcrypto/asn1/tasn_fre.c
+++ b/src/lib/libcrypto/asn1/tasn_fre.c
@@ -110,7 +110,7 @@ static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int c
                case ASN1_ITYPE_CHOICE:
                if (asn1_cb)
                        {
-                        i = asn1_cb(ASN1_OP_FREE_PRE, pval, it);
+                        i = asn1_cb(ASN1_OP_FREE_PRE, pval, it, NULL);
                        if (i == 2)
                                return;
                        }
@@ -123,7 +123,7 @@ static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int c
                        ASN1_template_free(pchval, tt);
                        }
                if (asn1_cb)
-                        asn1_cb(ASN1_OP_FREE_POST, pval, it);
+                        asn1_cb(ASN1_OP_FREE_POST, pval, it, NULL);
                if (!combine)
                        {
                        OPENSSL_free(*pval);
@@ -149,7 +149,7 @@ static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int c
                        return;
                if (asn1_cb)
                        {
-                        i = asn1_cb(ASN1_OP_FREE_PRE, pval, it);
+                        i = asn1_cb(ASN1_OP_FREE_PRE, pval, it, NULL);
                        if (i == 2)
                                return;
                        }               
@@ -170,7 +170,7 @@ static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int c
                        ASN1_template_free(pseqval, seqtt);
                        }
                if (asn1_cb)
-                        asn1_cb(ASN1_OP_FREE_POST, pval, it);
+                        asn1_cb(ASN1_OP_FREE_POST, pval, it, NULL);
                if (!combine)
                        {
                        OPENSSL_free(*pval);
diff --git a/src/lib/libcrypto/asn1/tasn_new.c b/src/lib/libcrypto/asn1/tasn_new.c
index 5c6a2ebd4d..0d9e78cc7c 100644
--- a/src/lib/libcrypto/asn1/tasn_new.c
+++ b/src/lib/libcrypto/asn1/tasn_new.c
@@ -68,7 +68,7 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
                                                                int combine);
 static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it);
 static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
-void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it);
+static void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it);
 ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it)
        {
@@ -146,7 +146,7 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
                case ASN1_ITYPE_CHOICE:
                if (asn1_cb)
                        {
-                        i = asn1_cb(ASN1_OP_NEW_PRE, pval, it);
+                        i = asn1_cb(ASN1_OP_NEW_PRE, pval, it, NULL);
                        if (!i)
                                goto auxerr;
                        if (i==2)
@@ -166,7 +166,7 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
                        memset(*pval, 0, it->size);
                        }
                asn1_set_choice_selector(pval, -1, it);
-                if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it))
+                if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL))
                                goto auxerr;
                break;
@@ -174,7 +174,7 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
                case ASN1_ITYPE_SEQUENCE:
                if (asn1_cb)
                        {
-                        i = asn1_cb(ASN1_OP_NEW_PRE, pval, it);
+                        i = asn1_cb(ASN1_OP_NEW_PRE, pval, it, NULL);
                        if (!i)
                                goto auxerr;
                        if (i==2)
@@ -201,7 +201,7 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
                        if (!ASN1_template_new(pseqval, tt))
                                goto memerr;
                        }
-                if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it))
+                if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL))
                                goto auxerr;
                break;
        }
@@ -325,6 +325,7 @@ static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
 int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
        {
        ASN1_TYPE *typ;
+        ASN1_STRING *str;
        int utype;
        if (it && it->funcs)
@@ -345,10 +346,7 @@ int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
                return 1;
                case V_ASN1_BOOLEAN:
-                if (it)
+                *(ASN1_BOOLEAN *)pval = it->size;
-                        *(ASN1_BOOLEAN *)pval = it->size;
-                else
-                        *(ASN1_BOOLEAN *)pval = -1;
                return 1;
                case V_ASN1_NULL:
@@ -365,7 +363,10 @@ int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
                break;
                default:
-                *pval = (ASN1_VALUE *)ASN1_STRING_type_new(utype);
+                str = ASN1_STRING_type_new(utype);
+                if (it->itype == ASN1_ITYPE_MSTRING && str)
+                        str->flags |= ASN1_STRING_FLAG_MSTRING;
+                *pval = (ASN1_VALUE *)str;
                break;
                }
        if (*pval)
@@ -373,7 +374,7 @@ int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
        return 0;
        }
-void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
+static void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
        {
        int utype;
        if (it && it->funcs)
diff --git a/src/lib/libcrypto/asn1/tasn_prn.c b/src/lib/libcrypto/asn1/tasn_prn.c
index b9c96a6dbe..453698012d 100644
--- a/src/lib/libcrypto/asn1/tasn_prn.c
+++ b/src/lib/libcrypto/asn1/tasn_prn.c
@@ -3,7 +3,7 @@
 * project 2000.
 */
 /* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2000,2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -58,141 +58,570 @@
 #include <stddef.h>
+#include "cryptlib.h"
 #include <openssl/asn1.h>
+#include <openssl/asn1t.h>
 #include <openssl/objects.h>
 #include <openssl/buffer.h>
 #include <openssl/err.h>
-#include <openssl/nasn.h>
+#include <openssl/x509v3.h>
+#include "asn1_locl.h"
-/* Print routines. Print out a whole structure from a template.
+/* Print routines.
 */
-static int asn1_item_print_nm(BIO *out, void *fld, int indent, const ASN1_ITEM *it, const char *name);
+/* ASN1_PCTX routines */
-int ASN1_item_print(BIO *out, void *fld, int indent, const ASN1_ITEM *it)
+ASN1_PCTX default_pctx = 
-{
+        {
-        return asn1_item_print_nm(out, fld, indent, it, it->sname);
+        ASN1_PCTX_FLAGS_SHOW_ABSENT,    /* flags */
-}
+        0,      /* nm_flags */
+        0,      /* cert_flags */
+        0,      /* oid_flags */
+        0       /* str_flags */
+        };
+        
-static int asn1_item_print_nm(BIO *out, void *fld, int indent, const ASN1_ITEM *it, const char *name)
+ASN1_PCTX *ASN1_PCTX_new(void)
-{
+        {
-        ASN1_STRING *str;
+        ASN1_PCTX *ret;
+        ret = OPENSSL_malloc(sizeof(ASN1_PCTX));
+        if (ret == NULL)
+                {
+                ASN1err(ASN1_F_ASN1_PCTX_NEW, ERR_R_MALLOC_FAILURE);
+                return NULL;
+                }
+        ret->flags = 0;
+        ret->nm_flags = 0;
+        ret->cert_flags = 0;
+        ret->oid_flags = 0;
+        ret->str_flags = 0;
+        return ret;
+        }
+void ASN1_PCTX_free(ASN1_PCTX *p)
+        {
+        OPENSSL_free(p);
+        }
+unsigned long ASN1_PCTX_get_flags(ASN1_PCTX *p)
+        {
+        return p->flags;
+        }
+void ASN1_PCTX_set_flags(ASN1_PCTX *p, unsigned long flags)
+        {
+        p->flags = flags;
+        }
+unsigned long ASN1_PCTX_get_nm_flags(ASN1_PCTX *p)
+        {
+        return p->nm_flags;
+        }
+void ASN1_PCTX_set_nm_flags(ASN1_PCTX *p, unsigned long flags)
+        {
+        p->nm_flags = flags;
+        }
+unsigned long ASN1_PCTX_get_cert_flags(ASN1_PCTX *p)
+        {
+        return p->cert_flags;
+        }
+void ASN1_PCTX_set_cert_flags(ASN1_PCTX *p, unsigned long flags)
+        {
+        p->cert_flags = flags;
+        }
+unsigned long ASN1_PCTX_get_oid_flags(ASN1_PCTX *p)
+        {
+        return p->oid_flags;
+        }
+void ASN1_PCTX_set_oid_flags(ASN1_PCTX *p, unsigned long flags)
+        {
+        p->oid_flags = flags;
+        }
+unsigned long ASN1_PCTX_get_str_flags(ASN1_PCTX *p)
+        {
+        return p->str_flags;
+        }
+void ASN1_PCTX_set_str_flags(ASN1_PCTX *p, unsigned long flags)
+        {
+        p->str_flags = flags;
+        }
+/* Main print routines */
+static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
+                                const ASN1_ITEM *it,
+                                const char *fname, const char *sname,
+                                int nohdr, const ASN1_PCTX *pctx);
+int asn1_template_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
+                                const ASN1_TEMPLATE *tt, const ASN1_PCTX *pctx);
+static int asn1_primitive_print(BIO *out, ASN1_VALUE **fld,
+                                const ASN1_ITEM *it, int indent,
+                                const char *fname, const char *sname,
+                                const ASN1_PCTX *pctx);
+static int asn1_print_fsname(BIO *out, int indent,
+                        const char *fname, const char *sname,
+                        const ASN1_PCTX *pctx);
+int ASN1_item_print(BIO *out, ASN1_VALUE *ifld, int indent,
+                                const ASN1_ITEM *it, const ASN1_PCTX *pctx)
+        {
+        const char *sname;
+        if (pctx == NULL)
+                pctx = &default_pctx;
+        if (pctx->flags & ASN1_PCTX_FLAGS_NO_STRUCT_NAME)
+                sname = NULL;
+        else
+                sname = it->sname;
+        return asn1_item_print_ctx(out, &ifld, indent, it,
+                                                        NULL, sname, 0, pctx);
+        }
+static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
+                                const ASN1_ITEM *it,
+                                const char *fname, const char *sname,
+                                int nohdr, const ASN1_PCTX *pctx)
+        {
        const ASN1_TEMPLATE *tt;
-        void *tmpfld;
+        const ASN1_EXTERN_FUNCS *ef;
+        ASN1_VALUE **tmpfld;
+        const ASN1_AUX *aux = it->funcs;
+        ASN1_aux_cb *asn1_cb;
+        ASN1_PRINT_ARG parg;
        int i;
-        if(!fld) {
+        if (aux && aux->asn1_cb)
-                BIO_printf(out, "%*s%s ABSENT\n", indent, "", name);
+                {
+                parg.out = out;
+                parg.indent = indent;
+                parg.pctx = pctx;
+                asn1_cb = aux->asn1_cb;
+                }
+        else asn1_cb = 0;
+        if(*fld == NULL)
+                {
+                if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_ABSENT)
+                        {
+                        if (!nohdr && !asn1_print_fsname(out, indent,
+                                                        fname, sname, pctx))
+                                return 0;
+                        if (BIO_puts(out, "<ABSENT>\n") <= 0)
+                                return 0;
+                        }
                return 1;
-        }
+                }
-        switch(it->itype) {
+        switch(it->itype)
+                {
                case ASN1_ITYPE_PRIMITIVE:
                if(it->templates)
-                        return ASN1_template_print(out, fld, indent, it->templates);
+                        {
-                return asn1_primitive_print(out, fld, it->utype, indent, name);
+                        if (!asn1_template_print_ctx(out, fld, indent,
-                break;
+                                                        it->templates, pctx))
+                                return 0;
+                        }
+                /* fall thru */
                case ASN1_ITYPE_MSTRING:
-                str = fld;
+                if (!asn1_primitive_print(out, fld, it,
-                return asn1_primitive_print(out, fld, str->type, indent, name);
+                                indent, fname, sname,pctx))
+                        return 0;
+                break;
                case ASN1_ITYPE_EXTERN:
-                BIO_printf(out, "%*s%s:EXTERNAL TYPE %s %s\n", indent, "", name, it->sname, fld ? "" : "ABSENT");
+                if (!nohdr && !asn1_print_fsname(out, indent, fname, sname, pctx))
-                return 1;
+                        return 0;
-                case ASN1_ITYPE_COMPAT:
+                /* Use new style print routine if possible */
-                BIO_printf(out, "%*s%s:COMPATIBLE TYPE %s %s\n", indent, "", name, it->sname, fld ? "" : "ABSENT");
+                ef = it->funcs;
-                return 1;
+                if (ef && ef->asn1_ex_print)
+                        {
+                        i = ef->asn1_ex_print(out, fld, indent, "", pctx);
+                        if (!i)
+                                return 0;
+                        if ((i == 2) && (BIO_puts(out, "\n") <= 0))
+                                return 0;
+                        return 1;
+                        }
+                else if (sname && 
+                        BIO_printf(out, ":EXTERNAL TYPE %s\n", sname) <= 0)
+                        return 0;
+                break;
                case ASN1_ITYPE_CHOICE:
+#if 0
+                if (!nohdr && !asn1_print_fsname(out, indent, fname, sname, pctx))
+                        return 0;
+#endif
                /* CHOICE type, get selector */
                i = asn1_get_choice_selector(fld, it);
                /* This should never happen... */
-                if((i < 0) || (i >= it->tcount)) {
+                if((i < 0) || (i >= it->tcount))
-                        BIO_printf(out, "%s selector [%d] out of range\n", it->sname, i);
+                        {
+                        if (BIO_printf(out,
+                                "ERROR: selector [%d] invalid\n", i) <= 0)
+                                return 0;
                        return 1;
-                }
+                        }
                tt = it->templates + i;
-                tmpfld = asn1_get_field(fld, tt);
+                tmpfld = asn1_get_field_ptr(fld, tt);
-                return ASN1_template_print(out, tmpfld, indent, tt);
+                if (!asn1_template_print_ctx(out, tmpfld, indent, tt, pctx))
+                        return 0;
+                break;
                case ASN1_ITYPE_SEQUENCE:
-                BIO_printf(out, "%*s%s {\n", indent, "", name);
+                case ASN1_ITYPE_NDEF_SEQUENCE:
-                /* Get each field entry */
+                if (!nohdr && !asn1_print_fsname(out, indent, fname, sname, pctx))
-                for(i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
+                        return 0;
-                        tmpfld = asn1_get_field(fld, tt);
+                if (fname || sname)
-                        ASN1_template_print(out, tmpfld, indent + 2, tt);
+                        {
-                }
+                        if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_SEQUENCE)
-                BIO_printf(out, "%*s}\n", indent, "");
+                                {
-                return 1;
+                                if (BIO_puts(out, " {\n") <= 0)
+                                        return 0;
+                                }
+                        else
+                                {
+                                if (BIO_puts(out, "\n") <= 0)
+                                        return 0;
+                                }
+                        }
+                if (asn1_cb)
+                        {
+                        i = asn1_cb(ASN1_OP_PRINT_PRE, fld, it, &parg);
+                        if (i == 0)
+                                return 0;
+                        if (i == 2)
+                                return 1;
+                        }
+                /* Print each field entry */
+                for(i = 0, tt = it->templates; i < it->tcount; i++, tt++)
+                        {
+                        const ASN1_TEMPLATE *seqtt;
+                        seqtt = asn1_do_adb(fld, tt, 1);
+                        tmpfld = asn1_get_field_ptr(fld, seqtt);
+                        if (!asn1_template_print_ctx(out, tmpfld,
+                                                indent + 2, seqtt, pctx))
+                                return 0;
+                        }
+                if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_SEQUENCE)
+                        {
+                        if (BIO_printf(out, "%*s}\n", indent, "") < 0)
+                                return 0;
+                        }
+                if (asn1_cb)
+                        {
+                        i = asn1_cb(ASN1_OP_PRINT_POST, fld, it, &parg);
+                        if (i == 0)
+                                return 0;
+                        }
+                break;
                default:
+                BIO_printf(out, "Unprocessed type %d\n", it->itype);
                return 0;
+                }
+        return 1;
        }
-}
-int ASN1_template_print(BIO *out, void *fld, int indent, const ASN1_TEMPLATE *tt)
+int asn1_template_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
-{
+                                const ASN1_TEMPLATE *tt, const ASN1_PCTX *pctx)
+        {
        int i, flags;
-#if 0
+        const char *sname, *fname;
-        if(!fld) return 0; 
-#endif
        flags = tt->flags;
-        if(flags & ASN1_TFLG_SK_MASK) {
+        if(pctx->flags & ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME)
+                sname = ASN1_ITEM_ptr(tt->item)->sname;
+        else
+                sname = NULL;
+        if(pctx->flags & ASN1_PCTX_FLAGS_NO_FIELD_NAME)
+                fname = NULL;
+        else
+                fname = tt->field_name;
+        if(flags & ASN1_TFLG_SK_MASK)
+                {
                char *tname;
-                void *skitem;
+                ASN1_VALUE *skitem;
+                STACK_OF(ASN1_VALUE) *stack;
                /* SET OF, SEQUENCE OF */
-                if(flags & ASN1_TFLG_SET_OF) tname = "SET";
+                if (fname)
-                else tname = "SEQUENCE";
+                        {
-                if(fld) {
+                        if(pctx->flags & ASN1_PCTX_FLAGS_SHOW_SSOF)
-                        BIO_printf(out, "%*s%s OF %s {\n", indent, "", tname, tt->field_name);
+                                {
-                        for(i = 0; i < sk_num(fld); i++) {
+                                if(flags & ASN1_TFLG_SET_OF)
-                                skitem = sk_value(fld, i);
+                                        tname = "SET";
-                                asn1_item_print_nm(out, skitem, indent + 2, tt->item, "");
+                                else
+                                        tname = "SEQUENCE";
+                                if (BIO_printf(out, "%*s%s OF %s {\n",
+                                        indent, "", tname, tt->field_name) <= 0)
+                                        return 0;
+                                }
+                        else if (BIO_printf(out, "%*s%s:\n", indent, "",
+                                        fname) <= 0)
+                                return 0;
+                        }
+                stack = (STACK_OF(ASN1_VALUE) *)*fld;
+                for(i = 0; i < sk_ASN1_VALUE_num(stack); i++)
+                        {
+                        if ((i > 0) && (BIO_puts(out, "\n") <= 0))
+                                return 0;
+                        skitem = sk_ASN1_VALUE_value(stack, i);
+                        if (!asn1_item_print_ctx(out, &skitem, indent + 2,
+                                ASN1_ITEM_ptr(tt->item), NULL, NULL, 1, pctx))
+                                return 0;
+                        }
+                if (!i && BIO_printf(out, "%*s<EMPTY>\n", indent + 2, "") <= 0)
+                                return 0;
+                if(pctx->flags & ASN1_PCTX_FLAGS_SHOW_SEQUENCE)
+                        {
+                        if (BIO_printf(out, "%*s}\n", indent, "") <= 0)
+                                return 0;
                        }
-                        BIO_printf(out, "%*s}\n", indent, "");
-                } else 
-                        BIO_printf(out, "%*s%s OF %s ABSENT\n", indent, "", tname, tt->field_name);
                return 1;
+                }
+        return asn1_item_print_ctx(out, fld, indent, ASN1_ITEM_ptr(tt->item),
+                                                        fname, sname, 0, pctx);
        }
-        return asn1_item_print_nm(out, fld, indent, tt->item, tt->field_name);
-}
+static int asn1_print_fsname(BIO *out, int indent,
+                        const char *fname, const char *sname,
-static int asn1_primitive_print(BIO *out, void *fld, long utype, int indent, const char *name)
+                        const ASN1_PCTX *pctx)
-{
+        {
-        ASN1_STRING *str = fld;
+        static char spaces[] = "                    ";
-        if(fld) {
+        const int nspaces = sizeof(spaces) - 1;
-                if(utype == V_ASN1_BOOLEAN) {
-                        int *bool = fld;
+#if 0
-if(*bool == -1) printf("BOOL MISSING\n");
+        if (!sname && !fname)
-                        BIO_printf(out, "%*s%s:%s", indent, "", "BOOLEAN", *bool ? "TRUE" : "FALSE");
+                return 1;
-                } else if((utype == V_ASN1_INTEGER) 
+#endif
-                          || (utype == V_ASN1_ENUMERATED)) {
-                        char *s, *nm;
+        while (indent > nspaces)
-                        s = i2s_ASN1_INTEGER(NULL, fld);
+                {
-                        if(utype == V_ASN1_INTEGER) nm = "INTEGER";
+                if (BIO_write(out, spaces, nspaces) != nspaces)
-                        else nm = "ENUMERATED";
+                        return 0;
-                        BIO_printf(out, "%*s%s:%s", indent, "", nm, s);
+                indent -= nspaces;
-                        OPENSSL_free(s);
+                }
-                } else if(utype == V_ASN1_NULL) {
+        if (BIO_write(out, spaces, indent) != indent)
-                        BIO_printf(out, "%*s%s", indent, "", "NULL");
+                return 0;
-                } else if(utype == V_ASN1_UTCTIME) {
+        if (pctx->flags & ASN1_PCTX_FLAGS_NO_STRUCT_NAME)
-                        BIO_printf(out, "%*s%s:%s:", indent, "", name, "UTCTIME");
+                sname = NULL;
-                        ASN1_UTCTIME_print(out, str);
+        if (pctx->flags & ASN1_PCTX_FLAGS_NO_FIELD_NAME)
-                } else if(utype == V_ASN1_GENERALIZEDTIME) {
+                fname = NULL;
-                        BIO_printf(out, "%*s%s:%s:", indent, "", name, "GENERALIZEDTIME");
+        if (!sname && !fname)
-                        ASN1_GENERALIZEDTIME_print(out, str);
+                return 1;
-                } else if(utype == V_ASN1_OBJECT) {
+        if (fname)
-                        char objbuf[80], *ln;
+                {
-                        ln = OBJ_nid2ln(OBJ_obj2nid(fld));
+                if (BIO_puts(out, fname) <= 0)
-                        if(!ln) ln = "";
+                        return 0;
-                        OBJ_obj2txt(objbuf, sizeof objbuf, fld, 1);
-                        BIO_printf(out, "%*s%s:%s (%s)", indent, "", "OBJECT", ln, objbuf);
-                } else {
-                        BIO_printf(out, "%*s%s:", indent, "", name);
-                        ASN1_STRING_print_ex(out, str, ASN1_STRFLGS_DUMP_UNKNOWN|ASN1_STRFLGS_SHOW_TYPE);
                }
-                BIO_printf(out, "\n");
+        if (sname)
-        } else BIO_printf(out, "%*s%s [ABSENT]\n", indent, "", name);
+                {
+                if (fname)
+                        {
+                        if (BIO_printf(out, " (%s)", sname) <= 0)
+                                return 0;
+                        }
+                else
+                        {
+                        if (BIO_puts(out, sname) <= 0)
+                                return 0;
+                        }
+                }
+        if (BIO_write(out, ": ", 2) != 2)
+                return 0;
        return 1;
-}
+        }
+static int asn1_print_boolean_ctx(BIO *out, const int bool,
+                                                        const ASN1_PCTX *pctx)
+        {
+        const char *str;
+        switch (bool)
+                {
+                case -1:
+                str = "BOOL ABSENT";
+                break;
+                case 0:
+                str = "FALSE";
+                break;
+                default:
+                str = "TRUE";
+                break;
+                }
+        if (BIO_puts(out, str) <= 0)
+                return 0;
+        return 1;
+        }
+static int asn1_print_integer_ctx(BIO *out, ASN1_INTEGER *str,
+                                                const ASN1_PCTX *pctx)
+        {
+        char *s;
+        int ret = 1;
+        s = i2s_ASN1_INTEGER(NULL, str);
+        if (BIO_puts(out, s) <= 0)
+                ret = 0;
+        OPENSSL_free(s);
+        return ret;
+        }
+static int asn1_print_oid_ctx(BIO *out, const ASN1_OBJECT *oid,
+                                                const ASN1_PCTX *pctx)
+        {
+        char objbuf[80];
+        const char *ln;
+        ln = OBJ_nid2ln(OBJ_obj2nid(oid));
+        if(!ln)
+                ln = "";
+        OBJ_obj2txt(objbuf, sizeof objbuf, oid, 1);
+        if (BIO_printf(out, "%s (%s)", ln, objbuf) <= 0)
+                return 0;
+        return 1;
+        }
+static int asn1_print_obstring_ctx(BIO *out, ASN1_STRING *str, int indent,
+                                                const ASN1_PCTX *pctx)
+        {
+        if (str->type == V_ASN1_BIT_STRING)
+                {
+                if (BIO_printf(out, " (%ld unused bits)\n",
+                                        str->flags & 0x7) <= 0)
+                                return 0;
+                }
+        else if (BIO_puts(out, "\n") <= 0)
+                return 0;
+        if ((str->length > 0)
+                && BIO_dump_indent(out, (char *)str->data, str->length,
+                                indent + 2) <= 0)
+                return 0;
+        return 1;
+        }
+static int asn1_primitive_print(BIO *out, ASN1_VALUE **fld,
+                                const ASN1_ITEM *it, int indent,
+                                const char *fname, const char *sname,
+                                const ASN1_PCTX *pctx)
+        {
+        long utype;
+        ASN1_STRING *str;
+        int ret = 1, needlf = 1;
+        const char *pname;
+        const ASN1_PRIMITIVE_FUNCS *pf;
+        pf = it->funcs;
+        if (!asn1_print_fsname(out, indent, fname, sname, pctx))
+                        return 0;
+        if (pf && pf->prim_print)
+                return pf->prim_print(out, fld, it, indent, pctx);
+        str = (ASN1_STRING *)*fld;
+        if (it->itype == ASN1_ITYPE_MSTRING)
+                utype = str->type & ~V_ASN1_NEG;
+        else
+                utype = it->utype;
+        if (utype == V_ASN1_ANY)
+                {
+                ASN1_TYPE *atype = (ASN1_TYPE *)*fld;
+                utype = atype->type;
+                fld = &atype->value.asn1_value;
+                str = (ASN1_STRING *)*fld;
+                if (pctx->flags & ASN1_PCTX_FLAGS_NO_ANY_TYPE)
+                        pname = NULL;
+                else 
+                        pname = ASN1_tag2str(utype);
+                }
+        else
+                {
+                if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_TYPE)
+                        pname = ASN1_tag2str(utype);
+                else 
+                        pname = NULL;
+                }
+        if (utype == V_ASN1_NULL)
+                {
+                if (BIO_puts(out, "NULL\n") <= 0)
+                        return 0;
+                return 1;
+                }
+        if (pname)
+                {
+                if (BIO_puts(out, pname) <= 0)
+                        return 0;
+                if (BIO_puts(out, ":") <= 0)
+                        return 0;
+                }
+        switch (utype)
+                {
+                case V_ASN1_BOOLEAN:
+                        {
+                        int bool = *(int *)fld;
+                        if (bool == -1)
+                                bool = it->size;
+                        ret = asn1_print_boolean_ctx(out, bool, pctx);
+                        }
+                break;
+                case V_ASN1_INTEGER:
+                case V_ASN1_ENUMERATED:
+                ret = asn1_print_integer_ctx(out, str, pctx);
+                break;
+                case V_ASN1_UTCTIME:
+                ret = ASN1_UTCTIME_print(out, str);
+                break;
+                case V_ASN1_GENERALIZEDTIME:
+                ret = ASN1_GENERALIZEDTIME_print(out, str);
+                break;
+                case V_ASN1_OBJECT:
+                ret = asn1_print_oid_ctx(out, (const ASN1_OBJECT *)*fld, pctx);
+                break;
+                case V_ASN1_OCTET_STRING:
+                case V_ASN1_BIT_STRING:
+                ret = asn1_print_obstring_ctx(out, str, indent, pctx);
+                needlf = 0;
+                break;
+                case V_ASN1_SEQUENCE:
+                case V_ASN1_SET:
+                case V_ASN1_OTHER:
+                if (BIO_puts(out, "\n") <= 0)
+                        return 0;
+                if (ASN1_parse_dump(out, str->data, str->length,
+                                                indent, 0) <= 0)
+                        ret = 0;
+                needlf = 0;
+                break;
+                default:
+                ret = ASN1_STRING_print_ex(out, str, pctx->str_flags);
+                }
+        if (!ret)
+                return 0;
+        if (needlf && BIO_puts(out, "\n") <= 0)
+                return 0;
+        return 1;
+        }
diff --git a/src/lib/libcrypto/asn1/tasn_typ.c b/src/lib/libcrypto/asn1/tasn_typ.c
index 6252213d15..6fb1c372da 100644
--- a/src/lib/libcrypto/asn1/tasn_typ.c
+++ b/src/lib/libcrypto/asn1/tasn_typ.c
@@ -135,3 +135,14 @@ IMPLEMENT_ASN1_TYPE_ex(ASN1_FBOOLEAN, ASN1_BOOLEAN, 0)
 /* Special, OCTET STRING with indefinite length constructed support */
 IMPLEMENT_ASN1_TYPE_ex(ASN1_OCTET_STRING_NDEF, ASN1_OCTET_STRING, ASN1_TFLG_NDEF)
+ASN1_ITEM_TEMPLATE(ASN1_SEQUENCE_ANY) = 
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, ASN1_SEQUENCE_ANY, ASN1_ANY)
+ASN1_ITEM_TEMPLATE_END(ASN1_SEQUENCE_ANY)
+ASN1_ITEM_TEMPLATE(ASN1_SET_ANY) = 
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_OF, 0, ASN1_SET_ANY, ASN1_ANY)
+ASN1_ITEM_TEMPLATE_END(ASN1_SET_ANY)
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY)
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(ASN1_SEQUENCE_ANY, ASN1_SET_ANY, ASN1_SET_ANY)
diff --git a/src/lib/libcrypto/asn1/x_crl.c b/src/lib/libcrypto/asn1/x_crl.c
index 70d56a67f2..c51c690ba9 100644
--- a/src/lib/libcrypto/asn1/x_crl.c
+++ b/src/lib/libcrypto/asn1/x_crl.c
@@ -58,11 +58,14 @@
 #include <stdio.h>
 #include "cryptlib.h"
+#include "asn1_locl.h"
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
+#include <openssl/x509v3.h>
 static int X509_REVOKED_cmp(const X509_REVOKED * const *a,
                                const X509_REVOKED * const *b);
+static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp);
 ASN1_SEQUENCE(X509_REVOKED) = {
        ASN1_SIMPLE(X509_REVOKED,serialNumber, ASN1_INTEGER),
@@ -70,11 +73,26 @@ ASN1_SEQUENCE(X509_REVOKED) = {
        ASN1_SEQUENCE_OF_OPT(X509_REVOKED,extensions, X509_EXTENSION)
 } ASN1_SEQUENCE_END(X509_REVOKED)
+static int def_crl_verify(X509_CRL *crl, EVP_PKEY *r);
+static int def_crl_lookup(X509_CRL *crl,
+                X509_REVOKED **ret, ASN1_INTEGER *serial, X509_NAME *issuer);
+static X509_CRL_METHOD int_crl_meth =
+        {
+        0,
+        0,0,
+        def_crl_lookup,
+        def_crl_verify
+        };
+static const X509_CRL_METHOD *default_crl_method = &int_crl_meth;
 /* The X509_CRL_INFO structure needs a bit of customisation.
 * Since we cache the original encoding the signature wont be affected by
 * reordering of the revoked field.
 */
-static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                                                                void *exarg)
 {
        X509_CRL_INFO *a = (X509_CRL_INFO *)*pval;
@@ -101,7 +119,237 @@ ASN1_SEQUENCE_enc(X509_CRL_INFO, enc, crl_inf_cb) = {
        ASN1_EXP_SEQUENCE_OF_OPT(X509_CRL_INFO, extensions, X509_EXTENSION, 0)
 } ASN1_SEQUENCE_END_enc(X509_CRL_INFO, X509_CRL_INFO)
-ASN1_SEQUENCE_ref(X509_CRL, 0, CRYPTO_LOCK_X509_CRL) = {
+/* Set CRL entry issuer according to CRL certificate issuer extension.
+ * Check for unhandled critical CRL entry extensions.
+ */
+static int crl_set_issuers(X509_CRL *crl)
+        {
+        int i, j;
+        GENERAL_NAMES *gens, *gtmp;
+        STACK_OF(X509_REVOKED) *revoked;
+        revoked = X509_CRL_get_REVOKED(crl);
+        gens = NULL;
+        for (i = 0; i < sk_X509_REVOKED_num(revoked); i++)
+                {
+                X509_REVOKED *rev = sk_X509_REVOKED_value(revoked, i);
+                STACK_OF(X509_EXTENSION) *exts;
+                ASN1_ENUMERATED *reason;
+                X509_EXTENSION *ext;
+                gtmp = X509_REVOKED_get_ext_d2i(rev, 
+                                                NID_certificate_issuer,
+                                                &j, NULL);
+                if (!gtmp && (j != -1))
+                        {
+                        crl->flags |= EXFLAG_INVALID;
+                        return 1;
+                        }
+                if (gtmp)
+                        {
+                        gens = gtmp;
+                        if (!crl->issuers)
+                                {
+                                crl->issuers = sk_GENERAL_NAMES_new_null();
+                                if (!crl->issuers)
+                                        return 0;
+                                }
+                        if (!sk_GENERAL_NAMES_push(crl->issuers, gtmp))
+                                return 0;
+                        }
+                rev->issuer = gens;
+                reason = X509_REVOKED_get_ext_d2i(rev, NID_crl_reason,
+                                                                &j, NULL);
+                if (!reason && (j != -1))
+                        {
+                        crl->flags |= EXFLAG_INVALID;
+                        return 1;
+                        }
+                if (reason)
+                        {
+                        rev->reason = ASN1_ENUMERATED_get(reason);
+                        ASN1_ENUMERATED_free(reason);
+                        }
+                else
+                        rev->reason = CRL_REASON_NONE;  
+                /* Check for critical CRL entry extensions */
+                exts = rev->extensions;
+                for (j = 0; j < sk_X509_EXTENSION_num(exts); j++)
+                        {
+                        ext = sk_X509_EXTENSION_value(exts, j);
+                        if (ext->critical > 0)
+                                {
+                                if (OBJ_obj2nid(ext->object) ==
+                                        NID_certificate_issuer)
+                                        continue;
+                                crl->flags |= EXFLAG_CRITICAL;
+                                break;
+                                }
+                        }
+                }
+        return 1;
+        }
+/* The X509_CRL structure needs a bit of customisation. Cache some extensions
+ * and hash of the whole CRL.
+ */
+static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                                                                void *exarg)
+        {
+        X509_CRL *crl = (X509_CRL *)*pval;
+        STACK_OF(X509_EXTENSION) *exts;
+        X509_EXTENSION *ext;
+        int idx;
+        switch(operation)
+                {
+                case ASN1_OP_NEW_POST:
+                crl->idp = NULL;
+                crl->akid = NULL;
+                crl->flags = 0;
+                crl->idp_flags = 0;
+                crl->idp_reasons = CRLDP_ALL_REASONS;
+                crl->meth = default_crl_method;
+                crl->meth_data = NULL;
+                crl->issuers = NULL;
+                crl->crl_number = NULL;
+                crl->base_crl_number = NULL;
+                break;
+                case ASN1_OP_D2I_POST:
+#ifndef OPENSSL_NO_SHA
+                X509_CRL_digest(crl, EVP_sha1(), crl->sha1_hash, NULL);
+#endif
+                crl->idp = X509_CRL_get_ext_d2i(crl,
+                                NID_issuing_distribution_point, NULL, NULL);
+                if (crl->idp)
+                        setup_idp(crl, crl->idp);
+                crl->akid = X509_CRL_get_ext_d2i(crl,
+                                NID_authority_key_identifier, NULL, NULL);      
+                crl->crl_number = X509_CRL_get_ext_d2i(crl,
+                                NID_crl_number, NULL, NULL);    
+                crl->base_crl_number = X509_CRL_get_ext_d2i(crl,
+                                NID_delta_crl, NULL, NULL);     
+                /* Delta CRLs must have CRL number */
+                if (crl->base_crl_number && !crl->crl_number)
+                        crl->flags |= EXFLAG_INVALID;
+                /* See if we have any unhandled critical CRL extensions and 
+                 * indicate this in a flag. We only currently handle IDP so
+                 * anything else critical sets the flag.
+                 *
+                 * This code accesses the X509_CRL structure directly:
+                 * applications shouldn't do this.
+                 */
+                exts = crl->crl->extensions;
+                for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++)
+                        {
+                        int nid;
+                        ext = sk_X509_EXTENSION_value(exts, idx);
+                        nid = OBJ_obj2nid(ext->object);
+                        if (nid == NID_freshest_crl)
+                                crl->flags |= EXFLAG_FRESHEST;
+                        if (ext->critical > 0)
+                                {
+                                /* We handle IDP and deltas */
+                                if ((nid == NID_issuing_distribution_point)
+                                        || (nid == NID_delta_crl))
+                                        break;;
+                                crl->flags |= EXFLAG_CRITICAL;
+                                break;
+                                }
+                        }
+                if (!crl_set_issuers(crl))
+                        return 0;
+                if (crl->meth->crl_init)
+                        {
+                        if (crl->meth->crl_init(crl) == 0)
+                                return 0;
+                        }
+                break;
+                case ASN1_OP_FREE_POST:
+                if (crl->meth->crl_free)
+                        {
+                        if (!crl->meth->crl_free(crl))
+                                return 0;
+                        }
+                if (crl->akid)
+                        AUTHORITY_KEYID_free(crl->akid);
+                if (crl->idp)
+                        ISSUING_DIST_POINT_free(crl->idp);
+                ASN1_INTEGER_free(crl->crl_number);
+                ASN1_INTEGER_free(crl->base_crl_number);
+                sk_GENERAL_NAMES_pop_free(crl->issuers, GENERAL_NAMES_free);
+                break;
+                }
+        return 1;
+        }
+/* Convert IDP into a more convenient form */
+static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp)
+        {
+        int idp_only = 0;
+        /* Set various flags according to IDP */
+        crl->idp_flags |= IDP_PRESENT;
+        if (idp->onlyuser > 0)
+                {
+                idp_only++;
+                crl->idp_flags |= IDP_ONLYUSER;
+                }
+        if (idp->onlyCA > 0)
+                {
+                idp_only++;
+                crl->idp_flags |= IDP_ONLYCA;
+                }
+        if (idp->onlyattr > 0)
+                {
+                idp_only++;
+                crl->idp_flags |= IDP_ONLYATTR;
+                }
+        if (idp_only > 1)
+                crl->idp_flags |= IDP_INVALID;
+        if (idp->indirectCRL > 0)
+                crl->idp_flags |= IDP_INDIRECT;
+        if (idp->onlysomereasons)
+                {
+                crl->idp_flags |= IDP_REASONS;
+                if (idp->onlysomereasons->length > 0)
+                        crl->idp_reasons = idp->onlysomereasons->data[0];
+                if (idp->onlysomereasons->length > 1)
+                        crl->idp_reasons |=
+                                (idp->onlysomereasons->data[1] << 8);
+                crl->idp_reasons &= CRLDP_ALL_REASONS;
+                }
+        DIST_POINT_set_dpname(idp->distpoint, X509_CRL_get_issuer(crl));
+        }
+ASN1_SEQUENCE_ref(X509_CRL, crl_cb, CRYPTO_LOCK_X509_CRL) = {
        ASN1_SIMPLE(X509_CRL, crl, X509_CRL_INFO),
        ASN1_SIMPLE(X509_CRL, sig_alg, X509_ALGOR),
        ASN1_SIMPLE(X509_CRL, signature, ASN1_BIT_STRING)
@@ -134,6 +382,145 @@ int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev)
        return 1;
 }
+int X509_CRL_verify(X509_CRL *crl, EVP_PKEY *r)
+        {
+        if (crl->meth->crl_verify)
+                return crl->meth->crl_verify(crl, r);
+        return 0;
+        }
+int X509_CRL_get0_by_serial(X509_CRL *crl,
+                X509_REVOKED **ret, ASN1_INTEGER *serial)
+        {
+        if (crl->meth->crl_lookup)
+                return crl->meth->crl_lookup(crl, ret, serial, NULL);
+        return 0;
+        }
+int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x)
+        {
+        if (crl->meth->crl_lookup)
+                return crl->meth->crl_lookup(crl, ret,
+                                                X509_get_serialNumber(x),
+                                                X509_get_issuer_name(x));
+        return 0;
+        }
+static int def_crl_verify(X509_CRL *crl, EVP_PKEY *r)
+        {
+        return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CRL_INFO),
+                crl->sig_alg, crl->signature,crl->crl,r));
+        }
+static int crl_revoked_issuer_match(X509_CRL *crl, X509_NAME *nm,
+                                                X509_REVOKED *rev)
+        {
+        int i;
+        if (!rev->issuer)
+                {
+                if (!nm)
+                        return 1;
+                if (!X509_NAME_cmp(nm, X509_CRL_get_issuer(crl)))
+                        return 1;
+                return 0;
+                }
+        if (!nm)
+                nm = X509_CRL_get_issuer(crl);
+        for (i = 0; i < sk_GENERAL_NAME_num(rev->issuer); i++)
+                {
+                GENERAL_NAME *gen = sk_GENERAL_NAME_value(rev->issuer, i);
+                if (gen->type != GEN_DIRNAME)
+                        continue;
+                if (!X509_NAME_cmp(nm, gen->d.directoryName))
+                        return 1;
+                }
+        return 0;
+        }
+static int def_crl_lookup(X509_CRL *crl,
+                X509_REVOKED **ret, ASN1_INTEGER *serial, X509_NAME *issuer)
+        {
+        X509_REVOKED rtmp, *rev;
+        int idx;
+        rtmp.serialNumber = serial;
+        /* Sort revoked into serial number order if not already sorted.
+         * Do this under a lock to avoid race condition.
+         */
+        if (!sk_X509_REVOKED_is_sorted(crl->crl->revoked))
+                {
+                CRYPTO_w_lock(CRYPTO_LOCK_X509_CRL);
+                sk_X509_REVOKED_sort(crl->crl->revoked);
+                CRYPTO_w_unlock(CRYPTO_LOCK_X509_CRL);
+                }
+        idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp);
+        if(idx < 0)
+                return 0;
+        /* Need to look for matching name */
+        for(;idx < sk_X509_REVOKED_num(crl->crl->revoked); idx++)
+                {
+                rev = sk_X509_REVOKED_value(crl->crl->revoked, idx);
+                if (ASN1_INTEGER_cmp(rev->serialNumber, serial))
+                        return 0;
+                if (crl_revoked_issuer_match(crl, issuer, rev))
+                        {
+                        if (ret)
+                                *ret = rev;
+                        if (rev->reason == CRL_REASON_REMOVE_FROM_CRL)
+                                return 2;
+                        return 1;
+                        }
+                }
+        return 0;
+        }
+void X509_CRL_set_default_method(const X509_CRL_METHOD *meth)
+        {
+        if (meth == NULL)
+                default_crl_method = &int_crl_meth;
+        else 
+                default_crl_method = meth;
+        }
+X509_CRL_METHOD *X509_CRL_METHOD_new(
+        int (*crl_init)(X509_CRL *crl),
+        int (*crl_free)(X509_CRL *crl),
+        int (*crl_lookup)(X509_CRL *crl, X509_REVOKED **ret,
+                                ASN1_INTEGER *ser, X509_NAME *issuer),
+        int (*crl_verify)(X509_CRL *crl, EVP_PKEY *pk))
+        {
+        X509_CRL_METHOD *m;
+        m = OPENSSL_malloc(sizeof(X509_CRL_METHOD));
+        if (!m)
+                return NULL;
+        m->crl_init = crl_init;
+        m->crl_free = crl_free;
+        m->crl_lookup = crl_lookup;
+        m->crl_verify = crl_verify;
+        m->flags = X509_CRL_METHOD_DYNAMIC;
+        return m;
+        }
+void X509_CRL_METHOD_free(X509_CRL_METHOD *m)
+        {
+        if (!(m->flags & X509_CRL_METHOD_DYNAMIC))
+                return;
+        OPENSSL_free(m);
+        }
+void X509_CRL_set_meth_data(X509_CRL *crl, void *dat)
+        {
+        crl->meth_data = dat;
+        }
+void *X509_CRL_get_meth_data(X509_CRL *crl)
+        {
+        return crl->meth_data;
+        }
 IMPLEMENT_STACK_OF(X509_REVOKED)
 IMPLEMENT_ASN1_SET_OF(X509_REVOKED)
 IMPLEMENT_STACK_OF(X509_CRL)
diff --git a/src/lib/libcrypto/asn1/x_long.c b/src/lib/libcrypto/asn1/x_long.c
index bf35457c1f..75317418e1 100644
--- a/src/lib/libcrypto/asn1/x_long.c
+++ b/src/lib/libcrypto/asn1/x_long.c
@@ -71,6 +71,7 @@ static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
 static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
 static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
+static int long_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it, int indent, const ASN1_PCTX *pctx);
 static ASN1_PRIMITIVE_FUNCS long_pf = {
        NULL, 0,
@@ -78,7 +79,8 @@ static ASN1_PRIMITIVE_FUNCS long_pf = {
        long_free,
        long_free,      /* Clear should set to initial value */
        long_c2i,
-        long_i2c
+        long_i2c,
+        long_print
 };
 ASN1_ITEM_start(LONG)
@@ -169,3 +171,9 @@ static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
        memcpy(cp, &ltmp, sizeof(long));
        return 1;
 }
+static int long_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                        int indent, const ASN1_PCTX *pctx)
+        {
+        return BIO_printf(out, "%ld\n", *(long *)pval);
+        }
diff --git a/src/lib/libcrypto/asn1/x_name.c b/src/lib/libcrypto/asn1/x_name.c
index 04380abc3f..caa4409feb 100644
--- a/src/lib/libcrypto/asn1/x_name.c
+++ b/src/lib/libcrypto/asn1/x_name.c
@@ -57,18 +57,36 @@
 */
 #include <stdio.h>
+#include <ctype.h>
 #include "cryptlib.h"
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
+#include "asn1_locl.h"
-static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_ITEM *it,
+typedef STACK_OF(X509_NAME_ENTRY) STACK_OF_X509_NAME_ENTRY;
-                                        int tag, int aclass, char opt, ASN1_TLC *ctx);
+DECLARE_STACK_OF(STACK_OF_X509_NAME_ENTRY)
-static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass);
+static int x509_name_ex_d2i(ASN1_VALUE **val,
+                                const unsigned char **in, long len,
+                                const ASN1_ITEM *it,
+                                int tag, int aclass, char opt, ASN1_TLC *ctx);
+static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out,
+                                const ASN1_ITEM *it, int tag, int aclass);
 static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it);
 static void x509_name_ex_free(ASN1_VALUE **val, const ASN1_ITEM *it);
 static int x509_name_encode(X509_NAME *a);
+static int x509_name_canon(X509_NAME *a);
+static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in);
+static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) *intname,
+                          unsigned char **in);
+static int x509_name_ex_print(BIO *out, ASN1_VALUE **pval,
+                                                int indent,
+                                                const char *fname, 
+                                                const ASN1_PCTX *pctx);
 ASN1_SEQUENCE(X509_NAME_ENTRY) = {
        ASN1_SIMPLE(X509_NAME_ENTRY, object, ASN1_OBJECT),
@@ -102,7 +120,8 @@ const ASN1_EXTERN_FUNCS x509_name_ff = {
        x509_name_ex_free,
        0,      /* Default clear behaviour is OK */
        x509_name_ex_d2i,
-        x509_name_ex_i2d
+        x509_name_ex_i2d,
+        x509_name_ex_print
 };
 IMPLEMENT_EXTERN_ASN1(X509_NAME, V_ASN1_SEQUENCE, x509_name_ff) 
@@ -118,6 +137,8 @@ static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it)
        if ((ret->entries=sk_X509_NAME_ENTRY_new_null()) == NULL)
                goto memerr;
        if((ret->bytes = BUF_MEM_new()) == NULL) goto memerr;
+        ret->canon_enc = NULL;
+        ret->canon_enclen = 0;
        ret->modified=1;
        *val = (ASN1_VALUE *)ret;
        return 1;
@@ -142,25 +163,19 @@ static void x509_name_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
        BUF_MEM_free(a->bytes);
        sk_X509_NAME_ENTRY_pop_free(a->entries,X509_NAME_ENTRY_free);
+        if (a->canon_enc)
+                OPENSSL_free(a->canon_enc);
        OPENSSL_free(a);
        *pval = NULL;
 }
-/* Used with sk_pop_free() to free up the internal representation.
+static int x509_name_ex_d2i(ASN1_VALUE **val,
- * NB: we only free the STACK and not its contents because it is
+                        const unsigned char **in, long len, const ASN1_ITEM *it,
- * already present in the X509_NAME structure.
+                                int tag, int aclass, char opt, ASN1_TLC *ctx)
- */
-static void sk_internal_free(void *a)
-{
-        sk_free(a);
-}
-static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_ITEM *it,
-                                        int tag, int aclass, char opt, ASN1_TLC *ctx)
 {
        const unsigned char *p = *in, *q;
-        union { STACK *s; ASN1_VALUE *a; } intname = {NULL};
+        union { STACK_OF(STACK_OF_X509_NAME_ENTRY) *s;
+                ASN1_VALUE *a; } intname = {NULL};
        union { X509_NAME *x; ASN1_VALUE *a; } nm = {NULL};
        int i, j, ret;
        STACK_OF(X509_NAME_ENTRY) *entries;
@@ -181,8 +196,8 @@ static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long len
        memcpy(nm.x->bytes->data, q, p - q);
        /* Convert internal representation to X509_NAME structure */
-        for(i = 0; i < sk_num(intname.s); i++) {
+        for(i = 0; i < sk_STACK_OF_X509_NAME_ENTRY_num(intname.s); i++) {
-                entries = (STACK_OF(X509_NAME_ENTRY) *)sk_value(intname.s, i);
+                entries = sk_STACK_OF_X509_NAME_ENTRY_value(intname.s, i);
                for(j = 0; j < sk_X509_NAME_ENTRY_num(entries); j++) {
                        entry = sk_X509_NAME_ENTRY_value(entries, j);
                        entry->set = i;
@@ -191,7 +206,10 @@ static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long len
                }
                sk_X509_NAME_ENTRY_free(entries);
        }
-        sk_free(intname.s);
+        sk_STACK_OF_X509_NAME_ENTRY_free(intname.s);
+        ret = x509_name_canon(nm.x);
+        if (!ret)
+                goto err;
        nm.x->modified = 0;
        *val = nm.a;
        *in = p;
@@ -206,8 +224,12 @@ static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_IT
        int ret;
        X509_NAME *a = (X509_NAME *)*val;
        if(a->modified) {
-                ret = x509_name_encode((X509_NAME *)a);
+                ret = x509_name_encode(a);
-                if(ret < 0) return ret;
+                if(ret < 0)
+                        return ret;
+                ret = x509_name_canon(a);
+                if(ret < 0)
+                        return ret;
        }
        ret = a->bytes->length;
        if(out != NULL) {
@@ -217,22 +239,35 @@ static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_IT
        return ret;
 }
+static void local_sk_X509_NAME_ENTRY_free(STACK_OF(X509_NAME_ENTRY) *ne)
+        {
+        sk_X509_NAME_ENTRY_free(ne);
+        }
+static void local_sk_X509_NAME_ENTRY_pop_free(STACK_OF(X509_NAME_ENTRY) *ne)
+        {
+        sk_X509_NAME_ENTRY_pop_free(ne, X509_NAME_ENTRY_free);
+        }
 static int x509_name_encode(X509_NAME *a)
 {
-        union { STACK *s; ASN1_VALUE *a; } intname = {NULL};
+        union { STACK_OF(STACK_OF_X509_NAME_ENTRY) *s;
+                ASN1_VALUE *a; } intname = {NULL};
        int len;
        unsigned char *p;
        STACK_OF(X509_NAME_ENTRY) *entries = NULL;
        X509_NAME_ENTRY *entry;
        int i, set = -1;
-        intname.s = sk_new_null();
+        intname.s = sk_STACK_OF_X509_NAME_ENTRY_new_null();
        if(!intname.s) goto memerr;
        for(i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
                entry = sk_X509_NAME_ENTRY_value(a->entries, i);
                if(entry->set != set) {
                        entries = sk_X509_NAME_ENTRY_new_null();
                        if(!entries) goto memerr;
-                        if(!sk_push(intname.s, (char *)entries)) goto memerr;
+                        if(!sk_STACK_OF_X509_NAME_ENTRY_push(intname.s,
+                                                             entries))
+                                goto memerr;
                        set = entry->set;
                }
                if(!sk_X509_NAME_ENTRY_push(entries, entry)) goto memerr;
@@ -243,15 +278,222 @@ static int x509_name_encode(X509_NAME *a)
        p=(unsigned char *)a->bytes->data;
        ASN1_item_ex_i2d(&intname.a,
                         &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
-        sk_pop_free(intname.s, sk_internal_free);
+        sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s,
+                                             local_sk_X509_NAME_ENTRY_free);
        a->modified = 0;
        return len;
-        memerr:
+memerr:
-        sk_pop_free(intname.s, sk_internal_free);
+        sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s,
+                                             local_sk_X509_NAME_ENTRY_free);
        ASN1err(ASN1_F_X509_NAME_ENCODE, ERR_R_MALLOC_FAILURE);
        return -1;
 }
+static int x509_name_ex_print(BIO *out, ASN1_VALUE **pval,
+                                                int indent,
+                                                const char *fname, 
+                                                const ASN1_PCTX *pctx)
+        {
+        if (X509_NAME_print_ex(out, (X509_NAME *)*pval,
+                                        indent, pctx->nm_flags) <= 0)
+                return 0;
+        return 2;
+        }
+/* This function generates the canonical encoding of the Name structure.
+ * In it all strings are converted to UTF8, leading, trailing and
+ * multiple spaces collapsed, converted to lower case and the leading
+ * SEQUENCE header removed.
+ *
+ * In future we could also normalize the UTF8 too.
+ *
+ * By doing this comparison of Name structures can be rapidly
+ * perfomed by just using memcmp() of the canonical encoding.
+ * By omitting the leading SEQUENCE name constraints of type
+ * dirName can also be checked with a simple memcmp().
+ */
+static int x509_name_canon(X509_NAME *a)
+        {
+        unsigned char *p;
+        STACK_OF(STACK_OF_X509_NAME_ENTRY) *intname = NULL;
+        STACK_OF(X509_NAME_ENTRY) *entries = NULL;
+        X509_NAME_ENTRY *entry, *tmpentry = NULL;
+        int i, set = -1, ret = 0;
+        if (a->canon_enc)
+                {
+                OPENSSL_free(a->canon_enc);
+                a->canon_enc = NULL;
+                }
+        /* Special case: empty X509_NAME => null encoding */
+        if (sk_X509_NAME_ENTRY_num(a->entries) == 0)
+                {
+                a->canon_enclen = 0;
+                return 1;
+                }
+        intname = sk_STACK_OF_X509_NAME_ENTRY_new_null();
+        if(!intname)
+                goto err;
+        for(i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++)
+                {
+                entry = sk_X509_NAME_ENTRY_value(a->entries, i);
+                if(entry->set != set)
+                        {
+                        entries = sk_X509_NAME_ENTRY_new_null();
+                        if(!entries)
+                                goto err;
+                        if(!sk_STACK_OF_X509_NAME_ENTRY_push(intname, entries))
+                                goto err;
+                        set = entry->set;
+                        }
+                tmpentry = X509_NAME_ENTRY_new();
+                tmpentry->object = OBJ_dup(entry->object);
+                if (!asn1_string_canon(tmpentry->value, entry->value))
+                        goto err;
+                if(!sk_X509_NAME_ENTRY_push(entries, tmpentry))
+                        goto err;
+                tmpentry = NULL;
+                }
+        /* Finally generate encoding */
+        a->canon_enclen = i2d_name_canon(intname, NULL);
+        p = OPENSSL_malloc(a->canon_enclen);
+        if (!p)
+                goto err;
+        a->canon_enc = p;
+        i2d_name_canon(intname, &p);
+        ret = 1;
+        err:
+        if (tmpentry)
+                X509_NAME_ENTRY_free(tmpentry);
+        if (intname)
+                sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname,
+                                        local_sk_X509_NAME_ENTRY_pop_free);
+        return ret;
+        }
+/* Bitmap of all the types of string that will be canonicalized. */
+#define ASN1_MASK_CANON \
+        (B_ASN1_UTF8STRING | B_ASN1_BMPSTRING | B_ASN1_UNIVERSALSTRING \
+        | B_ASN1_PRINTABLESTRING | B_ASN1_T61STRING | B_ASN1_IA5STRING \
+        | B_ASN1_VISIBLESTRING)
+        
+static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in)
+        {
+        unsigned char *to, *from;
+        int len, i;
+        /* If type not in bitmask just copy string across */
+        if (!(ASN1_tag2bit(in->type) & ASN1_MASK_CANON))
+                {
+                out->type = in->type;
+                if (!ASN1_STRING_set(out, in->data, in->length))
+                        return 0;
+                return 1;
+                }
+        out->type = V_ASN1_UTF8STRING;
+        out->length = ASN1_STRING_to_UTF8(&out->data, in);
+        if (out->length == -1)
+                return 0;
+        to = out->data;
+        from = to;
+        len = out->length;
+        /* Convert string in place to canonical form.
+         * Ultimately we may need to handle a wider range of characters
+         * but for now ignore anything with MSB set and rely on the
+         * isspace() and tolower() functions.
+         */
+        /* Ignore leading spaces */
+        while((len > 0) && !(*from & 0x80) && isspace(*from))
+                {
+                from++;
+                len--;
+                }
+        to = from + len - 1;
+        /* Ignore trailing spaces */
+        while ((len > 0) && !(*to & 0x80) && isspace(*to))
+                {
+                to--;
+                len--;
+                }
+        to = out->data;
+        i = 0;
+        while(i < len)
+                {
+                /* If MSB set just copy across */
+                if (*from & 0x80)
+                        {
+                        *to++ = *from++;
+                        i++;
+                        }
+                /* Collapse multiple spaces */
+                else if (isspace(*from))
+                        {
+                        /* Copy one space across */
+                        *to++ = ' ';
+                        /* Ignore subsequent spaces. Note: don't need to
+                         * check len here because we know the last 
+                         * character is a non-space so we can't overflow.
+                         */
+                        do
+                                {
+                                from++;
+                                i++;
+                                }
+                        while(!(*from & 0x80) && isspace(*from));
+                        }
+                else
+                        {
+                        *to++ = tolower(*from++);
+                        i++;
+                        }
+                }
+        out->length = to - out->data;
+        return 1;
+        }
+static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) *_intname,
+                          unsigned char **in)
+        {
+        int i, len, ltmp;
+        ASN1_VALUE *v;
+        STACK_OF(ASN1_VALUE) *intname = (STACK_OF(ASN1_VALUE) *)_intname;
+        len = 0;
+        for (i = 0; i < sk_ASN1_VALUE_num(intname); i++)
+                {
+                v = sk_ASN1_VALUE_value(intname, i);
+                ltmp = ASN1_item_ex_i2d(&v, in,
+                        ASN1_ITEM_rptr(X509_NAME_ENTRIES), -1, -1);
+                if (ltmp < 0)
+                        return ltmp;
+                len += ltmp;
+                }
+        return len;
+        }
 int X509_NAME_set(X509_NAME **xn, X509_NAME *name)
        {
diff --git a/src/lib/libcrypto/asn1/x_pubkey.c b/src/lib/libcrypto/asn1/x_pubkey.c
index 91c2756116..d42b6a2c54 100644
--- a/src/lib/libcrypto/asn1/x_pubkey.c
+++ b/src/lib/libcrypto/asn1/x_pubkey.c
@@ -60,6 +60,7 @@
 #include "cryptlib.h"
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
+#include "asn1_locl.h"
 #ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
 #endif
@@ -68,7 +69,8 @@
 #endif
 /* Minor tweak to operation: free up EVP_PKEY */
-static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                        void *exarg)
        {
        if (operation == ASN1_OP_FREE_POST)
                {
@@ -88,169 +90,42 @@ IMPLEMENT_ASN1_FUNCTIONS(X509_PUBKEY)
 int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
        {
        X509_PUBKEY *pk=NULL;
-        X509_ALGOR *a;
-        ASN1_OBJECT *o;
-        unsigned char *s,*p = NULL;
-        int i;
        if (x == NULL) return(0);
-        if ((pk=X509_PUBKEY_new()) == NULL) goto err;
+        if ((pk=X509_PUBKEY_new()) == NULL) goto error;
-        a=pk->algor;
-        /* set the algorithm id */
+        if (pkey->ameth)
-        if ((o=OBJ_nid2obj(pkey->type)) == NULL) goto err;
-        ASN1_OBJECT_free(a->algorithm);
-        a->algorithm=o;
-        /* Set the parameter list */
-        if (!pkey->save_parameters || (pkey->type == EVP_PKEY_RSA))
                {
-                if ((a->parameter == NULL) ||
+                if (pkey->ameth->pub_encode)
-                        (a->parameter->type != V_ASN1_NULL))
                        {
-                        ASN1_TYPE_free(a->parameter);
+                        if (!pkey->ameth->pub_encode(pk, pkey))
-                        if (!(a->parameter=ASN1_TYPE_new()))
                                {
-                                X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
+                                X509err(X509_F_X509_PUBKEY_SET,
-                                goto err;
+                                        X509_R_PUBLIC_KEY_ENCODE_ERROR);
+                                goto error;
                                }
-                        a->parameter->type=V_ASN1_NULL;
-                        }
-                }
-#ifndef OPENSSL_NO_DSA
-        else if (pkey->type == EVP_PKEY_DSA)
-                {
-                unsigned char *pp;
-                DSA *dsa;
-                
-                dsa=pkey->pkey.dsa;
-                dsa->write_params=0;
-                ASN1_TYPE_free(a->parameter);
-                if ((i=i2d_DSAparams(dsa,NULL)) <= 0)
-                        goto err;
-                if (!(p=(unsigned char *)OPENSSL_malloc(i)))
-                        {
-                        X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                        }
-                pp=p;
-                i2d_DSAparams(dsa,&pp);
-                if (!(a->parameter=ASN1_TYPE_new()))
-                        {
-                        OPENSSL_free(p);
-                        X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                        }
-                a->parameter->type=V_ASN1_SEQUENCE;
-                if (!(a->parameter->value.sequence=ASN1_STRING_new()))
-                        {
-                        OPENSSL_free(p);
-                        X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
-                        goto err;
                        }
-                if (!ASN1_STRING_set(a->parameter->value.sequence,p,i))
+                else
                        {
-                        OPENSSL_free(p);
+                        X509err(X509_F_X509_PUBKEY_SET,
-                        X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
+                                X509_R_METHOD_NOT_SUPPORTED);
-                        goto err;
+                        goto error;
                        }
-                OPENSSL_free(p);
                }
-#endif
+        else
-#ifndef OPENSSL_NO_EC
-        else if (pkey->type == EVP_PKEY_EC)
-                {
-                int nid=0;
-                unsigned char *pp;
-                EC_KEY *ec_key;
-                const EC_GROUP *group;
-                
-                ec_key = pkey->pkey.ec;
-                ASN1_TYPE_free(a->parameter);
-                if ((a->parameter = ASN1_TYPE_new()) == NULL)
-                        {
-                        X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB);
-                        goto err;
-                        }
-                group = EC_KEY_get0_group(ec_key);
-                if (EC_GROUP_get_asn1_flag(group)
-                     && (nid = EC_GROUP_get_curve_name(group)))
-                        {
-                        /* just set the OID */
-                        a->parameter->type = V_ASN1_OBJECT;
-                        a->parameter->value.object = OBJ_nid2obj(nid);
-                        }
-                else /* explicit parameters */
-                        {
-                        if ((i = i2d_ECParameters(ec_key, NULL)) == 0)
-                                {
-                                X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB);
-                                goto err;
-                                }
-                        if ((p = (unsigned char *) OPENSSL_malloc(i)) == NULL)
-                                {
-                                X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE);
-                                goto err;
-                                }       
-                        pp = p;
-                        if (!i2d_ECParameters(ec_key, &pp))
-                                {
-                                X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB);
-                                OPENSSL_free(p);
-                                goto err;
-                                }
-                        a->parameter->type = V_ASN1_SEQUENCE;
-                        if ((a->parameter->value.sequence = ASN1_STRING_new()) == NULL)
-                                {
-                                X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB);
-                                OPENSSL_free(p);
-                                goto err;
-                                }
-                        ASN1_STRING_set(a->parameter->value.sequence, p, i);
-                        OPENSSL_free(p);
-                        }
-                }
-#endif
-        else if (1)
                {
                X509err(X509_F_X509_PUBKEY_SET,X509_R_UNSUPPORTED_ALGORITHM);
-                goto err;
+                goto error;
                }
-        if ((i=i2d_PublicKey(pkey,NULL)) <= 0) goto err;
-        if ((s=(unsigned char *)OPENSSL_malloc(i+1)) == NULL)
-                {
-                X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-        p=s;
-        i2d_PublicKey(pkey,&p);
-        if (!M_ASN1_BIT_STRING_set(pk->public_key,s,i))
-                {
-                X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-        /* Set number of unused bits to zero */
-        pk->public_key->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
-        pk->public_key->flags|=ASN1_STRING_FLAG_BITS_LEFT;
-        OPENSSL_free(s);
-#if 0
-        CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
-        pk->pkey=pkey;
-#endif
        if (*x != NULL)
                X509_PUBKEY_free(*x);
        *x=pk;
        return 1;
-err:
+error:
        if (pk != NULL) X509_PUBKEY_free(pk);
        return 0;
        }
@@ -258,119 +133,50 @@ err:
 EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
        {
        EVP_PKEY *ret=NULL;
-        long j;
-        int type;
-        const unsigned char *p;
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
-        const unsigned char *cp;
-        X509_ALGOR *a;
-#endif
-        if (key == NULL) goto err;
+        if (key == NULL) goto error;
        if (key->pkey != NULL)
                {
                CRYPTO_add(&key->pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
-                return(key->pkey);
+                return key->pkey;
                }
-        if (key->public_key == NULL) goto err;
+        if (key->public_key == NULL) goto error;
-        type=OBJ_obj2nid(key->algor->algorithm);
        if ((ret = EVP_PKEY_new()) == NULL)
                {
                X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE);
-                goto err;
+                goto error;
                }
-        ret->type = EVP_PKEY_type(type);
-        /* the parameters must be extracted before the public key (ECDSA!) */
-        
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
-        a=key->algor;
-#endif
-        if (0)
+        if (!EVP_PKEY_set_type(ret, OBJ_obj2nid(key->algor->algorithm)))
-                ;
-#ifndef OPENSSL_NO_DSA
-        else if (ret->type == EVP_PKEY_DSA)
                {
-                if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE))
+                X509err(X509_F_X509_PUBKEY_GET,X509_R_UNSUPPORTED_ALGORITHM);
-                        {
+                goto error;
-                        if ((ret->pkey.dsa = DSA_new()) == NULL)
-                                {
-                                X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE);
-                                goto err;
-                                }
-                        ret->pkey.dsa->write_params=0;
-                        cp=p=a->parameter->value.sequence->data;
-                        j=a->parameter->value.sequence->length;
-                        if (!d2i_DSAparams(&ret->pkey.dsa, &cp, (long)j))
-                                goto err;
-                        }
-                ret->save_parameters=1;
                }
-#endif
-#ifndef OPENSSL_NO_EC
+        if (ret->ameth->pub_decode)
-        else if (ret->type == EVP_PKEY_EC)
                {
-                if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE))
+                if (!ret->ameth->pub_decode(ret, key))
                        {
-                        /* type == V_ASN1_SEQUENCE => we have explicit parameters
+                        X509err(X509_F_X509_PUBKEY_GET,
-                         * (e.g. parameters in the X9_62_EC_PARAMETERS-structure )
+                                                X509_R_PUBLIC_KEY_DECODE_ERROR);
-                         */
+                        goto error;
-                        if ((ret->pkey.ec= EC_KEY_new()) == NULL)
-                                {
-                                X509err(X509_F_X509_PUBKEY_GET, 
-                                        ERR_R_MALLOC_FAILURE);
-                                goto err;
-                                }
-                        cp = p = a->parameter->value.sequence->data;
-                        j = a->parameter->value.sequence->length;
-                        if (!d2i_ECParameters(&ret->pkey.ec, &cp, (long)j))
-                                {
-                                X509err(X509_F_X509_PUBKEY_GET, ERR_R_EC_LIB);
-                                goto err;
-                                }
-                        }
-                else if (a->parameter && (a->parameter->type == V_ASN1_OBJECT))
-                        {
-                        /* type == V_ASN1_OBJECT => the parameters are given
-                         * by an asn1 OID
-                         */
-                        EC_KEY   *ec_key;
-                        EC_GROUP *group;
-                        if (ret->pkey.ec == NULL)
-                                ret->pkey.ec = EC_KEY_new();
-                        ec_key = ret->pkey.ec;
-                        if (ec_key == NULL)
-                                goto err;
-                        group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(a->parameter->value.object));
-                        if (group == NULL)
-                                goto err;
-                        EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
-                        if (EC_KEY_set_group(ec_key, group) == 0)
-                                goto err;
-                        EC_GROUP_free(group);
                        }
-                        /* the case implicitlyCA is currently not implemented */
-                ret->save_parameters = 1;
                }
-#endif
+        else
-        p=key->public_key->data;
-        j=key->public_key->length;
-        if (!d2i_PublicKey(type, &ret, &p, (long)j))
                {
-                X509err(X509_F_X509_PUBKEY_GET, X509_R_ERR_ASN1_LIB);
+                X509err(X509_F_X509_PUBKEY_GET, X509_R_METHOD_NOT_SUPPORTED);
-                goto err;
+                goto error;
                }
        key->pkey = ret;
        CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY);
-        return(ret);
-err:
+        return ret;
+        error:
        if (ret != NULL)
                EVP_PKEY_free(ret);
        return(NULL);
@@ -529,3 +335,39 @@ int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp)
        return(ret);
        }
 #endif
+int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
+                                        int ptype, void *pval,
+                                        unsigned char *penc, int penclen)
+        {
+        if (!X509_ALGOR_set0(pub->algor, aobj, ptype, pval))
+                return 0;
+        if (penc)
+                {
+                if (pub->public_key->data)
+                        OPENSSL_free(pub->public_key->data);
+                pub->public_key->data = penc;
+                pub->public_key->length = penclen;
+                /* Set number of unused bits to zero */
+                pub->public_key->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
+                pub->public_key->flags|=ASN1_STRING_FLAG_BITS_LEFT;
+                }
+        return 1;
+        }
+int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg,
+                const unsigned char **pk, int *ppklen,
+                X509_ALGOR **pa,
+                X509_PUBKEY *pub)
+        {
+        if (ppkalg)
+                *ppkalg = pub->algor->algorithm;
+        if (pk)
+                {
+                *pk = pub->public_key->data;
+                *ppklen = pub->public_key->length;
+                }
+        if (pa)
+                *pa = pub->algor;
+        return 1;
+        }
diff --git a/src/lib/libcrypto/asn1/x_req.c b/src/lib/libcrypto/asn1/x_req.c
index 59ca8ce329..d57555827c 100644
--- a/src/lib/libcrypto/asn1/x_req.c
+++ b/src/lib/libcrypto/asn1/x_req.c
@@ -79,7 +79,8 @@
 *
 */
-static int rinf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+static int rinf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                                                        void *exarg)
 {
        X509_REQ_INFO *rinf = (X509_REQ_INFO *)*pval;
diff --git a/src/lib/libcrypto/asn1/x_x509.c b/src/lib/libcrypto/asn1/x_x509.c
index e118696625..dafd3cc921 100644
--- a/src/lib/libcrypto/asn1/x_x509.c
+++ b/src/lib/libcrypto/asn1/x_x509.c
@@ -81,7 +81,8 @@ IMPLEMENT_ASN1_FUNCTIONS(X509_CINF)
 extern void policy_cache_free(X509_POLICY_CACHE *cache);
-static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                                                                void *exarg)
 {
        X509 *ret = (X509 *)*pval;
@@ -99,6 +100,7 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
                ret->rfc3779_asid = NULL;
 #endif
                ret->aux = NULL;
+                ret->crldp = NULL;
                CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
                break;
@@ -112,7 +114,10 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
                X509_CERT_AUX_free(ret->aux);
                ASN1_OCTET_STRING_free(ret->skid);
                AUTHORITY_KEYID_free(ret->akid);
+                CRL_DIST_POINTS_free(ret->crldp);
                policy_cache_free(ret->policy_cache);
+                GENERAL_NAMES_free(ret->altname);
+                NAME_CONSTRAINTS_free(ret->nc);
 #ifndef OPENSSL_NO_RFC3779
                sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free);
                ASIdentifiers_free(ret->rfc3779_asid);
@@ -136,19 +141,6 @@ ASN1_SEQUENCE_ref(X509, x509_cb, CRYPTO_LOCK_X509) = {
 IMPLEMENT_ASN1_FUNCTIONS(X509)
 IMPLEMENT_ASN1_DUP_FUNCTION(X509)
-static ASN1_METHOD meth=
-    {
-    (I2D_OF(void))  i2d_X509,
-    (D2I_OF(void)) d2i_X509,
-    (void *(*)(void))X509_new,
-    (void (*)(void *)) X509_free
-    };
-ASN1_METHOD *X509_asn1_meth(void)
-        {
-        return(&meth);
-        }
 int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
             CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
        {
diff --git a/src/lib/libcrypto/bf/asm/bf-586.pl b/src/lib/libcrypto/bf/asm/bf-586.pl
index b556642c94..b74cfbafd4 100644
--- a/src/lib/libcrypto/bf/asm/bf-586.pl
+++ b/src/lib/libcrypto/bf/asm/bf-586.pl
@@ -1,6 +1,7 @@
 #!/usr/local/bin/perl
-push(@INC,"perlasm","../../perlasm");
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
 require "x86asm.pl";
 require "cbc.pl";
diff --git a/src/lib/libcrypto/bf/bf_skey.c b/src/lib/libcrypto/bf/bf_skey.c
index 6ac2aeb279..3673cdee6e 100644
--- a/src/lib/libcrypto/bf/bf_skey.c
+++ b/src/lib/libcrypto/bf/bf_skey.c
@@ -59,15 +59,10 @@
 #include <stdio.h>
 #include <string.h>
 #include <openssl/blowfish.h>
-#include <openssl/crypto.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 #include "bf_locl.h"
 #include "bf_pi.h"
-FIPS_NON_FIPS_VCIPHER_Init(BF)
+void BF_set_key(BF_KEY *key, int len, const unsigned char *data)
        {
        int i;
        BF_LONG *p,ri,in[2];
diff --git a/src/lib/libcrypto/bf/blowfish.h b/src/lib/libcrypto/bf/blowfish.h
index d24ffccb65..b97e76f9a3 100644
--- a/src/lib/libcrypto/bf/blowfish.h
+++ b/src/lib/libcrypto/bf/blowfish.h
@@ -79,7 +79,7 @@ extern "C" {
 * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 */
-#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)
+#if defined(__LP32__)
 #define BF_LONG unsigned long
 #elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
 #define BF_LONG unsigned long
@@ -104,9 +104,7 @@ typedef struct bf_key_st
        BF_LONG S[4*256];
        } BF_KEY;
-#ifdef OPENSSL_FIPS 
+ 
-void private_BF_set_key(BF_KEY *key, int len, const unsigned char *data);
-#endif
 void BF_set_key(BF_KEY *key, int len, const unsigned char *data);
 void BF_encrypt(BF_LONG *data,const BF_KEY *key);
diff --git a/src/lib/libcrypto/bio/b_print.c b/src/lib/libcrypto/bio/b_print.c
index 3a87b0ec0b..143a7cfefa 100644
--- a/src/lib/libcrypto/bio/b_print.c
+++ b/src/lib/libcrypto/bio/b_print.c
@@ -115,8 +115,8 @@
 #define LDOUBLE double
 #endif
-#if HAVE_LONG_LONG
+#ifdef HAVE_LONG_LONG
-# if defined(OPENSSL_SYS_WIN32) && !defined(__GNUC__)
+# if defined(_WIN32) && !defined(__GNUC__)
 # define LLONG __int64
 # else
 # define LLONG long long
diff --git a/src/lib/libcrypto/bio/b_sock.c b/src/lib/libcrypto/bio/b_sock.c
index ead477d8a2..12b0a53a81 100644
--- a/src/lib/libcrypto/bio/b_sock.c
+++ b/src/lib/libcrypto/bio/b_sock.c
@@ -72,11 +72,9 @@ NETDB_DEFINE_CONTEXT
 #ifndef OPENSSL_NO_SOCK
-#ifdef OPENSSL_SYS_WIN16
+#include <openssl/dso.h>
-#define SOCKET_PROTOCOL 0 /* more microsoft stupidity */
-#else
 #define SOCKET_PROTOCOL IPPROTO_TCP
-#endif
 #ifdef SO_MAXCONN
 #define MAX_LISTEN  SO_MAXCONN
@@ -90,6 +88,17 @@ NETDB_DEFINE_CONTEXT
 static int wsa_init_done=0;
 #endif
+/*
+ * WSAAPI specifier is required to make indirect calls to run-time
+ * linked WinSock 2 functions used in this module, to be specific
+ * [get|free]addrinfo and getnameinfo. This is because WinSock uses
+ * uses non-C calling convention, __stdcall vs. __cdecl, on x86
+ * Windows. On non-WinSock platforms WSAAPI needs to be void.
+ */
+#ifndef WSAAPI
+#define WSAAPI
+#endif
 #if 0
 static unsigned long BIO_ghbn_hits=0L;
 static unsigned long BIO_ghbn_miss=0L;
@@ -226,6 +235,10 @@ int BIO_sock_error(int sock)
        int j,i;
        int size;
                 
+#if defined(OPENSSL_SYS_BEOS_R5)
+        return 0;
+#endif
+                 
        size=sizeof(int);
        /* Note: under Windows the third parameter is of type (char *)
         * whereas under other systems it is (void *) if you don't have
@@ -466,7 +479,12 @@ int BIO_sock_init(void)
          
                wsa_init_done=1;
                memset(&wsa_state,0,sizeof(wsa_state));
-                if (WSAStartup(0x0101,&wsa_state)!=0)
+                /* Not making wsa_state available to the rest of the
+                 * code is formally wrong. But the structures we use
+                 * are [beleived to be] invariable among Winsock DLLs,
+                 * while API availability is [expected to be] probed
+                 * at run-time with DSO_global_lookup. */
+                if (WSAStartup(0x0202,&wsa_state)!=0)
                        {
                        err=WSAGetLastError();
                        SYSerr(SYS_F_WSASTARTUP,err);
@@ -510,8 +528,8 @@ void BIO_sock_cleanup(void)
        if (wsa_init_done)
                {
                wsa_init_done=0;
-#ifndef OPENSSL_SYS_WINCE
+#if 0           /* this call is claimed to be non-present in Winsock2 */
-                WSACancelBlockingCall();        /* Winsock 1.1 specific */
+                WSACancelBlockingCall();
 #endif
                WSACleanup();
                }
@@ -581,12 +599,18 @@ static int get_ip(const char *str, unsigned char ip[4])
 int BIO_get_accept_socket(char *host, int bind_mode)
        {
        int ret=0;
-        struct sockaddr_in server,client;
+        union {
-        int s=INVALID_SOCKET,cs;
+                struct sockaddr sa;
+                struct sockaddr_in sa_in;
+#if OPENSSL_USE_IPV6
+                struct sockaddr_in6 sa_in6;
+#endif
+        } server,client;
+        int s=INVALID_SOCKET,cs,addrlen;
        unsigned char ip[4];
        unsigned short port;
        char *str=NULL,*e;
-        const char *h,*p;
+        char *h,*p;
        unsigned long l;
        int err_num;
@@ -600,8 +624,7 @@ int BIO_get_accept_socket(char *host, int bind_mode)
                {
                if (*e == ':')
                        {
-                        p= &(e[1]);
+                        p=e;
-                        *e='\0';
                        }
                else if (*e == '/')
                        {
@@ -609,21 +632,70 @@ int BIO_get_accept_socket(char *host, int bind_mode)
                        break;
                        }
                }
+        if (p)  *p++='\0';      /* points at last ':', '::port' is special [see below] */
-        if (p == NULL)
+        else    p=h,h=NULL;
+#ifdef EAI_FAMILY
+        do {
+        static union {  void *p;
+                        int (WSAAPI *f)(const char *,const char *,
+                                 const struct addrinfo *,
+                                 struct addrinfo **);
+                        } p_getaddrinfo = {NULL};
+        static union {  void *p;
+                        void (WSAAPI *f)(struct addrinfo *);
+                        } p_freeaddrinfo = {NULL};
+        struct addrinfo *res,hint;
+        if (p_getaddrinfo.p==NULL)
+                {
+                if ((p_getaddrinfo.p=DSO_global_lookup("getaddrinfo"))==NULL ||
+                    (p_freeaddrinfo.p=DSO_global_lookup("freeaddrinfo"))==NULL)
+                        p_getaddrinfo.p=(void*)-1;
+                }
+        if (p_getaddrinfo.p==(void *)-1) break;
+        /* '::port' enforces IPv6 wildcard listener. Some OSes,
+         * e.g. Solaris, default to IPv6 without any hint. Also
+         * note that commonly IPv6 wildchard socket can service
+         * IPv4 connections just as well...  */
+        memset(&hint,0,sizeof(hint));
+        if (h)
                {
-                p=h;
+                if (strchr(h,':'))
-                h="*";
+                        {
+                        if (h[1]=='\0') h=NULL;
+#if OPENSSL_USE_IPV6
+                        hint.ai_family = AF_INET6;
+#else
+                        h=NULL;
+#endif
+                        }
+                else if (h[0]=='*' && h[1]=='\0')
+                        h=NULL;
                }
+        if ((*p_getaddrinfo.f)(h,p,&hint,&res)) break;
+        addrlen = res->ai_addrlen<=sizeof(server) ?
+                        res->ai_addrlen :
+                        sizeof(server);
+        memcpy(&server, res->ai_addr, addrlen);
+        (*p_freeaddrinfo.f)(res);
+        goto again;
+        } while (0);
+#endif
        if (!BIO_get_port(p,&port)) goto err;
        memset((char *)&server,0,sizeof(server));
-        server.sin_family=AF_INET;
+        server.sa_in.sin_family=AF_INET;
-        server.sin_port=htons(port);
+        server.sa_in.sin_port=htons(port);
+        addrlen = sizeof(server.sa_in);
-        if (strcmp(h,"*") == 0)
+        if (h == NULL || strcmp(h,"*") == 0)
-                server.sin_addr.s_addr=INADDR_ANY;
+                server.sa_in.sin_addr.s_addr=INADDR_ANY;
        else
                {
                if (!BIO_get_host_ip(h,&(ip[0]))) goto err;
@@ -632,11 +704,11 @@ int BIO_get_accept_socket(char *host, int bind_mode)
                        ((unsigned long)ip[1]<<16L)|
                        ((unsigned long)ip[2]<< 8L)|
                        ((unsigned long)ip[3]);
-                server.sin_addr.s_addr=htonl(l);
+                server.sa_in.sin_addr.s_addr=htonl(l);
                }
 again:
-        s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
+        s=socket(server.sa.sa_family,SOCK_STREAM,SOCKET_PROTOCOL);
        if (s == INVALID_SOCKET)
                {
                SYSerr(SYS_F_SOCKET,get_last_socket_error());
@@ -654,22 +726,42 @@ again:
                bind_mode=BIO_BIND_NORMAL;
                }
 #endif
-        if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1)
+        if (bind(s,&server.sa,addrlen) == -1)
                {
 #ifdef SO_REUSEADDR
                err_num=get_last_socket_error();
                if ((bind_mode == BIO_BIND_REUSEADDR_IF_UNUSED) &&
+#ifdef OPENSSL_SYS_WINDOWS
+                        /* Some versions of Windows define EADDRINUSE to
+                         * a dummy value.
+                         */
+                        (err_num == WSAEADDRINUSE))
+#else
                        (err_num == EADDRINUSE))
+#endif
                        {
-                        memcpy((char *)&client,(char *)&server,sizeof(server));
+                        client = server;
-                        if (strcmp(h,"*") == 0)
+                        if (h == NULL || strcmp(h,"*") == 0)
-                                client.sin_addr.s_addr=htonl(0x7F000001);
+                                {
-                        cs=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
+#if OPENSSL_USE_IPV6
+                                if (client.sa.sa_family == AF_INET6)
+                                        {
+                                        memset(&client.sa_in6.sin6_addr,0,sizeof(client.sa_in6.sin6_addr));
+                                        client.sa_in6.sin6_addr.s6_addr[15]=1;
+                                        }
+                                else
+#endif
+                                if (client.sa.sa_family == AF_INET)
+                                        {
+                                        client.sa_in.sin_addr.s_addr=htonl(0x7F000001);
+                                        }
+                                else    goto err;
+                                }
+                        cs=socket(client.sa.sa_family,SOCK_STREAM,SOCKET_PROTOCOL);
                        if (cs != INVALID_SOCKET)
                                {
                                int ii;
-                                ii=connect(cs,(struct sockaddr *)&client,
+                                ii=connect(cs,&client.sa,addrlen);
-                                        sizeof(client));
                                closesocket(cs);
                                if (ii == INVALID_SOCKET)
                                        {
@@ -708,20 +800,52 @@ err:
 int BIO_accept(int sock, char **addr)
        {
        int ret=INVALID_SOCKET;
-        static struct sockaddr_in from;
        unsigned long l;
        unsigned short port;
-        int len;
        char *p;
-        memset((char *)&from,0,sizeof(from));
+        struct {
-        len=sizeof(from);
+        /*
-        /* Note: under VMS with SOCKETSHR the fourth parameter is currently
+         * As for following union. Trouble is that there are platforms
-         * of type (int *) whereas under other systems it is (void *) if
+         * that have socklen_t and there are platforms that don't, on
-         * you don't have a cast it will choke the compiler: if you do
+         * some platforms socklen_t is int and on some size_t. So what
-         * have a cast then you can either go for (int *) or (void *).
+         * one can do? One can cook #ifdef spaghetti, which is nothing
+         * but masochistic. Or one can do union between int and size_t.
+         * One naturally does it primarily for 64-bit platforms where
+         * sizeof(int) != sizeof(size_t). But would it work? Note that
+         * if size_t member is initialized to 0, then later int member
+         * assignment naturally does the job on little-endian platforms
+         * regardless accept's expectations! What about big-endians?
+         * If accept expects int*, then it works, and if size_t*, then
+         * length value would appear as unreasonably large. But this
+         * won't prevent it from filling in the address structure. The
+         * trouble of course would be if accept returns more data than
+         * actual buffer can accomodate and overwrite stack... That's
+         * where early OPENSSL_assert comes into picture. Besides, the
+         * only 64-bit big-endian platform found so far that expects
+         * size_t* is HP-UX, where stack grows towards higher address.
+         * <appro>
         */
-        ret=accept(sock,(struct sockaddr *)&from,(void *)&len);
+        union { size_t s; int i; } len;
+        union {
+                struct sockaddr sa;
+                struct sockaddr_in sa_in;
+#if OPENSSL_USE_IPV6
+                struct sockaddr_in6 sa_in6;
+#endif
+                } from;
+        } sa;
+        sa.len.s=0;
+        sa.len.i=sizeof(sa.from);
+        memset(&sa.from,0,sizeof(sa.from));
+        ret=accept(sock,&sa.from.sa,(void *)&sa.len);
+        if (sizeof(sa.len.i)!=sizeof(sa.len.s) && sa.len.i==0)
+                {
+                OPENSSL_assert(sa.len.s<=sizeof(sa.from));
+                sa.len.i = (int)sa.len.s;
+                /* use sa.len.i from this point */
+                }
        if (ret == INVALID_SOCKET)
                {
                if(BIO_sock_should_retry(ret)) return -2;
@@ -732,8 +856,46 @@ int BIO_accept(int sock, char **addr)
        if (addr == NULL) goto end;
-        l=ntohl(from.sin_addr.s_addr);
+#ifdef EAI_FAMILY
-        port=ntohs(from.sin_port);
+        do {
+        char   h[NI_MAXHOST],s[NI_MAXSERV];
+        size_t nl;
+        static union {  void *p;
+                        int (WSAAPI *f)(const struct sockaddr *,size_t/*socklen_t*/,
+                                 char *,size_t,char *,size_t,int);
+                        } p_getnameinfo = {NULL};
+                        /* 2nd argument to getnameinfo is specified to
+                         * be socklen_t. Unfortunately there is a number
+                         * of environments where socklen_t is not defined.
+                         * As it's passed by value, it's safe to pass it
+                         * as size_t... <appro> */
+        if (p_getnameinfo.p==NULL)
+                {
+                if ((p_getnameinfo.p=DSO_global_lookup("getnameinfo"))==NULL)
+                        p_getnameinfo.p=(void*)-1;
+                }
+        if (p_getnameinfo.p==(void *)-1) break;
+        if ((*p_getnameinfo.f)(&sa.from.sa,sa.len.i,h,sizeof(h),s,sizeof(s),
+            NI_NUMERICHOST|NI_NUMERICSERV)) break;
+        nl = strlen(h)+strlen(s)+2;
+        p = *addr;
+        if (p)  { *p = '\0'; p = OPENSSL_realloc(p,nl); }
+        else    { p = OPENSSL_malloc(nl);               }
+        if (p==NULL)
+                {
+                BIOerr(BIO_F_BIO_ACCEPT,ERR_R_MALLOC_FAILURE);
+                goto end;
+                }
+        *addr = p;
+        BIO_snprintf(*addr,nl,"%s:%s",h,s);
+        goto end;
+        } while(0);
+#endif
+        if (sa.from.sa.sa_family != AF_INET) goto end;
+        l=ntohl(sa.from.sa_in.sin_addr.s_addr);
+        port=ntohs(sa.from.sa_in.sin_port);
        if (*addr == NULL)
                {
                if ((p=OPENSSL_malloc(24)) == NULL)
diff --git a/src/lib/libcrypto/bio/bio.h b/src/lib/libcrypto/bio/bio.h
index cecb6a7207..152802fbdf 100644
--- a/src/lib/libcrypto/bio/bio.h
+++ b/src/lib/libcrypto/bio/bio.h
@@ -95,6 +95,7 @@ extern "C" {
 #define BIO_TYPE_BIO            (19|0x0400)             /* (half a) BIO pair */
 #define BIO_TYPE_LINEBUFFER     (20|0x0200)             /* filter */
 #define BIO_TYPE_DGRAM          (21|0x0400|0x0100)
+#define BIO_TYPE_ASN1           (22|0x0200)             /* filter */
 #define BIO_TYPE_COMP           (23|0x0200)             /* filter */
 #define BIO_TYPE_DESCRIPTOR     0x0100  /* socket, fd, connect or accept */
@@ -156,8 +157,11 @@ extern "C" {
                                              * previous write
                                              * operation */
+#define BIO_CTRL_DGRAM_GET_PEER           46
 #define BIO_CTRL_DGRAM_SET_PEER           44 /* Destination for the data */
+#define BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT   45 /* Next DTLS handshake timeout to
+                                                                                          * adjust socket timeouts */
 /* modifiers */
 #define BIO_FP_READ             0x02
@@ -262,7 +266,6 @@ int BIO_method_type(const BIO *b);
 typedef void bio_info_cb(struct bio_st *, int, const char *, int, long, long);
-#ifndef OPENSSL_SYS_WIN16
 typedef struct bio_method_st
        {
        int type;
@@ -276,21 +279,6 @@ typedef struct bio_method_st
        int (*destroy)(BIO *);
        long (*callback_ctrl)(BIO *, int, bio_info_cb *);
        } BIO_METHOD;
-#else
-typedef struct bio_method_st
-        {
-        int type;
-        const char *name;
-        int (_far *bwrite)();
-        int (_far *bread)();
-        int (_far *bputs)();
-        int (_far *bgets)();
-        long (_far *ctrl)();
-        int (_far *create)();
-        int (_far *destroy)();
-        long (_far *callback_ctrl)();
-        } BIO_METHOD;
-#endif
 struct bio_st
        {
@@ -331,6 +319,9 @@ typedef struct bio_f_buffer_ctx_struct
        int obuf_off;           /* write/read offset */
        } BIO_F_BUFFER_CTX;
+/* Prefix and suffix callback in ASN1 BIO */
+typedef int asn1_ps_func(BIO *b, unsigned char **pbuf, int *plen, void *parg);
 /* connect BIO stuff */
 #define BIO_CONN_S_BEFORE               1
 #define BIO_CONN_S_GET_IP               2
@@ -393,6 +384,13 @@ typedef struct bio_f_buffer_ctx_struct
 #define BIO_C_RESET_READ_REQUEST                147
 #define BIO_C_SET_MD_CTX                        148
+#define BIO_C_SET_PREFIX                        149
+#define BIO_C_GET_PREFIX                        150
+#define BIO_C_SET_SUFFIX                        151
+#define BIO_C_GET_SUFFIX                        152
+#define BIO_C_SET_EX_ARG                        153
+#define BIO_C_GET_EX_ARG                        154
 #define BIO_set_app_data(s,arg)         BIO_set_ex_data(s,0,arg)
 #define BIO_get_app_data(s)             BIO_get_ex_data(s,0)
@@ -405,7 +403,7 @@ typedef struct bio_f_buffer_ctx_struct
 #define BIO_get_conn_hostname(b)  BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0)
 #define BIO_get_conn_port(b)      BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)
 #define BIO_get_conn_ip(b)               BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2)
-#define BIO_get_conn_int_port(b) BIO_int_ctrl(b,BIO_C_GET_CONNECT,3)
+#define BIO_get_conn_int_port(b) BIO_int_ctrl(b,BIO_C_GET_CONNECT,3,0)
 #define BIO_set_nbio(b,n)       BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
@@ -414,7 +412,7 @@ typedef struct bio_f_buffer_ctx_struct
 #define BIO_set_accept_port(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name)
 #define BIO_get_accept_port(b)  BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0)
 /* #define BIO_set_nbio(b,n)    BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */
-#define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(n)?"a":NULL)
+#define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(n)?(void *)"a":NULL)
 #define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(char *)bio)
 #define BIO_BIND_NORMAL                 0
@@ -541,6 +539,8 @@ int BIO_ctrl_reset_read_request(BIO *b);
         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP, 0, NULL)
 #define BIO_dgram_send_timedout(b) \
         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP, 0, NULL)
+#define BIO_dgram_get_peer(b,peer) \
+         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)peer)
 #define BIO_dgram_set_peer(b,peer) \
         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)peer)
@@ -554,22 +554,21 @@ int BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
 unsigned long BIO_number_read(BIO *bio);
 unsigned long BIO_number_written(BIO *bio);
+/* For BIO_f_asn1() */
+int BIO_asn1_set_prefix(BIO *b, asn1_ps_func *prefix,
+                                        asn1_ps_func *prefix_free);
+int BIO_asn1_get_prefix(BIO *b, asn1_ps_func **pprefix,
+                                        asn1_ps_func **pprefix_free);
+int BIO_asn1_set_suffix(BIO *b, asn1_ps_func *suffix,
+                                        asn1_ps_func *suffix_free);
+int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix,
+                                        asn1_ps_func **psuffix_free);
 # ifndef OPENSSL_NO_FP_API
-#  if defined(OPENSSL_SYS_WIN16) && defined(_WINDLL)
-BIO_METHOD *BIO_s_file_internal(void);
-BIO *BIO_new_file_internal(char *filename, char *mode);
-BIO *BIO_new_fp_internal(FILE *stream, int close_flag);
-#    define BIO_s_file  BIO_s_file_internal
-#    define BIO_new_file        BIO_new_file_internal
-#    define BIO_new_fp  BIO_new_fp_internal
-#  else /* FP_API */
 BIO_METHOD *BIO_s_file(void );
 BIO *BIO_new_file(const char *filename, const char *mode);
 BIO *BIO_new_fp(FILE *stream, int close_flag);
-#    define BIO_s_file_internal         BIO_s_file
+# define BIO_s_file_internal    BIO_s_file
-#    define BIO_new_file_internal       BIO_new_file
-#    define BIO_new_fp_internal         BIO_s_file
-#  endif /* FP_API */
 # endif
 BIO *   BIO_new(BIO_METHOD *type);
 int     BIO_set(BIO *a,BIO_METHOD *type);
@@ -598,13 +597,8 @@ int BIO_nread(BIO *bio, char **buf, int num);
 int BIO_nwrite0(BIO *bio, char **buf);
 int BIO_nwrite(BIO *bio, char **buf, int num);
-#ifndef OPENSSL_SYS_WIN16
 long BIO_debug_callback(BIO *bio,int cmd,const char *argp,int argi,
        long argl,long ret);
-#else
-long _far _loadds BIO_debug_callback(BIO *bio,int cmd,const char *argp,int argi,
-        long argl,long ret);
-#endif
 BIO_METHOD *BIO_s_mem(void);
 BIO *BIO_new_mem_buf(void *buf, int len);
diff --git a/src/lib/libcrypto/bio/bio_cb.c b/src/lib/libcrypto/bio/bio_cb.c
index 6f4254a114..9bcbc321d9 100644
--- a/src/lib/libcrypto/bio/bio_cb.c
+++ b/src/lib/libcrypto/bio/bio_cb.c
@@ -85,28 +85,32 @@ long MS_CALLBACK BIO_debug_callback(BIO *bio, int cmd, const char *argp,
                break;
        case BIO_CB_READ:
                if (bio->method->type & BIO_TYPE_DESCRIPTOR)
-                        BIO_snprintf(p,p_maxlen,"read(%d,%d) - %s fd=%d\n",
+                        BIO_snprintf(p,p_maxlen,"read(%d,%lu) - %s fd=%d\n",
-                                 bio->num,argi,bio->method->name,bio->num);
+                                 bio->num,(unsigned long)argi,
+                                 bio->method->name,bio->num);
                else
-                        BIO_snprintf(p,p_maxlen,"read(%d,%d) - %s\n",
+                        BIO_snprintf(p,p_maxlen,"read(%d,%lu) - %s\n",
-                                 bio->num,argi,bio->method->name);
+                                 bio->num,(unsigned long)argi,
+                                 bio->method->name);
                break;
        case BIO_CB_WRITE:
                if (bio->method->type & BIO_TYPE_DESCRIPTOR)
-                        BIO_snprintf(p,p_maxlen,"write(%d,%d) - %s fd=%d\n",
+                        BIO_snprintf(p,p_maxlen,"write(%d,%lu) - %s fd=%d\n",
-                                 bio->num,argi,bio->method->name,bio->num);
+                                 bio->num,(unsigned long)argi,
+                                 bio->method->name,bio->num);
                else
-                        BIO_snprintf(p,p_maxlen,"write(%d,%d) - %s\n",
+                        BIO_snprintf(p,p_maxlen,"write(%d,%lu) - %s\n",
-                                 bio->num,argi,bio->method->name);
+                                 bio->num,(unsigned long)argi,
+                                 bio->method->name);
                break;
        case BIO_CB_PUTS:
                BIO_snprintf(p,p_maxlen,"puts() - %s\n",bio->method->name);
                break;
        case BIO_CB_GETS:
-                BIO_snprintf(p,p_maxlen,"gets(%d) - %s\n",argi,bio->method->name);
+                BIO_snprintf(p,p_maxlen,"gets(%lu) - %s\n",(unsigned long)argi,bio->method->name);
                break;
        case BIO_CB_CTRL:
-                BIO_snprintf(p,p_maxlen,"ctrl(%d) - %s\n",argi,bio->method->name);
+                BIO_snprintf(p,p_maxlen,"ctrl(%lu) - %s\n",(unsigned long)argi,bio->method->name);
                break;
        case BIO_CB_RETURN|BIO_CB_READ:
                BIO_snprintf(p,p_maxlen,"read return %ld\n",ret);
diff --git a/src/lib/libcrypto/bio/bio_err.c b/src/lib/libcrypto/bio/bio_err.c
index 6603f1c74d..a224edd5a0 100644
--- a/src/lib/libcrypto/bio/bio_err.c
+++ b/src/lib/libcrypto/bio/bio_err.c
@@ -1,6 +1,6 @@
 /* crypto/bio/bio_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
diff --git a/src/lib/libcrypto/bio/bio_lib.c b/src/lib/libcrypto/bio/bio_lib.c
index 3f52ae953c..77f4de9c32 100644
--- a/src/lib/libcrypto/bio/bio_lib.c
+++ b/src/lib/libcrypto/bio/bio_lib.c
@@ -429,7 +429,7 @@ BIO *BIO_push(BIO *b, BIO *bio)
        if (bio != NULL)
                bio->prev_bio=lb;
        /* called to do internal processing */
-        BIO_ctrl(b,BIO_CTRL_PUSH,0,NULL);
+        BIO_ctrl(b,BIO_CTRL_PUSH,0,lb);
        return(b);
        }
@@ -441,7 +441,7 @@ BIO *BIO_pop(BIO *b)
        if (b == NULL) return(NULL);
        ret=b->next_bio;
-        BIO_ctrl(b,BIO_CTRL_POP,0,NULL);
+        BIO_ctrl(b,BIO_CTRL_POP,0,b);
        if (b->prev_bio != NULL)
                b->prev_bio->next_bio=b->next_bio;
diff --git a/src/lib/libcrypto/bio/bss_acpt.c b/src/lib/libcrypto/bio/bss_acpt.c
index d090b7272f..826f761143 100644
--- a/src/lib/libcrypto/bio/bss_acpt.c
+++ b/src/lib/libcrypto/bio/bss_acpt.c
@@ -100,8 +100,8 @@ static int acpt_new(BIO *h);
 static int acpt_free(BIO *data);
 static int acpt_state(BIO *b, BIO_ACCEPT *c);
 static void acpt_close_socket(BIO *data);
-BIO_ACCEPT *BIO_ACCEPT_new(void );
+static BIO_ACCEPT *BIO_ACCEPT_new(void );
-void BIO_ACCEPT_free(BIO_ACCEPT *a);
+static void BIO_ACCEPT_free(BIO_ACCEPT *a);
 #define ACPT_S_BEFORE                   1
 #define ACPT_S_GET_ACCEPT_SOCKET        2
@@ -141,7 +141,7 @@ static int acpt_new(BIO *bi)
        return(1);
        }
-BIO_ACCEPT *BIO_ACCEPT_new(void)
+static BIO_ACCEPT *BIO_ACCEPT_new(void)
        {
        BIO_ACCEPT *ret;
@@ -154,7 +154,7 @@ BIO_ACCEPT *BIO_ACCEPT_new(void)
        return(ret);
        }
-void BIO_ACCEPT_free(BIO_ACCEPT *a)
+static void BIO_ACCEPT_free(BIO_ACCEPT *a)
        {
        if(a == NULL)
            return;
diff --git a/src/lib/libcrypto/bio/bss_dgram.c b/src/lib/libcrypto/bio/bss_dgram.c
index c3da6dc82f..eb7e365467 100644
--- a/src/lib/libcrypto/bio/bss_dgram.c
+++ b/src/lib/libcrypto/bio/bss_dgram.c
@@ -66,7 +66,13 @@
 #include <openssl/bio.h>
+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS)
+#include <sys/timeb.h>
+#endif
+#ifdef OPENSSL_SYS_LINUX
 #define IP_MTU      14 /* linux is lame */
+#endif
 #ifdef WATT32
 #define sock_write SockWrite  /* Watt-32 uses same names */
@@ -84,6 +90,8 @@ static int dgram_clear(BIO *bio);
 static int BIO_dgram_should_retry(int s);
+static void get_current_time(struct timeval *t);
 static BIO_METHOD methods_dgramp=
        {
        BIO_TYPE_DGRAM,
@@ -100,10 +108,18 @@ static BIO_METHOD methods_dgramp=
 typedef struct bio_dgram_data_st
        {
-        struct sockaddr peer;
+        union {
+                struct sockaddr sa;
+                struct sockaddr_in sa_in;
+#if OPENSSL_USE_IPV6
+                struct sockaddr_in6 sa_in6;
+#endif
+        } peer;
        unsigned int connected;
        unsigned int _errno;
        unsigned int mtu;
+        struct timeval next_timeout;
+        struct timeval socket_timeout;
        } bio_dgram_data;
 BIO_METHOD *BIO_s_datagram(void)
@@ -165,31 +181,140 @@ static int dgram_clear(BIO *a)
                }
        return(1);
        }
-        
+static void dgram_adjust_rcv_timeout(BIO *b)
+        {
+#if defined(SO_RCVTIMEO)
+        bio_dgram_data *data = (bio_dgram_data *)b->ptr;
+        int sz = sizeof(int);
+        /* Is a timer active? */
+        if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0)
+                {
+                struct timeval timenow, timeleft;
+                /* Read current socket timeout */
+#ifdef OPENSSL_SYS_WINDOWS
+                int timeout;
+                if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
+                                           (void*)&timeout, &sz) < 0)
+                        { perror("getsockopt"); }
+                else
+                        {
+                        data->socket_timeout.tv_sec = timeout / 1000;
+                        data->socket_timeout.tv_usec = (timeout % 1000) * 1000;
+                        }
+#else
+                if ( getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, 
+                                                &(data->socket_timeout), (void *)&sz) < 0)
+                        { perror("getsockopt"); }
+#endif
+                /* Get current time */
+                get_current_time(&timenow);
+                /* Calculate time left until timer expires */
+                memcpy(&timeleft, &(data->next_timeout), sizeof(struct timeval));
+                timeleft.tv_sec -= timenow.tv_sec;
+                timeleft.tv_usec -= timenow.tv_usec;
+                if (timeleft.tv_usec < 0)
+                        {
+                        timeleft.tv_sec--;
+                        timeleft.tv_usec += 1000000;
+                        }
+                if (timeleft.tv_sec < 0)
+                        {
+                        timeleft.tv_sec = 0;
+                        timeleft.tv_usec = 1;
+                        }
+                /* Adjust socket timeout if next handhake message timer
+                 * will expire earlier.
+                 */
+                if ((data->socket_timeout.tv_sec == 0 && data->socket_timeout.tv_usec == 0) ||
+                        (data->socket_timeout.tv_sec > timeleft.tv_sec) ||
+                        (data->socket_timeout.tv_sec == timeleft.tv_sec &&
+                         data->socket_timeout.tv_usec >= timeleft.tv_usec))
+                        {
+#ifdef OPENSSL_SYS_WINDOWS
+                        timeout = timeleft.tv_sec * 1000 + timeleft.tv_usec / 1000;
+                        if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
+                                                   (void*)&timeout, sizeof(timeout)) < 0)
+                                { perror("setsockopt"); }
+#else
+                        if ( setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &timeleft,
+                                                        sizeof(struct timeval)) < 0)
+                                { perror("setsockopt"); }
+#endif
+                        }
+                }
+#endif
+        }
+static void dgram_reset_rcv_timeout(BIO *b)
+        {
+#if defined(SO_RCVTIMEO)
+        bio_dgram_data *data = (bio_dgram_data *)b->ptr;
+        /* Is a timer active? */
+        if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0)
+                {
+#ifdef OPENSSL_SYS_WINDOWS
+                int timeout = data->socket_timeout.tv_sec * 1000 +
+                                          data->socket_timeout.tv_usec / 1000;
+                if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
+                                           (void*)&timeout, sizeof(timeout)) < 0)
+                        { perror("setsockopt"); }
+#else
+                if ( setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &(data->socket_timeout),
+                                                sizeof(struct timeval)) < 0)
+                        { perror("setsockopt"); }
+#endif
+                }
+#endif
+        }
 static int dgram_read(BIO *b, char *out, int outl)
        {
        int ret=0;
        bio_dgram_data *data = (bio_dgram_data *)b->ptr;
-        struct sockaddr peer;
+        struct  {
-        int peerlen = sizeof(peer);
+        /*
+         * See commentary in b_sock.c. <appro>
+         */
+        union   { size_t s; int i; } len;
+        union   {
+                struct sockaddr sa;
+                struct sockaddr_in sa_in;
+#if OPENSSL_USE_IPV6
+                struct sockaddr_in6 sa_in6;
+#endif
+                } peer;
+        } sa;
+        sa.len.s=0;
+        sa.len.i=sizeof(sa.peer);
        if (out != NULL)
                {
                clear_socket_error();
-                memset(&peer, 0x00, peerlen);
+                memset(&sa.peer, 0x00, sizeof(sa.peer));
-                /* Last arg in recvfrom is signed on some platforms and
+                dgram_adjust_rcv_timeout(b);
-                 * unsigned on others. It is of type socklen_t on some
+                ret=recvfrom(b->num,out,outl,0,&sa.peer.sa,(void *)&sa.len);
-                 * but this is not universal. Cast to (void *) to avoid
+                if (sizeof(sa.len.i)!=sizeof(sa.len.s) && sa.len.i==0)
-                 * compiler warnings.
+                        {
-                 */
+                        OPENSSL_assert(sa.len.s<=sizeof(sa.peer));
-                ret=recvfrom(b->num,out,outl,0,&peer,(void *)&peerlen);
+                        sa.len.i = (int)sa.len.s;
+                        }
+                dgram_reset_rcv_timeout(b);
-                if ( ! data->connected  && ret > 0)
+                if ( ! data->connected  && ret >= 0)
-                        BIO_ctrl(b, BIO_CTRL_DGRAM_CONNECT, 0, &peer);
+                        BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &sa.peer);
                BIO_clear_retry_flags(b);
-                if (ret <= 0)
+                if (ret < 0)
                        {
                        if (BIO_dgram_should_retry(ret))
                                {
@@ -207,19 +332,29 @@ static int dgram_write(BIO *b, const char *in, int inl)
        bio_dgram_data *data = (bio_dgram_data *)b->ptr;
        clear_socket_error();
-    if ( data->connected )
+        if ( data->connected )
-        ret=writesocket(b->num,in,inl);
+                ret=writesocket(b->num,in,inl);
-    else
+        else
+                {
+                int peerlen = sizeof(data->peer);
+                if (data->peer.sa.sa_family == AF_INET)
+                        peerlen = sizeof(data->peer.sa_in);
+#if OPENSSL_USE_IVP6
+                else if (data->peer.sa.sa_family == AF_INET6)
+                        peerlen = sizeof(data->peer.sa_in6);
+#endif
 #if defined(NETWARE_CLIB) && defined(NETWARE_BSDSOCK)
-        ret=sendto(b->num, (char *)in, inl, 0, &data->peer, sizeof(data->peer));
+                ret=sendto(b->num, (char *)in, inl, 0, &data->peer.sa, peerlen);
 #else
-        ret=sendto(b->num, in, inl, 0, &data->peer, sizeof(data->peer));
+                ret=sendto(b->num, in, inl, 0, &data->peer.sa, peerlen);
 #endif
+                }
        BIO_clear_retry_flags(b);
        if (ret <= 0)
                {
-                if (BIO_sock_should_retry(ret))
+                if (BIO_dgram_should_retry(ret))
                        {
                        BIO_set_retry_write(b);  
                        data->_errno = get_last_socket_error();
@@ -240,8 +375,20 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
        int *ip;
        struct sockaddr *to = NULL;
        bio_dgram_data *data = NULL;
+#if defined(IP_MTU_DISCOVER) || defined(IP_MTU)
        long sockopt_val = 0;
        unsigned int sockopt_len = 0;
+#endif
+#ifdef OPENSSL_SYS_LINUX
+        socklen_t addr_len;
+        union   {
+                struct sockaddr sa;
+                struct sockaddr_in s4;
+#if OPENSSL_USE_IPV6
+                struct sockaddr_in6 s6;
+#endif
+                } addr;
+#endif
        data = (bio_dgram_data *)b->ptr;
@@ -294,30 +441,110 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
                else
                        {
 #endif
-                        memcpy(&(data->peer),to, sizeof(struct sockaddr));
+                        switch (to->sa_family)
+                                {
+                                case AF_INET:
+                                        memcpy(&data->peer,to,sizeof(data->peer.sa_in));
+                                        break;
+#if OPENSSL_USE_IPV6
+                                case AF_INET6:
+                                        memcpy(&data->peer,to,sizeof(data->peer.sa_in6));
+                                        break;
+#endif
+                                default:
+                                        memcpy(&data->peer,to,sizeof(data->peer.sa));
+                                        break;
+                                }
 #if 0
                        }
 #endif
                break;
                /* (Linux)kernel sets DF bit on outgoing IP packets */
-#ifdef IP_MTU_DISCOVER
        case BIO_CTRL_DGRAM_MTU_DISCOVER:
-                sockopt_val = IP_PMTUDISC_DO;
+#ifdef OPENSSL_SYS_LINUX
-                if ((ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER,
+                addr_len = (socklen_t)sizeof(addr);
-                        &sockopt_val, sizeof(sockopt_val))) < 0)
+                memset((void *)&addr, 0, sizeof(addr));
-                        perror("setsockopt");
+                if (getsockname(b->num, &addr.sa, &addr_len) < 0)
+                        {
+                        ret = 0;
+                        break;
+                        }
+                sockopt_len = sizeof(sockopt_val);
+                switch (addr.sa.sa_family)
+                        {
+                case AF_INET:
+                        sockopt_val = IP_PMTUDISC_DO;
+                        if ((ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER,
+                                &sockopt_val, sizeof(sockopt_val))) < 0)
+                                perror("setsockopt");
+                        break;
+#if OPENSSL_USE_IPV6 && defined(IPV6_MTU_DISCOVER)
+                case AF_INET6:
+                        sockopt_val = IPV6_PMTUDISC_DO;
+                        if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER,
+                                &sockopt_val, sizeof(sockopt_val))) < 0)
+                                perror("setsockopt");
+                        break;
+#endif
+                default:
+                        ret = -1;
+                        break;
+                        }
+                ret = -1;
+#else
                break;
 #endif
        case BIO_CTRL_DGRAM_QUERY_MTU:
-         sockopt_len = sizeof(sockopt_val);
+#ifdef OPENSSL_SYS_LINUX
-                if ((ret = getsockopt(b->num, IPPROTO_IP, IP_MTU, (void *)&sockopt_val,
+                addr_len = (socklen_t)sizeof(addr);
-                        &sockopt_len)) < 0 || sockopt_val < 0)
+                memset((void *)&addr, 0, sizeof(addr));
-                        { ret = 0; }
+                if (getsockname(b->num, &addr.sa, &addr_len) < 0)
-                else
+                        {
+                        ret = 0;
+                        break;
+                        }
+                sockopt_len = sizeof(sockopt_val);
+                switch (addr.sa.sa_family)
                        {
-                        data->mtu = sockopt_val;
+                case AF_INET:
-                        ret = data->mtu;
+                        if ((ret = getsockopt(b->num, IPPROTO_IP, IP_MTU, (void *)&sockopt_val,
+                                &sockopt_len)) < 0 || sockopt_val < 0)
+                                {
+                                ret = 0;
+                                }
+                        else
+                                {
+                                /* we assume that the transport protocol is UDP and no
+                                 * IP options are used.
+                                 */
+                                data->mtu = sockopt_val - 8 - 20;
+                                ret = data->mtu;
+                                }
+                        break;
+#if OPENSSL_USE_IPV6 && defined(IPV6_MTU)
+                case AF_INET6:
+                        if ((ret = getsockopt(b->num, IPPROTO_IPV6, IPV6_MTU, (void *)&sockopt_val,
+                                &sockopt_len)) < 0 || sockopt_val < 0)
+                                {
+                                ret = 0;
+                                }
+                        else
+                                {
+                                /* we assume that the transport protocol is UDP and no
+                                 * IPV6 options are used.
+                                 */
+                                data->mtu = sockopt_val - 8 - 40;
+                                ret = data->mtu;
+                                }
+                        break;
+#endif
+                default:
+                        ret = 0;
+                        break;
                        }
+#else
+                ret = 0;
+#endif
                break;
        case BIO_CTRL_DGRAM_GET_MTU:
                return data->mtu;
@@ -332,19 +559,66 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
                if ( to != NULL)
                        {
                        data->connected = 1;
-                        memcpy(&(data->peer),to, sizeof(struct sockaddr));
+                        switch (to->sa_family)
+                                {
+                                case AF_INET:
+                                        memcpy(&data->peer,to,sizeof(data->peer.sa_in));
+                                        break;
+#if OPENSSL_USE_IPV6
+                                case AF_INET6:
+                                        memcpy(&data->peer,to,sizeof(data->peer.sa_in6));
+                                        break;
+#endif
+                                default:
+                                        memcpy(&data->peer,to,sizeof(data->peer.sa));
+                                        break;
+                                }
                        }
                else
                        {
                        data->connected = 0;
-                        memset(&(data->peer), 0x00, sizeof(struct sockaddr));
+                        memset(&(data->peer), 0x00, sizeof(data->peer));
                        }
                break;
-    case BIO_CTRL_DGRAM_SET_PEER:
+        case BIO_CTRL_DGRAM_GET_PEER:
-        to = (struct sockaddr *) ptr;
+                switch (data->peer.sa.sa_family)
+                        {
-        memcpy(&(data->peer), to, sizeof(struct sockaddr));
+                        case AF_INET:
-        break;
+                                ret=sizeof(data->peer.sa_in);
+                                break;
+#if OPENSSL_USE_IPV6
+                        case AF_INET6:
+                                ret=sizeof(data->peer.sa_in6);
+                                break;
+#endif
+                        default:
+                                ret=sizeof(data->peer.sa);
+                                break;
+                        }
+                if (num==0 || num>ret)
+                        num=ret;
+                memcpy(ptr,&data->peer,(ret=num));
+                break;
+        case BIO_CTRL_DGRAM_SET_PEER:
+                to = (struct sockaddr *) ptr;
+                switch (to->sa_family)
+                        {
+                        case AF_INET:
+                                memcpy(&data->peer,to,sizeof(data->peer.sa_in));
+                                break;
+#if OPENSSL_USE_IPV6
+                        case AF_INET6:
+                                memcpy(&data->peer,to,sizeof(data->peer.sa_in6));
+                                break;
+#endif
+                        default:
+                                memcpy(&data->peer,to,sizeof(data->peer.sa));
+                                break;
+                        }
+                break;
+        case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT:
+                memcpy(&(data->next_timeout), ptr, sizeof(struct timeval));
+                break;
 #if defined(SO_RCVTIMEO)
        case BIO_CTRL_DGRAM_SET_RECV_TIMEOUT:
 #ifdef OPENSSL_SYS_WINDOWS
@@ -507,10 +781,6 @@ int BIO_dgram_non_fatal_error(int err)
 # endif
 #endif
-#if defined(ENOTCONN)
-        case ENOTCONN:
-#endif
 #ifdef EINTR
        case EINTR:
 #endif
@@ -533,11 +803,6 @@ int BIO_dgram_non_fatal_error(int err)
        case EALREADY:
 #endif
-/* DF bit set, and packet larger than MTU */
-#ifdef EMSGSIZE
-        case EMSGSIZE:
-#endif
                return(1);
                /* break; */
        default:
@@ -546,3 +811,20 @@ int BIO_dgram_non_fatal_error(int err)
        return(0);
        }
 #endif
+static void get_current_time(struct timeval *t)
+        {
+#ifdef OPENSSL_SYS_WIN32
+        struct _timeb tb;
+        _ftime(&tb);
+        t->tv_sec = (long)tb.time;
+        t->tv_usec = (long)tb.millitm * 1000;
+#elif defined(OPENSSL_SYS_VMS)
+        struct timeb tb;
+        ftime(&tb);
+        t->tv_sec = (long)tb.time;
+        t->tv_usec = (long)tb.millitm * 1000;
+#else
+        gettimeofday(t, NULL);
+#endif
+        }
diff --git a/src/lib/libcrypto/bio/bss_fd.c b/src/lib/libcrypto/bio/bss_fd.c
index 4c229bf641..d1bf85aae1 100644
--- a/src/lib/libcrypto/bio/bss_fd.c
+++ b/src/lib/libcrypto/bio/bss_fd.c
@@ -60,6 +60,13 @@
 #include <errno.h>
 #define USE_SOCKETS
 #include "cryptlib.h"
+#if defined(OPENSSL_NO_POSIX_IO)
+/*
+ * One can argue that one should implement dummy placeholder for
+ * BIO_s_fd here...
+ */
+#else
 /*
 * As for unconditional usage of "UPLINK" interface in this module.
 * Trouble is that unlike Unix file descriptors [which are indexes
@@ -77,6 +84,7 @@
 static int fd_write(BIO *h, const char *buf, int num);
 static int fd_read(BIO *h, char *buf, int size);
 static int fd_puts(BIO *h, const char *str);
+static int fd_gets(BIO *h, char *buf, int size);
 static long fd_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static int fd_new(BIO *h);
 static int fd_free(BIO *data);
@@ -88,7 +96,7 @@ static BIO_METHOD methods_fdp=
        fd_write,
        fd_read,
        fd_puts,
-        NULL, /* fd_gets, */
+        fd_gets,
        fd_ctrl,
        fd_new,
        fd_free,
@@ -227,6 +235,22 @@ static int fd_puts(BIO *bp, const char *str)
        return(ret);
        }
+static int fd_gets(BIO *bp, char *buf, int size)
+        {
+        int ret=0;
+        char *ptr=buf;
+        char *end=buf+size-1;
+        while ( (ptr < end) && (fd_read(bp, ptr, 1) > 0) && (ptr[0] != '\n') )
+                ptr++;
+        ptr[0]='\0';
+        if (buf[0] != '\0')
+                ret=strlen(buf);
+        return(ret);
+        }
 int BIO_fd_should_retry(int i)
        {
        int err;
@@ -292,3 +316,4 @@ int BIO_fd_non_fatal_error(int err)
                }
        return(0);
        }
+#endif
diff --git a/src/lib/libcrypto/bio/bss_file.c b/src/lib/libcrypto/bio/bss_file.c
index 9ad46fa081..8bfa0bcd97 100644
--- a/src/lib/libcrypto/bio/bss_file.c
+++ b/src/lib/libcrypto/bio/bss_file.c
@@ -118,10 +118,47 @@ static BIO_METHOD methods_filep=
 BIO *BIO_new_file(const char *filename, const char *mode)
        {
-        BIO *ret;
+        BIO  *ret;
-        FILE *file;
+        FILE *file=NULL;
+#if defined(_WIN32) && defined(CP_UTF8)
+        int sz, len_0 = (int)strlen(filename)+1;
-        if ((file=fopen(filename,mode)) == NULL)
+        /*
+         * Basically there are three cases to cover: a) filename is
+         * pure ASCII string; b) actual UTF-8 encoded string and
+         * c) locale-ized string, i.e. one containing 8-bit
+         * characters that are meaningful in current system locale.
+         * If filename is pure ASCII or real UTF-8 encoded string,
+         * MultiByteToWideChar succeeds and _wfopen works. If
+         * filename is locale-ized string, chances are that
+         * MultiByteToWideChar fails reporting
+         * ERROR_NO_UNICODE_TRANSLATION, in which case we fall
+         * back to fopen...
+         */
+        if ((sz=MultiByteToWideChar(CP_UTF8,MB_ERR_INVALID_CHARS,
+                                        filename,len_0,NULL,0))>0)
+                {
+                WCHAR  wmode[8];
+                WCHAR *wfilename = _alloca(sz*sizeof(WCHAR));
+                if (MultiByteToWideChar(CP_UTF8,MB_ERR_INVALID_CHARS,
+                                        filename,len_0,wfilename,sz) &&
+                    MultiByteToWideChar(CP_UTF8,0,mode,strlen(mode)+1,
+                                        wmode,sizeof(wmode)/sizeof(wmode[0])) &&
+                    (file=_wfopen(wfilename,wmode))==NULL && errno==ENOENT
+                   )    /* UTF-8 decode succeeded, but no file, filename
+                         * could still have been locale-ized... */
+                        file = fopen(filename,mode);
+                }
+        else if (GetLastError()==ERROR_NO_UNICODE_TRANSLATION)
+                {
+                file = fopen(filename,mode);
+                }
+#else
+        file=fopen(filename,mode);      
+#endif
+        if (file == NULL)
                {
                SYSerr(SYS_F_FOPEN,get_last_sys_error());
                ERR_add_error_data(5,"fopen('",filename,"','",mode,"')");
@@ -131,7 +168,7 @@ BIO *BIO_new_file(const char *filename, const char *mode)
                        BIOerr(BIO_F_BIO_NEW_FILE,ERR_R_SYS_LIB);
                return(NULL);
                }
-        if ((ret=BIO_new(BIO_s_file_internal())) == NULL)
+        if ((ret=BIO_new(BIO_s_file())) == NULL)
                {
                fclose(file);
                return(NULL);
@@ -272,9 +309,9 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
                        BIO_clear_flags(b,BIO_FLAGS_UPLINK);
 #endif
 #endif
-#ifdef UP_fsetmode
+#ifdef UP_fsetmod
                if (b->flags&BIO_FLAGS_UPLINK)
-                        UP_fsetmode(b->ptr,num&BIO_FP_TEXT?'t':'b');
+                        UP_fsetmod(b->ptr,(char)((num&BIO_FP_TEXT)?'t':'b'));
                else
 #endif
                {
@@ -286,8 +323,7 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
                        _setmode(fd,_O_BINARY);
 #elif defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB)
                int fd = fileno((FILE*)ptr);
-         /* Under CLib there are differences in file modes
+                /* Under CLib there are differences in file modes */
-         */
                if (num & BIO_FP_TEXT)
                        setmode(fd,O_TEXT);
                else
@@ -308,7 +344,7 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
                        else
                                _setmode(fd,_O_BINARY);
                        }
-#elif defined(OPENSSL_SYS_OS2)
+#elif defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_WIN32_CYGWIN)
                int fd = fileno((FILE*)ptr);
                if (num & BIO_FP_TEXT)
                        setmode(fd, O_TEXT);
@@ -404,11 +440,18 @@ static int MS_CALLBACK file_gets(BIO *bp, char *buf, int size)
        buf[0]='\0';
        if (bp->flags&BIO_FLAGS_UPLINK)
-                UP_fgets(buf,size,bp->ptr);
+                {
+                if (!UP_fgets(buf,size,bp->ptr))
+                        goto err;
+                }
        else
-                fgets(buf,size,(FILE *)bp->ptr);
+                {
+                if (!fgets(buf,size,(FILE *)bp->ptr))
+                        goto err;
+                }
        if (buf[0] != '\0')
                ret=strlen(buf);
+        err:
        return(ret);
        }
diff --git a/src/lib/libcrypto/bio/bss_log.c b/src/lib/libcrypto/bio/bss_log.c
index 6360dbc820..7ead044b37 100644
--- a/src/lib/libcrypto/bio/bss_log.c
+++ b/src/lib/libcrypto/bio/bss_log.c
@@ -70,7 +70,6 @@
 #if defined(OPENSSL_SYS_WINCE)
 #elif defined(OPENSSL_SYS_WIN32)
-#  include <process.h>
 #elif defined(OPENSSL_SYS_VMS)
 #  include <opcdef.h>
 #  include <descrip.h>
@@ -122,18 +121,6 @@ static int MS_CALLBACK slg_free(BIO *data);
 static void xopenlog(BIO* bp, char* name, int level);
 static void xsyslog(BIO* bp, int priority, const char* string);
 static void xcloselog(BIO* bp);
-#ifdef OPENSSL_SYS_WIN32
-LONG    (WINAPI *go_for_advapi)()       = RegOpenKeyEx;
-HANDLE  (WINAPI *register_event_source)()       = NULL;
-BOOL    (WINAPI *deregister_event_source)()     = NULL;
-BOOL    (WINAPI *report_event)()        = NULL;
-#define DL_PROC(m,f)    (GetProcAddress( m, f ))
-#ifdef UNICODE
-#define DL_PROC_X(m,f) DL_PROC( m, f "W" )
-#else
-#define DL_PROC_X(m,f) DL_PROC( m, f "A" )
-#endif
-#endif
 static BIO_METHOD methods_slg=
        {
@@ -175,7 +162,7 @@ static int MS_CALLBACK slg_write(BIO *b, const char *in, int inl)
        char* buf;
        char* pp;
        int priority, i;
-        static struct
+        static const struct
                {
                int strl;
                char str[10];
@@ -249,35 +236,20 @@ static int MS_CALLBACK slg_puts(BIO *bp, const char *str)
 static void xopenlog(BIO* bp, char* name, int level)
 {
-        if ( !register_event_source )
+        if (GetVersion() < 0x80000000)
-                {
+                bp->ptr = RegisterEventSourceA(NULL,name);
-                HANDLE  advapi;
+        else
-                if ( !(advapi = GetModuleHandle("advapi32")) )
+                bp->ptr = NULL;
-                        return;
-                register_event_source = (HANDLE (WINAPI *)())DL_PROC_X(advapi,
-                        "RegisterEventSource" );
-                deregister_event_source = (BOOL (WINAPI *)())DL_PROC(advapi,
-                        "DeregisterEventSource");
-                report_event = (BOOL (WINAPI *)())DL_PROC_X(advapi,
-                        "ReportEvent" );
-                if ( !(register_event_source && deregister_event_source &&
-                                report_event) )
-                        {
-                        register_event_source = NULL;
-                        deregister_event_source = NULL;
-                        report_event = NULL;
-                        return;
-                        }
-                }
-        bp->ptr= (char *)register_event_source(NULL, name);
 }
 static void xsyslog(BIO *bp, int priority, const char *string)
 {
        LPCSTR lpszStrings[2];
        WORD evtype= EVENTLOG_ERROR_TYPE;
-        int pid = _getpid();
+        char pidbuf[DECIMAL_SIZE(DWORD)+4];
-        char pidbuf[DECIMAL_SIZE(pid)+4];
+        if (bp->ptr == NULL)
+                return;
        switch (priority)
                {
@@ -301,19 +273,18 @@ static void xsyslog(BIO *bp, int priority, const char *string)
                break;
                }
-        sprintf(pidbuf, "[%d] ", pid);
+        sprintf(pidbuf, "[%u] ", GetCurrentProcessId());
        lpszStrings[0] = pidbuf;
        lpszStrings[1] = string;
-        if(report_event && bp->ptr)
+        ReportEventA(bp->ptr, evtype, 0, 1024, NULL, 2, 0,
-                report_event(bp->ptr, evtype, 0, 1024, NULL, 2, 0,
                                lpszStrings, NULL);
 }
        
 static void xcloselog(BIO* bp)
 {
-        if(deregister_event_source && bp->ptr)
+        if(bp->ptr)
-                deregister_event_source((HANDLE)(bp->ptr));
+                DeregisterEventSource((HANDLE)(bp->ptr));
        bp->ptr= NULL;
 }
diff --git a/src/lib/libcrypto/bio/bss_mem.c b/src/lib/libcrypto/bio/bss_mem.c
index e7ab9cb3a3..37d4194e4b 100644
--- a/src/lib/libcrypto/bio/bss_mem.c
+++ b/src/lib/libcrypto/bio/bss_mem.c
@@ -94,16 +94,18 @@ BIO *BIO_new_mem_buf(void *buf, int len)
 {
        BIO *ret;
        BUF_MEM *b;
+        size_t sz;
        if (!buf) {
                BIOerr(BIO_F_BIO_NEW_MEM_BUF,BIO_R_NULL_PARAMETER);
                return NULL;
        }
-        if(len == -1) len = strlen(buf);
+        sz = (len<0) ? strlen(buf) : (size_t)len;
        if(!(ret = BIO_new(BIO_s_mem())) ) return NULL;
        b = (BUF_MEM *)ret->ptr;
        b->data = buf;
-        b->length = len;
+        b->length = sz;
-        b->max = len;
+        b->max = sz;
        ret->flags |= BIO_FLAGS_MEM_RDONLY;
        /* Since this is static data retrying wont help */
        ret->num = 0;
@@ -144,22 +146,16 @@ static int mem_read(BIO *b, char *out, int outl)
        {
        int ret= -1;
        BUF_MEM *bm;
-        int i;
-        char *from,*to;
        bm=(BUF_MEM *)b->ptr;
        BIO_clear_retry_flags(b);
-        ret=(outl > bm->length)?bm->length:outl;
+        ret=(outl >=0 && (size_t)outl > bm->length)?(int)bm->length:outl;
        if ((out != NULL) && (ret > 0)) {
                memcpy(out,bm->data,ret);
                bm->length-=ret;
-                /* memmove(&(bm->data[0]),&(bm->data[ret]), bm->length); */
                if(b->flags & BIO_FLAGS_MEM_RDONLY) bm->data += ret;
                else {
-                        from=(char *)&(bm->data[ret]);
+                        memmove(&(bm->data[0]),&(bm->data[ret]),bm->length);
-                        to=(char *)&(bm->data[0]);
-                        for (i=0; i<bm->length; i++)
-                                to[i]=from[i];
                }
        } else if (bm->length == 0)
                {
diff --git a/src/lib/libcrypto/bio/bss_sock.c b/src/lib/libcrypto/bio/bss_sock.c
index 30c3ceab46..3df31938c1 100644
--- a/src/lib/libcrypto/bio/bss_sock.c
+++ b/src/lib/libcrypto/bio/bss_sock.c
@@ -172,15 +172,6 @@ static long sock_ctrl(BIO *b, int cmd, long num, void *ptr)
        switch (cmd)
                {
-        case BIO_CTRL_RESET:
-                num=0;
-        case BIO_C_FILE_SEEK:
-                ret=0;
-                break;
-        case BIO_C_FILE_TELL:
-        case BIO_CTRL_INFO:
-                ret=0;
-                break;
        case BIO_C_SET_FD:
                sock_free(b);
                b->num= *((int *)ptr);
@@ -203,10 +194,6 @@ static long sock_ctrl(BIO *b, int cmd, long num, void *ptr)
        case BIO_CTRL_SET_CLOSE:
                b->shutdown=(int)num;
                break;
-        case BIO_CTRL_PENDING:
-        case BIO_CTRL_WPENDING:
-                ret=0;
-                break;
        case BIO_CTRL_DUP:
        case BIO_CTRL_FLUSH:
                ret=1;
diff --git a/src/lib/libcrypto/bn/asm/alpha-mont.pl b/src/lib/libcrypto/bn/asm/alpha-mont.pl
index 7a2cc3173b..f7e0ca1646 100644
--- a/src/lib/libcrypto/bn/asm/alpha-mont.pl
+++ b/src/lib/libcrypto/bn/asm/alpha-mont.pl
@@ -53,15 +53,15 @@ $code=<<___;
 .align  5
 .ent    bn_mul_mont
 bn_mul_mont:
-        lda     sp,-40(sp)
+        lda     sp,-48(sp)
        stq     ra,0(sp)
        stq     s3,8(sp)
        stq     s4,16(sp)
        stq     s5,24(sp)
        stq     fp,32(sp)
        mov     sp,fp
-        .mask   0x0400f000,-40
+        .mask   0x0400f000,-48
-        .frame  fp,40,ra
+        .frame  fp,48,ra
        .prologue 0
        .align  4
@@ -306,7 +306,7 @@ bn_mul_mont:
        ldq     s4,16(sp)
        ldq     s5,24(sp)
        ldq     fp,32(sp)
-        lda     sp,40(sp)
+        lda     sp,48(sp)
        ret     (ra)
 .end    bn_mul_mont
 .rdata
diff --git a/src/lib/libcrypto/bn/asm/armv4-mont.pl b/src/lib/libcrypto/bn/asm/armv4-mont.pl
index 05d5dc1a48..14e0d2d1dd 100644
--- a/src/lib/libcrypto/bn/asm/armv4-mont.pl
+++ b/src/lib/libcrypto/bn/asm/armv4-mont.pl
@@ -193,6 +193,7 @@ bn_mul_mont:
        bx      lr                      @ interoperable with Thumb ISA:-)
 .size   bn_mul_mont,.-bn_mul_mont
 .asciz  "Montgomery multiplication for ARMv4, CRYPTOGAMS by <appro\@openssl.org>"
+.align  2
 ___
 $code =~ s/\bbx\s+lr\b/.word\t0xe12fff1e/gm;    # make it possible to compile with -march=armv4
diff --git a/src/lib/libcrypto/bn/asm/bn-586.pl b/src/lib/libcrypto/bn/asm/bn-586.pl
index 26c2685a72..332ef3e91d 100644
--- a/src/lib/libcrypto/bn/asm/bn-586.pl
+++ b/src/lib/libcrypto/bn/asm/bn-586.pl
@@ -1,6 +1,7 @@
 #!/usr/local/bin/perl
-push(@INC,"perlasm","../../perlasm");
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
 require "x86asm.pl";
 &asm_init($ARGV[0],$0);
@@ -24,38 +25,25 @@ sub bn_mul_add_words
        {
        local($name)=@_;
-        &function_begin($name,$sse2?"EXTRN\t_OPENSSL_ia32cap_P:DWORD":"");
+        &function_begin_B($name,$sse2?"EXTRN\t_OPENSSL_ia32cap_P:DWORD":"");
-        &comment("");
+        $r="eax";
-        $Low="eax";
+        $a="edx";
-        $High="edx";
+        $c="ecx";
-        $a="ebx";
-        $w="ebp";
-        $r="edi";
-        $c="esi";
-        &xor($c,$c);            # clear carry
-        &mov($r,&wparam(0));    #
-        &mov("ecx",&wparam(2)); #
-        &mov($a,&wparam(1));    #
-        &and("ecx",0xfffffff8); # num / 8
-        &mov($w,&wparam(3));    #
-        &push("ecx");           # Up the stack for a tmp variable
-        &jz(&label("maw_finish"));
        if ($sse2) {
                &picmeup("eax","OPENSSL_ia32cap_P");
                &bt(&DWP(0,"eax"),26);
-                &jnc(&label("maw_loop"));
+                &jnc(&label("maw_non_sse2"));
-                &movd("mm0",$w);                # mm0 = w
+                &mov($r,&wparam(0));
+                &mov($a,&wparam(1));
+                &mov($c,&wparam(2));
+                &movd("mm0",&wparam(3));        # mm0 = w
                &pxor("mm1","mm1");             # mm1 = carry_in
+                &jmp(&label("maw_sse2_entry"));
-                &set_label("maw_sse2_loop",0);
+                
+        &set_label("maw_sse2_unrolled",16);
                &movd("mm3",&DWP(0,$r,"",0));   # mm3 = r[0]
                &paddq("mm1","mm3");            # mm1 = carry_in + r[0]
                &movd("mm2",&DWP(0,$a,"",0));   # mm2 = a[0]
@@ -112,42 +100,82 @@ sub bn_mul_add_words
                &psrlq("mm1",32);               # mm1 = carry6
                &paddq("mm1","mm3");            # mm1 = carry6 + r[7] + w*a[7]
                &movd(&DWP(28,$r,"",0),"mm1");
-                &add($r,32);
+                &lea($r,&DWP(32,$r));
                &psrlq("mm1",32);               # mm1 = carry_out
-                &sub("ecx",8);
+                &sub($c,8);
+                &jz(&label("maw_sse2_exit"));
+        &set_label("maw_sse2_entry");
+                &test($c,0xfffffff8);
+                &jnz(&label("maw_sse2_unrolled"));
+        &set_label("maw_sse2_loop",4);
+                &movd("mm2",&DWP(0,$a));        # mm2 = a[i]
+                &movd("mm3",&DWP(0,$r));        # mm3 = r[i]
+                &pmuludq("mm2","mm0");          # a[i] *= w
+                &lea($a,&DWP(4,$a));
+                &paddq("mm1","mm3");            # carry += r[i]
+                &paddq("mm1","mm2");            # carry += a[i]*w
+                &movd(&DWP(0,$r),"mm1");        # r[i] = carry_low
+                &sub($c,1);
+                &psrlq("mm1",32);               # carry = carry_high
+                &lea($r,&DWP(4,$r));
                &jnz(&label("maw_sse2_loop"));
+        &set_label("maw_sse2_exit");
-                &movd($c,"mm1");                # c = carry_out
+                &movd("eax","mm1");             # c = carry_out
                &emms();
+                &ret();
-                &jmp(&label("maw_finish"));
+        &set_label("maw_non_sse2",16);
        }
-        &set_label("maw_loop",0);
+        # function_begin prologue
+        &push("ebp");
+        &push("ebx");
+        &push("esi");
+        &push("edi");
+        &comment("");
+        $Low="eax";
+        $High="edx";
+        $a="ebx";
+        $w="ebp";
+        $r="edi";
+        $c="esi";
+        &xor($c,$c);            # clear carry
+        &mov($r,&wparam(0));    #
+        &mov("ecx",&wparam(2)); #
+        &mov($a,&wparam(1));    #
+        &and("ecx",0xfffffff8); # num / 8
+        &mov($w,&wparam(3));    #
-        &mov(&swtmp(0),"ecx");  #
+        &push("ecx");           # Up the stack for a tmp variable
+        &jz(&label("maw_finish"));
+        &set_label("maw_loop",16);
        for ($i=0; $i<32; $i+=4)
                {
                &comment("Round $i");
-                 &mov("eax",&DWP($i,$a,"",0));  # *a
+                 &mov("eax",&DWP($i,$a));       # *a
                &mul($w);                       # *a * w
-                &add("eax",$c);         # L(t)+= *r
+                &add("eax",$c);                 # L(t)+= c
-                 &mov($c,&DWP($i,$r,"",0));     # L(t)+= *r
                &adc("edx",0);                  # H(t)+=carry
-                 &add("eax",$c);                # L(t)+=c
+                 &add("eax",&DWP($i,$r));       # L(t)+= *r
                &adc("edx",0);                  # H(t)+=carry
-                 &mov(&DWP($i,$r,"",0),"eax");  # *r= L(t);
+                 &mov(&DWP($i,$r),"eax");       # *r= L(t);
                &mov($c,"edx");                 # c=  H(t);
                }
        &comment("");
-        &mov("ecx",&swtmp(0));  #
-        &add($a,32);
-        &add($r,32);
        &sub("ecx",8);
+        &lea($a,&DWP(32,$a));
+        &lea($r,&DWP(32,$r));
        &jnz(&label("maw_loop"));
        &set_label("maw_finish",0);
@@ -160,16 +188,15 @@ sub bn_mul_add_words
        for ($i=0; $i<7; $i++)
                {
                &comment("Tail Round $i");
-                 &mov("eax",&DWP($i*4,$a,"",0));# *a
+                 &mov("eax",&DWP($i*4,$a));     # *a
                &mul($w);                       # *a * w
                &add("eax",$c);                 # L(t)+=c
-                 &mov($c,&DWP($i*4,$r,"",0));   # L(t)+= *r
                &adc("edx",0);                  # H(t)+=carry
-                 &add("eax",$c);
+                 &add("eax",&DWP($i*4,$r));     # L(t)+= *r
                &adc("edx",0);                  # H(t)+=carry
                 &dec("ecx") if ($i != 7-1);
-                &mov(&DWP($i*4,$r,"",0),"eax"); # *r= L(t);
+                &mov(&DWP($i*4,$r),"eax");      # *r= L(t);
-                 &mov($c,"edx");                        # c=  H(t);
+                 &mov($c,"edx");                # c=  H(t);
                &jz(&label("maw_end")) if ($i != 7-1);
                }
        &set_label("maw_end",0);
@@ -184,7 +211,45 @@ sub bn_mul_words
        {
        local($name)=@_;
-        &function_begin($name,"");
+        &function_begin_B($name,$sse2?"EXTRN\t_OPENSSL_ia32cap_P:DWORD":"");
+        $r="eax";
+        $a="edx";
+        $c="ecx";
+        if ($sse2) {
+                &picmeup("eax","OPENSSL_ia32cap_P");
+                &bt(&DWP(0,"eax"),26);
+                &jnc(&label("mw_non_sse2"));
+                &mov($r,&wparam(0));
+                &mov($a,&wparam(1));
+                &mov($c,&wparam(2));
+                &movd("mm0",&wparam(3));        # mm0 = w
+                &pxor("mm1","mm1");             # mm1 = carry = 0
+        &set_label("mw_sse2_loop",16);
+                &movd("mm2",&DWP(0,$a));        # mm2 = a[i]
+                &pmuludq("mm2","mm0");          # a[i] *= w
+                &lea($a,&DWP(4,$a));
+                &paddq("mm1","mm2");            # carry += a[i]*w
+                &movd(&DWP(0,$r),"mm1");        # r[i] = carry_low
+                &sub($c,1);
+                &psrlq("mm1",32);               # carry = carry_high
+                &lea($r,&DWP(4,$r));
+                &jnz(&label("mw_sse2_loop"));
+                &movd("eax","mm1");             # return carry
+                &emms();
+                &ret();
+        &set_label("mw_non_sse2",16);
+        }
+        # function_begin prologue
+        &push("ebp");
+        &push("ebx");
+        &push("esi");
+        &push("edi");
        &comment("");
        $Low="eax";
@@ -257,7 +322,40 @@ sub bn_sqr_words
        {
        local($name)=@_;
-        &function_begin($name,"");
+        &function_begin_B($name,$sse2?"EXTRN\t_OPENSSL_ia32cap_P:DWORD":"");
+        $r="eax";
+        $a="edx";
+        $c="ecx";
+        if ($sse2) {
+                &picmeup("eax","OPENSSL_ia32cap_P");
+                &bt(&DWP(0,"eax"),26);
+                &jnc(&label("sqr_non_sse2"));
+                &mov($r,&wparam(0));
+                &mov($a,&wparam(1));
+                &mov($c,&wparam(2));
+        &set_label("sqr_sse2_loop",16);
+                &movd("mm0",&DWP(0,$a));        # mm0 = a[i]
+                &pmuludq("mm0","mm0");          # a[i] *= a[i]
+                &lea($a,&DWP(4,$a));            # a++
+                &movq(&QWP(0,$r),"mm0");        # r[i] = a[i]*a[i]
+                &sub($c,1);
+                &lea($r,&DWP(8,$r));            # r += 2
+                &jnz(&label("sqr_sse2_loop"));
+                &emms();
+                &ret();
+        &set_label("sqr_non_sse2",16);
+        }
+        # function_begin prologue
+        &push("ebp");
+        &push("ebx");
+        &push("esi");
+        &push("edi");
        &comment("");
        $r="esi";
@@ -313,12 +411,13 @@ sub bn_div_words
        {
        local($name)=@_;
-        &function_begin($name,"");
+        &function_begin_B($name,"");
        &mov("edx",&wparam(0)); #
        &mov("eax",&wparam(1)); #
-        &mov("ebx",&wparam(2)); #
+        &mov("ecx",&wparam(2)); #
-        &div("ebx");
+        &div("ecx");
-        &function_end($name);
+        &ret();
+        &function_end_B($name);
        }
 sub bn_add_words
diff --git a/src/lib/libcrypto/bn/asm/co-586.pl b/src/lib/libcrypto/bn/asm/co-586.pl
index 5d962cb957..57101a6bd7 100644
--- a/src/lib/libcrypto/bn/asm/co-586.pl
+++ b/src/lib/libcrypto/bn/asm/co-586.pl
@@ -1,6 +1,7 @@
 #!/usr/local/bin/perl
-push(@INC,"perlasm","../../perlasm");
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
 require "x86asm.pl";
 &asm_init($ARGV[0],$0);
diff --git a/src/lib/libcrypto/bn/asm/ppc.pl b/src/lib/libcrypto/bn/asm/ppc.pl
index 08e0053473..37c65d3511 100644
--- a/src/lib/libcrypto/bn/asm/ppc.pl
+++ b/src/lib/libcrypto/bn/asm/ppc.pl
@@ -100,9 +100,9 @@
 #       me a note at schari@us.ibm.com
 #
-$opf = shift;
+$flavour = shift;
-if ($opf =~ /32\.s/) {
+if ($flavour =~ /32/) {
        $BITS=  32;
        $BNSZ=  $BITS/8;
        $ISA=   "\"ppc\"";
@@ -125,7 +125,7 @@ if ($opf =~ /32\.s/) {
        $INSR=  "insrwi";       # insert right
        $ROTL=  "rotlwi";       # rotate left by immediate
        $TR=    "tw";           # conditional trap
-} elsif ($opf =~ /64\.s/) {
+} elsif ($flavour =~ /64/) {
        $BITS=  64;
        $BNSZ=  $BITS/8;
        $ISA=   "\"ppc64\"";
@@ -149,93 +149,16 @@ if ($opf =~ /32\.s/) {
        $INSR=  "insrdi";       # insert right 
        $ROTL=  "rotldi";       # rotate left by immediate
        $TR=    "td";           # conditional trap
-} else { die "nonsense $opf"; }
+} else { die "nonsense $flavour"; }
-( defined shift || open STDOUT,">$opf" ) || die "can't open $opf: $!";
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
+die "can't locate ppc-xlate.pl";
-# function entry points from the AIX code
+open STDOUT,"| $^X $xlate $flavour ".shift || die "can't call $xlate: $!";
-#
-# There are other, more elegant, ways to handle this. We (IBM) chose
-# this approach as it plays well with scripts we run to 'namespace'
-# OpenSSL .i.e. we add a prefix to all the public symbols so we can
-# co-exist in the same process with other implementations of OpenSSL.
-# 'cleverer' ways of doing these substitutions tend to hide data we
-# need to be obvious.
-#
-my @items = ("bn_sqr_comba4",
-             "bn_sqr_comba8",
-             "bn_mul_comba4",
-             "bn_mul_comba8",
-             "bn_sub_words",
-             "bn_add_words",
-             "bn_div_words",
-             "bn_sqr_words",
-             "bn_mul_words",
-             "bn_mul_add_words");
-if    ($opf =~ /linux/) {  do_linux();  }
+$data=<<EOF;
-elsif ($opf =~ /aix/)   {  do_aix();    }
-elsif ($opf =~ /osx/)   {  do_osx();    }
-else                    {  do_bsd();    }
-sub do_linux {
-    $d=&data();
-    if ($BITS==64) {
-      foreach $t (@items) {
-        $d =~ s/\.$t:/\
-\t.section\t".opd","aw"\
-\t.align\t3\
-\t.globl\t$t\
-$t:\
-\t.quad\t.$t,.TOC.\@tocbase,0\
-\t.size\t$t,24\
-\t.previous\n\
-\t.type\t.$t,\@function\
-\t.globl\t.$t\
-.$t:/g;
-      }
-    }
-    else {
-      foreach $t (@items) {
-        $d=~s/\.$t/$t/g;
-      }
-    }
-    # hide internal labels to avoid pollution of name table...
-    $d=~s/Lppcasm_/.Lppcasm_/gm;
-    print $d;
-}
-sub do_aix {
-    # AIX assembler is smart enough to please the linker without
-    # making us do something special...
-    print &data();
-}
-# MacOSX 32 bit
-sub do_osx {
-    $d=&data();
-    # Change the bn symbol prefix from '.' to '_'
-    foreach $t (@items) {
-      $d=~s/\.$t/_$t/g;
-    }
-    # Change .machine to something OS X asm will accept
-    $d=~s/\.machine.*/.text/g;
-    $d=~s/\#/;/g; # change comment from '#' to ';'
-    print $d;
-}
-# BSD (Untested)
-sub do_bsd {
-    $d=&data();
-    foreach $t (@items) {
-      $d=~s/\.$t/_$t/g;
-    }
-    print $d;
-}
-sub data {
-        local($data)=<<EOF;
 #--------------------------------------------------------------------
 #
 #
@@ -297,33 +220,20 @@ sub data {
 #
 #       Defines to be used in the assembly code.
 #       
-.set r0,0       # we use it as storage for value of 0
+#.set r0,0      # we use it as storage for value of 0
-.set SP,1       # preserved
+#.set SP,1      # preserved
-.set RTOC,2     # preserved 
+#.set RTOC,2    # preserved 
-.set r3,3       # 1st argument/return value
+#.set r3,3      # 1st argument/return value
-.set r4,4       # 2nd argument/volatile register
+#.set r4,4      # 2nd argument/volatile register
-.set r5,5       # 3rd argument/volatile register
+#.set r5,5      # 3rd argument/volatile register
-.set r6,6       # ...
+#.set r6,6      # ...
-.set r7,7
+#.set r7,7
-.set r8,8
+#.set r8,8
-.set r9,9
+#.set r9,9
-.set r10,10
+#.set r10,10
-.set r11,11
+#.set r11,11
-.set r12,12
+#.set r12,12
-.set r13,13     # not used, nor any other "below" it...
+#.set r13,13    # not used, nor any other "below" it...
-.set BO_IF_NOT,4
-.set BO_IF,12
-.set BO_dCTR_NZERO,16
-.set BO_dCTR_ZERO,18
-.set BO_ALWAYS,20
-.set CR0_LT,0;
-.set CR0_GT,1;
-.set CR0_EQ,2
-.set CR1_FX,4;
-.set CR1_FEX,5;
-.set CR1_VX,6
-.set LR,8
 #       Declare function names to be global
 #       NOTE:   For gcc these names MUST be changed to remove
@@ -344,7 +254,7 @@ sub data {
        
 # .text section
        
-        .machine        $ISA
+        .machine        "any"
 #
 #       NOTE:   The following label name should be changed to
@@ -478,7 +388,7 @@ sub data {
        $ST             r9,`6*$BNSZ`(r3)        #r[6]=c1
        $ST             r10,`7*$BNSZ`(r3)       #r[7]=c2
-        bclr    BO_ALWAYS,CR0_LT
+        blr
        .long   0x00000000
 #
@@ -903,7 +813,7 @@ sub data {
        $ST             r9, `15*$BNSZ`(r3)      #r[15]=c1;
-        bclr    BO_ALWAYS,CR0_LT
+        blr
        .long   0x00000000
@@ -1055,7 +965,7 @@ sub data {
        $ST     r10,`6*$BNSZ`(r3)       #r[6]=c1
        $ST     r11,`7*$BNSZ`(r3)       #r[7]=c2
-        bclr    BO_ALWAYS,CR0_LT
+        blr
        .long   0x00000000
 #
@@ -1591,7 +1501,7 @@ sub data {
        adde    r10,r10,r9
        $ST     r12,`14*$BNSZ`(r3)      #r[14]=c3;
        $ST     r10,`15*$BNSZ`(r3)      #r[15]=c1;
-        bclr    BO_ALWAYS,CR0_LT
+        blr
        .long   0x00000000
 #
@@ -1623,7 +1533,7 @@ sub data {
        subfc.  r7,r0,r6        # If r6 is 0 then result is 0.
                                # if r6 > 0 then result !=0
                                # In either case carry bit is set.
-        bc      BO_IF,CR0_EQ,Lppcasm_sub_adios
+        beq     Lppcasm_sub_adios
        addi    r4,r4,-$BNSZ
        addi    r3,r3,-$BNSZ
        addi    r5,r5,-$BNSZ
@@ -1635,11 +1545,11 @@ Lppcasm_sub_mainloop:
                                # if carry = 1 this is r7-r8. Else it
                                # is r7-r8 -1 as we need.
        $STU    r6,$BNSZ(r3)
-        bc      BO_dCTR_NZERO,CR0_EQ,Lppcasm_sub_mainloop
+        bdnz-   Lppcasm_sub_mainloop
 Lppcasm_sub_adios:      
        subfze  r3,r0           # if carry bit is set then r3 = 0 else -1
        andi.   r3,r3,1         # keep only last bit.
-        bclr    BO_ALWAYS,CR0_LT
+        blr
        .long   0x00000000
@@ -1670,7 +1580,7 @@ Lppcasm_sub_adios:
 #       check for r6 = 0. Is this needed?
 #
        addic.  r6,r6,0         #test r6 and clear carry bit.
-        bc      BO_IF,CR0_EQ,Lppcasm_add_adios
+        beq     Lppcasm_add_adios
        addi    r4,r4,-$BNSZ
        addi    r3,r3,-$BNSZ
        addi    r5,r5,-$BNSZ
@@ -1680,10 +1590,10 @@ Lppcasm_add_mainloop:
        $LDU    r8,$BNSZ(r5)
        adde    r8,r7,r8
        $STU    r8,$BNSZ(r3)
-        bc      BO_dCTR_NZERO,CR0_EQ,Lppcasm_add_mainloop
+        bdnz-   Lppcasm_add_mainloop
 Lppcasm_add_adios:      
        addze   r3,r0                   #return carry bit.
-        bclr    BO_ALWAYS,CR0_LT
+        blr
        .long   0x00000000
 #
@@ -1707,24 +1617,24 @@ Lppcasm_add_adios:
 #       r5 = d
        
        $UCMPI  0,r5,0                  # compare r5 and 0
-        bc      BO_IF_NOT,CR0_EQ,Lppcasm_div1   # proceed if d!=0
+        bne     Lppcasm_div1            # proceed if d!=0
        li      r3,-1                   # d=0 return -1
-        bclr    BO_ALWAYS,CR0_LT        
+        blr
 Lppcasm_div1:
        xor     r0,r0,r0                #r0=0
        li      r8,$BITS
        $CNTLZ. r7,r5                   #r7 = num leading 0s in d.
-        bc      BO_IF,CR0_EQ,Lppcasm_div2       #proceed if no leading zeros
+        beq     Lppcasm_div2            #proceed if no leading zeros
        subf    r8,r7,r8                #r8 = BN_num_bits_word(d)
        $SHR.   r9,r3,r8                #are there any bits above r8'th?
        $TR     16,r9,r0                #if there're, signal to dump core...
 Lppcasm_div2:
        $UCMP   0,r3,r5                 #h>=d?
-        bc      BO_IF,CR0_LT,Lppcasm_div3       #goto Lppcasm_div3 if not
+        blt     Lppcasm_div3            #goto Lppcasm_div3 if not
        subf    r3,r5,r3                #h-=d ; 
 Lppcasm_div3:                           #r7 = BN_BITS2-i. so r7=i
        cmpi    0,0,r7,0                # is (i == 0)?
-        bc      BO_IF,CR0_EQ,Lppcasm_div4
+        beq     Lppcasm_div4
        $SHL    r3,r3,r7                # h = (h<< i)
        $SHR    r8,r4,r8                # r8 = (l >> BN_BITS2 -i)
        $SHL    r5,r5,r7                # d<<=i
@@ -1741,7 +1651,7 @@ Lppcasm_divouterloop:
        $SHRI   r11,r4,`$BITS/2`        #r11= (l&BN_MASK2h)>>BN_BITS4
                                        # compute here for innerloop.
        $UCMP   0,r8,r9                 # is (h>>BN_BITS4)==dh
-        bc      BO_IF_NOT,CR0_EQ,Lppcasm_div5   # goto Lppcasm_div5 if not
+        bne     Lppcasm_div5            # goto Lppcasm_div5 if not
        li      r8,-1
        $CLRU   r8,r8,`$BITS/2`         #q = BN_MASK2l 
@@ -1762,9 +1672,9 @@ Lppcasm_divinnerloop:
                                        # the following 2 instructions do that
        $SHLI   r7,r10,`$BITS/2`        # r7 = (t<<BN_BITS4)
        or      r7,r7,r11               # r7|=((l&BN_MASK2h)>>BN_BITS4)
-        $UCMP   1,r6,r7                 # compare (tl <= r7)
+        $UCMP   cr1,r6,r7               # compare (tl <= r7)
-        bc      BO_IF_NOT,CR0_EQ,Lppcasm_divinnerexit
+        bne     Lppcasm_divinnerexit
-        bc      BO_IF_NOT,CR1_FEX,Lppcasm_divinnerexit
+        ble     cr1,Lppcasm_divinnerexit
        addi    r8,r8,-1                #q--
        subf    r12,r9,r12              #th -=dh
        $CLRU   r10,r5,`$BITS/2`        #r10=dl. t is no longer needed in loop.
@@ -1773,14 +1683,14 @@ Lppcasm_divinnerloop:
 Lppcasm_divinnerexit:
        $SHRI   r10,r6,`$BITS/2`        #t=(tl>>BN_BITS4)
        $SHLI   r11,r6,`$BITS/2`        #tl=(tl<<BN_BITS4)&BN_MASK2h;
-        $UCMP   1,r4,r11                # compare l and tl
+        $UCMP   cr1,r4,r11              # compare l and tl
        add     r12,r12,r10             # th+=t
-        bc      BO_IF_NOT,CR1_FX,Lppcasm_div7  # if (l>=tl) goto Lppcasm_div7
+        bge     cr1,Lppcasm_div7        # if (l>=tl) goto Lppcasm_div7
        addi    r12,r12,1               # th++
 Lppcasm_div7:
        subf    r11,r11,r4              #r11=l-tl
-        $UCMP   1,r3,r12                #compare h and th
+        $UCMP   cr1,r3,r12              #compare h and th
-        bc      BO_IF_NOT,CR1_FX,Lppcasm_div8   #if (h>=th) goto Lppcasm_div8
+        bge     cr1,Lppcasm_div8        #if (h>=th) goto Lppcasm_div8
        addi    r8,r8,-1                # q--
        add     r3,r5,r3                # h+=d
 Lppcasm_div8:
@@ -1791,12 +1701,12 @@ Lppcasm_div8:
                                        # the following 2 instructions will do this.
        $INSR   r11,r12,`$BITS/2`,`$BITS/2`     # r11 is the value we want rotated $BITS/2.
        $ROTL   r3,r11,`$BITS/2`        # rotate by $BITS/2 and store in r3
-        bc      BO_dCTR_ZERO,CR0_EQ,Lppcasm_div9#if (count==0) break ;
+        bdz     Lppcasm_div9            #if (count==0) break ;
        $SHLI   r0,r8,`$BITS/2`         #ret =q<<BN_BITS4
        b       Lppcasm_divouterloop
 Lppcasm_div9:
        or      r3,r8,r0
-        bclr    BO_ALWAYS,CR0_LT
+        blr
        .long   0x00000000
 #
@@ -1822,7 +1732,7 @@ Lppcasm_div9:
 #       No unrolling done here. Not performance critical.
        addic.  r5,r5,0                 #test r5.
-        bc      BO_IF,CR0_EQ,Lppcasm_sqr_adios
+        beq     Lppcasm_sqr_adios
        addi    r4,r4,-$BNSZ
        addi    r3,r3,-$BNSZ
        mtctr   r5
@@ -1833,9 +1743,9 @@ Lppcasm_sqr_mainloop:
        $UMULH  r8,r6,r6
        $STU    r7,$BNSZ(r3)
        $STU    r8,$BNSZ(r3)
-        bc      BO_dCTR_NZERO,CR0_EQ,Lppcasm_sqr_mainloop
+        bdnz-   Lppcasm_sqr_mainloop
 Lppcasm_sqr_adios:      
-        bclr    BO_ALWAYS,CR0_LT
+        blr
        .long   0x00000000
@@ -1858,7 +1768,7 @@ Lppcasm_sqr_adios:
        xor     r0,r0,r0
        xor     r12,r12,r12             # used for carry
        rlwinm. r7,r5,30,2,31           # num >> 2
-        bc      BO_IF,CR0_EQ,Lppcasm_mw_REM
+        beq     Lppcasm_mw_REM
        mtctr   r7
 Lppcasm_mw_LOOP:        
                                        #mul(rp[0],ap[0],w,c1);
@@ -1896,11 +1806,11 @@ Lppcasm_mw_LOOP:
        
        addi    r3,r3,`4*$BNSZ`
        addi    r4,r4,`4*$BNSZ`
-        bc      BO_dCTR_NZERO,CR0_EQ,Lppcasm_mw_LOOP
+        bdnz-   Lppcasm_mw_LOOP
 Lppcasm_mw_REM:
        andi.   r5,r5,0x3
-        bc      BO_IF,CR0_EQ,Lppcasm_mw_OVER
+        beq     Lppcasm_mw_OVER
                                        #mul(rp[0],ap[0],w,c1);
        $LD     r8,`0*$BNSZ`(r4)
        $UMULL  r9,r6,r8
@@ -1912,7 +1822,7 @@ Lppcasm_mw_REM:
        
        addi    r5,r5,-1
        cmpli   0,0,r5,0
-        bc      BO_IF,CR0_EQ,Lppcasm_mw_OVER
+        beq     Lppcasm_mw_OVER
        
                                        #mul(rp[1],ap[1],w,c1);
@@ -1926,7 +1836,7 @@ Lppcasm_mw_REM:
        
        addi    r5,r5,-1
        cmpli   0,0,r5,0
-        bc      BO_IF,CR0_EQ,Lppcasm_mw_OVER
+        beq     Lppcasm_mw_OVER
        
                                        #mul_add(rp[2],ap[2],w,c1);
        $LD     r8,`2*$BNSZ`(r4)
@@ -1939,7 +1849,7 @@ Lppcasm_mw_REM:
                
 Lppcasm_mw_OVER:        
        addi    r3,r12,0
-        bclr    BO_ALWAYS,CR0_LT
+        blr
        .long   0x00000000
 #
@@ -1964,7 +1874,7 @@ Lppcasm_mw_OVER:
        xor     r0,r0,r0                #r0 = 0
        xor     r12,r12,r12             #r12 = 0 . used for carry               
        rlwinm. r7,r5,30,2,31           # num >> 2
-        bc      BO_IF,CR0_EQ,Lppcasm_maw_leftover       # if (num < 4) go LPPCASM_maw_leftover
+        beq     Lppcasm_maw_leftover    # if (num < 4) go LPPCASM_maw_leftover
        mtctr   r7
 Lppcasm_maw_mainloop:   
                                        #mul_add(rp[0],ap[0],w,c1);
@@ -2017,11 +1927,11 @@ Lppcasm_maw_mainloop:
        $ST     r11,`3*$BNSZ`(r3)
        addi    r3,r3,`4*$BNSZ`
        addi    r4,r4,`4*$BNSZ`
-        bc      BO_dCTR_NZERO,CR0_EQ,Lppcasm_maw_mainloop
+        bdnz-   Lppcasm_maw_mainloop
        
 Lppcasm_maw_leftover:
        andi.   r5,r5,0x3
-        bc      BO_IF,CR0_EQ,Lppcasm_maw_adios
+        beq     Lppcasm_maw_adios
        addi    r3,r3,-$BNSZ
        addi    r4,r4,-$BNSZ
                                        #mul_add(rp[0],ap[0],w,c1);
@@ -2036,7 +1946,7 @@ Lppcasm_maw_leftover:
        addze   r12,r10
        $ST     r9,0(r3)
        
-        bc      BO_dCTR_ZERO,CR0_EQ,Lppcasm_maw_adios
+        bdz     Lppcasm_maw_adios
                                        #mul_add(rp[1],ap[1],w,c1);
        $LDU    r8,$BNSZ(r4)    
        $UMULL  r9,r6,r8
@@ -2048,7 +1958,7 @@ Lppcasm_maw_leftover:
        addze   r12,r10
        $ST     r9,0(r3)
        
-        bc      BO_dCTR_ZERO,CR0_EQ,Lppcasm_maw_adios
+        bdz     Lppcasm_maw_adios
                                        #mul_add(rp[2],ap[2],w,c1);
        $LDU    r8,$BNSZ(r4)
        $UMULL  r9,r6,r8
@@ -2062,17 +1972,10 @@ Lppcasm_maw_leftover:
                
 Lppcasm_maw_adios:      
        addi    r3,r12,0
-        bclr    BO_ALWAYS,CR0_LT
+        blr
        .long   0x00000000
        .align  4
 EOF
-        $data =~ s/\`([^\`]*)\`/eval $1/gem;
+$data =~ s/\`([^\`]*)\`/eval $1/gem;
+print $data;
-        # if some assembler chokes on some simplified mnemonic,
+close STDOUT;
-        # this is the spot to fix it up, e.g.:
-        # GNU as doesn't seem to accept cmplw, 32-bit unsigned compare
-        $data =~ s/^(\s*)cmplw(\s+)([^,]+),(.*)/$1cmpl$2$3,0,$4/gm;
-        # assembler X doesn't accept li, load immediate value
-        #$data =~ s/^(\s*)li(\s+)([^,]+),(.*)/$1addi$2$3,0,$4/gm;
-        return($data);
-}
diff --git a/src/lib/libcrypto/bn/asm/sparcv8plus.S b/src/lib/libcrypto/bn/asm/sparcv8plus.S
index 8c56e2e7e7..63de1860f2 100644
--- a/src/lib/libcrypto/bn/asm/sparcv8plus.S
+++ b/src/lib/libcrypto/bn/asm/sparcv8plus.S
@@ -144,6 +144,19 @@
 *          }
 */
+#if defined(__SUNPRO_C) && defined(__sparcv9)
+  /* They've said -xarch=v9 at command line */
+  .register     %g2,#scratch
+  .register     %g3,#scratch
+# define        FRAME_SIZE      -192
+#elif defined(__GNUC__) && defined(__arch64__)
+  /* They've said -m64 at command line */
+  .register     %g2,#scratch
+  .register     %g3,#scratch
+# define        FRAME_SIZE      -192
+#else 
+# define        FRAME_SIZE      -96
+#endif 
 /*
 * GNU assembler can't stand stuw:-(
 */
@@ -619,8 +632,6 @@ bn_sub_words:
 *                                                      Andy.
 */
-#define FRAME_SIZE      -96
 /*
 * Here is register usage map for *all* routines below.
 */
diff --git a/src/lib/libcrypto/bn/asm/x86_64-gcc.c b/src/lib/libcrypto/bn/asm/x86_64-gcc.c
index f13f52dd85..acb0b40118 100644
--- a/src/lib/libcrypto/bn/asm/x86_64-gcc.c
+++ b/src/lib/libcrypto/bn/asm/x86_64-gcc.c
@@ -1,4 +1,5 @@
-#ifdef __SUNPRO_C
+#include "../bn_lcl.h"
+#if !(defined(__GNUC__) && __GNUC__>=2)
 # include "../bn_asm.c" /* kind of dirty hack for Sun Studio */
 #else
 /*
@@ -54,7 +55,15 @@
 *    machine.
 */
+#ifdef _WIN64
+#define BN_ULONG unsigned long long
+#else
 #define BN_ULONG unsigned long
+#endif
+#undef mul
+#undef mul_add
+#undef sqr
 /*
 * "m"(a), "+m"(r)      is the way to favor DirectPath �-code;
@@ -97,7 +106,7 @@
                : "a"(a)                \
                : "cc");
-BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
+BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
        {
        BN_ULONG c1=0;
@@ -121,7 +130,7 @@ BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
        return(c1);
        } 
-BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
+BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
        {
        BN_ULONG c1=0;
@@ -144,7 +153,7 @@ BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
        return(c1);
        } 
-void bn_sqr_words(BN_ULONG *r, BN_ULONG *a, int n)
+void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
        {
        if (n <= 0) return;
@@ -175,14 +184,14 @@ BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
        return ret;
 }
-BN_ULONG bn_add_words (BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int n)
+BN_ULONG bn_add_words (BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int n)
 { BN_ULONG ret=0,i=0;
        if (n <= 0) return 0;
        asm (
        "       subq    %2,%2           \n"
-        ".align 16                      \n"
+        ".p2align 4                     \n"
        "1:     movq    (%4,%2,8),%0    \n"
        "       adcq    (%5,%2,8),%0    \n"
        "       movq    %0,(%3,%2,8)    \n"
@@ -198,14 +207,14 @@ BN_ULONG bn_add_words (BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int n)
 }
 #ifndef SIMICS
-BN_ULONG bn_sub_words (BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int n)
+BN_ULONG bn_sub_words (BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int n)
 { BN_ULONG ret=0,i=0;
        if (n <= 0) return 0;
        asm (
        "       subq    %2,%2           \n"
-        ".align 16                      \n"
+        ".p2align 4                     \n"
        "1:     movq    (%4,%2,8),%0    \n"
        "       sbbq    (%5,%2,8),%0    \n"
        "       movq    %0,(%3,%2,8)    \n"
@@ -485,7 +494,7 @@ void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
        r[7]=c2;
        }
-void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)
+void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a)
        {
        BN_ULONG t1,t2;
        BN_ULONG c1,c2,c3;
@@ -561,7 +570,7 @@ void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)
        r[15]=c1;
        }
-void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)
+void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a)
        {
        BN_ULONG t1,t2;
        BN_ULONG c1,c2,c3;
diff --git a/src/lib/libcrypto/bn/asm/x86_64-mont.pl b/src/lib/libcrypto/bn/asm/x86_64-mont.pl
index c43b69592a..3b7a6f243f 100755
--- a/src/lib/libcrypto/bn/asm/x86_64-mont.pl
+++ b/src/lib/libcrypto/bn/asm/x86_64-mont.pl
@@ -15,14 +15,18 @@
 # respectful 50%. It remains to be seen if loop unrolling and
 # dedicated squaring routine can provide further improvement...
-$output=shift;
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
 $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
 ( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
 ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
 die "can't locate x86_64-xlate.pl";
-open STDOUT,"| $^X $xlate $output";
+open STDOUT,"| $^X $xlate $flavour $output";
 # int bn_mul_mont(
 $rp="%rdi";     # BN_ULONG *rp,
@@ -55,13 +59,14 @@ bn_mul_mont:
        push    %r15
        mov     ${num}d,${num}d
-        lea     2($num),%rax
+        lea     2($num),%r10
-        mov     %rsp,%rbp
+        mov     %rsp,%r11
-        neg     %rax
+        neg     %r10
-        lea     (%rsp,%rax,8),%rsp      # tp=alloca(8*(num+2))
+        lea     (%rsp,%r10,8),%rsp      # tp=alloca(8*(num+2))
        and     \$-1024,%rsp            # minimize TLB usage
-        mov     %rbp,8(%rsp,$num,8)     # tp[num+1]=%rsp
+        mov     %r11,8(%rsp,$num,8)     # tp[num+1]=%rsp
+.Lprologue:
        mov     %rdx,$bp                # $bp reassigned, remember?
        mov     ($n0),$n0               # pull n0[0] value
@@ -197,18 +202,129 @@ bn_mul_mont:
        dec     $j
        jge     .Lcopy
-        mov     8(%rsp,$num,8),%rsp     # restore %rsp
+        mov     8(%rsp,$num,8),%rsi     # restore %rsp
        mov     \$1,%rax
+        mov     (%rsi),%r15
+        mov     8(%rsi),%r14
+        mov     16(%rsi),%r13
+        mov     24(%rsi),%r12
+        mov     32(%rsi),%rbp
+        mov     40(%rsi),%rbx
+        lea     48(%rsi),%rsp
+.Lepilogue:
+        ret
+.size   bn_mul_mont,.-bn_mul_mont
+.asciz  "Montgomery Multiplication for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
+.align  16
+___
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#               CONTEXT *context,DISPATCHER_CONTEXT *disp)
+if ($win64) {
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+$code.=<<___;
+.extern __imp_RtlVirtualUnwind
+.type   se_handler,\@abi-omnipotent
+.align  16
+se_handler:
+        push    %rsi
+        push    %rdi
+        push    %rbx
+        push    %rbp
+        push    %r12
+        push    %r13
+        push    %r14
+        push    %r15
+        pushfq
+        sub     \$64,%rsp
+        mov     120($context),%rax      # pull context->Rax
+        mov     248($context),%rbx      # pull context->Rip
+        lea     .Lprologue(%rip),%r10
+        cmp     %r10,%rbx               # context->Rip<.Lprologue
+        jb      .Lin_prologue
+        mov     152($context),%rax      # pull context->Rsp
+        lea     .Lepilogue(%rip),%r10
+        cmp     %r10,%rbx               # context->Rip>=.Lepilogue
+        jae     .Lin_prologue
+        mov     192($context),%r10      # pull $num
+        mov     8(%rax,%r10,8),%rax     # pull saved stack pointer
+        lea     48(%rax),%rax
+        mov     -8(%rax),%rbx
+        mov     -16(%rax),%rbp
+        mov     -24(%rax),%r12
+        mov     -32(%rax),%r13
+        mov     -40(%rax),%r14
+        mov     -48(%rax),%r15
+        mov     %rbx,144($context)      # restore context->Rbx
+        mov     %rbp,160($context)      # restore context->Rbp
+        mov     %r12,216($context)      # restore context->R12
+        mov     %r13,224($context)      # restore context->R13
+        mov     %r14,232($context)      # restore context->R14
+        mov     %r15,240($context)      # restore context->R15
+.Lin_prologue:
+        mov     8(%rax),%rdi
+        mov     16(%rax),%rsi
+        mov     %rax,152($context)      # restore context->Rsp
+        mov     %rsi,168($context)      # restore context->Rsi
+        mov     %rdi,176($context)      # restore context->Rdi
+        mov     40($disp),%rdi          # disp->ContextRecord
+        mov     $context,%rsi           # context
+        mov     \$154,%ecx              # sizeof(CONTEXT)
+        .long   0xa548f3fc              # cld; rep movsq
+        mov     $disp,%rsi
+        xor     %rcx,%rcx               # arg1, UNW_FLAG_NHANDLER
+        mov     8(%rsi),%rdx            # arg2, disp->ImageBase
+        mov     0(%rsi),%r8             # arg3, disp->ControlPc
+        mov     16(%rsi),%r9            # arg4, disp->FunctionEntry
+        mov     40(%rsi),%r10           # disp->ContextRecord
+        lea     56(%rsi),%r11           # &disp->HandlerData
+        lea     24(%rsi),%r12           # &disp->EstablisherFrame
+        mov     %r10,32(%rsp)           # arg5
+        mov     %r11,40(%rsp)           # arg6
+        mov     %r12,48(%rsp)           # arg7
+        mov     %rcx,56(%rsp)           # arg8, (NULL)
+        call    *__imp_RtlVirtualUnwind(%rip)
+        mov     \$1,%eax                # ExceptionContinueSearch
+        add     \$64,%rsp
+        popfq
        pop     %r15
        pop     %r14
        pop     %r13
        pop     %r12
        pop     %rbp
        pop     %rbx
+        pop     %rdi
+        pop     %rsi
        ret
-.size   bn_mul_mont,.-bn_mul_mont
+.size   se_handler,.-se_handler
-.asciz  "Montgomery Multiplication for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
+.section        .pdata
+.align  4
+        .rva    .LSEH_begin_bn_mul_mont
+        .rva    .LSEH_end_bn_mul_mont
+        .rva    .LSEH_info_bn_mul_mont
+.section        .xdata
+.align  8
+.LSEH_info_bn_mul_mont:
+        .byte   9,0,0,0
+        .rva    se_handler
 ___
+}
 print $code;
 close STDOUT;
diff --git a/src/lib/libcrypto/bn/bn.h b/src/lib/libcrypto/bn/bn.h
index f1719a5877..e484b7fc11 100644
--- a/src/lib/libcrypto/bn/bn.h
+++ b/src/lib/libcrypto/bn/bn.h
@@ -56,6 +56,59 @@
 * [including the GNU Public Licence.]
 */
 /* ====================================================================
+ * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* ====================================================================
 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
 *
 * Portions of the attached software ("Contribution") are developed by 
@@ -77,6 +130,7 @@
 #include <stdio.h> /* FILE */
 #endif
 #include <openssl/ossl_typ.h>
+#include <openssl/crypto.h>
 #ifdef  __cplusplus
 extern "C" {
@@ -94,9 +148,11 @@ extern "C" {
 /* #define BN_DEBUG */
 /* #define BN_DEBUG_RAND */
+#ifndef OPENSSL_SMALL_FOOTPRINT
 #define BN_MUL_COMBA
 #define BN_SQR_COMBA
 #define BN_RECURSION
+#endif
 /* This next option uses the C libraries (2 word)/(1 word) function.
 * If it is not defined, I use my C version (which is slower).
@@ -137,6 +193,8 @@ extern "C" {
 #define BN_DEC_FMT1     "%lu"
 #define BN_DEC_FMT2     "%019lu"
 #define BN_DEC_NUM      19
+#define BN_HEX_FMT1     "%lX"
+#define BN_HEX_FMT2     "%016lX"
 #endif
 /* This is where the long long data type is 64 bits, but long is 32.
@@ -162,83 +220,37 @@ extern "C" {
 #define BN_DEC_FMT1     "%llu"
 #define BN_DEC_FMT2     "%019llu"
 #define BN_DEC_NUM      19
+#define BN_HEX_FMT1     "%llX"
+#define BN_HEX_FMT2     "%016llX"
 #endif
 #ifdef THIRTY_TWO_BIT
 #ifdef BN_LLONG
-# if defined(OPENSSL_SYS_WIN32) && !defined(__GNUC__)
+# if defined(_WIN32) && !defined(__GNUC__)
 #  define BN_ULLONG     unsigned __int64
+#  define BN_MASK       (0xffffffffffffffffI64)
 # else
 #  define BN_ULLONG     unsigned long long
+#  define BN_MASK       (0xffffffffffffffffLL)
 # endif
 #endif
-#define BN_ULONG        unsigned long
+#define BN_ULONG        unsigned int
-#define BN_LONG         long
+#define BN_LONG         int
 #define BN_BITS         64
 #define BN_BYTES        4
 #define BN_BITS2        32
 #define BN_BITS4        16
-#ifdef OPENSSL_SYS_WIN32
-/* VC++ doesn't like the LL suffix */
-#define BN_MASK         (0xffffffffffffffffL)
-#else
-#define BN_MASK         (0xffffffffffffffffLL)
-#endif
 #define BN_MASK2        (0xffffffffL)
 #define BN_MASK2l       (0xffff)
 #define BN_MASK2h1      (0xffff8000L)
 #define BN_MASK2h       (0xffff0000L)
 #define BN_TBIT         (0x80000000L)
 #define BN_DEC_CONV     (1000000000L)
-#define BN_DEC_FMT1     "%lu"
-#define BN_DEC_FMT2     "%09lu"
-#define BN_DEC_NUM      9
-#endif
-#ifdef SIXTEEN_BIT
-#ifndef BN_DIV2W
-#define BN_DIV2W
-#endif
-#define BN_ULLONG       unsigned long
-#define BN_ULONG        unsigned short
-#define BN_LONG         short
-#define BN_BITS         32
-#define BN_BYTES        2
-#define BN_BITS2        16
-#define BN_BITS4        8
-#define BN_MASK         (0xffffffff)
-#define BN_MASK2        (0xffff)
-#define BN_MASK2l       (0xff)
-#define BN_MASK2h1      (0xff80)
-#define BN_MASK2h       (0xff00)
-#define BN_TBIT         (0x8000)
-#define BN_DEC_CONV     (100000)
 #define BN_DEC_FMT1     "%u"
-#define BN_DEC_FMT2     "%05u"
+#define BN_DEC_FMT2     "%09u"
-#define BN_DEC_NUM      5
+#define BN_DEC_NUM      9
-#endif
+#define BN_HEX_FMT1     "%X"
+#define BN_HEX_FMT2     "%08X"
-#ifdef EIGHT_BIT
-#ifndef BN_DIV2W
-#define BN_DIV2W
-#endif
-#define BN_ULLONG       unsigned short
-#define BN_ULONG        unsigned char
-#define BN_LONG         char
-#define BN_BITS         16
-#define BN_BYTES        1
-#define BN_BITS2        8
-#define BN_BITS4        4
-#define BN_MASK         (0xffff)
-#define BN_MASK2        (0xff)
-#define BN_MASK2l       (0xf)
-#define BN_MASK2h1      (0xf8)
-#define BN_MASK2h       (0xf0)
-#define BN_TBIT         (0x80)
-#define BN_DEC_CONV     (100)
-#define BN_DEC_FMT1     "%u"
-#define BN_DEC_FMT2     "%02u"
-#define BN_DEC_NUM      2
 #endif
 #define BN_DEFAULT_BITS 1280
@@ -303,12 +315,8 @@ struct bn_mont_ctx_st
        BIGNUM N;      /* The modulus */
        BIGNUM Ni;     /* R*(1/R mod N) - N*Ni = 1
                        * (Ni is only stored for bignum algorithm) */
-#if 0
+        BN_ULONG n0[2];/* least significant word(s) of Ni;
-        /* OpenSSL 0.9.9 preview: */
+                          (type changed with 0.9.9, was "BN_ULONG n0;" before) */
-        BN_ULONG n0[2];/* least significant word(s) of Ni */
-#else
-        BN_ULONG n0;   /* least significant word of Ni */
-#endif
        int flags;
        };
@@ -504,6 +512,7 @@ char *	BN_bn2hex(const BIGNUM *a);
 char *  BN_bn2dec(const BIGNUM *a);
 int     BN_hex2bn(BIGNUM **a, const char *str);
 int     BN_dec2bn(BIGNUM **a, const char *str);
+int     BN_asc2bn(BIGNUM **a, const char *str);
 int     BN_gcd(BIGNUM *r,const BIGNUM *a,const BIGNUM *b,BN_CTX *ctx);
 int     BN_kronecker(const BIGNUM *a,const BIGNUM *b,BN_CTX *ctx); /* returns -2 for error */
 BIGNUM *BN_mod_inverse(BIGNUM *ret,
@@ -531,17 +540,6 @@ int	BN_is_prime_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, BN_GENCB *cb);
 int     BN_is_prime_fasttest_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx,
                int do_trial_division, BN_GENCB *cb);
-int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx);
-int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
-                        const BIGNUM *Xp, const BIGNUM *Xp1, const BIGNUM *Xp2,
-                        const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb);
-int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
-                        BIGNUM *Xp1, BIGNUM *Xp2,
-                        const BIGNUM *Xp,
-                        const BIGNUM *e, BN_CTX *ctx,
-                        BN_GENCB *cb);
 BN_MONT_CTX *BN_MONT_CTX_new(void );
 void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
 int BN_mod_mul_montgomery(BIGNUM *r,const BIGNUM *a,const BIGNUM *b,
@@ -560,19 +558,22 @@ BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,
 #define BN_BLINDING_NO_UPDATE   0x00000001
 #define BN_BLINDING_NO_RECREATE 0x00000002
-BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, /* const */ BIGNUM *mod);
+BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod);
 void BN_BLINDING_free(BN_BLINDING *b);
 int BN_BLINDING_update(BN_BLINDING *b,BN_CTX *ctx);
 int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
 int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
 int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *);
 int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *);
+#ifndef OPENSSL_NO_DEPRECATED
 unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *);
 void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long);
+#endif
+CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *);
 unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);
 void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);
 BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
-        const BIGNUM *e, /* const */ BIGNUM *m, BN_CTX *ctx,
+        const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
        int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
                          const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx),
        BN_MONT_CTX *m_ctx);
@@ -625,24 +626,24 @@ int	BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
 *     t^p[0] + t^p[1] + ... + t^p[k]
 * where m = p[0] > p[1] > ... > p[k] = 0.
 */
-int     BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[]);
+int     BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[]);
        /* r = a mod p */
 int     BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-        const unsigned int p[], BN_CTX *ctx); /* r = (a * b) mod p */
+        const int p[], BN_CTX *ctx); /* r = (a * b) mod p */
-int     BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[],
+int     BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[],
        BN_CTX *ctx); /* r = (a * a) mod p */
-int     BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const unsigned int p[],
+int     BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const int p[],
        BN_CTX *ctx); /* r = (1 / b) mod p */
 int     BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-        const unsigned int p[], BN_CTX *ctx); /* r = (a / b) mod p */
+        const int p[], BN_CTX *ctx); /* r = (a / b) mod p */
 int     BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-        const unsigned int p[], BN_CTX *ctx); /* r = (a ^ b) mod p */
+        const int p[], BN_CTX *ctx); /* r = (a ^ b) mod p */
 int     BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a,
-        const unsigned int p[], BN_CTX *ctx); /* r = sqrt(a) mod p */
+        const int p[], BN_CTX *ctx); /* r = sqrt(a) mod p */
 int     BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a,
-        const unsigned int p[], BN_CTX *ctx); /* r^2 + r = a mod p */
+        const int p[], BN_CTX *ctx); /* r^2 + r = a mod p */
-int     BN_GF2m_poly2arr(const BIGNUM *a, unsigned int p[], int max);
+int     BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max);
-int     BN_GF2m_arr2poly(const unsigned int p[], BIGNUM *a);
+int     BN_GF2m_arr2poly(const int p[], BIGNUM *a);
 /* faster mod functions for the 'NIST primes' 
 * 0 <= a < p^2 */
@@ -751,10 +752,12 @@ int RAND_pseudo_bytes(unsigned char *buf,int num);
 #define bn_correct_top(a) \
        { \
        BN_ULONG *ftl; \
-        if ((a)->top > 0) \
+        int tmp_top = (a)->top; \
+        if (tmp_top > 0) \
                { \
-                for (ftl= &((a)->d[(a)->top-1]); (a)->top > 0; (a)->top--) \
+                for (ftl= &((a)->d[tmp_top-1]); tmp_top > 0; tmp_top--) \
-                if (*(ftl--)) break; \
+                        if (*(ftl--)) break; \
+                (a)->top = tmp_top; \
                } \
        bn_pollute(a); \
        }
diff --git a/src/lib/libcrypto/bn/bn_asm.c b/src/lib/libcrypto/bn/bn_asm.c
index 99bc2de491..c43c91cc09 100644
--- a/src/lib/libcrypto/bn/bn_asm.c
+++ b/src/lib/libcrypto/bn/bn_asm.c
@@ -75,6 +75,7 @@ BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
        assert(num >= 0);
        if (num <= 0) return(c1);
+#ifndef OPENSSL_SMALL_FOOTPRINT
        while (num&~3)
                {
                mul_add(rp[0],ap[0],w,c1);
@@ -83,11 +84,11 @@ BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
                mul_add(rp[3],ap[3],w,c1);
                ap+=4; rp+=4; num-=4;
                }
-        if (num)
+#endif
+        while (num)
                {
-                mul_add(rp[0],ap[0],w,c1); if (--num==0) return c1;
+                mul_add(rp[0],ap[0],w,c1);
-                mul_add(rp[1],ap[1],w,c1); if (--num==0) return c1;
+                ap++; rp++; num--;
-                mul_add(rp[2],ap[2],w,c1); return c1;
                }
        
        return(c1);
@@ -100,6 +101,7 @@ BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
        assert(num >= 0);
        if (num <= 0) return(c1);
+#ifndef OPENSSL_SMALL_FOOTPRINT
        while (num&~3)
                {
                mul(rp[0],ap[0],w,c1);
@@ -108,11 +110,11 @@ BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
                mul(rp[3],ap[3],w,c1);
                ap+=4; rp+=4; num-=4;
                }
-        if (num)
+#endif
+        while (num)
                {
-                mul(rp[0],ap[0],w,c1); if (--num == 0) return c1;
+                mul(rp[0],ap[0],w,c1);
-                mul(rp[1],ap[1],w,c1); if (--num == 0) return c1;
+                ap++; rp++; num--;
-                mul(rp[2],ap[2],w,c1);
                }
        return(c1);
        } 
@@ -121,6 +123,8 @@ void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
        {
        assert(n >= 0);
        if (n <= 0) return;
+#ifndef OPENSSL_SMALL_FOOTPRINT
        while (n&~3)
                {
                sqr(r[0],r[1],a[0]);
@@ -129,11 +133,11 @@ void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
                sqr(r[6],r[7],a[3]);
                a+=4; r+=8; n-=4;
                }
-        if (n)
+#endif
+        while (n)
                {
-                sqr(r[0],r[1],a[0]); if (--n == 0) return;
+                sqr(r[0],r[1],a[0]);
-                sqr(r[2],r[3],a[1]); if (--n == 0) return;
+                a++; r+=2; n--;
-                sqr(r[4],r[5],a[2]);
                }
        }
@@ -150,18 +154,20 @@ BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
        bl=LBITS(w);
        bh=HBITS(w);
-        for (;;)
+#ifndef OPENSSL_SMALL_FOOTPRINT
+        while (num&~3)
                {
                mul_add(rp[0],ap[0],bl,bh,c);
-                if (--num == 0) break;
                mul_add(rp[1],ap[1],bl,bh,c);
-                if (--num == 0) break;
                mul_add(rp[2],ap[2],bl,bh,c);
-                if (--num == 0) break;
                mul_add(rp[3],ap[3],bl,bh,c);
-                if (--num == 0) break;
+                ap+=4; rp+=4; num-=4;
-                ap+=4;
+                }
-                rp+=4;
+#endif
+        while (num)
+                {
+                mul_add(rp[0],ap[0],bl,bh,c);
+                ap++; rp++; num--;
                }
        return(c);
        } 
@@ -177,18 +183,20 @@ BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
        bl=LBITS(w);
        bh=HBITS(w);
-        for (;;)
+#ifndef OPENSSL_SMALL_FOOTPRINT
+        while (num&~3)
                {
                mul(rp[0],ap[0],bl,bh,carry);
-                if (--num == 0) break;
                mul(rp[1],ap[1],bl,bh,carry);
-                if (--num == 0) break;
                mul(rp[2],ap[2],bl,bh,carry);
-                if (--num == 0) break;
                mul(rp[3],ap[3],bl,bh,carry);
-                if (--num == 0) break;
+                ap+=4; rp+=4; num-=4;
-                ap+=4;
+                }
-                rp+=4;
+#endif
+        while (num)
+                {
+                mul(rp[0],ap[0],bl,bh,carry);
+                ap++; rp++; num--;
                }
        return(carry);
        } 
@@ -197,22 +205,21 @@ void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
        {
        assert(n >= 0);
        if (n <= 0) return;
-        for (;;)
+#ifndef OPENSSL_SMALL_FOOTPRINT
+        while (n&~3)
                {
                sqr64(r[0],r[1],a[0]);
-                if (--n == 0) break;
                sqr64(r[2],r[3],a[1]);
-                if (--n == 0) break;
                sqr64(r[4],r[5],a[2]);
-                if (--n == 0) break;
                sqr64(r[6],r[7],a[3]);
-                if (--n == 0) break;
+                a+=4; r+=8; n-=4;
+                }
-                a+=4;
+#endif
-                r+=8;
+        while (n)
+                {
+                sqr64(r[0],r[1],a[0]);
+                a++; r+=2; n--;
                }
        }
@@ -303,31 +310,30 @@ BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
        assert(n >= 0);
        if (n <= 0) return((BN_ULONG)0);
-        for (;;)
+#ifndef OPENSSL_SMALL_FOOTPRINT
+        while (n&~3)
                {
                ll+=(BN_ULLONG)a[0]+b[0];
                r[0]=(BN_ULONG)ll&BN_MASK2;
                ll>>=BN_BITS2;
-                if (--n <= 0) break;
                ll+=(BN_ULLONG)a[1]+b[1];
                r[1]=(BN_ULONG)ll&BN_MASK2;
                ll>>=BN_BITS2;
-                if (--n <= 0) break;
                ll+=(BN_ULLONG)a[2]+b[2];
                r[2]=(BN_ULONG)ll&BN_MASK2;
                ll>>=BN_BITS2;
-                if (--n <= 0) break;
                ll+=(BN_ULLONG)a[3]+b[3];
                r[3]=(BN_ULONG)ll&BN_MASK2;
                ll>>=BN_BITS2;
-                if (--n <= 0) break;
+                a+=4; b+=4; r+=4; n-=4;
+                }
-                a+=4;
+#endif
-                b+=4;
+        while (n)
-                r+=4;
+                {
+                ll+=(BN_ULLONG)a[0]+b[0];
+                r[0]=(BN_ULONG)ll&BN_MASK2;
+                ll>>=BN_BITS2;
+                a++; b++; r++; n--;
                }
        return((BN_ULONG)ll);
        }
@@ -340,7 +346,8 @@ BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
        if (n <= 0) return((BN_ULONG)0);
        c=0;
-        for (;;)
+#ifndef OPENSSL_SMALL_FOOTPRINT
+        while (n&~3)
                {
                t=a[0];
                t=(t+c)&BN_MASK2;
@@ -348,35 +355,36 @@ BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
                l=(t+b[0])&BN_MASK2;
                c+=(l < t);
                r[0]=l;
-                if (--n <= 0) break;
                t=a[1];
                t=(t+c)&BN_MASK2;
                c=(t < c);
                l=(t+b[1])&BN_MASK2;
                c+=(l < t);
                r[1]=l;
-                if (--n <= 0) break;
                t=a[2];
                t=(t+c)&BN_MASK2;
                c=(t < c);
                l=(t+b[2])&BN_MASK2;
                c+=(l < t);
                r[2]=l;
-                if (--n <= 0) break;
                t=a[3];
                t=(t+c)&BN_MASK2;
                c=(t < c);
                l=(t+b[3])&BN_MASK2;
                c+=(l < t);
                r[3]=l;
-                if (--n <= 0) break;
+                a+=4; b+=4; r+=4; n-=4;
+                }
-                a+=4;
+#endif
-                b+=4;
+        while(n)
-                r+=4;
+                {
+                t=a[0];
+                t=(t+c)&BN_MASK2;
+                c=(t < c);
+                l=(t+b[0])&BN_MASK2;
+                c+=(l < t);
+                r[0]=l;
+                a++; b++; r++; n--;
                }
        return((BN_ULONG)c);
        }
@@ -390,36 +398,35 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
        assert(n >= 0);
        if (n <= 0) return((BN_ULONG)0);
-        for (;;)
+#ifndef OPENSSL_SMALL_FOOTPRINT
+        while (n&~3)
                {
                t1=a[0]; t2=b[0];
                r[0]=(t1-t2-c)&BN_MASK2;
                if (t1 != t2) c=(t1 < t2);
-                if (--n <= 0) break;
                t1=a[1]; t2=b[1];
                r[1]=(t1-t2-c)&BN_MASK2;
                if (t1 != t2) c=(t1 < t2);
-                if (--n <= 0) break;
                t1=a[2]; t2=b[2];
                r[2]=(t1-t2-c)&BN_MASK2;
                if (t1 != t2) c=(t1 < t2);
-                if (--n <= 0) break;
                t1=a[3]; t2=b[3];
                r[3]=(t1-t2-c)&BN_MASK2;
                if (t1 != t2) c=(t1 < t2);
-                if (--n <= 0) break;
+                a+=4; b+=4; r+=4; n-=4;
+                }
-                a+=4;
+#endif
-                b+=4;
+        while (n)
-                r+=4;
+                {
+                t1=a[0]; t2=b[0];
+                r[0]=(t1-t2-c)&BN_MASK2;
+                if (t1 != t2) c=(t1 < t2);
+                a++; b++; r++; n--;
                }
        return(c);
        }
-#ifdef BN_MUL_COMBA
+#if defined(BN_MUL_COMBA) && !defined(OPENSSL_SMALL_FOOTPRINT)
 #undef bn_mul_comba8
 #undef bn_mul_comba4
@@ -820,18 +827,134 @@ void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a)
        r[6]=c1;
        r[7]=c2;
        }
+#ifdef OPENSSL_NO_ASM
+#ifdef OPENSSL_BN_ASM_MONT
+#include <alloca.h>
+/*
+ * This is essentially reference implementation, which may or may not
+ * result in performance improvement. E.g. on IA-32 this routine was
+ * observed to give 40% faster rsa1024 private key operations and 10%
+ * faster rsa4096 ones, while on AMD64 it improves rsa1024 sign only
+ * by 10% and *worsens* rsa4096 sign by 15%. Once again, it's a
+ * reference implementation, one to be used as starting point for
+ * platform-specific assembler. Mentioned numbers apply to compiler
+ * generated code compiled with and without -DOPENSSL_BN_ASM_MONT and
+ * can vary not only from platform to platform, but even for compiler
+ * versions. Assembler vs. assembler improvement coefficients can
+ * [and are known to] differ and are to be documented elsewhere.
+ */
+int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0p, int num)
+        {
+        BN_ULONG c0,c1,ml,*tp,n0;
+#ifdef mul64
+        BN_ULONG mh;
+#endif
+        volatile BN_ULONG *vp;
+        int i=0,j;
+#if 0   /* template for platform-specific implementation */
+        if (ap==bp)     return bn_sqr_mont(rp,ap,np,n0p,num);
+#endif
+        vp = tp = alloca((num+2)*sizeof(BN_ULONG));
+        n0 = *n0p;
+        c0 = 0;
+        ml = bp[0];
+#ifdef mul64
+        mh = HBITS(ml);
+        ml = LBITS(ml);
+        for (j=0;j<num;++j)
+                mul(tp[j],ap[j],ml,mh,c0);
+#else
+        for (j=0;j<num;++j)
+                mul(tp[j],ap[j],ml,c0);
+#endif
+        tp[num]   = c0;
+        tp[num+1] = 0;
+        goto enter;
+        for(i=0;i<num;i++)
+                {
+                c0 = 0;
+                ml = bp[i];
+#ifdef mul64
+                mh = HBITS(ml);
+                ml = LBITS(ml);
+                for (j=0;j<num;++j)
+                        mul_add(tp[j],ap[j],ml,mh,c0);
+#else
+                for (j=0;j<num;++j)
+                        mul_add(tp[j],ap[j],ml,c0);
+#endif
+                c1 = (tp[num] + c0)&BN_MASK2;
+                tp[num]   = c1;
+                tp[num+1] = (c1<c0?1:0);
+        enter:
+                c1  = tp[0];
+                ml = (c1*n0)&BN_MASK2;
+                c0 = 0;
+#ifdef mul64
+                mh = HBITS(ml);
+                ml = LBITS(ml);
+                mul_add(c1,np[0],ml,mh,c0);
+#else
+                mul_add(c1,ml,np[0],c0);
+#endif
+                for(j=1;j<num;j++)
+                        {
+                        c1 = tp[j];
+#ifdef mul64
+                        mul_add(c1,np[j],ml,mh,c0);
+#else
+                        mul_add(c1,ml,np[j],c0);
+#endif
+                        tp[j-1] = c1&BN_MASK2;
+                        }
+                c1        = (tp[num] + c0)&BN_MASK2;
+                tp[num-1] = c1;
+                tp[num]   = tp[num+1] + (c1<c0?1:0);
+                }
+        if (tp[num]!=0 || tp[num-1]>=np[num-1])
+                {
+                c0 = bn_sub_words(rp,tp,np,num);
+                if (tp[num]!=0 || c0==0)
+                        {
+                        for(i=0;i<num+2;i++)    vp[i] = 0;
+                        return 1;
+                        }
+                }
+        for(i=0;i<num;i++)      rp[i] = tp[i],  vp[i] = 0;
+        vp[num]   = 0;
+        vp[num+1] = 0;
+        return 1;
+        }
+#else
+/*
+ * Return value of 0 indicates that multiplication/convolution was not
+ * performed to signal the caller to fall down to alternative/original
+ * code-path.
+ */
+int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0, int num)
+{       return 0;       }
+#endif /* OPENSSL_BN_ASM_MONT */
+#endif
 #else /* !BN_MUL_COMBA */
 /* hmm... is it faster just to do a multiply? */
 #undef bn_sqr_comba4
-void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)
+void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a)
        {
        BN_ULONG t[8];
        bn_sqr_normal(r,a,4,t);
        }
 #undef bn_sqr_comba8
-void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)
+void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a)
        {
        BN_ULONG t[16];
        bn_sqr_normal(r,a,8,t);
@@ -857,4 +980,51 @@ void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
        r[15]=bn_mul_add_words(&(r[7]),a,8,b[7]);
        }
+#ifdef OPENSSL_NO_ASM
+#ifdef OPENSSL_BN_ASM_MONT
+#include <alloca.h>
+int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0p, int num)
+        {
+        BN_ULONG c0,c1,*tp,n0=*n0p;
+        volatile BN_ULONG *vp;
+        int i=0,j;
+        vp = tp = alloca((num+2)*sizeof(BN_ULONG));
+        for(i=0;i<=num;i++)     tp[i]=0;
+        for(i=0;i<num;i++)
+                {
+                c0         = bn_mul_add_words(tp,ap,num,bp[i]);
+                c1         = (tp[num] + c0)&BN_MASK2;
+                tp[num]    = c1;
+                tp[num+1]  = (c1<c0?1:0);
+                c0         = bn_mul_add_words(tp,np,num,tp[0]*n0);
+                c1         = (tp[num] + c0)&BN_MASK2;
+                tp[num]    = c1;
+                tp[num+1] += (c1<c0?1:0);
+                for(j=0;j<=num;j++)     tp[j]=tp[j+1];
+                }
+        if (tp[num]!=0 || tp[num-1]>=np[num-1])
+                {
+                c0 = bn_sub_words(rp,tp,np,num);
+                if (tp[num]!=0 || c0==0)
+                        {
+                        for(i=0;i<num+2;i++)    vp[i] = 0;
+                        return 1;
+                        }
+                }
+        for(i=0;i<num;i++)      rp[i] = tp[i],  vp[i] = 0;
+        vp[num]   = 0;
+        vp[num+1] = 0;
+        return 1;
+        }
+#else
+int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0, int num)
+{       return 0;       }
+#endif /* OPENSSL_BN_ASM_MONT */
+#endif
 #endif /* !BN_MUL_COMBA */
diff --git a/src/lib/libcrypto/bn/bn_blind.c b/src/lib/libcrypto/bn/bn_blind.c
index c11fb4ccc2..e060592fdc 100644
--- a/src/lib/libcrypto/bn/bn_blind.c
+++ b/src/lib/libcrypto/bn/bn_blind.c
@@ -1,6 +1,6 @@
 /* crypto/bn/bn_blind.c */
 /* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -121,8 +121,11 @@ struct bn_blinding_st
        BIGNUM *Ai;
        BIGNUM *e;
        BIGNUM *mod; /* just a reference */
+#ifndef OPENSSL_NO_DEPRECATED
        unsigned long thread_id; /* added in OpenSSL 0.9.6j and 0.9.7b;
                                  * used only by crypto/rsa/rsa_eay.c, rsa_lib.c */
+#endif
+        CRYPTO_THREADID tid;
        unsigned int  counter;
        unsigned long flags;
        BN_MONT_CTX *m_ctx;
@@ -131,7 +134,7 @@ struct bn_blinding_st
                          BN_MONT_CTX *m_ctx);
        };
-BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, /* const */ BIGNUM *mod)
+BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod)
        {
        BN_BLINDING *ret=NULL;
@@ -158,6 +161,7 @@ BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, /* const */ BIGN
                BN_set_flags(ret->mod, BN_FLG_CONSTTIME);
        ret->counter = BN_BLINDING_COUNTER;
+        CRYPTO_THREADID_current(&ret->tid);
        return(ret);
 err:
        if (ret != NULL) BN_BLINDING_free(ret);
@@ -263,6 +267,7 @@ int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *ct
        return(ret);
        }
+#ifndef OPENSSL_NO_DEPRECATED
 unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *b)
        {
        return b->thread_id;
@@ -272,6 +277,12 @@ void BN_BLINDING_set_thread_id(BN_BLINDING *b, unsigned long n)
        {
        b->thread_id = n;
        }
+#endif
+CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *b)
+        {
+        return &b->tid;
+        }
 unsigned long BN_BLINDING_get_flags(const BN_BLINDING *b)
        {
@@ -284,7 +295,7 @@ void BN_BLINDING_set_flags(BN_BLINDING *b, unsigned long flags)
        }
 BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
-        const BIGNUM *e, /* const */ BIGNUM *m, BN_CTX *ctx,
+        const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
        int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
                          const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx),
        BN_MONT_CTX *m_ctx)
diff --git a/src/lib/libcrypto/bn/bn_ctx.c b/src/lib/libcrypto/bn/bn_ctx.c
index b3452f1a91..3f2256f675 100644
--- a/src/lib/libcrypto/bn/bn_ctx.c
+++ b/src/lib/libcrypto/bn/bn_ctx.c
@@ -161,7 +161,7 @@ static void ctxdbg(BN_CTX *ctx)
        fprintf(stderr,"(%08x): ", (unsigned int)ctx);
        while(bnidx < ctx->used)
                {
-                fprintf(stderr,"%02x ", item->vals[bnidx++ % BN_CTX_POOL_SIZE].dmax);
+                fprintf(stderr,"%03x ", item->vals[bnidx++ % BN_CTX_POOL_SIZE].dmax);
                if(!(bnidx % BN_CTX_POOL_SIZE))
                        item = item->next;
                }
@@ -171,8 +171,8 @@ static void ctxdbg(BN_CTX *ctx)
        while(fpidx < stack->depth)
                {
                while(bnidx++ < stack->indexes[fpidx])
-                        fprintf(stderr,"   ");
+                        fprintf(stderr,"    ");
-                fprintf(stderr,"^^ ");
+                fprintf(stderr,"^^^ ");
                bnidx++;
                fpidx++;
                }
diff --git a/src/lib/libcrypto/bn/bn_div.c b/src/lib/libcrypto/bn/bn_div.c
index 1e8e57626b..802a43d642 100644
--- a/src/lib/libcrypto/bn/bn_div.c
+++ b/src/lib/libcrypto/bn/bn_div.c
@@ -102,7 +102,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
        /* The next 2 are needed so we can do a dv->d[0]|=1 later
         * since BN_lshift1 will only work once there is a value :-) */
        BN_zero(dv);
-        bn_wexpand(dv,1);
+        if(bn_wexpand(dv,1) == NULL) goto end;
        dv->top=1;
        if (!BN_lshift(D,D,nm-nd)) goto end;
@@ -229,7 +229,8 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
        if (dv == NULL)
                res=BN_CTX_get(ctx);
        else    res=dv;
-        if (sdiv == NULL || res == NULL) goto err;
+        if (sdiv == NULL || res == NULL || tmp == NULL || snum == NULL)
+                goto err;
        /* First we normalise the numbers */
        norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2);
@@ -336,7 +337,7 @@ X) -> 0x%08X\n",
                                t2 -= d1;
                                }
 #else /* !BN_LLONG */
-                        BN_ULONG t2l,t2h,ql,qh;
+                        BN_ULONG t2l,t2h;
                        q=bn_div_words(n0,n1,d0);
 #ifdef BN_DEBUG_LEVITTE
@@ -354,9 +355,12 @@ X) -> 0x%08X\n",
                        t2l = d1 * q;
                        t2h = BN_UMULT_HIGH(d1,q);
 #else
+                        {
+                        BN_ULONG ql, qh;
                        t2l=LBITS(d1); t2h=HBITS(d1);
                        ql =LBITS(q);  qh =HBITS(q);
                        mul64(t2l,t2h,ql,qh); /* t2=(BN_ULLONG)d1*q; */
+                        }
 #endif
                        for (;;)
@@ -560,7 +564,7 @@ X) -> 0x%08X\n",
                                t2 -= d1;
                                }
 #else /* !BN_LLONG */
-                        BN_ULONG t2l,t2h,ql,qh;
+                        BN_ULONG t2l,t2h;
                        q=bn_div_words(n0,n1,d0);
 #ifdef BN_DEBUG_LEVITTE
@@ -578,9 +582,12 @@ X) -> 0x%08X\n",
                        t2l = d1 * q;
                        t2h = BN_UMULT_HIGH(d1,q);
 #else
+                        {
+                        BN_ULONG ql, qh;
                        t2l=LBITS(d1); t2h=HBITS(d1);
                        ql =LBITS(q);  qh =HBITS(q);
                        mul64(t2l,t2h,ql,qh); /* t2=(BN_ULLONG)d1*q; */
+                        }
 #endif
                        for (;;)
diff --git a/src/lib/libcrypto/bn/bn_exp.c b/src/lib/libcrypto/bn/bn_exp.c
index 70a33f0d93..d9b6c737fc 100644
--- a/src/lib/libcrypto/bn/bn_exp.c
+++ b/src/lib/libcrypto/bn/bn_exp.c
@@ -134,7 +134,8 @@ int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
                rr = BN_CTX_get(ctx);
        else
                rr = r;
-        if ((v = BN_CTX_get(ctx)) == NULL) goto err;
+        v = BN_CTX_get(ctx);
+        if (rr == NULL || v == NULL) goto err;
        if (BN_copy(v,a) == NULL) goto err;
        bits=BN_num_bits(p);
diff --git a/src/lib/libcrypto/bn/bn_gf2m.c b/src/lib/libcrypto/bn/bn_gf2m.c
index 306f029f27..527b0fa15b 100644
--- a/src/lib/libcrypto/bn/bn_gf2m.c
+++ b/src/lib/libcrypto/bn/bn_gf2m.c
@@ -121,74 +121,12 @@ static const BN_ULONG SQR_tb[16] =
    SQR_tb[(w) >> 12 & 0xF] << 24 | SQR_tb[(w) >>  8 & 0xF] << 16 | \
    SQR_tb[(w) >>  4 & 0xF] <<  8 | SQR_tb[(w)       & 0xF]
 #endif
-#ifdef SIXTEEN_BIT
-#define SQR1(w) \
-    SQR_tb[(w) >> 12 & 0xF] <<  8 | SQR_tb[(w) >>  8 & 0xF]
-#define SQR0(w) \
-    SQR_tb[(w) >>  4 & 0xF] <<  8 | SQR_tb[(w)       & 0xF]
-#endif
-#ifdef EIGHT_BIT
-#define SQR1(w) \
-    SQR_tb[(w) >>  4 & 0xF]
-#define SQR0(w) \
-    SQR_tb[(w)       & 15]
-#endif
 /* Product of two polynomials a, b each with degree < BN_BITS2 - 1,
 * result is a polynomial r with degree < 2 * BN_BITS - 1
 * The caller MUST ensure that the variables have the right amount
 * of space allocated.
 */
-#ifdef EIGHT_BIT
-static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, const BN_ULONG b)
-        {
-        register BN_ULONG h, l, s;
-        BN_ULONG tab[4], top1b = a >> 7;
-        register BN_ULONG a1, a2;
-        a1 = a & (0x7F); a2 = a1 << 1;
-        tab[0] = 0; tab[1] = a1; tab[2] = a2; tab[3] = a1^a2;
-        s = tab[b      & 0x3]; l  = s;
-        s = tab[b >> 2 & 0x3]; l ^= s << 2; h  = s >> 6;
-        s = tab[b >> 4 & 0x3]; l ^= s << 4; h ^= s >> 4;
-        s = tab[b >> 6      ]; l ^= s << 6; h ^= s >> 2;
-        
-        /* compensate for the top bit of a */
-        if (top1b & 01) { l ^= b << 7; h ^= b >> 1; } 
-        *r1 = h; *r0 = l;
-        } 
-#endif
-#ifdef SIXTEEN_BIT
-static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, const BN_ULONG b)
-        {
-        register BN_ULONG h, l, s;
-        BN_ULONG tab[4], top1b = a >> 15; 
-        register BN_ULONG a1, a2;
-        a1 = a & (0x7FFF); a2 = a1 << 1;
-        tab[0] = 0; tab[1] = a1; tab[2] = a2; tab[3] = a1^a2;
-        s = tab[b      & 0x3]; l  = s;
-        s = tab[b >> 2 & 0x3]; l ^= s <<  2; h  = s >> 14;
-        s = tab[b >> 4 & 0x3]; l ^= s <<  4; h ^= s >> 12;
-        s = tab[b >> 6 & 0x3]; l ^= s <<  6; h ^= s >> 10;
-        s = tab[b >> 8 & 0x3]; l ^= s <<  8; h ^= s >>  8;
-        s = tab[b >>10 & 0x3]; l ^= s << 10; h ^= s >>  6;
-        s = tab[b >>12 & 0x3]; l ^= s << 12; h ^= s >>  4;
-        s = tab[b >>14      ]; l ^= s << 14; h ^= s >>  2;
-        /* compensate for the top bit of a */
-        if (top1b & 01) { l ^= b << 15; h ^= b >> 1; } 
-        *r1 = h; *r0 = l;
-        } 
-#endif
 #ifdef THIRTY_TWO_BIT
 static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, const BN_ULONG b)
        {
@@ -294,7 +232,8 @@ int	BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
        if (a->top < b->top) { at = b; bt = a; }
        else { at = a; bt = b; }
-        bn_wexpand(r, at->top);
+        if(bn_wexpand(r, at->top) == NULL)
+                return 0;
        for (i = 0; i < bt->top; i++)
                {
@@ -320,7 +259,7 @@ int	BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
 /* Performs modular reduction of a and store result in r.  r could be a. */
-int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[])
+int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[])
        {
        int j, k;
        int n, dN, d0, d1;
@@ -421,11 +360,11 @@ int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[])
 int     BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p)
        {
        int ret = 0;
-        const int max = BN_num_bits(p);
+        const int max = BN_num_bits(p) + 1;
-        unsigned int *arr=NULL;
+        int *arr=NULL;
        bn_check_top(a);
        bn_check_top(p);
-        if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err;
+        if ((arr = (int *)OPENSSL_malloc(sizeof(int) * max)) == NULL) goto err;
        ret = BN_GF2m_poly2arr(p, arr, max);
        if (!ret || ret > max)
                {
@@ -443,7 +382,7 @@ err:
 /* Compute the product of two polynomials a and b, reduce modulo p, and store
 * the result in r.  r could be a or b; a could be b.
 */
-int     BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const unsigned int p[], BN_CTX *ctx)
+int     BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const int p[], BN_CTX *ctx)
        {
        int zlen, i, j, k, ret = 0;
        BIGNUM *s;
@@ -499,12 +438,12 @@ err:
 int     BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx)
        {
        int ret = 0;
-        const int max = BN_num_bits(p);
+        const int max = BN_num_bits(p) + 1;
-        unsigned int *arr=NULL;
+        int *arr=NULL;
        bn_check_top(a);
        bn_check_top(b);
        bn_check_top(p);
-        if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err;
+        if ((arr = (int *)OPENSSL_malloc(sizeof(int) * max)) == NULL) goto err;
        ret = BN_GF2m_poly2arr(p, arr, max);
        if (!ret || ret > max)
                {
@@ -520,7 +459,7 @@ err:
 /* Square a, reduce the result mod p, and store it in a.  r could be a. */
-int     BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[], BN_CTX *ctx)
+int     BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[], BN_CTX *ctx)
        {
        int i, ret = 0;
        BIGNUM *s;
@@ -555,12 +494,12 @@ err:
 int     BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
        {
        int ret = 0;
-        const int max = BN_num_bits(p);
+        const int max = BN_num_bits(p) + 1;
-        unsigned int *arr=NULL;
+        int *arr=NULL;
        bn_check_top(a);
        bn_check_top(p);
-        if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err;
+        if ((arr = (int *)OPENSSL_malloc(sizeof(int) * max)) == NULL) goto err;
        ret = BN_GF2m_poly2arr(p, arr, max);
        if (!ret || ret > max)
                {
@@ -642,7 +581,7 @@ err:
 * function is only provided for convenience; for best performance, use the 
 * BN_GF2m_mod_inv function.
 */
-int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *xx, const unsigned int p[], BN_CTX *ctx)
+int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *xx, const int p[], BN_CTX *ctx)
        {
        BIGNUM *field;
        int ret = 0;
@@ -768,7 +707,7 @@ err:
 * function is only provided for convenience; for best performance, use the 
 * BN_GF2m_mod_div function.
 */
-int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *yy, const BIGNUM *xx, const unsigned int p[], BN_CTX *ctx)
+int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *yy, const BIGNUM *xx, const int p[], BN_CTX *ctx)
        {
        BIGNUM *field;
        int ret = 0;
@@ -793,7 +732,7 @@ err:
 * the result in r.  r could be a.
 * Uses simple square-and-multiply algorithm A.5.1 from IEEE P1363.
 */
-int     BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const unsigned int p[], BN_CTX *ctx)
+int     BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const int p[], BN_CTX *ctx)
        {
        int ret = 0, i, n;
        BIGNUM *u;
@@ -839,12 +778,12 @@ err:
 int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx)
        {
        int ret = 0;
-        const int max = BN_num_bits(p);
+        const int max = BN_num_bits(p) + 1;
-        unsigned int *arr=NULL;
+        int *arr=NULL;
        bn_check_top(a);
        bn_check_top(b);
        bn_check_top(p);
-        if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err;
+        if ((arr = (int *)OPENSSL_malloc(sizeof(int) * max)) == NULL) goto err;
        ret = BN_GF2m_poly2arr(p, arr, max);
        if (!ret || ret > max)
                {
@@ -862,7 +801,7 @@ err:
 * the result in r.  r could be a.
 * Uses exponentiation as in algorithm A.4.1 from IEEE P1363.
 */
-int     BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[], BN_CTX *ctx)
+int     BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, const int p[], BN_CTX *ctx)
        {
        int ret = 0;
        BIGNUM *u;
@@ -898,11 +837,11 @@ err:
 int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
        {
        int ret = 0;
-        const int max = BN_num_bits(p);
+        const int max = BN_num_bits(p) + 1;
-        unsigned int *arr=NULL;
+        int *arr=NULL;
        bn_check_top(a);
        bn_check_top(p);
-        if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err;
+        if ((arr = (int *)OPENSSL_malloc(sizeof(int) * max)) == NULL) goto err;
        ret = BN_GF2m_poly2arr(p, arr, max);
        if (!ret || ret > max)
                {
@@ -919,10 +858,9 @@ err:
 /* Find r such that r^2 + r = a mod p.  r could be a. If no r exists returns 0.
 * Uses algorithms A.4.7 and A.4.6 from IEEE P1363.
 */
-int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const unsigned int p[], BN_CTX *ctx)
+int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const int p[], BN_CTX *ctx)
        {
-        int ret = 0, count = 0;
+        int ret = 0, count = 0, j;
-        unsigned int j;
        BIGNUM *a, *z, *rho, *w, *w2, *tmp;
        bn_check_top(a_);
@@ -1017,11 +955,11 @@ err:
 int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
        {
        int ret = 0;
-        const int max = BN_num_bits(p);
+        const int max = BN_num_bits(p) + 1;
-        unsigned int *arr=NULL;
+        int *arr=NULL;
        bn_check_top(a);
        bn_check_top(p);
-        if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) *
+        if ((arr = (int *)OPENSSL_malloc(sizeof(int) *
                                                max)) == NULL) goto err;
        ret = BN_GF2m_poly2arr(p, arr, max);
        if (!ret || ret > max)
@@ -1037,20 +975,17 @@ err:
        }
 /* Convert the bit-string representation of a polynomial
- * ( \sum_{i=0}^n a_i * x^i , where a_0 is *not* zero) into an array
+ * ( \sum_{i=0}^n a_i * x^i) into an array of integers corresponding 
- * of integers corresponding to the bits with non-zero coefficient.
+ * to the bits with non-zero coefficient.  Array is terminated with -1.
 * Up to max elements of the array will be filled.  Return value is total
- * number of coefficients that would be extracted if array was large enough.
+ * number of array elements that would be filled if array was large enough.
 */
-int BN_GF2m_poly2arr(const BIGNUM *a, unsigned int p[], int max)
+int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max)
        {
        int i, j, k = 0;
        BN_ULONG mask;
-        if (BN_is_zero(a) || !BN_is_bit_set(a, 0))
+        if (BN_is_zero(a))
-                /* a_0 == 0 => return error (the unsigned int array
-                 * must be terminated by 0)
-                 */
                return 0;
        for (i = a->top - 1; i >= 0; i--)
@@ -1070,24 +1005,28 @@ int BN_GF2m_poly2arr(const BIGNUM *a, unsigned int p[], int max)
                        }
                }
+        if (k < max) {
+                p[k] = -1;
+                k++;
+        }
        return k;
        }
 /* Convert the coefficient array representation of a polynomial to a 
- * bit-string.  The array must be terminated by 0.
+ * bit-string.  The array must be terminated by -1.
 */
-int BN_GF2m_arr2poly(const unsigned int p[], BIGNUM *a)
+int BN_GF2m_arr2poly(const int p[], BIGNUM *a)
        {
        int i;
        bn_check_top(a);
        BN_zero(a);
-        for (i = 0; p[i] != 0; i++)
+        for (i = 0; p[i] != -1; i++)
                {
                if (BN_set_bit(a, p[i]) == 0)
                        return 0;
                }
-        BN_set_bit(a, 0);
        bn_check_top(a);
        return 1;
diff --git a/src/lib/libcrypto/bn/bn_lcl.h b/src/lib/libcrypto/bn/bn_lcl.h
index 27ac4397a1..8e5e98e3f2 100644
--- a/src/lib/libcrypto/bn/bn_lcl.h
+++ b/src/lib/libcrypto/bn/bn_lcl.h
@@ -255,7 +255,8 @@ extern "C" {
             : "r"(a), "r"(b));         \
        ret;                    })
 #  endif        /* compiler */
-# elif defined(__x86_64) && defined(SIXTY_FOUR_BIT_LONG)
+# elif (defined(__x86_64) || defined(__x86_64__)) && \
+       (defined(SIXTY_FOUR_BIT_LONG) || defined(SIXTY_FOUR_BIT))
 #  if defined(__GNUC__)
 #   define BN_UMULT_HIGH(a,b)   ({      \
        register BN_ULONG ret,discard;  \
diff --git a/src/lib/libcrypto/bn/bn_lib.c b/src/lib/libcrypto/bn/bn_lib.c
index 32a8fbaf51..5470fbe6ef 100644
--- a/src/lib/libcrypto/bn/bn_lib.c
+++ b/src/lib/libcrypto/bn/bn_lib.c
@@ -133,15 +133,34 @@ int BN_get_params(int which)
 const BIGNUM *BN_value_one(void)
        {
-        static BN_ULONG data_one=1L;
+        static const BN_ULONG data_one=1L;
-        static BIGNUM const_one={&data_one,1,1,0,BN_FLG_STATIC_DATA};
+        static const BIGNUM const_one={(BN_ULONG *)&data_one,1,1,0,BN_FLG_STATIC_DATA};
        return(&const_one);
        }
+char *BN_options(void)
+        {
+        static int init=0;
+        static char data[16];
+        if (!init)
+                {
+                init++;
+#ifdef BN_LLONG
+                BIO_snprintf(data,sizeof data,"bn(%d,%d)",
+                             (int)sizeof(BN_ULLONG)*8,(int)sizeof(BN_ULONG)*8);
+#else
+                BIO_snprintf(data,sizeof data,"bn(%d,%d)",
+                             (int)sizeof(BN_ULONG)*8,(int)sizeof(BN_ULONG)*8);
+#endif
+                }
+        return(data);
+        }
 int BN_num_bits_word(BN_ULONG l)
        {
-        static const char bits[256]={
+        static const unsigned char bits[256]={
                0,1,2,2,3,3,3,3,4,4,4,4,4,4,4,4,
                5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,
                6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,
@@ -216,7 +235,7 @@ int BN_num_bits_word(BN_ULONG l)
                else
 #endif
                        {
-#if defined(SIXTEEN_BIT) || defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
+#if defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
                        if (l & 0xff00L)
                                return(bits[(int)(l>>8)]+8);
                        else    
@@ -744,7 +763,7 @@ int BN_is_bit_set(const BIGNUM *a, int n)
        i=n/BN_BITS2;
        j=n%BN_BITS2;
        if (a->top <= i) return 0;
-        return(((a->d[i])>>j)&((BN_ULONG)1));
+        return (int)(((a->d[i])>>j)&((BN_ULONG)1));
        }
 int BN_mask_bits(BIGNUM *a, int n)
diff --git a/src/lib/libcrypto/bn/bn_mont.c b/src/lib/libcrypto/bn/bn_mont.c
index 4799b152dd..7224637ab3 100644
--- a/src/lib/libcrypto/bn/bn_mont.c
+++ b/src/lib/libcrypto/bn/bn_mont.c
@@ -122,26 +122,10 @@
 #define MONT_WORD /* use the faster word-based algorithm */
-#if defined(MONT_WORD) && defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32)
+#ifdef MONT_WORD
-/* This condition means we have a specific non-default build:
- * In the 0.9.8 branch, OPENSSL_BN_ASM_MONT is normally not set for any
- * BN_BITS2<=32 platform; an explicit "enable-montasm" is required.
- * I.e., if we are here, the user intentionally deviates from the
- * normal stable build to get better Montgomery performance from
- * the 0.9.9-dev backport.
- *
- * In this case only, we also enable BN_from_montgomery_word()
- * (another non-stable feature from 0.9.9-dev).
- */
-#define MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD
-#endif
-#ifdef MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD
 static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont);
 #endif
 int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
                          BN_MONT_CTX *mont, BN_CTX *ctx)
        {
@@ -153,11 +137,7 @@ int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
        if (num>1 && a->top==num && b->top==num)
                {
                if (bn_wexpand(r,num) == NULL) return(0);
-#if 0 /* for OpenSSL 0.9.9 mont->n0 */
                if (bn_mul_mont(r->d,a->d,b->d,mont->N.d,mont->n0,num))
-#else
-                if (bn_mul_mont(r->d,a->d,b->d,mont->N.d,&mont->n0,num))
-#endif
                        {
                        r->neg = a->neg^b->neg;
                        r->top = num;
@@ -181,7 +161,7 @@ int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
                if (!BN_mul(tmp,a,b,ctx)) goto err;
                }
        /* reduce from aRR to aR */
-#ifdef MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD
+#ifdef MONT_WORD
        if (!BN_from_montgomery_word(r,tmp,mont)) goto err;
 #else
        if (!BN_from_montgomery(r,tmp,mont,ctx)) goto err;
@@ -193,7 +173,7 @@ err:
        return(ret);
        }
-#ifdef MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD
+#ifdef MONT_WORD
 static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
        {
        BIGNUM *n;
@@ -217,15 +197,15 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
        nrp= &(r->d[nl]);
        /* clear the top words of T */
+#if 1
        for (i=r->top; i<max; i++) /* memset? XXX */
                r->d[i]=0;
+#else
+        memset(&(r->d[r->top]),0,(max-r->top)*sizeof(BN_ULONG)); 
+#endif
        r->top=max;
-#if 0 /* for OpenSSL 0.9.9 mont->n0 */
        n0=mont->n0[0];
-#else
-        n0=mont->n0;
-#endif
 #ifdef BN_COUNT
        fprintf(stderr,"word BN_from_montgomery_word %d * %d\n",nl,nl);
@@ -270,6 +250,8 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
                }
        al=r->top-ri;
+#define BRANCH_FREE 1
+#if BRANCH_FREE
        if (bn_wexpand(ret,ri) == NULL) return(0);
        x=0-(((al-ri)>>(sizeof(al)*8-1))&1);
        ret->top=x=(ri&~x)|(al&x);      /* min(ri,al) */
@@ -317,164 +299,8 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
                rp[i]=nrp[i], ap[i]=0;
        bn_correct_top(r);
        bn_correct_top(ret);
-        bn_check_top(ret);
-        return(1);
-        }
-int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
-             BN_CTX *ctx)
-        {
-        int retn=0;
-        BIGNUM *t;
-        BN_CTX_start(ctx);
-        if ((t = BN_CTX_get(ctx)) && BN_copy(t,a))
-                retn = BN_from_montgomery_word(ret,t,mont);
-        BN_CTX_end(ctx);
-        return retn;
-        }
-#else /* !MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD */
-int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
-             BN_CTX *ctx)
-        {
-        int retn=0;
-#ifdef MONT_WORD
-        BIGNUM *n,*r;
-        BN_ULONG *ap,*np,*rp,n0,v,*nrp;
-        int al,nl,max,i,x,ri;
-        BN_CTX_start(ctx);
-        if ((r = BN_CTX_get(ctx)) == NULL) goto err;
-        if (!BN_copy(r,a)) goto err;
-        n= &(mont->N);
-        ap=a->d;
-        /* mont->ri is the size of mont->N in bits (rounded up
-           to the word size) */
-        al=ri=mont->ri/BN_BITS2;
-        
-        nl=n->top;
-        if ((al == 0) || (nl == 0)) { r->top=0; return(1); }
-        max=(nl+al+1); /* allow for overflow (no?) XXX */
-        if (bn_wexpand(r,max) == NULL) goto err;
-        r->neg=a->neg^n->neg;
-        np=n->d;
-        rp=r->d;
-        nrp= &(r->d[nl]);
-        /* clear the top words of T */
-#if 1
-        for (i=r->top; i<max; i++) /* memset? XXX */
-                r->d[i]=0;
 #else
-        memset(&(r->d[r->top]),0,(max-r->top)*sizeof(BN_ULONG)); 
+        if (bn_wexpand(ret,al) == NULL) return(0);
-#endif
-        r->top=max;
-        n0=mont->n0;
-#ifdef BN_COUNT
-        fprintf(stderr,"word BN_from_montgomery %d * %d\n",nl,nl);
-#endif
-        for (i=0; i<nl; i++)
-                {
-#ifdef __TANDEM
-                {
-                   long long t1;
-                   long long t2;
-                   long long t3;
-                   t1 = rp[0] * (n0 & 0177777);
-                   t2 = 037777600000l;
-                   t2 = n0 & t2;
-                   t3 = rp[0] & 0177777;
-                   t2 = (t3 * t2) & BN_MASK2;
-                   t1 = t1 + t2;
-                   v=bn_mul_add_words(rp,np,nl,(BN_ULONG) t1);
-                }
-#else
-                v=bn_mul_add_words(rp,np,nl,(rp[0]*n0)&BN_MASK2);
-#endif
-                nrp++;
-                rp++;
-                if (((nrp[-1]+=v)&BN_MASK2) >= v)
-                        continue;
-                else
-                        {
-                        if (((++nrp[0])&BN_MASK2) != 0) continue;
-                        if (((++nrp[1])&BN_MASK2) != 0) continue;
-                        for (x=2; (((++nrp[x])&BN_MASK2) == 0); x++) ;
-                        }
-                }
-        bn_correct_top(r);
-        
-        /* mont->ri will be a multiple of the word size and below code
-         * is kind of BN_rshift(ret,r,mont->ri) equivalent */
-        if (r->top <= ri)
-                {
-                ret->top=0;
-                retn=1;
-                goto err;
-                }
-        al=r->top-ri;
-# define BRANCH_FREE 1
-# if BRANCH_FREE
-        if (bn_wexpand(ret,ri) == NULL) goto err;
-        x=0-(((al-ri)>>(sizeof(al)*8-1))&1);
-        ret->top=x=(ri&~x)|(al&x);      /* min(ri,al) */
-        ret->neg=r->neg;
-        rp=ret->d;
-        ap=&(r->d[ri]);
-        {
-        size_t m1,m2;
-        v=bn_sub_words(rp,ap,np,ri);
-        /* this ----------------^^ works even in al<ri case
-         * thanks to zealous zeroing of top of the vector in the
-         * beginning. */
-        /* if (al==ri && !v) || al>ri) nrp=rp; else nrp=ap; */
-        /* in other words if subtraction result is real, then
-         * trick unconditional memcpy below to perform in-place
-         * "refresh" instead of actual copy. */
-        m1=0-(size_t)(((al-ri)>>(sizeof(al)*8-1))&1);   /* al<ri */
-        m2=0-(size_t)(((ri-al)>>(sizeof(al)*8-1))&1);   /* al>ri */
-        m1|=m2;                 /* (al!=ri) */
-        m1|=(0-(size_t)v);      /* (al!=ri || v) */
-        m1&=~m2;                /* (al!=ri || v) && !al>ri */
-        nrp=(BN_ULONG *)(((size_t)rp&~m1)|((size_t)ap&m1));
-        }
-        /* 'i<ri' is chosen to eliminate dependency on input data, even
-         * though it results in redundant copy in al<ri case. */
-        for (i=0,ri-=4; i<ri; i+=4)
-                {
-                BN_ULONG t1,t2,t3,t4;
-                
-                t1=nrp[i+0];
-                t2=nrp[i+1];
-                t3=nrp[i+2];    ap[i+0]=0;
-                t4=nrp[i+3];    ap[i+1]=0;
-                rp[i+0]=t1;     ap[i+2]=0;
-                rp[i+1]=t2;     ap[i+3]=0;
-                rp[i+2]=t3;
-                rp[i+3]=t4;
-                }
-        for (ri+=4; i<ri; i++)
-                rp[i]=nrp[i], ap[i]=0;
-        bn_correct_top(r);
-        bn_correct_top(ret);
-# else
-        if (bn_wexpand(ret,al) == NULL) goto err;
        ret->top=al;
        ret->neg=r->neg;
@@ -497,8 +323,30 @@ int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
        al+=4;
        for (; i<al; i++)
                rp[i]=ap[i];
-# endif
-#else /* !MONT_WORD */ 
+        if (BN_ucmp(ret, &(mont->N)) >= 0)
+                {
+                if (!BN_usub(ret,ret,&(mont->N))) return(0);
+                }
+#endif
+        bn_check_top(ret);
+        return(1);
+        }
+#endif  /* MONT_WORD */
+int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
+             BN_CTX *ctx)
+        {
+        int retn=0;
+#ifdef MONT_WORD
+        BIGNUM *t;
+        BN_CTX_start(ctx);
+        if ((t = BN_CTX_get(ctx)) && BN_copy(t,a))
+                retn = BN_from_montgomery_word(ret,t,mont);
+        BN_CTX_end(ctx);
+#else /* !MONT_WORD */
        BIGNUM *t1,*t2;
        BN_CTX_start(ctx);
@@ -515,21 +363,18 @@ int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
        if (!BN_mul(t1,t2,&mont->N,ctx)) goto err;
        if (!BN_add(t2,a,t1)) goto err;
        if (!BN_rshift(ret,t2,mont->ri)) goto err;
-#endif /* MONT_WORD */
-#if !defined(BRANCH_FREE) || BRANCH_FREE==0
        if (BN_ucmp(ret, &(mont->N)) >= 0)
                {
                if (!BN_usub(ret,ret,&(mont->N))) goto err;
                }
-#endif
        retn=1;
        bn_check_top(ret);
 err:
        BN_CTX_end(ctx);
+#endif /* MONT_WORD */
        return(retn);
        }
-#endif /* MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD */
 BN_MONT_CTX *BN_MONT_CTX_new(void)
        {
@@ -549,11 +394,7 @@ void BN_MONT_CTX_init(BN_MONT_CTX *ctx)
        BN_init(&(ctx->RR));
        BN_init(&(ctx->N));
        BN_init(&(ctx->Ni));
-#if 0 /* for OpenSSL 0.9.9 mont->n0 */
        ctx->n0[0] = ctx->n0[1] = 0;
-#else
-        ctx->n0 = 0;
-#endif
        ctx->flags=0;
        }
@@ -585,26 +426,22 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
                BIGNUM tmod;
                BN_ULONG buf[2];
-                mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2;
-                BN_zero(R);
-#if 0 /* for OpenSSL 0.9.9 mont->n0, would be "#if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32)",
-         only certain BN_BITS2<=32 platforms actually need this */
-                if (!(BN_set_bit(R,2*BN_BITS2))) goto err;      /* R */
-#else
-                if (!(BN_set_bit(R,BN_BITS2))) goto err;        /* R */
-#endif
-                buf[0]=mod->d[0]; /* tmod = N mod word size */
-                buf[1]=0;
                BN_init(&tmod);
                tmod.d=buf;
-                tmod.top = buf[0] != 0 ? 1 : 0;
                tmod.dmax=2;
                tmod.neg=0;
-#if 0 /* for OpenSSL 0.9.9 mont->n0, would be "#if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32)";
+                mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2;
-         only certain BN_BITS2<=32 platforms actually need this */
+#if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32)
+                /* Only certain BN_BITS2<=32 platforms actually make use of
+                 * n0[1], and we could use the #else case (with a shorter R
+                 * value) for the others.  However, currently only the assembler
+                 * files do know which is which. */
+                BN_zero(R);
+                if (!(BN_set_bit(R,2*BN_BITS2))) goto err;
                                                                tmod.top=0;
                if ((buf[0] = mod->d[0]))                       tmod.top=1;
                if ((buf[1] = mod->top>1 ? mod->d[1] : 0))      tmod.top=2;
@@ -632,6 +469,12 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
                mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0;
                mont->n0[1] = (Ri->top > 1) ? Ri->d[1] : 0;
 #else
+                BN_zero(R);
+                if (!(BN_set_bit(R,BN_BITS2))) goto err;        /* R */
+                buf[0]=mod->d[0]; /* tmod = N mod word size */
+                buf[1]=0;
+                tmod.top = buf[0] != 0 ? 1 : 0;
                                                        /* Ri = R^-1 mod N*/
                if ((BN_mod_inverse(Ri,R,&tmod,ctx)) == NULL)
                        goto err;
@@ -647,12 +490,8 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
                if (!BN_div(Ri,NULL,Ri,&tmod,ctx)) goto err;
                /* Ni = (R*Ri-1)/N,
                 * keep only least significant word: */
-# if 0 /* for OpenSSL 0.9.9 mont->n0 */
                mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0;
                mont->n0[1] = 0;
-# else
-                mont->n0 = (Ri->top > 0) ? Ri->d[0] : 0;
-# endif
 #endif
                }
 #else /* !MONT_WORD */
@@ -689,12 +528,8 @@ BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from)
        if (!BN_copy(&(to->N),&(from->N))) return NULL;
        if (!BN_copy(&(to->Ni),&(from->Ni))) return NULL;
        to->ri=from->ri;
-#if 0 /* for OpenSSL 0.9.9 mont->n0 */
        to->n0[0]=from->n0[0];
        to->n0[1]=from->n0[1];
-#else
-        to->n0=from->n0;
-#endif
        return(to);
        }
diff --git a/src/lib/libcrypto/bn/bn_mul.c b/src/lib/libcrypto/bn/bn_mul.c
index b848c8cc60..a0e9ec3b46 100644
--- a/src/lib/libcrypto/bn/bn_mul.c
+++ b/src/lib/libcrypto/bn/bn_mul.c
@@ -1028,17 +1028,19 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
                        assert(j <= al || j <= bl);
                        k = j+j;
                        t = BN_CTX_get(ctx);
+                        if (t == NULL)
+                                goto err;
                        if (al > j || bl > j)
                                {
-                                bn_wexpand(t,k*4);
+                                if (bn_wexpand(t,k*4) == NULL) goto err;
-                                bn_wexpand(rr,k*4);
+                                if (bn_wexpand(rr,k*4) == NULL) goto err;
                                bn_mul_part_recursive(rr->d,a->d,b->d,
                                        j,al-j,bl-j,t->d);
                                }
                        else    /* al <= j || bl <= j */
                                {
-                                bn_wexpand(t,k*2);
+                                if (bn_wexpand(t,k*2) == NULL) goto err;
-                                bn_wexpand(rr,k*2);
+                                if (bn_wexpand(rr,k*2) == NULL) goto err;
                                bn_mul_recursive(rr->d,a->d,b->d,
                                        j,al-j,bl-j,t->d);
                                }
diff --git a/src/lib/libcrypto/bn/bn_print.c b/src/lib/libcrypto/bn/bn_print.c
index 810dde34e1..bebb466d08 100644
--- a/src/lib/libcrypto/bn/bn_print.c
+++ b/src/lib/libcrypto/bn/bn_print.c
@@ -294,6 +294,27 @@ err:
        return(0);
        }
+int BN_asc2bn(BIGNUM **bn, const char *a)
+        {
+        const char *p = a;
+        if (*p == '-')
+                p++;
+        if (p[0] == '0' && (p[1] == 'X' || p[1] == 'x'))
+                {               
+                if (!BN_hex2bn(bn, p + 2))
+                        return 0;
+                }
+        else
+                {
+                if (!BN_dec2bn(bn, p))
+                        return 0;
+                }
+        if (*a == '-')
+                (*bn)->neg = 1;
+        return 1;
+        }
 #ifndef OPENSSL_NO_BIO
 #ifndef OPENSSL_NO_FP_API
 int BN_print_fp(FILE *fp, const BIGNUM *a)
diff --git a/src/lib/libcrypto/buffer/buf_err.c b/src/lib/libcrypto/buffer/buf_err.c
index 3e25bbe879..8f1de6192b 100644
--- a/src/lib/libcrypto/buffer/buf_err.c
+++ b/src/lib/libcrypto/buffer/buf_err.c
@@ -1,6 +1,6 @@
 /* crypto/buffer/buf_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
diff --git a/src/lib/libcrypto/buffer/buffer.c b/src/lib/libcrypto/buffer/buffer.c
index b3e947771d..620ea8d536 100644
--- a/src/lib/libcrypto/buffer/buffer.c
+++ b/src/lib/libcrypto/buffer/buffer.c
@@ -89,10 +89,10 @@ void BUF_MEM_free(BUF_MEM *a)
        OPENSSL_free(a);
        }
-int BUF_MEM_grow(BUF_MEM *str, int len)
+int BUF_MEM_grow(BUF_MEM *str, size_t len)
        {
        char *ret;
-        unsigned int n;
+        size_t n;
        if (str->length >= len)
                {
@@ -125,10 +125,10 @@ int BUF_MEM_grow(BUF_MEM *str, int len)
        return(len);
        }
-int BUF_MEM_grow_clean(BUF_MEM *str, int len)
+int BUF_MEM_grow_clean(BUF_MEM *str, size_t len)
        {
        char *ret;
-        unsigned int n;
+        size_t n;
        if (str->length >= len)
                {
@@ -161,3 +161,84 @@ int BUF_MEM_grow_clean(BUF_MEM *str, int len)
                }
        return(len);
        }
+char *BUF_strdup(const char *str)
+        {
+        if (str == NULL) return(NULL);
+        return BUF_strndup(str, strlen(str));
+        }
+char *BUF_strndup(const char *str, size_t siz)
+        {
+        char *ret;
+        if (str == NULL) return(NULL);
+        ret=OPENSSL_malloc(siz+1);
+        if (ret == NULL) 
+                {
+                BUFerr(BUF_F_BUF_STRNDUP,ERR_R_MALLOC_FAILURE);
+                return(NULL);
+                }
+        BUF_strlcpy(ret,str,siz+1);
+        return(ret);
+        }
+void *BUF_memdup(const void *data, size_t siz)
+        {
+        void *ret;
+        if (data == NULL) return(NULL);
+        ret=OPENSSL_malloc(siz);
+        if (ret == NULL) 
+                {
+                BUFerr(BUF_F_BUF_MEMDUP,ERR_R_MALLOC_FAILURE);
+                return(NULL);
+                }
+        return memcpy(ret, data, siz);
+        }       
+size_t BUF_strlcpy(char *dst, const char *src, size_t size)
+        {
+        size_t l = 0;
+        for(; size > 1 && *src; size--)
+                {
+                *dst++ = *src++;
+                l++;
+                }
+        if (size)
+                *dst = '\0';
+        return l + strlen(src);
+        }
+size_t BUF_strlcat(char *dst, const char *src, size_t size)
+        {
+        size_t l = 0;
+        for(; size > 0 && *dst; size--, dst++)
+                l++;
+        return l + BUF_strlcpy(dst, src, size);
+        }
+void BUF_reverse(unsigned char *out, unsigned char *in, size_t size)
+        {
+        size_t i;
+        if (in)
+                {
+                out += size - 1;
+                for (i = 0; i < size; i++)
+                        *in++ = *out--;
+                }
+        else
+                {
+                unsigned char *q;
+                char c;
+                q = out + size - 1;
+                for (i = 0; i < size/2; i++)
+                        {
+                        c = *q;
+                        *q-- = *out;
+                        *out++ = c;
+                        }
+                }
+        }
diff --git a/src/lib/libcrypto/buffer/buffer.h b/src/lib/libcrypto/buffer/buffer.h
index 1db9607450..178e418282 100644
--- a/src/lib/libcrypto/buffer/buffer.h
+++ b/src/lib/libcrypto/buffer/buffer.h
@@ -76,18 +76,19 @@ extern "C" {
 struct buf_mem_st
        {
-        int length;     /* current number of bytes */
+        size_t length;  /* current number of bytes */
        char *data;
-        int max;        /* size of buffer */
+        size_t max;     /* size of buffer */
        };
 BUF_MEM *BUF_MEM_new(void);
 void    BUF_MEM_free(BUF_MEM *a);
-int     BUF_MEM_grow(BUF_MEM *str, int len);
+int     BUF_MEM_grow(BUF_MEM *str, size_t len);
-int     BUF_MEM_grow_clean(BUF_MEM *str, int len);
+int     BUF_MEM_grow_clean(BUF_MEM *str, size_t len);
 char *  BUF_strdup(const char *str);
 char *  BUF_strndup(const char *str, size_t siz);
 void *  BUF_memdup(const void *data, size_t siz);
+void    BUF_reverse(unsigned char *out, unsigned char *in, size_t siz);
 /* safe string functions */
 size_t BUF_strlcpy(char *dst,const char *src,size_t siz);
diff --git a/src/lib/libcrypto/camellia/asm/cmll-x86.pl b/src/lib/libcrypto/camellia/asm/cmll-x86.pl
index 0812815bfb..027302ac86 100644
--- a/src/lib/libcrypto/camellia/asm/cmll-x86.pl
+++ b/src/lib/libcrypto/camellia/asm/cmll-x86.pl
@@ -1133,6 +1133,6 @@ my ($s0,$s1,$s2,$s3) = @T;
 &function_end("Camellia_cbc_encrypt");
 }
-&asciz("Camellia for x86 by <appro@openssl.org>");
+&asciz("Camellia for x86 by <appro\@openssl.org>");
 &asm_finish();
diff --git a/src/lib/libcrypto/camellia/asm/cmll-x86_64.pl b/src/lib/libcrypto/camellia/asm/cmll-x86_64.pl
index c683646ca7..76955e4726 100644
--- a/src/lib/libcrypto/camellia/asm/cmll-x86_64.pl
+++ b/src/lib/libcrypto/camellia/asm/cmll-x86_64.pl
@@ -656,7 +656,7 @@ Camellia_cbc_encrypt:
        mov     %rsi,$out               # out argument
        mov     %r8,%rbx                # ivp argument
        mov     %rcx,$key               # key argument
-        mov     272(%rcx),$keyend       # grandRounds
+        mov     272(%rcx),${keyend}d    # grandRounds
        mov     %r8,$_ivp
        mov     %rbp,$_rsp
@@ -859,7 +859,7 @@ Camellia_cbc_encrypt:
        ret
 .size   Camellia_cbc_encrypt,.-Camellia_cbc_encrypt
-.asciz  "Camellia for x86_64 by <appro@openssl.org>"
+.asciz  "Camellia for x86_64 by <appro\@openssl.org>"
 ___
 }
diff --git a/src/lib/libcrypto/camellia/camellia.c b/src/lib/libcrypto/camellia/camellia.c
index 491c26b39e..75fc8991c0 100644
--- a/src/lib/libcrypto/camellia/camellia.c
+++ b/src/lib/libcrypto/camellia/camellia.c
@@ -68,1557 +68,515 @@
 /* Algorithm Specification 
   http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
 */
+ 
+/*
-#include <string.h>
+ * This release balances code size and performance. In particular key
-#include <stdlib.h>
+ * schedule setup is fully unrolled, because doing so *significantly*
+ * reduces amount of instructions per setup round and code increase is
+ * justifiable. In block functions on the other hand only inner loops
+ * are unrolled, as full unroll gives only nominal performance boost,
+ * while code size grows 4 or 7 times. Also, unlike previous versions
+ * this one "encourages" compiler to keep intermediate variables in
+ * registers, which should give better "all round" results, in other
+ * words reasonable performance even with not so modern compilers.
+ */
 #include "camellia.h"
 #include "cmll_locl.h"
+#include <string.h>
+#include <stdlib.h>
-/* key constants */
+/* 32-bit rotations */
-#define CAMELLIA_SIGMA1L (0xA09E667FL)
+#if !defined(PEDANTIC) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
-#define CAMELLIA_SIGMA1R (0x3BCC908BL)
+# if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64))
-#define CAMELLIA_SIGMA2L (0xB67AE858L)
+#  define RightRotate(x, s) _lrotr(x, s)
-#define CAMELLIA_SIGMA2R (0x4CAA73B2L)
+#  define LeftRotate(x, s)  _lrotl(x, s)
-#define CAMELLIA_SIGMA3L (0xC6EF372FL)
+#  if _MSC_VER >= 1400
-#define CAMELLIA_SIGMA3R (0xE94F82BEL)
+#   define SWAP(x) _byteswap_ulong(x)
-#define CAMELLIA_SIGMA4L (0x54FF53A5L)
+#  else
-#define CAMELLIA_SIGMA4R (0xF1D36F1CL)
+#   define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
-#define CAMELLIA_SIGMA5L (0x10E527FAL)
+#  endif
-#define CAMELLIA_SIGMA5R (0xDE682D1DL)
+#  define GETU32(p)   SWAP(*((u32 *)(p)))
-#define CAMELLIA_SIGMA6L (0xB05688C2L)
+#  define PUTU32(p,v) (*((u32 *)(p)) = SWAP((v)))
-#define CAMELLIA_SIGMA6R (0xB3E6C1FDL)
+# elif defined(__GNUC__) && __GNUC__>=2
+#  if defined(__i386) || defined(__x86_64)
+#   define RightRotate(x,s) ({u32 ret; asm ("rorl %1,%0":"=r"(ret):"I"(s),"0"(x):"cc"); ret; })
+#   define LeftRotate(x,s)  ({u32 ret; asm ("roll %1,%0":"=r"(ret):"I"(s),"0"(x):"cc"); ret; })
+#   if defined(B_ENDIAN) /* stratus.com does it */
+#    define GETU32(p)   (*(u32 *)(p))
+#    define PUTU32(p,v) (*(u32 *)(p)=(v))
+#   else
+#    define GETU32(p)   ({u32 r=*(const u32 *)(p); asm("bswapl %0":"=r"(r):"0"(r)); r; })
+#    define PUTU32(p,v) ({u32 r=(v); asm("bswapl %0":"=r"(r):"0"(r)); *(u32 *)(p)=r; })
+#   endif
+#  elif defined(_ARCH_PPC) || defined(_ARCH_PPC64) || \
+        defined(__powerpc) || defined(__ppc__) || defined(__powerpc64__)
+#   define LeftRotate(x,s)  ({u32 ret; asm ("rlwinm %0,%1,%2,0,31":"=r"(ret):"r"(x),"I"(s)); ret; })
+#   define RightRotate(x,s) LeftRotate(x,(32-s))
+#  elif defined(__s390x__)
+#   define LeftRotate(x,s)  ({u32 ret; asm ("rll %0,%1,%2":"=r"(ret):"r"(x),"I"(s)); ret; })
+#   define RightRotate(x,s) LeftRotate(x,(32-s))
+#   define GETU32(p)   (*(u32 *)(p))
+#   define PUTU32(p,v) (*(u32 *)(p)=(v))
+#  endif
+# endif
+#endif
+#if !defined(RightRotate) && !defined(LeftRotate)
+# define RightRotate(x, s) ( ((x) >> (s)) + ((x) << (32 - s)) )
+# define LeftRotate(x, s)  ( ((x) << (s)) + ((x) >> (32 - s)) )
+#endif
+#if !defined(GETU32) && !defined(PUTU32)
+# define GETU32(p)   (((u32)(p)[0] << 24) ^ ((u32)(p)[1] << 16) ^ ((u32)(p)[2] <<  8) ^ ((u32)(p)[3]))
+# define PUTU32(p,v) ((p)[0] = (u8)((v) >> 24), (p)[1] = (u8)((v) >> 16), (p)[2] = (u8)((v) >>  8), (p)[3] = (u8)(v))
+#endif
+/* S-box data */
+#define SBOX1_1110 Camellia_SBOX[0]
+#define SBOX4_4404 Camellia_SBOX[1]
+#define SBOX2_0222 Camellia_SBOX[2]
+#define SBOX3_3033 Camellia_SBOX[3]
+static const u32 Camellia_SBOX[][256] = {
+{   0x70707000, 0x82828200, 0x2c2c2c00, 0xececec00, 0xb3b3b300, 0x27272700, 
+    0xc0c0c000, 0xe5e5e500, 0xe4e4e400, 0x85858500, 0x57575700, 0x35353500, 
+    0xeaeaea00, 0x0c0c0c00, 0xaeaeae00, 0x41414100, 0x23232300, 0xefefef00, 
+    0x6b6b6b00, 0x93939300, 0x45454500, 0x19191900, 0xa5a5a500, 0x21212100, 
+    0xededed00, 0x0e0e0e00, 0x4f4f4f00, 0x4e4e4e00, 0x1d1d1d00, 0x65656500, 
+    0x92929200, 0xbdbdbd00, 0x86868600, 0xb8b8b800, 0xafafaf00, 0x8f8f8f00, 
+    0x7c7c7c00, 0xebebeb00, 0x1f1f1f00, 0xcecece00, 0x3e3e3e00, 0x30303000, 
+    0xdcdcdc00, 0x5f5f5f00, 0x5e5e5e00, 0xc5c5c500, 0x0b0b0b00, 0x1a1a1a00, 
+    0xa6a6a600, 0xe1e1e100, 0x39393900, 0xcacaca00, 0xd5d5d500, 0x47474700, 
+    0x5d5d5d00, 0x3d3d3d00, 0xd9d9d900, 0x01010100, 0x5a5a5a00, 0xd6d6d600, 
+    0x51515100, 0x56565600, 0x6c6c6c00, 0x4d4d4d00, 0x8b8b8b00, 0x0d0d0d00, 
+    0x9a9a9a00, 0x66666600, 0xfbfbfb00, 0xcccccc00, 0xb0b0b000, 0x2d2d2d00, 
+    0x74747400, 0x12121200, 0x2b2b2b00, 0x20202000, 0xf0f0f000, 0xb1b1b100, 
+    0x84848400, 0x99999900, 0xdfdfdf00, 0x4c4c4c00, 0xcbcbcb00, 0xc2c2c200, 
+    0x34343400, 0x7e7e7e00, 0x76767600, 0x05050500, 0x6d6d6d00, 0xb7b7b700, 
+    0xa9a9a900, 0x31313100, 0xd1d1d100, 0x17171700, 0x04040400, 0xd7d7d700, 
+    0x14141400, 0x58585800, 0x3a3a3a00, 0x61616100, 0xdedede00, 0x1b1b1b00, 
+    0x11111100, 0x1c1c1c00, 0x32323200, 0x0f0f0f00, 0x9c9c9c00, 0x16161600, 
+    0x53535300, 0x18181800, 0xf2f2f200, 0x22222200, 0xfefefe00, 0x44444400, 
+    0xcfcfcf00, 0xb2b2b200, 0xc3c3c300, 0xb5b5b500, 0x7a7a7a00, 0x91919100, 
+    0x24242400, 0x08080800, 0xe8e8e800, 0xa8a8a800, 0x60606000, 0xfcfcfc00, 
+    0x69696900, 0x50505000, 0xaaaaaa00, 0xd0d0d000, 0xa0a0a000, 0x7d7d7d00, 
+    0xa1a1a100, 0x89898900, 0x62626200, 0x97979700, 0x54545400, 0x5b5b5b00, 
+    0x1e1e1e00, 0x95959500, 0xe0e0e000, 0xffffff00, 0x64646400, 0xd2d2d200, 
+    0x10101000, 0xc4c4c400, 0x00000000, 0x48484800, 0xa3a3a300, 0xf7f7f700, 
+    0x75757500, 0xdbdbdb00, 0x8a8a8a00, 0x03030300, 0xe6e6e600, 0xdadada00, 
+    0x09090900, 0x3f3f3f00, 0xdddddd00, 0x94949400, 0x87878700, 0x5c5c5c00, 
+    0x83838300, 0x02020200, 0xcdcdcd00, 0x4a4a4a00, 0x90909000, 0x33333300, 
+    0x73737300, 0x67676700, 0xf6f6f600, 0xf3f3f300, 0x9d9d9d00, 0x7f7f7f00, 
+    0xbfbfbf00, 0xe2e2e200, 0x52525200, 0x9b9b9b00, 0xd8d8d800, 0x26262600, 
+    0xc8c8c800, 0x37373700, 0xc6c6c600, 0x3b3b3b00, 0x81818100, 0x96969600, 
+    0x6f6f6f00, 0x4b4b4b00, 0x13131300, 0xbebebe00, 0x63636300, 0x2e2e2e00, 
+    0xe9e9e900, 0x79797900, 0xa7a7a700, 0x8c8c8c00, 0x9f9f9f00, 0x6e6e6e00, 
+    0xbcbcbc00, 0x8e8e8e00, 0x29292900, 0xf5f5f500, 0xf9f9f900, 0xb6b6b600, 
+    0x2f2f2f00, 0xfdfdfd00, 0xb4b4b400, 0x59595900, 0x78787800, 0x98989800, 
+    0x06060600, 0x6a6a6a00, 0xe7e7e700, 0x46464600, 0x71717100, 0xbababa00, 
+    0xd4d4d400, 0x25252500, 0xababab00, 0x42424200, 0x88888800, 0xa2a2a200, 
+    0x8d8d8d00, 0xfafafa00, 0x72727200, 0x07070700, 0xb9b9b900, 0x55555500, 
+    0xf8f8f800, 0xeeeeee00, 0xacacac00, 0x0a0a0a00, 0x36363600, 0x49494900, 
+    0x2a2a2a00, 0x68686800, 0x3c3c3c00, 0x38383800, 0xf1f1f100, 0xa4a4a400, 
+    0x40404000, 0x28282800, 0xd3d3d300, 0x7b7b7b00, 0xbbbbbb00, 0xc9c9c900, 
+    0x43434300, 0xc1c1c100, 0x15151500, 0xe3e3e300, 0xadadad00, 0xf4f4f400, 
+    0x77777700, 0xc7c7c700, 0x80808000, 0x9e9e9e00 },
+{   0x70700070, 0x2c2c002c, 0xb3b300b3, 0xc0c000c0, 0xe4e400e4, 0x57570057, 
+    0xeaea00ea, 0xaeae00ae, 0x23230023, 0x6b6b006b, 0x45450045, 0xa5a500a5, 
+    0xeded00ed, 0x4f4f004f, 0x1d1d001d, 0x92920092, 0x86860086, 0xafaf00af, 
+    0x7c7c007c, 0x1f1f001f, 0x3e3e003e, 0xdcdc00dc, 0x5e5e005e, 0x0b0b000b, 
+    0xa6a600a6, 0x39390039, 0xd5d500d5, 0x5d5d005d, 0xd9d900d9, 0x5a5a005a, 
+    0x51510051, 0x6c6c006c, 0x8b8b008b, 0x9a9a009a, 0xfbfb00fb, 0xb0b000b0, 
+    0x74740074, 0x2b2b002b, 0xf0f000f0, 0x84840084, 0xdfdf00df, 0xcbcb00cb, 
+    0x34340034, 0x76760076, 0x6d6d006d, 0xa9a900a9, 0xd1d100d1, 0x04040004, 
+    0x14140014, 0x3a3a003a, 0xdede00de, 0x11110011, 0x32320032, 0x9c9c009c, 
+    0x53530053, 0xf2f200f2, 0xfefe00fe, 0xcfcf00cf, 0xc3c300c3, 0x7a7a007a, 
+    0x24240024, 0xe8e800e8, 0x60600060, 0x69690069, 0xaaaa00aa, 0xa0a000a0, 
+    0xa1a100a1, 0x62620062, 0x54540054, 0x1e1e001e, 0xe0e000e0, 0x64640064, 
+    0x10100010, 0x00000000, 0xa3a300a3, 0x75750075, 0x8a8a008a, 0xe6e600e6, 
+    0x09090009, 0xdddd00dd, 0x87870087, 0x83830083, 0xcdcd00cd, 0x90900090, 
+    0x73730073, 0xf6f600f6, 0x9d9d009d, 0xbfbf00bf, 0x52520052, 0xd8d800d8, 
+    0xc8c800c8, 0xc6c600c6, 0x81810081, 0x6f6f006f, 0x13130013, 0x63630063, 
+    0xe9e900e9, 0xa7a700a7, 0x9f9f009f, 0xbcbc00bc, 0x29290029, 0xf9f900f9, 
+    0x2f2f002f, 0xb4b400b4, 0x78780078, 0x06060006, 0xe7e700e7, 0x71710071, 
+    0xd4d400d4, 0xabab00ab, 0x88880088, 0x8d8d008d, 0x72720072, 0xb9b900b9, 
+    0xf8f800f8, 0xacac00ac, 0x36360036, 0x2a2a002a, 0x3c3c003c, 0xf1f100f1, 
+    0x40400040, 0xd3d300d3, 0xbbbb00bb, 0x43430043, 0x15150015, 0xadad00ad, 
+    0x77770077, 0x80800080, 0x82820082, 0xecec00ec, 0x27270027, 0xe5e500e5, 
+    0x85850085, 0x35350035, 0x0c0c000c, 0x41410041, 0xefef00ef, 0x93930093, 
+    0x19190019, 0x21210021, 0x0e0e000e, 0x4e4e004e, 0x65650065, 0xbdbd00bd, 
+    0xb8b800b8, 0x8f8f008f, 0xebeb00eb, 0xcece00ce, 0x30300030, 0x5f5f005f, 
+    0xc5c500c5, 0x1a1a001a, 0xe1e100e1, 0xcaca00ca, 0x47470047, 0x3d3d003d, 
+    0x01010001, 0xd6d600d6, 0x56560056, 0x4d4d004d, 0x0d0d000d, 0x66660066, 
+    0xcccc00cc, 0x2d2d002d, 0x12120012, 0x20200020, 0xb1b100b1, 0x99990099, 
+    0x4c4c004c, 0xc2c200c2, 0x7e7e007e, 0x05050005, 0xb7b700b7, 0x31310031, 
+    0x17170017, 0xd7d700d7, 0x58580058, 0x61610061, 0x1b1b001b, 0x1c1c001c, 
+    0x0f0f000f, 0x16160016, 0x18180018, 0x22220022, 0x44440044, 0xb2b200b2, 
+    0xb5b500b5, 0x91910091, 0x08080008, 0xa8a800a8, 0xfcfc00fc, 0x50500050, 
+    0xd0d000d0, 0x7d7d007d, 0x89890089, 0x97970097, 0x5b5b005b, 0x95950095, 
+    0xffff00ff, 0xd2d200d2, 0xc4c400c4, 0x48480048, 0xf7f700f7, 0xdbdb00db, 
+    0x03030003, 0xdada00da, 0x3f3f003f, 0x94940094, 0x5c5c005c, 0x02020002, 
+    0x4a4a004a, 0x33330033, 0x67670067, 0xf3f300f3, 0x7f7f007f, 0xe2e200e2, 
+    0x9b9b009b, 0x26260026, 0x37370037, 0x3b3b003b, 0x96960096, 0x4b4b004b, 
+    0xbebe00be, 0x2e2e002e, 0x79790079, 0x8c8c008c, 0x6e6e006e, 0x8e8e008e, 
+    0xf5f500f5, 0xb6b600b6, 0xfdfd00fd, 0x59590059, 0x98980098, 0x6a6a006a, 
+    0x46460046, 0xbaba00ba, 0x25250025, 0x42420042, 0xa2a200a2, 0xfafa00fa, 
+    0x07070007, 0x55550055, 0xeeee00ee, 0x0a0a000a, 0x49490049, 0x68680068, 
+    0x38380038, 0xa4a400a4, 0x28280028, 0x7b7b007b, 0xc9c900c9, 0xc1c100c1, 
+    0xe3e300e3, 0xf4f400f4, 0xc7c700c7, 0x9e9e009e },
+{   0x00e0e0e0, 0x00050505, 0x00585858, 0x00d9d9d9, 0x00676767, 0x004e4e4e, 
+    0x00818181, 0x00cbcbcb, 0x00c9c9c9, 0x000b0b0b, 0x00aeaeae, 0x006a6a6a, 
+    0x00d5d5d5, 0x00181818, 0x005d5d5d, 0x00828282, 0x00464646, 0x00dfdfdf, 
+    0x00d6d6d6, 0x00272727, 0x008a8a8a, 0x00323232, 0x004b4b4b, 0x00424242, 
+    0x00dbdbdb, 0x001c1c1c, 0x009e9e9e, 0x009c9c9c, 0x003a3a3a, 0x00cacaca, 
+    0x00252525, 0x007b7b7b, 0x000d0d0d, 0x00717171, 0x005f5f5f, 0x001f1f1f, 
+    0x00f8f8f8, 0x00d7d7d7, 0x003e3e3e, 0x009d9d9d, 0x007c7c7c, 0x00606060, 
+    0x00b9b9b9, 0x00bebebe, 0x00bcbcbc, 0x008b8b8b, 0x00161616, 0x00343434, 
+    0x004d4d4d, 0x00c3c3c3, 0x00727272, 0x00959595, 0x00ababab, 0x008e8e8e, 
+    0x00bababa, 0x007a7a7a, 0x00b3b3b3, 0x00020202, 0x00b4b4b4, 0x00adadad, 
+    0x00a2a2a2, 0x00acacac, 0x00d8d8d8, 0x009a9a9a, 0x00171717, 0x001a1a1a, 
+    0x00353535, 0x00cccccc, 0x00f7f7f7, 0x00999999, 0x00616161, 0x005a5a5a, 
+    0x00e8e8e8, 0x00242424, 0x00565656, 0x00404040, 0x00e1e1e1, 0x00636363, 
+    0x00090909, 0x00333333, 0x00bfbfbf, 0x00989898, 0x00979797, 0x00858585, 
+    0x00686868, 0x00fcfcfc, 0x00ececec, 0x000a0a0a, 0x00dadada, 0x006f6f6f, 
+    0x00535353, 0x00626262, 0x00a3a3a3, 0x002e2e2e, 0x00080808, 0x00afafaf, 
+    0x00282828, 0x00b0b0b0, 0x00747474, 0x00c2c2c2, 0x00bdbdbd, 0x00363636, 
+    0x00222222, 0x00383838, 0x00646464, 0x001e1e1e, 0x00393939, 0x002c2c2c, 
+    0x00a6a6a6, 0x00303030, 0x00e5e5e5, 0x00444444, 0x00fdfdfd, 0x00888888, 
+    0x009f9f9f, 0x00656565, 0x00878787, 0x006b6b6b, 0x00f4f4f4, 0x00232323, 
+    0x00484848, 0x00101010, 0x00d1d1d1, 0x00515151, 0x00c0c0c0, 0x00f9f9f9, 
+    0x00d2d2d2, 0x00a0a0a0, 0x00555555, 0x00a1a1a1, 0x00414141, 0x00fafafa, 
+    0x00434343, 0x00131313, 0x00c4c4c4, 0x002f2f2f, 0x00a8a8a8, 0x00b6b6b6, 
+    0x003c3c3c, 0x002b2b2b, 0x00c1c1c1, 0x00ffffff, 0x00c8c8c8, 0x00a5a5a5, 
+    0x00202020, 0x00898989, 0x00000000, 0x00909090, 0x00474747, 0x00efefef, 
+    0x00eaeaea, 0x00b7b7b7, 0x00151515, 0x00060606, 0x00cdcdcd, 0x00b5b5b5, 
+    0x00121212, 0x007e7e7e, 0x00bbbbbb, 0x00292929, 0x000f0f0f, 0x00b8b8b8, 
+    0x00070707, 0x00040404, 0x009b9b9b, 0x00949494, 0x00212121, 0x00666666, 
+    0x00e6e6e6, 0x00cecece, 0x00ededed, 0x00e7e7e7, 0x003b3b3b, 0x00fefefe, 
+    0x007f7f7f, 0x00c5c5c5, 0x00a4a4a4, 0x00373737, 0x00b1b1b1, 0x004c4c4c, 
+    0x00919191, 0x006e6e6e, 0x008d8d8d, 0x00767676, 0x00030303, 0x002d2d2d, 
+    0x00dedede, 0x00969696, 0x00262626, 0x007d7d7d, 0x00c6c6c6, 0x005c5c5c, 
+    0x00d3d3d3, 0x00f2f2f2, 0x004f4f4f, 0x00191919, 0x003f3f3f, 0x00dcdcdc, 
+    0x00797979, 0x001d1d1d, 0x00525252, 0x00ebebeb, 0x00f3f3f3, 0x006d6d6d, 
+    0x005e5e5e, 0x00fbfbfb, 0x00696969, 0x00b2b2b2, 0x00f0f0f0, 0x00313131, 
+    0x000c0c0c, 0x00d4d4d4, 0x00cfcfcf, 0x008c8c8c, 0x00e2e2e2, 0x00757575, 
+    0x00a9a9a9, 0x004a4a4a, 0x00575757, 0x00848484, 0x00111111, 0x00454545, 
+    0x001b1b1b, 0x00f5f5f5, 0x00e4e4e4, 0x000e0e0e, 0x00737373, 0x00aaaaaa, 
+    0x00f1f1f1, 0x00dddddd, 0x00595959, 0x00141414, 0x006c6c6c, 0x00929292, 
+    0x00545454, 0x00d0d0d0, 0x00787878, 0x00707070, 0x00e3e3e3, 0x00494949, 
+    0x00808080, 0x00505050, 0x00a7a7a7, 0x00f6f6f6, 0x00777777, 0x00939393, 
+    0x00868686, 0x00838383, 0x002a2a2a, 0x00c7c7c7, 0x005b5b5b, 0x00e9e9e9, 
+    0x00eeeeee, 0x008f8f8f, 0x00010101, 0x003d3d3d },
+{   0x38003838, 0x41004141, 0x16001616, 0x76007676, 0xd900d9d9, 0x93009393, 
+    0x60006060, 0xf200f2f2, 0x72007272, 0xc200c2c2, 0xab00abab, 0x9a009a9a, 
+    0x75007575, 0x06000606, 0x57005757, 0xa000a0a0, 0x91009191, 0xf700f7f7, 
+    0xb500b5b5, 0xc900c9c9, 0xa200a2a2, 0x8c008c8c, 0xd200d2d2, 0x90009090, 
+    0xf600f6f6, 0x07000707, 0xa700a7a7, 0x27002727, 0x8e008e8e, 0xb200b2b2, 
+    0x49004949, 0xde00dede, 0x43004343, 0x5c005c5c, 0xd700d7d7, 0xc700c7c7, 
+    0x3e003e3e, 0xf500f5f5, 0x8f008f8f, 0x67006767, 0x1f001f1f, 0x18001818, 
+    0x6e006e6e, 0xaf00afaf, 0x2f002f2f, 0xe200e2e2, 0x85008585, 0x0d000d0d, 
+    0x53005353, 0xf000f0f0, 0x9c009c9c, 0x65006565, 0xea00eaea, 0xa300a3a3, 
+    0xae00aeae, 0x9e009e9e, 0xec00ecec, 0x80008080, 0x2d002d2d, 0x6b006b6b, 
+    0xa800a8a8, 0x2b002b2b, 0x36003636, 0xa600a6a6, 0xc500c5c5, 0x86008686, 
+    0x4d004d4d, 0x33003333, 0xfd00fdfd, 0x66006666, 0x58005858, 0x96009696, 
+    0x3a003a3a, 0x09000909, 0x95009595, 0x10001010, 0x78007878, 0xd800d8d8, 
+    0x42004242, 0xcc00cccc, 0xef00efef, 0x26002626, 0xe500e5e5, 0x61006161, 
+    0x1a001a1a, 0x3f003f3f, 0x3b003b3b, 0x82008282, 0xb600b6b6, 0xdb00dbdb, 
+    0xd400d4d4, 0x98009898, 0xe800e8e8, 0x8b008b8b, 0x02000202, 0xeb00ebeb, 
+    0x0a000a0a, 0x2c002c2c, 0x1d001d1d, 0xb000b0b0, 0x6f006f6f, 0x8d008d8d, 
+    0x88008888, 0x0e000e0e, 0x19001919, 0x87008787, 0x4e004e4e, 0x0b000b0b, 
+    0xa900a9a9, 0x0c000c0c, 0x79007979, 0x11001111, 0x7f007f7f, 0x22002222, 
+    0xe700e7e7, 0x59005959, 0xe100e1e1, 0xda00dada, 0x3d003d3d, 0xc800c8c8, 
+    0x12001212, 0x04000404, 0x74007474, 0x54005454, 0x30003030, 0x7e007e7e, 
+    0xb400b4b4, 0x28002828, 0x55005555, 0x68006868, 0x50005050, 0xbe00bebe, 
+    0xd000d0d0, 0xc400c4c4, 0x31003131, 0xcb00cbcb, 0x2a002a2a, 0xad00adad, 
+    0x0f000f0f, 0xca00caca, 0x70007070, 0xff00ffff, 0x32003232, 0x69006969, 
+    0x08000808, 0x62006262, 0x00000000, 0x24002424, 0xd100d1d1, 0xfb00fbfb, 
+    0xba00baba, 0xed00eded, 0x45004545, 0x81008181, 0x73007373, 0x6d006d6d, 
+    0x84008484, 0x9f009f9f, 0xee00eeee, 0x4a004a4a, 0xc300c3c3, 0x2e002e2e, 
+    0xc100c1c1, 0x01000101, 0xe600e6e6, 0x25002525, 0x48004848, 0x99009999, 
+    0xb900b9b9, 0xb300b3b3, 0x7b007b7b, 0xf900f9f9, 0xce00cece, 0xbf00bfbf, 
+    0xdf00dfdf, 0x71007171, 0x29002929, 0xcd00cdcd, 0x6c006c6c, 0x13001313, 
+    0x64006464, 0x9b009b9b, 0x63006363, 0x9d009d9d, 0xc000c0c0, 0x4b004b4b, 
+    0xb700b7b7, 0xa500a5a5, 0x89008989, 0x5f005f5f, 0xb100b1b1, 0x17001717, 
+    0xf400f4f4, 0xbc00bcbc, 0xd300d3d3, 0x46004646, 0xcf00cfcf, 0x37003737, 
+    0x5e005e5e, 0x47004747, 0x94009494, 0xfa00fafa, 0xfc00fcfc, 0x5b005b5b, 
+    0x97009797, 0xfe00fefe, 0x5a005a5a, 0xac00acac, 0x3c003c3c, 0x4c004c4c, 
+    0x03000303, 0x35003535, 0xf300f3f3, 0x23002323, 0xb800b8b8, 0x5d005d5d, 
+    0x6a006a6a, 0x92009292, 0xd500d5d5, 0x21002121, 0x44004444, 0x51005151, 
+    0xc600c6c6, 0x7d007d7d, 0x39003939, 0x83008383, 0xdc00dcdc, 0xaa00aaaa, 
+    0x7c007c7c, 0x77007777, 0x56005656, 0x05000505, 0x1b001b1b, 0xa400a4a4, 
+    0x15001515, 0x34003434, 0x1e001e1e, 0x1c001c1c, 0xf800f8f8, 0x52005252, 
+    0x20002020, 0x14001414, 0xe900e9e9, 0xbd00bdbd, 0xdd00dddd, 0xe400e4e4, 
+    0xa100a1a1, 0xe000e0e0, 0x8a008a8a, 0xf100f1f1, 0xd600d6d6, 0x7a007a7a, 
+    0xbb00bbbb, 0xe300e3e3, 0x40004040, 0x4f004f4f }
+};
+/* Key generation constants */
+static const u32 SIGMA[] = {
+    0xa09e667f, 0x3bcc908b, 0xb67ae858, 0x4caa73b2, 0xc6ef372f, 0xe94f82be,
+    0x54ff53a5, 0xf1d36f1c, 0x10e527fa, 0xde682d1d, 0xb05688c2, 0xb3e6c1fd
+};
+/* The phi algorithm given in C.2.7 of the Camellia spec document. */
 /*
- *  macros
+ * This version does not attempt to minimize amount of temporary
+ * variables, but instead explicitly exposes algorithm's parallelism.
+ * It is therefore most appropriate for platforms with not less than
+ * ~16 registers. For platforms with less registers [well, x86 to be
+ * specific] assembler version should be/is provided anyway...
 */
+#define Camellia_Feistel(_s0,_s1,_s2,_s3,_key) do {\
-/* e is pointer of subkey */
+        register u32 _t0,_t1,_t2,_t3;\
-#define CamelliaSubkeyL(INDEX) (subkey[(INDEX)*2])
+\
-#define CamelliaSubkeyR(INDEX) (subkey[(INDEX)*2 + 1])
+        _t0  = _s0 ^ (_key)[0];\
+        _t3  = SBOX4_4404[_t0&0xff];\
-/* rotation right shift 1byte */
+        _t1  = _s1 ^ (_key)[1];\
-#define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24))
+        _t3 ^= SBOX3_3033[(_t0 >> 8)&0xff];\
-/* rotation left shift 1bit */
+        _t2  = SBOX1_1110[_t1&0xff];\
-#define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31))
+        _t3 ^= SBOX2_0222[(_t0 >> 16)&0xff];\
-/* rotation left shift 1byte */
+        _t2 ^= SBOX4_4404[(_t1 >> 8)&0xff];\
-#define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24))
+        _t3 ^= SBOX1_1110[(_t0 >> 24)];\
+        _t2 ^= _t3;\
-#define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits)    \
+        _t3  = RightRotate(_t3,8);\
-do                                                      \
+        _t2 ^= SBOX3_3033[(_t1 >> 16)&0xff];\
-        {                                               \
+        _s3 ^= _t3;\
-        w0 = ll;                                        \
+        _t2 ^= SBOX2_0222[(_t1 >> 24)];\
-        ll = (ll << bits) + (lr >> (32 - bits));        \
+        _s2 ^= _t2; \
-        lr = (lr << bits) + (rl >> (32 - bits));        \
+        _s3 ^= _t2;\
-        rl = (rl << bits) + (rr >> (32 - bits));        \
+} while(0)
-        rr = (rr << bits) + (w0 >> (32 - bits));        \
-        } while(0)
-#define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \
-do                                                      \
-        {                                               \
-        w0 = ll;                                        \
-        w1 = lr;                                        \
-        ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \
-        lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \
-        rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \
-        rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \
-        } while(0)
-#define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)])
-#define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)])
-#define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)])
-#define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)])
-#define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1)              \
-do                                                                      \
-        {                                                               \
-        il = xl ^ kl;                                                   \
-        ir = xr ^ kr;                                                   \
-        t0 = il >> 16;                                                  \
-        t1 = ir >> 16;                                                  \
-        yl = CAMELLIA_SP1110(ir & 0xff)                                 \
-                ^ CAMELLIA_SP0222((t1 >> 8) & 0xff)                     \
-                ^ CAMELLIA_SP3033(t1 & 0xff)                            \
-                ^ CAMELLIA_SP4404((ir >> 8) & 0xff);                    \
-        yr = CAMELLIA_SP1110((t0 >> 8) & 0xff)                          \
-                ^ CAMELLIA_SP0222(t0 & 0xff)                            \
-                ^ CAMELLIA_SP3033((il >> 8) & 0xff)                     \
-                ^ CAMELLIA_SP4404(il & 0xff);                           \
-        yl ^= yr;                                                       \
-        yr = CAMELLIA_RR8(yr);                                          \
-        yr ^= yl;                                                       \
-        } while(0)
 /*
- * for speed up
+ * Note that n has to be less than 32. Rotations for larger amount
- *
+ * of bits are achieved by "rotating" order of s-elements and
+ * adjusting n accordingly, e.g. RotLeft128(s1,s2,s3,s0,n-32).
 */
-#define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \
+#define RotLeft128(_s0,_s1,_s2,_s3,_n) do {\
-do                                                                      \
+        u32 _t0=_s0>>(32-_n);\
-        {                                                               \
+        _s0 = (_s0<<_n) | (_s1>>(32-_n));\
-        t0 = kll;                                                       \
+        _s1 = (_s1<<_n) | (_s2>>(32-_n));\
-        t0 &= ll;                                                       \
+        _s2 = (_s2<<_n) | (_s3>>(32-_n));\
-        lr ^= CAMELLIA_RL1(t0);                                         \
+        _s3 = (_s3<<_n) | _t0;\
-        t1 = klr;                                                       \
+} while (0)
-        t1 |= lr;                                                       \
-        ll ^= t1;                                                       \
+int Camellia_Ekeygen(int keyBitLength, const u8 *rawKey, KEY_TABLE_TYPE k)
-                                                                        \
-        t2 = krr;                                                       \
-        t2 |= rr;                                                       \
-        rl ^= t2;                                                       \
-        t3 = krl;                                                       \
-        t3 &= rl;                                                       \
-        rr ^= CAMELLIA_RL1(t3);                                         \
-        } while(0)
-#define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1)        \
-do                                                                      \
-        {                                                               \
-        il = xl;                                                        \
-        ir = xr;                                                        \
-        t0 = il >> 16;                                                  \
-        t1 = ir >> 16;                                                  \
-        ir = CAMELLIA_SP1110(ir & 0xff)                                 \
-                ^ CAMELLIA_SP0222((t1 >> 8) & 0xff)                     \
-                ^ CAMELLIA_SP3033(t1 & 0xff)                            \
-                ^ CAMELLIA_SP4404((ir >> 8) & 0xff);                    \
-        il = CAMELLIA_SP1110((t0 >> 8) & 0xff)                          \
-                ^ CAMELLIA_SP0222(t0 & 0xff)                            \
-                ^ CAMELLIA_SP3033((il >> 8) & 0xff)                     \
-                ^ CAMELLIA_SP4404(il & 0xff);                           \
-        il ^= kl;                                                       \
-        ir ^= kr;                                                       \
-        ir ^= il;                                                       \
-        il = CAMELLIA_RR8(il);                                          \
-        il ^= ir;                                                       \
-        yl ^= ir;                                                       \
-        yr ^= il;                                                       \
-        } while(0)
-static const u32 camellia_sp1110[256] =
-        {
-        0x70707000,0x82828200,0x2c2c2c00,0xececec00,
-        0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500,
-        0xe4e4e400,0x85858500,0x57575700,0x35353500,
-        0xeaeaea00,0x0c0c0c00,0xaeaeae00,0x41414100,
-        0x23232300,0xefefef00,0x6b6b6b00,0x93939300,
-        0x45454500,0x19191900,0xa5a5a500,0x21212100,
-        0xededed00,0x0e0e0e00,0x4f4f4f00,0x4e4e4e00,
-        0x1d1d1d00,0x65656500,0x92929200,0xbdbdbd00,
-        0x86868600,0xb8b8b800,0xafafaf00,0x8f8f8f00,
-        0x7c7c7c00,0xebebeb00,0x1f1f1f00,0xcecece00,
-        0x3e3e3e00,0x30303000,0xdcdcdc00,0x5f5f5f00,
-        0x5e5e5e00,0xc5c5c500,0x0b0b0b00,0x1a1a1a00,
-        0xa6a6a600,0xe1e1e100,0x39393900,0xcacaca00,
-        0xd5d5d500,0x47474700,0x5d5d5d00,0x3d3d3d00,
-        0xd9d9d900,0x01010100,0x5a5a5a00,0xd6d6d600,
-        0x51515100,0x56565600,0x6c6c6c00,0x4d4d4d00,
-        0x8b8b8b00,0x0d0d0d00,0x9a9a9a00,0x66666600,
-        0xfbfbfb00,0xcccccc00,0xb0b0b000,0x2d2d2d00,
-        0x74747400,0x12121200,0x2b2b2b00,0x20202000,
-        0xf0f0f000,0xb1b1b100,0x84848400,0x99999900,
-        0xdfdfdf00,0x4c4c4c00,0xcbcbcb00,0xc2c2c200,
-        0x34343400,0x7e7e7e00,0x76767600,0x05050500,
-        0x6d6d6d00,0xb7b7b700,0xa9a9a900,0x31313100,
-        0xd1d1d100,0x17171700,0x04040400,0xd7d7d700,
-        0x14141400,0x58585800,0x3a3a3a00,0x61616100,
-        0xdedede00,0x1b1b1b00,0x11111100,0x1c1c1c00,
-        0x32323200,0x0f0f0f00,0x9c9c9c00,0x16161600,
-        0x53535300,0x18181800,0xf2f2f200,0x22222200,
-        0xfefefe00,0x44444400,0xcfcfcf00,0xb2b2b200,
-        0xc3c3c300,0xb5b5b500,0x7a7a7a00,0x91919100,
-        0x24242400,0x08080800,0xe8e8e800,0xa8a8a800,
-        0x60606000,0xfcfcfc00,0x69696900,0x50505000,
-        0xaaaaaa00,0xd0d0d000,0xa0a0a000,0x7d7d7d00,
-        0xa1a1a100,0x89898900,0x62626200,0x97979700,
-        0x54545400,0x5b5b5b00,0x1e1e1e00,0x95959500,
-        0xe0e0e000,0xffffff00,0x64646400,0xd2d2d200,
-        0x10101000,0xc4c4c400,0x00000000,0x48484800,
-        0xa3a3a300,0xf7f7f700,0x75757500,0xdbdbdb00,
-        0x8a8a8a00,0x03030300,0xe6e6e600,0xdadada00,
-        0x09090900,0x3f3f3f00,0xdddddd00,0x94949400,
-        0x87878700,0x5c5c5c00,0x83838300,0x02020200,
-        0xcdcdcd00,0x4a4a4a00,0x90909000,0x33333300,
-        0x73737300,0x67676700,0xf6f6f600,0xf3f3f300,
-        0x9d9d9d00,0x7f7f7f00,0xbfbfbf00,0xe2e2e200,
-        0x52525200,0x9b9b9b00,0xd8d8d800,0x26262600,
-        0xc8c8c800,0x37373700,0xc6c6c600,0x3b3b3b00,
-        0x81818100,0x96969600,0x6f6f6f00,0x4b4b4b00,
-        0x13131300,0xbebebe00,0x63636300,0x2e2e2e00,
-        0xe9e9e900,0x79797900,0xa7a7a700,0x8c8c8c00,
-        0x9f9f9f00,0x6e6e6e00,0xbcbcbc00,0x8e8e8e00,
-        0x29292900,0xf5f5f500,0xf9f9f900,0xb6b6b600,
-        0x2f2f2f00,0xfdfdfd00,0xb4b4b400,0x59595900,
-        0x78787800,0x98989800,0x06060600,0x6a6a6a00,
-        0xe7e7e700,0x46464600,0x71717100,0xbababa00,
-        0xd4d4d400,0x25252500,0xababab00,0x42424200,
-        0x88888800,0xa2a2a200,0x8d8d8d00,0xfafafa00,
-        0x72727200,0x07070700,0xb9b9b900,0x55555500,
-        0xf8f8f800,0xeeeeee00,0xacacac00,0x0a0a0a00,
-        0x36363600,0x49494900,0x2a2a2a00,0x68686800,
-        0x3c3c3c00,0x38383800,0xf1f1f100,0xa4a4a400,
-        0x40404000,0x28282800,0xd3d3d300,0x7b7b7b00,
-        0xbbbbbb00,0xc9c9c900,0x43434300,0xc1c1c100,
-        0x15151500,0xe3e3e300,0xadadad00,0xf4f4f400,
-        0x77777700,0xc7c7c700,0x80808000,0x9e9e9e00,
-        };
-static const u32 camellia_sp0222[256] =
        {
-        0x00e0e0e0,0x00050505,0x00585858,0x00d9d9d9,
+        register u32 s0,s1,s2,s3;
-        0x00676767,0x004e4e4e,0x00818181,0x00cbcbcb,
-        0x00c9c9c9,0x000b0b0b,0x00aeaeae,0x006a6a6a,
+        k[0] = s0 = GETU32(rawKey);
-        0x00d5d5d5,0x00181818,0x005d5d5d,0x00828282,
+        k[1] = s1 = GETU32(rawKey+4);
-        0x00464646,0x00dfdfdf,0x00d6d6d6,0x00272727,
+        k[2] = s2 = GETU32(rawKey+8);
-        0x008a8a8a,0x00323232,0x004b4b4b,0x00424242,
+        k[3] = s3 = GETU32(rawKey+12);
-        0x00dbdbdb,0x001c1c1c,0x009e9e9e,0x009c9c9c,
-        0x003a3a3a,0x00cacaca,0x00252525,0x007b7b7b,
+        if (keyBitLength != 128)
-        0x000d0d0d,0x00717171,0x005f5f5f,0x001f1f1f,
+                {
-        0x00f8f8f8,0x00d7d7d7,0x003e3e3e,0x009d9d9d,
+                k[8] = s0 = GETU32(rawKey+16);
-        0x007c7c7c,0x00606060,0x00b9b9b9,0x00bebebe,
+                k[9] = s1 = GETU32(rawKey+20);
-        0x00bcbcbc,0x008b8b8b,0x00161616,0x00343434,
+                if (keyBitLength == 192)
-        0x004d4d4d,0x00c3c3c3,0x00727272,0x00959595,
+                        {
-        0x00ababab,0x008e8e8e,0x00bababa,0x007a7a7a,
+                        k[10] = s2 = ~s0;
-        0x00b3b3b3,0x00020202,0x00b4b4b4,0x00adadad,
+                        k[11] = s3 = ~s1;
-        0x00a2a2a2,0x00acacac,0x00d8d8d8,0x009a9a9a,
+                        }
-        0x00171717,0x001a1a1a,0x00353535,0x00cccccc,
+                else
-        0x00f7f7f7,0x00999999,0x00616161,0x005a5a5a,
+                        {
-        0x00e8e8e8,0x00242424,0x00565656,0x00404040,
+                        k[10] = s2 = GETU32(rawKey+24);
-        0x00e1e1e1,0x00636363,0x00090909,0x00333333,
+                        k[11] = s3 = GETU32(rawKey+28);
-        0x00bfbfbf,0x00989898,0x00979797,0x00858585,
+                        }
-        0x00686868,0x00fcfcfc,0x00ececec,0x000a0a0a,
+                s0 ^= k[0], s1 ^= k[1], s2 ^= k[2], s3 ^= k[3];
-        0x00dadada,0x006f6f6f,0x00535353,0x00626262,
+                }
-        0x00a3a3a3,0x002e2e2e,0x00080808,0x00afafaf,
-        0x00282828,0x00b0b0b0,0x00747474,0x00c2c2c2,
+        /* Use the Feistel routine to scramble the key material */
-        0x00bdbdbd,0x00363636,0x00222222,0x00383838,
+        Camellia_Feistel(s0,s1,s2,s3,SIGMA+0);
-        0x00646464,0x001e1e1e,0x00393939,0x002c2c2c,
+        Camellia_Feistel(s2,s3,s0,s1,SIGMA+2);
-        0x00a6a6a6,0x00303030,0x00e5e5e5,0x00444444,
-        0x00fdfdfd,0x00888888,0x009f9f9f,0x00656565,
+        s0 ^= k[0], s1 ^= k[1], s2 ^= k[2], s3 ^= k[3];
-        0x00878787,0x006b6b6b,0x00f4f4f4,0x00232323,
+        Camellia_Feistel(s0,s1,s2,s3,SIGMA+4);
-        0x00484848,0x00101010,0x00d1d1d1,0x00515151,
+        Camellia_Feistel(s2,s3,s0,s1,SIGMA+6);
-        0x00c0c0c0,0x00f9f9f9,0x00d2d2d2,0x00a0a0a0,
-        0x00555555,0x00a1a1a1,0x00414141,0x00fafafa,
+        /* Fill the keyTable. Requires many block rotations. */
-        0x00434343,0x00131313,0x00c4c4c4,0x002f2f2f,
+        if (keyBitLength == 128)
-        0x00a8a8a8,0x00b6b6b6,0x003c3c3c,0x002b2b2b,
+                {
-        0x00c1c1c1,0x00ffffff,0x00c8c8c8,0x00a5a5a5,
+                k[ 4] = s0, k[ 5] = s1, k[ 6] = s2, k[ 7] = s3;
-        0x00202020,0x00898989,0x00000000,0x00909090,
+                RotLeft128(s0,s1,s2,s3,15);     /* KA <<< 15 */
-        0x00474747,0x00efefef,0x00eaeaea,0x00b7b7b7,
+                k[12] = s0, k[13] = s1, k[14] = s2, k[15] = s3;
-        0x00151515,0x00060606,0x00cdcdcd,0x00b5b5b5,
+                RotLeft128(s0,s1,s2,s3,15);     /* KA <<< 30 */
-        0x00121212,0x007e7e7e,0x00bbbbbb,0x00292929,
+                k[16] = s0, k[17] = s1, k[18] = s2, k[19] = s3;
-        0x000f0f0f,0x00b8b8b8,0x00070707,0x00040404,
+                RotLeft128(s0,s1,s2,s3,15);     /* KA <<< 45 */
-        0x009b9b9b,0x00949494,0x00212121,0x00666666,
+                k[24] = s0, k[25] = s1;
-        0x00e6e6e6,0x00cecece,0x00ededed,0x00e7e7e7,
+                RotLeft128(s0,s1,s2,s3,15);     /* KA <<< 60 */
-        0x003b3b3b,0x00fefefe,0x007f7f7f,0x00c5c5c5,
+                k[28] = s0, k[29] = s1, k[30] = s2, k[31] = s3;
-        0x00a4a4a4,0x00373737,0x00b1b1b1,0x004c4c4c,
+                RotLeft128(s1,s2,s3,s0,2);      /* KA <<< 94 */
-        0x00919191,0x006e6e6e,0x008d8d8d,0x00767676,
+                k[40] = s1, k[41] = s2, k[42] = s3, k[43] = s0;
-        0x00030303,0x002d2d2d,0x00dedede,0x00969696,
+                RotLeft128(s1,s2,s3,s0,17);     /* KA <<<111 */
-        0x00262626,0x007d7d7d,0x00c6c6c6,0x005c5c5c,
+                k[48] = s1, k[49] = s2, k[50] = s3, k[51] = s0;
-        0x00d3d3d3,0x00f2f2f2,0x004f4f4f,0x00191919,
-        0x003f3f3f,0x00dcdcdc,0x00797979,0x001d1d1d,
+                s0 = k[ 0], s1 = k[ 1], s2 = k[ 2], s3 = k[ 3];
-        0x00525252,0x00ebebeb,0x00f3f3f3,0x006d6d6d,
+                RotLeft128(s0,s1,s2,s3,15);     /* KL <<< 15 */
-        0x005e5e5e,0x00fbfbfb,0x00696969,0x00b2b2b2,
+                k[ 8] = s0, k[ 9] = s1, k[10] = s2, k[11] = s3;
-        0x00f0f0f0,0x00313131,0x000c0c0c,0x00d4d4d4,
+                RotLeft128(s0,s1,s2,s3,30);     /* KL <<< 45 */
-        0x00cfcfcf,0x008c8c8c,0x00e2e2e2,0x00757575,
+                k[20] = s0, k[21] = s1, k[22] = s2, k[23] = s3;
-        0x00a9a9a9,0x004a4a4a,0x00575757,0x00848484,
+                RotLeft128(s0,s1,s2,s3,15);     /* KL <<< 60 */
-        0x00111111,0x00454545,0x001b1b1b,0x00f5f5f5,
+                k[26] = s2, k[27] = s3;
-        0x00e4e4e4,0x000e0e0e,0x00737373,0x00aaaaaa,
+                RotLeft128(s0,s1,s2,s3,17);     /* KL <<< 77 */
-        0x00f1f1f1,0x00dddddd,0x00595959,0x00141414,
+                k[32] = s0, k[33] = s1, k[34] = s2, k[35] = s3;
-        0x006c6c6c,0x00929292,0x00545454,0x00d0d0d0,
+                RotLeft128(s0,s1,s2,s3,17);     /* KL <<< 94 */
-        0x00787878,0x00707070,0x00e3e3e3,0x00494949,
+                k[36] = s0, k[37] = s1, k[38] = s2, k[39] = s3;
-        0x00808080,0x00505050,0x00a7a7a7,0x00f6f6f6,
+                RotLeft128(s0,s1,s2,s3,17);     /* KL <<<111 */
-        0x00777777,0x00939393,0x00868686,0x00838383,
+                k[44] = s0, k[45] = s1, k[46] = s2, k[47] = s3;
-        0x002a2a2a,0x00c7c7c7,0x005b5b5b,0x00e9e9e9,
-        0x00eeeeee,0x008f8f8f,0x00010101,0x003d3d3d,
+                return 3;       /* grand rounds */
-        };
+                }
+        else
-static const u32 camellia_sp3033[256] =
+                {
-        {
+                k[12] = s0, k[13] = s1, k[14] = s2, k[15] = s3;
-        0x38003838,0x41004141,0x16001616,0x76007676,
+                s0 ^= k[8], s1 ^= k[9], s2 ^=k[10], s3 ^=k[11];
-        0xd900d9d9,0x93009393,0x60006060,0xf200f2f2,
+                Camellia_Feistel(s0,s1,s2,s3,(SIGMA+8));
-        0x72007272,0xc200c2c2,0xab00abab,0x9a009a9a,
+                Camellia_Feistel(s2,s3,s0,s1,(SIGMA+10));
-        0x75007575,0x06000606,0x57005757,0xa000a0a0,
-        0x91009191,0xf700f7f7,0xb500b5b5,0xc900c9c9,
+                k[ 4] = s0, k[ 5] = s1, k[ 6] = s2, k[ 7] = s3;
-        0xa200a2a2,0x8c008c8c,0xd200d2d2,0x90009090,
+                RotLeft128(s0,s1,s2,s3,30);     /* KB <<< 30 */
-        0xf600f6f6,0x07000707,0xa700a7a7,0x27002727,
+                k[20] = s0, k[21] = s1, k[22] = s2, k[23] = s3;
-        0x8e008e8e,0xb200b2b2,0x49004949,0xde00dede,
+                RotLeft128(s0,s1,s2,s3,30);     /* KB <<< 60 */
-        0x43004343,0x5c005c5c,0xd700d7d7,0xc700c7c7,
+                k[40] = s0, k[41] = s1, k[42] = s2, k[43] = s3;
-        0x3e003e3e,0xf500f5f5,0x8f008f8f,0x67006767,
+                RotLeft128(s1,s2,s3,s0,19);     /* KB <<<111 */
-        0x1f001f1f,0x18001818,0x6e006e6e,0xaf00afaf,
+                k[64] = s1, k[65] = s2, k[66] = s3, k[67] = s0;
-        0x2f002f2f,0xe200e2e2,0x85008585,0x0d000d0d,
-        0x53005353,0xf000f0f0,0x9c009c9c,0x65006565,
+                s0 = k[ 8], s1 = k[ 9], s2 = k[10], s3 = k[11];
-        0xea00eaea,0xa300a3a3,0xae00aeae,0x9e009e9e,
+                RotLeft128(s0,s1,s2,s3,15);     /* KR <<< 15 */
-        0xec00ecec,0x80008080,0x2d002d2d,0x6b006b6b,
+                k[ 8] = s0, k[ 9] = s1, k[10] = s2, k[11] = s3;
-        0xa800a8a8,0x2b002b2b,0x36003636,0xa600a6a6,
+                RotLeft128(s0,s1,s2,s3,15);     /* KR <<< 30 */
-        0xc500c5c5,0x86008686,0x4d004d4d,0x33003333,
+                k[16] = s0, k[17] = s1, k[18] = s2, k[19] = s3;
-        0xfd00fdfd,0x66006666,0x58005858,0x96009696,
+                RotLeft128(s0,s1,s2,s3,30);     /* KR <<< 60 */
-        0x3a003a3a,0x09000909,0x95009595,0x10001010,
+                k[36] = s0, k[37] = s1, k[38] = s2, k[39] = s3;
-        0x78007878,0xd800d8d8,0x42004242,0xcc00cccc,
+                RotLeft128(s1,s2,s3,s0,2);      /* KR <<< 94 */
-        0xef00efef,0x26002626,0xe500e5e5,0x61006161,
+                k[52] = s1, k[53] = s2, k[54] = s3, k[55] = s0;
-        0x1a001a1a,0x3f003f3f,0x3b003b3b,0x82008282,
-        0xb600b6b6,0xdb00dbdb,0xd400d4d4,0x98009898,
+                s0 = k[12], s1 = k[13], s2 = k[14], s3 = k[15];
-        0xe800e8e8,0x8b008b8b,0x02000202,0xeb00ebeb,
+                RotLeft128(s0,s1,s2,s3,15);     /* KA <<< 15 */
-        0x0a000a0a,0x2c002c2c,0x1d001d1d,0xb000b0b0,
+                k[12] = s0, k[13] = s1, k[14] = s2, k[15] = s3;
-        0x6f006f6f,0x8d008d8d,0x88008888,0x0e000e0e,
+                RotLeft128(s0,s1,s2,s3,30);     /* KA <<< 45 */
-        0x19001919,0x87008787,0x4e004e4e,0x0b000b0b,
+                k[28] = s0, k[29] = s1, k[30] = s2, k[31] = s3;
-        0xa900a9a9,0x0c000c0c,0x79007979,0x11001111,
+                                                /* KA <<< 77 */
-        0x7f007f7f,0x22002222,0xe700e7e7,0x59005959,
+                k[48] = s1, k[49] = s2, k[50] = s3, k[51] = s0;
-        0xe100e1e1,0xda00dada,0x3d003d3d,0xc800c8c8,
+                RotLeft128(s1,s2,s3,s0,17);     /* KA <<< 94 */
-        0x12001212,0x04000404,0x74007474,0x54005454,
+                k[56] = s1, k[57] = s2, k[58] = s3, k[59] = s0;
-        0x30003030,0x7e007e7e,0xb400b4b4,0x28002828,
-        0x55005555,0x68006868,0x50005050,0xbe00bebe,
+                s0 = k[ 0], s1 = k[ 1], s2 = k[ 2], s3 = k[ 3];
-        0xd000d0d0,0xc400c4c4,0x31003131,0xcb00cbcb,
+                RotLeft128(s1,s2,s3,s0,13);     /* KL <<< 45 */
-        0x2a002a2a,0xad00adad,0x0f000f0f,0xca00caca,
+                k[24] = s1, k[25] = s2, k[26] = s3, k[27] = s0;
-        0x70007070,0xff00ffff,0x32003232,0x69006969,
+                RotLeft128(s1,s2,s3,s0,15);     /* KL <<< 60 */
-        0x08000808,0x62006262,0x00000000,0x24002424,
+                k[32] = s1, k[33] = s2, k[34] = s3, k[35] = s0;
-        0xd100d1d1,0xfb00fbfb,0xba00baba,0xed00eded,
+                RotLeft128(s1,s2,s3,s0,17);     /* KL <<< 77 */
-        0x45004545,0x81008181,0x73007373,0x6d006d6d,
+                k[44] = s1, k[45] = s2, k[46] = s3, k[47] = s0;
-        0x84008484,0x9f009f9f,0xee00eeee,0x4a004a4a,
+                RotLeft128(s2,s3,s0,s1,2);      /* KL <<<111 */
-        0xc300c3c3,0x2e002e2e,0xc100c1c1,0x01000101,
+                k[60] = s2, k[61] = s3, k[62] = s0, k[63] = s1;
-        0xe600e6e6,0x25002525,0x48004848,0x99009999,
-        0xb900b9b9,0xb300b3b3,0x7b007b7b,0xf900f9f9,
+                return 4;       /* grand rounds */
-        0xce00cece,0xbf00bfbf,0xdf00dfdf,0x71007171,
+                }
-        0x29002929,0xcd00cdcd,0x6c006c6c,0x13001313,
+        /*
-        0x64006464,0x9b009b9b,0x63006363,0x9d009d9d,
+         * It is possible to perform certain precalculations, which
-        0xc000c0c0,0x4b004b4b,0xb700b7b7,0xa500a5a5,
+         * would spare few cycles in block procedure. It's not done,
-        0x89008989,0x5f005f5f,0xb100b1b1,0x17001717,
+         * because it upsets the performance balance between key
-        0xf400f4f4,0xbc00bcbc,0xd300d3d3,0x46004646,
+         * setup and block procedures, negatively affecting overall
-        0xcf00cfcf,0x37003737,0x5e005e5e,0x47004747,
+         * throughput in applications operating on short messages
-        0x94009494,0xfa00fafa,0xfc00fcfc,0x5b005b5b,
+         * and volatile keys.
-        0x97009797,0xfe00fefe,0x5a005a5a,0xac00acac,
+         */ 
-        0x3c003c3c,0x4c004c4c,0x03000303,0x35003535,
-        0xf300f3f3,0x23002323,0xb800b8b8,0x5d005d5d,
-        0x6a006a6a,0x92009292,0xd500d5d5,0x21002121,
-        0x44004444,0x51005151,0xc600c6c6,0x7d007d7d,
-        0x39003939,0x83008383,0xdc00dcdc,0xaa00aaaa,
-        0x7c007c7c,0x77007777,0x56005656,0x05000505,
-        0x1b001b1b,0xa400a4a4,0x15001515,0x34003434,
-        0x1e001e1e,0x1c001c1c,0xf800f8f8,0x52005252,
-        0x20002020,0x14001414,0xe900e9e9,0xbd00bdbd,
-        0xdd00dddd,0xe400e4e4,0xa100a1a1,0xe000e0e0,
-        0x8a008a8a,0xf100f1f1,0xd600d6d6,0x7a007a7a,
-        0xbb00bbbb,0xe300e3e3,0x40004040,0x4f004f4f,
-        };
-static const u32 camellia_sp4404[256] =
-        {
-        0x70700070,0x2c2c002c,0xb3b300b3,0xc0c000c0,
-        0xe4e400e4,0x57570057,0xeaea00ea,0xaeae00ae,
-        0x23230023,0x6b6b006b,0x45450045,0xa5a500a5,
-        0xeded00ed,0x4f4f004f,0x1d1d001d,0x92920092,
-        0x86860086,0xafaf00af,0x7c7c007c,0x1f1f001f,
-        0x3e3e003e,0xdcdc00dc,0x5e5e005e,0x0b0b000b,
-        0xa6a600a6,0x39390039,0xd5d500d5,0x5d5d005d,
-        0xd9d900d9,0x5a5a005a,0x51510051,0x6c6c006c,
-        0x8b8b008b,0x9a9a009a,0xfbfb00fb,0xb0b000b0,
-        0x74740074,0x2b2b002b,0xf0f000f0,0x84840084,
-        0xdfdf00df,0xcbcb00cb,0x34340034,0x76760076,
-        0x6d6d006d,0xa9a900a9,0xd1d100d1,0x04040004,
-        0x14140014,0x3a3a003a,0xdede00de,0x11110011,
-        0x32320032,0x9c9c009c,0x53530053,0xf2f200f2,
-        0xfefe00fe,0xcfcf00cf,0xc3c300c3,0x7a7a007a,
-        0x24240024,0xe8e800e8,0x60600060,0x69690069,
-        0xaaaa00aa,0xa0a000a0,0xa1a100a1,0x62620062,
-        0x54540054,0x1e1e001e,0xe0e000e0,0x64640064,
-        0x10100010,0x00000000,0xa3a300a3,0x75750075,
-        0x8a8a008a,0xe6e600e6,0x09090009,0xdddd00dd,
-        0x87870087,0x83830083,0xcdcd00cd,0x90900090,
-        0x73730073,0xf6f600f6,0x9d9d009d,0xbfbf00bf,
-        0x52520052,0xd8d800d8,0xc8c800c8,0xc6c600c6,
-        0x81810081,0x6f6f006f,0x13130013,0x63630063,
-        0xe9e900e9,0xa7a700a7,0x9f9f009f,0xbcbc00bc,
-        0x29290029,0xf9f900f9,0x2f2f002f,0xb4b400b4,
-        0x78780078,0x06060006,0xe7e700e7,0x71710071,
-        0xd4d400d4,0xabab00ab,0x88880088,0x8d8d008d,
-        0x72720072,0xb9b900b9,0xf8f800f8,0xacac00ac,
-        0x36360036,0x2a2a002a,0x3c3c003c,0xf1f100f1,
-        0x40400040,0xd3d300d3,0xbbbb00bb,0x43430043,
-        0x15150015,0xadad00ad,0x77770077,0x80800080,
-        0x82820082,0xecec00ec,0x27270027,0xe5e500e5,
-        0x85850085,0x35350035,0x0c0c000c,0x41410041,
-        0xefef00ef,0x93930093,0x19190019,0x21210021,
-        0x0e0e000e,0x4e4e004e,0x65650065,0xbdbd00bd,
-        0xb8b800b8,0x8f8f008f,0xebeb00eb,0xcece00ce,
-        0x30300030,0x5f5f005f,0xc5c500c5,0x1a1a001a,
-        0xe1e100e1,0xcaca00ca,0x47470047,0x3d3d003d,
-        0x01010001,0xd6d600d6,0x56560056,0x4d4d004d,
-        0x0d0d000d,0x66660066,0xcccc00cc,0x2d2d002d,
-        0x12120012,0x20200020,0xb1b100b1,0x99990099,
-        0x4c4c004c,0xc2c200c2,0x7e7e007e,0x05050005,
-        0xb7b700b7,0x31310031,0x17170017,0xd7d700d7,
-        0x58580058,0x61610061,0x1b1b001b,0x1c1c001c,
-        0x0f0f000f,0x16160016,0x18180018,0x22220022,
-        0x44440044,0xb2b200b2,0xb5b500b5,0x91910091,
-        0x08080008,0xa8a800a8,0xfcfc00fc,0x50500050,
-        0xd0d000d0,0x7d7d007d,0x89890089,0x97970097,
-        0x5b5b005b,0x95950095,0xffff00ff,0xd2d200d2,
-        0xc4c400c4,0x48480048,0xf7f700f7,0xdbdb00db,
-        0x03030003,0xdada00da,0x3f3f003f,0x94940094,
-        0x5c5c005c,0x02020002,0x4a4a004a,0x33330033,
-        0x67670067,0xf3f300f3,0x7f7f007f,0xe2e200e2,
-        0x9b9b009b,0x26260026,0x37370037,0x3b3b003b,
-        0x96960096,0x4b4b004b,0xbebe00be,0x2e2e002e,
-        0x79790079,0x8c8c008c,0x6e6e006e,0x8e8e008e,
-        0xf5f500f5,0xb6b600b6,0xfdfd00fd,0x59590059,
-        0x98980098,0x6a6a006a,0x46460046,0xbaba00ba,
-        0x25250025,0x42420042,0xa2a200a2,0xfafa00fa,
-        0x07070007,0x55550055,0xeeee00ee,0x0a0a000a,
-        0x49490049,0x68680068,0x38380038,0xa4a400a4,
-        0x28280028,0x7b7b007b,0xc9c900c9,0xc1c100c1,
-        0xe3e300e3,0xf4f400f4,0xc7c700c7,0x9e9e009e,
-        };
-/**
- * Stuff related to the Camellia key schedule
- */
-#define subl(x) subL[(x)]
-#define subr(x) subR[(x)]
-void camellia_setup128(const u8 *key, u32 *subkey)
-        {
-        u32 kll, klr, krl, krr;
-        u32 il, ir, t0, t1, w0, w1;
-        u32 kw4l, kw4r, dw, tl, tr;
-        u32 subL[26];
-        u32 subR[26];
-        /**
-         *  k == kll || klr || krl || krr (|| is concatination)
-         */
-        kll = GETU32(key     );
-        klr = GETU32(key +  4);
-        krl = GETU32(key +  8);
-        krr = GETU32(key + 12);
-        /**
-         * generate KL dependent subkeys
-         */
-        /* kw1 */
-        subl(0) = kll; subr(0) = klr;
-        /* kw2 */
-        subl(1) = krl; subr(1) = krr;
-        /* rotation left shift 15bit */
-        CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
-        /* k3 */
-        subl(4) = kll; subr(4) = klr;
-        /* k4 */
-        subl(5) = krl; subr(5) = krr;
-        /* rotation left shift 15+30bit */
-        CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
-        /* k7 */
-        subl(10) = kll; subr(10) = klr;
-        /* k8 */
-        subl(11) = krl; subr(11) = krr;
-        /* rotation left shift 15+30+15bit */
-        CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
-        /* k10 */
-        subl(13) = krl; subr(13) = krr;
-        /* rotation left shift 15+30+15+17 bit */
-        CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
-        /* kl3 */
-        subl(16) = kll; subr(16) = klr;
-        /* kl4 */
-        subl(17) = krl; subr(17) = krr;
-        /* rotation left shift 15+30+15+17+17 bit */
-        CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
-        /* k13 */
-        subl(18) = kll; subr(18) = klr;
-        /* k14 */
-        subl(19) = krl; subr(19) = krr;
-        /* rotation left shift 15+30+15+17+17+17 bit */
-        CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
-        /* k17 */
-        subl(22) = kll; subr(22) = klr;
-        /* k18 */
-        subl(23) = krl; subr(23) = krr;
-        /* generate KA */
-        kll = subl(0); klr = subr(0);
-        krl = subl(1); krr = subr(1);
-        CAMELLIA_F(kll, klr,
-                CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
-                w0, w1, il, ir, t0, t1);
-        krl ^= w0; krr ^= w1;
-        CAMELLIA_F(krl, krr,
-                CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
-                kll, klr, il, ir, t0, t1);
-        /* current status == (kll, klr, w0, w1) */
-        CAMELLIA_F(kll, klr,
-                CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
-                krl, krr, il, ir, t0, t1);
-        krl ^= w0; krr ^= w1;
-        CAMELLIA_F(krl, krr,
-                CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
-                w0, w1, il, ir, t0, t1);
-        kll ^= w0; klr ^= w1;
-        /* generate KA dependent subkeys */
-        /* k1, k2 */
-        subl(2) = kll; subr(2) = klr;
-        subl(3) = krl; subr(3) = krr;
-        CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
-        /* k5,k6 */
-        subl(6) = kll; subr(6) = klr;
-        subl(7) = krl; subr(7) = krr;
-        CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
-        /* kl1, kl2 */
-        subl(8) = kll; subr(8) = klr;
-        subl(9) = krl; subr(9) = krr;
-        CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
-        /* k9 */
-        subl(12) = kll; subr(12) = klr;
-        CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
-        /* k11, k12 */
-        subl(14) = kll; subr(14) = klr;
-        subl(15) = krl; subr(15) = krr;
-        CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
-        /* k15, k16 */
-        subl(20) = kll; subr(20) = klr;
-        subl(21) = krl; subr(21) = krr;
-        CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
-        /* kw3, kw4 */
-        subl(24) = kll; subr(24) = klr;
-        subl(25) = krl; subr(25) = krr;
-        /* absorb kw2 to other subkeys */
-/* round 2 */
-        subl(3) ^= subl(1); subr(3) ^= subr(1);
-/* round 4 */
-        subl(5) ^= subl(1); subr(5) ^= subr(1);
-/* round 6 */
-        subl(7) ^= subl(1); subr(7) ^= subr(1);
-        subl(1) ^= subr(1) & ~subr(9);
-        dw = subl(1) & subl(9),
-                subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl2) */
-/* round 8 */
-        subl(11) ^= subl(1); subr(11) ^= subr(1);
-/* round 10 */
-        subl(13) ^= subl(1); subr(13) ^= subr(1);
-/* round 12 */
-        subl(15) ^= subl(1); subr(15) ^= subr(1);
-        subl(1) ^= subr(1) & ~subr(17);
-        dw = subl(1) & subl(17),
-                subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl4) */
-/* round 14 */
-        subl(19) ^= subl(1); subr(19) ^= subr(1);
-/* round 16 */
-        subl(21) ^= subl(1); subr(21) ^= subr(1);
-/* round 18 */
-        subl(23) ^= subl(1); subr(23) ^= subr(1);
-/* kw3 */
-        subl(24) ^= subl(1); subr(24) ^= subr(1);
-        /* absorb kw4 to other subkeys */
-        kw4l = subl(25); kw4r = subr(25);
-/* round 17 */
-        subl(22) ^= kw4l; subr(22) ^= kw4r;
-/* round 15 */
-        subl(20) ^= kw4l; subr(20) ^= kw4r;
-/* round 13 */
-        subl(18) ^= kw4l; subr(18) ^= kw4r;
-        kw4l ^= kw4r & ~subr(16);
-        dw = kw4l & subl(16),
-                kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl3) */
-/* round 11 */
-        subl(14) ^= kw4l; subr(14) ^= kw4r;
-/* round 9 */
-        subl(12) ^= kw4l; subr(12) ^= kw4r;
-/* round 7 */
-        subl(10) ^= kw4l; subr(10) ^= kw4r;
-        kw4l ^= kw4r & ~subr(8);
-        dw = kw4l & subl(8),
-                kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl1) */
-/* round 5 */
-        subl(6) ^= kw4l; subr(6) ^= kw4r;
-/* round 3 */
-        subl(4) ^= kw4l; subr(4) ^= kw4r;
-/* round 1 */
-        subl(2) ^= kw4l; subr(2) ^= kw4r;
-/* kw1 */
-        subl(0) ^= kw4l; subr(0) ^= kw4r;
-        /* key XOR is end of F-function */
-        CamelliaSubkeyL(0) = subl(0) ^ subl(2);/* kw1 */
-        CamelliaSubkeyR(0) = subr(0) ^ subr(2);
-        CamelliaSubkeyL(2) = subl(3);       /* round 1 */
-        CamelliaSubkeyR(2) = subr(3);
-        CamelliaSubkeyL(3) = subl(2) ^ subl(4); /* round 2 */
-        CamelliaSubkeyR(3) = subr(2) ^ subr(4);
-        CamelliaSubkeyL(4) = subl(3) ^ subl(5); /* round 3 */
-        CamelliaSubkeyR(4) = subr(3) ^ subr(5);
-        CamelliaSubkeyL(5) = subl(4) ^ subl(6); /* round 4 */
-        CamelliaSubkeyR(5) = subr(4) ^ subr(6);
-        CamelliaSubkeyL(6) = subl(5) ^ subl(7); /* round 5 */
-        CamelliaSubkeyR(6) = subr(5) ^ subr(7);
-        tl = subl(10) ^ (subr(10) & ~subr(8));
-        dw = tl & subl(8),  /* FL(kl1) */
-                tr = subr(10) ^ CAMELLIA_RL1(dw);
-        CamelliaSubkeyL(7) = subl(6) ^ tl; /* round 6 */
-        CamelliaSubkeyR(7) = subr(6) ^ tr;
-        CamelliaSubkeyL(8) = subl(8);       /* FL(kl1) */
-        CamelliaSubkeyR(8) = subr(8);
-        CamelliaSubkeyL(9) = subl(9);       /* FLinv(kl2) */
-        CamelliaSubkeyR(9) = subr(9);
-        tl = subl(7) ^ (subr(7) & ~subr(9));
-        dw = tl & subl(9),  /* FLinv(kl2) */
-                tr = subr(7) ^ CAMELLIA_RL1(dw);
-        CamelliaSubkeyL(10) = tl ^ subl(11); /* round 7 */
-        CamelliaSubkeyR(10) = tr ^ subr(11);
-        CamelliaSubkeyL(11) = subl(10) ^ subl(12); /* round 8 */
-        CamelliaSubkeyR(11) = subr(10) ^ subr(12);
-        CamelliaSubkeyL(12) = subl(11) ^ subl(13); /* round 9 */
-        CamelliaSubkeyR(12) = subr(11) ^ subr(13);
-        CamelliaSubkeyL(13) = subl(12) ^ subl(14); /* round 10 */
-        CamelliaSubkeyR(13) = subr(12) ^ subr(14);
-        CamelliaSubkeyL(14) = subl(13) ^ subl(15); /* round 11 */
-        CamelliaSubkeyR(14) = subr(13) ^ subr(15);
-        tl = subl(18) ^ (subr(18) & ~subr(16));
-        dw = tl & subl(16), /* FL(kl3) */
-                tr = subr(18) ^ CAMELLIA_RL1(dw);
-        CamelliaSubkeyL(15) = subl(14) ^ tl; /* round 12 */
-        CamelliaSubkeyR(15) = subr(14) ^ tr;
-        CamelliaSubkeyL(16) = subl(16);     /* FL(kl3) */
-        CamelliaSubkeyR(16) = subr(16);
-        CamelliaSubkeyL(17) = subl(17);     /* FLinv(kl4) */
-        CamelliaSubkeyR(17) = subr(17);
-        tl = subl(15) ^ (subr(15) & ~subr(17));
-        dw = tl & subl(17), /* FLinv(kl4) */
-                tr = subr(15) ^ CAMELLIA_RL1(dw);
-        CamelliaSubkeyL(18) = tl ^ subl(19); /* round 13 */
-        CamelliaSubkeyR(18) = tr ^ subr(19);
-        CamelliaSubkeyL(19) = subl(18) ^ subl(20); /* round 14 */
-        CamelliaSubkeyR(19) = subr(18) ^ subr(20);
-        CamelliaSubkeyL(20) = subl(19) ^ subl(21); /* round 15 */
-        CamelliaSubkeyR(20) = subr(19) ^ subr(21);
-        CamelliaSubkeyL(21) = subl(20) ^ subl(22); /* round 16 */
-        CamelliaSubkeyR(21) = subr(20) ^ subr(22);
-        CamelliaSubkeyL(22) = subl(21) ^ subl(23); /* round 17 */
-        CamelliaSubkeyR(22) = subr(21) ^ subr(23);
-        CamelliaSubkeyL(23) = subl(22);     /* round 18 */
-        CamelliaSubkeyR(23) = subr(22);
-        CamelliaSubkeyL(24) = subl(24) ^ subl(23); /* kw3 */
-        CamelliaSubkeyR(24) = subr(24) ^ subr(23);
-        /* apply the inverse of the last half of P-function */
-        dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2),
-                dw = CAMELLIA_RL8(dw);/* round 1 */
-        CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw,
-                CamelliaSubkeyL(2) = dw;
-        dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3),
-                dw = CAMELLIA_RL8(dw);/* round 2 */
-        CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw,
-                CamelliaSubkeyL(3) = dw;
-        dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4),
-                dw = CAMELLIA_RL8(dw);/* round 3 */
-        CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw,
-                CamelliaSubkeyL(4) = dw;
-        dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5),
-                dw = CAMELLIA_RL8(dw);/* round 4 */
-        CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw,
-                CamelliaSubkeyL(5) = dw;
-        dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6),
-                dw = CAMELLIA_RL8(dw);/* round 5 */
-        CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw,
-                CamelliaSubkeyL(6) = dw;
-        dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7),
-                dw = CAMELLIA_RL8(dw);/* round 6 */
-        CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw,
-                CamelliaSubkeyL(7) = dw;
-        dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10),
-                dw = CAMELLIA_RL8(dw);/* round 7 */
-        CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw,
-                CamelliaSubkeyL(10) = dw;
-        dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11),
-                dw = CAMELLIA_RL8(dw);/* round 8 */
-        CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw,
-                CamelliaSubkeyL(11) = dw;
-        dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12),
-                dw = CAMELLIA_RL8(dw);/* round 9 */
-        CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw,
-                CamelliaSubkeyL(12) = dw;
-        dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13),
-                dw = CAMELLIA_RL8(dw);/* round 10 */
-        CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw,
-                CamelliaSubkeyL(13) = dw;
-        dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14),
-                dw = CAMELLIA_RL8(dw);/* round 11 */
-        CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw,
-                CamelliaSubkeyL(14) = dw;
-        dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15),
-                dw = CAMELLIA_RL8(dw);/* round 12 */
-        CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw,
-                CamelliaSubkeyL(15) = dw;
-        dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18),
-                dw = CAMELLIA_RL8(dw);/* round 13 */
-        CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw,
-                CamelliaSubkeyL(18) = dw;
-        dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19),
-                dw = CAMELLIA_RL8(dw);/* round 14 */
-        CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw,
-                CamelliaSubkeyL(19) = dw;
-        dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20),
-                dw = CAMELLIA_RL8(dw);/* round 15 */
-        CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw,
-                CamelliaSubkeyL(20) = dw;
-        dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21),
-                dw = CAMELLIA_RL8(dw);/* round 16 */
-        CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw,
-                CamelliaSubkeyL(21) = dw;
-        dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22),
-                dw = CAMELLIA_RL8(dw);/* round 17 */
-        CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw,
-                CamelliaSubkeyL(22) = dw;
-        dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23),
-                dw = CAMELLIA_RL8(dw);/* round 18 */
-        CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw,
-                CamelliaSubkeyL(23) = dw;
-        return;
        }
-void camellia_setup256(const u8 *key, u32 *subkey)
+void Camellia_EncryptBlock_Rounds(int grandRounds, const u8 plaintext[], 
+                const KEY_TABLE_TYPE keyTable, u8 ciphertext[])
        {
-        u32 kll,klr,krl,krr;           /* left half of key */
+        register u32 s0,s1,s2,s3; 
-        u32 krll,krlr,krrl,krrr;       /* right half of key */
+        const u32 *k = keyTable,*kend = keyTable+grandRounds*16; 
-        u32 il, ir, t0, t1, w0, w1;    /* temporary variables */
-        u32 kw4l, kw4r, dw, tl, tr;
+        s0 = GETU32(plaintext)    ^ k[0];
-        u32 subL[34];
+        s1 = GETU32(plaintext+4)  ^ k[1];
-        u32 subR[34];
+        s2 = GETU32(plaintext+8)  ^ k[2];
+        s3 = GETU32(plaintext+12) ^ k[3];
-        /**
+        k += 4;
-         *  key = (kll || klr || krl || krr || krll || krlr || krrl || krrr)
-         *  (|| is concatination)
+        while (1)
-         */
+                {
+                /* Camellia makes 6 Feistel rounds */
-        kll  = GETU32(key     );
+                Camellia_Feistel(s0,s1,s2,s3,k+0);
-        klr  = GETU32(key +  4);
+                Camellia_Feistel(s2,s3,s0,s1,k+2);
-        krl  = GETU32(key +  8);
+                Camellia_Feistel(s0,s1,s2,s3,k+4);
-        krr  = GETU32(key + 12);
+                Camellia_Feistel(s2,s3,s0,s1,k+6);
-        krll = GETU32(key + 16);
+                Camellia_Feistel(s0,s1,s2,s3,k+8);
-        krlr = GETU32(key + 20);
+                Camellia_Feistel(s2,s3,s0,s1,k+10);
-        krrl = GETU32(key + 24);
+                k += 12;
-        krrr = GETU32(key + 28);
+                if (k == kend) break;
-        /* generate KL dependent subkeys */
-        /* kw1 */
+                /* This is the same function as the diffusion function D
-        subl(0) = kll; subr(0) = klr;
+                 * of the accompanying documentation. See section 3.2
-        /* kw2 */
+                 * for properties of the FLlayer function. */
-        subl(1) = krl; subr(1) = krr;
+                s1 ^= LeftRotate(s0 & k[0], 1);
-        CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45);
+                s2 ^= s3 | k[3];
-        /* k9 */
+                s0 ^= s1 | k[1];
-        subl(12) = kll; subr(12) = klr;
+                s3 ^= LeftRotate(s2 & k[2], 1);
-        /* k10 */
+                k += 4;
-        subl(13) = krl; subr(13) = krr;
+                }
-        CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
-        /* kl3 */
+        s2 ^= k[0], s3 ^= k[1], s0 ^= k[2], s1 ^= k[3];
-        subl(16) = kll; subr(16) = klr;
-        /* kl4 */
+        PUTU32(ciphertext,   s2);
-        subl(17) = krl; subr(17) = krr;
+        PUTU32(ciphertext+4, s3);
-        CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
+        PUTU32(ciphertext+8, s0);
-        /* k17 */
+        PUTU32(ciphertext+12,s1);
-        subl(22) = kll; subr(22) = klr;
-        /* k18 */
-        subl(23) = krl; subr(23) = krr;
-        CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
-        /* k23 */
-        subl(30) = kll; subr(30) = klr;
-        /* k24 */
-        subl(31) = krl; subr(31) = krr;
-        /* generate KR dependent subkeys */
-        CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
-        /* k3 */
-        subl(4) = krll; subr(4) = krlr;
-        /* k4 */
-        subl(5) = krrl; subr(5) = krrr;
-        CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
-        /* kl1 */
-        subl(8) = krll; subr(8) = krlr;
-        /* kl2 */
-        subl(9) = krrl; subr(9) = krrr;
-        CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
-        /* k13 */
-        subl(18) = krll; subr(18) = krlr;
-        /* k14 */
-        subl(19) = krrl; subr(19) = krrr;
-        CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
-        /* k19 */
-        subl(26) = krll; subr(26) = krlr;
-        /* k20 */
-        subl(27) = krrl; subr(27) = krrr;
-        CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
-        /* generate KA */
-        kll = subl(0) ^ krll; klr = subr(0) ^ krlr;
-        krl = subl(1) ^ krrl; krr = subr(1) ^ krrr;
-        CAMELLIA_F(kll, klr,
-                CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
-                w0, w1, il, ir, t0, t1);
-        krl ^= w0; krr ^= w1;
-        CAMELLIA_F(krl, krr,
-                CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
-                kll, klr, il, ir, t0, t1);
-        kll ^= krll; klr ^= krlr;
-        CAMELLIA_F(kll, klr,
-                CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
-                krl, krr, il, ir, t0, t1);
-        krl ^= w0 ^ krrl; krr ^= w1 ^ krrr;
-        CAMELLIA_F(krl, krr,
-                CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
-                w0, w1, il, ir, t0, t1);
-        kll ^= w0; klr ^= w1;
-        /* generate KB */
-        krll ^= kll; krlr ^= klr;
-        krrl ^= krl; krrr ^= krr;
-        CAMELLIA_F(krll, krlr,
-                CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R,
-                w0, w1, il, ir, t0, t1);
-        krrl ^= w0; krrr ^= w1;
-        CAMELLIA_F(krrl, krrr,
-                CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R,
-                w0, w1, il, ir, t0, t1);
-        krll ^= w0; krlr ^= w1;
-        /* generate KA dependent subkeys */
-        CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
-        /* k5 */
-        subl(6) = kll; subr(6) = klr;
-        /* k6 */
-        subl(7) = krl; subr(7) = krr;
-        CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
-        /* k11 */
-        subl(14) = kll; subr(14) = klr;
-        /* k12 */
-        subl(15) = krl; subr(15) = krr;
-        /* rotation left shift 32bit */
-        /* kl5 */
-        subl(24) = klr; subr(24) = krl;
-        /* kl6 */
-        subl(25) = krr; subr(25) = kll;
-        /* rotation left shift 49 from k11,k12 -> k21,k22 */
-        CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49);
-        /* k21 */
-        subl(28) = kll; subr(28) = klr;
-        /* k22 */
-        subl(29) = krl; subr(29) = krr;
-        /* generate KB dependent subkeys */
-        /* k1 */
-        subl(2) = krll; subr(2) = krlr;
-        /* k2 */
-        subl(3) = krrl; subr(3) = krrr;
-        CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
-        /* k7 */
-        subl(10) = krll; subr(10) = krlr;
-        /* k8 */
-        subl(11) = krrl; subr(11) = krrr;
-        CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
-        /* k15 */
-        subl(20) = krll; subr(20) = krlr;
-        /* k16 */
-        subl(21) = krrl; subr(21) = krrr;
-        CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);
-        /* kw3 */
-        subl(32) = krll; subr(32) = krlr;
-        /* kw4 */
-        subl(33) = krrl; subr(33) = krrr;
-        /* absorb kw2 to other subkeys */
-/* round 2 */
-        subl(3) ^= subl(1); subr(3) ^= subr(1);
-/* round 4 */
-        subl(5) ^= subl(1); subr(5) ^= subr(1);
-/* round 6 */
-        subl(7) ^= subl(1); subr(7) ^= subr(1);
-        subl(1) ^= subr(1) & ~subr(9);
-        dw = subl(1) & subl(9),
-                subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl2) */
-/* round 8 */
-        subl(11) ^= subl(1); subr(11) ^= subr(1);
-/* round 10 */
-        subl(13) ^= subl(1); subr(13) ^= subr(1);
-/* round 12 */
-        subl(15) ^= subl(1); subr(15) ^= subr(1);
-        subl(1) ^= subr(1) & ~subr(17);
-        dw = subl(1) & subl(17),
-                subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl4) */
-/* round 14 */
-        subl(19) ^= subl(1); subr(19) ^= subr(1);
-/* round 16 */
-        subl(21) ^= subl(1); subr(21) ^= subr(1);
-/* round 18 */
-        subl(23) ^= subl(1); subr(23) ^= subr(1);
-        subl(1) ^= subr(1) & ~subr(25);
-        dw = subl(1) & subl(25),
-                subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl6) */
-/* round 20 */
-        subl(27) ^= subl(1); subr(27) ^= subr(1);
-/* round 22 */
-        subl(29) ^= subl(1); subr(29) ^= subr(1);
-/* round 24 */
-        subl(31) ^= subl(1); subr(31) ^= subr(1);
-/* kw3 */
-        subl(32) ^= subl(1); subr(32) ^= subr(1);
-        /* absorb kw4 to other subkeys */
-        kw4l = subl(33); kw4r = subr(33);
-/* round 23 */
-        subl(30) ^= kw4l; subr(30) ^= kw4r;
-/* round 21 */
-        subl(28) ^= kw4l; subr(28) ^= kw4r;
-/* round 19 */
-        subl(26) ^= kw4l; subr(26) ^= kw4r;
-        kw4l ^= kw4r & ~subr(24);
-        dw = kw4l & subl(24),
-                kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl5) */
-/* round 17 */
-        subl(22) ^= kw4l; subr(22) ^= kw4r;
-/* round 15 */
-        subl(20) ^= kw4l; subr(20) ^= kw4r;
-/* round 13 */
-        subl(18) ^= kw4l; subr(18) ^= kw4r;
-        kw4l ^= kw4r & ~subr(16);
-        dw = kw4l & subl(16),
-                kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl3) */
-/* round 11 */
-        subl(14) ^= kw4l; subr(14) ^= kw4r;
-/* round 9 */
-        subl(12) ^= kw4l; subr(12) ^= kw4r;
-/* round 7 */
-        subl(10) ^= kw4l; subr(10) ^= kw4r;
-        kw4l ^= kw4r & ~subr(8);
-        dw = kw4l & subl(8),
-                kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl1) */
-/* round 5 */
-        subl(6) ^= kw4l; subr(6) ^= kw4r;
-/* round 3 */
-        subl(4) ^= kw4l; subr(4) ^= kw4r;
-/* round 1 */
-        subl(2) ^= kw4l; subr(2) ^= kw4r;
-/* kw1 */
-        subl(0) ^= kw4l; subr(0) ^= kw4r;
-        /* key XOR is end of F-function */
-        CamelliaSubkeyL(0) = subl(0) ^ subl(2);/* kw1 */
-        CamelliaSubkeyR(0) = subr(0) ^ subr(2);
-        CamelliaSubkeyL(2) = subl(3);       /* round 1 */
-        CamelliaSubkeyR(2) = subr(3);
-        CamelliaSubkeyL(3) = subl(2) ^ subl(4); /* round 2 */
-        CamelliaSubkeyR(3) = subr(2) ^ subr(4);
-        CamelliaSubkeyL(4) = subl(3) ^ subl(5); /* round 3 */
-        CamelliaSubkeyR(4) = subr(3) ^ subr(5);
-        CamelliaSubkeyL(5) = subl(4) ^ subl(6); /* round 4 */
-        CamelliaSubkeyR(5) = subr(4) ^ subr(6);
-        CamelliaSubkeyL(6) = subl(5) ^ subl(7); /* round 5 */
-        CamelliaSubkeyR(6) = subr(5) ^ subr(7);
-        tl = subl(10) ^ (subr(10) & ~subr(8));
-        dw = tl & subl(8),  /* FL(kl1) */
-                tr = subr(10) ^ CAMELLIA_RL1(dw);
-        CamelliaSubkeyL(7) = subl(6) ^ tl; /* round 6 */
-        CamelliaSubkeyR(7) = subr(6) ^ tr;
-        CamelliaSubkeyL(8) = subl(8);       /* FL(kl1) */
-        CamelliaSubkeyR(8) = subr(8);
-        CamelliaSubkeyL(9) = subl(9);       /* FLinv(kl2) */
-        CamelliaSubkeyR(9) = subr(9);
-        tl = subl(7) ^ (subr(7) & ~subr(9));
-        dw = tl & subl(9),  /* FLinv(kl2) */
-                tr = subr(7) ^ CAMELLIA_RL1(dw);
-        CamelliaSubkeyL(10) = tl ^ subl(11); /* round 7 */
-        CamelliaSubkeyR(10) = tr ^ subr(11);
-        CamelliaSubkeyL(11) = subl(10) ^ subl(12); /* round 8 */
-        CamelliaSubkeyR(11) = subr(10) ^ subr(12);
-        CamelliaSubkeyL(12) = subl(11) ^ subl(13); /* round 9 */
-        CamelliaSubkeyR(12) = subr(11) ^ subr(13);
-        CamelliaSubkeyL(13) = subl(12) ^ subl(14); /* round 10 */
-        CamelliaSubkeyR(13) = subr(12) ^ subr(14);
-        CamelliaSubkeyL(14) = subl(13) ^ subl(15); /* round 11 */
-        CamelliaSubkeyR(14) = subr(13) ^ subr(15);
-        tl = subl(18) ^ (subr(18) & ~subr(16));
-        dw = tl & subl(16), /* FL(kl3) */
-                tr = subr(18) ^ CAMELLIA_RL1(dw);
-        CamelliaSubkeyL(15) = subl(14) ^ tl; /* round 12 */
-        CamelliaSubkeyR(15) = subr(14) ^ tr;
-        CamelliaSubkeyL(16) = subl(16);     /* FL(kl3) */
-        CamelliaSubkeyR(16) = subr(16);
-        CamelliaSubkeyL(17) = subl(17);     /* FLinv(kl4) */
-        CamelliaSubkeyR(17) = subr(17);
-        tl = subl(15) ^ (subr(15) & ~subr(17));
-        dw = tl & subl(17), /* FLinv(kl4) */
-                tr = subr(15) ^ CAMELLIA_RL1(dw);
-        CamelliaSubkeyL(18) = tl ^ subl(19); /* round 13 */
-        CamelliaSubkeyR(18) = tr ^ subr(19);
-        CamelliaSubkeyL(19) = subl(18) ^ subl(20); /* round 14 */
-        CamelliaSubkeyR(19) = subr(18) ^ subr(20);
-        CamelliaSubkeyL(20) = subl(19) ^ subl(21); /* round 15 */
-        CamelliaSubkeyR(20) = subr(19) ^ subr(21);
-        CamelliaSubkeyL(21) = subl(20) ^ subl(22); /* round 16 */
-        CamelliaSubkeyR(21) = subr(20) ^ subr(22);
-        CamelliaSubkeyL(22) = subl(21) ^ subl(23); /* round 17 */
-        CamelliaSubkeyR(22) = subr(21) ^ subr(23);
-        tl = subl(26) ^ (subr(26)
-                & ~subr(24));
-        dw = tl & subl(24), /* FL(kl5) */
-                tr = subr(26) ^ CAMELLIA_RL1(dw);
-        CamelliaSubkeyL(23) = subl(22) ^ tl; /* round 18 */
-        CamelliaSubkeyR(23) = subr(22) ^ tr;
-        CamelliaSubkeyL(24) = subl(24);     /* FL(kl5) */
-        CamelliaSubkeyR(24) = subr(24);
-        CamelliaSubkeyL(25) = subl(25);     /* FLinv(kl6) */
-        CamelliaSubkeyR(25) = subr(25);
-        tl = subl(23) ^ (subr(23) &
-                ~subr(25));
-        dw = tl & subl(25), /* FLinv(kl6) */
-                tr = subr(23) ^ CAMELLIA_RL1(dw);
-        CamelliaSubkeyL(26) = tl ^ subl(27); /* round 19 */
-        CamelliaSubkeyR(26) = tr ^ subr(27);
-        CamelliaSubkeyL(27) = subl(26) ^ subl(28); /* round 20 */
-        CamelliaSubkeyR(27) = subr(26) ^ subr(28);
-        CamelliaSubkeyL(28) = subl(27) ^ subl(29); /* round 21 */
-        CamelliaSubkeyR(28) = subr(27) ^ subr(29);
-        CamelliaSubkeyL(29) = subl(28) ^ subl(30); /* round 22 */
-        CamelliaSubkeyR(29) = subr(28) ^ subr(30);
-        CamelliaSubkeyL(30) = subl(29) ^ subl(31); /* round 23 */
-        CamelliaSubkeyR(30) = subr(29) ^ subr(31);
-        CamelliaSubkeyL(31) = subl(30);     /* round 24 */
-        CamelliaSubkeyR(31) = subr(30);
-        CamelliaSubkeyL(32) = subl(32) ^ subl(31); /* kw3 */
-        CamelliaSubkeyR(32) = subr(32) ^ subr(31);
-        /* apply the inverse of the last half of P-function */
-        dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2),
-                dw = CAMELLIA_RL8(dw);/* round 1 */
-        CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw,
-                CamelliaSubkeyL(2) = dw;
-        dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3),
-                dw = CAMELLIA_RL8(dw);/* round 2 */
-        CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw,
-                CamelliaSubkeyL(3) = dw;
-        dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4),
-                dw = CAMELLIA_RL8(dw);/* round 3 */
-        CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw,
-                CamelliaSubkeyL(4) = dw;
-        dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5),
-                dw = CAMELLIA_RL8(dw);/* round 4 */
-        CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw,
-                CamelliaSubkeyL(5) = dw;
-        dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6),
-                dw = CAMELLIA_RL8(dw);/* round 5 */
-        CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw,
-                CamelliaSubkeyL(6) = dw;
-        dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7),
-                dw = CAMELLIA_RL8(dw);/* round 6 */
-        CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw,
-                CamelliaSubkeyL(7) = dw;
-        dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10),
-                dw = CAMELLIA_RL8(dw);/* round 7 */
-        CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw,
-                CamelliaSubkeyL(10) = dw;
-        dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11),
-                dw = CAMELLIA_RL8(dw);/* round 8 */
-        CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw,
-                CamelliaSubkeyL(11) = dw;
-        dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12),
-                dw = CAMELLIA_RL8(dw);/* round 9 */
-        CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw,
-                CamelliaSubkeyL(12) = dw;
-        dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13),
-                dw = CAMELLIA_RL8(dw);/* round 10 */
-        CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw,
-                CamelliaSubkeyL(13) = dw;
-        dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14),
-                dw = CAMELLIA_RL8(dw);/* round 11 */
-        CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw,
-                CamelliaSubkeyL(14) = dw;
-        dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15),
-                dw = CAMELLIA_RL8(dw);/* round 12 */
-        CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw,
-                CamelliaSubkeyL(15) = dw;
-        dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18),
-                dw = CAMELLIA_RL8(dw);/* round 13 */
-        CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw,
-                CamelliaSubkeyL(18) = dw;
-        dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19),
-                dw = CAMELLIA_RL8(dw);/* round 14 */
-        CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw,
-                CamelliaSubkeyL(19) = dw;
-        dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20),
-                dw = CAMELLIA_RL8(dw);/* round 15 */
-        CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw,
-                CamelliaSubkeyL(20) = dw;
-        dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21),
-                dw = CAMELLIA_RL8(dw);/* round 16 */
-        CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw,
-                CamelliaSubkeyL(21) = dw;
-        dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22),
-                dw = CAMELLIA_RL8(dw);/* round 17 */
-        CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw,
-                CamelliaSubkeyL(22) = dw;
-        dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23),
-                dw = CAMELLIA_RL8(dw);/* round 18 */
-        CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw,
-                CamelliaSubkeyL(23) = dw;
-        dw = CamelliaSubkeyL(26) ^ CamelliaSubkeyR(26),
-                dw = CAMELLIA_RL8(dw);/* round 19 */
-        CamelliaSubkeyR(26) = CamelliaSubkeyL(26) ^ dw,
-                CamelliaSubkeyL(26) = dw;
-        dw = CamelliaSubkeyL(27) ^ CamelliaSubkeyR(27),
-                dw = CAMELLIA_RL8(dw);/* round 20 */
-        CamelliaSubkeyR(27) = CamelliaSubkeyL(27) ^ dw,
-                CamelliaSubkeyL(27) = dw;
-        dw = CamelliaSubkeyL(28) ^ CamelliaSubkeyR(28),
-                dw = CAMELLIA_RL8(dw);/* round 21 */
-        CamelliaSubkeyR(28) = CamelliaSubkeyL(28) ^ dw,
-                CamelliaSubkeyL(28) = dw;
-        dw = CamelliaSubkeyL(29) ^ CamelliaSubkeyR(29),
-                dw = CAMELLIA_RL8(dw);/* round 22 */
-        CamelliaSubkeyR(29) = CamelliaSubkeyL(29) ^ dw,
-                CamelliaSubkeyL(29) = dw;
-        dw = CamelliaSubkeyL(30) ^ CamelliaSubkeyR(30),
-                dw = CAMELLIA_RL8(dw);/* round 23 */
-        CamelliaSubkeyR(30) = CamelliaSubkeyL(30) ^ dw,
-                CamelliaSubkeyL(30) = dw;
-        dw = CamelliaSubkeyL(31) ^ CamelliaSubkeyR(31),
-                dw = CAMELLIA_RL8(dw);/* round 24 */
-        CamelliaSubkeyR(31) = CamelliaSubkeyL(31) ^ dw,
-                CamelliaSubkeyL(31) = dw;
-    
-        return;
        }
+void Camellia_EncryptBlock(int keyBitLength, const u8 plaintext[], 
-void camellia_setup192(const u8 *key, u32 *subkey)
+                const KEY_TABLE_TYPE keyTable, u8 ciphertext[])
-        {
-        u8 kk[32];
-        u32 krll, krlr, krrl,krrr;
-        memcpy(kk, key, 24);
-        memcpy((u8 *)&krll, key+16,4);
-        memcpy((u8 *)&krlr, key+20,4);
-        krrl = ~krll;
-        krrr = ~krlr;
-        memcpy(kk+24, (u8 *)&krrl, 4);
-        memcpy(kk+28, (u8 *)&krrr, 4);
-        camellia_setup256(kk, subkey);
-        return;
-        }
-/**
- * Stuff related to camellia encryption/decryption
- */
-void camellia_encrypt128(const u32 *subkey, u32 *io)
-        {
-        u32 il, ir, t0, t1;
-        /* pre whitening but absorb kw2*/
-        io[0] ^= CamelliaSubkeyL(0);
-        io[1] ^= CamelliaSubkeyR(0);
-        /* main iteration */
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(2),CamelliaSubkeyR(2),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(3),CamelliaSubkeyR(3),
-                io[0],io[1],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(4),CamelliaSubkeyR(4),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(5),CamelliaSubkeyR(5),
-                io[0],io[1],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(6),CamelliaSubkeyR(6),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(7),CamelliaSubkeyR(7),
-                io[0],io[1],il,ir,t0,t1);
-        CAMELLIA_FLS(io[0],io[1],io[2],io[3],
-                CamelliaSubkeyL(8),CamelliaSubkeyR(8),
-                CamelliaSubkeyL(9),CamelliaSubkeyR(9),
-                t0,t1,il,ir);
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(10),CamelliaSubkeyR(10),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(11),CamelliaSubkeyR(11),
-                io[0],io[1],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(12),CamelliaSubkeyR(12),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(13),CamelliaSubkeyR(13),
-                io[0],io[1],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(14),CamelliaSubkeyR(14),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(15),CamelliaSubkeyR(15),
-                io[0],io[1],il,ir,t0,t1);
-        CAMELLIA_FLS(io[0],io[1],io[2],io[3],
-                CamelliaSubkeyL(16),CamelliaSubkeyR(16),
-                CamelliaSubkeyL(17),CamelliaSubkeyR(17),
-                t0,t1,il,ir);
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(18),CamelliaSubkeyR(18),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(19),CamelliaSubkeyR(19),
-                io[0],io[1],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(20),CamelliaSubkeyR(20),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(21),CamelliaSubkeyR(21),
-                io[0],io[1],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(22),CamelliaSubkeyR(22),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(23),CamelliaSubkeyR(23),
-                io[0],io[1],il,ir,t0,t1);
-        /* post whitening but kw4 */
-        io[2] ^= CamelliaSubkeyL(24);
-        io[3] ^= CamelliaSubkeyR(24);
-        t0 = io[0];
-        t1 = io[1];
-        io[0] = io[2];
-        io[1] = io[3];
-        io[2] = t0;
-        io[3] = t1;
-        return;
-        }
-void camellia_decrypt128(const u32 *subkey, u32 *io)
        {
-        u32 il,ir,t0,t1;               /* temporary valiables */
+        Camellia_EncryptBlock_Rounds(keyBitLength==128?3:4,
+                        plaintext,keyTable,ciphertext);
-        /* pre whitening but absorb kw2*/
-        io[0] ^= CamelliaSubkeyL(24);
-        io[1] ^= CamelliaSubkeyR(24);
-        /* main iteration */
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(23),CamelliaSubkeyR(23),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(22),CamelliaSubkeyR(22),
-                io[0],io[1],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(21),CamelliaSubkeyR(21),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(20),CamelliaSubkeyR(20),
-                io[0],io[1],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(19),CamelliaSubkeyR(19),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(18),CamelliaSubkeyR(18),
-                io[0],io[1],il,ir,t0,t1);
-        CAMELLIA_FLS(io[0],io[1],io[2],io[3],
-                CamelliaSubkeyL(17),CamelliaSubkeyR(17),
-                CamelliaSubkeyL(16),CamelliaSubkeyR(16),
-                t0,t1,il,ir);
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(15),CamelliaSubkeyR(15),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(14),CamelliaSubkeyR(14),
-                io[0],io[1],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(13),CamelliaSubkeyR(13),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(12),CamelliaSubkeyR(12),
-                io[0],io[1],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(11),CamelliaSubkeyR(11),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(10),CamelliaSubkeyR(10),
-                io[0],io[1],il,ir,t0,t1);
-        CAMELLIA_FLS(io[0],io[1],io[2],io[3],
-                CamelliaSubkeyL(9),CamelliaSubkeyR(9),
-                CamelliaSubkeyL(8),CamelliaSubkeyR(8),
-                t0,t1,il,ir);
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(7),CamelliaSubkeyR(7),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(6),CamelliaSubkeyR(6),
-                io[0],io[1],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(5),CamelliaSubkeyR(5),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(4),CamelliaSubkeyR(4),
-                io[0],io[1],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(3),CamelliaSubkeyR(3),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(2),CamelliaSubkeyR(2),
-                io[0],io[1],il,ir,t0,t1);
-        /* post whitening but kw4 */
-        io[2] ^= CamelliaSubkeyL(0);
-        io[3] ^= CamelliaSubkeyR(0);
-        t0 = io[0];
-        t1 = io[1];
-        io[0] = io[2];
-        io[1] = io[3];
-        io[2] = t0;
-        io[3] = t1;
-        return;
        }
-/**
+void Camellia_DecryptBlock_Rounds(int grandRounds, const u8 ciphertext[], 
- * stuff for 192 and 256bit encryption/decryption
+                const KEY_TABLE_TYPE keyTable, u8 plaintext[])
- */
-void camellia_encrypt256(const u32 *subkey, u32 *io)
        {
-        u32 il,ir,t0,t1;           /* temporary valiables */
+        u32 s0,s1,s2,s3; 
+        const u32 *k = keyTable+grandRounds*16,*kend = keyTable+4; 
-        /* pre whitening but absorb kw2*/
-        io[0] ^= CamelliaSubkeyL(0);
+        s0 = GETU32(ciphertext)    ^ k[0];
-        io[1] ^= CamelliaSubkeyR(0);
+        s1 = GETU32(ciphertext+4)  ^ k[1];
+        s2 = GETU32(ciphertext+8)  ^ k[2];
-        /* main iteration */
+        s3 = GETU32(ciphertext+12) ^ k[3];
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(2),CamelliaSubkeyR(2),
+        while (1)
-                io[2],io[3],il,ir,t0,t1);
+                {
-        CAMELLIA_ROUNDSM(io[2],io[3],
+                /* Camellia makes 6 Feistel rounds */
-                CamelliaSubkeyL(3),CamelliaSubkeyR(3),
+                k -= 12;
-                io[0],io[1],il,ir,t0,t1);
+                Camellia_Feistel(s0,s1,s2,s3,k+10);
-        CAMELLIA_ROUNDSM(io[0],io[1],
+                Camellia_Feistel(s2,s3,s0,s1,k+8);
-                CamelliaSubkeyL(4),CamelliaSubkeyR(4),
+                Camellia_Feistel(s0,s1,s2,s3,k+6);
-                io[2],io[3],il,ir,t0,t1);
+                Camellia_Feistel(s2,s3,s0,s1,k+4);
-        CAMELLIA_ROUNDSM(io[2],io[3],
+                Camellia_Feistel(s0,s1,s2,s3,k+2);
-                CamelliaSubkeyL(5),CamelliaSubkeyR(5),
+                Camellia_Feistel(s2,s3,s0,s1,k+0);
-                io[0],io[1],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[0],io[1],
+                if (k == kend) break;
-                CamelliaSubkeyL(6),CamelliaSubkeyR(6),
-                io[2],io[3],il,ir,t0,t1);
+                /* This is the same function as the diffusion function D
-        CAMELLIA_ROUNDSM(io[2],io[3],
+                 * of the accompanying documentation. See section 3.2
-                CamelliaSubkeyL(7),CamelliaSubkeyR(7),
+                 * for properties of the FLlayer function. */
-                io[0],io[1],il,ir,t0,t1);
+                k -= 4;
+                s1 ^= LeftRotate(s0 & k[2], 1);
-        CAMELLIA_FLS(io[0],io[1],io[2],io[3],
+                s2 ^= s3 | k[1];
-                CamelliaSubkeyL(8),CamelliaSubkeyR(8),
+                s0 ^= s1 | k[3];
-                CamelliaSubkeyL(9),CamelliaSubkeyR(9),
+                s3 ^= LeftRotate(s2 & k[0], 1);
-                t0,t1,il,ir);
+                }
-        CAMELLIA_ROUNDSM(io[0],io[1],
+        k -= 4;
-                CamelliaSubkeyL(10),CamelliaSubkeyR(10),
+        s2 ^= k[0], s3 ^= k[1], s0 ^= k[2], s1 ^= k[3];
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
+        PUTU32(plaintext,   s2);
-                CamelliaSubkeyL(11),CamelliaSubkeyR(11),
+        PUTU32(plaintext+4, s3);
-                io[0],io[1],il,ir,t0,t1);
+        PUTU32(plaintext+8, s0);
-        CAMELLIA_ROUNDSM(io[0],io[1],
+        PUTU32(plaintext+12,s1);
-                CamelliaSubkeyL(12),CamelliaSubkeyR(12),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(13),CamelliaSubkeyR(13),
-                io[0],io[1],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(14),CamelliaSubkeyR(14),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(15),CamelliaSubkeyR(15),
-                io[0],io[1],il,ir,t0,t1);
-        CAMELLIA_FLS(io[0],io[1],io[2],io[3],
-                CamelliaSubkeyL(16),CamelliaSubkeyR(16),
-                CamelliaSubkeyL(17),CamelliaSubkeyR(17),
-                t0,t1,il,ir);
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(18),CamelliaSubkeyR(18),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(19),CamelliaSubkeyR(19),
-                io[0],io[1],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(20),CamelliaSubkeyR(20),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(21),CamelliaSubkeyR(21),
-                io[0],io[1],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(22),CamelliaSubkeyR(22),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(23),CamelliaSubkeyR(23),
-                io[0],io[1],il,ir,t0,t1);
-        CAMELLIA_FLS(io[0],io[1],io[2],io[3],
-                CamelliaSubkeyL(24),CamelliaSubkeyR(24),
-                CamelliaSubkeyL(25),CamelliaSubkeyR(25),
-                t0,t1,il,ir);
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(26),CamelliaSubkeyR(26),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(27),CamelliaSubkeyR(27),
-                io[0],io[1],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(28),CamelliaSubkeyR(28),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(29),CamelliaSubkeyR(29),
-                io[0],io[1],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(30),CamelliaSubkeyR(30),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(31),CamelliaSubkeyR(31),
-                io[0],io[1],il,ir,t0,t1);
-        /* post whitening but kw4 */
-        io[2] ^= CamelliaSubkeyL(32);
-        io[3] ^= CamelliaSubkeyR(32);
-        t0 = io[0];
-        t1 = io[1];
-        io[0] = io[2];
-        io[1] = io[3];
-        io[2] = t0;
-        io[3] = t1;
-        return;
        }
+void Camellia_DecryptBlock(int keyBitLength, const u8 plaintext[], 
-void camellia_decrypt256(const u32 *subkey, u32 *io)
+                const KEY_TABLE_TYPE keyTable, u8 ciphertext[])
        {
-        u32 il,ir,t0,t1;           /* temporary valiables */
+        Camellia_DecryptBlock_Rounds(keyBitLength==128?3:4,
+                        plaintext,keyTable,ciphertext);
-        /* pre whitening but absorb kw2*/
-        io[0] ^= CamelliaSubkeyL(32);
-        io[1] ^= CamelliaSubkeyR(32);
-        
-        /* main iteration */
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(31),CamelliaSubkeyR(31),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(30),CamelliaSubkeyR(30),
-                io[0],io[1],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(29),CamelliaSubkeyR(29),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(28),CamelliaSubkeyR(28),
-                io[0],io[1],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(27),CamelliaSubkeyR(27),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(26),CamelliaSubkeyR(26),
-                io[0],io[1],il,ir,t0,t1);
-        CAMELLIA_FLS(io[0],io[1],io[2],io[3],
-                CamelliaSubkeyL(25),CamelliaSubkeyR(25),
-                CamelliaSubkeyL(24),CamelliaSubkeyR(24),
-                t0,t1,il,ir);
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(23),CamelliaSubkeyR(23),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(22),CamelliaSubkeyR(22),
-                io[0],io[1],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(21),CamelliaSubkeyR(21),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(20),CamelliaSubkeyR(20),
-                io[0],io[1],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(19),CamelliaSubkeyR(19),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(18),CamelliaSubkeyR(18),
-                io[0],io[1],il,ir,t0,t1);
-        CAMELLIA_FLS(io[0],io[1],io[2],io[3],
-                CamelliaSubkeyL(17),CamelliaSubkeyR(17),
-                CamelliaSubkeyL(16),CamelliaSubkeyR(16),
-                t0,t1,il,ir);
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(15),CamelliaSubkeyR(15),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(14),CamelliaSubkeyR(14),
-                io[0],io[1],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(13),CamelliaSubkeyR(13),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(12),CamelliaSubkeyR(12),
-                io[0],io[1],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(11),CamelliaSubkeyR(11),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(10),CamelliaSubkeyR(10),
-                io[0],io[1],il,ir,t0,t1);
-        CAMELLIA_FLS(io[0],io[1],io[2],io[3],
-                CamelliaSubkeyL(9),CamelliaSubkeyR(9),
-                CamelliaSubkeyL(8),CamelliaSubkeyR(8),
-                t0,t1,il,ir);
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(7),CamelliaSubkeyR(7),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(6),CamelliaSubkeyR(6),
-                io[0],io[1],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(5),CamelliaSubkeyR(5),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(4),CamelliaSubkeyR(4),
-                io[0],io[1],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[0],io[1],
-                CamelliaSubkeyL(3),CamelliaSubkeyR(3),
-                io[2],io[3],il,ir,t0,t1);
-        CAMELLIA_ROUNDSM(io[2],io[3],
-                CamelliaSubkeyL(2),CamelliaSubkeyR(2),
-                io[0],io[1],il,ir,t0,t1);
-        /* post whitening but kw4 */
-        io[2] ^= CamelliaSubkeyL(0);
-        io[3] ^= CamelliaSubkeyR(0);
-        t0 = io[0];
-        t1 = io[1];
-        io[0] = io[2];
-        io[1] = io[3];
-        io[2] = t0;
-        io[3] = t1;
-        return;
        }
diff --git a/src/lib/libcrypto/camellia/camellia.h b/src/lib/libcrypto/camellia/camellia.h
index b8a8b6e10b..cf0457dd97 100644
--- a/src/lib/libcrypto/camellia/camellia.h
+++ b/src/lib/libcrypto/camellia/camellia.h
@@ -58,6 +58,8 @@
 #error CAMELLIA is disabled.
 #endif
+#include <stddef.h>
 #define CAMELLIA_ENCRYPT        1
 #define CAMELLIA_DECRYPT        0
@@ -74,24 +76,18 @@ extern "C" {
 #define CAMELLIA_TABLE_BYTE_LEN 272
 #define CAMELLIA_TABLE_WORD_LEN (CAMELLIA_TABLE_BYTE_LEN / 4)
- /* to match with WORD */
+typedef unsigned int KEY_TABLE_TYPE[CAMELLIA_TABLE_WORD_LEN]; /* to match with WORD */
-typedef unsigned int KEY_TABLE_TYPE[CAMELLIA_TABLE_WORD_LEN];
 struct camellia_key_st 
        {
-        KEY_TABLE_TYPE rd_key;
+        union   {
-        int bitLength;
+                double d;       /* ensures 64-bit align */
-        void (*enc)(const unsigned int *subkey, unsigned int *io);
+                KEY_TABLE_TYPE rd_key;
-        void (*dec)(const unsigned int *subkey, unsigned int *io);
+                } u;
+        int grand_rounds;
        };
 typedef struct camellia_key_st CAMELLIA_KEY;
-#ifdef OPENSSL_FIPS
-int private_Camellia_set_key(const unsigned char *userKey, const int bits,
-        CAMELLIA_KEY *key);
-#endif
 int Camellia_set_key(const unsigned char *userKey, const int bits,
        CAMELLIA_KEY *key);
@@ -103,25 +99,22 @@ void Camellia_decrypt(const unsigned char *in, unsigned char *out,
 void Camellia_ecb_encrypt(const unsigned char *in, unsigned char *out,
        const CAMELLIA_KEY *key, const int enc);
 void Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out,
-        const unsigned long length, const CAMELLIA_KEY *key,
+        size_t length, const CAMELLIA_KEY *key,
        unsigned char *ivec, const int enc);
 void Camellia_cfb128_encrypt(const unsigned char *in, unsigned char *out,
-        const unsigned long length, const CAMELLIA_KEY *key,
+        size_t length, const CAMELLIA_KEY *key,
        unsigned char *ivec, int *num, const int enc);
 void Camellia_cfb1_encrypt(const unsigned char *in, unsigned char *out,
-        const unsigned long length, const CAMELLIA_KEY *key,
+        size_t length, const CAMELLIA_KEY *key,
        unsigned char *ivec, int *num, const int enc);
 void Camellia_cfb8_encrypt(const unsigned char *in, unsigned char *out,
-        const unsigned long length, const CAMELLIA_KEY *key,
+        size_t length, const CAMELLIA_KEY *key,
        unsigned char *ivec, int *num, const int enc);
-void Camellia_cfbr_encrypt_block(const unsigned char *in,unsigned char *out,
-        const int nbits,const CAMELLIA_KEY *key,
-        unsigned char *ivec,const int enc);
 void Camellia_ofb128_encrypt(const unsigned char *in, unsigned char *out,
-        const unsigned long length, const CAMELLIA_KEY *key,
+        size_t length, const CAMELLIA_KEY *key,
        unsigned char *ivec, int *num);
 void Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out,
-        const unsigned long length, const CAMELLIA_KEY *key,
+        size_t length, const CAMELLIA_KEY *key,
        unsigned char ivec[CAMELLIA_BLOCK_SIZE],
        unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE],
        unsigned int *num);
@@ -131,4 +124,3 @@ void Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out,
 #endif
 #endif /* !HEADER_Camellia_H */
diff --git a/src/lib/libcrypto/camellia/cmll_cbc.c b/src/lib/libcrypto/camellia/cmll_cbc.c
index 4141a7b59b..4c8d455ade 100644
--- a/src/lib/libcrypto/camellia/cmll_cbc.c
+++ b/src/lib/libcrypto/camellia/cmll_cbc.c
@@ -49,225 +49,16 @@
 *
 */
-#ifndef CAMELLIA_DEBUG
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
-#endif
-#include <assert.h>
-#include <stdio.h>
-#include <string.h>
 #include <openssl/camellia.h>
-#include "cmll_locl.h"
+#include <openssl/modes.h>
 void Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out,
-                     const unsigned long length, const CAMELLIA_KEY *key,
+        size_t len, const CAMELLIA_KEY *key,
-                     unsigned char *ivec, const int enc) {
+        unsigned char *ivec, const int enc) 
+        {
-        unsigned long n;
-        unsigned long len = length;
-        const unsigned char *iv = ivec;
-        union { u32 t32[CAMELLIA_BLOCK_SIZE/sizeof(u32)];
-                u8  t8 [CAMELLIA_BLOCK_SIZE]; } tmp;
-        const union { long one; char little; } camellia_endian = {1};
-        assert(in && out && key && ivec);
-        assert((CAMELLIA_ENCRYPT == enc)||(CAMELLIA_DECRYPT == enc));
-        if(((size_t)in|(size_t)out|(size_t)ivec) % sizeof(u32) == 0)
+        if (enc)
-                {
+                CRYPTO_cbc128_encrypt(in,out,len,key,ivec,(block128_f)Camellia_encrypt);
-                if (CAMELLIA_ENCRYPT == enc)
+        else
-                        {
+                CRYPTO_cbc128_decrypt(in,out,len,key,ivec,(block128_f)Camellia_decrypt);
-                        while (len >= CAMELLIA_BLOCK_SIZE)
+        }
-                                {
-                                XOR4WORD2((u32 *)out,
-                                        (u32 *)in, (u32 *)iv);
-                                if (camellia_endian.little)
-                                        SWAP4WORD((u32 *)out);
-                                key->enc(key->rd_key, (u32 *)out);
-                                if (camellia_endian.little)
-                                        SWAP4WORD((u32 *)out);
-                                iv = out;
-                                len -= CAMELLIA_BLOCK_SIZE;
-                                in += CAMELLIA_BLOCK_SIZE;
-                                out += CAMELLIA_BLOCK_SIZE;
-                                }
-                        if (len)
-                                {
-                                for(n=0; n < len; ++n)
-                                        out[n] = in[n] ^ iv[n];
-                                for(n=len; n < CAMELLIA_BLOCK_SIZE; ++n)
-                                        out[n] = iv[n];
-                                if (camellia_endian.little)
-                                        SWAP4WORD((u32 *)out);
-                                key->enc(key->rd_key, (u32 *)out);
-                                if (camellia_endian.little)
-                                        SWAP4WORD((u32 *)out);
-                                iv = out;
-                                }
-                        memcpy(ivec,iv,CAMELLIA_BLOCK_SIZE);
-                        }
-                else if (in != out)
-                        {
-                        while (len >= CAMELLIA_BLOCK_SIZE)
-                                {
-                                memcpy(out,in,CAMELLIA_BLOCK_SIZE);
-                                if (camellia_endian.little)
-                                        SWAP4WORD((u32 *)out);
-                                key->dec(key->rd_key,(u32 *)out);
-                                if (camellia_endian.little)
-                                        SWAP4WORD((u32 *)out);
-                                XOR4WORD((u32 *)out, (u32 *)iv);
-                                iv = in;
-                                len -= CAMELLIA_BLOCK_SIZE;
-                                in  += CAMELLIA_BLOCK_SIZE;
-                                out += CAMELLIA_BLOCK_SIZE;
-                                }
-                        if (len)
-                                {
-                                memcpy(tmp.t8, in, CAMELLIA_BLOCK_SIZE);
-                                if (camellia_endian.little)
-                                        SWAP4WORD(tmp.t32);
-                                key->dec(key->rd_key, tmp.t32);
-                                if (camellia_endian.little)
-                                        SWAP4WORD(tmp.t32);
-                                for(n=0; n < len; ++n)
-                                        out[n] = tmp.t8[n] ^ iv[n];
-                                iv = in;
-                                }
-                        memcpy(ivec,iv,CAMELLIA_BLOCK_SIZE);
-                        }
-                else /* in == out */
-                        {
-                        while (len >= CAMELLIA_BLOCK_SIZE)
-                                {
-                                memcpy(tmp.t8, in, CAMELLIA_BLOCK_SIZE);
-                                if (camellia_endian.little)
-                                        SWAP4WORD((u32 *)out);
-                                key->dec(key->rd_key, (u32 *)out);
-                                if (camellia_endian.little)
-                                        SWAP4WORD((u32 *)out);
-                                XOR4WORD((u32 *)out, (u32 *)ivec);
-                                memcpy(ivec, tmp.t8, CAMELLIA_BLOCK_SIZE);
-                                len -= CAMELLIA_BLOCK_SIZE;
-                                in += CAMELLIA_BLOCK_SIZE;
-                                out += CAMELLIA_BLOCK_SIZE;
-                                }
-                        if (len)
-                                {
-                                memcpy(tmp.t8, in, CAMELLIA_BLOCK_SIZE);
-                                if (camellia_endian.little)
-                                        SWAP4WORD((u32 *)out);
-                                key->dec(key->rd_key,(u32 *)out);
-                                if (camellia_endian.little)
-                                        SWAP4WORD((u32 *)out);
-                                for(n=0; n < len; ++n)
-                                        out[n] ^= ivec[n];
-                                for(n=len; n < CAMELLIA_BLOCK_SIZE; ++n)
-                                        out[n] = tmp.t8[n];
-                                memcpy(ivec, tmp.t8, CAMELLIA_BLOCK_SIZE);
-                                }
-                        }
-                }
-        else /* no aligned */
-                {
-                if (CAMELLIA_ENCRYPT == enc)
-                        {
-                        while (len >= CAMELLIA_BLOCK_SIZE)
-                                {
-                                for(n=0; n < CAMELLIA_BLOCK_SIZE; ++n)
-                                        tmp.t8[n] = in[n] ^ iv[n];
-                                if (camellia_endian.little)
-                                        SWAP4WORD(tmp.t32);
-                                key->enc(key->rd_key, tmp.t32);
-                                if (camellia_endian.little)
-                                        SWAP4WORD(tmp.t32);
-                                memcpy(out, tmp.t8, CAMELLIA_BLOCK_SIZE);
-                                iv = out;
-                                len -= CAMELLIA_BLOCK_SIZE;
-                                in += CAMELLIA_BLOCK_SIZE;
-                                out += CAMELLIA_BLOCK_SIZE;
-                                }
-                        if (len)
-                                {
-                                for(n=0; n < len; ++n)
-                                        tmp.t8[n] = in[n] ^ iv[n];
-                                for(n=len; n < CAMELLIA_BLOCK_SIZE; ++n)
-                                        tmp.t8[n] = iv[n];
-                                if (camellia_endian.little)
-                                        SWAP4WORD(tmp.t32);
-                                key->enc(key->rd_key, tmp.t32);
-                                if (camellia_endian.little)
-                                        SWAP4WORD(tmp.t32);
-                                memcpy(out, tmp.t8, CAMELLIA_BLOCK_SIZE);
-                                iv = out;
-                                }
-                        memcpy(ivec,iv,CAMELLIA_BLOCK_SIZE);
-                        }
-                else if (in != out)
-                        {
-                        while (len >= CAMELLIA_BLOCK_SIZE)
-                                {
-                                memcpy(tmp.t8,in,CAMELLIA_BLOCK_SIZE);
-                                if (camellia_endian.little)
-                                        SWAP4WORD(tmp.t32);
-                                key->dec(key->rd_key,tmp.t32);
-                                if (camellia_endian.little)
-                                        SWAP4WORD(tmp.t32);
-                                for(n=0; n < CAMELLIA_BLOCK_SIZE; ++n)
-                                        out[n] = tmp.t8[n] ^ iv[n];
-                                iv = in;
-                                len -= CAMELLIA_BLOCK_SIZE;
-                                in  += CAMELLIA_BLOCK_SIZE;
-                                out += CAMELLIA_BLOCK_SIZE;
-                                }
-                        if (len)
-                                {
-                                memcpy(tmp.t8, in, CAMELLIA_BLOCK_SIZE);
-                                if (camellia_endian.little)
-                                        SWAP4WORD(tmp.t32);
-                                key->dec(key->rd_key, tmp.t32);
-                                if (camellia_endian.little)
-                                        SWAP4WORD(tmp.t32);
-                                for(n=0; n < len; ++n)
-                                        out[n] = tmp.t8[n] ^ iv[n];
-                                iv = in;
-                                }
-                        memcpy(ivec,iv,CAMELLIA_BLOCK_SIZE);
-                        }
-                else
-                        {
-                        while (len >= CAMELLIA_BLOCK_SIZE)
-                                {
-                                memcpy(tmp.t8, in, CAMELLIA_BLOCK_SIZE);
-                                if (camellia_endian.little)
-                                        SWAP4WORD(tmp.t32);
-                                key->dec(key->rd_key, tmp.t32);
-                                if (camellia_endian.little)
-                                        SWAP4WORD(tmp.t32);
-                                for(n=0; n < CAMELLIA_BLOCK_SIZE; ++n)
-                                        tmp.t8[n] ^= ivec[n];
-                                memcpy(ivec, in, CAMELLIA_BLOCK_SIZE);
-                                memcpy(out, tmp.t8, CAMELLIA_BLOCK_SIZE);
-                                len -= CAMELLIA_BLOCK_SIZE;
-                                in += CAMELLIA_BLOCK_SIZE;
-                                out += CAMELLIA_BLOCK_SIZE;
-                                }
-                        if (len)
-                                {
-                                memcpy(tmp.t8, in, CAMELLIA_BLOCK_SIZE);
-                                if (camellia_endian.little)
-                                        SWAP4WORD(tmp.t32);
-                                key->dec(key->rd_key,tmp.t32);
-                                if (camellia_endian.little)
-                                        SWAP4WORD(tmp.t32);
-                                for(n=0; n < len; ++n)
-                                        tmp.t8[n] ^= ivec[n];
-                                memcpy(ivec, in, CAMELLIA_BLOCK_SIZE);
-                                memcpy(out,tmp.t8,len);
-                                }
-                        }
-                }
-}
diff --git a/src/lib/libcrypto/camellia/cmll_cfb.c b/src/lib/libcrypto/camellia/cmll_cfb.c
index af0f9f49ad..3d81b51d3f 100644
--- a/src/lib/libcrypto/camellia/cmll_cfb.c
+++ b/src/lib/libcrypto/camellia/cmll_cfb.c
@@ -105,17 +105,8 @@
 * [including the GNU Public Licence.]
 */
-#ifndef CAMELLIA_DEBUG
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
-#endif
-#include <assert.h>
-#include <string.h>
 #include <openssl/camellia.h>
-#include "cmll_locl.h"
+#include <openssl/modes.h>
-#include "e_os.h"
 /* The input and output encrypted as though 128bit cfb mode is being
@@ -124,112 +115,25 @@
 */
 void Camellia_cfb128_encrypt(const unsigned char *in, unsigned char *out,
-        const unsigned long length, const CAMELLIA_KEY *key,
+        size_t length, const CAMELLIA_KEY *key,
        unsigned char *ivec, int *num, const int enc)
        {
-        unsigned int n;
+        CRYPTO_cfb128_encrypt(in,out,length,key,ivec,num,enc,(block128_f)Camellia_encrypt);
-        unsigned long l = length;
-        unsigned char c;
-        assert(in && out && key && ivec && num);
-        n = *num;
-        if (enc) 
-                {
-                while (l--) 
-                        {
-                        if (n == 0) 
-                                {
-                                Camellia_encrypt(ivec, ivec, key);
-                                }
-                        ivec[n] = *(out++) = *(in++) ^ ivec[n];
-                        n = (n+1) % CAMELLIA_BLOCK_SIZE;
-                        }
-                } 
-        else 
-                {
-                while (l--) 
-                        {
-                        if (n == 0) 
-                                {
-                                Camellia_encrypt(ivec, ivec, key);
-                                }
-                        c = *(in);
-                        *(out++) = *(in++) ^ ivec[n];
-                        ivec[n] = c;
-                        n = (n+1) % CAMELLIA_BLOCK_SIZE;
-                        }
-                }
-        *num=n;
-        }
-/* This expects a single block of size nbits for both in and out. Note that
-   it corrupts any extra bits in the last byte of out */
-void Camellia_cfbr_encrypt_block(const unsigned char *in,unsigned char *out,
-        const int nbits,const CAMELLIA_KEY *key,
-        unsigned char *ivec,const int enc)
-        {
-        int n,rem,num;
-        unsigned char ovec[CAMELLIA_BLOCK_SIZE*2];
-        if (nbits<=0 || nbits>128) return;
-        /* fill in the first half of the new IV with the current IV */
-        memcpy(ovec,ivec,CAMELLIA_BLOCK_SIZE);
-        /* construct the new IV */
-        Camellia_encrypt(ivec,ivec,key);
-        num = (nbits+7)/8;
-        if (enc)        /* encrypt the input */
-                for(n=0 ; n < num ; ++n)
-                        out[n] = (ovec[CAMELLIA_BLOCK_SIZE+n] = in[n] ^ ivec[n]);
-        else            /* decrypt the input */
-                for(n=0 ; n < num ; ++n)
-                        out[n] = (ovec[CAMELLIA_BLOCK_SIZE+n] = in[n]) ^ ivec[n];
-        /* shift ovec left... */
-        rem = nbits%8;
-        num = nbits/8;
-        if(rem==0)
-                memcpy(ivec,ovec+num,CAMELLIA_BLOCK_SIZE);
-        else
-                for(n=0 ; n < CAMELLIA_BLOCK_SIZE ; ++n)
-                        ivec[n] = ovec[n+num]<<rem | ovec[n+num+1]>>(8-rem);
-        /* it is not necessary to cleanse ovec, since the IV is not secret */
        }
 /* N.B. This expects the input to be packed, MS bit first */
 void Camellia_cfb1_encrypt(const unsigned char *in, unsigned char *out,
-        const unsigned long length, const CAMELLIA_KEY *key,
+        size_t length, const CAMELLIA_KEY *key,
        unsigned char *ivec, int *num, const int enc)
        {
-        unsigned int n;
+        CRYPTO_cfb128_1_encrypt(in,out,length,key,ivec,num,enc,(block128_f)Camellia_encrypt);
-        unsigned char c[1],d[1];
-        assert(in && out && key && ivec && num);
-        assert(*num == 0);
-        memset(out,0,(length+7)/8);
-        for(n=0 ; n < length ; ++n)
-                {
-                c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;
-                Camellia_cfbr_encrypt_block(c,d,1,key,ivec,enc);
-                out[n/8]=(out[n/8]&~(1 << (7-n%8)))|((d[0]&0x80) >> (n%8));
-                }
        }
 void Camellia_cfb8_encrypt(const unsigned char *in, unsigned char *out,
-        const unsigned long length, const CAMELLIA_KEY *key,
+        size_t length, const CAMELLIA_KEY *key,
        unsigned char *ivec, int *num, const int enc)
        {
-        unsigned int n;
+        CRYPTO_cfb128_8_encrypt(in,out,length,key,ivec,num,enc,(block128_f)Camellia_encrypt);
-        assert(in && out && key && ivec && num);
-        assert(*num == 0);
-        for(n=0 ; n < length ; ++n)
-                Camellia_cfbr_encrypt_block(&in[n],&out[n],8,key,ivec,enc);
        }
diff --git a/src/lib/libcrypto/camellia/cmll_ctr.c b/src/lib/libcrypto/camellia/cmll_ctr.c
index cc21b70890..014e621a34 100644
--- a/src/lib/libcrypto/camellia/cmll_ctr.c
+++ b/src/lib/libcrypto/camellia/cmll_ctr.c
@@ -49,95 +49,16 @@
 *
 */
-#ifndef CAMELLIA_DEBUG
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
-#endif
-#include <assert.h>
 #include <openssl/camellia.h>
-#include "cmll_locl.h"
+#include <openssl/modes.h>
-/* NOTE: the IV/counter CTR mode is big-endian.  The rest of the Camellia code
- * is endian-neutral. */
-/* increment counter (128-bit int) by 1 */
-static void Camellia_ctr128_inc(unsigned char *counter) 
-        {
-        unsigned long c;
-        /* Grab bottom dword of counter and increment */
-        c = GETU32(counter + 12);
-        c++;    c &= 0xFFFFFFFF;
-        PUTU32(counter + 12, c);
-        /* if no overflow, we're done */
-        if (c)
-                return;
-        /* Grab 1st dword of counter and increment */
-        c = GETU32(counter +  8);
-        c++;    c &= 0xFFFFFFFF;
-        PUTU32(counter +  8, c);
-        /* if no overflow, we're done */
-        if (c)
-                return;
-        /* Grab 2nd dword of counter and increment */
-        c = GETU32(counter +  4);
-        c++;    c &= 0xFFFFFFFF;
-        PUTU32(counter +  4, c);
-        /* if no overflow, we're done */
-        if (c)
-                return;
-        /* Grab top dword of counter and increment */
-        c = GETU32(counter +  0);
-        c++;    c &= 0xFFFFFFFF;
-        PUTU32(counter +  0, c);
-        }
-/* The input encrypted as though 128bit counter mode is being
- * used.  The extra state information to record how much of the
- * 128bit block we have used is contained in *num, and the
- * encrypted counter is kept in ecount_buf.  Both *num and
- * ecount_buf must be initialised with zeros before the first
- * call to Camellia_ctr128_encrypt().
- *
- * This algorithm assumes that the counter is in the x lower bits
- * of the IV (ivec), and that the application has full control over
- * overflow and the rest of the IV.  This implementation takes NO
- * responsability for checking that the counter doesn't overflow
- * into the rest of the IV when incremented.
- */
 void Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out,
-        const unsigned long length, const CAMELLIA_KEY *key,
+        size_t length, const CAMELLIA_KEY *key,
        unsigned char ivec[CAMELLIA_BLOCK_SIZE],
        unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE],
        unsigned int *num) 
        {
-        unsigned int n;
+        CRYPTO_ctr128_encrypt(in,out,length,key,ivec,ecount_buf,num,(block128_f)Camellia_encrypt);
-        unsigned long l=length;
-        assert(in && out && key && counter && num);
-        assert(*num < CAMELLIA_BLOCK_SIZE);
-        n = *num;
-        while (l--) 
-                {
-                if (n == 0) 
-                        {
-                        Camellia_encrypt(ivec, ecount_buf, key);
-                        Camellia_ctr128_inc(ivec);
-                        }
-                *(out++) = *(in++) ^ ecount_buf[n];
-                n = (n+1) % CAMELLIA_BLOCK_SIZE;
-                }
-        *num=n;
        }
diff --git a/src/lib/libcrypto/camellia/cmll_locl.h b/src/lib/libcrypto/camellia/cmll_locl.h
index 2ac2e95435..4a4d880d16 100644
--- a/src/lib/libcrypto/camellia/cmll_locl.h
+++ b/src/lib/libcrypto/camellia/cmll_locl.h
@@ -68,98 +68,16 @@
 #ifndef HEADER_CAMELLIA_LOCL_H
 #define HEADER_CAMELLIA_LOCL_H
-#include "openssl/e_os2.h"
+typedef unsigned int  u32;
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
 typedef unsigned char u8;
-typedef unsigned int u32;
-#ifdef __cplusplus
-extern "C" {
-#endif
-#if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64))
-# define SWAP(x) ( _lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00 )
-# define GETU32(p) SWAP(*((u32 *)(p)))
-# define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); }
-# define CAMELLIA_SWAP4(x) (x = ( _lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00) )
-#else /* not windows */
-# define GETU32(pt) (((u32)(pt)[0] << 24) \
-        ^ ((u32)(pt)[1] << 16) \
-        ^ ((u32)(pt)[2] <<  8) \
-        ^ ((u32)(pt)[3]))
-# define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); \
-        (ct)[1] = (u8)((st) >> 16); \
-        (ct)[2] = (u8)((st) >>  8); \
-        (ct)[3] = (u8)(st); }
-#if (defined (__GNUC__) && (defined(__x86_64__) || defined(__x86_64)))
-#define CAMELLIA_SWAP4(x) \
-  do{\
-    asm("bswap %1" : "+r" (x));\
-  }while(0)
-#else
-#define CAMELLIA_SWAP4(x) \
-   do{\
-     x = ((u32)x << 16) + ((u32)x >> 16);\
-     x = (((u32)x & 0xff00ff) << 8) + (((u32)x >> 8) & 0xff00ff);\
-   } while(0)
-#endif
-#endif
-#define COPY4WORD(dst, src)      \
-             do                  \
-                     {           \
-                     (dst)[0]=(src)[0];         \
-                     (dst)[1]=(src)[1];         \
-                     (dst)[2]=(src)[2];         \
-                     (dst)[3]=(src)[3];         \
-                     }while(0)
-#define SWAP4WORD(word)                         \
-   do                                           \
-           {                                    \
-           CAMELLIA_SWAP4((word)[0]);                   \
-           CAMELLIA_SWAP4((word)[1]);                   \
-           CAMELLIA_SWAP4((word)[2]);                   \
-           CAMELLIA_SWAP4((word)[3]);                   \
-           }while(0)
-#define XOR4WORD(a, b)/* a = a ^ b */           \
-   do                                           \
-        {                                       \
-        (a)[0]^=(b)[0];                         \
-        (a)[1]^=(b)[1];                         \
-        (a)[2]^=(b)[2];                         \
-        (a)[3]^=(b)[3];                         \
-        }while(0)
-#define XOR4WORD2(a, b, c)/* a = b ^ c */       \
-   do                                           \
-        {                                       \
-        (a)[0]=(b)[0]^(c)[0];                   \
-        (a)[1]=(b)[1]^(c)[1];                           \
-        (a)[2]=(b)[2]^(c)[2];                           \
-        (a)[3]=(b)[3]^(c)[3];                           \
-        }while(0)
-void camellia_setup128(const u8 *key, u32 *subkey);
-void camellia_setup192(const u8 *key, u32 *subkey);
-void camellia_setup256(const u8 *key, u32 *subkey);
-void camellia_encrypt128(const u32 *subkey, u32 *io);
-void camellia_decrypt128(const u32 *subkey, u32 *io);
-void camellia_encrypt256(const u32 *subkey, u32 *io);
-void camellia_decrypt256(const u32 *subkey, u32 *io);
-#ifdef __cplusplus
-}
-#endif
+int Camellia_Ekeygen(int keyBitLength, const u8 *rawKey, KEY_TABLE_TYPE keyTable);
+void Camellia_EncryptBlock_Rounds(int grandRounds, const u8 plaintext[], 
+                const KEY_TABLE_TYPE keyTable, u8 ciphertext[]);
+void Camellia_DecryptBlock_Rounds(int grandRounds, const u8 ciphertext[], 
+                const KEY_TABLE_TYPE keyTable, u8 plaintext[]);
+void Camellia_EncryptBlock(int keyBitLength, const u8 plaintext[], 
+                const KEY_TABLE_TYPE keyTable, u8 ciphertext[]);
+void Camellia_DecryptBlock(int keyBitLength, const u8 ciphertext[], 
+                const KEY_TABLE_TYPE keyTable, u8 plaintext[]);
 #endif /* #ifndef HEADER_CAMELLIA_LOCL_H */
diff --git a/src/lib/libcrypto/camellia/cmll_misc.c b/src/lib/libcrypto/camellia/cmll_misc.c
index 2cd7aba9bb..f44689124b 100644
--- a/src/lib/libcrypto/camellia/cmll_misc.c
+++ b/src/lib/libcrypto/camellia/cmll_misc.c
@@ -52,78 +52,28 @@
 #include <openssl/opensslv.h>
 #include <openssl/camellia.h>
 #include "cmll_locl.h"
-#include <openssl/crypto.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 const char CAMELLIA_version[]="CAMELLIA" OPENSSL_VERSION_PTEXT;
 int Camellia_set_key(const unsigned char *userKey, const int bits,
        CAMELLIA_KEY *key)
-#ifdef OPENSSL_FIPS
        {
-        if (FIPS_mode())
+        if(!userKey || !key)
-                FIPS_BAD_ABORT(CAMELLIA)
-        return private_Camellia_set_key(userKey, bits, key);
-        }
-int private_Camellia_set_key(const unsigned char *userKey, const int bits,
-        CAMELLIA_KEY *key)
-#endif
-        {
-        if (!userKey || !key)
-                {
                return -1;
-                }
+        if(bits != 128 && bits != 192 && bits != 256)
-        
-        switch(bits)
-                {
-        case 128:
-                camellia_setup128(userKey, (unsigned int *)key->rd_key);
-                key->enc = camellia_encrypt128;
-                key->dec = camellia_decrypt128;
-                break;
-        case 192:
-                camellia_setup192(userKey, (unsigned int *)key->rd_key);
-                key->enc = camellia_encrypt256;
-                key->dec = camellia_decrypt256;
-                break;
-        case 256:
-                camellia_setup256(userKey, (unsigned int *)key->rd_key);
-                key->enc = camellia_encrypt256;
-                key->dec = camellia_decrypt256;
-                break;
-        default:
                return -2;
-                }
+        key->grand_rounds = Camellia_Ekeygen(bits , userKey, key->u.rd_key);
-        
-        key->bitLength = bits;
        return 0;
        }
 void Camellia_encrypt(const unsigned char *in, unsigned char *out,
        const CAMELLIA_KEY *key)
        {
-        u32 tmp[CAMELLIA_BLOCK_SIZE/sizeof(u32)];
+        Camellia_EncryptBlock_Rounds(key->grand_rounds, in , key->u.rd_key , out);
-        const union { long one; char little; } camellia_endian = {1};
-        memcpy(tmp, in, CAMELLIA_BLOCK_SIZE);
-        if (camellia_endian.little) SWAP4WORD(tmp);
-        key->enc(key->rd_key, tmp);
-        if (camellia_endian.little) SWAP4WORD(tmp);
-        memcpy(out, tmp, CAMELLIA_BLOCK_SIZE);
        }
 void Camellia_decrypt(const unsigned char *in, unsigned char *out,
        const CAMELLIA_KEY *key)
        {
-        u32 tmp[CAMELLIA_BLOCK_SIZE/sizeof(u32)];
+        Camellia_DecryptBlock_Rounds(key->grand_rounds, in , key->u.rd_key , out);
-        const union { long one; char little; } camellia_endian = {1};
-        memcpy(tmp, in, CAMELLIA_BLOCK_SIZE);
-        if (camellia_endian.little) SWAP4WORD(tmp);
-        key->dec(key->rd_key, tmp);
-        if (camellia_endian.little) SWAP4WORD(tmp);
-        memcpy(out, tmp, CAMELLIA_BLOCK_SIZE);
        }
diff --git a/src/lib/libcrypto/camellia/cmll_ofb.c b/src/lib/libcrypto/camellia/cmll_ofb.c
index d89cf9f3b3..a482befc74 100644
--- a/src/lib/libcrypto/camellia/cmll_ofb.c
+++ b/src/lib/libcrypto/camellia/cmll_ofb.c
@@ -105,37 +105,15 @@
 * [including the GNU Public Licence.]
 */
-#ifndef CAMELLIA_DEBUG
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
-#endif
-#include <assert.h>
 #include <openssl/camellia.h>
-#include "cmll_locl.h"
+#include <openssl/modes.h>
 /* The input and output encrypted as though 128bit ofb mode is being
 * used.  The extra state information to record how much of the
 * 128bit block we have used is contained in *num;
 */
 void Camellia_ofb128_encrypt(const unsigned char *in, unsigned char *out,
-        const unsigned long length, const CAMELLIA_KEY *key,
+        size_t length, const CAMELLIA_KEY *key,
        unsigned char *ivec, int *num) {
+        CRYPTO_ofb128_encrypt(in,out,length,key,ivec,num,(block128_f)Camellia_encrypt);
-        unsigned int n;
-        unsigned long l=length;
-        assert(in && out && key && ivec && num);
-        n = *num;
-        while (l--) {
-                if (n == 0) {
-                        Camellia_encrypt(ivec, ivec, key);
-                }
-                *(out++) = *(in++) ^ ivec[n];
-                n = (n+1) % CAMELLIA_BLOCK_SIZE;
-        }
-        *num=n;
 }
diff --git a/src/lib/libcrypto/cast/asm/cast-586.pl b/src/lib/libcrypto/cast/asm/cast-586.pl
index 6be0bfe572..bf6810d335 100644
--- a/src/lib/libcrypto/cast/asm/cast-586.pl
+++ b/src/lib/libcrypto/cast/asm/cast-586.pl
@@ -3,7 +3,8 @@
 # define for pentium pro friendly version
 $ppro=1;
-push(@INC,"perlasm","../../perlasm");
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
 require "x86asm.pl";
 require "cbc.pl";
diff --git a/src/lib/libcrypto/cast/c_cfb64.c b/src/lib/libcrypto/cast/c_cfb64.c
index 514c005c32..dcec13a201 100644
--- a/src/lib/libcrypto/cast/c_cfb64.c
+++ b/src/lib/libcrypto/cast/c_cfb64.c
@@ -65,7 +65,7 @@
 */
 void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out,
-                        long length, CAST_KEY *schedule, unsigned char *ivec,
+                        long length, const CAST_KEY *schedule, unsigned char *ivec,
                        int *num, int enc)
        {
        register CAST_LONG v0,v1,t;
@@ -119,4 +119,3 @@ void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out,
        v0=v1=ti[0]=ti[1]=t=c=cc=0;
        *num=n;
        }
diff --git a/src/lib/libcrypto/cast/c_ecb.c b/src/lib/libcrypto/cast/c_ecb.c
index f2dc606226..b6a3b1fff9 100644
--- a/src/lib/libcrypto/cast/c_ecb.c
+++ b/src/lib/libcrypto/cast/c_ecb.c
@@ -63,7 +63,7 @@
 const char CAST_version[]="CAST" OPENSSL_VERSION_PTEXT;
 void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out,
-                      CAST_KEY *ks, int enc)
+                      const CAST_KEY *ks, int enc)
        {
        CAST_LONG l,d[2];
@@ -77,4 +77,3 @@ void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out,
        l=d[1]; l2n(l,out);
        l=d[0]=d[1]=0;
        }
diff --git a/src/lib/libcrypto/cast/c_enc.c b/src/lib/libcrypto/cast/c_enc.c
index 0fe2cffecc..357c41ebf0 100644
--- a/src/lib/libcrypto/cast/c_enc.c
+++ b/src/lib/libcrypto/cast/c_enc.c
@@ -59,9 +59,10 @@
 #include <openssl/cast.h>
 #include "cast_lcl.h"
-void CAST_encrypt(CAST_LONG *data, CAST_KEY *key)
+void CAST_encrypt(CAST_LONG *data, const CAST_KEY *key)
        {
-        register CAST_LONG l,r,*k,t;
+        register CAST_LONG l,r,t;
+        const register CAST_LONG *k;
        k= &(key->data[0]);
        l=data[0];
@@ -91,9 +92,10 @@ void CAST_encrypt(CAST_LONG *data, CAST_KEY *key)
        data[0]=r&0xffffffffL;
        }
-void CAST_decrypt(CAST_LONG *data, CAST_KEY *key)
+void CAST_decrypt(CAST_LONG *data, const CAST_KEY *key)
        {
-        register CAST_LONG l,r,*k,t;
+        register CAST_LONG l,r,t;
+        const register CAST_LONG *k;
        k= &(key->data[0]);
        l=data[0];
@@ -124,7 +126,7 @@ void CAST_decrypt(CAST_LONG *data, CAST_KEY *key)
        }
 void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
-             CAST_KEY *ks, unsigned char *iv, int enc)
+             const CAST_KEY *ks, unsigned char *iv, int enc)
        {
        register CAST_LONG tin0,tin1;
        register CAST_LONG tout0,tout1,xor0,xor1;
@@ -204,4 +206,3 @@ void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
        tin0=tin1=tout0=tout1=xor0=xor1=0;
        tin[0]=tin[1]=0;
        }
diff --git a/src/lib/libcrypto/cast/c_ofb64.c b/src/lib/libcrypto/cast/c_ofb64.c
index fd0469a62f..cb3222456c 100644
--- a/src/lib/libcrypto/cast/c_ofb64.c
+++ b/src/lib/libcrypto/cast/c_ofb64.c
@@ -64,7 +64,7 @@
 * 64bit block we have used is contained in *num;
 */
 void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out,
-                        long length, CAST_KEY *schedule, unsigned char *ivec,
+                        long length, const CAST_KEY *schedule, unsigned char *ivec,
                        int *num)
        {
        register CAST_LONG v0,v1,t;
@@ -108,4 +108,3 @@ void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out,
        t=v0=v1=ti[0]=ti[1]=0;
        *num=n;
        }
diff --git a/src/lib/libcrypto/cast/c_skey.c b/src/lib/libcrypto/cast/c_skey.c
index 68e690a60c..76e40005c9 100644
--- a/src/lib/libcrypto/cast/c_skey.c
+++ b/src/lib/libcrypto/cast/c_skey.c
@@ -57,11 +57,6 @@
 */
 #include <openssl/cast.h>
-#include <openssl/crypto.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 #include "cast_lcl.h"
 #include "cast_s.h"
@@ -77,7 +72,7 @@
 #define S6 CAST_S_table6
 #define S7 CAST_S_table7
-FIPS_NON_FIPS_VCIPHER_Init(CAST)
+void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data)
        {
        CAST_LONG x[16];
        CAST_LONG z[16];
diff --git a/src/lib/libcrypto/cast/cast.h b/src/lib/libcrypto/cast/cast.h
index 1faf5806aa..1a264f8143 100644
--- a/src/lib/libcrypto/cast/cast.h
+++ b/src/lib/libcrypto/cast/cast.h
@@ -72,7 +72,7 @@ extern "C" {
 #define CAST_ENCRYPT    1
 #define CAST_DECRYPT    0
-#define CAST_LONG unsigned long
+#define CAST_LONG unsigned int
 #define CAST_BLOCK      8
 #define CAST_KEY_LENGTH 16
@@ -83,21 +83,19 @@ typedef struct cast_key_st
        int short_key;  /* Use reduced rounds for short key */
        } CAST_KEY;
-#ifdef OPENSSL_FIPS 
+ 
-void private_CAST_set_key(CAST_KEY *key, int len, const unsigned char *data);
-#endif
 void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data);
-void CAST_ecb_encrypt(const unsigned char *in,unsigned char *out,CAST_KEY *key,
+void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, const CAST_KEY *key,
                      int enc);
-void CAST_encrypt(CAST_LONG *data,CAST_KEY *key);
+void CAST_encrypt(CAST_LONG *data, const CAST_KEY *key);
-void CAST_decrypt(CAST_LONG *data,CAST_KEY *key);
+void CAST_decrypt(CAST_LONG *data, const CAST_KEY *key);
 void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
-                      CAST_KEY *ks, unsigned char *iv, int enc);
+                      const CAST_KEY *ks, unsigned char *iv, int enc);
 void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out,
-                        long length, CAST_KEY *schedule, unsigned char *ivec,
+                        long length, const CAST_KEY *schedule, unsigned char *ivec,
                        int *num, int enc);
 void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out, 
-                        long length, CAST_KEY *schedule, unsigned char *ivec,
+                        long length, const CAST_KEY *schedule, unsigned char *ivec,
                        int *num);
 #ifdef  __cplusplus
diff --git a/src/lib/libcrypto/cms/cms.h b/src/lib/libcrypto/cms/cms.h
index 25f88745f2..09c45d0412 100644
--- a/src/lib/libcrypto/cms/cms.h
+++ b/src/lib/libcrypto/cms/cms.h
@@ -76,8 +76,9 @@ typedef struct CMS_Receipt_st CMS_Receipt;
 DECLARE_STACK_OF(CMS_SignerInfo)
 DECLARE_STACK_OF(GENERAL_NAMES)
-DECLARE_ASN1_FUNCTIONS_const(CMS_ContentInfo)
+DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
-DECLARE_ASN1_FUNCTIONS_const(CMS_ReceiptRequest)
+DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest)
+DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
 #define CMS_SIGNERINFO_ISSUER_SERIAL    0
 #define CMS_SIGNERINFO_KEYIDENTIFIER    1
@@ -124,9 +125,13 @@ int CMS_set_detached(CMS_ContentInfo *cms, int detached);
 DECLARE_PEM_rw_const(CMS, CMS_ContentInfo)
 #endif
+int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms);
 CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms);
 int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms);
+BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms);
+int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags);
+int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags);
 CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont);
 int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);
@@ -230,6 +235,7 @@ STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms);
 CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms);
 int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl);
+int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl);
 STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms);
 int CMS_SignedData_init(CMS_ContentInfo *cms);
diff --git a/src/lib/libcrypto/cms/cms_asn1.c b/src/lib/libcrypto/cms/cms_asn1.c
index 7664921861..fcba4dcbcc 100644
--- a/src/lib/libcrypto/cms/cms_asn1.c
+++ b/src/lib/libcrypto/cms/cms_asn1.c
@@ -87,7 +87,8 @@ ASN1_NDEF_SEQUENCE(CMS_EncapsulatedContentInfo) = {
 } ASN1_NDEF_SEQUENCE_END(CMS_EncapsulatedContentInfo)
 /* Minor tweak to operation: free up signer key, cert */
-static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                                                        void *exarg)
        {
        if(operation == ASN1_OP_FREE_POST)
                {
@@ -130,8 +131,8 @@ ASN1_NDEF_SEQUENCE(CMS_SignedData) = {
 } ASN1_NDEF_SEQUENCE_END(CMS_SignedData)
 ASN1_SEQUENCE(CMS_OriginatorInfo) = {
-        ASN1_IMP_SET_OF_OPT(CMS_SignedData, certificates, CMS_CertificateChoices, 0),
+        ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, certificates, CMS_CertificateChoices, 0),
-        ASN1_IMP_SET_OF_OPT(CMS_SignedData, crls, CMS_RevocationInfoChoice, 1)
+        ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, crls, CMS_RevocationInfoChoice, 1)
 } ASN1_SEQUENCE_END(CMS_OriginatorInfo)
 ASN1_NDEF_SEQUENCE(CMS_EncryptedContentInfo) = {
@@ -213,7 +214,8 @@ ASN1_SEQUENCE(CMS_OtherRecipientInfo) = {
 } ASN1_SEQUENCE_END(CMS_OtherRecipientInfo)
 /* Free up RecipientInfo additional data */
-static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                                                        void *exarg)
        {
        if(operation == ASN1_OP_FREE_PRE)
                {
@@ -300,10 +302,42 @@ ASN1_ADB(CMS_ContentInfo) = {
        ADB_ENTRY(NID_id_smime_ct_compressedData, ASN1_NDEF_EXP(CMS_ContentInfo, d.compressedData, CMS_CompressedData, 0)),
 } ASN1_ADB_END(CMS_ContentInfo, 0, contentType, 0, &cms_default_tt, NULL);
-ASN1_NDEF_SEQUENCE(CMS_ContentInfo) = {
+/* CMS streaming support */
+static int cms_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                                                        void *exarg)
+        {
+        ASN1_STREAM_ARG *sarg = exarg;
+        CMS_ContentInfo *cms = NULL;
+        if (pval)
+                cms = (CMS_ContentInfo *)*pval;
+        else
+                return 1;
+        switch(operation)
+                {
+                case ASN1_OP_STREAM_PRE:
+                if (CMS_stream(&sarg->boundary, cms) <= 0)
+                        return 0;
+                case ASN1_OP_DETACHED_PRE:
+                sarg->ndef_bio = CMS_dataInit(cms, sarg->out);
+                if (!sarg->ndef_bio)
+                        return 0;
+                break;
+                case ASN1_OP_STREAM_POST:
+                case ASN1_OP_DETACHED_POST:
+                if (CMS_dataFinal(cms, sarg->ndef_bio) <= 0)
+                        return 0;
+                break;
+                }
+        return 1;
+        }
+ASN1_NDEF_SEQUENCE_cb(CMS_ContentInfo, cms_cb) = {
        ASN1_SIMPLE(CMS_ContentInfo, contentType, ASN1_OBJECT),
        ASN1_ADB_OBJECT(CMS_ContentInfo)
-} ASN1_NDEF_SEQUENCE_END(CMS_ContentInfo)
+} ASN1_NDEF_SEQUENCE_END_cb(CMS_ContentInfo, CMS_ContentInfo)
 /* Specials for signed attributes */
diff --git a/src/lib/libcrypto/cms/cms_env.c b/src/lib/libcrypto/cms/cms_env.c
index d499ae85b4..b3237d4b94 100644
--- a/src/lib/libcrypto/cms/cms_env.c
+++ b/src/lib/libcrypto/cms/cms_env.c
@@ -60,6 +60,7 @@
 #include <openssl/rand.h>
 #include <openssl/aes.h>
 #include "cms_lcl.h"
+#include "asn1_locl.h"
 /* CMS EnvelopedData Utilities */
@@ -151,7 +152,7 @@ CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
        CMS_KeyTransRecipientInfo *ktri;
        CMS_EnvelopedData *env;
        EVP_PKEY *pk = NULL;
-        int type;
+        int i, type;
        env = cms_get0_enveloped(cms);
        if (!env)
                goto err;
@@ -200,21 +201,22 @@ CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
        if (!cms_set1_SignerIdentifier(ktri->rid, recip, type))
                goto err;
-        /* Since we have no EVP_PKEY_ASN1_METHOD in OpenSSL 0.9.8,
+        if (pk->ameth && pk->ameth->pkey_ctrl)
-         * hard code algorithm parameters.
-         */
-        if (pk->type == EVP_PKEY_RSA)
-                {
-                X509_ALGOR_set0(ktri->keyEncryptionAlgorithm,
-                                        OBJ_nid2obj(NID_rsaEncryption), 
-                                        V_ASN1_NULL, 0);
-                }
-        else
                {
-                CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
+                i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_ENVELOPE,
+                                                0, ri);
+                if (i == -2)
+                        {
+                        CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
                                CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
-                goto err;
+                        goto err;
+                        }
+                if (i <= 0)
+                        {
+                        CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
+                                CMS_R_CTRL_FAILURE);
+                        goto err;
+                        }
                }
        if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
@@ -301,8 +303,9 @@ static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms,
        {
        CMS_KeyTransRecipientInfo *ktri;
        CMS_EncryptedContentInfo *ec;
+        EVP_PKEY_CTX *pctx = NULL;
        unsigned char *ek = NULL;
-        int eklen;
+        size_t eklen;
        int ret = 0;
@@ -315,7 +318,22 @@ static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms,
        ktri = ri->d.ktri;
        ec = cms->d.envelopedData->encryptedContentInfo;
-        eklen = EVP_PKEY_size(ktri->pkey);
+        pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL);
+        if (!pctx)
+                return 0;
+        if (EVP_PKEY_encrypt_init(pctx) <= 0)
+                goto err;
+        if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT,
+                                EVP_PKEY_CTRL_CMS_ENCRYPT, 0, ri) <= 0)
+                {
+                CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, CMS_R_CTRL_ERROR);
+                goto err;
+                }
+        if (EVP_PKEY_encrypt(pctx, NULL, &eklen, ec->key, ec->keylen) <= 0)
+                goto err;
        ek = OPENSSL_malloc(eklen);
@@ -326,9 +344,7 @@ static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms,
                goto err;
                }
-        eklen = EVP_PKEY_encrypt(ek, ec->key, ec->keylen, ktri->pkey);
+        if (EVP_PKEY_encrypt(pctx, ek, &eklen, ec->key, ec->keylen) <= 0)
-        if (eklen <= 0)
                goto err;
        ASN1_STRING_set0(ktri->encryptedKey, ek, eklen);
@@ -337,6 +353,8 @@ static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms,
        ret = 1;
        err:
+        if (pctx)
+                EVP_PKEY_CTX_free(pctx);
        if (ek)
                OPENSSL_free(ek);
        return ret;
@@ -349,8 +367,9 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
                                                        CMS_RecipientInfo *ri)
        {
        CMS_KeyTransRecipientInfo *ktri = ri->d.ktri;
+        EVP_PKEY_CTX *pctx = NULL;
        unsigned char *ek = NULL;
-        int eklen;
+        size_t eklen;
        int ret = 0;
        if (ktri->pkey == NULL)
@@ -360,7 +379,24 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
                return 0;
                }
-        eklen = EVP_PKEY_size(ktri->pkey);
+        pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL);
+        if (!pctx)
+                return 0;
+        if (EVP_PKEY_decrypt_init(pctx) <= 0)
+                goto err;
+        if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DECRYPT,
+                                EVP_PKEY_CTRL_CMS_DECRYPT, 0, ri) <= 0)
+                {
+                CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CTRL_ERROR);
+                goto err;
+                }
+        if (EVP_PKEY_decrypt(pctx, NULL, &eklen,
+                                ktri->encryptedKey->data,
+                                ktri->encryptedKey->length) <= 0)
+                goto err;
        ek = OPENSSL_malloc(eklen);
@@ -371,10 +407,9 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
                goto err;
                }
-        eklen = EVP_PKEY_decrypt(ek, 
+        if (EVP_PKEY_decrypt(pctx, ek, &eklen,
                                ktri->encryptedKey->data,
-                                ktri->encryptedKey->length, ktri->pkey);
+                                ktri->encryptedKey->length) <= 0)
-        if (eklen <= 0)
                {
                CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CMS_LIB);
                goto err;
@@ -386,6 +421,8 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
        cms->d.envelopedData->encryptedContentInfo->keylen = eklen;
        err:
+        if (pctx)
+                EVP_PKEY_CTX_free(pctx);
        if (!ret && ek)
                OPENSSL_free(ek);
diff --git a/src/lib/libcrypto/cms/cms_err.c b/src/lib/libcrypto/cms/cms_err.c
index 52fa53954f..ff7b0309e5 100644
--- a/src/lib/libcrypto/cms/cms_err.c
+++ b/src/lib/libcrypto/cms/cms_err.c
@@ -1,6 +1,6 @@
 /* crypto/cms/cms_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -133,7 +133,7 @@ static ERR_STRING_DATA CMS_str_functs[]=
 {ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CERT),    "CMS_SIGNERINFO_VERIFY_CERT"},
 {ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT), "CMS_SignerInfo_verify_content"},
 {ERR_FUNC(CMS_F_CMS_SIGN_RECEIPT),      "CMS_sign_receipt"},
-{ERR_FUNC(CMS_F_CMS_STREAM),    "CMS_STREAM"},
+{ERR_FUNC(CMS_F_CMS_STREAM),    "CMS_stream"},
 {ERR_FUNC(CMS_F_CMS_UNCOMPRESS),        "CMS_uncompress"},
 {ERR_FUNC(CMS_F_CMS_VERIFY),    "CMS_verify"},
 {0,NULL}
diff --git a/src/lib/libcrypto/cms/cms_ess.c b/src/lib/libcrypto/cms/cms_ess.c
index ed34ff3228..90c0b82fb5 100644
--- a/src/lib/libcrypto/cms/cms_ess.c
+++ b/src/lib/libcrypto/cms/cms_ess.c
@@ -63,7 +63,7 @@
 DECLARE_ASN1_ITEM(CMS_ReceiptRequest)
 DECLARE_ASN1_ITEM(CMS_Receipt)
-IMPLEMENT_ASN1_FUNCTIONS_const(CMS_ReceiptRequest)
+IMPLEMENT_ASN1_FUNCTIONS(CMS_ReceiptRequest)
 /* ESS services: for now just Signed Receipt related */
@@ -344,7 +344,7 @@ int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms)
        /* Get original receipt request details */
-        if (!CMS_get1_ReceiptRequest(osi, &rr))
+        if (CMS_get1_ReceiptRequest(osi, &rr) <= 0)
                {
                CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_RECEIPT_REQUEST);
                goto err;
@@ -385,7 +385,7 @@ ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si)
        /* Get original receipt request details */
-        if (!CMS_get1_ReceiptRequest(si, &rr))
+        if (CMS_get1_ReceiptRequest(si, &rr) <= 0)
                {
                CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_RECEIPT_REQUEST);
                goto err;
diff --git a/src/lib/libcrypto/cms/cms_io.c b/src/lib/libcrypto/cms/cms_io.c
index 30f5ddfe6d..1cb0264cc5 100644
--- a/src/lib/libcrypto/cms/cms_io.c
+++ b/src/lib/libcrypto/cms/cms_io.c
@@ -58,6 +58,25 @@
 #include "cms.h"
 #include "cms_lcl.h"
+int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms)
+        {
+        ASN1_OCTET_STRING **pos;
+        pos = CMS_get0_content(cms);
+        if (!pos)
+                return 0;
+        if (!*pos)
+                *pos = ASN1_OCTET_STRING_new();
+        if (*pos)
+                {
+                (*pos)->flags |= ASN1_STRING_FLAG_NDEF;
+                (*pos)->flags &= ~ASN1_STRING_FLAG_CONT;
+                *boundary = &(*pos)->data;
+                return 1;
+                }
+        CMSerr(CMS_F_CMS_STREAM, ERR_R_MALLOC_FAILURE);
+        return 0;
+        }
 CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms)
        {
        return ASN1_item_d2i_bio(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms);
@@ -70,52 +89,26 @@ int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms)
 IMPLEMENT_PEM_rw_const(CMS, CMS_ContentInfo, PEM_STRING_CMS, CMS_ContentInfo)
-/* Callback for int_smime_write_ASN1 */
+BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms) 
-static int cms_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
-                                        const ASN1_ITEM *it)
        {
-        CMS_ContentInfo *cms = (CMS_ContentInfo *)val;
+        return BIO_new_NDEF(out, (ASN1_VALUE *)cms,
-        BIO *tmpbio, *cmsbio;
+                                ASN1_ITEM_rptr(CMS_ContentInfo));
-        int r = 0;
+        }
-        if (!(flags & SMIME_DETACHED))
-                {
-                SMIME_crlf_copy(data, out, flags);
-                return 1;
-                }
-        /* Let CMS code prepend any needed BIOs */
-        cmsbio = CMS_dataInit(cms, out);
-        if (!cmsbio)
-                return 0;
-        /* Copy data across, passing through filter BIOs for processing */
-        SMIME_crlf_copy(data, cmsbio, flags);
-        /* Finalize structure */
-        if (CMS_dataFinal(cms, cmsbio) <= 0)
-                goto err;
-        r = 1;
-        err:
-        /* Now remove any digests prepended to the BIO */
-        while (cmsbio != out)
-                {
-                tmpbio = BIO_pop(cmsbio);
-                BIO_free(cmsbio);
-                cmsbio = tmpbio;
-                }
-        return 1;
+/* CMS wrappers round generalised stream and MIME routines */
+int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags)
+        {
+        return i2d_ASN1_bio_stream(out, (ASN1_VALUE *)cms, in, flags,
+                                        ASN1_ITEM_rptr(CMS_ContentInfo));
        }
+int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags)
+        {
+        return PEM_write_bio_ASN1_stream(out, (ASN1_VALUE *) cms, in, flags,
+                                        "CMS",
+                                        ASN1_ITEM_rptr(CMS_ContentInfo));
+        }
 int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags)
        {
@@ -127,9 +120,8 @@ int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags)
        else
                mdalgs = NULL;
-        return int_smime_write_ASN1(bio, (ASN1_VALUE *)cms, data, flags,
+        return SMIME_write_ASN1(bio, (ASN1_VALUE *)cms, data, flags,
                                        ctype_nid, econt_nid, mdalgs,
-                                        cms_output_data,
                                        ASN1_ITEM_rptr(CMS_ContentInfo));       
        }
@@ -138,3 +130,4 @@ CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont)
        return (CMS_ContentInfo *)SMIME_read_ASN1(bio, bcont,
                                        ASN1_ITEM_rptr(CMS_ContentInfo));
        }
diff --git a/src/lib/libcrypto/cms/cms_lcl.h b/src/lib/libcrypto/cms/cms_lcl.h
index 7d60fac67e..c8ecfa724a 100644
--- a/src/lib/libcrypto/cms/cms_lcl.h
+++ b/src/lib/libcrypto/cms/cms_lcl.h
@@ -406,6 +406,7 @@ struct CMS_Receipt_st
        ASN1_OCTET_STRING *originatorSignatureValue;
        };
+DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
 DECLARE_ASN1_ITEM(CMS_SignerInfo)
 DECLARE_ASN1_ITEM(CMS_IssuerAndSerialNumber)
 DECLARE_ASN1_ITEM(CMS_Attributes_Sign)
diff --git a/src/lib/libcrypto/cms/cms_lib.c b/src/lib/libcrypto/cms/cms_lib.c
index 8e6c1d29a5..d00fe0f87b 100644
--- a/src/lib/libcrypto/cms/cms_lib.c
+++ b/src/lib/libcrypto/cms/cms_lib.c
@@ -60,7 +60,8 @@
 #include "cms.h"
 #include "cms_lcl.h"
-IMPLEMENT_ASN1_FUNCTIONS_const(CMS_ContentInfo)
+IMPLEMENT_ASN1_FUNCTIONS(CMS_ContentInfo)
+IMPLEMENT_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
 DECLARE_ASN1_ITEM(CMS_CertificateChoices)
 DECLARE_ASN1_ITEM(CMS_RevocationInfoChoice)
@@ -346,20 +347,10 @@ void cms_DigestAlgorithm_set(X509_ALGOR *alg, const EVP_MD *md)
        {
        int param_type;
-        switch (EVP_MD_type(md))
+        if (md->flags & EVP_MD_FLAG_DIGALGID_ABSENT)
-                {
-                case NID_sha1:
-                case NID_sha224:
-                case NID_sha256:
-                case NID_sha384:
-                case NID_sha512:
                param_type = V_ASN1_UNDEF;
-                break;
+        else
-        
-                default:
                param_type = V_ASN1_NULL;
-                break;
-                }
        X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_type(md)), param_type, NULL);
@@ -415,7 +406,11 @@ int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
                        return 0;
                        }
                BIO_get_md_ctx(chain, &mtmp);
-                if (EVP_MD_CTX_type(mtmp) == nid)
+                if (EVP_MD_CTX_type(mtmp) == nid
+                /* Workaround for broken implementations that use signature
+                 * algorithm  OID instead of digest.
+                 */
+                        || EVP_MD_pkey_type(EVP_MD_CTX_md(mtmp)) == nid)
                        {
                        EVP_MD_CTX_copy_ex(mctx, mtmp);
                        return 1;
@@ -557,6 +552,15 @@ int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl)
        return 1;
        }
+int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl)
+        {
+        int r;
+        r = CMS_add0_crl(cms, crl);
+        if (r > 0)
+                CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL);
+        return r;
+        }
 STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms)
        {
        STACK_OF(X509) *certs = NULL;
diff --git a/src/lib/libcrypto/cms/cms_sd.c b/src/lib/libcrypto/cms/cms_sd.c
index cdac3b870d..e3192b9c57 100644
--- a/src/lib/libcrypto/cms/cms_sd.c
+++ b/src/lib/libcrypto/cms/cms_sd.c
@@ -58,6 +58,7 @@
 #include <openssl/err.h>
 #include <openssl/cms.h>
 #include "cms_lcl.h"
+#include "asn1_locl.h"
 /* CMS SignedData Utilities */
@@ -218,10 +219,9 @@ int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type)
                if (!X509_NAME_set(&sid->d.issuerAndSerialNumber->issuer,
                                        X509_get_issuer_name(cert)))
                        goto merr;
-                ASN1_STRING_free(sid->d.issuerAndSerialNumber->serialNumber);
+                if (!ASN1_STRING_copy(
-                sid->d.issuerAndSerialNumber->serialNumber =
+                        sid->d.issuerAndSerialNumber->serialNumber,
-                                ASN1_STRING_dup(X509_get_serialNumber(cert));
+                                X509_get_serialNumber(cert)))
-                if(!sid->d.issuerAndSerialNumber->serialNumber)
                        goto merr;
                break;
@@ -341,16 +341,22 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
        if (!cms_set1_SignerIdentifier(si->sid, signer, type))
                goto err;
-        /* Since no EVP_PKEY_METHOD in 0.9.8 hard code SHA1 as default */
        if (md == NULL)
-                md = EVP_sha1();
+                {
+                int def_nid;
-        /* OpenSSL 0.9.8 only supports SHA1 with non-RSA keys */
+                if (EVP_PKEY_get_default_digest_nid(pk, &def_nid) <= 0)
+                        goto err;
+                md = EVP_get_digestbynid(def_nid);
+                if (md == NULL)
+                        {
+                        CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_NO_DEFAULT_DIGEST);
+                        goto err;
+                        }
+                }
-        if ((pk->type != EVP_PKEY_RSA) && (EVP_MD_type(md) != NID_sha1))
+        if (!md)
                {
-                CMSerr(CMS_F_CMS_ADD1_SIGNER,
+                CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_NO_DIGEST_SET);
-                                CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
                goto err;
                }
@@ -379,37 +385,21 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
                        }
                }
-        /* Since we have no EVP_PKEY_ASN1_METHOD in OpenSSL 0.9.8,
+        if (pk->ameth && pk->ameth->pkey_ctrl)
-         * hard code algorithm parameters.
-         */
-        switch (pk->type)
                {
+                i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_SIGN,
-                case EVP_PKEY_RSA:
+                                                0, si);
-                X509_ALGOR_set0(si->signatureAlgorithm,
+                if (i == -2)
-                                        OBJ_nid2obj(NID_rsaEncryption),
+                        {
-                                        V_ASN1_NULL, 0);
+                        CMSerr(CMS_F_CMS_ADD1_SIGNER,
-                break;
-                case EVP_PKEY_DSA:
-                X509_ALGOR_set0(si->signatureAlgorithm,
-                                        OBJ_nid2obj(NID_dsaWithSHA1),
-                                        V_ASN1_UNDEF, 0);
-                break;
-                case EVP_PKEY_EC:
-                X509_ALGOR_set0(si->signatureAlgorithm,
-                                        OBJ_nid2obj(NID_ecdsa_with_SHA1),
-                                        V_ASN1_UNDEF, 0);
-                break;
-                default:
-                CMSerr(CMS_F_CMS_ADD1_SIGNER,
                                CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
-                goto err;
+                        goto err;
+                        }
+                if (i <= 0)
+                        {
+                        CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_CTRL_FAILURE);
+                        goto err;
+                        }
                }
        if (!(flags & CMS_NOATTR))
@@ -626,25 +616,6 @@ void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, X509 **signer,
                *psig = si->signatureAlgorithm;
        }
-/* In OpenSSL 0.9.8 we have the link between digest types and public
- * key types so we need to fixup the digest type if the public key
- * type is not appropriate.
- */
-static void cms_fixup_mctx(EVP_MD_CTX *mctx, EVP_PKEY *pkey)
-        {
-        if (EVP_MD_CTX_type(mctx) != NID_sha1)
-                return;
-#ifndef OPENSSL_NO_DSA
-        if (pkey->type == EVP_PKEY_DSA)
-                mctx->digest = EVP_dss1();      
-#endif
-#ifndef OPENSSL_NO_ECDSA
-        if (pkey->type == EVP_PKEY_EC)
-                mctx->digest = EVP_ecdsa();     
-#endif
-        }
 static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
                                        CMS_SignerInfo *si, BIO *chain)
        {
@@ -693,7 +664,6 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
                                        ERR_R_MALLOC_FAILURE);
                        goto err;
                        }
-                cms_fixup_mctx(&mctx, si->pkey);
                if (!EVP_SignFinal(&mctx, sig, &siglen, si->pkey))
                        {
                        CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN,
@@ -731,9 +701,10 @@ int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain)
 int CMS_SignerInfo_sign(CMS_SignerInfo *si)
        {
        EVP_MD_CTX mctx;
+        EVP_PKEY_CTX *pctx;
        unsigned char *abuf = NULL;
        int alen;
-        unsigned int siglen;
+        size_t siglen;
        const EVP_MD *md = NULL;
        md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
@@ -748,40 +719,38 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si)
                        goto err;
                }
-        if (EVP_SignInit_ex(&mctx, md, NULL) <= 0)
+        if (EVP_DigestSignInit(&mctx, &pctx, md, NULL, si->pkey) <= 0)
                goto err;
-#if 0
        if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
                                EVP_PKEY_CTRL_CMS_SIGN, 0, si) <= 0)
                {
                CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR);
                goto err;
                }
-#endif
        alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs,&abuf,
                                ASN1_ITEM_rptr(CMS_Attributes_Sign));
        if(!abuf)
                goto err;
-        if (EVP_SignUpdate(&mctx, abuf, alen) <= 0)
+        if (EVP_DigestSignUpdate(&mctx, abuf, alen) <= 0)
+                goto err;
+        if (EVP_DigestSignFinal(&mctx, NULL, &siglen) <= 0)
                goto err;
-        siglen = EVP_PKEY_size(si->pkey);
        OPENSSL_free(abuf);
        abuf = OPENSSL_malloc(siglen);
        if(!abuf)
                goto err;
-        cms_fixup_mctx(&mctx, si->pkey);
+        if (EVP_DigestSignFinal(&mctx, abuf, &siglen) <= 0)
-        if (EVP_SignFinal(&mctx, abuf, &siglen, si->pkey) <= 0)
                goto err;
-#if 0
        if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
                                EVP_PKEY_CTRL_CMS_SIGN, 1, si) <= 0)
                {
                CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR);
                goto err;
                }
-#endif
        EVP_MD_CTX_cleanup(&mctx);
        ASN1_STRING_set0(si->signature, abuf, siglen);
@@ -799,6 +768,7 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si)
 int CMS_SignerInfo_verify(CMS_SignerInfo *si)
        {
        EVP_MD_CTX mctx;
+        EVP_PKEY_CTX *pctx;
        unsigned char *abuf = NULL;
        int alen, r = -1;
        const EVP_MD *md = NULL;
@@ -813,23 +783,22 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si)
        if (md == NULL)
                return -1;
        EVP_MD_CTX_init(&mctx);
-        if (EVP_VerifyInit_ex(&mctx, md, NULL) <= 0)
+        if (EVP_DigestVerifyInit(&mctx, &pctx, md, NULL, si->pkey) <= 0)
                goto err;
        alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs,&abuf,
                                ASN1_ITEM_rptr(CMS_Attributes_Verify));
        if(!abuf)
                goto err;
-        r = EVP_VerifyUpdate(&mctx, abuf, alen);
+        r = EVP_DigestVerifyUpdate(&mctx, abuf, alen);
        OPENSSL_free(abuf);
        if (r <= 0)
                {
                r = -1;
                goto err;
                }
-        cms_fixup_mctx(&mctx, si->pkey);
+        r = EVP_DigestVerifyFinal(&mctx,
-        r = EVP_VerifyFinal(&mctx,
+                        si->signature->data, si->signature->length);
-                        si->signature->data, si->signature->length, si->pkey);
        if (r <= 0)
                CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_VERIFICATION_FAILURE);
        err:
@@ -922,7 +891,6 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
                }
        else
                {
-                cms_fixup_mctx(&mctx, si->pkey);
                r = EVP_VerifyFinal(&mctx, si->signature->data,
                                        si->signature->length, si->pkey);
                if (r <= 0)
@@ -991,17 +959,19 @@ static int cms_add_cipher_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg)
                return CMS_add_simple_smimecap(sk, nid, arg);
        return 1;
        }
-#if 0
 static int cms_add_digest_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg)
        {
        if (EVP_get_digestbynid(nid))
                return CMS_add_simple_smimecap(sk, nid, arg);
        return 1;
        }
-#endif
 int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap)
        {
        if (!cms_add_cipher_smcap(smcap, NID_aes_256_cbc, -1)
+                || !cms_add_digest_smcap(smcap, NID_id_GostR3411_94, -1)
+                || !cms_add_cipher_smcap(smcap, NID_id_Gost28147_89, -1)
                || !cms_add_cipher_smcap(smcap, NID_aes_192_cbc, -1)
                || !cms_add_cipher_smcap(smcap, NID_aes_128_cbc, -1)
                || !cms_add_cipher_smcap(smcap, NID_des_ede3_cbc, -1)
diff --git a/src/lib/libcrypto/cms/cms_smime.c b/src/lib/libcrypto/cms/cms_smime.c
index f35883aa22..4a799eb897 100644
--- a/src/lib/libcrypto/cms/cms_smime.c
+++ b/src/lib/libcrypto/cms/cms_smime.c
@@ -171,7 +171,7 @@ CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags)
        if (!cms)
                return NULL;
-        if (CMS_final(cms, in, NULL, flags))
+        if ((flags & CMS_STREAM) || CMS_final(cms, in, NULL, flags))
                return cms;
        CMS_ContentInfo_free(cms);
@@ -214,10 +214,7 @@ CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
                return NULL;
        if(!(flags & CMS_DETACHED))
-                {
-                flags &= ~CMS_STREAM;
                CMS_set_detached(cms, 0);
-                }
        if ((flags & CMS_STREAM) || CMS_final(cms, in, NULL, flags))
                return cms;
@@ -269,10 +266,7 @@ CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
                return NULL;
        if(!(flags & CMS_DETACHED))
-                {
-                flags &= ~CMS_STREAM;
                CMS_set_detached(cms, 0);
-                }
        if ((flags & (CMS_STREAM|CMS_PARTIAL))
                || CMS_final(cms, in, NULL, flags))
@@ -456,6 +450,7 @@ int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms,
                        X509_STORE *store, unsigned int flags)
        {
        int r;
+        flags &= ~(CMS_DETACHED|CMS_TEXT);
        r = CMS_verify(rcms, certs, store, NULL, NULL, flags);
        if (r <= 0)
                return r;
@@ -486,10 +481,7 @@ CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
                }
        if(!(flags & CMS_DETACHED))
-                {
-                flags &= ~CMS_STREAM;
                CMS_set_detached(cms, 0);
-                }
        if ((flags & (CMS_STREAM|CMS_PARTIAL))
                || CMS_final(cms, data, NULL, flags))
@@ -517,7 +509,7 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
        BIO *rct_cont = NULL;
        int r = 0;
-        flags &= ~CMS_STREAM;
+        flags &= ~(CMS_STREAM|CMS_TEXT);
        /* Not really detached but avoids content being allocated */
        flags |= CMS_PARTIAL|CMS_BINARY|CMS_DETACHED;
        if (!pkey || !signcert)
@@ -598,10 +590,7 @@ CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *data,
                }
        if(!(flags & CMS_DETACHED))
-                {
-                flags &= ~CMS_STREAM;
                CMS_set_detached(cms, 0);
-                }
        if ((flags & (CMS_STREAM|CMS_PARTIAL))
                || CMS_final(cms, data, NULL, flags))
@@ -781,12 +770,9 @@ CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags)
                return NULL;
        if(!(flags & CMS_DETACHED))
-                {
-                flags &= ~CMS_STREAM;
                CMS_set_detached(cms, 0);
-                }
-        if (CMS_final(cms, in, NULL, flags))
+        if ((flags & CMS_STREAM) || CMS_final(cms, in, NULL, flags))
                return cms;
        CMS_ContentInfo_free(cms);
diff --git a/src/lib/libcrypto/comp/c_zlib.c b/src/lib/libcrypto/comp/c_zlib.c
index eccfd09137..8adf35f3fc 100644
--- a/src/lib/libcrypto/comp/c_zlib.c
+++ b/src/lib/libcrypto/comp/c_zlib.c
@@ -136,15 +136,6 @@ struct zlib_state
 static int zlib_stateful_ex_idx = -1;
-static void zlib_stateful_free_ex_data(void *obj, void *item,
-        CRYPTO_EX_DATA *ad, int ind,long argl, void *argp)
-        {
-        struct zlib_state *state = (struct zlib_state *)item;
-        inflateEnd(&state->istream);
-        deflateEnd(&state->ostream);
-        OPENSSL_free(state);
-        }
 static int zlib_stateful_init(COMP_CTX *ctx)
        {
        int err;
@@ -188,6 +179,12 @@ static int zlib_stateful_init(COMP_CTX *ctx)
 static void zlib_stateful_finish(COMP_CTX *ctx)
        {
+        struct zlib_state *state =
+                (struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data,
+                        zlib_stateful_ex_idx);
+        inflateEnd(&state->istream);
+        deflateEnd(&state->ostream);
+        OPENSSL_free(state);
        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_COMP,ctx,&ctx->ex_data);
        }
@@ -402,7 +399,7 @@ COMP_METHOD *COMP_zlib(void)
                        if (zlib_stateful_ex_idx == -1)
                                zlib_stateful_ex_idx =
                                        CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_COMP,
-                                                0,NULL,NULL,NULL,zlib_stateful_free_ex_data);
+                                                0,NULL,NULL,NULL,NULL);
                        CRYPTO_w_unlock(CRYPTO_LOCK_COMP);
                        if (zlib_stateful_ex_idx == -1)
                                goto err;
@@ -784,6 +781,7 @@ static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr)
        default:
                ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
                break;
                }
        return ret;
diff --git a/src/lib/libcrypto/comp/comp_err.c b/src/lib/libcrypto/comp/comp_err.c
index 187d68b725..661c94c3a4 100644
--- a/src/lib/libcrypto/comp/comp_err.c
+++ b/src/lib/libcrypto/comp/comp_err.c
@@ -1,6 +1,6 @@
 /* crypto/comp/comp_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
diff --git a/src/lib/libcrypto/conf/README b/src/lib/libcrypto/conf/README
index ca58d0240f..96e53b34ed 100644
--- a/src/lib/libcrypto/conf/README
+++ b/src/lib/libcrypto/conf/README
@@ -1,8 +1,3 @@
-WARNING WARNING WARNING!!!
-This stuff is experimental, may change radically or be deleted altogether
-before OpenSSL 0.9.7 release. You have been warned!
 Configuration modules. These are a set of modules which can perform
 various configuration functions.
@@ -13,7 +8,7 @@ The routines read a configuration file set up like this:
 -----
 #default section
-openssl_init=init_section
+openssl_conf=init_section
 [init_section]
@@ -30,29 +25,27 @@ path=/some/path/to/some/dso.so
 other_stuff=other_value
 ----
-When this file is loaded a configuration module with the specified
+When this file is loaded a configuration module with the specified string
-string (module* in the above example) is looked up and its init
+(module* in the above example) is looked up and its init function called as:
-function called as:
 int conf_init_func(CONF_IMODULE *md, CONF *cnf);
-The function can then take whatever action is appropriate, for example
+The function can then take whatever action is appropriate, for example further
-further lookups based on the value. Multiple instances of the same 
+lookups based on the value. Multiple instances of the same config module can be
-config module can be loaded.
+loaded.
-When the application closes down the modules are cleaned up by calling
+When the application closes down the modules are cleaned up by calling an
-an optional finish function:
+optional finish function:
 void conf_finish_func(CONF_IMODULE *md);
 The finish functions are called in reverse order: that is the last module
 loaded is the first one cleaned up.
-If no module exists with a given name then an attempt is made to load
+If no module exists with a given name then an attempt is made to load a DSO
-a DSO with the supplied name. This might mean that "module3" attempts
+with the supplied name. This might mean that "module3" attempts to load a DSO
-to load a DSO called libmodule3.so or module3.dll for example. An explicit
+called libmodule3.so or module3.dll for example. An explicit DSO name can be
-DSO name can be given by including a separate section as in the module4 example
+given by including a separate section as in the module4 example above.
-above.
 The DSO is expected to at least contain an initialization function:
@@ -64,15 +57,17 @@ void OPENSSL_finish(CONF_IMODULE *md);
 Static modules can also be added using,
-int CONF_module_add(char *name, dso_mod_init_func *ifunc, dso_mod_finish_func *ffunc);
+int CONF_module_add(char *name, dso_mod_init_func *ifunc, dso_mod_finish_func
+*ffunc);
-where "name" is the name in the configuration file this function corresponds to.
+where "name" is the name in the configuration file this function corresponds
+to.
-A set of builtin modules (currently only an ASN1 non functional test module) can be 
+A set of builtin modules (currently only an ASN1 non functional test module)
-added by calling OPENSSL_load_builtin_modules(). 
+can be added by calling OPENSSL_load_builtin_modules(). 
-The function OPENSSL_config() is intended as a simple configuration function that
+The function OPENSSL_config() is intended as a simple configuration function
-any application can call to perform various default configuration tasks. It uses the
+that any application can call to perform various default configuration tasks.
-file openssl.cnf in the usual locations.
+It uses the file openssl.cnf in the usual locations.
diff --git a/src/lib/libcrypto/conf/conf.h b/src/lib/libcrypto/conf/conf.h
index 8aa06bc5ec..c2199978a3 100644
--- a/src/lib/libcrypto/conf/conf.h
+++ b/src/lib/libcrypto/conf/conf.h
@@ -79,8 +79,7 @@ typedef struct
        } CONF_VALUE;
 DECLARE_STACK_OF(CONF_VALUE)
-DECLARE_STACK_OF(CONF_MODULE)
+DECLARE_LHASH_OF(CONF_VALUE);
-DECLARE_STACK_OF(CONF_IMODULE)
 struct conf_st;
 struct conf_method_st;
@@ -105,6 +104,9 @@ struct conf_method_st
 typedef struct conf_imodule_st CONF_IMODULE;
 typedef struct conf_module_st CONF_MODULE;
+DECLARE_STACK_OF(CONF_MODULE)
+DECLARE_STACK_OF(CONF_IMODULE)
 /* DSO module function typedefs */
 typedef int conf_init_func(CONF_IMODULE *md, const CONF *cnf);
 typedef void conf_finish_func(CONF_IMODULE *md);
@@ -117,18 +119,23 @@ typedef void conf_finish_func(CONF_IMODULE *md);
 #define CONF_MFLAGS_DEFAULT_SECTION     0x20
 int CONF_set_default_method(CONF_METHOD *meth);
-void CONF_set_nconf(CONF *conf,LHASH *hash);
+void CONF_set_nconf(CONF *conf,LHASH_OF(CONF_VALUE) *hash);
-LHASH *CONF_load(LHASH *conf,const char *file,long *eline);
+LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf,const char *file,
+                                long *eline);
 #ifndef OPENSSL_NO_FP_API
-LHASH *CONF_load_fp(LHASH *conf, FILE *fp,long *eline);
+LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp,
+                                   long *eline);
 #endif
-LHASH *CONF_load_bio(LHASH *conf, BIO *bp,long *eline);
+LHASH_OF(CONF_VALUE) *CONF_load_bio(LHASH_OF(CONF_VALUE) *conf, BIO *bp,long *eline);
-STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,const char *section);
+STACK_OF(CONF_VALUE) *CONF_get_section(LHASH_OF(CONF_VALUE) *conf,
-char *CONF_get_string(LHASH *conf,const char *group,const char *name);
+                                       const char *section);
-long CONF_get_number(LHASH *conf,const char *group,const char *name);
+char *CONF_get_string(LHASH_OF(CONF_VALUE) *conf,const char *group,
-void CONF_free(LHASH *conf);
+                      const char *name);
-int CONF_dump_fp(LHASH *conf, FILE *out);
+long CONF_get_number(LHASH_OF(CONF_VALUE) *conf,const char *group,
-int CONF_dump_bio(LHASH *conf, BIO *out);
+                     const char *name);
+void CONF_free(LHASH_OF(CONF_VALUE) *conf);
+int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out);
+int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out);
 void OPENSSL_config(const char *config_name);
 void OPENSSL_no_config(void);
@@ -140,7 +147,7 @@ struct conf_st
        {
        CONF_METHOD *meth;
        void *meth_data;
-        LHASH *data;
+        LHASH_OF(CONF_VALUE) *data;
        };
 CONF *NCONF_new(CONF_METHOD *meth);
@@ -214,6 +221,7 @@ void ERR_load_CONF_strings(void);
 #define CONF_F_CONF_LOAD_BIO                             102
 #define CONF_F_CONF_LOAD_FP                              103
 #define CONF_F_CONF_MODULES_LOAD                         116
+#define CONF_F_CONF_PARSE_LIST                           119
 #define CONF_F_DEF_LOAD                                  120
 #define CONF_F_DEF_LOAD_BIO                              121
 #define CONF_F_MODULE_INIT                               115
@@ -233,6 +241,7 @@ void ERR_load_CONF_strings(void);
 /* Reason codes. */
 #define CONF_R_ERROR_LOADING_DSO                         110
+#define CONF_R_LIST_CANNOT_BE_NULL                       115
 #define CONF_R_MISSING_CLOSE_SQUARE_BRACKET              100
 #define CONF_R_MISSING_EQUAL_SIGN                        101
 #define CONF_R_MISSING_FINISH_FUNCTION                   111
diff --git a/src/lib/libcrypto/conf/conf_api.c b/src/lib/libcrypto/conf/conf_api.c
index 909d72b4b8..22617e5fa1 100644
--- a/src/lib/libcrypto/conf/conf_api.c
+++ b/src/lib/libcrypto/conf/conf_api.c
@@ -69,16 +69,12 @@
 #include <openssl/conf_api.h>
 #include "e_os.h"
-static void value_free_hash(CONF_VALUE *a, LHASH *conf);
+static void value_free_hash_doall_arg(CONF_VALUE *a,
-static void value_free_stack(CONF_VALUE *a,LHASH *conf);
+                                      LHASH_OF(CONF_VALUE) *conf);
-static IMPLEMENT_LHASH_DOALL_ARG_FN(value_free_hash, CONF_VALUE *, LHASH *)
+static void value_free_stack_doall(CONF_VALUE *a);
-static IMPLEMENT_LHASH_DOALL_ARG_FN(value_free_stack, CONF_VALUE *, LHASH *)
+static IMPLEMENT_LHASH_DOALL_ARG_FN(value_free_hash, CONF_VALUE,
-/* We don't use function pointer casting or wrapper functions - but cast each
+                                    LHASH_OF(CONF_VALUE))
- * callback parameter inside the callback functions. */
+static IMPLEMENT_LHASH_DOALL_FN(value_free_stack, CONF_VALUE)
-/* static unsigned long hash(CONF_VALUE *v); */
-static unsigned long hash(const void *v_void);
-/* static int cmp_conf(CONF_VALUE *a,CONF_VALUE *b); */
-static int cmp_conf(const void *a_void,const void *b_void);
 /* Up until OpenSSL 0.9.5a, this was get_section */
 CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section)
@@ -88,7 +84,7 @@ CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section)
        if ((conf == NULL) || (section == NULL)) return(NULL);
        vv.name=NULL;
        vv.section=(char *)section;
-        v=(CONF_VALUE *)lh_retrieve(conf->data,&vv);
+        v=lh_CONF_VALUE_retrieve(conf->data,&vv);
        return(v);
        }
@@ -118,7 +114,7 @@ int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value)
                return 0;
                }
-        v = (CONF_VALUE *)lh_insert(conf->data, value);
+        v = lh_CONF_VALUE_insert(conf->data, value);
        if (v != NULL)
                {
                (void)sk_CONF_VALUE_delete_ptr(ts,v);
@@ -141,24 +137,24 @@ char *_CONF_get_string(const CONF *conf, const char *section, const char *name)
                        {
                        vv.name=(char *)name;
                        vv.section=(char *)section;
-                        v=(CONF_VALUE *)lh_retrieve(conf->data,&vv);
+                        v=lh_CONF_VALUE_retrieve(conf->data,&vv);
                        if (v != NULL) return(v->value);
                        if (strcmp(section,"ENV") == 0)
                                {
-                                p=Getenv(name);
+                                p=getenv(name);
                                if (p != NULL) return(p);
                                }
                        }
                vv.section="default";
                vv.name=(char *)name;
-                v=(CONF_VALUE *)lh_retrieve(conf->data,&vv);
+                v=lh_CONF_VALUE_retrieve(conf->data,&vv);
                if (v != NULL)
                        return(v->value);
                else
                        return(NULL);
                }
        else
-                return(Getenv(name));
+                return(getenv(name));
        }
 #if 0 /* There's no way to provide error checking with this function, so
@@ -182,6 +178,34 @@ long _CONF_get_number(CONF *conf, char *section, char *name)
        }
 #endif
+static unsigned long conf_value_hash(const CONF_VALUE *v)
+        {
+        return (lh_strhash(v->section)<<2)^lh_strhash(v->name);
+        }
+static IMPLEMENT_LHASH_HASH_FN(conf_value, CONF_VALUE)
+static int conf_value_cmp(const CONF_VALUE *a, const CONF_VALUE *b)
+        {
+        int i;
+        if (a->section != b->section)
+                {
+                i=strcmp(a->section,b->section);
+                if (i) return(i);
+                }
+        if ((a->name != NULL) && (b->name != NULL))
+                {
+                i=strcmp(a->name,b->name);
+                return(i);
+                }
+        else if (a->name == b->name)
+                return(0);
+        else
+                return((a->name == NULL)?-1:1);
+        }
+static IMPLEMENT_LHASH_COMP_FN(conf_value, CONF_VALUE)
 int _CONF_new_data(CONF *conf)
        {
        if (conf == NULL)
@@ -189,7 +213,7 @@ int _CONF_new_data(CONF *conf)
                return 0;
                }
        if (conf->data == NULL)
-                if ((conf->data = lh_new(hash, cmp_conf)) == NULL)
+                if ((conf->data = lh_CONF_VALUE_new()) == NULL)
                        {
                        return 0;
                        }
@@ -200,105 +224,73 @@ void _CONF_free_data(CONF *conf)
        {
        if (conf == NULL || conf->data == NULL) return;
-        conf->data->down_load=0; /* evil thing to make sure the 'OPENSSL_free()'
+        lh_CONF_VALUE_down_load(conf->data)=0; /* evil thing to make
-                                  * works as expected */
+                                  * sure the 'OPENSSL_free()' works as
-        lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(value_free_hash),
+                                  * expected */
-                        conf->data);
+        lh_CONF_VALUE_doall_arg(conf->data,
+                                LHASH_DOALL_ARG_FN(value_free_hash),
+                                LHASH_OF(CONF_VALUE), conf->data);
        /* We now have only 'section' entries in the hash table.
         * Due to problems with */
-        lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(value_free_stack),
+        lh_CONF_VALUE_doall(conf->data, LHASH_DOALL_FN(value_free_stack));
-                        conf->data);
+        lh_CONF_VALUE_free(conf->data);
-        lh_free(conf->data);
        }
-static void value_free_hash(CONF_VALUE *a, LHASH *conf)
+static void value_free_hash_doall_arg(CONF_VALUE *a, LHASH_OF(CONF_VALUE) *conf)
        {
        if (a->name != NULL)
-                {
+                (void)lh_CONF_VALUE_delete(conf,a);
-                a=(CONF_VALUE *)lh_delete(conf,a);
-                }
        }
-static void value_free_stack(CONF_VALUE *a, LHASH *conf)
+static void value_free_stack_doall(CONF_VALUE *a)
        {
        CONF_VALUE *vv;
-        STACK *sk;
+        STACK_OF(CONF_VALUE) *sk;
        int i;
        if (a->name != NULL) return;
-        sk=(STACK *)a->value;
+        sk=(STACK_OF(CONF_VALUE) *)a->value;
-        for (i=sk_num(sk)-1; i>=0; i--)
+        for (i=sk_CONF_VALUE_num(sk)-1; i>=0; i--)
                {
-                vv=(CONF_VALUE *)sk_value(sk,i);
+                vv=sk_CONF_VALUE_value(sk,i);
                OPENSSL_free(vv->value);
                OPENSSL_free(vv->name);
                OPENSSL_free(vv);
                }
-        if (sk != NULL) sk_free(sk);
+        if (sk != NULL) sk_CONF_VALUE_free(sk);
        OPENSSL_free(a->section);
        OPENSSL_free(a);
        }
-/* static unsigned long hash(CONF_VALUE *v) */
-static unsigned long hash(const void *v_void)
-        {
-        CONF_VALUE *v = (CONF_VALUE *)v_void;
-        return((lh_strhash(v->section)<<2)^lh_strhash(v->name));
-        }
-/* static int cmp_conf(CONF_VALUE *a, CONF_VALUE *b) */
-static int cmp_conf(const void *a_void,const  void *b_void)
-        {
-        int i;
-        CONF_VALUE *a = (CONF_VALUE *)a_void;
-        CONF_VALUE *b = (CONF_VALUE *)b_void;
-        if (a->section != b->section)
-                {
-                i=strcmp(a->section,b->section);
-                if (i) return(i);
-                }
-        if ((a->name != NULL) && (b->name != NULL))
-                {
-                i=strcmp(a->name,b->name);
-                return(i);
-                }
-        else if (a->name == b->name)
-                return(0);
-        else
-                return((a->name == NULL)?-1:1);
-        }
 /* Up until OpenSSL 0.9.5a, this was new_section */
 CONF_VALUE *_CONF_new_section(CONF *conf, const char *section)
        {
-        STACK *sk=NULL;
+        STACK_OF(CONF_VALUE) *sk=NULL;
        int ok=0,i;
        CONF_VALUE *v=NULL,*vv;
-        if ((sk=sk_new_null()) == NULL)
+        if ((sk=sk_CONF_VALUE_new_null()) == NULL)
                goto err;
-        if ((v=(CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE))) == NULL)
+        if ((v=OPENSSL_malloc(sizeof(CONF_VALUE))) == NULL)
                goto err;
        i=strlen(section)+1;
-        if ((v->section=(char *)OPENSSL_malloc(i)) == NULL)
+        if ((v->section=OPENSSL_malloc(i)) == NULL)
                goto err;
        memcpy(v->section,section,i);
        v->name=NULL;
        v->value=(char *)sk;
        
-        vv=(CONF_VALUE *)lh_insert(conf->data,v);
+        vv=lh_CONF_VALUE_insert(conf->data,v);
        assert(vv == NULL);
        ok=1;
 err:
        if (!ok)
                {
-                if (sk != NULL) sk_free(sk);
+                if (sk != NULL) sk_CONF_VALUE_free(sk);
                if (v != NULL) OPENSSL_free(v);
                v=NULL;
                }
diff --git a/src/lib/libcrypto/conf/conf_def.c b/src/lib/libcrypto/conf/conf_def.c
index d8bce8732a..0b571b0394 100644
--- a/src/lib/libcrypto/conf/conf_def.c
+++ b/src/lib/libcrypto/conf/conf_def.c
@@ -129,7 +129,7 @@ static CONF *def_create(CONF_METHOD *meth)
        {
        CONF *ret;
-        ret = (CONF *)OPENSSL_malloc(sizeof(CONF) + sizeof(unsigned short *));
+        ret = OPENSSL_malloc(sizeof(CONF) + sizeof(unsigned short *));
        if (ret)
                if (meth->init(ret) == 0)
                        {
@@ -145,7 +145,7 @@ static int def_init_default(CONF *conf)
                return 0;
        conf->meth = &default_method;
-        conf->meth_data = (void *)CONF_type_default;
+        conf->meth_data = CONF_type_default;
        conf->data = NULL;
        return 1;
@@ -722,7 +722,7 @@ static char *scan_dquote(CONF *conf, char *p)
        return(p);
        }
-static void dump_value(CONF_VALUE *a, BIO *out)
+static void dump_value_doall_arg(CONF_VALUE *a, BIO *out)
        {
        if (a->name)
                BIO_printf(out, "[%s] %s=%s\n", a->section, a->name, a->value);
@@ -730,11 +730,12 @@ static void dump_value(CONF_VALUE *a, BIO *out)
                BIO_printf(out, "[[%s]]\n", a->section);
        }
-static IMPLEMENT_LHASH_DOALL_ARG_FN(dump_value, CONF_VALUE *, BIO *)
+static IMPLEMENT_LHASH_DOALL_ARG_FN(dump_value, CONF_VALUE, BIO)
 static int def_dump(const CONF *conf, BIO *out)
        {
-        lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(dump_value), out);
+        lh_CONF_VALUE_doall_arg(conf->data, LHASH_DOALL_ARG_FN(dump_value),
+                                BIO, out);
        return 1;
        }
diff --git a/src/lib/libcrypto/conf/conf_err.c b/src/lib/libcrypto/conf/conf_err.c
index a16a5e0bd4..25bb5dc9aa 100644
--- a/src/lib/libcrypto/conf/conf_err.c
+++ b/src/lib/libcrypto/conf/conf_err.c
@@ -1,6 +1,6 @@
 /* crypto/conf/conf_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -75,6 +75,7 @@ static ERR_STRING_DATA CONF_str_functs[]=
 {ERR_FUNC(CONF_F_CONF_LOAD_BIO),        "CONF_load_bio"},
 {ERR_FUNC(CONF_F_CONF_LOAD_FP), "CONF_load_fp"},
 {ERR_FUNC(CONF_F_CONF_MODULES_LOAD),    "CONF_modules_load"},
+{ERR_FUNC(CONF_F_CONF_PARSE_LIST),      "CONF_parse_list"},
 {ERR_FUNC(CONF_F_DEF_LOAD),     "DEF_LOAD"},
 {ERR_FUNC(CONF_F_DEF_LOAD_BIO), "DEF_LOAD_BIO"},
 {ERR_FUNC(CONF_F_MODULE_INIT),  "MODULE_INIT"},
@@ -97,6 +98,7 @@ static ERR_STRING_DATA CONF_str_functs[]=
 static ERR_STRING_DATA CONF_str_reasons[]=
        {
 {ERR_REASON(CONF_R_ERROR_LOADING_DSO)    ,"error loading dso"},
+{ERR_REASON(CONF_R_LIST_CANNOT_BE_NULL)  ,"list cannot be null"},
 {ERR_REASON(CONF_R_MISSING_CLOSE_SQUARE_BRACKET),"missing close square bracket"},
 {ERR_REASON(CONF_R_MISSING_EQUAL_SIGN)   ,"missing equal sign"},
 {ERR_REASON(CONF_R_MISSING_FINISH_FUNCTION),"missing finish function"},
diff --git a/src/lib/libcrypto/conf/conf_lib.c b/src/lib/libcrypto/conf/conf_lib.c
index 2a3399d269..54046defca 100644
--- a/src/lib/libcrypto/conf/conf_lib.c
+++ b/src/lib/libcrypto/conf/conf_lib.c
@@ -69,7 +69,7 @@ static CONF_METHOD *default_CONF_method=NULL;
 /* Init a 'CONF' structure from an old LHASH */
-void CONF_set_nconf(CONF *conf, LHASH *hash)
+void CONF_set_nconf(CONF *conf, LHASH_OF(CONF_VALUE) *hash)
        {
        if (default_CONF_method == NULL)
                default_CONF_method = NCONF_default();
@@ -87,9 +87,10 @@ int CONF_set_default_method(CONF_METHOD *meth)
        return 1;
        }
-LHASH *CONF_load(LHASH *conf, const char *file, long *eline)
+LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file,
+                                long *eline)
        {
-        LHASH *ltmp;
+        LHASH_OF(CONF_VALUE) *ltmp;
        BIO *in=NULL;
 #ifdef OPENSSL_SYS_VMS
@@ -110,10 +111,11 @@ LHASH *CONF_load(LHASH *conf, const char *file, long *eline)
        }
 #ifndef OPENSSL_NO_FP_API
-LHASH *CONF_load_fp(LHASH *conf, FILE *fp,long *eline)
+LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp,
+                                   long *eline)
        {
        BIO *btmp;
-        LHASH *ltmp;
+        LHASH_OF(CONF_VALUE) *ltmp;
        if(!(btmp = BIO_new_fp(fp, BIO_NOCLOSE))) {
                CONFerr(CONF_F_CONF_LOAD_FP,ERR_R_BUF_LIB);
                return NULL;
@@ -124,7 +126,8 @@ LHASH *CONF_load_fp(LHASH *conf, FILE *fp,long *eline)
        }
 #endif
-LHASH *CONF_load_bio(LHASH *conf, BIO *bp,long *eline)
+LHASH_OF(CONF_VALUE) *CONF_load_bio(LHASH_OF(CONF_VALUE) *conf, BIO *bp,
+                                    long *eline)
        {
        CONF ctmp;
        int ret;
@@ -137,7 +140,8 @@ LHASH *CONF_load_bio(LHASH *conf, BIO *bp,long *eline)
        return NULL;
        }
-STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,const char *section)
+STACK_OF(CONF_VALUE) *CONF_get_section(LHASH_OF(CONF_VALUE) *conf,
+                                       const char *section)
        {
        if (conf == NULL)
                {
@@ -151,7 +155,8 @@ STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,const char *section)
                }
        }
-char *CONF_get_string(LHASH *conf,const char *group,const char *name)
+char *CONF_get_string(LHASH_OF(CONF_VALUE) *conf,const char *group,
+                      const char *name)
        {
        if (conf == NULL)
                {
@@ -165,7 +170,8 @@ char *CONF_get_string(LHASH *conf,const char *group,const char *name)
                }
        }
-long CONF_get_number(LHASH *conf,const char *group,const char *name)
+long CONF_get_number(LHASH_OF(CONF_VALUE) *conf,const char *group,
+                     const char *name)
        {
        int status;
        long result = 0;
@@ -189,7 +195,7 @@ long CONF_get_number(LHASH *conf,const char *group,const char *name)
        return result;
        }
-void CONF_free(LHASH *conf)
+void CONF_free(LHASH_OF(CONF_VALUE) *conf)
        {
        CONF ctmp;
        CONF_set_nconf(&ctmp, conf);
@@ -197,7 +203,7 @@ void CONF_free(LHASH *conf)
        }
 #ifndef OPENSSL_NO_FP_API
-int CONF_dump_fp(LHASH *conf, FILE *out)
+int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out)
        {
        BIO *btmp;
        int ret;
@@ -212,7 +218,7 @@ int CONF_dump_fp(LHASH *conf, FILE *out)
        }
 #endif
-int CONF_dump_bio(LHASH *conf, BIO *out)
+int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out)
        {
        CONF ctmp;
        CONF_set_nconf(&ctmp, conf);
diff --git a/src/lib/libcrypto/conf/conf_mall.c b/src/lib/libcrypto/conf/conf_mall.c
index 1cc1fd5534..c6f4cb2d55 100644
--- a/src/lib/libcrypto/conf/conf_mall.c
+++ b/src/lib/libcrypto/conf/conf_mall.c
@@ -63,7 +63,6 @@
 #include <openssl/dso.h>
 #include <openssl/x509.h>
 #include <openssl/asn1.h>
-#include <openssl/evp.h>
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
 #endif
@@ -77,6 +76,5 @@ void OPENSSL_load_builtin_modules(void)
 #ifndef OPENSSL_NO_ENGINE
        ENGINE_add_conf_module();
 #endif
-        EVP_add_alg_module();
        }
diff --git a/src/lib/libcrypto/conf/conf_mod.c b/src/lib/libcrypto/conf/conf_mod.c
index ee9c677d9b..df1642a0a5 100644
--- a/src/lib/libcrypto/conf/conf_mod.c
+++ b/src/lib/libcrypto/conf/conf_mod.c
@@ -582,8 +582,14 @@ int CONF_parse_list(const char *list_, int sep, int nospc,
        {
        int ret;
        const char *lstart, *tmpend, *p;
-        lstart = list_;
+        if(list_ == NULL)
+                {
+                CONFerr(CONF_F_CONF_PARSE_LIST, CONF_R_LIST_CANNOT_BE_NULL);
+                return 0;
+                }
+        lstart = list_;
        for(;;)
                {
                if (nospc)
diff --git a/src/lib/libcrypto/cpt_err.c b/src/lib/libcrypto/cpt_err.c
index 9fd41fff8c..139b9284e4 100644
--- a/src/lib/libcrypto/cpt_err.c
+++ b/src/lib/libcrypto/cpt_err.c
@@ -1,6 +1,6 @@
 /* crypto/cpt_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
diff --git a/src/lib/libcrypto/cryptlib.c b/src/lib/libcrypto/cryptlib.c
index 8f9e88e403..b4449b86d6 100644
--- a/src/lib/libcrypto/cryptlib.c
+++ b/src/lib/libcrypto/cryptlib.c
@@ -1,6 +1,6 @@
 /* crypto/cryptlib.c */
 /* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -121,17 +121,279 @@
 static double SSLeay_MSVC5_hack=0.0; /* and for VC1.5 */
 #endif
+DECLARE_STACK_OF(CRYPTO_dynlock)
+/* real #defines in crypto.h, keep these upto date */
+static const char* const lock_names[CRYPTO_NUM_LOCKS] =
+        {
+        "<<ERROR>>",
+        "err",
+        "ex_data",
+        "x509",
+        "x509_info",
+        "x509_pkey",
+        "x509_crl",
+        "x509_req",
+        "dsa",
+        "rsa",
+        "evp_pkey",
+        "x509_store",
+        "ssl_ctx",
+        "ssl_cert",
+        "ssl_session",
+        "ssl_sess_cert",
+        "ssl",
+        "ssl_method",
+        "rand",
+        "rand2",
+        "debug_malloc",
+        "BIO",
+        "gethostbyname",
+        "getservbyname",
+        "readdir",
+        "RSA_blinding",
+        "dh",
+        "debug_malloc2",
+        "dso",
+        "dynlock",
+        "engine",
+        "ui",
+        "ecdsa",
+        "ec",
+        "ecdh",
+        "bn",
+        "ec_pre_comp",
+        "store",
+        "comp",
+        "fips",
+        "fips2",
+#if CRYPTO_NUM_LOCKS != 41
+# error "Inconsistency between crypto.h and cryptlib.c"
+#endif
+        };
+/* This is for applications to allocate new type names in the non-dynamic
+   array of lock names.  These are numbered with positive numbers.  */
+static STACK_OF(OPENSSL_STRING) *app_locks=NULL;
+/* For applications that want a more dynamic way of handling threads, the
+   following stack is used.  These are externally numbered with negative
+   numbers.  */
+static STACK_OF(CRYPTO_dynlock) *dyn_locks=NULL;
 static void (MS_FAR *locking_callback)(int mode,int type,
-        const char *file,int line)=NULL;
+        const char *file,int line)=0;
 static int (MS_FAR *add_lock_callback)(int *pointer,int amount,
-        int type,const char *file,int line)=NULL;
+        int type,const char *file,int line)=0;
-static unsigned long (MS_FAR *id_callback)(void)=NULL;
+#ifndef OPENSSL_NO_DEPRECATED
+static unsigned long (MS_FAR *id_callback)(void)=0;
+#endif
+static void (MS_FAR *threadid_callback)(CRYPTO_THREADID *)=0;
+static struct CRYPTO_dynlock_value *(MS_FAR *dynlock_create_callback)
+        (const char *file,int line)=0;
+static void (MS_FAR *dynlock_lock_callback)(int mode,
+        struct CRYPTO_dynlock_value *l, const char *file,int line)=0;
+static void (MS_FAR *dynlock_destroy_callback)(struct CRYPTO_dynlock_value *l,
+        const char *file,int line)=0;
+int CRYPTO_get_new_lockid(char *name)
+        {
+        char *str;
+        int i;
+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16)
+        /* A hack to make Visual C++ 5.0 work correctly when linking as
+         * a DLL using /MT. Without this, the application cannot use
+         * any floating point printf's.
+         * It also seems to be needed for Visual C 1.5 (win16) */
+        SSLeay_MSVC5_hack=(double)name[0]*(double)name[1];
+#endif
+        if ((app_locks == NULL) && ((app_locks=sk_OPENSSL_STRING_new_null()) == NULL))
+                {
+                CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+        if ((str=BUF_strdup(name)) == NULL)
+                {
+                CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+        i=sk_OPENSSL_STRING_push(app_locks,str);
+        if (!i)
+                OPENSSL_free(str);
+        else
+                i+=CRYPTO_NUM_LOCKS; /* gap of one :-) */
+        return(i);
+        }
 int CRYPTO_num_locks(void)
        {
        return CRYPTO_NUM_LOCKS;
        }
+int CRYPTO_get_new_dynlockid(void)
+        {
+        int i = 0;
+        CRYPTO_dynlock *pointer = NULL;
+        if (dynlock_create_callback == NULL)
+                {
+                CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK);
+                return(0);
+                }
+        CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
+        if ((dyn_locks == NULL)
+                && ((dyn_locks=sk_CRYPTO_dynlock_new_null()) == NULL))
+                {
+                CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+                CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+        pointer = (CRYPTO_dynlock *)OPENSSL_malloc(sizeof(CRYPTO_dynlock));
+        if (pointer == NULL)
+                {
+                CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+        pointer->references = 1;
+        pointer->data = dynlock_create_callback(__FILE__,__LINE__);
+        if (pointer->data == NULL)
+                {
+                OPENSSL_free(pointer);
+                CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+        CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
+        /* First, try to find an existing empty slot */
+        i=sk_CRYPTO_dynlock_find(dyn_locks,NULL);
+        /* If there was none, push, thereby creating a new one */
+        if (i == -1)
+                /* Since sk_push() returns the number of items on the
+                   stack, not the location of the pushed item, we need
+                   to transform the returned number into a position,
+                   by decreasing it.  */
+                i=sk_CRYPTO_dynlock_push(dyn_locks,pointer) - 1;
+        else
+                /* If we found a place with a NULL pointer, put our pointer
+                   in it.  */
+                (void)sk_CRYPTO_dynlock_set(dyn_locks,i,pointer);
+        CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+        if (i == -1)
+                {
+                dynlock_destroy_callback(pointer->data,__FILE__,__LINE__);
+                OPENSSL_free(pointer);
+                }
+        else
+                i += 1; /* to avoid 0 */
+        return -i;
+        }
+void CRYPTO_destroy_dynlockid(int i)
+        {
+        CRYPTO_dynlock *pointer = NULL;
+        if (i)
+                i = -i-1;
+        if (dynlock_destroy_callback == NULL)
+                return;
+        CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
+        if (dyn_locks == NULL || i >= sk_CRYPTO_dynlock_num(dyn_locks))
+                {
+                CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+                return;
+                }
+        pointer = sk_CRYPTO_dynlock_value(dyn_locks, i);
+        if (pointer != NULL)
+                {
+                --pointer->references;
+#ifdef REF_CHECK
+                if (pointer->references < 0)
+                        {
+                        fprintf(stderr,"CRYPTO_destroy_dynlockid, bad reference count\n");
+                        abort();
+                        }
+                else
+#endif
+                        if (pointer->references <= 0)
+                                {
+                                (void)sk_CRYPTO_dynlock_set(dyn_locks, i, NULL);
+                                }
+                        else
+                                pointer = NULL;
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+        if (pointer)
+                {
+                dynlock_destroy_callback(pointer->data,__FILE__,__LINE__);
+                OPENSSL_free(pointer);
+                }
+        }
+struct CRYPTO_dynlock_value *CRYPTO_get_dynlock_value(int i)
+        {
+        CRYPTO_dynlock *pointer = NULL;
+        if (i)
+                i = -i-1;
+        CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
+        if (dyn_locks != NULL && i < sk_CRYPTO_dynlock_num(dyn_locks))
+                pointer = sk_CRYPTO_dynlock_value(dyn_locks, i);
+        if (pointer)
+                pointer->references++;
+        CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+        if (pointer)
+                return pointer->data;
+        return NULL;
+        }
+struct CRYPTO_dynlock_value *(*CRYPTO_get_dynlock_create_callback(void))
+        (const char *file,int line)
+        {
+        return(dynlock_create_callback);
+        }
+void (*CRYPTO_get_dynlock_lock_callback(void))(int mode,
+        struct CRYPTO_dynlock_value *l, const char *file,int line)
+        {
+        return(dynlock_lock_callback);
+        }
+void (*CRYPTO_get_dynlock_destroy_callback(void))
+        (struct CRYPTO_dynlock_value *l, const char *file,int line)
+        {
+        return(dynlock_destroy_callback);
+        }
+void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value *(*func)
+        (const char *file, int line))
+        {
+        dynlock_create_callback=func;
+        }
+void CRYPTO_set_dynlock_lock_callback(void (*func)(int mode,
+        struct CRYPTO_dynlock_value *l, const char *file, int line))
+        {
+        dynlock_lock_callback=func;
+        }
+void CRYPTO_set_dynlock_destroy_callback(void (*func)
+        (struct CRYPTO_dynlock_value *l, const char *file, int line))
+        {
+        dynlock_destroy_callback=func;
+        }
 void (*CRYPTO_get_locking_callback(void))(int mode,int type,const char *file,
                int line)
        {
@@ -156,6 +418,108 @@ void CRYPTO_set_add_lock_callback(int (*func)(int *num,int mount,int type,
        add_lock_callback=func;
        }
+/* the memset() here and in set_pointer() seem overkill, but for the sake of
+ * CRYPTO_THREADID_cmp() this avoids any platform silliness that might cause two
+ * "equal" THREADID structs to not be memcmp()-identical. */
+void CRYPTO_THREADID_set_numeric(CRYPTO_THREADID *id, unsigned long val)
+        {
+        memset(id, 0, sizeof(*id));
+        id->val = val;
+        }
+static const unsigned char hash_coeffs[] = { 3, 5, 7, 11, 13, 17, 19, 23 };
+void CRYPTO_THREADID_set_pointer(CRYPTO_THREADID *id, void *ptr)
+        {
+        unsigned char *dest = (void *)&id->val;
+        unsigned int accum = 0;
+        unsigned char dnum = sizeof(id->val);
+        memset(id, 0, sizeof(*id));
+        id->ptr = ptr;
+        if (sizeof(id->val) >= sizeof(id->ptr))
+                {
+                /* 'ptr' can be embedded in 'val' without loss of uniqueness */
+                id->val = (unsigned long)id->ptr;
+                return;
+                }
+        /* hash ptr ==> val. Each byte of 'val' gets the mod-256 total of a
+         * linear function over the bytes in 'ptr', the co-efficients of which
+         * are a sequence of low-primes (hash_coeffs is an 8-element cycle) -
+         * the starting prime for the sequence varies for each byte of 'val'
+         * (unique polynomials unless pointers are >64-bit). For added spice,
+         * the totals accumulate rather than restarting from zero, and the index
+         * of the 'val' byte is added each time (position dependence). If I was
+         * a black-belt, I'd scan big-endian pointers in reverse to give
+         * low-order bits more play, but this isn't crypto and I'd prefer nobody
+         * mistake it as such. Plus I'm lazy. */
+        while (dnum--)
+                {
+                const unsigned char *src = (void *)&id->ptr;
+                unsigned char snum = sizeof(id->ptr);
+                while (snum--)
+                        accum += *(src++) * hash_coeffs[(snum + dnum) & 7];
+                accum += dnum;
+                *(dest++) = accum & 255;
+                }
+        }
+int CRYPTO_THREADID_set_callback(void (*func)(CRYPTO_THREADID *))
+        {
+        if (threadid_callback)
+                return 0;
+        threadid_callback = func;
+        return 1;
+        }
+void (*CRYPTO_THREADID_get_callback(void))(CRYPTO_THREADID *)
+        {
+        return threadid_callback;
+        }
+void CRYPTO_THREADID_current(CRYPTO_THREADID *id)
+        {
+        if (threadid_callback)
+                {
+                threadid_callback(id);
+                return;
+                }
+#ifndef OPENSSL_NO_DEPRECATED
+        /* If the deprecated callback was set, fall back to that */
+        if (id_callback)
+                {
+                CRYPTO_THREADID_set_numeric(id, id_callback());
+                return;
+                }
+#endif
+        /* Else pick a backup */
+#ifdef OPENSSL_SYS_WIN16
+        CRYPTO_THREADID_set_numeric(id, (unsigned long)GetCurrentTask());
+#elif defined(OPENSSL_SYS_WIN32)
+        CRYPTO_THREADID_set_numeric(id, (unsigned long)GetCurrentThreadId());
+#elif defined(OPENSSL_SYS_BEOS)
+        CRYPTO_THREADID_set_numeric(id, (unsigned long)find_thread(NULL));
+#else
+        /* For everything else, default to using the address of 'errno' */
+        CRYPTO_THREADID_set_pointer(id, &errno);
+#endif
+        }
+int CRYPTO_THREADID_cmp(const CRYPTO_THREADID *a, const CRYPTO_THREADID *b)
+        {
+        return memcmp(a, b, sizeof(*a));
+        }
+void CRYPTO_THREADID_cpy(CRYPTO_THREADID *dest, const CRYPTO_THREADID *src)
+        {
+        memcpy(dest, src, sizeof(*src));
+        }
+unsigned long CRYPTO_THREADID_hash(const CRYPTO_THREADID *id)
+        {
+        return id->val;
+        }
+#ifndef OPENSSL_NO_DEPRECATED
 unsigned long (*CRYPTO_get_id_callback(void))(void)
        {
        return(id_callback);
@@ -178,6 +542,8 @@ unsigned long CRYPTO_thread_id(void)
                ret=(unsigned long)GetCurrentThreadId();
 #elif defined(GETPID_IS_MEANINGLESS)
                ret=1L;
+#elif defined(OPENSSL_SYS_BEOS)
+                ret=(unsigned long)find_thread(NULL);
 #else
                ret=(unsigned long)getpid();
 #endif
@@ -186,19 +552,13 @@ unsigned long CRYPTO_thread_id(void)
                ret=id_callback();
        return(ret);
        }
+#endif
-static void (*do_dynlock_cb)(int mode, int type, const char *file, int line);
-void int_CRYPTO_set_do_dynlock_callback(
-        void (*dyn_cb)(int mode, int type, const char *file, int line))
-        {
-        do_dynlock_cb = dyn_cb;
-        }
 void CRYPTO_lock(int mode, int type, const char *file, int line)
        {
 #ifdef LOCK_DEBUG
                {
+                CRYPTO_THREADID id;
                char *rw_text,*operation_text;
                if (mode & CRYPTO_LOCK)
@@ -215,15 +575,25 @@ void CRYPTO_lock(int mode, int type, const char *file, int line)
                else
                        rw_text="ERROR";
+                CRYPTO_THREADID_current(&id);
                fprintf(stderr,"lock:%08lx:(%s)%s %-18s %s:%d\n",
-                        CRYPTO_thread_id(), rw_text, operation_text,
+                        CRYPTO_THREADID_hash(&id), rw_text, operation_text,
                        CRYPTO_get_lock_name(type), file, line);
                }
 #endif
        if (type < 0)
                {
-                if (do_dynlock_cb)
+                if (dynlock_lock_callback != NULL)
-                        do_dynlock_cb(mode, type, file, line);
+                        {
+                        struct CRYPTO_dynlock_value *pointer
+                                = CRYPTO_get_dynlock_value(type);
+                        OPENSSL_assert(pointer != NULL);
+                        dynlock_lock_callback(mode, pointer, file, line);
+                        CRYPTO_destroy_dynlockid(type);
+                        }
                }
        else
                if (locking_callback != NULL)
@@ -243,11 +613,14 @@ int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file,
                ret=add_lock_callback(pointer,amount,type,file,line);
 #ifdef LOCK_DEBUG
+                {
+                CRYPTO_THREADID id;
+                CRYPTO_THREADID_current(&id);
                fprintf(stderr,"ladd:%08lx:%2d+%2d->%2d %-18s %s:%d\n",
-                        CRYPTO_thread_id(),
+                        CRYPTO_THREADID_hash(&id), before,amount,ret,
-                        before,amount,ret,
                        CRYPTO_get_lock_name(type),
                        file,line);
+                }
 #endif
                }
        else
@@ -256,11 +629,15 @@ int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file,
                ret= *pointer+amount;
 #ifdef LOCK_DEBUG
+                {
+                CRYPTO_THREADID id;
+                CRYPTO_THREADID_current(&id);
                fprintf(stderr,"ladd:%08lx:%2d+%2d->%2d %-18s %s:%d\n",
-                        CRYPTO_thread_id(),
+                        CRYPTO_THREADID_hash(&id),
                        *pointer,amount,ret,
                        CRYPTO_get_lock_name(type),
                        file,line);
+                }
 #endif
                *pointer=ret;
                CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,file,line);
@@ -268,6 +645,18 @@ int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file,
        return(ret);
        }
+const char *CRYPTO_get_lock_name(int type)
+        {
+        if (type < 0)
+                return("dynamic");
+        else if (type < CRYPTO_NUM_LOCKS)
+                return(lock_names[type]);
+        else if (type-CRYPTO_NUM_LOCKS > sk_OPENSSL_STRING_num(app_locks))
+                return("ERROR");
+        else
+                return(sk_OPENSSL_STRING_value(app_locks,type-CRYPTO_NUM_LOCKS));
+        }
 #if     defined(__i386)   || defined(__i386__)   || defined(_M_IX86) || \
        defined(__INTEL__) || \
        defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64)
@@ -301,70 +690,16 @@ void OPENSSL_cpuid_setup(void)
 unsigned long *OPENSSL_ia32cap_loc(void) { return NULL; }
 #endif
 int OPENSSL_NONPIC_relocated = 0;
-#if !defined(OPENSSL_CPUID_SETUP)
+#if !defined(OPENSSL_CPUID_SETUP) && !defined(OPENSSL_CPUID_OBJ)
 void OPENSSL_cpuid_setup(void) {}
 #endif
 #if (defined(_WIN32) || defined(__CYGWIN__)) && defined(_WINDLL)
-#ifdef OPENSSL_FIPS
-#include <tlhelp32.h>
-#if defined(__GNUC__) && __GNUC__>=2
-static int DllInit(void) __attribute__((constructor));
-#elif defined(_MSC_VER)
-static int DllInit(void);
-# ifdef _WIN64
-# pragma section(".CRT$XCU",read)
-  __declspec(allocate(".CRT$XCU"))
-# else
-# pragma data_seg(".CRT$XCU")
-# endif
-  static int (*p)(void) = DllInit;
-# pragma data_seg()
-#endif
-static int DllInit(void)
-{
-#if defined(_WIN32_WINNT)
-        union   { int(*f)(void); BYTE *p; } t = { DllInit };
-        HANDLE  hModuleSnap = INVALID_HANDLE_VALUE;
-        IMAGE_DOS_HEADER *dos_header;
-        IMAGE_NT_HEADERS *nt_headers;
-        MODULEENTRY32 me32 = {sizeof(me32)};
-        hModuleSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,0);
-        if (hModuleSnap != INVALID_HANDLE_VALUE &&
-            Module32First(hModuleSnap,&me32)) do
-                {
-                if (t.p >= me32.modBaseAddr &&
-                    t.p <  me32.modBaseAddr+me32.modBaseSize)
-                        {
-                        dos_header=(IMAGE_DOS_HEADER *)me32.modBaseAddr;
-                        if (dos_header->e_magic==IMAGE_DOS_SIGNATURE)
-                                {
-                                nt_headers=(IMAGE_NT_HEADERS *)
-                                        ((BYTE *)dos_header+dos_header->e_lfanew);
-                                if (nt_headers->Signature==IMAGE_NT_SIGNATURE &&
-                                    me32.modBaseAddr!=(BYTE*)nt_headers->OptionalHeader.ImageBase)
-                                        OPENSSL_NONPIC_relocated=1;
-                                }
-                        break;
-                        }
-                } while (Module32Next(hModuleSnap,&me32));
-        if (hModuleSnap != INVALID_HANDLE_VALUE)
-                CloseHandle(hModuleSnap);
-#endif
-        OPENSSL_cpuid_setup();
-        return 0;
-}
-#else
 #ifdef __CYGWIN__
 /* pick DLL_[PROCESS|THREAD]_[ATTACH|DETACH] definitions */
 #include <windows.h>
+/* this has side-effect of _WIN32 getting defined, which otherwise
+ * is mutually exclusive with __CYGWIN__... */
 #endif
 /* All we really need to do is remove the 'error' state when a thread
@@ -405,16 +740,27 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason,
        }
 #endif
-#endif
 #if defined(_WIN32) && !defined(__CYGWIN__)
 #include <tchar.h>
+#include <signal.h>
 #if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333
 int OPENSSL_isservice(void)
 { HWINSTA h;
  DWORD len;
  WCHAR *name;
+  static union { void *p; int (*f)(void); } _OPENSSL_isservice = { NULL };
+    if (_OPENSSL_isservice.p == NULL) {
+        HANDLE h = GetModuleHandle(NULL);
+        if (h != NULL)
+            _OPENSSL_isservice.p = GetProcAddress(h,"_OPENSSL_isservice");
+        if (_OPENSSL_isservice.p == NULL)
+            _OPENSSL_isservice.p = (void *)-1;
+    }
+    if (_OPENSSL_isservice.p != (void *)-1)
+        return (*_OPENSSL_isservice.f)();
    (void)GetDesktopWindow(); /* return value is ignored */
@@ -513,7 +859,7 @@ void OPENSSL_showfatal (const char *fmta,...)
 #if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333
    /* this -------------v--- guards NT-specific calls */
-    if (GetVersion() < 0x80000000 && OPENSSL_isservice())
+    if (GetVersion() < 0x80000000 && OPENSSL_isservice() > 0)
    {   HANDLE h = RegisterEventSource(0,_T("OPENSSL"));
        const TCHAR *pmsg=buf;
        ReportEvent(h,EVENTLOG_ERROR_TYPE,0,0,0,1,0,&pmsg,0);
@@ -539,7 +885,13 @@ void OpenSSLDie(const char *file,int line,const char *assertion)
        OPENSSL_showfatal(
                "%s(%d): OpenSSL internal error, assertion failed: %s\n",
                file,line,assertion);
+#if !defined(_WIN32) || defined(__CYGWIN__)
        abort();
+#else
+        /* Win32 abort() customarily shows a dialog, but we just did that... */
+        raise(SIGABRT);
+        _exit(3);
+#endif
        }
 void *OPENSSL_stderr(void)      { return stderr; }
diff --git a/src/lib/libcrypto/crypto.h b/src/lib/libcrypto/crypto.h
index 0e4fb0723c..b0360cec51 100644
--- a/src/lib/libcrypto/crypto.h
+++ b/src/lib/libcrypto/crypto.h
@@ -1,6 +1,6 @@
 /* crypto/crypto.h */
 /* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -219,13 +219,9 @@ typedef struct openssl_item_st
 #define CRYPTO_LOCK_EC_PRE_COMP         36
 #define CRYPTO_LOCK_STORE               37
 #define CRYPTO_LOCK_COMP                38
-#ifndef OPENSSL_FIPS
-#define CRYPTO_NUM_LOCKS                39
-#else
 #define CRYPTO_LOCK_FIPS                39
 #define CRYPTO_LOCK_FIPS2               40
 #define CRYPTO_NUM_LOCKS                41
-#endif
 #define CRYPTO_LOCK             1
 #define CRYPTO_UNLOCK           2
@@ -288,9 +284,10 @@ typedef struct bio_st BIO_dummy;
 struct crypto_ex_data_st
        {
-        STACK *sk;
+        STACK_OF(void) *sk;
        int dummy; /* gcc is screwing up this data structure :-( */
        };
+DECLARE_STACK_OF(void)
 /* This stuff is basically class callback functions
 * The current classes are SSL_CTX, SSL, SSL_SESSION, and a few more */
@@ -347,7 +344,14 @@ DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS)
 /* Set standard debugging functions (not done by default
 * unless CRYPTO_MDEBUG is defined) */
-void CRYPTO_malloc_debug_init(void);
+#define CRYPTO_malloc_debug_init()      do {\
+        CRYPTO_set_mem_debug_functions(\
+                CRYPTO_dbg_malloc,\
+                CRYPTO_dbg_realloc,\
+                CRYPTO_dbg_free,\
+                CRYPTO_dbg_set_options,\
+                CRYPTO_dbg_get_options);\
+        } while(0)
 int CRYPTO_mem_ctrl(int mode);
 int CRYPTO_is_mem_check_on(void);
@@ -420,16 +424,32 @@ void CRYPTO_set_add_lock_callback(int (*func)(int *num,int mount,int type,
                                              const char *file, int line));
 int (*CRYPTO_get_add_lock_callback(void))(int *num,int mount,int type,
                                          const char *file,int line);
+/* Don't use this structure directly. */
+typedef struct crypto_threadid_st
+        {
+        void *ptr;
+        unsigned long val;
+        } CRYPTO_THREADID;
+/* Only use CRYPTO_THREADID_set_[numeric|pointer]() within callbacks */
+void CRYPTO_THREADID_set_numeric(CRYPTO_THREADID *id, unsigned long val);
+void CRYPTO_THREADID_set_pointer(CRYPTO_THREADID *id, void *ptr);
+int CRYPTO_THREADID_set_callback(void (*threadid_func)(CRYPTO_THREADID *));
+void (*CRYPTO_THREADID_get_callback(void))(CRYPTO_THREADID *);
+void CRYPTO_THREADID_current(CRYPTO_THREADID *id);
+int CRYPTO_THREADID_cmp(const CRYPTO_THREADID *a, const CRYPTO_THREADID *b);
+void CRYPTO_THREADID_cpy(CRYPTO_THREADID *dest, const CRYPTO_THREADID *src);
+unsigned long CRYPTO_THREADID_hash(const CRYPTO_THREADID *id);
+#ifndef OPENSSL_NO_DEPRECATED
 void CRYPTO_set_id_callback(unsigned long (*func)(void));
 unsigned long (*CRYPTO_get_id_callback(void))(void);
 unsigned long CRYPTO_thread_id(void);
+#endif
 const char *CRYPTO_get_lock_name(int type);
 int CRYPTO_add_lock(int *pointer,int amount,int type, const char *file,
                    int line);
-void int_CRYPTO_set_do_dynlock_callback(
-        void (*do_dynlock_cb)(int mode, int type, const char *file, int line));
 int CRYPTO_get_new_dynlockid(void);
 void CRYPTO_destroy_dynlockid(int i);
 struct CRYPTO_dynlock_value *CRYPTO_get_dynlock_value(int i);
@@ -454,10 +474,6 @@ int CRYPTO_set_mem_debug_functions(void (*m)(void *,int,const char *,int,int),
                                   void (*f)(void *,int),
                                   void (*so)(long),
                                   long (*go)(void));
-void CRYPTO_set_mem_info_functions(
-        int  (*push_info_fn)(const char *info, const char *file, int line),
-        int  (*pop_info_fn)(void),
-        int (*remove_all_info_fn)(void));
 void CRYPTO_get_mem_functions(void *(**m)(size_t),void *(**r)(void *, size_t), void (**f)(void *));
 void CRYPTO_get_locked_mem_functions(void *(**m)(size_t), void (**f)(void *));
 void CRYPTO_get_mem_ex_functions(void *(**m)(size_t,const char *,int),
@@ -514,9 +530,6 @@ void CRYPTO_dbg_free(void *addr,int before_p);
 void CRYPTO_dbg_set_options(long bits);
 long CRYPTO_dbg_get_options(void);
-int CRYPTO_dbg_push_info(const char *info, const char *file, int line);
-int CRYPTO_dbg_pop_info(void);
-int CRYPTO_dbg_remove_all_info(void);
 #ifndef OPENSSL_NO_FP_API
 void CRYPTO_mem_leaks_fp(FILE *);
@@ -534,69 +547,12 @@ unsigned long *OPENSSL_ia32cap_loc(void);
 #define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))
 int OPENSSL_isservice(void);
-#ifdef OPENSSL_FIPS
-#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \
-                alg " previous FIPS forbidden algorithm error ignored");
-#define FIPS_BAD_ABORT(alg) OpenSSLDie(__FILE__, __LINE__, \
-                #alg " Algorithm forbidden in FIPS mode");
-#ifdef OPENSSL_FIPS_STRICT
-#define FIPS_BAD_ALGORITHM(alg) FIPS_BAD_ABORT(alg)
-#else
-#define FIPS_BAD_ALGORITHM(alg) \
-        { \
-        FIPSerr(FIPS_F_HASH_FINAL,FIPS_R_NON_FIPS_METHOD); \
-        ERR_add_error_data(2, "Algorithm=", #alg); \
-        return 0; \
-        }
-#endif
-/* Low level digest API blocking macro */
-#define FIPS_NON_FIPS_MD_Init(alg) \
-        int alg##_Init(alg##_CTX *c) \
-                { \
-                if (FIPS_mode()) \
-                        FIPS_BAD_ALGORITHM(alg) \
-                return private_##alg##_Init(c); \
-                } \
-        int private_##alg##_Init(alg##_CTX *c)
-/* For ciphers the API often varies from cipher to cipher and each needs to
- * be treated as a special case. Variable key length ciphers (Blowfish, RC4,
- * CAST) however are very similar and can use a blocking macro.
- */
-#define FIPS_NON_FIPS_VCIPHER_Init(alg) \
-        void alg##_set_key(alg##_KEY *key, int len, const unsigned char *data) \
-                { \
-                if (FIPS_mode()) \
-                        FIPS_BAD_ABORT(alg) \
-                private_##alg##_set_key(key, len, data); \
-                } \
-        void private_##alg##_set_key(alg##_KEY *key, int len, \
-                                        const unsigned char *data)
-#else
-#define FIPS_NON_FIPS_VCIPHER_Init(alg) \
-        void alg##_set_key(alg##_KEY *key, int len, const unsigned char *data)
-#define FIPS_NON_FIPS_MD_Init(alg) \
-        int alg##_Init(alg##_CTX *c) 
-#endif /* def OPENSSL_FIPS */
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
 */
 void ERR_load_CRYPTO_strings(void);
-#define OPENSSL_HAVE_INIT       1
-void OPENSSL_init(void);
 /* Error codes for the CRYPTO functions. */
 /* Function codes. */
diff --git a/src/lib/libcrypto/des/asm/crypt586.pl b/src/lib/libcrypto/des/asm/crypt586.pl
index 1d04ed6def..e36f7d44bd 100644
--- a/src/lib/libcrypto/des/asm/crypt586.pl
+++ b/src/lib/libcrypto/des/asm/crypt586.pl
@@ -6,7 +6,8 @@
 # things perfect.
 #
-push(@INC,"perlasm","../../perlasm");
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
 require "x86asm.pl";
 &asm_init($ARGV[0],"crypt586.pl");
@@ -22,7 +23,7 @@ sub fcrypt_body
        {
        local($name,$do_ip)=@_;
-        &function_begin($name,"EXTRN   _DES_SPtrans:DWORD");
+        &function_begin($name);
        &comment("");
        &comment("Load the 2 words");
diff --git a/src/lib/libcrypto/des/asm/des-586.pl b/src/lib/libcrypto/des/asm/des-586.pl
index b75d3c6b3a..5b5f39cebd 100644
--- a/src/lib/libcrypto/des/asm/des-586.pl
+++ b/src/lib/libcrypto/des/asm/des-586.pl
@@ -4,7 +4,8 @@
 # Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>
 #
-push(@INC,"perlasm","../../perlasm");
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
 require "x86asm.pl";
 require "cbc.pl";
 require "desboth.pl";
@@ -18,29 +19,110 @@ require "desboth.pl";
 $L="edi";
 $R="esi";
+$trans="ebp";
+$small_footprint=1 if (grep(/\-DOPENSSL_SMALL_FOOTPRINT/,@ARGV));
+# one can discuss setting this variable to 1 unconditionally, as
+# the folded loop is only 3% slower than unrolled, but >7 times smaller
-&external_label("DES_SPtrans");
+&public_label("DES_SPtrans");
+&DES_encrypt_internal();
+&DES_decrypt_internal();
 &DES_encrypt("DES_encrypt1",1);
 &DES_encrypt("DES_encrypt2",0);
 &DES_encrypt3("DES_encrypt3",1);
 &DES_encrypt3("DES_decrypt3",0);
 &cbc("DES_ncbc_encrypt","DES_encrypt1","DES_encrypt1",0,4,5,3,5,-1);
 &cbc("DES_ede3_cbc_encrypt","DES_encrypt3","DES_decrypt3",0,6,7,3,4,5);
+&DES_SPtrans();
 &asm_finish();
+sub DES_encrypt_internal()
+        {
+        &function_begin_B("_x86_DES_encrypt");
+        if ($small_footprint)
+            {
+            &lea("edx",&DWP(128,"ecx"));
+            &push("edx");
+            &push("ecx");
+            &set_label("eloop");
+                &D_ENCRYPT(0,$L,$R,0,$trans,"eax","ebx","ecx","edx",&swtmp(0));
+                &comment("");
+                &D_ENCRYPT(1,$R,$L,2,$trans,"eax","ebx","ecx","edx",&swtmp(0));
+                &comment("");
+                &add("ecx",16);
+                &cmp("ecx",&swtmp(1));
+                &mov(&swtmp(0),"ecx");
+                &jb(&label("eloop"));
+            &add("esp",8);
+            }
+        else
+            {
+            &push("ecx");
+            for ($i=0; $i<16; $i+=2)
+                {
+                &comment("Round $i");
+                &D_ENCRYPT($i,$L,$R,$i*2,$trans,"eax","ebx","ecx","edx",&swtmp(0));
+                &comment("Round ".sprintf("%d",$i+1));
+                &D_ENCRYPT($i+1,$R,$L,($i+1)*2,$trans,"eax","ebx","ecx","edx",&swtmp(0));
+                }
+            &add("esp",4);
+        }
+        &ret();
+        &function_end_B("_x86_DES_encrypt");
+        }
+        
+sub DES_decrypt_internal()
+        {
+        &function_begin_B("_x86_DES_decrypt");
+        if ($small_footprint)
+            {
+            &push("ecx");
+            &lea("ecx",&DWP(128,"ecx"));
+            &push("ecx");
+            &set_label("dloop");
+                &D_ENCRYPT(0,$L,$R,-2,$trans,"eax","ebx","ecx","edx",&swtmp(0));
+                &comment("");
+                &D_ENCRYPT(1,$R,$L,-4,$trans,"eax","ebx","ecx","edx",&swtmp(0));
+                &comment("");
+                &sub("ecx",16);
+                &cmp("ecx",&swtmp(1));
+                &mov(&swtmp(0),"ecx");
+                &ja(&label("dloop"));
+            &add("esp",8);
+            }
+        else
+            {
+            &push("ecx");
+            for ($i=15; $i>0; $i-=2)
+                {
+                &comment("Round $i");
+                &D_ENCRYPT(15-$i,$L,$R,$i*2,$trans,"eax","ebx","ecx","edx",&swtmp(0));
+                &comment("Round ".sprintf("%d",$i-1));
+                &D_ENCRYPT(15-$i+1,$R,$L,($i-1)*2,$trans,"eax","ebx","ecx","edx",&swtmp(0));
+                }
+            &add("esp",4);
+            }
+        &ret();
+        &function_end_B("_x86_DES_decrypt");
+        }
+        
 sub DES_encrypt
        {
        local($name,$do_ip)=@_;
-        &function_begin_B($name,"EXTRN   _DES_SPtrans:DWORD");
+        &function_begin_B($name);
        &push("esi");
        &push("edi");
        &comment("");
        &comment("Load the 2 words");
-        $trans="ebp";
        if ($do_ip)
                {
@@ -73,39 +155,20 @@ sub DES_encrypt
                }
        # PIC-ification:-)
-        &picmeup($trans,"DES_SPtrans");
+        &call   (&label("pic_point"));
-        #if ($cpp)      { &picmeup($trans,"DES_SPtrans");   }
+        &set_label("pic_point");
-        #else           { &lea($trans,&DWP("DES_SPtrans")); }
+        &blindpop($trans);
+        &lea    ($trans,&DWP(&label("DES_SPtrans")."-".&label("pic_point"),$trans));
        &mov(   "ecx",  &wparam(1)      );
-        &cmp("ebx","0");
-        &je(&label("start_decrypt"));
-        for ($i=0; $i<16; $i+=2)
-                {
-                &comment("");
-                &comment("Round $i");
-                &D_ENCRYPT($i,$L,$R,$i*2,$trans,"eax","ebx","ecx","edx");
-                &comment("");
-                &comment("Round ".sprintf("%d",$i+1));
-                &D_ENCRYPT($i+1,$R,$L,($i+1)*2,$trans,"eax","ebx","ecx","edx");
-                }
-        &jmp(&label("end"));
-        &set_label("start_decrypt");
+        &cmp("ebx","0");
+        &je(&label("decrypt"));
-        for ($i=15; $i>0; $i-=2)
+        &call("_x86_DES_encrypt");
-                {
+        &jmp(&label("done"));
-                &comment("");
+        &set_label("decrypt");
-                &comment("Round $i");
+        &call("_x86_DES_decrypt");
-                &D_ENCRYPT(15-$i,$L,$R,$i*2,$trans,"eax","ebx","ecx","edx");
+        &set_label("done");
-                &comment("");
-                &comment("Round ".sprintf("%d",$i-1));
-                &D_ENCRYPT(15-$i+1,$R,$L,($i-1)*2,$trans,"eax","ebx","ecx","edx");
-                }
-        &set_label("end");
        if ($do_ip)
                {
@@ -139,7 +202,7 @@ sub DES_encrypt
 sub D_ENCRYPT
        {
-        local($r,$L,$R,$S,$trans,$u,$tmp1,$tmp2,$t)=@_;
+        local($r,$L,$R,$S,$trans,$u,$tmp1,$tmp2,$t,$wp1)=@_;
         &mov(  $u,             &DWP(&n2a($S*4),$tmp2,"",0));
        &xor(   $tmp1,          $tmp1);
@@ -166,7 +229,7 @@ sub D_ENCRYPT
        &and(   $t,             "0xff"  );
         &xor(  $L,             &DWP("0x600",$trans,$tmp1,0));
         &xor(  $L,             &DWP("0x700",$trans,$tmp2,0));
-        &mov(   $tmp2,          &wparam(1)      );
+        &mov(   $tmp2,          $wp1    );
         &xor(  $L,             &DWP("0x400",$trans,$u,0));
         &xor(  $L,             &DWP("0x500",$trans,$t,0));
        }
@@ -249,3 +312,142 @@ sub FP_new
        &rotr($tt       , 4);
        }
+sub DES_SPtrans
+        {
+        &set_label("DES_SPtrans",64);
+        &data_word(0x02080800, 0x00080000, 0x02000002, 0x02080802);
+        &data_word(0x02000000, 0x00080802, 0x00080002, 0x02000002);
+        &data_word(0x00080802, 0x02080800, 0x02080000, 0x00000802);
+        &data_word(0x02000802, 0x02000000, 0x00000000, 0x00080002);
+        &data_word(0x00080000, 0x00000002, 0x02000800, 0x00080800);
+        &data_word(0x02080802, 0x02080000, 0x00000802, 0x02000800);
+        &data_word(0x00000002, 0x00000800, 0x00080800, 0x02080002);
+        &data_word(0x00000800, 0x02000802, 0x02080002, 0x00000000);
+        &data_word(0x00000000, 0x02080802, 0x02000800, 0x00080002);
+        &data_word(0x02080800, 0x00080000, 0x00000802, 0x02000800);
+        &data_word(0x02080002, 0x00000800, 0x00080800, 0x02000002);
+        &data_word(0x00080802, 0x00000002, 0x02000002, 0x02080000);
+        &data_word(0x02080802, 0x00080800, 0x02080000, 0x02000802);
+        &data_word(0x02000000, 0x00000802, 0x00080002, 0x00000000);
+        &data_word(0x00080000, 0x02000000, 0x02000802, 0x02080800);
+        &data_word(0x00000002, 0x02080002, 0x00000800, 0x00080802);
+        # nibble 1
+        &data_word(0x40108010, 0x00000000, 0x00108000, 0x40100000);
+        &data_word(0x40000010, 0x00008010, 0x40008000, 0x00108000);
+        &data_word(0x00008000, 0x40100010, 0x00000010, 0x40008000);
+        &data_word(0x00100010, 0x40108000, 0x40100000, 0x00000010);
+        &data_word(0x00100000, 0x40008010, 0x40100010, 0x00008000);
+        &data_word(0x00108010, 0x40000000, 0x00000000, 0x00100010);
+        &data_word(0x40008010, 0x00108010, 0x40108000, 0x40000010);
+        &data_word(0x40000000, 0x00100000, 0x00008010, 0x40108010);
+        &data_word(0x00100010, 0x40108000, 0x40008000, 0x00108010);
+        &data_word(0x40108010, 0x00100010, 0x40000010, 0x00000000);
+        &data_word(0x40000000, 0x00008010, 0x00100000, 0x40100010);
+        &data_word(0x00008000, 0x40000000, 0x00108010, 0x40008010);
+        &data_word(0x40108000, 0x00008000, 0x00000000, 0x40000010);
+        &data_word(0x00000010, 0x40108010, 0x00108000, 0x40100000);
+        &data_word(0x40100010, 0x00100000, 0x00008010, 0x40008000);
+        &data_word(0x40008010, 0x00000010, 0x40100000, 0x00108000);
+        # nibble 2
+        &data_word(0x04000001, 0x04040100, 0x00000100, 0x04000101);
+        &data_word(0x00040001, 0x04000000, 0x04000101, 0x00040100);
+        &data_word(0x04000100, 0x00040000, 0x04040000, 0x00000001);
+        &data_word(0x04040101, 0x00000101, 0x00000001, 0x04040001);
+        &data_word(0x00000000, 0x00040001, 0x04040100, 0x00000100);
+        &data_word(0x00000101, 0x04040101, 0x00040000, 0x04000001);
+        &data_word(0x04040001, 0x04000100, 0x00040101, 0x04040000);
+        &data_word(0x00040100, 0x00000000, 0x04000000, 0x00040101);
+        &data_word(0x04040100, 0x00000100, 0x00000001, 0x00040000);
+        &data_word(0x00000101, 0x00040001, 0x04040000, 0x04000101);
+        &data_word(0x00000000, 0x04040100, 0x00040100, 0x04040001);
+        &data_word(0x00040001, 0x04000000, 0x04040101, 0x00000001);
+        &data_word(0x00040101, 0x04000001, 0x04000000, 0x04040101);
+        &data_word(0x00040000, 0x04000100, 0x04000101, 0x00040100);
+        &data_word(0x04000100, 0x00000000, 0x04040001, 0x00000101);
+        &data_word(0x04000001, 0x00040101, 0x00000100, 0x04040000);
+        # nibble 3
+        &data_word(0x00401008, 0x10001000, 0x00000008, 0x10401008);
+        &data_word(0x00000000, 0x10400000, 0x10001008, 0x00400008);
+        &data_word(0x10401000, 0x10000008, 0x10000000, 0x00001008);
+        &data_word(0x10000008, 0x00401008, 0x00400000, 0x10000000);
+        &data_word(0x10400008, 0x00401000, 0x00001000, 0x00000008);
+        &data_word(0x00401000, 0x10001008, 0x10400000, 0x00001000);
+        &data_word(0x00001008, 0x00000000, 0x00400008, 0x10401000);
+        &data_word(0x10001000, 0x10400008, 0x10401008, 0x00400000);
+        &data_word(0x10400008, 0x00001008, 0x00400000, 0x10000008);
+        &data_word(0x00401000, 0x10001000, 0x00000008, 0x10400000);
+        &data_word(0x10001008, 0x00000000, 0x00001000, 0x00400008);
+        &data_word(0x00000000, 0x10400008, 0x10401000, 0x00001000);
+        &data_word(0x10000000, 0x10401008, 0x00401008, 0x00400000);
+        &data_word(0x10401008, 0x00000008, 0x10001000, 0x00401008);
+        &data_word(0x00400008, 0x00401000, 0x10400000, 0x10001008);
+        &data_word(0x00001008, 0x10000000, 0x10000008, 0x10401000);
+        # nibble 4
+        &data_word(0x08000000, 0x00010000, 0x00000400, 0x08010420);
+        &data_word(0x08010020, 0x08000400, 0x00010420, 0x08010000);
+        &data_word(0x00010000, 0x00000020, 0x08000020, 0x00010400);
+        &data_word(0x08000420, 0x08010020, 0x08010400, 0x00000000);
+        &data_word(0x00010400, 0x08000000, 0x00010020, 0x00000420);
+        &data_word(0x08000400, 0x00010420, 0x00000000, 0x08000020);
+        &data_word(0x00000020, 0x08000420, 0x08010420, 0x00010020);
+        &data_word(0x08010000, 0x00000400, 0x00000420, 0x08010400);
+        &data_word(0x08010400, 0x08000420, 0x00010020, 0x08010000);
+        &data_word(0x00010000, 0x00000020, 0x08000020, 0x08000400);
+        &data_word(0x08000000, 0x00010400, 0x08010420, 0x00000000);
+        &data_word(0x00010420, 0x08000000, 0x00000400, 0x00010020);
+        &data_word(0x08000420, 0x00000400, 0x00000000, 0x08010420);
+        &data_word(0x08010020, 0x08010400, 0x00000420, 0x00010000);
+        &data_word(0x00010400, 0x08010020, 0x08000400, 0x00000420);
+        &data_word(0x00000020, 0x00010420, 0x08010000, 0x08000020);
+        # nibble 5
+        &data_word(0x80000040, 0x00200040, 0x00000000, 0x80202000);
+        &data_word(0x00200040, 0x00002000, 0x80002040, 0x00200000);
+        &data_word(0x00002040, 0x80202040, 0x00202000, 0x80000000);
+        &data_word(0x80002000, 0x80000040, 0x80200000, 0x00202040);
+        &data_word(0x00200000, 0x80002040, 0x80200040, 0x00000000);
+        &data_word(0x00002000, 0x00000040, 0x80202000, 0x80200040);
+        &data_word(0x80202040, 0x80200000, 0x80000000, 0x00002040);
+        &data_word(0x00000040, 0x00202000, 0x00202040, 0x80002000);
+        &data_word(0x00002040, 0x80000000, 0x80002000, 0x00202040);
+        &data_word(0x80202000, 0x00200040, 0x00000000, 0x80002000);
+        &data_word(0x80000000, 0x00002000, 0x80200040, 0x00200000);
+        &data_word(0x00200040, 0x80202040, 0x00202000, 0x00000040);
+        &data_word(0x80202040, 0x00202000, 0x00200000, 0x80002040);
+        &data_word(0x80000040, 0x80200000, 0x00202040, 0x00000000);
+        &data_word(0x00002000, 0x80000040, 0x80002040, 0x80202000);
+        &data_word(0x80200000, 0x00002040, 0x00000040, 0x80200040);
+        # nibble 6
+        &data_word(0x00004000, 0x00000200, 0x01000200, 0x01000004);
+        &data_word(0x01004204, 0x00004004, 0x00004200, 0x00000000);
+        &data_word(0x01000000, 0x01000204, 0x00000204, 0x01004000);
+        &data_word(0x00000004, 0x01004200, 0x01004000, 0x00000204);
+        &data_word(0x01000204, 0x00004000, 0x00004004, 0x01004204);
+        &data_word(0x00000000, 0x01000200, 0x01000004, 0x00004200);
+        &data_word(0x01004004, 0x00004204, 0x01004200, 0x00000004);
+        &data_word(0x00004204, 0x01004004, 0x00000200, 0x01000000);
+        &data_word(0x00004204, 0x01004000, 0x01004004, 0x00000204);
+        &data_word(0x00004000, 0x00000200, 0x01000000, 0x01004004);
+        &data_word(0x01000204, 0x00004204, 0x00004200, 0x00000000);
+        &data_word(0x00000200, 0x01000004, 0x00000004, 0x01000200);
+        &data_word(0x00000000, 0x01000204, 0x01000200, 0x00004200);
+        &data_word(0x00000204, 0x00004000, 0x01004204, 0x01000000);
+        &data_word(0x01004200, 0x00000004, 0x00004004, 0x01004204);
+        &data_word(0x01000004, 0x01004200, 0x01004000, 0x00004004);
+        # nibble 7
+        &data_word(0x20800080, 0x20820000, 0x00020080, 0x00000000);
+        &data_word(0x20020000, 0x00800080, 0x20800000, 0x20820080);
+        &data_word(0x00000080, 0x20000000, 0x00820000, 0x00020080);
+        &data_word(0x00820080, 0x20020080, 0x20000080, 0x20800000);
+        &data_word(0x00020000, 0x00820080, 0x00800080, 0x20020000);
+        &data_word(0x20820080, 0x20000080, 0x00000000, 0x00820000);
+        &data_word(0x20000000, 0x00800000, 0x20020080, 0x20800080);
+        &data_word(0x00800000, 0x00020000, 0x20820000, 0x00000080);
+        &data_word(0x00800000, 0x00020000, 0x20000080, 0x20820080);
+        &data_word(0x00020080, 0x20000000, 0x00000000, 0x00820000);
+        &data_word(0x20800080, 0x20020080, 0x20020000, 0x00800080);
+        &data_word(0x20820000, 0x00000080, 0x00800080, 0x20020000);
+        &data_word(0x20820080, 0x00800000, 0x20800000, 0x20000080);
+        &data_word(0x00820000, 0x00020080, 0x20020080, 0x20800000);
+        &data_word(0x00000080, 0x20820000, 0x00820080, 0x00000000);
+        &data_word(0x20000000, 0x20800080, 0x00020000, 0x00820080);
+        }
diff --git a/src/lib/libcrypto/des/asm/des_enc.m4 b/src/lib/libcrypto/des/asm/des_enc.m4
index f59333a030..3280595478 100644
--- a/src/lib/libcrypto/des/asm/des_enc.m4
+++ b/src/lib/libcrypto/des/asm/des_enc.m4
@@ -1954,9 +1954,11 @@ DES_ede3_cbc_encrypt:
        .word   LOOPS                     ! 280
        .word   0x0000FC00                ! 284
-        .type   .PIC.DES_SPtrans,#object
+        .global DES_SPtrans
-        .size   .PIC.DES_SPtrans,2048
+        .type   DES_SPtrans,#object
+        .size   DES_SPtrans,2048
 .align  64
+DES_SPtrans:
 .PIC.DES_SPtrans:
        ! nibble 0
        .word   0x02080800, 0x00080000, 0x02000002, 0x02080802
diff --git a/src/lib/libcrypto/des/des_enc.c b/src/lib/libcrypto/des/des_enc.c
index cf71965aca..828feba208 100644
--- a/src/lib/libcrypto/des/des_enc.c
+++ b/src/lib/libcrypto/des/des_enc.c
@@ -57,6 +57,7 @@
 */
 #include "des_locl.h"
+#include "spr.h"
 void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc)
        {
@@ -107,12 +108,10 @@ void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc)
                D_ENCRYPT(l,r,28); /*  15 */
                D_ENCRYPT(r,l,30); /*  16 */
 #else
-                for (i=0; i<32; i+=8)
+                for (i=0; i<32; i+=4)
                        {
                        D_ENCRYPT(l,r,i+0); /*  1 */
                        D_ENCRYPT(r,l,i+2); /*  2 */
-                        D_ENCRYPT(l,r,i+4); /*  3 */
-                        D_ENCRYPT(r,l,i+6); /*  4 */
                        }
 #endif
                }
@@ -136,12 +135,10 @@ void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc)
                D_ENCRYPT(l,r, 2); /*  2 */
                D_ENCRYPT(r,l, 0); /*  1 */
 #else
-                for (i=30; i>0; i-=8)
+                for (i=30; i>0; i-=4)
                        {
                        D_ENCRYPT(l,r,i-0); /* 16 */
                        D_ENCRYPT(r,l,i-2); /* 15 */
-                        D_ENCRYPT(l,r,i-4); /* 14 */
-                        D_ENCRYPT(r,l,i-6); /* 13 */
                        }
 #endif
                }
@@ -203,12 +200,10 @@ void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc)
                D_ENCRYPT(l,r,28); /*  15 */
                D_ENCRYPT(r,l,30); /*  16 */
 #else
-                for (i=0; i<32; i+=8)
+                for (i=0; i<32; i+=4)
                        {
                        D_ENCRYPT(l,r,i+0); /*  1 */
                        D_ENCRYPT(r,l,i+2); /*  2 */
-                        D_ENCRYPT(l,r,i+4); /*  3 */
-                        D_ENCRYPT(r,l,i+6); /*  4 */
                        }
 #endif
                }
@@ -232,12 +227,10 @@ void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc)
                D_ENCRYPT(l,r, 2); /*  2 */
                D_ENCRYPT(r,l, 0); /*  1 */
 #else
-                for (i=30; i>0; i-=8)
+                for (i=30; i>0; i-=4)
                        {
                        D_ENCRYPT(l,r,i-0); /* 16 */
                        D_ENCRYPT(r,l,i-2); /* 15 */
-                        D_ENCRYPT(l,r,i-4); /* 14 */
-                        D_ENCRYPT(r,l,i-6); /* 13 */
                        }
 #endif
                }
@@ -289,8 +282,6 @@ void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1,
 #ifndef DES_DEFAULT_OPTIONS
-#if !defined(OPENSSL_FIPS_DES_ASM)
 #undef CBC_ENC_C__DONT_UPDATE_IV
 #include "ncbc_enc.c" /* DES_ncbc_encrypt */
@@ -406,6 +397,4 @@ void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output,
        tin[0]=tin[1]=0;
        }
-#endif
 #endif /* DES_DEFAULT_OPTIONS */
diff --git a/src/lib/libcrypto/des/des_locl.h b/src/lib/libcrypto/des/des_locl.h
index 4b9ecff233..a3b512e9b0 100644
--- a/src/lib/libcrypto/des/des_locl.h
+++ b/src/lib/libcrypto/des/des_locl.h
@@ -61,7 +61,7 @@
 #include <openssl/e_os2.h>
-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16)
+#if defined(OPENSSL_SYS_WIN32)
 #ifndef OPENSSL_SYS_MSDOS
 #define OPENSSL_SYS_MSDOS
 #endif
@@ -425,4 +425,8 @@ extern const DES_LONG DES_SPtrans[8][64];
 void fcrypt_body(DES_LONG *out,DES_key_schedule *ks,
                 DES_LONG Eswap0, DES_LONG Eswap1);
+#ifdef OPENSSL_SMALL_FOOTPRINT
+#undef DES_UNROLL
+#endif
 #endif
diff --git a/src/lib/libcrypto/des/ecb_enc.c b/src/lib/libcrypto/des/ecb_enc.c
index 75ae6cf8bb..0684e769b3 100644
--- a/src/lib/libcrypto/des/ecb_enc.c
+++ b/src/lib/libcrypto/des/ecb_enc.c
@@ -57,7 +57,53 @@
 */
 #include "des_locl.h"
-#include "spr.h"
+#include "des_ver.h"
+#include <openssl/opensslv.h>
+#include <openssl/bio.h>
+OPENSSL_GLOBAL const char libdes_version[]="libdes" OPENSSL_VERSION_PTEXT;
+OPENSSL_GLOBAL const char DES_version[]="DES" OPENSSL_VERSION_PTEXT;
+const char *DES_options(void)
+        {
+        static int init=1;
+        static char buf[32];
+        if (init)
+                {
+                const char *ptr,*unroll,*risc,*size;
+#ifdef DES_PTR
+                ptr="ptr";
+#else
+                ptr="idx";
+#endif
+#if defined(DES_RISC1) || defined(DES_RISC2)
+#ifdef DES_RISC1
+                risc="risc1";
+#endif
+#ifdef DES_RISC2
+                risc="risc2";
+#endif
+#else
+                risc="cisc";
+#endif
+#ifdef DES_UNROLL
+                unroll="16";
+#else
+                unroll="2";
+#endif
+                if (sizeof(DES_LONG) != sizeof(long))
+                        size="int";
+                else
+                        size="long";
+                BIO_snprintf(buf,sizeof buf,"des(%s,%s,%s,%s)",ptr,risc,unroll,
+                             size);
+                init=0;
+                }
+        return(buf);
+        }
+                
 void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output,
                     DES_key_schedule *ks, int enc)
diff --git a/src/lib/libcrypto/des/enc_read.c b/src/lib/libcrypto/des/enc_read.c
index e7da2ec66b..edb6620d08 100644
--- a/src/lib/libcrypto/des/enc_read.c
+++ b/src/lib/libcrypto/des/enc_read.c
@@ -63,7 +63,7 @@
 /* This has some uglies in it but it works - even over sockets. */
 /*extern int errno;*/
-OPENSSL_IMPLEMENT_GLOBAL(int,DES_rw_mode)=DES_PCBC_MODE;
+OPENSSL_IMPLEMENT_GLOBAL(int,DES_rw_mode,DES_PCBC_MODE)
 /*
@@ -87,6 +87,9 @@ OPENSSL_IMPLEMENT_GLOBAL(int,DES_rw_mode)=DES_PCBC_MODE;
 int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched,
                 DES_cblock *iv)
        {
+#if defined(OPENSSL_NO_POSIX_IO)
+        return(0);
+#else
        /* data to be unencrypted */
        int net_num=0;
        static unsigned char *net=NULL;
@@ -147,7 +150,7 @@ int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched,
        /* first - get the length */
        while (net_num < HDRSIZE) 
                {
-#ifndef _WIN32
+#ifndef OPENSSL_SYS_WIN32
                i=read(fd,(void *)&(net[net_num]),HDRSIZE-net_num);
 #else
                i=_read(fd,(void *)&(net[net_num]),HDRSIZE-net_num);
@@ -173,7 +176,11 @@ int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched,
        net_num=0;
        while (net_num < rnum)
                {
+#ifndef OPENSSL_SYS_WIN32
                i=read(fd,(void *)&(net[net_num]),rnum-net_num);
+#else
+                i=_read(fd,(void *)&(net[net_num]),rnum-net_num);
+#endif
 #ifdef EINTR
                if ((i == -1) && (errno == EINTR)) continue;
 #endif
@@ -228,5 +235,6 @@ int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched,
                        }
                }
        return num;
+#endif /* OPENSSL_NO_POSIX_IO */
        }
diff --git a/src/lib/libcrypto/des/enc_writ.c b/src/lib/libcrypto/des/enc_writ.c
index c2f032c9a6..2353ac1e89 100644
--- a/src/lib/libcrypto/des/enc_writ.c
+++ b/src/lib/libcrypto/des/enc_writ.c
@@ -80,6 +80,9 @@
 int DES_enc_write(int fd, const void *_buf, int len,
                  DES_key_schedule *sched, DES_cblock *iv)
        {
+#if defined(OPENSSL_NO_POSIX_IO)
+        return (-1);
+#else
 #ifdef _LIBC
        extern unsigned long time();
        extern int write();
@@ -172,4 +175,5 @@ int DES_enc_write(int fd, const void *_buf, int len,
                }
        return(len);
+#endif /* OPENSSL_NO_POSIX_IO */
        }
diff --git a/src/lib/libcrypto/des/fcrypt_b.c b/src/lib/libcrypto/des/fcrypt_b.c
index 1390138787..8822816938 100644
--- a/src/lib/libcrypto/des/fcrypt_b.c
+++ b/src/lib/libcrypto/des/fcrypt_b.c
@@ -100,12 +100,10 @@ void fcrypt_body(DES_LONG *out, DES_key_schedule *ks, DES_LONG Eswap0,
 #ifndef DES_UNROLL
                register int i;
-                for (i=0; i<32; i+=8)
+                for (i=0; i<32; i+=4)
                        {
                        D_ENCRYPT(l,r,i+0); /*  1 */
                        D_ENCRYPT(r,l,i+2); /*  2 */
-                        D_ENCRYPT(l,r,i+4); /*  1 */
-                        D_ENCRYPT(r,l,i+6); /*  2 */
                        }
 #else
                D_ENCRYPT(l,r, 0); /*  1 */
diff --git a/src/lib/libcrypto/des/set_key.c b/src/lib/libcrypto/des/set_key.c
index c0806d593c..3004cc3ab3 100644
--- a/src/lib/libcrypto/des/set_key.c
+++ b/src/lib/libcrypto/des/set_key.c
@@ -64,12 +64,8 @@
 * 1.0 First working version
 */
 #include "des_locl.h"
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-OPENSSL_IMPLEMENT_GLOBAL(int,DES_check_key);    /* defaults to false */
+OPENSSL_IMPLEMENT_GLOBAL(int,DES_check_key,0)   /* defaults to false */
 static const unsigned char odd_parity[256]={
  1,  1,  2,  2,  4,  4,  7,  7,  8,  8, 11, 11, 13, 13, 14, 14,
@@ -340,7 +336,7 @@ int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule)
 void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule)
        {
-        static int shifts2[16]={0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0};
+        static const int shifts2[16]={0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0};
        register DES_LONG c,d,t,s,t2;
        register const unsigned char *in;
        register DES_LONG *k;
@@ -353,10 +349,6 @@ void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule)
        k = &schedule->ks->deslong[0];
        in = &(*key)[0];
-#ifdef OPENSSL_FIPS
-        FIPS_selftest_check();
-#endif
        c2l(in,c);
        c2l(in,d);
@@ -413,4 +405,3 @@ void des_fixup_key_parity(des_cblock *key)
        des_set_odd_parity(key);
        }
 */
diff --git a/src/lib/libcrypto/des/xcbc_enc.c b/src/lib/libcrypto/des/xcbc_enc.c
index dc0c761b71..058cab6bce 100644
--- a/src/lib/libcrypto/des/xcbc_enc.c
+++ b/src/lib/libcrypto/des/xcbc_enc.c
@@ -61,7 +61,7 @@
 /* RSA's DESX */
 #if 0 /* broken code, preserved just in case anyone specifically looks for this */
-static unsigned char desx_white_in2out[256]={
+static const unsigned char desx_white_in2out[256]={
 0xBD,0x56,0xEA,0xF2,0xA2,0xF1,0xAC,0x2A,0xB0,0x93,0xD1,0x9C,0x1B,0x33,0xFD,0xD0,
 0x30,0x04,0xB6,0xDC,0x7D,0xDF,0x32,0x4B,0xF7,0xCB,0x45,0x9B,0x31,0xBB,0x21,0x5A,
 0x41,0x9F,0xE1,0xD9,0x4A,0x4D,0x9E,0xDA,0xA0,0x68,0x2C,0xC3,0x27,0x5F,0x80,0x36,
diff --git a/src/lib/libcrypto/dh/dh.h b/src/lib/libcrypto/dh/dh.h
index 10475ac4b3..849309a489 100644
--- a/src/lib/libcrypto/dh/dh.h
+++ b/src/lib/libcrypto/dh/dh.h
@@ -77,8 +77,6 @@
 # define OPENSSL_DH_MAX_MODULUS_BITS    10000
 #endif
-#define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024
 #define DH_FLAG_CACHE_MONT_P     0x01
 #define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH
                                       * implementation now uses constant time
@@ -159,7 +157,6 @@ struct dh_st
   this for backward compatibility: */
 #define DH_CHECK_P_NOT_STRONG_PRIME     DH_CHECK_P_NOT_SAFE_PRIME
-#define DHparams_dup(x) ASN1_dup_of_const(DH,i2d_DHparams,d2i_DHparams,x)
 #define d2i_DHparams_fp(fp,x) (DH *)ASN1_d2i_fp((char *(*)())DH_new, \
                (char *(*)())d2i_DHparams,(fp),(unsigned char **)(x))
 #define i2d_DHparams_fp(fp,x) ASN1_i2d_fp(i2d_DHparams,(fp), \
@@ -167,12 +164,9 @@ struct dh_st
 #define d2i_DHparams_bio(bp,x) ASN1_d2i_bio_of(DH,DH_new,d2i_DHparams,bp,x)
 #define i2d_DHparams_bio(bp,x) ASN1_i2d_bio_of_const(DH,i2d_DHparams,bp,x)
-const DH_METHOD *DH_OpenSSL(void);
+DH *DHparams_dup(DH *);
-#ifdef OPENSSL_FIPS
+const DH_METHOD *DH_OpenSSL(void);
-DH *    FIPS_dh_new(void);
-void    FIPS_dh_free(DH *dh);
-#endif
 void DH_set_default_method(const DH_METHOD *meth);
 const DH_METHOD *DH_get_default_method(void);
@@ -212,6 +206,18 @@ int	DHparams_print(BIO *bp, const DH *x);
 int     DHparams_print(char *bp, const DH *x);
 #endif
+#define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
+                        EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, len, NULL)
+#define EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, gen) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
+                        EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR, gen, NULL)
+#define EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN     (EVP_PKEY_ALG_CTRL + 1)
+#define EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR     (EVP_PKEY_ALG_CTRL + 2)
+                
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
@@ -222,22 +228,31 @@ void ERR_load_DH_strings(void);
 /* Function codes. */
 #define DH_F_COMPUTE_KEY                                 102
-#define DH_F_DHPARAMS_PRINT                              100
 #define DH_F_DHPARAMS_PRINT_FP                           101
 #define DH_F_DH_BUILTIN_GENPARAMS                        106
-#define DH_F_DH_COMPUTE_KEY                              107
-#define DH_F_DH_GENERATE_KEY                             108
-#define DH_F_DH_GENERATE_PARAMETERS                      109
 #define DH_F_DH_NEW_METHOD                               105
+#define DH_F_DH_PARAM_DECODE                             107
+#define DH_F_DH_PRIV_DECODE                              110
+#define DH_F_DH_PRIV_ENCODE                              111
+#define DH_F_DH_PUB_DECODE                               108
+#define DH_F_DH_PUB_ENCODE                               109
+#define DH_F_DO_DH_PRINT                                 100
 #define DH_F_GENERATE_KEY                                103
 #define DH_F_GENERATE_PARAMETERS                         104
+#define DH_F_PKEY_DH_DERIVE                              112
+#define DH_F_PKEY_DH_KEYGEN                              113
 /* Reason codes. */
 #define DH_R_BAD_GENERATOR                               101
+#define DH_R_BN_DECODE_ERROR                             109
+#define DH_R_BN_ERROR                                    106
+#define DH_R_DECODE_ERROR                                104
 #define DH_R_INVALID_PUBKEY                              102
-#define DH_R_KEY_SIZE_TOO_SMALL                          104
+#define DH_R_KEYS_NOT_SET                                108
 #define DH_R_MODULUS_TOO_LARGE                           103
+#define DH_R_NO_PARAMETERS_SET                           107
 #define DH_R_NO_PRIVATE_VALUE                            100
+#define DH_R_PARAMETER_ENCODING_ERROR                    105
 #ifdef  __cplusplus
 }
diff --git a/src/lib/libcrypto/dh/dh_ameth.c b/src/lib/libcrypto/dh/dh_ameth.c
new file mode 100644
index 0000000000..377caf96c9
--- /dev/null
+++ b/src/lib/libcrypto/dh/dh_ameth.c
@@ -0,0 +1,500 @@
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2006.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include <openssl/dh.h>
+#include <openssl/bn.h>
+#include "asn1_locl.h"
+static void int_dh_free(EVP_PKEY *pkey)
+        {
+        DH_free(pkey->pkey.dh);
+        }
+static int dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
+        {
+        const unsigned char *p, *pm;
+        int pklen, pmlen;
+        int ptype;
+        void *pval;
+        ASN1_STRING *pstr;
+        X509_ALGOR *palg;
+        ASN1_INTEGER *public_key = NULL;
+        DH *dh = NULL;
+        if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
+                return 0;
+        X509_ALGOR_get0(NULL, &ptype, &pval, palg);
+        if (ptype != V_ASN1_SEQUENCE)
+                {
+                DHerr(DH_F_DH_PUB_DECODE, DH_R_PARAMETER_ENCODING_ERROR);
+                goto err;
+                }
+        pstr = pval;    
+        pm = pstr->data;
+        pmlen = pstr->length;
+        if (!(dh = d2i_DHparams(NULL, &pm, pmlen)))
+                {
+                DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR);
+                goto err;
+                }
+        if (!(public_key=d2i_ASN1_INTEGER(NULL, &p, pklen)))
+                {
+                DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR);
+                goto err;
+                }
+        /* We have parameters now set public key */
+        if (!(dh->pub_key = ASN1_INTEGER_to_BN(public_key, NULL)))
+                {
+                DHerr(DH_F_DH_PUB_DECODE, DH_R_BN_DECODE_ERROR);
+                goto err;
+                }
+        ASN1_INTEGER_free(public_key);
+        EVP_PKEY_assign_DH(pkey, dh);
+        return 1;
+        err:
+        if (public_key)
+                ASN1_INTEGER_free(public_key);
+        if (dh)
+                DH_free(dh);
+        return 0;
+        }
+static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
+        {
+        DH *dh;
+        void *pval = NULL;
+        int ptype;
+        unsigned char *penc = NULL;
+        int penclen;
+        ASN1_STRING *str;
+        ASN1_INTEGER *pub_key = NULL;
+        dh=pkey->pkey.dh;
+        str = ASN1_STRING_new();
+        str->length = i2d_DHparams(dh, &str->data);
+        if (str->length <= 0)
+                {
+                DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        pval = str;
+        ptype = V_ASN1_SEQUENCE;
+        pub_key = BN_to_ASN1_INTEGER(dh->pub_key, NULL);
+        if (!pub_key)
+                goto err;
+        penclen = i2d_ASN1_INTEGER(pub_key, &penc);
+        ASN1_INTEGER_free(pub_key);
+        if (penclen <= 0)
+                {
+                DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DH),
+                                ptype, pval, penc, penclen))
+                return 1;
+        err:
+        if (penc)
+                OPENSSL_free(penc);
+        if (pval)
+                ASN1_STRING_free(pval);
+        return 0;
+        }
+/* PKCS#8 DH is defined in PKCS#11 of all places. It is similar to DH in
+ * that the AlgorithmIdentifier contains the paramaters, the private key
+ * is explcitly included and the pubkey must be recalculated.
+ */
+        
+static int dh_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
+        {
+        const unsigned char *p, *pm;
+        int pklen, pmlen;
+        int ptype;
+        void *pval;
+        ASN1_STRING *pstr;
+        X509_ALGOR *palg;
+        ASN1_INTEGER *privkey = NULL;
+        DH *dh = NULL;
+        if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
+                return 0;
+        X509_ALGOR_get0(NULL, &ptype, &pval, palg);
+        if (ptype != V_ASN1_SEQUENCE)
+                        goto decerr;
+        if (!(privkey=d2i_ASN1_INTEGER(NULL, &p, pklen)))
+                goto decerr;
+        pstr = pval;    
+        pm = pstr->data;
+        pmlen = pstr->length;
+        if (!(dh = d2i_DHparams(NULL, &pm, pmlen)))
+                goto decerr;
+        /* We have parameters now set private key */
+        if (!(dh->priv_key = ASN1_INTEGER_to_BN(privkey, NULL)))
+                {
+                DHerr(DH_F_DH_PRIV_DECODE,DH_R_BN_ERROR);
+                goto dherr;
+                }
+        /* Calculate public key */
+        if (!DH_generate_key(dh))
+                goto dherr;
+        EVP_PKEY_assign_DH(pkey, dh);
+        ASN1_INTEGER_free(privkey);
+        return 1;
+        decerr:
+        DHerr(DH_F_DH_PRIV_DECODE, EVP_R_DECODE_ERROR);
+        dherr:
+        DH_free(dh);
+        return 0;
+        }
+static int dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
+{
+        ASN1_STRING *params = NULL;
+        ASN1_INTEGER *prkey = NULL;
+        unsigned char *dp = NULL;
+        int dplen;
+        params = ASN1_STRING_new();
+        if (!params)
+                {
+                DHerr(DH_F_DH_PRIV_ENCODE,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        params->length = i2d_DHparams(pkey->pkey.dh, &params->data);
+        if (params->length <= 0)
+                {
+                DHerr(DH_F_DH_PRIV_ENCODE,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        params->type = V_ASN1_SEQUENCE;
+        /* Get private key into integer */
+        prkey = BN_to_ASN1_INTEGER(pkey->pkey.dh->priv_key, NULL);
+        if (!prkey)
+                {
+                DHerr(DH_F_DH_PRIV_ENCODE,DH_R_BN_ERROR);
+                goto err;
+                }
+        dplen = i2d_ASN1_INTEGER(prkey, &dp);
+        ASN1_INTEGER_free(prkey);
+        if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dhKeyAgreement), 0,
+                                V_ASN1_SEQUENCE, params, dp, dplen))
+                goto err;
+        return 1;
+err:
+        if (dp != NULL)
+                OPENSSL_free(dp);
+        if (params != NULL)
+                ASN1_STRING_free(params);
+        if (prkey != NULL)
+                ASN1_INTEGER_free(prkey);
+        return 0;
+}
+static void update_buflen(const BIGNUM *b, size_t *pbuflen)
+        {
+        size_t i;
+        if (!b)
+                return;
+        if (*pbuflen < (i = (size_t)BN_num_bytes(b)))
+                        *pbuflen = i;
+        }
+static int dh_param_decode(EVP_PKEY *pkey,
+                                        const unsigned char **pder, int derlen)
+        {
+        DH *dh;
+        if (!(dh = d2i_DHparams(NULL, pder, derlen)))
+                {
+                DHerr(DH_F_DH_PARAM_DECODE, ERR_R_DH_LIB);
+                return 0;
+                }
+        EVP_PKEY_assign_DH(pkey, dh);
+        return 1;
+        }
+static int dh_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
+        {
+        return i2d_DHparams(pkey->pkey.dh, pder);
+        }
+static int do_dh_print(BIO *bp, const DH *x, int indent,
+                                                ASN1_PCTX *ctx, int ptype)
+        {
+        unsigned char *m=NULL;
+        int reason=ERR_R_BUF_LIB,ret=0;
+        size_t buf_len=0;
+        const char *ktype = NULL;
+        BIGNUM *priv_key, *pub_key;
+        if (ptype == 2)
+                priv_key = x->priv_key;
+        else
+                priv_key = NULL;
+        if (ptype > 0)
+                pub_key = x->pub_key;
+        else
+                pub_key = NULL;
+        update_buflen(x->p, &buf_len);
+        if (buf_len == 0)
+                {
+                reason = ERR_R_PASSED_NULL_PARAMETER;
+                goto err;
+                }
+        update_buflen(x->g, &buf_len);
+        update_buflen(pub_key, &buf_len);
+        update_buflen(priv_key, &buf_len);
+        if (ptype == 2)
+                ktype = "PKCS#3 DH Private-Key";
+        else if (ptype == 1)
+                ktype = "PKCS#3 DH Public-Key";
+        else
+                ktype = "PKCS#3 DH Parameters";
+        m= OPENSSL_malloc(buf_len+10);
+        if (m == NULL)
+                {
+                reason=ERR_R_MALLOC_FAILURE;
+                goto err;
+                }
+        BIO_indent(bp, indent, 128);
+        if (BIO_printf(bp,"%s: (%d bit)\n", ktype, BN_num_bits(x->p)) <= 0)
+                goto err;
+        indent += 4;
+        if (!ASN1_bn_print(bp,"private-key:",priv_key,m,indent)) goto err;
+        if (!ASN1_bn_print(bp,"public-key:",pub_key,m,indent)) goto err;
+        if (!ASN1_bn_print(bp,"prime:",x->p,m,indent)) goto err;
+        if (!ASN1_bn_print(bp,"generator:",x->g,m,indent)) goto err;
+        if (x->length != 0)
+                {
+                BIO_indent(bp, indent, 128);
+                if (BIO_printf(bp,"recommended-private-length: %d bits\n",
+                        (int)x->length) <= 0) goto err;
+                }
+        ret=1;
+        if (0)
+                {
+err:
+                DHerr(DH_F_DO_DH_PRINT,reason);
+                }
+        if (m != NULL) OPENSSL_free(m);
+        return(ret);
+        }
+static int int_dh_size(const EVP_PKEY *pkey)
+        {
+        return(DH_size(pkey->pkey.dh));
+        }
+static int dh_bits(const EVP_PKEY *pkey)
+        {
+        return BN_num_bits(pkey->pkey.dh->p);
+        }
+static int dh_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
+        {
+        if (    BN_cmp(a->pkey.dh->p,b->pkey.dh->p) ||
+                BN_cmp(a->pkey.dh->g,b->pkey.dh->g))
+                return 0;
+        else
+                return 1;
+        }
+static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
+        {
+        BIGNUM *a;
+        if ((a=BN_dup(from->pkey.dh->p)) == NULL)
+                return 0;
+        if (to->pkey.dh->p != NULL)
+                BN_free(to->pkey.dh->p);
+        to->pkey.dh->p=a;
+        if ((a=BN_dup(from->pkey.dh->g)) == NULL)
+                return 0;
+        if (to->pkey.dh->g != NULL)
+                BN_free(to->pkey.dh->g);
+        to->pkey.dh->g=a;
+        return 1;
+        }
+static int dh_missing_parameters(const EVP_PKEY *a)
+        {
+        if (!a->pkey.dh->p || !a->pkey.dh->g)
+                return 1;
+        return 0;
+        }
+static int dh_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
+        {
+        if (dh_cmp_parameters(a, b) == 0)
+                return 0;
+        if (BN_cmp(b->pkey.dh->pub_key,a->pkey.dh->pub_key) != 0)
+                return 0;
+        else
+                return 1;
+        }
+static int dh_param_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                                                        ASN1_PCTX *ctx)
+        {
+        return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 0);
+        }
+static int dh_public_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                                                        ASN1_PCTX *ctx)
+        {
+        return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 1);
+        }
+static int dh_private_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                                                        ASN1_PCTX *ctx)
+        {
+        return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 2);
+        }
+int DHparams_print(BIO *bp, const DH *x)
+        {
+        return do_dh_print(bp, x, 4, NULL, 0);
+        }
+const EVP_PKEY_ASN1_METHOD dh_asn1_meth = 
+        {
+        EVP_PKEY_DH,
+        EVP_PKEY_DH,
+        0,
+        "DH",
+        "OpenSSL PKCS#3 DH method",
+        dh_pub_decode,
+        dh_pub_encode,
+        dh_pub_cmp,
+        dh_public_print,
+        dh_priv_decode,
+        dh_priv_encode,
+        dh_private_print,
+        int_dh_size,
+        dh_bits,
+        dh_param_decode,
+        dh_param_encode,
+        dh_missing_parameters,
+        dh_copy_parameters,
+        dh_cmp_parameters,
+        dh_param_print,
+        int_dh_free,
+        0
+        };
diff --git a/src/lib/libcrypto/dh/dh_asn1.c b/src/lib/libcrypto/dh/dh_asn1.c
index 76740af2bd..0b4357d605 100644
--- a/src/lib/libcrypto/dh/dh_asn1.c
+++ b/src/lib/libcrypto/dh/dh_asn1.c
@@ -3,7 +3,7 @@
 * project 2000.
 */
 /* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -64,7 +64,8 @@
 #include <openssl/asn1t.h>
 /* Override the default free and new methods */
-static int dh_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+static int dh_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                                                void *exarg)
 {
        if(operation == ASN1_OP_NEW_PRE) {
                *pval = (ASN1_VALUE *)DH_new();
@@ -85,3 +86,8 @@ ASN1_SEQUENCE_cb(DHparams, dh_cb) = {
 } ASN1_SEQUENCE_END_cb(DH, DHparams)
 IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DH, DHparams, DHparams)
+DH *DHparams_dup(DH *dh)
+        {
+        return ASN1_item_dup(ASN1_ITEM_rptr(DHparams), dh);
+        }
diff --git a/src/lib/libcrypto/dh/dh_check.c b/src/lib/libcrypto/dh/dh_check.c
index 316cb9221d..066898174e 100644
--- a/src/lib/libcrypto/dh/dh_check.c
+++ b/src/lib/libcrypto/dh/dh_check.c
@@ -70,8 +70,6 @@
 * should hold.
 */
-#ifndef OPENSSL_FIPS
 int DH_check(const DH *dh, int *ret)
        {
        int ok=0;
@@ -130,11 +128,11 @@ int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
        q=BN_new();
        if (q == NULL) goto err;
        BN_set_word(q,1);
-        if (BN_cmp(pub_key,q) <= 0)
+        if (BN_cmp(pub_key,q)<=0)
                *ret|=DH_CHECK_PUBKEY_TOO_SMALL;
        BN_copy(q,dh->p);
        BN_sub_word(q,1);
-        if (BN_cmp(pub_key,q) >= 0)
+        if (BN_cmp(pub_key,q)>=0)
                *ret|=DH_CHECK_PUBKEY_TOO_LARGE;
        ok = 1;
@@ -142,5 +140,3 @@ err:
        if (q != NULL) BN_free(q);
        return(ok);
        }
-#endif
diff --git a/src/lib/libcrypto/dh/dh_err.c b/src/lib/libcrypto/dh/dh_err.c
index 13263c81c1..d5cf0c22a3 100644
--- a/src/lib/libcrypto/dh/dh_err.c
+++ b/src/lib/libcrypto/dh/dh_err.c
@@ -1,6 +1,6 @@
 /* crypto/dh/dh_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -71,25 +71,34 @@
 static ERR_STRING_DATA DH_str_functs[]=
        {
 {ERR_FUNC(DH_F_COMPUTE_KEY),    "COMPUTE_KEY"},
-{ERR_FUNC(DH_F_DHPARAMS_PRINT), "DHparams_print"},
 {ERR_FUNC(DH_F_DHPARAMS_PRINT_FP),      "DHparams_print_fp"},
 {ERR_FUNC(DH_F_DH_BUILTIN_GENPARAMS),   "DH_BUILTIN_GENPARAMS"},
-{ERR_FUNC(DH_F_DH_COMPUTE_KEY), "DH_compute_key"},
-{ERR_FUNC(DH_F_DH_GENERATE_KEY),        "DH_generate_key"},
-{ERR_FUNC(DH_F_DH_GENERATE_PARAMETERS), "DH_generate_parameters"},
 {ERR_FUNC(DH_F_DH_NEW_METHOD),  "DH_new_method"},
+{ERR_FUNC(DH_F_DH_PARAM_DECODE),        "DH_PARAM_DECODE"},
+{ERR_FUNC(DH_F_DH_PRIV_DECODE), "DH_PRIV_DECODE"},
+{ERR_FUNC(DH_F_DH_PRIV_ENCODE), "DH_PRIV_ENCODE"},
+{ERR_FUNC(DH_F_DH_PUB_DECODE),  "DH_PUB_DECODE"},
+{ERR_FUNC(DH_F_DH_PUB_ENCODE),  "DH_PUB_ENCODE"},
+{ERR_FUNC(DH_F_DO_DH_PRINT),    "DO_DH_PRINT"},
 {ERR_FUNC(DH_F_GENERATE_KEY),   "GENERATE_KEY"},
 {ERR_FUNC(DH_F_GENERATE_PARAMETERS),    "GENERATE_PARAMETERS"},
+{ERR_FUNC(DH_F_PKEY_DH_DERIVE), "PKEY_DH_DERIVE"},
+{ERR_FUNC(DH_F_PKEY_DH_KEYGEN), "PKEY_DH_KEYGEN"},
 {0,NULL}
        };
 static ERR_STRING_DATA DH_str_reasons[]=
        {
 {ERR_REASON(DH_R_BAD_GENERATOR)          ,"bad generator"},
+{ERR_REASON(DH_R_BN_DECODE_ERROR)        ,"bn decode error"},
+{ERR_REASON(DH_R_BN_ERROR)               ,"bn error"},
+{ERR_REASON(DH_R_DECODE_ERROR)           ,"decode error"},
 {ERR_REASON(DH_R_INVALID_PUBKEY)         ,"invalid public key"},
-{ERR_REASON(DH_R_KEY_SIZE_TOO_SMALL)     ,"key size too small"},
+{ERR_REASON(DH_R_KEYS_NOT_SET)           ,"keys not set"},
 {ERR_REASON(DH_R_MODULUS_TOO_LARGE)      ,"modulus too large"},
+{ERR_REASON(DH_R_NO_PARAMETERS_SET)      ,"no parameters set"},
 {ERR_REASON(DH_R_NO_PRIVATE_VALUE)       ,"no private value"},
+{ERR_REASON(DH_R_PARAMETER_ENCODING_ERROR),"parameter encoding error"},
 {0,NULL}
        };
diff --git a/src/lib/libcrypto/dh/dh_gen.c b/src/lib/libcrypto/dh/dh_gen.c
index 999e1deb40..cfd5b11868 100644
--- a/src/lib/libcrypto/dh/dh_gen.c
+++ b/src/lib/libcrypto/dh/dh_gen.c
@@ -66,8 +66,6 @@
 #include <openssl/bn.h>
 #include <openssl/dh.h>
-#ifndef OPENSSL_FIPS
 static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb);
 int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb)
@@ -175,5 +173,3 @@ err:
                }
        return ok;
        }
-#endif
diff --git a/src/lib/libcrypto/dh/dh_key.c b/src/lib/libcrypto/dh/dh_key.c
index 79dd331863..e7db440342 100644
--- a/src/lib/libcrypto/dh/dh_key.c
+++ b/src/lib/libcrypto/dh/dh_key.c
@@ -62,8 +62,6 @@
 #include <openssl/rand.h>
 #include <openssl/dh.h>
-#ifndef OPENSSL_FIPS
 static int generate_key(DH *dh);
 static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
 static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
@@ -263,5 +261,3 @@ static int dh_finish(DH *dh)
                BN_MONT_CTX_free(dh->method_mont_p);
        return(1);
        }
-#endif
diff --git a/src/lib/libcrypto/dh/dh_pmeth.c b/src/lib/libcrypto/dh/dh_pmeth.c
new file mode 100644
index 0000000000..5ae72b7d4c
--- /dev/null
+++ b/src/lib/libcrypto/dh/dh_pmeth.c
@@ -0,0 +1,254 @@
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2006.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/evp.h>
+#include <openssl/dh.h>
+#include <openssl/bn.h>
+#include "evp_locl.h"
+/* DH pkey context structure */
+typedef struct
+        {
+        /* Parameter gen parameters */
+        int prime_len;
+        int generator;
+        int use_dsa;
+        /* Keygen callback info */
+        int gentmp[2];
+        /* message digest */
+        } DH_PKEY_CTX;
+static int pkey_dh_init(EVP_PKEY_CTX *ctx)
+        {
+        DH_PKEY_CTX *dctx;
+        dctx = OPENSSL_malloc(sizeof(DH_PKEY_CTX));
+        if (!dctx)
+                return 0;
+        dctx->prime_len = 1024;
+        dctx->generator = 2;
+        dctx->use_dsa = 0;
+        ctx->data = dctx;
+        ctx->keygen_info = dctx->gentmp;
+        ctx->keygen_info_count = 2;
+        
+        return 1;
+        }
+static int pkey_dh_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
+        {
+        DH_PKEY_CTX *dctx, *sctx;
+        if (!pkey_dh_init(dst))
+                return 0;
+        sctx = src->data;
+        dctx = dst->data;
+        dctx->prime_len = sctx->prime_len;
+        dctx->generator = sctx->generator;
+        dctx->use_dsa = sctx->use_dsa;
+        return 1;
+        }
+static void pkey_dh_cleanup(EVP_PKEY_CTX *ctx)
+        {
+        DH_PKEY_CTX *dctx = ctx->data;
+        if (dctx)
+                OPENSSL_free(dctx);
+        }
+static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+        {
+        DH_PKEY_CTX *dctx = ctx->data;
+        switch (type)
+                {
+                case EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN:
+                if (p1 < 256)
+                        return -2;
+                dctx->prime_len = p1;
+                return 1;
+                case EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR:
+                dctx->generator = p1;
+                return 1;
+                case EVP_PKEY_CTRL_PEER_KEY:
+                /* Default behaviour is OK */
+                return 1;
+                default:
+                return -2;
+                }
+        }
+                        
+static int pkey_dh_ctrl_str(EVP_PKEY_CTX *ctx,
+                        const char *type, const char *value)
+        {
+        if (!strcmp(type, "dh_paramgen_prime_len"))
+                {
+                int len;
+                len = atoi(value);
+                return EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len);
+                }
+        if (!strcmp(type, "dh_paramgen_generator"))
+                {
+                int len;
+                len = atoi(value);
+                return EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, len);
+                }
+        return -2;
+        }
+static int pkey_dh_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+        {
+        DH *dh = NULL;
+        DH_PKEY_CTX *dctx = ctx->data;
+        BN_GENCB *pcb, cb;
+        int ret;
+        if (ctx->pkey_gencb)
+                {
+                pcb = &cb;
+                evp_pkey_set_cb_translate(pcb, ctx);
+                }
+        else
+                pcb = NULL;
+        dh = DH_new();
+        if (!dh)
+                return 0;
+        ret = DH_generate_parameters_ex(dh,
+                                        dctx->prime_len, dctx->generator, pcb);
+        if (ret)
+                EVP_PKEY_assign_DH(pkey, dh);
+        else
+                DH_free(dh);
+        return ret;
+        }
+static int pkey_dh_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+        {
+        DH *dh = NULL;
+        if (ctx->pkey == NULL)
+                {
+                DHerr(DH_F_PKEY_DH_KEYGEN, DH_R_NO_PARAMETERS_SET);
+                return 0;
+                }
+        dh = DH_new();
+        if (!dh)
+                return 0;
+        EVP_PKEY_assign_DH(pkey, dh);
+        /* Note: if error return, pkey is freed by parent routine */
+        if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey))
+                return 0;
+        return DH_generate_key(pkey->pkey.dh);
+        }
+static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
+        {
+        int ret;
+        if (!ctx->pkey || !ctx->peerkey)
+                {
+                DHerr(DH_F_PKEY_DH_DERIVE, DH_R_KEYS_NOT_SET);
+                return 0;
+                }
+        ret = DH_compute_key(key, ctx->peerkey->pkey.dh->pub_key,
+                                                        ctx->pkey->pkey.dh);
+        if (ret < 0)
+                return ret;
+        *keylen = ret;
+        return 1;
+        }
+const EVP_PKEY_METHOD dh_pkey_meth = 
+        {
+        EVP_PKEY_DH,
+        EVP_PKEY_FLAG_AUTOARGLEN,
+        pkey_dh_init,
+        pkey_dh_copy,
+        pkey_dh_cleanup,
+        0,
+        pkey_dh_paramgen,
+        0,
+        pkey_dh_keygen,
+        0,
+        0,
+        0,
+        0,
+        0,0,
+        0,0,0,0,
+        0,0,
+        0,0,
+        0,
+        pkey_dh_derive,
+        pkey_dh_ctrl,
+        pkey_dh_ctrl_str
+        };
diff --git a/src/lib/libcrypto/dh/dh_prn.c b/src/lib/libcrypto/dh/dh_prn.c
new file mode 100644
index 0000000000..ae58c2ac87
--- /dev/null
+++ b/src/lib/libcrypto/dh/dh_prn.c
@@ -0,0 +1,80 @@
+/* crypto/asn1/t_pkey.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/dh.h>
+#ifndef OPENSSL_NO_FP_API
+int DHparams_print_fp(FILE *fp, const DH *x)
+        {
+        BIO *b;
+        int ret;
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                {
+                DHerr(DH_F_DHPARAMS_PRINT_FP,ERR_R_BUF_LIB);
+                return(0);
+                }
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=DHparams_print(b, x);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
diff --git a/src/lib/libcrypto/doc/DSA_get_ex_new_index.pod b/src/lib/libcrypto/doc/DSA_get_ex_new_index.pod
index 4612e708ec..fb6efc1182 100644
--- a/src/lib/libcrypto/doc/DSA_get_ex_new_index.pod
+++ b/src/lib/libcrypto/doc/DSA_get_ex_new_index.pod
@@ -6,7 +6,7 @@ DSA_get_ex_new_index, DSA_set_ex_data, DSA_get_ex_data - add application specifi
 =head1 SYNOPSIS
- #include <openssl/DSA.h>
+ #include <openssl/dsa.h>
 int DSA_get_ex_new_index(long argl, void *argp,
                CRYPTO_EX_new *new_func,
diff --git a/src/lib/libcrypto/doc/EVP_DigestInit.pod b/src/lib/libcrypto/doc/EVP_DigestInit.pod
index 130cd7f60a..5b477ac6ec 100644
--- a/src/lib/libcrypto/doc/EVP_DigestInit.pod
+++ b/src/lib/libcrypto/doc/EVP_DigestInit.pod
@@ -64,9 +64,9 @@ EVP digest routines
 The EVP digest routines are a high level interface to message digests.
-EVP_MD_CTX_init() initializes digest contet B<ctx>.
+EVP_MD_CTX_init() initializes digest context B<ctx>.
-EVP_MD_CTX_create() allocates, initializes and returns a digest contet.
+EVP_MD_CTX_create() allocates, initializes and returns a digest context.
 EVP_DigestInit_ex() sets up digest context B<ctx> to use a digest
 B<type> from ENGINE B<impl>. B<ctx> must be initialized before calling this
@@ -102,7 +102,7 @@ the passed context B<ctx> does not have to be initialized, and it always
 uses the default digest implementation.
 EVP_DigestFinal() is similar to EVP_DigestFinal_ex() except the digest
-contet B<ctx> is automatically cleaned up.
+context B<ctx> is automatically cleaned up.
 EVP_MD_CTX_copy() is similar to EVP_MD_CTX_copy_ex() except the destination
 B<out> does not have to be initialized.
@@ -132,7 +132,9 @@ return B<EVP_MD> structures for the MD2, MD5, SHA, SHA1, MDC2 and RIPEMD160 dige
 algorithms respectively. The associated signature algorithm is RSA in each case.
 EVP_dss() and EVP_dss1() return B<EVP_MD> structures for SHA and SHA1 digest
-algorithms but using DSS (DSA) for the signature algorithm.
+algorithms but using DSS (DSA) for the signature algorithm. Note: there is 
+no need to use these pseudo-digests in OpenSSL 1.0.0 and later, they are
+however retained for compatibility.
 EVP_md_null() is a "null" message digest that does nothing: i.e. the hash it
 returns is of zero length.
@@ -228,12 +230,6 @@ digest name passed on the command line.
 printf("\n");
 }
-=head1 BUGS
-The link between digests and signing algorithms results in a situation where
-EVP_sha1() must be used with RSA and EVP_dss1() must be used with DSS
-even though they are identical digests.
 =head1 SEE ALSO
 L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
@@ -253,4 +249,11 @@ EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(),
 EVP_dss(), EVP_dss1(), EVP_mdc2() and EVP_ripemd160() were
 changed to return truely const EVP_MD * in OpenSSL 0.9.7.
+The link between digests and signing algorithms was fixed in OpenSSL 1.0 and
+later, so now EVP_sha1() can be used with RSA and DSA, there is no need to
+use EVP_dss1() any more.
+OpenSSL 1.0 and later does not include the MD2 digest algorithm in the
+default configuration due to its security weaknesses.
 =cut
diff --git a/src/lib/libcrypto/doc/EVP_DigestSignInit.pod b/src/lib/libcrypto/doc/EVP_DigestSignInit.pod
new file mode 100644
index 0000000000..37d960e3b2
--- /dev/null
+++ b/src/lib/libcrypto/doc/EVP_DigestSignInit.pod
@@ -0,0 +1,87 @@
+=pod
+=head1 NAME
+EVP_DigestSignInit, EVP_DigestSignUpdate, EVP_DigestSignFinal - EVP signing functions
+=head1 SYNOPSIS
+ #include <openssl/evp.h>
+ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+                        const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
+ int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
+ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen);
+=head1 DESCRIPTION
+The EVP signature routines are a high level interface to digital signatures.
+EVP_DigestSignInit() sets up signing context B<ctx> to use digest B<type> from
+ENGINE B<impl> and private key B<pkey>. B<ctx> must be initialized with
+EVP_MD_CTX_init() before calling this function. If B<pctx> is not NULL the
+EVP_PKEY_CTX of the signing operation will be written to B<*pctx>: this can
+be used to set alternative signing options.
+EVP_DigestSignUpdate() hashes B<cnt> bytes of data at B<d> into the
+signature context B<ctx>. This function can be called several times on the
+same B<ctx> to include additional data. This function is currently implemented
+usig a macro.
+EVP_DigestSignFinal() signs the data in B<ctx> places the signature in B<sig>.
+If B<sig> is B<NULL> then the maximum size of the output buffer is written to
+the B<siglen> parameter. If B<sig> is not B<NULL> then before the call the
+B<siglen> parameter should contain the length of the B<sig> buffer, if the
+call is successful the signature is written to B<sig> and the amount of data
+written to B<siglen>.
+=head1 RETURN VALUES
+EVP_DigestSignInit() EVP_DigestSignUpdate() and EVP_DigestSignaFinal() return
+1 for success and 0 or a negative value for failure. In particular a return
+value of -2 indicates the operation is not supported by the public key
+algorithm.
+The error codes can be obtained from L<ERR_get_error(3)|ERR_get_error(3)>.
+=head1 NOTES
+The B<EVP> interface to digital signatures should almost always be used in
+preference to the low level interfaces. This is because the code then becomes
+transparent to the algorithm used and much more flexible.
+In previous versions of OpenSSL there was a link between message digest types
+and public key algorithms. This meant that "clone" digests such as EVP_dss1()
+needed to be used to sign using SHA1 and DSA. This is no longer necessary and
+the use of clone digest is now discouraged.
+For some key types and parameters the random number generator must be seeded
+or the operation will fail. 
+The call to EVP_DigestSignFinal() internally finalizes a copy of the digest
+context. This means that calls to EVP_DigestSignUpdate() and
+EVP_DigestSignFinal() can be called later to digest and sign additional data.
+Since only a copy of the digest context is ever finalized the context must
+be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak
+will occur.
+The use of EVP_PKEY_size() with these functions is discouraged because some
+signature operations may have a signature length which depends on the
+parameters set. As a result EVP_PKEY_size() would have to return a value
+which indicates the maximum possible signature for any set of parameters.
+=head1 SEE ALSO
+L<EVP_DigestVerifyInit(3)|EVP_DigestVerifyInit(3)>,
+L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>,
+L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
+L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
+L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
+=head1 HISTORY
+EVP_DigestSignInit(), EVP_DigestSignUpdate() and EVP_DigestSignFinal() 
+were first added to OpenSSL 1.0.0.
+=cut
diff --git a/src/lib/libcrypto/doc/EVP_DigestVerifyInit.pod b/src/lib/libcrypto/doc/EVP_DigestVerifyInit.pod
new file mode 100644
index 0000000000..f224488978
--- /dev/null
+++ b/src/lib/libcrypto/doc/EVP_DigestVerifyInit.pod
@@ -0,0 +1,82 @@
+=pod
+=head1 NAME
+EVP_DigestVerifyInit, EVP_DigestVerifyUpdate, EVP_DigestVerifyFinal - EVP signature verification functions
+=head1 SYNOPSIS
+ #include <openssl/evp.h>
+ int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+                        const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
+ int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
+ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t siglen);
+=head1 DESCRIPTION
+The EVP signature routines are a high level interface to digital signatures.
+EVP_DigestVerifyInit() sets up verification context B<ctx> to use digest
+B<type> from ENGINE B<impl> and public key B<pkey>. B<ctx> must be initialized
+with EVP_MD_CTX_init() before calling this function. If B<pctx> is not NULL the
+EVP_PKEY_CTX of the verification operation will be written to B<*pctx>: this
+can be used to set alternative verification options.
+EVP_DigestVerifyUpdate() hashes B<cnt> bytes of data at B<d> into the
+verification context B<ctx>. This function can be called several times on the
+same B<ctx> to include additional data. This function is currently implemented
+using a macro.
+EVP_DigestVerifyFinal() verifies the data in B<ctx> against the signature in
+B<sig> of length B<siglen>.
+=head1 RETURN VALUES
+EVP_DigestVerifyInit() and EVP_DigestVerifyUpdate() return 1 for success and 0
+or a negative value for failure. In particular a return value of -2 indicates
+the operation is not supported by the public key algorithm.
+Unlike other functions the return value 0 from EVP_DigestVerifyFinal() only
+indicates that the signature did not not verify successfully (that is tbs did
+not match the original data or the signature was of invalid form) it is not an
+indication of a more serious error.
+The error codes can be obtained from L<ERR_get_error(3)|ERR_get_error(3)>.
+=head1 NOTES
+The B<EVP> interface to digital signatures should almost always be used in
+preference to the low level interfaces. This is because the code then becomes
+transparent to the algorithm used and much more flexible.
+In previous versions of OpenSSL there was a link between message digest types
+and public key algorithms. This meant that "clone" digests such as EVP_dss1()
+needed to be used to sign using SHA1 and DSA. This is no longer necessary and
+the use of clone digest is now discouraged.
+For some key types and parameters the random number generator must be seeded
+or the operation will fail. 
+The call to EVP_DigestVerifyFinal() internally finalizes a copy of the digest
+context. This means that calls to EVP_VerifyUpdate() and EVP_VerifyFinal() can
+be called later to digest and verify additional data.
+Since only a copy of the digest context is ever finalized the context must
+be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak
+will occur.
+=head1 SEE ALSO
+L<EVP_DigestSignInit(3)|EVP_DigestSignInit(3)>,
+L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>,
+L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
+L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
+L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
+=head1 HISTORY
+EVP_DigestVerifyInit(), EVP_DigestVerifyUpdate() and EVP_DigestVerifyFinal() 
+were first added to OpenSSL 1.0.0.
+=cut
diff --git a/src/lib/libcrypto/doc/EVP_PKEY_CTX_ctrl.pod b/src/lib/libcrypto/doc/EVP_PKEY_CTX_ctrl.pod
new file mode 100644
index 0000000000..f2f455990f
--- /dev/null
+++ b/src/lib/libcrypto/doc/EVP_PKEY_CTX_ctrl.pod
@@ -0,0 +1,128 @@
+=pod
+=head1 NAME
+EVP_PKEY_ctrl, EVP_PKEY_ctrl_str - algorithm specific control operations
+=head1 SYNOPSIS
+ #include <openssl/evp.h>
+ int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype,
+                                int cmd, int p1, void *p2);
+ int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
+                                                const char *value);
+ int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid);
+ #include <openssl/rsa.h>
+ int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
+ int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int pad);
+ int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int len);
+ int EVP_PKEY_CTX_set_rsa_rsa_keygen_bits(EVP_PKEY_CTX *ctx, int mbits);
+ int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp);
+ #include <openssl/dsa.h>
+ int EVP_PKEY_CTX_set_dsa_paramgen_bits(EVP_PKEY_CTX *ctx, int nbits);
+ #include <openssl/dh.h>
+ int EVP_PKEY_CTX_set_dh_paramgen_prime_len(EVP_PKEY_CTX *ctx, int len);
+ int EVP_PKEY_CTX_set_dh_paramgen_generator(EVP_PKEY_CTX *ctx, int gen);
+ #include <openssl/ec.h>
+ int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid);
+=head1 DESCRIPTION
+The function EVP_PKEY_CTX_ctrl() sends a control operation to the context
+B<ctx>. The key type used must match B<keytype> if it is not -1. The parameter
+B<optype> is a mask indicating which operations the control can be applied to.
+The control command is indicated in B<cmd> and any additional arguments in
+B<p1> and B<p2>.
+Applications will not normally call EVP_PKEY_CTX_ctrl() directly but will
+instead call one of the algorithm specific macros below.
+The function EVP_PKEY_ctrl_str() allows an application to send an algorithm
+specific control operation to a context B<ctx> in string form. This is
+intended to be used for options specified on the command line or in text
+files. The commands supported are documented in the openssl utility
+command line pages for the option B<-pkeyopt> which is supported by the
+B<pkeyutl>, B<genpkey> and B<req> commands.
+All the remaining "functions" are implemented as macros.
+The EVP_PKEY_CTX_set_signature_md() macro sets the message digest type used
+in a signature. It can be used with any public key algorithm supporting
+signature operations.
+The macro EVP_PKEY_CTX_set_rsa_padding() sets the RSA padding mode for B<ctx>.
+The B<pad> parameter can take the value RSA_PKCS1_PADDING for PKCS#1 padding,
+RSA_SSLV23_PADDING for SSLv23 padding, RSA_NO_PADDING for no padding,
+RSA_PKCS1_OAEP_PADDING for OAEP padding (encrypt and decrypt only),
+RSA_X931_PADDING for X9.31 padding (signature operations only) and 
+RSA_PKCS1_PSS_PADDING (sign and verify only).
+Two RSA padding modes behave differently if EVP_PKEY_CTX_set_signature_md()
+is used. If this macro is called for PKCS#1 padding the plaintext buffer is
+an actual digest value and is encapsulated in a DigestInfo structure according
+to PKCS#1 when signing and this structure is expected (and stripped off) when
+verifying. If this control is not used with RSA and PKCS#1 padding then the
+supplied data is used directly and not encapsulated. In the case of X9.31
+padding for RSA the algorithm identifier byte is added or checked and removed
+if this control is called. If it is not called then the first byte of the plaintext buffer is expected to be the algorithm identifier byte.
+The EVP_PKEY_CTX_set_rsa_pss_saltlen() macro sets the RSA PSS salt length to
+B<len> as its name implies it is only supported for PSS padding.  Two special
+values are supported: -1 sets the salt length to the digest length. When
+signing -2 sets the salt length to the maximum permissible value. When
+verifying -2 causes the salt length to be automatically determined based on the
+B<PSS> block structure. If this macro is not called a salt length value of -2
+is used by default.
+The EVP_PKEY_CTX_set_rsa_rsa_keygen_bits() macro sets the RSA key length for
+RSA key genration to B<bits>. If not specified 1024 bits is used.
+The EVP_PKEY_CTX_set_rsa_keygen_pubexp() macro sets the public exponent value
+for RSA key generation to B<pubexp> currently it should be an odd integer. The
+B<pubexp> pointer is used internally by this function so it should not be 
+modified or free after the call. If this macro is not called then 65537 is used.
+The macro EVP_PKEY_CTX_set_dsa_paramgen_bits() sets the number of bits used
+for DSA parameter generation to B<bits>. If not specified 1024 is used.
+The macro EVP_PKEY_CTX_set_dh_paramgen_prime_len() sets the length of the DH
+prime parameter B<p> for DH parameter generation. If this macro is not called
+then 1024 is used.
+The EVP_PKEY_CTX_set_dh_paramgen_generator() macro sets DH generator to B<gen>
+for DH parameter generation. If not specified 2 is used.
+The EVP_PKEY_CTX_set_ec_paramgen_curve_nid() sets the EC curve for EC parameter
+generation to B<nid>. For EC parameter generation this macro must be called
+or an error occurs because there is no default curve.
+=head1 RETURN VALUES
+EVP_PKEY_CTX_ctrl() and its macros return a positive value for success and 0
+or a negative value for failure. In particular a return value of -2
+indicates the operation is not supported by the public key algorithm.
+=head1 SEE ALSO
+L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
+L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>,
+L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
+L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
+L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
+L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>,
+L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 
+L<EVP_PKEY_keygen(3)|EVP_PKEY_keygen(3)> 
+=head1 HISTORY
+These functions were first added to OpenSSL 1.0.0.
+=cut
diff --git a/src/lib/libcrypto/doc/EVP_PKEY_CTX_new.pod b/src/lib/libcrypto/doc/EVP_PKEY_CTX_new.pod
new file mode 100644
index 0000000000..a9af867580
--- /dev/null
+++ b/src/lib/libcrypto/doc/EVP_PKEY_CTX_new.pod
@@ -0,0 +1,52 @@
+=pod
+=head1 NAME
+EVP_PKEY_CTX_new, EVP_PKEY_CTX_new_id, EVP_PKEY_CTX_dup, EVP_PKEY_CTX_free - public key algorithm context functions.
+=head1 SYNOPSIS
+ #include <openssl/evp.h>
+ EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e);
+ EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e);
+ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *ctx);
+ void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx);
+=head1 DESCRIPTION
+The EVP_PKEY_CTX_new() function allocates public key algorithm context using
+the algorithm specified in B<pkey> and ENGINE B<e>.
+The EVP_PKEY_CTX_new_id() function allocates public key algorithm context
+using the algorithm specified by B<id> and ENGINE B<e>. It is normally used
+when no B<EVP_PKEY> structure is associated with the operations, for example
+during parameter generation of key genration for some algorithms.
+EVP_PKEY_CTX_dup() duplicates the context B<ctx>.
+EVP_PKEY_CTX_free() frees up the context B<ctx>.
+=head1 NOTES
+The B<EVP_PKEY_CTX> structure is an opaque public key algorithm context used
+by the OpenSSL high level public key API. Contexts B<MUST NOT> be shared between
+threads: that is it is not permissible to use the same context simultaneously
+in two threads.
+=head1 RETURN VALUES
+EVP_PKEY_CTX_new(), EVP_PKEY_CTX_new_id(), EVP_PKEY_CTX_dup() returns either
+the newly allocated B<EVP_PKEY_CTX> structure of B<NULL> if an error occurred.
+EVP_PKEY_CTX_free() does not return a value.
+=head1 SEE ALSO
+L<EVP_PKEY_new(3)|EVP_PKEY_new(3)>
+=head1 HISTORY
+These functions were first added to OpenSSL 1.0.0.
+=cut
diff --git a/src/lib/libcrypto/doc/EVP_PKEY_cmp.pod b/src/lib/libcrypto/doc/EVP_PKEY_cmp.pod
new file mode 100644
index 0000000000..4f8185e36c
--- /dev/null
+++ b/src/lib/libcrypto/doc/EVP_PKEY_cmp.pod
@@ -0,0 +1,61 @@
+=pod
+=head1 NAME
+EVP_PKEY_copy_parameters, EVP_PKEY_missing_parameters, EVP_PKEY_cmp_parameters, EVP_PKEY_cmp - public key parameter and comparison functions
+=head1 SYNOPSIS
+ #include <openssl/evp.h>
+ int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey);
+ int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from);
+ int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b);
+ int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b);
+=head1 DESCRIPTION
+The function EVP_PKEY_missing_parameters() returns 1 if the public key
+parameters of B<pkey> are missing and 0 if they are present or the algorithm
+doesn't use parameters.
+The function EVP_PKEY_copy_parameters() copies the parameters from key
+B<from> to key B<to>.
+The funcion EVP_PKEY_cmp_parameters() compares the parameters of keys
+B<a> and B<b>.
+The funcion EVP_PKEY_cmp() compares the public key components and paramters
+(if present) of keys B<a> and B<b>.
+=head1 NOTES
+The main purpose of the functions EVP_PKEY_missing_parameters() and
+EVP_PKEY_copy_parameters() is to handle public keys in certificates where the
+parameters are sometimes omitted from a public key if they are inherited from
+the CA that signed it.
+Since OpenSSL private keys contain public key components too the function
+EVP_PKEY_cmp() can also be used to determine if a private key matches
+a public key.
+=head1 RETURN VALUES
+The function EVP_PKEY_missing_parameters() returns 1 if the public key
+parameters of B<pkey> are missing and 0 if they are present or the algorithm
+doesn't use parameters.
+These functions EVP_PKEY_copy_parameters() returns 1 for success and 0 for
+failure.
+The function EVP_PKEY_cmp_parameters() and EVP_PKEY_cmp() return 1 if the
+keys match, 0 if they don't match, -1 if the key types are different and
+-2 if the operation is not supported.
+=head1 SEE ALSO
+L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
+L<EVP_PKEY_keygen(3)|EVP_PKEY_keygen(3)> 
+=cut
diff --git a/src/lib/libcrypto/doc/EVP_PKEY_decrypt.pod b/src/lib/libcrypto/doc/EVP_PKEY_decrypt.pod
new file mode 100644
index 0000000000..42b2a8c44e
--- /dev/null
+++ b/src/lib/libcrypto/doc/EVP_PKEY_decrypt.pod
@@ -0,0 +1,93 @@
+=pod
+=head1 NAME
+EVP_PKEY_decrypt_init, EVP_PKEY_decrypt - decrypt using a public key algorithm
+=head1 SYNOPSIS
+ #include <openssl/evp.h>
+ int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx,
+                        unsigned char *out, size_t *outlen,
+                        const unsigned char *in, size_t inlen);
+=head1 DESCRIPTION
+The EVP_PKEY_decrypt_init() function initializes a public key algorithm
+context using key B<pkey> for a decryption operation.
+The EVP_PKEY_decrypt() function performs a public key decryption operation
+using B<ctx>. The data to be decrypted is specified using the B<in> and
+B<inlen> parameters. If B<out> is B<NULL> then the maximum size of the output
+buffer is written to the B<outlen> parameter. If B<out> is not B<NULL> then
+before the call the B<outlen> parameter should contain the length of the
+B<out> buffer, if the call is successful the decrypted data is written to
+B<out> and the amount of data written to B<outlen>.
+=head1 NOTES
+After the call to EVP_PKEY_decrypt_init() algorithm specific control
+operations can be performed to set any appropriate parameters for the
+operation.
+The function EVP_PKEY_decrypt() can be called more than once on the same
+context if several operations are performed using the same parameters.
+=head1 RETURN VALUES
+EVP_PKEY_decrypt_init() and EVP_PKEY_decrypt() return 1 for success and 0
+or a negative value for failure. In particular a return value of -2
+indicates the operation is not supported by the public key algorithm.
+=head1 EXAMPLE
+Decrypt data using OAEP (for RSA keys):
+ #include <openssl/evp.h>
+ #include <openssl/rsa.h>
+ EVP_PKEY_CTX *ctx;
+ unsigned char *out, *in;
+ size_t outlen, inlen; 
+ EVP_PKEY *key;
+ /* NB: assumes key in, inlen are already set up
+  * and that key is an RSA private key
+  */
+ ctx = EVP_PKEY_CTX_new(key);
+ if (!ctx)
+        /* Error occurred */
+ if (EVP_PKEY_decrypt_init(ctx) <= 0)
+        /* Error */
+ if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_OAEP_PADDING) <= 0)
+        /* Error */
+ /* Determine buffer length */
+ if (EVP_PKEY_decrypt(ctx, NULL, &outlen, in, inlen) <= 0)
+        /* Error */
+ out = OPENSSL_malloc(outlen);
+ if (!out)
+        /* malloc failure */
+ 
+ if (EVP_PKEY_decrypt(ctx, out, &outlen, in, inlen) <= 0)
+        /* Error */
+ /* Decrypted data is outlen bytes written to buffer out */
+=head1 SEE ALSO
+L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
+L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>,
+L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
+L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
+L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>,
+L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 
+=head1 HISTORY
+These functions were first added to OpenSSL 1.0.0.
+=cut
diff --git a/src/lib/libcrypto/doc/EVP_PKEY_derive.pod b/src/lib/libcrypto/doc/EVP_PKEY_derive.pod
new file mode 100644
index 0000000000..d9d6d76c72
--- /dev/null
+++ b/src/lib/libcrypto/doc/EVP_PKEY_derive.pod
@@ -0,0 +1,93 @@
+=pod
+=head1 NAME
+EVP_PKEY_derive_init, EVP_PKEY_derive_set_peer, EVP_PKEY_derive - derive public key algorithm shared secret.
+=head1 SYNOPSIS
+ #include <openssl/evp.h>
+ int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer);
+ int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
+=head1 DESCRIPTION
+The EVP_PKEY_derive_init() function initializes a public key algorithm
+context using key B<pkey> for shared secret derivation.
+The EVP_PKEY_derive_set_peer() function sets the peer key: this will normally
+be a public key.
+The EVP_PKEY_derive() derives a shared secret using B<ctx>.
+If B<key> is B<NULL> then the maximum size of the output buffer is written to
+the B<keylen> parameter. If B<key> is not B<NULL> then before the call the
+B<keylen> parameter should contain the length of the B<key> buffer, if the call
+is successful the shared secret is written to B<key> and the amount of data
+written to B<keylen>.
+=head1 NOTES
+After the call to EVP_PKEY_derive_init() algorithm specific control
+operations can be performed to set any appropriate parameters for the
+operation.
+The function EVP_PKEY_derive() can be called more than once on the same
+context if several operations are performed using the same parameters.
+=head1 RETURN VALUES
+EVP_PKEY_derive_init() and EVP_PKEY_derive() return 1 for success and 0
+or a negative value for failure. In particular a return value of -2
+indicates the operation is not supported by the public key algorithm.
+=head1 EXAMPLE
+Derive shared secret (for example DH or EC keys):
+ #include <openssl/evp.h>
+ #include <openssl/rsa.h>
+ EVP_PKEY_CTX *ctx;
+ unsigned char *skey;
+ size_t skeylen;
+ EVP_PKEY *pkey, *peerkey;
+ /* NB: assumes pkey, peerkey have been already set up */
+ ctx = EVP_PKEY_CTX_new(pkey);
+ if (!ctx)
+        /* Error occurred */
+ if (EVP_PKEY_derive_init(ctx) <= 0)
+        /* Error */
+ if (EVP_PKEY_derive_set_peer(ctx, peerkey) <= 0)
+        /* Error */
+ /* Determine buffer length */
+ if (EVP_PKEY_derive(ctx, NULL, &skeylen) <= 0)
+        /* Error */
+ skey = OPENSSL_malloc(skeylen);
+ if (!skey)
+        /* malloc failure */
+ 
+ if (EVP_PKEY_derive(ctx, skey, &skeylen) <= 0)
+        /* Error */
+ /* Shared secret is skey bytes written to buffer skey */
+=head1 SEE ALSO
+L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
+L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>,
+L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
+L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
+L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
+L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>,
+=head1 HISTORY
+These functions were first added to OpenSSL 1.0.0.
+=cut
diff --git a/src/lib/libcrypto/doc/EVP_PKEY_encrypt.pod b/src/lib/libcrypto/doc/EVP_PKEY_encrypt.pod
new file mode 100644
index 0000000000..91c9c5d0a5
--- /dev/null
+++ b/src/lib/libcrypto/doc/EVP_PKEY_encrypt.pod
@@ -0,0 +1,93 @@
+=pod
+=head1 NAME
+EVP_PKEY_encrypt_init, EVP_PKEY_encrypt - encrypt using a public key algorithm
+=head1 SYNOPSIS
+ #include <openssl/evp.h>
+ int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx,
+                        unsigned char *out, size_t *outlen,
+                        const unsigned char *in, size_t inlen);
+=head1 DESCRIPTION
+The EVP_PKEY_encrypt_init() function initializes a public key algorithm
+context using key B<pkey> for an encryption operation.
+The EVP_PKEY_encrypt() function performs a public key encryption operation
+using B<ctx>. The data to be encrypted is specified using the B<in> and
+B<inlen> parameters. If B<out> is B<NULL> then the maximum size of the output
+buffer is written to the B<outlen> parameter. If B<out> is not B<NULL> then
+before the call the B<outlen> parameter should contain the length of the
+B<out> buffer, if the call is successful the encrypted data is written to
+B<out> and the amount of data written to B<outlen>.
+=head1 NOTES
+After the call to EVP_PKEY_encrypt_init() algorithm specific control
+operations can be performed to set any appropriate parameters for the
+operation.
+The function EVP_PKEY_encrypt() can be called more than once on the same
+context if several operations are performed using the same parameters.
+=head1 RETURN VALUES
+EVP_PKEY_encrypt_init() and EVP_PKEY_encrypt() return 1 for success and 0
+or a negative value for failure. In particular a return value of -2
+indicates the operation is not supported by the public key algorithm.
+=head1 EXAMPLE
+Encrypt data using OAEP (for RSA keys):
+ #include <openssl/evp.h>
+ #include <openssl/rsa.h>
+ EVP_PKEY_CTX *ctx;
+ unsigned char *out, *in;
+ size_t outlen, inlen; 
+ EVP_PKEY *key;
+ /* NB: assumes key in, inlen are already set up
+  * and that key is an RSA public key
+  */
+ ctx = EVP_PKEY_CTX_new(key);
+ if (!ctx)
+        /* Error occurred */
+ if (EVP_PKEY_encrypt_init(ctx) <= 0)
+        /* Error */
+ if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_OAEP_PADDING) <= 0)
+        /* Error */
+ /* Determine buffer length */
+ if (EVP_PKEY_encrypt(ctx, NULL, &outlen, in, inlen) <= 0)
+        /* Error */
+ out = OPENSSL_malloc(outlen);
+ if (!out)
+        /* malloc failure */
+ 
+ if (EVP_PKEY_encrypt(ctx, out, &outlen, in, inlen) <= 0)
+        /* Error */
+ /* Encrypted data is outlen bytes written to buffer out */
+=head1 SEE ALSO
+L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
+L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
+L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
+L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
+L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>,
+L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 
+=head1 HISTORY
+These functions were first added to OpenSSL 1.0.0.
+=cut
diff --git a/src/lib/libcrypto/doc/EVP_PKEY_get_default_digest.pod b/src/lib/libcrypto/doc/EVP_PKEY_get_default_digest.pod
new file mode 100644
index 0000000000..1a9c7954c5
--- /dev/null
+++ b/src/lib/libcrypto/doc/EVP_PKEY_get_default_digest.pod
@@ -0,0 +1,41 @@
+=pod
+=head1 NAME
+EVP_PKEY_get_default_digest_nid - get default signature digest
+=head1 SYNOPSIS
+ #include <openssl/evp.h>
+ int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid);
+=head1 DESCRIPTION
+The EVP_PKEY_get_default_digest_nid() function sets B<pnid> to the default
+message digest NID for the public key signature operations associated with key
+B<pkey>.
+=head1 NOTES
+For all current standard OpenSSL public key algorithms SHA1 is returned.
+=head1 RETURN VALUES
+The EVP_PKEY_get_default_digest_nid() function returns 1 if the message digest
+is advisory (that is other digests can be used) and 2 if it is mandatory (other
+digests can not be used).  It returns 0 or a negative value for failure. In
+particular a return value of -2 indicates the operation is not supported by the
+public key algorithm.
+=head1 SEE ALSO
+L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
+L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
+L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
+L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>,
+=head1 HISTORY
+This function was first added to OpenSSL 1.0.0.
+=cut
diff --git a/src/lib/libcrypto/doc/EVP_PKEY_keygen.pod b/src/lib/libcrypto/doc/EVP_PKEY_keygen.pod
new file mode 100644
index 0000000000..37c6fe9503
--- /dev/null
+++ b/src/lib/libcrypto/doc/EVP_PKEY_keygen.pod
@@ -0,0 +1,161 @@
+=pod
+=head1 NAME
+EVP_PKEY_keygen_init, EVP_PKEY_keygen, EVP_PKEY_paramgen_init, EVP_PKEY_paramgen, EVP_PKEY_CTX_set_cb, EVP_PKEY_CTX_get_cb, EVP_PKEY_CTX_get_keygen_info, EVP_PKEVP_PKEY_CTX_set_app_data, EVP_PKEY_CTX_get_app_data - key and parameter generation functions
+=head1 SYNOPSIS
+ #include <openssl/evp.h>
+ int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
+ int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
+ typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx);
+ void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb);
+ EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx);
+ void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data);
+ void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx);
+=head1 DESCRIPTION
+The EVP_PKEY_keygen_init() function initializes a public key algorithm
+context using key B<pkey> for a key genration operation.
+The EVP_PKEY_keygen() function performs a key generation operation, the 
+generated key is written to B<ppkey>.
+The functions EVP_PKEY_paramgen_init() and EVP_PKEY_paramgen() are similar
+except parameters are generated.
+The function EVP_PKEY_set_cb() sets the key or parameter generation callback
+to B<cb>. The function EVP_PKEY_CTX_get_cb() returns the key or parameter
+generation callback.
+The function EVP_PKEY_CTX_get_keygen_info() returns parameters associated
+with the generation operation. If B<idx> is -1 the total number of
+parameters available is returned. Any non negative value returns the value of
+that parameter. EVP_PKEY_CTX_gen_keygen_info() with a non-negative value for
+B<idx> should only be called within the generation callback.
+If the callback returns 0 then the key genration operation is aborted and an
+error occurs. This might occur during a time consuming operation where
+a user clicks on a "cancel" button.
+The functions EVP_PKEY_CTX_set_app_data() and EVP_PKEY_CTX_get_app_data() set
+and retrieve an opaque pointer. This can be used to set some application
+defined value which can be retrieved in the callback: for example a handle
+which is used to update a "progress dialog".
+=head1 NOTES
+After the call to EVP_PKEY_keygen_init() or EVP_PKEY_paramgen_init() algorithm
+specific control operations can be performed to set any appropriate parameters
+for the operation.
+The functions EVP_PKEY_keygen() and EVP_PKEY_paramgen() can be called more than
+once on the same context if several operations are performed using the same
+parameters.
+The meaning of the parameters passed to the callback will depend on the
+algorithm and the specifiic implementation of the algorithm. Some might not
+give any useful information at all during key or parameter generation. Others
+might not even call the callback.
+The operation performed by key or parameter generation depends on the algorithm
+used. In some cases (e.g. EC with a supplied named curve) the "generation"
+option merely sets the appropriate fields in an EVP_PKEY structure.
+In OpenSSL an EVP_PKEY structure containing a private key also contains the
+public key components and parameters (if any). An OpenSSL private key is
+equivalent to what some libraries call a "key pair". A private key can be used
+in functions which require the use of a public key or parameters.
+=head1 RETURN VALUES
+EVP_PKEY_keygen_init(), EVP_PKEY_paramgen_init(), EVP_PKEY_keygen() and
+EVP_PKEY_paramgen() return 1 for success and 0 or a negative value for failure.
+In particular a return value of -2 indicates the operation is not supported by
+the public key algorithm.
+=head1 EXAMPLES
+Generate a 2048 bit RSA key:
+ #include <openssl/evp.h>
+ #include <openssl/rsa.h>
+ EVP_PKEY_CTX *ctx;
+ EVP_PKEY *pkey = NULL;
+ ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
+ if (!ctx)
+        /* Error occurred */
+ if (EVP_PKEY_keygen_init(ctx) <= 0)
+        /* Error */
+ if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) <= 0)
+        /* Error */
+ /* Generate key */
+ if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
+        /* Error */
+Generate a key from a set of parameters:
+ #include <openssl/evp.h>
+ #include <openssl/rsa.h>
+ EVP_PKEY_CTX *ctx;
+ EVP_PKEY *pkey = NULL, *param;
+ /* Assumed param is set up already */
+ ctx = EVP_PKEY_CTX_new(param);
+ if (!ctx)
+        /* Error occurred */
+ if (EVP_PKEY_keygen_init(ctx) <= 0)
+        /* Error */
+ /* Generate key */
+ if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
+        /* Error */
+Example of generation callback for OpenSSL public key implementations:
+ /* Application data is a BIO to output status to */
+ EVP_PKEY_CTX_set_app_data(ctx, status_bio);
+ static int genpkey_cb(EVP_PKEY_CTX *ctx)
+        {
+        char c='*';
+        BIO *b = EVP_PKEY_CTX_get_app_data(ctx);
+        int p;
+        p = EVP_PKEY_CTX_get_keygen_info(ctx, 0);
+        if (p == 0) c='.';
+        if (p == 1) c='+';
+        if (p == 2) c='*';
+        if (p == 3) c='\n';
+        BIO_write(b,&c,1);
+        (void)BIO_flush(b);
+        return 1;
+        }
+=head1 SEE ALSO
+L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
+L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>,
+L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
+L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
+L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
+L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>,
+L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 
+=head1 HISTORY
+These functions were first added to OpenSSL 1.0.0.
+=cut
diff --git a/src/lib/libcrypto/doc/EVP_PKEY_print_private.pod b/src/lib/libcrypto/doc/EVP_PKEY_print_private.pod
new file mode 100644
index 0000000000..ce9d70d7a7
--- /dev/null
+++ b/src/lib/libcrypto/doc/EVP_PKEY_print_private.pod
@@ -0,0 +1,53 @@
+=pod
+=head1 NAME
+EVP_PKEY_print_public, EVP_PKEY_print_private, EVP_PKEY_print_params - public key algorithm printing routines.
+=head1 SYNOPSIS
+ #include <openssl/evp.h>
+ int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey,
+                                int indent, ASN1_PCTX *pctx);
+ int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey,
+                                int indent, ASN1_PCTX *pctx);
+ int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey,
+                                int indent, ASN1_PCTX *pctx);
+=head1 DESCRIPTION
+The functions EVP_PKEY_print_public(), EVP_PKEY_print_private() and
+EVP_PKEY_print_params() print out the public, private or parameter components
+of key B<pkey> respectively. The key is sent to BIO B<out> in human readable
+form. The parameter B<indent> indicated how far the printout should be indented.
+The B<pctx> parameter allows the print output to be finely tuned by using
+ASN1 printing options. If B<pctx> is set to NULL then default values will
+be used.
+=head1 NOTES
+Currently no public key algorithms include any options in the B<pctx> parameter 
+parameter.
+If the key does not include all the components indicated by the function then
+only those contained in the key will be printed. For example passing a public
+key to EVP_PKEY_print_private() will only print the public components.
+=head1 RETURN VALUES
+These functions all return 1 for success and 0 or a negative value for failure.
+In particular a return value of -2 indicates the operation is not supported by
+the public key algorithm.
+=head1 SEE ALSO
+L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
+L<EVP_PKEY_keygen(3)|EVP_PKEY_keygen(3)> 
+=head1 HISTORY
+These functions were first added to OpenSSL 1.0.0.
+=cut
diff --git a/src/lib/libcrypto/doc/EVP_PKEY_sign.pod b/src/lib/libcrypto/doc/EVP_PKEY_sign.pod
new file mode 100644
index 0000000000..2fb52c3486
--- /dev/null
+++ b/src/lib/libcrypto/doc/EVP_PKEY_sign.pod
@@ -0,0 +1,96 @@
+=pod
+=head1 NAME
+EVP_PKEY_sign_init, EVP_PKEY_sign - sign using a public key algorithm
+=head1 SYNOPSIS
+ #include <openssl/evp.h>
+ int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
+                        unsigned char *sig, size_t *siglen,
+                        const unsigned char *tbs, size_t tbslen);
+=head1 DESCRIPTION
+The EVP_PKEY_sign_init() function initializes a public key algorithm
+context using key B<pkey> for a signing operation.
+The EVP_PKEY_sign() function performs a public key signing operation
+using B<ctx>. The data to be signed is specified using the B<tbs> and
+B<tbslen> parameters. If B<sig> is B<NULL> then the maximum size of the output
+buffer is written to the B<siglen> parameter. If B<sig> is not B<NULL> then
+before the call the B<siglen> parameter should contain the length of the
+B<sig> buffer, if the call is successful the signature is written to
+B<sig> and the amount of data written to B<siglen>.
+=head1 NOTES
+After the call to EVP_PKEY_sign_init() algorithm specific control
+operations can be performed to set any appropriate parameters for the
+operation.
+The function EVP_PKEY_sign() can be called more than once on the same
+context if several operations are performed using the same parameters.
+=head1 RETURN VALUES
+EVP_PKEY_sign_init() and EVP_PKEY_sign() return 1 for success and 0
+or a negative value for failure. In particular a return value of -2
+indicates the operation is not supported by the public key algorithm.
+=head1 EXAMPLE
+Sign data using RSA with PKCS#1 padding and SHA256 digest:
+ #include <openssl/evp.h>
+ #include <openssl/rsa.h>
+ EVP_PKEY_CTX *ctx;
+ unsigned char *md, *sig;
+ size_t mdlen, siglen; 
+ EVP_PKEY *signing_key;
+ /* NB: assumes signing_key, md and mdlen are already set up
+  * and that signing_key is an RSA private key
+  */
+ ctx = EVP_PKEY_CTX_new(signing_key);
+ if (!ctx)
+        /* Error occurred */
+ if (EVP_PKEY_sign_init(ctx) <= 0)
+        /* Error */
+ if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
+        /* Error */
+ if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)
+        /* Error */
+ /* Determine buffer length */
+ if (EVP_PKEY_sign(ctx, NULL, &siglen, md, mdlen) <= 0)
+        /* Error */
+ sig = OPENSSL_malloc(siglen);
+ if (!sig)
+        /* malloc failure */
+ 
+ if (EVP_PKEY_sign(ctx, sig, &siglen, md, mdlen) <= 0)
+        /* Error */
+ /* Signature is siglen bytes written to buffer sig */
+=head1 SEE ALSO
+L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
+L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>,
+L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
+L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
+L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>,
+L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 
+=head1 HISTORY
+These functions were first added to OpenSSL 1.0.0.
+=cut
diff --git a/src/lib/libcrypto/doc/EVP_PKEY_verify.pod b/src/lib/libcrypto/doc/EVP_PKEY_verify.pod
new file mode 100644
index 0000000000..10633da3f2
--- /dev/null
+++ b/src/lib/libcrypto/doc/EVP_PKEY_verify.pod
@@ -0,0 +1,91 @@
+=pod
+=head1 NAME
+EVP_PKEY_verify_init, EVP_PKEY_verify - signature verification using a public key algorithm
+=head1 SYNOPSIS
+ #include <openssl/evp.h>
+ int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_verify(EVP_PKEY_CTX *ctx,
+                        const unsigned char *sig, size_t siglen,
+                        const unsigned char *tbs, size_t tbslen);
+=head1 DESCRIPTION
+The EVP_PKEY_verify_init() function initializes a public key algorithm
+context using key B<pkey> for a signature verification operation.
+The EVP_PKEY_verify() function performs a public key verification operation
+using B<ctx>. The signature is specified using the B<sig> and
+B<siglen> parameters. The verified data (i.e. the data believed originally
+signed) is specified using the B<tbs> and B<tbslen> parameters.
+=head1 NOTES
+After the call to EVP_PKEY_verify_init() algorithm specific control
+operations can be performed to set any appropriate parameters for the
+operation.
+The function EVP_PKEY_verify() can be called more than once on the same
+context if several operations are performed using the same parameters.
+=head1 RETURN VALUES
+EVP_PKEY_verify_init() and EVP_PKEY_verify() return 1 if the verification was
+successful and 0 if it failed. Unlike other functions the return value 0 from
+EVP_PKEY_verify() only indicates that the signature did not not verify
+successfully (that is tbs did not match the original data or the signature was
+of invalid form) it is not an indication of a more serious error.
+A negative value indicates an error other that signature verification failure.
+In particular a return value of -2 indicates the operation is not supported by
+the public key algorithm.
+=head1 EXAMPLE
+Verify signature using PKCS#1 and SHA256 digest:
+ #include <openssl/evp.h>
+ #include <openssl/rsa.h>
+ EVP_PKEY_CTX *ctx;
+ unsigned char *md, *sig;
+ size_t mdlen, siglen; 
+ EVP_PKEY *verify_key;
+ /* NB: assumes verify_key, sig, siglen md and mdlen are already set up
+  * and that verify_key is an RSA public key
+  */
+ ctx = EVP_PKEY_CTX_new(verify_key);
+ if (!ctx)
+        /* Error occurred */
+ if (EVP_PKEY_verify_init(ctx) <= 0)
+        /* Error */
+ if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
+        /* Error */
+ if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)
+        /* Error */
+ /* Perform operation */
+ ret = EVP_PKEY_verify(ctx, md, mdlen, sig, siglen);
+ /* ret == 1 indicates success, 0 verify failure and < 0 for some
+  * other error.
+  */
+=head1 SEE ALSO
+L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
+L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>,
+L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
+L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
+L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>,
+L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 
+=head1 HISTORY
+These functions were first added to OpenSSL 1.0.0.
+=cut
diff --git a/src/lib/libcrypto/doc/EVP_SignInit.pod b/src/lib/libcrypto/doc/EVP_SignInit.pod
index b6e62ce7f6..620a623ab6 100644
--- a/src/lib/libcrypto/doc/EVP_SignInit.pod
+++ b/src/lib/libcrypto/doc/EVP_SignInit.pod
@@ -77,6 +77,15 @@ will occur.
 Older versions of this documentation wrongly stated that calls to 
 EVP_SignUpdate() could not be made after calling EVP_SignFinal().
+Since the private key is passed in the call to EVP_SignFinal() any error
+relating to the private key (for example an unsuitable key and digest
+combination) will not be indicated until after potentially large amounts of
+data have been passed through EVP_SignUpdate().
+It is not possible to change the signing parameters using these function.
+The previous two bugs are fixed in the newer EVP_SignDigest*() function.
 =head1 SEE ALSO
 L<EVP_VerifyInit(3)|EVP_VerifyInit(3)>,
diff --git a/src/lib/libcrypto/doc/EVP_VerifyInit.pod b/src/lib/libcrypto/doc/EVP_VerifyInit.pod
index b6afaedee5..9097f09410 100644
--- a/src/lib/libcrypto/doc/EVP_VerifyInit.pod
+++ b/src/lib/libcrypto/doc/EVP_VerifyInit.pod
@@ -67,6 +67,15 @@ will occur.
 Older versions of this documentation wrongly stated that calls to 
 EVP_VerifyUpdate() could not be made after calling EVP_VerifyFinal().
+Since the public key is passed in the call to EVP_SignFinal() any error
+relating to the private key (for example an unsuitable key and digest
+combination) will not be indicated until after potentially large amounts of
+data have been passed through EVP_SignUpdate().
+It is not possible to change the signing parameters using these function.
+The previous two bugs are fixed in the newer EVP_VerifyDigest*() function.
 =head1 SEE ALSO
 L<evp(3)|evp(3)>,
diff --git a/src/lib/libcrypto/doc/OBJ_nid2obj.pod b/src/lib/libcrypto/doc/OBJ_nid2obj.pod
index 7dcc07923f..1e45dd40f6 100644
--- a/src/lib/libcrypto/doc/OBJ_nid2obj.pod
+++ b/src/lib/libcrypto/doc/OBJ_nid2obj.pod
@@ -8,6 +8,8 @@ functions
 =head1 SYNOPSIS
+ #include <openssl/objects.h>
 ASN1_OBJECT * OBJ_nid2obj(int n);
 const char *  OBJ_nid2ln(int n);
 const char *  OBJ_nid2sn(int n);
diff --git a/src/lib/libcrypto/doc/PEM_write_bio_CMS_stream.pod b/src/lib/libcrypto/doc/PEM_write_bio_CMS_stream.pod
new file mode 100644
index 0000000000..e070c45c2e
--- /dev/null
+++ b/src/lib/libcrypto/doc/PEM_write_bio_CMS_stream.pod
@@ -0,0 +1,41 @@
+=pod
+=head1 NAME
+ PEM_write_bio_CMS_stream - output CMS_ContentInfo structure in PEM format.
+=head1 SYNOPSIS
+ #include <openssl/cms.h>
+ #include <openssl/pem.h>
+ int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags);
+=head1 DESCRIPTION
+PEM_write_bio_CMS_stream() outputs a CMS_ContentInfo structure in PEM format.
+It is otherwise identical to the function SMIME_write_CMS().
+=head1 NOTES
+This function is effectively a version of the PEM_write_bio_CMS() supporting
+streaming.
+=head1 RETURN VALUES
+PEM_write_bio_CMS_stream() returns 1 for success or 0 for failure.
+=head1 SEE ALSO
+L<ERR_get_error(3)|ERR_get_error(3)>, L<CMS_sign(3)|CMS_sign(3)>,
+L<CMS_verify(3)|CMS_verify(3)>, L<CMS_encrypt(3)|CMS_encrypt(3)>
+L<CMS_decrypt(3)|CMS_decrypt(3)>,
+L<SMIME_write_CMS(3)|SMIME_write_CMS(3)>,
+L<i2d_CMS_bio_stream(3)|i2d_CMS_bio_stream(3)>
+=head1 HISTORY
+PEM_write_bio_CMS_stream() was added to OpenSSL 1.0.0
+=cut
diff --git a/src/lib/libcrypto/doc/PEM_write_bio_PKCS7_stream.pod b/src/lib/libcrypto/doc/PEM_write_bio_PKCS7_stream.pod
new file mode 100644
index 0000000000..16fc9b6845
--- /dev/null
+++ b/src/lib/libcrypto/doc/PEM_write_bio_PKCS7_stream.pod
@@ -0,0 +1,41 @@
+=pod
+=head1 NAME
+PEM_write_bio_PKCS7_stream - output PKCS7 structure in PEM format.
+=head1 SYNOPSIS
+ #include <openssl/pkcs7.h>
+ #include <openssl/pem.h>
+ int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *data, int flags);
+=head1 DESCRIPTION
+PEM_write_bio_PKCS7_stream() outputs a PKCS7 structure in PEM format.
+It is otherwise identical to the function SMIME_write_PKCS7().
+=head1 NOTES
+This function is effectively a version of the PEM_write_bio_PKCS7() supporting
+streaming.
+=head1 RETURN VALUES
+PEM_write_bio_PKCS7_stream() returns 1 for success or 0 for failure.
+=head1 SEE ALSO
+L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_sign(3)|PKCS7_sign(3)>,
+L<PKCS7_verify(3)|PKCS7_verify(3)>, L<PKCS7_encrypt(3)|PKCS7_encrypt(3)>
+L<PKCS7_decrypt(3)|PKCS7_decrypt(3)>,
+L<SMIME_write_PKCS7(3)|SMIME_write_PKCS7(3)>,
+L<i2d_PKCS7_bio_stream(3)|i2d_PKCS7_bio_stream(3)>
+=head1 HISTORY
+PEM_write_bio_PKCS7_stream() was added to OpenSSL 1.0.0
+=cut
diff --git a/src/lib/libcrypto/doc/PKCS12_parse.pod b/src/lib/libcrypto/doc/PKCS12_parse.pod
index 51344f883a..c54cf2ad61 100644
--- a/src/lib/libcrypto/doc/PKCS12_parse.pod
+++ b/src/lib/libcrypto/doc/PKCS12_parse.pod
@@ -20,24 +20,31 @@ certificate to B<*cert> and any additional certificates to B<*ca>.
 =head1 NOTES
-The parameters B<pkey> and B<cert> cannot be B<NULL>. B<ca> can be <NULL>
+The parameters B<pkey> and B<cert> cannot be B<NULL>. B<ca> can be <NULL> in
-in which case additional certificates will be discarded. B<*ca> can also
+which case additional certificates will be discarded. B<*ca> can also be a
-be a valid STACK in which case additional certificates are appended to
+valid STACK in which case additional certificates are appended to B<*ca>. If
-B<*ca>. If B<*ca> is B<NULL> a new STACK will be allocated.
+B<*ca> is B<NULL> a new STACK will be allocated.
-The B<friendlyName> and B<localKeyID> attributes (if present) on each certificate
+The B<friendlyName> and B<localKeyID> attributes (if present) on each
-will be stored in the B<alias> and B<keyid> attributes of the B<X509> structure.
+certificate will be stored in the B<alias> and B<keyid> attributes of the
+B<X509> structure.
+=head1 RETURN VALUES
+PKCS12_parse() returns 1 for success and zero if an error occurred.
+The error can be obtained from L<ERR_get_error(3)|ERR_get_error(3)>
 =head1 BUGS
-Only a single private key and corresponding certificate is returned by this function.
+Only a single private key and corresponding certificate is returned by this
-More complex PKCS#12 files with multiple private keys will only return the first
+function. More complex PKCS#12 files with multiple private keys will only
-match.
+return the first match.
-Only B<friendlyName> and B<localKeyID> attributes are currently stored in certificates.
+Only B<friendlyName> and B<localKeyID> attributes are currently stored in
-Other attributes are discarded.
+certificates. Other attributes are discarded.
-Attributes currently cannot be store in the private key B<EVP_PKEY> structure.
+Attributes currently cannot be stored in the private key B<EVP_PKEY> structure.
 =head1 SEE ALSO
diff --git a/src/lib/libcrypto/doc/PKCS7_decrypt.pod b/src/lib/libcrypto/doc/PKCS7_decrypt.pod
index b0ca067b89..325699d0b6 100644
--- a/src/lib/libcrypto/doc/PKCS7_decrypt.pod
+++ b/src/lib/libcrypto/doc/PKCS7_decrypt.pod
@@ -6,7 +6,9 @@ PKCS7_decrypt - decrypt content from a PKCS#7 envelopedData structure
 =head1 SYNOPSIS
-int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags);
+ #include <openssl/pkcs7.h>
+ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags);
 =head1 DESCRIPTION
diff --git a/src/lib/libcrypto/doc/PKCS7_encrypt.pod b/src/lib/libcrypto/doc/PKCS7_encrypt.pod
index 1a507b22a2..2cd925a7e0 100644
--- a/src/lib/libcrypto/doc/PKCS7_encrypt.pod
+++ b/src/lib/libcrypto/doc/PKCS7_encrypt.pod
@@ -6,7 +6,9 @@ PKCS7_encrypt - create a PKCS#7 envelopedData structure
 =head1 SYNOPSIS
-PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, int flags);
+ #include <openssl/pkcs7.h>
+ PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, int flags);
 =head1 DESCRIPTION
@@ -16,43 +18,55 @@ B<cipher> is the symmetric cipher to use. B<flags> is an optional set of flags.
 =head1 NOTES
-Only RSA keys are supported in PKCS#7 and envelopedData so the recipient certificates
+Only RSA keys are supported in PKCS#7 and envelopedData so the recipient
-supplied to this function must all contain RSA public keys, though they do not have to
+certificates supplied to this function must all contain RSA public keys, though
-be signed using the RSA algorithm.
+they do not have to be signed using the RSA algorithm.
-EVP_des_ede3_cbc() (triple DES) is the algorithm of choice for S/MIME use because
+EVP_des_ede3_cbc() (triple DES) is the algorithm of choice for S/MIME use
-most clients will support it.
+because most clients will support it.
-Some old "export grade" clients may only support weak encryption using 40 or 64 bit
+Some old "export grade" clients may only support weak encryption using 40 or 64
-RC2. These can be used by passing EVP_rc2_40_cbc() and EVP_rc2_64_cbc() respectively.
+bit RC2. These can be used by passing EVP_rc2_40_cbc() and EVP_rc2_64_cbc()
+respectively.
-The algorithm passed in the B<cipher> parameter must support ASN1 encoding of its
+The algorithm passed in the B<cipher> parameter must support ASN1 encoding of
-parameters. 
+its parameters. 
-Many browsers implement a "sign and encrypt" option which is simply an S/MIME 
+Many browsers implement a "sign and encrypt" option which is simply an S/MIME
 envelopedData containing an S/MIME signed message. This can be readily produced
 by storing the S/MIME signed message in a memory BIO and passing it to
 PKCS7_encrypt().
 The following flags can be passed in the B<flags> parameter.
-If the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain> are prepended
+If the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain> are
-to the data.
+prepended to the data.
-Normally the supplied content is translated into MIME canonical format (as required
+Normally the supplied content is translated into MIME canonical format (as
-by the S/MIME specifications) if B<PKCS7_BINARY> is set no translation occurs. This
+required by the S/MIME specifications) if B<PKCS7_BINARY> is set no translation
-option should be used if the supplied data is in binary format otherwise the translation
+occurs. This option should be used if the supplied data is in binary format
-will corrupt it. If B<PKCS7_BINARY> is set then B<PKCS7_TEXT> is ignored.
+otherwise the translation will corrupt it. If B<PKCS7_BINARY> is set then
+B<PKCS7_TEXT> is ignored.
-=head1 RETURN VALUES
+If the B<PKCS7_STREAM> flag is set a partial B<PKCS7> structure is output
+suitable for streaming I/O: no data is read from the BIO B<in>.
-PKCS7_encrypt() returns either a valid PKCS7 structure or NULL if an error occurred.
+=head1 NOTES
-The error can be obtained from ERR_get_error(3).
-=head1 BUGS
+If the flag B<PKCS7_STREAM> is set the returned B<PKCS7> structure is B<not>
+complete and outputting its contents via a function that does not
+properly finalize the B<PKCS7> structure will give unpredictable 
+results.
-The lack of single pass processing and need to hold all data in memory as
+Several functions including SMIME_write_PKCS7(), i2d_PKCS7_bio_stream(),
-mentioned in PKCS7_sign() also applies to PKCS7_verify().
+PEM_write_bio_PKCS7_stream() finalize the structure. Alternatively finalization
+can be performed by obtaining the streaming ASN1 B<BIO> directly using
+BIO_new_PKCS7().
+=head1 RETURN VALUES
+PKCS7_encrypt() returns either a PKCS7 structure or NULL if an error occurred.
+The error can be obtained from ERR_get_error(3).
 =head1 SEE ALSO
@@ -61,5 +75,6 @@ L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_decrypt(3)|PKCS7_decrypt(3)>
 =head1 HISTORY
 PKCS7_decrypt() was added to OpenSSL 0.9.5
+The B<PKCS7_STREAM> flag was first supported in OpenSSL 1.0.0.
 =cut
diff --git a/src/lib/libcrypto/doc/PKCS7_sign.pod b/src/lib/libcrypto/doc/PKCS7_sign.pod
index ffd0c734b0..64a35144f8 100644
--- a/src/lib/libcrypto/doc/PKCS7_sign.pod
+++ b/src/lib/libcrypto/doc/PKCS7_sign.pod
@@ -6,14 +6,16 @@ PKCS7_sign - create a PKCS#7 signedData structure
 =head1 SYNOPSIS
-PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data, int flags);
+ #include <openssl/pkcs7.h>
+ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data, int flags);
 =head1 DESCRIPTION
-PKCS7_sign() creates and returns a PKCS#7 signedData structure. B<signcert>
+PKCS7_sign() creates and returns a PKCS#7 signedData structure. B<signcert> is
-is the certificate to sign with, B<pkey> is the corresponsding private key.
+the certificate to sign with, B<pkey> is the corresponsding private key.
-B<certs> is an optional additional set of certificates to include in the
+B<certs> is an optional additional set of certificates to include in the PKCS#7
-PKCS#7 structure (for example any intermediate CAs in the chain). 
+structure (for example any intermediate CAs in the chain). 
 The data to be signed is read from BIO B<data>.
@@ -21,72 +23,83 @@ B<flags> is an optional set of flags.
 =head1 NOTES
-Any of the following flags (ored together) can be passed in the B<flags> parameter.
+Any of the following flags (ored together) can be passed in the B<flags>
+parameter.
 Many S/MIME clients expect the signed content to include valid MIME headers. If
 the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain> are prepended
 to the data.
 If B<PKCS7_NOCERTS> is set the signer's certificate will not be included in the
-PKCS7 structure, the signer's certificate must still be supplied in the B<signcert>
+PKCS7 structure, the signer's certificate must still be supplied in the
-parameter though. This can reduce the size of the signature if the signers certificate
+B<signcert> parameter though. This can reduce the size of the signature if the
-can be obtained by other means: for example a previously signed message.
+signers certificate can be obtained by other means: for example a previously
+signed message.
-The data being signed is included in the PKCS7 structure, unless B<PKCS7_DETACHED> 
-is set in which case it is omitted. This is used for PKCS7 detached signatures
+The data being signed is included in the PKCS7 structure, unless
-which are used in S/MIME plaintext signed messages for example.
+B<PKCS7_DETACHED> is set in which case it is omitted. This is used for PKCS7
+detached signatures which are used in S/MIME plaintext signed messages for
+example.
+Normally the supplied content is translated into MIME canonical format (as
+required by the S/MIME specifications) if B<PKCS7_BINARY> is set no translation
+occurs. This option should be used if the supplied data is in binary format
+otherwise the translation will corrupt it.
+The signedData structure includes several PKCS#7 autenticatedAttributes
+including the signing time, the PKCS#7 content type and the supported list of
+ciphers in an SMIMECapabilities attribute. If B<PKCS7_NOATTR> is set then no
+authenticatedAttributes will be used. If B<PKCS7_NOSMIMECAP> is set then just
+the SMIMECapabilities are omitted.
-Normally the supplied content is translated into MIME canonical format (as required
+If present the SMIMECapabilities attribute indicates support for the following
-by the S/MIME specifications) if B<PKCS7_BINARY> is set no translation occurs. This
+algorithms: triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. If any of
-option should be used if the supplied data is in binary format otherwise the translation
+these algorithms is disabled then it will not be included.
-will corrupt it.
-The signedData structure includes several PKCS#7 autenticatedAttributes including
+If the flags B<PKCS7_STREAM> is set then the returned B<PKCS7> structure is
-the signing time, the PKCS#7 content type and the supported list of ciphers in
+just initialized ready to perform the signing operation. The signing is however
-an SMIMECapabilities attribute. If B<PKCS7_NOATTR> is set then no authenticatedAttributes
+B<not> performed and the data to be signed is not read from the B<data>
-will be used. If B<PKCS7_NOSMIMECAP> is set then just the SMIMECapabilities are
+parameter. Signing is deferred until after the data has been written. In this
-omitted.
+way data can be signed in a single pass.
-If present the SMIMECapabilities attribute indicates support for the following
+If the B<PKCS7_PARTIAL> flag is set a partial B<PKCS7> structure is output to
-algorithms: triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. If any
+which additional signers and capabilities can be added before finalization.
-of these algorithms is disabled then it will not be included.
-If the flags B<PKCS7_PARTSIGN> is set then the returned B<PKCS7> structure
-is just initialized ready to perform the signing operation. The signing
-is however B<not> performed and the data to be signed is not read from
-the B<data> parameter. Signing is deferred until after the data has been
-written. In this way data can be signed in a single pass. Currently the
-flag B<PKCS7_DETACHED> B<must> also be set.
 =head1 NOTES
-Currently the flag B<PKCS7_PARTSIGN> is only supported for detached
+If the flag B<PKCS7_STREAM> is set the returned B<PKCS7> structure is B<not>
-data. If this flag is set the returned B<PKCS7> structure is B<not>
+complete and outputting its contents via a function that does not properly
-complete and outputting its contents via a function that does not
+finalize the B<PKCS7> structure will give unpredictable results.
-properly finalize the B<PKCS7> structure will give unpredictable 
-results.
-At present only the SMIME_write_PKCS7() function properly finalizes the
+Several functions including SMIME_write_PKCS7(), i2d_PKCS7_bio_stream(),
-structure.
+PEM_write_bio_PKCS7_stream() finalize the structure. Alternatively finalization
+can be performed by obtaining the streaming ASN1 B<BIO> directly using
+BIO_new_PKCS7().
-=head1 BUGS
+If a signer is specified it will use the default digest for the signing
+algorithm. This is B<SHA1> for both RSA and DSA keys.
+In OpenSSL 1.0.0 the B<certs>, B<signcert> and B<pkey> parameters can all be
+B<NULL> if the B<PKCS7_PARTIAL> flag is set. One or more signers can be added
+using the function B<PKCS7_sign_add_signer()>. B<PKCS7_final()> must also be
+called to finalize the structure if streaming is not enabled. Alternative
+signing digests can also be specified using this method.
-PKCS7_sign() is somewhat limited. It does not support multiple signers, some
+In OpenSSL 1.0.0 if B<signcert> and B<pkey> are NULL then a certificates only
-advanced attributes such as counter signatures are not supported.
+PKCS#7 structure is output.
-The SHA1 digest algorithm is currently always used.
+In versions of OpenSSL before 1.0.0 the B<signcert> and B<pkey> parameters must
+B<NOT> be NULL.
-When the signed data is not detached it will be stored in memory within the
+=head1 BUGS
-B<PKCS7> structure. This effectively limits the size of messages which can be
-signed due to memory restraints. There should be a way to sign data without
-having to hold it all in memory, this would however require fairly major
-revisions of the OpenSSL ASN1 code.
+Some advanced attributes such as counter signatures are not supported.
 =head1 RETURN VALUES
-PKCS7_sign() returns either a valid PKCS7 structure or NULL if an error occurred.
+PKCS7_sign() returns either a valid PKCS7 structure or NULL if an error
-The error can be obtained from ERR_get_error(3).
+occurred.  The error can be obtained from ERR_get_error(3).
 =head1 SEE ALSO
@@ -96,6 +109,8 @@ L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_verify(3)|PKCS7_verify(3)>
 PKCS7_sign() was added to OpenSSL 0.9.5
-The B<PKCS7_PARTSIGN> flag was added in OpenSSL 0.9.8
+The B<PKCS7_PARTIAL> flag was added in OpenSSL 1.0.0
+The B<PKCS7_STREAM> flag was added in OpenSSL 1.0.0
 =cut
diff --git a/src/lib/libcrypto/doc/PKCS7_sign_add_signer.pod b/src/lib/libcrypto/doc/PKCS7_sign_add_signer.pod
new file mode 100644
index 0000000000..ebec4d57de
--- /dev/null
+++ b/src/lib/libcrypto/doc/PKCS7_sign_add_signer.pod
@@ -0,0 +1,87 @@
+=pod
+=head1 NAME
+PKCS7_sign_add_signer - add a signer PKCS7 signed data structure.
+=head1 SYNOPSIS
+ #include <openssl/pkcs7.h>
+ PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert, EVP_PKEY *pkey, const EVP_MD *md, int flags);
+=head1 DESCRIPTION
+PKCS7_sign_add_signer() adds a signer with certificate B<signcert> and private
+key B<pkey> using message digest B<md> to a PKCS7 signed data structure
+B<p7>.
+The PKCS7 structure should be obtained from an initial call to PKCS7_sign()
+with the flag B<PKCS7_PARTIAL> set or in the case or re-signing a valid PKCS7
+signed data structure.
+If the B<md> parameter is B<NULL> then the default digest for the public
+key algorithm will be used.
+Unless the B<PKCS7_REUSE_DIGEST> flag is set the returned PKCS7 structure
+is not complete and must be finalized either by streaming (if applicable) or
+a call to PKCS7_final().
+=head1 NOTES
+The main purpose of this function is to provide finer control over a PKCS#7
+signed data structure where the simpler PKCS7_sign() function defaults are
+not appropriate. For example if multiple signers or non default digest
+algorithms are needed.
+Any of the following flags (ored together) can be passed in the B<flags>
+parameter.
+If B<PKCS7_REUSE_DIGEST> is set then an attempt is made to copy the content
+digest value from the PKCS7 struture: to add a signer to an existing structure.
+An error occurs if a matching digest value cannot be found to copy. The
+returned PKCS7 structure will be valid and finalized when this flag is set.
+If B<PKCS7_PARTIAL> is set in addition to B<PKCS7_REUSE_DIGEST> then the 
+B<PKCS7_SIGNER_INO> structure will not be finalized so additional attributes
+can be added. In this case an explicit call to PKCS7_SIGNER_INFO_sign() is
+needed to finalize it.
+If B<PKCS7_NOCERTS> is set the signer's certificate will not be included in the
+PKCS7 structure, the signer's certificate must still be supplied in the
+B<signcert> parameter though. This can reduce the size of the signature if the
+signers certificate can be obtained by other means: for example a previously
+signed message.
+The signedData structure includes several PKCS#7 autenticatedAttributes
+including the signing time, the PKCS#7 content type and the supported list of
+ciphers in an SMIMECapabilities attribute. If B<PKCS7_NOATTR> is set then no
+authenticatedAttributes will be used. If B<PKCS7_NOSMIMECAP> is set then just
+the SMIMECapabilities are omitted.
+If present the SMIMECapabilities attribute indicates support for the following
+algorithms: triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. If any of
+these algorithms is disabled then it will not be included.
+PKCS7_sign_add_signers() returns an internal pointer to the PKCS7_SIGNER_INFO
+structure just added, this can be used to set additional attributes 
+before it is finalized.
+=head1 RETURN VALUES
+PKCS7_sign_add_signers() returns an internal pointer to the PKCS7_SIGNER_INFO
+structure just added or NULL if an error occurs.
+=head1 SEE ALSO
+L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_sign(3)|PKCS7_sign(3)>,
+L<PKCS7_final(3)|PKCS7_final(3)>,
+=head1 HISTORY
+PPKCS7_sign_add_signer() was added to OpenSSL 1.0.0
+=cut
diff --git a/src/lib/libcrypto/doc/PKCS7_verify.pod b/src/lib/libcrypto/doc/PKCS7_verify.pod
index 3490b5dc82..7c10a4cc3c 100644
--- a/src/lib/libcrypto/doc/PKCS7_verify.pod
+++ b/src/lib/libcrypto/doc/PKCS7_verify.pod
@@ -6,9 +6,11 @@ PKCS7_verify - verify a PKCS#7 signedData structure
 =head1 SYNOPSIS
-int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, BIO *out, int flags);
+ #include <openssl/pkcs7.h>
-STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags);
+ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, BIO *out, int flags);
+ STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags);
 =head1 DESCRIPTION
diff --git a/src/lib/libcrypto/doc/SMIME_read_CMS.pod b/src/lib/libcrypto/doc/SMIME_read_CMS.pod
new file mode 100644
index 0000000000..acc5524c14
--- /dev/null
+++ b/src/lib/libcrypto/doc/SMIME_read_CMS.pod
@@ -0,0 +1,70 @@
+=pod
+=head1 NAME
+ SMIME_read_CMS - parse S/MIME message.
+=head1 SYNOPSIS
+ #include <openssl/cms.h>
+ CMS_ContentInfo *SMIME_read_CMS(BIO *in, BIO **bcont);
+=head1 DESCRIPTION
+SMIME_read_CMS() parses a message in S/MIME format.
+B<in> is a BIO to read the message from.
+If cleartext signing is used then the content is saved in a memory bio which is
+written to B<*bcont>, otherwise B<*bcont> is set to NULL.
+The parsed CMS_ContentInfo structure is returned or NULL if an
+error occurred.
+=head1 NOTES
+If B<*bcont> is not NULL then the message is clear text signed. B<*bcont> can
+then be passed to CMS_verify() with the B<CMS_DETACHED> flag set.
+Otherwise the type of the returned structure can be determined
+using CMS_get0_type().
+To support future functionality if B<bcont> is not NULL B<*bcont> should be
+initialized to NULL. For example:
+ BIO *cont = NULL;
+ CMS_ContentInfo *cms;
+ cms = SMIME_read_CMS(in, &cont);
+=head1 BUGS
+The MIME parser used by SMIME_read_CMS() is somewhat primitive.  While it will
+handle most S/MIME messages more complex compound formats may not work.
+The parser assumes that the CMS_ContentInfo structure is always base64 encoded
+and will not handle the case where it is in binary format or uses quoted
+printable format.
+The use of a memory BIO to hold the signed content limits the size of message
+which can be processed due to memory restraints: a streaming single pass option
+should be available.
+=head1 RETURN VALUES
+SMIME_read_CMS() returns a valid B<CMS_ContentInfo> structure or B<NULL>
+if an error occurred. The error can be obtained from ERR_get_error(3).
+=head1 SEE ALSO
+L<ERR_get_error(3)|ERR_get_error(3)>, L<CMS_type(3)|CMS_type(3)>
+L<SMIME_read_CMS(3)|SMIME_read_CMS(3)>, L<CMS_sign(3)|CMS_sign(3)>,
+L<CMS_verify(3)|CMS_verify(3)>, L<CMS_encrypt(3)|CMS_encrypt(3)>
+L<CMS_decrypt(3)|CMS_decrypt(3)>
+=head1 HISTORY
+SMIME_read_CMS() was added to OpenSSL 0.9.8
+=cut
diff --git a/src/lib/libcrypto/doc/SMIME_read_PKCS7.pod b/src/lib/libcrypto/doc/SMIME_read_PKCS7.pod
index ffafa37887..9d46715941 100644
--- a/src/lib/libcrypto/doc/SMIME_read_PKCS7.pod
+++ b/src/lib/libcrypto/doc/SMIME_read_PKCS7.pod
@@ -6,7 +6,9 @@ SMIME_read_PKCS7 - parse S/MIME message.
 =head1 SYNOPSIS
-PKCS7 *SMIME_read_PKCS7(BIO *in, BIO **bcont);
+ #include <openssl/pkcs7.h>
+ PKCS7 *SMIME_read_PKCS7(BIO *in, BIO **bcont);
 =head1 DESCRIPTION
diff --git a/src/lib/libcrypto/doc/SMIME_write_CMS.pod b/src/lib/libcrypto/doc/SMIME_write_CMS.pod
new file mode 100644
index 0000000000..04bedfb429
--- /dev/null
+++ b/src/lib/libcrypto/doc/SMIME_write_CMS.pod
@@ -0,0 +1,64 @@
+=pod
+=head1 NAME
+ SMIME_write_CMS - convert CMS structure to S/MIME format.
+=head1 SYNOPSIS
+ #include <openssl/cms.h>
+ int SMIME_write_CMS(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags);
+=head1 DESCRIPTION
+SMIME_write_CMS() adds the appropriate MIME headers to a CMS
+structure to produce an S/MIME message.
+B<out> is the BIO to write the data to. B<cms> is the appropriate
+B<CMS_ContentInfo> structure. If streaming is enabled then the content must be
+supplied in the B<data> argument. B<flags> is an optional set of flags.
+=head1 NOTES
+The following flags can be passed in the B<flags> parameter.
+If B<CMS_DETACHED> is set then cleartext signing will be used, this option only
+makes sense for SignedData where B<CMS_DETACHED> is also set when CMS_sign() is
+called.
+If the B<CMS_TEXT> flag is set MIME headers for type B<text/plain> are added to
+the content, this only makes sense if B<CMS_DETACHED> is also set.
+If the B<CMS_STREAM> flag is set streaming is performed. This flag should only
+be set if B<CMS_STREAM> was also set in the previous call to a CMS_ContentInfo
+creation function.
+If cleartext signing is being used and B<CMS_STREAM> not set then the data must
+be read twice: once to compute the signature in CMS_sign() and once to output
+the S/MIME message.
+If streaming is performed the content is output in BER format using indefinite
+length constructed encoding except in the case of signed data with detached
+content where the content is absent and DER format is used.
+=head1 BUGS
+SMIME_write_CMS() always base64 encodes CMS structures, there should be an
+option to disable this.
+=head1 RETURN VALUES
+SMIME_write_CMS() returns 1 for success or 0 for failure.
+=head1 SEE ALSO
+L<ERR_get_error(3)|ERR_get_error(3)>, L<CMS_sign(3)|CMS_sign(3)>,
+L<CMS_verify(3)|CMS_verify(3)>, L<CMS_encrypt(3)|CMS_encrypt(3)>
+L<CMS_decrypt(3)|CMS_decrypt(3)>
+=head1 HISTORY
+SMIME_write_CMS() was added to OpenSSL 0.9.8
+=cut
diff --git a/src/lib/libcrypto/doc/SMIME_write_PKCS7.pod b/src/lib/libcrypto/doc/SMIME_write_PKCS7.pod
index 61945b3887..ca6bd02763 100644
--- a/src/lib/libcrypto/doc/SMIME_write_PKCS7.pod
+++ b/src/lib/libcrypto/doc/SMIME_write_PKCS7.pod
@@ -6,17 +6,18 @@ SMIME_write_PKCS7 - convert PKCS#7 structure to S/MIME format.
 =head1 SYNOPSIS
-int SMIME_write_PKCS7(BIO *out, PKCS7 *p7, BIO *data, int flags);
+ #include <openssl/pkcs7.h>
+ int SMIME_write_PKCS7(BIO *out, PKCS7 *p7, BIO *data, int flags);
 =head1 DESCRIPTION
 SMIME_write_PKCS7() adds the appropriate MIME headers to a PKCS#7
 structure to produce an S/MIME message.
-B<out> is the BIO to write the data to. B<p7> is the appropriate
+B<out> is the BIO to write the data to. B<p7> is the appropriate B<PKCS7>
-B<PKCS7> structure. If cleartext signing (B<multipart/signed>) is
+structure. If streaming is enabled then the content must be supplied in the
-being used then the signed data must be supplied in the B<data> 
+B<data> argument. B<flags> is an optional set of flags.
-argument. B<flags> is an optional set of flags.
 =head1 NOTES
@@ -30,15 +31,18 @@ If the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain>
 are added to the content, this only makes sense if B<PKCS7_DETACHED>
 is also set.
-If the B<PKCS7_PARTSIGN> flag is set the signed data is finalized
+If the B<PKCS7_STREAM> flag is set streaming is performed. This flag should
-and output along with the content. This flag should only be set
+only be set if B<PKCS7_STREAM> was also set in the previous call to
-if B<PKCS7_DETACHED> is also set and the previous call to PKCS7_sign()
+PKCS7_sign() or B<PKCS7_encrypt()>.
-also set these flags.
-If cleartext signing is being used and B<PKCS7_PARTSIGN> not set then
+If cleartext signing is being used and B<PKCS7_STREAM> not set then
 the data must be read twice: once to compute the signature in PKCS7_sign()
 and once to output the S/MIME message.
+If streaming is performed the content is output in BER format using indefinite
+length constructuted encoding except in the case of signed data with detached
+content where the content is absent and DER format is used.
 =head1 BUGS
 SMIME_write_PKCS7() always base64 encodes PKCS#7 structures, there
diff --git a/src/lib/libcrypto/doc/X509_NAME_ENTRY_get_object.pod b/src/lib/libcrypto/doc/X509_NAME_ENTRY_get_object.pod
index 11b35f6fd3..41902c0d45 100644
--- a/src/lib/libcrypto/doc/X509_NAME_ENTRY_get_object.pod
+++ b/src/lib/libcrypto/doc/X509_NAME_ENTRY_get_object.pod
@@ -9,15 +9,17 @@ X509_NAME_ENTRY_create_by_OBJ - X509_NAME_ENTRY utility functions
 =head1 SYNOPSIS
-ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne);
+ #include <openssl/x509.h>
-ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne);
-int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj);
+ ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne);
-int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, const unsigned char *bytes, int len);
+ ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne);
-X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, const char *field, int type, const unsigned char *bytes, int len);
+ int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj);
-X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, int type,unsigned char *bytes, int len);
+ int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, const unsigned char *bytes, int len);
-X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len);
+ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, const char *field, int type, const unsigned char *bytes, int len);
+ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, int type,unsigned char *bytes, int len);
+ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len);
 =head1 DESCRIPTION
diff --git a/src/lib/libcrypto/doc/X509_NAME_add_entry_by_txt.pod b/src/lib/libcrypto/doc/X509_NAME_add_entry_by_txt.pod
index e2ab4b0d2b..1afd008cb3 100644
--- a/src/lib/libcrypto/doc/X509_NAME_add_entry_by_txt.pod
+++ b/src/lib/libcrypto/doc/X509_NAME_add_entry_by_txt.pod
@@ -7,15 +7,17 @@ X509_NAME_add_entry, X509_NAME_delete_entry - X509_NAME modification functions
 =head1 SYNOPSIS
-int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, const unsigned char *bytes, int len, int loc, int set);
+ #include <openssl/x509.h>
-int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type, unsigned char *bytes, int len, int loc, int set);
+ int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, const unsigned char *bytes, int len, int loc, int set);
-int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, unsigned char *bytes, int len, int loc, int set);
+ int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type, unsigned char *bytes, int len, int loc, int set);
-int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne, int loc, int set);
+ int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, unsigned char *bytes, int len, int loc, int set);
-X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
+ int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne, int loc, int set);
+ X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
 =head1 DESCRIPTION
diff --git a/src/lib/libcrypto/doc/X509_NAME_get_index_by_NID.pod b/src/lib/libcrypto/doc/X509_NAME_get_index_by_NID.pod
index 333323d734..3b1f9ff43b 100644
--- a/src/lib/libcrypto/doc/X509_NAME_get_index_by_NID.pod
+++ b/src/lib/libcrypto/doc/X509_NAME_get_index_by_NID.pod
@@ -8,14 +8,16 @@ X509_NAME lookup and enumeration functions
 =head1 SYNOPSIS
-int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos);
+ #include <openssl/x509.h>
-int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj, int lastpos);
-int X509_NAME_entry_count(X509_NAME *name);
+ int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos);
-X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc);
+ int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj, int lastpos);
-int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf,int len);
+ int X509_NAME_entry_count(X509_NAME *name);
-int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf,int len);
+ X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc);
+ int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf,int len);
+ int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf,int len);
 =head1 DESCRIPTION
diff --git a/src/lib/libcrypto/doc/X509_STORE_CTX_get_error.pod b/src/lib/libcrypto/doc/X509_STORE_CTX_get_error.pod
new file mode 100644
index 0000000000..a883f6c097
--- /dev/null
+++ b/src/lib/libcrypto/doc/X509_STORE_CTX_get_error.pod
@@ -0,0 +1,303 @@
+=pod
+=head1 NAME
+X509_STORE_CTX_get_error, X509_STORE_CTX_set_error, X509_STORE_CTX_get_error_depth, X509_STORE_CTX_get_current_cert, X509_STORE_CTX_get1_chain, X509_verify_cert_error_string - get or set certificate verification status information
+=head1 SYNOPSIS
+ #include <openssl/x509.h>
+ #include <openssl/x509_vfy.h>
+ int    X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
+ void   X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s);
+ int    X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
+ X509 * X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
+ STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx);
+ const char *X509_verify_cert_error_string(long n);
+=head1 DESCRIPTION
+These functions are typically called after X509_verify_cert() has indicated
+an error or in a verification callback to determine the nature of an error.
+X509_STORE_CTX_get_error() returns the error code of B<ctx>, see
+the B<ERROR CODES> section for a full description of all error codes.
+X509_STORE_CTX_set_error() sets the error code of B<ctx> to B<s>. For example
+it might be used in a verification callback to set an error based on additional
+checks.
+X509_STORE_CTX_get_error_depth() returns the B<depth> of the error. This is a
+non-negative integer representing where in the certificate chain the error
+occurred. If it is zero it occured in the end entity certificate, one if
+it is the certificate which signed the end entity certificate and so on.
+X509_STORE_CTX_get_current_cert() returns the certificate in B<ctx> which
+caused the error or B<NULL> if no certificate is relevant.
+X509_STORE_CTX_get1_chain() returns a complete validate chain if a previous
+call to X509_verify_cert() is successful. If the call to X509_verify_cert()
+is B<not> successful the returned chain may be incomplete or invalid. The
+returned chain persists after the B<ctx> structure is freed, when it is
+no longer needed it should be free up using:
+  sk_X509_pop_free(chain, X509_free);
+X509_verify_cert_error_string() returns a human readable error string for
+verification error B<n>.
+=head1 RETURN VALUES
+X509_STORE_CTX_get_error() returns B<X509_V_OK> or an error code.
+X509_STORE_CTX_get_error_depth() returns a non-negative error depth.
+X509_STORE_CTX_get_current_cert() returns the cerificate which caused the
+error or B<NULL> if no certificate is relevant to the error.
+X509_verify_cert_error_string() returns a human readable error string for
+verification error B<n>.
+=head1 ERROR CODES
+A list of error codes and messages is shown below.  Some of the
+error codes are defined but currently never returned: these are described as
+"unused".
+=over 4
+=item B<X509_V_OK: ok>
+the operation was successful.
+=item B<X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate>
+the issuer certificate could not be found: this occurs if the issuer certificate
+of an untrusted certificate cannot be found.
+=item B<X509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate CRL>
+the CRL of a certificate could not be found.
+=item B<X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature>
+the certificate signature could not be decrypted. This means that the actual
+signature value could not be determined rather than it not matching the
+expected value, this is only meaningful for RSA keys.
+=item B<X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt CRL's signature>
+the CRL signature could not be decrypted: this means that the actual signature
+value could not be determined rather than it not matching the expected value.
+Unused.
+=item B<X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode issuer public key>
+the public key in the certificate SubjectPublicKeyInfo could not be read.
+=item B<X509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure>
+the signature of the certificate is invalid.
+=item B<X509_V_ERR_CRL_SIGNATURE_FAILURE: CRL signature failure>
+the signature of the certificate is invalid.
+=item B<X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid>
+the certificate is not yet valid: the notBefore date is after the current time.
+=item B<X509_V_ERR_CERT_HAS_EXPIRED: certificate has expired>
+the certificate has expired: that is the notAfter date is before the current time.
+=item B<X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid>
+the CRL is not yet valid.
+=item B<X509_V_ERR_CRL_HAS_EXPIRED: CRL has expired>
+the CRL has expired.
+=item B<X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field>
+the certificate notBefore field contains an invalid time.
+=item B<X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's notAfter field>
+the certificate notAfter field contains an invalid time.
+=item B<X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in CRL's lastUpdate field>
+the CRL lastUpdate field contains an invalid time.
+=item B<X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in CRL's nextUpdate field>
+the CRL nextUpdate field contains an invalid time.
+=item B<X509_V_ERR_OUT_OF_MEM: out of memory>
+an error occurred trying to allocate memory. This should never happen.
+=item B<X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate>
+the passed certificate is self signed and the same certificate cannot be found
+in the list of trusted certificates.
+=item B<X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain>
+the certificate chain could be built up using the untrusted certificates but
+the root could not be found locally.
+=item B<X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate>
+the issuer certificate of a locally looked up certificate could not be found.
+This normally means the list of trusted certificates is not complete.
+=item B<X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate>
+no signatures could be verified because the chain contains only one certificate
+and it is not self signed.
+=item B<X509_V_ERR_CERT_CHAIN_TOO_LONG: certificate chain too long>
+the certificate chain length is greater than the supplied maximum depth. Unused.
+=item B<X509_V_ERR_CERT_REVOKED: certificate revoked>
+the certificate has been revoked.
+=item B<X509_V_ERR_INVALID_CA: invalid CA certificate>
+a CA certificate is invalid. Either it is not a CA or its extensions are not
+consistent with the supplied purpose.
+=item B<X509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded>
+the basicConstraints pathlength parameter has been exceeded.
+=item B<X509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose>
+the supplied certificate cannot be used for the specified purpose.
+=item B<X509_V_ERR_CERT_UNTRUSTED: certificate not trusted>
+the root CA is not marked as trusted for the specified purpose.
+=item B<X509_V_ERR_CERT_REJECTED: certificate rejected>
+the root CA is marked to reject the specified purpose.
+=item B<X509_V_ERR_SUBJECT_ISSUER_MISMATCH: subject issuer mismatch>
+the current candidate issuer certificate was rejected because its subject name
+did not match the issuer name of the current certificate. This is only set
+if issuer check debugging is enabled it is used for status notification and
+is B<not> in itself an error.
+=item B<X509_V_ERR_AKID_SKID_MISMATCH: authority and subject key identifier mismatch>
+the current candidate issuer certificate was rejected because its subject key
+identifier was present and did not match the authority key identifier current
+certificate. This is only set if issuer check debugging is enabled it is used
+for status notification and is B<not> in itself an error.
+=item B<X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: authority and issuer serial number mismatch>
+the current candidate issuer certificate was rejected because its issuer name
+and serial number was present and did not match the authority key identifier of
+the current certificate. This is only set if issuer check debugging is enabled
+it is used for status notification and is B<not> in itself an error.
+=item B<X509_V_ERR_KEYUSAGE_NO_CERTSIGN:key usage does not include certificate signing>
+the current candidate issuer certificate was rejected because its keyUsage
+extension does not permit certificate signing. This is only set if issuer check
+debugging is enabled it is used for status notification and is B<not> in itself
+an error.
+=item B<X509_V_ERR_INVALID_EXTENSION: invalid or inconsistent certificate extension>
+A certificate extension had an invalid value (for example an incorrect
+encoding) or some value inconsistent with other extensions.
+=item B<X509_V_ERR_INVALID_POLICY_EXTENSION: invalid or inconsistent certificate policy extension>
+A certificate policies extension had an invalid value (for example an incorrect
+encoding) or some value inconsistent with other extensions. This error only
+occurs if policy processing is enabled.
+=item B<X509_V_ERR_NO_EXPLICIT_POLICY: no explicit policy>
+The verification flags were set to require and explicit policy but none was
+present.
+=item B<X509_V_ERR_DIFFERENT_CRL_SCOPE: Different CRL scope>
+The only CRLs that could be found did not match the scope of the certificate.
+=item B<X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE: Unsupported extension feature>
+Some feature of a certificate extension is not supported. Unused.
+=item B<X509_V_ERR_PERMITTED_VIOLATION: permitted subtree violation>
+A name constraint violation occured in the permitted subtrees.
+=item B<X509_V_ERR_EXCLUDED_VIOLATION: excluded subtree violation>
+A name constraint violation occured in the excluded subtrees.
+=item B<X509_V_ERR_SUBTREE_MINMAX: name constraints minimum and maximum not supported>
+A certificate name constraints extension included a minimum or maximum field:
+this is not supported.
+=item B<X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: unsupported name constraint type>
+An unsupported name constraint type was encountered. OpenSSL currently only
+supports directory name, DNS name, email and URI types.
+=item B<X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: unsupported or invalid name constraint syntax>
+The format of the name constraint is not recognised: for example an email
+address format of a form not mentioned in RFC3280. This could be caused by
+a garbage extension or some new feature not currently supported.
+=item B<X509_V_ERR_CRL_PATH_VALIDATION_ERROR: CRL path validation error>
+An error occured when attempting to verify the CRL path. This error can only
+happen if extended CRL checking is enabled.
+=item B<X509_V_ERR_APPLICATION_VERIFICATION: application verification failure>
+an application specific error. This will never be returned unless explicitly
+set by an application.
+=head1 NOTES
+The above functions should be used instead of directly referencing the fields
+in the B<X509_VERIFY_CTX> structure.
+In versions of OpenSSL before 1.0 the current certificate returned by
+X509_STORE_CTX_get_current_cert() was never B<NULL>. Applications should
+check the return value before printing out any debugging information relating
+to the current certificate.
+If an unrecognised error code is passed to X509_verify_cert_error_string() the
+numerical value of the unknown code is returned in a static buffer. This is not
+thread safe but will never happen unless an invalid code is passed.
+=head1 SEE ALSO
+L<X509_verify_cert(3)|X509_verify_cert(3)>
+=head1 HISTORY
+TBA
+=cut
diff --git a/src/lib/libcrypto/doc/X509_STORE_CTX_get_ex_new_index.pod b/src/lib/libcrypto/doc/X509_STORE_CTX_get_ex_new_index.pod
new file mode 100644
index 0000000000..8d6b9dda47
--- /dev/null
+++ b/src/lib/libcrypto/doc/X509_STORE_CTX_get_ex_new_index.pod
@@ -0,0 +1,41 @@
+=pod
+=head1 NAME
+X509_STORE_CTX_get_ex_new_index, X509_STORE_CTX_set_ex_data, X509_STORE_CTX_get_ex_data - add application specific data to X509_STORE_CTX structures
+=head1 SYNOPSIS
+ #include <openssl/x509_vfy.h>
+ int X509_STORE_CTX_get_ex_new_index(long argl, void *argp,
+                CRYPTO_EX_new *new_func,
+                CRYPTO_EX_dup *dup_func,
+                CRYPTO_EX_free *free_func);
+ int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *d, int idx, void *arg);
+ char *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *d, int idx);
+=head1 DESCRIPTION
+These functions handle application specific data in X509_STORE_CTX structures.
+Their usage is identical to that of RSA_get_ex_new_index(), RSA_set_ex_data()
+and RSA_get_ex_data() as described in L<RSA_get_ex_new_index(3)>.
+=head1 NOTES
+This mechanism is used internally by the B<ssl> library to store the B<SSL>
+structure associated with a verification operation in an B<X509_STORE_CTX>
+structure. 
+=head1 SEE ALSO
+L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>
+=head1 HISTORY
+X509_STORE_CTX_get_ex_new_index(), X509_STORE_CTX_set_ex_data() and
+X509_STORE_CTX_get_ex_data() are available since OpenSSL 0.9.5.
+=cut
diff --git a/src/lib/libcrypto/doc/X509_STORE_CTX_new.pod b/src/lib/libcrypto/doc/X509_STORE_CTX_new.pod
new file mode 100644
index 0000000000..b17888f149
--- /dev/null
+++ b/src/lib/libcrypto/doc/X509_STORE_CTX_new.pod
@@ -0,0 +1,122 @@
+=pod
+=head1 NAME
+X509_STORE_CTX_new, X509_STORE_CTX_cleanup, X509_STORE_CTX_free, X509_STORE_CTX_init, X509_STORE_CTX_trusted_stack, X509_STORE_CTX_set_cert, X509_STORE_CTX_set_chain, X509_STORE_CTX_set0_crls, X509_STORE_CTX_get0_param, X509_STORE_CTX_set0_param, X509_STORE_CTX_set_default - X509_STORE_CTX initialisation
+=head1 SYNOPSIS
+ #include <openssl/x509_vfy.h>
+ X509_STORE_CTX *X509_STORE_CTX_new(void);
+ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
+ void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
+ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
+                         X509 *x509, STACK_OF(X509) *chain);
+ void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
+ void   X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx,X509 *x);
+ void   X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx,STACK_OF(X509) *sk);
+ void   X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk);
+ X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx);
+ void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param);
+ int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name);
+=head1 DESCRIPTION
+These functions initialise an B<X509_STORE_CTX> structure for subsequent use
+by X509_verify_cert().
+X509_STORE_CTX_new() returns a newly initialised B<X509_STORE_CTX> structure.
+X509_STORE_CTX_cleanup() internally cleans up an B<X509_STORE_CTX> structure.
+The context can then be reused with an new call to X509_STORE_CTX_init().
+X509_STORE_CTX_free() completely frees up B<ctx>. After this call B<ctx>
+is no longer valid.
+X509_STORE_CTX_init() sets up B<ctx> for a subsequent verification operation.
+The trusted certificate store is set to B<store>, the end entity certificate
+to be verified is set to B<x509> and a set of additional certificates (which
+will be untrusted but may be used to build the chain) in B<chain>. Any or
+all of the B<store>, B<x509> and B<chain> parameters can be B<NULL>.
+X509_STORE_CTX_trusted_stack() sets the set of trusted certificates of B<ctx>
+to B<sk>. This is an alternative way of specifying trusted certificates 
+instead of using an B<X509_STORE>.
+X509_STORE_CTX_set_cert() sets the certificate to be vertified in B<ctx> to
+B<x>.
+X509_STORE_CTX_set_chain() sets the additional certificate chain used by B<ctx>
+to B<sk>.
+X509_STORE_CTX_set0_crls() sets a set of CRLs to use to aid certificate
+verification to B<sk>. These CRLs will only be used if CRL verification is
+enabled in the associated B<X509_VERIFY_PARAM> structure. This might be
+used where additional "useful" CRLs are supplied as part of a protocol,
+for example in a PKCS#7 structure.
+X509_VERIFY_PARAM *X509_STORE_CTX_get0_param() retrieves an intenal pointer
+to the verification parameters associated with B<ctx>.
+X509_STORE_CTX_set0_param() sets the intenal verification parameter pointer
+to B<param>. After this call B<param> should not be used.
+X509_STORE_CTX_set_default() looks up and sets the default verification
+method to B<name>. This uses the function X509_VERIFY_PARAM_lookup() to
+find an appropriate set of parameters from B<name>.
+=head1 NOTES
+The certificates and CRLs in a store are used internally and should B<not>
+be freed up until after the associated B<X509_STORE_CTX> is freed. Legacy
+applications might implicitly use an B<X509_STORE_CTX> like this:
+  X509_STORE_CTX ctx;
+  X509_STORE_CTX_init(&ctx, store, cert, chain);
+this is B<not> recommended in new applications they should instead do:
+  X509_STORE_CTX *ctx;
+  ctx = X509_STORE_CTX_new();
+  if (ctx == NULL)
+        /* Bad error */
+  X509_STORE_CTX_init(ctx, store, cert, chain);
+=head1 BUGS
+The certificates and CRLs in a context are used internally and should B<not>
+be freed up until after the associated B<X509_STORE_CTX> is freed. Copies
+should be made or reference counts increased instead.
+=head1 RETURN VALUES
+X509_STORE_CTX_new() returns an newly allocates context or B<NULL> is an
+error occurred.
+X509_STORE_CTX_init() returns 1 for success or 0 if an error occurred.
+X509_STORE_CTX_get0_param() returns a pointer to an B<X509_VERIFY_PARAM>
+structure or B<NULL> if an error occurred.
+X509_STORE_CTX_cleanup(), X509_STORE_CTX_free(), X509_STORE_CTX_trusted_stack(),
+X509_STORE_CTX_set_cert(), X509_STORE_CTX_set_chain(),
+X509_STORE_CTX_set0_crls() and X509_STORE_CTX_set0_param() do not return
+values.
+X509_STORE_CTX_set_default() returns 1 for success or 0 if an error occurred.
+=head1 SEE ALSO
+L<X509_verify_cert(3)|X509_verify_cert(3)>
+L<X509_VERIFY_PARAM_set_flags(3)|X509_VERIFY_PARAM_set_flags(3)>
+=head1 HISTORY
+X509_STORE_CTX_set0_crls() was first added to OpenSSL 1.0.0
+=cut
diff --git a/src/lib/libcrypto/doc/X509_STORE_CTX_set_verify_cb.pod b/src/lib/libcrypto/doc/X509_STORE_CTX_set_verify_cb.pod
new file mode 100644
index 0000000000..b9787a6ca6
--- /dev/null
+++ b/src/lib/libcrypto/doc/X509_STORE_CTX_set_verify_cb.pod
@@ -0,0 +1,161 @@
+=pod
+=head1 NAME
+X509_STORE_CTX_set_verify_cb - set verification callback
+=head1 SYNOPSIS
+ #include <openssl/x509_vfy.h>
+ void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
+                                int (*verify_cb)(int ok, X509_STORE_CTX *ctx));
+=head1 DESCRIPTION
+X509_STORE_CTX_set_verify_cb() sets the verification callback of B<ctx> to
+B<verify_cb> overwriting any existing callback.
+The verification callback can be used to customise the operation of certificate
+verification, either by overriding error conditions or logging errors for
+debugging purposes.
+However a verification callback is B<not> essential and the default operation
+is often sufficient.
+The B<ok> parameter to the callback indicates the value the callback should
+return to retain the default behaviour. If it is zero then and error condition
+is indicated. If it is 1 then no error occurred. If the flag
+B<X509_V_FLAG_NOTIFY_POLICY> is set then B<ok> is set to 2 to indicate the
+policy checking is complete.
+The B<ctx> parameter to the callback is the B<X509_STORE_CTX> structure that
+is performing the verification operation. A callback can examine this
+structure and receive additional information about the error, for example
+by calling X509_STORE_CTX_get_current_cert(). Additional application data can
+be passed to the callback via the B<ex_data> mechanism.
+=head1 WARNING
+In general a verification callback should B<NOT> unconditionally return 1 in
+all circumstances because this will allow verification to succeed no matter
+what the error. This effectively removes all security from the application
+because B<any> certificate (including untrusted generated ones) will be
+accepted.
+=head1 NOTES
+The verification callback can be set and inherited from the parent structure
+performing the operation. In some cases (such as S/MIME verification) the
+B<X509_STORE_CTX> structure is created and destroyed internally and the
+only way to set a custom verification callback is by inheriting it from the
+associated B<X509_STORE>.
+=head1 RETURN VALUES
+X509_STORE_CTX_set_verify_cb() does not return a value.
+=head1 EXAMPLES
+Default callback operation:
+ int verify_callback(int ok, X509_STORE_CTX *ctx)
+        {
+        return ok;
+        }
+Simple example, suppose a certificate in the chain is expired and we wish
+to continue after this error:
+ int verify_callback(int ok, X509_STORE_CTX *ctx)
+        {
+        /* Tolerate certificate expiration */
+        if (X509_STORE_CTX_get_error(ctx) == X509_V_ERR_CERT_HAS_EXPIRED)
+                        return 1;
+        /* Otherwise don't override */
+        return ok;
+        }
+More complex example, we don't wish to continue after B<any> certificate has
+expired just one specific case:
+ int verify_callback(int ok, X509_STORE_CTX *ctx)
+        {
+        int err = X509_STORE_CTX_get_error(ctx);
+        X509 *err_cert = X509_STORE_CTX_get_current_cert(ctx);
+        if (err == X509_V_ERR_CERT_HAS_EXPIRED)
+                {
+                if (check_is_acceptable_expired_cert(err_cert)
+                        return 1;
+                }
+        return ok;
+        }
+Full featured logging callback. In this case the B<bio_err> is assumed to be
+a global logging B<BIO>, an alternative would to store a BIO in B<ctx> using
+B<ex_data>.
+        
+ int verify_callback(int ok, X509_STORE_CTX *ctx)
+        {
+        X509 *err_cert;
+        int err,depth;
+        err_cert = X509_STORE_CTX_get_current_cert(ctx);
+        err =   X509_STORE_CTX_get_error(ctx);
+        depth = X509_STORE_CTX_get_error_depth(ctx);
+        BIO_printf(bio_err,"depth=%d ",depth);
+        if (err_cert)
+                {
+                X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert),
+                                        0, XN_FLAG_ONELINE);
+                BIO_puts(bio_err, "\n");
+                }
+        else
+                BIO_puts(bio_err, "<no cert>\n");
+        if (!ok)
+                BIO_printf(bio_err,"verify error:num=%d:%s\n",err,
+                        X509_verify_cert_error_string(err));
+        switch (err)
+                {
+        case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
+                BIO_puts(bio_err,"issuer= ");
+                X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert),
+                                        0, XN_FLAG_ONELINE);
+                BIO_puts(bio_err, "\n");
+                break;
+        case X509_V_ERR_CERT_NOT_YET_VALID:
+        case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
+                BIO_printf(bio_err,"notBefore=");
+                ASN1_TIME_print(bio_err,X509_get_notBefore(err_cert));
+                BIO_printf(bio_err,"\n");
+                break;
+        case X509_V_ERR_CERT_HAS_EXPIRED:
+        case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
+                BIO_printf(bio_err,"notAfter=");
+                ASN1_TIME_print(bio_err,X509_get_notAfter(err_cert));
+                BIO_printf(bio_err,"\n");
+                break;
+        case X509_V_ERR_NO_EXPLICIT_POLICY:
+                policies_print(bio_err, ctx);
+                break;
+                }
+        if (err == X509_V_OK && ok == 2)
+                /* print out policies */
+        BIO_printf(bio_err,"verify return:%d\n",ok);
+        return(ok);
+        }
+=head1 SEE ALSO
+L<X509_STORE_CTX_get_error(3)|X509_STORE_CTX_get_error(3)>
+L<X509_STORE_set_verify_cb_func(3)|X509_STORE_set_verify_cb_func(3)>
+L<X509_STORE_CTX_get_ex_new_index(3)|X509_STORE_CTX_get_ex_new_index(3)>
+=head1 HISTORY
+X509_STORE_CTX_set_verify_cb() is available in all versions of SSLeay and
+OpenSSL.
+=cut
diff --git a/src/lib/libcrypto/doc/X509_STORE_set_verify_cb_func.pod b/src/lib/libcrypto/doc/X509_STORE_set_verify_cb_func.pod
new file mode 100644
index 0000000000..29e3bbe3bc
--- /dev/null
+++ b/src/lib/libcrypto/doc/X509_STORE_set_verify_cb_func.pod
@@ -0,0 +1,54 @@
+=pod
+=head1 NAME
+X509_STORE_set_verify_cb_func, X509_STORE_set_verify_cb - set verification callback
+=head1 SYNOPSIS
+ #include <openssl/x509_vfy.h>
+ void X509_STORE_set_verify_cb(X509_STORE *st,
+                                int (*verify_cb)(int ok, X509_STORE_CTX *ctx));
+ void X509_STORE_set_verify_cb_func(X509_STORE *st,
+                                int (*verify_cb)(int ok, X509_STORE_CTX *ctx));
+=head1 DESCRIPTION
+X509_STORE_set_verify_cb() sets the verification callback of B<ctx> to
+B<verify_cb> overwriting any existing callback.
+X509_STORE_set_verify_cb_func() also sets the verification callback but it
+is implemented as a macro.
+=head1 NOTES
+The verification callback from an B<X509_STORE> is inherited by 
+the corresponding B<X509_STORE_CTX> structure when it is initialized. This can
+be used to set the verification callback when the B<X509_STORE_CTX> is 
+otherwise inaccessible (for example during S/MIME verification).
+=head1 BUGS
+The macro version of this function was the only one available before 
+OpenSSL 1.0.0.
+=head1 RETURN VALUES
+X509_STORE_set_verify_cb() and X509_STORE_set_verify_cb_func() do not return
+a value.
+=head1 SEE ALSO
+L<X509_STORE_CTX_set_verify_cb(3)|X509_STORE_CTX_set_verify_cb(3)>
+L<CMS_verify(3)|CMS_verify(3)>
+=head1 HISTORY
+X509_STORE_set_verify_cb_func() is available in all versions of SSLeay and
+OpenSSL.
+X509_STORE_set_verify_cb() was added to OpenSSL 1.0.0.
+=cut
diff --git a/src/lib/libcrypto/doc/X509_VERIFY_PARAM_set_flags.pod b/src/lib/libcrypto/doc/X509_VERIFY_PARAM_set_flags.pod
new file mode 100644
index 0000000000..b68eece033
--- /dev/null
+++ b/src/lib/libcrypto/doc/X509_VERIFY_PARAM_set_flags.pod
@@ -0,0 +1,171 @@
+=pod
+=head1 NAME
+X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, X509_VERIFY_PARAM_get_flags, X509_VERIFY_PARAM_set_purpose, X509_VERIFY_PARAM_set_trust, X509_VERIFY_PARAM_set_depth, X509_VERIFY_PARAM_get_depth, X509_VERIFY_PARAM_set_time, X509_VERIFY_PARAM_add0_policy, X509_VERIFY_PARAM_set1_policies - X509 verification parameters 
+=head1 SYNOPSIS
+ #include <openssl/x509_vfy.h>
+ int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags);
+ int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param,
+                                                        unsigned long flags);
+ unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param);
+ int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose);
+ int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust);
+ void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t);
+ int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
+                                                ASN1_OBJECT *policy);
+ int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, 
+                                        STACK_OF(ASN1_OBJECT) *policies);
+ void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth);
+ int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param);
+=head1 DESCRIPTION
+These functions manipulate the B<X509_VERIFY_PARAM> structure associated with
+a certificate verification operation. 
+The X509_VERIFY_PARAM_set_flags() function sets the flags in B<param> by oring
+it with B<flags>. See the B<VERIFICATION FLAGS> section for a complete
+description of values the B<flags> parameter can take.
+X509_VERIFY_PARAM_get_flags() returns the flags in B<param>.
+X509_VERIFY_PARAM_clear_flags() clears the flags B<flags> in B<param>.
+X509_VERIFY_PARAM_set_purpose() sets the verification purpose in B<param>
+to B<purpose>. This determines the acceptable purpose of the certificate
+chain, for example SSL client or SSL server.
+X509_VERIFY_PARAM_set_trust() sets the trust setting in B<param> to 
+B<trust>.
+X509_VERIFY_PARAM_set_time() sets the verification time in B<param> to
+B<t>. Normally the current time is used.
+X509_VERIFY_PARAM_add0_policy() enables policy checking (it is disabled
+by default) and adds B<policy> to the acceptable policy set.
+X509_VERIFY_PARAM_set1_policies() enables policy checking (it is disabled
+by default) and sets the acceptable policy set to B<policies>. Any existing
+policy set is cleared. The B<policies> parameter can be B<NULL> to clear
+an existing policy set.
+X509_VERIFY_PARAM_set_depth() sets the maximum verification depth to B<depth>.
+That is the maximum number of untrusted CA certificates that can appear in a
+chain.
+=head1 RETURN VALUES
+X509_VERIFY_PARAM_set_flags(), X509_VERIFY_PARAM_clear_flags(), 
+X509_VERIFY_PARAM_set_purpose(), X509_VERIFY_PARAM_set_trust(),
+X509_VERIFY_PARAM_add0_policy() and X509_VERIFY_PARAM_set1_policies() return 1
+for success and 0 for failure. 
+X509_VERIFY_PARAM_get_flags() returns the current verification flags.
+X509_VERIFY_PARAM_set_time() and X509_VERIFY_PARAM_set_depth() do not return
+values.
+X509_VERIFY_PARAM_get_depth() returns the current verification depth.
+=head1 VERIFICATION FLAGS
+The verification flags consists of zero or more of the following flags
+ored together.
+B<X509_V_FLAG_CRL_CHECK> enables CRL checking for the certificate chain leaf
+certificate. An error occurs if a suitable CRL cannot be found. 
+B<X509_V_FLAG_CRL_CHECK_ALL> enables CRL checking for the entire certificate
+chain.
+B<X509_V_FLAG_IGNORE_CRITICAL> disabled critical extension checking. By default
+any unhandled critical extensions in certificates or (if checked) CRLs results
+in a fatal error. If this flag is set unhandled critical extensions are
+ignored. B<WARNING> setting this option for anything other than debugging
+purposes can be a security risk. Finer control over which extensions are
+supported can be performed in the verification callback.
+THe B<X509_V_FLAG_X509_STRICT> flag disables workarounds for some broken
+certificates and makes the verification strictly apply B<X509> rules.
+B<X509_V_FLAG_ALLOW_PROXY_CERTS> enables proxy certificate verification.
+B<X509_V_FLAG_POLICY_CHECK> enables certificate policy checking, by default
+no policy checking is peformed. Additional information is sent to the 
+verification callback relating to policy checking.
+B<X509_V_FLAG_EXPLICIT_POLICY>, B<X509_V_FLAG_INHIBIT_ANY> and
+B<X509_V_FLAG_INHIBIT_MAP> set the B<require explicit policy>, B<inhibit any
+policy> and B<inhibit policy mapping> flags respectively as defined in
+B<RFC3280>. Policy checking is automatically enabled if any of these flags
+are set.
+If B<X509_V_FLAG_NOTIFY_POLICY> is set and the policy checking is successful
+a special status code is set to the verification callback. This permits it
+to examine the valid policy tree and perform additional checks or simply
+log it for debugging purposes.
+By default some addtional features such as indirect CRLs and CRLs signed by
+different keys are disabled. If B<X509_V_FLAG_EXTENDED_CRL_SUPPORT> is set
+they are enabled.
+If B<X509_V_FLAG_USE_DELTAS> ise set delta CRLs (if present) are used to
+determine certificate status. If not set deltas are ignored.
+B<X509_V_FLAG_CHECK_SS_SIGNATURE> enables checking of the root CA self signed
+cerificate signature. By default this check is disabled because it doesn't
+add any additional security but in some cases applications might want to
+check the signature anyway. A side effect of not checking the root CA
+signature is that disabled or unsupported message digests on the root CA
+are not treated as fatal errors.
+The B<X509_V_FLAG_CB_ISSUER_CHECK> flag enables debugging of certificate
+issuer checks. It is B<not> needed unless you are logging certificate
+verification. If this flag is set then additional status codes will be sent
+to the verification callback and it B<must> be prepared to handle such cases
+without assuming they are hard errors.
+=head1 NOTES
+The above functions should be used to manipulate verification parameters
+instead of legacy functions which work in specific structures such as
+X509_STORE_CTX_set_flags().
+=head1 BUGS
+Delta CRL checking is currently primitive. Only a single delta can be used and
+(partly due to limitations of B<X509_STORE>) constructed CRLs are not 
+maintained.
+If CRLs checking is enable CRLs are expected to be available in the
+corresponding B<X509_STORE> structure. No attempt is made to download
+CRLs from the CRL distribution points extension.
+=head1 EXAMPLE
+Enable CRL checking when performing certificate verification during SSL 
+connections associated with an B<SSL_CTX> structure B<ctx>:
+  X509_VERIFY_PARAM *param;
+  param = X509_VERIFY_PARAM_new();
+  X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);
+  SSL_CTX_set1_param(ctx, param);
+  X509_VERIFY_PARAM_free(param);
+=head1 SEE ALSO
+L<X509_verify_cert(3)|X509_verify_cert(3)>
+=head1 HISTORY
+TBA
+=cut
diff --git a/src/lib/libcrypto/doc/X509_new.pod b/src/lib/libcrypto/doc/X509_new.pod
index fd5fc65ce1..d38872335f 100644
--- a/src/lib/libcrypto/doc/X509_new.pod
+++ b/src/lib/libcrypto/doc/X509_new.pod
@@ -6,6 +6,8 @@ X509_new, X509_free - X509 certificate ASN1 allocation functions
 =head1 SYNOPSIS
+ #include <openssl/x509.h>
 X509 *X509_new(void);
 void X509_free(X509 *a);
diff --git a/src/lib/libcrypto/doc/X509_verify_cert.pod b/src/lib/libcrypto/doc/X509_verify_cert.pod
new file mode 100644
index 0000000000..5253bdcd70
--- /dev/null
+++ b/src/lib/libcrypto/doc/X509_verify_cert.pod
@@ -0,0 +1,53 @@
+=pod
+=head1 NAME
+X509_verify_cert - discover and verify X509 certificte chain
+=head1 SYNOPSIS
+ #include <openssl/x509.h>
+ int X509_verify_cert(X509_STORE_CTX *ctx);
+=head1 DESCRIPTION
+The X509_verify_cert() function attempts to discover and validate a
+certificate chain based on parameters in B<ctx>. A complete description of
+the process is contained in the L<verify(1)|verify(1)> manual page.
+=head1 RETURN VALUES
+If a complete chain can be built and validated this function returns 1,
+otherwise it return zero, in exceptional circumstances it can also
+return a negative code.
+If the function fails additional error information can be obtained by
+examining B<ctx> using, for example X509_STORE_CTX_get_error().
+=head1 NOTES
+Applications rarely call this function directly but it is used by
+OpenSSL internally for certificate validation, in both the S/MIME and
+SSL/TLS code.
+The negative return value from X509_verify_cert() can only occur if no
+certificate is set in B<ctx> (due to a programming error) or if a retry
+operation is requested during internal lookups (which never happens with
+standard lookup methods). It is however recommended that application check
+for <= 0 return value on error.
+=head1 BUGS
+This function uses the header B<x509.h> as opposed to most chain verification
+functiosn which use B<x509_vfy.h>.
+=head1 SEE ALSO
+L<X509_STORE_CTX_get_error(3)|X509_STORE_CTX_get_error(3)>
+=head1 HISTORY
+X509_verify_cert() is available in all versions of SSLeay and OpenSSL.
+=cut
diff --git a/src/lib/libcrypto/doc/d2i_RSAPublicKey.pod b/src/lib/libcrypto/doc/d2i_RSAPublicKey.pod
index 279b29c873..aa6078bcf6 100644
--- a/src/lib/libcrypto/doc/d2i_RSAPublicKey.pod
+++ b/src/lib/libcrypto/doc/d2i_RSAPublicKey.pod
@@ -11,21 +11,21 @@ d2i_Netscape_RSA - RSA public and private key encoding functions.
 #include <openssl/rsa.h>
 #include <openssl/x509.h>
- RSA * d2i_RSAPublicKey(RSA **a, unsigned char **pp, long length);
+ RSA * d2i_RSAPublicKey(RSA **a, const unsigned char **pp, long length);
 int i2d_RSAPublicKey(RSA *a, unsigned char **pp);
- RSA * d2i_RSA_PUBKEY(RSA **a, unsigned char **pp, long length);
+ RSA * d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, long length);
 int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp);
- RSA * d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length);
+ RSA * d2i_RSAPrivateKey(RSA **a, const unsigned char **pp, long length);
 int i2d_RSAPrivateKey(RSA *a, unsigned char **pp);
 int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)());
- RSA * d2i_Netscape_RSA(RSA **a, unsigned char **pp, long length, int (*cb)());
+ RSA * d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, int (*cb)());
 =head1 DESCRIPTION
diff --git a/src/lib/libcrypto/doc/d2i_X509.pod b/src/lib/libcrypto/doc/d2i_X509.pod
index 5bfa18afbb..298ec54a4c 100644
--- a/src/lib/libcrypto/doc/d2i_X509.pod
+++ b/src/lib/libcrypto/doc/d2i_X509.pod
@@ -15,8 +15,8 @@ i2d_X509_fp - X509 encode and decode functions
 X509 *d2i_X509_bio(BIO *bp, X509 **x);
 X509 *d2i_X509_fp(FILE *fp, X509 **x);
- int i2d_X509_bio(X509 *x, BIO *bp);
+ int i2d_X509_bio(BIO *bp, X509 *x);
- int i2d_X509_fp(X509 *x, FILE *fp);
+ int i2d_X509_fp(FILE *fp, X509 *x);
 =head1 DESCRIPTION
@@ -212,11 +212,11 @@ d2i_X509(), d2i_X509_bio() and d2i_X509_fp() return a valid B<X509> structure
 or B<NULL> if an error occurs. The error code that can be obtained by
 L<ERR_get_error(3)|ERR_get_error(3)>. 
-i2d_X509(), i2d_X509_bio() and i2d_X509_fp() return a the number of bytes
+i2d_X509() returns the number of bytes successfully encoded or a negative
-successfully encoded or a negative value if an error occurs. The error code
+value if an error occurs. The error code can be obtained by
-can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. 
+L<ERR_get_error(3)|ERR_get_error(3)>. 
-i2d_X509_bio() and i2d_X509_fp() returns 1 for success and 0 if an error 
+i2d_X509_bio() and i2d_X509_fp() return 1 for success and 0 if an error 
 occurs The error code can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. 
 =head1 SEE ALSO
diff --git a/src/lib/libcrypto/doc/d2i_X509_CRL.pod b/src/lib/libcrypto/doc/d2i_X509_CRL.pod
index e7295a5d61..224f9e082b 100644
--- a/src/lib/libcrypto/doc/d2i_X509_CRL.pod
+++ b/src/lib/libcrypto/doc/d2i_X509_CRL.pod
@@ -15,8 +15,8 @@ i2d_X509_CRL_bio, i2d_X509_CRL_fp - PKCS#10 certificate request functions.
 X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **x);
 X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **x);
- int i2d_X509_CRL_bio(X509_CRL *x, BIO *bp);
+ int i2d_X509_CRL_bio(BIO *bp, X509_CRL *x);
- int i2d_X509_CRL_fp(X509_CRL *x, FILE *fp);
+ int i2d_X509_CRL_fp(FILE *fp, X509_CRL *x);
 =head1 DESCRIPTION
diff --git a/src/lib/libcrypto/doc/d2i_X509_REQ.pod b/src/lib/libcrypto/doc/d2i_X509_REQ.pod
index ae32a3891d..91c0c1974b 100644
--- a/src/lib/libcrypto/doc/d2i_X509_REQ.pod
+++ b/src/lib/libcrypto/doc/d2i_X509_REQ.pod
@@ -15,8 +15,8 @@ i2d_X509_REQ_bio, i2d_X509_REQ_fp - PKCS#10 certificate request functions.
 X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **x);
 X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **x);
- int i2d_X509_REQ_bio(X509_REQ *x, BIO *bp);
+ int i2d_X509_REQ_bio(BIO *bp, X509_REQ *x);
- int i2d_X509_REQ_fp(X509_REQ *x, FILE *fp);
+ int i2d_X509_REQ_fp(FILE *fp, X509_REQ *x);
 =head1 DESCRIPTION
diff --git a/src/lib/libcrypto/doc/evp.pod b/src/lib/libcrypto/doc/evp.pod
index b3ca14314f..9faa349243 100644
--- a/src/lib/libcrypto/doc/evp.pod
+++ b/src/lib/libcrypto/doc/evp.pod
@@ -22,14 +22,24 @@ digital signatures.
 Symmetric encryption is available with the B<EVP_Encrypt>I<...>
 functions.  The B<EVP_Digest>I<...> functions provide message digests.
+The B<EVP_PKEY>I<...> functions provide a high level interface to
+asymmetric algorithms.
 Algorithms are loaded with OpenSSL_add_all_algorithms(3).
-All the symmetric algorithms (ciphers) and digests can be replaced by ENGINE
+All the symmetric algorithms (ciphers), digests and asymmetric algorithms
-modules providing alternative implementations. If ENGINE implementations of
+(public key algorithms) can be replaced by ENGINE modules providing alternative
-ciphers or digests are registered as defaults, then the various EVP functions
+implementations. If ENGINE implementations of ciphers or digests are registered
-will automatically use those implementations automatically in preference to
+as defaults, then the various EVP functions will automatically use those
-built in software implementations. For more information, consult the engine(3)
+implementations automatically in preference to built in software
-man page.
+implementations. For more information, consult the engine(3) man page.
+Although low level algorithm specific functions exist for many algorithms
+their use is discouraged. They cannot be used with an ENGINE and ENGINE
+versions of new algorithms cannot be accessed using the low level functions.
+Also makes code harder to adapt to new algorithms and some options are not 
+cleanly supported at the low level and some operations are more efficient
+using the high level interface.
 =head1 SEE ALSO
diff --git a/src/lib/libcrypto/doc/i2d_CMS_bio_stream.pod b/src/lib/libcrypto/doc/i2d_CMS_bio_stream.pod
new file mode 100644
index 0000000000..558bdd0812
--- /dev/null
+++ b/src/lib/libcrypto/doc/i2d_CMS_bio_stream.pod
@@ -0,0 +1,44 @@
+=pod
+=head1 NAME
+ i2d_CMS_bio_stream - output CMS_ContentInfo structure in BER format.
+=head1 SYNOPSIS
+ #include <openssl/cms.h>
+ int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags);
+=head1 DESCRIPTION
+i2d_CMS_bio_stream() outputs a CMS_ContentInfo structure in BER format.
+It is otherwise identical to the function SMIME_write_CMS().
+=head1 NOTES
+This function is effectively a version of the i2d_CMS_bio() supporting
+streaming.
+=head1 BUGS
+The prefix "i2d" is arguably wrong because the function outputs BER format.
+=head1 RETURN VALUES
+i2d_CMS_bio_stream() returns 1 for success or 0 for failure.
+=head1 SEE ALSO
+L<ERR_get_error(3)|ERR_get_error(3)>, L<CMS_sign(3)|CMS_sign(3)>,
+L<CMS_verify(3)|CMS_verify(3)>, L<CMS_encrypt(3)|CMS_encrypt(3)>
+L<CMS_decrypt(3)|CMS_decrypt(3)>,
+L<SMIME_write_CMS(3)|SMIME_write_CMS(3)>,
+L<PEM_write_bio_CMS_stream(3)|PEM_write_bio_CMS_stream(3)>
+=head1 HISTORY
+i2d_CMS_bio_stream() was added to OpenSSL 1.0.0
+=cut
diff --git a/src/lib/libcrypto/doc/i2d_PKCS7_bio_stream.pod b/src/lib/libcrypto/doc/i2d_PKCS7_bio_stream.pod
new file mode 100644
index 0000000000..dc4d884c59
--- /dev/null
+++ b/src/lib/libcrypto/doc/i2d_PKCS7_bio_stream.pod
@@ -0,0 +1,44 @@
+=pod
+=head1 NAME
+i2d_PKCS7_bio_stream - output PKCS7 structure in BER format.
+=head1 SYNOPSIS
+ #include <openssl/pkcs7.h>
+ int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *data, int flags);
+=head1 DESCRIPTION
+i2d_PKCS7_bio_stream() outputs a PKCS7 structure in BER format.
+It is otherwise identical to the function SMIME_write_PKCS7().
+=head1 NOTES
+This function is effectively a version of the d2i_PKCS7_bio() supporting
+streaming.
+=head1 BUGS
+The prefix "d2i" is arguably wrong because the function outputs BER format.
+=head1 RETURN VALUES
+i2d_PKCS7_bio_stream() returns 1 for success or 0 for failure.
+=head1 SEE ALSO
+L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_sign(3)|PKCS7_sign(3)>,
+L<PKCS7_verify(3)|PKCS7_verify(3)>, L<PKCS7_encrypt(3)|PKCS7_encrypt(3)>
+L<PKCS7_decrypt(3)|PKCS7_decrypt(3)>,
+L<SMIME_write_PKCS7(3)|SMIME_write_PKCS7(3)>,
+L<PEM_write_bio_PKCS7_stream(3)|PEM_write_bio_PKCS7_stream(3)>
+=head1 HISTORY
+i2d_PKCS7_bio_stream() was added to OpenSSL 1.0.0
+=cut
diff --git a/src/lib/libcrypto/dsa/dsa.h b/src/lib/libcrypto/dsa/dsa.h
index 702c50d6dc..ac50a5c846 100644
--- a/src/lib/libcrypto/dsa/dsa.h
+++ b/src/lib/libcrypto/dsa/dsa.h
@@ -88,8 +88,6 @@
 # define OPENSSL_DSA_MAX_MODULUS_BITS   10000
 #endif
-#define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024
 #define DSA_FLAG_CACHE_MONT_P   0x01
 #define DSA_FLAG_NO_EXP_CONSTTIME       0x02 /* new with 0.9.7h; the built-in DSA
                                              * implementation now uses constant time
@@ -99,25 +97,6 @@
                                              * be used for all exponents.
                                              */
-/* If this flag is set the DSA method is FIPS compliant and can be used
- * in FIPS mode. This is set in the validated module method. If an
- * application sets this flag in its own methods it is its reposibility
- * to ensure the result is compliant.
- */
-#define DSA_FLAG_FIPS_METHOD                    0x0400
-/* If this flag is set the operations normally disabled in FIPS mode are
- * permitted it is then the applications responsibility to ensure that the
- * usage is compliant.
- */
-#define DSA_FLAG_NON_FIPS_ALLOW                 0x0400
-#ifdef OPENSSL_FIPS
-#define FIPS_DSA_SIZE_T int
-#endif
 #ifdef  __cplusplus
 extern "C" {
 #endif
@@ -139,7 +118,7 @@ struct dsa_method
        int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
                                                                BIGNUM **rp);
        int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len,
-                                                        DSA_SIG *sig, DSA *dsa);
+                             DSA_SIG *sig, DSA *dsa);
        int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
                        BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
                        BN_MONT_CTX *in_mont);
@@ -152,7 +131,7 @@ struct dsa_method
        char *app_data;
        /* If this is non-NULL, it is used to generate DSA parameters */
        int (*dsa_paramgen)(DSA *dsa, int bits,
-                        unsigned char *seed, int seed_len,
+                        const unsigned char *seed, int seed_len,
                        int *counter_ret, unsigned long *h_ret,
                        BN_GENCB *cb);
        /* If this is non-NULL, it is used to generate DSA keys */
@@ -186,7 +165,6 @@ struct dsa_st
        ENGINE *engine;
        };
-#define DSAparams_dup(x) ASN1_dup_of_const(DSA,i2d_DSAparams,d2i_DSAparams,x)
 #define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \
                (char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x))
 #define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \
@@ -195,6 +173,7 @@ struct dsa_st
 #define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio_of_const(DSA,i2d_DSAparams,bp,x)
+DSA *DSAparams_dup(DSA *x);
 DSA_SIG * DSA_SIG_new(void);
 void    DSA_SIG_free(DSA_SIG *a);
 int     i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp);
@@ -210,11 +189,6 @@ void	DSA_set_default_method(const DSA_METHOD *);
 const DSA_METHOD *DSA_get_default_method(void);
 int     DSA_set_method(DSA *dsa, const DSA_METHOD *);
-#ifdef OPENSSL_FIPS
-DSA *   FIPS_dsa_new(void);
-void    FIPS_dsa_free (DSA *r);
-#endif
 DSA *   DSA_new(void);
 DSA *   DSA_new_method(ENGINE *engine);
 void    DSA_free (DSA *r);
@@ -246,7 +220,7 @@ DSA *	DSA_generate_parameters(int bits,
 /* New version */
 int     DSA_generate_parameters_ex(DSA *dsa, int bits,
-                unsigned char *seed,int seed_len,
+                const unsigned char *seed,int seed_len,
                int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
 int     DSA_generate_key(DSA *a);
@@ -275,10 +249,13 @@ int	DSA_print_fp(FILE *bp, const DSA *x, int off);
 DH *DSA_dup_DH(const DSA *r);
 #endif
-#ifdef OPENSSL_FIPS
+#define EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits) \
-int FIPS_dsa_sig_encode(unsigned char *out, DSA_SIG *sig);
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \
-int FIPS_dsa_sig_decode(DSA_SIG *sig, const unsigned char *in, int inlen);
+                                EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, nbits, NULL)
-#endif
+#define EVP_PKEY_CTRL_DSA_PARAMGEN_BITS         (EVP_PKEY_ALG_CTRL + 1)
+#define EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS       (EVP_PKEY_ALG_CTRL + 2)
+#define EVP_PKEY_CTRL_DSA_PARAMGEN_MD           (EVP_PKEY_ALG_CTRL + 3)
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
@@ -290,33 +267,39 @@ void ERR_load_DSA_strings(void);
 /* Function codes. */
 #define DSA_F_D2I_DSA_SIG                                110
+#define DSA_F_DO_DSA_PRINT                               104
 #define DSA_F_DSAPARAMS_PRINT                            100
 #define DSA_F_DSAPARAMS_PRINT_FP                         101
-#define DSA_F_DSA_BUILTIN_KEYGEN                         119
-#define DSA_F_DSA_BUILTIN_PARAMGEN                       118
 #define DSA_F_DSA_DO_SIGN                                112
 #define DSA_F_DSA_DO_VERIFY                              113
-#define DSA_F_DSA_GENERATE_PARAMETERS                    117
 #define DSA_F_DSA_NEW_METHOD                             103
-#define DSA_F_DSA_PRINT                                  104
+#define DSA_F_DSA_PARAM_DECODE                           119
 #define DSA_F_DSA_PRINT_FP                               105
-#define DSA_F_DSA_SET_DEFAULT_METHOD                     115
+#define DSA_F_DSA_PRIV_DECODE                            115
-#define DSA_F_DSA_SET_METHOD                             116
+#define DSA_F_DSA_PRIV_ENCODE                            116
+#define DSA_F_DSA_PUB_DECODE                             117
+#define DSA_F_DSA_PUB_ENCODE                             118
 #define DSA_F_DSA_SIGN                                   106
 #define DSA_F_DSA_SIGN_SETUP                             107
 #define DSA_F_DSA_SIG_NEW                                109
 #define DSA_F_DSA_VERIFY                                 108
 #define DSA_F_I2D_DSA_SIG                                111
+#define DSA_F_OLD_DSA_PRIV_DECODE                        122
+#define DSA_F_PKEY_DSA_CTRL                              120
+#define DSA_F_PKEY_DSA_KEYGEN                            121
 #define DSA_F_SIG_CB                                     114
 /* Reason codes. */
 #define DSA_R_BAD_Q_VALUE                                102
+#define DSA_R_BN_DECODE_ERROR                            108
+#define DSA_R_BN_ERROR                                   109
 #define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE                100
-#define DSA_R_KEY_SIZE_TOO_SMALL                         106
+#define DSA_R_DECODE_ERROR                               104
+#define DSA_R_INVALID_DIGEST_TYPE                        106
 #define DSA_R_MISSING_PARAMETERS                         101
 #define DSA_R_MODULUS_TOO_LARGE                          103
-#define DSA_R_NON_FIPS_METHOD                            104
+#define DSA_R_NO_PARAMETERS_SET                          107
-#define DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE         105
+#define DSA_R_PARAMETER_ENCODING_ERROR                   105
 #ifdef  __cplusplus
 }
diff --git a/src/lib/libcrypto/dsa/dsa_ameth.c b/src/lib/libcrypto/dsa/dsa_ameth.c
new file mode 100644
index 0000000000..6413aae46e
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_ameth.c
@@ -0,0 +1,657 @@
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2006.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include <openssl/dsa.h>
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_CMS
+#include <openssl/cms.h>
+#endif
+#include "asn1_locl.h"
+static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
+        {
+        const unsigned char *p, *pm;
+        int pklen, pmlen;
+        int ptype;
+        void *pval;
+        ASN1_STRING *pstr;
+        X509_ALGOR *palg;
+        ASN1_INTEGER *public_key = NULL;
+        DSA *dsa = NULL;
+        if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
+                return 0;
+        X509_ALGOR_get0(NULL, &ptype, &pval, palg);
+        if (ptype == V_ASN1_SEQUENCE)
+                {
+                pstr = pval;    
+                pm = pstr->data;
+                pmlen = pstr->length;
+                if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen)))
+                        {
+                        DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR);
+                        goto err;
+                        }
+                }
+        else if ((ptype == V_ASN1_NULL) || (ptype == V_ASN1_UNDEF))
+                {
+                if (!(dsa = DSA_new()))
+                        {
+                        DSAerr(DSA_F_DSA_PUB_DECODE, ERR_R_MALLOC_FAILURE);
+                        goto err;
+                        }
+                }
+        else
+                {
+                DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_PARAMETER_ENCODING_ERROR);
+                goto err;
+                }
+        if (!(public_key=d2i_ASN1_INTEGER(NULL, &p, pklen)))
+                {
+                DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR);
+                goto err;
+                }
+        if (!(dsa->pub_key = ASN1_INTEGER_to_BN(public_key, NULL)))
+                {
+                DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_BN_DECODE_ERROR);
+                goto err;
+                }
+        ASN1_INTEGER_free(public_key);
+        EVP_PKEY_assign_DSA(pkey, dsa);
+        return 1;
+        err:
+        if (public_key)
+                ASN1_INTEGER_free(public_key);
+        if (dsa)
+                DSA_free(dsa);
+        return 0;
+        }
+static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
+        {
+        DSA *dsa;
+        void *pval = NULL;
+        int ptype;
+        unsigned char *penc = NULL;
+        int penclen;
+        dsa=pkey->pkey.dsa;
+        if (pkey->save_parameters && dsa->p && dsa->q && dsa->g)
+                {
+                ASN1_STRING *str;
+                str = ASN1_STRING_new();
+                str->length = i2d_DSAparams(dsa, &str->data);
+                if (str->length <= 0)
+                        {
+                        DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
+                        goto err;
+                        }
+                pval = str;
+                ptype = V_ASN1_SEQUENCE;
+                }
+        else
+                ptype = V_ASN1_UNDEF;
+        dsa->write_params=0;
+        penclen = i2d_DSAPublicKey(dsa, &penc);
+        if (penclen <= 0)
+                {
+                DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DSA),
+                                ptype, pval, penc, penclen))
+                return 1;
+        err:
+        if (penc)
+                OPENSSL_free(penc);
+        if (pval)
+                ASN1_STRING_free(pval);
+        return 0;
+        }
+/* In PKCS#8 DSA: you just get a private key integer and parameters in the
+ * AlgorithmIdentifier the pubkey must be recalculated.
+ */
+        
+static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
+        {
+        const unsigned char *p, *pm;
+        int pklen, pmlen;
+        int ptype;
+        void *pval;
+        ASN1_STRING *pstr;
+        X509_ALGOR *palg;
+        ASN1_INTEGER *privkey = NULL;
+        BN_CTX *ctx = NULL;
+        STACK_OF(ASN1_TYPE) *ndsa = NULL;
+        DSA *dsa = NULL;
+        if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
+                return 0;
+        X509_ALGOR_get0(NULL, &ptype, &pval, palg);
+        /* Check for broken DSA PKCS#8, UGH! */
+        if (*p == (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED))
+                {
+                ASN1_TYPE *t1, *t2;
+                if(!(ndsa = d2i_ASN1_SEQUENCE_ANY(NULL, &p, pklen)))
+                        goto decerr;
+                if (sk_ASN1_TYPE_num(ndsa) != 2)
+                        goto decerr;
+                /* Handle Two broken types:
+                 * SEQUENCE {parameters, priv_key}
+                 * SEQUENCE {pub_key, priv_key}
+                 */
+                t1 = sk_ASN1_TYPE_value(ndsa, 0);
+                t2 = sk_ASN1_TYPE_value(ndsa, 1);
+                if (t1->type == V_ASN1_SEQUENCE)
+                        {
+                        p8->broken = PKCS8_EMBEDDED_PARAM;
+                        pval = t1->value.ptr;
+                        }
+                else if (ptype == V_ASN1_SEQUENCE)
+                        p8->broken = PKCS8_NS_DB;
+                else
+                        goto decerr;
+                if (t2->type != V_ASN1_INTEGER)
+                        goto decerr;
+                privkey = t2->value.integer;
+                }
+        else
+                {
+                const unsigned char *q = p;
+                if (!(privkey=d2i_ASN1_INTEGER(NULL, &p, pklen)))
+                        goto decerr;
+                if (privkey->type == V_ASN1_NEG_INTEGER)
+                        {
+                        p8->broken = PKCS8_NEG_PRIVKEY;
+                        ASN1_INTEGER_free(privkey);
+                        if (!(privkey=d2i_ASN1_UINTEGER(NULL, &q, pklen)))
+                                goto decerr;
+                        }
+                if (ptype != V_ASN1_SEQUENCE)
+                        goto decerr;
+                }
+        pstr = pval;    
+        pm = pstr->data;
+        pmlen = pstr->length;
+        if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen)))
+                goto decerr;
+        /* We have parameters now set private key */
+        if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL)))
+                {
+                DSAerr(DSA_F_DSA_PRIV_DECODE,DSA_R_BN_ERROR);
+                goto dsaerr;
+                }
+        /* Calculate public key */
+        if (!(dsa->pub_key = BN_new()))
+                {
+                DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE);
+                goto dsaerr;
+                }
+        if (!(ctx = BN_CTX_new()))
+                {
+                DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE);
+                goto dsaerr;
+                }
+                        
+        if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx))
+                {
+                DSAerr(DSA_F_DSA_PRIV_DECODE,DSA_R_BN_ERROR);
+                goto dsaerr;
+                }
+        EVP_PKEY_assign_DSA(pkey, dsa);
+        BN_CTX_free (ctx);
+        if(ndsa)
+                sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
+        else
+                ASN1_INTEGER_free(privkey);
+        return 1;
+        decerr:
+        DSAerr(DSA_F_DSA_PRIV_DECODE, EVP_R_DECODE_ERROR);
+        dsaerr:
+        BN_CTX_free (ctx);
+        if (privkey)
+                ASN1_INTEGER_free(privkey);
+        sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
+        DSA_free(dsa);
+        return 0;
+        }
+static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
+{
+        ASN1_STRING *params = NULL;
+        ASN1_INTEGER *prkey = NULL;
+        unsigned char *dp = NULL;
+        int dplen;
+        params = ASN1_STRING_new();
+        if (!params)
+                {
+                DSAerr(DSA_F_DSA_PRIV_ENCODE,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        params->length = i2d_DSAparams(pkey->pkey.dsa, &params->data);
+        if (params->length <= 0)
+                {
+                DSAerr(DSA_F_DSA_PRIV_ENCODE,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        params->type = V_ASN1_SEQUENCE;
+        /* Get private key into integer */
+        prkey = BN_to_ASN1_INTEGER(pkey->pkey.dsa->priv_key, NULL);
+        if (!prkey)
+                {
+                DSAerr(DSA_F_DSA_PRIV_ENCODE,DSA_R_BN_ERROR);
+                goto err;
+                }
+        dplen = i2d_ASN1_INTEGER(prkey, &dp);
+        ASN1_INTEGER_free(prkey);
+        if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dsa), 0,
+                                V_ASN1_SEQUENCE, params, dp, dplen))
+                goto err;
+        return 1;
+err:
+        if (dp != NULL)
+                OPENSSL_free(dp);
+        if (params != NULL)
+                ASN1_STRING_free(params);
+        if (prkey != NULL)
+                ASN1_INTEGER_free(prkey);
+        return 0;
+}
+static int int_dsa_size(const EVP_PKEY *pkey)
+        {
+        return(DSA_size(pkey->pkey.dsa));
+        }
+static int dsa_bits(const EVP_PKEY *pkey)
+        {
+        return BN_num_bits(pkey->pkey.dsa->p);
+        }
+static int dsa_missing_parameters(const EVP_PKEY *pkey)
+        {
+        DSA *dsa;
+        dsa=pkey->pkey.dsa;
+        if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
+                        return 1;
+        return 0;
+        }
+static int dsa_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
+        {
+        BIGNUM *a;
+        if ((a=BN_dup(from->pkey.dsa->p)) == NULL)
+                return 0;
+        if (to->pkey.dsa->p != NULL)
+                BN_free(to->pkey.dsa->p);
+        to->pkey.dsa->p=a;
+        if ((a=BN_dup(from->pkey.dsa->q)) == NULL)
+                return 0;
+        if (to->pkey.dsa->q != NULL)
+                BN_free(to->pkey.dsa->q);
+        to->pkey.dsa->q=a;
+        if ((a=BN_dup(from->pkey.dsa->g)) == NULL)
+                return 0;
+        if (to->pkey.dsa->g != NULL)
+                BN_free(to->pkey.dsa->g);
+        to->pkey.dsa->g=a;
+        return 1;
+        }
+static int dsa_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
+        {
+        if (    BN_cmp(a->pkey.dsa->p,b->pkey.dsa->p) ||
+                BN_cmp(a->pkey.dsa->q,b->pkey.dsa->q) ||
+                BN_cmp(a->pkey.dsa->g,b->pkey.dsa->g))
+                return 0;
+        else
+                return 1;
+        }
+static int dsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
+        {
+        if (BN_cmp(b->pkey.dsa->pub_key,a->pkey.dsa->pub_key) != 0)
+                return 0;
+        else
+                return 1;
+        }
+static void int_dsa_free(EVP_PKEY *pkey)
+        {
+        DSA_free(pkey->pkey.dsa);
+        }
+static void update_buflen(const BIGNUM *b, size_t *pbuflen)
+        {
+        size_t i;
+        if (!b)
+                return;
+        if (*pbuflen < (i = (size_t)BN_num_bytes(b)))
+                        *pbuflen = i;
+        }
+static int do_dsa_print(BIO *bp, const DSA *x, int off, int ptype)
+        {
+        unsigned char *m=NULL;
+        int ret=0;
+        size_t buf_len=0;
+        const char *ktype = NULL;
+        const BIGNUM *priv_key, *pub_key;
+        if (ptype == 2)
+                priv_key = x->priv_key;
+        else
+                priv_key = NULL;
+        if (ptype > 0)
+                pub_key = x->pub_key;
+        else
+                pub_key = NULL;
+        if (ptype == 2)
+                ktype = "Private-Key";
+        else if (ptype == 1)
+                ktype = "Public-Key";
+        else
+                ktype = "DSA-Parameters";
+        update_buflen(x->p, &buf_len);
+        update_buflen(x->q, &buf_len);
+        update_buflen(x->g, &buf_len);
+        update_buflen(priv_key, &buf_len);
+        update_buflen(pub_key, &buf_len);
+        m=(unsigned char *)OPENSSL_malloc(buf_len+10);
+        if (m == NULL)
+                {
+                DSAerr(DSA_F_DO_DSA_PRINT,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        if (priv_key)
+                {
+                if(!BIO_indent(bp,off,128))
+                   goto err;
+                if (BIO_printf(bp,"%s: (%d bit)\n",ktype, BN_num_bits(x->p))
+                        <= 0) goto err;
+                }
+        if (!ASN1_bn_print(bp,"priv:",priv_key,m,off))
+                goto err;
+        if (!ASN1_bn_print(bp,"pub: ",pub_key,m,off))
+                goto err;
+        if (!ASN1_bn_print(bp,"P:   ",x->p,m,off)) goto err;
+        if (!ASN1_bn_print(bp,"Q:   ",x->q,m,off)) goto err;
+        if (!ASN1_bn_print(bp,"G:   ",x->g,m,off)) goto err;
+        ret=1;
+err:
+        if (m != NULL) OPENSSL_free(m);
+        return(ret);
+        }
+static int dsa_param_decode(EVP_PKEY *pkey,
+                                        const unsigned char **pder, int derlen)
+        {
+        DSA *dsa;
+        if (!(dsa = d2i_DSAparams(NULL, pder, derlen)))
+                {
+                DSAerr(DSA_F_DSA_PARAM_DECODE, ERR_R_DSA_LIB);
+                return 0;
+                }
+        EVP_PKEY_assign_DSA(pkey, dsa);
+        return 1;
+        }
+static int dsa_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
+        {
+        return i2d_DSAparams(pkey->pkey.dsa, pder);
+        }
+static int dsa_param_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                                                        ASN1_PCTX *ctx)
+        {
+        return do_dsa_print(bp, pkey->pkey.dsa, indent, 0);
+        }
+static int dsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                                                        ASN1_PCTX *ctx)
+        {
+        return do_dsa_print(bp, pkey->pkey.dsa, indent, 1);
+        }
+static int dsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                                                        ASN1_PCTX *ctx)
+        {
+        return do_dsa_print(bp, pkey->pkey.dsa, indent, 2);
+        }
+static int old_dsa_priv_decode(EVP_PKEY *pkey,
+                                        const unsigned char **pder, int derlen)
+        {
+        DSA *dsa;
+        if (!(dsa = d2i_DSAPrivateKey (NULL, pder, derlen)))
+                {
+                DSAerr(DSA_F_OLD_DSA_PRIV_DECODE, ERR_R_DSA_LIB);
+                return 0;
+                }
+        EVP_PKEY_assign_DSA(pkey, dsa);
+        return 1;
+        }
+static int old_dsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder)
+        {
+        return i2d_DSAPrivateKey(pkey->pkey.dsa, pder);
+        }
+static int dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
+        {
+        switch (op)
+                {
+                case ASN1_PKEY_CTRL_PKCS7_SIGN:
+                if (arg1 == 0)
+                        {
+                        int snid, hnid;
+                        X509_ALGOR *alg1, *alg2;
+                        PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, &alg1, &alg2);
+                        if (alg1 == NULL || alg1->algorithm == NULL)
+                                return -1;
+                        hnid = OBJ_obj2nid(alg1->algorithm);
+                        if (hnid == NID_undef)
+                                return -1;
+                        if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
+                                return -1; 
+                        X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
+                        }
+                return 1;
+#ifndef OPENSSL_NO_CMS
+                case ASN1_PKEY_CTRL_CMS_SIGN:
+                if (arg1 == 0)
+                        {
+                        int snid, hnid;
+                        X509_ALGOR *alg1, *alg2;
+                        CMS_SignerInfo_get0_algs(arg2, NULL, NULL, &alg1, &alg2);
+                        if (alg1 == NULL || alg1->algorithm == NULL)
+                                return -1;
+                        hnid = OBJ_obj2nid(alg1->algorithm);
+                        if (hnid == NID_undef)
+                                return -1;
+                        if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
+                                return -1; 
+                        X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
+                        }
+                return 1;
+#endif
+                case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
+                *(int *)arg2 = NID_sha1;
+                return 2;
+                default:
+                return -2;
+                }
+        }
+/* NB these are sorted in pkey_id order, lowest first */
+const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[] = 
+        {
+                {
+                EVP_PKEY_DSA2,
+                EVP_PKEY_DSA,
+                ASN1_PKEY_ALIAS
+                },
+                {
+                EVP_PKEY_DSA1,
+                EVP_PKEY_DSA,
+                ASN1_PKEY_ALIAS
+                },
+                {
+                EVP_PKEY_DSA4,
+                EVP_PKEY_DSA,
+                ASN1_PKEY_ALIAS
+                },
+                {
+                EVP_PKEY_DSA3,
+                EVP_PKEY_DSA,
+                ASN1_PKEY_ALIAS
+                },
+                {
+                EVP_PKEY_DSA,
+                EVP_PKEY_DSA,
+                0,
+                "DSA",
+                "OpenSSL DSA method",
+                dsa_pub_decode,
+                dsa_pub_encode,
+                dsa_pub_cmp,
+                dsa_pub_print,
+                dsa_priv_decode,
+                dsa_priv_encode,
+                dsa_priv_print,
+                int_dsa_size,
+                dsa_bits,
+                dsa_param_decode,
+                dsa_param_encode,
+                dsa_missing_parameters,
+                dsa_copy_parameters,
+                dsa_cmp_parameters,
+                dsa_param_print,
+                int_dsa_free,
+                dsa_pkey_ctrl,
+                old_dsa_priv_decode,
+                old_dsa_priv_encode
+                }
+        };
diff --git a/src/lib/libcrypto/dsa/dsa_asn1.c b/src/lib/libcrypto/dsa/dsa_asn1.c
index 0645facb4b..c37460b2d6 100644
--- a/src/lib/libcrypto/dsa/dsa_asn1.c
+++ b/src/lib/libcrypto/dsa/dsa_asn1.c
@@ -3,7 +3,7 @@
 * project 2000.
 */
 /* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -61,24 +61,23 @@
 #include <openssl/dsa.h>
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
-#include <openssl/bn.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 /* Override the default new methods */
-static int sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+static int sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                                                                void *exarg)
 {
        if(operation == ASN1_OP_NEW_PRE) {
                DSA_SIG *sig;
                sig = OPENSSL_malloc(sizeof(DSA_SIG));
+                if (!sig)
+                        {
+                        DSAerr(DSA_F_SIG_CB, ERR_R_MALLOC_FAILURE);
+                        return 0;
+                        }
                sig->r = NULL;
                sig->s = NULL;
                *pval = (ASN1_VALUE *)sig;
-                if(sig) return 2;
+                return 2;
-                DSAerr(DSA_F_SIG_CB, ERR_R_MALLOC_FAILURE);
-                return 0;
        }
        return 1;
 }
@@ -88,10 +87,11 @@ ASN1_SEQUENCE_cb(DSA_SIG, sig_cb) = {
        ASN1_SIMPLE(DSA_SIG, s, CBIGNUM)
 } ASN1_SEQUENCE_END_cb(DSA_SIG, DSA_SIG)
-IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA_SIG,DSA_SIG,DSA_SIG)
+IMPLEMENT_ASN1_FUNCTIONS_const(DSA_SIG)
 /* Override the default free and new methods */
-static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                                                        void *exarg)
 {
        if(operation == ASN1_OP_NEW_PRE) {
                *pval = (ASN1_VALUE *)DSA_new();
@@ -144,75 +144,7 @@ ASN1_CHOICE_cb(DSAPublicKey, dsa_cb) = {
 IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPublicKey, DSAPublicKey)
-int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
+DSA *DSAparams_dup(DSA *dsa)
-             unsigned int *siglen, DSA *dsa)
-        {
-        DSA_SIG *s;
-#ifdef OPENSSL_FIPS
-        if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
-                {
-                DSAerr(DSA_F_DSA_SIGN, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
-                return 0;
-                }
-#endif
-        s=DSA_do_sign(dgst,dlen,dsa);
-        if (s == NULL)
-                {
-                *siglen=0;
-                return(0);
-                }
-        *siglen=i2d_DSA_SIG(s,&sig);
-        DSA_SIG_free(s);
-        return(1);
-        }
-int DSA_size(const DSA *r)
-        {
-        int ret,i;
-        ASN1_INTEGER bs;
-        unsigned char buf[4];   /* 4 bytes looks really small.
-                                   However, i2d_ASN1_INTEGER() will not look
-                                   beyond the first byte, as long as the second
-                                   parameter is NULL. */
-        i=BN_num_bits(r->q);
-        bs.length=(i+7)/8;
-        bs.data=buf;
-        bs.type=V_ASN1_INTEGER;
-        /* If the top bit is set the asn1 encoding is 1 larger. */
-        buf[0]=0xff;    
-        i=i2d_ASN1_INTEGER(&bs,NULL);
-        i+=i; /* r and s */
-        ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE);
-        return(ret);
-        }
-/* data has already been hashed (probably with SHA or SHA-1). */
-/* returns
- *      1: correct signature
- *      0: incorrect signature
- *     -1: error
- */
-int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
-             const unsigned char *sigbuf, int siglen, DSA *dsa)
        {
-        DSA_SIG *s;
+        return ASN1_item_dup(ASN1_ITEM_rptr(DSAparams), dsa);
-        int ret=-1;
-#ifdef OPENSSL_FIPS
-        if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
-                {
-                DSAerr(DSA_F_DSA_VERIFY, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
-                return 0;
-                }
-#endif
-        s = DSA_SIG_new();
-        if (s == NULL) return(ret);
-        if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err;
-        ret=DSA_do_verify(dgst,dgst_len,s,dsa);
-err:
-        DSA_SIG_free(s);
-        return(ret);
        }
diff --git a/src/lib/libcrypto/dsa/dsa_err.c b/src/lib/libcrypto/dsa/dsa_err.c
index 872839af94..bba984e92e 100644
--- a/src/lib/libcrypto/dsa/dsa_err.c
+++ b/src/lib/libcrypto/dsa/dsa_err.c
@@ -1,6 +1,6 @@
 /* crypto/dsa/dsa_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -71,23 +71,26 @@
 static ERR_STRING_DATA DSA_str_functs[]=
        {
 {ERR_FUNC(DSA_F_D2I_DSA_SIG),   "d2i_DSA_SIG"},
+{ERR_FUNC(DSA_F_DO_DSA_PRINT),  "DO_DSA_PRINT"},
 {ERR_FUNC(DSA_F_DSAPARAMS_PRINT),       "DSAparams_print"},
 {ERR_FUNC(DSA_F_DSAPARAMS_PRINT_FP),    "DSAparams_print_fp"},
-{ERR_FUNC(DSA_F_DSA_BUILTIN_KEYGEN),    "DSA_BUILTIN_KEYGEN"},
-{ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN),  "DSA_BUILTIN_PARAMGEN"},
 {ERR_FUNC(DSA_F_DSA_DO_SIGN),   "DSA_do_sign"},
 {ERR_FUNC(DSA_F_DSA_DO_VERIFY), "DSA_do_verify"},
-{ERR_FUNC(DSA_F_DSA_GENERATE_PARAMETERS),       "DSA_generate_parameters"},
 {ERR_FUNC(DSA_F_DSA_NEW_METHOD),        "DSA_new_method"},
-{ERR_FUNC(DSA_F_DSA_PRINT),     "DSA_print"},
+{ERR_FUNC(DSA_F_DSA_PARAM_DECODE),      "DSA_PARAM_DECODE"},
 {ERR_FUNC(DSA_F_DSA_PRINT_FP),  "DSA_print_fp"},
-{ERR_FUNC(DSA_F_DSA_SET_DEFAULT_METHOD),        "DSA_set_default_method"},
+{ERR_FUNC(DSA_F_DSA_PRIV_DECODE),       "DSA_PRIV_DECODE"},
-{ERR_FUNC(DSA_F_DSA_SET_METHOD),        "DSA_set_method"},
+{ERR_FUNC(DSA_F_DSA_PRIV_ENCODE),       "DSA_PRIV_ENCODE"},
+{ERR_FUNC(DSA_F_DSA_PUB_DECODE),        "DSA_PUB_DECODE"},
+{ERR_FUNC(DSA_F_DSA_PUB_ENCODE),        "DSA_PUB_ENCODE"},
 {ERR_FUNC(DSA_F_DSA_SIGN),      "DSA_sign"},
 {ERR_FUNC(DSA_F_DSA_SIGN_SETUP),        "DSA_sign_setup"},
 {ERR_FUNC(DSA_F_DSA_SIG_NEW),   "DSA_SIG_new"},
 {ERR_FUNC(DSA_F_DSA_VERIFY),    "DSA_verify"},
 {ERR_FUNC(DSA_F_I2D_DSA_SIG),   "i2d_DSA_SIG"},
+{ERR_FUNC(DSA_F_OLD_DSA_PRIV_DECODE),   "OLD_DSA_PRIV_DECODE"},
+{ERR_FUNC(DSA_F_PKEY_DSA_CTRL), "PKEY_DSA_CTRL"},
+{ERR_FUNC(DSA_F_PKEY_DSA_KEYGEN),       "PKEY_DSA_KEYGEN"},
 {ERR_FUNC(DSA_F_SIG_CB),        "SIG_CB"},
 {0,NULL}
        };
@@ -95,12 +98,15 @@ static ERR_STRING_DATA DSA_str_functs[]=
 static ERR_STRING_DATA DSA_str_reasons[]=
        {
 {ERR_REASON(DSA_R_BAD_Q_VALUE)           ,"bad q value"},
+{ERR_REASON(DSA_R_BN_DECODE_ERROR)       ,"bn decode error"},
+{ERR_REASON(DSA_R_BN_ERROR)              ,"bn error"},
 {ERR_REASON(DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"},
-{ERR_REASON(DSA_R_KEY_SIZE_TOO_SMALL)    ,"key size too small"},
+{ERR_REASON(DSA_R_DECODE_ERROR)          ,"decode error"},
+{ERR_REASON(DSA_R_INVALID_DIGEST_TYPE)   ,"invalid digest type"},
 {ERR_REASON(DSA_R_MISSING_PARAMETERS)    ,"missing parameters"},
 {ERR_REASON(DSA_R_MODULUS_TOO_LARGE)     ,"modulus too large"},
-{ERR_REASON(DSA_R_NON_FIPS_METHOD)       ,"non fips method"},
+{ERR_REASON(DSA_R_NO_PARAMETERS_SET)     ,"no parameters set"},
-{ERR_REASON(DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE),"operation not allowed in fips mode"},
+{ERR_REASON(DSA_R_PARAMETER_ENCODING_ERROR),"parameter encoding error"},
 {0,NULL}
        };
diff --git a/src/lib/libcrypto/dsa/dsa_gen.c b/src/lib/libcrypto/dsa/dsa_gen.c
index 6f1728e3cf..0fcd25f8b0 100644
--- a/src/lib/libcrypto/dsa/dsa_gen.c
+++ b/src/lib/libcrypto/dsa/dsa_gen.c
@@ -74,69 +74,88 @@
 #ifndef OPENSSL_NO_SHA
 #include <stdio.h>
-#include <time.h>
 #include "cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/bn.h>
-#include <openssl/dsa.h>
 #include <openssl/rand.h>
 #include <openssl/sha.h>
+#include "dsa_locl.h"
-#ifndef OPENSSL_FIPS
-static int dsa_builtin_paramgen(DSA *ret, int bits,
-                unsigned char *seed_in, int seed_len,
-                int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
 int DSA_generate_parameters_ex(DSA *ret, int bits,
-                unsigned char *seed_in, int seed_len,
+                const unsigned char *seed_in, int seed_len,
                int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
        {
        if(ret->meth->dsa_paramgen)
                return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len,
                                counter_ret, h_ret, cb);
-        return dsa_builtin_paramgen(ret, bits, seed_in, seed_len,
+        else
-                        counter_ret, h_ret, cb);
+                {
+                const EVP_MD *evpmd;
+                size_t qbits = bits >= 2048 ? 256 : 160;
+                if (bits >= 2048)
+                        {
+                        qbits = 256;
+                        evpmd = EVP_sha256();
+                        }
+                else
+                        {
+                        qbits = 160;
+                        evpmd = EVP_sha1();
+                        }
+                return dsa_builtin_paramgen(ret, bits, qbits, evpmd,
+                                seed_in, seed_len, counter_ret, h_ret, cb);
+                }
        }
-static int dsa_builtin_paramgen(DSA *ret, int bits,
+int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
-                unsigned char *seed_in, int seed_len,
+        const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
-                int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
+        int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
        {
        int ok=0;
-        unsigned char seed[SHA_DIGEST_LENGTH];
+        unsigned char seed[SHA256_DIGEST_LENGTH];
-        unsigned char md[SHA_DIGEST_LENGTH];
+        unsigned char md[SHA256_DIGEST_LENGTH];
-        unsigned char buf[SHA_DIGEST_LENGTH],buf2[SHA_DIGEST_LENGTH];
+        unsigned char buf[SHA256_DIGEST_LENGTH],buf2[SHA256_DIGEST_LENGTH];
        BIGNUM *r0,*W,*X,*c,*test;
        BIGNUM *g=NULL,*q=NULL,*p=NULL;
        BN_MONT_CTX *mont=NULL;
-        int k,n=0,i,b,m=0;
+        int i, k,n=0,b,m=0, qsize = qbits >> 3;
        int counter=0;
        int r=0;
        BN_CTX *ctx=NULL;
        unsigned int h=2;
-        if (bits < 512) bits=512;
+        if (qsize != SHA_DIGEST_LENGTH && qsize != SHA224_DIGEST_LENGTH &&
-        bits=(bits+63)/64*64;
+            qsize != SHA256_DIGEST_LENGTH)
+                /* invalid q size */
+                return 0;
+        if (evpmd == NULL)
+                /* use SHA1 as default */
+                evpmd = EVP_sha1();
+        if (bits < 512)
+                bits = 512;
+        bits = (bits+63)/64*64;
        /* NB: seed_len == 0 is special case: copy generated seed to
         * seed_in if it is not NULL.
         */
-        if (seed_len && (seed_len < 20))
+        if (seed_len && (seed_len < (size_t)qsize))
-                seed_in = NULL; /* seed buffer too small -- ignore */
+                seed_in = NULL;         /* seed buffer too small -- ignore */
-        if (seed_len > 20) 
+        if (seed_len > (size_t)qsize) 
-                seed_len = 20; /* App. 2.2 of FIPS PUB 186 allows larger SEED,
+                seed_len = qsize;       /* App. 2.2 of FIPS PUB 186 allows larger SEED,
-                                * but our internal buffers are restricted to 160 bits*/
+                                         * but our internal buffers are restricted to 160 bits*/
-        if ((seed_in != NULL) && (seed_len == 20))
+        if (seed_in != NULL)
-                {
+                memcpy(seed, seed_in, seed_len);
-                memcpy(seed,seed_in,seed_len);
-                /* set seed_in to NULL to avoid it being copied back */
+        if ((ctx=BN_CTX_new()) == NULL)
-                seed_in = NULL;
+                goto err;
-                }
-        if ((ctx=BN_CTX_new()) == NULL) goto err;
-        if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
+        if ((mont=BN_MONT_CTX_new()) == NULL)
+                goto err;
        BN_CTX_start(ctx);
        r0 = BN_CTX_get(ctx);
@@ -163,7 +182,7 @@ static int dsa_builtin_paramgen(DSA *ret, int bits,
                        if (!seed_len)
                                {
-                                RAND_pseudo_bytes(seed,SHA_DIGEST_LENGTH);
+                                RAND_pseudo_bytes(seed, qsize);
                                seed_is_random = 1;
                                }
                        else
@@ -171,25 +190,27 @@ static int dsa_builtin_paramgen(DSA *ret, int bits,
                                seed_is_random = 0;
                                seed_len=0; /* use random seed if 'seed_in' turns out to be bad*/
                                }
-                        memcpy(buf,seed,SHA_DIGEST_LENGTH);
+                        memcpy(buf , seed, qsize);
-                        memcpy(buf2,seed,SHA_DIGEST_LENGTH);
+                        memcpy(buf2, seed, qsize);
                        /* precompute "SEED + 1" for step 7: */
-                        for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--)
+                        for (i = qsize-1; i >= 0; i--)
                                {
                                buf[i]++;
-                                if (buf[i] != 0) break;
+                                if (buf[i] != 0)
+                                        break;
                                }
                        /* step 2 */
-                        EVP_Digest(seed,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL);
+                        EVP_Digest(seed, qsize, md,   NULL, evpmd, NULL);
-                        EVP_Digest(buf,SHA_DIGEST_LENGTH,buf2,NULL,HASH, NULL);
+                        EVP_Digest(buf,  qsize, buf2, NULL, evpmd, NULL);
-                        for (i=0; i<SHA_DIGEST_LENGTH; i++)
+                        for (i = 0; i < qsize; i++)
                                md[i]^=buf2[i];
                        /* step 3 */
-                        md[0]|=0x80;
+                        md[0] |= 0x80;
-                        md[SHA_DIGEST_LENGTH-1]|=0x01;
+                        md[qsize-1] |= 0x01;
-                        if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,q)) goto err;
+                        if (!BN_bin2bn(md, qsize, q))
+                                goto err;
                        /* step 4 */
                        r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx,
@@ -224,18 +245,19 @@ static int dsa_builtin_paramgen(DSA *ret, int bits,
                        for (k=0; k<=n; k++)
                                {
                                /* obtain "SEED + offset + k" by incrementing: */
-                                for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--)
+                                for (i = qsize-1; i >= 0; i--)
                                        {
                                        buf[i]++;
-                                        if (buf[i] != 0) break;
+                                        if (buf[i] != 0)
+                                                break;
                                        }
-                                EVP_Digest(buf,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL);
+                                EVP_Digest(buf, qsize, md ,NULL, evpmd, NULL);
                                /* step 8 */
-                                if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,r0))
+                                if (!BN_bin2bn(md, qsize, r0))
                                        goto err;
-                                if (!BN_lshift(r0,r0,160*k)) goto err;
+                                if (!BN_lshift(r0,r0,(qsize << 3)*k)) goto err;
                                if (!BN_add(W,W,r0)) goto err;
                                }
@@ -309,7 +331,6 @@ err:
                        ok=0;
                        goto err;
                        }
-                if (seed_in != NULL) memcpy(seed_in,seed,20);
                if (counter_ret != NULL) *counter_ret=counter;
                if (h_ret != NULL) *h_ret=h;
                }
@@ -322,4 +343,3 @@ err:
        return ok;
        }
 #endif
-#endif
diff --git a/src/lib/libcrypto/dsa/dsa_key.c b/src/lib/libcrypto/dsa/dsa_key.c
index 5e39124230..c4aa86bc6d 100644
--- a/src/lib/libcrypto/dsa/dsa_key.c
+++ b/src/lib/libcrypto/dsa/dsa_key.c
@@ -64,8 +64,6 @@
 #include <openssl/dsa.h>
 #include <openssl/rand.h>
-#ifndef OPENSSL_FIPS
 static int dsa_builtin_keygen(DSA *dsa);
 int DSA_generate_key(DSA *dsa)
@@ -128,5 +126,3 @@ err:
        return(ok);
        }
 #endif
-#endif
diff --git a/src/lib/libcrypto/dsa/dsa_lib.c b/src/lib/libcrypto/dsa/dsa_lib.c
index 7ac9dc8c89..e9b75902db 100644
--- a/src/lib/libcrypto/dsa/dsa_lib.c
+++ b/src/lib/libcrypto/dsa/dsa_lib.c
@@ -76,14 +76,6 @@ static const DSA_METHOD *default_DSA_method = NULL;
 void DSA_set_default_method(const DSA_METHOD *meth)
        {
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !(meth->flags & DSA_FLAG_FIPS_METHOD))
-                {
-                DSAerr(DSA_F_DSA_SET_DEFAULT_METHOD, DSA_R_NON_FIPS_METHOD);
-                return;
-                }
-#endif
-                
        default_DSA_method = meth;
        }
@@ -104,13 +96,6 @@ int DSA_set_method(DSA *dsa, const DSA_METHOD *meth)
        /* NB: The caller is specifically setting a method, so it's not up to us
         * to deal with which ENGINE it comes from. */
        const DSA_METHOD *mtmp;
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !(meth->flags & DSA_FLAG_FIPS_METHOD))
-                {
-                DSAerr(DSA_F_DSA_SET_METHOD, DSA_R_NON_FIPS_METHOD);
-                return 0;
-                }
-#endif
        mtmp = dsa->meth;
        if (mtmp->finish) mtmp->finish(dsa);
 #ifndef OPENSSL_NO_ENGINE
@@ -162,18 +147,6 @@ DSA *DSA_new_method(ENGINE *engine)
                        }
                }
 #endif
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !(ret->meth->flags & DSA_FLAG_FIPS_METHOD))
-                {
-                DSAerr(DSA_F_DSA_NEW_METHOD, DSA_R_NON_FIPS_METHOD);
-#ifndef OPENSSL_NO_ENGINE
-                if (ret->engine)
-                        ENGINE_finish(ret->engine);
-#endif
-                OPENSSL_free(ret);
-                return NULL;
-                }
-#endif
        ret->pad=0;
        ret->version=0;
@@ -260,6 +233,28 @@ int DSA_up_ref(DSA *r)
        return ((i > 1) ? 1 : 0);
        }
+int DSA_size(const DSA *r)
+        {
+        int ret,i;
+        ASN1_INTEGER bs;
+        unsigned char buf[4];   /* 4 bytes looks really small.
+                                   However, i2d_ASN1_INTEGER() will not look
+                                   beyond the first byte, as long as the second
+                                   parameter is NULL. */
+        i=BN_num_bits(r->q);
+        bs.length=(i+7)/8;
+        bs.data=buf;
+        bs.type=V_ASN1_INTEGER;
+        /* If the top bit is set the asn1 encoding is 1 larger. */
+        buf[0]=0xff;    
+        i=i2d_ASN1_INTEGER(&bs,NULL);
+        i+=i; /* r and s */
+        ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE);
+        return(ret);
+        }
 int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
             CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
        {
diff --git a/src/lib/libcrypto/dsa/dsa_locl.h b/src/lib/libcrypto/dsa/dsa_locl.h
new file mode 100644
index 0000000000..2b8cfee3db
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_locl.h
@@ -0,0 +1,59 @@
+/* ====================================================================
+ * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <openssl/dsa.h>
+int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
+        const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
+        int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c
index 412cf1d88b..4fead07e80 100644
--- a/src/lib/libcrypto/dsa/dsa_ossl.c
+++ b/src/lib/libcrypto/dsa/dsa_ossl.c
@@ -61,16 +61,15 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/bn.h>
+#include <openssl/sha.h>
 #include <openssl/dsa.h>
 #include <openssl/rand.h>
 #include <openssl/asn1.h>
-#ifndef OPENSSL_FIPS
 static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
 static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
 static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
-                  DSA *dsa);
+                         DSA *dsa);
 static int dsa_init(DSA *dsa);
 static int dsa_finish(DSA *dsa);
@@ -135,7 +134,7 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
        BIGNUM m;
        BIGNUM xr;
        BN_CTX *ctx=NULL;
-        int i,reason=ERR_R_BN_LIB;
+        int reason=ERR_R_BN_LIB;
        DSA_SIG *ret=NULL;
        BN_init(&m);
@@ -150,8 +149,9 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
        s=BN_new();
        if (s == NULL) goto err;
-        i=BN_num_bytes(dsa->q); /* should be 20 */
+        /* reject a excessive digest length (currently at most
-        if ((dlen > i) || (dlen > 50))
+         * dsa-with-SHA256 is supported) */
+        if (dlen > SHA256_DIGEST_LENGTH)
                {
                reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE;
                goto err;
@@ -172,7 +172,14 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
                dsa->r=NULL;
                }
-        if (BN_bin2bn(dgst,dlen,&m) == NULL) goto err;
+        
+        if (dlen > BN_num_bytes(dsa->q))
+                /* if the digest length is greater than the size of q use the
+                 * BN_num_bits(dsa->q) leftmost bits of the digest, see
+                 * fips 186-3, 4.2 */
+                dlen = BN_num_bytes(dsa->q);
+        if (BN_bin2bn(dgst,dlen,&m) == NULL)
+                goto err;
        /* Compute  s = inv(k) (m + xr) mod q */
        if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */
@@ -283,30 +290,31 @@ err:
        if (!ret)
                {
                DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB);
-                if (kinv != NULL) BN_clear_free(kinv);
+                if (r != NULL)
-                if (r != NULL) BN_clear_free(r);
+                        BN_clear_free(r);
                }
        if (ctx_in == NULL) BN_CTX_free(ctx);
-        if (kinv != NULL) BN_clear_free(kinv);
        BN_clear_free(&k);
        BN_clear_free(&kq);
        return(ret);
        }
 static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
-                  DSA *dsa)
+                         DSA *dsa)
        {
        BN_CTX *ctx;
        BIGNUM u1,u2,t1;
        BN_MONT_CTX *mont=NULL;
-        int ret = -1;
+        int ret = -1, i;
        if (!dsa->p || !dsa->q || !dsa->g)
                {
                DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MISSING_PARAMETERS);
                return -1;
                }
-        if (BN_num_bits(dsa->q) != 160)
+        i = BN_num_bits(dsa->q);
+        /* fips 186-3 allows only different sizes for q */
+        if (i != 160 && i != 224 && i != 256)
                {
                DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_BAD_Q_VALUE);
                return -1;
@@ -318,6 +326,14 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
                return -1;
                }
+        /* reject a excessive digest length (currently at most
+         * dsa-with-SHA256 is supported) */
+        if (dgst_len > SHA256_DIGEST_LENGTH)
+                {
+                DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+                return -1;
+                }
        BN_init(&u1);
        BN_init(&u2);
        BN_init(&t1);
@@ -342,6 +358,11 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
        if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err;
        /* save M in u1 */
+        if (dgst_len > (i >> 3))
+                /* if the digest length is greater than the size of q use the
+                 * BN_num_bits(dsa->q) leftmost bits of the digest, see
+                 * fips 186-3, 4.2 */
+                dgst_len = (i >> 3);
        if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err;
        /* u1 = M * w mod q */
@@ -393,4 +414,3 @@ static int dsa_finish(DSA *dsa)
        return(1);
 }
-#endif
diff --git a/src/lib/libcrypto/dsa/dsa_pmeth.c b/src/lib/libcrypto/dsa/dsa_pmeth.c
new file mode 100644
index 0000000000..4ce91e20c6
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_pmeth.c
@@ -0,0 +1,315 @@
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2006.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+#include "evp_locl.h"
+#include "dsa_locl.h"
+/* DSA pkey context structure */
+typedef struct
+        {
+        /* Parameter gen parameters */
+        int nbits;              /* size of p in bits (default: 1024) */
+        int qbits;              /* size of q in bits (default: 160)  */
+        const EVP_MD *pmd;      /* MD for parameter generation */
+        /* Keygen callback info */
+        int gentmp[2];
+        /* message digest */
+        const EVP_MD *md;       /* MD for the signature */
+        } DSA_PKEY_CTX;
+static int pkey_dsa_init(EVP_PKEY_CTX *ctx)
+        {
+        DSA_PKEY_CTX *dctx;
+        dctx = OPENSSL_malloc(sizeof(DSA_PKEY_CTX));
+        if (!dctx)
+                return 0;
+        dctx->nbits = 1024;
+        dctx->qbits = 160;
+        dctx->pmd = NULL;
+        dctx->md = NULL;
+        ctx->data = dctx;
+        ctx->keygen_info = dctx->gentmp;
+        ctx->keygen_info_count = 2;
+        
+        return 1;
+        }
+static int pkey_dsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
+        {
+        DSA_PKEY_CTX *dctx, *sctx;
+        if (!pkey_dsa_init(dst))
+                return 0;
+        sctx = src->data;
+        dctx = dst->data;
+        dctx->nbits = sctx->nbits;
+        dctx->qbits = sctx->qbits;
+        dctx->pmd = sctx->pmd;
+        dctx->md  = sctx->md;
+        return 1;
+        }
+static void pkey_dsa_cleanup(EVP_PKEY_CTX *ctx)
+        {
+        DSA_PKEY_CTX *dctx = ctx->data;
+        if (dctx)
+                OPENSSL_free(dctx);
+        }
+static int pkey_dsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+                                        const unsigned char *tbs, size_t tbslen)
+        {
+        int ret, type;
+        unsigned int sltmp;
+        DSA_PKEY_CTX *dctx = ctx->data;
+        DSA *dsa = ctx->pkey->pkey.dsa;
+        if (dctx->md)
+                type = EVP_MD_type(dctx->md);
+        else
+                type = NID_sha1;
+        ret = DSA_sign(type, tbs, tbslen, sig, &sltmp, dsa);
+        if (ret <= 0)
+                return ret;
+        *siglen = sltmp;
+        return 1;
+        }
+static int pkey_dsa_verify(EVP_PKEY_CTX *ctx,
+                                        const unsigned char *sig, size_t siglen,
+                                        const unsigned char *tbs, size_t tbslen)
+        {
+        int ret, type;
+        DSA_PKEY_CTX *dctx = ctx->data;
+        DSA *dsa = ctx->pkey->pkey.dsa;
+        if (dctx->md)
+                type = EVP_MD_type(dctx->md);
+        else
+                type = NID_sha1;
+        ret = DSA_verify(type, tbs, tbslen, sig, siglen, dsa);
+        return ret;
+        }
+static int pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+        {
+        DSA_PKEY_CTX *dctx = ctx->data;
+        switch (type)
+                {
+                case EVP_PKEY_CTRL_DSA_PARAMGEN_BITS:
+                if (p1 < 256)
+                        return -2;
+                dctx->nbits = p1;
+                return 1;
+                case EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS:
+                if (p1 != 160 && p1 != 224 && p1 && p1 != 256)
+                        return -2;
+                dctx->qbits = p1;
+                return 1;
+                case EVP_PKEY_CTRL_DSA_PARAMGEN_MD:
+                if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1   &&
+                    EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
+                    EVP_MD_type((const EVP_MD *)p2) != NID_sha256)
+                        {
+                        DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE);
+                        return 0;
+                        }
+                dctx->md = p2;
+                return 1;
+                case EVP_PKEY_CTRL_MD:
+                if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1   &&
+                    EVP_MD_type((const EVP_MD *)p2) != NID_dsa    &&
+                    EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
+                    EVP_MD_type((const EVP_MD *)p2) != NID_sha256)
+                        {
+                        DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE);
+                        return 0;
+                        }
+                dctx->md = p2;
+                return 1;
+                case EVP_PKEY_CTRL_DIGESTINIT:
+                case EVP_PKEY_CTRL_PKCS7_SIGN:
+                case EVP_PKEY_CTRL_CMS_SIGN:
+                return 1;
+                
+                case EVP_PKEY_CTRL_PEER_KEY:
+                        DSAerr(DSA_F_PKEY_DSA_CTRL,
+                        EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                        return -2;      
+                default:
+                return -2;
+                }
+        }
+                        
+static int pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx,
+                        const char *type, const char *value)
+        {
+        if (!strcmp(type, "dsa_paramgen_bits"))
+                {
+                int nbits;
+                nbits = atoi(value);
+                return EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits);
+                }
+        if (!strcmp(type, "dsa_paramgen_q_bits"))
+                {
+                int qbits = atoi(value);
+                return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN,
+                                         EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, qbits, NULL);
+                }
+        if (!strcmp(type, "dsa_paramgen_md"))
+                {
+                return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN,
+                                         EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0, 
+                                         (void *)EVP_get_digestbyname(value));
+                }
+        return -2;
+        }
+static int pkey_dsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+        {
+        DSA *dsa = NULL;
+        DSA_PKEY_CTX *dctx = ctx->data;
+        BN_GENCB *pcb, cb;
+        int ret;
+        if (ctx->pkey_gencb)
+                {
+                pcb = &cb;
+                evp_pkey_set_cb_translate(pcb, ctx);
+                }
+        else
+                pcb = NULL;
+        dsa = DSA_new();
+        if (!dsa)
+                return 0;
+        ret = dsa_builtin_paramgen(dsa, dctx->nbits, dctx->qbits, dctx->pmd,
+                                   NULL, 0, NULL, NULL, pcb);
+        if (ret)
+                EVP_PKEY_assign_DSA(pkey, dsa);
+        else
+                DSA_free(dsa);
+        return ret;
+        }
+static int pkey_dsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+        {
+        DSA *dsa = NULL;
+        if (ctx->pkey == NULL)
+                {
+                DSAerr(DSA_F_PKEY_DSA_KEYGEN, DSA_R_NO_PARAMETERS_SET);
+                return 0;
+                }
+        dsa = DSA_new();
+        if (!dsa)
+                return 0;
+        EVP_PKEY_assign_DSA(pkey, dsa);
+        /* Note: if error return, pkey is freed by parent routine */
+        if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey))
+                return 0;
+        return DSA_generate_key(pkey->pkey.dsa);
+        }
+const EVP_PKEY_METHOD dsa_pkey_meth = 
+        {
+        EVP_PKEY_DSA,
+        EVP_PKEY_FLAG_AUTOARGLEN,
+        pkey_dsa_init,
+        pkey_dsa_copy,
+        pkey_dsa_cleanup,
+        0,
+        pkey_dsa_paramgen,
+        0,
+        pkey_dsa_keygen,
+        0,
+        pkey_dsa_sign,
+        0,
+        pkey_dsa_verify,
+        0,0,
+        0,0,0,0,
+        0,0,
+        0,0,
+        0,0,
+        pkey_dsa_ctrl,
+        pkey_dsa_ctrl_str
+        };
diff --git a/src/lib/libcrypto/dsa/dsa_prn.c b/src/lib/libcrypto/dsa/dsa_prn.c
new file mode 100644
index 0000000000..6f29f5e240
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_prn.c
@@ -0,0 +1,121 @@
+/* crypto/dsa/dsa_prn.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2006.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/dsa.h>
+#ifndef OPENSSL_NO_FP_API
+int DSA_print_fp(FILE *fp, const DSA *x, int off)
+        {
+        BIO *b;
+        int ret;
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                {
+                DSAerr(DSA_F_DSA_PRINT_FP,ERR_R_BUF_LIB);
+                return(0);
+                }
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=DSA_print(b,x,off);
+        BIO_free(b);
+        return(ret);
+        }
+int DSAparams_print_fp(FILE *fp, const DSA *x)
+        {
+        BIO *b;
+        int ret;
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                {
+                DSAerr(DSA_F_DSAPARAMS_PRINT_FP,ERR_R_BUF_LIB);
+                return(0);
+                }
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=DSAparams_print(b, x);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+int DSA_print(BIO *bp, const DSA *x, int off)
+        {
+        EVP_PKEY *pk;
+        int ret;
+        pk = EVP_PKEY_new();
+        if (!pk || !EVP_PKEY_set1_DSA(pk, (DSA *)x))
+                return 0;
+        ret = EVP_PKEY_print_private(bp, pk, off, NULL);
+        EVP_PKEY_free(pk);
+        return ret;
+        }
+int DSAparams_print(BIO *bp, const DSA *x)
+        {
+        EVP_PKEY *pk;
+        int ret;
+        pk = EVP_PKEY_new();
+        if (!pk || !EVP_PKEY_set1_DSA(pk, (DSA *)x))
+                return 0;
+        ret = EVP_PKEY_print_params(bp, pk, 4, NULL);
+        EVP_PKEY_free(pk);
+        return ret;
+        }
diff --git a/src/lib/libcrypto/dsa/dsa_sign.c b/src/lib/libcrypto/dsa/dsa_sign.c
index 4cfbbe57a8..17555e5892 100644
--- a/src/lib/libcrypto/dsa/dsa_sign.c
+++ b/src/lib/libcrypto/dsa/dsa_sign.c
@@ -58,38 +58,33 @@
 /* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
-#include <stdio.h>
 #include "cryptlib.h"
-#include <openssl/bn.h>
 #include <openssl/dsa.h>
 #include <openssl/rand.h>
-#include <openssl/asn1.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
        {
-#ifdef OPENSSL_FIPS
-        if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
-                {
-                DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
-                return NULL;
-                }
-#endif
        return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
        }
-int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
+int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
+             unsigned int *siglen, DSA *dsa)
        {
-#ifdef OPENSSL_FIPS
+        DSA_SIG *s;
-        if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
+        RAND_seed(dgst, dlen);
+        s=DSA_do_sign(dgst,dlen,dsa);
+        if (s == NULL)
                {
-                DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
+                *siglen=0;
-                return 0;
+                return(0);
                }
-#endif
+        *siglen=i2d_DSA_SIG(s,&sig);
+        DSA_SIG_free(s);
+        return(1);
+        }
+int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
+        {
        return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
        }
diff --git a/src/lib/libcrypto/dsa/dsa_vrf.c b/src/lib/libcrypto/dsa/dsa_vrf.c
index c75e423048..226a75ff3f 100644
--- a/src/lib/libcrypto/dsa/dsa_vrf.c
+++ b/src/lib/libcrypto/dsa/dsa_vrf.c
@@ -58,27 +58,32 @@
 /* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
-#include <stdio.h>
 #include "cryptlib.h"
-#include <openssl/bn.h>
 #include <openssl/dsa.h>
-#include <openssl/rand.h>
-#include <openssl/asn1.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-#include <openssl/asn1_mac.h>
 int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
                  DSA *dsa)
        {
-#ifdef OPENSSL_FIPS
-        if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
-                {
-                DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
-                return 0;
-                }
-#endif
        return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
        }
+/* data has already been hashed (probably with SHA or SHA-1). */
+/* returns
+ *      1: correct signature
+ *      0: incorrect signature
+ *     -1: error
+ */
+int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
+             const unsigned char *sigbuf, int siglen, DSA *dsa)
+        {
+        DSA_SIG *s;
+        int ret=-1;
+        s = DSA_SIG_new();
+        if (s == NULL) return(ret);
+        if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err;
+        ret=DSA_do_verify(dgst,dgst_len,s,dsa);
+err:
+        DSA_SIG_free(s);
+        return(ret);
+        }
diff --git a/src/lib/libcrypto/dso/dso.h b/src/lib/libcrypto/dso/dso.h
index 3e51913a72..839f2e0617 100644
--- a/src/lib/libcrypto/dso/dso.h
+++ b/src/lib/libcrypto/dso/dso.h
@@ -170,6 +170,11 @@ typedef struct dso_meth_st
        /* [De]Initialisation handlers. */
        int (*init)(DSO *dso);
        int (*finish)(DSO *dso);
+        /* Return pathname of the module containing location */
+        int (*pathbyaddr)(void *addr,char *path,int sz);
+        /* Perform global symbol lookup, i.e. among *all* modules */
+        void *(*globallookup)(const char *symname);
        } DSO_METHOD;
 /**********************************************************************/
@@ -183,7 +188,7 @@ struct dso_st
         * for use in the dso_bind handler. All in all, let each
         * method control its own destiny. "Handles" and such go in
         * a STACK. */
-        STACK *meth_data;
+        STACK_OF(void) *meth_data;
        int references;
        int flags;
        /* For use by applications etc ... use this for your bits'n'pieces,
@@ -296,6 +301,30 @@ DSO_METHOD *DSO_METHOD_win32(void);
 /* If VMS is defined, use shared images. If not, return NULL. */
 DSO_METHOD *DSO_METHOD_vms(void);
+/* This function writes null-terminated pathname of DSO module
+ * containing 'addr' into 'sz' large caller-provided 'path' and
+ * returns the number of characters [including trailing zero]
+ * written to it. If 'sz' is 0 or negative, 'path' is ignored and
+ * required amount of charachers [including trailing zero] to
+ * accomodate pathname is returned. If 'addr' is NULL, then
+ * pathname of cryptolib itself is returned. Negative or zero
+ * return value denotes error.
+ */
+int DSO_pathbyaddr(void *addr,char *path,int sz);
+/* This function should be used with caution! It looks up symbols in
+ * *all* loaded modules and if module gets unloaded by somebody else
+ * attempt to dereference the pointer is doomed to have fatal
+ * consequences. Primary usage for this function is to probe *core*
+ * system functionality, e.g. check if getnameinfo(3) is available
+ * at run-time without bothering about OS-specific details such as
+ * libc.so.versioning or where does it actually reside: in libc
+ * itself or libsocket. */
+void *DSO_global_lookup(const char *name);
+/* If BeOS is defined, use shared images. If not, return NULL. */
+DSO_METHOD *DSO_METHOD_beos(void);
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
@@ -305,6 +334,11 @@ void ERR_load_DSO_strings(void);
 /* Error codes for the DSO functions. */
 /* Function codes. */
+#define DSO_F_BEOS_BIND_FUNC                             144
+#define DSO_F_BEOS_BIND_VAR                              145
+#define DSO_F_BEOS_LOAD                                  146
+#define DSO_F_BEOS_NAME_CONVERTER                        147
+#define DSO_F_BEOS_UNLOAD                                148
 #define DSO_F_DLFCN_BIND_FUNC                            100
 #define DSO_F_DLFCN_BIND_VAR                             101
 #define DSO_F_DLFCN_LOAD                                 102
@@ -324,22 +358,29 @@ void ERR_load_DSO_strings(void);
 #define DSO_F_DSO_FREE                                   111
 #define DSO_F_DSO_GET_FILENAME                           127
 #define DSO_F_DSO_GET_LOADED_FILENAME                    128
+#define DSO_F_DSO_GLOBAL_LOOKUP                          139
 #define DSO_F_DSO_LOAD                                   112
 #define DSO_F_DSO_MERGE                                  132
 #define DSO_F_DSO_NEW_METHOD                             113
+#define DSO_F_DSO_PATHBYADDR                             140
 #define DSO_F_DSO_SET_FILENAME                           129
 #define DSO_F_DSO_SET_NAME_CONVERTER                     122
 #define DSO_F_DSO_UP_REF                                 114
+#define DSO_F_GLOBAL_LOOKUP_FUNC                         138
+#define DSO_F_PATHBYADDR                                 137
 #define DSO_F_VMS_BIND_SYM                               115
 #define DSO_F_VMS_LOAD                                   116
 #define DSO_F_VMS_MERGER                                 133
 #define DSO_F_VMS_UNLOAD                                 117
 #define DSO_F_WIN32_BIND_FUNC                            118
 #define DSO_F_WIN32_BIND_VAR                             119
+#define DSO_F_WIN32_GLOBALLOOKUP                         142
+#define DSO_F_WIN32_GLOBALLOOKUP_FUNC                    143
 #define DSO_F_WIN32_JOINER                               135
 #define DSO_F_WIN32_LOAD                                 120
 #define DSO_F_WIN32_MERGER                               134
 #define DSO_F_WIN32_NAME_CONVERTER                       125
+#define DSO_F_WIN32_PATHBYADDR                           141
 #define DSO_F_WIN32_SPLITTER                             136
 #define DSO_F_WIN32_UNLOAD                               121
diff --git a/src/lib/libcrypto/dso/dso_dlfcn.c b/src/lib/libcrypto/dso/dso_dlfcn.c
index 1fd10104c5..14bd322fb8 100644
--- a/src/lib/libcrypto/dso/dso_dlfcn.c
+++ b/src/lib/libcrypto/dso/dso_dlfcn.c
@@ -56,6 +56,16 @@
 *
 */
+/* We need to do this early, because stdio.h includes the header files
+   that handle _GNU_SOURCE and other similar macros.  Defining it later
+   is simply too late, because those headers are protected from re-
+   inclusion.  */
+#ifdef __linux
+# ifndef _GNU_SOURCE
+#  define _GNU_SOURCE   /* make sure dladdr is declared */
+# endif
+#endif
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/dso.h>
@@ -68,7 +78,16 @@ DSO_METHOD *DSO_METHOD_dlfcn(void)
 #else
 #ifdef HAVE_DLFCN_H
-#include <dlfcn.h>
+# ifdef __osf__
+#  define __EXTENSIONS__
+# endif
+# include <dlfcn.h>
+# define HAVE_DLINFO 1
+# if defined(_AIX) || defined(__CYGWIN__) || \
+     defined(__SCO_VERSION__) || defined(_SCO_ELF) || \
+     (defined(__OpenBSD__) && !defined(RTLD_SELF))
+#  undef HAVE_DLINFO
+# endif
 #endif
 /* Part of the hack in "dlfcn_load" ... */
@@ -87,6 +106,8 @@ static long dlfcn_ctrl(DSO *dso, int cmd, long larg, void *parg);
 static char *dlfcn_name_converter(DSO *dso, const char *filename);
 static char *dlfcn_merger(DSO *dso, const char *filespec1,
        const char *filespec2);
+static int dlfcn_pathbyaddr(void *addr,char *path,int sz);
+static void *dlfcn_globallookup(const char *name);
 static DSO_METHOD dso_meth_dlfcn = {
        "OpenSSL 'dlfcn' shared library method",
@@ -103,7 +124,9 @@ static DSO_METHOD dso_meth_dlfcn = {
        dlfcn_name_converter,
        dlfcn_merger,
        NULL, /* init */
-        NULL  /* finish */
+        NULL, /* finish */
+        dlfcn_pathbyaddr,
+        dlfcn_globallookup
        };
 DSO_METHOD *DSO_METHOD_dlfcn(void)
@@ -163,7 +186,7 @@ static int dlfcn_load(DSO *dso)
                ERR_add_error_data(4, "filename(", filename, "): ", dlerror());
                goto err;
                }
-        if(!sk_push(dso->meth_data, (char *)ptr))
+        if(!sk_void_push(dso->meth_data, (char *)ptr))
                {
                DSOerr(DSO_F_DLFCN_LOAD,DSO_R_STACK_ERROR);
                goto err;
@@ -188,15 +211,15 @@ static int dlfcn_unload(DSO *dso)
                DSOerr(DSO_F_DLFCN_UNLOAD,ERR_R_PASSED_NULL_PARAMETER);
                return(0);
                }
-        if(sk_num(dso->meth_data) < 1)
+        if(sk_void_num(dso->meth_data) < 1)
                return(1);
-        ptr = (void *)sk_pop(dso->meth_data);
+        ptr = sk_void_pop(dso->meth_data);
        if(ptr == NULL)
                {
                DSOerr(DSO_F_DLFCN_UNLOAD,DSO_R_NULL_HANDLE);
                /* Should push the value back onto the stack in
                 * case of a retry. */
-                sk_push(dso->meth_data, (char *)ptr);
+                sk_void_push(dso->meth_data, ptr);
                return(0);
                }
        /* For now I'm not aware of any errors associated with dlclose() */
@@ -213,12 +236,12 @@ static void *dlfcn_bind_var(DSO *dso, const char *symname)
                DSOerr(DSO_F_DLFCN_BIND_VAR,ERR_R_PASSED_NULL_PARAMETER);
                return(NULL);
                }
-        if(sk_num(dso->meth_data) < 1)
+        if(sk_void_num(dso->meth_data) < 1)
                {
                DSOerr(DSO_F_DLFCN_BIND_VAR,DSO_R_STACK_ERROR);
                return(NULL);
                }
-        ptr = (void *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
+        ptr = sk_void_value(dso->meth_data, sk_void_num(dso->meth_data) - 1);
        if(ptr == NULL)
                {
                DSOerr(DSO_F_DLFCN_BIND_VAR,DSO_R_NULL_HANDLE);
@@ -237,32 +260,35 @@ static void *dlfcn_bind_var(DSO *dso, const char *symname)
 static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname)
        {
        void *ptr;
-        DSO_FUNC_TYPE sym, *tsym = &sym;
+        union {
+                DSO_FUNC_TYPE sym;
+                void *dlret;
+        } u;
        if((dso == NULL) || (symname == NULL))
                {
                DSOerr(DSO_F_DLFCN_BIND_FUNC,ERR_R_PASSED_NULL_PARAMETER);
                return(NULL);
                }
-        if(sk_num(dso->meth_data) < 1)
+        if(sk_void_num(dso->meth_data) < 1)
                {
                DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_STACK_ERROR);
                return(NULL);
                }
-        ptr = (void *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
+        ptr = sk_void_value(dso->meth_data, sk_void_num(dso->meth_data) - 1);
        if(ptr == NULL)
                {
                DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_NULL_HANDLE);
                return(NULL);
                }
-        *(void **)(tsym) = dlsym(ptr, symname);
+        u.dlret = dlsym(ptr, symname);
-        if(sym == NULL)
+        if(u.dlret == NULL)
                {
                DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_SYM_FAILURE);
                ERR_add_error_data(4, "symname(", symname, "): ", dlerror());
                return(NULL);
                }
-        return(sym);
+        return u.sym;
        }
 static char *dlfcn_merger(DSO *dso, const char *filespec1,
@@ -278,13 +304,12 @@ static char *dlfcn_merger(DSO *dso, const char *filespec1,
                }
        /* If the first file specification is a rooted path, it rules.
           same goes if the second file specification is missing. */
-        if (!filespec2 || filespec1[0] == '/')
+        if (!filespec2 || (filespec1 != NULL && filespec1[0] == '/'))
                {
                merged = OPENSSL_malloc(strlen(filespec1) + 1);
                if(!merged)
                        {
-                        DSOerr(DSO_F_DLFCN_MERGER,
+                        DSOerr(DSO_F_DLFCN_MERGER, ERR_R_MALLOC_FAILURE);
-                                ERR_R_MALLOC_FAILURE);
                        return(NULL);
                        }
                strcpy(merged, filespec1);
@@ -310,7 +335,7 @@ static char *dlfcn_merger(DSO *dso, const char *filespec1,
                {
                int spec2len, len;
-                spec2len = (filespec2 ? strlen(filespec2) : 0);
+                spec2len = strlen(filespec2);
                len = spec2len + (filespec1 ? strlen(filespec1) : 0);
                if(filespec2 && filespec2[spec2len - 1] == '/')
@@ -332,6 +357,15 @@ static char *dlfcn_merger(DSO *dso, const char *filespec1,
        return(merged);
        }
+#ifdef OPENSSL_SYS_MACOSX
+#define DSO_ext ".dylib"
+#define DSO_extlen 6
+#else
+#define DSO_ext ".so"
+#define DSO_extlen 3
+#endif
 static char *dlfcn_name_converter(DSO *dso, const char *filename)
        {
        char *translated;
@@ -342,8 +376,8 @@ static char *dlfcn_name_converter(DSO *dso, const char *filename)
        transform = (strstr(filename, "/") == NULL);
        if(transform)
                {
-                /* We will convert this to "%s.so" or "lib%s.so" */
+                /* We will convert this to "%s.so" or "lib%s.so" etc */
-                rsize += 3;     /* The length of ".so" */
+                rsize += DSO_extlen;    /* The length of ".so" */
                if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
                        rsize += 3; /* The length of "lib" */
                }
@@ -357,13 +391,92 @@ static char *dlfcn_name_converter(DSO *dso, const char *filename)
        if(transform)
                {
                if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
-                        sprintf(translated, "lib%s.so", filename);
+                        sprintf(translated, "lib%s" DSO_ext, filename);
                else
-                        sprintf(translated, "%s.so", filename);
+                        sprintf(translated, "%s" DSO_ext, filename);
                }
        else
                sprintf(translated, "%s", filename);
        return(translated);
        }
+#ifdef __sgi
+/*
+This is a quote from IRIX manual for dladdr(3c):
+     <dlfcn.h> does not contain a prototype for dladdr or definition of
+     Dl_info.  The #include <dlfcn.h>  in the SYNOPSIS line is traditional,
+     but contains no dladdr prototype and no IRIX library contains an
+     implementation.  Write your own declaration based on the code below.
+     The following code is dependent on internal interfaces that are not
+     part of the IRIX compatibility guarantee; however, there is no future
+     intention to change this interface, so on a practical level, the code
+     below is safe to use on IRIX.
+*/
+#include <rld_interface.h>
+#ifndef _RLD_INTERFACE_DLFCN_H_DLADDR
+#define _RLD_INTERFACE_DLFCN_H_DLADDR
+typedef struct Dl_info {
+    const char * dli_fname;
+    void       * dli_fbase;
+    const char * dli_sname;
+    void       * dli_saddr;
+    int          dli_version;
+    int          dli_reserved1;
+    long         dli_reserved[4];
+} Dl_info;
+#else
+typedef struct Dl_info Dl_info;
+#endif
+#define _RLD_DLADDR             14
+static int dladdr(void *address, Dl_info *dl)
+{
+        void *v;
+        v = _rld_new_interface(_RLD_DLADDR,address,dl);
+        return (int)v;
+}
+#endif /* __sgi */
+static int dlfcn_pathbyaddr(void *addr,char *path,int sz)
+        {
+#ifdef HAVE_DLINFO
+        Dl_info dli;
+        int len;
+        if (addr == NULL)
+                {
+                union   { int(*f)(void*,char*,int); void *p; } t =
+                        { dlfcn_pathbyaddr };
+                addr = t.p;
+                }
+        if (dladdr(addr,&dli))
+                {
+                len = (int)strlen(dli.dli_fname);
+                if (sz <= 0) return len+1;
+                if (len >= sz) len=sz-1;
+                memcpy(path,dli.dli_fname,len);
+                path[len++]=0;
+                return len;
+                }
+        ERR_add_error_data(4, "dlfcn_pathbyaddr(): ", dlerror());
+#endif
+        return -1;
+        }
+static void *dlfcn_globallookup(const char *name)
+        {
+        void *ret = NULL,*handle = dlopen(NULL,RTLD_LAZY);
+        
+        if (handle)
+                {
+                ret = dlsym(handle,name);
+                dlclose(handle);
+                }
+        return ret;
+        }
 #endif /* DSO_DLFCN */
diff --git a/src/lib/libcrypto/dso/dso_err.c b/src/lib/libcrypto/dso/dso_err.c
index a8b0a210de..2bb07c2514 100644
--- a/src/lib/libcrypto/dso/dso_err.c
+++ b/src/lib/libcrypto/dso/dso_err.c
@@ -1,6 +1,6 @@
 /* crypto/dso/dso_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -70,6 +70,11 @@
 static ERR_STRING_DATA DSO_str_functs[]=
        {
+{ERR_FUNC(DSO_F_BEOS_BIND_FUNC),        "BEOS_BIND_FUNC"},
+{ERR_FUNC(DSO_F_BEOS_BIND_VAR), "BEOS_BIND_VAR"},
+{ERR_FUNC(DSO_F_BEOS_LOAD),     "BEOS_LOAD"},
+{ERR_FUNC(DSO_F_BEOS_NAME_CONVERTER),   "BEOS_NAME_CONVERTER"},
+{ERR_FUNC(DSO_F_BEOS_UNLOAD),   "BEOS_UNLOAD"},
 {ERR_FUNC(DSO_F_DLFCN_BIND_FUNC),       "DLFCN_BIND_FUNC"},
 {ERR_FUNC(DSO_F_DLFCN_BIND_VAR),        "DLFCN_BIND_VAR"},
 {ERR_FUNC(DSO_F_DLFCN_LOAD),    "DLFCN_LOAD"},
@@ -89,22 +94,29 @@ static ERR_STRING_DATA DSO_str_functs[]=
 {ERR_FUNC(DSO_F_DSO_FREE),      "DSO_free"},
 {ERR_FUNC(DSO_F_DSO_GET_FILENAME),      "DSO_get_filename"},
 {ERR_FUNC(DSO_F_DSO_GET_LOADED_FILENAME),       "DSO_get_loaded_filename"},
+{ERR_FUNC(DSO_F_DSO_GLOBAL_LOOKUP),     "DSO_global_lookup"},
 {ERR_FUNC(DSO_F_DSO_LOAD),      "DSO_load"},
 {ERR_FUNC(DSO_F_DSO_MERGE),     "DSO_merge"},
 {ERR_FUNC(DSO_F_DSO_NEW_METHOD),        "DSO_new_method"},
+{ERR_FUNC(DSO_F_DSO_PATHBYADDR),        "DSO_pathbyaddr"},
 {ERR_FUNC(DSO_F_DSO_SET_FILENAME),      "DSO_set_filename"},
 {ERR_FUNC(DSO_F_DSO_SET_NAME_CONVERTER),        "DSO_set_name_converter"},
 {ERR_FUNC(DSO_F_DSO_UP_REF),    "DSO_up_ref"},
+{ERR_FUNC(DSO_F_GLOBAL_LOOKUP_FUNC),    "GLOBAL_LOOKUP_FUNC"},
+{ERR_FUNC(DSO_F_PATHBYADDR),    "PATHBYADDR"},
 {ERR_FUNC(DSO_F_VMS_BIND_SYM),  "VMS_BIND_SYM"},
 {ERR_FUNC(DSO_F_VMS_LOAD),      "VMS_LOAD"},
 {ERR_FUNC(DSO_F_VMS_MERGER),    "VMS_MERGER"},
 {ERR_FUNC(DSO_F_VMS_UNLOAD),    "VMS_UNLOAD"},
 {ERR_FUNC(DSO_F_WIN32_BIND_FUNC),       "WIN32_BIND_FUNC"},
 {ERR_FUNC(DSO_F_WIN32_BIND_VAR),        "WIN32_BIND_VAR"},
+{ERR_FUNC(DSO_F_WIN32_GLOBALLOOKUP),    "WIN32_GLOBALLOOKUP"},
+{ERR_FUNC(DSO_F_WIN32_GLOBALLOOKUP_FUNC),       "WIN32_GLOBALLOOKUP_FUNC"},
 {ERR_FUNC(DSO_F_WIN32_JOINER),  "WIN32_JOINER"},
 {ERR_FUNC(DSO_F_WIN32_LOAD),    "WIN32_LOAD"},
 {ERR_FUNC(DSO_F_WIN32_MERGER),  "WIN32_MERGER"},
 {ERR_FUNC(DSO_F_WIN32_NAME_CONVERTER),  "WIN32_NAME_CONVERTER"},
+{ERR_FUNC(DSO_F_WIN32_PATHBYADDR),      "WIN32_PATHBYADDR"},
 {ERR_FUNC(DSO_F_WIN32_SPLITTER),        "WIN32_SPLITTER"},
 {ERR_FUNC(DSO_F_WIN32_UNLOAD),  "WIN32_UNLOAD"},
 {0,NULL}
diff --git a/src/lib/libcrypto/dso/dso_lib.c b/src/lib/libcrypto/dso/dso_lib.c
index 49bdd71309..8a15b794ab 100644
--- a/src/lib/libcrypto/dso/dso_lib.c
+++ b/src/lib/libcrypto/dso/dso_lib.c
@@ -107,7 +107,7 @@ DSO *DSO_new_method(DSO_METHOD *meth)
                return(NULL);
                }
        memset(ret, 0, sizeof(DSO));
-        ret->meth_data = sk_new_null();
+        ret->meth_data = sk_void_new_null();
        if(ret->meth_data == NULL)
                {
                /* sk_new doesn't generate any errors so we do */
@@ -163,7 +163,7 @@ int DSO_free(DSO *dso)
                return(0);
                }
        
-        sk_free(dso->meth_data);
+        sk_void_free(dso->meth_data);
        if(dso->filename != NULL)
                OPENSSL_free(dso->filename);
        if(dso->loaded_filename != NULL)
@@ -399,13 +399,6 @@ char *DSO_merge(DSO *dso, const char *filespec1, const char *filespec2)
                DSOerr(DSO_F_DSO_MERGE,ERR_R_PASSED_NULL_PARAMETER);
                return(NULL);
                }
-        if(filespec1 == NULL)
-                filespec1 = dso->filename;
-        if(filespec1 == NULL)
-                {
-                DSOerr(DSO_F_DSO_MERGE,DSO_R_NO_FILE_SPECIFICATION);
-                return(NULL);
-                }
        if((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0)
                {
                if(dso->merger != NULL)
@@ -464,3 +457,27 @@ const char *DSO_get_loaded_filename(DSO *dso)
                }
        return(dso->loaded_filename);
        }
+int DSO_pathbyaddr(void *addr,char *path,int sz)
+        {
+        DSO_METHOD *meth = default_DSO_meth;
+        if (meth == NULL) meth = DSO_METHOD_openssl();
+        if (meth->pathbyaddr == NULL)
+                {
+                DSOerr(DSO_F_DSO_PATHBYADDR,DSO_R_UNSUPPORTED);
+                return -1;
+                }
+        return (*meth->pathbyaddr)(addr,path,sz);
+        }
+void *DSO_global_lookup(const char *name)
+        {
+        DSO_METHOD *meth = default_DSO_meth;
+        if (meth == NULL) meth = DSO_METHOD_openssl();
+        if (meth->globallookup == NULL)
+                {
+                DSOerr(DSO_F_DSO_GLOBAL_LOOKUP,DSO_R_UNSUPPORTED);
+                return NULL;
+                }
+        return (*meth->globallookup)(name);
+        }
diff --git a/src/lib/libcrypto/dso/dso_null.c b/src/lib/libcrypto/dso/dso_null.c
index 4972984651..49d842d1f5 100644
--- a/src/lib/libcrypto/dso/dso_null.c
+++ b/src/lib/libcrypto/dso/dso_null.c
@@ -78,7 +78,9 @@ static DSO_METHOD dso_meth_null = {
        NULL, /* dso_name_converter */
        NULL, /* dso_merger */
        NULL, /* init */
-        NULL  /* finish */
+        NULL, /* finish */
+        NULL, /* pathbyaddr */
+        NULL  /* globallookup */
        };
 DSO_METHOD *DSO_METHOD_null(void)
diff --git a/src/lib/libcrypto/dso/dso_openssl.c b/src/lib/libcrypto/dso/dso_openssl.c
index a4395ebffe..b17e8e8e9e 100644
--- a/src/lib/libcrypto/dso/dso_openssl.c
+++ b/src/lib/libcrypto/dso/dso_openssl.c
@@ -74,6 +74,8 @@ DSO_METHOD *DSO_METHOD_openssl(void)
        return(DSO_METHOD_win32());
 #elif defined(DSO_VMS)
        return(DSO_METHOD_vms());
+#elif defined(DSO_BEOS)
+        return(DSO_METHOD_beos());
 #else
        return(DSO_METHOD_null());
 #endif
diff --git a/src/lib/libcrypto/ec/ec.h b/src/lib/libcrypto/ec/ec.h
index 8bc2a235b1..ee7078130c 100644
--- a/src/lib/libcrypto/ec/ec.h
+++ b/src/lib/libcrypto/ec/ec.h
@@ -2,8 +2,12 @@
 /*
 * Originally written by Bodo Moeller for the OpenSSL project.
 */
+/**
+ * \file crypto/ec/ec.h Include file for the OpenSSL EC functions
+ * \author Originally written by Bodo Moeller for the OpenSSL project
+ */
 /* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -92,15 +96,21 @@ extern "C" {
 # endif
 #endif
+  
 #ifndef OPENSSL_ECC_MAX_FIELD_BITS
 # define OPENSSL_ECC_MAX_FIELD_BITS 661
 #endif
+/** Enum for the point conversion form as defined in X9.62 (ECDSA)
+ *  for the encoding of a elliptic curve point (x,y) */
 typedef enum {
-        /* values as defined in X9.62 (ECDSA) and elsewhere */
+        /** the point is encoded as z||x, where the octet z specifies 
+         *  which solution of the quadratic equation y is  */
        POINT_CONVERSION_COMPRESSED = 2,
+        /** the point is encoded as z||x||y, where z is the octet 0x02  */
        POINT_CONVERSION_UNCOMPRESSED = 4,
+        /** the point is encoded as z||x||y, where the octet z specifies
+         *  which solution of the quadratic equation y is  */
        POINT_CONVERSION_HYBRID = 6
 } point_conversion_form_t;
@@ -121,37 +131,129 @@ typedef struct ec_group_st
 typedef struct ec_point_st EC_POINT;
-/* EC_METHODs for curves over GF(p).
+/********************************************************************/
- * EC_GFp_simple_method provides the basis for the optimized methods.
+/*               EC_METHODs for curves over GF(p)                   */       
+/********************************************************************/
+/** Returns the basic GFp ec methods which provides the basis for the
+ *  optimized methods. 
+ *  \return  EC_METHOD object
 */
 const EC_METHOD *EC_GFp_simple_method(void);
+/** Returns GFp methods using montgomery multiplication.
+ *  \return  EC_METHOD object
+ */
 const EC_METHOD *EC_GFp_mont_method(void);
+/** Returns GFp methods using optimized methods for NIST recommended curves
+ *  \return  EC_METHOD object
+ */
 const EC_METHOD *EC_GFp_nist_method(void);
-/* EC_METHOD for curves over GF(2^m).
+/********************************************************************/ 
+/*           EC_METHOD for curves over GF(2^m)                      */
+/********************************************************************/
+/** Returns the basic GF2m ec method 
+ *  \return  EC_METHOD object
 */
 const EC_METHOD *EC_GF2m_simple_method(void);
-EC_GROUP *EC_GROUP_new(const EC_METHOD *);
+/********************************************************************/
-void EC_GROUP_free(EC_GROUP *);
+/*                   EC_GROUP functions                             */
-void EC_GROUP_clear_free(EC_GROUP *);
+/********************************************************************/
-int EC_GROUP_copy(EC_GROUP *, const EC_GROUP *);
-EC_GROUP *EC_GROUP_dup(const EC_GROUP *);
-const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *);
+/** Creates a new EC_GROUP object
-int EC_METHOD_get_field_type(const EC_METHOD *);
+ *  \param   meth  EC_METHOD to use
+ *  \return  newly created EC_GROUP object or NULL in case of an error.
+ */
+EC_GROUP *EC_GROUP_new(const EC_METHOD *meth);
-int EC_GROUP_set_generator(EC_GROUP *, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor);
+/** Frees a EC_GROUP object
-const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *);
+ *  \param  group  EC_GROUP object to be freed.
-int EC_GROUP_get_order(const EC_GROUP *, BIGNUM *order, BN_CTX *);
+ */
-int EC_GROUP_get_cofactor(const EC_GROUP *, BIGNUM *cofactor, BN_CTX *);
+void EC_GROUP_free(EC_GROUP *group);
-void EC_GROUP_set_curve_name(EC_GROUP *, int nid);
+/** Clears and frees a EC_GROUP object
-int EC_GROUP_get_curve_name(const EC_GROUP *);
+ *  \param  group  EC_GROUP object to be cleared and freed.
+ */
+void EC_GROUP_clear_free(EC_GROUP *group);
-void EC_GROUP_set_asn1_flag(EC_GROUP *, int flag);
+/** Copies EC_GROUP objects. Note: both EC_GROUPs must use the same EC_METHOD.
-int EC_GROUP_get_asn1_flag(const EC_GROUP *);
+ *  \param  dst  destination EC_GROUP object
+ *  \param  src  source EC_GROUP object
+ *  \return 1 on success and 0 if an error occurred.
+ */
+int EC_GROUP_copy(EC_GROUP *dst, const EC_GROUP *src);
+/** Creates a new EC_GROUP object and copies the copies the content
+ *  form src to the newly created EC_KEY object
+ *  \param  src  source EC_GROUP object
+ *  \return newly created EC_GROUP object or NULL in case of an error.
+ */
+EC_GROUP *EC_GROUP_dup(const EC_GROUP *src);
+/** Returns the EC_METHOD of the EC_GROUP object.
+ *  \param  group  EC_GROUP object 
+ *  \return EC_METHOD used in this EC_GROUP object.
+ */
+const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group);
+/** Returns the field type of the EC_METHOD.
+ *  \param  meth  EC_METHOD object
+ *  \return NID of the underlying field type OID.
+ */
+int EC_METHOD_get_field_type(const EC_METHOD *meth);
+/** Sets the generator and it's order/cofactor of a EC_GROUP object.
+ *  \param  group      EC_GROUP object 
+ *  \param  generator  EC_POINT object with the generator.
+ *  \param  order      the order of the group generated by the generator.
+ *  \param  cofactor   the index of the sub-group generated by the generator
+ *                     in the group of all points on the elliptic curve.
+ *  \return 1 on success and 0 if an error occured
+ */
+int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor);
+/** Returns the generator of a EC_GROUP object.
+ *  \param  group  EC_GROUP object
+ *  \return the currently used generator (possibly NULL).
+ */
+const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group);
+/** Gets the order of a EC_GROUP
+ *  \param  group  EC_GROUP object
+ *  \param  order  BIGNUM to which the order is copied
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occured
+ */
+int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx);
+/** Gets the cofactor of a EC_GROUP
+ *  \param  group     EC_GROUP object
+ *  \param  cofactor  BIGNUM to which the cofactor is copied
+ *  \param  ctx       BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occured
+ */
+int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx);
+/** Sets the name of a EC_GROUP object
+ *  \param  group  EC_GROUP object
+ *  \param  nid    NID of the curve name OID
+ */
+void EC_GROUP_set_curve_name(EC_GROUP *group, int nid);
+/** Returns the curve name of a EC_GROUP object
+ *  \param  group  EC_GROUP object
+ *  \return NID of the curve name OID or 0 if not set.
+ */
+int EC_GROUP_get_curve_name(const EC_GROUP *group);
+void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag);
+int EC_GROUP_get_asn1_flag(const EC_GROUP *group);
 void EC_GROUP_set_point_conversion_form(EC_GROUP *, point_conversion_form_t);
 point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *);
@@ -160,36 +262,114 @@ unsigned char *EC_GROUP_get0_seed(const EC_GROUP *);
 size_t EC_GROUP_get_seed_len(const EC_GROUP *);
 size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len);
-int EC_GROUP_set_curve_GFp(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
+/** Sets the parameter of a ec over GFp defined by y^2 = x^3 + a*x + b
-int EC_GROUP_get_curve_GFp(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *);
+ *  \param  group  EC_GROUP object
-int EC_GROUP_set_curve_GF2m(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
+ *  \param  p      BIGNUM with the prime number
-int EC_GROUP_get_curve_GF2m(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *);
+ *  \param  a      BIGNUM with parameter a of the equation
+ *  \param  b      BIGNUM with parameter b of the equation
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occured
+ */
+int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
+/** Gets the parameter of the ec over GFp defined by y^2 = x^3 + a*x + b
+ *  \param  group  EC_GROUP object
+ *  \param  p      BIGNUM for the prime number
+ *  \param  a      BIGNUM for parameter a of the equation
+ *  \param  b      BIGNUM for parameter b of the equation
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occured
+ */
+int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
+/** Sets the parameter of a ec over GF2m defined by y^2 + x*y = x^3 + a*x^2 + b
+ *  \param  group  EC_GROUP object
+ *  \param  p      BIGNUM with the polynomial defining the underlying field
+ *  \param  a      BIGNUM with parameter a of the equation
+ *  \param  b      BIGNUM with parameter b of the equation
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occured
+ */
+int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
+/** Gets the parameter of the ec over GF2m defined by y^2 + x*y = x^3 + a*x^2 + b
+ *  \param  group  EC_GROUP object
+ *  \param  p      BIGNUM for the polynomial defining the underlying field
+ *  \param  a      BIGNUM for parameter a of the equation
+ *  \param  b      BIGNUM for parameter b of the equation
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occured
+ */
+int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
-/* returns the number of bits needed to represent a field element */
+/** Returns the number of bits needed to represent a field element 
-int EC_GROUP_get_degree(const EC_GROUP *);
+ *  \param  group  EC_GROUP object
+ *  \return number of bits needed to represent a field element
+ */
+int EC_GROUP_get_degree(const EC_GROUP *group);
-/* EC_GROUP_check() returns 1 if 'group' defines a valid group, 0 otherwise */
+/** Checks whether the parameter in the EC_GROUP define a valid ec group
+ *  \param  group  EC_GROUP object
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 if group is a valid ec group and 0 otherwise
+ */
 int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx);
-/* EC_GROUP_check_discriminant() returns 1 if the discriminant of the
- * elliptic curve is not zero, 0 otherwise */
-int EC_GROUP_check_discriminant(const EC_GROUP *, BN_CTX *);
-/* EC_GROUP_cmp() returns 0 if both groups are equal and 1 otherwise */
+/** Checks whether the discriminant of the elliptic curve is zero or not
-int EC_GROUP_cmp(const EC_GROUP *, const EC_GROUP *, BN_CTX *);
+ *  \param  group  EC_GROUP object
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 if the discriminant is not zero and 0 otherwise
+ */
+int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx);
+/** Compares two EC_GROUP objects
+ *  \param  a    first EC_GROUP object
+ *  \param  b    second EC_GROUP object
+ *  \param  ctx  BN_CTX object (optional)
+ *  \return 0 if both groups are equal and 1 otherwise
+ */
+int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx);
 /* EC_GROUP_new_GF*() calls EC_GROUP_new() and EC_GROUP_set_GF*()
 * after choosing an appropriate EC_METHOD */
-EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
-EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
-/* EC_GROUP_new_by_curve_name() creates a EC_GROUP structure
+/** Creates a new EC_GROUP object with the specified parameters defined
- * specified by a curve name (in form of a NID) */
+ *  over GFp (defined by the equation y^2 = x^3 + a*x + b)
+ *  \param  p    BIGNUM with the prime number
+ *  \param  a    BIGNUM with the parameter a of the equation
+ *  \param  b    BIGNUM with the parameter b of the equation
+ *  \param  ctx  BN_CTX object (optional)
+ *  \return newly created EC_GROUP object with the specified parameters
+ */
+EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
+/** Creates a new EC_GROUP object with the specified parameters defined
+ *  over GF2m (defined by the equation y^2 + x*y = x^3 + a*x^2 + b)
+ *  \param  p    BIGNUM with the polynomial defining the underlying field
+ *  \param  a    BIGNUM with the parameter a of the equation
+ *  \param  b    BIGNUM with the parameter b of the equation
+ *  \param  ctx  BN_CTX object (optional)
+ *  \return newly created EC_GROUP object with the specified parameters
+ */
+EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
+/** Creates a EC_GROUP object with a curve specified by a NID
+ *  \param  nid  NID of the OID of the curve name
+ *  \return newly created EC_GROUP object with specified curve or NULL
+ *          if an error occurred
+ */
 EC_GROUP *EC_GROUP_new_by_curve_name(int nid);
-/* handling of internal curves */
+/********************************************************************/
+/*               handling of internal curves                        */
+/********************************************************************/
 typedef struct { 
        int nid;
        const char *comment;
        } EC_builtin_curve;
 /* EC_builtin_curves(EC_builtin_curve *r, size_t size) returns number 
 * of all available curves or zero if a error occurred. 
 * In case r ist not zero nitems EC_builtin_curve structures 
@@ -197,39 +377,168 @@ typedef struct {
 size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems);
-/* EC_POINT functions */
+/********************************************************************/
+/*                    EC_POINT functions                            */
+/********************************************************************/
+/** Creates a new EC_POINT object for the specified EC_GROUP
+ *  \param  group  EC_GROUP the underlying EC_GROUP object
+ *  \return newly created EC_POINT object or NULL if an error occurred
+ */
+EC_POINT *EC_POINT_new(const EC_GROUP *group);
+/** Frees a EC_POINT object
+ *  \param  point  EC_POINT object to be freed
+ */
+void EC_POINT_free(EC_POINT *point);
+/** Clears and frees a EC_POINT object
+ *  \param  point  EC_POINT object to be cleared and freed
+ */
+void EC_POINT_clear_free(EC_POINT *point);
+/** Copies EC_POINT object
+ *  \param  dst  destination EC_POINT object
+ *  \param  src  source EC_POINT object
+ *  \return 1 on success and 0 if an error occured
+ */
+int EC_POINT_copy(EC_POINT *dst, const EC_POINT *src);
-EC_POINT *EC_POINT_new(const EC_GROUP *);
+/** Creates a new EC_POINT object and copies the content of the supplied
-void EC_POINT_free(EC_POINT *);
+ *  EC_POINT
-void EC_POINT_clear_free(EC_POINT *);
+ *  \param  src    source EC_POINT object
-int EC_POINT_copy(EC_POINT *, const EC_POINT *);
+ *  \param  group  underlying the EC_GROUP object
-EC_POINT *EC_POINT_dup(const EC_POINT *, const EC_GROUP *);
+ *  \return newly created EC_POINT object or NULL if an error occurred 
+ */
+EC_POINT *EC_POINT_dup(const EC_POINT *src, const EC_GROUP *group);
 
-const EC_METHOD *EC_POINT_method_of(const EC_POINT *);
+/** Returns the EC_METHOD used in EC_POINT object 
+ *  \param  point  EC_POINT object
-int EC_POINT_set_to_infinity(const EC_GROUP *, EC_POINT *);
+ *  \return the EC_METHOD used
-int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *, EC_POINT *,
+ */
-        const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *);
+const EC_METHOD *EC_POINT_method_of(const EC_POINT *point);
-int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *, const EC_POINT *,
-        BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *);
+/** Sets a point to infinity (neutral element)
-int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *, EC_POINT *,
+ *  \param  group  underlying EC_GROUP object
-        const BIGNUM *x, const BIGNUM *y, BN_CTX *);
+ *  \param  point  EC_POINT to set to infinity
-int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *, const EC_POINT *,
+ *  \return 1 on success and 0 if an error occured
-        BIGNUM *x, BIGNUM *y, BN_CTX *);
+ */
-int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *, EC_POINT *,
+int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point);
-        const BIGNUM *x, int y_bit, BN_CTX *);
+/** Sets the jacobian projective coordinates of a EC_POINT over GFp
-int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *, EC_POINT *,
+ *  \param  group  underlying EC_GROUP object
-        const BIGNUM *x, const BIGNUM *y, BN_CTX *);
+ *  \param  p      EC_POINT object
-int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *, const EC_POINT *,
+ *  \param  x      BIGNUM with the x-coordinate
-        BIGNUM *x, BIGNUM *y, BN_CTX *);
+ *  \param  y      BIGNUM with the y-coordinate
-int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *, EC_POINT *,
+ *  \param  z      BIGNUM with the z-coordinate
-        const BIGNUM *x, int y_bit, BN_CTX *);
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occured
-size_t EC_POINT_point2oct(const EC_GROUP *, const EC_POINT *, point_conversion_form_t form,
+ */
-        unsigned char *buf, size_t len, BN_CTX *);
+int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *p,
-int EC_POINT_oct2point(const EC_GROUP *, EC_POINT *,
+        const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx);
-        const unsigned char *buf, size_t len, BN_CTX *);
+/** Gets the jacobian projective coordinates of a EC_POINT over GFp
+ *  \param  group  underlying EC_GROUP object
+ *  \param  p      EC_POINT object
+ *  \param  x      BIGNUM for the x-coordinate
+ *  \param  y      BIGNUM for the y-coordinate
+ *  \param  z      BIGNUM for the z-coordinate
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occured
+ */
+int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group,
+        const EC_POINT *p, BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx);
+/** Sets the affine coordinates of a EC_POINT over GFp
+ *  \param  group  underlying EC_GROUP object
+ *  \param  p      EC_POINT object
+ *  \param  x      BIGNUM with the x-coordinate
+ *  \param  y      BIGNUM with the y-coordinate
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occured
+ */
+int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *p,
+        const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx);
+/** Gets the affine coordinates of a EC_POINT over GFp
+ *  \param  group  underlying EC_GROUP object
+ *  \param  p      EC_POINT object
+ *  \param  x      BIGNUM for the x-coordinate
+ *  \param  y      BIGNUM for the y-coordinate
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occured
+ */
+int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,
+        const EC_POINT *p, BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
+/** Sets the x9.62 compressed coordinates of a EC_POINT over GFp
+ *  \param  group  underlying EC_GROUP object
+ *  \param  p      EC_POINT object
+ *  \param  x      BIGNUM with x-coordinate
+ *  \param  y_bit  integer with the y-Bit (either 0 or 1)
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occured
+ */
+int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *p,
+        const BIGNUM *x, int y_bit, BN_CTX *ctx);
+/** Sets the affine coordinates of a EC_POINT over GF2m
+ *  \param  group  underlying EC_GROUP object
+ *  \param  p      EC_POINT object
+ *  \param  x      BIGNUM with the x-coordinate
+ *  \param  y      BIGNUM with the y-coordinate
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occured
+ */
+int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p,
+        const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx);
+/** Gets the affine coordinates of a EC_POINT over GF2m
+ *  \param  group  underlying EC_GROUP object
+ *  \param  p      EC_POINT object
+ *  \param  x      BIGNUM for the x-coordinate
+ *  \param  y      BIGNUM for the y-coordinate
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occured
+ */
+int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group,
+        const EC_POINT *p, BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
+/** Sets the x9.62 compressed coordinates of a EC_POINT over GF2m
+ *  \param  group  underlying EC_GROUP object
+ *  \param  p      EC_POINT object
+ *  \param  x      BIGNUM with x-coordinate
+ *  \param  y_bit  integer with the y-Bit (either 0 or 1)
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occured
+ */
+int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p,
+        const BIGNUM *x, int y_bit, BN_CTX *ctx);
+/** Encodes a EC_POINT object to a octet string
+ *  \param  group  underlying EC_GROUP object
+ *  \param  p      EC_POINT object
+ *  \param  form   point conversion form
+ *  \param  buf    memory buffer for the result. If NULL the function returns
+ *                 required buffer size.
+ *  \param  len    length of the memory buffer
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return the length of the encoded octet string or 0 if an error occurred
+ */
+size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *p,
+        point_conversion_form_t form,
+        unsigned char *buf, size_t len, BN_CTX *ctx);
+/** Decodes a EC_POINT from a octet string
+ *  \param  group  underlying EC_GROUP object
+ *  \param  p      EC_POINT object
+ *  \param  buf    memory buffer with the encoded ec point
+ *  \param  len    length of the encoded ec point
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occured
+ */
+int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *p,
+        const unsigned char *buf, size_t len, BN_CTX *ctx);
 /* other interfaces to point2oct/oct2point: */
 BIGNUM *EC_POINT_point2bn(const EC_GROUP *, const EC_POINT *,
@@ -241,29 +550,105 @@ char *EC_POINT_point2hex(const EC_GROUP *, const EC_POINT *,
 EC_POINT *EC_POINT_hex2point(const EC_GROUP *, const char *,
        EC_POINT *, BN_CTX *);
-int EC_POINT_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
-int EC_POINT_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *);
-int EC_POINT_invert(const EC_GROUP *, EC_POINT *, BN_CTX *);
-int EC_POINT_is_at_infinity(const EC_GROUP *, const EC_POINT *);
+/********************************************************************/
-int EC_POINT_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *);
+/*         functions for doing EC_POINT arithmetic                  */
-int EC_POINT_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
+/********************************************************************/
+/** Computes the sum of two EC_POINT 
+ *  \param  group  underlying EC_GROUP object
+ *  \param  r      EC_POINT object for the result (r = a + b)
+ *  \param  a      EC_POINT object with the first summand
+ *  \param  b      EC_POINT object with the second summand
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occured
+ */
+int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx);
+/** Computes the double of a EC_POINT
+ *  \param  group  underlying EC_GROUP object
+ *  \param  r      EC_POINT object for the result (r = 2 * a)
+ *  \param  a      EC_POINT object 
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occured
+ */
+int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx);
+/** Computes the inverse of a EC_POINT
+ *  \param  group  underlying EC_GROUP object
+ *  \param  a      EC_POINT object to be inverted (it's used for the result as well)
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occured
+ */
+int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx);
+/** Checks whether the point is the neutral element of the group
+ *  \param  group  the underlying EC_GROUP object
+ *  \param  p      EC_POINT object
+ *  \return 1 if the point is the neutral element and 0 otherwise
+ */
+int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *p);
+/** Checks whether the point is on the curve 
+ *  \param  group  underlying EC_GROUP object
+ *  \param  point  EC_POINT object to check
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 if point if on the curve and 0 otherwise
+ */
+int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx);
+/** Compares two EC_POINTs 
+ *  \param  group  underlying EC_GROUP object
+ *  \param  a      first EC_POINT object
+ *  \param  b      second EC_POINT object
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 0 if both points are equal and a value != 0 otherwise
+ */
+int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx);
 int EC_POINT_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *);
 int EC_POINTs_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *);
+/** Computes r = generator * n sum_{i=0}^num p[i] * m[i]
+ *  \param  group  underlying EC_GROUP object
+ *  \param  r      EC_POINT object for the result
+ *  \param  n      BIGNUM with the multiplier for the group generator (optional)
+ *  \param  num    number futher summands
+ *  \param  p      array of size num of EC_POINT objects
+ *  \param  m      array of size num of BIGNUM objects
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occured
+ */
+int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, size_t num, const EC_POINT *p[], const BIGNUM *m[], BN_CTX *ctx);
+/** Computes r = generator * n + q * m
+ *  \param  group  underlying EC_GROUP object
+ *  \param  r      EC_POINT object for the result
+ *  \param  n      BIGNUM with the multiplier for the group generator (optional)
+ *  \param  q      EC_POINT object with the first factor of the second summand
+ *  \param  m      BIGNUM with the second factor of the second summand
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occured
+ */
+int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx);
-int EC_POINTs_mul(const EC_GROUP *, EC_POINT *r, const BIGNUM *, size_t num, const EC_POINT *[], const BIGNUM *[], BN_CTX *);
+/** Stores multiples of generator for faster point multiplication
-int EC_POINT_mul(const EC_GROUP *, EC_POINT *r, const BIGNUM *, const EC_POINT *, const BIGNUM *, BN_CTX *);
+ *  \param  group  EC_GROUP object
+ *  \param  ctx    BN_CTX object (optional)
-/* EC_GROUP_precompute_mult() stores multiples of generator for faster point multiplication */
+ *  \return 1 on success and 0 if an error occured
-int EC_GROUP_precompute_mult(EC_GROUP *, BN_CTX *);
+ */
-/* EC_GROUP_have_precompute_mult() reports whether such precomputation has been done */
+int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
-int EC_GROUP_have_precompute_mult(const EC_GROUP *);
+/** Reports whether a precomputation has been done
+ *  \param  group  EC_GROUP object
+ *  \return 1 if a pre-computation has been done and 0 otherwise
+ */
+int EC_GROUP_have_precompute_mult(const EC_GROUP *group);
-/* ASN1 stuff */
+/********************************************************************/
+/*                       ASN1 stuff                                 */
+/********************************************************************/
 /* EC_GROUP_get_basis_type() returns the NID of the basis type
 * used to represent the field elements */
@@ -293,28 +678,96 @@ int     ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off);
 int     ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off);
 #endif
-/* the EC_KEY stuff */
+/********************************************************************/
+/*                      EC_KEY functions                            */
+/********************************************************************/
 typedef struct ec_key_st EC_KEY;
 /* some values for the encoding_flag */
 #define EC_PKEY_NO_PARAMETERS   0x001
 #define EC_PKEY_NO_PUBKEY       0x002
+/** Creates a new EC_KEY object.
+ *  \return EC_KEY object or NULL if an error occurred.
+ */
 EC_KEY *EC_KEY_new(void);
+/** Creates a new EC_KEY object using a named curve as underlying
+ *  EC_GROUP object.
+ *  \param  nid  NID of the named curve.
+ *  \return EC_KEY object or NULL if an error occurred. 
+ */
 EC_KEY *EC_KEY_new_by_curve_name(int nid);
-void EC_KEY_free(EC_KEY *);
-EC_KEY *EC_KEY_copy(EC_KEY *, const EC_KEY *);
+/** Frees a EC_KEY object.
-EC_KEY *EC_KEY_dup(const EC_KEY *);
+ *  \param  key  EC_KEY object to be freed.
+ */
-int EC_KEY_up_ref(EC_KEY *);
+void EC_KEY_free(EC_KEY *key);
-const EC_GROUP *EC_KEY_get0_group(const EC_KEY *);
+/** Copies a EC_KEY object.
-int EC_KEY_set_group(EC_KEY *, const EC_GROUP *);
+ *  \param  dst  destination EC_KEY object
-const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *);
+ *  \param  src  src EC_KEY object
-int EC_KEY_set_private_key(EC_KEY *, const BIGNUM *);
+ *  \return dst or NULL if an error occurred.
-const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *);
+ */
-int EC_KEY_set_public_key(EC_KEY *, const EC_POINT *);
+EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src);
-unsigned EC_KEY_get_enc_flags(const EC_KEY *);
+/** Creates a new EC_KEY object and copies the content from src to it.
+ *  \param  src  the source EC_KEY object
+ *  \return newly created EC_KEY object or NULL if an error occurred.
+ */
+EC_KEY *EC_KEY_dup(const EC_KEY *src);
+/** Increases the internal reference count of a EC_KEY object.
+ *  \param  key  EC_KEY object
+ *  \return 1 on success and 0 if an error occurred.
+ */
+int EC_KEY_up_ref(EC_KEY *key);
+/** Returns the EC_GROUP object of a EC_KEY object
+ *  \param  key  EC_KEY object
+ *  \return the EC_GROUP object (possibly NULL).
+ */
+const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key);
+/** Sets the EC_GROUP of a EC_KEY object.
+ *  \param  key    EC_KEY object
+ *  \param  group  EC_GROUP to use in the EC_KEY object (note: the EC_KEY
+ *                 object will use an own copy of the EC_GROUP).
+ *  \return 1 on success and 0 if an error occurred.
+ */
+int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group);
+/** Returns the private key of a EC_KEY object.
+ *  \param  key  EC_KEY object
+ *  \return a BIGNUM with the private key (possibly NULL).
+ */
+const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key);
+/** Sets the private key of a EC_KEY object.
+ *  \param  key  EC_KEY object
+ *  \param  prv  BIGNUM with the private key (note: the EC_KEY object
+ *               will use an own copy of the BIGNUM).
+ *  \return 1 on success and 0 if an error occurred.
+ */
+int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *prv);
+/** Returns the public key of a EC_KEY object.
+ *  \param  key  the EC_KEY object
+ *  \return a EC_POINT object with the public key (possibly NULL)
+ */
+const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key);
+/** Sets the public key of a EC_KEY object.
+ *  \param  key  EC_KEY object
+ *  \param  pub  EC_POINT object with the public key (note: the EC_KEY object
+ *               will use an own copy of the EC_POINT object).
+ *  \return 1 on success and 0 if an error occurred.
+ */
+int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub);
+unsigned EC_KEY_get_enc_flags(const EC_KEY *key);
 void EC_KEY_set_enc_flags(EC_KEY *, unsigned int);
 point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *);
 void EC_KEY_set_conv_form(EC_KEY *, point_conversion_form_t);
@@ -325,31 +778,126 @@ void EC_KEY_insert_key_method_data(EC_KEY *, void *data,
        void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
 /* wrapper functions for the underlying EC_GROUP object */
 void EC_KEY_set_asn1_flag(EC_KEY *, int);
-int EC_KEY_precompute_mult(EC_KEY *, BN_CTX *ctx);
+/** Creates a table of pre-computed multiples of the generator to 
-/* EC_KEY_generate_key() creates a ec private (public) key */
+ *  accelerate further EC_KEY operations.
-int EC_KEY_generate_key(EC_KEY *);
+ *  \param  key  EC_KEY object
-/* EC_KEY_check_key() */
+ *  \param  ctx  BN_CTX object (optional)
-int EC_KEY_check_key(const EC_KEY *);
+ *  \return 1 on success and 0 if an error occurred.
+ */
-/* de- and encoding functions for SEC1 ECPrivateKey */
+int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx);
-EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len);
-int i2d_ECPrivateKey(EC_KEY *a, unsigned char **out);
+/** Creates a new ec private (and optional a new public) key.
-/* de- and encoding functions for EC parameters */
+ *  \param  key  EC_KEY object
-EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len);
+ *  \return 1 on success and 0 if an error occurred.
-int i2d_ECParameters(EC_KEY *a, unsigned char **out);
+ */
-/* de- and encoding functions for EC public key
+int EC_KEY_generate_key(EC_KEY *key);
- * (octet string, not DER -- hence 'o2i' and 'i2o') */
-EC_KEY *o2i_ECPublicKey(EC_KEY **a, const unsigned char **in, long len);
+/** Verifies that a private and/or public key is valid.
-int i2o_ECPublicKey(EC_KEY *a, unsigned char **out);
+ *  \param  key  the EC_KEY object
+ *  \return 1 on success and 0 otherwise.
+ */
+int EC_KEY_check_key(const EC_KEY *key);
+/********************************************************************/
+/*        de- and encoding functions for SEC1 ECPrivateKey          */
+/********************************************************************/
+/** Decodes a private key from a memory buffer.
+ *  \param  key  a pointer to a EC_KEY object which should be used (or NULL)
+ *  \param  in   pointer to memory with the DER encoded private key
+ *  \param  len  length of the DER encoded private key
+ *  \return the decoded private key or NULL if an error occurred.
+ */
+EC_KEY *d2i_ECPrivateKey(EC_KEY **key, const unsigned char **in, long len);
+/** Encodes a private key object and stores the result in a buffer.
+ *  \param  key  the EC_KEY object to encode
+ *  \param  out  the buffer for the result (if NULL the function returns number
+ *               of bytes needed).
+ *  \return 1 on success and 0 if an error occurred.
+ */
+int i2d_ECPrivateKey(EC_KEY *key, unsigned char **out);
+/********************************************************************/
+/*        de- and encoding functions for EC parameters              */
+/********************************************************************/
+/** Decodes ec parameter from a memory buffer.
+ *  \param  key  a pointer to a EC_KEY object which should be used (or NULL)
+ *  \param  in   pointer to memory with the DER encoded ec parameters
+ *  \param  len  length of the DER encoded ec parameters
+ *  \return a EC_KEY object with the decoded parameters or NULL if an error
+ *          occurred.
+ */
+EC_KEY *d2i_ECParameters(EC_KEY **key, const unsigned char **in, long len);
+/** Encodes ec parameter and stores the result in a buffer.
+ *  \param  key  the EC_KEY object with ec paramters to encode
+ *  \param  out  the buffer for the result (if NULL the function returns number
+ *               of bytes needed).
+ *  \return 1 on success and 0 if an error occurred.
+ */
+int i2d_ECParameters(EC_KEY *key, unsigned char **out);
+/********************************************************************/
+/*         de- and encoding functions for EC public key             */
+/*         (octet string, not DER -- hence 'o2i' and 'i2o')         */
+/********************************************************************/
+/** Decodes a ec public key from a octet string.
+ *  \param  key  a pointer to a EC_KEY object which should be used
+ *  \param  in   memory buffer with the encoded public key
+ *  \param  len  length of the encoded public key
+ *  \return EC_KEY object with decoded public key or NULL if an error
+ *          occurred.
+ */
+EC_KEY *o2i_ECPublicKey(EC_KEY **key, const unsigned char **in, long len);
+/** Encodes a ec public key in an octet string.
+ *  \param  key  the EC_KEY object with the public key
+ *  \param  out  the buffer for the result (if NULL the function returns number
+ *               of bytes needed).
+ *  \return 1 on success and 0 if an error occurred
+ */
+int i2o_ECPublicKey(EC_KEY *key, unsigned char **out);
 #ifndef OPENSSL_NO_BIO
-int     ECParameters_print(BIO *bp, const EC_KEY *x);
+/** Prints out the ec parameters on human readable form.
-int     EC_KEY_print(BIO *bp, const EC_KEY *x, int off);
+ *  \param  bp   BIO object to which the information is printed
+ *  \param  key  EC_KEY object
+ *  \return 1 on success and 0 if an error occurred
+ */
+int     ECParameters_print(BIO *bp, const EC_KEY *key);
+/** Prints out the contents of a EC_KEY object
+ *  \param  bp   BIO object to which the information is printed
+ *  \param  key  EC_KEY object
+ *  \param  off  line offset 
+ *  \return 1 on success and 0 if an error occurred
+ */
+int     EC_KEY_print(BIO *bp, const EC_KEY *key, int off);
 #endif
 #ifndef OPENSSL_NO_FP_API
-int     ECParameters_print_fp(FILE *fp, const EC_KEY *x);
+/** Prints out the ec parameters on human readable form.
-int     EC_KEY_print_fp(FILE *fp, const EC_KEY *x, int off);
+ *  \param  fp   file descriptor to which the information is printed
+ *  \param  key  EC_KEY object
+ *  \return 1 on success and 0 if an error occurred
+ */
+int     ECParameters_print_fp(FILE *fp, const EC_KEY *key);
+/** Prints out the contents of a EC_KEY object
+ *  \param  fp   file descriptor to which the information is printed
+ *  \param  key  EC_KEY object
+ *  \param  off  line offset 
+ *  \return 1 on success and 0 if an error occurred
+ */
+int     EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off);
 #endif
 #define ECParameters_dup(x) ASN1_dup_of(EC_KEY,i2d_ECParameters,d2i_ECParameters,x)
@@ -362,6 +910,13 @@ int	EC_KEY_print_fp(FILE *fp, const EC_KEY *x, int off);
 # endif
 #endif
+#define EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, EVP_PKEY_OP_PARAMGEN, \
+                                EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, nid, NULL)
+#define EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID             (EVP_PKEY_ALG_CTRL + 1)
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
@@ -375,6 +930,14 @@ void ERR_load_EC_strings(void);
 #define EC_F_D2I_ECPARAMETERS                            144
 #define EC_F_D2I_ECPKPARAMETERS                          145
 #define EC_F_D2I_ECPRIVATEKEY                            146
+#define EC_F_DO_EC_KEY_PRINT                             221
+#define EC_F_ECKEY_PARAM2TYPE                            223
+#define EC_F_ECKEY_PARAM_DECODE                          212
+#define EC_F_ECKEY_PRIV_DECODE                           213
+#define EC_F_ECKEY_PRIV_ENCODE                           214
+#define EC_F_ECKEY_PUB_DECODE                            215
+#define EC_F_ECKEY_PUB_ENCODE                            216
+#define EC_F_ECKEY_TYPE2PARAM                            220
 #define EC_F_ECPARAMETERS_PRINT                          147
 #define EC_F_ECPARAMETERS_PRINT_FP                       148
 #define EC_F_ECPKPARAMETERS_PRINT                        149
@@ -448,7 +1011,6 @@ void ERR_load_EC_strings(void);
 #define EC_F_EC_KEY_PRINT                                180
 #define EC_F_EC_KEY_PRINT_FP                             181
 #define EC_F_EC_POINTS_MAKE_AFFINE                       136
-#define EC_F_EC_POINTS_MUL                               138
 #define EC_F_EC_POINT_ADD                                112
 #define EC_F_EC_POINT_CMP                                113
 #define EC_F_EC_POINT_COPY                               114
@@ -479,21 +1041,31 @@ void ERR_load_EC_strings(void);
 #define EC_F_I2D_ECPRIVATEKEY                            192
 #define EC_F_I2O_ECPUBLICKEY                             151
 #define EC_F_O2I_ECPUBLICKEY                             152
+#define EC_F_OLD_EC_PRIV_DECODE                          222
+#define EC_F_PKEY_EC_CTRL                                197
+#define EC_F_PKEY_EC_CTRL_STR                            198
+#define EC_F_PKEY_EC_DERIVE                              217
+#define EC_F_PKEY_EC_KEYGEN                              199
+#define EC_F_PKEY_EC_PARAMGEN                            219
+#define EC_F_PKEY_EC_SIGN                                218
 /* Reason codes. */
 #define EC_R_ASN1_ERROR                                  115
 #define EC_R_ASN1_UNKNOWN_FIELD                          116
 #define EC_R_BUFFER_TOO_SMALL                            100
 #define EC_R_D2I_ECPKPARAMETERS_FAILURE                  117
+#define EC_R_DECODE_ERROR                                142
 #define EC_R_DISCRIMINANT_IS_ZERO                        118
 #define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE                119
-#define EC_R_FIELD_TOO_LARGE                             138
+#define EC_R_FIELD_TOO_LARGE                             143
 #define EC_R_GROUP2PKPARAMETERS_FAILURE                  120
 #define EC_R_I2D_ECPKPARAMETERS_FAILURE                  121
 #define EC_R_INCOMPATIBLE_OBJECTS                        101
 #define EC_R_INVALID_ARGUMENT                            112
 #define EC_R_INVALID_COMPRESSED_POINT                    110
 #define EC_R_INVALID_COMPRESSION_BIT                     109
+#define EC_R_INVALID_CURVE                               141
+#define EC_R_INVALID_DIGEST_TYPE                         138
 #define EC_R_INVALID_ENCODING                            102
 #define EC_R_INVALID_FIELD                               103
 #define EC_R_INVALID_FORM                                104
@@ -501,6 +1073,7 @@ void ERR_load_EC_strings(void);
 #define EC_R_INVALID_PENTANOMIAL_BASIS                   132
 #define EC_R_INVALID_PRIVATE_KEY                         123
 #define EC_R_INVALID_TRINOMIAL_BASIS                     137
+#define EC_R_KEYS_NOT_SET                                140
 #define EC_R_MISSING_PARAMETERS                          124
 #define EC_R_MISSING_PRIVATE_KEY                         125
 #define EC_R_NOT_A_NIST_PRIME                            135
@@ -508,6 +1081,7 @@ void ERR_load_EC_strings(void);
 #define EC_R_NOT_IMPLEMENTED                             126
 #define EC_R_NOT_INITIALIZED                             111
 #define EC_R_NO_FIELD_MOD                                133
+#define EC_R_NO_PARAMETERS_SET                           139
 #define EC_R_PASSED_NULL_PARAMETER                       134
 #define EC_R_PKPARAMETERS2GROUP_FAILURE                  127
 #define EC_R_POINT_AT_INFINITY                           106
diff --git a/src/lib/libcrypto/ec/ec2_mult.c b/src/lib/libcrypto/ec/ec2_mult.c
index ff368fd7d7..ab631a50a2 100644
--- a/src/lib/libcrypto/ec/ec2_mult.c
+++ b/src/lib/libcrypto/ec/ec2_mult.c
@@ -76,7 +76,7 @@
 * coordinates.
 * Uses algorithm Mdouble in appendix of 
 *     Lopez, J. and Dahab, R.  "Fast multiplication on elliptic curves over 
- *     GF(2^m) without precomputation".
+ *     GF(2^m) without precomputation" (CHES '99, LNCS 1717).
 * modified to not require precomputation of c=b^{2^{m-1}}.
 */
 static int gf2m_Mdouble(const EC_GROUP *group, BIGNUM *x, BIGNUM *z, BN_CTX *ctx)
@@ -107,8 +107,8 @@ static int gf2m_Mdouble(const EC_GROUP *group, BIGNUM *x, BIGNUM *z, BN_CTX *ctx
 /* Compute the x-coordinate x1/z1 for the point (x1/z1)+(x2/x2) in Montgomery 
 * projective coordinates.
 * Uses algorithm Madd in appendix of 
- *     Lopex, J. and Dahab, R.  "Fast multiplication on elliptic curves over 
+ *     Lopez, J. and Dahab, R.  "Fast multiplication on elliptic curves over 
- *     GF(2^m) without precomputation".
+ *     GF(2^m) without precomputation" (CHES '99, LNCS 1717).
 */
 static int gf2m_Madd(const EC_GROUP *group, const BIGNUM *x, BIGNUM *x1, BIGNUM *z1, 
        const BIGNUM *x2, const BIGNUM *z2, BN_CTX *ctx)
@@ -140,8 +140,8 @@ static int gf2m_Madd(const EC_GROUP *group, const BIGNUM *x, BIGNUM *x1, BIGNUM
 /* Compute the x, y affine coordinates from the point (x1, z1) (x2, z2) 
 * using Montgomery point multiplication algorithm Mxy() in appendix of 
- *     Lopex, J. and Dahab, R.  "Fast multiplication on elliptic curves over 
+ *     Lopez, J. and Dahab, R.  "Fast multiplication on elliptic curves over 
- *     GF(2^m) without precomputation".
+ *     GF(2^m) without precomputation" (CHES '99, LNCS 1717).
 * Returns:
 *     0 on error
 *     1 if return value should be the point at infinity
@@ -209,15 +209,15 @@ static int gf2m_Mxy(const EC_GROUP *group, const BIGNUM *x, const BIGNUM *y, BIG
 /* Computes scalar*point and stores the result in r.
 * point can not equal r.
 * Uses algorithm 2P of
- *     Lopex, J. and Dahab, R.  "Fast multiplication on elliptic curves over 
+ *     Lopez, J. and Dahab, R.  "Fast multiplication on elliptic curves over 
- *     GF(2^m) without precomputation".
+ *     GF(2^m) without precomputation" (CHES '99, LNCS 1717).
 */
 static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
        const EC_POINT *point, BN_CTX *ctx)
        {
        BIGNUM *x1, *x2, *z1, *z2;
-        int ret = 0, i, j;
+        int ret = 0, i;
-        BN_ULONG mask;
+        BN_ULONG mask,word;
        if (r == point)
                {
@@ -251,22 +251,24 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r,
        if (!BN_GF2m_add(x2, x2, &group->b)) goto err; /* x2 = x^4 + b */
        /* find top most bit and go one past it */
-        i = scalar->top - 1; j = BN_BITS2 - 1;
+        i = scalar->top - 1;
        mask = BN_TBIT;
-        while (!(scalar->d[i] & mask)) { mask >>= 1; j--; }
+        word = scalar->d[i];
-        mask >>= 1; j--;
+        while (!(word & mask)) mask >>= 1;
+        mask >>= 1;
        /* if top most bit was at word break, go to next word */
        if (!mask) 
                {
-                i--; j = BN_BITS2 - 1;
+                i--;
                mask = BN_TBIT;
                }
        for (; i >= 0; i--)
                {
-                for (; j >= 0; j--)
+                word = scalar->d[i];
+                while (mask)
                        {
-                        if (scalar->d[i] & mask)
+                        if (word & mask)
                                {
                                if (!gf2m_Madd(group, &point->X, x1, z1, x2, z2, ctx)) goto err;
                                if (!gf2m_Mdouble(group, x2, z2, ctx)) goto err;
@@ -278,7 +280,6 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r,
                                }
                        mask >>= 1;
                        }
-                j = BN_BITS2 - 1;
                mask = BN_TBIT;
                }
diff --git a/src/lib/libcrypto/ec/ec2_smpl.c b/src/lib/libcrypto/ec/ec2_smpl.c
index 5cd1eac41f..cf357b462a 100644
--- a/src/lib/libcrypto/ec/ec2_smpl.c
+++ b/src/lib/libcrypto/ec/ec2_smpl.c
@@ -14,7 +14,7 @@
 *
 */
 /* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -157,6 +157,7 @@ void ec_GF2m_simple_group_clear_finish(EC_GROUP *group)
        group->poly[2] = 0;
        group->poly[3] = 0;
        group->poly[4] = 0;
+        group->poly[5] = -1;
        }
@@ -174,8 +175,9 @@ int ec_GF2m_simple_group_copy(EC_GROUP *dest, const EC_GROUP *src)
        dest->poly[2] = src->poly[2];
        dest->poly[3] = src->poly[3];
        dest->poly[4] = src->poly[4];
-        bn_wexpand(&dest->a, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2);
+        dest->poly[5] = src->poly[5];
-        bn_wexpand(&dest->b, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2);
+        if (bn_wexpand(&dest->a, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL) return 0;
+        if (bn_wexpand(&dest->b, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL) return 0;
        for (i = dest->a.top; i < dest->a.dmax; i++) dest->a.d[i] = 0;
        for (i = dest->b.top; i < dest->b.dmax; i++) dest->b.d[i] = 0;
        return 1;
@@ -190,7 +192,7 @@ int ec_GF2m_simple_group_set_curve(EC_GROUP *group,
        /* group->field */
        if (!BN_copy(&group->field, p)) goto err;
-        i = BN_GF2m_poly2arr(&group->field, group->poly, 5);
+        i = BN_GF2m_poly2arr(&group->field, group->poly, 6) - 1;
        if ((i != 5) && (i != 3))
                {
                ECerr(EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD);
@@ -199,12 +201,12 @@ int ec_GF2m_simple_group_set_curve(EC_GROUP *group,
        /* group->a */
        if (!BN_GF2m_mod_arr(&group->a, a, group->poly)) goto err;
-        bn_wexpand(&group->a, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2);
+        if(bn_wexpand(&group->a, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL) goto err;
        for (i = group->a.top; i < group->a.dmax; i++) group->a.d[i] = 0;
        
        /* group->b */
        if (!BN_GF2m_mod_arr(&group->b, b, group->poly)) goto err;
-        bn_wexpand(&group->b, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2);
+        if(bn_wexpand(&group->b, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL) goto err;
        for (i = group->b.top; i < group->b.dmax; i++) group->b.d[i] = 0;
                
        ret = 1;
@@ -404,18 +406,94 @@ int ec_GF2m_simple_point_get_affine_coordinates(const EC_GROUP *group, const EC_
        }
-/* Include patented algorithms. */
+/* Calculates and sets the affine coordinates of an EC_POINT from the given
-#include "ec2_smpt.c"
+ * compressed coordinates.  Uses algorithm 2.3.4 of SEC 1. 
+ * Note that the simple implementation only uses affine coordinates.
+ *
+ * The method is from the following publication:
+ * 
+ *     Harper, Menezes, Vanstone:
+ *     "Public-Key Cryptosystems with Very Small Key Lengths",
+ *     EUROCRYPT '92, Springer-Verlag LNCS 658,
+ *     published February 1993
+ *
+ * US Patents 6,141,420 and 6,618,483 (Vanstone, Mullin, Agnew) describe
+ * the same method, but claim no priority date earlier than July 29, 1994
+ * (and additionally fail to cite the EUROCRYPT '92 publication as prior art).
+ */
+int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point,
+        const BIGNUM *x_, int y_bit, BN_CTX *ctx)
+        {
+        BN_CTX *new_ctx = NULL;
+        BIGNUM *tmp, *x, *y, *z;
+        int ret = 0, z0;
+        /* clear error queue */
+        ERR_clear_error();
+        if (ctx == NULL)
+                {
+                ctx = new_ctx = BN_CTX_new();
+                if (ctx == NULL)
+                        return 0;
+                }
+        y_bit = (y_bit != 0) ? 1 : 0;
+        BN_CTX_start(ctx);
+        tmp = BN_CTX_get(ctx);
+        x = BN_CTX_get(ctx);
+        y = BN_CTX_get(ctx);
+        z = BN_CTX_get(ctx);
+        if (z == NULL) goto err;
+        if (!BN_GF2m_mod_arr(x, x_, group->poly)) goto err;
+        if (BN_is_zero(x))
+                {
+                if (!BN_GF2m_mod_sqrt_arr(y, &group->b, group->poly, ctx)) goto err;
+                }
+        else
+                {
+                if (!group->meth->field_sqr(group, tmp, x, ctx)) goto err;
+                if (!group->meth->field_div(group, tmp, &group->b, tmp, ctx)) goto err;
+                if (!BN_GF2m_add(tmp, &group->a, tmp)) goto err;
+                if (!BN_GF2m_add(tmp, x, tmp)) goto err;
+                if (!BN_GF2m_mod_solve_quad_arr(z, tmp, group->poly, ctx))
+                        {
+                        unsigned long err = ERR_peek_last_error();
+                        
+                        if (ERR_GET_LIB(err) == ERR_LIB_BN && ERR_GET_REASON(err) == BN_R_NO_SOLUTION)
+                                {
+                                ERR_clear_error();
+                                ECerr(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES, EC_R_INVALID_COMPRESSED_POINT);
+                                }
+                        else
+                                ECerr(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES, ERR_R_BN_LIB);
+                        goto err;
+                        }
+                z0 = (BN_is_odd(z)) ? 1 : 0;
+                if (!group->meth->field_mul(group, y, x, z, ctx)) goto err;
+                if (z0 != y_bit)
+                        {
+                        if (!BN_GF2m_add(y, y, x)) goto err;
+                        }
+                }
+        if (!EC_POINT_set_affine_coordinates_GF2m(group, point, x, y, ctx)) goto err;
+        ret = 1;
+ err:
+        BN_CTX_end(ctx);
+        if (new_ctx != NULL)
+                BN_CTX_free(new_ctx);
+        return ret;
+        }
 /* Converts an EC_POINT to an octet string.  
 * If buf is NULL, the encoded length will be returned.
 * If the length len of buf is smaller than required an error will be returned.
- *
- * The point compression section of this function is patented by Certicom Corp. 
- * under US Patent 6,141,420.  Point compression is disabled by default and can 
- * be enabled by defining the preprocessor macro OPENSSL_EC_BIN_PT_COMP at 
- * Configure-time.
 */
 size_t ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point, point_conversion_form_t form,
        unsigned char *buf, size_t len, BN_CTX *ctx)
@@ -426,14 +504,6 @@ size_t ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point, po
        BIGNUM *x, *y, *yxi;
        size_t field_len, i, skip;
-#ifndef OPENSSL_EC_BIN_PT_COMP
-        if ((form == POINT_CONVERSION_COMPRESSED) || (form == POINT_CONVERSION_HYBRID)) 
-                {
-                ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_DISABLED);
-                goto err;
-                }
-#endif
        if ((form != POINT_CONVERSION_COMPRESSED)
                && (form != POINT_CONVERSION_UNCOMPRESSED)
                && (form != POINT_CONVERSION_HYBRID))
@@ -488,13 +558,11 @@ size_t ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point, po
                if (!EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, ctx)) goto err;
                buf[0] = form;
-#ifdef OPENSSL_EC_BIN_PT_COMP
                if ((form != POINT_CONVERSION_UNCOMPRESSED) && !BN_is_zero(x))
                        {
                        if (!group->meth->field_div(group, yxi, y, x, ctx)) goto err;
                        if (BN_is_odd(yxi)) buf[0]++;
                        }
-#endif
                i = 1;
                
diff --git a/src/lib/libcrypto/ec/ec_ameth.c b/src/lib/libcrypto/ec/ec_ameth.c
new file mode 100644
index 0000000000..c00f7d746c
--- /dev/null
+++ b/src/lib/libcrypto/ec/ec_ameth.c
@@ -0,0 +1,659 @@
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2006.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/ec.h>
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_CMS
+#include <openssl/cms.h>
+#endif
+#include "asn1_locl.h"
+static int eckey_param2type(int *pptype, void **ppval, EC_KEY *ec_key)
+        {
+        const EC_GROUP  *group;
+        int nid;
+        if (ec_key == NULL || (group = EC_KEY_get0_group(ec_key)) == NULL) 
+        {
+                ECerr(EC_F_ECKEY_PARAM2TYPE, EC_R_MISSING_PARAMETERS);
+                return 0;
+        }
+        if (EC_GROUP_get_asn1_flag(group)
+                     && (nid = EC_GROUP_get_curve_name(group)))
+                /* we have a 'named curve' => just set the OID */
+                {
+                *ppval = OBJ_nid2obj(nid);
+                *pptype = V_ASN1_OBJECT;
+                }
+        else    /* explicit parameters */
+                {
+                ASN1_STRING *pstr = NULL;
+                pstr = ASN1_STRING_new();
+                if (!pstr)
+                        return 0;
+                pstr->length = i2d_ECParameters(ec_key, &pstr->data);
+                if (pstr->length < 0)
+                        {
+                        ASN1_STRING_free(pstr);
+                        ECerr(EC_F_ECKEY_PARAM2TYPE, ERR_R_EC_LIB);
+                        return 0;
+                        }
+                *ppval = pstr;
+                *pptype = V_ASN1_SEQUENCE;
+                }
+        return 1;
+        }
+static int eckey_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
+        {
+        EC_KEY *ec_key = pkey->pkey.ec;
+        void *pval = NULL;
+        int ptype;
+        unsigned char *penc = NULL, *p;
+        int penclen;
+        if (!eckey_param2type(&ptype, &pval, ec_key))
+                {
+                ECerr(EC_F_ECKEY_PUB_ENCODE, ERR_R_EC_LIB);
+                return 0;
+                }
+        penclen = i2o_ECPublicKey(ec_key, NULL);
+        if (penclen <= 0)
+                goto err;
+        penc = OPENSSL_malloc(penclen);
+        if (!penc)
+                goto err;
+        p = penc;
+        penclen = i2o_ECPublicKey(ec_key, &p);
+        if (penclen <= 0)
+                goto err;
+        if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_EC),
+                                ptype, pval, penc, penclen))
+                return 1;
+        err:
+        if (ptype == V_ASN1_OBJECT)
+                ASN1_OBJECT_free(pval);
+        else
+                ASN1_STRING_free(pval);
+        if (penc)
+                OPENSSL_free(penc);
+        return 0;
+        }
+static EC_KEY *eckey_type2param(int ptype, void *pval)
+        {
+        EC_KEY *eckey = NULL;
+        if (ptype == V_ASN1_SEQUENCE)
+                {
+                ASN1_STRING *pstr = pval;
+                const unsigned char *pm = NULL;
+                int pmlen;
+                pm = pstr->data;
+                pmlen = pstr->length;
+                if (!(eckey = d2i_ECParameters(NULL, &pm, pmlen)))
+                        {
+                        ECerr(EC_F_ECKEY_TYPE2PARAM, EC_R_DECODE_ERROR);
+                        goto ecerr;
+                        }
+                }
+        else if (ptype == V_ASN1_OBJECT)
+                {
+                ASN1_OBJECT *poid = pval;
+                EC_GROUP *group;
+                /* type == V_ASN1_OBJECT => the parameters are given
+                 * by an asn1 OID
+                 */
+                if ((eckey = EC_KEY_new()) == NULL)
+                        {
+                        ECerr(EC_F_ECKEY_TYPE2PARAM, ERR_R_MALLOC_FAILURE);
+                        goto ecerr;
+                        }
+                group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(poid));
+                if (group == NULL)
+                        goto ecerr;
+                EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
+                if (EC_KEY_set_group(eckey, group) == 0)
+                        goto ecerr;
+                EC_GROUP_free(group);
+                }
+        else
+                {
+                ECerr(EC_F_ECKEY_TYPE2PARAM, EC_R_DECODE_ERROR);
+                goto ecerr;
+                }
+        return eckey;
+        ecerr:
+        if (eckey)
+                EC_KEY_free(eckey);
+        return NULL;
+        }
+static int eckey_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
+        {
+        const unsigned char *p = NULL;
+        void *pval;
+        int ptype, pklen;
+        EC_KEY *eckey = NULL;
+        X509_ALGOR *palg;
+        if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
+                return 0;
+        X509_ALGOR_get0(NULL, &ptype, &pval, palg);
+        eckey = eckey_type2param(ptype, pval);
+        if (!eckey)
+                {
+                ECerr(EC_F_ECKEY_PUB_DECODE, ERR_R_EC_LIB);
+                return 0;
+                }
+        /* We have parameters now set public key */
+        if (!o2i_ECPublicKey(&eckey, &p, pklen))
+                {
+                ECerr(EC_F_ECKEY_PUB_DECODE, EC_R_DECODE_ERROR);
+                goto ecerr;
+                }
+        EVP_PKEY_assign_EC_KEY(pkey, eckey);
+        return 1;
+        ecerr:
+        if (eckey)
+                EC_KEY_free(eckey);
+        return 0;
+        }
+static int eckey_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
+        {
+        int  r;
+        const EC_GROUP *group = EC_KEY_get0_group(b->pkey.ec);
+        const EC_POINT *pa = EC_KEY_get0_public_key(a->pkey.ec),
+                       *pb = EC_KEY_get0_public_key(b->pkey.ec);
+        r = EC_POINT_cmp(group, pa, pb, NULL);
+        if (r == 0)
+                return 1;
+        if (r == 1)
+                return 0;
+        return -2;
+        }
+static int eckey_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
+        {
+        const unsigned char *p = NULL;
+        void *pval;
+        int ptype, pklen;
+        EC_KEY *eckey = NULL;
+        X509_ALGOR *palg;
+        if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
+                return 0;
+        X509_ALGOR_get0(NULL, &ptype, &pval, palg);
+        eckey = eckey_type2param(ptype, pval);
+        if (!eckey)
+                goto ecliberr;
+        /* We have parameters now set private key */
+        if (!d2i_ECPrivateKey(&eckey, &p, pklen))
+                {
+                ECerr(EC_F_ECKEY_PRIV_DECODE, EC_R_DECODE_ERROR);
+                goto ecerr;
+                }
+        /* calculate public key (if necessary) */
+        if (EC_KEY_get0_public_key(eckey) == NULL)
+                {
+                const BIGNUM *priv_key;
+                const EC_GROUP *group;
+                EC_POINT *pub_key;
+                /* the public key was not included in the SEC1 private
+                 * key => calculate the public key */
+                group   = EC_KEY_get0_group(eckey);
+                pub_key = EC_POINT_new(group);
+                if (pub_key == NULL)
+                        {
+                        ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);
+                        goto ecliberr;
+                        }
+                if (!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group)))
+                        {
+                        EC_POINT_free(pub_key);
+                        ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);
+                        goto ecliberr;
+                        }
+                priv_key = EC_KEY_get0_private_key(eckey);
+                if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, NULL))
+                        {
+                        EC_POINT_free(pub_key);
+                        ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);
+                        goto ecliberr;
+                        }
+                if (EC_KEY_set_public_key(eckey, pub_key) == 0)
+                        {
+                        EC_POINT_free(pub_key);
+                        ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);
+                        goto ecliberr;
+                        }
+                EC_POINT_free(pub_key);
+                }
+        EVP_PKEY_assign_EC_KEY(pkey, eckey);
+        return 1;
+        ecliberr:
+        ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);
+        ecerr:
+        if (eckey)
+                EC_KEY_free(eckey);
+        return 0;
+        }
+static int eckey_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
+{
+        EC_KEY          *ec_key;
+        unsigned char   *ep, *p;
+        int             eplen, ptype;
+        void            *pval;
+        unsigned int    tmp_flags, old_flags;
+        ec_key = pkey->pkey.ec;
+        if (!eckey_param2type(&ptype, &pval, ec_key))
+                {
+                ECerr(EC_F_ECKEY_PRIV_ENCODE, EC_R_DECODE_ERROR);
+                return 0;
+                }
+        /* set the private key */
+        /* do not include the parameters in the SEC1 private key
+         * see PKCS#11 12.11 */
+        old_flags = EC_KEY_get_enc_flags(ec_key);
+        tmp_flags = old_flags | EC_PKEY_NO_PARAMETERS;
+        EC_KEY_set_enc_flags(ec_key, tmp_flags);
+        eplen = i2d_ECPrivateKey(ec_key, NULL);
+        if (!eplen)
+        {
+                EC_KEY_set_enc_flags(ec_key, old_flags);
+                ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_EC_LIB);
+                return 0;
+        }
+        ep = (unsigned char *) OPENSSL_malloc(eplen);
+        if (!ep)
+        {
+                EC_KEY_set_enc_flags(ec_key, old_flags);
+                ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
+                return 0;
+        }
+        p = ep;
+        if (!i2d_ECPrivateKey(ec_key, &p))
+        {
+                EC_KEY_set_enc_flags(ec_key, old_flags);
+                OPENSSL_free(ep);
+                ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_EC_LIB);
+        }
+        /* restore old encoding flags */
+        EC_KEY_set_enc_flags(ec_key, old_flags);
+        if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_X9_62_id_ecPublicKey), 0,
+                                ptype, pval, ep, eplen))
+                return 0;
+        return 1;
+}
+static int int_ec_size(const EVP_PKEY *pkey)
+        {
+        return ECDSA_size(pkey->pkey.ec);
+        }
+static int ec_bits(const EVP_PKEY *pkey)
+        {
+        BIGNUM *order = BN_new();
+        const EC_GROUP *group;
+        int ret;
+        if (!order)
+                {
+                ERR_clear_error();
+                return 0;
+                }
+        group = EC_KEY_get0_group(pkey->pkey.ec);
+        if (!EC_GROUP_get_order(group, order, NULL))
+                {
+                ERR_clear_error();
+                return 0;
+                }
+        ret = BN_num_bits(order);
+        BN_free(order);
+        return ret;
+        }
+static int ec_missing_parameters(const EVP_PKEY *pkey)
+        {
+        if (EC_KEY_get0_group(pkey->pkey.ec) == NULL)
+                return 1;
+        return 0;
+        }
+static int ec_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
+        {
+        EC_GROUP *group = EC_GROUP_dup(EC_KEY_get0_group(from->pkey.ec));
+        if (group == NULL)
+                return 0;
+        if (EC_KEY_set_group(to->pkey.ec, group) == 0)
+                return 0;
+        EC_GROUP_free(group);
+        return 1;
+        }
+static int ec_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
+        {
+        const EC_GROUP *group_a = EC_KEY_get0_group(a->pkey.ec),
+                       *group_b = EC_KEY_get0_group(b->pkey.ec);
+        if (EC_GROUP_cmp(group_a, group_b, NULL))
+                return 0;
+        else
+                return 1;
+        }
+static void int_ec_free(EVP_PKEY *pkey)
+        {
+        EC_KEY_free(pkey->pkey.ec);
+        }
+static int do_EC_KEY_print(BIO *bp, const EC_KEY *x, int off, int ktype)
+        {
+        unsigned char *buffer=NULL;
+        const char *ecstr;
+        size_t  buf_len=0, i;
+        int     ret=0, reason=ERR_R_BIO_LIB;
+        BIGNUM  *pub_key=NULL, *order=NULL;
+        BN_CTX  *ctx=NULL;
+        const EC_GROUP *group;
+        const EC_POINT *public_key;
+        const BIGNUM *priv_key;
+ 
+        if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL)
+                {
+                reason = ERR_R_PASSED_NULL_PARAMETER;
+                goto err;
+                }
+        ctx = BN_CTX_new();
+        if (ctx == NULL)
+                {
+                reason = ERR_R_MALLOC_FAILURE;
+                goto err;
+                }
+        if (ktype > 0)
+                {
+                public_key = EC_KEY_get0_public_key(x);
+                if ((pub_key = EC_POINT_point2bn(group, public_key,
+                        EC_KEY_get_conv_form(x), NULL, ctx)) == NULL)
+                        {
+                        reason = ERR_R_EC_LIB;
+                        goto err;
+                        }
+                if (pub_key)
+                        buf_len = (size_t)BN_num_bytes(pub_key);
+                }
+        if (ktype == 2)
+                {
+                priv_key = EC_KEY_get0_private_key(x);
+                if (priv_key && (i = (size_t)BN_num_bytes(priv_key)) > buf_len)
+                        buf_len = i;
+                }
+        else
+                priv_key = NULL;
+        if (ktype > 0)
+                {
+                buf_len += 10;
+                if ((buffer = OPENSSL_malloc(buf_len)) == NULL)
+                        {
+                        reason = ERR_R_MALLOC_FAILURE;
+                        goto err;
+                        }
+                }
+        if (ktype == 2)
+                ecstr = "Private-Key";
+        else if (ktype == 1)
+                ecstr = "Public-Key";
+        else
+                ecstr = "ECDSA-Parameters";
+        if (!BIO_indent(bp, off, 128))
+                goto err;
+        if ((order = BN_new()) == NULL)
+                goto err;
+        if (!EC_GROUP_get_order(group, order, NULL))
+                goto err;
+        if (BIO_printf(bp, "%s: (%d bit)\n", ecstr,
+                BN_num_bits(order)) <= 0) goto err;
+  
+        if ((priv_key != NULL) && !ASN1_bn_print(bp, "priv:", priv_key, 
+                buffer, off))
+                goto err;
+        if ((pub_key != NULL) && !ASN1_bn_print(bp, "pub: ", pub_key,
+                buffer, off))
+                goto err;
+        if (!ECPKParameters_print(bp, group, off))
+                goto err;
+        ret=1;
+err:
+        if (!ret)
+                ECerr(EC_F_DO_EC_KEY_PRINT, reason);
+        if (pub_key) 
+                BN_free(pub_key);
+        if (order)
+                BN_free(order);
+        if (ctx)
+                BN_CTX_free(ctx);
+        if (buffer != NULL)
+                OPENSSL_free(buffer);
+        return(ret);
+        }
+static int eckey_param_decode(EVP_PKEY *pkey,
+                                        const unsigned char **pder, int derlen)
+        {
+        EC_KEY *eckey;
+        if (!(eckey = d2i_ECParameters(NULL, pder, derlen)))
+                {
+                ECerr(EC_F_ECKEY_PARAM_DECODE, ERR_R_EC_LIB);
+                return 0;
+                }
+        EVP_PKEY_assign_EC_KEY(pkey, eckey);
+        return 1;
+        }
+static int eckey_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
+        {
+        return i2d_ECParameters(pkey->pkey.ec, pder);
+        }
+static int eckey_param_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                                                        ASN1_PCTX *ctx)
+        {
+        return do_EC_KEY_print(bp, pkey->pkey.ec, indent, 0);
+        }
+static int eckey_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                                                        ASN1_PCTX *ctx)
+        {
+        return do_EC_KEY_print(bp, pkey->pkey.ec, indent, 1);
+        }
+static int eckey_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                                                        ASN1_PCTX *ctx)
+        {
+        return do_EC_KEY_print(bp, pkey->pkey.ec, indent, 2);
+        }
+static int old_ec_priv_decode(EVP_PKEY *pkey,
+                                        const unsigned char **pder, int derlen)
+        {
+        EC_KEY *ec;
+        if (!(ec = d2i_ECPrivateKey (NULL, pder, derlen)))
+                {
+                ECerr(EC_F_OLD_EC_PRIV_DECODE, EC_R_DECODE_ERROR);
+                return 0;
+                }
+        EVP_PKEY_assign_EC_KEY(pkey, ec);
+        return 1;
+        }
+static int old_ec_priv_encode(const EVP_PKEY *pkey, unsigned char **pder)
+        {
+        return i2d_ECPrivateKey(pkey->pkey.ec, pder);
+        }
+static int ec_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
+        {
+        switch (op)
+                {
+                case ASN1_PKEY_CTRL_PKCS7_SIGN:
+                if (arg1 == 0)
+                        {
+                        int snid, hnid;
+                        X509_ALGOR *alg1, *alg2;
+                        PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, &alg1, &alg2);
+                        if (alg1 == NULL || alg1->algorithm == NULL)
+                                return -1;
+                        hnid = OBJ_obj2nid(alg1->algorithm);
+                        if (hnid == NID_undef)
+                                return -1;
+                        if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
+                                return -1; 
+                        X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
+                        }
+                return 1;
+#ifndef OPENSSL_NO_CMS
+                case ASN1_PKEY_CTRL_CMS_SIGN:
+                if (arg1 == 0)
+                        {
+                        int snid, hnid;
+                        X509_ALGOR *alg1, *alg2;
+                        CMS_SignerInfo_get0_algs(arg2, NULL, NULL,
+                                                                &alg1, &alg2);
+                        if (alg1 == NULL || alg1->algorithm == NULL)
+                                return -1;
+                        hnid = OBJ_obj2nid(alg1->algorithm);
+                        if (hnid == NID_undef)
+                                return -1;
+                        if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
+                                return -1; 
+                        X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
+                        }
+                return 1;
+#endif
+                case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
+                *(int *)arg2 = NID_sha1;
+                return 2;
+                default:
+                return -2;
+                }
+        }
+const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = 
+        {
+        EVP_PKEY_EC,
+        EVP_PKEY_EC,
+        0,
+        "EC",
+        "OpenSSL EC algorithm",
+        eckey_pub_decode,
+        eckey_pub_encode,
+        eckey_pub_cmp,
+        eckey_pub_print,
+        eckey_priv_decode,
+        eckey_priv_encode,
+        eckey_priv_print,
+        int_ec_size,
+        ec_bits,
+        eckey_param_decode,
+        eckey_param_encode,
+        ec_missing_parameters,
+        ec_copy_parameters,
+        ec_cmp_parameters,
+        eckey_param_print,
+        int_ec_free,
+        ec_pkey_ctrl,
+        old_ec_priv_decode,
+        old_ec_priv_encode
+        };
diff --git a/src/lib/libcrypto/ec/ec_curve.c b/src/lib/libcrypto/ec/ec_curve.c
index beac20969b..23274e4031 100644
--- a/src/lib/libcrypto/ec/ec_curve.c
+++ b/src/lib/libcrypto/ec/ec_curve.c
@@ -73,926 +73,1690 @@
 #include <openssl/err.h>
 #include <openssl/obj_mac.h>
-typedef struct ec_curve_data_st {
+typedef struct {
-        int     field_type;     /* either NID_X9_62_prime_field or
+        int     field_type,     /* either NID_X9_62_prime_field or
                                 * NID_X9_62_characteristic_two_field */
-        const char *p;          /* either a prime number or a polynomial */
+                seed_len,
-        const char *a;
+                param_len;
-        const char *b;
+        unsigned int cofactor;  /* promoted to BN_ULONG */
-        const char *x;          /* the x coordinate of the generator */
-        const char *y;          /* the y coordinate of the generator */
-        const char *order;      /* the order of the group generated by the
-                                 * generator */
-        const BN_ULONG cofactor;/* the cofactor */
-        const unsigned char *seed;/* the seed (optional) */
-        size_t  seed_len;
-        const char *comment;    /* a short description of the curve */
 } EC_CURVE_DATA;
 /* the nist prime curves */
-static const unsigned char _EC_NIST_PRIME_192_SEED[] = {
+static const struct { EC_CURVE_DATA h; unsigned char data[20+24*6]; }
-        0x30,0x45,0xAE,0x6F,0xC8,0x42,0x2F,0x64,0xED,0x57,
+        _EC_NIST_PRIME_192 = {
-        0x95,0x28,0xD3,0x81,0x20,0xEA,0xE1,0x21,0x96,0xD5};
+        { NID_X9_62_prime_field,20,24,1 },
-static const EC_CURVE_DATA _EC_NIST_PRIME_192 = {
+        { 0x30,0x45,0xAE,0x6F,0xC8,0x42,0x2F,0x64,0xED,0x57,    /* seed */
-        NID_X9_62_prime_field,
+          0x95,0x28,0xD3,0x81,0x20,0xEA,0xE1,0x21,0x96,0xD5,
-        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
-        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* p */
-        "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1",
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFF,0xFF,
-        "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012",
+          0xFF,0xFF,0xFF,0xFF,
-        "07192b95ffc8da78631011ed6b24cdd573f977a11e794811",
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* a */
-        "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831",1,
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFF,0xFF,
-        _EC_NIST_PRIME_192_SEED, 20,
+          0xFF,0xFF,0xFF,0xFC,
-        "NIST/X9.62/SECG curve over a 192 bit prime field"
+          0x64,0x21,0x05,0x19,0xE5,0x9C,0x80,0xE7,0x0F,0xA7,    /* b */
+          0xE9,0xAB,0x72,0x24,0x30,0x49,0xFE,0xB8,0xDE,0xEC,
+          0xC1,0x46,0xB9,0xB1,
+          0x18,0x8D,0xA8,0x0E,0xB0,0x30,0x90,0xF6,0x7C,0xBF,    /* x */
+          0x20,0xEB,0x43,0xA1,0x88,0x00,0xF4,0xFF,0x0A,0xFD,
+          0x82,0xFF,0x10,0x12,
+          0x07,0x19,0x2b,0x95,0xff,0xc8,0xda,0x78,0x63,0x10,    /* y */
+          0x11,0xed,0x6b,0x24,0xcd,0xd5,0x73,0xf9,0x77,0xa1,
+          0x1e,0x79,0x48,0x11,
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* order */
+          0xFF,0xFF,0x99,0xDE,0xF8,0x36,0x14,0x6B,0xC9,0xB1,
+          0xB4,0xD2,0x28,0x31 }
        };
-static const unsigned char _EC_NIST_PRIME_224_SEED[] = {
+static const struct { EC_CURVE_DATA h; unsigned char data[20+28*6]; }
-        0xBD,0x71,0x34,0x47,0x99,0xD5,0xC7,0xFC,0xDC,0x45,
+        _EC_NIST_PRIME_224 = {
-        0xB5,0x9F,0xA3,0xB9,0xAB,0x8F,0x6A,0x94,0x8B,0xC5};
+        { NID_X9_62_prime_field,20,28,1 },
-static const EC_CURVE_DATA _EC_NIST_PRIME_224 = {
+        { 0xBD,0x71,0x34,0x47,0x99,0xD5,0xC7,0xFC,0xDC,0x45,    /* seed */
-        NID_X9_62_prime_field,
+          0xB5,0x9F,0xA3,0xB9,0xAB,0x8F,0x6A,0x94,0x8B,0xC5,
-        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001",
-        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE",
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* p */
-        "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4",
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00,
-        "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21",
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,
-        "bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34",
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* a */
-        "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D",1,
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFF,0xFF,
-        _EC_NIST_PRIME_224_SEED, 20,
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,
-        "NIST/SECG curve over a 224 bit prime field"
+          0xB4,0x05,0x0A,0x85,0x0C,0x04,0xB3,0xAB,0xF5,0x41,    /* b */
+          0x32,0x56,0x50,0x44,0xB0,0xB7,0xD7,0xBF,0xD8,0xBA,
+          0x27,0x0B,0x39,0x43,0x23,0x55,0xFF,0xB4,
+          0xB7,0x0E,0x0C,0xBD,0x6B,0xB4,0xBF,0x7F,0x32,0x13,    /* x */
+          0x90,0xB9,0x4A,0x03,0xC1,0xD3,0x56,0xC2,0x11,0x22,
+          0x34,0x32,0x80,0xD6,0x11,0x5C,0x1D,0x21,
+          0xbd,0x37,0x63,0x88,0xb5,0xf7,0x23,0xfb,0x4c,0x22,    /* y */
+          0xdf,0xe6,0xcd,0x43,0x75,0xa0,0x5a,0x07,0x47,0x64,
+          0x44,0xd5,0x81,0x99,0x85,0x00,0x7e,0x34,
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* order */
+          0xFF,0xFF,0xFF,0xFF,0x16,0xA2,0xE0,0xB8,0xF0,0x3E,
+          0x13,0xDD,0x29,0x45,0x5C,0x5C,0x2A,0x3D }
        };
-static const unsigned char _EC_NIST_PRIME_384_SEED[] = {
+static const struct { EC_CURVE_DATA h; unsigned char data[20+48*6]; }
-        0xA3,0x35,0x92,0x6A,0xA3,0x19,0xA2,0x7A,0x1D,0x00,
+        _EC_NIST_PRIME_384 = {
-        0x89,0x6A,0x67,0x73,0xA4,0x82,0x7A,0xCD,0xAC,0x73};
+        { NID_X9_62_prime_field,20,48,1 },
-static const EC_CURVE_DATA _EC_NIST_PRIME_384 = {
+        { 0xA3,0x35,0x92,0x6A,0xA3,0x19,0xA2,0x7A,0x1D,0x00,    /* seed */
-        NID_X9_62_prime_field,
+          0x89,0x6A,0x67,0x73,0xA4,0x82,0x7A,0xCD,0xAC,0x73,
-        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFF"
-        "FFF0000000000000000FFFFFFFF",
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* p */
-        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFF"
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-        "FFF0000000000000000FFFFFFFC",
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-        "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC6563"
+          0xFF,0xFE,0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00,
-        "98D8A2ED19D2A85C8EDD3EC2AEF",
+          0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,
-        "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F"
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* a */
-        "25DBF55296C3A545E3872760AB7",
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-        "3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b"
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-        "1ce1d7e819d7a431d7c90ea0e5f",
+          0xFF,0xFE,0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00,
-        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0"
+          0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFC,
-        "DB248B0A77AECEC196ACCC52973",1,
+          0xB3,0x31,0x2F,0xA7,0xE2,0x3E,0xE7,0xE4,0x98,0x8E,    /* b */
-        _EC_NIST_PRIME_384_SEED, 20,
+          0x05,0x6B,0xE3,0xF8,0x2D,0x19,0x18,0x1D,0x9C,0x6E,
-        "NIST/SECG curve over a 384 bit prime field"
+          0xFE,0x81,0x41,0x12,0x03,0x14,0x08,0x8F,0x50,0x13,
+          0x87,0x5A,0xC6,0x56,0x39,0x8D,0x8A,0x2E,0xD1,0x9D,
+          0x2A,0x85,0xC8,0xED,0xD3,0xEC,0x2A,0xEF,
+          0xAA,0x87,0xCA,0x22,0xBE,0x8B,0x05,0x37,0x8E,0xB1,    /* x */
+          0xC7,0x1E,0xF3,0x20,0xAD,0x74,0x6E,0x1D,0x3B,0x62,
+          0x8B,0xA7,0x9B,0x98,0x59,0xF7,0x41,0xE0,0x82,0x54,
+          0x2A,0x38,0x55,0x02,0xF2,0x5D,0xBF,0x55,0x29,0x6C,
+          0x3A,0x54,0x5E,0x38,0x72,0x76,0x0A,0xB7,
+          0x36,0x17,0xde,0x4a,0x96,0x26,0x2c,0x6f,0x5d,0x9e,    /* y */
+          0x98,0xbf,0x92,0x92,0xdc,0x29,0xf8,0xf4,0x1d,0xbd,
+          0x28,0x9a,0x14,0x7c,0xe9,0xda,0x31,0x13,0xb5,0xf0,
+          0xb8,0xc0,0x0a,0x60,0xb1,0xce,0x1d,0x7e,0x81,0x9d,
+          0x7a,0x43,0x1d,0x7c,0x90,0xea,0x0e,0x5f,
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* order */
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+          0xFF,0xFF,0xFF,0xFF,0xC7,0x63,0x4D,0x81,0xF4,0x37,
+          0x2D,0xDF,0x58,0x1A,0x0D,0xB2,0x48,0xB0,0xA7,0x7A,
+          0xEC,0xEC,0x19,0x6A,0xCC,0xC5,0x29,0x73 }
        };
-static const unsigned char _EC_NIST_PRIME_521_SEED[] = {
+static const struct { EC_CURVE_DATA h; unsigned char data[20+66*6]; }
-        0xD0,0x9E,0x88,0x00,0x29,0x1C,0xB8,0x53,0x96,0xCC,
+        _EC_NIST_PRIME_521 = {
-        0x67,0x17,0x39,0x32,0x84,0xAA,0xA0,0xDA,0x64,0xBA};
+        { NID_X9_62_prime_field,20,66,1 },
-static const EC_CURVE_DATA _EC_NIST_PRIME_521 = {
+        { 0xD0,0x9E,0x88,0x00,0x29,0x1C,0xB8,0x53,0x96,0xCC,    /* seed */
-        NID_X9_62_prime_field,
+          0x67,0x17,0x39,0x32,0x84,0xAA,0xA0,0xDA,0x64,0xBA,
-        "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
-        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
+          0x01,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* p */
-        "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC",
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-        "051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156"
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-        "193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00",
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-        "C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14"
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-        "B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66",
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-        "011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c9"
+          0x01,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* a */
-        "7ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650",
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-        "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51"
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-        "868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409",1,
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-        _EC_NIST_PRIME_521_SEED, 20,
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-        "NIST/SECG curve over a 521 bit prime field"
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFC,
+          0x00,0x51,0x95,0x3E,0xB9,0x61,0x8E,0x1C,0x9A,0x1F,    /* b */
+          0x92,0x9A,0x21,0xA0,0xB6,0x85,0x40,0xEE,0xA2,0xDA,
+          0x72,0x5B,0x99,0xB3,0x15,0xF3,0xB8,0xB4,0x89,0x91,
+          0x8E,0xF1,0x09,0xE1,0x56,0x19,0x39,0x51,0xEC,0x7E,
+          0x93,0x7B,0x16,0x52,0xC0,0xBD,0x3B,0xB1,0xBF,0x07,
+          0x35,0x73,0xDF,0x88,0x3D,0x2C,0x34,0xF1,0xEF,0x45,
+          0x1F,0xD4,0x6B,0x50,0x3F,0x00,
+          0x00,0xC6,0x85,0x8E,0x06,0xB7,0x04,0x04,0xE9,0xCD,    /* x */
+          0x9E,0x3E,0xCB,0x66,0x23,0x95,0xB4,0x42,0x9C,0x64,
+          0x81,0x39,0x05,0x3F,0xB5,0x21,0xF8,0x28,0xAF,0x60,
+          0x6B,0x4D,0x3D,0xBA,0xA1,0x4B,0x5E,0x77,0xEF,0xE7,
+          0x59,0x28,0xFE,0x1D,0xC1,0x27,0xA2,0xFF,0xA8,0xDE,
+          0x33,0x48,0xB3,0xC1,0x85,0x6A,0x42,0x9B,0xF9,0x7E,
+          0x7E,0x31,0xC2,0xE5,0xBD,0x66,
+          0x01,0x18,0x39,0x29,0x6a,0x78,0x9a,0x3b,0xc0,0x04,    /* y */
+          0x5c,0x8a,0x5f,0xb4,0x2c,0x7d,0x1b,0xd9,0x98,0xf5,
+          0x44,0x49,0x57,0x9b,0x44,0x68,0x17,0xaf,0xbd,0x17,
+          0x27,0x3e,0x66,0x2c,0x97,0xee,0x72,0x99,0x5e,0xf4,
+          0x26,0x40,0xc5,0x50,0xb9,0x01,0x3f,0xad,0x07,0x61,
+          0x35,0x3c,0x70,0x86,0xa2,0x72,0xc2,0x40,0x88,0xbe,
+          0x94,0x76,0x9f,0xd1,0x66,0x50,
+          0x01,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* order */
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+          0xFF,0xFF,0xFF,0xFA,0x51,0x86,0x87,0x83,0xBF,0x2F,
+          0x96,0x6B,0x7F,0xCC,0x01,0x48,0xF7,0x09,0xA5,0xD0,
+          0x3B,0xB5,0xC9,0xB8,0x89,0x9C,0x47,0xAE,0xBB,0x6F,
+          0xB7,0x1E,0x91,0x38,0x64,0x09 }
        };
 /* the x9.62 prime curves (minus the nist prime curves) */
-static const unsigned char _EC_X9_62_PRIME_192V2_SEED[] = {
+static const struct { EC_CURVE_DATA h; unsigned char data[20+24*6]; }
-        0x31,0xA9,0x2E,0xE2,0x02,0x9F,0xD1,0x0D,0x90,0x1B,
+        _EC_X9_62_PRIME_192V2 = {
-        0x11,0x3E,0x99,0x07,0x10,0xF0,0xD2,0x1A,0xC6,0xB6};
+        { NID_X9_62_prime_field,20,24,1 },
-static const EC_CURVE_DATA _EC_X9_62_PRIME_192V2 = {
+        { 0x31,0xA9,0x2E,0xE2,0x02,0x9F,0xD1,0x0D,0x90,0x1B,    /* seed */
-        NID_X9_62_prime_field,
+          0x11,0x3E,0x99,0x07,0x10,0xF0,0xD2,0x1A,0xC6,0xB6,
-        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
-        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* p */
-        "CC22D6DFB95C6B25E49C0D6364A4E5980C393AA21668D953",
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFF,0xFF,
-        "EEA2BAE7E1497842F2DE7769CFE9C989C072AD696F48034A",
+          0xFF,0xFF,0xFF,0xFF,
-        "6574d11d69b6ec7a672bb82a083df2f2b0847de970b2de15",
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* a */
-        "FFFFFFFFFFFFFFFFFFFFFFFE5FB1A724DC80418648D8DD31",1,
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFF,0xFF,
-        _EC_X9_62_PRIME_192V2_SEED, 20,
+          0xFF,0xFF,0xFF,0xFC,
-        "X9.62 curve over a 192 bit prime field"
+          0xCC,0x22,0xD6,0xDF,0xB9,0x5C,0x6B,0x25,0xE4,0x9C,    /* b */
+          0x0D,0x63,0x64,0xA4,0xE5,0x98,0x0C,0x39,0x3A,0xA2,
+          0x16,0x68,0xD9,0x53,
+          0xEE,0xA2,0xBA,0xE7,0xE1,0x49,0x78,0x42,0xF2,0xDE,    /* x */
+          0x77,0x69,0xCF,0xE9,0xC9,0x89,0xC0,0x72,0xAD,0x69,
+          0x6F,0x48,0x03,0x4A,
+          0x65,0x74,0xd1,0x1d,0x69,0xb6,0xec,0x7a,0x67,0x2b,    /* y */
+          0xb8,0x2a,0x08,0x3d,0xf2,0xf2,0xb0,0x84,0x7d,0xe9,
+          0x70,0xb2,0xde,0x15,
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* order */
+          0xFF,0xFE,0x5F,0xB1,0xA7,0x24,0xDC,0x80,0x41,0x86,
+          0x48,0xD8,0xDD,0x31 }
        };
-static const unsigned char _EC_X9_62_PRIME_192V3_SEED[] = {
+static const struct { EC_CURVE_DATA h; unsigned char data[20+24*6]; }
-        0xC4,0x69,0x68,0x44,0x35,0xDE,0xB3,0x78,0xC4,0xB6,
+        _EC_X9_62_PRIME_192V3 = {
-        0x5C,0xA9,0x59,0x1E,0x2A,0x57,0x63,0x05,0x9A,0x2E};
+        { NID_X9_62_prime_field,20,24,1 },
-static const EC_CURVE_DATA _EC_X9_62_PRIME_192V3 = {
+        { 0xC4,0x69,0x68,0x44,0x35,0xDE,0xB3,0x78,0xC4,0xB6,    /* seed */
-        NID_X9_62_prime_field,
+          0x5C,0xA9,0x59,0x1E,0x2A,0x57,0x63,0x05,0x9A,0x2E,
-        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
-        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* p */
-        "22123DC2395A05CAA7423DAECCC94760A7D462256BD56916",
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFF,0xFF,
-        "7D29778100C65A1DA1783716588DCE2B8B4AEE8E228F1896",
+          0xFF,0xFF,0xFF,0xFF,
-        "38a90f22637337334b49dcb66a6dc8f9978aca7648a943b0",
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* a */
-        "FFFFFFFFFFFFFFFFFFFFFFFF7A62D031C83F4294F640EC13",1,
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFF,0xFF,
-        _EC_X9_62_PRIME_192V3_SEED, 20,
+          0xFF,0xFF,0xFF,0xFC,
-        "X9.62 curve over a 192 bit prime field"
+          0x22,0x12,0x3D,0xC2,0x39,0x5A,0x05,0xCA,0xA7,0x42,    /* b */
+          0x3D,0xAE,0xCC,0xC9,0x47,0x60,0xA7,0xD4,0x62,0x25,
+          0x6B,0xD5,0x69,0x16,
+          0x7D,0x29,0x77,0x81,0x00,0xC6,0x5A,0x1D,0xA1,0x78,    /* x */
+          0x37,0x16,0x58,0x8D,0xCE,0x2B,0x8B,0x4A,0xEE,0x8E,
+          0x22,0x8F,0x18,0x96,
+          0x38,0xa9,0x0f,0x22,0x63,0x73,0x37,0x33,0x4b,0x49,    /* y */
+          0xdc,0xb6,0x6a,0x6d,0xc8,0xf9,0x97,0x8a,0xca,0x76,
+          0x48,0xa9,0x43,0xb0,
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* order */
+          0xFF,0xFF,0x7A,0x62,0xD0,0x31,0xC8,0x3F,0x42,0x94,
+          0xF6,0x40,0xEC,0x13 }
        };
-static const unsigned char _EC_X9_62_PRIME_239V1_SEED[] = {
+static const struct { EC_CURVE_DATA h; unsigned char data[20+30*6]; }
-        0xE4,0x3B,0xB4,0x60,0xF0,0xB8,0x0C,0xC0,0xC0,0xB0,
+        _EC_X9_62_PRIME_239V1 = {
-        0x75,0x79,0x8E,0x94,0x80,0x60,0xF8,0x32,0x1B,0x7D};
+        { NID_X9_62_prime_field,20,30,1 },
-static const EC_CURVE_DATA _EC_X9_62_PRIME_239V1 = {
+        { 0xE4,0x3B,0xB4,0x60,0xF0,0xB8,0x0C,0xC0,0xC0,0xB0,    /* seed */
-        NID_X9_62_prime_field,
+          0x75,0x79,0x8E,0x94,0x80,0x60,0xF8,0x32,0x1B,0x7D,
-        "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
-        "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
+          0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* p */
-        "6B016C3BDCF18941D0D654921475CA71A9DB2FB27D1D37796185C2942C0A",
+          0xFF,0xFF,0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0x80,0x00,
-        "0FFA963CDCA8816CCC33B8642BEDF905C3D358573D3F27FBBD3B3CB9AAAF",
+          0x00,0x00,0x00,0x00,0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,
-        "7debe8e4e90a5dae6e4054ca530ba04654b36818ce226b39fccb7b02f1ae",
-        "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF9E5E9A9F5D9071FBD1522688909D0B",1,
+          0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* a */
-        _EC_X9_62_PRIME_239V1_SEED, 20,
+          0xFF,0xFF,0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0x80,0x00,
-        "X9.62 curve over a 239 bit prime field"
+          0x00,0x00,0x00,0x00,0x7F,0xFF,0xFF,0xFF,0xFF,0xFC,
+          0x6B,0x01,0x6C,0x3B,0xDC,0xF1,0x89,0x41,0xD0,0xD6,    /* b */
+          0x54,0x92,0x14,0x75,0xCA,0x71,0xA9,0xDB,0x2F,0xB2,
+          0x7D,0x1D,0x37,0x79,0x61,0x85,0xC2,0x94,0x2C,0x0A,
+          0x0F,0xFA,0x96,0x3C,0xDC,0xA8,0x81,0x6C,0xCC,0x33,    /* x */
+          0xB8,0x64,0x2B,0xED,0xF9,0x05,0xC3,0xD3,0x58,0x57,
+          0x3D,0x3F,0x27,0xFB,0xBD,0x3B,0x3C,0xB9,0xAA,0xAF,
+          0x7d,0xeb,0xe8,0xe4,0xe9,0x0a,0x5d,0xae,0x6e,0x40,    /* y */
+          0x54,0xca,0x53,0x0b,0xa0,0x46,0x54,0xb3,0x68,0x18,
+          0xce,0x22,0x6b,0x39,0xfc,0xcb,0x7b,0x02,0xf1,0xae,
+          0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* order */
+          0xFF,0xFF,0x7F,0xFF,0xFF,0x9E,0x5E,0x9A,0x9F,0x5D,
+          0x90,0x71,0xFB,0xD1,0x52,0x26,0x88,0x90,0x9D,0x0B }
        };
-static const unsigned char _EC_X9_62_PRIME_239V2_SEED[] = {
+static const struct { EC_CURVE_DATA h; unsigned char data[20+30*6]; }
-        0xE8,0xB4,0x01,0x16,0x04,0x09,0x53,0x03,0xCA,0x3B,
+        _EC_X9_62_PRIME_239V2 = {
-        0x80,0x99,0x98,0x2B,0xE0,0x9F,0xCB,0x9A,0xE6,0x16};
+        { NID_X9_62_prime_field,20,30,1 },
-static const EC_CURVE_DATA _EC_X9_62_PRIME_239V2 = {
+        { 0xE8,0xB4,0x01,0x16,0x04,0x09,0x53,0x03,0xCA,0x3B,    /* seed */
-        NID_X9_62_prime_field,
+          0x80,0x99,0x98,0x2B,0xE0,0x9F,0xCB,0x9A,0xE6,0x16,
-        "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
-        "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
+          0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* p */
-        "617FAB6832576CBBFED50D99F0249C3FEE58B94BA0038C7AE84C8C832F2C",
+          0xFF,0xFF,0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0x80,0x00,
-        "38AF09D98727705120C921BB5E9E26296A3CDCF2F35757A0EAFD87B830E7",
+          0x00,0x00,0x00,0x00,0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,
-        "5b0125e4dbea0ec7206da0fc01d9b081329fb555de6ef460237dff8be4ba",
-        "7FFFFFFFFFFFFFFFFFFFFFFF800000CFA7E8594377D414C03821BC582063",1,
+          0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* a */
-        _EC_X9_62_PRIME_239V2_SEED, 20,
+          0xFF,0xFF,0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0x80,0x00,
-        "X9.62 curve over a 239 bit prime field"
+          0x00,0x00,0x00,0x00,0x7F,0xFF,0xFF,0xFF,0xFF,0xFC,
+          0x61,0x7F,0xAB,0x68,0x32,0x57,0x6C,0xBB,0xFE,0xD5,    /* b */
+          0x0D,0x99,0xF0,0x24,0x9C,0x3F,0xEE,0x58,0xB9,0x4B,
+          0xA0,0x03,0x8C,0x7A,0xE8,0x4C,0x8C,0x83,0x2F,0x2C,
+          0x38,0xAF,0x09,0xD9,0x87,0x27,0x70,0x51,0x20,0xC9,    /* x */
+          0x21,0xBB,0x5E,0x9E,0x26,0x29,0x6A,0x3C,0xDC,0xF2,
+          0xF3,0x57,0x57,0xA0,0xEA,0xFD,0x87,0xB8,0x30,0xE7,
+          0x5b,0x01,0x25,0xe4,0xdb,0xea,0x0e,0xc7,0x20,0x6d,    /* y */
+          0xa0,0xfc,0x01,0xd9,0xb0,0x81,0x32,0x9f,0xb5,0x55,
+          0xde,0x6e,0xf4,0x60,0x23,0x7d,0xff,0x8b,0xe4,0xba,
+          0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* order */
+          0xFF,0xFF,0x80,0x00,0x00,0xCF,0xA7,0xE8,0x59,0x43,
+          0x77,0xD4,0x14,0xC0,0x38,0x21,0xBC,0x58,0x20,0x63 }
        };
-static const unsigned char _EC_X9_62_PRIME_239V3_SEED[] = {
+static const struct { EC_CURVE_DATA h; unsigned char data[20+30*6]; }
-        0x7D,0x73,0x74,0x16,0x8F,0xFE,0x34,0x71,0xB6,0x0A,
+        _EC_X9_62_PRIME_239V3 = {
-        0x85,0x76,0x86,0xA1,0x94,0x75,0xD3,0xBF,0xA2,0xFF};
+        { NID_X9_62_prime_field,20,30,1 },
-static const EC_CURVE_DATA _EC_X9_62_PRIME_239V3 = {
+        { 0x7D,0x73,0x74,0x16,0x8F,0xFE,0x34,0x71,0xB6,0x0A,    /* seed */
-        NID_X9_62_prime_field,
+          0x85,0x76,0x86,0xA1,0x94,0x75,0xD3,0xBF,0xA2,0xFF,
-        "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
-        "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
+          0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* p */
-        "255705FA2A306654B1F4CB03D6A750A30C250102D4988717D9BA15AB6D3E",
+          0xFF,0xFF,0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0x80,0x00,
-        "6768AE8E18BB92CFCF005C949AA2C6D94853D0E660BBF854B1C9505FE95A",
+          0x00,0x00,0x00,0x00,0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,
-        "1607e6898f390c06bc1d552bad226f3b6fcfe48b6e818499af18e3ed6cf3",
-        "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF975DEB41B3A6057C3C432146526551",1,
+          0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* a */
-        _EC_X9_62_PRIME_239V3_SEED, 20,
+          0xFF,0xFF,0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0x80,0x00,
-        "X9.62 curve over a 239 bit prime field"
+          0x00,0x00,0x00,0x00,0x7F,0xFF,0xFF,0xFF,0xFF,0xFC,
+          0x25,0x57,0x05,0xFA,0x2A,0x30,0x66,0x54,0xB1,0xF4,    /* b */
+          0xCB,0x03,0xD6,0xA7,0x50,0xA3,0x0C,0x25,0x01,0x02,
+          0xD4,0x98,0x87,0x17,0xD9,0xBA,0x15,0xAB,0x6D,0x3E,
+          0x67,0x68,0xAE,0x8E,0x18,0xBB,0x92,0xCF,0xCF,0x00,    /* x */
+          0x5C,0x94,0x9A,0xA2,0xC6,0xD9,0x48,0x53,0xD0,0xE6,
+          0x60,0xBB,0xF8,0x54,0xB1,0xC9,0x50,0x5F,0xE9,0x5A,
+          0x16,0x07,0xe6,0x89,0x8f,0x39,0x0c,0x06,0xbc,0x1d,    /* y */
+          0x55,0x2b,0xad,0x22,0x6f,0x3b,0x6f,0xcf,0xe4,0x8b,
+          0x6e,0x81,0x84,0x99,0xaf,0x18,0xe3,0xed,0x6c,0xf3,
+          0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* order */
+          0xFF,0xFF,0x7F,0xFF,0xFF,0x97,0x5D,0xEB,0x41,0xB3,
+          0xA6,0x05,0x7C,0x3C,0x43,0x21,0x46,0x52,0x65,0x51 }
        };
-static const unsigned char _EC_X9_62_PRIME_256V1_SEED[] = {
-        0xC4,0x9D,0x36,0x08,0x86,0xE7,0x04,0x93,0x6A,0x66,
+static const struct { EC_CURVE_DATA h; unsigned char data[20+32*6]; }
-        0x78,0xE1,0x13,0x9D,0x26,0xB7,0x81,0x9F,0x7E,0x90};
+        _EC_X9_62_PRIME_256V1 = {
-static const EC_CURVE_DATA _EC_X9_62_PRIME_256V1 = {
+        { NID_X9_62_prime_field,20,32,1 },
-        NID_X9_62_prime_field,
+        { 0xC4,0x9D,0x36,0x08,0x86,0xE7,0x04,0x93,0x6A,0x66,    /* seed */
-        "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF",
+          0x78,0xE1,0x13,0x9D,0x26,0xB7,0x81,0x9F,0x7E,0x90,
-        "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC",
-        "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B",
+          0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x01,0x00,0x00,    /* p */
-        "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296",
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5",
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-        "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551",1,
+          0xFF,0xFF,
-        _EC_X9_62_PRIME_256V1_SEED, 20,
+          0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x01,0x00,0x00,    /* a */
-        "X9.62/SECG curve over a 256 bit prime field"
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+          0xFF,0xFC,
+          0x5A,0xC6,0x35,0xD8,0xAA,0x3A,0x93,0xE7,0xB3,0xEB,    /* b */
+          0xBD,0x55,0x76,0x98,0x86,0xBC,0x65,0x1D,0x06,0xB0,
+          0xCC,0x53,0xB0,0xF6,0x3B,0xCE,0x3C,0x3E,0x27,0xD2,
+          0x60,0x4B,
+          0x6B,0x17,0xD1,0xF2,0xE1,0x2C,0x42,0x47,0xF8,0xBC,    /* x */
+          0xE6,0xE5,0x63,0xA4,0x40,0xF2,0x77,0x03,0x7D,0x81,
+          0x2D,0xEB,0x33,0xA0,0xF4,0xA1,0x39,0x45,0xD8,0x98,
+          0xC2,0x96,
+          0x4f,0xe3,0x42,0xe2,0xfe,0x1a,0x7f,0x9b,0x8e,0xe7,    /* y */
+          0xeb,0x4a,0x7c,0x0f,0x9e,0x16,0x2b,0xce,0x33,0x57,
+          0x6b,0x31,0x5e,0xce,0xcb,0xb6,0x40,0x68,0x37,0xbf,
+          0x51,0xf5,
+          0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00,0xFF,0xFF,    /* order */
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xBC,0xE6,0xFA,0xAD,
+          0xA7,0x17,0x9E,0x84,0xF3,0xB9,0xCA,0xC2,0xFC,0x63,
+          0x25,0x51 }
        };
 /* the secg prime curves (minus the nist and x9.62 prime curves) */
-static const unsigned char _EC_SECG_PRIME_112R1_SEED[] = {
+static const struct { EC_CURVE_DATA h; unsigned char data[20+14*6]; }
-        0x00,0xF5,0x0B,0x02,0x8E,0x4D,0x69,0x6E,0x67,0x68,
+        _EC_SECG_PRIME_112R1 = {
-        0x75,0x61,0x51,0x75,0x29,0x04,0x72,0x78,0x3F,0xB1};
+        { NID_X9_62_prime_field,20,14,1 },
-static const EC_CURVE_DATA _EC_SECG_PRIME_112R1 = {
+        { 0x00,0xF5,0x0B,0x02,0x8E,0x4D,0x69,0x6E,0x67,0x68,    /* seed */
-        NID_X9_62_prime_field,
+          0x75,0x61,0x51,0x75,0x29,0x04,0x72,0x78,0x3F,0xB1,
-        "DB7C2ABF62E35E668076BEAD208B",
-        "DB7C2ABF62E35E668076BEAD2088",
+          0xDB,0x7C,0x2A,0xBF,0x62,0xE3,0x5E,0x66,0x80,0x76,    /* p */
-        "659EF8BA043916EEDE8911702B22",
+          0xBE,0xAD,0x20,0x8B,
-        "09487239995A5EE76B55F9C2F098",
+          0xDB,0x7C,0x2A,0xBF,0x62,0xE3,0x5E,0x66,0x80,0x76,    /* a */
-        "a89ce5af8724c0a23e0e0ff77500",
+          0xBE,0xAD,0x20,0x88,
-        "DB7C2ABF62E35E7628DFAC6561C5",1,
+          0x65,0x9E,0xF8,0xBA,0x04,0x39,0x16,0xEE,0xDE,0x89,    /* b */
-        _EC_SECG_PRIME_112R1_SEED, 20,
+          0x11,0x70,0x2B,0x22,
-        "SECG/WTLS curve over a 112 bit prime field"
+          0x09,0x48,0x72,0x39,0x99,0x5A,0x5E,0xE7,0x6B,0x55,    /* x */
+          0xF9,0xC2,0xF0,0x98,
+          0xa8,0x9c,0xe5,0xaf,0x87,0x24,0xc0,0xa2,0x3e,0x0e,    /* y */
+          0x0f,0xf7,0x75,0x00,
+          0xDB,0x7C,0x2A,0xBF,0x62,0xE3,0x5E,0x76,0x28,0xDF,    /* order */
+          0xAC,0x65,0x61,0xC5 }
        };
-static const unsigned char _EC_SECG_PRIME_112R2_SEED[] = {
+static const struct { EC_CURVE_DATA h; unsigned char data[20+14*6]; }
-        0x00,0x27,0x57,0xA1,0x11,0x4D,0x69,0x6E,0x67,0x68,
+        _EC_SECG_PRIME_112R2 = {
-        0x75,0x61,0x51,0x75,0x53,0x16,0xC0,0x5E,0x0B,0xD4};
+        { NID_X9_62_prime_field,20,14,4 },
-static const EC_CURVE_DATA _EC_SECG_PRIME_112R2 = {
+        { 0x00,0x27,0x57,0xA1,0x11,0x4D,0x69,0x6E,0x67,0x68,    /* seed */
-        NID_X9_62_prime_field,
+          0x75,0x61,0x51,0x75,0x53,0x16,0xC0,0x5E,0x0B,0xD4,
-        "DB7C2ABF62E35E668076BEAD208B",
-        "6127C24C05F38A0AAAF65C0EF02C",
+          0xDB,0x7C,0x2A,0xBF,0x62,0xE3,0x5E,0x66,0x80,0x76,    /* p */
-        "51DEF1815DB5ED74FCC34C85D709",
+          0xBE,0xAD,0x20,0x8B,
-        "4BA30AB5E892B4E1649DD0928643",
+          0x61,0x27,0xC2,0x4C,0x05,0xF3,0x8A,0x0A,0xAA,0xF6,    /* a */
-        "adcd46f5882e3747def36e956e97",
+          0x5C,0x0E,0xF0,0x2C,
-        "36DF0AAFD8B8D7597CA10520D04B",4, 
+          0x51,0xDE,0xF1,0x81,0x5D,0xB5,0xED,0x74,0xFC,0xC3,    /* b */
-        _EC_SECG_PRIME_112R2_SEED, 20,
+          0x4C,0x85,0xD7,0x09,
-        "SECG curve over a 112 bit prime field"
+          0x4B,0xA3,0x0A,0xB5,0xE8,0x92,0xB4,0xE1,0x64,0x9D,    /* x */
+          0xD0,0x92,0x86,0x43,
+          0xad,0xcd,0x46,0xf5,0x88,0x2e,0x37,0x47,0xde,0xf3,    /* y */
+          0x6e,0x95,0x6e,0x97,
+          0x36,0xDF,0x0A,0xAF,0xD8,0xB8,0xD7,0x59,0x7C,0xA1,    /* order */
+          0x05,0x20,0xD0,0x4B }
        };
-static const unsigned char _EC_SECG_PRIME_128R1_SEED[] = {
+static const struct { EC_CURVE_DATA h; unsigned char data[20+16*6]; }
-        0x00,0x0E,0x0D,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61,
+        _EC_SECG_PRIME_128R1 = {
-        0x51,0x75,0x0C,0xC0,0x3A,0x44,0x73,0xD0,0x36,0x79};
+        { NID_X9_62_prime_field,20,16,1 },
-static const EC_CURVE_DATA _EC_SECG_PRIME_128R1 = {
+        { 0x00,0x0E,0x0D,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61,    /* seed */
-        NID_X9_62_prime_field,
+          0x51,0x75,0x0C,0xC0,0x3A,0x44,0x73,0xD0,0x36,0x79,
-        "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF",
-        "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFC",
+          0xFF,0xFF,0xFF,0xFD,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* p */
-        "E87579C11079F43DD824993C2CEE5ED3",
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-        "161FF7528B899B2D0C28607CA52C5B86",
+          0xFF,0xFF,0xFF,0xFD,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* a */
-        "cf5ac8395bafeb13c02da292dded7a83",
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFC,
-        "FFFFFFFE0000000075A30D1B9038A115",1,
+          0xE8,0x75,0x79,0xC1,0x10,0x79,0xF4,0x3D,0xD8,0x24,    /* b */
-        _EC_SECG_PRIME_128R1_SEED, 20,
+          0x99,0x3C,0x2C,0xEE,0x5E,0xD3,
-        "SECG curve over a 128 bit prime field"
+          0x16,0x1F,0xF7,0x52,0x8B,0x89,0x9B,0x2D,0x0C,0x28,    /* x */
+          0x60,0x7C,0xA5,0x2C,0x5B,0x86,
+          0xcf,0x5a,0xc8,0x39,0x5b,0xaf,0xeb,0x13,0xc0,0x2d,    /* y */
+          0xa2,0x92,0xdd,0xed,0x7a,0x83,
+          0xFF,0xFF,0xFF,0xFE,0x00,0x00,0x00,0x00,0x75,0xA3,    /* order */
+          0x0D,0x1B,0x90,0x38,0xA1,0x15 }
        };
-static const unsigned char _EC_SECG_PRIME_128R2_SEED[] = {
+static const struct { EC_CURVE_DATA h; unsigned char data[20+16*6]; }
-        0x00,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61,0x51,0x75,
+        _EC_SECG_PRIME_128R2 = {
-        0x12,0xD8,0xF0,0x34,0x31,0xFC,0xE6,0x3B,0x88,0xF4};
+        { NID_X9_62_prime_field,20,16,4 },
-static const EC_CURVE_DATA _EC_SECG_PRIME_128R2 = {
+        { 0x00,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61,0x51,0x75,    /* seed */
-        NID_X9_62_prime_field,
+          0x12,0xD8,0xF0,0x34,0x31,0xFC,0xE6,0x3B,0x88,0xF4,
-        "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF",
-        "D6031998D1B3BBFEBF59CC9BBFF9AEE1",
+          0xFF,0xFF,0xFF,0xFD,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* p */
-        "5EEEFCA380D02919DC2C6558BB6D8A5D",
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-        "7B6AA5D85E572983E6FB32A7CDEBC140",
+          0xD6,0x03,0x19,0x98,0xD1,0xB3,0xBB,0xFE,0xBF,0x59,    /* a */
-        "27b6916a894d3aee7106fe805fc34b44",
+          0xCC,0x9B,0xBF,0xF9,0xAE,0xE1,
-        "3FFFFFFF7FFFFFFFBE0024720613B5A3",4,
+          0x5E,0xEE,0xFC,0xA3,0x80,0xD0,0x29,0x19,0xDC,0x2C,    /* b */
-        _EC_SECG_PRIME_128R2_SEED, 20,
+          0x65,0x58,0xBB,0x6D,0x8A,0x5D,
-        "SECG curve over a 128 bit prime field"
+          0x7B,0x6A,0xA5,0xD8,0x5E,0x57,0x29,0x83,0xE6,0xFB,    /* x */
+          0x32,0xA7,0xCD,0xEB,0xC1,0x40,
+          0x27,0xb6,0x91,0x6a,0x89,0x4d,0x3a,0xee,0x71,0x06,    /* y */
+          0xfe,0x80,0x5f,0xc3,0x4b,0x44,
+          0x3F,0xFF,0xFF,0xFF,0x7F,0xFF,0xFF,0xFF,0xBE,0x00,    /* order */
+          0x24,0x72,0x06,0x13,0xB5,0xA3 }
        };
-static const EC_CURVE_DATA _EC_SECG_PRIME_160K1 = {
+static const struct { EC_CURVE_DATA h; unsigned char data[0+21*6]; }
-        NID_X9_62_prime_field,
+        _EC_SECG_PRIME_160K1 = {
-        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73",
+        { NID_X9_62_prime_field,0,21,1 },
-        "0",
+        {                                                       /* no seed */
-        "7",
+          0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* p */
-        "3B4C382CE37AA192A4019E763036F4F5DD4D7EBB",
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xAC,
-        "938cf935318fdced6bc28286531733c3f03c4fee",
+          0x73,
-        "0100000000000000000001B8FA16DFAB9ACA16B6B3",1,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* a */
-        NULL, 0,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "SECG curve over a 160 bit prime field"
+          0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* b */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x07,
+          0x00,0x3B,0x4C,0x38,0x2C,0xE3,0x7A,0xA1,0x92,0xA4,    /* x */
+          0x01,0x9E,0x76,0x30,0x36,0xF4,0xF5,0xDD,0x4D,0x7E,
+          0xBB,
+          0x00,0x93,0x8c,0xf9,0x35,0x31,0x8f,0xdc,0xed,0x6b,    /* y */
+          0xc2,0x82,0x86,0x53,0x17,0x33,0xc3,0xf0,0x3c,0x4f,
+          0xee,
+          0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* order */
+          0x01,0xB8,0xFA,0x16,0xDF,0xAB,0x9A,0xCA,0x16,0xB6,
+          0xB3 }
        };
-static const unsigned char _EC_SECG_PRIME_160R1_SEED[] = {
+static const struct { EC_CURVE_DATA h; unsigned char data[20+21*6]; }
-        0x10,0x53,0xCD,0xE4,0x2C,0x14,0xD6,0x96,0xE6,0x76,
+        _EC_SECG_PRIME_160R1 = {
-        0x87,0x56,0x15,0x17,0x53,0x3B,0xF3,0xF8,0x33,0x45};
+        { NID_X9_62_prime_field,20,21,1 },
-static const EC_CURVE_DATA _EC_SECG_PRIME_160R1 = {
+        { 0x10,0x53,0xCD,0xE4,0x2C,0x14,0xD6,0x96,0xE6,0x76,    /* seed */
-        NID_X9_62_prime_field,
+          0x87,0x56,0x15,0x17,0x53,0x3B,0xF3,0xF8,0x33,0x45,
-        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF",
-        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC",
+          0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* p */
-        "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45",
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0x7F,0xFF,0xFF,
-        "4A96B5688EF573284664698968C38BB913CBFC82",
+          0xFF,
-        "23a628553168947d59dcc912042351377ac5fb32",
+          0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* a */
-        "0100000000000000000001F4C8F927AED3CA752257",1,
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0x7F,0xFF,0xFF,
-        _EC_SECG_PRIME_160R1_SEED, 20,
+          0xFC,
-        "SECG curve over a 160 bit prime field"
+          0x00,0x1C,0x97,0xBE,0xFC,0x54,0xBD,0x7A,0x8B,0x65,    /* b */
+          0xAC,0xF8,0x9F,0x81,0xD4,0xD4,0xAD,0xC5,0x65,0xFA,
+          0x45,
+          0x00,0x4A,0x96,0xB5,0x68,0x8E,0xF5,0x73,0x28,0x46,    /* x */
+          0x64,0x69,0x89,0x68,0xC3,0x8B,0xB9,0x13,0xCB,0xFC,
+          0x82,
+          0x00,0x23,0xa6,0x28,0x55,0x31,0x68,0x94,0x7d,0x59,    /* y */
+          0xdc,0xc9,0x12,0x04,0x23,0x51,0x37,0x7a,0xc5,0xfb,
+          0x32,
+          0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* order */
+          0x01,0xF4,0xC8,0xF9,0x27,0xAE,0xD3,0xCA,0x75,0x22,
+          0x57 }
        };
-static const unsigned char _EC_SECG_PRIME_160R2_SEED[] = {
+static const struct { EC_CURVE_DATA h; unsigned char data[20+21*6]; }
-        0xB9,0x9B,0x99,0xB0,0x99,0xB3,0x23,0xE0,0x27,0x09,
+        _EC_SECG_PRIME_160R2 = {
-        0xA4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15,0x17,0x51};
+        { NID_X9_62_prime_field,20,21,1 },
-static const EC_CURVE_DATA _EC_SECG_PRIME_160R2 = {
+        { 0xB9,0x9B,0x99,0xB0,0x99,0xB3,0x23,0xE0,0x27,0x09,    /* seed */
-        NID_X9_62_prime_field,
+          0xA4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15,0x17,0x51,
-        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73",
-        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC70",
+          0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* p */
-        "B4E134D3FB59EB8BAB57274904664D5AF50388BA",
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xAC,
-        "52DCB034293A117E1F4FF11B30F7199D3144CE6D",
+          0x73,
-        "feaffef2e331f296e071fa0df9982cfea7d43f2e",
+          0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* a */
-        "0100000000000000000000351EE786A818F3A1A16B",1,
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xAC,
-        _EC_SECG_PRIME_160R2_SEED, 20,
+          0x70,
-        "SECG/WTLS curve over a 160 bit prime field"
+          0x00,0xB4,0xE1,0x34,0xD3,0xFB,0x59,0xEB,0x8B,0xAB,    /* b */
+          0x57,0x27,0x49,0x04,0x66,0x4D,0x5A,0xF5,0x03,0x88,
+          0xBA,
+          0x00,0x52,0xDC,0xB0,0x34,0x29,0x3A,0x11,0x7E,0x1F,    /* x */
+          0x4F,0xF1,0x1B,0x30,0xF7,0x19,0x9D,0x31,0x44,0xCE,
+          0x6D,
+          0x00,0xfe,0xaf,0xfe,0xf2,0xe3,0x31,0xf2,0x96,0xe0,    /* y */
+          0x71,0xfa,0x0d,0xf9,0x98,0x2c,0xfe,0xa7,0xd4,0x3f,
+          0x2e,
+          0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* order */
+          0x00,0x35,0x1E,0xE7,0x86,0xA8,0x18,0xF3,0xA1,0xA1,
+          0x6B }
        };
-static const EC_CURVE_DATA _EC_SECG_PRIME_192K1 = {
+static const struct { EC_CURVE_DATA h; unsigned char data[0+24*6]; }
-        NID_X9_62_prime_field,
+        _EC_SECG_PRIME_192K1 = {
-        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37",
+        { NID_X9_62_prime_field,0,24,1 },
-        "0",
+        {                                                       /* no seed */
-        "3",
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* p */
-        "DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D",
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,
-        "9b2f2f6d9c5628a7844163d015be86344082aa88d95e2f9d",
+          0xFF,0xFF,0xEE,0x37,
-        "FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D",1,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* a */
-        NULL, 20,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "SECG curve over a 192 bit prime field"
+          0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* b */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x03,
+          0xDB,0x4F,0xF1,0x0E,0xC0,0x57,0xE9,0xAE,0x26,0xB0,    /* x */
+          0x7D,0x02,0x80,0xB7,0xF4,0x34,0x1D,0xA5,0xD1,0xB1,
+          0xEA,0xE0,0x6C,0x7D,
+          0x9b,0x2f,0x2f,0x6d,0x9c,0x56,0x28,0xa7,0x84,0x41,    /* y */
+          0x63,0xd0,0x15,0xbe,0x86,0x34,0x40,0x82,0xaa,0x88,
+          0xd9,0x5e,0x2f,0x9d,
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* order */
+          0xFF,0xFE,0x26,0xF2,0xFC,0x17,0x0F,0x69,0x46,0x6A,
+          0x74,0xDE,0xFD,0x8D }
        };
-static const EC_CURVE_DATA _EC_SECG_PRIME_224K1 = {
+static const struct { EC_CURVE_DATA h; unsigned char data[0+29*6]; }
-        NID_X9_62_prime_field,
+        _EC_SECG_PRIME_224K1 = {
-        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D",
+        { NID_X9_62_prime_field,0,29,1 },
-        "0",
+        {                                                       /* no seed */
-        "5",
+          0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* p */
-        "A1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C",
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-        "7e089fed7fba344282cafbd6f7e319f7c0b0bd59e2ca4bdb556d61a5",
+          0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xE5,0x6D,
-        "010000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7",1,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* a */
-        NULL, 20,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "SECG curve over a 224 bit prime field"
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* b */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x05,
+          0x00,0xA1,0x45,0x5B,0x33,0x4D,0xF0,0x99,0xDF,0x30,    /* x */
+          0xFC,0x28,0xA1,0x69,0xA4,0x67,0xE9,0xE4,0x70,0x75,
+          0xA9,0x0F,0x7E,0x65,0x0E,0xB6,0xB7,0xA4,0x5C,
+          0x00,0x7e,0x08,0x9f,0xed,0x7f,0xba,0x34,0x42,0x82,    /* y */
+          0xca,0xfb,0xd6,0xf7,0xe3,0x19,0xf7,0xc0,0xb0,0xbd,
+          0x59,0xe2,0xca,0x4b,0xdb,0x55,0x6d,0x61,0xa5,
+          0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* order */
+          0x00,0x00,0x00,0x00,0x01,0xDC,0xE8,0xD2,0xEC,0x61,
+          0x84,0xCA,0xF0,0xA9,0x71,0x76,0x9F,0xB1,0xF7 }
        };
-static const EC_CURVE_DATA _EC_SECG_PRIME_256K1 = {
+static const struct { EC_CURVE_DATA h; unsigned char data[0+32*6]; }
-        NID_X9_62_prime_field,
+        _EC_SECG_PRIME_256K1 = {
-        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F",
+        { NID_X9_62_prime_field,0,32,1 },
-        "0",
+        {                                                       /* no seed */
-        "7",
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* p */
-        "79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798",
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-        "483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8",
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,
-        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141",1,
+          0xFC,0x2F,
-        NULL, 20,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* a */
-        "SECG curve over a 256 bit prime field"
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* b */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x07,
+          0x79,0xBE,0x66,0x7E,0xF9,0xDC,0xBB,0xAC,0x55,0xA0,    /* x */
+          0x62,0x95,0xCE,0x87,0x0B,0x07,0x02,0x9B,0xFC,0xDB,
+          0x2D,0xCE,0x28,0xD9,0x59,0xF2,0x81,0x5B,0x16,0xF8,
+          0x17,0x98,
+          0x48,0x3a,0xda,0x77,0x26,0xa3,0xc4,0x65,0x5d,0xa4,    /* y */
+          0xfb,0xfc,0x0e,0x11,0x08,0xa8,0xfd,0x17,0xb4,0x48,
+          0xa6,0x85,0x54,0x19,0x9c,0x47,0xd0,0x8f,0xfb,0x10,
+          0xd4,0xb8,
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* order */
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xBA,0xAE,0xDC,0xE6,
+          0xAF,0x48,0xA0,0x3B,0xBF,0xD2,0x5E,0x8C,0xD0,0x36,
+          0x41,0x41 }
        };
 /* some wap/wtls curves */
-static const EC_CURVE_DATA _EC_WTLS_8 = {
+static const struct { EC_CURVE_DATA h; unsigned char data[0+15*6]; }
-        NID_X9_62_prime_field,
+        _EC_WTLS_8 = {
-        "FFFFFFFFFFFFFFFFFFFFFFFFFDE7",
+        { NID_X9_62_prime_field,0,15,1 },
-        "0",
+        {                                                       /* no seed */
-        "3",
+          0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* p */
-        "1",
+          0xFF,0xFF,0xFF,0xFD,0xE7,
-        "2",
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* a */
-        "0100000000000001ECEA551AD837E9",1,
+          0x00,0x00,0x00,0x00,0x00,
-        NULL, 20,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* b */
-        "WTLS curve over a 112 bit prime field"
+          0x00,0x00,0x00,0x00,0x03,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* x */
+          0x00,0x00,0x00,0x00,0x01,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* y */
+          0x00,0x00,0x00,0x00,0x02,
+          0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0xEC,0xEA,    /* order */
+          0x55,0x1A,0xD8,0x37,0xE9 }
        };
-static const EC_CURVE_DATA _EC_WTLS_9 = {
+static const struct { EC_CURVE_DATA h; unsigned char data[0+21*6]; }
-        NID_X9_62_prime_field,
+        _EC_WTLS_9 = {
-        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC808F",
+        { NID_X9_62_prime_field,0,21,1 },
-        "0",
+        {                                                       /* no seed */
-        "3",
+          0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* p */
-        "1",
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFC,0x80,
-        "2",
+          0x8F,
-        "0100000000000000000001CDC98AE0E2DE574ABF33",1,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* a */
-        NULL, 20,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "WTLS curve over a 160 bit prime field"
+          0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* b */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x03,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* x */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x01,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* y */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x02,
+          0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* order */
+          0x01,0xCD,0xC9,0x8A,0xE0,0xE2,0xDE,0x57,0x4A,0xBF,
+          0x33 }
        };
-static const EC_CURVE_DATA _EC_WTLS_12 = {
+static const struct { EC_CURVE_DATA h; unsigned char data[0+28*6]; }
-        NID_X9_62_prime_field,
+        _EC_WTLS_12 = {
-        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001",
+        { NID_X9_62_prime_field,0,28,1 },
-        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE",
+        {                                                       /* no seed */
-        "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4",
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* p */
-        "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21",
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00,
-        "bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34",
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,
-        "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D", 1,
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* a */
-        NULL, 0,
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFF,0xFF,
-        "WTLS curvs over a 224 bit prime field"
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,
+          0xB4,0x05,0x0A,0x85,0x0C,0x04,0xB3,0xAB,0xF5,0x41,    /* b */
+          0x32,0x56,0x50,0x44,0xB0,0xB7,0xD7,0xBF,0xD8,0xBA,
+          0x27,0x0B,0x39,0x43,0x23,0x55,0xFF,0xB4,
+          0xB7,0x0E,0x0C,0xBD,0x6B,0xB4,0xBF,0x7F,0x32,0x13,    /* x */
+          0x90,0xB9,0x4A,0x03,0xC1,0xD3,0x56,0xC2,0x11,0x22,
+          0x34,0x32,0x80,0xD6,0x11,0x5C,0x1D,0x21,
+          0xbd,0x37,0x63,0x88,0xb5,0xf7,0x23,0xfb,0x4c,0x22,    /* y */
+          0xdf,0xe6,0xcd,0x43,0x75,0xa0,0x5a,0x07,0x47,0x64,
+          0x44,0xd5,0x81,0x99,0x85,0x00,0x7e,0x34,
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* order */
+          0xFF,0xFF,0xFF,0xFF,0x16,0xA2,0xE0,0xB8,0xF0,0x3E,
+          0x13,0xDD,0x29,0x45,0x5C,0x5C,0x2A,0x3D }
        };
 /* characteristic two curves */
-static const unsigned char _EC_SECG_CHAR2_113R1_SEED[] = {
+static const struct { EC_CURVE_DATA h; unsigned char data[20+15*6]; }
-        0x10,0xE7,0x23,0xAB,0x14,0xD6,0x96,0xE6,0x76,0x87,
+        _EC_SECG_CHAR2_113R1 = {
-        0x56,0x15,0x17,0x56,0xFE,0xBF,0x8F,0xCB,0x49,0xA9};
+        { NID_X9_62_characteristic_two_field,20,15,2 },
-static const EC_CURVE_DATA _EC_SECG_CHAR2_113R1 = {
+        { 0x10,0xE7,0x23,0xAB,0x14,0xD6,0x96,0xE6,0x76,0x87,    /* seed */
-        NID_X9_62_characteristic_two_field,
+          0x56,0x15,0x17,0x56,0xFE,0xBF,0x8F,0xCB,0x49,0xA9,
-        "020000000000000000000000000201",
-        "003088250CA6E7C7FE649CE85820F7",
+          0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
-        "00E8BEE4D3E2260744188BE0E9C723",
+          0x00,0x00,0x00,0x02,0x01,
-        "009D73616F35F4AB1407D73562C10F",
+          0x00,0x30,0x88,0x25,0x0C,0xA6,0xE7,0xC7,0xFE,0x64,    /* a */
-        "00A52830277958EE84D1315ED31886",
+          0x9C,0xE8,0x58,0x20,0xF7,
-        "0100000000000000D9CCEC8A39E56F", 2,
+          0x00,0xE8,0xBE,0xE4,0xD3,0xE2,0x26,0x07,0x44,0x18,    /* b */
-        _EC_SECG_CHAR2_113R1_SEED, 20,
+          0x8B,0xE0,0xE9,0xC7,0x23,
-        "SECG curve over a 113 bit binary field"
+          0x00,0x9D,0x73,0x61,0x6F,0x35,0xF4,0xAB,0x14,0x07,    /* x */
+          0xD7,0x35,0x62,0xC1,0x0F,
+          0x00,0xA5,0x28,0x30,0x27,0x79,0x58,0xEE,0x84,0xD1,    /* y */
+          0x31,0x5E,0xD3,0x18,0x86,
+          0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xD9,0xCC,    /* order */
+          0xEC,0x8A,0x39,0xE5,0x6F }
        };
-static const unsigned char _EC_SECG_CHAR2_113R2_SEED[] = {
+static const struct { EC_CURVE_DATA h; unsigned char data[20+15*6]; }
-        0x10,0xC0,0xFB,0x15,0x76,0x08,0x60,0xDE,0xF1,0xEE,
+        _EC_SECG_CHAR2_113R2 = {
-        0xF4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15,0x17,0x5D};
+        { NID_X9_62_characteristic_two_field,20,15,2 },
-static const EC_CURVE_DATA _EC_SECG_CHAR2_113R2 = {
+        { 0x10,0xC0,0xFB,0x15,0x76,0x08,0x60,0xDE,0xF1,0xEE,    /* seed */
-        NID_X9_62_characteristic_two_field,
+          0xF4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15,0x17,0x5D,
-        "020000000000000000000000000201",
-        "00689918DBEC7E5A0DD6DFC0AA55C7",
+          0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
-        "0095E9A9EC9B297BD4BF36E059184F",
+          0x00,0x00,0x00,0x02,0x01,
-        "01A57A6A7B26CA5EF52FCDB8164797",
+          0x00,0x68,0x99,0x18,0xDB,0xEC,0x7E,0x5A,0x0D,0xD6,    /* a */
-        "00B3ADC94ED1FE674C06E695BABA1D",
+          0xDF,0xC0,0xAA,0x55,0xC7,
-        "010000000000000108789B2496AF93", 2,
+          0x00,0x95,0xE9,0xA9,0xEC,0x9B,0x29,0x7B,0xD4,0xBF,    /* b */
-        _EC_SECG_CHAR2_113R2_SEED, 20,
+          0x36,0xE0,0x59,0x18,0x4F,
-        "SECG curve over a 113 bit binary field"
+          0x01,0xA5,0x7A,0x6A,0x7B,0x26,0xCA,0x5E,0xF5,0x2F,    /* x */
+          0xCD,0xB8,0x16,0x47,0x97,
+          0x00,0xB3,0xAD,0xC9,0x4E,0xD1,0xFE,0x67,0x4C,0x06,    /* y */
+          0xE6,0x95,0xBA,0xBA,0x1D,
+          0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x08,0x78,    /* order */
+          0x9B,0x24,0x96,0xAF,0x93 }
        };
-static const unsigned char _EC_SECG_CHAR2_131R1_SEED[] = {
+static const struct { EC_CURVE_DATA h; unsigned char data[20+17*6]; }
-        0x4D,0x69,0x6E,0x67,0x68,0x75,0x61,0x51,0x75,0x98,
+        _EC_SECG_CHAR2_131R1 = {
-        0x5B,0xD3,0xAD,0xBA,0xDA,0x21,0xB4,0x3A,0x97,0xE2};
+        { NID_X9_62_characteristic_two_field,20,17,2 },
-static const EC_CURVE_DATA _EC_SECG_CHAR2_131R1 = {
+        { 0x4D,0x69,0x6E,0x67,0x68,0x75,0x61,0x51,0x75,0x98,    /* seed */
-        NID_X9_62_characteristic_two_field,
+          0x5B,0xD3,0xAD,0xBA,0xDA,0x21,0xB4,0x3A,0x97,0xE2,
-        "080000000000000000000000000000010D",
-        "07A11B09A76B562144418FF3FF8C2570B8",
+          0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
-        "0217C05610884B63B9C6C7291678F9D341",
+          0x00,0x00,0x00,0x00,0x00,0x01,0x0D,
-        "0081BAF91FDF9833C40F9C181343638399",
+          0x07,0xA1,0x1B,0x09,0xA7,0x6B,0x56,0x21,0x44,0x41,    /* a */
-        "078C6E7EA38C001F73C8134B1B4EF9E150",
+          0x8F,0xF3,0xFF,0x8C,0x25,0x70,0xB8,
-        "0400000000000000023123953A9464B54D", 2,
+          0x02,0x17,0xC0,0x56,0x10,0x88,0x4B,0x63,0xB9,0xC6,    /* b */
-        _EC_SECG_CHAR2_131R1_SEED, 20,
+          0xC7,0x29,0x16,0x78,0xF9,0xD3,0x41,
-        "SECG/WTLS curve over a 131 bit binary field"
+          0x00,0x81,0xBA,0xF9,0x1F,0xDF,0x98,0x33,0xC4,0x0F,    /* x */
+          0x9C,0x18,0x13,0x43,0x63,0x83,0x99,
+          0x07,0x8C,0x6E,0x7E,0xA3,0x8C,0x00,0x1F,0x73,0xC8,    /* y */
+          0x13,0x4B,0x1B,0x4E,0xF9,0xE1,0x50,
+          0x04,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x02,0x31,    /* order */
+          0x23,0x95,0x3A,0x94,0x64,0xB5,0x4D }
        };
-static const unsigned char _EC_SECG_CHAR2_131R2_SEED[] = {
+static const struct { EC_CURVE_DATA h; unsigned char data[20+17*6]; }
-        0x98,0x5B,0xD3,0xAD,0xBA,0xD4,0xD6,0x96,0xE6,0x76,
+        _EC_SECG_CHAR2_131R2 = {
-        0x87,0x56,0x15,0x17,0x5A,0x21,0xB4,0x3A,0x97,0xE3};
+        { NID_X9_62_characteristic_two_field,20,17,2 },
-static const EC_CURVE_DATA _EC_SECG_CHAR2_131R2 = {
+        { 0x98,0x5B,0xD3,0xAD,0xBA,0xD4,0xD6,0x96,0xE6,0x76,    /* seed */
-        NID_X9_62_characteristic_two_field,
+          0x87,0x56,0x15,0x17,0x5A,0x21,0xB4,0x3A,0x97,0xE3,
-        "080000000000000000000000000000010D",
-        "03E5A88919D7CAFCBF415F07C2176573B2",
+          0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
-        "04B8266A46C55657AC734CE38F018F2192",
+          0x00,0x00,0x00,0x00,0x00,0x01,0x0D,
-        "0356DCD8F2F95031AD652D23951BB366A8",
+          0x03,0xE5,0xA8,0x89,0x19,0xD7,0xCA,0xFC,0xBF,0x41,    /* a */
-        "0648F06D867940A5366D9E265DE9EB240F",
+          0x5F,0x07,0xC2,0x17,0x65,0x73,0xB2,
-        "0400000000000000016954A233049BA98F", 2,
+          0x04,0xB8,0x26,0x6A,0x46,0xC5,0x56,0x57,0xAC,0x73,    /* b */
-        _EC_SECG_CHAR2_131R2_SEED, 20,
+          0x4C,0xE3,0x8F,0x01,0x8F,0x21,0x92,
-        "SECG curve over a 131 bit binary field"
+          0x03,0x56,0xDC,0xD8,0xF2,0xF9,0x50,0x31,0xAD,0x65,    /* x */
+          0x2D,0x23,0x95,0x1B,0xB3,0x66,0xA8,
+          0x06,0x48,0xF0,0x6D,0x86,0x79,0x40,0xA5,0x36,0x6D,    /* y */
+          0x9E,0x26,0x5D,0xE9,0xEB,0x24,0x0F,
+          0x04,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x69,    /* order */
+          0x54,0xA2,0x33,0x04,0x9B,0xA9,0x8F }
        };
-static const EC_CURVE_DATA _EC_NIST_CHAR2_163K = {
+static const struct { EC_CURVE_DATA h; unsigned char data[0+21*6]; }
-        NID_X9_62_characteristic_two_field,
+        _EC_NIST_CHAR2_163K = {
-        "0800000000000000000000000000000000000000C9",
+        { NID_X9_62_characteristic_two_field,0,21,2 },
-        "1",
+        {                                                       /* no seed */
-        "1",
+          0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
-        "02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8",
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "0289070FB05D38FF58321F2E800536D538CCDAA3D9",
+          0xC9,
-        "04000000000000000000020108A2E0CC0D99F8A5EF", 2,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* a */
-        NULL, 0,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "NIST/SECG/WTLS curve over a 163 bit binary field"
+          0x01,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* b */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x01,
+          0x02,0xFE,0x13,0xC0,0x53,0x7B,0xBC,0x11,0xAC,0xAA,    /* x */
+          0x07,0xD7,0x93,0xDE,0x4E,0x6D,0x5E,0x5C,0x94,0xEE,
+          0xE8,
+          0x02,0x89,0x07,0x0F,0xB0,0x5D,0x38,0xFF,0x58,0x32,    /* y */
+          0x1F,0x2E,0x80,0x05,0x36,0xD5,0x38,0xCC,0xDA,0xA3,
+          0xD9,
+          0x04,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* order */
+          0x02,0x01,0x08,0xA2,0xE0,0xCC,0x0D,0x99,0xF8,0xA5,
+          0xEF }
        };
-static const unsigned char _EC_SECG_CHAR2_163R1_SEED[] = {
+static const struct { EC_CURVE_DATA h; unsigned char data[0+21*6]; }
-        0x24,0xB7,0xB1,0x37,0xC8,0xA1,0x4D,0x69,0x6E,0x67,
+        _EC_SECG_CHAR2_163R1 = {
-        0x68,0x75,0x61,0x51,0x75,0x6F,0xD0,0xDA,0x2E,0x5C};
+        { NID_X9_62_characteristic_two_field,0,21,2 },
-static const EC_CURVE_DATA _EC_SECG_CHAR2_163R1 = {
+        {                                                       /* no seed */
-        NID_X9_62_characteristic_two_field,
+#if 0
-        "0800000000000000000000000000000000000000C9",
-        "07B6882CAAEFA84F9554FF8428BD88E246D2782AE2",
-        "0713612DCDDCB40AAB946BDA29CA91F73AF958AFD9",
-        "0369979697AB43897789566789567F787A7876A654",
-        "00435EDB42EFAFB2989D51FEFCE3C80988F41FF883",
-        "03FFFFFFFFFFFFFFFFFFFF48AAB689C29CA710279B", 2,
 /* The algorithm used to derive the curve parameters from
 * the seed used here is slightly different than the
- * algorithm described in X9.62 .
+ * algorithm described in X9.62 . */
- */
+          0x24,0xB7,0xB1,0x37,0xC8,0xA1,0x4D,0x69,0x6E,0x67,
-#if 0
+          0x68,0x75,0x61,0x51,0x75,0x6F,0xD0,0xDA,0x2E,0x5C,
-        _EC_SECG_CHAR2_163R1_SEED, 20,
-#else
-        NULL, 0,
 #endif
-        "SECG curve over a 163 bit binary field"
+          0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0xC9,
+          0x07,0xB6,0x88,0x2C,0xAA,0xEF,0xA8,0x4F,0x95,0x54,    /* a */
+          0xFF,0x84,0x28,0xBD,0x88,0xE2,0x46,0xD2,0x78,0x2A,
+          0xE2,
+          0x07,0x13,0x61,0x2D,0xCD,0xDC,0xB4,0x0A,0xAB,0x94,    /* b */
+          0x6B,0xDA,0x29,0xCA,0x91,0xF7,0x3A,0xF9,0x58,0xAF,
+          0xD9,
+          0x03,0x69,0x97,0x96,0x97,0xAB,0x43,0x89,0x77,0x89,    /* x */
+          0x56,0x67,0x89,0x56,0x7F,0x78,0x7A,0x78,0x76,0xA6,
+          0x54,
+          0x00,0x43,0x5E,0xDB,0x42,0xEF,0xAF,0xB2,0x98,0x9D,    /* y */
+          0x51,0xFE,0xFC,0xE3,0xC8,0x09,0x88,0xF4,0x1F,0xF8,
+          0x83,
+          0x03,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* order */
+          0xFF,0x48,0xAA,0xB6,0x89,0xC2,0x9C,0xA7,0x10,0x27,
+          0x9B }
        };
-static const unsigned char _EC_NIST_CHAR2_163B_SEED[] = {
+static const struct { EC_CURVE_DATA h; unsigned char data[0+21*6]; }
-        0x85,0xE2,0x5B,0xFE,0x5C,0x86,0x22,0x6C,0xDB,0x12,
+        _EC_NIST_CHAR2_163B = {
-        0x01,0x6F,0x75,0x53,0xF9,0xD0,0xE6,0x93,0xA2,0x68};
+        { NID_X9_62_characteristic_two_field,0,21,2 },
-static const EC_CURVE_DATA _EC_NIST_CHAR2_163B ={
+        {                                                       /* no seed */
-        NID_X9_62_characteristic_two_field,
-        "0800000000000000000000000000000000000000C9",
-        "1",
-        "020A601907B8C953CA1481EB10512F78744A3205FD",
-        "03F0EBA16286A2D57EA0991168D4994637E8343E36",
-        "00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1",
-        "040000000000000000000292FE77E70C12A4234C33", 2,
-/* The seed here was used to created the curve parameters in normal
- * basis representation (and not the polynomial representation used here) 
- */
 #if 0
-        _EC_NIST_CHAR2_163B_SEED, 20,
+/* The seed here was used to created the curve parameters in normal
-#else
+ * basis representation (and not the polynomial representation used here) */
-        NULL, 0,
+          0x85,0xE2,0x5B,0xFE,0x5C,0x86,0x22,0x6C,0xDB,0x12,
+          0x01,0x6F,0x75,0x53,0xF9,0xD0,0xE6,0x93,0xA2,0x68,
 #endif
-        "NIST/SECG curve over a 163 bit binary field"
+          0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0xC9,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* a */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x01,
+          0x02,0x0A,0x60,0x19,0x07,0xB8,0xC9,0x53,0xCA,0x14,    /* b */
+          0x81,0xEB,0x10,0x51,0x2F,0x78,0x74,0x4A,0x32,0x05,
+          0xFD,
+          0x03,0xF0,0xEB,0xA1,0x62,0x86,0xA2,0xD5,0x7E,0xA0,    /* x */
+          0x99,0x11,0x68,0xD4,0x99,0x46,0x37,0xE8,0x34,0x3E,
+          0x36,
+          0x00,0xD5,0x1F,0xBC,0x6C,0x71,0xA0,0x09,0x4F,0xA2,    /* y */
+          0xCD,0xD5,0x45,0xB1,0x1C,0x5C,0x0C,0x79,0x73,0x24,
+          0xF1,
+          0x04,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* order */
+          0x02,0x92,0xFE,0x77,0xE7,0x0C,0x12,0xA4,0x23,0x4C,
+          0x33 }
        };
-static const unsigned char _EC_SECG_CHAR2_193R1_SEED[] = {
+static const struct { EC_CURVE_DATA h; unsigned char data[20+25*6]; }
-        0x10,0x3F,0xAE,0xC7,0x4D,0x69,0x6E,0x67,0x68,0x75,
+        _EC_SECG_CHAR2_193R1 = {
-        0x61,0x51,0x75,0x77,0x7F,0xC5,0xB1,0x91,0xEF,0x30};
+        { NID_X9_62_characteristic_two_field,20,25,2 },
-static const EC_CURVE_DATA _EC_SECG_CHAR2_193R1 = {
+        { 0x10,0x3F,0xAE,0xC7,0x4D,0x69,0x6E,0x67,0x68,0x75,    /* seed */
-        NID_X9_62_characteristic_two_field,
+          0x61,0x51,0x75,0x77,0x7F,0xC5,0xB1,0x91,0xEF,0x30,
-        "02000000000000000000000000000000000000000000008001",
-        "0017858FEB7A98975169E171F77B4087DE098AC8A911DF7B01",
+          0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
-        "00FDFB49BFE6C3A89FACADAA7A1E5BBC7CC1C2E5D831478814",
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "01F481BC5F0FF84A74AD6CDF6FDEF4BF6179625372D8C0C5E1",
+          0x00,0x00,0x00,0x80,0x01,
-        "0025E399F2903712CCF3EA9E3A1AD17FB0B3201B6AF7CE1B05",
+          0x00,0x17,0x85,0x8F,0xEB,0x7A,0x98,0x97,0x51,0x69,    /* a */
-        "01000000000000000000000000C7F34A778F443ACC920EBA49", 2,
+          0xE1,0x71,0xF7,0x7B,0x40,0x87,0xDE,0x09,0x8A,0xC8,
-        _EC_SECG_CHAR2_193R1_SEED, 20,
+          0xA9,0x11,0xDF,0x7B,0x01,
-        "SECG curve over a 193 bit binary field"
+          0x00,0xFD,0xFB,0x49,0xBF,0xE6,0xC3,0xA8,0x9F,0xAC,    /* b */
+          0xAD,0xAA,0x7A,0x1E,0x5B,0xBC,0x7C,0xC1,0xC2,0xE5,
+          0xD8,0x31,0x47,0x88,0x14,
+          0x01,0xF4,0x81,0xBC,0x5F,0x0F,0xF8,0x4A,0x74,0xAD,    /* x */
+          0x6C,0xDF,0x6F,0xDE,0xF4,0xBF,0x61,0x79,0x62,0x53,
+          0x72,0xD8,0xC0,0xC5,0xE1,
+          0x00,0x25,0xE3,0x99,0xF2,0x90,0x37,0x12,0xCC,0xF3,    /* y */
+          0xEA,0x9E,0x3A,0x1A,0xD1,0x7F,0xB0,0xB3,0x20,0x1B,
+          0x6A,0xF7,0xCE,0x1B,0x05,
+          0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* order */
+          0x00,0x00,0x00,0xC7,0xF3,0x4A,0x77,0x8F,0x44,0x3A,
+          0xCC,0x92,0x0E,0xBA,0x49 }
        };
-static const unsigned char _EC_SECG_CHAR2_193R2_SEED[] = {
+static const struct { EC_CURVE_DATA h; unsigned char data[20+25*6]; }
-        0x10,0xB7,0xB4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15,
+        _EC_SECG_CHAR2_193R2 = {
-        0x17,0x51,0x37,0xC8,0xA1,0x6F,0xD0,0xDA,0x22,0x11};
+        { NID_X9_62_characteristic_two_field,20,25,2 },
-static const EC_CURVE_DATA _EC_SECG_CHAR2_193R2 = {
+        { 0x10,0xB7,0xB4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15,    /* seed */
-        NID_X9_62_characteristic_two_field,
+          0x17,0x51,0x37,0xC8,0xA1,0x6F,0xD0,0xDA,0x22,0x11,
-        "02000000000000000000000000000000000000000000008001",
-        "0163F35A5137C2CE3EA6ED8667190B0BC43ECD69977702709B",
+          0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
-        "00C9BB9E8927D4D64C377E2AB2856A5B16E3EFB7F61D4316AE",
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "00D9B67D192E0367C803F39E1A7E82CA14A651350AAE617E8F",
+          0x00,0x00,0x00,0x80,0x01,
-        "01CE94335607C304AC29E7DEFBD9CA01F596F927224CDECF6C",
+          0x01,0x63,0xF3,0x5A,0x51,0x37,0xC2,0xCE,0x3E,0xA6,    /* a */
-        "010000000000000000000000015AAB561B005413CCD4EE99D5", 2,
+          0xED,0x86,0x67,0x19,0x0B,0x0B,0xC4,0x3E,0xCD,0x69,
-        _EC_SECG_CHAR2_193R2_SEED, 20,
+          0x97,0x77,0x02,0x70,0x9B,
-        "SECG curve over a 193 bit binary field"
+          0x00,0xC9,0xBB,0x9E,0x89,0x27,0xD4,0xD6,0x4C,0x37,    /* b */
+          0x7E,0x2A,0xB2,0x85,0x6A,0x5B,0x16,0xE3,0xEF,0xB7,
+          0xF6,0x1D,0x43,0x16,0xAE,
+          0x00,0xD9,0xB6,0x7D,0x19,0x2E,0x03,0x67,0xC8,0x03,    /* x */
+          0xF3,0x9E,0x1A,0x7E,0x82,0xCA,0x14,0xA6,0x51,0x35,
+          0x0A,0xAE,0x61,0x7E,0x8F,
+          0x01,0xCE,0x94,0x33,0x56,0x07,0xC3,0x04,0xAC,0x29,    /* y */
+          0xE7,0xDE,0xFB,0xD9,0xCA,0x01,0xF5,0x96,0xF9,0x27,
+          0x22,0x4C,0xDE,0xCF,0x6C,
+          0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* order */
+          0x00,0x00,0x01,0x5A,0xAB,0x56,0x1B,0x00,0x54,0x13,
+          0xCC,0xD4,0xEE,0x99,0xD5 }
        };
-static const EC_CURVE_DATA _EC_NIST_CHAR2_233K = {
+static const struct { EC_CURVE_DATA h; unsigned char data[0+30*6]; }
-        NID_X9_62_characteristic_two_field,
+        _EC_NIST_CHAR2_233K = {
-        "020000000000000000000000000000000000000004000000000000000001",
+        { NID_X9_62_characteristic_two_field,0,30,4 },
-        "0",
+        {                                                       /* no seed */
-        "1",
+          0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126",
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3",
+          0x04,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,
-        "008000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF", 4,
-        NULL, 0,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* a */
-        "NIST/SECG/WTLS curve over a 233 bit binary field"
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* b */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,
+          0x01,0x72,0x32,0xBA,0x85,0x3A,0x7E,0x73,0x1A,0xF1,    /* x */
+          0x29,0xF2,0x2F,0xF4,0x14,0x95,0x63,0xA4,0x19,0xC2,
+          0x6B,0xF5,0x0A,0x4C,0x9D,0x6E,0xEF,0xAD,0x61,0x26,
+          0x01,0xDB,0x53,0x7D,0xEC,0xE8,0x19,0xB7,0xF7,0x0F,    /* y */
+          0x55,0x5A,0x67,0xC4,0x27,0xA8,0xCD,0x9B,0xF1,0x8A,
+          0xEB,0x9B,0x56,0xE0,0xC1,0x10,0x56,0xFA,0xE6,0xA3,
+          0x00,0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* order */
+          0x00,0x00,0x00,0x00,0x00,0x06,0x9D,0x5B,0xB9,0x15,
+          0xBC,0xD4,0x6E,0xFB,0x1A,0xD5,0xF1,0x73,0xAB,0xDF }
        };
-static const unsigned char _EC_NIST_CHAR2_233B_SEED[] = {
+static const struct { EC_CURVE_DATA h; unsigned char data[20+30*6]; }
-        0x74,0xD5,0x9F,0xF0,0x7F,0x6B,0x41,0x3D,0x0E,0xA1,
+        _EC_NIST_CHAR2_233B = {
-        0x4B,0x34,0x4B,0x20,0xA2,0xDB,0x04,0x9B,0x50,0xC3};
+        { NID_X9_62_characteristic_two_field,20,30,2 },
-static const EC_CURVE_DATA _EC_NIST_CHAR2_233B = {
+        { 0x74,0xD5,0x9F,0xF0,0x7F,0x6B,0x41,0x3D,0x0E,0xA1,    /* seed */
-        NID_X9_62_characteristic_two_field,
+          0x4B,0x34,0x4B,0x20,0xA2,0xDB,0x04,0x9B,0x50,0xC3,
-        "020000000000000000000000000000000000000004000000000000000001",
-        "000000000000000000000000000000000000000000000000000000000001",
+          0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
-        "0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD",
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B",
+          0x04,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,
-        "01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052",
-        "01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7", 2,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* a */
-        _EC_NIST_CHAR2_233B_SEED, 20,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "NIST/SECG/WTLS curve over a 233 bit binary field"
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,
+          0x00,0x66,0x64,0x7E,0xDE,0x6C,0x33,0x2C,0x7F,0x8C,    /* b */
+          0x09,0x23,0xBB,0x58,0x21,0x3B,0x33,0x3B,0x20,0xE9,
+          0xCE,0x42,0x81,0xFE,0x11,0x5F,0x7D,0x8F,0x90,0xAD,
+          0x00,0xFA,0xC9,0xDF,0xCB,0xAC,0x83,0x13,0xBB,0x21,    /* x */
+          0x39,0xF1,0xBB,0x75,0x5F,0xEF,0x65,0xBC,0x39,0x1F,
+          0x8B,0x36,0xF8,0xF8,0xEB,0x73,0x71,0xFD,0x55,0x8B,
+          0x01,0x00,0x6A,0x08,0xA4,0x19,0x03,0x35,0x06,0x78,    /* y */
+          0xE5,0x85,0x28,0xBE,0xBF,0x8A,0x0B,0xEF,0xF8,0x67,
+          0xA7,0xCA,0x36,0x71,0x6F,0x7E,0x01,0xF8,0x10,0x52,
+          0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* order */
+          0x00,0x00,0x00,0x00,0x00,0x13,0xE9,0x74,0xE7,0x2F,
+          0x8A,0x69,0x22,0x03,0x1D,0x26,0x03,0xCF,0xE0,0xD7 }
        };
-static const EC_CURVE_DATA _EC_SECG_CHAR2_239K1 = {
+static const struct { EC_CURVE_DATA h; unsigned char data[0+30*6]; }
-        NID_X9_62_characteristic_two_field,
+        _EC_SECG_CHAR2_239K1 = {
-        "800000000000000000004000000000000000000000000000000000000001",
+        { NID_X9_62_characteristic_two_field,0,30,4 },
-        "0",
+        {                                                       /* no seed */
-        "1",
+          0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "29A0B6A887A983E9730988A68727A8B2D126C44CC2CC7B2A6555193035DC",
+          0x40,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "76310804F12E549BDB011C103089E73510ACB275FC312A5DC6B76553F0CA",
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,
-        "2000000000000000000000000000005A79FEC67CB6E91F1C1DA800E478A5", 4,
-        NULL, 0,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* a */
-        "SECG curve over a 239 bit binary field"
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* b */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,
+          0x29,0xA0,0xB6,0xA8,0x87,0xA9,0x83,0xE9,0x73,0x09,    /* x */
+          0x88,0xA6,0x87,0x27,0xA8,0xB2,0xD1,0x26,0xC4,0x4C,
+          0xC2,0xCC,0x7B,0x2A,0x65,0x55,0x19,0x30,0x35,0xDC,
+          0x76,0x31,0x08,0x04,0xF1,0x2E,0x54,0x9B,0xDB,0x01,    /* y */
+          0x1C,0x10,0x30,0x89,0xE7,0x35,0x10,0xAC,0xB2,0x75,
+          0xFC,0x31,0x2A,0x5D,0xC6,0xB7,0x65,0x53,0xF0,0xCA,
+          0x20,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* order */
+          0x00,0x00,0x00,0x00,0x00,0x5A,0x79,0xFE,0xC6,0x7C,
+          0xB6,0xE9,0x1F,0x1C,0x1D,0xA8,0x00,0xE4,0x78,0xA5 }
        };
-static const EC_CURVE_DATA _EC_NIST_CHAR2_283K = {
+static const struct { EC_CURVE_DATA h; unsigned char data[0+36*6]; }
-        NID_X9_62_characteristic_two_field,
+        _EC_NIST_CHAR2_283K = {
-        "080000000000000000000000000000000000000000000000000000000000000000001"
+        { NID_X9_62_characteristic_two_field,0,36,4 },
-        "0A1",
+        {                                                       /* no seed */
-        "0",
+          0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "1",
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492"
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "836",
+          0x00,0x00,0x00,0x00,0x10,0xA1,
-        "01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2"
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* a */
-        "259",
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163"
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "C61", 4,
+          0x00,0x00,0x00,0x00,0x00,0x00,
-        NULL, 20,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* b */
-        "NIST/SECG curve over a 283 bit binary field"
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x01,
+          0x05,0x03,0x21,0x3F,0x78,0xCA,0x44,0x88,0x3F,0x1A,    /* x */
+          0x3B,0x81,0x62,0xF1,0x88,0xE5,0x53,0xCD,0x26,0x5F,
+          0x23,0xC1,0x56,0x7A,0x16,0x87,0x69,0x13,0xB0,0xC2,
+          0xAC,0x24,0x58,0x49,0x28,0x36,
+          0x01,0xCC,0xDA,0x38,0x0F,0x1C,0x9E,0x31,0x8D,0x90,    /* y */
+          0xF9,0x5D,0x07,0xE5,0x42,0x6F,0xE8,0x7E,0x45,0xC0,
+          0xE8,0x18,0x46,0x98,0xE4,0x59,0x62,0x36,0x4E,0x34,
+          0x11,0x61,0x77,0xDD,0x22,0x59,
+          0x01,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* order */
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xE9,0xAE,
+          0x2E,0xD0,0x75,0x77,0x26,0x5D,0xFF,0x7F,0x94,0x45,
+          0x1E,0x06,0x1E,0x16,0x3C,0x61 }
        };
-static const unsigned char _EC_NIST_CHAR2_283B_SEED[] = {
+static const struct { EC_CURVE_DATA h; unsigned char data[20+36*6]; }
-        0x77,0xE2,0xB0,0x73,0x70,0xEB,0x0F,0x83,0x2A,0x6D,
+        _EC_NIST_CHAR2_283B = {
-        0xD5,0xB6,0x2D,0xFC,0x88,0xCD,0x06,0xBB,0x84,0xBE};
+        { NID_X9_62_characteristic_two_field,20,36,2 },
-static const EC_CURVE_DATA _EC_NIST_CHAR2_283B = {
+        { 0x77,0xE2,0xB0,0x73,0x70,0xEB,0x0F,0x83,0x2A,0x6D,    /* no seed */
-        NID_X9_62_characteristic_two_field,
+          0xD5,0xB6,0x2D,0xFC,0x88,0xCD,0x06,0xBB,0x84,0xBE,
-        "080000000000000000000000000000000000000000000000000000000000000000001"
-        "0A1",
+          0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
-        "000000000000000000000000000000000000000000000000000000000000000000000"
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "001",
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A"
+          0x00,0x00,0x00,0x00,0x10,0xA1,
-        "2F5",
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* a */
-        "05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12"
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "053",
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE811"
+          0x00,0x00,0x00,0x00,0x00,0x01,
-        "2F4",
+          0x02,0x7B,0x68,0x0A,0xC8,0xB8,0x59,0x6D,0xA5,0xA4,    /* b */
-        "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB"
+          0xAF,0x8A,0x19,0xA0,0x30,0x3F,0xCA,0x97,0xFD,0x76,
-        "307", 2,
+          0x45,0x30,0x9F,0xA2,0xA5,0x81,0x48,0x5A,0xF6,0x26,
-        _EC_NIST_CHAR2_283B_SEED, 20,
+          0x3E,0x31,0x3B,0x79,0xA2,0xF5,
-        "NIST/SECG curve over a 283 bit binary field"
+          0x05,0xF9,0x39,0x25,0x8D,0xB7,0xDD,0x90,0xE1,0x93,    /* x */
+          0x4F,0x8C,0x70,0xB0,0xDF,0xEC,0x2E,0xED,0x25,0xB8,
+          0x55,0x7E,0xAC,0x9C,0x80,0xE2,0xE1,0x98,0xF8,0xCD,
+          0xBE,0xCD,0x86,0xB1,0x20,0x53,
+          0x03,0x67,0x68,0x54,0xFE,0x24,0x14,0x1C,0xB9,0x8F,    /* y */
+          0xE6,0xD4,0xB2,0x0D,0x02,0xB4,0x51,0x6F,0xF7,0x02,
+          0x35,0x0E,0xDD,0xB0,0x82,0x67,0x79,0xC8,0x13,0xF0,
+          0xDF,0x45,0xBE,0x81,0x12,0xF4,
+          0x03,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* order */
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xEF,0x90,
+          0x39,0x96,0x60,0xFC,0x93,0x8A,0x90,0x16,0x5B,0x04,
+          0x2A,0x7C,0xEF,0xAD,0xB3,0x07 }
        };
-static const EC_CURVE_DATA _EC_NIST_CHAR2_409K = {
+static const struct { EC_CURVE_DATA h; unsigned char data[0+52*6]; }
-        NID_X9_62_characteristic_two_field,
+        _EC_NIST_CHAR2_409K = {
-        "020000000000000000000000000000000000000000000000000000000000000000000"
+        { NID_X9_62_characteristic_two_field,0,52,4 },
-        "00000000000008000000000000000000001",
+        {                                                       /* no seed */
-        "0",
+          0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
-        "1",
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C4601"
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "89EB5AAAA62EE222EB1B35540CFE9023746",
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6"
+          0x00,0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "C42E9C55215AA9CA27A5863EC48D8E0286B",
+          0x00,0x01,
-        "007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400"
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* a */
-        "EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF", 4,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        NULL, 0,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "NIST/SECG curve over a 409 bit binary field"
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* b */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x01,
+          0x00,0x60,0xF0,0x5F,0x65,0x8F,0x49,0xC1,0xAD,0x3A,    /* x */
+          0xB1,0x89,0x0F,0x71,0x84,0x21,0x0E,0xFD,0x09,0x87,
+          0xE3,0x07,0xC8,0x4C,0x27,0xAC,0xCF,0xB8,0xF9,0xF6,
+          0x7C,0xC2,0xC4,0x60,0x18,0x9E,0xB5,0xAA,0xAA,0x62,
+          0xEE,0x22,0x2E,0xB1,0xB3,0x55,0x40,0xCF,0xE9,0x02,
+          0x37,0x46,
+          0x01,0xE3,0x69,0x05,0x0B,0x7C,0x4E,0x42,0xAC,0xBA,    /* y */
+          0x1D,0xAC,0xBF,0x04,0x29,0x9C,0x34,0x60,0x78,0x2F,
+          0x91,0x8E,0xA4,0x27,0xE6,0x32,0x51,0x65,0xE9,0xEA,
+          0x10,0xE3,0xDA,0x5F,0x6C,0x42,0xE9,0xC5,0x52,0x15,
+          0xAA,0x9C,0xA2,0x7A,0x58,0x63,0xEC,0x48,0xD8,0xE0,
+          0x28,0x6B,
+          0x00,0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* order */
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0x5F,0x83,0xB2,
+          0xD4,0xEA,0x20,0x40,0x0E,0xC4,0x55,0x7D,0x5E,0xD3,
+          0xE3,0xE7,0xCA,0x5B,0x4B,0x5C,0x83,0xB8,0xE0,0x1E,
+          0x5F,0xCF }
        };
-static const unsigned char _EC_NIST_CHAR2_409B_SEED[] = {
+static const struct { EC_CURVE_DATA h; unsigned char data[20+52*6]; }
-        0x40,0x99,0xB5,0xA4,0x57,0xF9,0xD6,0x9F,0x79,0x21,
+        _EC_NIST_CHAR2_409B = {
-        0x3D,0x09,0x4C,0x4B,0xCD,0x4D,0x42,0x62,0x21,0x0B};
+        { NID_X9_62_characteristic_two_field,20,52,2 },
-static const EC_CURVE_DATA _EC_NIST_CHAR2_409B = {
+        { 0x40,0x99,0xB5,0xA4,0x57,0xF9,0xD6,0x9F,0x79,0x21,    /* seed */
-        NID_X9_62_characteristic_two_field,
+          0x3D,0x09,0x4C,0x4B,0xCD,0x4D,0x42,0x62,0x21,0x0B,
-        "020000000000000000000000000000000000000000000000000000000000000000000"
-        "00000000000008000000000000000000001",
+          0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
-        "000000000000000000000000000000000000000000000000000000000000000000000"
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "00000000000000000000000000000000001",
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A19"
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "7B272822F6CD57A55AA4F50AE317B13545F",
+          0x00,0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255"
+          0x00,0x01,
-        "A868A1180515603AEAB60794E54BB7996A7",
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* a */
-        "0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514"
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "F1FDF4B4F40D2181B3681C364BA0273C706",
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "010000000000000000000000000000000000000000000000000001E2AAD6A612F3330"
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "7BE5FA47C3C9E052F838164CD37D9A21173", 2,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        _EC_NIST_CHAR2_409B_SEED, 20,
+          0x00,0x01,
-        "NIST/SECG curve over a 409 bit binary field"
+          0x00,0x21,0xA5,0xC2,0xC8,0xEE,0x9F,0xEB,0x5C,0x4B,    /* b */
+          0x9A,0x75,0x3B,0x7B,0x47,0x6B,0x7F,0xD6,0x42,0x2E,
+          0xF1,0xF3,0xDD,0x67,0x47,0x61,0xFA,0x99,0xD6,0xAC,
+          0x27,0xC8,0xA9,0xA1,0x97,0xB2,0x72,0x82,0x2F,0x6C,
+          0xD5,0x7A,0x55,0xAA,0x4F,0x50,0xAE,0x31,0x7B,0x13,
+          0x54,0x5F,
+          0x01,0x5D,0x48,0x60,0xD0,0x88,0xDD,0xB3,0x49,0x6B,    /* x */
+          0x0C,0x60,0x64,0x75,0x62,0x60,0x44,0x1C,0xDE,0x4A,
+          0xF1,0x77,0x1D,0x4D,0xB0,0x1F,0xFE,0x5B,0x34,0xE5,
+          0x97,0x03,0xDC,0x25,0x5A,0x86,0x8A,0x11,0x80,0x51,
+          0x56,0x03,0xAE,0xAB,0x60,0x79,0x4E,0x54,0xBB,0x79,
+          0x96,0xA7,
+          0x00,0x61,0xB1,0xCF,0xAB,0x6B,0xE5,0xF3,0x2B,0xBF,    /* y */
+          0xA7,0x83,0x24,0xED,0x10,0x6A,0x76,0x36,0xB9,0xC5,
+          0xA7,0xBD,0x19,0x8D,0x01,0x58,0xAA,0x4F,0x54,0x88,
+          0xD0,0x8F,0x38,0x51,0x4F,0x1F,0xDF,0x4B,0x4F,0x40,
+          0xD2,0x18,0x1B,0x36,0x81,0xC3,0x64,0xBA,0x02,0x73,
+          0xC7,0x06,
+          0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* order */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x01,0xE2,0xAA,0xD6,
+          0xA6,0x12,0xF3,0x33,0x07,0xBE,0x5F,0xA4,0x7C,0x3C,
+          0x9E,0x05,0x2F,0x83,0x81,0x64,0xCD,0x37,0xD9,0xA2,
+          0x11,0x73 }
        };
-static const EC_CURVE_DATA _EC_NIST_CHAR2_571K = {
+static const struct { EC_CURVE_DATA h; unsigned char data[0+72*6]; }
-        NID_X9_62_characteristic_two_field,
+        _EC_NIST_CHAR2_571K = {
-        "800000000000000000000000000000000000000000000000000000000000000000000"
+        { NID_X9_62_characteristic_two_field,0,72,4 },
-        "000000000000000000000000000000000000000000000000000000000000000000000"
+        {                                                       /* no seed */
-        "00425",
+          0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
-        "0",
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "1",
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA443709"
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "58493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A0"
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "1C8972",
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D497"
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "9C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143E"
+          0x04,0x25,
-        "F1C7A3",
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* a */
-        "020000000000000000000000000000000000000000000000000000000000000000000"
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F63"
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "7C1001", 4,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        NULL, 0,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "NIST/SECG curve over a 571 bit binary field"
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* b */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x01,
+          0x02,0x6E,0xB7,0xA8,0x59,0x92,0x3F,0xBC,0x82,0x18,    /* x */
+          0x96,0x31,0xF8,0x10,0x3F,0xE4,0xAC,0x9C,0xA2,0x97,
+          0x00,0x12,0xD5,0xD4,0x60,0x24,0x80,0x48,0x01,0x84,
+          0x1C,0xA4,0x43,0x70,0x95,0x84,0x93,0xB2,0x05,0xE6,
+          0x47,0xDA,0x30,0x4D,0xB4,0xCE,0xB0,0x8C,0xBB,0xD1,
+          0xBA,0x39,0x49,0x47,0x76,0xFB,0x98,0x8B,0x47,0x17,
+          0x4D,0xCA,0x88,0xC7,0xE2,0x94,0x52,0x83,0xA0,0x1C,
+          0x89,0x72,
+          0x03,0x49,0xDC,0x80,0x7F,0x4F,0xBF,0x37,0x4F,0x4A,    /* y */
+          0xEA,0xDE,0x3B,0xCA,0x95,0x31,0x4D,0xD5,0x8C,0xEC,
+          0x9F,0x30,0x7A,0x54,0xFF,0xC6,0x1E,0xFC,0x00,0x6D,
+          0x8A,0x2C,0x9D,0x49,0x79,0xC0,0xAC,0x44,0xAE,0xA7,
+          0x4F,0xBE,0xBB,0xB9,0xF7,0x72,0xAE,0xDC,0xB6,0x20,
+          0xB0,0x1A,0x7B,0xA7,0xAF,0x1B,0x32,0x04,0x30,0xC8,
+          0x59,0x19,0x84,0xF6,0x01,0xCD,0x4C,0x14,0x3E,0xF1,
+          0xC7,0xA3,
+          0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* order */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x13,0x18,0x50,0xE1,
+          0xF1,0x9A,0x63,0xE4,0xB3,0x91,0xA8,0xDB,0x91,0x7F,
+          0x41,0x38,0xB6,0x30,0xD8,0x4B,0xE5,0xD6,0x39,0x38,
+          0x1E,0x91,0xDE,0xB4,0x5C,0xFE,0x77,0x8F,0x63,0x7C,
+          0x10,0x01 }
        };
-static const unsigned char _EC_NIST_CHAR2_571B_SEED[] = {
+static const struct { EC_CURVE_DATA h; unsigned char data[20+72*6]; }
-        0x2A,0xA0,0x58,0xF7,0x3A,0x0E,0x33,0xAB,0x48,0x6B,
+        _EC_NIST_CHAR2_571B = {
-        0x0F,0x61,0x04,0x10,0xC5,0x3A,0x7F,0x13,0x23,0x10};
+        { NID_X9_62_characteristic_two_field,20,72,2 },
-static const EC_CURVE_DATA _EC_NIST_CHAR2_571B = {
+        { 0x2A,0xA0,0x58,0xF7,0x3A,0x0E,0x33,0xAB,0x48,0x6B,    /* seed */
-        NID_X9_62_characteristic_two_field,
+          0x0F,0x61,0x04,0x10,0xC5,0x3A,0x7F,0x13,0x23,0x10,
-        "800000000000000000000000000000000000000000000000000000000000000000000"
-        "000000000000000000000000000000000000000000000000000000000000000000000"
+          0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
-        "00425",
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "000000000000000000000000000000000000000000000000000000000000000000000"
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "000000000000000000000000000000000000000000000000000000000000000000000"
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "000001",
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFA"
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "BBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F29"
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "55727A",
+          0x04,0x25,
-        "0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53"
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* a */
-        "950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8E"
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "EC2D19",
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423"
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B"
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "8AC15B",
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "FFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2F"
+          0x00,0x01,
-        "E84E47", 2,
+          0x02,0xF4,0x0E,0x7E,0x22,0x21,0xF2,0x95,0xDE,0x29,    /* b */
-        _EC_NIST_CHAR2_571B_SEED, 20,
+          0x71,0x17,0xB7,0xF3,0xD6,0x2F,0x5C,0x6A,0x97,0xFF,
-        "NIST/SECG curve over a 571 bit binary field"
+          0xCB,0x8C,0xEF,0xF1,0xCD,0x6B,0xA8,0xCE,0x4A,0x9A,
+          0x18,0xAD,0x84,0xFF,0xAB,0xBD,0x8E,0xFA,0x59,0x33,
+          0x2B,0xE7,0xAD,0x67,0x56,0xA6,0x6E,0x29,0x4A,0xFD,
+          0x18,0x5A,0x78,0xFF,0x12,0xAA,0x52,0x0E,0x4D,0xE7,
+          0x39,0xBA,0xCA,0x0C,0x7F,0xFE,0xFF,0x7F,0x29,0x55,
+          0x72,0x7A,
+          0x03,0x03,0x00,0x1D,0x34,0xB8,0x56,0x29,0x6C,0x16,    /* x */
+          0xC0,0xD4,0x0D,0x3C,0xD7,0x75,0x0A,0x93,0xD1,0xD2,
+          0x95,0x5F,0xA8,0x0A,0xA5,0xF4,0x0F,0xC8,0xDB,0x7B,
+          0x2A,0xBD,0xBD,0xE5,0x39,0x50,0xF4,0xC0,0xD2,0x93,
+          0xCD,0xD7,0x11,0xA3,0x5B,0x67,0xFB,0x14,0x99,0xAE,
+          0x60,0x03,0x86,0x14,0xF1,0x39,0x4A,0xBF,0xA3,0xB4,
+          0xC8,0x50,0xD9,0x27,0xE1,0xE7,0x76,0x9C,0x8E,0xEC,
+          0x2D,0x19,
+          0x03,0x7B,0xF2,0x73,0x42,0xDA,0x63,0x9B,0x6D,0xCC,    /* y */
+          0xFF,0xFE,0xB7,0x3D,0x69,0xD7,0x8C,0x6C,0x27,0xA6,
+          0x00,0x9C,0xBB,0xCA,0x19,0x80,0xF8,0x53,0x39,0x21,
+          0xE8,0xA6,0x84,0x42,0x3E,0x43,0xBA,0xB0,0x8A,0x57,
+          0x62,0x91,0xAF,0x8F,0x46,0x1B,0xB2,0xA8,0xB3,0x53,
+          0x1D,0x2F,0x04,0x85,0xC1,0x9B,0x16,0xE2,0xF1,0x51,
+          0x6E,0x23,0xDD,0x3C,0x1A,0x48,0x27,0xAF,0x1B,0x8A,
+          0xC1,0x5B,
+          0x03,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* order */
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+          0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xE6,0x61,0xCE,0x18,
+          0xFF,0x55,0x98,0x73,0x08,0x05,0x9B,0x18,0x68,0x23,
+          0x85,0x1E,0xC7,0xDD,0x9C,0xA1,0x16,0x1D,0xE9,0x3D,
+          0x51,0x74,0xD6,0x6E,0x83,0x82,0xE9,0xBB,0x2F,0xE8,
+          0x4E,0x47 }
        };
-static const unsigned char _EC_X9_62_CHAR2_163V1_SEED[] = {
+static const struct { EC_CURVE_DATA h; unsigned char data[20+21*6]; }
-        0xD2,0xC0,0xFB,0x15,0x76,0x08,0x60,0xDE,0xF1,0xEE,
+        _EC_X9_62_CHAR2_163V1 = {
-        0xF4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15,0x17,0x54};
+        { NID_X9_62_characteristic_two_field,20,21,2 },
-static const EC_CURVE_DATA _EC_X9_62_CHAR2_163V1 = {
+        { 0xD2,0xC0,0xFB,0x15,0x76,0x08,0x60,0xDE,0xF1,0xEE,
-        NID_X9_62_characteristic_two_field,
+          0xF4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15,0x17,0x54,    /* seed */
-        "080000000000000000000000000000000000000107",
-        "072546B5435234A422E0789675F432C89435DE5242",
+          0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
-        "00C9517D06D5240D3CFF38C74B20B6CD4D6F9DD4D9",
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,
-        "07AF69989546103D79329FCC3D74880F33BBE803CB",
+          0x07,
-        "01EC23211B5966ADEA1D3F87F7EA5848AEF0B7CA9F",
+          0x07,0x25,0x46,0xB5,0x43,0x52,0x34,0xA4,0x22,0xE0,    /* a */
-        "0400000000000000000001E60FC8821CC74DAEAFC1", 2,
+          0x78,0x96,0x75,0xF4,0x32,0xC8,0x94,0x35,0xDE,0x52,
-        _EC_X9_62_CHAR2_163V1_SEED, 20,
+          0x42,
-        "X9.62 curve over a 163 bit binary field"
+          0x00,0xC9,0x51,0x7D,0x06,0xD5,0x24,0x0D,0x3C,0xFF,    /* b */
+          0x38,0xC7,0x4B,0x20,0xB6,0xCD,0x4D,0x6F,0x9D,0xD4,
+          0xD9,
+          0x07,0xAF,0x69,0x98,0x95,0x46,0x10,0x3D,0x79,0x32,    /* x */
+          0x9F,0xCC,0x3D,0x74,0x88,0x0F,0x33,0xBB,0xE8,0x03,
+          0xCB,
+          0x01,0xEC,0x23,0x21,0x1B,0x59,0x66,0xAD,0xEA,0x1D,    /* y */
+          0x3F,0x87,0xF7,0xEA,0x58,0x48,0xAE,0xF0,0xB7,0xCA,
+          0x9F,
+          0x04,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* order */
+          0x01,0xE6,0x0F,0xC8,0x82,0x1C,0xC7,0x4D,0xAE,0xAF,
+          0xC1 }
        };
-static const unsigned char _EC_X9_62_CHAR2_163V2_SEED[] = {
+static const struct { EC_CURVE_DATA h; unsigned char data[20+21*6]; }
-        0x53,0x81,0x4C,0x05,0x0D,0x44,0xD6,0x96,0xE6,0x76,
+        _EC_X9_62_CHAR2_163V2 = {
-        0x87,0x56,0x15,0x17,0x58,0x0C,0xA4,0xE2,0x9F,0xFD};
+        { NID_X9_62_characteristic_two_field,20,21,2 },
-static const EC_CURVE_DATA _EC_X9_62_CHAR2_163V2 = {
+        { 0x53,0x81,0x4C,0x05,0x0D,0x44,0xD6,0x96,0xE6,0x76,    /* seed */
-        NID_X9_62_characteristic_two_field,
+          0x87,0x56,0x15,0x17,0x58,0x0C,0xA4,0xE2,0x9F,0xFD,
-        "080000000000000000000000000000000000000107",
-        "0108B39E77C4B108BED981ED0E890E117C511CF072",
+          0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
-        "0667ACEB38AF4E488C407433FFAE4F1C811638DF20",
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,
-        "0024266E4EB5106D0A964D92C4860E2671DB9B6CC5",
+          0x07,
-        "079F684DDF6684C5CD258B3890021B2386DFD19FC5",
+          0x01,0x08,0xB3,0x9E,0x77,0xC4,0xB1,0x08,0xBE,0xD9,    /* a */
-        "03FFFFFFFFFFFFFFFFFFFDF64DE1151ADBB78F10A7", 2,
+          0x81,0xED,0x0E,0x89,0x0E,0x11,0x7C,0x51,0x1C,0xF0,
-        _EC_X9_62_CHAR2_163V2_SEED, 20,
+          0x72,
-        "X9.62 curve over a 163 bit binary field"
+          0x06,0x67,0xAC,0xEB,0x38,0xAF,0x4E,0x48,0x8C,0x40,    /* b */
+          0x74,0x33,0xFF,0xAE,0x4F,0x1C,0x81,0x16,0x38,0xDF,
+          0x20,
+          0x00,0x24,0x26,0x6E,0x4E,0xB5,0x10,0x6D,0x0A,0x96,    /* x */
+          0x4D,0x92,0xC4,0x86,0x0E,0x26,0x71,0xDB,0x9B,0x6C,
+          0xC5,
+          0x07,0x9F,0x68,0x4D,0xDF,0x66,0x84,0xC5,0xCD,0x25,    /* y */
+          0x8B,0x38,0x90,0x02,0x1B,0x23,0x86,0xDF,0xD1,0x9F,
+          0xC5,
+          0x03,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* order */
+          0xFD,0xF6,0x4D,0xE1,0x15,0x1A,0xDB,0xB7,0x8F,0x10,
+          0xA7 }
        };
-static const unsigned char _EC_X9_62_CHAR2_163V3_SEED[] = {
+static const struct { EC_CURVE_DATA h; unsigned char data[20+21*6]; }
-        0x50,0xCB,0xF1,0xD9,0x5C,0xA9,0x4D,0x69,0x6E,0x67,
+        _EC_X9_62_CHAR2_163V3 = {
-        0x68,0x75,0x61,0x51,0x75,0xF1,0x6A,0x36,0xA3,0xB8};
+        { NID_X9_62_characteristic_two_field,20,21,2 },
-static const EC_CURVE_DATA _EC_X9_62_CHAR2_163V3 = {
+        { 0x50,0xCB,0xF1,0xD9,0x5C,0xA9,0x4D,0x69,0x6E,0x67,    /* seed */
-        NID_X9_62_characteristic_two_field,
+          0x68,0x75,0x61,0x51,0x75,0xF1,0x6A,0x36,0xA3,0xB8,
-        "080000000000000000000000000000000000000107",
-        "07A526C63D3E25A256A007699F5447E32AE456B50E",
+          0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
-        "03F7061798EB99E238FD6F1BF95B48FEEB4854252B",
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,
-        "02F9F87B7C574D0BDECF8A22E6524775F98CDEBDCB",
+          0x07,
-        "05B935590C155E17EA48EB3FF3718B893DF59A05D0",
+          0x07,0xA5,0x26,0xC6,0x3D,0x3E,0x25,0xA2,0x56,0xA0,    /* a */
-        "03FFFFFFFFFFFFFFFFFFFE1AEE140F110AFF961309", 2,
+          0x07,0x69,0x9F,0x54,0x47,0xE3,0x2A,0xE4,0x56,0xB5,
-        _EC_X9_62_CHAR2_163V3_SEED, 20,
+          0x0E,
-        "X9.62 curve over a 163 bit binary field"
+          0x03,0xF7,0x06,0x17,0x98,0xEB,0x99,0xE2,0x38,0xFD,    /* b */
+          0x6F,0x1B,0xF9,0x5B,0x48,0xFE,0xEB,0x48,0x54,0x25,
+          0x2B,
+          0x02,0xF9,0xF8,0x7B,0x7C,0x57,0x4D,0x0B,0xDE,0xCF,    /* x */
+          0x8A,0x22,0xE6,0x52,0x47,0x75,0xF9,0x8C,0xDE,0xBD,
+          0xCB,
+          0x05,0xB9,0x35,0x59,0x0C,0x15,0x5E,0x17,0xEA,0x48,    /* y */
+          0xEB,0x3F,0xF3,0x71,0x8B,0x89,0x3D,0xF5,0x9A,0x05,
+          0xD0,
+          0x03,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* order */
+          0xFE,0x1A,0xEE,0x14,0x0F,0x11,0x0A,0xFF,0x96,0x13,
+          0x09 }
        };
-static const EC_CURVE_DATA _EC_X9_62_CHAR2_176V1 = {
+static const struct { EC_CURVE_DATA h; unsigned char data[0+23*6]; }
-        NID_X9_62_characteristic_two_field,
+        _EC_X9_62_CHAR2_176V1 = {
-        "0100000000000000000000000000000000080000000007",
+        { NID_X9_62_characteristic_two_field,0,23,0xFF6E },
-        "E4E6DB2995065C407D9D39B8D0967B96704BA8E9C90B",
+        {                                                       /* no seed */
-        "5DDA470ABE6414DE8EC133AE28E9BBD7FCEC0AE0FFF2",
+          0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
-        "8D16C2866798B600F9F08BB4A8E860F3298CE04A5798",
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x00,
-        "6FA4539C2DADDDD6BAB5167D61B436E1D92BB16A562C",
+          0x00,0x00,0x07,
-        "00010092537397ECA4F6145799D62B0A19CE06FE26AD", 0xFF6E,
+          0x00,0xE4,0xE6,0xDB,0x29,0x95,0x06,0x5C,0x40,0x7D,    /* a */
-        NULL, 0,
+          0x9D,0x39,0xB8,0xD0,0x96,0x7B,0x96,0x70,0x4B,0xA8,
-        "X9.62 curve over a 176 bit binary field"
+          0xE9,0xC9,0x0B,
+          0x00,0x5D,0xDA,0x47,0x0A,0xBE,0x64,0x14,0xDE,0x8E,    /* b */
+          0xC1,0x33,0xAE,0x28,0xE9,0xBB,0xD7,0xFC,0xEC,0x0A,
+          0xE0,0xFF,0xF2,
+          0x00,0x8D,0x16,0xC2,0x86,0x67,0x98,0xB6,0x00,0xF9,    /* x */
+          0xF0,0x8B,0xB4,0xA8,0xE8,0x60,0xF3,0x29,0x8C,0xE0,
+          0x4A,0x57,0x98,
+          0x00,0x6F,0xA4,0x53,0x9C,0x2D,0xAD,0xDD,0xD6,0xBA,    /* y */
+          0xB5,0x16,0x7D,0x61,0xB4,0x36,0xE1,0xD9,0x2B,0xB1,
+          0x6A,0x56,0x2C,
+          0x00,0x00,0x01,0x00,0x92,0x53,0x73,0x97,0xEC,0xA4,    /* order */
+          0xF6,0x14,0x57,0x99,0xD6,0x2B,0x0A,0x19,0xCE,0x06,
+          0xFE,0x26,0xAD }
        };
-static const unsigned char _EC_X9_62_CHAR2_191V1_SEED[] = {
+static const struct { EC_CURVE_DATA h; unsigned char data[20+24*6]; }
-        0x4E,0x13,0xCA,0x54,0x27,0x44,0xD6,0x96,0xE6,0x76,
+        _EC_X9_62_CHAR2_191V1 = {
-        0x87,0x56,0x15,0x17,0x55,0x2F,0x27,0x9A,0x8C,0x84};
+        { NID_X9_62_characteristic_two_field,20,24,2 },
-static const EC_CURVE_DATA _EC_X9_62_CHAR2_191V1 = {
+        { 0x4E,0x13,0xCA,0x54,0x27,0x44,0xD6,0x96,0xE6,0x76,    /* seed */
-        NID_X9_62_characteristic_two_field,
+          0x87,0x56,0x15,0x17,0x55,0x2F,0x27,0x9A,0x8C,0x84,
-        "800000000000000000000000000000000000000000000201",
-        "2866537B676752636A68F56554E12640276B649EF7526267",
+          0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
-        "2E45EF571F00786F67B0081B9495A3D95462F5DE0AA185EC",
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "36B3DAF8A23206F9C4F299D7B21A9C369137F2C84AE1AA0D",
+          0x00,0x00,0x02,0x01,
-        "765BE73433B3F95E332932E70EA245CA2418EA0EF98018FB",
+          0x28,0x66,0x53,0x7B,0x67,0x67,0x52,0x63,0x6A,0x68,    /* a */
-        "40000000000000000000000004A20E90C39067C893BBB9A5", 2,
+          0xF5,0x65,0x54,0xE1,0x26,0x40,0x27,0x6B,0x64,0x9E,
-        _EC_X9_62_CHAR2_191V1_SEED, 20,
+          0xF7,0x52,0x62,0x67,
-        "X9.62 curve over a 191 bit binary field"
+          0x2E,0x45,0xEF,0x57,0x1F,0x00,0x78,0x6F,0x67,0xB0,    /* b */
+          0x08,0x1B,0x94,0x95,0xA3,0xD9,0x54,0x62,0xF5,0xDE,
+          0x0A,0xA1,0x85,0xEC,
+          0x36,0xB3,0xDA,0xF8,0xA2,0x32,0x06,0xF9,0xC4,0xF2,    /* x */
+          0x99,0xD7,0xB2,0x1A,0x9C,0x36,0x91,0x37,0xF2,0xC8,
+          0x4A,0xE1,0xAA,0x0D,
+          0x76,0x5B,0xE7,0x34,0x33,0xB3,0xF9,0x5E,0x33,0x29,    /* y */
+          0x32,0xE7,0x0E,0xA2,0x45,0xCA,0x24,0x18,0xEA,0x0E,
+          0xF9,0x80,0x18,0xFB,
+          0x40,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* order */
+          0x00,0x00,0x04,0xA2,0x0E,0x90,0xC3,0x90,0x67,0xC8,
+          0x93,0xBB,0xB9,0xA5 }
        };
-static const unsigned char _EC_X9_62_CHAR2_191V2_SEED[] = {
+static const struct { EC_CURVE_DATA h; unsigned char data[20+24*6]; }
-        0x08,0x71,0xEF,0x2F,0xEF,0x24,0xD6,0x96,0xE6,0x76,
+        _EC_X9_62_CHAR2_191V2 = {
-        0x87,0x56,0x15,0x17,0x58,0xBE,0xE0,0xD9,0x5C,0x15};
+        { NID_X9_62_characteristic_two_field,20,24,4 },
-static const EC_CURVE_DATA _EC_X9_62_CHAR2_191V2 = {
+        { 0x08,0x71,0xEF,0x2F,0xEF,0x24,0xD6,0x96,0xE6,0x76,    /* seed */
-        NID_X9_62_characteristic_two_field,
+          0x87,0x56,0x15,0x17,0x58,0xBE,0xE0,0xD9,0x5C,0x15,
-        "800000000000000000000000000000000000000000000201",
-        "401028774D7777C7B7666D1366EA432071274F89FF01E718",
+          0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
-        "0620048D28BCBD03B6249C99182B7C8CD19700C362C46A01",
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "3809B2B7CC1B28CC5A87926AAD83FD28789E81E2C9E3BF10",
+          0x00,0x00,0x02,0x01,
-        "17434386626D14F3DBF01760D9213A3E1CF37AEC437D668A",
+          0x40,0x10,0x28,0x77,0x4D,0x77,0x77,0xC7,0xB7,0x66,    /* a */
-        "20000000000000000000000050508CB89F652824E06B8173", 4,
+          0x6D,0x13,0x66,0xEA,0x43,0x20,0x71,0x27,0x4F,0x89,
-        _EC_X9_62_CHAR2_191V2_SEED, 20,
+          0xFF,0x01,0xE7,0x18,
-        "X9.62 curve over a 191 bit binary field"
+          0x06,0x20,0x04,0x8D,0x28,0xBC,0xBD,0x03,0xB6,0x24,    /* b */
+          0x9C,0x99,0x18,0x2B,0x7C,0x8C,0xD1,0x97,0x00,0xC3,
+          0x62,0xC4,0x6A,0x01,
+          0x38,0x09,0xB2,0xB7,0xCC,0x1B,0x28,0xCC,0x5A,0x87,    /* x */
+          0x92,0x6A,0xAD,0x83,0xFD,0x28,0x78,0x9E,0x81,0xE2,
+          0xC9,0xE3,0xBF,0x10,
+          0x17,0x43,0x43,0x86,0x62,0x6D,0x14,0xF3,0xDB,0xF0,    /* y */
+          0x17,0x60,0xD9,0x21,0x3A,0x3E,0x1C,0xF3,0x7A,0xEC,
+          0x43,0x7D,0x66,0x8A,
+          0x20,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* order */
+          0x00,0x00,0x50,0x50,0x8C,0xB8,0x9F,0x65,0x28,0x24,
+          0xE0,0x6B,0x81,0x73 }
        };
-static const unsigned char _EC_X9_62_CHAR2_191V3_SEED[] = {
+static const struct { EC_CURVE_DATA h; unsigned char data[20+24*6]; }
-        0xE0,0x53,0x51,0x2D,0xC6,0x84,0xD6,0x96,0xE6,0x76,
+        _EC_X9_62_CHAR2_191V3 = {
-        0x87,0x56,0x15,0x17,0x50,0x67,0xAE,0x78,0x6D,0x1F};
+        { NID_X9_62_characteristic_two_field,20,24,6 },
-static const EC_CURVE_DATA _EC_X9_62_CHAR2_191V3 = {
+        { 0xE0,0x53,0x51,0x2D,0xC6,0x84,0xD6,0x96,0xE6,0x76,    /* seed */
-        NID_X9_62_characteristic_two_field,
+          0x87,0x56,0x15,0x17,0x50,0x67,0xAE,0x78,0x6D,0x1F,
-        "800000000000000000000000000000000000000000000201",
-        "6C01074756099122221056911C77D77E77A777E7E7E77FCB",
+          0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
-        "71FE1AF926CF847989EFEF8DB459F66394D90F32AD3F15E8",
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "375D4CE24FDE434489DE8746E71786015009E66E38A926DD",
+          0x00,0x00,0x02,0x01,
-        "545A39176196575D985999366E6AD34CE0A77CD7127B06BE",
+          0x6C,0x01,0x07,0x47,0x56,0x09,0x91,0x22,0x22,0x10,    /* a */
-        "155555555555555555555555610C0B196812BFB6288A3EA3", 6,
+          0x56,0x91,0x1C,0x77,0xD7,0x7E,0x77,0xA7,0x77,0xE7,
-        _EC_X9_62_CHAR2_191V3_SEED, 20,
+          0xE7,0xE7,0x7F,0xCB,
-        "X9.62 curve over a 191 bit binary field"
+          0x71,0xFE,0x1A,0xF9,0x26,0xCF,0x84,0x79,0x89,0xEF,    /* b */
+          0xEF,0x8D,0xB4,0x59,0xF6,0x63,0x94,0xD9,0x0F,0x32,
+          0xAD,0x3F,0x15,0xE8,
+          0x37,0x5D,0x4C,0xE2,0x4F,0xDE,0x43,0x44,0x89,0xDE,    /* x */
+          0x87,0x46,0xE7,0x17,0x86,0x01,0x50,0x09,0xE6,0x6E,
+          0x38,0xA9,0x26,0xDD,
+          0x54,0x5A,0x39,0x17,0x61,0x96,0x57,0x5D,0x98,0x59,    /* y */
+          0x99,0x36,0x6E,0x6A,0xD3,0x4C,0xE0,0xA7,0x7C,0xD7,
+          0x12,0x7B,0x06,0xBE,
+          0x15,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,    /* order */
+          0x55,0x55,0x61,0x0C,0x0B,0x19,0x68,0x12,0xBF,0xB6,
+          0x28,0x8A,0x3E,0xA3 }
        };
-static const EC_CURVE_DATA _EC_X9_62_CHAR2_208W1 = {
+static const struct { EC_CURVE_DATA h; unsigned char data[0+27*6]; }
-        NID_X9_62_characteristic_two_field,
+        _EC_X9_62_CHAR2_208W1 = {
-        "010000000000000000000000000000000800000000000000000007",
+        { NID_X9_62_characteristic_two_field,0,27,0xFE48 },
-        "0000000000000000000000000000000000000000000000000000",
+        {                                                       /* no seed */
-        "C8619ED45A62E6212E1160349E2BFA844439FAFC2A3FD1638F9E",
+          0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
-        "89FDFBE4ABE193DF9559ECF07AC0CE78554E2784EB8C1ED1A57A",
+          0x00,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x00,0x00,
-        "0F55B51A06E78E9AC38A035FF520D8B01781BEB1A6BB08617DE3",
+          0x00,0x00,0x00,0x00,0x00,0x00,0x07,
-        "000101BAF95C9723C57B6C21DA2EFF2D5ED588BDD5717E212F9D", 0xFE48,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* a */
-        NULL, 0,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "X9.62 curve over a 208 bit binary field"
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0xC8,0x61,0x9E,0xD4,0x5A,0x62,0xE6,0x21,0x2E,    /* b */
+          0x11,0x60,0x34,0x9E,0x2B,0xFA,0x84,0x44,0x39,0xFA,
+          0xFC,0x2A,0x3F,0xD1,0x63,0x8F,0x9E,
+          0x00,0x89,0xFD,0xFB,0xE4,0xAB,0xE1,0x93,0xDF,0x95,    /* x */
+          0x59,0xEC,0xF0,0x7A,0xC0,0xCE,0x78,0x55,0x4E,0x27,
+          0x84,0xEB,0x8C,0x1E,0xD1,0xA5,0x7A,
+          0x00,0x0F,0x55,0xB5,0x1A,0x06,0xE7,0x8E,0x9A,0xC3,    /* y */
+          0x8A,0x03,0x5F,0xF5,0x20,0xD8,0xB0,0x17,0x81,0xBE,
+          0xB1,0xA6,0xBB,0x08,0x61,0x7D,0xE3,
+          0x00,0x00,0x01,0x01,0xBA,0xF9,0x5C,0x97,0x23,0xC5,    /* order */
+          0x7B,0x6C,0x21,0xDA,0x2E,0xFF,0x2D,0x5E,0xD5,0x88,
+          0xBD,0xD5,0x71,0x7E,0x21,0x2F,0x9D }
        };
-static const unsigned char _EC_X9_62_CHAR2_239V1_SEED[] = {
+static const struct { EC_CURVE_DATA h; unsigned char data[20+30*6]; }
-        0xD3,0x4B,0x9A,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61,
+        _EC_X9_62_CHAR2_239V1 = {
-        0x51,0x75,0xCA,0x71,0xB9,0x20,0xBF,0xEF,0xB0,0x5D};
+        { NID_X9_62_characteristic_two_field,20,30,4 },
-static const EC_CURVE_DATA _EC_X9_62_CHAR2_239V1 = {
+        { 0xD3,0x4B,0x9A,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61,    /* seed */
-        NID_X9_62_characteristic_two_field,
+          0x51,0x75,0xCA,0x71,0xB9,0x20,0xBF,0xEF,0xB0,0x5D,
-        "800000000000000000000000000000000000000000000000001000000001",
-        "32010857077C5431123A46B808906756F543423E8D27877578125778AC76",
+          0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
-        "790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16",
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "57927098FA932E7C0A96D3FD5B706EF7E5F5C156E16B7E7C86038552E91D",
+          0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x00,0x00,0x01,
-        "61D8EE5077C33FECF6F1A16B268DE469C3C7744EA9A971649FC7A9616305",
-        "2000000000000000000000000000000F4D42FFE1492A4993F1CAD666E447", 4,
+          0x32,0x01,0x08,0x57,0x07,0x7C,0x54,0x31,0x12,0x3A,    /* a */
-        _EC_X9_62_CHAR2_239V1_SEED, 20,
+          0x46,0xB8,0x08,0x90,0x67,0x56,0xF5,0x43,0x42,0x3E,
-        "X9.62 curve over a 239 bit binary field"
+          0x8D,0x27,0x87,0x75,0x78,0x12,0x57,0x78,0xAC,0x76,
+          0x79,0x04,0x08,0xF2,0xEE,0xDA,0xF3,0x92,0xB0,0x12,    /* b */
+          0xED,0xEF,0xB3,0x39,0x2F,0x30,0xF4,0x32,0x7C,0x0C,
+          0xA3,0xF3,0x1F,0xC3,0x83,0xC4,0x22,0xAA,0x8C,0x16,
+          0x57,0x92,0x70,0x98,0xFA,0x93,0x2E,0x7C,0x0A,0x96,    /* x */
+          0xD3,0xFD,0x5B,0x70,0x6E,0xF7,0xE5,0xF5,0xC1,0x56,
+          0xE1,0x6B,0x7E,0x7C,0x86,0x03,0x85,0x52,0xE9,0x1D,
+          0x61,0xD8,0xEE,0x50,0x77,0xC3,0x3F,0xEC,0xF6,0xF1,    /* y */
+          0xA1,0x6B,0x26,0x8D,0xE4,0x69,0xC3,0xC7,0x74,0x4E,
+          0xA9,0xA9,0x71,0x64,0x9F,0xC7,0xA9,0x61,0x63,0x05,
+          0x20,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* order */
+          0x00,0x00,0x00,0x00,0x00,0x0F,0x4D,0x42,0xFF,0xE1,
+          0x49,0x2A,0x49,0x93,0xF1,0xCA,0xD6,0x66,0xE4,0x47 }
        };
-static const unsigned char _EC_X9_62_CHAR2_239V2_SEED[] = {
+static const struct { EC_CURVE_DATA h; unsigned char data[20+30*6]; }
-        0x2A,0xA6,0x98,0x2F,0xDF,0xA4,0xD6,0x96,0xE6,0x76,
+        _EC_X9_62_CHAR2_239V2 = {
-        0x87,0x56,0x15,0x17,0x5D,0x26,0x67,0x27,0x27,0x7D};
+        { NID_X9_62_characteristic_two_field,20,30,6 },
-static const EC_CURVE_DATA _EC_X9_62_CHAR2_239V2 = {
+        { 0x2A,0xA6,0x98,0x2F,0xDF,0xA4,0xD6,0x96,0xE6,0x76,    /* seed */
-        NID_X9_62_characteristic_two_field,
+          0x87,0x56,0x15,0x17,0x5D,0x26,0x67,0x27,0x27,0x7D,
-        "800000000000000000000000000000000000000000000000001000000001",
-        "4230017757A767FAE42398569B746325D45313AF0766266479B75654E65F",
+          0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
-        "5037EA654196CFF0CD82B2C14A2FCF2E3FF8775285B545722F03EACDB74B",
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "28F9D04E900069C8DC47A08534FE76D2B900B7D7EF31F5709F200C4CA205",
+          0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x00,0x00,0x01,
-        "5667334C45AFF3B5A03BAD9DD75E2C71A99362567D5453F7FA6E227EC833",
-        "1555555555555555555555555555553C6F2885259C31E3FCDF154624522D", 6,
+          0x42,0x30,0x01,0x77,0x57,0xA7,0x67,0xFA,0xE4,0x23,    /* a */
-        _EC_X9_62_CHAR2_239V2_SEED, 20,
+          0x98,0x56,0x9B,0x74,0x63,0x25,0xD4,0x53,0x13,0xAF,
-        "X9.62 curve over a 239 bit binary field"
+          0x07,0x66,0x26,0x64,0x79,0xB7,0x56,0x54,0xE6,0x5F,
+          0x50,0x37,0xEA,0x65,0x41,0x96,0xCF,0xF0,0xCD,0x82,    /* b */
+          0xB2,0xC1,0x4A,0x2F,0xCF,0x2E,0x3F,0xF8,0x77,0x52,
+          0x85,0xB5,0x45,0x72,0x2F,0x03,0xEA,0xCD,0xB7,0x4B,
+          0x28,0xF9,0xD0,0x4E,0x90,0x00,0x69,0xC8,0xDC,0x47,    /* x */
+          0xA0,0x85,0x34,0xFE,0x76,0xD2,0xB9,0x00,0xB7,0xD7,
+          0xEF,0x31,0xF5,0x70,0x9F,0x20,0x0C,0x4C,0xA2,0x05,
+          0x56,0x67,0x33,0x4C,0x45,0xAF,0xF3,0xB5,0xA0,0x3B,    /* y */
+          0xAD,0x9D,0xD7,0x5E,0x2C,0x71,0xA9,0x93,0x62,0x56,
+          0x7D,0x54,0x53,0xF7,0xFA,0x6E,0x22,0x7E,0xC8,0x33,
+          0x15,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,    /* order */
+          0x55,0x55,0x55,0x55,0x55,0x3C,0x6F,0x28,0x85,0x25,
+          0x9C,0x31,0xE3,0xFC,0xDF,0x15,0x46,0x24,0x52,0x2D }
        };
-static const unsigned char _EC_X9_62_CHAR2_239V3_SEED[] = {
+static const struct { EC_CURVE_DATA h; unsigned char data[20+30*6]; }
-        0x9E,0x07,0x6F,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61,
+        _EC_X9_62_CHAR2_239V3 = {
-        0x51,0x75,0xE1,0x1E,0x9F,0xDD,0x77,0xF9,0x20,0x41};
+        { NID_X9_62_characteristic_two_field,20,30,0xA },
-static const EC_CURVE_DATA _EC_X9_62_CHAR2_239V3 = {
+        { 0x9E,0x07,0x6F,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61,    /* seed */
-        NID_X9_62_characteristic_two_field,
+          0x51,0x75,0xE1,0x1E,0x9F,0xDD,0x77,0xF9,0x20,0x41,
-        "800000000000000000000000000000000000000000000000001000000001",
-        "01238774666A67766D6676F778E676B66999176666E687666D8766C66A9F",
+          0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
-        "6A941977BA9F6A435199ACFC51067ED587F519C5ECB541B8E44111DE1D40",
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "70F6E9D04D289C4E89913CE3530BFDE903977D42B146D539BF1BDE4E9C92",
+          0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x00,0x00,0x01,
-        "2E5A0EAF6E5E1305B9004DCE5C0ED7FE59A35608F33837C816D80B79F461",
-        "0CCCCCCCCCCCCCCCCCCCCCCCCCCCCCAC4912D2D9DF903EF9888B8A0E4CFF", 0xA,
+          0x01,0x23,0x87,0x74,0x66,0x6A,0x67,0x76,0x6D,0x66,    /* a */
-        _EC_X9_62_CHAR2_239V3_SEED, 20,
+          0x76,0xF7,0x78,0xE6,0x76,0xB6,0x69,0x99,0x17,0x66,
-        "X9.62 curve over a 239 bit binary field"
+          0x66,0xE6,0x87,0x66,0x6D,0x87,0x66,0xC6,0x6A,0x9F,
+          0x6A,0x94,0x19,0x77,0xBA,0x9F,0x6A,0x43,0x51,0x99,    /* b */
+          0xAC,0xFC,0x51,0x06,0x7E,0xD5,0x87,0xF5,0x19,0xC5,
+          0xEC,0xB5,0x41,0xB8,0xE4,0x41,0x11,0xDE,0x1D,0x40,
+          0x70,0xF6,0xE9,0xD0,0x4D,0x28,0x9C,0x4E,0x89,0x91,    /* x */
+          0x3C,0xE3,0x53,0x0B,0xFD,0xE9,0x03,0x97,0x7D,0x42,
+          0xB1,0x46,0xD5,0x39,0xBF,0x1B,0xDE,0x4E,0x9C,0x92,
+          0x2E,0x5A,0x0E,0xAF,0x6E,0x5E,0x13,0x05,0xB9,0x00,    /* y */
+          0x4D,0xCE,0x5C,0x0E,0xD7,0xFE,0x59,0xA3,0x56,0x08,
+          0xF3,0x38,0x37,0xC8,0x16,0xD8,0x0B,0x79,0xF4,0x61,
+          0x0C,0xCC,0xCC,0xCC,0xCC,0xCC,0xCC,0xCC,0xCC,0xCC,    /* order */
+          0xCC,0xCC,0xCC,0xCC,0xCC,0xAC,0x49,0x12,0xD2,0xD9,
+          0xDF,0x90,0x3E,0xF9,0x88,0x8B,0x8A,0x0E,0x4C,0xFF }
        };
-static const EC_CURVE_DATA _EC_X9_62_CHAR2_272W1 = {
+static const struct { EC_CURVE_DATA h; unsigned char data[0+35*6]; }
-        NID_X9_62_characteristic_two_field,
+        _EC_X9_62_CHAR2_272W1 = {
-        "010000000000000000000000000000000000000000000000000000010000000000000"
+        { NID_X9_62_characteristic_two_field,0,35,0xFF06 },
-        "B",
+        {                                                       /* no seed */
-        "91A091F03B5FBA4AB2CCF49C4EDD220FB028712D42BE752B2C40094DBACDB586FB20",
+          0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
-        "7167EFC92BB2E3CE7C8AAAFF34E12A9C557003D7C73A6FAF003F99F6CC8482E540F7",
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "6108BABB2CEEBCF787058A056CBE0CFE622D7723A289E08A07AE13EF0D10D171DD8D",
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x00,
-        "10C7695716851EEF6BA7F6872E6142FBD241B830FF5EFCACECCAB05E02005DDE9D23",
+          0x00,0x00,0x00,0x00,0x0B,
-        "000100FAF51354E0E39E4892DF6E319C72C8161603FA45AA7B998A167B8F1E629521",
+          0x00,0x91,0xA0,0x91,0xF0,0x3B,0x5F,0xBA,0x4A,0xB2,    /* a */
-        0xFF06,
+          0xCC,0xF4,0x9C,0x4E,0xDD,0x22,0x0F,0xB0,0x28,0x71,
-        NULL, 0,
+          0x2D,0x42,0xBE,0x75,0x2B,0x2C,0x40,0x09,0x4D,0xBA,
-        "X9.62 curve over a 272 bit binary field"
+          0xCD,0xB5,0x86,0xFB,0x20,
+          0x00,0x71,0x67,0xEF,0xC9,0x2B,0xB2,0xE3,0xCE,0x7C,    /* b */
+          0x8A,0xAA,0xFF,0x34,0xE1,0x2A,0x9C,0x55,0x70,0x03,
+          0xD7,0xC7,0x3A,0x6F,0xAF,0x00,0x3F,0x99,0xF6,0xCC,
+          0x84,0x82,0xE5,0x40,0xF7,
+          0x00,0x61,0x08,0xBA,0xBB,0x2C,0xEE,0xBC,0xF7,0x87,    /* x */
+          0x05,0x8A,0x05,0x6C,0xBE,0x0C,0xFE,0x62,0x2D,0x77,
+          0x23,0xA2,0x89,0xE0,0x8A,0x07,0xAE,0x13,0xEF,0x0D,
+          0x10,0xD1,0x71,0xDD,0x8D,
+          0x00,0x10,0xC7,0x69,0x57,0x16,0x85,0x1E,0xEF,0x6B,    /* y */
+          0xA7,0xF6,0x87,0x2E,0x61,0x42,0xFB,0xD2,0x41,0xB8,
+          0x30,0xFF,0x5E,0xFC,0xAC,0xEC,0xCA,0xB0,0x5E,0x02,
+          0x00,0x5D,0xDE,0x9D,0x23,
+          0x00,0x00,0x01,0x00,0xFA,0xF5,0x13,0x54,0xE0,0xE3,    /* order */
+          0x9E,0x48,0x92,0xDF,0x6E,0x31,0x9C,0x72,0xC8,0x16,
+          0x16,0x03,0xFA,0x45,0xAA,0x7B,0x99,0x8A,0x16,0x7B,
+          0x8F,0x1E,0x62,0x95,0x21 }
        };
-static const EC_CURVE_DATA _EC_X9_62_CHAR2_304W1 = {
+static const struct { EC_CURVE_DATA h; unsigned char data[0+39*6]; }
-        NID_X9_62_characteristic_two_field,
+        _EC_X9_62_CHAR2_304W1 = {
-        "010000000000000000000000000000000000000000000000000000000000000000000"
+        { NID_X9_62_characteristic_two_field,0,39,0xFE2E },
-        "000000807",
+        {                                                       /* no seed */
-        "FD0D693149A118F651E6DCE6802085377E5F882D1B510B44160074C1288078365A039"
+          0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
-        "6C8E681",
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "BDDB97E555A50A908E43B01C798EA5DAA6788F1EA2794EFCF57166B8C14039601E558"
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "27340BE",
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x08,0x07,
-        "197B07845E9BE2D96ADB0F5F3C7F2CFFBD7A3EB8B6FEC35C7FD67F26DDF6285A644F7"
+          0x00,0xFD,0x0D,0x69,0x31,0x49,0xA1,0x18,0xF6,0x51,    /* a */
-        "40A2614",
+          0xE6,0xDC,0xE6,0x80,0x20,0x85,0x37,0x7E,0x5F,0x88,
-        "E19FBEB76E0DA171517ECF401B50289BF014103288527A9B416A105E80260B549FDC1"
+          0x2D,0x1B,0x51,0x0B,0x44,0x16,0x00,0x74,0xC1,0x28,
-        "B92C03B",
+          0x80,0x78,0x36,0x5A,0x03,0x96,0xC8,0xE6,0x81,
-        "000101D556572AABAC800101D556572AABAC8001022D5C91DD173F8FB561DA6899164"
+          0x00,0xBD,0xDB,0x97,0xE5,0x55,0xA5,0x0A,0x90,0x8E,    /* b */
-        "443051D", 0xFE2E,
+          0x43,0xB0,0x1C,0x79,0x8E,0xA5,0xDA,0xA6,0x78,0x8F,
-        NULL, 0,
+          0x1E,0xA2,0x79,0x4E,0xFC,0xF5,0x71,0x66,0xB8,0xC1,
-        "X9.62 curve over a 304 bit binary field"
+          0x40,0x39,0x60,0x1E,0x55,0x82,0x73,0x40,0xBE,
+          0x00,0x19,0x7B,0x07,0x84,0x5E,0x9B,0xE2,0xD9,0x6A,    /* x */
+          0xDB,0x0F,0x5F,0x3C,0x7F,0x2C,0xFF,0xBD,0x7A,0x3E,
+          0xB8,0xB6,0xFE,0xC3,0x5C,0x7F,0xD6,0x7F,0x26,0xDD,
+          0xF6,0x28,0x5A,0x64,0x4F,0x74,0x0A,0x26,0x14,
+          0x00,0xE1,0x9F,0xBE,0xB7,0x6E,0x0D,0xA1,0x71,0x51,    /* y */
+          0x7E,0xCF,0x40,0x1B,0x50,0x28,0x9B,0xF0,0x14,0x10,
+          0x32,0x88,0x52,0x7A,0x9B,0x41,0x6A,0x10,0x5E,0x80,
+          0x26,0x0B,0x54,0x9F,0xDC,0x1B,0x92,0xC0,0x3B,
+          0x00,0x00,0x01,0x01,0xD5,0x56,0x57,0x2A,0xAB,0xAC,    /* order */
+          0x80,0x01,0x01,0xD5,0x56,0x57,0x2A,0xAB,0xAC,0x80,
+          0x01,0x02,0x2D,0x5C,0x91,0xDD,0x17,0x3F,0x8F,0xB5,
+          0x61,0xDA,0x68,0x99,0x16,0x44,0x43,0x05,0x1D }
        };
-static const unsigned char _EC_X9_62_CHAR2_359V1_SEED[] = {
+static const struct { EC_CURVE_DATA h; unsigned char data[20+45*6]; }
-        0x2B,0x35,0x49,0x20,0xB7,0x24,0xD6,0x96,0xE6,0x76,
+        _EC_X9_62_CHAR2_359V1 = {
-        0x87,0x56,0x15,0x17,0x58,0x5B,0xA1,0x33,0x2D,0xC6};
+        { NID_X9_62_characteristic_two_field,20,45,0x4C },
-static const EC_CURVE_DATA _EC_X9_62_CHAR2_359V1 = {
+        { 0x2B,0x35,0x49,0x20,0xB7,0x24,0xD6,0x96,0xE6,0x76,    /* seed */
-        NID_X9_62_characteristic_two_field,
+          0x87,0x56,0x15,0x17,0x58,0x5B,0xA1,0x33,0x2D,0xC6,
-        "800000000000000000000000000000000000000000000000000000000000000000000"
-        "000100000000000000001",
+          0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
-        "5667676A654B20754F356EA92017D946567C46675556F19556A04616B567D223A5E05"
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "656FB549016A96656A557",
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "2472E2D0197C49363F1FE7F5B6DB075D52B6947D135D8CA445805D39BC34562608968"
+          0x00,0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x00,0x00,
-        "7742B6329E70680231988",
+          0x00,0x00,0x00,0x00,0x01,
-        "3C258EF3047767E7EDE0F1FDAA79DAEE3841366A132E163ACED4ED2401DF9C6BDCDE9"
+          0x56,0x67,0x67,0x6A,0x65,0x4B,0x20,0x75,0x4F,0x35,    /* a */
-        "8E8E707C07A2239B1B097",
+          0x6E,0xA9,0x20,0x17,0xD9,0x46,0x56,0x7C,0x46,0x67,
-        "53D7E08529547048121E9C95F3791DD804963948F34FAE7BF44EA82365DC7868FE57E"
+          0x55,0x56,0xF1,0x95,0x56,0xA0,0x46,0x16,0xB5,0x67,
-        "4AE2DE211305A407104BD",
+          0xD2,0x23,0xA5,0xE0,0x56,0x56,0xFB,0x54,0x90,0x16,
-        "01AF286BCA1AF286BCA1AF286BCA1AF286BCA1AF286BC9FB8F6B85C556892C20A7EB9"
+          0xA9,0x66,0x56,0xA5,0x57,
-        "64FE7719E74F490758D3B", 0x4C,
+          0x24,0x72,0xE2,0xD0,0x19,0x7C,0x49,0x36,0x3F,0x1F,    /* b */
-        _EC_X9_62_CHAR2_359V1_SEED, 20,
+          0xE7,0xF5,0xB6,0xDB,0x07,0x5D,0x52,0xB6,0x94,0x7D,
-        "X9.62 curve over a 359 bit binary field"
+          0x13,0x5D,0x8C,0xA4,0x45,0x80,0x5D,0x39,0xBC,0x34,
+          0x56,0x26,0x08,0x96,0x87,0x74,0x2B,0x63,0x29,0xE7,
+          0x06,0x80,0x23,0x19,0x88,
+          0x3C,0x25,0x8E,0xF3,0x04,0x77,0x67,0xE7,0xED,0xE0,    /* x */
+          0xF1,0xFD,0xAA,0x79,0xDA,0xEE,0x38,0x41,0x36,0x6A,
+          0x13,0x2E,0x16,0x3A,0xCE,0xD4,0xED,0x24,0x01,0xDF,
+          0x9C,0x6B,0xDC,0xDE,0x98,0xE8,0xE7,0x07,0xC0,0x7A,
+          0x22,0x39,0xB1,0xB0,0x97,
+          0x53,0xD7,0xE0,0x85,0x29,0x54,0x70,0x48,0x12,0x1E,    /* y */
+          0x9C,0x95,0xF3,0x79,0x1D,0xD8,0x04,0x96,0x39,0x48,
+          0xF3,0x4F,0xAE,0x7B,0xF4,0x4E,0xA8,0x23,0x65,0xDC,
+          0x78,0x68,0xFE,0x57,0xE4,0xAE,0x2D,0xE2,0x11,0x30,
+          0x5A,0x40,0x71,0x04,0xBD,
+          0x01,0xAF,0x28,0x6B,0xCA,0x1A,0xF2,0x86,0xBC,0xA1,    /* order */
+          0xAF,0x28,0x6B,0xCA,0x1A,0xF2,0x86,0xBC,0xA1,0xAF,
+          0x28,0x6B,0xC9,0xFB,0x8F,0x6B,0x85,0xC5,0x56,0x89,
+          0x2C,0x20,0xA7,0xEB,0x96,0x4F,0xE7,0x71,0x9E,0x74,
+          0xF4,0x90,0x75,0x8D,0x3B }
        };
-static const EC_CURVE_DATA _EC_X9_62_CHAR2_368W1 = {
+static const struct { EC_CURVE_DATA h; unsigned char data[0+47*6]; }
-        NID_X9_62_characteristic_two_field,
+        _EC_X9_62_CHAR2_368W1 = {
-        "010000000000000000000000000000000000000000000000000000000000000000000"
+        { NID_X9_62_characteristic_two_field,0,47,0xFF70 },
-        "0002000000000000000000007",
+        {                                                       /* no seed */
-        "E0D2EE25095206F5E2A4F9ED229F1F256E79A0E2B455970D8D0D865BD94778C576D62"
+          0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
-        "F0AB7519CCD2A1A906AE30D",
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "FC1217D4320A90452C760A58EDCD30C8DD069B3C34453837A34ED50CB54917E1C2112"
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "D84D164F444F8F74786046A",
+          0x00,0x00,0x00,0x00,0x00,0x00,0x20,0x00,0x00,0x00,
-        "1085E2755381DCCCE3C1557AFA10C2F0C0C2825646C5B34A394CBCFA8BC16B22E7E78"
+          0x00,0x00,0x00,0x00,0x00,0x00,0x07,
-        "9E927BE216F02E1FB136A5F",
+          0x00,0xE0,0xD2,0xEE,0x25,0x09,0x52,0x06,0xF5,0xE2,    /* a */
-        "7B3EB1BDDCBA62D5D8B2059B525797FC73822C59059C623A45FF3843CEE8F87CD1855"
+          0xA4,0xF9,0xED,0x22,0x9F,0x1F,0x25,0x6E,0x79,0xA0,
-        "ADAA81E2A0750B80FDA2310",
+          0xE2,0xB4,0x55,0x97,0x0D,0x8D,0x0D,0x86,0x5B,0xD9,
-        "00010090512DA9AF72B08349D98A5DD4C7B0532ECA51CE03E2D10F3B7AC579BD87E90"
+          0x47,0x78,0xC5,0x76,0xD6,0x2F,0x0A,0xB7,0x51,0x9C,
-        "9AE40A6F131E9CFCE5BD967", 0xFF70,
+          0xCD,0x2A,0x1A,0x90,0x6A,0xE3,0x0D,
-        NULL, 0,
+          0x00,0xFC,0x12,0x17,0xD4,0x32,0x0A,0x90,0x45,0x2C,    /* b */
-        "X9.62 curve over a 368 bit binary field"
+          0x76,0x0A,0x58,0xED,0xCD,0x30,0xC8,0xDD,0x06,0x9B,
+          0x3C,0x34,0x45,0x38,0x37,0xA3,0x4E,0xD5,0x0C,0xB5,
+          0x49,0x17,0xE1,0xC2,0x11,0x2D,0x84,0xD1,0x64,0xF4,
+          0x44,0xF8,0xF7,0x47,0x86,0x04,0x6A,
+          0x00,0x10,0x85,0xE2,0x75,0x53,0x81,0xDC,0xCC,0xE3,    /* x */
+          0xC1,0x55,0x7A,0xFA,0x10,0xC2,0xF0,0xC0,0xC2,0x82,
+          0x56,0x46,0xC5,0xB3,0x4A,0x39,0x4C,0xBC,0xFA,0x8B,
+          0xC1,0x6B,0x22,0xE7,0xE7,0x89,0xE9,0x27,0xBE,0x21,
+          0x6F,0x02,0xE1,0xFB,0x13,0x6A,0x5F,
+          0x00,0x7B,0x3E,0xB1,0xBD,0xDC,0xBA,0x62,0xD5,0xD8,    /* y */
+          0xB2,0x05,0x9B,0x52,0x57,0x97,0xFC,0x73,0x82,0x2C,
+          0x59,0x05,0x9C,0x62,0x3A,0x45,0xFF,0x38,0x43,0xCE,
+          0xE8,0xF8,0x7C,0xD1,0x85,0x5A,0xDA,0xA8,0x1E,0x2A,
+          0x07,0x50,0xB8,0x0F,0xDA,0x23,0x10,
+          0x00,0x00,0x01,0x00,0x90,0x51,0x2D,0xA9,0xAF,0x72,    /* order */
+          0xB0,0x83,0x49,0xD9,0x8A,0x5D,0xD4,0xC7,0xB0,0x53,
+          0x2E,0xCA,0x51,0xCE,0x03,0xE2,0xD1,0x0F,0x3B,0x7A,
+          0xC5,0x79,0xBD,0x87,0xE9,0x09,0xAE,0x40,0xA6,0xF1,
+          0x31,0xE9,0xCF,0xCE,0x5B,0xD9,0x67 }
        };
-static const EC_CURVE_DATA _EC_X9_62_CHAR2_431R1 = {
+static const struct { EC_CURVE_DATA h; unsigned char data[0+54*6]; }
-        NID_X9_62_characteristic_two_field,
+        _EC_X9_62_CHAR2_431R1 = {
-        "800000000000000000000000000000000000000000000000000000000000000000000"
+        { NID_X9_62_characteristic_two_field,0,54,0x2760 },
-        "000000001000000000000000000000000000001",
+        {                                                       /* no seed */
-        "1A827EF00DD6FC0E234CAF046C6A5D8A85395B236CC4AD2CF32A0CADBDC9DDF620B0E"
+          0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
-        "B9906D0957F6C6FEACD615468DF104DE296CD8F",
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "10D9B4A3D9047D8B154359ABFB1B7F5485B04CEB868237DDC9DEDA982A679A5A919B6"
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "26D4E50A8DD731B107A9962381FB5D807BF2618",
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,
-        "120FC05D3C67A99DE161D2F4092622FECA701BE4F50F4758714E8A87BBF2A658EF8C2"
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "1E7C5EFE965361F6C2999C0C247B0DBD70CE6B7",
+          0x00,0x00,0x00,0x01,
-        "20D0AF8903A96F8D5FA2C255745D3C451B302C9346D9B7E485E7BCE41F6B591F3E8F6"
+          0x1A,0x82,0x7E,0xF0,0x0D,0xD6,0xFC,0x0E,0x23,0x4C,    /* a */
-        "ADDCBB0BC4C2F947A7DE1A89B625D6A598B3760",
+          0xAF,0x04,0x6C,0x6A,0x5D,0x8A,0x85,0x39,0x5B,0x23,
-        "0340340340340340340340340340340340340340340340340340340323C313FAB5058"
+          0x6C,0xC4,0xAD,0x2C,0xF3,0x2A,0x0C,0xAD,0xBD,0xC9,
-        "9703B5EC68D3587FEC60D161CC149C1AD4A91", 0x2760,
+          0xDD,0xF6,0x20,0xB0,0xEB,0x99,0x06,0xD0,0x95,0x7F,
-        NULL, 0,
+          0x6C,0x6F,0xEA,0xCD,0x61,0x54,0x68,0xDF,0x10,0x4D,
-        "X9.62 curve over a 431 bit binary field"
+          0xE2,0x96,0xCD,0x8F,
+          0x10,0xD9,0xB4,0xA3,0xD9,0x04,0x7D,0x8B,0x15,0x43,    /* b */
+          0x59,0xAB,0xFB,0x1B,0x7F,0x54,0x85,0xB0,0x4C,0xEB,
+          0x86,0x82,0x37,0xDD,0xC9,0xDE,0xDA,0x98,0x2A,0x67,
+          0x9A,0x5A,0x91,0x9B,0x62,0x6D,0x4E,0x50,0xA8,0xDD,
+          0x73,0x1B,0x10,0x7A,0x99,0x62,0x38,0x1F,0xB5,0xD8,
+          0x07,0xBF,0x26,0x18,
+          0x12,0x0F,0xC0,0x5D,0x3C,0x67,0xA9,0x9D,0xE1,0x61,    /* x */
+          0xD2,0xF4,0x09,0x26,0x22,0xFE,0xCA,0x70,0x1B,0xE4,
+          0xF5,0x0F,0x47,0x58,0x71,0x4E,0x8A,0x87,0xBB,0xF2,
+          0xA6,0x58,0xEF,0x8C,0x21,0xE7,0xC5,0xEF,0xE9,0x65,
+          0x36,0x1F,0x6C,0x29,0x99,0xC0,0xC2,0x47,0xB0,0xDB,
+          0xD7,0x0C,0xE6,0xB7,
+          0x20,0xD0,0xAF,0x89,0x03,0xA9,0x6F,0x8D,0x5F,0xA2,    /* y */
+          0xC2,0x55,0x74,0x5D,0x3C,0x45,0x1B,0x30,0x2C,0x93,
+          0x46,0xD9,0xB7,0xE4,0x85,0xE7,0xBC,0xE4,0x1F,0x6B,
+          0x59,0x1F,0x3E,0x8F,0x6A,0xDD,0xCB,0xB0,0xBC,0x4C,
+          0x2F,0x94,0x7A,0x7D,0xE1,0xA8,0x9B,0x62,0x5D,0x6A,
+          0x59,0x8B,0x37,0x60,
+          0x00,0x03,0x40,0x34,0x03,0x40,0x34,0x03,0x40,0x34,    /* order */
+          0x03,0x40,0x34,0x03,0x40,0x34,0x03,0x40,0x34,0x03,
+          0x40,0x34,0x03,0x40,0x34,0x03,0x40,0x34,0x03,0x23,
+          0xC3,0x13,0xFA,0xB5,0x05,0x89,0x70,0x3B,0x5E,0xC6,
+          0x8D,0x35,0x87,0xFE,0xC6,0x0D,0x16,0x1C,0xC1,0x49,
+          0xC1,0xAD,0x4A,0x91 }
        };
-static const EC_CURVE_DATA _EC_WTLS_1 = {
+static const struct { EC_CURVE_DATA h; unsigned char data[0+15*6]; }
-        NID_X9_62_characteristic_two_field,
+        _EC_WTLS_1 = {
-        "020000000000000000000000000201",
+        { NID_X9_62_characteristic_two_field,0,15,2 },
-        "1",
+        {                                                       /* no seed */
-        "1",
+          0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
-        "01667979A40BA497E5D5C270780617",
+          0x00,0x00,0x00,0x02,0x01,
-        "00F44B4AF1ECC2630E08785CEBCC15",
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* a */
-        "00FFFFFFFFFFFFFFFDBF91AF6DEA73", 2,
+          0x00,0x00,0x00,0x00,0x01,
-        NULL, 0,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* b */
-        "WTLS curve over a 113 bit binary field"
+          0x00,0x00,0x00,0x00,0x01,
+          0x01,0x66,0x79,0x79,0xA4,0x0B,0xA4,0x97,0xE5,0xD5,    /* x */
+          0xC2,0x70,0x78,0x06,0x17,
+          0x00,0xF4,0x4B,0x4A,0xF1,0xEC,0xC2,0x63,0x0E,0x08,    /* y */
+          0x78,0x5C,0xEB,0xCC,0x15,
+          0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFD,0xBF,    /* order */
+          0x91,0xAF,0x6D,0xEA,0x73 }
        };
 /* IPSec curves */
@@ -1001,17 +1765,27 @@ static const EC_CURVE_DATA _EC_WTLS_1 = {
 * As the group order is not a prime this curve is not suitable
 * for ECDSA.
 */
-static const EC_CURVE_DATA _EC_IPSEC_155_ID3 = {
+static const struct { EC_CURVE_DATA h; unsigned char data[0+20*6]; }
-        NID_X9_62_characteristic_two_field,
+        _EC_IPSEC_155_ID3 = {
-        "0800000000000000000000004000000000000001",
+        { NID_X9_62_characteristic_two_field,0,20,3 },
-        "0",
+        {                                                       /* no seed */
-        "07338f",
+          0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
-        "7b",
+          0x00,0x00,0x40,0x00,0x00,0x00,0x00,0x00,0x00,0x01,
-        "1c8",
-        "2AAAAAAAAAAAAAAAAAAC7F3C7881BD0868FA86C",3,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* a */
-        NULL, 0,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "\n\tIPSec/IKE/Oakley curve #3 over a 155 bit binary field.\n"
-        "\tNot suitable for ECDSA.\n\tQuestionable extension field!"
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* b */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x07,0x33,0x8f,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* x */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x7b,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* y */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0xc8,
+          0x02,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,    /* order */
+          0xC7,0xF3,0xC7,0x88,0x1B,0xD0,0x86,0x8F,0xA8,0x6C }
        };
 /* NOTE: The of curves over a extension field of non prime degree
@@ -1019,106 +1793,118 @@ static const EC_CURVE_DATA _EC_IPSEC_155_ID3 = {
 * As the group order is not a prime this curve is not suitable
 * for ECDSA.
 */
-static const EC_CURVE_DATA _EC_IPSEC_185_ID4 = {
+static const struct { EC_CURVE_DATA h; unsigned char data[0+24*6]; }
-        NID_X9_62_characteristic_two_field,
+        _EC_IPSEC_185_ID4 = {
-        "020000000000000000000000000000200000000000000001",
+        { NID_X9_62_characteristic_two_field,0,24,2 },
-        "0",
+        {                                                       /* no seed */
-        "1ee9",
+          0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
-        "18",
+          0x00,0x00,0x00,0x00,0x00,0x20,0x00,0x00,0x00,0x00,
-        "0d",
+          0x00,0x00,0x00,0x01,
-        "FFFFFFFFFFFFFFFFFFFFFFEDF97C44DB9F2420BAFCA75E",2,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* a */
-        NULL, 0,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        "\n\tIPSec/IKE/Oakley curve #4 over a 185 bit binary field.\n"
+          0x00,0x00,0x00,0x00,
-        "\tNot suitable for ECDSA.\n\tQuestionable extension field!"
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* b */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x1e,0xe9,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* x */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x18,
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* y */
+          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0x00,0x00,0x00,0x0d,
+          0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* order */
+          0xFF,0xFF,0xED,0xF9,0x7C,0x44,0xDB,0x9F,0x24,0x20,
+          0xBA,0xFC,0xA7,0x5E }
        };
 typedef struct _ec_list_element_st {
        int     nid;
        const EC_CURVE_DATA *data;
+        const char *comment;
        } ec_list_element;
 static const ec_list_element curve_list[] = {
        /* prime field curves */        
        /* secg curves */
-        { NID_secp112r1, &_EC_SECG_PRIME_112R1},
+        { NID_secp112r1, &_EC_SECG_PRIME_112R1.h, "SECG/WTLS curve over a 112 bit prime field"},
-        { NID_secp112r2, &_EC_SECG_PRIME_112R2},
+        { NID_secp112r2, &_EC_SECG_PRIME_112R2.h, "SECG curve over a 112 bit prime field"},
-        { NID_secp128r1, &_EC_SECG_PRIME_128R1},
+        { NID_secp128r1, &_EC_SECG_PRIME_128R1.h, "SECG curve over a 128 bit prime field"},
-        { NID_secp128r2, &_EC_SECG_PRIME_128R2},
+        { NID_secp128r2, &_EC_SECG_PRIME_128R2.h, "SECG curve over a 128 bit prime field"},
-        { NID_secp160k1, &_EC_SECG_PRIME_160K1},
+        { NID_secp160k1, &_EC_SECG_PRIME_160K1.h, "SECG curve over a 160 bit prime field"},
-        { NID_secp160r1, &_EC_SECG_PRIME_160R1},
+        { NID_secp160r1, &_EC_SECG_PRIME_160R1.h, "SECG curve over a 160 bit prime field"},
-        { NID_secp160r2, &_EC_SECG_PRIME_160R2},
+        { NID_secp160r2, &_EC_SECG_PRIME_160R2.h, "SECG/WTLS curve over a 160 bit prime field"},
        /* SECG secp192r1 is the same as X9.62 prime192v1 and hence omitted */
-        { NID_secp192k1, &_EC_SECG_PRIME_192K1},
+        { NID_secp192k1, &_EC_SECG_PRIME_192K1.h, "SECG curve over a 192 bit prime field"},
-        { NID_secp224k1, &_EC_SECG_PRIME_224K1},
+        { NID_secp224k1, &_EC_SECG_PRIME_224K1.h, "SECG curve over a 224 bit prime field"},
-        { NID_secp224r1, &_EC_NIST_PRIME_224},
+        { NID_secp224r1, &_EC_NIST_PRIME_224.h,   "NIST/SECG curve over a 224 bit prime field"},
-        { NID_secp256k1, &_EC_SECG_PRIME_256K1},
+        { NID_secp256k1, &_EC_SECG_PRIME_256K1.h, "SECG curve over a 256 bit prime field"},
        /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */
-        { NID_secp384r1, &_EC_NIST_PRIME_384},
+        { NID_secp384r1, &_EC_NIST_PRIME_384.h, "NIST/SECG curve over a 384 bit prime field"},
-        { NID_secp521r1, &_EC_NIST_PRIME_521},
+        { NID_secp521r1, &_EC_NIST_PRIME_521.h, "NIST/SECG curve over a 521 bit prime field"},
        /* X9.62 curves */
-        { NID_X9_62_prime192v1, &_EC_NIST_PRIME_192},
+        { NID_X9_62_prime192v1, &_EC_NIST_PRIME_192.h, "NIST/X9.62/SECG curve over a 192 bit prime field"},
-        { NID_X9_62_prime192v2, &_EC_X9_62_PRIME_192V2},
+        { NID_X9_62_prime192v2, &_EC_X9_62_PRIME_192V2.h, "X9.62 curve over a 192 bit prime field"},
-        { NID_X9_62_prime192v3, &_EC_X9_62_PRIME_192V3},
+        { NID_X9_62_prime192v3, &_EC_X9_62_PRIME_192V3.h, "X9.62 curve over a 192 bit prime field"},
-        { NID_X9_62_prime239v1, &_EC_X9_62_PRIME_239V1},
+        { NID_X9_62_prime239v1, &_EC_X9_62_PRIME_239V1.h, "X9.62 curve over a 239 bit prime field"},
-        { NID_X9_62_prime239v2, &_EC_X9_62_PRIME_239V2},
+        { NID_X9_62_prime239v2, &_EC_X9_62_PRIME_239V2.h, "X9.62 curve over a 239 bit prime field"},
-        { NID_X9_62_prime239v3, &_EC_X9_62_PRIME_239V3},
+        { NID_X9_62_prime239v3, &_EC_X9_62_PRIME_239V3.h, "X9.62 curve over a 239 bit prime field"},
-        { NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1},
+        { NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, "X9.62/SECG curve over a 256 bit prime field"},
        /* characteristic two field curves */
        /* NIST/SECG curves */
-        { NID_sect113r1, &_EC_SECG_CHAR2_113R1},
+        { NID_sect113r1, &_EC_SECG_CHAR2_113R1.h, "SECG curve over a 113 bit binary field"},
-        { NID_sect113r2, &_EC_SECG_CHAR2_113R2},
+        { NID_sect113r2, &_EC_SECG_CHAR2_113R2.h, "SECG curve over a 113 bit binary field"},
-        { NID_sect131r1, &_EC_SECG_CHAR2_131R1},
+        { NID_sect131r1, &_EC_SECG_CHAR2_131R1.h, "SECG/WTLS curve over a 131 bit binary field"},
-        { NID_sect131r2, &_EC_SECG_CHAR2_131R2},
+        { NID_sect131r2, &_EC_SECG_CHAR2_131R2.h, "SECG curve over a 131 bit binary field"},
-        { NID_sect163k1, &_EC_NIST_CHAR2_163K },
+        { NID_sect163k1, &_EC_NIST_CHAR2_163K.h,  "NIST/SECG/WTLS curve over a 163 bit binary field" },
-        { NID_sect163r1, &_EC_SECG_CHAR2_163R1},
+        { NID_sect163r1, &_EC_SECG_CHAR2_163R1.h, "SECG curve over a 163 bit binary field"},
-        { NID_sect163r2, &_EC_NIST_CHAR2_163B },
+        { NID_sect163r2, &_EC_NIST_CHAR2_163B.h,  "NIST/SECG curve over a 163 bit binary field" },
-        { NID_sect193r1, &_EC_SECG_CHAR2_193R1},
+        { NID_sect193r1, &_EC_SECG_CHAR2_193R1.h, "SECG curve over a 193 bit binary field"},
-        { NID_sect193r2, &_EC_SECG_CHAR2_193R2},
+        { NID_sect193r2, &_EC_SECG_CHAR2_193R2.h, "SECG curve over a 193 bit binary field"},
-        { NID_sect233k1, &_EC_NIST_CHAR2_233K },
+        { NID_sect233k1, &_EC_NIST_CHAR2_233K.h,  "NIST/SECG/WTLS curve over a 233 bit binary field" },
-        { NID_sect233r1, &_EC_NIST_CHAR2_233B },
+        { NID_sect233r1, &_EC_NIST_CHAR2_233B.h,  "NIST/SECG/WTLS curve over a 233 bit binary field" },
-        { NID_sect239k1, &_EC_SECG_CHAR2_239K1},
+        { NID_sect239k1, &_EC_SECG_CHAR2_239K1.h, "SECG curve over a 239 bit binary field"},
-        { NID_sect283k1, &_EC_NIST_CHAR2_283K },
+        { NID_sect283k1, &_EC_NIST_CHAR2_283K.h,  "NIST/SECG curve over a 283 bit binary field" },
-        { NID_sect283r1, &_EC_NIST_CHAR2_283B },
+        { NID_sect283r1, &_EC_NIST_CHAR2_283B.h,  "NIST/SECG curve over a 283 bit binary field" },
-        { NID_sect409k1, &_EC_NIST_CHAR2_409K },
+        { NID_sect409k1, &_EC_NIST_CHAR2_409K.h,  "NIST/SECG curve over a 409 bit binary field" },
-        { NID_sect409r1, &_EC_NIST_CHAR2_409B },
+        { NID_sect409r1, &_EC_NIST_CHAR2_409B.h,  "NIST/SECG curve over a 409 bit binary field" },
-        { NID_sect571k1, &_EC_NIST_CHAR2_571K },
+        { NID_sect571k1, &_EC_NIST_CHAR2_571K.h,  "NIST/SECG curve over a 571 bit binary field" },
-        { NID_sect571r1, &_EC_NIST_CHAR2_571B },
+        { NID_sect571r1, &_EC_NIST_CHAR2_571B.h,  "NIST/SECG curve over a 571 bit binary field" },
        /* X9.62 curves */
-        { NID_X9_62_c2pnb163v1, &_EC_X9_62_CHAR2_163V1},
+        { NID_X9_62_c2pnb163v1, &_EC_X9_62_CHAR2_163V1.h, "X9.62 curve over a 163 bit binary field"},
-        { NID_X9_62_c2pnb163v2, &_EC_X9_62_CHAR2_163V2},
+        { NID_X9_62_c2pnb163v2, &_EC_X9_62_CHAR2_163V2.h, "X9.62 curve over a 163 bit binary field"},
-        { NID_X9_62_c2pnb163v3, &_EC_X9_62_CHAR2_163V3},
+        { NID_X9_62_c2pnb163v3, &_EC_X9_62_CHAR2_163V3.h, "X9.62 curve over a 163 bit binary field"},
-        { NID_X9_62_c2pnb176v1, &_EC_X9_62_CHAR2_176V1},
+        { NID_X9_62_c2pnb176v1, &_EC_X9_62_CHAR2_176V1.h, "X9.62 curve over a 176 bit binary field"},
-        { NID_X9_62_c2tnb191v1, &_EC_X9_62_CHAR2_191V1},
+        { NID_X9_62_c2tnb191v1, &_EC_X9_62_CHAR2_191V1.h, "X9.62 curve over a 191 bit binary field"},
-        { NID_X9_62_c2tnb191v2, &_EC_X9_62_CHAR2_191V2},
+        { NID_X9_62_c2tnb191v2, &_EC_X9_62_CHAR2_191V2.h, "X9.62 curve over a 191 bit binary field"},
-        { NID_X9_62_c2tnb191v3, &_EC_X9_62_CHAR2_191V3},
+        { NID_X9_62_c2tnb191v3, &_EC_X9_62_CHAR2_191V3.h, "X9.62 curve over a 191 bit binary field"},
-        { NID_X9_62_c2pnb208w1, &_EC_X9_62_CHAR2_208W1},
+        { NID_X9_62_c2pnb208w1, &_EC_X9_62_CHAR2_208W1.h, "X9.62 curve over a 208 bit binary field"},
-        { NID_X9_62_c2tnb239v1, &_EC_X9_62_CHAR2_239V1},
+        { NID_X9_62_c2tnb239v1, &_EC_X9_62_CHAR2_239V1.h, "X9.62 curve over a 239 bit binary field"},
-        { NID_X9_62_c2tnb239v2, &_EC_X9_62_CHAR2_239V2},
+        { NID_X9_62_c2tnb239v2, &_EC_X9_62_CHAR2_239V2.h, "X9.62 curve over a 239 bit binary field"},
-        { NID_X9_62_c2tnb239v3, &_EC_X9_62_CHAR2_239V3},
+        { NID_X9_62_c2tnb239v3, &_EC_X9_62_CHAR2_239V3.h, "X9.62 curve over a 239 bit binary field"},
-        { NID_X9_62_c2pnb272w1, &_EC_X9_62_CHAR2_272W1},
+        { NID_X9_62_c2pnb272w1, &_EC_X9_62_CHAR2_272W1.h, "X9.62 curve over a 272 bit binary field"},
-        { NID_X9_62_c2pnb304w1, &_EC_X9_62_CHAR2_304W1},
+        { NID_X9_62_c2pnb304w1, &_EC_X9_62_CHAR2_304W1.h, "X9.62 curve over a 304 bit binary field"},
-        { NID_X9_62_c2tnb359v1, &_EC_X9_62_CHAR2_359V1},
+        { NID_X9_62_c2tnb359v1, &_EC_X9_62_CHAR2_359V1.h, "X9.62 curve over a 359 bit binary field"},
-        { NID_X9_62_c2pnb368w1, &_EC_X9_62_CHAR2_368W1},
+        { NID_X9_62_c2pnb368w1, &_EC_X9_62_CHAR2_368W1.h, "X9.62 curve over a 368 bit binary field"},
-        { NID_X9_62_c2tnb431r1, &_EC_X9_62_CHAR2_431R1},
+        { NID_X9_62_c2tnb431r1, &_EC_X9_62_CHAR2_431R1.h, "X9.62 curve over a 431 bit binary field"},
        /* the WAP/WTLS curves
         * [unlike SECG, spec has its own OIDs for curves from X9.62] */
-        { NID_wap_wsg_idm_ecid_wtls1, &_EC_WTLS_1},
+        { NID_wap_wsg_idm_ecid_wtls1, &_EC_WTLS_1.h, "WTLS curve over a 113 bit binary field"},
-        { NID_wap_wsg_idm_ecid_wtls3, &_EC_NIST_CHAR2_163K},
+        { NID_wap_wsg_idm_ecid_wtls3, &_EC_NIST_CHAR2_163K.h,   "NIST/SECG/WTLS curve over a 163 bit binary field"},
-        { NID_wap_wsg_idm_ecid_wtls4, &_EC_SECG_CHAR2_113R1},
+        { NID_wap_wsg_idm_ecid_wtls4, &_EC_SECG_CHAR2_113R1.h,  "SECG curve over a 113 bit binary field"},
-        { NID_wap_wsg_idm_ecid_wtls5, &_EC_X9_62_CHAR2_163V1},
+        { NID_wap_wsg_idm_ecid_wtls5, &_EC_X9_62_CHAR2_163V1.h, "X9.62 curve over a 163 bit binary field"},
-        { NID_wap_wsg_idm_ecid_wtls6, &_EC_SECG_PRIME_112R1},
+        { NID_wap_wsg_idm_ecid_wtls6, &_EC_SECG_PRIME_112R1.h,  "SECG/WTLS curve over a 112 bit prime field"},
-        { NID_wap_wsg_idm_ecid_wtls7, &_EC_SECG_PRIME_160R2},
+        { NID_wap_wsg_idm_ecid_wtls7, &_EC_SECG_PRIME_160R2.h,  "SECG/WTLS curve over a 160 bit prime field"},
-        { NID_wap_wsg_idm_ecid_wtls8, &_EC_WTLS_8},
+        { NID_wap_wsg_idm_ecid_wtls8, &_EC_WTLS_8.h, "WTLS curve over a 112 bit prime field"},
-        { NID_wap_wsg_idm_ecid_wtls9, &_EC_WTLS_9 },
+        { NID_wap_wsg_idm_ecid_wtls9, &_EC_WTLS_9.h, "WTLS curve over a 160 bit prime field" },
-        { NID_wap_wsg_idm_ecid_wtls10, &_EC_NIST_CHAR2_233K},
+        { NID_wap_wsg_idm_ecid_wtls10, &_EC_NIST_CHAR2_233K.h, "NIST/SECG/WTLS curve over a 233 bit binary field"},
-        { NID_wap_wsg_idm_ecid_wtls11, &_EC_NIST_CHAR2_233B},
+        { NID_wap_wsg_idm_ecid_wtls11, &_EC_NIST_CHAR2_233B.h, "NIST/SECG/WTLS curve over a 233 bit binary field"},
-        { NID_wap_wsg_idm_ecid_wtls12, &_EC_WTLS_12},
+        { NID_wap_wsg_idm_ecid_wtls12, &_EC_WTLS_12.h, "WTLS curvs over a 224 bit prime field"},
        /* IPSec curves */
-        { NID_ipsec3, &_EC_IPSEC_155_ID3},
+        { NID_ipsec3, &_EC_IPSEC_155_ID3.h, "\n\tIPSec/IKE/Oakley curve #3 over a 155 bit binary field.\n""\tNot suitable for ECDSA.\n\tQuestionable extension field!"},
-        { NID_ipsec4, &_EC_IPSEC_185_ID4},
+        { NID_ipsec4, &_EC_IPSEC_185_ID4.h, "\n\tIPSec/IKE/Oakley curve #4 over a 185 bit binary field.\n""\tNot suitable for ECDSA.\n\tQuestionable extension field!"},
 };
-static size_t curve_list_length = sizeof(curve_list)/sizeof(ec_list_element);
+#define curve_list_length (sizeof(curve_list)/sizeof(ec_list_element))
 static EC_GROUP *ec_group_new_from_data(const EC_CURVE_DATA *data)
        {
@@ -1127,22 +1913,23 @@ static EC_GROUP *ec_group_new_from_data(const EC_CURVE_DATA *data)
        BN_CTX   *ctx=NULL;
        BIGNUM   *p=NULL, *a=NULL, *b=NULL, *x=NULL, *y=NULL, *order=NULL;
        int      ok=0;
+        int      seed_len,param_len;
+        const unsigned char *params;
        if ((ctx = BN_CTX_new()) == NULL)
                {
                ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE);
                goto err;
                }
-        if ((p = BN_new()) == NULL || (a = BN_new()) == NULL || 
-                (b = BN_new()) == NULL || (x = BN_new()) == NULL ||
+        seed_len  = data->seed_len;
-                (y = BN_new()) == NULL || (order = BN_new()) == NULL)
+        param_len = data->param_len;
-                {
+        params    = (const unsigned char *)(data+1);    /* skip header */
-                ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE);
+        params   += seed_len;                           /* skip seed   */
-                goto err;
-                }
+        if (!(p = BN_bin2bn(params+0*param_len, param_len, NULL))
-        
+                || !(a = BN_bin2bn(params+1*param_len, param_len, NULL))
-        if (!BN_hex2bn(&p, data->p) || !BN_hex2bn(&a, data->a)
+                || !(b = BN_bin2bn(params+2*param_len, param_len, NULL)))
-                || !BN_hex2bn(&b, data->b))
                {
                ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
                goto err;
@@ -1156,8 +1943,8 @@ static EC_GROUP *ec_group_new_from_data(const EC_CURVE_DATA *data)
                        goto err;
                        }
                }
-                else
+        else    /* field_type == NID_X9_62_characteristic_two_field */
-                { /* field_type == NID_X9_62_characteristic_two_field */
+                {
                if ((group = EC_GROUP_new_curve_GF2m(p, a, b, ctx)) == NULL)
                        {
                        ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
@@ -1171,7 +1958,8 @@ static EC_GROUP *ec_group_new_from_data(const EC_CURVE_DATA *data)
                goto err;
                }
        
-        if (!BN_hex2bn(&x, data->x) || !BN_hex2bn(&y, data->y))
+        if (!(x = BN_bin2bn(params+3*param_len, param_len, NULL))
+                || !(y = BN_bin2bn(params+4*param_len, param_len, NULL)))
                {
                ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
                goto err;
@@ -1181,7 +1969,8 @@ static EC_GROUP *ec_group_new_from_data(const EC_CURVE_DATA *data)
                ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
                goto err;
                }
-        if (!BN_hex2bn(&order, data->order) || !BN_set_word(x, data->cofactor))
+        if (!(order = BN_bin2bn(params+5*param_len, param_len, NULL))
+                || !BN_set_word(x, (BN_ULONG)data->cofactor))
                {
                ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
                goto err;
@@ -1191,9 +1980,9 @@ static EC_GROUP *ec_group_new_from_data(const EC_CURVE_DATA *data)
                ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
                goto err;
                }
-        if (data->seed)
+        if (seed_len)
                {
-                if (!EC_GROUP_set_seed(group, data->seed, data->seed_len))
+                if (!EC_GROUP_set_seed(group, params-seed_len, seed_len))
                        {
                        ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
                        goto err;
@@ -1263,7 +2052,7 @@ size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems)
        for (i = 0; i < min; i++)
                {
                r[i].nid = curve_list[i].nid;
-                r[i].comment = curve_list[i].data->comment;
+                r[i].comment = curve_list[i].comment;
                }
        return curve_list_length;
diff --git a/src/lib/libcrypto/ec/ec_err.c b/src/lib/libcrypto/ec/ec_err.c
index d04c895560..84b4833371 100644
--- a/src/lib/libcrypto/ec/ec_err.c
+++ b/src/lib/libcrypto/ec/ec_err.c
@@ -74,6 +74,14 @@ static ERR_STRING_DATA EC_str_functs[]=
 {ERR_FUNC(EC_F_D2I_ECPARAMETERS),       "d2i_ECParameters"},
 {ERR_FUNC(EC_F_D2I_ECPKPARAMETERS),     "d2i_ECPKParameters"},
 {ERR_FUNC(EC_F_D2I_ECPRIVATEKEY),       "d2i_ECPrivateKey"},
+{ERR_FUNC(EC_F_DO_EC_KEY_PRINT),        "DO_EC_KEY_PRINT"},
+{ERR_FUNC(EC_F_ECKEY_PARAM2TYPE),       "ECKEY_PARAM2TYPE"},
+{ERR_FUNC(EC_F_ECKEY_PARAM_DECODE),     "ECKEY_PARAM_DECODE"},
+{ERR_FUNC(EC_F_ECKEY_PRIV_DECODE),      "ECKEY_PRIV_DECODE"},
+{ERR_FUNC(EC_F_ECKEY_PRIV_ENCODE),      "ECKEY_PRIV_ENCODE"},
+{ERR_FUNC(EC_F_ECKEY_PUB_DECODE),       "ECKEY_PUB_DECODE"},
+{ERR_FUNC(EC_F_ECKEY_PUB_ENCODE),       "ECKEY_PUB_ENCODE"},
+{ERR_FUNC(EC_F_ECKEY_TYPE2PARAM),       "ECKEY_TYPE2PARAM"},
 {ERR_FUNC(EC_F_ECPARAMETERS_PRINT),     "ECParameters_print"},
 {ERR_FUNC(EC_F_ECPARAMETERS_PRINT_FP),  "ECParameters_print_fp"},
 {ERR_FUNC(EC_F_ECPKPARAMETERS_PRINT),   "ECPKParameters_print"},
@@ -147,7 +155,6 @@ static ERR_STRING_DATA EC_str_functs[]=
 {ERR_FUNC(EC_F_EC_KEY_PRINT),   "EC_KEY_print"},
 {ERR_FUNC(EC_F_EC_KEY_PRINT_FP),        "EC_KEY_print_fp"},
 {ERR_FUNC(EC_F_EC_POINTS_MAKE_AFFINE),  "EC_POINTs_make_affine"},
-{ERR_FUNC(EC_F_EC_POINTS_MUL),  "EC_POINTs_mul"},
 {ERR_FUNC(EC_F_EC_POINT_ADD),   "EC_POINT_add"},
 {ERR_FUNC(EC_F_EC_POINT_CMP),   "EC_POINT_cmp"},
 {ERR_FUNC(EC_F_EC_POINT_COPY),  "EC_POINT_copy"},
@@ -178,6 +185,13 @@ static ERR_STRING_DATA EC_str_functs[]=
 {ERR_FUNC(EC_F_I2D_ECPRIVATEKEY),       "i2d_ECPrivateKey"},
 {ERR_FUNC(EC_F_I2O_ECPUBLICKEY),        "i2o_ECPublicKey"},
 {ERR_FUNC(EC_F_O2I_ECPUBLICKEY),        "o2i_ECPublicKey"},
+{ERR_FUNC(EC_F_OLD_EC_PRIV_DECODE),     "OLD_EC_PRIV_DECODE"},
+{ERR_FUNC(EC_F_PKEY_EC_CTRL),   "PKEY_EC_CTRL"},
+{ERR_FUNC(EC_F_PKEY_EC_CTRL_STR),       "PKEY_EC_CTRL_STR"},
+{ERR_FUNC(EC_F_PKEY_EC_DERIVE), "PKEY_EC_DERIVE"},
+{ERR_FUNC(EC_F_PKEY_EC_KEYGEN), "PKEY_EC_KEYGEN"},
+{ERR_FUNC(EC_F_PKEY_EC_PARAMGEN),       "PKEY_EC_PARAMGEN"},
+{ERR_FUNC(EC_F_PKEY_EC_SIGN),   "PKEY_EC_SIGN"},
 {0,NULL}
        };
@@ -187,6 +201,7 @@ static ERR_STRING_DATA EC_str_reasons[]=
 {ERR_REASON(EC_R_ASN1_UNKNOWN_FIELD)     ,"asn1 unknown field"},
 {ERR_REASON(EC_R_BUFFER_TOO_SMALL)       ,"buffer too small"},
 {ERR_REASON(EC_R_D2I_ECPKPARAMETERS_FAILURE),"d2i ecpkparameters failure"},
+{ERR_REASON(EC_R_DECODE_ERROR)           ,"decode error"},
 {ERR_REASON(EC_R_DISCRIMINANT_IS_ZERO)   ,"discriminant is zero"},
 {ERR_REASON(EC_R_EC_GROUP_NEW_BY_NAME_FAILURE),"ec group new by name failure"},
 {ERR_REASON(EC_R_FIELD_TOO_LARGE)        ,"field too large"},
@@ -196,6 +211,8 @@ static ERR_STRING_DATA EC_str_reasons[]=
 {ERR_REASON(EC_R_INVALID_ARGUMENT)       ,"invalid argument"},
 {ERR_REASON(EC_R_INVALID_COMPRESSED_POINT),"invalid compressed point"},
 {ERR_REASON(EC_R_INVALID_COMPRESSION_BIT),"invalid compression bit"},
+{ERR_REASON(EC_R_INVALID_CURVE)          ,"invalid curve"},
+{ERR_REASON(EC_R_INVALID_DIGEST_TYPE)    ,"invalid digest type"},
 {ERR_REASON(EC_R_INVALID_ENCODING)       ,"invalid encoding"},
 {ERR_REASON(EC_R_INVALID_FIELD)          ,"invalid field"},
 {ERR_REASON(EC_R_INVALID_FORM)           ,"invalid form"},
@@ -203,6 +220,7 @@ static ERR_STRING_DATA EC_str_reasons[]=
 {ERR_REASON(EC_R_INVALID_PENTANOMIAL_BASIS),"invalid pentanomial basis"},
 {ERR_REASON(EC_R_INVALID_PRIVATE_KEY)    ,"invalid private key"},
 {ERR_REASON(EC_R_INVALID_TRINOMIAL_BASIS),"invalid trinomial basis"},
+{ERR_REASON(EC_R_KEYS_NOT_SET)           ,"keys not set"},
 {ERR_REASON(EC_R_MISSING_PARAMETERS)     ,"missing parameters"},
 {ERR_REASON(EC_R_MISSING_PRIVATE_KEY)    ,"missing private key"},
 {ERR_REASON(EC_R_NOT_A_NIST_PRIME)       ,"not a NIST prime"},
@@ -210,6 +228,7 @@ static ERR_STRING_DATA EC_str_reasons[]=
 {ERR_REASON(EC_R_NOT_IMPLEMENTED)        ,"not implemented"},
 {ERR_REASON(EC_R_NOT_INITIALIZED)        ,"not initialized"},
 {ERR_REASON(EC_R_NO_FIELD_MOD)           ,"no field mod"},
+{ERR_REASON(EC_R_NO_PARAMETERS_SET)      ,"no parameters set"},
 {ERR_REASON(EC_R_PASSED_NULL_PARAMETER)  ,"passed null parameter"},
 {ERR_REASON(EC_R_PKPARAMETERS2GROUP_FAILURE),"pkparameters2group failure"},
 {ERR_REASON(EC_R_POINT_AT_INFINITY)      ,"point at infinity"},
diff --git a/src/lib/libcrypto/ec/ec_lcl.h b/src/lib/libcrypto/ec/ec_lcl.h
index fdd7aa2755..3e2c34b0bc 100644
--- a/src/lib/libcrypto/ec/ec_lcl.h
+++ b/src/lib/libcrypto/ec/ec_lcl.h
@@ -205,11 +205,14 @@ struct ec_group_st {
                       * irreducible polynomial defining the field.
                       */
-        unsigned int poly[5]; /* Field specification for curves over GF(2^m).
+        int poly[6]; /* Field specification for curves over GF(2^m).
-                               * The irreducible f(t) is then of the form:
+                      * The irreducible f(t) is then of the form:
-                               *     t^poly[0] + t^poly[1] + ... + t^poly[k]
+                      *     t^poly[0] + t^poly[1] + ... + t^poly[k]
-                               * where m = poly[0] > poly[1] > ... > poly[k] = 0.
+                      * where m = poly[0] > poly[1] > ... > poly[k] = 0.
-                               */
+                      * The array is terminated with poly[k+1]=-1.
+                      * All elliptic curve irreducibles have at most 5
+                      * non-zero terms.
+                      */
        BIGNUM a, b; /* Curve coefficients.
                      * (Here the assumption is that BIGNUMs can be used
diff --git a/src/lib/libcrypto/ec/ec_lib.c b/src/lib/libcrypto/ec/ec_lib.c
index 5af84376c6..dd7da0fcf9 100644
--- a/src/lib/libcrypto/ec/ec_lib.c
+++ b/src/lib/libcrypto/ec/ec_lib.c
@@ -79,7 +79,7 @@ EC_GROUP *EC_GROUP_new(const EC_METHOD *meth)
        if (meth == NULL)
                {
-                ECerr(EC_F_EC_GROUP_NEW, ERR_R_PASSED_NULL_PARAMETER);
+                ECerr(EC_F_EC_GROUP_NEW, EC_R_SLOT_FULL);
                return NULL;
                }
        if (meth->group_init == 0)
@@ -740,7 +740,7 @@ void EC_POINT_clear_free(EC_POINT *point)
        if (point->meth->point_clear_finish != 0)
                point->meth->point_clear_finish(point);
-        else if (point->meth != NULL && point->meth->point_finish != 0)
+        else if (point->meth->point_finish != 0)
                point->meth->point_finish(point);
        OPENSSL_cleanse(point, sizeof *point);
        OPENSSL_free(point);
diff --git a/src/lib/libcrypto/ec/ec_mult.c b/src/lib/libcrypto/ec/ec_mult.c
index 2ba173ef36..f05df5332e 100644
--- a/src/lib/libcrypto/ec/ec_mult.c
+++ b/src/lib/libcrypto/ec/ec_mult.c
@@ -224,6 +224,12 @@ static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len)
                sign = -1;
                }
+        if (scalar->d == NULL || scalar->top == 0)
+                {
+                ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+                goto err;
+                }
        len = BN_num_bits(scalar);
        r = OPENSSL_malloc(len + 1); /* modified wNAF may be one digit longer than binary representation
                                      * (*ret_len will be set to the actual length, i.e. at most
@@ -233,12 +239,6 @@ static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len)
                ECerr(EC_F_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE);
                goto err;
                }
-        if (scalar->d == NULL || scalar->top == 0)
-                {
-                ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
-                goto err;
-                }
        window_val = scalar->d[0] & mask;
        j = 0;
        while ((window_val != 0) || (j + w + 1 < len)) /* if j+w+1 >= len, window_val will not increase */
@@ -419,7 +419,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
                        if (numblocks > pre_comp->numblocks)
                                numblocks = pre_comp->numblocks;
-                        pre_points_per_block = 1u << (pre_comp->w - 1);
+                        pre_points_per_block = (size_t)1 << (pre_comp->w - 1);
                        /* check that pre_comp looks sane */
                        if (pre_comp->num != (pre_comp->numblocks * pre_points_per_block))
@@ -461,7 +461,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
                bits = i < num ? BN_num_bits(scalars[i]) : BN_num_bits(scalar);
                wsize[i] = EC_window_bits_for_scalar_size(bits);
-                num_val += 1u << (wsize[i] - 1);
+                num_val += (size_t)1 << (wsize[i] - 1);
                wNAF[i + 1] = NULL; /* make sure we always have a pivot */
                wNAF[i] = compute_wNAF((i < num ? scalars[i] : scalar), wsize[i], &wNAF_len[i]);
                if (wNAF[i] == NULL)
@@ -600,7 +600,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
        for (i = 0; i < num + num_scalar; i++)
                {
                val_sub[i] = v;
-                for (j = 0; j < (1u << (wsize[i] - 1)); j++)
+                for (j = 0; j < ((size_t)1 << (wsize[i] - 1)); j++)
                        {
                        *v = EC_POINT_new(group);
                        if (*v == NULL) goto err;
@@ -636,7 +636,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
                if (wsize[i] > 1)
                        {
                        if (!EC_POINT_dbl(group, tmp, val_sub[i][0], ctx)) goto err;
-                        for (j = 1; j < (1u << (wsize[i] - 1)); j++)
+                        for (j = 1; j < ((size_t)1 << (wsize[i] - 1)); j++)
                                {
                                if (!EC_POINT_add(group, val_sub[i][j], val_sub[i][j - 1], tmp, ctx)) goto err;
                                }
@@ -820,7 +820,7 @@ int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
        numblocks = (bits + blocksize - 1) / blocksize; /* max. number of blocks to use for wNAF splitting */
        
-        pre_points_per_block = 1u << (w - 1);
+        pre_points_per_block = (size_t)1 << (w - 1);
        num = pre_points_per_block * numblocks; /* number of points to compute and store */
        points = OPENSSL_malloc(sizeof (EC_POINT*)*(num + 1));
diff --git a/src/lib/libcrypto/ec/ec_pmeth.c b/src/lib/libcrypto/ec/ec_pmeth.c
new file mode 100644
index 0000000000..f433076ca1
--- /dev/null
+++ b/src/lib/libcrypto/ec/ec_pmeth.c
@@ -0,0 +1,340 @@
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2006.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/ec.h>
+#include <openssl/ecdsa.h>
+#include <openssl/evp.h>
+#include "evp_locl.h"
+/* EC pkey context structure */
+typedef struct
+        {
+        /* Key and paramgen group */
+        EC_GROUP *gen_group;
+        /* message digest */
+        const EVP_MD *md;
+        } EC_PKEY_CTX;
+static int pkey_ec_init(EVP_PKEY_CTX *ctx)
+        {
+        EC_PKEY_CTX *dctx;
+        dctx = OPENSSL_malloc(sizeof(EC_PKEY_CTX));
+        if (!dctx)
+                return 0;
+        dctx->gen_group = NULL;
+        dctx->md = NULL;
+        ctx->data = dctx;
+        return 1;
+        }
+static int pkey_ec_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
+        {
+        EC_PKEY_CTX *dctx, *sctx;
+        if (!pkey_ec_init(dst))
+                return 0;
+        sctx = src->data;
+        dctx = dst->data;
+        if (sctx->gen_group)
+                {
+                dctx->gen_group = EC_GROUP_dup(sctx->gen_group);
+                if (!dctx->gen_group)
+                        return 0;
+                }
+        dctx->md = sctx->md;
+        return 1;
+        }
+static void pkey_ec_cleanup(EVP_PKEY_CTX *ctx)
+        {
+        EC_PKEY_CTX *dctx = ctx->data;
+        if (dctx)
+                {
+                if (dctx->gen_group)
+                        EC_GROUP_free(dctx->gen_group);
+                OPENSSL_free(dctx);
+                }
+        }
+static int pkey_ec_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+                                        const unsigned char *tbs, size_t tbslen)
+        {
+        int ret, type;
+        unsigned int sltmp;
+        EC_PKEY_CTX *dctx = ctx->data;
+        EC_KEY *ec = ctx->pkey->pkey.ec;
+        if (!sig)
+                {
+                *siglen = ECDSA_size(ec);
+                return 1;
+                }
+        else if(*siglen < (size_t)ECDSA_size(ec))
+                {
+                ECerr(EC_F_PKEY_EC_SIGN, EC_R_BUFFER_TOO_SMALL);
+                return 0;
+                }
+        if (dctx->md)
+                type = EVP_MD_type(dctx->md);
+        else
+                type = NID_sha1;
+        ret = ECDSA_sign(type, tbs, tbslen, sig, &sltmp, ec);
+        if (ret <= 0)
+                return ret;
+        *siglen = (size_t)sltmp;
+        return 1;
+        }
+static int pkey_ec_verify(EVP_PKEY_CTX *ctx,
+                                        const unsigned char *sig, size_t siglen,
+                                        const unsigned char *tbs, size_t tbslen)
+        {
+        int ret, type;
+        EC_PKEY_CTX *dctx = ctx->data;
+        EC_KEY *ec = ctx->pkey->pkey.ec;
+        if (dctx->md)
+                type = EVP_MD_type(dctx->md);
+        else
+                type = NID_sha1;
+        ret = ECDSA_verify(type, tbs, tbslen, sig, siglen, ec);
+        return ret;
+        }
+static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
+        {
+        int ret;
+        size_t outlen;
+        const EC_POINT *pubkey = NULL;
+        if (!ctx->pkey || !ctx->peerkey)
+                {
+                ECerr(EC_F_PKEY_EC_DERIVE, EC_R_KEYS_NOT_SET);
+                return 0;
+                }
+        if (!key)
+                {
+                const EC_GROUP *group;
+                group = EC_KEY_get0_group(ctx->pkey->pkey.ec);
+                *keylen = (EC_GROUP_get_degree(group) + 7)/8;
+                return 1;
+                }
+        pubkey = EC_KEY_get0_public_key(ctx->peerkey->pkey.ec);
+        /* NB: unlike PKS#3 DH, if *outlen is less than maximum size this is
+         * not an error, the result is truncated.
+         */
+        outlen = *keylen;
+                
+        ret = ECDH_compute_key(key, outlen, pubkey, ctx->pkey->pkey.ec, 0);
+        if (ret < 0)
+                return ret;
+        *keylen = ret;
+        return 1;
+        }
+static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+        {
+        EC_PKEY_CTX *dctx = ctx->data;
+        EC_GROUP *group;
+        switch (type)
+                {
+                case EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID:
+                group = EC_GROUP_new_by_curve_name(p1);
+                if (group == NULL)
+                        {
+                        ECerr(EC_F_PKEY_EC_CTRL, EC_R_INVALID_CURVE);
+                        return 0;
+                        }
+                if (dctx->gen_group)
+                        EC_GROUP_free(dctx->gen_group);
+                dctx->gen_group = group;
+                return 1;
+                case EVP_PKEY_CTRL_MD:
+                if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 &&
+                    EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
+                    EVP_MD_type((const EVP_MD *)p2) != NID_sha256 &&
+                    EVP_MD_type((const EVP_MD *)p2) != NID_sha384 &&
+                    EVP_MD_type((const EVP_MD *)p2) != NID_sha512)
+                        {
+                        ECerr(EC_F_PKEY_EC_CTRL, EC_R_INVALID_DIGEST_TYPE);
+                        return 0;
+                        }
+                dctx->md = p2;
+                return 1;
+                case EVP_PKEY_CTRL_PEER_KEY:
+                /* Default behaviour is OK */
+                case EVP_PKEY_CTRL_DIGESTINIT:
+                case EVP_PKEY_CTRL_PKCS7_SIGN:
+                case EVP_PKEY_CTRL_CMS_SIGN:
+                return 1;
+                default:
+                return -2;
+                }
+        }
+                        
+static int pkey_ec_ctrl_str(EVP_PKEY_CTX *ctx,
+                        const char *type, const char *value)
+        {
+        if (!strcmp(type, "ec_paramgen_curve"))
+                {
+                int nid;
+                nid = OBJ_sn2nid(value);
+                if (nid == NID_undef)
+                        nid = OBJ_ln2nid(value);
+                if (nid == NID_undef)
+                        {
+                        ECerr(EC_F_PKEY_EC_CTRL_STR, EC_R_INVALID_CURVE);
+                        return 0;
+                        }
+                return EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid);
+                }
+        return -2;
+        }
+static int pkey_ec_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+        {
+        EC_KEY *ec = NULL;
+        EC_PKEY_CTX *dctx = ctx->data;
+        int ret = 0;
+        if (dctx->gen_group == NULL)
+                {
+                ECerr(EC_F_PKEY_EC_PARAMGEN, EC_R_NO_PARAMETERS_SET);
+                return 0;
+                }
+        ec = EC_KEY_new();
+        if (!ec)
+                return 0;
+        ret = EC_KEY_set_group(ec, dctx->gen_group);
+        if (ret)
+                EVP_PKEY_assign_EC_KEY(pkey, ec);
+        else
+                EC_KEY_free(ec);
+        return ret;
+        }
+static int pkey_ec_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+        {
+        EC_KEY *ec = NULL;
+        if (ctx->pkey == NULL)
+                {
+                ECerr(EC_F_PKEY_EC_KEYGEN, EC_R_NO_PARAMETERS_SET);
+                return 0;
+                }
+        ec = EC_KEY_new();
+        if (!ec)
+                return 0;
+        EVP_PKEY_assign_EC_KEY(pkey, ec);
+        /* Note: if error return, pkey is freed by parent routine */
+        if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey))
+                return 0;
+        return EC_KEY_generate_key(pkey->pkey.ec);
+        }
+const EVP_PKEY_METHOD ec_pkey_meth = 
+        {
+        EVP_PKEY_EC,
+        0,
+        pkey_ec_init,
+        pkey_ec_copy,
+        pkey_ec_cleanup,
+        0,
+        pkey_ec_paramgen,
+        0,
+        pkey_ec_keygen,
+        0,
+        pkey_ec_sign,
+        0,
+        pkey_ec_verify,
+        0,0,
+        0,0,0,0,
+        0,0,
+        0,0,
+        0,
+        pkey_ec_derive,
+        pkey_ec_ctrl,
+        pkey_ec_ctrl_str
+        };
diff --git a/src/lib/libcrypto/ec/eck_prn.c b/src/lib/libcrypto/ec/eck_prn.c
new file mode 100644
index 0000000000..7d3e175ae7
--- /dev/null
+++ b/src/lib/libcrypto/ec/eck_prn.c
@@ -0,0 +1,391 @@
+/* crypto/ec/eck_prn.c */
+/*
+ * Written by Nils Larsch for the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * Portions originally developed by SUN MICROSYSTEMS, INC., and 
+ * contributed to the OpenSSL project.
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/ec.h>
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_FP_API
+int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off)
+        {
+        BIO *b;
+        int ret;
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                {
+                ECerr(EC_F_ECPKPARAMETERS_PRINT_FP,ERR_R_BUF_LIB);
+                return(0);
+                }
+        BIO_set_fp(b, fp, BIO_NOCLOSE);
+        ret = ECPKParameters_print(b, x, off);
+        BIO_free(b);
+        return(ret);
+        }
+int EC_KEY_print_fp(FILE *fp, const EC_KEY *x, int off)
+        {
+        BIO *b;
+        int ret;
+ 
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                {
+                ECerr(EC_F_EC_KEY_PRINT_FP, ERR_R_BIO_LIB);
+                return(0);
+                }
+        BIO_set_fp(b, fp, BIO_NOCLOSE);
+        ret = EC_KEY_print(b, x, off);
+        BIO_free(b);
+        return(ret);
+        }
+int ECParameters_print_fp(FILE *fp, const EC_KEY *x)
+        {
+        BIO *b;
+        int ret;
+ 
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                {
+                ECerr(EC_F_ECPARAMETERS_PRINT_FP, ERR_R_BIO_LIB);
+                return(0);
+                }
+        BIO_set_fp(b, fp, BIO_NOCLOSE);
+        ret = ECParameters_print(b, x);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+int EC_KEY_print(BIO *bp, const EC_KEY *x, int off)
+        {
+        EVP_PKEY *pk;
+        int ret;
+        pk = EVP_PKEY_new();
+        if (!pk || !EVP_PKEY_set1_EC_KEY(pk, (EC_KEY *)x))
+                return 0;
+        ret = EVP_PKEY_print_private(bp, pk, off, NULL);
+        EVP_PKEY_free(pk);
+        return ret;
+        }
+int ECParameters_print(BIO *bp, const EC_KEY *x)
+        {
+        EVP_PKEY *pk;
+        int ret;
+        pk = EVP_PKEY_new();
+        if (!pk || !EVP_PKEY_set1_EC_KEY(pk, (EC_KEY *)x))
+                return 0;
+        ret = EVP_PKEY_print_params(bp, pk, 4, NULL);
+        EVP_PKEY_free(pk);
+        return ret;
+        }
+static int print_bin(BIO *fp, const char *str, const unsigned char *num,
+                size_t len, int off);
+int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off)
+        {
+        unsigned char *buffer=NULL;
+        size_t  buf_len=0, i;
+        int     ret=0, reason=ERR_R_BIO_LIB;
+        BN_CTX  *ctx=NULL;
+        const EC_POINT *point=NULL;
+        BIGNUM  *p=NULL, *a=NULL, *b=NULL, *gen=NULL,
+                *order=NULL, *cofactor=NULL;
+        const unsigned char *seed;
+        size_t  seed_len=0;
+        
+        static const char *gen_compressed = "Generator (compressed):";
+        static const char *gen_uncompressed = "Generator (uncompressed):";
+        static const char *gen_hybrid = "Generator (hybrid):";
+ 
+        if (!x)
+                {
+                reason = ERR_R_PASSED_NULL_PARAMETER;
+                goto err;
+                }
+        ctx = BN_CTX_new();
+        if (ctx == NULL)
+                {
+                reason = ERR_R_MALLOC_FAILURE;
+                goto err;
+                }
+        if (EC_GROUP_get_asn1_flag(x))
+                {
+                /* the curve parameter are given by an asn1 OID */
+                int nid;
+                if (!BIO_indent(bp, off, 128))
+                        goto err;
+                nid = EC_GROUP_get_curve_name(x);
+                if (nid == 0)
+                        goto err;
+                if (BIO_printf(bp, "ASN1 OID: %s", OBJ_nid2sn(nid)) <= 0)
+                        goto err;
+                if (BIO_printf(bp, "\n") <= 0)
+                        goto err;
+                }
+        else
+                {
+                /* explicit parameters */
+                int is_char_two = 0;
+                point_conversion_form_t form;
+                int tmp_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(x));
+                if (tmp_nid == NID_X9_62_characteristic_two_field)
+                        is_char_two = 1;
+                if ((p = BN_new()) == NULL || (a = BN_new()) == NULL ||
+                        (b = BN_new()) == NULL || (order = BN_new()) == NULL ||
+                        (cofactor = BN_new()) == NULL)
+                        {
+                        reason = ERR_R_MALLOC_FAILURE;
+                        goto err;
+                        }
+                if (is_char_two)
+                        {
+                        if (!EC_GROUP_get_curve_GF2m(x, p, a, b, ctx))
+                                {
+                                reason = ERR_R_EC_LIB;
+                                goto err;
+                                }
+                        }
+                else /* prime field */
+                        {
+                        if (!EC_GROUP_get_curve_GFp(x, p, a, b, ctx))
+                                {
+                                reason = ERR_R_EC_LIB;
+                                goto err;
+                                }
+                        }
+                if ((point = EC_GROUP_get0_generator(x)) == NULL)
+                        {
+                        reason = ERR_R_EC_LIB;
+                        goto err;
+                        }
+                if (!EC_GROUP_get_order(x, order, NULL) || 
+                        !EC_GROUP_get_cofactor(x, cofactor, NULL))
+                        {
+                        reason = ERR_R_EC_LIB;
+                        goto err;
+                        }
+                
+                form = EC_GROUP_get_point_conversion_form(x);
+                if ((gen = EC_POINT_point2bn(x, point, 
+                                form, NULL, ctx)) == NULL)
+                        {
+                        reason = ERR_R_EC_LIB;
+                        goto err;
+                        }
+                buf_len = (size_t)BN_num_bytes(p);
+                if (buf_len < (i = (size_t)BN_num_bytes(a)))
+                        buf_len = i;
+                if (buf_len < (i = (size_t)BN_num_bytes(b)))
+                        buf_len = i;
+                if (buf_len < (i = (size_t)BN_num_bytes(gen)))
+                        buf_len = i;
+                if (buf_len < (i = (size_t)BN_num_bytes(order)))
+                        buf_len = i;
+                if (buf_len < (i = (size_t)BN_num_bytes(cofactor))) 
+                        buf_len = i;
+                if ((seed = EC_GROUP_get0_seed(x)) != NULL)
+                        seed_len = EC_GROUP_get_seed_len(x);
+                buf_len += 10;
+                if ((buffer = OPENSSL_malloc(buf_len)) == NULL)
+                        {
+                        reason = ERR_R_MALLOC_FAILURE;
+                        goto err;
+                        }
+                if (!BIO_indent(bp, off, 128))
+                        goto err;
+                /* print the 'short name' of the field type */
+                if (BIO_printf(bp, "Field Type: %s\n", OBJ_nid2sn(tmp_nid))
+                        <= 0)
+                        goto err;  
+                if (is_char_two)
+                        {
+                        /* print the 'short name' of the base type OID */
+                        int basis_type = EC_GROUP_get_basis_type(x);
+                        if (basis_type == 0)
+                                goto err;
+                        if (!BIO_indent(bp, off, 128))
+                                goto err;
+                        if (BIO_printf(bp, "Basis Type: %s\n", 
+                                OBJ_nid2sn(basis_type)) <= 0)
+                                goto err;
+                        /* print the polynomial */
+                        if ((p != NULL) && !ASN1_bn_print(bp, "Polynomial:", p, buffer,
+                                off))
+                                goto err;
+                        }
+                else
+                        {
+                        if ((p != NULL) && !ASN1_bn_print(bp, "Prime:", p, buffer,off))
+                                goto err;
+                        }
+                if ((a != NULL) && !ASN1_bn_print(bp, "A:   ", a, buffer, off)) 
+                        goto err;
+                if ((b != NULL) && !ASN1_bn_print(bp, "B:   ", b, buffer, off))
+                        goto err;
+                if (form == POINT_CONVERSION_COMPRESSED)
+                        {
+                        if ((gen != NULL) && !ASN1_bn_print(bp, gen_compressed, gen,
+                                buffer, off))
+                                goto err;
+                        }
+                else if (form == POINT_CONVERSION_UNCOMPRESSED)
+                        {
+                        if ((gen != NULL) && !ASN1_bn_print(bp, gen_uncompressed, gen,
+                                buffer, off))
+                                goto err;
+                        }
+                else /* form == POINT_CONVERSION_HYBRID */
+                        {
+                        if ((gen != NULL) && !ASN1_bn_print(bp, gen_hybrid, gen,
+                                buffer, off))
+                                goto err;
+                        }
+                if ((order != NULL) && !ASN1_bn_print(bp, "Order: ", order, 
+                        buffer, off)) goto err;
+                if ((cofactor != NULL) && !ASN1_bn_print(bp, "Cofactor: ", cofactor, 
+                        buffer, off)) goto err;
+                if (seed && !print_bin(bp, "Seed:", seed, seed_len, off))
+                        goto err;
+                }
+        ret=1;
+err:
+        if (!ret)
+                ECerr(EC_F_ECPKPARAMETERS_PRINT, reason);
+        if (p) 
+                BN_free(p);
+        if (a) 
+                BN_free(a);
+        if (b)
+                BN_free(b);
+        if (gen)
+                BN_free(gen);
+        if (order)
+                BN_free(order);
+        if (cofactor)
+                BN_free(cofactor);
+        if (ctx)
+                BN_CTX_free(ctx);
+        if (buffer != NULL) 
+                OPENSSL_free(buffer);
+        return(ret);    
+        }
+static int print_bin(BIO *fp, const char *name, const unsigned char *buf,
+                size_t len, int off)
+        {
+        size_t i;
+        char str[128];
+        if (buf == NULL)
+                return 1;
+        if (off)
+                {
+                if (off > 128)
+                        off=128;
+                memset(str,' ',off);
+                if (BIO_write(fp, str, off) <= 0)
+                        return 0;
+                }
+        if (BIO_printf(fp,"%s", name) <= 0)
+                return 0;
+        for (i=0; i<len; i++)
+                {
+                if ((i%15) == 0)
+                        {
+                        str[0]='\n';
+                        memset(&(str[1]),' ',off+4);
+                        if (BIO_write(fp, str, off+1+4) <= 0)
+                                return 0;
+                        }
+                if (BIO_printf(fp,"%02x%s",buf[i],((i+1) == len)?"":":") <= 0)
+                        return 0;
+                }
+        if (BIO_write(fp,"\n",1) <= 0)
+                return 0;
+        return 1;
+        }
diff --git a/src/lib/libcrypto/ec/ecp_nist.c b/src/lib/libcrypto/ec/ecp_nist.c
index 71893d5eab..2a5682ea41 100644
--- a/src/lib/libcrypto/ec/ecp_nist.c
+++ b/src/lib/libcrypto/ec/ecp_nist.c
@@ -112,10 +112,6 @@ const EC_METHOD *EC_GFp_nist_method(void)
        return &ret;
        }
-#if BN_BITS2 == 64
-#define NO_32_BIT_TYPE
-#endif
 int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src)
        {
        dest->field_mod_func = src->field_mod_func;
@@ -139,34 +135,12 @@ int ec_GFp_nist_group_set_curve(EC_GROUP *group, const BIGNUM *p,
        if (BN_ucmp(BN_get0_nist_prime_192(), p) == 0)
                group->field_mod_func = BN_nist_mod_192;
        else if (BN_ucmp(BN_get0_nist_prime_224(), p) == 0)
-                {
-#ifndef NO_32_BIT_TYPE
                group->field_mod_func = BN_nist_mod_224;
-#else
-                ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, EC_R_NOT_A_SUPPORTED_NIST_PRIME);
-                goto err;
-#endif
-                }
        else if (BN_ucmp(BN_get0_nist_prime_256(), p) == 0)
-                {
-#ifndef NO_32_BIT_TYPE
                group->field_mod_func = BN_nist_mod_256;
-#else
-                ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, EC_R_NOT_A_SUPPORTED_NIST_PRIME);
-                goto err;
-#endif
-                }
        else if (BN_ucmp(BN_get0_nist_prime_384(), p) == 0)
-                {
-#ifndef NO_32_BIT_TYPE
                group->field_mod_func = BN_nist_mod_384;
-#else
-                ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, EC_R_NOT_A_SUPPORTED_NIST_PRIME);
-                goto err;
-#endif
-                }
        else if (BN_ucmp(BN_get0_nist_prime_521(), p) == 0)
-                /* this one works in the NO_32_BIT_TYPE case */
                group->field_mod_func = BN_nist_mod_521;
        else
                {
diff --git a/src/lib/libcrypto/ecdh/ech_err.c b/src/lib/libcrypto/ecdh/ech_err.c
index 4d2ede75bd..6f4b0c9953 100644
--- a/src/lib/libcrypto/ecdh/ech_err.c
+++ b/src/lib/libcrypto/ecdh/ech_err.c
@@ -1,6 +1,6 @@
 /* crypto/ecdh/ech_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -71,7 +71,7 @@
 static ERR_STRING_DATA ECDH_str_functs[]=
        {
 {ERR_FUNC(ECDH_F_ECDH_COMPUTE_KEY),     "ECDH_compute_key"},
-{ERR_FUNC(ECDH_F_ECDH_DATA_NEW_METHOD), "ECDH_DATA_NEW_METHOD"},
+{ERR_FUNC(ECDH_F_ECDH_DATA_NEW_METHOD), "ECDH_DATA_new_method"},
 {0,NULL}
        };
diff --git a/src/lib/libcrypto/ecdsa/ecdsa.h b/src/lib/libcrypto/ecdsa/ecdsa.h
index f20c8ee738..e61c539812 100644
--- a/src/lib/libcrypto/ecdsa/ecdsa.h
+++ b/src/lib/libcrypto/ecdsa/ecdsa.h
@@ -4,7 +4,7 @@
 * \author Written by Nils Larsch for the OpenSSL project
 */
 /* ====================================================================
- * Copyright (c) 2000-2003 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -81,156 +81,143 @@ typedef struct ECDSA_SIG_st
        BIGNUM *s;
        } ECDSA_SIG;
-/** ECDSA_SIG *ECDSA_SIG_new(void)
+/** Allocates and initialize a ECDSA_SIG structure
- * allocates and initialize a ECDSA_SIG structure
+ *  \return pointer to a ECDSA_SIG structure or NULL if an error occurred
- * \return pointer to a ECDSA_SIG structure or NULL if an error occurred
 */
 ECDSA_SIG *ECDSA_SIG_new(void);
-/** ECDSA_SIG_free
+/** frees a ECDSA_SIG structure
- * frees a ECDSA_SIG structure
+ *  \param  sig  pointer to the ECDSA_SIG structure
- * \param a pointer to the ECDSA_SIG structure
 */
-void      ECDSA_SIG_free(ECDSA_SIG *a);
+void      ECDSA_SIG_free(ECDSA_SIG *sig);
-/** i2d_ECDSA_SIG
+/** DER encode content of ECDSA_SIG object (note: this function modifies *pp
- * DER encode content of ECDSA_SIG object (note: this function modifies *pp
+ *  (*pp += length of the DER encoded signature)).
- * (*pp += length of the DER encoded signature)).
+ *  \param  sig  pointer to the ECDSA_SIG object
- * \param a  pointer to the ECDSA_SIG object
+ *  \param  pp   pointer to a unsigned char pointer for the output or NULL
- * \param pp pointer to a unsigned char pointer for the output or NULL
+ *  \return the length of the DER encoded ECDSA_SIG object or 0 
- * \return the length of the DER encoded ECDSA_SIG object or 0 
 */
-int       i2d_ECDSA_SIG(const ECDSA_SIG *a, unsigned char **pp);
+int       i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp);
-/** d2i_ECDSA_SIG
+/** Decodes a DER encoded ECDSA signature (note: this function changes *pp
- * decodes a DER encoded ECDSA signature (note: this function changes *pp
+ *  (*pp += len)). 
- * (*pp += len)). 
+ *  \param  sig  pointer to ECDSA_SIG pointer (may be NULL)
- * \param v pointer to ECDSA_SIG pointer (may be NULL)
+ *  \param  pp   memory buffer with the DER encoded signature
- * \param pp buffer with the DER encoded signature
+ *  \param  len  length of the buffer
- * \param len bufferlength
+ *  \return pointer to the decoded ECDSA_SIG structure (or NULL)
- * \return pointer to the decoded ECDSA_SIG structure (or NULL)
 */
-ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **v, const unsigned char **pp, long len);
+ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, long len);
-/** ECDSA_do_sign
+/** Computes the ECDSA signature of the given hash value using
- * computes the ECDSA signature of the given hash value using
+ *  the supplied private key and returns the created signature.
- * the supplied private key and returns the created signature.
+ *  \param  dgst      pointer to the hash value
- * \param dgst pointer to the hash value
+ *  \param  dgst_len  length of the hash value
- * \param dgst_len length of the hash value
+ *  \param  eckey     EC_KEY object containing a private EC key
- * \param eckey pointer to the EC_KEY object containing a private EC key
+ *  \return pointer to a ECDSA_SIG structure or NULL if an error occurred
- * \return pointer to a ECDSA_SIG structure or NULL
 */
 ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst,int dgst_len,EC_KEY *eckey);
-/** ECDSA_do_sign_ex
+/** Computes ECDSA signature of a given hash value using the supplied
- * computes ECDSA signature of a given hash value using the supplied
+ *  private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
- * private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
+ *  \param  dgst     pointer to the hash value to sign
- * \param dgst pointer to the hash value to sign
+ *  \param  dgstlen  length of the hash value
- * \param dgstlen length of the hash value
+ *  \param  kinv     BIGNUM with a pre-computed inverse k (optional)
- * \param kinv optional pointer to a pre-computed inverse k
+ *  \param  rp       BIGNUM with a pre-computed rp value (optioanl), 
- * \param rp optional pointer to the pre-computed rp value (see 
+ *                   see ECDSA_sign_setup
- *        ECDSA_sign_setup
+ *  \param  eckey    EC_KEY object containing a private EC key
- * \param eckey pointer to the EC_KEY object containing a private EC key
+ *  \return pointer to a ECDSA_SIG structure or NULL if an error occurred
- * \return pointer to a ECDSA_SIG structure or NULL
 */
 ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen, 
                const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey);
-/** ECDSA_do_verify
+/** Verifies that the supplied signature is a valid ECDSA
- * verifies that the supplied signature is a valid ECDSA
+ *  signature of the supplied hash value using the supplied public key.
- * signature of the supplied hash value using the supplied public key.
+ *  \param  dgst      pointer to the hash value
- * \param dgst pointer to the hash value
+ *  \param  dgst_len  length of the hash value
- * \param dgst_len length of the hash value
+ *  \param  sig       ECDSA_SIG structure
- * \param sig  pointer to the ECDSA_SIG structure
+ *  \param  eckey     EC_KEY object containing a public EC key
- * \param eckey pointer to the EC_KEY object containing a public EC key
+ *  \return 1 if the signature is valid, 0 if the signature is invalid
- * \return 1 if the signature is valid, 0 if the signature is invalid and -1 on error
+ *          and -1 on error
 */
 int       ECDSA_do_verify(const unsigned char *dgst, int dgst_len,
                const ECDSA_SIG *sig, EC_KEY* eckey);
 const ECDSA_METHOD *ECDSA_OpenSSL(void);
-/** ECDSA_set_default_method
+/** Sets the default ECDSA method
- * sets the default ECDSA method
+ *  \param  meth  new default ECDSA_METHOD
- * \param meth the new default ECDSA_METHOD
 */
 void      ECDSA_set_default_method(const ECDSA_METHOD *meth);
-/** ECDSA_get_default_method
+/** Returns the default ECDSA method
- * returns the default ECDSA method
+ *  \return pointer to ECDSA_METHOD structure containing the default method
- * \return pointer to ECDSA_METHOD structure containing the default method
 */
 const ECDSA_METHOD *ECDSA_get_default_method(void);
-/** ECDSA_set_method
+/** Sets method to be used for the ECDSA operations
- * sets method to be used for the ECDSA operations
+ *  \param  eckey  EC_KEY object
- * \param eckey pointer to the EC_KEY object
+ *  \param  meth   new method
- * \param meth  pointer to the new method
+ *  \return 1 on success and 0 otherwise 
- * \return 1 on success and 0 otherwise 
 */
 int       ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth);
-/** ECDSA_size
+/** Returns the maximum length of the DER encoded signature
- * returns the maximum length of the DER encoded signature
+ *  \param  eckey  EC_KEY object
- * \param  eckey pointer to a EC_KEY object
+ *  \return numbers of bytes required for the DER encoded signature
- * \return numbers of bytes required for the DER encoded signature
 */
 int       ECDSA_size(const EC_KEY *eckey);
-/** ECDSA_sign_setup
+/** Precompute parts of the signing operation
- * precompute parts of the signing operation. 
+ *  \param  eckey  EC_KEY object containing a private EC key
- * \param eckey pointer to the EC_KEY object containing a private EC key
+ *  \param  ctx    BN_CTX object (optional)
- * \param ctx  pointer to a BN_CTX object (may be NULL)
+ *  \param  kinv   BIGNUM pointer for the inverse of k
- * \param kinv pointer to a BIGNUM pointer for the inverse of k
+ *  \param  rp     BIGNUM pointer for x coordinate of k * generator
- * \param rp   pointer to a BIGNUM pointer for x coordinate of k * generator
+ *  \return 1 on success and 0 otherwise
- * \return 1 on success and 0 otherwise
 */
 int       ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, 
                BIGNUM **rp);
-/** ECDSA_sign
+/** Computes ECDSA signature of a given hash value using the supplied
- * computes ECDSA signature of a given hash value using the supplied
+ *  private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
- * private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
+ *  \param  type     this parameter is ignored
- * \param type this parameter is ignored
+ *  \param  dgst     pointer to the hash value to sign
- * \param dgst pointer to the hash value to sign
+ *  \param  dgstlen  length of the hash value
- * \param dgstlen length of the hash value
+ *  \param  sig      memory for the DER encoded created signature
- * \param sig buffer to hold the DER encoded signature
+ *  \param  siglen   pointer to the length of the returned signature
- * \param siglen pointer to the length of the returned signature
+ *  \param  eckey    EC_KEY object containing a private EC key
- * \param eckey pointer to the EC_KEY object containing a private EC key
+ *  \return 1 on success and 0 otherwise
- * \return 1 on success and 0 otherwise
 */
 int       ECDSA_sign(int type, const unsigned char *dgst, int dgstlen, 
                unsigned char *sig, unsigned int *siglen, EC_KEY *eckey);
-/** ECDSA_sign_ex
+/** Computes ECDSA signature of a given hash value using the supplied
- * computes ECDSA signature of a given hash value using the supplied
+ *  private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
- * private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
+ *  \param  type     this parameter is ignored
- * \param type this parameter is ignored
+ *  \param  dgst     pointer to the hash value to sign
- * \param dgst pointer to the hash value to sign
+ *  \param  dgstlen  length of the hash value
- * \param dgstlen length of the hash value
+ *  \param  sig      buffer to hold the DER encoded signature
- * \param sig buffer to hold the DER encoded signature
+ *  \param  siglen   pointer to the length of the returned signature
- * \param siglen pointer to the length of the returned signature
+ *  \param  kinv     BIGNUM with a pre-computed inverse k (optional)
- * \param kinv optional pointer to a pre-computed inverse k
+ *  \param  rp       BIGNUM with a pre-computed rp value (optioanl), 
- * \param rp optional pointer to the pre-computed rp value (see 
+ *                   see ECDSA_sign_setup
- *        ECDSA_sign_setup
+ *  \param  eckey    EC_KEY object containing a private EC key
- * \param eckey pointer to the EC_KEY object containing a private EC key
+ *  \return 1 on success and 0 otherwise
- * \return 1 on success and 0 otherwise
 */
 int       ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen, 
                unsigned char *sig, unsigned int *siglen, const BIGNUM *kinv,
                const BIGNUM *rp, EC_KEY *eckey);
-/** ECDSA_verify
+/** Verifies that the given signature is valid ECDSA signature
- * verifies that the given signature is valid ECDSA signature
+ *  of the supplied hash value using the specified public key.
- * of the supplied hash value using the specified public key.
+ *  \param  type     this parameter is ignored
- * \param type this parameter is ignored
+ *  \param  dgst     pointer to the hash value 
- * \param dgst pointer to the hash value 
+ *  \param  dgstlen  length of the hash value
- * \param dgstlen length of the hash value
+ *  \param  sig      pointer to the DER encoded signature
- * \param sig  pointer to the DER encoded signature
+ *  \param  siglen   length of the DER encoded signature
- * \param siglen length of the DER encoded signature
+ *  \param  eckey    EC_KEY object containing a public EC key
- * \param eckey pointer to the EC_KEY object containing a public EC key
+ *  \return 1 if the signature is valid, 0 if the signature is invalid
- * \return 1 if the signature is valid, 0 if the signature is invalid and -1 on error
+ *          and -1 on error
 */
 int       ECDSA_verify(int type, const unsigned char *dgst, int dgstlen, 
                const unsigned char *sig, int siglen, EC_KEY *eckey);
diff --git a/src/lib/libcrypto/ecdsa/ecs_err.c b/src/lib/libcrypto/ecdsa/ecs_err.c
index d2a53730ea..98e38d537f 100644
--- a/src/lib/libcrypto/ecdsa/ecs_err.c
+++ b/src/lib/libcrypto/ecdsa/ecs_err.c
@@ -1,6 +1,6 @@
 /* crypto/ecdsa/ecs_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
diff --git a/src/lib/libcrypto/ecdsa/ecs_ossl.c b/src/lib/libcrypto/ecdsa/ecs_ossl.c
index 3ead1af94e..551cf5068f 100644
--- a/src/lib/libcrypto/ecdsa/ecs_ossl.c
+++ b/src/lib/libcrypto/ecdsa/ecs_ossl.c
@@ -212,7 +212,7 @@ err:
 static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, 
                const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey)
 {
-        int     ok = 0;
+        int     ok = 0, i;
        BIGNUM *kinv=NULL, *s, *m=NULL,*tmp=NULL,*order=NULL;
        const BIGNUM *ckinv;
        BN_CTX     *ctx = NULL;
@@ -251,22 +251,19 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
                ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
                goto err;
        }
-        if (8 * dgst_len > BN_num_bits(order))
+        i = BN_num_bits(order);
+        /* Need to truncate digest if it is too long: first truncate whole
+         * bytes.
+         */
+        if (8 * dgst_len > i)
+                dgst_len = (i + 7)/8;
+        if (!BN_bin2bn(dgst, dgst_len, m))
        {
-                /* XXX
+                ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-                 * 
-                 * Should provide for optional hash truncation:
-                 * Keep the BN_num_bits(order) leftmost bits of dgst
-                 * (see March 2006 FIPS 186-3 draft, which has a few
-                 * confusing errors in this part though)
-                 */
-                ECDSAerr(ECDSA_F_ECDSA_DO_SIGN,
-                        ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
                goto err;
        }
+        /* If still too long truncate remaining bits with a shift */
-        if (!BN_bin2bn(dgst, dgst_len, m))
+        if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7)))
        {
                ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
                goto err;
@@ -346,7 +343,7 @@ err:
 static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len,
                const ECDSA_SIG *sig, EC_KEY *eckey)
 {
-        int ret = -1;
+        int ret = -1, i;
        BN_CTX   *ctx;
        BIGNUM   *order, *u1, *u2, *m, *X;
        EC_POINT *point = NULL;
@@ -384,21 +381,6 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len,
                ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
                goto err;
        }
-        if (8 * dgst_len > BN_num_bits(order))
-        {
-                /* XXX
-                 * 
-                 * Should provide for optional hash truncation:
-                 * Keep the BN_num_bits(order) leftmost bits of dgst
-                 * (see March 2006 FIPS 186-3 draft, which has a few
-                 * confusing errors in this part though)
-                 */
-                ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY,
-                        ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
-                ret = 0;
-                goto err;
-        }
        if (BN_is_zero(sig->r)          || BN_is_negative(sig->r) || 
            BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s)  ||
@@ -415,11 +397,23 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len,
                goto err;
        }
        /* digest -> m */
+        i = BN_num_bits(order);
+        /* Need to truncate digest if it is too long: first truncate whole
+         * bytes.
+         */
+        if (8 * dgst_len > i)
+                dgst_len = (i + 7)/8;
        if (!BN_bin2bn(dgst, dgst_len, m))
        {
                ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
                goto err;
        }
+        /* If still too long truncate remaining bits with a shift */
+        if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7)))
+        {
+                ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
+                goto err;
+        }
        /* u1 = m * tmp mod order */
        if (!BN_mod_mul(u1, m, u2, order, ctx))
        {
diff --git a/src/lib/libcrypto/ecdsa/ecs_sign.c b/src/lib/libcrypto/ecdsa/ecs_sign.c
index 74b1fe8caf..353d5af514 100644
--- a/src/lib/libcrypto/ecdsa/ecs_sign.c
+++ b/src/lib/libcrypto/ecdsa/ecs_sign.c
@@ -57,6 +57,7 @@
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
 #endif
+#include <openssl/rand.h>
 ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey)
 {
@@ -83,6 +84,7 @@ int ECDSA_sign_ex(int type, const unsigned char *dgst, int dlen, unsigned char
        EC_KEY *eckey)
 {
        ECDSA_SIG *s;
+        RAND_seed(dgst, dlen);
        s = ECDSA_do_sign_ex(dgst, dlen, kinv, r, eckey);
        if (s == NULL)
        {
diff --git a/src/lib/libcrypto/engine/eng_all.c b/src/lib/libcrypto/engine/eng_all.c
index d29cd57dc2..22c120454f 100644
--- a/src/lib/libcrypto/engine/eng_all.c
+++ b/src/lib/libcrypto/engine/eng_all.c
@@ -61,15 +61,15 @@
 void ENGINE_load_builtin_engines(void)
        {
+#if 0
        /* There's no longer any need for an "openssl" ENGINE unless, one day,
         * it is the *only* way for standard builtin implementations to be be
         * accessed (ie. it would be possible to statically link binaries with
         * *no* builtin implementations). */
-#if 0
        ENGINE_load_openssl();
 #endif
-#if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)
+#if !defined(OPENSSL_NO_HW) && (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV))
-        ENGINE_load_padlock();
+        ENGINE_load_cryptodev();
 #endif
        ENGINE_load_dynamic();
 #ifndef OPENSSL_NO_STATIC_ENGINE
@@ -98,14 +98,15 @@ void ENGINE_load_builtin_engines(void)
 #ifndef OPENSSL_NO_HW_UBSEC
        ENGINE_load_ubsec();
 #endif
+#ifndef OPENSSL_NO_HW_PADLOCK
+        ENGINE_load_padlock();
 #endif
-#if !defined(OPENSSL_NO_GMP) && !defined(OPENSSL_NO_HW_GMP)
-        ENGINE_load_gmp();
 #endif
+#ifndef OPENSSL_NO_GOST
+        ENGINE_load_gost();
 #endif
-#ifndef OPENSSL_NO_HW
+#ifndef OPENSSL_NO_GMP
-#if defined(__OpenBSD__) || defined(__FreeBSD__)
+        ENGINE_load_gmp();
-        ENGINE_load_cryptodev();
 #endif
 #if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
        ENGINE_load_capi();
@@ -113,7 +114,7 @@ void ENGINE_load_builtin_engines(void)
 #endif
        }
-#if defined(__OpenBSD__) || defined(__FreeBSD__)
+#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
 void ENGINE_setup_bsd_cryptodev(void) {
        static int bsd_cryptodev_default_loaded = 0;
        if (!bsd_cryptodev_default_loaded) {
diff --git a/src/lib/libcrypto/engine/eng_cnf.c b/src/lib/libcrypto/engine/eng_cnf.c
index 08066cea59..95c4070015 100644
--- a/src/lib/libcrypto/engine/eng_cnf.c
+++ b/src/lib/libcrypto/engine/eng_cnf.c
@@ -95,7 +95,7 @@ static int int_engine_configure(char *name, char *value, const CONF *cnf)
        int ret = 0;
        long do_init = -1;
        STACK_OF(CONF_VALUE) *ecmds;
-        CONF_VALUE *ecmd;
+        CONF_VALUE *ecmd = NULL;
        char *ctrlname, *ctrlvalue;
        ENGINE *e = NULL;
        int soft = 0;
@@ -157,7 +157,7 @@ static int int_engine_configure(char *name, char *value, const CONF *cnf)
                                        return 1;
                                        }
                                if (!e)
-                                        return 0;
+                                        goto err;
                                }
                        /* Allow "EMPTY" to mean no value: this allows a valid
                         * "value" to be passed to ctrls of type NO_INPUT
@@ -186,16 +186,27 @@ static int int_engine_configure(char *name, char *value, const CONF *cnf)
                                }
                        else if (!ENGINE_ctrl_cmd_string(e,
                                        ctrlname, ctrlvalue, 0))
-                                return 0;
+                                goto err;
                        }
                }
        if (e && (do_init == -1) && !int_engine_init(e))
+                {
+                ecmd = NULL;
                goto err;
+                }
        ret = 1;
        err:
+        if (ret != 1)
+                {
+                ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE, ENGINE_R_ENGINE_CONFIGURATION_ERROR);
+                if (ecmd)
+                        ERR_add_error_data(6, "section=", ecmd->section, 
+                                                ", name=", ecmd->name,
+                                                ", value=", ecmd->value);
+                }
        if (e)
                ENGINE_free(e);
        return ret;
diff --git a/src/lib/libcrypto/engine/eng_ctrl.c b/src/lib/libcrypto/engine/eng_ctrl.c
index 95b6b455aa..5ce25d92ec 100644
--- a/src/lib/libcrypto/engine/eng_ctrl.c
+++ b/src/lib/libcrypto/engine/eng_ctrl.c
@@ -280,7 +280,7 @@ int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
                }
        /* Force the result of the control command to 0 or 1, for the reasons
         * mentioned before. */
-        if (ENGINE_ctrl(e, num, i, p, f))
+        if (ENGINE_ctrl(e, num, i, p, f) > 0)
                return 1;
        return 0;
        }
@@ -345,7 +345,7 @@ int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
                 * usage of these commands is consistent across applications and
                 * that certain applications don't understand it one way, and
                 * others another. */
-                if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL))
+                if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0)
                        return 1;
                return 0;
                }
@@ -360,7 +360,7 @@ int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
        if(flags & ENGINE_CMD_FLAG_STRING)
                {
                /* Same explanation as above */
-                if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL))
+                if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0)
                        return 1;
                return 0;
                }
@@ -383,7 +383,7 @@ int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
                }
        /* Force the result of the control command to 0 or 1, for the reasons
         * mentioned before. */
-        if(ENGINE_ctrl(e, num, l, NULL, NULL))
+        if(ENGINE_ctrl(e, num, l, NULL, NULL) > 0)
                return 1;
        return 0;
        }
diff --git a/src/lib/libcrypto/engine/eng_dyn.c b/src/lib/libcrypto/engine/eng_dyn.c
index acb30c34d8..807da7a5eb 100644
--- a/src/lib/libcrypto/engine/eng_dyn.c
+++ b/src/lib/libcrypto/engine/eng_dyn.c
@@ -146,14 +146,14 @@ struct st_dynamic_data_ctx
         * 'dirs' for loading. Default is to use 'dirs' as a fallback. */
        int dir_load;
        /* A stack of directories from which ENGINEs could be loaded */
-        STACK *dirs;
+        STACK_OF(OPENSSL_STRING) *dirs;
        };
 /* This is the "ex_data" index we obtain and reserve for use with our context
 * structure. */
 static int dynamic_ex_data_idx = -1;
-static void int_free_str(void *s) { OPENSSL_free(s); }
+static void int_free_str(char *s) { OPENSSL_free(s); }
 /* Because our ex_data element may or may not get allocated depending on whether
 * a "first-use" occurs before the ENGINE is freed, we have a memory leak
 * problem to solve. We can't declare a "new" handler for the ex_data as we
@@ -174,7 +174,7 @@ static void dynamic_data_ctx_free_func(void *parent, void *ptr,
                if(ctx->engine_id)
                        OPENSSL_free((void*)ctx->engine_id);
                if(ctx->dirs)
-                        sk_pop_free(ctx->dirs, int_free_str);
+                        sk_OPENSSL_STRING_pop_free(ctx->dirs, int_free_str);
                OPENSSL_free(ctx);
                }
        }
@@ -203,7 +203,7 @@ static int dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx)
        c->DYNAMIC_F1 = "v_check";
        c->DYNAMIC_F2 = "bind_engine";
        c->dir_load = 1;
-        c->dirs = sk_new_null();
+        c->dirs = sk_OPENSSL_STRING_new_null();
        if(!c->dirs)
                {
                ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX,ERR_R_MALLOC_FAILURE);
@@ -393,7 +393,7 @@ static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
                                ERR_R_MALLOC_FAILURE);
                        return 0;
                        }
-                sk_insert(ctx->dirs, tmp_str, -1);
+                sk_OPENSSL_STRING_insert(ctx->dirs, tmp_str, -1);
                }
                return 1;
        default:
@@ -411,11 +411,11 @@ static int int_load(dynamic_data_ctx *ctx)
                                ctx->DYNAMIC_LIBNAME, NULL, 0)) != NULL)
                return 1;
        /* If we're not allowed to use 'dirs' or we have none, fail */
-        if(!ctx->dir_load || ((num = sk_num(ctx->dirs)) < 1))
+        if(!ctx->dir_load || (num = sk_OPENSSL_STRING_num(ctx->dirs)) < 1)
                return 0;
        for(loop = 0; loop < num; loop++)
                {
-                const char *s = sk_value(ctx->dirs, loop);
+                const char *s = sk_OPENSSL_STRING_value(ctx->dirs, loop);
                char *merge = DSO_merge(ctx->dynamic_dso, ctx->DYNAMIC_LIBNAME, s);
                if(!merge)
                        return 0;
diff --git a/src/lib/libcrypto/engine/eng_err.c b/src/lib/libcrypto/engine/eng_err.c
index 574ffbb5c0..81c70acfa8 100644
--- a/src/lib/libcrypto/engine/eng_err.c
+++ b/src/lib/libcrypto/engine/eng_err.c
@@ -1,6 +1,6 @@
 /* crypto/engine/eng_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2010 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -86,6 +86,8 @@ static ERR_STRING_DATA ENGINE_str_functs[]=
 {ERR_FUNC(ENGINE_F_ENGINE_GET_DEFAULT_TYPE),    "ENGINE_GET_DEFAULT_TYPE"},
 {ERR_FUNC(ENGINE_F_ENGINE_GET_DIGEST),  "ENGINE_get_digest"},
 {ERR_FUNC(ENGINE_F_ENGINE_GET_NEXT),    "ENGINE_get_next"},
+{ERR_FUNC(ENGINE_F_ENGINE_GET_PKEY_ASN1_METH),  "ENGINE_get_pkey_asn1_meth"},
+{ERR_FUNC(ENGINE_F_ENGINE_GET_PKEY_METH),       "ENGINE_get_pkey_meth"},
 {ERR_FUNC(ENGINE_F_ENGINE_GET_PREV),    "ENGINE_get_prev"},
 {ERR_FUNC(ENGINE_F_ENGINE_INIT),        "ENGINE_init"},
 {ERR_FUNC(ENGINE_F_ENGINE_LIST_ADD),    "ENGINE_LIST_ADD"},
@@ -124,6 +126,7 @@ static ERR_STRING_DATA ENGINE_str_reasons[]=
 {ERR_REASON(ENGINE_R_DSO_FAILURE)        ,"DSO failure"},
 {ERR_REASON(ENGINE_R_DSO_NOT_FOUND)      ,"dso not found"},
 {ERR_REASON(ENGINE_R_ENGINES_SECTION_ERROR),"engines section error"},
+{ERR_REASON(ENGINE_R_ENGINE_CONFIGURATION_ERROR),"engine configuration error"},
 {ERR_REASON(ENGINE_R_ENGINE_IS_NOT_IN_LIST),"engine is not in the list"},
 {ERR_REASON(ENGINE_R_ENGINE_SECTION_ERROR),"engine section error"},
 {ERR_REASON(ENGINE_R_FAILED_LOADING_PRIVATE_KEY),"failed loading private key"},
@@ -150,6 +153,7 @@ static ERR_STRING_DATA ENGINE_str_reasons[]=
 {ERR_REASON(ENGINE_R_RSA_NOT_IMPLEMENTED),"rsa not implemented"},
 {ERR_REASON(ENGINE_R_UNIMPLEMENTED_CIPHER),"unimplemented cipher"},
 {ERR_REASON(ENGINE_R_UNIMPLEMENTED_DIGEST),"unimplemented digest"},
+{ERR_REASON(ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD),"unimplemented public key method"},
 {ERR_REASON(ENGINE_R_VERSION_INCOMPATIBILITY),"version incompatibility"},
 {0,NULL}
        };
diff --git a/src/lib/libcrypto/engine/eng_fat.c b/src/lib/libcrypto/engine/eng_fat.c
index 27c1662f62..db66e62350 100644
--- a/src/lib/libcrypto/engine/eng_fat.c
+++ b/src/lib/libcrypto/engine/eng_fat.c
@@ -89,6 +89,12 @@ int ENGINE_set_default(ENGINE *e, unsigned int flags)
 #endif
        if((flags & ENGINE_METHOD_RAND) && !ENGINE_set_default_RAND(e))
                return 0;
+        if((flags & ENGINE_METHOD_PKEY_METHS)
+                                && !ENGINE_set_default_pkey_meths(e))
+                return 0;
+        if((flags & ENGINE_METHOD_PKEY_ASN1_METHS)
+                                && !ENGINE_set_default_pkey_asn1_meths(e))
+                return 0;
        return 1;
        }
@@ -115,6 +121,13 @@ static int int_def_cb(const char *alg, int len, void *arg)
                *pflags |= ENGINE_METHOD_CIPHERS;
        else if (!strncmp(alg, "DIGESTS", len))
                *pflags |= ENGINE_METHOD_DIGESTS;
+        else if (!strncmp(alg, "PKEY", len))
+                *pflags |=
+                        ENGINE_METHOD_PKEY_METHS|ENGINE_METHOD_PKEY_ASN1_METHS;
+        else if (!strncmp(alg, "PKEY_CRYPTO", len))
+                *pflags |= ENGINE_METHOD_PKEY_METHS;
+        else if (!strncmp(alg, "PKEY_ASN1", len))
+                *pflags |= ENGINE_METHOD_PKEY_ASN1_METHS;
        else
                return 0;
        return 1;
@@ -154,6 +167,7 @@ int ENGINE_register_complete(ENGINE *e)
        ENGINE_register_ECDSA(e);
 #endif
        ENGINE_register_RAND(e);
+        ENGINE_register_pkey_meths(e);
        return 1;
        }
diff --git a/src/lib/libcrypto/engine/eng_int.h b/src/lib/libcrypto/engine/eng_int.h
index a66f107a44..451ef8feb8 100644
--- a/src/lib/libcrypto/engine/eng_int.h
+++ b/src/lib/libcrypto/engine/eng_int.h
@@ -127,6 +127,8 @@ ENGINE *engine_table_select(ENGINE_TABLE **table, int nid);
 ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f, int l);
 #define engine_table_select(t,n) engine_table_select_tmp(t,n,__FILE__,__LINE__)
 #endif
+typedef void (engine_table_doall_cb)(int nid, STACK_OF(ENGINE) *sk, ENGINE *def, void *arg);
+void engine_table_doall(ENGINE_TABLE *table, engine_table_doall_cb *cb, void *arg);
 /* Internal versions of API functions that have control over locking. These are
 * used between C files when functionality needs to be shared but the caller may
@@ -143,6 +145,11 @@ void engine_set_all_null(ENGINE *e);
 /* NB: Bitwise OR-able values for the "flags" variable in ENGINE are now exposed
 * in engine.h. */
+/* Free up dynamically allocated public key methods associated with ENGINE */
+void engine_pkey_meths_free(ENGINE *e);
+void engine_pkey_asn1_meths_free(ENGINE *e);
 /* This is a structure for storing implementations of various crypto
 * algorithms and functions. */
 struct engine_st
@@ -160,7 +167,10 @@ struct engine_st
        ENGINE_CIPHERS_PTR ciphers;
        /* Digest handling is via this callback */
        ENGINE_DIGESTS_PTR digests;
+        /* Public key handling via this callback */
+        ENGINE_PKEY_METHS_PTR pkey_meths;
+        /* ASN1 public key handling via this callback */
+        ENGINE_PKEY_ASN1_METHS_PTR pkey_asn1_meths;
        ENGINE_GEN_INT_FUNC_PTR destroy;
diff --git a/src/lib/libcrypto/engine/eng_lib.c b/src/lib/libcrypto/engine/eng_lib.c
index 5815b867f4..18a6664645 100644
--- a/src/lib/libcrypto/engine/eng_lib.c
+++ b/src/lib/libcrypto/engine/eng_lib.c
@@ -125,6 +125,9 @@ int engine_free_util(ENGINE *e, int locked)
                abort();
                }
 #endif
+        /* Free up any dynamically allocated public key methods */
+        engine_pkey_meths_free(e);
+        engine_pkey_asn1_meths_free(e);
        /* Give the ENGINE a chance to do any structural cleanup corresponding
         * to allocation it did in its constructor (eg. unload error strings) */
        if(e->destroy)
diff --git a/src/lib/libcrypto/engine/eng_list.c b/src/lib/libcrypto/engine/eng_list.c
index bd511944ba..27846edb1e 100644
--- a/src/lib/libcrypto/engine/eng_list.c
+++ b/src/lib/libcrypto/engine/eng_list.c
@@ -336,6 +336,7 @@ static void engine_cpy(ENGINE *dest, const ENGINE *src)
        dest->store_meth = src->store_meth;
        dest->ciphers = src->ciphers;
        dest->digests = src->digests;
+        dest->pkey_meths = src->pkey_meths;
        dest->destroy = src->destroy;
        dest->init = src->init;
        dest->finish = src->finish;
@@ -412,6 +413,7 @@ ENGINE *ENGINE_by_id(const char *id)
                return iterator;
                }
 notfound:
+        ENGINE_free(iterator);
        ENGINEerr(ENGINE_F_ENGINE_BY_ID,ENGINE_R_NO_SUCH_ENGINE);
        ERR_add_error_data(2, "id=", id);
        return NULL;
diff --git a/src/lib/libcrypto/engine/eng_openssl.c b/src/lib/libcrypto/engine/eng_openssl.c
index 7c139ae2ef..9abb95cc22 100644
--- a/src/lib/libcrypto/engine/eng_openssl.c
+++ b/src/lib/libcrypto/engine/eng_openssl.c
@@ -238,7 +238,7 @@ static int test_rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
        return 1;
        }
 static int test_rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                      const unsigned char *in, unsigned int inl)
+                      const unsigned char *in, size_t inl)
        {
 #ifdef TEST_ENG_OPENSSL_RC4_P_CIPHER
        fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_cipher() called\n");
diff --git a/src/lib/libcrypto/engine/eng_table.c b/src/lib/libcrypto/engine/eng_table.c
index 8879a267d1..4fde948185 100644
--- a/src/lib/libcrypto/engine/eng_table.c
+++ b/src/lib/libcrypto/engine/eng_table.c
@@ -70,12 +70,22 @@ typedef struct st_engine_pile
        int uptodate;
        } ENGINE_PILE;
+DECLARE_LHASH_OF(ENGINE_PILE);
 /* The type exposed in eng_int.h */
 struct st_engine_table
        {
-        LHASH piles;
+        LHASH_OF(ENGINE_PILE) piles;
        }; /* ENGINE_TABLE */
+typedef struct st_engine_pile_doall
+        {
+        engine_table_doall_cb *cb;
+        void *arg;
+        } ENGINE_PILE_DOALL;
+        
 /* Global flags (ENGINE_TABLE_FLAG_***). */
 static unsigned int table_flags = 0;
@@ -84,6 +94,7 @@ unsigned int ENGINE_get_table_flags(void)
        {
        return table_flags;
        }
 void ENGINE_set_table_flags(unsigned int flags)
        {
        table_flags = flags;
@@ -94,19 +105,21 @@ static unsigned long engine_pile_hash(const ENGINE_PILE *c)
        {
        return c->nid;
        }
 static int engine_pile_cmp(const ENGINE_PILE *a, const ENGINE_PILE *b)
        {
        return a->nid - b->nid;
        }
-static IMPLEMENT_LHASH_HASH_FN(engine_pile_hash, const ENGINE_PILE *)
+static IMPLEMENT_LHASH_HASH_FN(engine_pile, ENGINE_PILE)
-static IMPLEMENT_LHASH_COMP_FN(engine_pile_cmp, const ENGINE_PILE *)
+static IMPLEMENT_LHASH_COMP_FN(engine_pile, ENGINE_PILE)
 static int int_table_check(ENGINE_TABLE **t, int create)
        {
-        LHASH *lh;
+        LHASH_OF(ENGINE_PILE) *lh;
        if(*t) return 1;
        if(!create) return 0;
-        if((lh = lh_new(LHASH_HASH_FN(engine_pile_hash),
+        if((lh = lh_ENGINE_PILE_new()) == NULL)
-                        LHASH_COMP_FN(engine_pile_cmp))) == NULL)
                return 0;
        *t = (ENGINE_TABLE *)lh;
        return 1;
@@ -130,7 +143,7 @@ int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
        while(num_nids--)
                {
                tmplate.nid = *nids;
-                fnd = lh_retrieve(&(*table)->piles, &tmplate);
+                fnd = lh_ENGINE_PILE_retrieve(&(*table)->piles, &tmplate);
                if(!fnd)
                        {
                        fnd = OPENSSL_malloc(sizeof(ENGINE_PILE));
@@ -144,7 +157,7 @@ int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
                                goto end;
                                }
                        fnd->funct = NULL;
-                        lh_insert(&(*table)->piles, fnd);
+                        (void)lh_ENGINE_PILE_insert(&(*table)->piles, fnd);
                        }
                /* A registration shouldn't add duplciate entries */
                (void)sk_ENGINE_delete_ptr(fnd->sk, e);
@@ -173,7 +186,7 @@ end:
        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
        return ret;
        }
-static void int_unregister_cb(ENGINE_PILE *pile, ENGINE *e)
+static void int_unregister_cb_doall_arg(ENGINE_PILE *pile, ENGINE *e)
        {
        int n;
        /* Iterate the 'c->sk' stack removing any occurance of 'e' */
@@ -188,31 +201,35 @@ static void int_unregister_cb(ENGINE_PILE *pile, ENGINE *e)
                pile->funct = NULL;
                }
        }
-static IMPLEMENT_LHASH_DOALL_ARG_FN(int_unregister_cb,ENGINE_PILE *,ENGINE *)
+static IMPLEMENT_LHASH_DOALL_ARG_FN(int_unregister_cb, ENGINE_PILE, ENGINE)
 void engine_table_unregister(ENGINE_TABLE **table, ENGINE *e)
        {
        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
        if(int_table_check(table, 0))
-                lh_doall_arg(&(*table)->piles,
+                lh_ENGINE_PILE_doall_arg(&(*table)->piles,
-                        LHASH_DOALL_ARG_FN(int_unregister_cb), e);
+                                         LHASH_DOALL_ARG_FN(int_unregister_cb),
+                                         ENGINE, e);
        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
        }
-static void int_cleanup_cb(ENGINE_PILE *p)
+static void int_cleanup_cb_doall(ENGINE_PILE *p)
        {
        sk_ENGINE_free(p->sk);
        if(p->funct)
                engine_unlocked_finish(p->funct, 0);
        OPENSSL_free(p);
        }
-static IMPLEMENT_LHASH_DOALL_FN(int_cleanup_cb,ENGINE_PILE *)
+static IMPLEMENT_LHASH_DOALL_FN(int_cleanup_cb, ENGINE_PILE)
 void engine_table_cleanup(ENGINE_TABLE **table)
        {
        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
        if(*table)
                {
-                lh_doall(&(*table)->piles, LHASH_DOALL_FN(int_cleanup_cb));
+                lh_ENGINE_PILE_doall(&(*table)->piles,
-                lh_free(&(*table)->piles);
+                                     LHASH_DOALL_FN(int_cleanup_cb));
+                lh_ENGINE_PILE_free(&(*table)->piles);
                *table = NULL;
                }
        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
@@ -237,12 +254,13 @@ ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f, in
 #endif
                return NULL;
                }
+        ERR_set_mark();
        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
        /* Check again inside the lock otherwise we could race against cleanup
         * operations. But don't worry about a fprintf(stderr). */
        if(!int_table_check(table, 0)) goto end;
        tmplate.nid = nid;
-        fnd = lh_retrieve(&(*table)->piles, &tmplate);
+        fnd = lh_ENGINE_PILE_retrieve(&(*table)->piles, &tmplate);
        if(!fnd) goto end;
        if(fnd->funct && engine_unlocked_init(fnd->funct))
                {
@@ -310,6 +328,24 @@ end:
        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
        /* Whatever happened, any failed init()s are not failures in this
         * context, so clear our error state. */
-        ERR_clear_error();
+        ERR_pop_to_mark();
        return ret;
        }
+/* Table enumeration */
+static void int_cb_doall_arg(ENGINE_PILE *pile, ENGINE_PILE_DOALL *dall)
+        {
+        dall->cb(pile->nid, pile->sk, pile->funct, dall->arg);
+        }
+static IMPLEMENT_LHASH_DOALL_ARG_FN(int_cb, ENGINE_PILE,ENGINE_PILE_DOALL)
+void engine_table_doall(ENGINE_TABLE *table, engine_table_doall_cb *cb,
+                                                                void *arg)
+        {
+        ENGINE_PILE_DOALL dall;
+        dall.cb = cb;
+        dall.arg = arg;
+        lh_ENGINE_PILE_doall_arg(&table->piles, LHASH_DOALL_ARG_FN(int_cb),
+                                 ENGINE_PILE_DOALL, &dall);
+        }
diff --git a/src/lib/libcrypto/engine/engine.h b/src/lib/libcrypto/engine/engine.h
index f503595ece..7fbd95f634 100644
--- a/src/lib/libcrypto/engine/engine.h
+++ b/src/lib/libcrypto/engine/engine.h
@@ -88,16 +88,15 @@
 #include <openssl/ecdsa.h>
 #endif
 #include <openssl/rand.h>
-#include <openssl/store.h>
 #include <openssl/ui.h>
 #include <openssl/err.h>
 #endif
-#include <openssl/x509.h>
 #include <openssl/ossl_typ.h>
 #include <openssl/symhacks.h>
+#include <openssl/x509.h>
 #ifdef  __cplusplus
 extern "C" {
 #endif
@@ -113,6 +112,8 @@ extern "C" {
 #define ENGINE_METHOD_CIPHERS           (unsigned int)0x0040
 #define ENGINE_METHOD_DIGESTS           (unsigned int)0x0080
 #define ENGINE_METHOD_STORE             (unsigned int)0x0100
+#define ENGINE_METHOD_PKEY_METHS        (unsigned int)0x0200
+#define ENGINE_METHOD_PKEY_ASN1_METHS   (unsigned int)0x0400
 /* Obvious all-or-nothing cases. */
 #define ENGINE_METHOD_ALL               (unsigned int)0xFFFF
 #define ENGINE_METHOD_NONE              (unsigned int)0x0000
@@ -297,7 +298,8 @@ typedef int (*ENGINE_SSL_CLIENT_CERT_PTR)(ENGINE *, SSL *ssl,
 * parameter is non-NULL it is set to the size of the returned array. */
 typedef int (*ENGINE_CIPHERS_PTR)(ENGINE *, const EVP_CIPHER **, const int **, int);
 typedef int (*ENGINE_DIGESTS_PTR)(ENGINE *, const EVP_MD **, const int **, int);
+typedef int (*ENGINE_PKEY_METHS_PTR)(ENGINE *, EVP_PKEY_METHOD **, const int **, int);
+typedef int (*ENGINE_PKEY_ASN1_METHS_PTR)(ENGINE *, EVP_PKEY_ASN1_METHOD **, const int **, int);
 /* STRUCTURE functions ... all of these functions deal with pointers to ENGINE
 * structures where the pointers have a "structural reference". This means that
 * their reference is to allowed access to the structure but it does not imply
@@ -329,19 +331,20 @@ void ENGINE_load_aep(void);
 void ENGINE_load_atalla(void);
 void ENGINE_load_chil(void);
 void ENGINE_load_cswift(void);
-#ifndef OPENSSL_NO_GMP
-void ENGINE_load_gmp(void);
-#endif
 void ENGINE_load_nuron(void);
 void ENGINE_load_sureware(void);
 void ENGINE_load_ubsec(void);
-#endif
-void ENGINE_load_cryptodev(void);
 void ENGINE_load_padlock(void);
-void ENGINE_load_builtin_engines(void);
-#ifndef OPENSSL_NO_CAPIENG
 void ENGINE_load_capi(void);
+#ifndef OPENSSL_NO_GMP
+void ENGINE_load_gmp(void);
+#endif
+#ifndef OPENSSL_NO_GOST
+void ENGINE_load_gost(void);
+#endif
 #endif
+void ENGINE_load_cryptodev(void);
+void ENGINE_load_builtin_engines(void);
 /* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation
 * "registry" handling. */
@@ -392,6 +395,14 @@ int ENGINE_register_digests(ENGINE *e);
 void ENGINE_unregister_digests(ENGINE *e);
 void ENGINE_register_all_digests(void);
+int ENGINE_register_pkey_meths(ENGINE *e);
+void ENGINE_unregister_pkey_meths(ENGINE *e);
+void ENGINE_register_all_pkey_meths(void);
+int ENGINE_register_pkey_asn1_meths(ENGINE *e);
+void ENGINE_unregister_pkey_asn1_meths(ENGINE *e);
+void ENGINE_register_all_pkey_asn1_meths(void);
 /* These functions register all support from the above categories. Note, use of
 * these functions can result in static linkage of code your application may not
 * need. If you only need a subset of functionality, consider using more
@@ -471,6 +482,8 @@ int ENGINE_set_load_ssl_client_cert_function(ENGINE *e,
                                ENGINE_SSL_CLIENT_CERT_PTR loadssl_f);
 int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f);
 int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f);
+int ENGINE_set_pkey_meths(ENGINE *e, ENGINE_PKEY_METHS_PTR f);
+int ENGINE_set_pkey_asn1_meths(ENGINE *e, ENGINE_PKEY_ASN1_METHS_PTR f);
 int ENGINE_set_flags(ENGINE *e, int flags);
 int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns);
 /* These functions allow control over any per-structure ENGINE data. */
@@ -507,8 +520,16 @@ ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e);
 ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE *e);
 ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e);
 ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e);
+ENGINE_PKEY_METHS_PTR ENGINE_get_pkey_meths(const ENGINE *e);
+ENGINE_PKEY_ASN1_METHS_PTR ENGINE_get_pkey_asn1_meths(const ENGINE *e);
 const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid);
 const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid);
+const EVP_PKEY_METHOD *ENGINE_get_pkey_meth(ENGINE *e, int nid);
+const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth(ENGINE *e, int nid);
+const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e,
+                                        const char *str, int len);
+const EVP_PKEY_ASN1_METHOD *ENGINE_pkey_asn1_find_str(ENGINE **pe,
+                                        const char *str, int len);
 const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e);
 int ENGINE_get_flags(const ENGINE *e);
@@ -560,6 +581,8 @@ ENGINE *ENGINE_get_default_RAND(void);
 * ciphering or digesting corresponding to "nid". */
 ENGINE *ENGINE_get_cipher_engine(int nid);
 ENGINE *ENGINE_get_digest_engine(int nid);
+ENGINE *ENGINE_get_pkey_meth_engine(int nid);
+ENGINE *ENGINE_get_pkey_asn1_meth_engine(int nid);
 /* This sets a new default ENGINE structure for performing RSA
 * operations. If the result is non-zero (success) then the ENGINE
@@ -575,6 +598,8 @@ int ENGINE_set_default_DH(ENGINE *e);
 int ENGINE_set_default_RAND(ENGINE *e);
 int ENGINE_set_default_ciphers(ENGINE *e);
 int ENGINE_set_default_digests(ENGINE *e);
+int ENGINE_set_default_pkey_meths(ENGINE *e);
+int ENGINE_set_default_pkey_asn1_meths(ENGINE *e);
 /* The combination "set" - the flags are bitwise "OR"d from the
 * ENGINE_METHOD_*** defines above. As with the "ENGINE_register_complete()"
@@ -703,7 +728,7 @@ typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id,
 * values. */
 void *ENGINE_get_static_state(void);
-#if defined(__OpenBSD__) || defined(__FreeBSD__)
+#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
 void ENGINE_setup_bsd_cryptodev(void);
 #endif
@@ -732,13 +757,15 @@ void ERR_load_ENGINE_strings(void);
 #define ENGINE_F_ENGINE_GET_DEFAULT_TYPE                 177
 #define ENGINE_F_ENGINE_GET_DIGEST                       186
 #define ENGINE_F_ENGINE_GET_NEXT                         115
+#define ENGINE_F_ENGINE_GET_PKEY_ASN1_METH               193
+#define ENGINE_F_ENGINE_GET_PKEY_METH                    192
 #define ENGINE_F_ENGINE_GET_PREV                         116
 #define ENGINE_F_ENGINE_INIT                             119
 #define ENGINE_F_ENGINE_LIST_ADD                         120
 #define ENGINE_F_ENGINE_LIST_REMOVE                      121
 #define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY                 150
 #define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY                  151
-#define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT             192
+#define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT             194
 #define ENGINE_F_ENGINE_NEW                              122
 #define ENGINE_F_ENGINE_REMOVE                           123
 #define ENGINE_F_ENGINE_SET_DEFAULT_STRING               189
@@ -767,6 +794,7 @@ void ERR_load_ENGINE_strings(void);
 #define ENGINE_R_DSO_FAILURE                             104
 #define ENGINE_R_DSO_NOT_FOUND                           132
 #define ENGINE_R_ENGINES_SECTION_ERROR                   148
+#define ENGINE_R_ENGINE_CONFIGURATION_ERROR              102
 #define ENGINE_R_ENGINE_IS_NOT_IN_LIST                   105
 #define ENGINE_R_ENGINE_SECTION_ERROR                    149
 #define ENGINE_R_FAILED_LOADING_PRIVATE_KEY              128
@@ -793,6 +821,7 @@ void ERR_load_ENGINE_strings(void);
 #define ENGINE_R_RSA_NOT_IMPLEMENTED                     141
 #define ENGINE_R_UNIMPLEMENTED_CIPHER                    146
 #define ENGINE_R_UNIMPLEMENTED_DIGEST                    147
+#define ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD         101
 #define ENGINE_R_VERSION_INCOMPATIBILITY                 145
 #ifdef  __cplusplus
diff --git a/src/lib/libcrypto/engine/tb_asnmth.c b/src/lib/libcrypto/engine/tb_asnmth.c
new file mode 100644
index 0000000000..75090339f7
--- /dev/null
+++ b/src/lib/libcrypto/engine/tb_asnmth.c
@@ -0,0 +1,246 @@
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include "eng_int.h"
+#include "asn1_locl.h"
+#include <openssl/evp.h>
+/* If this symbol is defined then ENGINE_get_pkey_asn1_meth_engine(), the
+ * function that is used by EVP to hook in pkey_asn1_meth code and cache
+ * defaults (etc), will display brief debugging summaries to stderr with the
+ * 'nid'. */
+/* #define ENGINE_PKEY_ASN1_METH_DEBUG */
+static ENGINE_TABLE *pkey_asn1_meth_table = NULL;
+void ENGINE_unregister_pkey_asn1_meths(ENGINE *e)
+        {
+        engine_table_unregister(&pkey_asn1_meth_table, e);
+        }
+static void engine_unregister_all_pkey_asn1_meths(void)
+        {
+        engine_table_cleanup(&pkey_asn1_meth_table);
+        }
+int ENGINE_register_pkey_asn1_meths(ENGINE *e)
+        {
+        if(e->pkey_asn1_meths)
+                {
+                const int *nids;
+                int num_nids = e->pkey_asn1_meths(e, NULL, &nids, 0);
+                if(num_nids > 0)
+                        return engine_table_register(&pkey_asn1_meth_table,
+                                engine_unregister_all_pkey_asn1_meths, e, nids,
+                                        num_nids, 0);
+                }
+        return 1;
+        }
+void ENGINE_register_all_pkey_asn1_meths(void)
+        {
+        ENGINE *e;
+        for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
+                ENGINE_register_pkey_asn1_meths(e);
+        }
+int ENGINE_set_default_pkey_asn1_meths(ENGINE *e)
+        {
+        if(e->pkey_asn1_meths)
+                {
+                const int *nids;
+                int num_nids = e->pkey_asn1_meths(e, NULL, &nids, 0);
+                if(num_nids > 0)
+                        return engine_table_register(&pkey_asn1_meth_table,
+                                engine_unregister_all_pkey_asn1_meths, e, nids,
+                                        num_nids, 1);
+                }
+        return 1;
+        }
+/* Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references) for a given pkey_asn1_meth 'nid' */
+ENGINE *ENGINE_get_pkey_asn1_meth_engine(int nid)
+        {
+        return engine_table_select(&pkey_asn1_meth_table, nid);
+        }
+/* Obtains a pkey_asn1_meth implementation from an ENGINE functional reference */
+const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth(ENGINE *e, int nid)
+        {
+        EVP_PKEY_ASN1_METHOD *ret;
+        ENGINE_PKEY_ASN1_METHS_PTR fn = ENGINE_get_pkey_asn1_meths(e);
+        if(!fn || !fn(e, &ret, NULL, nid))
+                {
+                ENGINEerr(ENGINE_F_ENGINE_GET_PKEY_ASN1_METH,
+                                ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD);
+                return NULL;
+                }
+        return ret;
+        }
+/* Gets the pkey_asn1_meth callback from an ENGINE structure */
+ENGINE_PKEY_ASN1_METHS_PTR ENGINE_get_pkey_asn1_meths(const ENGINE *e)
+        {
+        return e->pkey_asn1_meths;
+        }
+/* Sets the pkey_asn1_meth callback in an ENGINE structure */
+int ENGINE_set_pkey_asn1_meths(ENGINE *e, ENGINE_PKEY_ASN1_METHS_PTR f)
+        {
+        e->pkey_asn1_meths = f;
+        return 1;
+        }
+/* Internal function to free up EVP_PKEY_ASN1_METHOD structures before an
+ * ENGINE is destroyed
+ */
+void engine_pkey_asn1_meths_free(ENGINE *e)
+        {
+        int i;
+        EVP_PKEY_ASN1_METHOD *pkm;
+        if (e->pkey_asn1_meths)
+                {
+                const int *pknids;
+                int npknids;
+                npknids = e->pkey_asn1_meths(e, NULL, &pknids, 0);
+                for (i = 0; i < npknids; i++)
+                        {
+                        if (e->pkey_asn1_meths(e, &pkm, NULL, pknids[i]))
+                                {
+                                EVP_PKEY_asn1_free(pkm);
+                                }
+                        }
+                }
+        }
+/* Find a method based on a string. This does a linear search through
+ * all implemented algorithms. This is OK in practice because only
+ * a small number of algorithms are likely to be implemented in an engine
+ * and it is not used for speed critical operations.
+ */
+const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e,
+                                        const char *str, int len)
+        {
+        int i, nidcount;
+        const int *nids;
+        EVP_PKEY_ASN1_METHOD *ameth;
+        if (!e->pkey_asn1_meths)
+                return NULL;
+        if (len == -1)
+                len = strlen(str);
+        nidcount = e->pkey_asn1_meths(e, NULL, &nids, 0);
+        for (i = 0; i < nidcount; i++)
+                {
+                e->pkey_asn1_meths(e, &ameth, NULL, nids[i]);
+                if (((int)strlen(ameth->pem_str) == len) && 
+                                        !strncasecmp(ameth->pem_str, str, len))
+                        return ameth;
+                }
+        return NULL;
+        }
+typedef struct 
+        {
+        ENGINE *e;
+        const EVP_PKEY_ASN1_METHOD *ameth;
+        const char *str;
+        int len;
+        } ENGINE_FIND_STR;
+static void look_str_cb(int nid, STACK_OF(ENGINE) *sk, ENGINE *def, void *arg)
+        {
+        ENGINE_FIND_STR *lk = arg;
+        int i;
+        if (lk->ameth)
+                return;
+        for (i = 0; i < sk_ENGINE_num(sk); i++)
+                {
+                ENGINE *e = sk_ENGINE_value(sk, i);
+                EVP_PKEY_ASN1_METHOD *ameth;
+                e->pkey_asn1_meths(e, &ameth, NULL, nid);
+                if (((int)strlen(ameth->pem_str) == lk->len) && 
+                                !strncasecmp(ameth->pem_str, lk->str, lk->len))
+                        {
+                        lk->e = e;
+                        lk->ameth = ameth;
+                        return;
+                        }
+                }
+        }
+const EVP_PKEY_ASN1_METHOD *ENGINE_pkey_asn1_find_str(ENGINE **pe,
+                                        const char *str, int len)
+        {
+        ENGINE_FIND_STR fstr;
+        fstr.e = NULL;
+        fstr.ameth = NULL;
+        fstr.str = str;
+        fstr.len = len;
+        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+        engine_table_doall(pkey_asn1_meth_table, look_str_cb, &fstr);
+        /* If found obtain a structural reference to engine */
+        if (fstr.e)
+                {
+                fstr.e->struct_ref++;
+                engine_ref_debug(fstr.e, 0, 1)
+                }
+        *pe = fstr.e;
+        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        return fstr.ameth;
+        }
diff --git a/src/lib/libcrypto/engine/tb_pkmeth.c b/src/lib/libcrypto/engine/tb_pkmeth.c
new file mode 100644
index 0000000000..1cdb967f25
--- /dev/null
+++ b/src/lib/libcrypto/engine/tb_pkmeth.c
@@ -0,0 +1,167 @@
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include "eng_int.h"
+#include <openssl/evp.h>
+/* If this symbol is defined then ENGINE_get_pkey_meth_engine(), the function
+ * that is used by EVP to hook in pkey_meth code and cache defaults (etc), will
+ * display brief debugging summaries to stderr with the 'nid'. */
+/* #define ENGINE_PKEY_METH_DEBUG */
+static ENGINE_TABLE *pkey_meth_table = NULL;
+void ENGINE_unregister_pkey_meths(ENGINE *e)
+        {
+        engine_table_unregister(&pkey_meth_table, e);
+        }
+static void engine_unregister_all_pkey_meths(void)
+        {
+        engine_table_cleanup(&pkey_meth_table);
+        }
+int ENGINE_register_pkey_meths(ENGINE *e)
+        {
+        if(e->pkey_meths)
+                {
+                const int *nids;
+                int num_nids = e->pkey_meths(e, NULL, &nids, 0);
+                if(num_nids > 0)
+                        return engine_table_register(&pkey_meth_table,
+                                engine_unregister_all_pkey_meths, e, nids,
+                                        num_nids, 0);
+                }
+        return 1;
+        }
+void ENGINE_register_all_pkey_meths()
+        {
+        ENGINE *e;
+        for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
+                ENGINE_register_pkey_meths(e);
+        }
+int ENGINE_set_default_pkey_meths(ENGINE *e)
+        {
+        if(e->pkey_meths)
+                {
+                const int *nids;
+                int num_nids = e->pkey_meths(e, NULL, &nids, 0);
+                if(num_nids > 0)
+                        return engine_table_register(&pkey_meth_table,
+                                engine_unregister_all_pkey_meths, e, nids,
+                                        num_nids, 1);
+                }
+        return 1;
+        }
+/* Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references) for a given pkey_meth 'nid' */
+ENGINE *ENGINE_get_pkey_meth_engine(int nid)
+        {
+        return engine_table_select(&pkey_meth_table, nid);
+        }
+/* Obtains a pkey_meth implementation from an ENGINE functional reference */
+const EVP_PKEY_METHOD *ENGINE_get_pkey_meth(ENGINE *e, int nid)
+        {
+        EVP_PKEY_METHOD *ret;
+        ENGINE_PKEY_METHS_PTR fn = ENGINE_get_pkey_meths(e);
+        if(!fn || !fn(e, &ret, NULL, nid))
+                {
+                ENGINEerr(ENGINE_F_ENGINE_GET_PKEY_METH,
+                                ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD);
+                return NULL;
+                }
+        return ret;
+        }
+/* Gets the pkey_meth callback from an ENGINE structure */
+ENGINE_PKEY_METHS_PTR ENGINE_get_pkey_meths(const ENGINE *e)
+        {
+        return e->pkey_meths;
+        }
+/* Sets the pkey_meth callback in an ENGINE structure */
+int ENGINE_set_pkey_meths(ENGINE *e, ENGINE_PKEY_METHS_PTR f)
+        {
+        e->pkey_meths = f;
+        return 1;
+        }
+/* Internal function to free up EVP_PKEY_METHOD structures before an
+ * ENGINE is destroyed
+ */
+void engine_pkey_meths_free(ENGINE *e)
+        {
+        int i;
+        EVP_PKEY_METHOD *pkm;
+        if (e->pkey_meths)
+                {
+                const int *pknids;
+                int npknids;
+                npknids = e->pkey_meths(e, NULL, &pknids, 0);
+                for (i = 0; i < npknids; i++)
+                        {
+                        if (e->pkey_meths(e, &pkm, NULL, pknids[i]))
+                                {
+                                EVP_PKEY_meth_free(pkm);
+                                }
+                        }
+                }
+        }
diff --git a/src/lib/libcrypto/err/err.c b/src/lib/libcrypto/err/err.c
index 292404a2fb..69713a6e2f 100644
--- a/src/lib/libcrypto/err/err.c
+++ b/src/lib/libcrypto/err/err.c
@@ -56,7 +56,7 @@
 * [including the GNU Public Licence.]
 */
 /* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -119,9 +119,507 @@
 #include <openssl/bio.h>
 #include <openssl/err.h>
-static unsigned long get_error_values(int inc,int top,
+DECLARE_LHASH_OF(ERR_STRING_DATA);
-                                        const char **file,int *line,
+DECLARE_LHASH_OF(ERR_STATE);
-                                        const char **data,int *flags);
+static void err_load_strings(int lib, ERR_STRING_DATA *str);
+static void ERR_STATE_free(ERR_STATE *s);
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA ERR_str_libraries[]=
+        {
+{ERR_PACK(ERR_LIB_NONE,0,0)             ,"unknown library"},
+{ERR_PACK(ERR_LIB_SYS,0,0)              ,"system library"},
+{ERR_PACK(ERR_LIB_BN,0,0)               ,"bignum routines"},
+{ERR_PACK(ERR_LIB_RSA,0,0)              ,"rsa routines"},
+{ERR_PACK(ERR_LIB_DH,0,0)               ,"Diffie-Hellman routines"},
+{ERR_PACK(ERR_LIB_EVP,0,0)              ,"digital envelope routines"},
+{ERR_PACK(ERR_LIB_BUF,0,0)              ,"memory buffer routines"},
+{ERR_PACK(ERR_LIB_OBJ,0,0)              ,"object identifier routines"},
+{ERR_PACK(ERR_LIB_PEM,0,0)              ,"PEM routines"},
+{ERR_PACK(ERR_LIB_DSA,0,0)              ,"dsa routines"},
+{ERR_PACK(ERR_LIB_X509,0,0)             ,"x509 certificate routines"},
+{ERR_PACK(ERR_LIB_ASN1,0,0)             ,"asn1 encoding routines"},
+{ERR_PACK(ERR_LIB_CONF,0,0)             ,"configuration file routines"},
+{ERR_PACK(ERR_LIB_CRYPTO,0,0)           ,"common libcrypto routines"},
+{ERR_PACK(ERR_LIB_EC,0,0)               ,"elliptic curve routines"},
+{ERR_PACK(ERR_LIB_SSL,0,0)              ,"SSL routines"},
+{ERR_PACK(ERR_LIB_BIO,0,0)              ,"BIO routines"},
+{ERR_PACK(ERR_LIB_PKCS7,0,0)            ,"PKCS7 routines"},
+{ERR_PACK(ERR_LIB_X509V3,0,0)           ,"X509 V3 routines"},
+{ERR_PACK(ERR_LIB_PKCS12,0,0)           ,"PKCS12 routines"},
+{ERR_PACK(ERR_LIB_RAND,0,0)             ,"random number generator"},
+{ERR_PACK(ERR_LIB_DSO,0,0)              ,"DSO support routines"},
+{ERR_PACK(ERR_LIB_TS,0,0)               ,"time stamp routines"},
+{ERR_PACK(ERR_LIB_ENGINE,0,0)           ,"engine routines"},
+{ERR_PACK(ERR_LIB_OCSP,0,0)             ,"OCSP routines"},
+{ERR_PACK(ERR_LIB_FIPS,0,0)             ,"FIPS routines"},
+{ERR_PACK(ERR_LIB_CMS,0,0)              ,"CMS routines"},
+{ERR_PACK(ERR_LIB_HMAC,0,0)             ,"HMAC routines"},
+{0,NULL},
+        };
+static ERR_STRING_DATA ERR_str_functs[]=
+        {
+        {ERR_PACK(0,SYS_F_FOPEN,0),             "fopen"},
+        {ERR_PACK(0,SYS_F_CONNECT,0),           "connect"},
+        {ERR_PACK(0,SYS_F_GETSERVBYNAME,0),     "getservbyname"},
+        {ERR_PACK(0,SYS_F_SOCKET,0),            "socket"}, 
+        {ERR_PACK(0,SYS_F_IOCTLSOCKET,0),       "ioctlsocket"},
+        {ERR_PACK(0,SYS_F_BIND,0),              "bind"},
+        {ERR_PACK(0,SYS_F_LISTEN,0),            "listen"},
+        {ERR_PACK(0,SYS_F_ACCEPT,0),            "accept"},
+#ifdef OPENSSL_SYS_WINDOWS
+        {ERR_PACK(0,SYS_F_WSASTARTUP,0),        "WSAstartup"},
+#endif
+        {ERR_PACK(0,SYS_F_OPENDIR,0),           "opendir"},
+        {ERR_PACK(0,SYS_F_FREAD,0),             "fread"},
+        {0,NULL},
+        };
+static ERR_STRING_DATA ERR_str_reasons[]=
+        {
+{ERR_R_SYS_LIB                          ,"system lib"},
+{ERR_R_BN_LIB                           ,"BN lib"},
+{ERR_R_RSA_LIB                          ,"RSA lib"},
+{ERR_R_DH_LIB                           ,"DH lib"},
+{ERR_R_EVP_LIB                          ,"EVP lib"},
+{ERR_R_BUF_LIB                          ,"BUF lib"},
+{ERR_R_OBJ_LIB                          ,"OBJ lib"},
+{ERR_R_PEM_LIB                          ,"PEM lib"},
+{ERR_R_DSA_LIB                          ,"DSA lib"},
+{ERR_R_X509_LIB                         ,"X509 lib"},
+{ERR_R_ASN1_LIB                         ,"ASN1 lib"},
+{ERR_R_CONF_LIB                         ,"CONF lib"},
+{ERR_R_CRYPTO_LIB                       ,"CRYPTO lib"},
+{ERR_R_EC_LIB                           ,"EC lib"},
+{ERR_R_SSL_LIB                          ,"SSL lib"},
+{ERR_R_BIO_LIB                          ,"BIO lib"},
+{ERR_R_PKCS7_LIB                        ,"PKCS7 lib"},
+{ERR_R_X509V3_LIB                       ,"X509V3 lib"},
+{ERR_R_PKCS12_LIB                       ,"PKCS12 lib"},
+{ERR_R_RAND_LIB                         ,"RAND lib"},
+{ERR_R_DSO_LIB                          ,"DSO lib"},
+{ERR_R_ENGINE_LIB                       ,"ENGINE lib"},
+{ERR_R_OCSP_LIB                         ,"OCSP lib"},
+{ERR_R_TS_LIB                           ,"TS lib"},
+{ERR_R_NESTED_ASN1_ERROR                ,"nested asn1 error"},
+{ERR_R_BAD_ASN1_OBJECT_HEADER           ,"bad asn1 object header"},
+{ERR_R_BAD_GET_ASN1_OBJECT_CALL         ,"bad get asn1 object call"},
+{ERR_R_EXPECTING_AN_ASN1_SEQUENCE       ,"expecting an asn1 sequence"},
+{ERR_R_ASN1_LENGTH_MISMATCH             ,"asn1 length mismatch"},
+{ERR_R_MISSING_ASN1_EOS                 ,"missing asn1 eos"},
+{ERR_R_FATAL                            ,"fatal"},
+{ERR_R_MALLOC_FAILURE                   ,"malloc failure"},
+{ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED      ,"called a function you should not call"},
+{ERR_R_PASSED_NULL_PARAMETER            ,"passed a null parameter"},
+{ERR_R_INTERNAL_ERROR                   ,"internal error"},
+{ERR_R_DISABLED                         ,"called a function that was disabled at compile-time"},
+{0,NULL},
+        };
+#endif
+/* Define the predeclared (but externally opaque) "ERR_FNS" type */
+struct st_ERR_FNS
+        {
+        /* Works on the "error_hash" string table */
+        LHASH_OF(ERR_STRING_DATA) *(*cb_err_get)(int create);
+        void (*cb_err_del)(void);
+        ERR_STRING_DATA *(*cb_err_get_item)(const ERR_STRING_DATA *);
+        ERR_STRING_DATA *(*cb_err_set_item)(ERR_STRING_DATA *);
+        ERR_STRING_DATA *(*cb_err_del_item)(ERR_STRING_DATA *);
+        /* Works on the "thread_hash" error-state table */
+        LHASH_OF(ERR_STATE) *(*cb_thread_get)(int create);
+        void (*cb_thread_release)(LHASH_OF(ERR_STATE) **hash);
+        ERR_STATE *(*cb_thread_get_item)(const ERR_STATE *);
+        ERR_STATE *(*cb_thread_set_item)(ERR_STATE *);
+        void (*cb_thread_del_item)(const ERR_STATE *);
+        /* Returns the next available error "library" numbers */
+        int (*cb_get_next_lib)(void);
+        };
+/* Predeclarations of the "err_defaults" functions */
+static LHASH_OF(ERR_STRING_DATA) *int_err_get(int create);
+static void int_err_del(void);
+static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *);
+static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *);
+static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *);
+static LHASH_OF(ERR_STATE) *int_thread_get(int create);
+static void int_thread_release(LHASH_OF(ERR_STATE) **hash);
+static ERR_STATE *int_thread_get_item(const ERR_STATE *);
+static ERR_STATE *int_thread_set_item(ERR_STATE *);
+static void int_thread_del_item(const ERR_STATE *);
+static int int_err_get_next_lib(void);
+/* The static ERR_FNS table using these defaults functions */
+static const ERR_FNS err_defaults =
+        {
+        int_err_get,
+        int_err_del,
+        int_err_get_item,
+        int_err_set_item,
+        int_err_del_item,
+        int_thread_get,
+        int_thread_release,
+        int_thread_get_item,
+        int_thread_set_item,
+        int_thread_del_item,
+        int_err_get_next_lib
+        };
+/* The replacable table of ERR_FNS functions we use at run-time */
+static const ERR_FNS *err_fns = NULL;
+/* Eg. rather than using "err_get()", use "ERRFN(err_get)()". */
+#define ERRFN(a) err_fns->cb_##a
+/* The internal state used by "err_defaults" - as such, the setting, reading,
+ * creating, and deleting of this data should only be permitted via the
+ * "err_defaults" functions. This way, a linked module can completely defer all
+ * ERR state operation (together with requisite locking) to the implementations
+ * and state in the loading application. */
+static LHASH_OF(ERR_STRING_DATA) *int_error_hash = NULL;
+static LHASH_OF(ERR_STATE) *int_thread_hash = NULL;
+static int int_thread_hash_references = 0;
+static int int_err_library_number= ERR_LIB_USER;
+/* Internal function that checks whether "err_fns" is set and if not, sets it to
+ * the defaults. */
+static void err_fns_check(void)
+        {
+        if (err_fns) return;
+        
+        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+        if (!err_fns)
+                err_fns = &err_defaults;
+        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+        }
+/* API functions to get or set the underlying ERR functions. */
+const ERR_FNS *ERR_get_implementation(void)
+        {
+        err_fns_check();
+        return err_fns;
+        }
+int ERR_set_implementation(const ERR_FNS *fns)
+        {
+        int ret = 0;
+        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+        /* It's too late if 'err_fns' is non-NULL. BTW: not much point setting
+         * an error is there?! */
+        if (!err_fns)
+                {
+                err_fns = fns;
+                ret = 1;
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+        return ret;
+        }
+/* These are the callbacks provided to "lh_new()" when creating the LHASH tables
+ * internal to the "err_defaults" implementation. */
+static unsigned long get_error_values(int inc,int top,const char **file,int *line,
+                                      const char **data,int *flags);
+/* The internal functions used in the "err_defaults" implementation */
+static unsigned long err_string_data_hash(const ERR_STRING_DATA *a)
+        {
+        unsigned long ret,l;
+        l=a->error;
+        ret=l^ERR_GET_LIB(l)^ERR_GET_FUNC(l);
+        return(ret^ret%19*13);
+        }
+static IMPLEMENT_LHASH_HASH_FN(err_string_data, ERR_STRING_DATA)
+static int err_string_data_cmp(const ERR_STRING_DATA *a,
+                               const ERR_STRING_DATA *b)
+        {
+        return (int)(a->error - b->error);
+        }
+static IMPLEMENT_LHASH_COMP_FN(err_string_data, ERR_STRING_DATA)
+static LHASH_OF(ERR_STRING_DATA) *int_err_get(int create)
+        {
+        LHASH_OF(ERR_STRING_DATA) *ret = NULL;
+        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+        if (!int_error_hash && create)
+                {
+                CRYPTO_push_info("int_err_get (err.c)");
+                int_error_hash = lh_ERR_STRING_DATA_new();
+                CRYPTO_pop_info();
+                }
+        if (int_error_hash)
+                ret = int_error_hash;
+        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+        return ret;
+        }
+static void int_err_del(void)
+        {
+        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+        if (int_error_hash)
+                {
+                lh_ERR_STRING_DATA_free(int_error_hash);
+                int_error_hash = NULL;
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+        }
+static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *d)
+        {
+        ERR_STRING_DATA *p;
+        LHASH_OF(ERR_STRING_DATA) *hash;
+        err_fns_check();
+        hash = ERRFN(err_get)(0);
+        if (!hash)
+                return NULL;
+        CRYPTO_r_lock(CRYPTO_LOCK_ERR);
+        p = lh_ERR_STRING_DATA_retrieve(hash, d);
+        CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
+        return p;
+        }
+static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *d)
+        {
+        ERR_STRING_DATA *p;
+        LHASH_OF(ERR_STRING_DATA) *hash;
+        err_fns_check();
+        hash = ERRFN(err_get)(1);
+        if (!hash)
+                return NULL;
+        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+        p = lh_ERR_STRING_DATA_insert(hash, d);
+        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+        return p;
+        }
+static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *d)
+        {
+        ERR_STRING_DATA *p;
+        LHASH_OF(ERR_STRING_DATA) *hash;
+        err_fns_check();
+        hash = ERRFN(err_get)(0);
+        if (!hash)
+                return NULL;
+        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+        p = lh_ERR_STRING_DATA_delete(hash, d);
+        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+        return p;
+        }
+static unsigned long err_state_hash(const ERR_STATE *a)
+        {
+        return CRYPTO_THREADID_hash(&a->tid) * 13;
+        }
+static IMPLEMENT_LHASH_HASH_FN(err_state, ERR_STATE)
+static int err_state_cmp(const ERR_STATE *a, const ERR_STATE *b)
+        {
+        return CRYPTO_THREADID_cmp(&a->tid, &b->tid);
+        }
+static IMPLEMENT_LHASH_COMP_FN(err_state, ERR_STATE)
+static LHASH_OF(ERR_STATE) *int_thread_get(int create)
+        {
+        LHASH_OF(ERR_STATE) *ret = NULL;
+        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+        if (!int_thread_hash && create)
+                {
+                CRYPTO_push_info("int_thread_get (err.c)");
+                int_thread_hash = lh_ERR_STATE_new();
+                CRYPTO_pop_info();
+                }
+        if (int_thread_hash)
+                {
+                int_thread_hash_references++;
+                ret = int_thread_hash;
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+        return ret;
+        }
+static void int_thread_release(LHASH_OF(ERR_STATE) **hash)
+        {
+        int i;
+        if (hash == NULL || *hash == NULL)
+                return;
+        i = CRYPTO_add(&int_thread_hash_references, -1, CRYPTO_LOCK_ERR);
+#ifdef REF_PRINT
+        fprintf(stderr,"%4d:%s\n",int_thread_hash_references,"ERR");
+#endif
+        if (i > 0) return;
+#ifdef REF_CHECK
+        if (i < 0)
+                {
+                fprintf(stderr,"int_thread_release, bad reference count\n");
+                abort(); /* ok */
+                }
+#endif
+        *hash = NULL;
+        }
+static ERR_STATE *int_thread_get_item(const ERR_STATE *d)
+        {
+        ERR_STATE *p;
+        LHASH_OF(ERR_STATE) *hash;
+        err_fns_check();
+        hash = ERRFN(thread_get)(0);
+        if (!hash)
+                return NULL;
+        CRYPTO_r_lock(CRYPTO_LOCK_ERR);
+        p = lh_ERR_STATE_retrieve(hash, d);
+        CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
+        ERRFN(thread_release)(&hash);
+        return p;
+        }
+static ERR_STATE *int_thread_set_item(ERR_STATE *d)
+        {
+        ERR_STATE *p;
+        LHASH_OF(ERR_STATE) *hash;
+        err_fns_check();
+        hash = ERRFN(thread_get)(1);
+        if (!hash)
+                return NULL;
+        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+        p = lh_ERR_STATE_insert(hash, d);
+        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+        ERRFN(thread_release)(&hash);
+        return p;
+        }
+static void int_thread_del_item(const ERR_STATE *d)
+        {
+        ERR_STATE *p;
+        LHASH_OF(ERR_STATE) *hash;
+        err_fns_check();
+        hash = ERRFN(thread_get)(0);
+        if (!hash)
+                return;
+        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+        p = lh_ERR_STATE_delete(hash, d);
+        /* make sure we don't leak memory */
+        if (int_thread_hash_references == 1
+            && int_thread_hash && lh_ERR_STATE_num_items(int_thread_hash) == 0)
+                {
+                lh_ERR_STATE_free(int_thread_hash);
+                int_thread_hash = NULL;
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+        ERRFN(thread_release)(&hash);
+        if (p)
+                ERR_STATE_free(p);
+        }
+static int int_err_get_next_lib(void)
+        {
+        int ret;
+        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+        ret = int_err_library_number++;
+        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+        return ret;
+        }
+#ifndef OPENSSL_NO_ERR
+#define NUM_SYS_STR_REASONS 127
+#define LEN_SYS_STR_REASON 32
+static ERR_STRING_DATA SYS_str_reasons[NUM_SYS_STR_REASONS + 1];
+/* SYS_str_reasons is filled with copies of strerror() results at
+ * initialization.
+ * 'errno' values up to 127 should cover all usual errors,
+ * others will be displayed numerically by ERR_error_string.
+ * It is crucial that we have something for each reason code
+ * that occurs in ERR_str_reasons, or bogus reason strings
+ * will be returned for SYSerr(), which always gets an errno
+ * value and never one of those 'standard' reason codes. */
+static void build_SYS_str_reasons(void)
+        {
+        /* OPENSSL_malloc cannot be used here, use static storage instead */
+        static char strerror_tab[NUM_SYS_STR_REASONS][LEN_SYS_STR_REASON];
+        int i;
+        static int init = 1;
+        CRYPTO_r_lock(CRYPTO_LOCK_ERR);
+        if (!init)
+                {
+                CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
+                return;
+                }
+        
+        CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
+        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+        if (!init)
+                {
+                CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+                return;
+                }
+        for (i = 1; i <= NUM_SYS_STR_REASONS; i++)
+                {
+                ERR_STRING_DATA *str = &SYS_str_reasons[i - 1];
+                str->error = (unsigned long)i;
+                if (str->string == NULL)
+                        {
+                        char (*dest)[LEN_SYS_STR_REASON] = &(strerror_tab[i - 1]);
+                        char *src = strerror(i);
+                        if (src != NULL)
+                                {
+                                strncpy(*dest, src, sizeof *dest);
+                                (*dest)[sizeof *dest - 1] = '\0';
+                                str->string = *dest;
+                                }
+                        }
+                if (str->string == NULL)
+                        str->string = "unknown";
+                }
+        /* Now we still have SYS_str_reasons[NUM_SYS_STR_REASONS] = {0, NULL},
+         * as required by ERR_load_strings. */
+        init = 0;
+        
+        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+        }
+#endif
 #define err_clear_data(p,i) \
        do { \
@@ -143,6 +641,68 @@ static unsigned long get_error_values(int inc,int top,
        (p)->err_line[i]= -1; \
        } while(0)
+static void ERR_STATE_free(ERR_STATE *s)
+        {
+        int i;
+        if (s == NULL)
+            return;
+        for (i=0; i<ERR_NUM_ERRORS; i++)
+                {
+                err_clear_data(s,i);
+                }
+        OPENSSL_free(s);
+        }
+void ERR_load_ERR_strings(void)
+        {
+        err_fns_check();
+#ifndef OPENSSL_NO_ERR
+        err_load_strings(0,ERR_str_libraries);
+        err_load_strings(0,ERR_str_reasons);
+        err_load_strings(ERR_LIB_SYS,ERR_str_functs);
+        build_SYS_str_reasons();
+        err_load_strings(ERR_LIB_SYS,SYS_str_reasons);
+#endif
+        }
+static void err_load_strings(int lib, ERR_STRING_DATA *str)
+        {
+        while (str->error)
+                {
+                if (lib)
+                        str->error|=ERR_PACK(lib,0,0);
+                ERRFN(err_set_item)(str);
+                str++;
+                }
+        }
+void ERR_load_strings(int lib, ERR_STRING_DATA *str)
+        {
+        ERR_load_ERR_strings();
+        err_load_strings(lib, str);
+        }
+void ERR_unload_strings(int lib, ERR_STRING_DATA *str)
+        {
+        while (str->error)
+                {
+                if (lib)
+                        str->error|=ERR_PACK(lib,0,0);
+                ERRFN(err_del_item)(str);
+                str++;
+                }
+        }
+void ERR_free_strings(void)
+        {
+        err_fns_check();
+        ERRFN(err_del)();
+        }
+/********************************************************/
 void ERR_put_error(int lib, int func, int reason, const char *file,
             int line)
        {
@@ -297,6 +857,196 @@ static unsigned long get_error_values(int inc, int top, const char **file, int *
        return ret;
        }
+void ERR_error_string_n(unsigned long e, char *buf, size_t len)
+        {
+        char lsbuf[64], fsbuf[64], rsbuf[64];
+        const char *ls,*fs,*rs;
+        unsigned long l,f,r;
+        l=ERR_GET_LIB(e);
+        f=ERR_GET_FUNC(e);
+        r=ERR_GET_REASON(e);
+        ls=ERR_lib_error_string(e);
+        fs=ERR_func_error_string(e);
+        rs=ERR_reason_error_string(e);
+        if (ls == NULL) 
+                BIO_snprintf(lsbuf, sizeof(lsbuf), "lib(%lu)", l);
+        if (fs == NULL)
+                BIO_snprintf(fsbuf, sizeof(fsbuf), "func(%lu)", f);
+        if (rs == NULL)
+                BIO_snprintf(rsbuf, sizeof(rsbuf), "reason(%lu)", r);
+        BIO_snprintf(buf, len,"error:%08lX:%s:%s:%s", e, ls?ls:lsbuf, 
+                fs?fs:fsbuf, rs?rs:rsbuf);
+        if (strlen(buf) == len-1)
+                {
+                /* output may be truncated; make sure we always have 5 
+                 * colon-separated fields, i.e. 4 colons ... */
+#define NUM_COLONS 4
+                if (len > NUM_COLONS) /* ... if possible */
+                        {
+                        int i;
+                        char *s = buf;
+                        
+                        for (i = 0; i < NUM_COLONS; i++)
+                                {
+                                char *colon = strchr(s, ':');
+                                if (colon == NULL || colon > &buf[len-1] - NUM_COLONS + i)
+                                        {
+                                        /* set colon no. i at last possible position
+                                         * (buf[len-1] is the terminating 0)*/
+                                        colon = &buf[len-1] - NUM_COLONS + i;
+                                        *colon = ':';
+                                        }
+                                s = colon + 1;
+                                }
+                        }
+                }
+        }
+/* BAD for multi-threading: uses a local buffer if ret == NULL */
+/* ERR_error_string_n should be used instead for ret != NULL
+ * as ERR_error_string cannot know how large the buffer is */
+char *ERR_error_string(unsigned long e, char *ret)
+        {
+        static char buf[256];
+        if (ret == NULL) ret=buf;
+        ERR_error_string_n(e, ret, 256);
+        return ret;
+        }
+LHASH_OF(ERR_STRING_DATA) *ERR_get_string_table(void)
+        {
+        err_fns_check();
+        return ERRFN(err_get)(0);
+        }
+LHASH_OF(ERR_STATE) *ERR_get_err_state_table(void)
+        {
+        err_fns_check();
+        return ERRFN(thread_get)(0);
+        }
+void ERR_release_err_state_table(LHASH_OF(ERR_STATE) **hash)
+        {
+        err_fns_check();
+        ERRFN(thread_release)(hash);
+        }
+const char *ERR_lib_error_string(unsigned long e)
+        {
+        ERR_STRING_DATA d,*p;
+        unsigned long l;
+        err_fns_check();
+        l=ERR_GET_LIB(e);
+        d.error=ERR_PACK(l,0,0);
+        p=ERRFN(err_get_item)(&d);
+        return((p == NULL)?NULL:p->string);
+        }
+const char *ERR_func_error_string(unsigned long e)
+        {
+        ERR_STRING_DATA d,*p;
+        unsigned long l,f;
+        err_fns_check();
+        l=ERR_GET_LIB(e);
+        f=ERR_GET_FUNC(e);
+        d.error=ERR_PACK(l,f,0);
+        p=ERRFN(err_get_item)(&d);
+        return((p == NULL)?NULL:p->string);
+        }
+const char *ERR_reason_error_string(unsigned long e)
+        {
+        ERR_STRING_DATA d,*p=NULL;
+        unsigned long l,r;
+        err_fns_check();
+        l=ERR_GET_LIB(e);
+        r=ERR_GET_REASON(e);
+        d.error=ERR_PACK(l,0,r);
+        p=ERRFN(err_get_item)(&d);
+        if (!p)
+                {
+                d.error=ERR_PACK(0,0,r);
+                p=ERRFN(err_get_item)(&d);
+                }
+        return((p == NULL)?NULL:p->string);
+        }
+void ERR_remove_thread_state(const CRYPTO_THREADID *id)
+        {
+        ERR_STATE tmp;
+        if (id)
+                CRYPTO_THREADID_cpy(&tmp.tid, id);
+        else
+                CRYPTO_THREADID_current(&tmp.tid);
+        err_fns_check();
+        /* thread_del_item automatically destroys the LHASH if the number of
+         * items reaches zero. */
+        ERRFN(thread_del_item)(&tmp);
+        }
+#ifndef OPENSSL_NO_DEPRECATED
+void ERR_remove_state(unsigned long pid)
+        {
+        ERR_remove_thread_state(NULL);
+        }
+#endif
+ERR_STATE *ERR_get_state(void)
+        {
+        static ERR_STATE fallback;
+        ERR_STATE *ret,tmp,*tmpp=NULL;
+        int i;
+        CRYPTO_THREADID tid;
+        err_fns_check();
+        CRYPTO_THREADID_current(&tid);
+        CRYPTO_THREADID_cpy(&tmp.tid, &tid);
+        ret=ERRFN(thread_get_item)(&tmp);
+        /* ret == the error state, if NULL, make a new one */
+        if (ret == NULL)
+                {
+                ret=(ERR_STATE *)OPENSSL_malloc(sizeof(ERR_STATE));
+                if (ret == NULL) return(&fallback);
+                CRYPTO_THREADID_cpy(&ret->tid, &tid);
+                ret->top=0;
+                ret->bottom=0;
+                for (i=0; i<ERR_NUM_ERRORS; i++)
+                        {
+                        ret->err_data[i]=NULL;
+                        ret->err_data_flags[i]=0;
+                        }
+                tmpp = ERRFN(thread_set_item)(ret);
+                /* To check if insertion failed, do a get. */
+                if (ERRFN(thread_get_item)(ret) != ret)
+                        {
+                        ERR_STATE_free(ret); /* could not insert it */
+                        return(&fallback);
+                        }
+                /* If a race occured in this function and we came second, tmpp
+                 * is the first one that we just replaced. */
+                if (tmpp)
+                        ERR_STATE_free(tmpp);
+                }
+        return ret;
+        }
+int ERR_get_next_error_library(void)
+        {
+        err_fns_check();
+        return ERRFN(get_next_lib)();
+        }
 void ERR_set_error_data(char *data, int flags)
        {
        ERR_STATE *es;
@@ -383,34 +1133,3 @@ int ERR_pop_to_mark(void)
        es->err_flags[es->top]&=~ERR_FLAG_MARK;
        return 1;
        }
-#ifdef OPENSSL_FIPS
-static ERR_STATE *fget_state(void)
-        {
-        static ERR_STATE fstate;
-        return &fstate;
-        }
-ERR_STATE *(*get_state_func)(void) = fget_state;
-void (*remove_state_func)(unsigned long pid);
-ERR_STATE *ERR_get_state(void)
-        {
-        return get_state_func();
-        }
-void int_ERR_set_state_func(ERR_STATE *(*get_func)(void),
-                                void (*remove_func)(unsigned long pid))
-        {
-        get_state_func = get_func;
-        remove_state_func = remove_func;
-        }
-void ERR_remove_state(unsigned long pid)
-        {
-        if (remove_state_func)
-                remove_state_func(pid);
-        }
-#endif
diff --git a/src/lib/libcrypto/err/err.h b/src/lib/libcrypto/err/err.h
index dcac415231..b9f8c16d47 100644
--- a/src/lib/libcrypto/err/err.h
+++ b/src/lib/libcrypto/err/err.h
@@ -55,6 +55,59 @@
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
+/* ====================================================================
+ * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 #ifndef HEADER_ERR_H
 #define HEADER_ERR_H
@@ -94,7 +147,7 @@ extern "C" {
 #define ERR_NUM_ERRORS  16
 typedef struct err_state_st
        {
-        unsigned long pid;
+        CRYPTO_THREADID tid;
        int err_flags[ERR_NUM_ERRORS];
        unsigned long err_buffer[ERR_NUM_ERRORS];
        char *err_data[ERR_NUM_ERRORS];
@@ -142,7 +195,9 @@ typedef struct err_state_st
 #define ERR_LIB_STORE           44
 #define ERR_LIB_FIPS            45
 #define ERR_LIB_CMS             46
-#define ERR_LIB_JPAKE           47
+#define ERR_LIB_TS              47
+#define ERR_LIB_HMAC            48
+#define ERR_LIB_JPAKE           49
 #define ERR_LIB_USER            128
@@ -176,6 +231,8 @@ typedef struct err_state_st
 #define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),__FILE__,__LINE__)
 #define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),__FILE__,__LINE__)
 #define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),__FILE__,__LINE__)
+#define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),__FILE__,__LINE__)
+#define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),__FILE__,__LINE__)
 #define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),__FILE__,__LINE__)
 /* Borland C seems too stupid to be able to shift and do longs in
@@ -232,6 +289,7 @@ typedef struct err_state_st
 #define ERR_R_ECDSA_LIB ERR_LIB_ECDSA    /* 42 */
 #define ERR_R_ECDH_LIB  ERR_LIB_ECDH     /* 43 */
 #define ERR_R_STORE_LIB ERR_LIB_STORE    /* 44 */
+#define ERR_R_TS_LIB    ERR_LIB_TS       /* 45 */
 #define ERR_R_NESTED_ASN1_ERROR                 58
 #define ERR_R_BAD_ASN1_OBJECT_HEADER            59
@@ -294,13 +352,16 @@ void ERR_load_ERR_strings(void);
 void ERR_load_crypto_strings(void);
 void ERR_free_strings(void);
+void ERR_remove_thread_state(const CRYPTO_THREADID *tid);
+#ifndef OPENSSL_NO_DEPRECATED
 void ERR_remove_state(unsigned long pid); /* if zero we look it up */
+#endif
 ERR_STATE *ERR_get_state(void);
 #ifndef OPENSSL_NO_LHASH
-LHASH *ERR_get_string_table(void);
+LHASH_OF(ERR_STRING_DATA) *ERR_get_string_table(void);
-LHASH *ERR_get_err_state_table(void);
+LHASH_OF(ERR_STATE) *ERR_get_err_state_table(void);
-void ERR_release_err_state_table(LHASH **hash);
+void ERR_release_err_state_table(LHASH_OF(ERR_STATE) **hash);
 #endif
 int ERR_get_next_error_library(void);
@@ -308,12 +369,6 @@ int ERR_get_next_error_library(void);
 int ERR_set_mark(void);
 int ERR_pop_to_mark(void);
-#ifdef OPENSSL_FIPS
-void int_ERR_set_state_func(ERR_STATE *(*get_func)(void),
-                                void (*remove_func)(unsigned long pid));
-void int_ERR_lib_init(void);
-#endif
 /* Already defined in ossl_typ.h */
 /* typedef struct st_ERR_FNS ERR_FNS; */
 /* An application can use this function and provide the return value to loaded
diff --git a/src/lib/libcrypto/err/err_all.c b/src/lib/libcrypto/err/err_all.c
index f21a5276ed..fc049e8e88 100644
--- a/src/lib/libcrypto/err/err_all.c
+++ b/src/lib/libcrypto/err/err_all.c
@@ -64,6 +64,7 @@
 #endif
 #include <openssl/buffer.h>
 #include <openssl/bio.h>
+#include <openssl/comp.h>
 #ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
 #endif
@@ -94,16 +95,14 @@
 #include <openssl/ui.h>
 #include <openssl/ocsp.h>
 #include <openssl/err.h>
-#ifdef OPENSSL_FIPS
+#include <openssl/ts.h>
-#include <openssl/fips.h>
-#endif
 #ifndef OPENSSL_NO_CMS
 #include <openssl/cms.h>
 #endif
 #ifndef OPENSSL_NO_JPAKE
 #include <openssl/jpake.h>
 #endif
+#include <openssl/comp.h>
 void ERR_load_crypto_strings(void)
        {
@@ -127,6 +126,7 @@ void ERR_load_crypto_strings(void)
        ERR_load_ASN1_strings();
        ERR_load_CONF_strings();
        ERR_load_CRYPTO_strings();
+        ERR_load_COMP_strings();
 #ifndef OPENSSL_NO_EC
        ERR_load_EC_strings();
 #endif
@@ -143,19 +143,18 @@ void ERR_load_crypto_strings(void)
        ERR_load_PKCS12_strings();
        ERR_load_RAND_strings();
        ERR_load_DSO_strings();
+        ERR_load_TS_strings();
 #ifndef OPENSSL_NO_ENGINE
        ERR_load_ENGINE_strings();
 #endif
        ERR_load_OCSP_strings();
        ERR_load_UI_strings();
-#ifdef OPENSSL_FIPS
-        ERR_load_FIPS_strings();
-#endif
 #ifndef OPENSSL_NO_CMS
        ERR_load_CMS_strings();
 #endif
 #ifndef OPENSSL_NO_JPAKE
        ERR_load_JPAKE_strings();
 #endif
+        ERR_load_COMP_strings();
 #endif
        }
diff --git a/src/lib/libcrypto/err/err_prn.c b/src/lib/libcrypto/err/err_prn.c
index 4cdf342fa6..a0168ac8ed 100644
--- a/src/lib/libcrypto/err/err_prn.c
+++ b/src/lib/libcrypto/err/err_prn.c
@@ -72,21 +72,29 @@ void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u),
        const char *file,*data;
        int line,flags;
        unsigned long es;
+        CRYPTO_THREADID cur;
-        es=CRYPTO_thread_id();
+        CRYPTO_THREADID_current(&cur);
+        es=CRYPTO_THREADID_hash(&cur);
        while ((l=ERR_get_error_line_data(&file,&line,&data,&flags)) != 0)
                {
                ERR_error_string_n(l, buf, sizeof buf);
                BIO_snprintf(buf2, sizeof(buf2), "%lu:%s:%s:%d:%s\n", es, buf,
                        file, line, (flags & ERR_TXT_STRING) ? data : "");
-                cb(buf2, strlen(buf2), u);
+                if (cb(buf2, strlen(buf2), u) <= 0)
+                        break; /* abort outputting the error report */
                }
        }
 #ifndef OPENSSL_NO_FP_API
 static int print_fp(const char *str, size_t len, void *fp)
        {
-        return fwrite(str, 1, len, fp);
+        BIO bio;
+        BIO_set(&bio,BIO_s_file());
+        BIO_set_fp(&bio,fp,BIO_NOCLOSE);
+        return BIO_printf(&bio, "%s", str);
        }
 void ERR_print_errors_fp(FILE *fp)
        {
@@ -94,64 +102,13 @@ void ERR_print_errors_fp(FILE *fp)
        }
 #endif
-void ERR_error_string_n(unsigned long e, char *buf, size_t len)
+static int print_bio(const char *str, size_t len, void *bp)
        {
-        char lsbuf[64], fsbuf[64], rsbuf[64];
+        return BIO_write((BIO *)bp, str, len);
-        const char *ls,*fs,*rs;
-        unsigned long l,f,r;
-        l=ERR_GET_LIB(e);
-        f=ERR_GET_FUNC(e);
-        r=ERR_GET_REASON(e);
-        ls=ERR_lib_error_string(e);
-        fs=ERR_func_error_string(e);
-        rs=ERR_reason_error_string(e);
-        if (ls == NULL) 
-                BIO_snprintf(lsbuf, sizeof(lsbuf), "lib(%lu)", l);
-        if (fs == NULL)
-                BIO_snprintf(fsbuf, sizeof(fsbuf), "func(%lu)", f);
-        if (rs == NULL)
-                BIO_snprintf(rsbuf, sizeof(rsbuf), "reason(%lu)", r);
-        BIO_snprintf(buf, len,"error:%08lX:%s:%s:%s", e, ls?ls:lsbuf, 
-                fs?fs:fsbuf, rs?rs:rsbuf);
-        if (strlen(buf) == len-1)
-                {
-                /* output may be truncated; make sure we always have 5 
-                 * colon-separated fields, i.e. 4 colons ... */
-#define NUM_COLONS 4
-                if (len > NUM_COLONS) /* ... if possible */
-                        {
-                        int i;
-                        char *s = buf;
-                        
-                        for (i = 0; i < NUM_COLONS; i++)
-                                {
-                                char *colon = strchr(s, ':');
-                                if (colon == NULL || colon > &buf[len-1] - NUM_COLONS + i)
-                                        {
-                                        /* set colon no. i at last possible position
-                                         * (buf[len-1] is the terminating 0)*/
-                                        colon = &buf[len-1] - NUM_COLONS + i;
-                                        *colon = ':';
-                                        }
-                                s = colon + 1;
-                                }
-                        }
-                }
        }
+void ERR_print_errors(BIO *bp)
-/* BAD for multi-threading: uses a local buffer if ret == NULL */
-/* ERR_error_string_n should be used instead for ret != NULL
- * as ERR_error_string cannot know how large the buffer is */
-char *ERR_error_string(unsigned long e, char *ret)
        {
-        static char buf[256];
+        ERR_print_errors_cb(print_bio, bp);
-        if (ret == NULL) ret=buf;
-        ERR_error_string_n(e, ret, 256);
-        return ret;
        }
+        
diff --git a/src/lib/libcrypto/err/openssl.ec b/src/lib/libcrypto/err/openssl.ec
index 868826624d..e0554b4342 100644
--- a/src/lib/libcrypto/err/openssl.ec
+++ b/src/lib/libcrypto/err/openssl.ec
@@ -31,13 +31,15 @@ L COMP		crypto/comp/comp.h		crypto/comp/comp_err.c
 L ECDSA         crypto/ecdsa/ecdsa.h            crypto/ecdsa/ecs_err.c
 L ECDH          crypto/ecdh/ecdh.h              crypto/ecdh/ech_err.c
 L STORE         crypto/store/store.h            crypto/store/str_err.c
-L FIPS          fips/fips.h                     crypto/fips_err.h
+L TS            crypto/ts/ts.h                  crypto/ts/ts_err.c
+L HMAC          crypto/hmac/hmac.h              crypto/hmac/hmac_err.c
 L CMS           crypto/cms/cms.h                crypto/cms/cms_err.c
 L JPAKE         crypto/jpake/jpake.h            crypto/jpake/jpake_err.c
 # additional header files to be scanned for function names
 L NONE          crypto/x509/x509_vfy.h          NONE
 L NONE          crypto/ec/ec_lcl.h              NONE
+L NONE          crypto/asn1/asn_lcl.h           NONE
 L NONE          crypto/cms/cms_lcl.h            NONE
@@ -71,6 +73,11 @@ R SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY	1071
 R SSL_R_TLSV1_ALERT_INTERNAL_ERROR              1080
 R SSL_R_TLSV1_ALERT_USER_CANCELLED              1090
 R SSL_R_TLSV1_ALERT_NO_RENEGOTIATION            1100
+R SSL_R_TLSV1_UNSUPPORTED_EXTENSION             1110
+R SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE          1111
+R SSL_R_TLSV1_UNRECOGNIZED_NAME                 1112
+R SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE   1113
+R SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE        1114
 R RSAREF_R_CONTENT_ENCODING                     0x0400
 R RSAREF_R_DATA                                 0x0401
diff --git a/src/lib/libcrypto/evp/bio_b64.c b/src/lib/libcrypto/evp/bio_b64.c
index fa5cbc7eb1..72a2a67277 100644
--- a/src/lib/libcrypto/evp/bio_b64.c
+++ b/src/lib/libcrypto/evp/bio_b64.c
@@ -64,7 +64,7 @@
 static int b64_write(BIO *h, const char *buf, int num);
 static int b64_read(BIO *h, char *buf, int size);
-/*static int b64_puts(BIO *h, const char *str); */
+static int b64_puts(BIO *h, const char *str);
 /*static int b64_gets(BIO *h, char *str, int size); */
 static long b64_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static int b64_new(BIO *h);
@@ -96,7 +96,7 @@ static BIO_METHOD methods_b64=
        BIO_TYPE_BASE64,"base64 encoding",
        b64_write,
        b64_read,
-        NULL, /* b64_puts, */
+        b64_puts,
        NULL, /* b64_gets, */
        b64_ctrl,
        b64_new,
@@ -127,6 +127,7 @@ static int b64_new(BIO *bi)
        bi->init=1;
        bi->ptr=(char *)ctx;
        bi->flags=0;
+        bi->num = 0;
        return(1);
        }
@@ -151,6 +152,8 @@ static int b64_read(BIO *b, char *out, int outl)
        if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
+        BIO_clear_retry_flags(b);
        if (ctx->encode != B64_DECODE)
                {
                ctx->encode=B64_DECODE;
@@ -163,6 +166,7 @@ static int b64_read(BIO *b, char *out, int outl)
        /* First check if there are bytes decoded/encoded */
        if (ctx->buf_len > 0)
                {
+                OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
                i=ctx->buf_len-ctx->buf_off;
                if (i > outl) i=outl;
                OPENSSL_assert(ctx->buf_off+i < (int)sizeof(ctx->buf));
@@ -184,7 +188,6 @@ static int b64_read(BIO *b, char *out, int outl)
        ret_code=0;
        while (outl > 0)
                {
                if (ctx->cont <= 0)
                        break;
@@ -195,7 +198,7 @@ static int b64_read(BIO *b, char *out, int outl)
                        {
                        ret_code=i;
-                        /* Should be continue next time we are called? */
+                        /* Should we continue next time we are called? */
                        if (!BIO_should_retry(b->next_bio))
                                {
                                ctx->cont=i;
@@ -285,19 +288,27 @@ static int b64_read(BIO *b, char *out, int outl)
                                continue;
                                }
                        else
+                        {
                                ctx->tmp_len=0;
                        }
-                /* If buffer isn't full and we can retry then
+                }
-                 * restart to read in more data.
-                 */
                else if ((i < B64_BLOCK_SIZE) && (ctx->cont > 0))
+                {
+                        /* If buffer isn't full and we can retry then
+                         * restart to read in more data.
+                         */
                        continue;
+                }
                if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)
                        {
                        int z,jj;
+#if 0
                        jj=(i>>2)<<2;
+#else
+                        jj = i & ~3; /* process per 4 */
+#endif
                        z=EVP_DecodeBlock((unsigned char *)ctx->buf,
                                (unsigned char *)ctx->tmp,jj);
                        if (jj > 2)
@@ -313,18 +324,15 @@ static int b64_read(BIO *b, char *out, int outl)
                         * number consumed */
                        if (jj != i)
                                {
-                                memcpy((unsigned char *)ctx->tmp,
+                                memmove(ctx->tmp, &ctx->tmp[jj], i-jj);
-                                        (unsigned char *)&(ctx->tmp[jj]),i-jj);
                                ctx->tmp_len=i-jj;
                                }
                        ctx->buf_len=0;
                        if (z > 0)
                                {
                                ctx->buf_len=z;
-                                i=1;
                                }
-                        else
+                        i=z;
-                                i=z;
                        }
                else
                        {
@@ -357,14 +365,16 @@ static int b64_read(BIO *b, char *out, int outl)
                outl-=i;
                out+=i;
                }
-        BIO_clear_retry_flags(b);
+        /* BIO_clear_retry_flags(b); */
        BIO_copy_next_retry(b);
        return((ret == 0)?ret_code:ret);
        }
 static int b64_write(BIO *b, const char *in, int inl)
        {
-        int ret=inl,n,i;
+        int ret=0;
+        int n;
+        int i;
        BIO_B64_CTX *ctx;
        ctx=(BIO_B64_CTX *)b->ptr;
@@ -379,6 +389,9 @@ static int b64_write(BIO *b, const char *in, int inl)
                EVP_EncodeInit(&(ctx->base64));
                }
+        OPENSSL_assert(ctx->buf_off < (int)sizeof(ctx->buf));
+        OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
+        OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
        n=ctx->buf_len-ctx->buf_off;
        while (n > 0)
                {
@@ -388,7 +401,10 @@ static int b64_write(BIO *b, const char *in, int inl)
                        BIO_copy_next_retry(b);
                        return(i);
                        }
+                OPENSSL_assert(i <= n);
                ctx->buf_off+=i;
+                OPENSSL_assert(ctx->buf_off <= (int)sizeof(ctx->buf));
+                OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
                n-=i;
                }
        /* at this point all pending data has been written */
@@ -405,18 +421,19 @@ static int b64_write(BIO *b, const char *in, int inl)
                        {
                        if (ctx->tmp_len > 0)
                                {
+                                OPENSSL_assert(ctx->tmp_len <= 3);
                                n=3-ctx->tmp_len;
-                                /* There's a teoretical possibility for this */
+                                /* There's a theoretical possibility for this */
                                if (n > inl) 
                                        n=inl;
                                memcpy(&(ctx->tmp[ctx->tmp_len]),in,n);
                                ctx->tmp_len+=n;
+                                ret += n;
                                if (ctx->tmp_len < 3)
                                        break;
-                                ctx->buf_len=EVP_EncodeBlock(
+                                ctx->buf_len=EVP_EncodeBlock((unsigned char *)ctx->buf,(unsigned char *)ctx->tmp,ctx->tmp_len);
-                                        (unsigned char *)ctx->buf,
+                                OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
-                                        (unsigned char *)ctx->tmp,
+                                OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
-                                        ctx->tmp_len);
                                /* Since we're now done using the temporary
                                   buffer, the length should be 0'd */
                                ctx->tmp_len=0;
@@ -425,14 +442,16 @@ static int b64_write(BIO *b, const char *in, int inl)
                                {
                                if (n < 3)
                                        {
-                                        memcpy(&(ctx->tmp[0]),in,n);
+                                        memcpy(ctx->tmp,in,n);
                                        ctx->tmp_len=n;
+                                        ret += n;
                                        break;
                                        }
                                n-=n%3;
-                                ctx->buf_len=EVP_EncodeBlock(
+                                ctx->buf_len=EVP_EncodeBlock((unsigned char *)ctx->buf,(const unsigned char *)in,n);
-                                        (unsigned char *)ctx->buf,
+                                OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
-                                        (unsigned char *)in,n);
+                                OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
+                                ret += n;
                                }
                        }
                else
@@ -440,6 +459,9 @@ static int b64_write(BIO *b, const char *in, int inl)
                        EVP_EncodeUpdate(&(ctx->base64),
                                (unsigned char *)ctx->buf,&ctx->buf_len,
                                (unsigned char *)in,n);
+                        OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
+                        OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
+                        ret += n;
                        }
                inl-=n;
                in+=n;
@@ -454,8 +476,11 @@ static int b64_write(BIO *b, const char *in, int inl)
                                BIO_copy_next_retry(b);
                                return((ret == 0)?i:ret);
                                }
+                        OPENSSL_assert(i <= n);
                        n-=i;
                        ctx->buf_off+=i;
+                        OPENSSL_assert(ctx->buf_off <= (int)sizeof(ctx->buf));
+                        OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
                        }
                ctx->buf_len=0;
                ctx->buf_off=0;
@@ -486,6 +511,7 @@ static long b64_ctrl(BIO *b, int cmd, long num, void *ptr)
                        ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
                break;
        case BIO_CTRL_WPENDING: /* More to write in buffer */
+                OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
                ret=ctx->buf_len-ctx->buf_off;
                if ((ret == 0) && (ctx->encode != B64_NONE)
                        && (ctx->base64.num != 0))
@@ -494,6 +520,7 @@ static long b64_ctrl(BIO *b, int cmd, long num, void *ptr)
                        ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
                break;
        case BIO_CTRL_PENDING: /* More to read in buffer */
+                OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
                ret=ctx->buf_len-ctx->buf_off;
                if (ret <= 0)
                        ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
@@ -565,3 +592,7 @@ static long b64_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
        return(ret);
        }
+static int b64_puts(BIO *b, const char *str)
+        {
+        return b64_write(b,str,strlen(str));
+        }
diff --git a/src/lib/libcrypto/evp/bio_enc.c b/src/lib/libcrypto/evp/bio_enc.c
index f6ac94c6e1..b6efb5fbc4 100644
--- a/src/lib/libcrypto/evp/bio_enc.c
+++ b/src/lib/libcrypto/evp/bio_enc.c
@@ -361,8 +361,10 @@ again:
        case BIO_CTRL_DUP:
                dbio=(BIO *)ptr;
                dctx=(BIO_ENC_CTX *)dbio->ptr;
-                memcpy(&(dctx->cipher),&(ctx->cipher),sizeof(ctx->cipher));
+                EVP_CIPHER_CTX_init(&dctx->cipher);
-                dbio->init=1;
+                ret = EVP_CIPHER_CTX_copy(&dctx->cipher,&ctx->cipher);
+                if (ret)
+                        dbio->init=1;
                break;
        default:
                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
diff --git a/src/lib/libcrypto/evp/bio_md.c b/src/lib/libcrypto/evp/bio_md.c
index ed5c1135fd..9841e32e1a 100644
--- a/src/lib/libcrypto/evp/bio_md.c
+++ b/src/lib/libcrypto/evp/bio_md.c
@@ -130,8 +130,8 @@ static int md_read(BIO *b, char *out, int outl)
                {
                if (ret > 0)
                        {
-                        EVP_DigestUpdate(ctx,(unsigned char *)out,
+                        if (EVP_DigestUpdate(ctx,(unsigned char *)out,
-                                (unsigned int)ret);
+                                (unsigned int)ret)<=0) return (-1);
                        }
                }
        BIO_clear_retry_flags(b);
@@ -157,8 +157,11 @@ static int md_write(BIO *b, const char *in, int inl)
                                (unsigned int)ret);
                        }
                }
-        BIO_clear_retry_flags(b);
+        if(b->next_bio != NULL)
-        BIO_copy_next_retry(b);
+                {
+                BIO_clear_retry_flags(b);
+                BIO_copy_next_retry(b);
+                }
        return(ret);
        }
@@ -194,6 +197,7 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr)
        case BIO_C_GET_MD_CTX:
                pctx=ptr;
                *pctx=ctx;
+                b->init = 1;
                break;
        case BIO_C_SET_MD_CTX:
                if (b->init)
@@ -249,7 +253,9 @@ static int md_gets(BIO *bp, char *buf, int size)
        ctx=bp->ptr;
        if (size < ctx->digest->md_size)
                return(0);
-        EVP_DigestFinal_ex(ctx,(unsigned char *)buf,&ret);
+        if (EVP_DigestFinal_ex(ctx,(unsigned char *)buf,&ret)<=0) 
+                return -1;
+                
        return((int)ret);
        }
diff --git a/src/lib/libcrypto/evp/c_all.c b/src/lib/libcrypto/evp/c_all.c
index a5da52e62d..766c4cecdf 100644
--- a/src/lib/libcrypto/evp/c_all.c
+++ b/src/lib/libcrypto/evp/c_all.c
@@ -83,7 +83,7 @@ void OPENSSL_add_all_algorithms_noconf(void)
        OpenSSL_add_all_ciphers();
        OpenSSL_add_all_digests();
 #ifndef OPENSSL_NO_ENGINE
-# if defined(__OpenBSD__) || defined(__FreeBSD__)
+# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
        ENGINE_setup_bsd_cryptodev();
 # endif
 #endif
diff --git a/src/lib/libcrypto/evp/digest.c b/src/lib/libcrypto/evp/digest.c
index 3bc2d1295c..982ba2b136 100644
--- a/src/lib/libcrypto/evp/digest.c
+++ b/src/lib/libcrypto/evp/digest.c
@@ -116,7 +116,6 @@
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
 #endif
-#include "evp_locl.h"
 void EVP_MD_CTX_init(EVP_MD_CTX *ctx)
        {
@@ -127,7 +126,8 @@ EVP_MD_CTX *EVP_MD_CTX_create(void)
        {
        EVP_MD_CTX *ctx=OPENSSL_malloc(sizeof *ctx);
-        EVP_MD_CTX_init(ctx);
+        if (ctx)
+                EVP_MD_CTX_init(ctx);
        return ctx;
        }
@@ -138,77 +138,18 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type)
        return EVP_DigestInit_ex(ctx, type, NULL);
        }
-#ifdef OPENSSL_FIPS
+int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
-/* The purpose of these is to trap programs that attempt to use non FIPS
- * algorithms in FIPS mode and ignore the errors.
- */
-static int bad_init(EVP_MD_CTX *ctx)
-        { FIPS_ERROR_IGNORED("Digest init"); return 0;}
-static int bad_update(EVP_MD_CTX *ctx,const void *data,size_t count)
-        { FIPS_ERROR_IGNORED("Digest update"); return 0;}
-static int bad_final(EVP_MD_CTX *ctx,unsigned char *md)
-        { FIPS_ERROR_IGNORED("Digest Final"); return 0;}
-static const EVP_MD bad_md =
        {
-        0,
+        EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
-        0,
-        0,
-        0,
-        bad_init,
-        bad_update,
-        bad_final,
-        NULL,
-        NULL,
-        NULL,
-        0,
-        {0,0,0,0},
-        };
-#endif
 #ifndef OPENSSL_NO_ENGINE
+        /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
-#ifdef OPENSSL_FIPS
+         * so this context may already have an ENGINE! Try to avoid releasing
+         * the previous handle, re-querying for an ENGINE, and having a
-static int do_engine_null(ENGINE *impl) { return 0;}
+         * reinitialisation, when it may all be unecessary. */
-static int do_evp_md_engine_null(EVP_MD_CTX *ctx,
+        if (ctx->engine && ctx->digest && (!type ||
-                                const EVP_MD **ptype, ENGINE *impl)
+                        (type && (type->type == ctx->digest->type))))
-        { return 1; }
+                goto skip_to_init;
+        if (type)
-static int (*do_engine_init)(ENGINE *impl)
-                = do_engine_null;
-static int (*do_engine_finish)(ENGINE *impl)
-                = do_engine_null;
-static int (*do_evp_md_engine)
-        (EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl)
-                = do_evp_md_engine_null;
-void int_EVP_MD_set_engine_callbacks(
-        int (*eng_md_init)(ENGINE *impl),
-        int (*eng_md_fin)(ENGINE *impl),
-        int (*eng_md_evp)
-                (EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl))
-        {
-        do_engine_init = eng_md_init;
-        do_engine_finish = eng_md_fin;
-        do_evp_md_engine = eng_md_evp;
-        }
-#else
-#define do_engine_init  ENGINE_init
-#define do_engine_finish ENGINE_finish
-static int do_evp_md_engine(EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl)
-        {
-        if (*ptype)
                {
                /* Ensure an ENGINE left lying around from last time is cleared
                 * (the previous check attempted to avoid this if the same
@@ -219,25 +160,26 @@ static int do_evp_md_engine(EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl)
                        {
                        if (!ENGINE_init(impl))
                                {
-                                EVPerr(EVP_F_DO_EVP_MD_ENGINE,EVP_R_INITIALIZATION_ERROR);
+                                EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_INITIALIZATION_ERROR);
                                return 0;
                                }
                        }
                else
                        /* Ask if an ENGINE is reserved for this job */
-                        impl = ENGINE_get_digest_engine((*ptype)->type);
+                        impl = ENGINE_get_digest_engine(type->type);
                if(impl)
                        {
                        /* There's an ENGINE for this job ... (apparently) */
-                        const EVP_MD *d = ENGINE_get_digest(impl, (*ptype)->type);
+                        const EVP_MD *d = ENGINE_get_digest(impl, type->type);
                        if(!d)
                                {
                                /* Same comment from evp_enc.c */
-                                EVPerr(EVP_F_DO_EVP_MD_ENGINE,EVP_R_INITIALIZATION_ERROR);
+                                EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_INITIALIZATION_ERROR);
+                                ENGINE_finish(impl);
                                return 0;
                                }
                        /* We'll use the ENGINE's private digest definition */
-                        *ptype = d;
+                        type = d;
                        /* Store the ENGINE functional reference so we know
                         * 'type' came from an ENGINE and we need to release
                         * it when done. */
@@ -249,71 +191,46 @@ static int do_evp_md_engine(EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl)
        else
        if(!ctx->digest)
                {
-                EVPerr(EVP_F_DO_EVP_MD_ENGINE,EVP_R_NO_DIGEST_SET);
+                EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_NO_DIGEST_SET);
                return 0;
                }
-        return 1;
-        }
-#endif
-#endif
-int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
-        {
-        M_EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
-#ifdef OPENSSL_FIPS
-        if(FIPS_selftest_failed())
-                {
-                FIPSerr(FIPS_F_EVP_DIGESTINIT_EX,FIPS_R_FIPS_SELFTEST_FAILED);
-                ctx->digest = &bad_md;
-                return 0;
-                }
-#endif
-#ifndef OPENSSL_NO_ENGINE
-        /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
-         * so this context may already have an ENGINE! Try to avoid releasing
-         * the previous handle, re-querying for an ENGINE, and having a
-         * reinitialisation, when it may all be unecessary. */
-        if (ctx->engine && ctx->digest && (!type ||
-                        (type && (type->type == ctx->digest->type))))
-                goto skip_to_init;
-        if (!do_evp_md_engine(ctx, &type, impl))
-                return 0;
 #endif
        if (ctx->digest != type)
                {
-#ifdef OPENSSL_FIPS
+                if (ctx->digest && ctx->digest->ctx_size)
-                if (FIPS_mode())
+                        OPENSSL_free(ctx->md_data);
+                ctx->digest=type;
+                if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size)
                        {
-                        if (!(type->flags & EVP_MD_FLAG_FIPS) 
+                        ctx->update = type->update;
-                         && !(ctx->flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW))
+                        ctx->md_data=OPENSSL_malloc(type->ctx_size);
+                        if (ctx->md_data == NULL)
                                {
-                                EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_DISABLED_FOR_FIPS);
+                                EVPerr(EVP_F_EVP_DIGESTINIT_EX,
-                                ctx->digest = &bad_md;
+                                                        ERR_R_MALLOC_FAILURE);
                                return 0;
                                }
                        }
-#endif
-                if (ctx->digest && ctx->digest->ctx_size)
-                        OPENSSL_free(ctx->md_data);
-                ctx->digest=type;
-                if (type->ctx_size)
-                        ctx->md_data=OPENSSL_malloc(type->ctx_size);
                }
 #ifndef OPENSSL_NO_ENGINE
-        skip_to_init:
+skip_to_init:
 #endif
+        if (ctx->pctx)
+                {
+                int r;
+                r = EVP_PKEY_CTX_ctrl(ctx->pctx, -1, EVP_PKEY_OP_TYPE_SIG,
+                                        EVP_PKEY_CTRL_DIGESTINIT, 0, ctx);
+                if (r <= 0 && (r != -2))
+                        return 0;
+                }
+        if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT)
+                return 1;
        return ctx->digest->init(ctx);
        }
-int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data,
+int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
-             size_t count)
        {
-#ifdef OPENSSL_FIPS
+        return ctx->update(ctx,data,count);
-        FIPS_selftest_check();
-#endif
-        return ctx->digest->update(ctx,data,count);
        }
 /* The caller can assume that this removes any secret data from the context */
@@ -329,9 +246,6 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
 int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
        {
        int ret;
-#ifdef OPENSSL_FIPS
-        FIPS_selftest_check();
-#endif
        OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
        ret=ctx->digest->final(ctx,md);
@@ -340,7 +254,7 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
        if (ctx->digest->cleanup)
                {
                ctx->digest->cleanup(ctx);
-                M_EVP_MD_CTX_set_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
+                EVP_MD_CTX_set_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
                }
        memset(ctx->md_data,0,ctx->digest->ctx_size);
        return ret;
@@ -362,7 +276,7 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
                }
 #ifndef OPENSSL_NO_ENGINE
        /* Make sure it's safe to copy a digest context using an ENGINE */
-        if (in->engine && !do_engine_init(in->engine))
+        if (in->engine && !ENGINE_init(in->engine))
                {
                EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,ERR_R_ENGINE_LIB);
                return 0;
@@ -372,19 +286,40 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
        if (out->digest == in->digest)
                {
                tmp_buf = out->md_data;
-                M_EVP_MD_CTX_set_flags(out,EVP_MD_CTX_FLAG_REUSE);
+                EVP_MD_CTX_set_flags(out,EVP_MD_CTX_FLAG_REUSE);
                }
        else tmp_buf = NULL;
        EVP_MD_CTX_cleanup(out);
        memcpy(out,in,sizeof *out);
-        if (out->digest->ctx_size)
+        if (in->md_data && out->digest->ctx_size)
                {
-                if (tmp_buf) out->md_data = tmp_buf;
+                if (tmp_buf)
-                else out->md_data=OPENSSL_malloc(out->digest->ctx_size);
+                        out->md_data = tmp_buf;
+                else
+                        {
+                        out->md_data=OPENSSL_malloc(out->digest->ctx_size);
+                        if (!out->md_data)
+                                {
+                                EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,ERR_R_MALLOC_FAILURE);
+                                return 0;
+                                }
+                        }
                memcpy(out->md_data,in->md_data,out->digest->ctx_size);
                }
+        out->update = in->update;
+        if (in->pctx)
+                {
+                out->pctx = EVP_PKEY_CTX_dup(in->pctx);
+                if (!out->pctx)
+                        {
+                        EVP_MD_CTX_cleanup(out);
+                        return 0;
+                        }
+                }
        if (out->digest->copy)
                return out->digest->copy(out,in);
        
@@ -398,7 +333,7 @@ int EVP_Digest(const void *data, size_t count,
        int ret;
        EVP_MD_CTX_init(&ctx);
-        M_EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_ONESHOT);
+        EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_ONESHOT);
        ret=EVP_DigestInit_ex(&ctx, type, impl)
          && EVP_DigestUpdate(&ctx, data, count)
          && EVP_DigestFinal_ex(&ctx, md, size);
@@ -420,19 +355,21 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
         * because sometimes only copies of the context are ever finalised.
         */
        if (ctx->digest && ctx->digest->cleanup
-            && !M_EVP_MD_CTX_test_flags(ctx,EVP_MD_CTX_FLAG_CLEANED))
+            && !EVP_MD_CTX_test_flags(ctx,EVP_MD_CTX_FLAG_CLEANED))
                ctx->digest->cleanup(ctx);
        if (ctx->digest && ctx->digest->ctx_size && ctx->md_data
-            && !M_EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE))
+            && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE))
                {
                OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size);
                OPENSSL_free(ctx->md_data);
                }
+        if (ctx->pctx)
+                EVP_PKEY_CTX_free(ctx->pctx);
 #ifndef OPENSSL_NO_ENGINE
        if(ctx->engine)
                /* The EVP_MD we used belongs to an ENGINE, release the
                 * functional reference we held for this reason. */
-                do_engine_finish(ctx->engine);
+                ENGINE_finish(ctx->engine);
 #endif
        memset(ctx,'\0',sizeof *ctx);
diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c
index c9a5ee8d75..bd6c0a3a62 100644
--- a/src/lib/libcrypto/evp/e_aes.c
+++ b/src/lib/libcrypto/evp/e_aes.c
@@ -69,29 +69,32 @@ typedef struct
 IMPLEMENT_BLOCK_CIPHER(aes_128, ks, AES, EVP_AES_KEY,
                       NID_aes_128, 16, 16, 16, 128,
-                       EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
+                       0, aes_init_key, NULL, 
-                       aes_init_key,
+                       EVP_CIPHER_set_asn1_iv,
-                       NULL, NULL, NULL, NULL)
+                       EVP_CIPHER_get_asn1_iv,
+                       NULL)
 IMPLEMENT_BLOCK_CIPHER(aes_192, ks, AES, EVP_AES_KEY,
                       NID_aes_192, 16, 24, 16, 128,
-                       EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
+                       0, aes_init_key, NULL, 
-                       aes_init_key,
+                       EVP_CIPHER_set_asn1_iv,
-                       NULL, NULL, NULL, NULL)
+                       EVP_CIPHER_get_asn1_iv,
+                       NULL)
 IMPLEMENT_BLOCK_CIPHER(aes_256, ks, AES, EVP_AES_KEY,
                       NID_aes_256, 16, 32, 16, 128,
-                       EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
+                       0, aes_init_key, NULL, 
-                       aes_init_key,
+                       EVP_CIPHER_set_asn1_iv,
-                       NULL, NULL, NULL, NULL)
+                       EVP_CIPHER_get_asn1_iv,
+                       NULL)
-#define IMPLEMENT_AES_CFBR(ksize,cbits,flags)   IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16,flags)
+#define IMPLEMENT_AES_CFBR(ksize,cbits) IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16)
-IMPLEMENT_AES_CFBR(128,1,EVP_CIPH_FLAG_FIPS)
+IMPLEMENT_AES_CFBR(128,1)
-IMPLEMENT_AES_CFBR(192,1,EVP_CIPH_FLAG_FIPS)
+IMPLEMENT_AES_CFBR(192,1)
-IMPLEMENT_AES_CFBR(256,1,EVP_CIPH_FLAG_FIPS)
+IMPLEMENT_AES_CFBR(256,1)
-IMPLEMENT_AES_CFBR(128,8,EVP_CIPH_FLAG_FIPS)
+IMPLEMENT_AES_CFBR(128,8)
-IMPLEMENT_AES_CFBR(192,8,EVP_CIPH_FLAG_FIPS)
+IMPLEMENT_AES_CFBR(192,8)
-IMPLEMENT_AES_CFBR(256,8,EVP_CIPH_FLAG_FIPS)
+IMPLEMENT_AES_CFBR(256,8)
 static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                   const unsigned char *iv, int enc)
diff --git a/src/lib/libcrypto/evp/e_camellia.c b/src/lib/libcrypto/evp/e_camellia.c
index 365d397164..a7b40d1c60 100644
--- a/src/lib/libcrypto/evp/e_camellia.c
+++ b/src/lib/libcrypto/evp/e_camellia.c
@@ -93,7 +93,7 @@ IMPLEMENT_BLOCK_CIPHER(camellia_256, ks, Camellia, EVP_CAMELLIA_KEY,
        EVP_CIPHER_get_asn1_iv,
        NULL)
-#define IMPLEMENT_CAMELLIA_CFBR(ksize,cbits)    IMPLEMENT_CFBR(camellia,Camellia,EVP_CAMELLIA_KEY,ks,ksize,cbits,16,0)
+#define IMPLEMENT_CAMELLIA_CFBR(ksize,cbits)    IMPLEMENT_CFBR(camellia,Camellia,EVP_CAMELLIA_KEY,ks,ksize,cbits,16)
 IMPLEMENT_CAMELLIA_CFBR(128,1)
 IMPLEMENT_CAMELLIA_CFBR(192,1)
diff --git a/src/lib/libcrypto/evp/e_des.c b/src/lib/libcrypto/evp/e_des.c
index 04376df232..ca009f2c52 100644
--- a/src/lib/libcrypto/evp/e_des.c
+++ b/src/lib/libcrypto/evp/e_des.c
@@ -72,7 +72,7 @@ static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
 /* Because of various casts and different names can't use IMPLEMENT_BLOCK_CIPHER */
 static int des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                          const unsigned char *in, unsigned int inl)
+                          const unsigned char *in, size_t inl)
 {
        BLOCK_CIPHER_ecb_loop()
                DES_ecb_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i), ctx->cipher_data, ctx->encrypt);
@@ -80,24 +80,52 @@ static int des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 }
 static int des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                          const unsigned char *in, unsigned int inl)
+                          const unsigned char *in, size_t inl)
 {
-        DES_ofb64_encrypt(in, out, (long)inl, ctx->cipher_data, (DES_cblock *)ctx->iv, &ctx->num);
+        while(inl>=EVP_MAXCHUNK)
+                {
+                DES_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK, ctx->cipher_data,
+                                (DES_cblock *)ctx->iv, &ctx->num);
+                inl-=EVP_MAXCHUNK;
+                in +=EVP_MAXCHUNK;
+                out+=EVP_MAXCHUNK;
+                }
+        if (inl)
+                DES_ofb64_encrypt(in, out, (long)inl, ctx->cipher_data,
+                                (DES_cblock *)ctx->iv, &ctx->num);
        return 1;
 }
 static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                          const unsigned char *in, unsigned int inl)
+                          const unsigned char *in, size_t inl)
 {
-        DES_ncbc_encrypt(in, out, (long)inl, ctx->cipher_data,
+        while(inl>=EVP_MAXCHUNK)
-                         (DES_cblock *)ctx->iv, ctx->encrypt);
+                {
+                DES_ncbc_encrypt(in, out, (long)EVP_MAXCHUNK, ctx->cipher_data,
+                                (DES_cblock *)ctx->iv, ctx->encrypt);
+                inl-=EVP_MAXCHUNK;
+                in +=EVP_MAXCHUNK;
+                out+=EVP_MAXCHUNK;
+                }
+        if (inl)
+                DES_ncbc_encrypt(in, out, (long)inl, ctx->cipher_data,
+                                (DES_cblock *)ctx->iv, ctx->encrypt);
        return 1;
 }
 static int des_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                            const unsigned char *in, unsigned int inl)
+                            const unsigned char *in, size_t inl)
 {
-        DES_cfb64_encrypt(in, out, (long)inl, ctx->cipher_data,
+        while(inl>=EVP_MAXCHUNK)
+                {
+                DES_cfb64_encrypt(in,out, (long)EVP_MAXCHUNK, ctx->cipher_data,
+                                (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt);
+                inl-=EVP_MAXCHUNK;
+                in +=EVP_MAXCHUNK;
+                out+=EVP_MAXCHUNK;
+                }
+        if (inl)
+                DES_cfb64_encrypt(in, out, (long)inl, ctx->cipher_data,
                          (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt);
        return 1;
 }
@@ -105,45 +133,62 @@ static int des_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 /* Although we have a CFB-r implementation for DES, it doesn't pack the right
   way, so wrap it here */
 static int des_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                           const unsigned char *in, unsigned int inl)
+                           const unsigned char *in, size_t inl)
    {
-    unsigned int n;
+    size_t n,chunk=EVP_MAXCHUNK/8;
    unsigned char c[1],d[1];
-    for(n=0 ; n < inl ; ++n)
+    if (inl<chunk) chunk=inl;
+    while (inl && inl>=chunk)
        {
-        c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;
+        for(n=0 ; n < chunk*8; ++n)
-        DES_cfb_encrypt(c,d,1,1,ctx->cipher_data,(DES_cblock *)ctx->iv,
+            {
+            c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;
+            DES_cfb_encrypt(c,d,1,1,ctx->cipher_data,(DES_cblock *)ctx->iv,
                        ctx->encrypt);
-        out[n/8]=(out[n/8]&~(0x80 >> (n%8)))|((d[0]&0x80) >> (n%8));
+            out[n/8]=(out[n/8]&~(0x80 >> (unsigned int)(n%8))) |
+                     ((d[0]&0x80) >> (unsigned int)(n%8));
+            }
+        inl-=chunk;
+        in +=chunk;
+        out+=chunk;
+        if (inl<chunk) chunk=inl;
        }
    return 1;
    }
 static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                           const unsigned char *in, unsigned int inl)
+                           const unsigned char *in, size_t inl)
    {
-    DES_cfb_encrypt(in,out,8,inl,ctx->cipher_data,(DES_cblock *)ctx->iv,
+    while (inl>=EVP_MAXCHUNK)
-                    ctx->encrypt);
+        {
+        DES_cfb_encrypt(in,out,8,(long)EVP_MAXCHUNK,ctx->cipher_data,
+                        (DES_cblock *)ctx->iv,ctx->encrypt);
+        inl-=EVP_MAXCHUNK;
+        in +=EVP_MAXCHUNK;
+        out+=EVP_MAXCHUNK;
+        }
+    if (inl)
+        DES_cfb_encrypt(in,out,8,(long)inl,ctx->cipher_data,
+                        (DES_cblock *)ctx->iv,ctx->encrypt);
    return 1;
    }
 BLOCK_CIPHER_defs(des, DES_key_schedule, NID_des, 8, 8, 8, 64,
-                        EVP_CIPH_RAND_KEY,
+                        EVP_CIPH_RAND_KEY, des_init_key, NULL,
-                        des_init_key, NULL,
                        EVP_CIPHER_set_asn1_iv,
                        EVP_CIPHER_get_asn1_iv,
                        des_ctrl)
 BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,1,
-                     EVP_CIPH_RAND_KEY,
+                     EVP_CIPH_RAND_KEY, des_init_key,NULL,
-                     des_init_key, NULL,
                     EVP_CIPHER_set_asn1_iv,
                     EVP_CIPHER_get_asn1_iv,des_ctrl)
 BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,8,
-                     EVP_CIPH_RAND_KEY,
+                     EVP_CIPH_RAND_KEY,des_init_key,NULL,
-                     des_init_key,NULL,
                     EVP_CIPHER_set_asn1_iv,
                     EVP_CIPHER_get_asn1_iv,des_ctrl)
diff --git a/src/lib/libcrypto/evp/e_des3.c b/src/lib/libcrypto/evp/e_des3.c
index f910af19b1..3232cfe024 100644
--- a/src/lib/libcrypto/evp/e_des3.c
+++ b/src/lib/libcrypto/evp/e_des3.c
@@ -85,7 +85,7 @@ typedef struct
 /* Because of various casts and different args can't use IMPLEMENT_BLOCK_CIPHER */
 static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                              const unsigned char *in, unsigned int inl)
+                              const unsigned char *in, size_t inl)
 {
        BLOCK_CIPHER_ecb_loop()
                DES_ecb3_encrypt((const_DES_cblock *)(in + i),
@@ -97,48 +97,80 @@ static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 }
 static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                              const unsigned char *in, unsigned int inl)
+                              const unsigned char *in, size_t inl)
 {
-        DES_ede3_ofb64_encrypt(in, out, (long)inl,
+        if (inl>=EVP_MAXCHUNK)
+                {
+                DES_ede3_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK,
                               &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
                               (DES_cblock *)ctx->iv, &ctx->num);
+                inl-=EVP_MAXCHUNK;
+                in +=EVP_MAXCHUNK;
+                out+=EVP_MAXCHUNK;
+                }
+        if (inl)
+                DES_ede3_ofb64_encrypt(in, out, (long)inl,
+                                &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
+                               (DES_cblock *)ctx->iv, &ctx->num);
        return 1;
 }
 static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                              const unsigned char *in, unsigned int inl)
+                              const unsigned char *in, size_t inl)
 {
 #ifdef KSSL_DEBUG
        {
        int i;
-        printf("des_ede_cbc_cipher(ctx=%lx, buflen=%d)\n", (unsigned long)ctx, ctx->buf_len);
+        char *cp;
+        printf("des_ede_cbc_cipher(ctx=%lx, buflen=%d)\n", ctx, ctx->buf_len);
        printf("\t iv= ");
        for(i=0;i<8;i++)
                printf("%02X",ctx->iv[i]);
        printf("\n");
        }
 #endif    /* KSSL_DEBUG */
-        DES_ede3_cbc_encrypt(in, out, (long)inl,
+        if (inl>=EVP_MAXCHUNK)
+                {
+                DES_ede3_cbc_encrypt(in, out, (long)EVP_MAXCHUNK,
                             &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
                             (DES_cblock *)ctx->iv, ctx->encrypt);
+                inl-=EVP_MAXCHUNK;
+                in +=EVP_MAXCHUNK;
+                out+=EVP_MAXCHUNK;
+                }
+        if (inl)
+                DES_ede3_cbc_encrypt(in, out, (long)inl,
+                             &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
+                             (DES_cblock *)ctx->iv, ctx->encrypt);
        return 1;
 }
 static int des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                              const unsigned char *in, unsigned int inl)
+                              const unsigned char *in, size_t inl)
 {
-        DES_ede3_cfb64_encrypt(in, out, (long)inl, 
+        if (inl>=EVP_MAXCHUNK)
+                {
+                DES_ede3_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK, 
                               &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
                               (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt);
+                inl-=EVP_MAXCHUNK;
+                in +=EVP_MAXCHUNK;
+                out+=EVP_MAXCHUNK;
+                }
+        if (inl)
+                DES_ede3_cfb64_encrypt(in, out, (long)inl,
+                               &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
+                               (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt);
        return 1;
 }
 /* Although we have a CFB-r implementation for 3-DES, it doesn't pack the right
   way, so wrap it here */
 static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                                const unsigned char *in, unsigned int inl)
+                                const unsigned char *in, size_t inl)
    {
-    unsigned int n;
+    size_t n;
    unsigned char c[1],d[1];
    for(n=0 ; n < inl ; ++n)
@@ -147,25 +179,36 @@ static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
        DES_ede3_cfb_encrypt(c,d,1,1,
                             &data(ctx)->ks1,&data(ctx)->ks2,&data(ctx)->ks3,
                             (DES_cblock *)ctx->iv,ctx->encrypt);
-        out[n/8]=(out[n/8]&~(0x80 >> (n%8)))|((d[0]&0x80) >> (n%8));
+        out[n/8]=(out[n/8]&~(0x80 >> (unsigned int)(n%8))) |
+                 ((d[0]&0x80) >> (unsigned int)(n%8));
        }
    return 1;
    }
 static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                                const unsigned char *in, unsigned int inl)
+                                const unsigned char *in, size_t inl)
    {
-    DES_ede3_cfb_encrypt(in,out,8,inl,
+    while (inl>=EVP_MAXCHUNK)
+        {
+        DES_ede3_cfb_encrypt(in,out,8,(long)EVP_MAXCHUNK,
                         &data(ctx)->ks1,&data(ctx)->ks2,&data(ctx)->ks3,
                         (DES_cblock *)ctx->iv,ctx->encrypt);
+        inl-=EVP_MAXCHUNK;
+        in +=EVP_MAXCHUNK;
+        out+=EVP_MAXCHUNK;
+        }
+    if (inl)
+        DES_ede3_cfb_encrypt(in,out,8,(long)inl,
+                        &data(ctx)->ks1,&data(ctx)->ks2,&data(ctx)->ks3,
+                        (DES_cblock *)ctx->iv,ctx->encrypt);
    return 1;
    }
 BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
-                EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
+                        EVP_CIPH_RAND_KEY, des_ede_init_key, NULL, 
-                        des_ede_init_key,
+                        EVP_CIPHER_set_asn1_iv,
-                        NULL, NULL, NULL,
+                        EVP_CIPHER_get_asn1_iv,
                        des3_ctrl)
 #define des_ede3_cfb64_cipher des_ede_cfb64_cipher
@@ -174,21 +217,21 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
 #define des_ede3_ecb_cipher des_ede_ecb_cipher
 BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,
-                EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
+                        EVP_CIPH_RAND_KEY, des_ede3_init_key, NULL, 
-                        des_ede3_init_key,
+                        EVP_CIPHER_set_asn1_iv,
-                        NULL, NULL, NULL,
+                        EVP_CIPHER_get_asn1_iv,
                        des3_ctrl)
 BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,1,
-                EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
+                     EVP_CIPH_RAND_KEY, des_ede3_init_key,NULL,
-                     des_ede3_init_key,
+                     EVP_CIPHER_set_asn1_iv,
-                     NULL, NULL, NULL,
+                     EVP_CIPHER_get_asn1_iv,
                     des3_ctrl)
 BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,8,
-                EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
+                     EVP_CIPH_RAND_KEY, des_ede3_init_key,NULL,
-                     des_ede3_init_key,
+                     EVP_CIPHER_set_asn1_iv,
-                     NULL, NULL, NULL,
+                     EVP_CIPHER_get_asn1_iv,
                     des3_ctrl)
 static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
@@ -215,7 +258,7 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 #ifdef KSSL_DEBUG
        {
        int i;
-        printf("des_ede3_init_key(ctx=%lx)\n", (unsigned long)ctx);
+        printf("des_ede3_init_key(ctx=%lx)\n", ctx);
        printf("\tKEY= ");
        for(i=0;i<24;i++) printf("%02X",key[i]); printf("\n");
        printf("\t IV= ");
diff --git a/src/lib/libcrypto/evp/e_idea.c b/src/lib/libcrypto/evp/e_idea.c
index 48c33a774a..806b080360 100644
--- a/src/lib/libcrypto/evp/e_idea.c
+++ b/src/lib/libcrypto/evp/e_idea.c
@@ -73,7 +73,7 @@ static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 */
 static int idea_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                           const unsigned char *in, unsigned int inl)
+                           const unsigned char *in, size_t inl)
 {
        BLOCK_CIPHER_ecb_loop()
                idea_ecb_encrypt(in + i, out + i, ctx->cipher_data);
diff --git a/src/lib/libcrypto/evp/e_null.c b/src/lib/libcrypto/evp/e_null.c
index 0872d733e4..7cf50e1416 100644
--- a/src/lib/libcrypto/evp/e_null.c
+++ b/src/lib/libcrypto/evp/e_null.c
@@ -64,12 +64,12 @@
 static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
        const unsigned char *iv,int enc);
 static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-        const unsigned char *in, unsigned int inl);
+        const unsigned char *in, size_t inl);
 static const EVP_CIPHER n_cipher=
        {
        NID_undef,
        1,0,0,
-        EVP_CIPH_FLAG_FIPS,
+        0,
        null_init_key,
        null_cipher,
        NULL,
@@ -93,10 +93,10 @@ static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
        }
 static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-             const unsigned char *in, unsigned int inl)
+             const unsigned char *in, size_t inl)
        {
        if (in != out)
-                memcpy((char *)out,(const char *)in,(size_t)inl);
+                memcpy((char *)out,(const char *)in,inl);
        return 1;
        }
diff --git a/src/lib/libcrypto/evp/e_rc2.c b/src/lib/libcrypto/evp/e_rc2.c
index d37726ffae..f78d781129 100644
--- a/src/lib/libcrypto/evp/e_rc2.c
+++ b/src/lib/libcrypto/evp/e_rc2.c
@@ -223,6 +223,11 @@ static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
                        return 1;
                        }
                return 0;
+#ifdef PBE_PRF_TEST
+        case EVP_CTRL_PBE_PRF_NID:
+                *(int *)ptr = NID_hmacWithMD5;
+                return 1;
+#endif
        default:
                return -1;
diff --git a/src/lib/libcrypto/evp/e_rc4.c b/src/lib/libcrypto/evp/e_rc4.c
index 55baad7446..8b5175e0fd 100644
--- a/src/lib/libcrypto/evp/e_rc4.c
+++ b/src/lib/libcrypto/evp/e_rc4.c
@@ -64,7 +64,6 @@
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/rc4.h>
-#include "evp_locl.h"
 /* FIXME: surely this is available elsewhere? */
 #define EVP_RC4_KEY_SIZE                16
@@ -79,7 +78,7 @@ typedef struct
 static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                        const unsigned char *iv,int enc);
 static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                      const unsigned char *in, unsigned int inl);
+                      const unsigned char *in, size_t inl);
 static const EVP_CIPHER r4_cipher=
        {
        NID_rc4,
@@ -129,7 +128,7 @@ static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
        }
 static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                      const unsigned char *in, unsigned int inl)
+                      const unsigned char *in, size_t inl)
        {
        RC4(&data(ctx)->ks,inl,in,out);
        return 1;
diff --git a/src/lib/libcrypto/evp/e_xcbc_d.c b/src/lib/libcrypto/evp/e_xcbc_d.c
index 8832da2433..250e88c8c5 100644
--- a/src/lib/libcrypto/evp/e_xcbc_d.c
+++ b/src/lib/libcrypto/evp/e_xcbc_d.c
@@ -63,12 +63,13 @@
 #include <openssl/evp.h>
 #include <openssl/objects.h>
+#include "evp_locl.h"
 #include <openssl/des.h>
 static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                             const unsigned char *iv,int enc);
 static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                           const unsigned char *in, unsigned int inl);
+                           const unsigned char *in, size_t inl);
 typedef struct
@@ -113,13 +114,25 @@ static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
        }
 static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                           const unsigned char *in, unsigned int inl)
+                           const unsigned char *in, size_t inl)
        {
-        DES_xcbc_encrypt(in,out,inl,&data(ctx)->ks,
+        while (inl>=EVP_MAXCHUNK)
+                {
+                DES_xcbc_encrypt(in,out,(long)EVP_MAXCHUNK,&data(ctx)->ks,
                         (DES_cblock *)&(ctx->iv[0]),
                         &data(ctx)->inw,
                         &data(ctx)->outw,
                         ctx->encrypt);
+                inl-=EVP_MAXCHUNK;
+                in +=EVP_MAXCHUNK;
+                out+=EVP_MAXCHUNK;
+                }
+        if (inl)
+                DES_xcbc_encrypt(in,out,(long)inl,&data(ctx)->ks,
+                        (DES_cblock *)&(ctx->iv[0]),
+                        &data(ctx)->inw,
+                        &data(ctx)->outw,
+                        ctx->encrypt);
        return 1;
        }
 #endif
diff --git a/src/lib/libcrypto/evp/encode.c b/src/lib/libcrypto/evp/encode.c
index 5921f0d710..b42c747249 100644
--- a/src/lib/libcrypto/evp/encode.c
+++ b/src/lib/libcrypto/evp/encode.c
@@ -85,7 +85,7 @@
 #define CHUNKS_PER_LINE (64/4)
 #define CHAR_PER_LINE   (64+1)
-static unsigned char data_bin2ascii[65]="ABCDEFGHIJKLMNOPQRSTUVWXYZ\
+static const unsigned char data_bin2ascii[65]="ABCDEFGHIJKLMNOPQRSTUVWXYZ\
 abcdefghijklmnopqrstuvwxyz0123456789+/";
 /* 0xF0 is a EOLN
@@ -102,7 +102,7 @@ abcdefghijklmnopqrstuvwxyz0123456789+/";
 #define B64_ERROR               0xFF
 #define B64_NOT_BASE64(a)       (((a)|0x13) == 0xF3)
-static unsigned char data_ascii2bin[128]={
+static const unsigned char data_ascii2bin[128]={
        0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
        0xFF,0xE0,0xF0,0xFF,0xFF,0xF1,0xFF,0xFF,
        0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h
index 79c097181f..9f9795e2d9 100644
--- a/src/lib/libcrypto/evp/evp.h
+++ b/src/lib/libcrypto/evp/evp.h
@@ -75,10 +75,6 @@
 #include <openssl/bio.h>
 #endif
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 /*
 #define EVP_RC2_KEY_SIZE                16
 #define EVP_RC4_KEY_SIZE                16
@@ -119,6 +115,7 @@
 #define EVP_PKEY_DSA4   NID_dsaWithSHA1_2
 #define EVP_PKEY_DH     NID_dhKeyAgreement
 #define EVP_PKEY_EC     NID_X9_62_id_ecPublicKey
+#define EVP_PKEY_HMAC   NID_hmac
 #ifdef  __cplusplus
 extern "C" {
@@ -132,6 +129,8 @@ struct evp_pkey_st
        int type;
        int save_type;
        int references;
+        const EVP_PKEY_ASN1_METHOD *ameth;
+        ENGINE *engine;
        union   {
                char *ptr;
 #ifndef OPENSSL_NO_RSA
@@ -156,73 +155,6 @@ struct evp_pkey_st
 #define EVP_PKEY_MO_ENCRYPT     0x0004
 #define EVP_PKEY_MO_DECRYPT     0x0008
-#if 0
-/* This structure is required to tie the message digest and signing together.
- * The lookup can be done by md/pkey_method, oid, oid/pkey_method, or
- * oid, md and pkey.
- * This is required because for various smart-card perform the digest and
- * signing/verification on-board.  To handle this case, the specific
- * EVP_MD and EVP_PKEY_METHODs need to be closely associated.
- * When a PKEY is created, it will have a EVP_PKEY_METHOD associated with it.
- * This can either be software or a token to provide the required low level
- * routines.
- */
-typedef struct evp_pkey_md_st
-        {
-        int oid;
-        EVP_MD *md;
-        EVP_PKEY_METHOD *pkey;
-        } EVP_PKEY_MD;
-#define EVP_rsa_md2() \
-                EVP_PKEY_MD_add(NID_md2WithRSAEncryption,\
-                        EVP_rsa_pkcs1(),EVP_md2())
-#define EVP_rsa_md5() \
-                EVP_PKEY_MD_add(NID_md5WithRSAEncryption,\
-                        EVP_rsa_pkcs1(),EVP_md5())
-#define EVP_rsa_sha0() \
-                EVP_PKEY_MD_add(NID_shaWithRSAEncryption,\
-                        EVP_rsa_pkcs1(),EVP_sha())
-#define EVP_rsa_sha1() \
-                EVP_PKEY_MD_add(NID_sha1WithRSAEncryption,\
-                        EVP_rsa_pkcs1(),EVP_sha1())
-#define EVP_rsa_ripemd160() \
-                EVP_PKEY_MD_add(NID_ripemd160WithRSA,\
-                        EVP_rsa_pkcs1(),EVP_ripemd160())
-#define EVP_rsa_mdc2() \
-                EVP_PKEY_MD_add(NID_mdc2WithRSA,\
-                        EVP_rsa_octet_string(),EVP_mdc2())
-#define EVP_dsa_sha() \
-                EVP_PKEY_MD_add(NID_dsaWithSHA,\
-                        EVP_dsa(),EVP_sha())
-#define EVP_dsa_sha1() \
-                EVP_PKEY_MD_add(NID_dsaWithSHA1,\
-                        EVP_dsa(),EVP_sha1())
-typedef struct evp_pkey_method_st
-        {
-        char *name;
-        int flags;
-        int type;               /* RSA, DSA, an SSLeay specific constant */
-        int oid;                /* For the pub-key type */
-        int encrypt_oid;        /* pub/priv key encryption */
-        int (*sign)();
-        int (*verify)();
-        struct  {
-                int (*set)();   /* get and/or set the underlying type */
-                int (*get)();
-                int (*encrypt)();
-                int (*decrypt)();
-                int (*i2d)();
-                int (*d2i)();
-                int (*dup)();
-                } pub,priv;
-        int (*set_asn1_parameters)();
-        int (*get_asn1_parameters)();
-        } EVP_PKEY_METHOD;
-#endif
 #ifndef EVP_MD
 struct env_md_st
        {
@@ -245,6 +177,8 @@ struct env_md_st
        int required_pkey_type[5]; /*EVP_PKEY_xxx */
        int block_size;
        int ctx_size; /* how big does the ctx->md_data need to be */
+        /* control function */
+        int (*md_ctrl)(EVP_MD_CTX *ctx, int cmd, int p1, void *p2);
        } /* EVP_MD */;
 typedef int evp_sign_method(int type,const unsigned char *m,
@@ -254,18 +188,42 @@ typedef int evp_verify_method(int type,const unsigned char *m,
                            unsigned int m_length,const unsigned char *sigbuf,
                            unsigned int siglen, void *key);
-typedef struct
-        {
-        EVP_MD_CTX *mctx;
-        void *key;
-        } EVP_MD_SVCTX;
 #define EVP_MD_FLAG_ONESHOT     0x0001 /* digest can only handle a single
                                        * block */
-#define EVP_MD_FLAG_FIPS        0x0400 /* Note if suitable for use in FIPS mode */
+#define EVP_MD_FLAG_PKEY_DIGEST 0x0002 /* digest is a "clone" digest used
+                                        * which is a copy of an existing
+                                        * one for a specific public key type.
+                                        * EVP_dss1() etc */
+/* Digest uses EVP_PKEY_METHOD for signing instead of MD specific signing */
+#define EVP_MD_FLAG_PKEY_METHOD_SIGNATURE       0x0004
+/* DigestAlgorithmIdentifier flags... */
+#define EVP_MD_FLAG_DIGALGID_MASK               0x0018
-#define EVP_MD_FLAG_SVCTX       0x0800 /* pass EVP_MD_SVCTX to sign/verify */
+/* NULL or absent parameter accepted. Use NULL */
+#define EVP_MD_FLAG_DIGALGID_NULL               0x0000
+/* NULL or absent parameter accepted. Use NULL for PKCS#1 otherwise absent */
+#define EVP_MD_FLAG_DIGALGID_ABSENT             0x0008
+/* Custom handling via ctrl */
+#define EVP_MD_FLAG_DIGALGID_CUSTOM             0x0018
+/* Digest ctrls */
+#define EVP_MD_CTRL_DIGALGID                    0x1
+#define EVP_MD_CTRL_MICALG                      0x2
+/* Minimum Algorithm specific ctrl value */
+#define EVP_MD_CTRL_ALG_CTRL                    0x1000
 #define EVP_PKEY_NULL_method    NULL,NULL,{0,0,0,0}
@@ -307,6 +265,10 @@ struct env_md_ctx_st
        ENGINE *engine; /* functional reference if 'digest' is ENGINE-provided */
        unsigned long flags;
        void *md_data;
+        /* Public key context for sign/verify */
+        EVP_PKEY_CTX *pctx;
+        /* Update function: usually copied from EVP_MD */
+        int (*update)(EVP_MD_CTX *ctx,const void *data,size_t count);
        } /* EVP_MD_CTX */;
 /* values for EVP_MD_CTX flags */
@@ -317,17 +279,23 @@ struct env_md_ctx_st
                                                * cleaned */
 #define EVP_MD_CTX_FLAG_REUSE           0x0004 /* Don't free up ctx->md_data
                                                * in EVP_MD_CTX_cleanup */
+/* FIPS and pad options are ignored in 1.0.0, definitions are here
+ * so we don't accidentally reuse the values for other purposes.
+ */
 #define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW  0x0008  /* Allow use of non FIPS digest
                                                 * in FIPS mode */
+/* The following PAD options are also currently ignored in 1.0.0, digest
+ * parameters are handled through EVP_DigestSign*() and EVP_DigestVerify*()
+ * instead.
+ */
 #define EVP_MD_CTX_FLAG_PAD_MASK        0xF0    /* RSA mode to use */
 #define EVP_MD_CTX_FLAG_PAD_PKCS1       0x00    /* PKCS#1 v1.5 mode */
 #define EVP_MD_CTX_FLAG_PAD_X931        0x10    /* X9.31 mode */
 #define EVP_MD_CTX_FLAG_PAD_PSS         0x20    /* PSS mode */
-#define M_EVP_MD_CTX_FLAG_PSS_SALT(ctx) \
-                ((ctx->flags>>16) &0xFFFF) /* seed length */
+#define EVP_MD_CTX_FLAG_NO_INIT         0x0100 /* Don't initialize md_data */
-#define EVP_MD_CTX_FLAG_PSS_MDLEN       0xFFFF  /* salt len same as digest */
-#define EVP_MD_CTX_FLAG_PSS_MREC        0xFFFE  /* salt max or auto recovered */
 struct evp_cipher_st
        {
@@ -339,7 +307,7 @@ struct evp_cipher_st
        int (*init)(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                    const unsigned char *iv, int enc);  /* init key */
        int (*do_cipher)(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                         const unsigned char *in, unsigned int inl);/* encrypt/decrypt data */
+                         const unsigned char *in, size_t inl);/* encrypt/decrypt data */
        int (*cleanup)(EVP_CIPHER_CTX *); /* cleanup ctx */
        int ctx_size;           /* how big ctx->cipher_data needs to be */
        int (*set_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Populate a ASN1_TYPE with parameters */
@@ -357,7 +325,7 @@ struct evp_cipher_st
 #define         EVP_CIPH_CBC_MODE               0x2
 #define         EVP_CIPH_CFB_MODE               0x3
 #define         EVP_CIPH_OFB_MODE               0x4
-#define         EVP_CIPH_MODE                   0x7
+#define         EVP_CIPH_MODE                   0xF0007
 /* Set if variable length cipher */
 #define         EVP_CIPH_VARIABLE_LENGTH        0x8
 /* Set if the iv handling should be done by the cipher itself */
@@ -372,10 +340,8 @@ struct evp_cipher_st
 #define         EVP_CIPH_NO_PADDING             0x100
 /* cipher handles random key generation */
 #define         EVP_CIPH_RAND_KEY               0x200
-/* Note if suitable for use in FIPS mode */
+/* cipher has its own additional copying logic */
-#define         EVP_CIPH_FLAG_FIPS              0x400
+#define         EVP_CIPH_CUSTOM_COPY            0x400
-/* Allow non FIPS cipher in FIPS mode */
-#define         EVP_CIPH_FLAG_NON_FIPS_ALLOW    0x800
 /* Allow use default ASN1 get/set iv */
 #define         EVP_CIPH_FLAG_DEFAULT_ASN1      0x1000
 /* Buffer length in bits not bytes: CFB1 mode only */
@@ -390,6 +356,8 @@ struct evp_cipher_st
 #define         EVP_CTRL_GET_RC5_ROUNDS         0x4
 #define         EVP_CTRL_SET_RC5_ROUNDS         0x5
 #define         EVP_CTRL_RAND_KEY               0x6
+#define         EVP_CTRL_PBE_PRF_NID            0x7
+#define         EVP_CTRL_COPY                   0x8
 typedef struct evp_cipher_info_st
        {
@@ -462,26 +430,15 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
 #define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a))
 #define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a))
-/* Macros to reduce FIPS dependencies: do NOT use in applications */
-#define M_EVP_MD_size(e)                ((e)->md_size)
-#define M_EVP_MD_block_size(e)          ((e)->block_size)
-#define M_EVP_MD_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs))
-#define M_EVP_MD_CTX_clear_flags(ctx,flgs) ((ctx)->flags&=~(flgs))
-#define M_EVP_MD_CTX_test_flags(ctx,flgs) ((ctx)->flags&(flgs))
-#define M_EVP_MD_type(e)                        ((e)->type)
-#define M_EVP_MD_CTX_type(e)            M_EVP_MD_type(M_EVP_MD_CTX_md(e))
-#define M_EVP_MD_CTX_md(e)                      ((e)->digest)
-#define M_EVP_CIPHER_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs))
 int EVP_MD_type(const EVP_MD *md);
 #define EVP_MD_nid(e)                   EVP_MD_type(e)
 #define EVP_MD_name(e)                  OBJ_nid2sn(EVP_MD_nid(e))
 int EVP_MD_pkey_type(const EVP_MD *md); 
 int EVP_MD_size(const EVP_MD *md);
 int EVP_MD_block_size(const EVP_MD *md);
+unsigned long EVP_MD_flags(const EVP_MD *md);
-const EVP_MD * EVP_MD_CTX_md(const EVP_MD_CTX *ctx);
+const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx);
 #define EVP_MD_CTX_size(e)              EVP_MD_size(EVP_MD_CTX_md(e))
 #define EVP_MD_CTX_block_size(e)        EVP_MD_block_size(EVP_MD_CTX_md(e))
 #define EVP_MD_CTX_type(e)              EVP_MD_type(EVP_MD_CTX_md(e))
@@ -499,6 +456,7 @@ int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx);
 int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx);
 int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx);
 int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx);
+int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in);
 void * EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx);
 void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data);
 #define EVP_CIPHER_CTX_type(c)         EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c))
@@ -516,6 +474,8 @@ unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx);
 #define EVP_VerifyUpdate(a,b,c)         EVP_DigestUpdate(a,b,c)
 #define EVP_OpenUpdate(a,b,c,d,e)       EVP_DecryptUpdate(a,b,c,d,e)
 #define EVP_SealUpdate(a,b,c,d,e)       EVP_EncryptUpdate(a,b,c,d,e)    
+#define EVP_DigestSignUpdate(a,b,c)     EVP_DigestUpdate(a,b,c)
+#define EVP_DigestVerifyUpdate(a,b,c)   EVP_DigestUpdate(a,b,c)
 #ifdef CONST_STRICT
 void BIO_set_md(BIO *,const EVP_MD *md);
@@ -562,6 +522,7 @@ int	EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
 int     EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);
 int     EVP_read_pw_string(char *buf,int length,const char *prompt,int verify);
+int     EVP_read_pw_string_min(char *buf,int minlen,int maxlen,const char *prompt,int verify);
 void    EVP_set_pw_prompt(const char *prompt);
 char *  EVP_get_pw_prompt(void);
@@ -608,6 +569,16 @@ int	EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s,
 int     EVP_VerifyFinal(EVP_MD_CTX *ctx,const unsigned char *sigbuf,
                unsigned int siglen,EVP_PKEY *pkey);
+int     EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+                        const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
+int     EVP_DigestSignFinal(EVP_MD_CTX *ctx,
+                        unsigned char *sigret, size_t *siglen);
+int     EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+                        const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
+int     EVP_DigestVerifyFinal(EVP_MD_CTX *ctx,
+                        unsigned char *sig, size_t siglen);
 int     EVP_OpenInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,
                const unsigned char *ek, int ekl, const unsigned char *iv,
                EVP_PKEY *priv);
@@ -680,6 +651,9 @@ const EVP_MD *EVP_mdc2(void);
 #ifndef OPENSSL_NO_RIPEMD
 const EVP_MD *EVP_ripemd160(void);
 #endif
+#ifndef OPENSSL_NO_WHIRLPOOL
+const EVP_MD *EVP_whirlpool(void);
+#endif
 const EVP_CIPHER *EVP_enc_null(void);           /* does nothing :-) */
 #ifndef OPENSSL_NO_DES
 const EVP_CIPHER *EVP_des_ecb(void);
@@ -847,16 +821,31 @@ const EVP_CIPHER *EVP_get_cipherbyname(const char *name);
 const EVP_MD *EVP_get_digestbyname(const char *name);
 void EVP_cleanup(void);
-int             EVP_PKEY_decrypt(unsigned char *dec_key,
+void EVP_CIPHER_do_all(void (*fn)(const EVP_CIPHER *ciph,
+                const char *from, const char *to, void *x), void *arg);
+void EVP_CIPHER_do_all_sorted(void (*fn)(const EVP_CIPHER *ciph,
+                const char *from, const char *to, void *x), void *arg);
+void EVP_MD_do_all(void (*fn)(const EVP_MD *ciph,
+                const char *from, const char *to, void *x), void *arg);
+void EVP_MD_do_all_sorted(void (*fn)(const EVP_MD *ciph,
+                const char *from, const char *to, void *x), void *arg);
+int             EVP_PKEY_decrypt_old(unsigned char *dec_key,
                        const unsigned char *enc_key,int enc_key_len,
                        EVP_PKEY *private_key);
-int             EVP_PKEY_encrypt(unsigned char *enc_key,
+int             EVP_PKEY_encrypt_old(unsigned char *enc_key,
                        const unsigned char *key,int key_len,
                        EVP_PKEY *pub_key);
 int             EVP_PKEY_type(int type);
+int             EVP_PKEY_id(const EVP_PKEY *pkey);
+int             EVP_PKEY_base_id(const EVP_PKEY *pkey);
 int             EVP_PKEY_bits(EVP_PKEY *pkey);
 int             EVP_PKEY_size(EVP_PKEY *pkey);
-int             EVP_PKEY_assign(EVP_PKEY *pkey,int type,char *key);
+int             EVP_PKEY_set_type(EVP_PKEY *pkey,int type);
+int             EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len);
+int             EVP_PKEY_assign(EVP_PKEY *pkey,int type,void *key);
+void *          EVP_PKEY_get0(EVP_PKEY *pkey);
 #ifndef OPENSSL_NO_RSA
 struct rsa_st;
@@ -899,6 +888,15 @@ int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b);
 int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b);
+int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey,
+                                int indent, ASN1_PCTX *pctx);
+int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey,
+                                int indent, ASN1_PCTX *pctx);
+int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey,
+                                int indent, ASN1_PCTX *pctx);
+int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid);
 int EVP_CIPHER_type(const EVP_CIPHER *ctx);
 /* calls methods */
@@ -916,6 +914,10 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
 int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
                           const unsigned char *salt, int saltlen, int iter,
                           int keylen, unsigned char *out);
+int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
+                           const unsigned char *salt, int saltlen, int iter,
+                           const EVP_MD *digest,
+                      int keylen, unsigned char *out);
 int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
                         ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md,
                         int en_de);
@@ -924,27 +926,260 @@ void PKCS5_PBE_add(void);
 int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
             ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de);
+/* PBE type */
+/* Can appear as the outermost AlgorithmIdentifier */
+#define EVP_PBE_TYPE_OUTER      0x0
+/* Is an PRF type OID */
+#define EVP_PBE_TYPE_PRF        0x1
+int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, int md_nid,
+             EVP_PBE_KEYGEN *keygen);
 int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md,
                    EVP_PBE_KEYGEN *keygen);
+int EVP_PBE_find(int type, int pbe_nid,
+                        int *pcnid, int *pmnid, EVP_PBE_KEYGEN **pkeygen);
 void EVP_PBE_cleanup(void);
-#ifdef OPENSSL_FIPS
+#define ASN1_PKEY_ALIAS         0x1
-#ifndef OPENSSL_NO_ENGINE
+#define ASN1_PKEY_DYNAMIC       0x2
-void int_EVP_MD_set_engine_callbacks(
+#define ASN1_PKEY_SIGPARAM_NULL 0x4
-        int (*eng_md_init)(ENGINE *impl),
-        int (*eng_md_fin)(ENGINE *impl),
+#define ASN1_PKEY_CTRL_PKCS7_SIGN       0x1
-        int (*eng_md_evp)
+#define ASN1_PKEY_CTRL_PKCS7_ENCRYPT    0x2
-                (EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl));
+#define ASN1_PKEY_CTRL_DEFAULT_MD_NID   0x3
-void int_EVP_MD_init_engine_callbacks(void);
+#define ASN1_PKEY_CTRL_CMS_SIGN         0x5
-void int_EVP_CIPHER_set_engine_callbacks(
+#define ASN1_PKEY_CTRL_CMS_ENVELOPE     0x7
-        int (*eng_ciph_fin)(ENGINE *impl),
-        int (*eng_ciph_evp)
+int EVP_PKEY_asn1_get_count(void);
-                (EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pciph, ENGINE *impl));
+const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx);
-void int_EVP_CIPHER_init_engine_callbacks(void);
+const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type);
-#endif
+const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe,
-#endif
+                                        const char *str, int len);
+int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth);
+int EVP_PKEY_asn1_add_alias(int to, int from);
+int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *pkey_base_id, int *ppkey_flags,
+                                const char **pinfo, const char **ppem_str,
+                                        const EVP_PKEY_ASN1_METHOD *ameth);
+const EVP_PKEY_ASN1_METHOD* EVP_PKEY_get0_asn1(EVP_PKEY *pkey);
+EVP_PKEY_ASN1_METHOD* EVP_PKEY_asn1_new(int id, int flags,
+                                        const char *pem_str, const char *info);
+void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst, 
+                        const EVP_PKEY_ASN1_METHOD *src);
+void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth);
+void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth,
+                int (*pub_decode)(EVP_PKEY *pk, X509_PUBKEY *pub),
+                int (*pub_encode)(X509_PUBKEY *pub, const EVP_PKEY *pk),
+                int (*pub_cmp)(const EVP_PKEY *a, const EVP_PKEY *b),
+                int (*pub_print)(BIO *out, const EVP_PKEY *pkey, int indent,
+                                                        ASN1_PCTX *pctx),
+                int (*pkey_size)(const EVP_PKEY *pk),
+                int (*pkey_bits)(const EVP_PKEY *pk));
+void EVP_PKEY_asn1_set_private(EVP_PKEY_ASN1_METHOD *ameth,
+                int (*priv_decode)(EVP_PKEY *pk, PKCS8_PRIV_KEY_INFO *p8inf),
+                int (*priv_encode)(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk),
+                int (*priv_print)(BIO *out, const EVP_PKEY *pkey, int indent,
+                                                        ASN1_PCTX *pctx));
+void EVP_PKEY_asn1_set_param(EVP_PKEY_ASN1_METHOD *ameth,
+                int (*param_decode)(EVP_PKEY *pkey,
+                                const unsigned char **pder, int derlen),
+                int (*param_encode)(const EVP_PKEY *pkey, unsigned char **pder),
+                int (*param_missing)(const EVP_PKEY *pk),
+                int (*param_copy)(EVP_PKEY *to, const EVP_PKEY *from),
+                int (*param_cmp)(const EVP_PKEY *a, const EVP_PKEY *b),
+                int (*param_print)(BIO *out, const EVP_PKEY *pkey, int indent,
+                                                        ASN1_PCTX *pctx));
+void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth,
+                void (*pkey_free)(EVP_PKEY *pkey));
+void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,
+                int (*pkey_ctrl)(EVP_PKEY *pkey, int op,
+                                                        long arg1, void *arg2));
+#define EVP_PKEY_OP_UNDEFINED           0
+#define EVP_PKEY_OP_PARAMGEN            (1<<1)
+#define EVP_PKEY_OP_KEYGEN              (1<<2)
+#define EVP_PKEY_OP_SIGN                (1<<3)
+#define EVP_PKEY_OP_VERIFY              (1<<4)
+#define EVP_PKEY_OP_VERIFYRECOVER       (1<<5)
+#define EVP_PKEY_OP_SIGNCTX             (1<<6)
+#define EVP_PKEY_OP_VERIFYCTX           (1<<7)
+#define EVP_PKEY_OP_ENCRYPT             (1<<8)
+#define EVP_PKEY_OP_DECRYPT             (1<<9)
+#define EVP_PKEY_OP_DERIVE              (1<<10)
+#define EVP_PKEY_OP_TYPE_SIG    \
+        (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY | EVP_PKEY_OP_VERIFYRECOVER \
+                | EVP_PKEY_OP_SIGNCTX | EVP_PKEY_OP_VERIFYCTX)
+#define EVP_PKEY_OP_TYPE_CRYPT \
+        (EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT)
+#define EVP_PKEY_OP_TYPE_NOGEN \
+        (EVP_PKEY_OP_SIG | EVP_PKEY_OP_CRYPT | EVP_PKEY_OP_DERIVE)
+#define EVP_PKEY_OP_TYPE_GEN \
+                (EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN)
+#define  EVP_PKEY_CTX_set_signature_md(ctx, md) \
+                EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG,  \
+                                        EVP_PKEY_CTRL_MD, 0, (void *)md)
+#define EVP_PKEY_CTRL_MD                1
+#define EVP_PKEY_CTRL_PEER_KEY          2
+#define EVP_PKEY_CTRL_PKCS7_ENCRYPT     3
+#define EVP_PKEY_CTRL_PKCS7_DECRYPT     4
+#define EVP_PKEY_CTRL_PKCS7_SIGN        5
+#define EVP_PKEY_CTRL_SET_MAC_KEY       6
+#define EVP_PKEY_CTRL_DIGESTINIT        7
+/* Used by GOST key encryption in TLS */
+#define EVP_PKEY_CTRL_SET_IV            8
+#define EVP_PKEY_CTRL_CMS_ENCRYPT       9
+#define EVP_PKEY_CTRL_CMS_DECRYPT       10
+#define EVP_PKEY_CTRL_CMS_SIGN          11
+#define EVP_PKEY_ALG_CTRL               0x1000
+#define EVP_PKEY_FLAG_AUTOARGLEN        2
+const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type);
+EVP_PKEY_METHOD* EVP_PKEY_meth_new(int id, int flags);
+void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth);
+int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth);
+EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e);
+EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e);
+EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *ctx);
+void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype,
+                                int cmd, int p1, void *p2);
+int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
+                                                const char *value);
+int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx);
+void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen);
+EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e,
+                                unsigned char *key, int keylen);
+void EVP_PKEY_CTX_set_data(EVP_PKEY_CTX *ctx, void *data);
+void *EVP_PKEY_CTX_get_data(EVP_PKEY_CTX *ctx);
+EVP_PKEY *EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX *ctx);
+EVP_PKEY *EVP_PKEY_CTX_get0_peerkey(EVP_PKEY_CTX *ctx);
+void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data);
+void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
+                        unsigned char *sig, size_t *siglen,
+                        const unsigned char *tbs, size_t tbslen);
+int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_verify(EVP_PKEY_CTX *ctx,
+                        const unsigned char *sig, size_t siglen,
+                        const unsigned char *tbs, size_t tbslen);
+int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx,
+                        unsigned char *rout, size_t *routlen,
+                        const unsigned char *sig, size_t siglen);
+int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx,
+                        unsigned char *out, size_t *outlen,
+                        const unsigned char *in, size_t inlen);
+int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx,
+                        unsigned char *out, size_t *outlen,
+                        const unsigned char *in, size_t inlen);
+int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer);
+int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
+typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
+int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
+void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb);
+EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx);
+void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth,
+        int (*init)(EVP_PKEY_CTX *ctx));
+void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth,
+        int (*copy)(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src));
+void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth,
+        void (*cleanup)(EVP_PKEY_CTX *ctx));
+void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth,
+        int (*paramgen_init)(EVP_PKEY_CTX *ctx),
+        int (*paramgen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey));
+void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth,
+        int (*keygen_init)(EVP_PKEY_CTX *ctx),
+        int (*keygen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey));
-void EVP_add_alg_module(void);
+void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth,
+        int (*sign_init)(EVP_PKEY_CTX *ctx),
+        int (*sign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+                                        const unsigned char *tbs, size_t tbslen));
+void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth,
+        int (*verify_init)(EVP_PKEY_CTX *ctx),
+        int (*verify)(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen,
+                                        const unsigned char *tbs, size_t tbslen));
+void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth,
+        int (*verify_recover_init)(EVP_PKEY_CTX *ctx),
+        int (*verify_recover)(EVP_PKEY_CTX *ctx,
+                                        unsigned char *sig, size_t *siglen,
+                                        const unsigned char *tbs, size_t tbslen));
+void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth,
+        int (*signctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx),
+        int (*signctx)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+                                        EVP_MD_CTX *mctx));
+void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth,
+        int (*verifyctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx),
+        int (*verifyctx)(EVP_PKEY_CTX *ctx, const unsigned char *sig,int siglen,
+                                        EVP_MD_CTX *mctx));
+void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth,
+        int (*encrypt_init)(EVP_PKEY_CTX *ctx),
+        int (*encryptfn)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
+                                        const unsigned char *in, size_t inlen));
+void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth,
+        int (*decrypt_init)(EVP_PKEY_CTX *ctx),
+        int (*decrypt)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
+                                        const unsigned char *in, size_t inlen));
+void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth,
+        int (*derive_init)(EVP_PKEY_CTX *ctx),
+        int (*derive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen));
+void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
+        int (*ctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2),
+        int (*ctrl_str)(EVP_PKEY_CTX *ctx,
+                                        const char *type, const char *value));
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
@@ -956,46 +1191,66 @@ void ERR_load_EVP_strings(void);
 /* Function codes. */
 #define EVP_F_AES_INIT_KEY                               133
-#define EVP_F_ALG_MODULE_INIT                            138
 #define EVP_F_CAMELLIA_INIT_KEY                          159
 #define EVP_F_D2I_PKEY                                   100
-#define EVP_F_DO_EVP_ENC_ENGINE                          140
+#define EVP_F_DO_SIGVER_INIT                             161
-#define EVP_F_DO_EVP_ENC_ENGINE_FULL                     141
-#define EVP_F_DO_EVP_MD_ENGINE                           139
-#define EVP_F_DO_EVP_MD_ENGINE_FULL                      142
 #define EVP_F_DSAPKEY2PKCS8                              134
 #define EVP_F_DSA_PKEY2PKCS8                             135
 #define EVP_F_ECDSA_PKEY2PKCS8                           129
 #define EVP_F_ECKEY_PKEY2PKCS8                           132
-#define EVP_F_EVP_CIPHERINIT                             137
 #define EVP_F_EVP_CIPHERINIT_EX                          123
+#define EVP_F_EVP_CIPHER_CTX_COPY                        163
 #define EVP_F_EVP_CIPHER_CTX_CTRL                        124
 #define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH              122
 #define EVP_F_EVP_DECRYPTFINAL_EX                        101
-#define EVP_F_EVP_DIGESTINIT                             136
 #define EVP_F_EVP_DIGESTINIT_EX                          128
 #define EVP_F_EVP_ENCRYPTFINAL_EX                        127
 #define EVP_F_EVP_MD_CTX_COPY_EX                         110
+#define EVP_F_EVP_MD_SIZE                                162
 #define EVP_F_EVP_OPENINIT                               102
 #define EVP_F_EVP_PBE_ALG_ADD                            115
+#define EVP_F_EVP_PBE_ALG_ADD_TYPE                       160
 #define EVP_F_EVP_PBE_CIPHERINIT                         116
 #define EVP_F_EVP_PKCS82PKEY                             111
+#define EVP_F_EVP_PKCS82PKEY_BROKEN                      136
 #define EVP_F_EVP_PKEY2PKCS8_BROKEN                      113
 #define EVP_F_EVP_PKEY_COPY_PARAMETERS                   103
+#define EVP_F_EVP_PKEY_CTX_CTRL                          137
+#define EVP_F_EVP_PKEY_CTX_CTRL_STR                      150
+#define EVP_F_EVP_PKEY_CTX_DUP                           156
 #define EVP_F_EVP_PKEY_DECRYPT                           104
+#define EVP_F_EVP_PKEY_DECRYPT_INIT                      138
+#define EVP_F_EVP_PKEY_DECRYPT_OLD                       151
+#define EVP_F_EVP_PKEY_DERIVE                            153
+#define EVP_F_EVP_PKEY_DERIVE_INIT                       154
+#define EVP_F_EVP_PKEY_DERIVE_SET_PEER                   155
 #define EVP_F_EVP_PKEY_ENCRYPT                           105
+#define EVP_F_EVP_PKEY_ENCRYPT_INIT                      139
+#define EVP_F_EVP_PKEY_ENCRYPT_OLD                       152
 #define EVP_F_EVP_PKEY_GET1_DH                           119
 #define EVP_F_EVP_PKEY_GET1_DSA                          120
 #define EVP_F_EVP_PKEY_GET1_ECDSA                        130
 #define EVP_F_EVP_PKEY_GET1_EC_KEY                       131
 #define EVP_F_EVP_PKEY_GET1_RSA                          121
+#define EVP_F_EVP_PKEY_KEYGEN                            146
+#define EVP_F_EVP_PKEY_KEYGEN_INIT                       147
 #define EVP_F_EVP_PKEY_NEW                               106
+#define EVP_F_EVP_PKEY_PARAMGEN                          148
+#define EVP_F_EVP_PKEY_PARAMGEN_INIT                     149
+#define EVP_F_EVP_PKEY_SIGN                              140
+#define EVP_F_EVP_PKEY_SIGN_INIT                         141
+#define EVP_F_EVP_PKEY_VERIFY                            142
+#define EVP_F_EVP_PKEY_VERIFY_INIT                       143
+#define EVP_F_EVP_PKEY_VERIFY_RECOVER                    144
+#define EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT               145
 #define EVP_F_EVP_RIJNDAEL                               126
 #define EVP_F_EVP_SIGNFINAL                              107
 #define EVP_F_EVP_VERIFYFINAL                            108
+#define EVP_F_INT_CTX_NEW                                157
 #define EVP_F_PKCS5_PBE_KEYIVGEN                         117
 #define EVP_F_PKCS5_V2_PBE_KEYIVGEN                      118
 #define EVP_F_PKCS8_SET_BROKEN                           112
+#define EVP_F_PKEY_SET_TYPE                              158
 #define EVP_F_RC2_MAGIC_TO_METH                          109
 #define EVP_F_RC5_CTRL                                   125
@@ -1007,41 +1262,52 @@ void ERR_load_EVP_strings(void);
 #define EVP_R_BAD_KEY_LENGTH                             137
 #define EVP_R_BN_DECODE_ERROR                            112
 #define EVP_R_BN_PUBKEY_ERROR                            113
+#define EVP_R_BUFFER_TOO_SMALL                           155
 #define EVP_R_CAMELLIA_KEY_SETUP_FAILED                  157
 #define EVP_R_CIPHER_PARAMETER_ERROR                     122
+#define EVP_R_COMMAND_NOT_SUPPORTED                      147
 #define EVP_R_CTRL_NOT_IMPLEMENTED                       132
 #define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED             133
 #define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH          138
 #define EVP_R_DECODE_ERROR                               114
 #define EVP_R_DIFFERENT_KEY_TYPES                        101
-#define EVP_R_DISABLED_FOR_FIPS                          144
+#define EVP_R_DIFFERENT_PARAMETERS                       153
 #define EVP_R_ENCODE_ERROR                               115
-#define EVP_R_ERROR_LOADING_SECTION                      145
-#define EVP_R_ERROR_SETTING_FIPS_MODE                    146
 #define EVP_R_EVP_PBE_CIPHERINIT_ERROR                   119
 #define EVP_R_EXPECTING_AN_RSA_KEY                       127
 #define EVP_R_EXPECTING_A_DH_KEY                         128
 #define EVP_R_EXPECTING_A_DSA_KEY                        129
 #define EVP_R_EXPECTING_A_ECDSA_KEY                      141
 #define EVP_R_EXPECTING_A_EC_KEY                         142
-#define EVP_R_FIPS_MODE_NOT_SUPPORTED                    147
 #define EVP_R_INITIALIZATION_ERROR                       134
 #define EVP_R_INPUT_NOT_INITIALIZED                      111
-#define EVP_R_INVALID_FIPS_MODE                          148
+#define EVP_R_INVALID_DIGEST                             152
 #define EVP_R_INVALID_KEY_LENGTH                         130
+#define EVP_R_INVALID_OPERATION                          148
 #define EVP_R_IV_TOO_LARGE                               102
 #define EVP_R_KEYGEN_FAILURE                             120
+#define EVP_R_MESSAGE_DIGEST_IS_NULL                     159
+#define EVP_R_METHOD_NOT_SUPPORTED                       144
 #define EVP_R_MISSING_PARAMETERS                         103
 #define EVP_R_NO_CIPHER_SET                              131
+#define EVP_R_NO_DEFAULT_DIGEST                          158
 #define EVP_R_NO_DIGEST_SET                              139
 #define EVP_R_NO_DSA_PARAMETERS                          116
+#define EVP_R_NO_KEY_SET                                 154
+#define EVP_R_NO_OPERATION_SET                           149
 #define EVP_R_NO_SIGN_FUNCTION_CONFIGURED                104
 #define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED              105
+#define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE   150
+#define EVP_R_OPERATON_NOT_INITIALIZED                   151
 #define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE                  117
+#define EVP_R_PRIVATE_KEY_DECODE_ERROR                   145
+#define EVP_R_PRIVATE_KEY_ENCODE_ERROR                   146
 #define EVP_R_PUBLIC_KEY_NOT_RSA                         106
-#define EVP_R_UNKNOWN_OPTION                             149
+#define EVP_R_UNKNOWN_CIPHER                             160
+#define EVP_R_UNKNOWN_DIGEST                             161
 #define EVP_R_UNKNOWN_PBE_ALGORITHM                      121
 #define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS                135
+#define EVP_R_UNSUPPORTED_ALGORITHM                      156
 #define EVP_R_UNSUPPORTED_CIPHER                         107
 #define EVP_R_UNSUPPORTED_KEYLENGTH                      123
 #define EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION        124
@@ -1051,7 +1317,6 @@ void ERR_load_EVP_strings(void);
 #define EVP_R_UNSUPPORTED_SALT_TYPE                      126
 #define EVP_R_WRONG_FINAL_BLOCK_LENGTH                   109
 #define EVP_R_WRONG_PUBLIC_KEY_TYPE                      110
-#define EVP_R_SEED_KEY_SETUP_FAILED                      162
 #ifdef  __cplusplus
 }
diff --git a/src/lib/libcrypto/evp/evp_enc.c b/src/lib/libcrypto/evp/evp_enc.c
index 30e0ca4d9f..bead6a2170 100644
--- a/src/lib/libcrypto/evp/evp_enc.c
+++ b/src/lib/libcrypto/evp/evp_enc.c
@@ -66,16 +66,14 @@
 #endif
 #include "evp_locl.h"
-#ifdef OPENSSL_FIPS
-        #define M_do_cipher(ctx, out, in, inl) \
-                EVP_Cipher(ctx,out,in,inl)
-#else
-        #define M_do_cipher(ctx, out, in, inl) \
-                ctx->cipher->do_cipher(ctx,out,in,inl)
-#endif
 const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT;
+void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
+        {
+        memset(ctx,0,sizeof(EVP_CIPHER_CTX));
+        /* ctx->cipher=NULL; */
+        }
 EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void)
        {
        EVP_CIPHER_CTX *ctx=OPENSSL_malloc(sizeof *ctx);
@@ -92,6 +90,144 @@ int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
        return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc);
        }
+int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
+             const unsigned char *key, const unsigned char *iv, int enc)
+        {
+        if (enc == -1)
+                enc = ctx->encrypt;
+        else
+                {
+                if (enc)
+                        enc = 1;
+                ctx->encrypt = enc;
+                }
+#ifndef OPENSSL_NO_ENGINE
+        /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
+         * so this context may already have an ENGINE! Try to avoid releasing
+         * the previous handle, re-querying for an ENGINE, and having a
+         * reinitialisation, when it may all be unecessary. */
+        if (ctx->engine && ctx->cipher && (!cipher ||
+                        (cipher && (cipher->nid == ctx->cipher->nid))))
+                goto skip_to_init;
+#endif
+        if (cipher)
+                {
+                /* Ensure a context left lying around from last time is cleared
+                 * (the previous check attempted to avoid this if the same
+                 * ENGINE and EVP_CIPHER could be used). */
+                EVP_CIPHER_CTX_cleanup(ctx);
+                /* Restore encrypt field: it is zeroed by cleanup */
+                ctx->encrypt = enc;
+#ifndef OPENSSL_NO_ENGINE
+                if(impl)
+                        {
+                        if (!ENGINE_init(impl))
+                                {
+                                EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
+                                return 0;
+                                }
+                        }
+                else
+                        /* Ask if an ENGINE is reserved for this job */
+                        impl = ENGINE_get_cipher_engine(cipher->nid);
+                if(impl)
+                        {
+                        /* There's an ENGINE for this job ... (apparently) */
+                        const EVP_CIPHER *c = ENGINE_get_cipher(impl, cipher->nid);
+                        if(!c)
+                                {
+                                /* One positive side-effect of US's export
+                                 * control history, is that we should at least
+                                 * be able to avoid using US mispellings of
+                                 * "initialisation"? */
+                                EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
+                                return 0;
+                                }
+                        /* We'll use the ENGINE's private cipher definition */
+                        cipher = c;
+                        /* Store the ENGINE functional reference so we know
+                         * 'cipher' came from an ENGINE and we need to release
+                         * it when done. */
+                        ctx->engine = impl;
+                        }
+                else
+                        ctx->engine = NULL;
+#endif
+                ctx->cipher=cipher;
+                if (ctx->cipher->ctx_size)
+                        {
+                        ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size);
+                        if (!ctx->cipher_data)
+                                {
+                                EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE);
+                                return 0;
+                                }
+                        }
+                else
+                        {
+                        ctx->cipher_data = NULL;
+                        }
+                ctx->key_len = cipher->key_len;
+                ctx->flags = 0;
+                if(ctx->cipher->flags & EVP_CIPH_CTRL_INIT)
+                        {
+                        if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL))
+                                {
+                                EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
+                                return 0;
+                                }
+                        }
+                }
+        else if(!ctx->cipher)
+                {
+                EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET);
+                return 0;
+                }
+#ifndef OPENSSL_NO_ENGINE
+skip_to_init:
+#endif
+        /* we assume block size is a power of 2 in *cryptUpdate */
+        OPENSSL_assert(ctx->cipher->block_size == 1
+            || ctx->cipher->block_size == 8
+            || ctx->cipher->block_size == 16);
+        if(!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) {
+                switch(EVP_CIPHER_CTX_mode(ctx)) {
+                        case EVP_CIPH_STREAM_CIPHER:
+                        case EVP_CIPH_ECB_MODE:
+                        break;
+                        case EVP_CIPH_CFB_MODE:
+                        case EVP_CIPH_OFB_MODE:
+                        ctx->num = 0;
+                        case EVP_CIPH_CBC_MODE:
+                        OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <=
+                                        (int)sizeof(ctx->iv));
+                        if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
+                        memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
+                        break;
+                        default:
+                        return 0;
+                        break;
+                }
+        }
+        if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
+                if(!ctx->cipher->init(ctx,key,iv,enc)) return 0;
+        }
+        ctx->buf_len=0;
+        ctx->final_used=0;
+        ctx->block_mask=ctx->cipher->block_size-1;
+        return 1;
+        }
 int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
             const unsigned char *in, int inl)
        {
@@ -151,7 +287,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
        if(ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0)
                {
-                if(M_do_cipher(ctx,out,in,inl))
+                if(ctx->cipher->do_cipher(ctx,out,in,inl))
                        {
                        *outl=inl;
                        return 1;
@@ -178,7 +314,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
                        {
                        j=bl-i;
                        memcpy(&(ctx->buf[i]),in,j);
-                        if(!M_do_cipher(ctx,out,ctx->buf,bl)) return 0;
+                        if(!ctx->cipher->do_cipher(ctx,out,ctx->buf,bl)) return 0;
                        inl-=j;
                        in+=j;
                        out+=bl;
@@ -191,7 +327,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
        inl-=i;
        if (inl > 0)
                {
-                if(!M_do_cipher(ctx,out,in,inl)) return 0;
+                if(!ctx->cipher->do_cipher(ctx,out,in,inl)) return 0;
                *outl+=inl;
                }
@@ -235,7 +371,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
        n=b-bl;
        for (i=bl; i<b; i++)
                ctx->buf[i]=n;
-        ret=M_do_cipher(ctx,out,ctx->buf,b);
+        ret=ctx->cipher->do_cipher(ctx,out,ctx->buf,b);
        if(ret)
@@ -357,6 +493,28 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
                }
        }
+int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
+        {
+        if (c->cipher != NULL)
+                {
+                if(c->cipher->cleanup && !c->cipher->cleanup(c))
+                        return 0;
+                /* Cleanse cipher context data */
+                if (c->cipher_data)
+                        OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size);
+                }
+        if (c->cipher_data)
+                OPENSSL_free(c->cipher_data);
+#ifndef OPENSSL_NO_ENGINE
+        if (c->engine)
+                /* The EVP_CIPHER we used belongs to an ENGINE, release the
+                 * functional reference we held for this reason. */
+                ENGINE_finish(c->engine);
+#endif
+        memset(c,0,sizeof(EVP_CIPHER_CTX));
+        return 1;
+        }
 int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen)
        {
        if(c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH) 
@@ -378,6 +536,27 @@ int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad)
        return 1;
        }
+int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
+{
+        int ret;
+        if(!ctx->cipher) {
+                EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET);
+                return 0;
+        }
+        if(!ctx->cipher->ctrl) {
+                EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED);
+                return 0;
+        }
+        ret = ctx->cipher->ctrl(ctx, type, arg, ptr);
+        if(ret == -1) {
+                EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED);
+                return 0;
+        }
+        return ret;
+}
 int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
        {
        if (ctx->cipher->flags & EVP_CIPH_RAND_KEY)
@@ -387,54 +566,38 @@ int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
        return 1;
        }
-#ifndef OPENSSL_NO_ENGINE
+int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
-#ifdef OPENSSL_FIPS
-static int do_evp_enc_engine_full(EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pcipher, ENGINE *impl)
        {
-        if(impl)
+        if ((in == NULL) || (in->cipher == NULL))
                {
-                if (!ENGINE_init(impl))
+                EVPerr(EVP_F_EVP_CIPHER_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED);
-                        {
+                return 0;
-                        EVPerr(EVP_F_DO_EVP_ENC_ENGINE_FULL, EVP_R_INITIALIZATION_ERROR);
-                        return 0;
-                        }
                }
-        else
+#ifndef OPENSSL_NO_ENGINE
-                /* Ask if an ENGINE is reserved for this job */
+        /* Make sure it's safe to copy a cipher context using an ENGINE */
-                impl = ENGINE_get_cipher_engine((*pcipher)->nid);
+        if (in->engine && !ENGINE_init(in->engine))
-        if(impl)
+                {
+                EVPerr(EVP_F_EVP_CIPHER_CTX_COPY,ERR_R_ENGINE_LIB);
+                return 0;
+                }
+#endif
+        EVP_CIPHER_CTX_cleanup(out);
+        memcpy(out,in,sizeof *out);
+        if (in->cipher_data && in->cipher->ctx_size)
                {
-                /* There's an ENGINE for this job ... (apparently) */
+                out->cipher_data=OPENSSL_malloc(in->cipher->ctx_size);
-                const EVP_CIPHER *c = ENGINE_get_cipher(impl, (*pcipher)->nid);
+                if (!out->cipher_data)
-                if(!c)
                        {
-                        /* One positive side-effect of US's export
+                        EVPerr(EVP_F_EVP_CIPHER_CTX_COPY,ERR_R_MALLOC_FAILURE);
-                         * control history, is that we should at least
-                         * be able to avoid using US mispellings of
-                         * "initialisation"? */
-                        EVPerr(EVP_F_DO_EVP_ENC_ENGINE_FULL, EVP_R_INITIALIZATION_ERROR);
                        return 0;
                        }
-                /* We'll use the ENGINE's private cipher definition */
+                memcpy(out->cipher_data,in->cipher_data,in->cipher->ctx_size);
-                *pcipher = c;
-                /* Store the ENGINE functional reference so we know
-                 * 'cipher' came from an ENGINE and we need to release
-                 * it when done. */
-                ctx->engine = impl;
                }
-        else
-                ctx->engine = NULL;
-        return 1;
-        }
-void int_EVP_CIPHER_init_engine_callbacks(void)
+        if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY)
-        {
+                return in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out);
-        int_EVP_CIPHER_set_engine_callbacks(
+        return 1;
-                ENGINE_finish, do_evp_enc_engine_full);
        }
-#endif
-#endif
diff --git a/src/lib/libcrypto/evp/evp_err.c b/src/lib/libcrypto/evp/evp_err.c
index b5b900d4fe..d8bfec0959 100644
--- a/src/lib/libcrypto/evp/evp_err.c
+++ b/src/lib/libcrypto/evp/evp_err.c
@@ -1,6 +1,6 @@
 /* crypto/evp/evp_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -71,46 +71,66 @@
 static ERR_STRING_DATA EVP_str_functs[]=
        {
 {ERR_FUNC(EVP_F_AES_INIT_KEY),  "AES_INIT_KEY"},
-{ERR_FUNC(EVP_F_ALG_MODULE_INIT),       "ALG_MODULE_INIT"},
 {ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY),     "CAMELLIA_INIT_KEY"},
 {ERR_FUNC(EVP_F_D2I_PKEY),      "D2I_PKEY"},
-{ERR_FUNC(EVP_F_DO_EVP_ENC_ENGINE),     "DO_EVP_ENC_ENGINE"},
+{ERR_FUNC(EVP_F_DO_SIGVER_INIT),        "DO_SIGVER_INIT"},
-{ERR_FUNC(EVP_F_DO_EVP_ENC_ENGINE_FULL),        "DO_EVP_ENC_ENGINE_FULL"},
-{ERR_FUNC(EVP_F_DO_EVP_MD_ENGINE),      "DO_EVP_MD_ENGINE"},
-{ERR_FUNC(EVP_F_DO_EVP_MD_ENGINE_FULL), "DO_EVP_MD_ENGINE_FULL"},
 {ERR_FUNC(EVP_F_DSAPKEY2PKCS8), "DSAPKEY2PKCS8"},
 {ERR_FUNC(EVP_F_DSA_PKEY2PKCS8),        "DSA_PKEY2PKCS8"},
 {ERR_FUNC(EVP_F_ECDSA_PKEY2PKCS8),      "ECDSA_PKEY2PKCS8"},
 {ERR_FUNC(EVP_F_ECKEY_PKEY2PKCS8),      "ECKEY_PKEY2PKCS8"},
-{ERR_FUNC(EVP_F_EVP_CIPHERINIT),        "EVP_CipherInit"},
 {ERR_FUNC(EVP_F_EVP_CIPHERINIT_EX),     "EVP_CipherInit_ex"},
+{ERR_FUNC(EVP_F_EVP_CIPHER_CTX_COPY),   "EVP_CIPHER_CTX_copy"},
 {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_CTRL),   "EVP_CIPHER_CTX_ctrl"},
 {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH), "EVP_CIPHER_CTX_set_key_length"},
 {ERR_FUNC(EVP_F_EVP_DECRYPTFINAL_EX),   "EVP_DecryptFinal_ex"},
-{ERR_FUNC(EVP_F_EVP_DIGESTINIT),        "EVP_DigestInit"},
 {ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX),     "EVP_DigestInit_ex"},
 {ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX),   "EVP_EncryptFinal_ex"},
 {ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX),    "EVP_MD_CTX_copy_ex"},
+{ERR_FUNC(EVP_F_EVP_MD_SIZE),   "EVP_MD_SIZE"},
 {ERR_FUNC(EVP_F_EVP_OPENINIT),  "EVP_OpenInit"},
 {ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD),       "EVP_PBE_alg_add"},
+{ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD_TYPE),  "EVP_PBE_alg_add_type"},
 {ERR_FUNC(EVP_F_EVP_PBE_CIPHERINIT),    "EVP_PBE_CipherInit"},
 {ERR_FUNC(EVP_F_EVP_PKCS82PKEY),        "EVP_PKCS82PKEY"},
+{ERR_FUNC(EVP_F_EVP_PKCS82PKEY_BROKEN), "EVP_PKCS82PKEY_BROKEN"},
 {ERR_FUNC(EVP_F_EVP_PKEY2PKCS8_BROKEN), "EVP_PKEY2PKCS8_broken"},
 {ERR_FUNC(EVP_F_EVP_PKEY_COPY_PARAMETERS),      "EVP_PKEY_copy_parameters"},
+{ERR_FUNC(EVP_F_EVP_PKEY_CTX_CTRL),     "EVP_PKEY_CTX_ctrl"},
+{ERR_FUNC(EVP_F_EVP_PKEY_CTX_CTRL_STR), "EVP_PKEY_CTX_ctrl_str"},
+{ERR_FUNC(EVP_F_EVP_PKEY_CTX_DUP),      "EVP_PKEY_CTX_dup"},
 {ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT),      "EVP_PKEY_decrypt"},
+{ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT_INIT), "EVP_PKEY_decrypt_init"},
+{ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT_OLD),  "EVP_PKEY_decrypt_old"},
+{ERR_FUNC(EVP_F_EVP_PKEY_DERIVE),       "EVP_PKEY_derive"},
+{ERR_FUNC(EVP_F_EVP_PKEY_DERIVE_INIT),  "EVP_PKEY_derive_init"},
+{ERR_FUNC(EVP_F_EVP_PKEY_DERIVE_SET_PEER),      "EVP_PKEY_derive_set_peer"},
 {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT),      "EVP_PKEY_encrypt"},
+{ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT_INIT), "EVP_PKEY_encrypt_init"},
+{ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT_OLD),  "EVP_PKEY_encrypt_old"},
 {ERR_FUNC(EVP_F_EVP_PKEY_GET1_DH),      "EVP_PKEY_get1_DH"},
 {ERR_FUNC(EVP_F_EVP_PKEY_GET1_DSA),     "EVP_PKEY_get1_DSA"},
 {ERR_FUNC(EVP_F_EVP_PKEY_GET1_ECDSA),   "EVP_PKEY_GET1_ECDSA"},
 {ERR_FUNC(EVP_F_EVP_PKEY_GET1_EC_KEY),  "EVP_PKEY_get1_EC_KEY"},
 {ERR_FUNC(EVP_F_EVP_PKEY_GET1_RSA),     "EVP_PKEY_get1_RSA"},
+{ERR_FUNC(EVP_F_EVP_PKEY_KEYGEN),       "EVP_PKEY_keygen"},
+{ERR_FUNC(EVP_F_EVP_PKEY_KEYGEN_INIT),  "EVP_PKEY_keygen_init"},
 {ERR_FUNC(EVP_F_EVP_PKEY_NEW),  "EVP_PKEY_new"},
+{ERR_FUNC(EVP_F_EVP_PKEY_PARAMGEN),     "EVP_PKEY_paramgen"},
+{ERR_FUNC(EVP_F_EVP_PKEY_PARAMGEN_INIT),        "EVP_PKEY_paramgen_init"},
+{ERR_FUNC(EVP_F_EVP_PKEY_SIGN), "EVP_PKEY_sign"},
+{ERR_FUNC(EVP_F_EVP_PKEY_SIGN_INIT),    "EVP_PKEY_sign_init"},
+{ERR_FUNC(EVP_F_EVP_PKEY_VERIFY),       "EVP_PKEY_verify"},
+{ERR_FUNC(EVP_F_EVP_PKEY_VERIFY_INIT),  "EVP_PKEY_verify_init"},
+{ERR_FUNC(EVP_F_EVP_PKEY_VERIFY_RECOVER),       "EVP_PKEY_verify_recover"},
+{ERR_FUNC(EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT),  "EVP_PKEY_verify_recover_init"},
 {ERR_FUNC(EVP_F_EVP_RIJNDAEL),  "EVP_RIJNDAEL"},
 {ERR_FUNC(EVP_F_EVP_SIGNFINAL), "EVP_SignFinal"},
 {ERR_FUNC(EVP_F_EVP_VERIFYFINAL),       "EVP_VerifyFinal"},
+{ERR_FUNC(EVP_F_INT_CTX_NEW),   "INT_CTX_NEW"},
 {ERR_FUNC(EVP_F_PKCS5_PBE_KEYIVGEN),    "PKCS5_PBE_keyivgen"},
 {ERR_FUNC(EVP_F_PKCS5_V2_PBE_KEYIVGEN), "PKCS5_v2_PBE_keyivgen"},
 {ERR_FUNC(EVP_F_PKCS8_SET_BROKEN),      "PKCS8_set_broken"},
+{ERR_FUNC(EVP_F_PKEY_SET_TYPE), "PKEY_SET_TYPE"},
 {ERR_FUNC(EVP_F_RC2_MAGIC_TO_METH),     "RC2_MAGIC_TO_METH"},
 {ERR_FUNC(EVP_F_RC5_CTRL),      "RC5_CTRL"},
 {0,NULL}
@@ -125,42 +145,52 @@ static ERR_STRING_DATA EVP_str_reasons[]=
 {ERR_REASON(EVP_R_BAD_KEY_LENGTH)        ,"bad key length"},
 {ERR_REASON(EVP_R_BN_DECODE_ERROR)       ,"bn decode error"},
 {ERR_REASON(EVP_R_BN_PUBKEY_ERROR)       ,"bn pubkey error"},
+{ERR_REASON(EVP_R_BUFFER_TOO_SMALL)      ,"buffer too small"},
 {ERR_REASON(EVP_R_CAMELLIA_KEY_SETUP_FAILED),"camellia key setup failed"},
 {ERR_REASON(EVP_R_CIPHER_PARAMETER_ERROR),"cipher parameter error"},
+{ERR_REASON(EVP_R_COMMAND_NOT_SUPPORTED) ,"command not supported"},
 {ERR_REASON(EVP_R_CTRL_NOT_IMPLEMENTED)  ,"ctrl not implemented"},
 {ERR_REASON(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED),"ctrl operation not implemented"},
 {ERR_REASON(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH),"data not multiple of block length"},
 {ERR_REASON(EVP_R_DECODE_ERROR)          ,"decode error"},
 {ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES)   ,"different key types"},
-{ERR_REASON(EVP_R_DISABLED_FOR_FIPS)     ,"disabled for fips"},
+{ERR_REASON(EVP_R_DIFFERENT_PARAMETERS)  ,"different parameters"},
 {ERR_REASON(EVP_R_ENCODE_ERROR)          ,"encode error"},
-{ERR_REASON(EVP_R_ERROR_LOADING_SECTION) ,"error loading section"},
-{ERR_REASON(EVP_R_ERROR_SETTING_FIPS_MODE),"error setting fips mode"},
 {ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"},
 {ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY)  ,"expecting an rsa key"},
 {ERR_REASON(EVP_R_EXPECTING_A_DH_KEY)    ,"expecting a dh key"},
 {ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY)   ,"expecting a dsa key"},
 {ERR_REASON(EVP_R_EXPECTING_A_ECDSA_KEY) ,"expecting a ecdsa key"},
 {ERR_REASON(EVP_R_EXPECTING_A_EC_KEY)    ,"expecting a ec key"},
-{ERR_REASON(EVP_R_FIPS_MODE_NOT_SUPPORTED),"fips mode not supported"},
 {ERR_REASON(EVP_R_INITIALIZATION_ERROR)  ,"initialization error"},
 {ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED) ,"input not initialized"},
-{ERR_REASON(EVP_R_INVALID_FIPS_MODE)     ,"invalid fips mode"},
+{ERR_REASON(EVP_R_INVALID_DIGEST)        ,"invalid digest"},
 {ERR_REASON(EVP_R_INVALID_KEY_LENGTH)    ,"invalid key length"},
+{ERR_REASON(EVP_R_INVALID_OPERATION)     ,"invalid operation"},
 {ERR_REASON(EVP_R_IV_TOO_LARGE)          ,"iv too large"},
 {ERR_REASON(EVP_R_KEYGEN_FAILURE)        ,"keygen failure"},
+{ERR_REASON(EVP_R_MESSAGE_DIGEST_IS_NULL),"message digest is null"},
+{ERR_REASON(EVP_R_METHOD_NOT_SUPPORTED)  ,"method not supported"},
 {ERR_REASON(EVP_R_MISSING_PARAMETERS)    ,"missing parameters"},
 {ERR_REASON(EVP_R_NO_CIPHER_SET)         ,"no cipher set"},
+{ERR_REASON(EVP_R_NO_DEFAULT_DIGEST)     ,"no default digest"},
 {ERR_REASON(EVP_R_NO_DIGEST_SET)         ,"no digest set"},
 {ERR_REASON(EVP_R_NO_DSA_PARAMETERS)     ,"no dsa parameters"},
+{ERR_REASON(EVP_R_NO_KEY_SET)            ,"no key set"},
+{ERR_REASON(EVP_R_NO_OPERATION_SET)      ,"no operation set"},
 {ERR_REASON(EVP_R_NO_SIGN_FUNCTION_CONFIGURED),"no sign function configured"},
 {ERR_REASON(EVP_R_NO_VERIFY_FUNCTION_CONFIGURED),"no verify function configured"},
+{ERR_REASON(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),"operation not supported for this keytype"},
+{ERR_REASON(EVP_R_OPERATON_NOT_INITIALIZED),"operaton not initialized"},
 {ERR_REASON(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE),"pkcs8 unknown broken type"},
+{ERR_REASON(EVP_R_PRIVATE_KEY_DECODE_ERROR),"private key decode error"},
+{ERR_REASON(EVP_R_PRIVATE_KEY_ENCODE_ERROR),"private key encode error"},
 {ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA)    ,"public key not rsa"},
-{ERR_REASON(EVP_R_SEED_KEY_SETUP_FAILED) ,"seed key setup failed"},
+{ERR_REASON(EVP_R_UNKNOWN_CIPHER)        ,"unknown cipher"},
-{ERR_REASON(EVP_R_UNKNOWN_OPTION)        ,"unknown option"},
+{ERR_REASON(EVP_R_UNKNOWN_DIGEST)        ,"unknown digest"},
 {ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM) ,"unknown pbe algorithm"},
 {ERR_REASON(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS),"unsuported number of rounds"},
+{ERR_REASON(EVP_R_UNSUPPORTED_ALGORITHM) ,"unsupported algorithm"},
 {ERR_REASON(EVP_R_UNSUPPORTED_CIPHER)    ,"unsupported cipher"},
 {ERR_REASON(EVP_R_UNSUPPORTED_KEYLENGTH) ,"unsupported keylength"},
 {ERR_REASON(EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION),"unsupported key derivation function"},
diff --git a/src/lib/libcrypto/evp/evp_key.c b/src/lib/libcrypto/evp/evp_key.c
index 361ea69ab6..839d6a3a16 100644
--- a/src/lib/libcrypto/evp/evp_key.c
+++ b/src/lib/libcrypto/evp/evp_key.c
@@ -90,6 +90,11 @@ char *EVP_get_pw_prompt(void)
 * this function will fail */
 int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify)
        {
+        return EVP_read_pw_string_min(buf, 0, len, prompt, verify);
+        }
+int EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt, int verify)
+        {
        int ret;
        char buff[BUFSIZ];
        UI *ui;
@@ -97,10 +102,10 @@ int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify)
        if ((prompt == NULL) && (prompt_string[0] != '\0'))
                prompt=prompt_string;
        ui = UI_new();
-        UI_add_input_string(ui,prompt,0,buf,0,(len>=BUFSIZ)?BUFSIZ-1:len);
+        UI_add_input_string(ui,prompt,0,buf,min,(len>=BUFSIZ)?BUFSIZ-1:len);
        if (verify)
                UI_add_verify_string(ui,prompt,0,
-                        buff,0,(len>=BUFSIZ)?BUFSIZ-1:len,buf);
+                        buff,min,(len>=BUFSIZ)?BUFSIZ-1:len,buf);
        ret = UI_process(ui);
        UI_free(ui);
        OPENSSL_cleanse(buff,BUFSIZ);
diff --git a/src/lib/libcrypto/evp/evp_lib.c b/src/lib/libcrypto/evp/evp_lib.c
index 174cf6c594..40951a04f0 100644
--- a/src/lib/libcrypto/evp/evp_lib.c
+++ b/src/lib/libcrypto/evp/evp_lib.c
@@ -67,8 +67,6 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
        if (c->cipher->set_asn1_parameters != NULL)
                ret=c->cipher->set_asn1_parameters(c,type);
-        else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1)
-                ret=EVP_CIPHER_set_asn1_iv(c, type);
        else
                ret=-1;
        return(ret);
@@ -80,8 +78,6 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
        if (c->cipher->get_asn1_parameters != NULL)
                ret=c->cipher->get_asn1_parameters(c,type);
-        else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1)
-                ret=EVP_CIPHER_get_asn1_iv(c, type);
        else
                ret=-1;
        return(ret);
@@ -163,6 +159,12 @@ int EVP_CIPHER_type(const EVP_CIPHER *ctx)
                return NID_des_cfb64;
+                case NID_des_ede3_cfb64:
+                case NID_des_ede3_cfb8:
+                case NID_des_ede3_cfb1:
+                return NID_des_cfb64;
                default:
                /* Check it has an OID and it is valid */
                otmp = OBJ_nid2obj(nid);
@@ -182,6 +184,11 @@ int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx)
        return ctx->cipher->block_size;
        }
+int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl)
+        {
+        return ctx->cipher->do_cipher(ctx,out,in,inl);
+        }
 const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx)
        {
        return ctx->cipher;
@@ -192,6 +199,11 @@ unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher)
        return cipher->flags;
        }
+unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx)
+        {
+        return ctx->cipher->flags;
+        }
 void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx)
        {
        return ctx->app_data;
@@ -207,6 +219,11 @@ int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher)
        return cipher->iv_len;
        }
+int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx)
+        {
+        return ctx->cipher->iv_len;
+        }
 int EVP_CIPHER_key_length(const EVP_CIPHER *cipher)
        {
        return cipher->key_len;
@@ -217,6 +234,11 @@ int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx)
        return ctx->key_len;
        }
+int EVP_CIPHER_nid(const EVP_CIPHER *cipher)
+        {
+        return cipher->nid;
+        }
 int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx)
        {
        return ctx->cipher->nid;
@@ -239,11 +261,23 @@ int EVP_MD_pkey_type(const EVP_MD *md)
 int EVP_MD_size(const EVP_MD *md)
        {
+        if (!md)
+                {
+                EVPerr(EVP_F_EVP_MD_SIZE, EVP_R_MESSAGE_DIGEST_IS_NULL);
+                return -1;
+                }
        return md->md_size;
        }
-const EVP_MD * EVP_MD_CTX_md(const EVP_MD_CTX *ctx)
+unsigned long EVP_MD_flags(const EVP_MD *md)
+        {
+        return md->flags;
+        }
+const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx)
        {
+        if (!ctx)
+                return NULL;
        return ctx->digest;
        }
diff --git a/src/lib/libcrypto/evp/evp_locl.h b/src/lib/libcrypto/evp/evp_locl.h
index eabcc96f30..292d74c188 100644
--- a/src/lib/libcrypto/evp/evp_locl.h
+++ b/src/lib/libcrypto/evp/evp_locl.h
@@ -61,38 +61,66 @@
 /* Wrapper functions for each cipher mode */
 #define BLOCK_CIPHER_ecb_loop() \
-        unsigned int i, bl; \
+        size_t i, bl; \
        bl = ctx->cipher->block_size;\
        if(inl < bl) return 1;\
        inl -= bl; \
        for(i=0; i <= inl; i+=bl) 
 #define BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \
-static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \
+static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
 {\
        BLOCK_CIPHER_ecb_loop() \
                cprefix##_ecb_encrypt(in + i, out + i, &((kstruct *)ctx->cipher_data)->ksched, ctx->encrypt);\
        return 1;\
 }
+#define EVP_MAXCHUNK ((size_t)1<<(sizeof(long)*8-2))
 #define BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) \
-static int cname##_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \
+static int cname##_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
 {\
-        cprefix##_ofb##cbits##_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num);\
+        while(inl>=EVP_MAXCHUNK)\
+            {\
+            cprefix##_ofb##cbits##_encrypt(in, out, (long)EVP_MAXCHUNK, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num);\
+            inl-=EVP_MAXCHUNK;\
+            in +=EVP_MAXCHUNK;\
+            out+=EVP_MAXCHUNK;\
+            }\
+        if (inl)\
+            cprefix##_ofb##cbits##_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num);\
        return 1;\
 }
 #define BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \
-static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \
+static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
 {\
-        cprefix##_cbc_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, ctx->encrypt);\
+        while(inl>=EVP_MAXCHUNK) \
+            {\
+            cprefix##_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, ctx->encrypt);\
+            inl-=EVP_MAXCHUNK;\
+            in +=EVP_MAXCHUNK;\
+            out+=EVP_MAXCHUNK;\
+            }\
+        if (inl)\
+            cprefix##_cbc_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, ctx->encrypt);\
        return 1;\
 }
 #define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \
-static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \
+static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
 {\
-        cprefix##_cfb##cbits##_encrypt(in, out, (long)((cbits==1) && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) ?inl*8:inl), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\
+        size_t chunk=EVP_MAXCHUNK;\
+        if (cbits==1)  chunk>>=3;\
+        if (inl<chunk) chunk=inl;\
+        while(inl && inl>=chunk)\
+            {\
+            cprefix##_cfb##cbits##_encrypt(in, out, (long)((cbits==1) && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) ?inl*8:inl), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\
+            inl-=chunk;\
+            in +=chunk;\
+            out+=chunk;\
+            if(inl<chunk) chunk=inl;\
+            }\
        return 1;\
 }
@@ -139,10 +167,10 @@ BLOCK_CIPHER_def1(cname, ofb##cbits, ofb, OFB, kstruct, nid, 1, \
                  get_asn1, ctrl)
 #define BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, \
-                             iv_len, flags, init_key, cleanup, set_asn1, \
+                             flags, init_key, cleanup, set_asn1, \
                             get_asn1, ctrl) \
 BLOCK_CIPHER_def1(cname, ecb, ecb, ECB, kstruct, nid, block_size, key_len, \
-                  iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl)
+                  0, flags, init_key, cleanup, set_asn1, get_asn1, ctrl)
 #define BLOCK_CIPHER_defs(cname, kstruct, \
                          nid, block_size, key_len, iv_len, cbits, flags, \
@@ -153,7 +181,7 @@ BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, iv_len, cbits, \
                     flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \
 BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, iv_len, cbits, \
                     flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \
-BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, iv_len, flags, \
+BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, flags, \
                     init_key, cleanup, set_asn1, get_asn1, ctrl)
@@ -226,27 +254,92 @@ const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; }
 #define EVP_C_DATA(kstruct, ctx)        ((kstruct *)(ctx)->cipher_data)
-#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len,fl) \
+#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len) \
        BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \
        BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \
                             NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \
-                             (fl)|EVP_CIPH_FLAG_DEFAULT_ASN1, \
+                             0, cipher##_init_key, NULL, \
-                             cipher##_init_key, NULL, NULL, NULL, NULL)
+                             EVP_CIPHER_set_asn1_iv, \
+                             EVP_CIPHER_get_asn1_iv, \
-#ifdef OPENSSL_FIPS
+                             NULL)
-#define RC2_set_key     private_RC2_set_key
-#define RC4_set_key     private_RC4_set_key
+struct evp_pkey_ctx_st
-#define CAST_set_key    private_CAST_set_key
+        {
-#define RC5_32_set_key  private_RC5_32_set_key
+        /* Method associated with this operation */
-#define BF_set_key      private_BF_set_key
+        const EVP_PKEY_METHOD *pmeth;
-#define Camellia_set_key private_Camellia_set_key
+        /* Engine that implements this method or NULL if builtin */
-#define idea_set_encrypt_key private_idea_set_encrypt_key
+        ENGINE *engine;
+        /* Key: may be NULL */
-#define MD5_Init        private_MD5_Init
+        EVP_PKEY *pkey;
-#define MD4_Init        private_MD4_Init
+        /* Peer key for key agreement, may be NULL */
-#define MD2_Init        private_MD2_Init
+        EVP_PKEY *peerkey;
-#define MDC2_Init       private_MDC2_Init
+        /* Actual operation */
-#define SHA_Init        private_SHA_Init
+        int operation;
+        /* Algorithm specific data */
-#endif
+        void *data;
+        /* Application specific data */
+        void *app_data;
+        /* Keygen callback */
+        EVP_PKEY_gen_cb *pkey_gencb;
+        /* implementation specific keygen data */
+        int *keygen_info;
+        int keygen_info_count;
+        } /* EVP_PKEY_CTX */;
+#define EVP_PKEY_FLAG_DYNAMIC   1
+struct evp_pkey_method_st
+        {
+        int pkey_id;
+        int flags;
+        int (*init)(EVP_PKEY_CTX *ctx);
+        int (*copy)(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src);
+        void (*cleanup)(EVP_PKEY_CTX *ctx);
+        int (*paramgen_init)(EVP_PKEY_CTX *ctx);
+        int (*paramgen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);
+        int (*keygen_init)(EVP_PKEY_CTX *ctx);
+        int (*keygen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);
+        int (*sign_init)(EVP_PKEY_CTX *ctx);
+        int (*sign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+                                const unsigned char *tbs, size_t tbslen);
+        int (*verify_init)(EVP_PKEY_CTX *ctx);
+        int (*verify)(EVP_PKEY_CTX *ctx,
+                                const unsigned char *sig, size_t siglen,
+                                const unsigned char *tbs, size_t tbslen);
+        int (*verify_recover_init)(EVP_PKEY_CTX *ctx);
+        int (*verify_recover)(EVP_PKEY_CTX *ctx,
+                                unsigned char *rout, size_t *routlen,
+                                const unsigned char *sig, size_t siglen);
+        int (*signctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx);
+        int (*signctx)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+                                        EVP_MD_CTX *mctx);
+        int (*verifyctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx);
+        int (*verifyctx)(EVP_PKEY_CTX *ctx, const unsigned char *sig,int siglen,
+                                        EVP_MD_CTX *mctx);
+        int (*encrypt_init)(EVP_PKEY_CTX *ctx);
+        int (*encrypt)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
+                                        const unsigned char *in, size_t inlen);
+        int (*decrypt_init)(EVP_PKEY_CTX *ctx);
+        int (*decrypt)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
+                                        const unsigned char *in, size_t inlen);
+        int (*derive_init)(EVP_PKEY_CTX *ctx);
+        int (*derive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
+        int (*ctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
+        int (*ctrl_str)(EVP_PKEY_CTX *ctx, const char *type, const char *value);
+        } /* EVP_PKEY_METHOD */;
+void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx);
diff --git a/src/lib/libcrypto/evp/evp_pbe.c b/src/lib/libcrypto/evp/evp_pbe.c
index 5e830be65f..c9d932d205 100644
--- a/src/lib/libcrypto/evp/evp_pbe.c
+++ b/src/lib/libcrypto/evp/evp_pbe.c
@@ -3,7 +3,7 @@
 * project 1999.
 */
 /* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -59,79 +59,253 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/evp.h>
+#include <openssl/pkcs12.h>
 #include <openssl/x509.h>
 /* Password based encryption (PBE) functions */
-static STACK *pbe_algs;
+DECLARE_STACK_OF(EVP_PBE_CTL)
+static STACK_OF(EVP_PBE_CTL) *pbe_algs;
 /* Setup a cipher context from a PBE algorithm */
-typedef struct {
+typedef struct
-int pbe_nid;
+        {
-const EVP_CIPHER *cipher;
+        int pbe_type;
-const EVP_MD *md;
+        int pbe_nid;
-EVP_PBE_KEYGEN *keygen;
+        int cipher_nid;
-} EVP_PBE_CTL;
+        int md_nid;
+        EVP_PBE_KEYGEN *keygen;
+        } EVP_PBE_CTL;
-int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
+static const EVP_PBE_CTL builtin_pbe[] = 
-             ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de)
+        {
-{
+        {EVP_PBE_TYPE_OUTER, NID_pbeWithMD2AndDES_CBC,
+                        NID_des_cbc, NID_md2, PKCS5_PBE_keyivgen},
+        {EVP_PBE_TYPE_OUTER, NID_pbeWithMD5AndDES_CBC,
+                        NID_des_cbc, NID_md5, PKCS5_PBE_keyivgen},
+        {EVP_PBE_TYPE_OUTER, NID_pbeWithSHA1AndRC2_CBC,
+                        NID_rc2_64_cbc, NID_sha1, PKCS5_PBE_keyivgen},
-        EVP_PBE_CTL *pbetmp, pbelu;
+        {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And128BitRC4,
-        int i;
+                        NID_rc4, NID_sha1, PKCS12_PBE_keyivgen},
-        pbelu.pbe_nid = OBJ_obj2nid(pbe_obj);
+        {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And40BitRC4,
-        if (pbelu.pbe_nid != NID_undef) i = sk_find(pbe_algs, (char *)&pbelu);
+                        NID_rc4_40, NID_sha1, PKCS12_PBE_keyivgen},
-        else i = -1;
+        {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
+                        NID_des_ede3_cbc, NID_sha1, PKCS12_PBE_keyivgen},
+        {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And2_Key_TripleDES_CBC, 
+                        NID_des_ede_cbc, NID_sha1, PKCS12_PBE_keyivgen},
+        {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And128BitRC2_CBC,
+                        NID_rc2_cbc, NID_sha1, PKCS12_PBE_keyivgen},
+        {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And40BitRC2_CBC,
+                        NID_rc2_40_cbc, NID_sha1, PKCS12_PBE_keyivgen},
+#ifndef OPENSSL_NO_HMAC
+        {EVP_PBE_TYPE_OUTER, NID_pbes2, -1, -1, PKCS5_v2_PBE_keyivgen},
+#endif
+        {EVP_PBE_TYPE_OUTER, NID_pbeWithMD2AndRC2_CBC,
+                        NID_rc2_64_cbc, NID_md2, PKCS5_PBE_keyivgen},
+        {EVP_PBE_TYPE_OUTER, NID_pbeWithMD5AndRC2_CBC,
+                        NID_rc2_64_cbc, NID_md5, PKCS5_PBE_keyivgen},
+        {EVP_PBE_TYPE_OUTER, NID_pbeWithSHA1AndDES_CBC,
+                        NID_des_cbc, NID_sha1, PKCS5_PBE_keyivgen},
+        {EVP_PBE_TYPE_PRF, NID_hmacWithSHA1, -1, NID_sha1, 0},
+        {EVP_PBE_TYPE_PRF, NID_hmacWithMD5, -1, NID_md5, 0},
+        {EVP_PBE_TYPE_PRF, NID_hmacWithSHA224, -1, NID_sha224, 0},
+        {EVP_PBE_TYPE_PRF, NID_hmacWithSHA256, -1, NID_sha256, 0},
+        {EVP_PBE_TYPE_PRF, NID_hmacWithSHA384, -1, NID_sha384, 0},
+        {EVP_PBE_TYPE_PRF, NID_hmacWithSHA512, -1, NID_sha512, 0},
+        {EVP_PBE_TYPE_PRF, NID_id_HMACGostR3411_94, -1, NID_id_GostR3411_94, 0},
+        };
+#ifdef TEST
+int main(int argc, char **argv)
+        {
+        int i, nid_md, nid_cipher;
+        EVP_PBE_CTL *tpbe, *tpbe2;
+        /*OpenSSL_add_all_algorithms();*/
+        for (i = 0; i < sizeof(builtin_pbe)/sizeof(EVP_PBE_CTL); i++)
+                {
+                tpbe = builtin_pbe + i;
+                fprintf(stderr, "%d %d %s ", tpbe->pbe_type, tpbe->pbe_nid,
+                                                OBJ_nid2sn(tpbe->pbe_nid));
+                if (EVP_PBE_find(tpbe->pbe_type, tpbe->pbe_nid,
+                                        &nid_cipher ,&nid_md,0))
+                        fprintf(stderr, "Found %s %s\n",
+                                        OBJ_nid2sn(nid_cipher),
+                                        OBJ_nid2sn(nid_md));
+                else
+                        fprintf(stderr, "Find ERROR!!\n");
+                }
+        return 0;
+        }
+#endif
+                
+int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
+                       ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de)
+        {
+        const EVP_CIPHER *cipher;
+        const EVP_MD *md;
+        int cipher_nid, md_nid;
+        EVP_PBE_KEYGEN *keygen;
-        if (i == -1) {
+        if (!EVP_PBE_find(EVP_PBE_TYPE_OUTER, OBJ_obj2nid(pbe_obj),
+                                        &cipher_nid, &md_nid, &keygen))
+                {
                char obj_tmp[80];
                EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_PBE_ALGORITHM);
                if (!pbe_obj) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp);
                else i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj);
                ERR_add_error_data(2, "TYPE=", obj_tmp);
                return 0;
-        }
+                }
-        if(!pass) passlen = 0;
-        else if (passlen == -1) passlen = strlen(pass);
+        if(!pass)
-        pbetmp = (EVP_PBE_CTL *)sk_value (pbe_algs, i);
+                passlen = 0;
-        i = (*pbetmp->keygen)(ctx, pass, passlen, param, pbetmp->cipher,
+        else if (passlen == -1)
-                                                 pbetmp->md, en_de);
+                passlen = strlen(pass);
-        if (!i) {
+        if (cipher_nid == -1)
+                cipher = NULL;
+        else
+                {
+                cipher = EVP_get_cipherbynid(cipher_nid);
+                if (!cipher)
+                        {
+                        EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_CIPHER);
+                        return 0;
+                        }
+                }
+        if (md_nid == -1)
+                md = NULL;
+        else
+                {
+                md = EVP_get_digestbynid(md_nid);
+                if (!md)
+                        {
+                        EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_DIGEST);
+                        return 0;
+                        }
+                }
+        if (!keygen(ctx, pass, passlen, param, cipher, md, en_de))
+                {
                EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_KEYGEN_FAILURE);
                return 0;
-        }
+                }
        return 1;       
 }
-static int pbe_cmp(const char * const *a, const char * const *b)
+DECLARE_OBJ_BSEARCH_CMP_FN(EVP_PBE_CTL, EVP_PBE_CTL, pbe2);
-{
-        const EVP_PBE_CTL * const *pbe1 = (const EVP_PBE_CTL * const *) a,
+static int pbe2_cmp(const EVP_PBE_CTL *pbe1, const EVP_PBE_CTL *pbe2)
-                        * const *pbe2 = (const EVP_PBE_CTL * const *)b;
+        {
-        return ((*pbe1)->pbe_nid - (*pbe2)->pbe_nid);
+        int ret = pbe1->pbe_type - pbe2->pbe_type;
-}
+        if (ret)
+                return ret;
+        else
+                return pbe1->pbe_nid - pbe2->pbe_nid;
+        }
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(EVP_PBE_CTL, EVP_PBE_CTL, pbe2);
+static int pbe_cmp(const EVP_PBE_CTL * const *a, const EVP_PBE_CTL * const *b)
+        {
+        int ret = (*a)->pbe_type - (*b)->pbe_type;
+        if (ret)
+                return ret;
+        else
+                return (*a)->pbe_nid - (*b)->pbe_nid;
+        }
 /* Add a PBE algorithm */
-int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md,
+int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, int md_nid,
-             EVP_PBE_KEYGEN *keygen)
+                         EVP_PBE_KEYGEN *keygen)
-{
+        {
        EVP_PBE_CTL *pbe_tmp;
-        if (!pbe_algs) pbe_algs = sk_new(pbe_cmp);
+        if (!pbe_algs)
-        if (!(pbe_tmp = (EVP_PBE_CTL*) OPENSSL_malloc (sizeof(EVP_PBE_CTL)))) {
+                pbe_algs = sk_EVP_PBE_CTL_new(pbe_cmp);
-                EVPerr(EVP_F_EVP_PBE_ALG_ADD,ERR_R_MALLOC_FAILURE);
+        if (!(pbe_tmp = (EVP_PBE_CTL*) OPENSSL_malloc (sizeof(EVP_PBE_CTL))))
+                {
+                EVPerr(EVP_F_EVP_PBE_ALG_ADD_TYPE,ERR_R_MALLOC_FAILURE);
                return 0;
-        }
+                }
-        pbe_tmp->pbe_nid = nid;
+        pbe_tmp->pbe_type = pbe_type;
-        pbe_tmp->cipher = cipher;
+        pbe_tmp->pbe_nid = pbe_nid;
-        pbe_tmp->md = md;
+        pbe_tmp->cipher_nid = cipher_nid;
+        pbe_tmp->md_nid = md_nid;
        pbe_tmp->keygen = keygen;
-        sk_push (pbe_algs, (char *)pbe_tmp);
+        sk_EVP_PBE_CTL_push (pbe_algs, pbe_tmp);
        return 1;
-}
+        }
+int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md,
+                    EVP_PBE_KEYGEN *keygen)
+        {
+        int cipher_nid, md_nid;
+        if (cipher)
+                cipher_nid = EVP_CIPHER_type(cipher);
+        else
+                cipher_nid = -1;
+        if (md)
+                md_nid = EVP_MD_type(md);
+        else
+                md_nid = -1;
+        return EVP_PBE_alg_add_type(EVP_PBE_TYPE_OUTER, nid,
+                                        cipher_nid, md_nid, keygen);
+        }
+int EVP_PBE_find(int type, int pbe_nid,
+                 int *pcnid, int *pmnid, EVP_PBE_KEYGEN **pkeygen)
+        {
+        EVP_PBE_CTL *pbetmp = NULL, pbelu;
+        int i;
+        if (pbe_nid == NID_undef)
+                return 0;
+        pbelu.pbe_type = type;
+        pbelu.pbe_nid = pbe_nid;
+        if (pbe_algs)
+                {
+                i = sk_EVP_PBE_CTL_find(pbe_algs, &pbelu);
+                if (i != -1)
+                        pbetmp = sk_EVP_PBE_CTL_value (pbe_algs, i);
+                }
+        if (pbetmp == NULL)
+                {
+                pbetmp = OBJ_bsearch_pbe2(&pbelu, builtin_pbe,
+                                     sizeof(builtin_pbe)/sizeof(EVP_PBE_CTL));
+                }
+        if (pbetmp == NULL)
+                return 0;
+        if (pcnid)
+                *pcnid = pbetmp->cipher_nid;
+        if (pmnid)
+                *pmnid = pbetmp->md_nid;
+        if (pkeygen)
+                *pkeygen = pbetmp->keygen;
+        return 1;
+        }
+static void free_evp_pbe_ctl(EVP_PBE_CTL *pbe)
+         {
+         OPENSSL_freeFunc(pbe);
+         }
 void EVP_PBE_cleanup(void)
-{
+        {
-        sk_pop_free(pbe_algs, OPENSSL_freeFunc);
+        sk_EVP_PBE_CTL_pop_free(pbe_algs, free_evp_pbe_ctl);
        pbe_algs = NULL;
-}
+        }
diff --git a/src/lib/libcrypto/evp/evp_pkey.c b/src/lib/libcrypto/evp/evp_pkey.c
index 10d9e9e772..ceebf69284 100644
--- a/src/lib/libcrypto/evp/evp_pkey.c
+++ b/src/lib/libcrypto/evp/evp_pkey.c
@@ -3,7 +3,7 @@
 * project 1999.
 */
 /* ====================================================================
- * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -61,287 +61,52 @@
 #include "cryptlib.h"
 #include <openssl/x509.h>
 #include <openssl/rand.h>
-#ifndef OPENSSL_NO_RSA
+#include "asn1_locl.h"
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#include <openssl/bn.h>
-#ifndef OPENSSL_NO_DSA
-static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey);
-#endif
-#ifndef OPENSSL_NO_EC
-static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey);
-#endif
 /* Extract a private key from a PKCS8 structure */
 EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8)
 {
        EVP_PKEY *pkey = NULL;
-#ifndef OPENSSL_NO_RSA
+        ASN1_OBJECT *algoid;
-        RSA *rsa = NULL;
-#endif
-#ifndef OPENSSL_NO_DSA
-        DSA *dsa = NULL;
-        ASN1_TYPE *t1, *t2;
-        ASN1_INTEGER *privkey;
-        STACK_OF(ASN1_TYPE) *ndsa = NULL;
-#endif
-#ifndef OPENSSL_NO_EC
-        EC_KEY *eckey = NULL;
-        const unsigned char *p_tmp;
-#endif
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
-        ASN1_TYPE    *param = NULL;     
-        BN_CTX *ctx = NULL;
-        int plen;
-#endif
-        X509_ALGOR *a;
-        const unsigned char *p;
-        const unsigned char *cp;
-        int pkeylen;
-        int  nid;
        char obj_tmp[80];
-        if(p8->pkey->type == V_ASN1_OCTET_STRING) {
+        if (!PKCS8_pkey_get0(&algoid, NULL, NULL, NULL, p8))
-                p8->broken = PKCS8_OK;
+                return NULL;
-                p = p8->pkey->value.octet_string->data;
-                pkeylen = p8->pkey->value.octet_string->length;
-        } else {
-                p8->broken = PKCS8_NO_OCTET;
-                p = p8->pkey->value.sequence->data;
-                pkeylen = p8->pkey->value.sequence->length;
-        }
        if (!(pkey = EVP_PKEY_new())) {
                EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
                return NULL;
        }
-        a = p8->pkeyalg;
-        nid = OBJ_obj2nid(a->algorithm);
-        switch(nid)
-        {
-#ifndef OPENSSL_NO_RSA
-                case NID_rsaEncryption:
-                cp = p;
-                if (!(rsa = d2i_RSAPrivateKey (NULL,&cp, pkeylen))) {
-                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-                        return NULL;
-                }
-                EVP_PKEY_assign_RSA (pkey, rsa);
-                break;
-#endif
-#ifndef OPENSSL_NO_DSA
-                case NID_dsa:
-                /* PKCS#8 DSA is weird: you just get a private key integer
-                 * and parameters in the AlgorithmIdentifier the pubkey must
-                 * be recalculated.
-                 */
-        
-                /* Check for broken DSA PKCS#8, UGH! */
-                if(*p == (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED)) {
-                    if(!(ndsa = ASN1_seq_unpack_ASN1_TYPE(p, pkeylen, 
-                                                          d2i_ASN1_TYPE,
-                                                          ASN1_TYPE_free))) {
-                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-                        goto dsaerr;
-                    }
-                    if(sk_ASN1_TYPE_num(ndsa) != 2 ) {
-                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-                        goto dsaerr;
-                    }
-                    /* Handle Two broken types:
-                     * SEQUENCE {parameters, priv_key}
-                     * SEQUENCE {pub_key, priv_key}
-                     */
-                    t1 = sk_ASN1_TYPE_value(ndsa, 0);
-                    t2 = sk_ASN1_TYPE_value(ndsa, 1);
-                    if(t1->type == V_ASN1_SEQUENCE) {
-                        p8->broken = PKCS8_EMBEDDED_PARAM;
-                        param = t1;
-                    } else if(a->parameter->type == V_ASN1_SEQUENCE) {
-                        p8->broken = PKCS8_NS_DB;
-                        param = a->parameter;
-                    } else {
-                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-                        goto dsaerr;
-                    }
-                    if(t2->type != V_ASN1_INTEGER) {
-                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-                        goto dsaerr;
-                    }
-                    privkey = t2->value.integer;
-                } else {
-                        if (!(privkey=d2i_ASN1_INTEGER (NULL, &p, pkeylen))) {
-                                EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-                                goto dsaerr;
-                        }
-                        param = p8->pkeyalg->parameter;
-                }
-                if (!param || (param->type != V_ASN1_SEQUENCE)) {
-                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-                        goto dsaerr;
-                }
-                cp = p = param->value.sequence->data;
-                plen = param->value.sequence->length;
-                if (!(dsa = d2i_DSAparams (NULL, &cp, plen))) {
-                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-                        goto dsaerr;
-                }
-                /* We have parameters now set private key */
-                if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) {
-                        EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_DECODE_ERROR);
-                        goto dsaerr;
-                }
-                /* Calculate public key (ouch!) */
-                if (!(dsa->pub_key = BN_new())) {
-                        EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
-                        goto dsaerr;
-                }
-                if (!(ctx = BN_CTX_new())) {
-                        EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
-                        goto dsaerr;
-                }
-                        
-                if (!BN_mod_exp(dsa->pub_key, dsa->g,
-                                                 dsa->priv_key, dsa->p, ctx)) {
-                        
-                        EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_PUBKEY_ERROR);
-                        goto dsaerr;
-                }
-                EVP_PKEY_assign_DSA(pkey, dsa);
+        if (!EVP_PKEY_set_type(pkey, OBJ_obj2nid(algoid)))
-                BN_CTX_free (ctx);
-                if(ndsa) sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
-                else ASN1_INTEGER_free(privkey);
-                break;
-                dsaerr:
-                BN_CTX_free (ctx);
-                sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
-                DSA_free(dsa);
-                EVP_PKEY_free(pkey);
-                return NULL;
-                break;
-#endif
-#ifndef OPENSSL_NO_EC
-                case NID_X9_62_id_ecPublicKey:
-                p_tmp = p;
-                /* extract the ec parameters */
-                param = p8->pkeyalg->parameter;
-                if (!param || ((param->type != V_ASN1_SEQUENCE) &&
-                    (param->type != V_ASN1_OBJECT)))
                {
-                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
+                EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
-                        goto ecerr;
+                i2t_ASN1_OBJECT(obj_tmp, 80, algoid);
+                ERR_add_error_data(2, "TYPE=", obj_tmp);
+                goto error;
                }
-                if (param->type == V_ASN1_SEQUENCE)
+        if (pkey->ameth->priv_decode)
                {
-                        cp = p = param->value.sequence->data;
+                if (!pkey->ameth->priv_decode(pkey, p8))
-                        plen = param->value.sequence->length;
-                        if (!(eckey = d2i_ECParameters(NULL, &cp, plen)))
                        {
-                                EVPerr(EVP_F_EVP_PKCS82PKEY,
+                        EVPerr(EVP_F_EVP_PKCS82PKEY,
-                                        EVP_R_DECODE_ERROR);
+                                        EVP_R_PRIVATE_KEY_DECODE_ERROR);
-                                goto ecerr;
+                        goto error;
                        }
                }
-                else
+        else
                {
-                        EC_GROUP *group;
+                EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_METHOD_NOT_SUPPORTED);
-                        cp = p = param->value.object->data;
+                goto error;
-                        plen = param->value.object->length;
-                        /* type == V_ASN1_OBJECT => the parameters are given
-                         * by an asn1 OID
-                         */
-                        if ((eckey = EC_KEY_new()) == NULL)
-                        {
-                                EVPerr(EVP_F_EVP_PKCS82PKEY,
-                                        ERR_R_MALLOC_FAILURE);
-                                goto ecerr;
-                        }
-                        group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(a->parameter->value.object));
-                        if (group == NULL)
-                                goto ecerr;
-                        EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
-                        if (EC_KEY_set_group(eckey, group) == 0)
-                                goto ecerr;
-                        EC_GROUP_free(group);
-                }
-                /* We have parameters now set private key */
-                if (!d2i_ECPrivateKey(&eckey, &p_tmp, pkeylen))
-                {
-                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-                        goto ecerr;
-                }
-                /* calculate public key (if necessary) */
-                if (EC_KEY_get0_public_key(eckey) == NULL)
-                {
-                        const BIGNUM *priv_key;
-                        const EC_GROUP *group;
-                        EC_POINT *pub_key;
-                        /* the public key was not included in the SEC1 private
-                         * key => calculate the public key */
-                        group   = EC_KEY_get0_group(eckey);
-                        pub_key = EC_POINT_new(group);
-                        if (pub_key == NULL)
-                        {
-                                EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
-                                goto ecerr;
-                        }
-                        if (!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group)))
-                        {
-                                EC_POINT_free(pub_key);
-                                EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
-                                goto ecerr;
-                        }
-                        priv_key = EC_KEY_get0_private_key(eckey);
-                        if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx))
-                        {
-                                EC_POINT_free(pub_key);
-                                EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
-                                goto ecerr;
-                        }
-                        if (EC_KEY_set_public_key(eckey, pub_key) == 0)
-                        {
-                                EC_POINT_free(pub_key);
-                                EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
-                                goto ecerr;
-                        }
-                        EC_POINT_free(pub_key);
                }
-                EVP_PKEY_assign_EC_KEY(pkey, eckey);
-                if (ctx)
-                        BN_CTX_free(ctx);
-                break;
-ecerr:
-                if (ctx)
-                        BN_CTX_free(ctx);
-                if (eckey)
-                        EC_KEY_free(eckey);
-                if (pkey)
-                        EVP_PKEY_free(pkey);
-                return NULL;
-#endif
-                default:
-                EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
-                if (!a->algorithm) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp);
-                else i2t_ASN1_OBJECT(obj_tmp, 80, a->algorithm);
-                ERR_add_error_data(2, "TYPE=", obj_tmp);
-                EVP_PKEY_free (pkey);
-                return NULL;
-        }
        return pkey;
+        error:
+        EVP_PKEY_free (pkey);
+        return NULL;
 }
 PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey)
@@ -360,59 +125,37 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken)
                return NULL;
        }
        p8->broken = broken;
-        if (!ASN1_INTEGER_set(p8->version, 0)) {
-                EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE);
-                PKCS8_PRIV_KEY_INFO_free (p8);
-                return NULL;
-        }
-        if (!(p8->pkeyalg->parameter = ASN1_TYPE_new ())) {
-                EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE);
-                PKCS8_PRIV_KEY_INFO_free (p8);
-                return NULL;
-        }
-        p8->pkey->type = V_ASN1_OCTET_STRING;
-        switch (EVP_PKEY_type(pkey->type)) {
-#ifndef OPENSSL_NO_RSA
-                case EVP_PKEY_RSA:
-                if(p8->broken == PKCS8_NO_OCTET) p8->pkey->type = V_ASN1_SEQUENCE;
+        if (pkey->ameth)
+                {
-                p8->pkeyalg->algorithm = OBJ_nid2obj(NID_rsaEncryption);
+                if (pkey->ameth->priv_encode)
-                p8->pkeyalg->parameter->type = V_ASN1_NULL;
+                        {
-                if (!ASN1_pack_string_of (EVP_PKEY,pkey, i2d_PrivateKey,
+                        if (!pkey->ameth->priv_encode(p8, pkey))
-                                         &p8->pkey->value.octet_string)) {
+                                {
-                        EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE);
+                                EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,
-                        PKCS8_PRIV_KEY_INFO_free (p8);
+                                        EVP_R_PRIVATE_KEY_ENCODE_ERROR);
-                        return NULL;
+                                goto error;
-                }
+                                }
-                break;
+                        }
-#endif
+                else
-#ifndef OPENSSL_NO_DSA
+                        {
-                case EVP_PKEY_DSA:
+                        EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,
-                if(!dsa_pkey2pkcs8(p8, pkey)) {
+                                        EVP_R_METHOD_NOT_SUPPORTED);
-                        PKCS8_PRIV_KEY_INFO_free (p8);
+                        goto error;
-                        return NULL;
+                        }
                }
+        else
-                break;
-#endif
-#ifndef OPENSSL_NO_EC
-                case EVP_PKEY_EC:
-                if (!eckey_pkey2pkcs8(p8, pkey))
                {
-                        PKCS8_PRIV_KEY_INFO_free(p8);
+                EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,
-                        return(NULL);
+                                EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
+                goto error;
                }
-                break;
-#endif
-                default:
-                EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
-                PKCS8_PRIV_KEY_INFO_free (p8);
-                return NULL;
-        }
        RAND_add(p8->pkey->value.octet_string->data,
                 p8->pkey->value.octet_string->length, 0.0);
        return p8;
+        error:
+        PKCS8_PRIV_KEY_INFO_free(p8);
+        return NULL;
 }
 PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken)
@@ -436,301 +179,6 @@ PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken)
        }
 }
-#ifndef OPENSSL_NO_DSA
-static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
-{
-        ASN1_STRING *params = NULL;
-        ASN1_INTEGER *prkey = NULL;
-        ASN1_TYPE *ttmp = NULL;
-        STACK_OF(ASN1_TYPE) *ndsa = NULL;
-        unsigned char *p = NULL, *q;
-        int len;
-        p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa);
-        len = i2d_DSAparams (pkey->pkey.dsa, NULL);
-        if (!(p = OPENSSL_malloc(len))) {
-                EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-        q = p;
-        i2d_DSAparams (pkey->pkey.dsa, &q);
-        if (!(params = ASN1_STRING_new())) {
-                EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-        if (!ASN1_STRING_set(params, p, len)) {
-                EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-        OPENSSL_free(p);
-        p = NULL;
-        /* Get private key into integer */
-        if (!(prkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) {
-                EVPerr(EVP_F_DSA_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
-                goto err;
-        }
-        switch(p8->broken) {
-                case PKCS8_OK:
-                case PKCS8_NO_OCTET:
-                if (!ASN1_pack_string_of(ASN1_INTEGER,prkey, i2d_ASN1_INTEGER,
-                                         &p8->pkey->value.octet_string)) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                M_ASN1_INTEGER_free (prkey);
-                prkey = NULL;
-                p8->pkeyalg->parameter->value.sequence = params;
-                params = NULL;
-                p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
-                break;
-                case PKCS8_NS_DB:
-                p8->pkeyalg->parameter->value.sequence = params;
-                params = NULL;
-                p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
-                if (!(ndsa = sk_ASN1_TYPE_new_null())) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                if (!(ttmp = ASN1_TYPE_new())) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                if (!(ttmp->value.integer =
-                        BN_to_ASN1_INTEGER(pkey->pkey.dsa->pub_key, NULL))) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
-                        goto err;
-                }
-                ttmp->type = V_ASN1_INTEGER;
-                if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                if (!(ttmp = ASN1_TYPE_new())) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                ttmp->value.integer = prkey;
-                prkey = NULL;
-                ttmp->type = V_ASN1_INTEGER;
-                if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                ttmp = NULL;
-                if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE,
-                                         &p8->pkey->value.octet_string->data,
-                                         &p8->pkey->value.octet_string->length)) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
-                break;
-                case PKCS8_EMBEDDED_PARAM:
-                p8->pkeyalg->parameter->type = V_ASN1_NULL;
-                if (!(ndsa = sk_ASN1_TYPE_new_null())) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                if (!(ttmp = ASN1_TYPE_new())) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                ttmp->value.sequence = params;
-                params = NULL;
-                ttmp->type = V_ASN1_SEQUENCE;
-                if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                if (!(ttmp = ASN1_TYPE_new())) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                ttmp->value.integer = prkey;
-                prkey = NULL;
-                ttmp->type = V_ASN1_INTEGER;
-                if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                ttmp = NULL;
-                if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE,
-                                         &p8->pkey->value.octet_string->data,
-                                         &p8->pkey->value.octet_string->length)) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
-                break;
-        }
-        return 1;
-err:
-        if (p != NULL) OPENSSL_free(p);
-        if (params != NULL) ASN1_STRING_free(params);
-        if (prkey != NULL) M_ASN1_INTEGER_free(prkey);
-        if (ttmp != NULL) ASN1_TYPE_free(ttmp);
-        if (ndsa != NULL) sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
-        return 0;
-}
-#endif
-#ifndef OPENSSL_NO_EC
-static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
-{
-        EC_KEY          *ec_key;
-        const EC_GROUP  *group;
-        unsigned char   *p, *pp;
-        int             nid, i, ret = 0;
-        unsigned int    tmp_flags, old_flags;
-        ec_key = pkey->pkey.ec;
-        if (ec_key == NULL || (group = EC_KEY_get0_group(ec_key)) == NULL) 
-        {
-                EVPerr(EVP_F_ECKEY_PKEY2PKCS8, EVP_R_MISSING_PARAMETERS);
-                return 0;
-        }
-        /* set the ec parameters OID */
-        if (p8->pkeyalg->algorithm)
-                ASN1_OBJECT_free(p8->pkeyalg->algorithm);
-        p8->pkeyalg->algorithm = OBJ_nid2obj(NID_X9_62_id_ecPublicKey);
-        /* set the ec parameters */
-        if (p8->pkeyalg->parameter)
-        {
-                ASN1_TYPE_free(p8->pkeyalg->parameter);
-                p8->pkeyalg->parameter = NULL;
-        }
-        if ((p8->pkeyalg->parameter = ASN1_TYPE_new()) == NULL)
-        {
-                EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
-                return 0;
-        }
-        
-        if (EC_GROUP_get_asn1_flag(group)
-                     && (nid = EC_GROUP_get_curve_name(group)))
-        {
-                /* we have a 'named curve' => just set the OID */
-                p8->pkeyalg->parameter->type = V_ASN1_OBJECT;
-                p8->pkeyalg->parameter->value.object = OBJ_nid2obj(nid);
-        }
-        else    /* explicit parameters */
-        {
-                if ((i = i2d_ECParameters(ec_key, NULL)) == 0)
-                {
-                        EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
-                        return 0;
-                }
-                if ((p = (unsigned char *) OPENSSL_malloc(i)) == NULL)
-                {
-                        EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
-                        return 0;
-                }       
-                pp = p;
-                if (!i2d_ECParameters(ec_key, &pp))
-                {
-                        EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
-                        OPENSSL_free(p);
-                        return 0;
-                }
-                p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
-                if ((p8->pkeyalg->parameter->value.sequence 
-                        = ASN1_STRING_new()) == NULL)
-                {
-                        EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_ASN1_LIB);
-                        OPENSSL_free(p);
-                        return 0;
-                }
-                ASN1_STRING_set(p8->pkeyalg->parameter->value.sequence, p, i);
-                OPENSSL_free(p);
-        }
-        /* set the private key */
-        /* do not include the parameters in the SEC1 private key
-         * see PKCS#11 12.11 */
-        old_flags = EC_KEY_get_enc_flags(pkey->pkey.ec);
-        tmp_flags = old_flags | EC_PKEY_NO_PARAMETERS;
-        EC_KEY_set_enc_flags(pkey->pkey.ec, tmp_flags);
-        i = i2d_ECPrivateKey(pkey->pkey.ec, NULL);
-        if (!i)
-        {
-                EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
-                EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
-                return 0;
-        }
-        p = (unsigned char *) OPENSSL_malloc(i);
-        if (!p)
-        {
-                EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
-                EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
-                return 0;
-        }
-        pp = p;
-        if (!i2d_ECPrivateKey(pkey->pkey.ec, &pp))
-        {
-                EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
-                EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
-                OPENSSL_free(p);
-                return 0;
-        }
-        /* restore old encoding flags */
-        EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
-        switch(p8->broken) {
-                case PKCS8_OK:
-                p8->pkey->value.octet_string = ASN1_OCTET_STRING_new();
-                if (!p8->pkey->value.octet_string ||
-                    !M_ASN1_OCTET_STRING_set(p8->pkey->value.octet_string,
-                    (const void *)p, i))
-                {
-                        EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
-                }
-                else
-                        ret = 1;
-                break;
-                case PKCS8_NO_OCTET:            /* RSA specific */
-                case PKCS8_NS_DB:               /* DSA specific */
-                case PKCS8_EMBEDDED_PARAM:      /* DSA specific */
-                default:
-                        EVPerr(EVP_F_ECKEY_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
-        }
-        OPENSSL_cleanse(p, (size_t)i);
-        OPENSSL_free(p);
-        return ret;
-}
-#endif
 /* EVP_PKEY attribute functions */
 int EVP_PKEY_get_attr_count(const EVP_PKEY *key)
diff --git a/src/lib/libcrypto/evp/m_dss.c b/src/lib/libcrypto/evp/m_dss.c
index 6b0c0aa7a3..48c2689504 100644
--- a/src/lib/libcrypto/evp/m_dss.c
+++ b/src/lib/libcrypto/evp/m_dss.c
@@ -81,7 +81,7 @@ static const EVP_MD dsa_md=
        NID_dsaWithSHA,
        NID_dsaWithSHA,
        SHA_DIGEST_LENGTH,
-        EVP_MD_FLAG_FIPS,
+        EVP_MD_FLAG_PKEY_DIGEST,
        init,
        update,
        final,
diff --git a/src/lib/libcrypto/evp/m_dss1.c b/src/lib/libcrypto/evp/m_dss1.c
index da8babc147..4f03fb70e0 100644
--- a/src/lib/libcrypto/evp/m_dss1.c
+++ b/src/lib/libcrypto/evp/m_dss1.c
@@ -68,8 +68,6 @@
 #include <openssl/dsa.h>
 #endif
-#ifndef OPENSSL_FIPS
 static int init(EVP_MD_CTX *ctx)
        { return SHA1_Init(ctx->md_data); }
@@ -84,7 +82,7 @@ static const EVP_MD dss1_md=
        NID_dsa,
        NID_dsaWithSHA1,
        SHA_DIGEST_LENGTH,
-        0,
+        EVP_MD_FLAG_PKEY_DIGEST,
        init,
        update,
        final,
@@ -100,4 +98,3 @@ const EVP_MD *EVP_dss1(void)
        return(&dss1_md);
        }
 #endif
-#endif
diff --git a/src/lib/libcrypto/evp/m_ecdsa.c b/src/lib/libcrypto/evp/m_ecdsa.c
index fad270faca..8d87a49ebe 100644
--- a/src/lib/libcrypto/evp/m_ecdsa.c
+++ b/src/lib/libcrypto/evp/m_ecdsa.c
@@ -130,7 +130,7 @@ static const EVP_MD ecdsa_md=
        NID_ecdsa_with_SHA1,
        NID_ecdsa_with_SHA1,
        SHA_DIGEST_LENGTH,
-        0,
+        EVP_MD_FLAG_PKEY_DIGEST,
        init,
        update,
        final,
diff --git a/src/lib/libcrypto/evp/m_md4.c b/src/lib/libcrypto/evp/m_md4.c
index 5cd2ab5ade..1e0b7c5b42 100644
--- a/src/lib/libcrypto/evp/m_md4.c
+++ b/src/lib/libcrypto/evp/m_md4.c
@@ -58,7 +58,6 @@
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp_locl.h"
 #ifndef OPENSSL_NO_MD4
diff --git a/src/lib/libcrypto/evp/m_md5.c b/src/lib/libcrypto/evp/m_md5.c
index 6455829671..63c142119e 100644
--- a/src/lib/libcrypto/evp/m_md5.c
+++ b/src/lib/libcrypto/evp/m_md5.c
@@ -62,7 +62,6 @@
 #ifndef OPENSSL_NO_MD5
 #include <openssl/evp.h>
-#include "evp_locl.h"
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/md5.h>
diff --git a/src/lib/libcrypto/evp/m_sha1.c b/src/lib/libcrypto/evp/m_sha1.c
index 471ec30be0..9a2790fdea 100644
--- a/src/lib/libcrypto/evp/m_sha1.c
+++ b/src/lib/libcrypto/evp/m_sha1.c
@@ -68,8 +68,6 @@
 #include <openssl/rsa.h>
 #endif
-#ifndef OPENSSL_FIPS
 static int init(EVP_MD_CTX *ctx)
        { return SHA1_Init(ctx->md_data); }
@@ -84,7 +82,7 @@ static const EVP_MD sha1_md=
        NID_sha1,
        NID_sha1WithRSAEncryption,
        SHA_DIGEST_LENGTH,
-        0,
+        EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
        init,
        update,
        final,
@@ -99,6 +97,7 @@ const EVP_MD *EVP_sha1(void)
        {
        return(&sha1_md);
        }
+#endif
 #ifndef OPENSSL_NO_SHA256
 static int init224(EVP_MD_CTX *ctx)
@@ -120,7 +119,7 @@ static const EVP_MD sha224_md=
        NID_sha224,
        NID_sha224WithRSAEncryption,
        SHA224_DIGEST_LENGTH,
-        0,
+        EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
        init224,
        update256,
        final256,
@@ -139,7 +138,7 @@ static const EVP_MD sha256_md=
        NID_sha256,
        NID_sha256WithRSAEncryption,
        SHA256_DIGEST_LENGTH,
-        0,
+        EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
        init256,
        update256,
        final256,
@@ -170,7 +169,7 @@ static const EVP_MD sha384_md=
        NID_sha384,
        NID_sha384WithRSAEncryption,
        SHA384_DIGEST_LENGTH,
-        0,
+        EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
        init384,
        update512,
        final512,
@@ -189,7 +188,7 @@ static const EVP_MD sha512_md=
        NID_sha512,
        NID_sha512WithRSAEncryption,
        SHA512_DIGEST_LENGTH,
-        0,
+        EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
        init512,
        update512,
        final512,
@@ -203,7 +202,3 @@ static const EVP_MD sha512_md=
 const EVP_MD *EVP_sha512(void)
        { return(&sha512_md); }
 #endif  /* ifndef OPENSSL_NO_SHA512 */
-#endif
-#endif
diff --git a/src/lib/libcrypto/evp/m_sigver.c b/src/lib/libcrypto/evp/m_sigver.c
new file mode 100644
index 0000000000..f0b7f95059
--- /dev/null
+++ b/src/lib/libcrypto/evp/m_sigver.c
@@ -0,0 +1,200 @@
+/* m_sigver.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2006.
+ */
+/* ====================================================================
+ * Copyright (c) 2006,2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include "evp_locl.h"
+static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+                          const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey,
+                          int ver)
+        {
+        if (ctx->pctx == NULL)
+                ctx->pctx = EVP_PKEY_CTX_new(pkey, e);
+        if (ctx->pctx == NULL)
+                return 0;
+        if (type == NULL)
+                {
+                int def_nid;
+                if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) > 0)
+                        type = EVP_get_digestbynid(def_nid);
+                }
+        if (type == NULL)
+                {
+                EVPerr(EVP_F_DO_SIGVER_INIT, EVP_R_NO_DEFAULT_DIGEST);
+                return 0;
+                }
+        if (ver)
+                {
+                if (ctx->pctx->pmeth->verifyctx_init)
+                        {
+                        if (ctx->pctx->pmeth->verifyctx_init(ctx->pctx, ctx) <=0)
+                                return 0;
+                        ctx->pctx->operation = EVP_PKEY_OP_VERIFYCTX;
+                        }
+                else if (EVP_PKEY_verify_init(ctx->pctx) <= 0)
+                        return 0;
+                }
+        else
+                {
+                if (ctx->pctx->pmeth->signctx_init)
+                        {
+                        if (ctx->pctx->pmeth->signctx_init(ctx->pctx, ctx) <= 0)
+                                return 0;
+                        ctx->pctx->operation = EVP_PKEY_OP_SIGNCTX;
+                        }
+                else if (EVP_PKEY_sign_init(ctx->pctx) <= 0)
+                        return 0;
+                }
+        if (EVP_PKEY_CTX_set_signature_md(ctx->pctx, type) <= 0)
+                return 0;
+        if (pctx)
+                *pctx = ctx->pctx;
+        if (!EVP_DigestInit_ex(ctx, type, e))
+                return 0;
+        return 1;
+        }
+int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+                        const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey)
+        {
+        return do_sigver_init(ctx, pctx, type, e, pkey, 0);
+        }
+int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+                        const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey)
+        {
+        return do_sigver_init(ctx, pctx, type, e, pkey, 1);
+        }
+int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen)
+        {
+        int sctx, r = 0;
+        if (ctx->pctx->pmeth->signctx)
+                sctx = 1;
+        else
+                sctx = 0;
+        if (sigret)
+                {
+                MS_STATIC EVP_MD_CTX tmp_ctx;
+                unsigned char md[EVP_MAX_MD_SIZE];
+                unsigned int mdlen;
+                EVP_MD_CTX_init(&tmp_ctx);
+                if (!EVP_MD_CTX_copy_ex(&tmp_ctx,ctx))
+                        return 0;
+                if (sctx)
+                        r = tmp_ctx.pctx->pmeth->signctx(tmp_ctx.pctx,
+                                        sigret, siglen, &tmp_ctx);
+                else
+                        r = EVP_DigestFinal_ex(&tmp_ctx,md,&mdlen);
+                EVP_MD_CTX_cleanup(&tmp_ctx);
+                if (sctx || !r)
+                        return r;
+                if (EVP_PKEY_sign(ctx->pctx, sigret, siglen, md, mdlen) <= 0)
+                        return 0;
+                }
+        else
+                {
+                if (sctx)
+                        {
+                        if (ctx->pctx->pmeth->signctx(ctx->pctx, sigret, siglen, ctx) <= 0)
+                                return 0;
+                        }
+                else
+                        {
+                        int s = EVP_MD_size(ctx->digest);
+                        if (s < 0 || EVP_PKEY_sign(ctx->pctx, sigret, siglen, NULL, s) <= 0)
+                                return 0;
+                        }
+                }
+        return 1;
+        }
+int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t siglen)
+        {
+        MS_STATIC EVP_MD_CTX tmp_ctx;
+        unsigned char md[EVP_MAX_MD_SIZE];
+        int r;
+        unsigned int mdlen;
+        int vctx;
+        if (ctx->pctx->pmeth->verifyctx)
+                vctx = 1;
+        else
+                vctx = 0;
+        EVP_MD_CTX_init(&tmp_ctx);
+        if (!EVP_MD_CTX_copy_ex(&tmp_ctx,ctx))
+                return -1;      
+        if (vctx)
+                {
+                r = tmp_ctx.pctx->pmeth->verifyctx(tmp_ctx.pctx,
+                                        sig, siglen, &tmp_ctx);
+                }
+        else
+                r = EVP_DigestFinal_ex(&tmp_ctx,md,&mdlen);
+        EVP_MD_CTX_cleanup(&tmp_ctx);
+        if (vctx || !r)
+                return r;
+        return EVP_PKEY_verify(ctx->pctx, sig, siglen, md, mdlen);
+        }
diff --git a/src/lib/libcrypto/evp/m_wp.c b/src/lib/libcrypto/evp/m_wp.c
new file mode 100644
index 0000000000..1ce47c040b
--- /dev/null
+++ b/src/lib/libcrypto/evp/m_wp.c
@@ -0,0 +1,42 @@
+/* crypto/evp/m_wp.c */
+#include <stdio.h>
+#include "cryptlib.h"
+#ifndef OPENSSL_NO_WHIRLPOOL
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/whrlpool.h>
+static int init(EVP_MD_CTX *ctx)
+        { return WHIRLPOOL_Init(ctx->md_data); }
+static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
+        { return WHIRLPOOL_Update(ctx->md_data,data,count); }
+static int final(EVP_MD_CTX *ctx,unsigned char *md)
+        { return WHIRLPOOL_Final(md,ctx->md_data); }
+static const EVP_MD whirlpool_md=
+        {
+        NID_whirlpool,
+        0,
+        WHIRLPOOL_DIGEST_LENGTH,
+        0,
+        init,
+        update,
+        final,
+        NULL,
+        NULL,
+        EVP_PKEY_NULL_method,
+        WHIRLPOOL_BBLOCK/8,
+        sizeof(EVP_MD *)+sizeof(WHIRLPOOL_CTX),
+        };
+const EVP_MD *EVP_whirlpool(void)
+        {
+        return(&whirlpool_md);
+        }
+#endif
diff --git a/src/lib/libcrypto/evp/names.c b/src/lib/libcrypto/evp/names.c
index e2e04c3570..f2869f5c78 100644
--- a/src/lib/libcrypto/evp/names.c
+++ b/src/lib/libcrypto/evp/names.c
@@ -66,35 +66,32 @@ int EVP_add_cipher(const EVP_CIPHER *c)
        {
        int r;
-#ifdef OPENSSL_FIPS
-        OPENSSL_init();
-#endif
        r=OBJ_NAME_add(OBJ_nid2sn(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(const char *)c);
        if (r == 0) return(0);
+        check_defer(c->nid);
        r=OBJ_NAME_add(OBJ_nid2ln(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(const char *)c);
        return(r);
        }
 int EVP_add_digest(const EVP_MD *md)
        {
        int r;
        const char *name;
-#ifdef OPENSSL_FIPS
-        OPENSSL_init();
-#endif
        name=OBJ_nid2sn(md->type);
        r=OBJ_NAME_add(name,OBJ_NAME_TYPE_MD_METH,(const char *)md);
        if (r == 0) return(0);
+        check_defer(md->type);
        r=OBJ_NAME_add(OBJ_nid2ln(md->type),OBJ_NAME_TYPE_MD_METH,(const char *)md);
        if (r == 0) return(0);
-        if (md->type != md->pkey_type)
+        if (md->pkey_type && md->type != md->pkey_type)
                {
                r=OBJ_NAME_add(OBJ_nid2sn(md->pkey_type),
                        OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,name);
                if (r == 0) return(0);
+                check_defer(md->pkey_type);
                r=OBJ_NAME_add(OBJ_nid2ln(md->pkey_type),
                        OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,name);
                }
@@ -127,4 +124,78 @@ void EVP_cleanup(void)
        OBJ_NAME_cleanup(-1);
        EVP_PBE_cleanup();
+        if (obj_cleanup_defer == 2)
+                {
+                obj_cleanup_defer = 0;
+                OBJ_cleanup();
+                }
+        OBJ_sigid_free();
+        }
+struct doall_cipher
+        {
+        void *arg;
+        void (*fn)(const EVP_CIPHER *ciph,
+                        const char *from, const char *to, void *arg);
+        };
+static void do_all_cipher_fn(const OBJ_NAME *nm, void *arg)
+        {
+        struct doall_cipher *dc = arg;
+        if (nm->alias)
+                dc->fn(NULL, nm->name, nm->data, dc->arg);
+        else
+                dc->fn((const EVP_CIPHER *)nm->data, nm->name, NULL, dc->arg);
+        }
+void EVP_CIPHER_do_all(void (*fn)(const EVP_CIPHER *ciph,
+                const char *from, const char *to, void *x), void *arg)
+        {
+        struct doall_cipher dc;
+        dc.fn = fn;
+        dc.arg = arg;
+        OBJ_NAME_do_all(OBJ_NAME_TYPE_CIPHER_METH, do_all_cipher_fn, &dc);
+        }
+void EVP_CIPHER_do_all_sorted(void (*fn)(const EVP_CIPHER *ciph,
+                const char *from, const char *to, void *x), void *arg)
+        {
+        struct doall_cipher dc;
+        dc.fn = fn;
+        dc.arg = arg;
+        OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, do_all_cipher_fn,&dc);
+        }
+struct doall_md
+        {
+        void *arg;
+        void (*fn)(const EVP_MD *ciph,
+                        const char *from, const char *to, void *arg);
+        };
+static void do_all_md_fn(const OBJ_NAME *nm, void *arg)
+        {
+        struct doall_md *dc = arg;
+        if (nm->alias)
+                dc->fn(NULL, nm->name, nm->data, dc->arg);
+        else
+                dc->fn((const EVP_MD *)nm->data, nm->name, NULL, dc->arg);
+        }
+void EVP_MD_do_all(void (*fn)(const EVP_MD *md,
+                const char *from, const char *to, void *x), void *arg)
+        {
+        struct doall_md dc;
+        dc.fn = fn;
+        dc.arg = arg;
+        OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH, do_all_md_fn, &dc);
+        }
+void EVP_MD_do_all_sorted(void (*fn)(const EVP_MD *md,
+                const char *from, const char *to, void *x), void *arg)
+        {
+        struct doall_md dc;
+        dc.fn = fn;
+        dc.arg = arg;
+        OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_MD_METH, do_all_md_fn, &dc);
        }
diff --git a/src/lib/libcrypto/evp/p5_crpt.c b/src/lib/libcrypto/evp/p5_crpt.c
index 2a265fdee2..7ecfa8dad9 100644
--- a/src/lib/libcrypto/evp/p5_crpt.c
+++ b/src/lib/libcrypto/evp/p5_crpt.c
@@ -62,42 +62,11 @@
 #include <openssl/x509.h>
 #include <openssl/evp.h>
-/* PKCS#5 v1.5 compatible PBE functions: see PKCS#5 v2.0 for more info.
+/* Doesn't do anything now: Builtin PBE algorithms in static table.
 */
 void PKCS5_PBE_add(void)
 {
-#ifndef OPENSSL_NO_DES
-#  ifndef OPENSSL_NO_MD5
-EVP_PBE_alg_add(NID_pbeWithMD5AndDES_CBC, EVP_des_cbc(), EVP_md5(),
-                                                         PKCS5_PBE_keyivgen);
-#  endif
-#  ifndef OPENSSL_NO_MD2
-EVP_PBE_alg_add(NID_pbeWithMD2AndDES_CBC, EVP_des_cbc(), EVP_md2(),
-                                                         PKCS5_PBE_keyivgen);
-#  endif
-#  ifndef OPENSSL_NO_SHA
-EVP_PBE_alg_add(NID_pbeWithSHA1AndDES_CBC, EVP_des_cbc(), EVP_sha1(),
-                                                         PKCS5_PBE_keyivgen);
-#  endif
-#endif
-#ifndef OPENSSL_NO_RC2
-#  ifndef OPENSSL_NO_MD5
-EVP_PBE_alg_add(NID_pbeWithMD5AndRC2_CBC, EVP_rc2_64_cbc(), EVP_md5(),
-                                                         PKCS5_PBE_keyivgen);
-#  endif
-#  ifndef OPENSSL_NO_MD2
-EVP_PBE_alg_add(NID_pbeWithMD2AndRC2_CBC, EVP_rc2_64_cbc(), EVP_md2(),
-                                                         PKCS5_PBE_keyivgen);
-#  endif
-#  ifndef OPENSSL_NO_SHA
-EVP_PBE_alg_add(NID_pbeWithSHA1AndRC2_CBC, EVP_rc2_64_cbc(), EVP_sha1(),
-                                                         PKCS5_PBE_keyivgen);
-#  endif
-#endif
-#ifndef OPENSSL_NO_HMAC
-EVP_PBE_alg_add(NID_pbes2, NULL, NULL, PKCS5_v2_PBE_keyivgen);
-#endif
 }
 int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
@@ -112,6 +81,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
        int saltlen, iter;
        unsigned char *salt;
        const unsigned char *pbuf;
+        int mdsize;
        /* Extract useful info from parameter */
        if (param == NULL || param->type != V_ASN1_SEQUENCE ||
@@ -140,9 +110,12 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
        EVP_DigestUpdate(&ctx, salt, saltlen);
        PBEPARAM_free(pbe);
        EVP_DigestFinal_ex(&ctx, md_tmp, NULL);
+        mdsize = EVP_MD_size(md);
+        if (mdsize < 0)
+            return 0;
        for (i = 1; i < iter; i++) {
                EVP_DigestInit_ex(&ctx, md, NULL);
-                EVP_DigestUpdate(&ctx, md_tmp, EVP_MD_size(md));
+                EVP_DigestUpdate(&ctx, md_tmp, mdsize);
                EVP_DigestFinal_ex (&ctx, md_tmp, NULL);
        }
        EVP_MD_CTX_cleanup(&ctx);
diff --git a/src/lib/libcrypto/evp/p5_crpt2.c b/src/lib/libcrypto/evp/p5_crpt2.c
index 6bec77baf9..334379f310 100644
--- a/src/lib/libcrypto/evp/p5_crpt2.c
+++ b/src/lib/libcrypto/evp/p5_crpt2.c
@@ -3,7 +3,7 @@
 * project 1999.
 */
 /* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -71,28 +71,38 @@
 #endif
 /* This is an implementation of PKCS#5 v2.0 password based encryption key
- * derivation function PBKDF2 using the only currently defined function HMAC
+ * derivation function PBKDF2.
- * with SHA1. Verified against test vectors posted by Peter Gutmann
+ * SHA1 version verified against test vectors posted by Peter Gutmann
 * <pgut001@cs.auckland.ac.nz> to the PKCS-TNG <pkcs-tng@rsa.com> mailing list.
 */
-int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
+int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
                           const unsigned char *salt, int saltlen, int iter,
+                           const EVP_MD *digest,
                           int keylen, unsigned char *out)
-{
+        {
-        unsigned char digtmp[SHA_DIGEST_LENGTH], *p, itmp[4];
+        unsigned char digtmp[EVP_MAX_MD_SIZE], *p, itmp[4];
-        int cplen, j, k, tkeylen;
+        int cplen, j, k, tkeylen, mdlen;
        unsigned long i = 1;
        HMAC_CTX hctx;
+        mdlen = EVP_MD_size(digest);
+        if (mdlen < 0)
+                return 0;
        HMAC_CTX_init(&hctx);
        p = out;
        tkeylen = keylen;
-        if(!pass) passlen = 0;
+        if(!pass)
-        else if(passlen == -1) passlen = strlen(pass);
+                passlen = 0;
-        while(tkeylen) {
+        else if(passlen == -1)
-                if(tkeylen > SHA_DIGEST_LENGTH) cplen = SHA_DIGEST_LENGTH;
+                passlen = strlen(pass);
-                else cplen = tkeylen;
+        while(tkeylen)
+                {
+                if(tkeylen > mdlen)
+                        cplen = mdlen;
+                else
+                        cplen = tkeylen;
                /* We are unlikely to ever use more than 256 blocks (5120 bits!)
                 * but just in case...
                 */
@@ -100,20 +110,22 @@ int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
                itmp[1] = (unsigned char)((i >> 16) & 0xff);
                itmp[2] = (unsigned char)((i >> 8) & 0xff);
                itmp[3] = (unsigned char)(i & 0xff);
-                HMAC_Init_ex(&hctx, pass, passlen, EVP_sha1(), NULL);
+                HMAC_Init_ex(&hctx, pass, passlen, digest, NULL);
                HMAC_Update(&hctx, salt, saltlen);
                HMAC_Update(&hctx, itmp, 4);
                HMAC_Final(&hctx, digtmp, NULL);
                memcpy(p, digtmp, cplen);
-                for(j = 1; j < iter; j++) {
+                for(j = 1; j < iter; j++)
-                        HMAC(EVP_sha1(), pass, passlen,
+                        {
-                                 digtmp, SHA_DIGEST_LENGTH, digtmp, NULL);
+                        HMAC(digest, pass, passlen,
-                        for(k = 0; k < cplen; k++) p[k] ^= digtmp[k];
+                                 digtmp, mdlen, digtmp, NULL);
-                }
+                        for(k = 0; k < cplen; k++)
+                                p[k] ^= digtmp[k];
+                        }
                tkeylen-= cplen;
                i++;
                p+= cplen;
-        }
+                }
        HMAC_CTX_cleanup(&hctx);
 #ifdef DEBUG_PKCS5V2
        fprintf(stderr, "Password:\n");
@@ -125,7 +137,15 @@ int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
        h__dump (out, keylen);
 #endif
        return 1;
-}
+        }
+int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
+                           const unsigned char *salt, int saltlen, int iter,
+                           int keylen, unsigned char *out)
+        {
+        return PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, EVP_sha1(),
+                                        keylen, out);
+        }
 #ifdef DO_TEST
 main()
@@ -155,6 +175,8 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
        PBE2PARAM *pbe2 = NULL;
        const EVP_CIPHER *cipher;
        PBKDF2PARAM *kdf = NULL;
+        const EVP_MD *prfmd;
+        int prf_nid, hmac_md_nid;
        if (param == NULL || param->type != V_ASN1_SEQUENCE ||
            param->value.sequence == NULL) {
@@ -180,8 +202,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
        /* lets see if we recognise the encryption algorithm.
         */
-        cipher = EVP_get_cipherbyname(
+        cipher = EVP_get_cipherbyobj(pbe2->encryption->algorithm);
-                        OBJ_nid2sn(OBJ_obj2nid(pbe2->encryption->algorithm)));
        if(!cipher) {
                EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
@@ -226,10 +247,23 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
                goto err;
        }
-        if(kdf->prf && (OBJ_obj2nid(kdf->prf->algorithm) != NID_hmacWithSHA1)) {
+        if (kdf->prf)
+                prf_nid = OBJ_obj2nid(kdf->prf->algorithm);
+        else
+                prf_nid = NID_hmacWithSHA1;
+        if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, prf_nid, NULL, &hmac_md_nid, 0))
+                {
                EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_PRF);
                goto err;
-        }
+                }
+        prfmd = EVP_get_digestbynid(hmac_md_nid);
+        if (prfmd == NULL)
+                {
+                EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_PRF);
+                goto err;
+                }
        if(kdf->salt->type != V_ASN1_OCTET_STRING) {
                EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
@@ -241,7 +275,9 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
        salt = kdf->salt->value.octet_string->data;
        saltlen = kdf->salt->value.octet_string->length;
        iter = ASN1_INTEGER_get(kdf->iter);
-        PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key);
+        if(!PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, prfmd,
+                                                   keylen, key))
+                goto err;
        EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de);
        OPENSSL_cleanse(key, keylen);
        PBKDF2PARAM_free(kdf);
diff --git a/src/lib/libcrypto/evp/p_dec.c b/src/lib/libcrypto/evp/p_dec.c
index f64901f653..4201dcbad9 100644
--- a/src/lib/libcrypto/evp/p_dec.c
+++ b/src/lib/libcrypto/evp/p_dec.c
@@ -66,7 +66,7 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
-int EVP_PKEY_decrypt(unsigned char *key, const unsigned char *ek, int ekl,
+int EVP_PKEY_decrypt_old(unsigned char *key, const unsigned char *ek, int ekl,
             EVP_PKEY *priv)
        {
        int ret= -1;
@@ -75,7 +75,7 @@ int EVP_PKEY_decrypt(unsigned char *key, const unsigned char *ek, int ekl,
        if (priv->type != EVP_PKEY_RSA)
                {
 #endif
-                EVPerr(EVP_F_EVP_PKEY_DECRYPT,EVP_R_PUBLIC_KEY_NOT_RSA);
+                EVPerr(EVP_F_EVP_PKEY_DECRYPT_OLD,EVP_R_PUBLIC_KEY_NOT_RSA);
 #ifndef OPENSSL_NO_RSA
                goto err;
                }
diff --git a/src/lib/libcrypto/evp/p_enc.c b/src/lib/libcrypto/evp/p_enc.c
index c2dfdc52ad..b5a3a84c41 100644
--- a/src/lib/libcrypto/evp/p_enc.c
+++ b/src/lib/libcrypto/evp/p_enc.c
@@ -66,7 +66,7 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
-int EVP_PKEY_encrypt(unsigned char *ek, const unsigned char *key, int key_len,
+int EVP_PKEY_encrypt_old(unsigned char *ek, const unsigned char *key, int key_len,
             EVP_PKEY *pubk)
        {
        int ret=0;
@@ -75,7 +75,7 @@ int EVP_PKEY_encrypt(unsigned char *ek, const unsigned char *key, int key_len,
        if (pubk->type != EVP_PKEY_RSA)
                {
 #endif
-                EVPerr(EVP_F_EVP_PKEY_ENCRYPT,EVP_R_PUBLIC_KEY_NOT_RSA);
+                EVPerr(EVP_F_EVP_PKEY_ENCRYPT_OLD,EVP_R_PUBLIC_KEY_NOT_RSA);
 #ifndef OPENSSL_NO_RSA
                goto err;
                }
diff --git a/src/lib/libcrypto/evp/p_lib.c b/src/lib/libcrypto/evp/p_lib.c
index 22155ecf62..1916c61699 100644
--- a/src/lib/libcrypto/evp/p_lib.c
+++ b/src/lib/libcrypto/evp/p_lib.c
@@ -74,66 +74,26 @@
 #include <openssl/dh.h>
 #endif
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+#include "asn1_locl.h"
 static void EVP_PKEY_free_it(EVP_PKEY *x);
 int EVP_PKEY_bits(EVP_PKEY *pkey)
        {
-        if (0)
+        if (pkey && pkey->ameth && pkey->ameth->pkey_bits)
-                return 0;
+                return pkey->ameth->pkey_bits(pkey);
-#ifndef OPENSSL_NO_RSA
+        return 0;
-        else if (pkey->type == EVP_PKEY_RSA)
-                return(BN_num_bits(pkey->pkey.rsa->n));
-#endif
-#ifndef OPENSSL_NO_DSA
-        else if (pkey->type == EVP_PKEY_DSA)
-                return(BN_num_bits(pkey->pkey.dsa->p));
-#endif
-#ifndef OPENSSL_NO_EC
-        else if (pkey->type == EVP_PKEY_EC)
-                {
-                BIGNUM *order = BN_new();
-                const EC_GROUP *group;
-                int ret;
-                if (!order)
-                        {
-                        ERR_clear_error();
-                        return 0;
-                        }
-                group = EC_KEY_get0_group(pkey->pkey.ec);
-                if (!EC_GROUP_get_order(group, order, NULL))
-                        {
-                        ERR_clear_error();
-                        return 0;
-                        }
-                ret = BN_num_bits(order);
-                BN_free(order);
-                return ret;
-                }
-#endif
-        return(0);
        }
 int EVP_PKEY_size(EVP_PKEY *pkey)
        {
-        if (pkey == NULL)
+        if (pkey && pkey->ameth && pkey->ameth->pkey_size)
-                return(0);
+                return pkey->ameth->pkey_size(pkey);
-#ifndef OPENSSL_NO_RSA
+        return 0;
-        if (pkey->type == EVP_PKEY_RSA)
-                return(RSA_size(pkey->pkey.rsa));
-        else
-#endif
-#ifndef OPENSSL_NO_DSA
-                if (pkey->type == EVP_PKEY_DSA)
-                return(DSA_size(pkey->pkey.dsa));
-#endif
-#ifndef OPENSSL_NO_ECDSA
-                if (pkey->type == EVP_PKEY_EC)
-                return(ECDSA_size(pkey->pkey.ec));
-#endif
-        return(0);
        }
 int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode)
@@ -174,88 +134,26 @@ int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
                EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS,EVP_R_MISSING_PARAMETERS);
                goto err;
                }
-#ifndef OPENSSL_NO_DSA
+        if (from->ameth && from->ameth->param_copy)
-        if (to->type == EVP_PKEY_DSA)
+                return from->ameth->param_copy(to, from);
-                {
-                BIGNUM *a;
-                if ((a=BN_dup(from->pkey.dsa->p)) == NULL) goto err;
-                if (to->pkey.dsa->p != NULL) BN_free(to->pkey.dsa->p);
-                to->pkey.dsa->p=a;
-                if ((a=BN_dup(from->pkey.dsa->q)) == NULL) goto err;
-                if (to->pkey.dsa->q != NULL) BN_free(to->pkey.dsa->q);
-                to->pkey.dsa->q=a;
-                if ((a=BN_dup(from->pkey.dsa->g)) == NULL) goto err;
-                if (to->pkey.dsa->g != NULL) BN_free(to->pkey.dsa->g);
-                to->pkey.dsa->g=a;
-                }
-#endif
-#ifndef OPENSSL_NO_EC
-        if (to->type == EVP_PKEY_EC)
-                {
-                EC_GROUP *group = EC_GROUP_dup(EC_KEY_get0_group(from->pkey.ec));
-                if (group == NULL)
-                        goto err;
-                if (EC_KEY_set_group(to->pkey.ec, group) == 0)
-                        goto err;
-                EC_GROUP_free(group);
-                }
-#endif
-        return(1);
 err:
-        return(0);
+        return 0;
        }
 int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey)
        {
-#ifndef OPENSSL_NO_DSA
+        if (pkey->ameth && pkey->ameth->param_missing)
-        if (pkey->type == EVP_PKEY_DSA)
+                return pkey->ameth->param_missing(pkey);
-                {
+        return 0;
-                DSA *dsa;
-                dsa=pkey->pkey.dsa;
-                if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
-                        return(1);
-                }
-#endif
-#ifndef OPENSSL_NO_EC
-        if (pkey->type == EVP_PKEY_EC)
-                {
-                if (EC_KEY_get0_group(pkey->pkey.ec) == NULL)
-                        return(1);
-                }
-#endif
-        return(0);
        }
 int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
        {
-#ifndef OPENSSL_NO_DSA
+        if (a->type != b->type)
-        if ((a->type == EVP_PKEY_DSA) && (b->type == EVP_PKEY_DSA))
+                return -1;
-                {
+        if (a->ameth && a->ameth->param_cmp)
-                if (    BN_cmp(a->pkey.dsa->p,b->pkey.dsa->p) ||
+                return a->ameth->param_cmp(a, b);
-                        BN_cmp(a->pkey.dsa->q,b->pkey.dsa->q) ||
+        return -2;
-                        BN_cmp(a->pkey.dsa->g,b->pkey.dsa->g))
-                        return(0);
-                else
-                        return(1);
-                }
-#endif
-#ifndef OPENSSL_NO_EC
-        if (a->type == EVP_PKEY_EC && b->type == EVP_PKEY_EC)
-                {
-                const EC_GROUP *group_a = EC_KEY_get0_group(a->pkey.ec),
-                               *group_b = EC_KEY_get0_group(b->pkey.ec);
-                if (EC_GROUP_cmp(group_a, group_b, NULL))
-                        return 0;
-                else
-                        return 1;
-                }
-#endif
-        return(-1);
        }
 int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
@@ -263,51 +161,22 @@ int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
        if (a->type != b->type)
                return -1;
-        if (EVP_PKEY_cmp_parameters(a, b) == 0)
+        if (a->ameth)
-                return 0;
-        switch (a->type)
                {
-#ifndef OPENSSL_NO_RSA
+                int ret;
-        case EVP_PKEY_RSA:
+                /* Compare parameters if the algorithm has them */
-                if (BN_cmp(b->pkey.rsa->n,a->pkey.rsa->n) != 0
+                if (a->ameth->param_cmp)
-                        || BN_cmp(b->pkey.rsa->e,a->pkey.rsa->e) != 0)
-                        return 0;
-                break;
-#endif
-#ifndef OPENSSL_NO_DSA
-        case EVP_PKEY_DSA:
-                if (BN_cmp(b->pkey.dsa->pub_key,a->pkey.dsa->pub_key) != 0)
-                        return 0;
-                break;
-#endif
-#ifndef OPENSSL_NO_EC
-        case EVP_PKEY_EC:
-                {
-                int  r;
-                const EC_GROUP *group = EC_KEY_get0_group(b->pkey.ec);
-                const EC_POINT *pa = EC_KEY_get0_public_key(a->pkey.ec),
-                               *pb = EC_KEY_get0_public_key(b->pkey.ec);
-                r = EC_POINT_cmp(group, pa, pb, NULL);
-                if (r != 0)
                        {
-                        if (r == 1)
+                        ret = a->ameth->param_cmp(a, b);
-                                return 0;
+                        if (ret <= 0)
-                        else
+                                return ret;
-                                return -2;
                        }
-                }
-                break;
+                if (a->ameth->pub_cmp)
-#endif
+                        return a->ameth->pub_cmp(a, b);
-#ifndef OPENSSL_NO_DH
-        case EVP_PKEY_DH:
-                return -2;
-#endif
-        default:
-                return -2;
                }
-        return 1;
+        return -2;
        }
 EVP_PKEY *EVP_PKEY_new(void)
@@ -321,22 +190,87 @@ EVP_PKEY *EVP_PKEY_new(void)
                return(NULL);
                }
        ret->type=EVP_PKEY_NONE;
+        ret->save_type=EVP_PKEY_NONE;
        ret->references=1;
+        ret->ameth=NULL;
+        ret->engine=NULL;
        ret->pkey.ptr=NULL;
        ret->attributes=NULL;
        ret->save_parameters=1;
        return(ret);
        }
-int EVP_PKEY_assign(EVP_PKEY *pkey, int type, char *key)
+/* Setup a public key ASN1 method and ENGINE from a NID or a string.
+ * If pkey is NULL just return 1 or 0 if the algorithm exists.
+ */
+static int pkey_set_type(EVP_PKEY *pkey, int type, const char *str, int len)
        {
-        if (pkey == NULL) return(0);
+        const EVP_PKEY_ASN1_METHOD *ameth;
-        if (pkey->pkey.ptr != NULL)
+        ENGINE *e = NULL;
-                EVP_PKEY_free_it(pkey);
+        if (pkey)
-        pkey->type=EVP_PKEY_type(type);
+                {
-        pkey->save_type=type;
+                if (pkey->pkey.ptr)
+                        EVP_PKEY_free_it(pkey);
+                /* If key type matches and a method exists then this
+                 * lookup has succeeded once so just indicate success.
+                 */
+                if ((type == pkey->save_type) && pkey->ameth)
+                        return 1;
+#ifndef OPENSSL_NO_ENGINE
+                /* If we have an ENGINE release it */
+                if (pkey->engine)
+                        {
+                        ENGINE_finish(pkey->engine);
+                        pkey->engine = NULL;
+                        }
+#endif
+                }
+        if (str)
+                ameth = EVP_PKEY_asn1_find_str(&e, str, len);
+        else
+                ameth = EVP_PKEY_asn1_find(&e, type);
+#ifndef OPENSSL_NO_ENGINE
+        if (!pkey && e)
+                ENGINE_finish(e);
+#endif
+        if (!ameth)
+                {
+                EVPerr(EVP_F_PKEY_SET_TYPE, EVP_R_UNSUPPORTED_ALGORITHM);
+                return 0;
+                }
+        if (pkey)
+                {
+                pkey->ameth = ameth;
+                pkey->engine = e;
+                pkey->type = pkey->ameth->pkey_id;
+                pkey->save_type=type;
+                }
+        return 1;
+        }
+int EVP_PKEY_set_type(EVP_PKEY *pkey, int type)
+        {
+        return pkey_set_type(pkey, type, NULL, -1);
+        }
+int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len)
+        {
+        return pkey_set_type(pkey, EVP_PKEY_NONE, str, len);
+        }
+int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key)
+        {
+        if (!EVP_PKEY_set_type(pkey, type))
+                return 0;
        pkey->pkey.ptr=key;
-        return(key != NULL);
+        return (key != NULL);
+        }
+void *EVP_PKEY_get0(EVP_PKEY *pkey)
+        {
+        return pkey->pkey.ptr;
        }
 #ifndef OPENSSL_NO_RSA
@@ -425,24 +359,29 @@ DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey)
 int EVP_PKEY_type(int type)
        {
-        switch (type)
+        int ret;
-                {
+        const EVP_PKEY_ASN1_METHOD *ameth;
-        case EVP_PKEY_RSA:
+        ENGINE *e;
-        case EVP_PKEY_RSA2:
+        ameth = EVP_PKEY_asn1_find(&e, type);
-                return(EVP_PKEY_RSA);
+        if (ameth)
-        case EVP_PKEY_DSA:
+                ret = ameth->pkey_id;
-        case EVP_PKEY_DSA1:
+        else
-        case EVP_PKEY_DSA2:
+                ret = NID_undef;
-        case EVP_PKEY_DSA3:
+#ifndef OPENSSL_NO_ENGINE
-        case EVP_PKEY_DSA4:
+        if (e)
-                return(EVP_PKEY_DSA);
+                ENGINE_finish(e);
-        case EVP_PKEY_DH:
+#endif
-                return(EVP_PKEY_DH);
+        return ret;
-        case EVP_PKEY_EC:
+        }
-                return(EVP_PKEY_EC);
-        default:
+int EVP_PKEY_id(const EVP_PKEY *pkey)
-                return(NID_undef);
+        {
-                }
+        return pkey->type;
+        }
+int EVP_PKEY_base_id(const EVP_PKEY *pkey)
+        {
+        return EVP_PKEY_type(pkey->type);
        }
 void EVP_PKEY_free(EVP_PKEY *x)
@@ -471,32 +410,57 @@ void EVP_PKEY_free(EVP_PKEY *x)
 static void EVP_PKEY_free_it(EVP_PKEY *x)
        {
-        switch (x->type)
+        if (x->ameth && x->ameth->pkey_free)
+                x->ameth->pkey_free(x);
+#ifndef OPENSSL_NO_ENGINE
+        if (x->engine)
                {
-#ifndef OPENSSL_NO_RSA
+                ENGINE_finish(x->engine);
-        case EVP_PKEY_RSA:
+                x->engine = NULL;
-        case EVP_PKEY_RSA2:
-                RSA_free(x->pkey.rsa);
-                break;
-#endif
-#ifndef OPENSSL_NO_DSA
-        case EVP_PKEY_DSA:
-        case EVP_PKEY_DSA2:
-        case EVP_PKEY_DSA3:
-        case EVP_PKEY_DSA4:
-                DSA_free(x->pkey.dsa);
-                break;
-#endif
-#ifndef OPENSSL_NO_EC
-        case EVP_PKEY_EC:
-                EC_KEY_free(x->pkey.ec);
-                break;
-#endif
-#ifndef OPENSSL_NO_DH
-        case EVP_PKEY_DH:
-                DH_free(x->pkey.dh);
-                break;
-#endif
                }
+#endif
+        }
+static int unsup_alg(BIO *out, const EVP_PKEY *pkey, int indent,
+                                const char *kstr)
+        {
+        BIO_indent(out, indent, 128);
+        BIO_printf(out, "%s algorithm \"%s\" unsupported\n",
+                                                kstr, OBJ_nid2ln(pkey->type));
+        return 1;
+        }
+int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey,
+                                int indent, ASN1_PCTX *pctx)
+        {
+        if (pkey->ameth && pkey->ameth->pub_print)
+                return pkey->ameth->pub_print(out, pkey, indent, pctx);
+        
+        return unsup_alg(out, pkey, indent, "Public Key");
+        }
+int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey,
+                                int indent, ASN1_PCTX *pctx)
+        {
+        if (pkey->ameth && pkey->ameth->priv_print)
+                return pkey->ameth->priv_print(out, pkey, indent, pctx);
+        
+        return unsup_alg(out, pkey, indent, "Private Key");
+        }
+int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey,
+                                int indent, ASN1_PCTX *pctx)
+        {
+        if (pkey->ameth && pkey->ameth->param_print)
+                return pkey->ameth->param_print(out, pkey, indent, pctx);
+        return unsup_alg(out, pkey, indent, "Parameters");
+        }
+int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid)
+        {
+        if (!pkey->ameth || !pkey->ameth->pkey_ctrl)
+                return -2;
+        return pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_DEFAULT_MD_NID,
+                                                0, pnid);
        }
diff --git a/src/lib/libcrypto/evp/p_open.c b/src/lib/libcrypto/evp/p_open.c
index 9935206d0f..53a59a295c 100644
--- a/src/lib/libcrypto/evp/p_open.c
+++ b/src/lib/libcrypto/evp/p_open.c
@@ -95,7 +95,7 @@ int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
                goto err;
                }
-        i=EVP_PKEY_decrypt(key,ek,ekl,priv);
+        i=EVP_PKEY_decrypt_old(key,ek,ekl,priv);
        if ((i <= 0) || !EVP_CIPHER_CTX_set_key_length(ctx, i))
                {
                /* ERROR */
diff --git a/src/lib/libcrypto/evp/p_seal.c b/src/lib/libcrypto/evp/p_seal.c
index 8cc8fcb0bd..d8324526e7 100644
--- a/src/lib/libcrypto/evp/p_seal.c
+++ b/src/lib/libcrypto/evp/p_seal.c
@@ -87,7 +87,7 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek
        for (i=0; i<npubk; i++)
                {
-                ekl[i]=EVP_PKEY_encrypt(ek[i],key,EVP_CIPHER_CTX_key_length(ctx),
+                ekl[i]=EVP_PKEY_encrypt_old(ek[i],key,EVP_CIPHER_CTX_key_length(ctx),
                        pubk[i]);
                if (ekl[i] <= 0) return(-1);
                }
diff --git a/src/lib/libcrypto/evp/p_sign.c b/src/lib/libcrypto/evp/p_sign.c
index bf41a0db68..8df6d48a7e 100644
--- a/src/lib/libcrypto/evp/p_sign.c
+++ b/src/lib/libcrypto/evp/p_sign.c
@@ -84,6 +84,32 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen,
        MS_STATIC EVP_MD_CTX tmp_ctx;
        *siglen=0;
+        EVP_MD_CTX_init(&tmp_ctx);
+        EVP_MD_CTX_copy_ex(&tmp_ctx,ctx);   
+        EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len);
+        EVP_MD_CTX_cleanup(&tmp_ctx);
+        if (ctx->digest->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE)
+                {
+                EVP_PKEY_CTX *pkctx = NULL;
+                size_t sltmp = (size_t)EVP_PKEY_size(pkey);
+                i = 0;
+                pkctx = EVP_PKEY_CTX_new(pkey, NULL);
+                if (!pkctx)
+                        goto err;
+                if (EVP_PKEY_sign_init(pkctx) <= 0)
+                        goto err;
+                if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0)
+                        goto err;
+                if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0)
+                        goto err;
+                *siglen = sltmp;
+                i = 1;
+                err:
+                EVP_PKEY_CTX_free(pkctx);
+                return i;
+                }
        for (i=0; i<4; i++)
                {
                v=ctx->digest->required_pkey_type[i];
@@ -99,28 +125,13 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen,
                EVPerr(EVP_F_EVP_SIGNFINAL,EVP_R_WRONG_PUBLIC_KEY_TYPE);
                return(0);
                }
        if (ctx->digest->sign == NULL)
                {
                EVPerr(EVP_F_EVP_SIGNFINAL,EVP_R_NO_SIGN_FUNCTION_CONFIGURED);
                return(0);
                }
-        EVP_MD_CTX_init(&tmp_ctx);
+        return(ctx->digest->sign(ctx->digest->type,m,m_len,sigret,siglen,
-        EVP_MD_CTX_copy_ex(&tmp_ctx,ctx);
+                pkey->pkey.ptr));
-        if (ctx->digest->flags & EVP_MD_FLAG_SVCTX)
-                {
-                EVP_MD_SVCTX sctmp;
-                sctmp.mctx = &tmp_ctx;
-                sctmp.key = pkey->pkey.ptr;
-                i = ctx->digest->sign(ctx->digest->type,
-                        NULL, -1, sigret, siglen, &sctmp);
-                }
-        else
-                {
-                EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len);
-                i = ctx->digest->sign(ctx->digest->type,m,m_len,sigret,siglen,
-                                        pkey->pkey.ptr);
-                }
-        EVP_MD_CTX_cleanup(&tmp_ctx);
-        return i;
        }
diff --git a/src/lib/libcrypto/evp/p_verify.c b/src/lib/libcrypto/evp/p_verify.c
index 2d46dffe7e..8db46412f3 100644
--- a/src/lib/libcrypto/evp/p_verify.c
+++ b/src/lib/libcrypto/evp/p_verify.c
@@ -70,6 +70,28 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
        int i,ok=0,v;
        MS_STATIC EVP_MD_CTX tmp_ctx;
+        EVP_MD_CTX_init(&tmp_ctx);
+        EVP_MD_CTX_copy_ex(&tmp_ctx,ctx);     
+        EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len);
+        EVP_MD_CTX_cleanup(&tmp_ctx);
+        if (ctx->digest->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE)
+                {
+                EVP_PKEY_CTX *pkctx = NULL;
+                i = -1;
+                pkctx = EVP_PKEY_CTX_new(pkey, NULL);
+                if (!pkctx)
+                        goto err;
+                if (EVP_PKEY_verify_init(pkctx) <= 0)
+                        goto err;
+                if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0)
+                        goto err;
+                i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len);
+                err:
+                EVP_PKEY_CTX_free(pkctx);
+                return i;
+                }
        for (i=0; i<4; i++)
                {
                v=ctx->digest->required_pkey_type[i];
@@ -85,29 +107,13 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
                EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_WRONG_PUBLIC_KEY_TYPE);
                return(-1);
                }
-        if (ctx->digest->verify == NULL)
+        if (ctx->digest->verify == NULL)
                {
                EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_NO_VERIFY_FUNCTION_CONFIGURED);
                return(0);
                }
-        EVP_MD_CTX_init(&tmp_ctx);
+        return(ctx->digest->verify(ctx->digest->type,m,m_len,
-        EVP_MD_CTX_copy_ex(&tmp_ctx,ctx);     
+                sigbuf,siglen,pkey->pkey.ptr));
-        if (ctx->digest->flags & EVP_MD_FLAG_SVCTX)
-                {
-                EVP_MD_SVCTX sctmp;
-                sctmp.mctx = &tmp_ctx;
-                sctmp.key = pkey->pkey.ptr;
-                i = ctx->digest->verify(ctx->digest->type,
-                        NULL, -1, sigbuf, siglen, &sctmp);
-                }
-        else
-                {
-                EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len);
-                i = ctx->digest->verify(ctx->digest->type,m,m_len,
-                                        sigbuf,siglen,pkey->pkey.ptr);
-                }
-        EVP_MD_CTX_cleanup(&tmp_ctx);
-        return i;
        }
diff --git a/src/lib/libcrypto/evp/pmeth_fn.c b/src/lib/libcrypto/evp/pmeth_fn.c
new file mode 100644
index 0000000000..c4676f2f8d
--- /dev/null
+++ b/src/lib/libcrypto/evp/pmeth_fn.c
@@ -0,0 +1,368 @@
+/* pmeth_fn.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2006.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include "cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include "evp_locl.h"
+#define M_check_autoarg(ctx, arg, arglen, err) \
+        if (ctx->pmeth->flags & EVP_PKEY_FLAG_AUTOARGLEN) \
+                { \
+                size_t pksize = (size_t)EVP_PKEY_size(ctx->pkey); \
+                if (!arg) \
+                        { \
+                        *arglen = pksize; \
+                        return 1; \
+                        } \
+                else if (*arglen < pksize) \
+                        { \
+                        EVPerr(err, EVP_R_BUFFER_TOO_SMALL); /*ckerr_ignore*/\
+                        return 0; \
+                        } \
+                }
+int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx)
+        {
+        int ret;
+        if (!ctx || !ctx->pmeth || !ctx->pmeth->sign)
+                {
+                EVPerr(EVP_F_EVP_PKEY_SIGN_INIT,
+                        EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                return -2;
+                }
+        ctx->operation = EVP_PKEY_OP_SIGN;
+        if (!ctx->pmeth->sign_init)
+                return 1;
+        ret = ctx->pmeth->sign_init(ctx);
+        if (ret <= 0)
+                ctx->operation = EVP_PKEY_OP_UNDEFINED;
+        return ret;
+        }
+int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
+                        unsigned char *sig, size_t *siglen,
+                        const unsigned char *tbs, size_t tbslen)
+        {
+        if (!ctx || !ctx->pmeth || !ctx->pmeth->sign)
+                {
+                EVPerr(EVP_F_EVP_PKEY_SIGN,
+                        EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                return -2;
+                }
+        if (ctx->operation != EVP_PKEY_OP_SIGN)
+                {
+                EVPerr(EVP_F_EVP_PKEY_SIGN, EVP_R_OPERATON_NOT_INITIALIZED);
+                return -1;
+                }
+        M_check_autoarg(ctx, sig, siglen, EVP_F_EVP_PKEY_SIGN)
+        return ctx->pmeth->sign(ctx, sig, siglen, tbs, tbslen);
+        }
+int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx)
+        {
+        int ret;
+        if (!ctx || !ctx->pmeth || !ctx->pmeth->verify)
+                {
+                EVPerr(EVP_F_EVP_PKEY_VERIFY_INIT,
+                        EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                return -2;
+                }
+        ctx->operation = EVP_PKEY_OP_VERIFY;
+        if (!ctx->pmeth->verify_init)
+                return 1;
+        ret = ctx->pmeth->verify_init(ctx);
+        if (ret <= 0)
+                ctx->operation = EVP_PKEY_OP_UNDEFINED;
+        return ret;
+        }
+int EVP_PKEY_verify(EVP_PKEY_CTX *ctx,
+                        const unsigned char *sig, size_t siglen,
+                        const unsigned char *tbs, size_t tbslen)
+        {
+        if (!ctx || !ctx->pmeth || !ctx->pmeth->verify)
+                {
+                EVPerr(EVP_F_EVP_PKEY_VERIFY,
+                        EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                return -2;
+                }
+        if (ctx->operation != EVP_PKEY_OP_VERIFY)
+                {
+                EVPerr(EVP_F_EVP_PKEY_VERIFY, EVP_R_OPERATON_NOT_INITIALIZED);
+                return -1;
+                }
+        return ctx->pmeth->verify(ctx, sig, siglen, tbs, tbslen);
+        }
+int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx)
+        {
+        int ret;
+        if (!ctx || !ctx->pmeth || !ctx->pmeth->verify_recover)
+                {
+                EVPerr(EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT,
+                        EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                return -2;
+                }
+        ctx->operation = EVP_PKEY_OP_VERIFYRECOVER;
+        if (!ctx->pmeth->verify_recover_init)
+                return 1;
+        ret = ctx->pmeth->verify_recover_init(ctx);
+        if (ret <= 0)
+                ctx->operation = EVP_PKEY_OP_UNDEFINED;
+        return ret;
+        }
+int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx,
+                        unsigned char *rout, size_t *routlen,
+                        const unsigned char *sig, size_t siglen)
+        {
+        if (!ctx || !ctx->pmeth || !ctx->pmeth->verify_recover)
+                {
+                EVPerr(EVP_F_EVP_PKEY_VERIFY_RECOVER,
+                        EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                return -2;
+                }
+        if (ctx->operation != EVP_PKEY_OP_VERIFYRECOVER)
+                {
+                EVPerr(EVP_F_EVP_PKEY_VERIFY_RECOVER, EVP_R_OPERATON_NOT_INITIALIZED);
+                return -1;
+                }
+        M_check_autoarg(ctx, rout, routlen, EVP_F_EVP_PKEY_VERIFY_RECOVER)
+        return ctx->pmeth->verify_recover(ctx, rout, routlen, sig, siglen);
+        }
+int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx)
+        {
+        int ret;
+        if (!ctx || !ctx->pmeth || !ctx->pmeth->encrypt)
+                {
+                EVPerr(EVP_F_EVP_PKEY_ENCRYPT_INIT,
+                        EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                return -2;
+                }
+        ctx->operation = EVP_PKEY_OP_ENCRYPT;
+        if (!ctx->pmeth->encrypt_init)
+                return 1;
+        ret = ctx->pmeth->encrypt_init(ctx);
+        if (ret <= 0)
+                ctx->operation = EVP_PKEY_OP_UNDEFINED;
+        return ret;
+        }
+int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx,
+                        unsigned char *out, size_t *outlen,
+                        const unsigned char *in, size_t inlen)
+        {
+        if (!ctx || !ctx->pmeth || !ctx->pmeth->encrypt)
+                {
+                EVPerr(EVP_F_EVP_PKEY_ENCRYPT,
+                        EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                return -2;
+                }
+        if (ctx->operation != EVP_PKEY_OP_ENCRYPT)
+                {
+                EVPerr(EVP_F_EVP_PKEY_ENCRYPT, EVP_R_OPERATON_NOT_INITIALIZED);
+                return -1;
+                }
+        M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_ENCRYPT)
+        return ctx->pmeth->encrypt(ctx, out, outlen, in, inlen);
+        }
+int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx)
+        {
+        int ret;
+        if (!ctx || !ctx->pmeth || !ctx->pmeth->decrypt)
+                {
+                EVPerr(EVP_F_EVP_PKEY_DECRYPT_INIT,
+                        EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                return -2;
+                }
+        ctx->operation = EVP_PKEY_OP_DECRYPT;
+        if (!ctx->pmeth->decrypt_init)
+                return 1;
+        ret = ctx->pmeth->decrypt_init(ctx);
+        if (ret <= 0)
+                ctx->operation = EVP_PKEY_OP_UNDEFINED;
+        return ret;
+        }
+int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx,
+                        unsigned char *out, size_t *outlen,
+                        const unsigned char *in, size_t inlen)
+        {
+        if (!ctx || !ctx->pmeth || !ctx->pmeth->decrypt)
+                {
+                EVPerr(EVP_F_EVP_PKEY_DECRYPT,
+                        EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                return -2;
+                }
+        if (ctx->operation != EVP_PKEY_OP_DECRYPT)
+                {
+                EVPerr(EVP_F_EVP_PKEY_DECRYPT, EVP_R_OPERATON_NOT_INITIALIZED);
+                return -1;
+                }
+        M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_DECRYPT)
+        return ctx->pmeth->decrypt(ctx, out, outlen, in, inlen);
+        }
+int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx)
+        {
+        int ret;
+        if (!ctx || !ctx->pmeth || !ctx->pmeth->derive)
+                {
+                EVPerr(EVP_F_EVP_PKEY_DERIVE_INIT,
+                        EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                return -2;
+                }
+        ctx->operation = EVP_PKEY_OP_DERIVE;
+        if (!ctx->pmeth->derive_init)
+                return 1;
+        ret = ctx->pmeth->derive_init(ctx);
+        if (ret <= 0)
+                ctx->operation = EVP_PKEY_OP_UNDEFINED;
+        return ret;
+        }
+int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer)
+        {
+        int ret;
+        if (!ctx || !ctx->pmeth || !(ctx->pmeth->derive||ctx->pmeth->encrypt||ctx->pmeth->decrypt) || !ctx->pmeth->ctrl)
+                {
+                EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER,
+                        EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                return -2;
+                }
+        if (ctx->operation != EVP_PKEY_OP_DERIVE && ctx->operation != EVP_PKEY_OP_ENCRYPT && ctx->operation != EVP_PKEY_OP_DECRYPT)
+                {
+                EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER,
+                                        EVP_R_OPERATON_NOT_INITIALIZED);
+                return -1;
+                }
+        ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 0, peer);
+        if (ret <= 0)
+                return ret;
+        if (ret == 2)
+                return 1;
+        if (!ctx->pkey)
+                {
+                EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, EVP_R_NO_KEY_SET);
+                return -1;
+                }
+        if (ctx->pkey->type != peer->type)
+                {
+                EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER,
+                                                EVP_R_DIFFERENT_KEY_TYPES);
+                return -1;
+                }
+        /* ran@cryptocom.ru: For clarity.  The error is if parameters in peer are
+         * present (!missing) but don't match.  EVP_PKEY_cmp_parameters may return
+         * 1 (match), 0 (don't match) and -2 (comparison is not defined).  -1
+         * (different key types) is impossible here because it is checked earlier.
+         * -2 is OK for us here, as well as 1, so we can check for 0 only. */
+        if (!EVP_PKEY_missing_parameters(peer) &&
+                !EVP_PKEY_cmp_parameters(ctx->pkey, peer))
+                {
+                EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER,
+                                                EVP_R_DIFFERENT_PARAMETERS);
+                return -1;
+                }
+        if (ctx->peerkey)
+                EVP_PKEY_free(ctx->peerkey);
+        ctx->peerkey = peer;
+        ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 1, peer);
+        if (ret <= 0)
+                {
+                ctx->peerkey = NULL;
+                return ret;
+                }
+        CRYPTO_add(&peer->references,1,CRYPTO_LOCK_EVP_PKEY);
+        return 1;
+        }
+int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *pkeylen)
+        {
+        if (!ctx || !ctx->pmeth || !ctx->pmeth->derive)
+                {
+                EVPerr(EVP_F_EVP_PKEY_DERIVE,
+                        EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                return -2;
+                }
+        if (ctx->operation != EVP_PKEY_OP_DERIVE)
+                {
+                EVPerr(EVP_F_EVP_PKEY_DERIVE, EVP_R_OPERATON_NOT_INITIALIZED);
+                return -1;
+                }
+        M_check_autoarg(ctx, key, pkeylen, EVP_F_EVP_PKEY_DERIVE)
+        return ctx->pmeth->derive(ctx, key, pkeylen);
+        }
diff --git a/src/lib/libcrypto/evp/pmeth_gn.c b/src/lib/libcrypto/evp/pmeth_gn.c
new file mode 100644
index 0000000000..5d74161a09
--- /dev/null
+++ b/src/lib/libcrypto/evp/pmeth_gn.c
@@ -0,0 +1,220 @@
+/* pmeth_gn.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2006.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include "cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+#include "evp_locl.h"
+int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx)
+        {
+        int ret;
+        if (!ctx || !ctx->pmeth || !ctx->pmeth->paramgen)
+                {
+                EVPerr(EVP_F_EVP_PKEY_PARAMGEN_INIT,
+                        EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                return -2;
+                }
+        ctx->operation = EVP_PKEY_OP_PARAMGEN;
+        if (!ctx->pmeth->paramgen_init)
+                return 1;
+        ret = ctx->pmeth->paramgen_init(ctx);
+        if (ret <= 0)
+                ctx->operation = EVP_PKEY_OP_UNDEFINED;
+        return ret;
+        }
+int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
+        {
+        int ret;
+        if (!ctx || !ctx->pmeth || !ctx->pmeth->paramgen)
+                {
+                EVPerr(EVP_F_EVP_PKEY_PARAMGEN,
+                        EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                return -2;
+                }
+        if (ctx->operation != EVP_PKEY_OP_PARAMGEN)
+                {
+                EVPerr(EVP_F_EVP_PKEY_PARAMGEN, EVP_R_OPERATON_NOT_INITIALIZED);
+                return -1;
+                }
+        if (!ppkey)
+                return -1;
+        if (!*ppkey)
+                *ppkey = EVP_PKEY_new();
+        ret = ctx->pmeth->paramgen(ctx, *ppkey);
+        if (ret <= 0)
+                {
+                EVP_PKEY_free(*ppkey);
+                *ppkey = NULL;
+                }
+        return ret;
+        }
+int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx)
+        {
+        int ret;
+        if (!ctx || !ctx->pmeth || !ctx->pmeth->keygen)
+                {
+                EVPerr(EVP_F_EVP_PKEY_KEYGEN_INIT,
+                        EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                return -2;
+                }
+        ctx->operation = EVP_PKEY_OP_KEYGEN;
+        if (!ctx->pmeth->keygen_init)
+                return 1;
+        ret = ctx->pmeth->keygen_init(ctx);
+        if (ret <= 0)
+                ctx->operation = EVP_PKEY_OP_UNDEFINED;
+        return ret;
+        }
+int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
+        {
+        int ret;
+        if (!ctx || !ctx->pmeth || !ctx->pmeth->keygen)
+                {
+                EVPerr(EVP_F_EVP_PKEY_KEYGEN,
+                        EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                return -2;
+                }
+        if (ctx->operation != EVP_PKEY_OP_KEYGEN)
+                {
+                EVPerr(EVP_F_EVP_PKEY_KEYGEN, EVP_R_OPERATON_NOT_INITIALIZED);
+                return -1;
+                }
+        if (!ppkey)
+                return -1;
+        if (!*ppkey)
+                *ppkey = EVP_PKEY_new();
+        ret = ctx->pmeth->keygen(ctx, *ppkey);
+        if (ret <= 0)
+                {
+                EVP_PKEY_free(*ppkey);
+                *ppkey = NULL;
+                }
+        return ret;
+        }
+void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb)
+        {
+        ctx->pkey_gencb = cb;
+        }
+EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx)
+        {
+        return ctx->pkey_gencb;
+        }
+/* "translation callback" to call EVP_PKEY_CTX callbacks using BN_GENCB
+ * style callbacks.
+ */
+static int trans_cb(int a, int b, BN_GENCB *gcb)
+        {
+        EVP_PKEY_CTX *ctx = gcb->arg;
+        ctx->keygen_info[0] = a;
+        ctx->keygen_info[1] = b;
+        return ctx->pkey_gencb(ctx);
+        }       
+void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx)
+        {
+        BN_GENCB_set(cb, trans_cb, ctx)
+        }
+int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx)
+        {
+        if (idx == -1)
+                return ctx->keygen_info_count; 
+        if (idx < 0 || idx > ctx->keygen_info_count)
+                return 0;
+        return ctx->keygen_info[idx];
+        }
+EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e,
+                                unsigned char *key, int keylen)
+        {
+        EVP_PKEY_CTX *mac_ctx = NULL;
+        EVP_PKEY *mac_key = NULL;
+        mac_ctx = EVP_PKEY_CTX_new_id(type, e);
+        if (!mac_ctx)
+                return NULL;
+        if (EVP_PKEY_keygen_init(mac_ctx) <= 0)
+                goto merr;
+        if (EVP_PKEY_CTX_ctrl(mac_ctx, -1, EVP_PKEY_OP_KEYGEN,
+                                EVP_PKEY_CTRL_SET_MAC_KEY, keylen, key) <= 0)
+                goto merr;
+        if (EVP_PKEY_keygen(mac_ctx, &mac_key) <= 0)
+                goto merr;
+        merr:
+        if (mac_ctx)
+                EVP_PKEY_CTX_free(mac_ctx);
+        return mac_key;
+        }
diff --git a/src/lib/libcrypto/evp/pmeth_lib.c b/src/lib/libcrypto/evp/pmeth_lib.c
new file mode 100644
index 0000000000..b2d8de3a8d
--- /dev/null
+++ b/src/lib/libcrypto/evp/pmeth_lib.c
@@ -0,0 +1,538 @@
+/* pmeth_lib.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2006.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include "cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+#include "asn1_locl.h"
+#include "evp_locl.h"
+typedef int sk_cmp_fn_type(const char * const *a, const char * const *b);
+DECLARE_STACK_OF(EVP_PKEY_METHOD)
+STACK_OF(EVP_PKEY_METHOD) *app_pkey_methods = NULL;
+extern const EVP_PKEY_METHOD rsa_pkey_meth, dh_pkey_meth, dsa_pkey_meth;
+extern const EVP_PKEY_METHOD ec_pkey_meth, hmac_pkey_meth;
+static const EVP_PKEY_METHOD *standard_methods[] =
+        {
+#ifndef OPENSSL_NO_RSA
+        &rsa_pkey_meth,
+#endif
+#ifndef OPENSSL_NO_DH
+        &dh_pkey_meth,
+#endif
+#ifndef OPENSSL_NO_DSA
+        &dsa_pkey_meth,
+#endif
+#ifndef OPENSSL_NO_EC
+        &ec_pkey_meth,
+#endif
+        &hmac_pkey_meth,
+        };
+DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, const EVP_PKEY_METHOD *,
+                           pmeth);
+static int pmeth_cmp(const EVP_PKEY_METHOD * const *a,
+                     const EVP_PKEY_METHOD * const *b)
+        {
+        return ((*a)->pkey_id - (*b)->pkey_id);
+        }
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, const EVP_PKEY_METHOD *,
+                             pmeth);
+const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type)
+        {
+        EVP_PKEY_METHOD tmp;
+        const EVP_PKEY_METHOD *t = &tmp, **ret;
+        tmp.pkey_id = type;
+        if (app_pkey_methods)
+                {
+                int idx;
+                idx = sk_EVP_PKEY_METHOD_find(app_pkey_methods, &tmp);
+                if (idx >= 0)
+                        return sk_EVP_PKEY_METHOD_value(app_pkey_methods, idx);
+                }
+        ret = OBJ_bsearch_pmeth(&t, standard_methods,
+                          sizeof(standard_methods)/sizeof(EVP_PKEY_METHOD *));
+        if (!ret || !*ret)
+                return NULL;
+        return *ret;
+        }
+static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id)
+        {
+        EVP_PKEY_CTX *ret;
+        const EVP_PKEY_METHOD *pmeth;
+        if (id == -1)
+                {
+                if (!pkey || !pkey->ameth)
+                        return NULL;
+                id = pkey->ameth->pkey_id;
+                }
+#ifndef OPENSSL_NO_ENGINE
+        /* Try to find an ENGINE which implements this method */
+        if (e)
+                {
+                if (!ENGINE_init(e))
+                        {
+                        EVPerr(EVP_F_INT_CTX_NEW,ERR_R_ENGINE_LIB);
+                        return NULL;
+                        }
+                }
+        else
+                e = ENGINE_get_pkey_meth_engine(id);
+        /* If an ENGINE handled this method look it up. Othewise
+         * use internal tables.
+         */
+        if (e)
+                pmeth = ENGINE_get_pkey_meth(e, id);
+        else
+#endif
+                pmeth = EVP_PKEY_meth_find(id);
+        if (pmeth == NULL)
+                {
+                EVPerr(EVP_F_INT_CTX_NEW,EVP_R_UNSUPPORTED_ALGORITHM);
+                return NULL;
+                }
+        ret = OPENSSL_malloc(sizeof(EVP_PKEY_CTX));
+        if (!ret)
+                {
+#ifndef OPENSSL_NO_ENGINE
+                if (e)
+                        ENGINE_finish(e);
+#endif
+                EVPerr(EVP_F_INT_CTX_NEW,ERR_R_MALLOC_FAILURE);
+                return NULL;
+                }
+        ret->engine = e;
+        ret->pmeth = pmeth;
+        ret->operation = EVP_PKEY_OP_UNDEFINED;
+        ret->pkey = pkey;
+        ret->peerkey = NULL;
+        ret->pkey_gencb = 0;
+        if (pkey)
+                CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
+        ret->data = NULL;
+        if (pmeth->init)
+                {
+                if (pmeth->init(ret) <= 0)
+                        {
+                        EVP_PKEY_CTX_free(ret);
+                        return NULL;
+                        }
+                }
+        return ret;
+        }
+EVP_PKEY_METHOD* EVP_PKEY_meth_new(int id, int flags)
+        {
+        EVP_PKEY_METHOD *pmeth;
+        pmeth = OPENSSL_malloc(sizeof(EVP_PKEY_METHOD));
+        if (!pmeth)
+                return NULL;
+        pmeth->pkey_id = id;
+        pmeth->flags = flags | EVP_PKEY_FLAG_DYNAMIC;
+        pmeth->init = 0;
+        pmeth->copy = 0;
+        pmeth->cleanup = 0;
+        pmeth->paramgen_init = 0;
+        pmeth->paramgen = 0;
+        pmeth->keygen_init = 0;
+        pmeth->keygen = 0;
+        pmeth->sign_init = 0;
+        pmeth->sign = 0;
+        pmeth->verify_init = 0;
+        pmeth->verify = 0;
+        pmeth->verify_recover_init = 0;
+        pmeth->verify_recover = 0;
+        pmeth->signctx_init = 0;
+        pmeth->signctx = 0;
+        pmeth->verifyctx_init = 0;
+        pmeth->verifyctx = 0;
+        pmeth->encrypt_init = 0;
+        pmeth->encrypt = 0;
+        pmeth->decrypt_init = 0;
+        pmeth->decrypt = 0;
+        pmeth->derive_init = 0;
+        pmeth->derive = 0;
+        pmeth->ctrl = 0;
+        pmeth->ctrl_str = 0;
+        return pmeth;
+        }
+void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth)
+        {
+        if (pmeth && (pmeth->flags & EVP_PKEY_FLAG_DYNAMIC))
+                OPENSSL_free(pmeth);
+        }
+EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e)
+        {
+        return int_ctx_new(pkey, e, -1);
+        }
+EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e)
+        {
+        return int_ctx_new(NULL, e, id);
+        }
+EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *pctx)
+        {
+        EVP_PKEY_CTX *rctx;
+        if (!pctx->pmeth || !pctx->pmeth->copy)
+                return NULL;
+#ifndef OPENSSL_NO_ENGINE
+        /* Make sure it's safe to copy a pkey context using an ENGINE */
+        if (pctx->engine && !ENGINE_init(pctx->engine))
+                {
+                EVPerr(EVP_F_EVP_PKEY_CTX_DUP,ERR_R_ENGINE_LIB);
+                return 0;
+                }
+#endif
+        rctx = OPENSSL_malloc(sizeof(EVP_PKEY_CTX));
+        if (!rctx)
+                return NULL;
+        rctx->pmeth = pctx->pmeth;
+#ifndef OPENSSL_NO_ENGINE
+        rctx->engine = pctx->engine;
+#endif
+        if (pctx->pkey)
+                CRYPTO_add(&pctx->pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
+        rctx->pkey = pctx->pkey;
+        if (pctx->peerkey)
+                CRYPTO_add(&pctx->peerkey->references,1,CRYPTO_LOCK_EVP_PKEY);
+        rctx->peerkey = pctx->peerkey;
+        rctx->data = NULL;
+        rctx->app_data = NULL;
+        rctx->operation = pctx->operation;
+        if (pctx->pmeth->copy(rctx, pctx) > 0)
+                return rctx;
+        EVP_PKEY_CTX_free(rctx);
+        return NULL;
+        }
+int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth)
+        {
+        if (app_pkey_methods == NULL)
+                {
+                app_pkey_methods = sk_EVP_PKEY_METHOD_new(pmeth_cmp);
+                if (!app_pkey_methods)
+                        return 0;
+                }
+        if (!sk_EVP_PKEY_METHOD_push(app_pkey_methods, pmeth))
+                return 0;
+        sk_EVP_PKEY_METHOD_sort(app_pkey_methods);
+        return 1;
+        }
+void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx)
+        {
+        if (ctx == NULL)
+                return;
+        if (ctx->pmeth && ctx->pmeth->cleanup)
+                ctx->pmeth->cleanup(ctx);
+        if (ctx->pkey)
+                EVP_PKEY_free(ctx->pkey);
+        if (ctx->peerkey)
+                EVP_PKEY_free(ctx->peerkey);
+#ifndef OPENSSL_NO_ENGINE
+        if(ctx->engine)
+                /* The EVP_PKEY_CTX we used belongs to an ENGINE, release the
+                 * functional reference we held for this reason. */
+                ENGINE_finish(ctx->engine);
+#endif
+        OPENSSL_free(ctx);
+        }
+int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype,
+                                int cmd, int p1, void *p2)
+        {
+        int ret;
+        if (!ctx || !ctx->pmeth || !ctx->pmeth->ctrl)
+                {
+                EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_COMMAND_NOT_SUPPORTED);
+                return -2;
+                }
+        if ((keytype != -1) && (ctx->pmeth->pkey_id != keytype))
+                return -1;
+        if (ctx->operation == EVP_PKEY_OP_UNDEFINED)
+                {
+                EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_NO_OPERATION_SET);
+                return -1;
+                }
+        if ((optype != -1) && !(ctx->operation & optype))
+                {
+                EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_INVALID_OPERATION);
+                return -1;
+                }
+        ret = ctx->pmeth->ctrl(ctx, cmd, p1, p2);
+        if (ret == -2)
+                EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_COMMAND_NOT_SUPPORTED);
+        return ret;
+        }
+int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx,
+                                        const char *name, const char *value)
+        {
+        if (!ctx || !ctx->pmeth || !ctx->pmeth->ctrl_str)
+                {
+                EVPerr(EVP_F_EVP_PKEY_CTX_CTRL_STR,
+                                                EVP_R_COMMAND_NOT_SUPPORTED);
+                return -2;
+                }
+        if (!strcmp(name, "digest"))
+                {
+                const EVP_MD *md;
+                if (!value || !(md = EVP_get_digestbyname(value)))
+                        {
+                        EVPerr(EVP_F_EVP_PKEY_CTX_CTRL_STR,
+                                                EVP_R_INVALID_DIGEST);
+                        return 0;
+                        }
+                return EVP_PKEY_CTX_set_signature_md(ctx, md);
+                }
+        return ctx->pmeth->ctrl_str(ctx, name, value);
+        }
+int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx)
+        {
+        return ctx->operation;
+        }
+void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen)
+        {
+        ctx->keygen_info = dat;
+        ctx->keygen_info_count = datlen;
+        }
+void EVP_PKEY_CTX_set_data(EVP_PKEY_CTX *ctx, void *data)
+        {
+        ctx->data = data;
+        }
+void *EVP_PKEY_CTX_get_data(EVP_PKEY_CTX *ctx)
+        {
+        return ctx->data;
+        }
+EVP_PKEY *EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX *ctx)
+        {
+        return ctx->pkey;
+        }
+EVP_PKEY *EVP_PKEY_CTX_get0_peerkey(EVP_PKEY_CTX *ctx)
+        {
+        return ctx->peerkey;
+        }
+        
+void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data)
+        {
+        ctx->app_data = data;
+        }
+void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx)
+        {
+        return ctx->app_data;
+        }
+void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth,
+        int (*init)(EVP_PKEY_CTX *ctx))
+        {
+        pmeth->init = init;
+        }
+void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth,
+        int (*copy)(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src))
+        {
+        pmeth->copy = copy;
+        }
+void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth,
+        void (*cleanup)(EVP_PKEY_CTX *ctx))
+        {
+        pmeth->cleanup = cleanup;
+        }
+void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth,
+        int (*paramgen_init)(EVP_PKEY_CTX *ctx),
+        int (*paramgen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey))
+        {
+        pmeth->paramgen_init = paramgen_init;
+        pmeth->paramgen = paramgen;
+        }
+void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth,
+        int (*keygen_init)(EVP_PKEY_CTX *ctx),
+        int (*keygen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey))
+        {
+        pmeth->keygen_init = keygen_init;
+        pmeth->keygen = keygen;
+        }
+void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth,
+        int (*sign_init)(EVP_PKEY_CTX *ctx),
+        int (*sign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+                                        const unsigned char *tbs, size_t tbslen))
+        {
+        pmeth->sign_init = sign_init;
+        pmeth->sign = sign;
+        }
+void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth,
+        int (*verify_init)(EVP_PKEY_CTX *ctx),
+        int (*verify)(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen,
+                                        const unsigned char *tbs, size_t tbslen))
+        {
+        pmeth->verify_init = verify_init;
+        pmeth->verify = verify;
+        }
+void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth,
+        int (*verify_recover_init)(EVP_PKEY_CTX *ctx),
+        int (*verify_recover)(EVP_PKEY_CTX *ctx,
+                                        unsigned char *sig, size_t *siglen,
+                                        const unsigned char *tbs, size_t tbslen))
+        {
+        pmeth->verify_recover_init = verify_recover_init;
+        pmeth->verify_recover = verify_recover;
+        }
+void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth,
+        int (*signctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx),
+        int (*signctx)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+                                        EVP_MD_CTX *mctx))
+        {
+        pmeth->signctx_init = signctx_init;
+        pmeth->signctx = signctx;
+        }
+void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth,
+        int (*verifyctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx),
+        int (*verifyctx)(EVP_PKEY_CTX *ctx, const unsigned char *sig,int siglen,
+                                        EVP_MD_CTX *mctx))
+        {
+        pmeth->verifyctx_init = verifyctx_init;
+        pmeth->verifyctx = verifyctx;
+        }
+void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth,
+        int (*encrypt_init)(EVP_PKEY_CTX *ctx),
+        int (*encryptfn)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
+                                        const unsigned char *in, size_t inlen))
+        {
+        pmeth->encrypt_init = encrypt_init;
+        pmeth->encrypt = encryptfn;
+        }
+void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth,
+        int (*decrypt_init)(EVP_PKEY_CTX *ctx),
+        int (*decrypt)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
+                                        const unsigned char *in, size_t inlen))
+        {
+        pmeth->decrypt_init = decrypt_init;
+        pmeth->decrypt = decrypt;
+        }
+void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth,
+        int (*derive_init)(EVP_PKEY_CTX *ctx),
+        int (*derive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen))
+        {
+        pmeth->derive_init = derive_init;
+        pmeth->derive = derive;
+        }
+void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
+        int (*ctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2),
+        int (*ctrl_str)(EVP_PKEY_CTX *ctx, const char *type, const char *value))
+        {
+        pmeth->ctrl = ctrl;
+        pmeth->ctrl_str = ctrl_str;
+        }
diff --git a/src/lib/libcrypto/ex_data.c b/src/lib/libcrypto/ex_data.c
index 3b11e7a556..e2bc8298d0 100644
--- a/src/lib/libcrypto/ex_data.c
+++ b/src/lib/libcrypto/ex_data.c
@@ -245,18 +245,21 @@ typedef struct st_ex_class_item {
 static int ex_class = CRYPTO_EX_INDEX_USER;
 /* The global hash table of EX_CLASS_ITEM items */
-static LHASH *ex_data = NULL;
+DECLARE_LHASH_OF(EX_CLASS_ITEM);
+static LHASH_OF(EX_CLASS_ITEM) *ex_data = NULL;
 /* The callbacks required in the "ex_data" hash table */
-static unsigned long ex_hash_cb(const void *a_void)
+static unsigned long ex_class_item_hash(const EX_CLASS_ITEM *a)
        {
-        return ((const EX_CLASS_ITEM *)a_void)->class_index;
+        return a->class_index;
        }
-static int ex_cmp_cb(const void *a_void, const void *b_void)
+static IMPLEMENT_LHASH_HASH_FN(ex_class_item, EX_CLASS_ITEM)
+static int ex_class_item_cmp(const EX_CLASS_ITEM *a, const EX_CLASS_ITEM *b)
        {
-        return (((const EX_CLASS_ITEM *)a_void)->class_index -
+        return a->class_index - b->class_index;
-                ((const EX_CLASS_ITEM *)b_void)->class_index);
        }
+static IMPLEMENT_LHASH_COMP_FN(ex_class_item, EX_CLASS_ITEM)
 /* Internal functions used by the "impl_default" implementation to access the
 * state */
@@ -265,7 +268,8 @@ static int ex_data_check(void)
        {
        int toret = 1;
        CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
-        if(!ex_data && ((ex_data = lh_new(ex_hash_cb, ex_cmp_cb)) == NULL))
+        if(!ex_data
+           && (ex_data = lh_EX_CLASS_ITEM_new()) == NULL)
                toret = 0;
        CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
        return toret;
@@ -298,7 +302,7 @@ static EX_CLASS_ITEM *def_get_class(int class_index)
        EX_DATA_CHECK(return NULL;)
        d.class_index = class_index;
        CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
-        p = lh_retrieve(ex_data, &d);
+        p = lh_EX_CLASS_ITEM_retrieve(ex_data, &d);
        if(!p)
                {
                gen = OPENSSL_malloc(sizeof(EX_CLASS_ITEM));
@@ -313,7 +317,7 @@ static EX_CLASS_ITEM *def_get_class(int class_index)
                                {
                                /* Because we're inside the ex_data lock, the
                                 * return value from the insert will be NULL */
-                                lh_insert(ex_data, gen);
+                                (void)lh_EX_CLASS_ITEM_insert(ex_data, gen);
                                p = gen;
                                }
                        }
@@ -375,8 +379,8 @@ static int int_new_class(void)
 static void int_cleanup(void)
        {
        EX_DATA_CHECK(return;)
-        lh_doall(ex_data, def_cleanup_cb);
+        lh_EX_CLASS_ITEM_doall(ex_data, def_cleanup_cb);
-        lh_free(ex_data);
+        lh_EX_CLASS_ITEM_free(ex_data);
        ex_data = NULL;
        impl = NULL;
        }
@@ -452,7 +456,7 @@ static int int_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
                return 0;
        CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA);
        mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth);
-        j = sk_num(from->sk);
+        j = sk_void_num(from->sk);
        if(j < mx)
                mx = j;
        if(mx > 0)
@@ -523,7 +527,7 @@ skip:
                OPENSSL_free(storage);
        if(ad->sk)
                {
-                sk_free(ad->sk);
+                sk_void_free(ad->sk);
                ad->sk=NULL;
                }
        }
@@ -596,24 +600,24 @@ int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val)
        if (ad->sk == NULL)
                {
-                if ((ad->sk=sk_new_null()) == NULL)
+                if ((ad->sk=sk_void_new_null()) == NULL)
                        {
                        CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA,ERR_R_MALLOC_FAILURE);
                        return(0);
                        }
                }
-        i=sk_num(ad->sk);
+        i=sk_void_num(ad->sk);
        while (i <= idx)
                {
-                if (!sk_push(ad->sk,NULL))
+                if (!sk_void_push(ad->sk,NULL))
                        {
                        CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA,ERR_R_MALLOC_FAILURE);
                        return(0);
                        }
                i++;
                }
-        sk_set(ad->sk,idx,val);
+        sk_void_set(ad->sk,idx,val);
        return(1);
        }
@@ -623,10 +627,10 @@ void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx)
        {
        if (ad->sk == NULL)
                return(0);
-        else if (idx >= sk_num(ad->sk))
+        else if (idx >= sk_void_num(ad->sk))
                return(0);
        else
-                return(sk_value(ad->sk,idx));
+                return(sk_void_value(ad->sk,idx));
        }
 IMPLEMENT_STACK_OF(CRYPTO_EX_DATA_FUNCS)
diff --git a/src/lib/libcrypto/hmac/hm_ameth.c b/src/lib/libcrypto/hmac/hm_ameth.c
new file mode 100644
index 0000000000..6d8a89149e
--- /dev/null
+++ b/src/lib/libcrypto/hmac/hm_ameth.c
@@ -0,0 +1,167 @@
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2007.
+ */
+/* ====================================================================
+ * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include "asn1_locl.h"
+#define HMAC_TEST_PRIVATE_KEY_FORMAT
+/* HMAC "ASN1" method. This is just here to indicate the
+ * maximum HMAC output length and to free up an HMAC
+ * key.
+ */
+static int hmac_size(const EVP_PKEY *pkey)
+        {
+        return EVP_MAX_MD_SIZE;
+        }
+static void hmac_key_free(EVP_PKEY *pkey)
+        {
+        ASN1_OCTET_STRING *os = (ASN1_OCTET_STRING *)pkey->pkey.ptr;
+        if (os)
+                {
+                if (os->data)
+                        OPENSSL_cleanse(os->data, os->length);
+                ASN1_OCTET_STRING_free(os);
+                }
+        }
+static int hmac_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
+        {
+        switch (op)
+                {
+                case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
+                *(int *)arg2 = NID_sha1;
+                return 1;
+                default:
+                return -2;
+                }
+        }
+#ifdef HMAC_TEST_PRIVATE_KEY_FORMAT
+/* A bogus private key format for test purposes. This is simply the
+ * HMAC key with "HMAC PRIVATE KEY" in the headers. When enabled the
+ * genpkey utility can be used to "generate" HMAC keys.
+ */
+static int old_hmac_decode(EVP_PKEY *pkey,
+                                        const unsigned char **pder, int derlen)
+        {
+        ASN1_OCTET_STRING *os;
+        os = ASN1_OCTET_STRING_new();
+        if (!os || !ASN1_OCTET_STRING_set(os, *pder, derlen))
+                return 0;
+        EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, os);
+        return 1;
+        }
+static int old_hmac_encode(const EVP_PKEY *pkey, unsigned char **pder)
+        {
+        int inc;
+        ASN1_OCTET_STRING *os = (ASN1_OCTET_STRING *)pkey->pkey.ptr;
+        if (pder)
+                {
+                if (!*pder)
+                        {
+                        *pder = OPENSSL_malloc(os->length);
+                        inc = 0;
+                        }
+                else inc = 1;
+                memcpy(*pder, os->data, os->length);
+                if (inc)
+                        *pder += os->length;
+                }
+                        
+        return os->length;
+        }
+#endif
+const EVP_PKEY_ASN1_METHOD hmac_asn1_meth = 
+        {
+        EVP_PKEY_HMAC,
+        EVP_PKEY_HMAC,
+        0,
+        "HMAC",
+        "OpenSSL HMAC method",
+        0,0,0,0,
+        0,0,0,
+        hmac_size,
+        0,
+        0,0,0,0,0,0,
+        hmac_key_free,
+        hmac_pkey_ctrl,
+#ifdef HMAC_TEST_PRIVATE_KEY_FORMAT
+        old_hmac_decode,
+        old_hmac_encode
+#else
+        0,0
+#endif
+        };
diff --git a/src/lib/libcrypto/hmac/hm_pmeth.c b/src/lib/libcrypto/hmac/hm_pmeth.c
new file mode 100644
index 0000000000..985921ca1a
--- /dev/null
+++ b/src/lib/libcrypto/hmac/hm_pmeth.c
@@ -0,0 +1,265 @@
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2007.
+ */
+/* ====================================================================
+ * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+#include "evp_locl.h"
+/* HMAC pkey context structure */
+typedef struct
+        {
+        const EVP_MD *md;       /* MD for HMAC use */
+        ASN1_OCTET_STRING ktmp; /* Temp storage for key */
+        HMAC_CTX ctx;
+        } HMAC_PKEY_CTX;
+static int pkey_hmac_init(EVP_PKEY_CTX *ctx)
+        {
+        HMAC_PKEY_CTX *hctx;
+        hctx = OPENSSL_malloc(sizeof(HMAC_PKEY_CTX));
+        if (!hctx)
+                return 0;
+        hctx->md = NULL;
+        hctx->ktmp.data = NULL;
+        hctx->ktmp.length = 0;
+        hctx->ktmp.flags = 0;
+        hctx->ktmp.type = V_ASN1_OCTET_STRING;
+        HMAC_CTX_init(&hctx->ctx);
+        ctx->data = hctx;
+        ctx->keygen_info_count = 0;
+        return 1;
+        }
+static int pkey_hmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
+        {
+        HMAC_PKEY_CTX *sctx, *dctx;
+        if (!pkey_hmac_init(dst))
+                return 0;
+        sctx = src->data;
+        dctx = dst->data;
+        dctx->md = sctx->md;
+        HMAC_CTX_init(&dctx->ctx);
+        HMAC_CTX_copy(&dctx->ctx, &sctx->ctx);
+        if (sctx->ktmp.data)
+                {
+                if (!ASN1_OCTET_STRING_set(&dctx->ktmp,
+                                        sctx->ktmp.data, sctx->ktmp.length))
+                        return 0;
+                }
+        return 1;
+        }
+static void pkey_hmac_cleanup(EVP_PKEY_CTX *ctx)
+        {
+        HMAC_PKEY_CTX *hctx = ctx->data;
+        HMAC_CTX_cleanup(&hctx->ctx);
+        if (hctx->ktmp.data)
+                {
+                if (hctx->ktmp.length)
+                        OPENSSL_cleanse(hctx->ktmp.data, hctx->ktmp.length);
+                OPENSSL_free(hctx->ktmp.data);
+                hctx->ktmp.data = NULL;
+                }
+        OPENSSL_free(hctx);
+        }
+static int pkey_hmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+        {
+        ASN1_OCTET_STRING *hkey = NULL;
+        HMAC_PKEY_CTX *hctx = ctx->data;
+        if (!hctx->ktmp.data)
+                return 0;
+        hkey = ASN1_OCTET_STRING_dup(&hctx->ktmp);
+        if (!hkey)
+                return 0;
+        EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, hkey);
+        
+        return 1;
+        }
+static int int_update(EVP_MD_CTX *ctx,const void *data,size_t count)
+        {
+        HMAC_PKEY_CTX *hctx = ctx->pctx->data;
+        HMAC_Update(&hctx->ctx, data, count);
+        return 1;
+        }
+static int hmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
+        {
+        EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT);
+        mctx->update = int_update;
+        return 1;
+        }
+static int hmac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+                                        EVP_MD_CTX *mctx)
+        {
+        unsigned int hlen;
+        HMAC_PKEY_CTX *hctx = ctx->data;
+        int l = EVP_MD_CTX_size(mctx);
+        if (l < 0)
+                return 0;
+        *siglen = l;
+        if (!sig)
+                return 1;
+        HMAC_Final(&hctx->ctx, sig, &hlen);
+        *siglen = (size_t)hlen;
+        return 1;
+        }
+static int pkey_hmac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+        {
+        HMAC_PKEY_CTX *hctx = ctx->data;
+        ASN1_OCTET_STRING *key;
+        switch (type)
+                {
+                case EVP_PKEY_CTRL_SET_MAC_KEY:
+                if ((!p2 && p1 > 0) || (p1 < -1))
+                        return 0;
+                if (!ASN1_OCTET_STRING_set(&hctx->ktmp, p2, p1))
+                        return 0;
+                break;
+                case EVP_PKEY_CTRL_MD:
+                hctx->md = p2;
+                break;
+                case EVP_PKEY_CTRL_DIGESTINIT:
+                key = (ASN1_OCTET_STRING *)ctx->pkey->pkey.ptr;
+                HMAC_Init_ex(&hctx->ctx, key->data, key->length, hctx->md,
+                                ctx->engine);
+                break;
+                default:
+                return -2;
+                }
+        return 1;
+        }
+static int pkey_hmac_ctrl_str(EVP_PKEY_CTX *ctx,
+                        const char *type, const char *value)
+        {
+        if (!value)
+                {
+                return 0;
+                }
+        if (!strcmp(type, "key"))
+                {
+                void *p = (void *)value;
+                return pkey_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY,
+                                -1, p);
+                }
+        if (!strcmp(type, "hexkey"))
+                {
+                unsigned char *key;
+                int r;
+                long keylen;
+                key = string_to_hex(value, &keylen);
+                if (!key)
+                        return 0;
+                r = pkey_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, keylen, key);
+                OPENSSL_free(key);
+                return r;
+                }
+        return -2;
+        }
+const EVP_PKEY_METHOD hmac_pkey_meth = 
+        {
+        EVP_PKEY_HMAC,
+        0,
+        pkey_hmac_init,
+        pkey_hmac_copy,
+        pkey_hmac_cleanup,
+        0, 0,
+        0,
+        pkey_hmac_keygen,
+        0, 0,
+        0, 0,
+        0,0,
+        hmac_signctx_init,
+        hmac_signctx,
+        0,0,
+        0,0,
+        0,0,
+        0,0,
+        pkey_hmac_ctrl,
+        pkey_hmac_ctrl_str
+        };
diff --git a/src/lib/libcrypto/hmac/hmac.c b/src/lib/libcrypto/hmac/hmac.c
index cbc1c76a57..45015fe754 100644
--- a/src/lib/libcrypto/hmac/hmac.c
+++ b/src/lib/libcrypto/hmac/hmac.c
@@ -61,9 +61,7 @@
 #include "cryptlib.h"
 #include <openssl/hmac.h>
-#ifndef OPENSSL_FIPS
+int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
-void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
                  const EVP_MD *md, ENGINE *impl)
        {
        int i,j,reset=0;
@@ -84,10 +82,13 @@ void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
                OPENSSL_assert(j <= (int)sizeof(ctx->key));
                if (j < len)
                        {
-                        EVP_DigestInit_ex(&ctx->md_ctx,md, impl);
+                        if (!EVP_DigestInit_ex(&ctx->md_ctx,md, impl))
-                        EVP_DigestUpdate(&ctx->md_ctx,key,len);
+                                goto err;
-                        EVP_DigestFinal_ex(&(ctx->md_ctx),ctx->key,
+                        if (!EVP_DigestUpdate(&ctx->md_ctx,key,len))
-                                &ctx->key_length);
+                                goto err;
+                        if (!EVP_DigestFinal_ex(&(ctx->md_ctx),ctx->key,
+                                &ctx->key_length))
+                                goto err;
                        }
                else
                        {
@@ -104,31 +105,38 @@ void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
                {
                for (i=0; i<HMAC_MAX_MD_CBLOCK; i++)
                        pad[i]=0x36^ctx->key[i];
-                EVP_DigestInit_ex(&ctx->i_ctx,md, impl);
+                if (!EVP_DigestInit_ex(&ctx->i_ctx,md, impl))
-                EVP_DigestUpdate(&ctx->i_ctx,pad,EVP_MD_block_size(md));
+                        goto err;
+                if (!EVP_DigestUpdate(&ctx->i_ctx,pad,EVP_MD_block_size(md)))
+                        goto err;
                for (i=0; i<HMAC_MAX_MD_CBLOCK; i++)
                        pad[i]=0x5c^ctx->key[i];
-                EVP_DigestInit_ex(&ctx->o_ctx,md, impl);
+                if (!EVP_DigestInit_ex(&ctx->o_ctx,md, impl))
-                EVP_DigestUpdate(&ctx->o_ctx,pad,EVP_MD_block_size(md));
+                        goto err;
+                if (!EVP_DigestUpdate(&ctx->o_ctx,pad,EVP_MD_block_size(md)))
+                        goto err;
                }
-        EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->i_ctx);
+        if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->i_ctx))
+                        goto err;
+        return 1;
+        err:
+        return 0;
        }
-void HMAC_Init(HMAC_CTX *ctx, const void *key, int len,
+int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md)
-               const EVP_MD *md)
        {
        if(key && md)
            HMAC_CTX_init(ctx);
-        HMAC_Init_ex(ctx,key,len,md, NULL);
+        return HMAC_Init_ex(ctx,key,len,md, NULL);
        }
-void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len)
+int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len)
        {
-        EVP_DigestUpdate(&ctx->md_ctx,data,len);
+        return EVP_DigestUpdate(&ctx->md_ctx,data,len);
        }
-void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
+int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
        {
        int j;
        unsigned int i;
@@ -136,10 +144,17 @@ void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
        j=EVP_MD_block_size(ctx->md);
-        EVP_DigestFinal_ex(&ctx->md_ctx,buf,&i);
+        if (!EVP_DigestFinal_ex(&ctx->md_ctx,buf,&i))
-        EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->o_ctx);
+                goto err;
-        EVP_DigestUpdate(&ctx->md_ctx,buf,i);
+        if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->o_ctx))
-        EVP_DigestFinal_ex(&ctx->md_ctx,md,len);
+                goto err;
+        if (!EVP_DigestUpdate(&ctx->md_ctx,buf,i))
+                goto err;
+        if (!EVP_DigestFinal_ex(&ctx->md_ctx,md,len))
+                goto err;
+        return 1;
+        err:
+        return 0;
        }
 void HMAC_CTX_init(HMAC_CTX *ctx)
@@ -149,6 +164,22 @@ void HMAC_CTX_init(HMAC_CTX *ctx)
        EVP_MD_CTX_init(&ctx->md_ctx);
        }
+int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx)
+        {
+        if (!EVP_MD_CTX_copy(&dctx->i_ctx, &sctx->i_ctx))
+                goto err;
+        if (!EVP_MD_CTX_copy(&dctx->o_ctx, &sctx->o_ctx))
+                goto err;
+        if (!EVP_MD_CTX_copy(&dctx->md_ctx, &sctx->md_ctx))
+                goto err;
+        memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK);
+        dctx->key_length = sctx->key_length;
+        dctx->md = sctx->md;
+        return 1;
+        err:
+        return 0;
+        }
 void HMAC_CTX_cleanup(HMAC_CTX *ctx)
        {
        EVP_MD_CTX_cleanup(&ctx->i_ctx);
@@ -166,11 +197,16 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
        if (md == NULL) md=m;
        HMAC_CTX_init(&c);
-        HMAC_Init(&c,key,key_len,evp_md);
+        if (!HMAC_Init(&c,key,key_len,evp_md))
-        HMAC_Update(&c,d,n);
+                goto err;
-        HMAC_Final(&c,md,md_len);
+        if (!HMAC_Update(&c,d,n))
+                goto err;
+        if (!HMAC_Final(&c,md,md_len))
+                goto err;
        HMAC_CTX_cleanup(&c);
-        return(md);
+        return md;
+        err:
+        return NULL;
        }
 void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags)
@@ -179,5 +215,3 @@ void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags)
        EVP_MD_CTX_set_flags(&ctx->o_ctx, flags);
        EVP_MD_CTX_set_flags(&ctx->md_ctx, flags);
        }
-#endif
diff --git a/src/lib/libcrypto/hmac/hmac.h b/src/lib/libcrypto/hmac/hmac.h
index fc38ffb52b..1be0022190 100644
--- a/src/lib/libcrypto/hmac/hmac.h
+++ b/src/lib/libcrypto/hmac/hmac.h
@@ -90,15 +90,16 @@ void HMAC_CTX_cleanup(HMAC_CTX *ctx);
 #define HMAC_cleanup(ctx) HMAC_CTX_cleanup(ctx) /* deprecated */
-void HMAC_Init(HMAC_CTX *ctx, const void *key, int len,
+int HMAC_Init(HMAC_CTX *ctx, const void *key, int len,
               const EVP_MD *md); /* deprecated */
-void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
+int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
                  const EVP_MD *md, ENGINE *impl);
-void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len);
+int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len);
-void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
+int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
 unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
                    const unsigned char *d, size_t n, unsigned char *md,
                    unsigned int *md_len);
+int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx);
 void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags);
diff --git a/src/lib/libcrypto/ia64cpuid.S b/src/lib/libcrypto/ia64cpuid.S
index 04fbb3439e..d705fff7ee 100644
--- a/src/lib/libcrypto/ia64cpuid.S
+++ b/src/lib/libcrypto/ia64cpuid.S
@@ -1,6 +1,13 @@
 // Works on all IA-64 platforms: Linux, HP-UX, Win64i...
 // On Win64i compile with ias.exe.
 .text
+.global OPENSSL_cpuid_setup#
+.proc   OPENSSL_cpuid_setup#
+OPENSSL_cpuid_setup:
+{ .mib; br.ret.sptk.many        b0              };;
+.endp   OPENSSL_cpuid_setup#
 .global OPENSSL_rdtsc#
 .proc   OPENSSL_rdtsc#
 OPENSSL_rdtsc:
@@ -119,3 +126,42 @@ OPENSSL_wipe_cpu:
        mov             ar.lc=r3
        br.ret.sptk     b0              };;
 .endp   OPENSSL_wipe_cpu#
+.global OPENSSL_cleanse#
+.proc   OPENSSL_cleanse#
+OPENSSL_cleanse:
+{ .mib; cmp.eq          p6,p0=0,r33         // len==0
+#if defined(_HPUX_SOURCE) && !defined(_LP64)
+        addp4           r32=0,r32
+#endif
+(p6)    br.ret.spnt     b0              };;
+{ .mib; and             r2=7,r32
+        cmp.leu         p6,p0=15,r33        // len>=15
+(p6)    br.cond.dptk    .Lot            };;
+.Little:
+{ .mib; st1             [r32]=r0,1
+        cmp.ltu         p6,p7=1,r33     }  // len>1
+{ .mbb; add             r33=-1,r33         // len--
+(p6)    br.cond.dptk    .Little
+(p7)    br.ret.sptk.many        b0      };;
+.Lot:
+{ .mib; cmp.eq          p6,p0=0,r2
+(p6)    br.cond.dptk    .Laligned       };;
+{ .mmi; st1             [r32]=r0,1;;
+        and             r2=7,r32        }
+{ .mib; add             r33=-1,r33
+        br              .Lot            };;
+.Laligned:
+{ .mmi; st8             [r32]=r0,8
+        and             r2=-8,r33           // len&~7
+        add             r33=-8,r33      };; // len-=8
+{ .mib; cmp.ltu         p6,p0=8,r2          // ((len+8)&~7)>8
+(p6)    br.cond.dptk    .Laligned       };;
+{ .mbb; cmp.eq          p6,p7=r0,r33
+(p7)    br.cond.dpnt    .Little
+(p6)    br.ret.sptk.many        b0      };;
+.endp   OPENSSL_cleanse#
diff --git a/src/lib/libcrypto/idea/idea.h b/src/lib/libcrypto/idea/idea.h
index a137d4cbce..5782e54b0f 100644
--- a/src/lib/libcrypto/idea/idea.h
+++ b/src/lib/libcrypto/idea/idea.h
@@ -83,11 +83,8 @@ typedef struct idea_key_st
 const char *idea_options(void);
 void idea_ecb_encrypt(const unsigned char *in, unsigned char *out,
        IDEA_KEY_SCHEDULE *ks);
-#ifdef OPENSSL_FIPS
-void private_idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks);
-#endif
 void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks);
-void idea_set_decrypt_key(const IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk);
+void idea_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk);
 void idea_cbc_encrypt(const unsigned char *in, unsigned char *out,
        long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,int enc);
 void idea_cfb64_encrypt(const unsigned char *in, unsigned char *out,
diff --git a/src/lib/libcrypto/lhash/lh_stats.c b/src/lib/libcrypto/lhash/lh_stats.c
index 5aa7766aa6..815615e338 100644
--- a/src/lib/libcrypto/lhash/lh_stats.c
+++ b/src/lib/libcrypto/lhash/lh_stats.c
@@ -139,7 +139,7 @@ void lh_node_usage_stats(LHASH *lh, FILE *out)
 #else
 #ifndef OPENSSL_NO_FP_API
-void lh_stats(const LHASH *lh, FILE *fp)
+void lh_stats(const _LHASH *lh, FILE *fp)
        {
        BIO *bp;
@@ -151,7 +151,7 @@ void lh_stats(const LHASH *lh, FILE *fp)
 end:;
        }
-void lh_node_stats(const LHASH *lh, FILE *fp)
+void lh_node_stats(const _LHASH *lh, FILE *fp)
        {
        BIO *bp;
@@ -163,7 +163,7 @@ void lh_node_stats(const LHASH *lh, FILE *fp)
 end:;
        }
-void lh_node_usage_stats(const LHASH *lh, FILE *fp)
+void lh_node_usage_stats(const _LHASH *lh, FILE *fp)
        {
        BIO *bp;
@@ -177,7 +177,7 @@ end:;
 #endif
-void lh_stats_bio(const LHASH *lh, BIO *out)
+void lh_stats_bio(const _LHASH *lh, BIO *out)
        {
        BIO_printf(out,"num_items             = %lu\n",lh->num_items);
        BIO_printf(out,"num_nodes             = %u\n",lh->num_nodes);
@@ -205,7 +205,7 @@ void lh_stats_bio(const LHASH *lh, BIO *out)
 #endif
        }
-void lh_node_stats_bio(const LHASH *lh, BIO *out)
+void lh_node_stats_bio(const _LHASH *lh, BIO *out)
        {
        LHASH_NODE *n;
        unsigned int i,num;
@@ -218,7 +218,7 @@ void lh_node_stats_bio(const LHASH *lh, BIO *out)
                }
        }
-void lh_node_usage_stats_bio(const LHASH *lh, BIO *out)
+void lh_node_usage_stats_bio(const _LHASH *lh, BIO *out)
        {
        LHASH_NODE *n;
        unsigned long num;
diff --git a/src/lib/libcrypto/lhash/lhash.c b/src/lib/libcrypto/lhash/lhash.c
index 04ea80203c..47f748081b 100644
--- a/src/lib/libcrypto/lhash/lhash.c
+++ b/src/lib/libcrypto/lhash/lhash.c
@@ -107,18 +107,18 @@ const char lh_version[]="lhash" OPENSSL_VERSION_PTEXT;
 #define UP_LOAD         (2*LH_LOAD_MULT) /* load times 256  (default 2) */
 #define DOWN_LOAD       (LH_LOAD_MULT)   /* load times 256  (default 1) */
-static void expand(LHASH *lh);
+static void expand(_LHASH *lh);
-static void contract(LHASH *lh);
+static void contract(_LHASH *lh);
-static LHASH_NODE **getrn(LHASH *lh, const void *data, unsigned long *rhash);
+static LHASH_NODE **getrn(_LHASH *lh, const void *data, unsigned long *rhash);
-LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c)
+_LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c)
        {
-        LHASH *ret;
+        _LHASH *ret;
        int i;
-        if ((ret=(LHASH *)OPENSSL_malloc(sizeof(LHASH))) == NULL)
+        if ((ret=OPENSSL_malloc(sizeof(_LHASH))) == NULL)
                goto err0;
-        if ((ret->b=(LHASH_NODE **)OPENSSL_malloc(sizeof(LHASH_NODE *)*MIN_NODES)) == NULL)
+        if ((ret->b=OPENSSL_malloc(sizeof(LHASH_NODE *)*MIN_NODES)) == NULL)
                goto err1;
        for (i=0; i<MIN_NODES; i++)
                ret->b[i]=NULL;
@@ -154,7 +154,7 @@ err0:
        return(NULL);
        }
-void lh_free(LHASH *lh)
+void lh_free(_LHASH *lh)
        {
        unsigned int i;
        LHASH_NODE *n,*nn;
@@ -176,7 +176,7 @@ void lh_free(LHASH *lh)
        OPENSSL_free(lh);
        }
-void *lh_insert(LHASH *lh, void *data)
+void *lh_insert(_LHASH *lh, void *data)
        {
        unsigned long hash;
        LHASH_NODE *nn,**rn;
@@ -214,7 +214,7 @@ void *lh_insert(LHASH *lh, void *data)
        return(ret);
        }
-void *lh_delete(LHASH *lh, const void *data)
+void *lh_delete(_LHASH *lh, const void *data)
        {
        unsigned long hash;
        LHASH_NODE *nn,**rn;
@@ -245,7 +245,7 @@ void *lh_delete(LHASH *lh, const void *data)
        return(ret);
        }
-void *lh_retrieve(LHASH *lh, const void *data)
+void *lh_retrieve(_LHASH *lh, const void *data)
        {
        unsigned long hash;
        LHASH_NODE **rn;
@@ -267,12 +267,15 @@ void *lh_retrieve(LHASH *lh, const void *data)
        return(ret);
        }
-static void doall_util_fn(LHASH *lh, int use_arg, LHASH_DOALL_FN_TYPE func,
+static void doall_util_fn(_LHASH *lh, int use_arg, LHASH_DOALL_FN_TYPE func,
                          LHASH_DOALL_ARG_FN_TYPE func_arg, void *arg)
        {
        int i;
        LHASH_NODE *a,*n;
+        if (lh == NULL)
+                return;
        /* reverse the order so we search from 'top to bottom'
         * We were having memory leaks otherwise */
        for (i=lh->num_nodes-1; i>=0; i--)
@@ -282,6 +285,8 @@ static void doall_util_fn(LHASH *lh, int use_arg, LHASH_DOALL_FN_TYPE func,
                        {
                        /* 28/05/91 - eay - n added so items can be deleted
                         * via lh_doall */
+                        /* 22/05/08 - ben - eh? since a is not passed,
+                         * this should not be needed */
                        n=a->next;
                        if(use_arg)
                                func_arg(a->data,arg);
@@ -292,17 +297,17 @@ static void doall_util_fn(LHASH *lh, int use_arg, LHASH_DOALL_FN_TYPE func,
                }
        }
-void lh_doall(LHASH *lh, LHASH_DOALL_FN_TYPE func)
+void lh_doall(_LHASH *lh, LHASH_DOALL_FN_TYPE func)
        {
        doall_util_fn(lh, 0, func, (LHASH_DOALL_ARG_FN_TYPE)0, NULL);
        }
-void lh_doall_arg(LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg)
+void lh_doall_arg(_LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg)
        {
        doall_util_fn(lh, 1, (LHASH_DOALL_FN_TYPE)0, func, arg);
        }
-static void expand(LHASH *lh)
+static void expand(_LHASH *lh)
        {
        LHASH_NODE **n,**n1,**n2,*np;
        unsigned int p,i,j;
@@ -358,7 +363,7 @@ static void expand(LHASH *lh)
                }
        }
-static void contract(LHASH *lh)
+static void contract(_LHASH *lh)
        {
        LHASH_NODE **n,*n1,*np;
@@ -397,7 +402,7 @@ static void contract(LHASH *lh)
                }
        }
-static LHASH_NODE **getrn(LHASH *lh, const void *data, unsigned long *rhash)
+static LHASH_NODE **getrn(_LHASH *lh, const void *data, unsigned long *rhash)
        {
        LHASH_NODE **ret,*n1;
        unsigned long hash,nn;
@@ -464,7 +469,7 @@ unsigned long lh_strhash(const char *c)
        return((ret>>16)^ret);
        }
-unsigned long lh_num_items(const LHASH *lh)
+unsigned long lh_num_items(const _LHASH *lh)
        {
        return lh ? lh->num_items : 0;
        }
diff --git a/src/lib/libcrypto/lhash/lhash.h b/src/lib/libcrypto/lhash/lhash.h
index d392d0cd80..e7d8763591 100644
--- a/src/lib/libcrypto/lhash/lhash.h
+++ b/src/lib/libcrypto/lhash/lhash.h
@@ -98,42 +98,42 @@ typedef void (*LHASH_DOALL_ARG_FN_TYPE)(void *, void *);
 * macros if the functions are strictly internal. */
 /* First: "hash" functions */
-#define DECLARE_LHASH_HASH_FN(f_name,o_type) \
+#define DECLARE_LHASH_HASH_FN(name, o_type) \
-        unsigned long f_name##_LHASH_HASH(const void *);
+        unsigned long name##_LHASH_HASH(const void *);
-#define IMPLEMENT_LHASH_HASH_FN(f_name,o_type) \
+#define IMPLEMENT_LHASH_HASH_FN(name, o_type) \
-        unsigned long f_name##_LHASH_HASH(const void *arg) { \
+        unsigned long name##_LHASH_HASH(const void *arg) { \
-                o_type a = (o_type)arg; \
+                const o_type *a = arg; \
-                return f_name(a); }
+                return name##_hash(a); }
-#define LHASH_HASH_FN(f_name) f_name##_LHASH_HASH
+#define LHASH_HASH_FN(name) name##_LHASH_HASH
 /* Second: "compare" functions */
-#define DECLARE_LHASH_COMP_FN(f_name,o_type) \
+#define DECLARE_LHASH_COMP_FN(name, o_type) \
-        int f_name##_LHASH_COMP(const void *, const void *);
+        int name##_LHASH_COMP(const void *, const void *);
-#define IMPLEMENT_LHASH_COMP_FN(f_name,o_type) \
+#define IMPLEMENT_LHASH_COMP_FN(name, o_type) \
-        int f_name##_LHASH_COMP(const void *arg1, const void *arg2) { \
+        int name##_LHASH_COMP(const void *arg1, const void *arg2) { \
-                o_type a = (o_type)arg1; \
+                const o_type *a = arg1;             \
-                o_type b = (o_type)arg2; \
+                const o_type *b = arg2; \
-                return f_name(a,b); }
+                return name##_cmp(a,b); }
-#define LHASH_COMP_FN(f_name) f_name##_LHASH_COMP
+#define LHASH_COMP_FN(name) name##_LHASH_COMP
 /* Third: "doall" functions */
-#define DECLARE_LHASH_DOALL_FN(f_name,o_type) \
+#define DECLARE_LHASH_DOALL_FN(name, o_type) \
-        void f_name##_LHASH_DOALL(void *);
+        void name##_LHASH_DOALL(void *);
-#define IMPLEMENT_LHASH_DOALL_FN(f_name,o_type) \
+#define IMPLEMENT_LHASH_DOALL_FN(name, o_type) \
-        void f_name##_LHASH_DOALL(void *arg) { \
+        void name##_LHASH_DOALL(void *arg) { \
-                o_type a = (o_type)arg; \
+                o_type *a = arg; \
-                f_name(a); }
+                name##_doall(a); }
-#define LHASH_DOALL_FN(f_name) f_name##_LHASH_DOALL
+#define LHASH_DOALL_FN(name) name##_LHASH_DOALL
 /* Fourth: "doall_arg" functions */
-#define DECLARE_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \
+#define DECLARE_LHASH_DOALL_ARG_FN(name, o_type, a_type) \
-        void f_name##_LHASH_DOALL_ARG(void *, void *);
+        void name##_LHASH_DOALL_ARG(void *, void *);
-#define IMPLEMENT_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \
+#define IMPLEMENT_LHASH_DOALL_ARG_FN(name, o_type, a_type) \
-        void f_name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \
+        void name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \
-                o_type a = (o_type)arg1; \
+                o_type *a = arg1; \
-                a_type b = (a_type)arg2; \
+                a_type *b = arg2; \
-                f_name(a,b); }
+                name##_doall_arg(a, b); }
-#define LHASH_DOALL_ARG_FN(f_name) f_name##_LHASH_DOALL_ARG
+#define LHASH_DOALL_ARG_FN(name) name##_LHASH_DOALL_ARG
 typedef struct lhash_st
        {
@@ -163,7 +163,8 @@ typedef struct lhash_st
        unsigned long num_hash_comps;
        int error;
-        } LHASH;
+        } _LHASH;       /* Do not use _LHASH directly, use LHASH_OF
+                         * and friends */
 #define LH_LOAD_MULT    256
@@ -171,27 +172,67 @@ typedef struct lhash_st
 * in lh_insert(). */
 #define lh_error(lh)    ((lh)->error)
-LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c);
+_LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c);
-void lh_free(LHASH *lh);
+void lh_free(_LHASH *lh);
-void *lh_insert(LHASH *lh, void *data);
+void *lh_insert(_LHASH *lh, void *data);
-void *lh_delete(LHASH *lh, const void *data);
+void *lh_delete(_LHASH *lh, const void *data);
-void *lh_retrieve(LHASH *lh, const void *data);
+void *lh_retrieve(_LHASH *lh, const void *data);
-void lh_doall(LHASH *lh, LHASH_DOALL_FN_TYPE func);
+void lh_doall(_LHASH *lh, LHASH_DOALL_FN_TYPE func);
-void lh_doall_arg(LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg);
+void lh_doall_arg(_LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg);
 unsigned long lh_strhash(const char *c);
-unsigned long lh_num_items(const LHASH *lh);
+unsigned long lh_num_items(const _LHASH *lh);
 #ifndef OPENSSL_NO_FP_API
-void lh_stats(const LHASH *lh, FILE *out);
+void lh_stats(const _LHASH *lh, FILE *out);
-void lh_node_stats(const LHASH *lh, FILE *out);
+void lh_node_stats(const _LHASH *lh, FILE *out);
-void lh_node_usage_stats(const LHASH *lh, FILE *out);
+void lh_node_usage_stats(const _LHASH *lh, FILE *out);
 #endif
 #ifndef OPENSSL_NO_BIO
-void lh_stats_bio(const LHASH *lh, BIO *out);
+void lh_stats_bio(const _LHASH *lh, BIO *out);
-void lh_node_stats_bio(const LHASH *lh, BIO *out);
+void lh_node_stats_bio(const _LHASH *lh, BIO *out);
-void lh_node_usage_stats_bio(const LHASH *lh, BIO *out);
+void lh_node_usage_stats_bio(const _LHASH *lh, BIO *out);
 #endif
+/* Type checking... */
+#define LHASH_OF(type) struct lhash_st_##type
+#define DECLARE_LHASH_OF(type) LHASH_OF(type) { int dummy; }
+#define CHECKED_LHASH_OF(type,lh) \
+  ((_LHASH *)CHECKED_PTR_OF(LHASH_OF(type),lh))
+/* Define wrapper functions. */
+#define LHM_lh_new(type, name) \
+  ((LHASH_OF(type) *)lh_new(LHASH_HASH_FN(name), LHASH_COMP_FN(name)))
+#define LHM_lh_error(type, lh) \
+  lh_error(CHECKED_LHASH_OF(type,lh))
+#define LHM_lh_insert(type, lh, inst) \
+  ((type *)lh_insert(CHECKED_LHASH_OF(type, lh), \
+                     CHECKED_PTR_OF(type, inst)))
+#define LHM_lh_retrieve(type, lh, inst) \
+  ((type *)lh_retrieve(CHECKED_LHASH_OF(type, lh), \
+                       CHECKED_PTR_OF(type, inst)))
+#define LHM_lh_delete(type, lh, inst) \
+  ((type *)lh_delete(CHECKED_LHASH_OF(type, lh),                        \
+                     CHECKED_PTR_OF(type, inst)))
+#define LHM_lh_doall(type, lh,fn) lh_doall(CHECKED_LHASH_OF(type, lh), fn)
+#define LHM_lh_doall_arg(type, lh, fn, arg_type, arg) \
+  lh_doall_arg(CHECKED_LHASH_OF(type, lh), fn, CHECKED_PTR_OF(arg_type, arg))
+#define LHM_lh_num_items(type, lh) lh_num_items(CHECKED_LHASH_OF(type, lh))
+#define LHM_lh_down_load(type, lh) (CHECKED_LHASH_OF(type, lh)->down_load)
+#define LHM_lh_node_stats_bio(type, lh, out) \
+  lh_node_stats_bio(CHECKED_LHASH_OF(type, lh), out)
+#define LHM_lh_node_usage_stats_bio(type, lh, out) \
+  lh_node_usage_stats_bio(CHECKED_LHASH_OF(type, lh), out)
+#define LHM_lh_stats_bio(type, lh, out) \
+  lh_stats_bio(CHECKED_LHASH_OF(type, lh), out)
+#define LHM_lh_free(type, lh) lh_free(CHECKED_LHASH_OF(type, lh))
+DECLARE_LHASH_OF(OPENSSL_STRING);
+DECLARE_LHASH_OF(OPENSSL_CSTRING);
 #ifdef  __cplusplus
 }
 #endif
diff --git a/src/lib/libcrypto/md32_common.h b/src/lib/libcrypto/md32_common.h
index 61bcd9786f..1cb783944e 100644
--- a/src/lib/libcrypto/md32_common.h
+++ b/src/lib/libcrypto/md32_common.h
@@ -241,11 +241,11 @@
 #ifndef PEDANTIC
 # if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
 #  if defined(__s390x__)
-#   define HOST_c2l(c,l)        ({ asm ("lrv    %0,0(%1)"               \
+#   define HOST_c2l(c,l)        ({ asm ("lrv    %0,%1"                  \
-                                        :"=r"(l) : "r"(c));             \
+                                   :"=d"(l) :"m"(*(const unsigned int *)(c)));\
                                   (c)+=4; (l);                         })
-#   define HOST_l2c(l,c)        ({ asm ("strv   %0,0(%1)"               \
+#   define HOST_l2c(l,c)        ({ asm ("strv   %1,%0"                  \
-                                        : : "r"(l),"r"(c) : "memory");  \
+                                   :"=m"(*(unsigned int *)(c)) :"d"(l));\
                                   (c)+=4; (l);                         })
 #  endif
 # endif
@@ -293,7 +293,7 @@ int HASH_UPDATE (HASH_CTX *c, const void *data_, size_t len)
         * Wei Dai <weidai@eskimo.com> for pointing it out. */
        if (l < c->Nl) /* overflow */
                c->Nh++;
-        c->Nh+=(len>>29);       /* might cause compiler warning on 16-bit */
+        c->Nh+=(HASH_LONG)(len>>29);    /* might cause compiler warning on 16-bit */
        c->Nl=l;
        n = c->num;
@@ -331,7 +331,7 @@ int HASH_UPDATE (HASH_CTX *c, const void *data_, size_t len)
        if (len != 0)
                {
                p = (unsigned char *)c->data;
-                c->num = len;
+                c->num = (unsigned int)len;
                memcpy (p,data,len);
                }
        return 1;
diff --git a/src/lib/libcrypto/md4/md4.h b/src/lib/libcrypto/md4/md4.h
index ba1fe4a6ee..c3ed9b3f75 100644
--- a/src/lib/libcrypto/md4/md4.h
+++ b/src/lib/libcrypto/md4/md4.h
@@ -77,7 +77,7 @@ extern "C" {
 * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 */
-#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)
+#if defined(__LP32__)
 #define MD4_LONG unsigned long
 #elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
 #define MD4_LONG unsigned long
@@ -105,9 +105,6 @@ typedef struct MD4state_st
        unsigned int num;
        } MD4_CTX;
-#ifdef OPENSSL_FIPS
-int private_MD4_Init(MD4_CTX *c);
-#endif
 int MD4_Init(MD4_CTX *c);
 int MD4_Update(MD4_CTX *c, const void *data, size_t len);
 int MD4_Final(unsigned char *md, MD4_CTX *c);
diff --git a/src/lib/libcrypto/md4/md4_dgst.c b/src/lib/libcrypto/md4/md4_dgst.c
index 0f5448601d..e0c42e8596 100644
--- a/src/lib/libcrypto/md4/md4_dgst.c
+++ b/src/lib/libcrypto/md4/md4_dgst.c
@@ -59,11 +59,6 @@
 #include <stdio.h>
 #include "md4_locl.h"
 #include <openssl/opensslv.h>
-#include <openssl/err.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 const char MD4_version[]="MD4" OPENSSL_VERSION_PTEXT;
@@ -75,15 +70,13 @@ const char MD4_version[]="MD4" OPENSSL_VERSION_PTEXT;
 #define INIT_DATA_C (unsigned long)0x98badcfeL
 #define INIT_DATA_D (unsigned long)0x10325476L
-FIPS_NON_FIPS_MD_Init(MD4)
+int MD4_Init(MD4_CTX *c)
        {
+        memset (c,0,sizeof(*c));
        c->A=INIT_DATA_A;
        c->B=INIT_DATA_B;
        c->C=INIT_DATA_C;
        c->D=INIT_DATA_D;
-        c->Nl=0;
-        c->Nh=0;
-        c->num=0;
        return 1;
        }
diff --git a/src/lib/libcrypto/md5/asm/md5-586.pl b/src/lib/libcrypto/md5/asm/md5-586.pl
index 76ac235f7d..6cb66bb499 100644
--- a/src/lib/libcrypto/md5/asm/md5-586.pl
+++ b/src/lib/libcrypto/md5/asm/md5-586.pl
@@ -7,7 +7,8 @@
 $normal=0;
-push(@INC,"perlasm","../../perlasm");
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
 require "x86asm.pl";
 &asm_init($ARGV[0],$0);
diff --git a/src/lib/libcrypto/md5/asm/md5-ia64.S b/src/lib/libcrypto/md5/asm/md5-ia64.S
new file mode 100644
index 0000000000..e7de08d46a
--- /dev/null
+++ b/src/lib/libcrypto/md5/asm/md5-ia64.S
@@ -0,0 +1,992 @@
+/* Copyright (c) 2005 Hewlett-Packard Development Company, L.P.
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.  */
+//      Common registers are assigned as follows:
+//
+//      COMMON
+//
+//      t0              Const Tbl Ptr   TPtr
+//      t1              Round Constant  TRound
+//      t4              Block residual  LenResid
+//      t5              Residual Data   DTmp
+//
+//      {in,out}0       Block 0 Cycle   RotateM0
+//      {in,out}1       Block Value 12  M12
+//      {in,out}2       Block Value 8   M8
+//      {in,out}3       Block Value 4   M4
+//      {in,out}4       Block Value 0   M0
+//      {in,out}5       Block 1 Cycle   RotateM1
+//      {in,out}6       Block Value 13  M13
+//      {in,out}7       Block Value 9   M9
+//      {in,out}8       Block Value 5   M5
+//      {in,out}9       Block Value 1   M1
+//      {in,out}10      Block 2 Cycle   RotateM2
+//      {in,out}11      Block Value 14  M14
+//      {in,out}12      Block Value 10  M10
+//      {in,out}13      Block Value 6   M6
+//      {in,out}14      Block Value 2   M2
+//      {in,out}15      Block 3 Cycle   RotateM3
+//      {in,out}16      Block Value 15  M15
+//      {in,out}17      Block Value 11  M11
+//      {in,out}18      Block Value 7   M7
+//      {in,out}19      Block Value 3   M3
+//      {in,out}20      Scratch                 Z
+//      {in,out}21      Scratch                 Y
+//      {in,out}22      Scratch                 X
+//      {in,out}23      Scratch                 W
+//      {in,out}24      Digest A                A
+//      {in,out}25      Digest B                B
+//      {in,out}26      Digest C                C
+//      {in,out}27      Digest D                D
+//      {in,out}28      Active Data Ptr DPtr
+//      in28            Dummy Value             -
+//      out28           Dummy Value             -
+//      bt0                     Coroutine Link  QUICK_RTN
+//
+///     These predicates are used for computing the padding block(s) and
+///     are shared between the driver and digest co-routines
+//
+//      pt0                     Extra Pad Block pExtra
+//      pt1                     Load next word  pLoad
+//      pt2                     Skip next word  pSkip
+//      pt3                     Search for Pad  pNoPad
+//      pt4                     Pad Word 0              pPad0
+//      pt5                     Pad Word 1              pPad1
+//      pt6                     Pad Word 2              pPad2
+//      pt7                     Pad Word 3              pPad3
+#define DTmp            r19
+#define LenResid        r18
+#define QUICK_RTN       b6
+#define TPtr            r14
+#define TRound          r15
+#define pExtra          p6
+#define pLoad           p7
+#define pNoPad          p9
+#define pPad0           p10
+#define pPad1           p11
+#define pPad2           p12
+#define pPad3           p13
+#define pSkip           p8
+#define A_              out24
+#define B_              out25
+#define C_              out26
+#define D_              out27
+#define DPtr_           out28
+#define M0_             out4
+#define M1_             out9
+#define M10_            out12
+#define M11_            out17
+#define M12_            out1
+#define M13_            out6
+#define M14_            out11
+#define M15_            out16
+#define M2_             out14
+#define M3_             out19
+#define M4_             out3
+#define M5_             out8
+#define M6_             out13
+#define M7_             out18
+#define M8_             out2
+#define M9_             out7
+#define RotateM0_       out0
+#define RotateM1_       out5
+#define RotateM2_       out10
+#define RotateM3_       out15
+#define W_              out23
+#define X_              out22
+#define Y_              out21
+#define Z_              out20
+#define A               in24
+#define B               in25
+#define C               in26
+#define D               in27
+#define DPtr            in28
+#define M0              in4
+#define M1              in9
+#define M10             in12
+#define M11             in17
+#define M12             in1
+#define M13             in6
+#define M14             in11
+#define M15             in16
+#define M2              in14
+#define M3              in19
+#define M4              in3
+#define M5              in8
+#define M6              in13
+#define M7              in18
+#define M8              in2
+#define M9              in7
+#define RotateM0        in0
+#define RotateM1        in5
+#define RotateM2        in10
+#define RotateM3        in15
+#define W               in23
+#define X               in22
+#define Y               in21
+#define Z               in20
+/* register stack configuration for md5_block_asm_data_order(): */
+#define MD5_NINP        3
+#define MD5_NLOC        0
+#define MD5_NOUT        29
+#define MD5_NROT        0
+/* register stack configuration for helpers: */
+#define _NINPUTS        MD5_NOUT
+#define _NLOCALS        0
+#define _NOUTPUT        0
+#define _NROTATE        24      /* this must be <= _NINPUTS */
+#if defined(_HPUX_SOURCE) && !defined(_LP64)
+#define ADDP    addp4
+#else
+#define ADDP    add
+#endif
+#if defined(_HPUX_SOURCE) || defined(B_ENDIAN)
+#define HOST_IS_BIG_ENDIAN
+#endif
+//      Macros for getting the left and right portions of little-endian words
+#define GETLW(dst, src, align)  dep.z dst = src, 32 - 8 * align, 8 * align
+#define GETRW(dst, src, align)  extr.u dst = src, 8 * align, 32 - 8 * align
+//      MD5 driver
+//
+//              Reads an input block, then calls the digest block
+//              subroutine and adds the results to the accumulated
+//              digest.  It allocates 32 outs which the subroutine
+//              uses as it's inputs and rotating
+//              registers. Initializes the round constant pointer and
+//              takes care of saving/restoring ar.lc
+//
+///     INPUT
+//
+//      in0             Context Ptr             CtxPtr0
+//      in1             Input Data Ptr          DPtrIn
+//      in2             Integral Blocks         BlockCount
+//      rp              Return Address          -
+//
+///     CODE
+//
+//      v2              Input Align             InAlign
+//      t0              Shared w/digest         -
+//      t1              Shared w/digest         -
+//      t2              Shared w/digest         -
+//      t3              Shared w/digest         -
+//      t4              Shared w/digest         -
+//      t5              Shared w/digest         -
+//      t6              PFS Save                PFSSave
+//      t7              ar.lc Save              LCSave
+//      t8              Saved PR                PRSave
+//      t9              2nd CtxPtr              CtxPtr1
+//      t10             Table Base              CTable
+//      t11             Table[0]                CTable0
+//      t13             Accumulator A           AccumA
+//      t14             Accumulator B           AccumB
+//      t15             Accumulator C           AccumC
+//      t16             Accumulator D           AccumD
+//      pt0             Shared w/digest         -
+//      pt1             Shared w/digest         -
+//      pt2             Shared w/digest         -
+//      pt3             Shared w/digest         -
+//      pt4             Shared w/digest         -
+//      pt5             Shared w/digest         -
+//      pt6             Shared w/digest         -
+//      pt7             Shared w/digest         -
+//      pt8             Not Aligned             pOff
+//      pt8             Blocks Left             pAgain
+#define AccumA          r27
+#define AccumB          r28
+#define AccumC          r29
+#define AccumD          r30
+#define CTable          r24
+#define CTable0         r25
+#define CtxPtr0         in0
+#define CtxPtr1         r23
+#define DPtrIn          in1
+#define BlockCount      in2
+#define InAlign         r10
+#define LCSave          r21
+#define PFSSave         r20
+#define PRSave          r22
+#define pAgain          p63
+#define pOff            p63
+        .text
+/* md5_block_asm_data_order(MD5_CTX *c, const void *data, size_t num)
+     where:
+      c: a pointer to a structure of this type:
+           typedef struct MD5state_st
+             {
+               MD5_LONG A,B,C,D;
+               MD5_LONG Nl,Nh;
+               MD5_LONG data[MD5_LBLOCK];
+               unsigned int num;
+             }
+           MD5_CTX;
+      data: a pointer to the input data (may be misaligned)
+      num:  the number of 16-byte blocks to hash (i.e., the length
+            of DATA is 16*NUM.
+   */
+        .type   md5_block_asm_data_order, @function
+        .global md5_block_asm_data_order
+        .align  32
+        .proc   md5_block_asm_data_order
+md5_block_asm_data_order:
+.md5_block:
+        .prologue
+{       .mmi
+        .save   ar.pfs, PFSSave
+        alloc   PFSSave = ar.pfs, MD5_NINP, MD5_NLOC, MD5_NOUT, MD5_NROT
+        ADDP    CtxPtr1 = 8, CtxPtr0
+        mov     CTable = ip
+}
+{       .mmi
+        ADDP    DPtrIn = 0, DPtrIn
+        ADDP    CtxPtr0 = 0, CtxPtr0
+        .save   ar.lc, LCSave
+        mov     LCSave = ar.lc
+}
+;;
+{       .mmi
+        add     CTable = .md5_tbl_data_order#-.md5_block#, CTable
+        and     InAlign = 0x3, DPtrIn
+}
+{       .mmi
+        ld4     AccumA = [CtxPtr0], 4
+        ld4     AccumC = [CtxPtr1], 4
+        .save pr, PRSave
+        mov     PRSave = pr
+        .body
+}
+;;
+{       .mmi
+        ld4     AccumB = [CtxPtr0]
+        ld4     AccumD = [CtxPtr1]
+        dep     DPtr_ = 0, DPtrIn, 0, 2
+} ;;
+#ifdef HOST_IS_BIG_ENDIAN
+        rum     psr.be;;        // switch to little-endian
+#endif
+{       .mmb
+        ld4     CTable0 = [CTable], 4
+        cmp.ne  pOff, p0 = 0, InAlign
+(pOff)  br.cond.spnt.many .md5_unaligned
+} ;;
+//      The FF load/compute loop rotates values three times, so that
+//      loading into M12 here produces the M0 value, M13 -> M1, etc.
+.md5_block_loop0:
+{       .mmi
+        ld4     M12_ = [DPtr_], 4
+        mov     TPtr = CTable
+        mov     TRound = CTable0
+} ;;
+{       .mmi
+        ld4     M13_ = [DPtr_], 4
+        mov     A_ = AccumA
+        mov     B_ = AccumB
+} ;;
+{       .mmi
+        ld4     M14_ = [DPtr_], 4
+        mov     C_ = AccumC
+        mov     D_ = AccumD
+} ;;
+{       .mmb
+        ld4     M15_ = [DPtr_], 4
+        add     BlockCount = -1, BlockCount
+        br.call.sptk.many QUICK_RTN = md5_digest_block0
+} ;;
+//      Now, we add the new digest values and do some clean-up
+//      before checking if there's another full block to process
+{       .mmi
+        add     AccumA = AccumA, A_
+        add     AccumB = AccumB, B_
+        cmp.ne  pAgain, p0 = 0, BlockCount
+}
+{       .mib
+        add     AccumC = AccumC, C_
+        add     AccumD = AccumD, D_
+(pAgain) br.cond.dptk.many .md5_block_loop0
+} ;;
+.md5_exit:
+#ifdef HOST_IS_BIG_ENDIAN
+        sum     psr.be;;        // switch back to big-endian mode
+#endif
+{       .mmi
+        st4     [CtxPtr0] = AccumB, -4
+        st4     [CtxPtr1] = AccumD, -4
+        mov     pr = PRSave, 0x1ffff ;;
+}
+{       .mmi
+        st4     [CtxPtr0] = AccumA
+        st4     [CtxPtr1] = AccumC
+        mov     ar.lc = LCSave
+} ;;
+{       .mib
+        mov     ar.pfs = PFSSave
+        br.ret.sptk.few rp
+} ;;
+#define MD5UNALIGNED(offset)                                            \
+.md5_process##offset:                                                   \
+{       .mib ;                                                          \
+        nop     0x0     ;                                               \
+        GETRW(DTmp, DTmp, offset) ;                                     \
+} ;;                                                                    \
+.md5_block_loop##offset:                                                \
+{       .mmi ;                                                          \
+        ld4     Y_ = [DPtr_], 4 ;                                       \
+        mov     TPtr = CTable ;                                         \
+        mov     TRound = CTable0 ;                                      \
+} ;;                                                                    \
+{       .mmi ;                                                          \
+        ld4     M13_ = [DPtr_], 4 ;                                     \
+        mov     A_ = AccumA ;                                           \
+        mov     B_ = AccumB ;                                           \
+} ;;                                                                    \
+{       .mii ;                                                          \
+        ld4     M14_ = [DPtr_], 4 ;                                     \
+        GETLW(W_, Y_, offset) ;                                         \
+        mov     C_ = AccumC ;                                           \
+}                                                                       \
+{       .mmi ;                                                          \
+        mov     D_ = AccumD ;;                                          \
+        or      M12_ = W_, DTmp ;                                       \
+        GETRW(DTmp, Y_, offset) ;                                       \
+}                                                                       \
+{       .mib ;                                                          \
+        ld4     M15_ = [DPtr_], 4 ;                                     \
+        add     BlockCount = -1, BlockCount ;                           \
+        br.call.sptk.many QUICK_RTN = md5_digest_block##offset;         \
+} ;;                                                                    \
+{       .mmi ;                                                          \
+        add     AccumA = AccumA, A_ ;                                   \
+        add     AccumB = AccumB, B_ ;                                   \
+        cmp.ne  pAgain, p0 = 0, BlockCount ;                            \
+}                                                                       \
+{       .mib ;                                                          \
+        add     AccumC = AccumC, C_ ;                                   \
+        add     AccumD = AccumD, D_ ;                                   \
+(pAgain) br.cond.dptk.many .md5_block_loop##offset ;                    \
+} ;;                                                                    \
+{       .mib ;                                                          \
+        nop     0x0 ;                                                   \
+        nop     0x0 ;                                                   \
+        br.cond.sptk.many .md5_exit ;                                   \
+} ;;
+        .align  32
+.md5_unaligned:
+//
+//      Because variable shifts are expensive, we special case each of
+//      the four alignements. In practice, this won't hurt too much
+//      since only one working set of code will be loaded.
+//
+{       .mib
+        ld4     DTmp = [DPtr_], 4
+        cmp.eq  pOff, p0 = 1, InAlign
+(pOff)  br.cond.dpnt.many .md5_process1
+} ;;
+{       .mib
+        cmp.eq  pOff, p0 = 2, InAlign
+        nop     0x0
+(pOff)  br.cond.dpnt.many .md5_process2
+} ;;
+        MD5UNALIGNED(3)
+        MD5UNALIGNED(1)
+        MD5UNALIGNED(2)
+        .endp md5_block_asm_data_order
+// MD5 Perform the F function and load
+//
+// Passed the first 4 words (M0 - M3) and initial (A, B, C, D) values,
+// computes the FF() round of functions, then branches to the common
+// digest code to finish up with GG(), HH, and II().
+//
+// INPUT
+//
+// rp Return Address -
+//
+// CODE
+//
+// v0 PFS bit bucket PFS
+// v1 Loop Trip Count LTrip
+// pt0 Load next word pMore
+/* For F round: */
+#define LTrip   r9
+#define PFS     r8
+#define pMore   p6
+/* For GHI rounds: */
+#define T       r9
+#define U       r10
+#define V       r11
+#define COMPUTE(a, b, s, M, R)                  \
+{                                               \
+        .mii ;                                  \
+        ld4 TRound = [TPtr], 4 ;                \
+        dep.z Y = Z, 32, 32 ;;                  \
+        shrp Z = Z, Y, 64 - s ;                 \
+} ;;                                            \
+{                                               \
+        .mmi ;                                  \
+        add a = Z, b ;                          \
+        mov R = M ;                             \
+        nop 0x0 ;                               \
+} ;;
+#define LOOP(a, b, s, M, R, label)              \
+{       .mii ;                                  \
+        ld4 TRound = [TPtr], 4 ;                \
+        dep.z Y = Z, 32, 32 ;;                  \
+        shrp Z = Z, Y, 64 - s ;                 \
+} ;;                                            \
+{       .mib ;                                  \
+        add a = Z, b ;                          \
+        mov R = M ;                             \
+        br.ctop.sptk.many label ;               \
+} ;;
+// G(B, C, D) = (B & D) | (C & ~D)
+#define G(a, b, c, d, M)                        \
+{       .mmi ;                                  \
+        add Z = M, TRound ;                     \
+        and Y = b, d ;                          \
+        andcm X = c, d ;                        \
+} ;;                                            \
+{       .mii ;                                  \
+        add Z = Z, a ;                          \
+        or Y = Y, X ;;                          \
+        add Z = Z, Y ;                          \
+} ;;
+// H(B, C, D) = B ^ C ^ D
+#define H(a, b, c, d, M)                        \
+{       .mmi ;                                  \
+        add Z = M, TRound ;                     \
+        xor Y = b, c ;                          \
+        nop 0x0 ;                               \
+} ;;                                            \
+{       .mii ;                                  \
+        add Z = Z, a ;                          \
+        xor Y = Y, d ;;                         \
+        add Z = Z, Y ;                          \
+} ;;
+// I(B, C, D) = C ^ (B | ~D)
+//
+// However, since we have an andcm operator, we use the fact that
+//
+// Y ^ Z == ~Y ^ ~Z
+//
+// to rewrite the expression as
+//
+// I(B, C, D) = ~C ^ (~B & D)
+#define I(a, b, c, d, M)                        \
+{       .mmi ;                                  \
+        add Z = M, TRound ;                     \
+        andcm Y = d, b ;                        \
+        andcm X = -1, c ;                       \
+} ;;                                            \
+{       .mii ;                                  \
+        add Z = Z, a ;                          \
+        xor Y = Y, X ;;                         \
+        add Z = Z, Y ;                          \
+} ;;
+#define GG4(label)                              \
+        G(A, B, C, D, M0)                       \
+        COMPUTE(A, B, 5, M0, RotateM0)          \
+        G(D, A, B, C, M1)                       \
+        COMPUTE(D, A, 9, M1, RotateM1)          \
+        G(C, D, A, B, M2)                       \
+        COMPUTE(C, D, 14, M2, RotateM2)         \
+        G(B, C, D, A, M3)                       \
+        LOOP(B, C, 20, M3, RotateM3, label)
+#define HH4(label)                              \
+        H(A, B, C, D, M0)                       \
+        COMPUTE(A, B, 4, M0, RotateM0)          \
+        H(D, A, B, C, M1)                       \
+        COMPUTE(D, A, 11, M1, RotateM1)         \
+        H(C, D, A, B, M2)                       \
+        COMPUTE(C, D, 16, M2, RotateM2)         \
+        H(B, C, D, A, M3)                       \
+        LOOP(B, C, 23, M3, RotateM3, label)
+#define II4(label)                              \
+        I(A, B, C, D, M0)                       \
+        COMPUTE(A, B, 6, M0, RotateM0)          \
+        I(D, A, B, C, M1)                       \
+        COMPUTE(D, A, 10, M1, RotateM1)         \
+        I(C, D, A, B, M2)                       \
+        COMPUTE(C, D, 15, M2, RotateM2)         \
+        I(B, C, D, A, M3)                       \
+        LOOP(B, C, 21, M3, RotateM3, label)
+#define FFLOAD(a, b, c, d, M, N, s)             \
+{       .mii ;                                  \
+(pMore) ld4 N = [DPtr], 4 ;                     \
+        add Z = M, TRound ;                     \
+        and Y = c, b ;                          \
+}                                               \
+{       .mmi ;                                  \
+        andcm X = d, b ;;                       \
+        add Z = Z, a ;                          \
+        or Y = Y, X ;                           \
+} ;;                                            \
+{       .mii ;                                  \
+        ld4 TRound = [TPtr], 4 ;                \
+        add Z = Z, Y ;;                         \
+        dep.z Y = Z, 32, 32 ;                   \
+} ;;                                            \
+{       .mii ;                                  \
+        nop 0x0 ;                               \
+        shrp Z = Z, Y, 64 - s ;;                \
+        add a = Z, b ;                          \
+} ;;
+#define FFLOOP(a, b, c, d, M, N, s, dest)       \
+{       .mii ;                                  \
+(pMore) ld4 N = [DPtr], 4 ;                     \
+        add Z = M, TRound ;                     \
+        and Y = c, b ;                          \
+}                                               \
+{       .mmi ;                                  \
+        andcm X = d, b ;;                       \
+        add Z = Z, a ;                          \
+        or Y = Y, X ;                           \
+} ;;                                            \
+{       .mii ;                                  \
+        ld4 TRound = [TPtr], 4 ;                \
+        add Z = Z, Y ;;                         \
+        dep.z Y = Z, 32, 32 ;                   \
+} ;;                                            \
+{       .mii ;                                  \
+        nop 0x0 ;                               \
+        shrp Z = Z, Y, 64 - s ;;                \
+        add a = Z, b ;                          \
+}                                               \
+{       .mib ;                                  \
+        cmp.ne pMore, p0 = 0, LTrip ;           \
+        add LTrip = -1, LTrip ;                 \
+        br.ctop.dptk.many dest ;                \
+} ;;
+        .type md5_digest_block0, @function
+        .align 32
+        .proc md5_digest_block0
+        .prologue
+md5_digest_block0:
+        .altrp QUICK_RTN
+        .body
+{       .mmi
+        alloc PFS = ar.pfs, _NINPUTS, _NLOCALS, _NOUTPUT, _NROTATE
+        mov LTrip = 2
+        mov ar.lc = 3
+} ;;
+{       .mii
+        cmp.eq pMore, p0 = r0, r0
+        mov ar.ec = 0
+        nop 0x0
+} ;;
+.md5_FF_round0:
+        FFLOAD(A, B, C, D, M12, RotateM0, 7)
+        FFLOAD(D, A, B, C, M13, RotateM1, 12)
+        FFLOAD(C, D, A, B, M14, RotateM2, 17)
+        FFLOOP(B, C, D, A, M15, RotateM3, 22, .md5_FF_round0)
+        //
+        // !!! Fall through to md5_digest_GHI
+        //
+        .endp md5_digest_block0
+        .type md5_digest_GHI, @function
+        .align 32
+        .proc md5_digest_GHI
+        .prologue
+        .regstk _NINPUTS, _NLOCALS, _NOUTPUT, _NROTATE
+md5_digest_GHI:
+        .altrp QUICK_RTN
+        .body
+//
+// The following sequence shuffles the block counstants round for the
+// next round:
+//
+// 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
+// 1 6 11 0 5 10 14 4 9 14 3 8 13 2 7 12
+//
+{       .mmi
+        mov Z = M0
+        mov Y = M15
+        mov ar.lc = 3
+}
+{       .mmi
+        mov X = M2
+        mov W = M9
+        mov V = M4
+} ;;
+{       .mmi
+        mov M0 = M1
+        mov M15 = M12
+        mov ar.ec = 1
+}
+{       .mmi
+        mov M2 = M11
+        mov M9 = M14
+        mov M4 = M5
+} ;;
+{       .mmi
+        mov M1 = M6
+        mov M12 = M13
+        mov U = M3
+}
+{       .mmi
+        mov M11 = M8
+        mov M14 = M7
+        mov M5 = M10
+} ;;
+{       .mmi
+        mov M6 = Y
+        mov M13 = X
+        mov M3 = Z
+}
+{       .mmi
+        mov M8 = W
+        mov M7 = V
+        mov M10 = U
+} ;;
+.md5_GG_round:
+        GG4(.md5_GG_round)
+// The following sequence shuffles the block constants round for the
+// next round:
+//
+// 1 6 11 0 5 10 14 4 9 14 3 8 13 2 7 12
+// 5 8 11 14 1 4 7 10 13 0 3 6 9 12 15 2
+{       .mmi
+        mov Z = M0
+        mov Y = M1
+        mov ar.lc = 3
+}
+{       .mmi
+        mov X = M3
+        mov W = M5
+        mov V = M6
+} ;;
+{       .mmi
+        mov M0 = M4
+        mov M1 = M11
+        mov ar.ec = 1
+}
+{       .mmi
+        mov M3 = M9
+        mov U = M8
+        mov T = M13
+} ;;
+{       .mmi
+        mov M4 = Z
+        mov M11 = Y
+        mov M5 = M7
+}
+{       .mmi
+        mov M6 = M14
+        mov M8 = M12
+        mov M13 = M15
+} ;;
+{       .mmi
+        mov M7 = W
+        mov M14 = V
+        nop 0x0
+}
+{       .mmi
+        mov M9 = X
+        mov M12 = U
+        mov M15 = T
+} ;;
+.md5_HH_round:
+        HH4(.md5_HH_round)
+// The following sequence shuffles the block constants round for the
+// next round:
+//
+// 5 8 11 14 1 4 7 10 13 0 3 6 9 12 15 2
+// 0 7 14 5 12 3 10 1 8 15 6 13 4 11 2 9
+{       .mmi
+        mov Z = M0
+        mov Y = M15
+        mov ar.lc = 3
+}
+{       .mmi
+        mov X = M10
+        mov W = M1
+        mov V = M4
+} ;;
+{       .mmi
+        mov M0 = M9
+        mov M15 = M12
+        mov ar.ec = 1
+}
+{       .mmi
+        mov M10 = M11
+        mov M1 = M6
+        mov M4 = M13
+} ;;
+{       .mmi
+        mov M9 = M14
+        mov M12 = M5
+        mov U = M3
+}
+{       .mmi
+        mov M11 = M8
+        mov M6 = M7
+        mov M13 = M2
+} ;;
+{       .mmi
+        mov M14 = Y
+        mov M5 = X
+        mov M3 = Z
+}
+{       .mmi
+        mov M8 = W
+        mov M7 = V
+        mov M2 = U
+} ;;
+.md5_II_round:
+        II4(.md5_II_round)
+{       .mib
+        nop 0x0
+        nop 0x0
+        br.ret.sptk.many QUICK_RTN
+} ;;
+        .endp md5_digest_GHI
+#define FFLOADU(a, b, c, d, M, P, N, s, offset) \
+{       .mii ;                                  \
+(pMore) ld4 N = [DPtr], 4 ;                     \
+        add Z = M, TRound ;                     \
+        and Y = c, b ;                          \
+}                                               \
+{       .mmi ;                                  \
+        andcm X = d, b ;;                       \
+        add Z = Z, a ;                          \
+        or Y = Y, X ;                           \
+} ;;                                            \
+{       .mii ;                                  \
+        ld4 TRound = [TPtr], 4 ;                \
+        GETLW(W, P, offset) ;                   \
+        add Z = Z, Y ;                          \
+} ;;                                            \
+{       .mii ;                                  \
+        or W = W, DTmp ;                        \
+        dep.z Y = Z, 32, 32 ;;                  \
+        shrp Z = Z, Y, 64 - s ;                 \
+} ;;                                            \
+{       .mii ;                                  \
+        add a = Z, b ;                          \
+        GETRW(DTmp, P, offset) ;                \
+        mov P = W ;                             \
+} ;;
+#define FFLOOPU(a, b, c, d, M, P, N, s, offset)         \
+{       .mii ;                                          \
+(pMore) ld4 N = [DPtr], 4 ;                             \
+        add Z = M, TRound ;                             \
+        and Y = c, b ;                                  \
+}                                                       \
+{       .mmi ;                                          \
+        andcm X = d, b ;;                               \
+        add Z = Z, a ;                                  \
+        or Y = Y, X ;                                   \
+} ;;                                                    \
+{       .mii ;                                          \
+        ld4 TRound = [TPtr], 4 ;                        \
+(pMore) GETLW(W, P, offset)     ;                       \
+        add Z = Z, Y ;                                  \
+} ;;                                                    \
+{       .mii ;                                          \
+(pMore) or W = W, DTmp ;                                \
+        dep.z Y = Z, 32, 32 ;;                          \
+        shrp Z = Z, Y, 64 - s ;                         \
+} ;;                                                    \
+{       .mii ;                                          \
+        add a = Z, b ;                                  \
+(pMore) GETRW(DTmp, P, offset)  ;                       \
+(pMore) mov P = W ;                                     \
+}                                                       \
+{       .mib ;                                          \
+        cmp.ne pMore, p0 = 0, LTrip ;                   \
+        add LTrip = -1, LTrip ;                         \
+        br.ctop.sptk.many .md5_FF_round##offset ;       \
+} ;;
+#define MD5FBLOCK(offset)                                               \
+        .type md5_digest_block##offset, @function ;                     \
+                                                                        \
+        .align 32 ;                                                     \
+        .proc md5_digest_block##offset ;                                \
+        .prologue ;                                                     \
+        .altrp QUICK_RTN ;                                              \
+        .body ;                                                         \
+md5_digest_block##offset:                                               \
+{       .mmi ;                                                          \
+        alloc PFS = ar.pfs, _NINPUTS, _NLOCALS, _NOUTPUT, _NROTATE ;    \
+        mov LTrip = 2 ;                                                 \
+        mov ar.lc = 3 ;                                                 \
+} ;;                                                                    \
+{       .mii ;                                                          \
+        cmp.eq pMore, p0 = r0, r0 ;                                     \
+        mov ar.ec = 0 ;                                                 \
+        nop 0x0 ;                                                       \
+} ;;                                                                    \
+                                                                        \
+        .pred.rel "mutex", pLoad, pSkip ;                               \
+.md5_FF_round##offset:                                                  \
+        FFLOADU(A, B, C, D, M12, M13, RotateM0, 7, offset)              \
+        FFLOADU(D, A, B, C, M13, M14, RotateM1, 12, offset)             \
+        FFLOADU(C, D, A, B, M14, M15, RotateM2, 17, offset)             \
+        FFLOOPU(B, C, D, A, M15, RotateM0, RotateM3, 22, offset)        \
+                                                                        \
+{       .mib ;                                                          \
+        nop 0x0 ;                                                       \
+        nop 0x0 ;                                                       \
+        br.cond.sptk.many md5_digest_GHI ;                              \
+} ;;                                                                    \
+        .endp md5_digest_block##offset
+MD5FBLOCK(1)
+MD5FBLOCK(2)
+MD5FBLOCK(3)
+        .align 64
+        .type md5_constants, @object
+md5_constants:
+.md5_tbl_data_order:                    // To ensure little-endian data
+                                        // order, code as bytes.
+        data1 0x78, 0xa4, 0x6a, 0xd7    //     0
+        data1 0x56, 0xb7, 0xc7, 0xe8    //     1
+        data1 0xdb, 0x70, 0x20, 0x24    //     2
+        data1 0xee, 0xce, 0xbd, 0xc1    //     3
+        data1 0xaf, 0x0f, 0x7c, 0xf5    //     4
+        data1 0x2a, 0xc6, 0x87, 0x47    //     5
+        data1 0x13, 0x46, 0x30, 0xa8    //     6
+        data1 0x01, 0x95, 0x46, 0xfd    //     7
+        data1 0xd8, 0x98, 0x80, 0x69    //     8
+        data1 0xaf, 0xf7, 0x44, 0x8b    //     9
+        data1 0xb1, 0x5b, 0xff, 0xff    //    10
+        data1 0xbe, 0xd7, 0x5c, 0x89    //    11
+        data1 0x22, 0x11, 0x90, 0x6b    //    12
+        data1 0x93, 0x71, 0x98, 0xfd    //    13
+        data1 0x8e, 0x43, 0x79, 0xa6    //    14
+        data1 0x21, 0x08, 0xb4, 0x49    //    15
+        data1 0x62, 0x25, 0x1e, 0xf6    //    16
+        data1 0x40, 0xb3, 0x40, 0xc0    //    17
+        data1 0x51, 0x5a, 0x5e, 0x26    //    18
+        data1 0xaa, 0xc7, 0xb6, 0xe9    //    19
+        data1 0x5d, 0x10, 0x2f, 0xd6    //    20
+        data1 0x53, 0x14, 0x44, 0x02    //    21
+        data1 0x81, 0xe6, 0xa1, 0xd8    //    22
+        data1 0xc8, 0xfb, 0xd3, 0xe7    //    23
+        data1 0xe6, 0xcd, 0xe1, 0x21    //    24
+        data1 0xd6, 0x07, 0x37, 0xc3    //    25
+        data1 0x87, 0x0d, 0xd5, 0xf4    //    26
+        data1 0xed, 0x14, 0x5a, 0x45    //    27
+        data1 0x05, 0xe9, 0xe3, 0xa9    //    28
+        data1 0xf8, 0xa3, 0xef, 0xfc    //    29
+        data1 0xd9, 0x02, 0x6f, 0x67    //    30
+        data1 0x8a, 0x4c, 0x2a, 0x8d    //    31
+        data1 0x42, 0x39, 0xfa, 0xff    //    32
+        data1 0x81, 0xf6, 0x71, 0x87    //    33
+        data1 0x22, 0x61, 0x9d, 0x6d    //    34
+        data1 0x0c, 0x38, 0xe5, 0xfd    //    35
+        data1 0x44, 0xea, 0xbe, 0xa4    //    36
+        data1 0xa9, 0xcf, 0xde, 0x4b    //    37
+        data1 0x60, 0x4b, 0xbb, 0xf6    //    38
+        data1 0x70, 0xbc, 0xbf, 0xbe    //    39
+        data1 0xc6, 0x7e, 0x9b, 0x28    //    40
+        data1 0xfa, 0x27, 0xa1, 0xea    //    41
+        data1 0x85, 0x30, 0xef, 0xd4    //    42
+        data1 0x05, 0x1d, 0x88, 0x04    //    43
+        data1 0x39, 0xd0, 0xd4, 0xd9    //    44
+        data1 0xe5, 0x99, 0xdb, 0xe6    //    45
+        data1 0xf8, 0x7c, 0xa2, 0x1f    //    46
+        data1 0x65, 0x56, 0xac, 0xc4    //    47
+        data1 0x44, 0x22, 0x29, 0xf4    //    48
+        data1 0x97, 0xff, 0x2a, 0x43    //    49
+        data1 0xa7, 0x23, 0x94, 0xab    //    50
+        data1 0x39, 0xa0, 0x93, 0xfc    //    51
+        data1 0xc3, 0x59, 0x5b, 0x65    //    52
+        data1 0x92, 0xcc, 0x0c, 0x8f    //    53
+        data1 0x7d, 0xf4, 0xef, 0xff    //    54
+        data1 0xd1, 0x5d, 0x84, 0x85    //    55
+        data1 0x4f, 0x7e, 0xa8, 0x6f    //    56
+        data1 0xe0, 0xe6, 0x2c, 0xfe    //    57
+        data1 0x14, 0x43, 0x01, 0xa3    //    58
+        data1 0xa1, 0x11, 0x08, 0x4e    //    59
+        data1 0x82, 0x7e, 0x53, 0xf7    //    60
+        data1 0x35, 0xf2, 0x3a, 0xbd    //    61
+        data1 0xbb, 0xd2, 0xd7, 0x2a    //    62
+        data1 0x91, 0xd3, 0x86, 0xeb    //    63
+.size   md5_constants#,64*4
diff --git a/src/lib/libcrypto/md5/asm/md5-x86_64.pl b/src/lib/libcrypto/md5/asm/md5-x86_64.pl
index 9a6fa67224..867885435e 100755
--- a/src/lib/libcrypto/md5/asm/md5-x86_64.pl
+++ b/src/lib/libcrypto/md5/asm/md5-x86_64.pl
@@ -15,7 +15,7 @@ my $code;
 #   dst = x + ((dst + F(x,y,z) + X[k] + T_i) <<< s)
 #   %r10d = X[k_next]
 #   %r11d = z' (copy of z for the next step)
-# Each round1_step() takes about 5.71 clocks (9 instructions, 1.58 IPC)
+# Each round1_step() takes about 5.3 clocks (9 instructions, 1.7 IPC)
 sub round1_step
 {
    my ($pos, $dst, $x, $y, $z, $k_next, $T_i, $s) = @_;
@@ -37,22 +37,26 @@ EOF
 # round2_step() does:
 #   dst = x + ((dst + G(x,y,z) + X[k] + T_i) <<< s)
 #   %r10d = X[k_next]
-#   %r11d = y' (copy of y for the next step)
+#   %r11d = z' (copy of z for the next step)
-# Each round2_step() takes about 6.22 clocks (9 instructions, 1.45 IPC)
+#   %r12d = z' (copy of z for the next step)
+# Each round2_step() takes about 5.4 clocks (11 instructions, 2.0 IPC)
 sub round2_step
 {
    my ($pos, $dst, $x, $y, $z, $k_next, $T_i, $s) = @_;
    $code .= " mov      1*4(%rsi),      %r10d           /* (NEXT STEP) X[1] */\n" if ($pos == -1);
-    $code .= " mov      %ecx,           %r11d           /* (NEXT STEP) y' = %ecx */\n" if ($pos == -1);
+    $code .= " mov      %edx,           %r11d           /* (NEXT STEP) z' = %edx */\n" if ($pos == -1);
+    $code .= " mov      %edx,           %r12d           /* (NEXT STEP) z' = %edx */\n" if ($pos == -1);
    $code .= <<EOF;
-        xor     $x,             %r11d           /* x ^ ... */
+        not     %r11d                           /* not z */
        lea     $T_i($dst,%r10d),$dst           /* Const + dst + ... */
-        and     $z,             %r11d           /* z & ... */
+        and     $x,             %r12d           /* x & z */
-        xor     $y,             %r11d           /* y ^ ... */
+        and     $y,             %r11d           /* y & (not z) */
        mov     $k_next*4(%rsi),%r10d           /* (NEXT STEP) X[$k_next] */
-        add     %r11d,          $dst            /* dst += ... */
+        or      %r11d,          %r12d           /* (y & (not z)) | (x & z) */
+        mov     $y,             %r11d           /* (NEXT STEP) z' = $y */
+        add     %r12d,          $dst            /* dst += ... */
+        mov     $y,             %r12d           /* (NEXT STEP) z' = $y */
        rol     \$$s,           $dst            /* dst <<< s */
-        mov     $x,             %r11d           /* (NEXT STEP) y' = $x */
        add     $x,             $dst            /* dst += x */
 EOF
 }
@@ -61,7 +65,7 @@ EOF
 #   dst = x + ((dst + H(x,y,z) + X[k] + T_i) <<< s)
 #   %r10d = X[k_next]
 #   %r11d = y' (copy of y for the next step)
-# Each round3_step() takes about 4.26 clocks (8 instructions, 1.88 IPC)
+# Each round3_step() takes about 4.2 clocks (8 instructions, 1.9 IPC)
 sub round3_step
 {
    my ($pos, $dst, $x, $y, $z, $k_next, $T_i, $s) = @_;
@@ -83,7 +87,7 @@ EOF
 #   dst = x + ((dst + I(x,y,z) + X[k] + T_i) <<< s)
 #   %r10d = X[k_next]
 #   %r11d = not z' (copy of not z for the next step)
-# Each round4_step() takes about 5.27 clocks (9 instructions, 1.71 IPC)
+# Each round4_step() takes about 5.2 clocks (9 instructions, 1.7 IPC)
 sub round4_step
 {
    my ($pos, $dst, $x, $y, $z, $k_next, $T_i, $s) = @_;
@@ -104,8 +108,19 @@ sub round4_step
 EOF
 }
-my $output = shift;
+my $flavour = shift;
-open STDOUT,"| $^X ../perlasm/x86_64-xlate.pl $output";
+my $output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+my $win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; my $dir=$1; my $xlate;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+no warnings qw(uninitialized);
+open STDOUT,"| $^X $xlate $flavour $output";
 $code .= <<EOF;
 .text
@@ -116,8 +131,10 @@ $code .= <<EOF;
 md5_block_asm_data_order:
        push    %rbp
        push    %rbx
+        push    %r12
        push    %r14
        push    %r15
+.Lprologue:
        # rdi = arg #1 (ctx, MD5_CTX pointer)
        # rsi = arg #2 (ptr, data pointer)
@@ -232,13 +249,120 @@ $code .= <<EOF;
        mov     %ecx,           2*4(%rbp)       # ctx->C = C
        mov     %edx,           3*4(%rbp)       # ctx->D = D
+        mov     (%rsp),%r15
+        mov     8(%rsp),%r14
+        mov     16(%rsp),%r12
+        mov     24(%rsp),%rbx
+        mov     32(%rsp),%rbp
+        add     \$40,%rsp
+.Lepilogue:
+        ret
+.size md5_block_asm_data_order,.-md5_block_asm_data_order
+EOF
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#               CONTEXT *context,DISPATCHER_CONTEXT *disp)
+if ($win64) {
+my $rec="%rcx";
+my $frame="%rdx";
+my $context="%r8";
+my $disp="%r9";
+$code.=<<___;
+.extern __imp_RtlVirtualUnwind
+.type   se_handler,\@abi-omnipotent
+.align  16
+se_handler:
+        push    %rsi
+        push    %rdi
+        push    %rbx
+        push    %rbp
+        push    %r12
+        push    %r13
+        push    %r14
+        push    %r15
+        pushfq
+        sub     \$64,%rsp
+        mov     120($context),%rax      # pull context->Rax
+        mov     248($context),%rbx      # pull context->Rip
+        lea     .Lprologue(%rip),%r10
+        cmp     %r10,%rbx               # context->Rip<.Lprologue
+        jb      .Lin_prologue
+        mov     152($context),%rax      # pull context->Rsp
+        lea     .Lepilogue(%rip),%r10
+        cmp     %r10,%rbx               # context->Rip>=.Lepilogue
+        jae     .Lin_prologue
+        lea     40(%rax),%rax
+        mov     -8(%rax),%rbp
+        mov     -16(%rax),%rbx
+        mov     -24(%rax),%r12
+        mov     -32(%rax),%r14
+        mov     -40(%rax),%r15
+        mov     %rbx,144($context)      # restore context->Rbx
+        mov     %rbp,160($context)      # restore context->Rbp
+        mov     %r12,216($context)      # restore context->R12
+        mov     %r14,232($context)      # restore context->R14
+        mov     %r15,240($context)      # restore context->R15
+.Lin_prologue:
+        mov     8(%rax),%rdi
+        mov     16(%rax),%rsi
+        mov     %rax,152($context)      # restore context->Rsp
+        mov     %rsi,168($context)      # restore context->Rsi
+        mov     %rdi,176($context)      # restore context->Rdi
+        mov     40($disp),%rdi          # disp->ContextRecord
+        mov     $context,%rsi           # context
+        mov     \$154,%ecx              # sizeof(CONTEXT)
+        .long   0xa548f3fc              # cld; rep movsq
+        mov     $disp,%rsi
+        xor     %rcx,%rcx               # arg1, UNW_FLAG_NHANDLER
+        mov     8(%rsi),%rdx            # arg2, disp->ImageBase
+        mov     0(%rsi),%r8             # arg3, disp->ControlPc
+        mov     16(%rsi),%r9            # arg4, disp->FunctionEntry
+        mov     40(%rsi),%r10           # disp->ContextRecord
+        lea     56(%rsi),%r11           # &disp->HandlerData
+        lea     24(%rsi),%r12           # &disp->EstablisherFrame
+        mov     %r10,32(%rsp)           # arg5
+        mov     %r11,40(%rsp)           # arg6
+        mov     %r12,48(%rsp)           # arg7
+        mov     %rcx,56(%rsp)           # arg8, (NULL)
+        call    *__imp_RtlVirtualUnwind(%rip)
+        mov     \$1,%eax                # ExceptionContinueSearch
+        add     \$64,%rsp
+        popfq
        pop     %r15
        pop     %r14
-        pop     %rbx
+        pop     %r13
+        pop     %r12
        pop     %rbp
+        pop     %rbx
+        pop     %rdi
+        pop     %rsi
        ret
-.size md5_block_asm_data_order,.-md5_block_asm_data_order
+.size   se_handler,.-se_handler
-EOF
+.section        .pdata
+.align  4
+        .rva    .LSEH_begin_md5_block_asm_data_order
+        .rva    .LSEH_end_md5_block_asm_data_order
+        .rva    .LSEH_info_md5_block_asm_data_order
+.section        .xdata
+.align  8
+.LSEH_info_md5_block_asm_data_order:
+        .byte   9,0,0,0
+        .rva    se_handler
+___
+}
 print $code;
diff --git a/src/lib/libcrypto/md5/md5.h b/src/lib/libcrypto/md5/md5.h
index 0761f84a27..4cbf84386b 100644
--- a/src/lib/libcrypto/md5/md5.h
+++ b/src/lib/libcrypto/md5/md5.h
@@ -77,7 +77,7 @@ extern "C" {
 * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 */
-#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)
+#if defined(__LP32__)
 #define MD5_LONG unsigned long
 #elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
 #define MD5_LONG unsigned long
@@ -105,9 +105,6 @@ typedef struct MD5state_st
        unsigned int num;
        } MD5_CTX;
-#ifdef OPENSSL_FIPS
-int private_MD5_Init(MD5_CTX *c);
-#endif
 int MD5_Init(MD5_CTX *c);
 int MD5_Update(MD5_CTX *c, const void *data, size_t len);
 int MD5_Final(unsigned char *md, MD5_CTX *c);
diff --git a/src/lib/libcrypto/md5/md5_dgst.c b/src/lib/libcrypto/md5/md5_dgst.c
index 47bb9020ee..beace632e3 100644
--- a/src/lib/libcrypto/md5/md5_dgst.c
+++ b/src/lib/libcrypto/md5/md5_dgst.c
@@ -59,11 +59,6 @@
 #include <stdio.h>
 #include "md5_locl.h"
 #include <openssl/opensslv.h>
-#include <openssl/err.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 const char MD5_version[]="MD5" OPENSSL_VERSION_PTEXT;
@@ -75,15 +70,13 @@ const char MD5_version[]="MD5" OPENSSL_VERSION_PTEXT;
 #define INIT_DATA_C (unsigned long)0x98badcfeL
 #define INIT_DATA_D (unsigned long)0x10325476L
-FIPS_NON_FIPS_MD_Init(MD5)
+int MD5_Init(MD5_CTX *c)
        {
+        memset (c,0,sizeof(*c));
        c->A=INIT_DATA_A;
        c->B=INIT_DATA_B;
        c->C=INIT_DATA_C;
        c->D=INIT_DATA_D;
-        c->Nl=0;
-        c->Nh=0;
-        c->num=0;
        return 1;
        }
diff --git a/src/lib/libcrypto/md5/md5_locl.h b/src/lib/libcrypto/md5/md5_locl.h
index 84e81b960d..968d577995 100644
--- a/src/lib/libcrypto/md5/md5_locl.h
+++ b/src/lib/libcrypto/md5/md5_locl.h
@@ -69,6 +69,8 @@
 # if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) || \
     defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64)
 #  define md5_block_data_order md5_block_asm_data_order
+# elif defined(__ia64) || defined(__ia64__) || defined(_M_IA64)
+#  define md5_block_data_order md5_block_asm_data_order
 # endif
 #endif
diff --git a/src/lib/libcrypto/mem_dbg.c b/src/lib/libcrypto/mem_dbg.c
index dfeb084799..ac793397f1 100644
--- a/src/lib/libcrypto/mem_dbg.c
+++ b/src/lib/libcrypto/mem_dbg.c
@@ -55,6 +55,59 @@
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
+/* ====================================================================
+ * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 #include <stdio.h>
 #include <stdlib.h>
@@ -81,8 +134,11 @@ static int mh_mode=CRYPTO_MEM_CHECK_OFF;
 */
 static unsigned long order = 0; /* number of memory requests */
-static LHASH *mh=NULL; /* hash-table of memory requests (address as key);
-                        * access requires MALLOC2 lock */
+DECLARE_LHASH_OF(MEM);
+static LHASH_OF(MEM) *mh=NULL; /* hash-table of memory requests
+                                * (address as key); access requires
+                                * MALLOC2 lock */
 typedef struct app_mem_info_st
@@ -93,8 +149,8 @@ typedef struct app_mem_info_st
 *   CRYPTO_pop_info()           to pop an entry,
 *   CRYPTO_remove_all_info()    to pop all entries.
 */
-        {       
+        {
-        unsigned long thread;
+        CRYPTO_THREADID threadid;
        const char *file;
        int line;
        const char *info;
@@ -104,10 +160,13 @@ typedef struct app_mem_info_st
 static void app_info_free(APP_INFO *);
-static LHASH *amih=NULL; /* hash-table with those app_mem_info_st's
+DECLARE_LHASH_OF(APP_INFO);
-                          * that are at the top of their thread's stack
+static LHASH_OF(APP_INFO) *amih=NULL; /* hash-table with those
-                          * (with `thread' as key);
+                                       * app_mem_info_st's that are at
-                          * access requires MALLOC2 lock */
+                                       * the top of their thread's
+                                       * stack (with `thread' as key);
+                                       * access requires MALLOC2
+                                       * lock */
 typedef struct mem_st
 /* memory-block description */
@@ -116,7 +175,7 @@ typedef struct mem_st
        int num;
        const char *file;
        int line;
-        unsigned long thread;
+        CRYPTO_THREADID threadid;
        unsigned long order;
        time_t time;
        APP_INFO *app_info;
@@ -136,11 +195,11 @@ static unsigned int num_disable = 0; /* num_disable > 0
                                      *     iff
                                      * mh_mode == CRYPTO_MEM_CHECK_ON (w/o ..._ENABLE)
                                      */
-static unsigned long disabling_thread = 0; /* Valid iff num_disable > 0.
-                                            * CRYPTO_LOCK_MALLOC2 is locked
+/* Valid iff num_disable > 0.  CRYPTO_LOCK_MALLOC2 is locked exactly in this
-                                            * exactly in this case (by the
+ * case (by the thread named in disabling_thread).
-                                            * thread named in disabling_thread).
+ */
-                                            */
+static CRYPTO_THREADID disabling_threadid;
 static void app_info_free(APP_INFO *inf)
        {
@@ -177,7 +236,9 @@ int CRYPTO_mem_ctrl(int mode)
        case CRYPTO_MEM_CHECK_DISABLE: /* aka MemCheck_off() */
                if (mh_mode & CRYPTO_MEM_CHECK_ON)
                        {
-                        if (!num_disable || (disabling_thread != CRYPTO_thread_id())) /* otherwise we already have the MALLOC2 lock */
+                        CRYPTO_THREADID cur;
+                        CRYPTO_THREADID_current(&cur);
+                        if (!num_disable || CRYPTO_THREADID_cmp(&disabling_threadid, &cur)) /* otherwise we already have the MALLOC2 lock */
                                {
                                /* Long-time lock CRYPTO_LOCK_MALLOC2 must not be claimed while
                                 * we're holding CRYPTO_LOCK_MALLOC, or we'll deadlock if
@@ -195,7 +256,7 @@ int CRYPTO_mem_ctrl(int mode)
                                CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2);
                                CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
                                mh_mode &= ~CRYPTO_MEM_CHECK_ENABLE;
-                                disabling_thread=CRYPTO_thread_id();
+                                CRYPTO_THREADID_cpy(&disabling_threadid, &cur);
                                }
                        num_disable++;
                        }
@@ -228,10 +289,12 @@ int CRYPTO_is_mem_check_on(void)
        if (mh_mode & CRYPTO_MEM_CHECK_ON)
                {
+                CRYPTO_THREADID cur;
+                CRYPTO_THREADID_current(&cur);
                CRYPTO_r_lock(CRYPTO_LOCK_MALLOC);
                ret = (mh_mode & CRYPTO_MEM_CHECK_ENABLE)
-                        || (disabling_thread != CRYPTO_thread_id());
+                        || CRYPTO_THREADID_cmp(&disabling_threadid, &cur);
                CRYPTO_r_unlock(CRYPTO_LOCK_MALLOC);
                }
@@ -249,49 +312,49 @@ long CRYPTO_dbg_get_options(void)
        return options;
        }
-/* static int mem_cmp(MEM *a, MEM *b) */
+static int mem_cmp(const MEM *a, const MEM *b)
-static int mem_cmp(const void *a_void, const void *b_void)
        {
 #ifdef _WIN64
-        const char *a=(const char *)((const MEM *)a_void)->addr,
+        const char *ap=(const char *)a->addr,
-                   *b=(const char *)((const MEM *)b_void)->addr;
+                   *bp=(const char *)b->addr;
-        if (a==b)       return 0;
+        if (ap==bp)     return 0;
-        else if (a>b)   return 1;
+        else if (ap>bp) return 1;
        else            return -1;
 #else
-        return((const char *)((const MEM *)a_void)->addr
+        return (const char *)a->addr - (const char *)b->addr;
-                - (const char *)((const MEM *)b_void)->addr);
 #endif
        }
+static IMPLEMENT_LHASH_COMP_FN(mem, MEM)
-/* static unsigned long mem_hash(MEM *a) */
+static unsigned long mem_hash(const MEM *a)
-static unsigned long mem_hash(const void *a_void)
        {
        unsigned long ret;
-        ret=(unsigned long)((const MEM *)a_void)->addr;
+        ret=(unsigned long)a->addr;
        ret=ret*17851+(ret>>14)*7+(ret>>4)*251;
        return(ret);
        }
+static IMPLEMENT_LHASH_HASH_FN(mem, MEM)
 /* static int app_info_cmp(APP_INFO *a, APP_INFO *b) */
 static int app_info_cmp(const void *a_void, const void *b_void)
        {
-        return(((const APP_INFO *)a_void)->thread
+        return CRYPTO_THREADID_cmp(&((const APP_INFO *)a_void)->threadid,
-                != ((const APP_INFO *)b_void)->thread);
+                                &((const APP_INFO *)b_void)->threadid);
        }
+static IMPLEMENT_LHASH_COMP_FN(app_info, APP_INFO)
-/* static unsigned long app_info_hash(APP_INFO *a) */
+static unsigned long app_info_hash(const APP_INFO *a)
-static unsigned long app_info_hash(const void *a_void)
        {
        unsigned long ret;
-        ret=(unsigned long)((const APP_INFO *)a_void)->thread;
+        ret = CRYPTO_THREADID_hash(&a->threadid);
+        /* This is left in as a "who am I to question legacy?" measure */
        ret=ret*17851+(ret>>14)*7+(ret>>4)*251;
        return(ret);
        }
+static IMPLEMENT_LHASH_HASH_FN(app_info, APP_INFO)
 static APP_INFO *pop_info(void)
        {
@@ -300,21 +363,22 @@ static APP_INFO *pop_info(void)
        if (amih != NULL)
                {
-                tmp.thread=CRYPTO_thread_id();
+                CRYPTO_THREADID_current(&tmp.threadid);
-                if ((ret=(APP_INFO *)lh_delete(amih,&tmp)) != NULL)
+                if ((ret=lh_APP_INFO_delete(amih,&tmp)) != NULL)
                        {
                        APP_INFO *next=ret->next;
                        if (next != NULL)
                                {
                                next->references++;
-                                lh_insert(amih,(char *)next);
+                                (void)lh_APP_INFO_insert(amih,next);
                                }
 #ifdef LEVITTE_DEBUG_MEM
-                        if (ret->thread != tmp.thread)
+                        if (CRYPTO_THREADID_cmp(&ret->threadid, &tmp.threadid))
                                {
                                fprintf(stderr, "pop_info(): deleted info has other thread ID (%lu) than the current thread (%lu)!!!!\n",
-                                        ret->thread, tmp.thread);
+                                        CRYPTO_THREADID_hash(&ret->threadid),
+                                        CRYPTO_THREADID_hash(&tmp.threadid));
                                abort();
                                }
 #endif
@@ -330,7 +394,7 @@ static APP_INFO *pop_info(void)
        return(ret);
        }
-int CRYPTO_dbg_push_info(const char *info, const char *file, int line)
+int CRYPTO_push_info_(const char *info, const char *file, int line)
        {
        APP_INFO *ami, *amim;
        int ret=0;
@@ -346,7 +410,7 @@ int CRYPTO_dbg_push_info(const char *info, const char *file, int line)
                        }
                if (amih == NULL)
                        {
-                        if ((amih=lh_new(app_info_hash, app_info_cmp)) == NULL)
+                        if ((amih=lh_APP_INFO_new()) == NULL)
                                {
                                OPENSSL_free(ami);
                                ret=0;
@@ -354,20 +418,21 @@ int CRYPTO_dbg_push_info(const char *info, const char *file, int line)
                                }
                        }
-                ami->thread=CRYPTO_thread_id();
+                CRYPTO_THREADID_current(&ami->threadid);
                ami->file=file;
                ami->line=line;
                ami->info=info;
                ami->references=1;
                ami->next=NULL;
-                if ((amim=(APP_INFO *)lh_insert(amih,(char *)ami)) != NULL)
+                if ((amim=lh_APP_INFO_insert(amih,ami)) != NULL)
                        {
 #ifdef LEVITTE_DEBUG_MEM
-                        if (ami->thread != amim->thread)
+                        if (CRYPTO_THREADID_cmp(&ami->threadid, &amim->threadid))
                                {
                                fprintf(stderr, "CRYPTO_push_info(): previous info has other thread ID (%lu) than the current thread (%lu)!!!!\n",
-                                        amim->thread, ami->thread);
+                                        CRYPTO_THREADID_hash(&amim->threadid),
+                                        CRYPTO_THREADID_hash(&ami->threadid));
                                abort();
                                }
 #endif
@@ -380,7 +445,7 @@ int CRYPTO_dbg_push_info(const char *info, const char *file, int line)
        return(ret);
        }
-int CRYPTO_dbg_pop_info(void)
+int CRYPTO_pop_info(void)
        {
        int ret=0;
@@ -395,7 +460,7 @@ int CRYPTO_dbg_pop_info(void)
        return(ret);
        }
-int CRYPTO_dbg_remove_all_info(void)
+int CRYPTO_remove_all_info(void)
        {
        int ret=0;
@@ -439,7 +504,7 @@ void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line,
                                }
                        if (mh == NULL)
                                {
-                                if ((mh=lh_new(mem_hash, mem_cmp)) == NULL)
+                                if ((mh=lh_MEM_new()) == NULL)
                                        {
                                        OPENSSL_free(addr);
                                        OPENSSL_free(m);
@@ -453,9 +518,9 @@ void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line,
                        m->line=line;
                        m->num=num;
                        if (options & V_CRYPTO_MDEBUG_THREAD)
-                                m->thread=CRYPTO_thread_id();
+                                CRYPTO_THREADID_current(&m->threadid);
                        else
-                                m->thread=0;
+                                memset(&m->threadid, 0, sizeof(m->threadid));
                        if (order == break_order_num)
                                {
@@ -464,7 +529,7 @@ void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line,
                                }
                        m->order=order++;
 #ifdef LEVITTE_DEBUG_MEM
-                        fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5d] %c 0x%p (%d)\n",
+                        fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5ld] %c 0x%p (%d)\n",
                                m->order,
                                (before_p & 128) ? '*' : '+',
                                m->addr, m->num);
@@ -474,16 +539,16 @@ void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line,
                        else
                                m->time=0;
-                        tmp.thread=CRYPTO_thread_id();
+                        CRYPTO_THREADID_current(&tmp.threadid);
                        m->app_info=NULL;
                        if (amih != NULL
-                                && (amim=(APP_INFO *)lh_retrieve(amih,(char *)&tmp)) != NULL)
+                            && (amim=lh_APP_INFO_retrieve(amih,&tmp)) != NULL)
                                {
                                m->app_info = amim;
                                amim->references++;
                                }
-                        if ((mm=(MEM *)lh_insert(mh,(char *)m)) != NULL)
+                        if ((mm=lh_MEM_insert(mh, m)) != NULL)
                                {
                                /* Not good, but don't sweat it */
                                if (mm->app_info != NULL)
@@ -516,11 +581,11 @@ void CRYPTO_dbg_free(void *addr, int before_p)
                        MemCheck_off(); /* make sure we hold MALLOC2 lock */
                        m.addr=addr;
-                        mp=(MEM *)lh_delete(mh,(char *)&m);
+                        mp=lh_MEM_delete(mh,&m);
                        if (mp != NULL)
                                {
 #ifdef LEVITTE_DEBUG_MEM
-                        fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5d] - 0x%p (%d)\n",
+                        fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5ld] - 0x%p (%d)\n",
                                mp->order, mp->addr, mp->num);
 #endif
                                if (mp->app_info != NULL)
@@ -566,18 +631,18 @@ void CRYPTO_dbg_realloc(void *addr1, void *addr2, int num,
                        MemCheck_off(); /* make sure we hold MALLOC2 lock */
                        m.addr=addr1;
-                        mp=(MEM *)lh_delete(mh,(char *)&m);
+                        mp=lh_MEM_delete(mh,&m);
                        if (mp != NULL)
                                {
 #ifdef LEVITTE_DEBUG_MEM
-                                fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5d] * 0x%p (%d) -> 0x%p (%d)\n",
+                                fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5ld] * 0x%p (%d) -> 0x%p (%d)\n",
                                        mp->order,
                                        mp->addr, mp->num,
                                        addr2, num);
 #endif
                                mp->addr=addr2;
                                mp->num=num;
-                                lh_insert(mh,(char *)mp);
+                                (void)lh_MEM_insert(mh,mp);
                                }
                        MemCheck_on(); /* release MALLOC2 lock
@@ -596,14 +661,14 @@ typedef struct mem_leak_st
        long bytes;
        } MEM_LEAK;
-static void print_leak(const MEM *m, MEM_LEAK *l)
+static void print_leak_doall_arg(const MEM *m, MEM_LEAK *l)
        {
        char buf[1024];
        char *bufp = buf;
        APP_INFO *amip;
        int ami_cnt;
        struct tm *lcl = NULL;
-        unsigned long ti;
+        CRYPTO_THREADID ti;
 #define BUF_REMAIN (sizeof buf - (size_t)(bufp - buf))
@@ -625,7 +690,8 @@ static void print_leak(const MEM *m, MEM_LEAK *l)
        if (options & V_CRYPTO_MDEBUG_THREAD)
                {
-                BIO_snprintf(bufp, BUF_REMAIN, "thread=%lu, ", m->thread);
+                BIO_snprintf(bufp, BUF_REMAIN, "thread=%lu, ",
+                        CRYPTO_THREADID_hash(&m->threadid));
                bufp += strlen(bufp);
                }
@@ -642,8 +708,8 @@ static void print_leak(const MEM *m, MEM_LEAK *l)
        ami_cnt=0;
        if (!amip)
                return;
-        ti=amip->thread;
+        CRYPTO_THREADID_cpy(&ti, &amip->threadid);
-        
        do
                {
                int buf_len;
@@ -653,7 +719,8 @@ static void print_leak(const MEM *m, MEM_LEAK *l)
                memset(buf,'>',ami_cnt);
                BIO_snprintf(buf + ami_cnt, sizeof buf - ami_cnt,
                        " thread=%lu, file=%s, line=%d, info=\"",
-                        amip->thread, amip->file, amip->line);
+                        CRYPTO_THREADID_hash(&amip->threadid), amip->file,
+                        amip->line);
                buf_len=strlen(buf);
                info_len=strlen(amip->info);
                if (128 - buf_len - 3 < info_len)
@@ -673,8 +740,8 @@ static void print_leak(const MEM *m, MEM_LEAK *l)
                amip = amip->next;
                }
-        while(amip && amip->thread == ti);
+        while(amip && !CRYPTO_THREADID_cmp(&amip->threadid, &ti));
-                
 #ifdef LEVITTE_DEBUG_MEM
        if (amip)
                {
@@ -684,7 +751,7 @@ static void print_leak(const MEM *m, MEM_LEAK *l)
 #endif
        }
-static IMPLEMENT_LHASH_DOALL_ARG_FN(print_leak, const MEM *, MEM_LEAK *)
+static IMPLEMENT_LHASH_DOALL_ARG_FN(print_leak, const MEM, MEM_LEAK)
 void CRYPTO_mem_leaks(BIO *b)
        {
@@ -699,12 +766,15 @@ void CRYPTO_mem_leaks(BIO *b)
        ml.bytes=0;
        ml.chunks=0;
        if (mh != NULL)
-                lh_doall_arg(mh, LHASH_DOALL_ARG_FN(print_leak),
+                lh_MEM_doall_arg(mh, LHASH_DOALL_ARG_FN(print_leak), MEM_LEAK,
-                                (char *)&ml);
+                                 &ml);
        if (ml.chunks != 0)
                {
                BIO_printf(b,"%ld bytes leaked in %d chunks\n",
                           ml.bytes,ml.chunks);
+#ifdef CRYPTO_MDEBUG_ABORT
+                abort();
+#endif
                }
        else
                {
@@ -717,7 +787,7 @@ void CRYPTO_mem_leaks(BIO *b)
                 * XXX    This should be in CRYPTO_mem_leaks_cb,
                 * and CRYPTO_mem_leaks should be implemented by
                 * using CRYPTO_mem_leaks_cb.
-                 * (Also their should be a variant of lh_doall_arg
+                 * (Also there should be a variant of lh_doall_arg
                 * that takes a function pointer instead of a void *;
                 * this would obviate the ugly and illegal
                 * void_fn_to_char kludge in CRYPTO_mem_leaks_cb.
@@ -734,14 +804,14 @@ void CRYPTO_mem_leaks(BIO *b)
                if (mh != NULL)
                        {
-                        lh_free(mh);
+                        lh_MEM_free(mh);
                        mh = NULL;
                        }
                if (amih != NULL)
                        {
-                        if (lh_num_items(amih) == 0) 
+                        if (lh_APP_INFO_num_items(amih) == 0) 
                                {
-                                lh_free(amih);
+                                lh_APP_INFO_free(amih);
                                amih = NULL;
                                }
                        }
@@ -779,39 +849,26 @@ void CRYPTO_mem_leaks_fp(FILE *fp)
 /* NB: The prototypes have been typedef'd to CRYPTO_MEM_LEAK_CB inside crypto.h
 * If this code is restructured, remove the callback type if it is no longer
 * needed. -- Geoff Thorpe */
-static void cb_leak(const MEM *m, CRYPTO_MEM_LEAK_CB **cb)
+/* Can't pass CRYPTO_MEM_LEAK_CB directly to lh_MEM_doall_arg because it
+ * is a function pointer and conversion to void * is prohibited. Instead
+ * pass its address
+ */
+typedef CRYPTO_MEM_LEAK_CB *PCRYPTO_MEM_LEAK_CB;
+static void cb_leak_doall_arg(const MEM *m, PCRYPTO_MEM_LEAK_CB *cb)
        {
-        (**cb)(m->order,m->file,m->line,m->num,m->addr);
+        (*cb)(m->order,m->file,m->line,m->num,m->addr);
        }
-static IMPLEMENT_LHASH_DOALL_ARG_FN(cb_leak, const MEM *, CRYPTO_MEM_LEAK_CB **)
+static IMPLEMENT_LHASH_DOALL_ARG_FN(cb_leak, const MEM, PCRYPTO_MEM_LEAK_CB)
 void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb)
        {
        if (mh == NULL) return;
        CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2);
-        lh_doall_arg(mh, LHASH_DOALL_ARG_FN(cb_leak), &cb);
+        lh_MEM_doall_arg(mh, LHASH_DOALL_ARG_FN(cb_leak), PCRYPTO_MEM_LEAK_CB,
+                         &cb);
        CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2);
        }
-void CRYPTO_malloc_debug_init(void)
-        {
-        CRYPTO_set_mem_debug_functions(
-                CRYPTO_dbg_malloc,
-                CRYPTO_dbg_realloc,
-                CRYPTO_dbg_free,
-                CRYPTO_dbg_set_options,
-                CRYPTO_dbg_get_options);
-        CRYPTO_set_mem_info_functions(
-                CRYPTO_dbg_push_info,
-                CRYPTO_dbg_pop_info,
-                CRYPTO_dbg_remove_all_info);
-        }
-char *CRYPTO_strdup(const char *str, const char *file, int line)
-        {
-        char *ret = CRYPTO_malloc(strlen(str)+1, file, line);
-        strcpy(ret, str);
-        return ret;
-        }
diff --git a/src/lib/libcrypto/modes/cbc128.c b/src/lib/libcrypto/modes/cbc128.c
new file mode 100644
index 0000000000..8f8bd563b9
--- /dev/null
+++ b/src/lib/libcrypto/modes/cbc128.c
@@ -0,0 +1,206 @@
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+#include "modes.h"
+#include <string.h>
+#ifndef MODES_DEBUG
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
+#endif
+#include <assert.h>
+#define STRICT_ALIGNMENT 1
+#if defined(__i386) || defined(__i386__) || \
+    defined(__x86_64) || defined(__x86_64__) || \
+    defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \
+    defined(__s390__) || defined(__s390x__)
+#  undef STRICT_ALIGNMENT
+#  define STRICT_ALIGNMENT 0
+#endif
+void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out,
+                        size_t len, const void *key,
+                        unsigned char ivec[16], block128_f block)
+{
+        size_t n;
+        const unsigned char *iv = ivec;
+        assert(in && out && key && ivec);
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+        if (STRICT_ALIGNMENT &&
+            ((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0) {
+                while (len>=16) {
+                        for(n=0; n<16; ++n)
+                                out[n] = in[n] ^ iv[n];
+                        (*block)(out, out, key);
+                        iv = out;
+                        len -= 16;
+                        in  += 16;
+                        out += 16;
+                }
+        } else {
+                while (len>=16) {
+                        for(n=0; n<16; n+=sizeof(size_t))
+                                *(size_t*)(out+n) =
+                                *(size_t*)(in+n) ^ *(size_t*)(iv+n);
+                        (*block)(out, out, key);
+                        iv = out;
+                        len -= 16;
+                        in  += 16;
+                        out += 16;
+                }
+        }
+#endif
+        while (len) {
+                for(n=0; n<16 && n<len; ++n)
+                        out[n] = in[n] ^ iv[n];
+                for(; n<16; ++n)
+                        out[n] = iv[n];
+                (*block)(out, out, key);
+                iv = out;
+                if (len<=16) break;
+                len -= 16;
+                in  += 16;
+                out += 16;
+        }
+        memcpy(ivec,iv,16);
+}
+void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out,
+                        size_t len, const void *key,
+                        unsigned char ivec[16], block128_f block)
+{
+        size_t n;
+        union { size_t align; unsigned char c[16]; } tmp;
+        assert(in && out && key && ivec);
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+        if (in != out) {
+                const unsigned char *iv = ivec;
+                if (STRICT_ALIGNMENT &&
+                    ((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0) {
+                        while (len>=16) {
+                                (*block)(in, out, key);
+                                for(n=0; n<16; ++n)
+                                        out[n] ^= iv[n];
+                                iv = in;
+                                len -= 16;
+                                in  += 16;
+                                out += 16;
+                        }
+                }
+                else {
+                        while (len>=16) {
+                                (*block)(in, out, key);
+                                for(n=0; n<16; n+=sizeof(size_t))
+                                        *(size_t *)(out+n) ^= *(size_t *)(iv+n);
+                                iv = in;
+                                len -= 16;
+                                in  += 16;
+                                out += 16;
+                        }
+                }
+                memcpy(ivec,iv,16);
+        } else {
+                if (STRICT_ALIGNMENT &&
+                    ((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0) {
+                        unsigned char c;
+                        while (len>=16) {
+                                (*block)(in, tmp.c, key);
+                                for(n=0; n<16; ++n) {
+                                        c = in[n];
+                                        out[n] = tmp.c[n] ^ ivec[n];
+                                        ivec[n] = c;
+                                }
+                                len -= 16;
+                                in  += 16;
+                                out += 16;
+                        }
+                }
+                else {
+                        size_t c;
+                        while (len>=16) {
+                                (*block)(in, tmp.c, key);
+                                for(n=0; n<16; n+=sizeof(size_t)) {
+                                        c = *(size_t *)(in+n);
+                                        *(size_t *)(out+n) =
+                                        *(size_t *)(tmp.c+n) ^ *(size_t *)(ivec+n);
+                                        *(size_t *)(ivec+n) = c;
+                                }
+                                len -= 16;
+                                in  += 16;
+                                out += 16;
+                        }
+                }
+        }
+#endif
+        while (len) {
+                unsigned char c;
+                (*block)(in, tmp.c, key);
+                for(n=0; n<16 && n<len; ++n) {
+                        c = in[n];
+                        out[n] = tmp.c[n] ^ ivec[n];
+                        ivec[n] = c;
+                }
+                if (len<=16) {
+                        for (; n<16; ++n)
+                                ivec[n] = in[n];
+                        break;
+                }
+                len -= 16;
+                in  += 16;
+                out += 16;
+        }
+}
diff --git a/src/lib/libcrypto/modes/cfb128.c b/src/lib/libcrypto/modes/cfb128.c
new file mode 100644
index 0000000000..e5938c6137
--- /dev/null
+++ b/src/lib/libcrypto/modes/cfb128.c
@@ -0,0 +1,249 @@
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+#include "modes.h"
+#include <string.h>
+#ifndef MODES_DEBUG
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
+#endif
+#include <assert.h>
+#define STRICT_ALIGNMENT
+#if defined(__i386) || defined(__i386__) || \
+    defined(__x86_64) || defined(__x86_64__) || \
+    defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \
+    defined(__s390__) || defined(__s390x__)
+#  undef STRICT_ALIGNMENT
+#endif
+/* The input and output encrypted as though 128bit cfb mode is being
+ * used.  The extra state information to record how much of the
+ * 128bit block we have used is contained in *num;
+ */
+void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+                        size_t len, const void *key,
+                        unsigned char ivec[16], int *num,
+                        int enc, block128_f block)
+{
+    unsigned int n;
+    size_t l = 0;
+    assert(in && out && key && ivec && num);
+    n = *num;
+    if (enc) {
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+        if (16%sizeof(size_t) == 0) do {        /* always true actually */
+                while (n && len) {
+                        *(out++) = ivec[n] ^= *(in++);
+                        --len;
+                        n = (n+1) % 16;
+                }
+#if defined(STRICT_ALIGNMENT)
+                if (((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0)
+                        break;
+#endif
+                while (len>=16) {
+                        (*block)(ivec, ivec, key);
+                        for (; n<16; n+=sizeof(size_t)) {
+                                *(size_t*)(out+n) =
+                                *(size_t*)(ivec+n) ^= *(size_t*)(in+n);
+                        }
+                        len -= 16;
+                        out += 16;
+                        in  += 16;
+                        n = 0;
+                }
+                if (len) {
+                        (*block)(ivec, ivec, key);
+                        while (len--) {
+                                out[n] = ivec[n] ^= in[n];
+                                ++n;
+                        }
+                }
+                *num = n;
+                return;
+        } while (0);
+        /* the rest would be commonly eliminated by x86* compiler */
+#endif
+        while (l<len) {
+                if (n == 0) {
+                        (*block)(ivec, ivec, key);
+                }
+                out[l] = ivec[n] ^= in[l];
+                ++l;
+                n = (n+1) % 16;
+        }
+        *num = n;
+    } else {
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+        if (16%sizeof(size_t) == 0) do {        /* always true actually */
+                while (n && len) {
+                        unsigned char c;
+                        *(out++) = ivec[n] ^ (c = *(in++)); ivec[n] = c;
+                        --len;
+                        n = (n+1) % 16;
+                }
+#if defined(STRICT_ALIGNMENT)
+                if (((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0)
+                        break;
+#endif
+                while (len>=16) {
+                        (*block)(ivec, ivec, key);
+                        for (; n<16; n+=sizeof(size_t)) {
+                                size_t t = *(size_t*)(in+n);
+                                *(size_t*)(out+n) = *(size_t*)(ivec+n) ^ t;
+                                *(size_t*)(ivec+n) = t;
+                        }
+                        len -= 16;
+                        out += 16;
+                        in  += 16;
+                        n = 0;
+                }
+                if (len) {
+                        (*block)(ivec, ivec, key);
+                        while (len--) {
+                                unsigned char c;
+                                out[n] = ivec[n] ^ (c = in[n]); ivec[n] = c;
+                                ++n;
+                        }
+                }
+                *num = n;
+                return;
+        } while (0);
+        /* the rest would be commonly eliminated by x86* compiler */
+#endif
+        while (l<len) {
+                unsigned char c;
+                if (n == 0) {
+                        (*block)(ivec, ivec, key);
+                }
+                out[l] = ivec[n] ^ (c = in[l]); ivec[n] = c;
+                ++l;
+                n = (n+1) % 16;
+        }
+        *num=n;
+    }
+}
+/* This expects a single block of size nbits for both in and out. Note that
+   it corrupts any extra bits in the last byte of out */
+static void cfbr_encrypt_block(const unsigned char *in,unsigned char *out,
+                            int nbits,const void *key,
+                            unsigned char ivec[16],int enc,
+                            block128_f block)
+{
+    int n,rem,num;
+    unsigned char ovec[16*2 + 1];  /* +1 because we dererefence (but don't use) one byte off the end */
+    if (nbits<=0 || nbits>128) return;
+        /* fill in the first half of the new IV with the current IV */
+        memcpy(ovec,ivec,16);
+        /* construct the new IV */
+        (*block)(ivec,ivec,key);
+        num = (nbits+7)/8;
+        if (enc)        /* encrypt the input */
+            for(n=0 ; n < num ; ++n)
+                out[n] = (ovec[16+n] = in[n] ^ ivec[n]);
+        else            /* decrypt the input */
+            for(n=0 ; n < num ; ++n)
+                out[n] = (ovec[16+n] = in[n]) ^ ivec[n];
+        /* shift ovec left... */
+        rem = nbits%8;
+        num = nbits/8;
+        if(rem==0)
+            memcpy(ivec,ovec+num,16);
+        else
+            for(n=0 ; n < 16 ; ++n)
+                ivec[n] = ovec[n+num]<<rem | ovec[n+num+1]>>(8-rem);
+    /* it is not necessary to cleanse ovec, since the IV is not secret */
+}
+/* N.B. This expects the input to be packed, MS bit first */
+void CRYPTO_cfb128_1_encrypt(const unsigned char *in, unsigned char *out,
+                        size_t bits, const void *key,
+                        unsigned char ivec[16], int *num,
+                        int enc, block128_f block)
+{
+    size_t n;
+    unsigned char c[1],d[1];
+    assert(in && out && key && ivec && num);
+    assert(*num == 0);
+    for(n=0 ; n<bits ; ++n)
+        {
+        c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;
+        cfbr_encrypt_block(c,d,1,key,ivec,enc,block);
+        out[n/8]=(out[n/8]&~(1 << (unsigned int)(7-n%8))) |
+                 ((d[0]&0x80) >> (unsigned int)(n%8));
+        }
+}
+void CRYPTO_cfb128_8_encrypt(const unsigned char *in, unsigned char *out,
+                        size_t length, const void *key,
+                        unsigned char ivec[16], int *num,
+                        int enc, block128_f block)
+{
+    size_t n;
+    assert(in && out && key && ivec && num);
+    assert(*num == 0);
+    for(n=0 ; n<length ; ++n)
+        cfbr_encrypt_block(&in[n],&out[n],8,key,ivec,enc,block);
+}
diff --git a/src/lib/libcrypto/modes/ctr128.c b/src/lib/libcrypto/modes/ctr128.c
new file mode 100644
index 0000000000..932037f551
--- /dev/null
+++ b/src/lib/libcrypto/modes/ctr128.c
@@ -0,0 +1,184 @@
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+#include "modes.h"
+#include <string.h>
+#ifndef MODES_DEBUG
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
+#endif
+#include <assert.h>
+typedef unsigned int u32;
+typedef unsigned char u8;
+#define STRICT_ALIGNMENT
+#if defined(__i386)     || defined(__i386__)    || \
+    defined(__x86_64)   || defined(__x86_64__)  || \
+    defined(_M_IX86)    || defined(_M_AMD64)    || defined(_M_X64) || \
+    defined(__s390__)   || defined(__s390x__)
+#  undef STRICT_ALIGNMENT
+#endif
+/* NOTE: the IV/counter CTR mode is big-endian.  The code itself
+ * is endian-neutral. */
+/* increment counter (128-bit int) by 1 */
+static void ctr128_inc(unsigned char *counter) {
+        u32 n=16;
+        u8  c;
+        do {
+                --n;
+                c = counter[n];
+                ++c;
+                counter[n] = c;
+                if (c) return;
+        } while (n);
+}
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+static void ctr128_inc_aligned(unsigned char *counter) {
+        size_t *data,c,n;
+        const union { long one; char little; } is_endian = {1};
+        if (is_endian.little) {
+                ctr128_inc(counter);
+                return;
+        }
+        data = (size_t *)counter;
+        n = 16/sizeof(size_t);
+        do {
+                --n;
+                c = data[n];
+                ++c;
+                data[n] = c;
+                if (c) return;
+        } while (n);
+}
+#endif
+/* The input encrypted as though 128bit counter mode is being
+ * used.  The extra state information to record how much of the
+ * 128bit block we have used is contained in *num, and the
+ * encrypted counter is kept in ecount_buf.  Both *num and
+ * ecount_buf must be initialised with zeros before the first
+ * call to CRYPTO_ctr128_encrypt().
+ *
+ * This algorithm assumes that the counter is in the x lower bits
+ * of the IV (ivec), and that the application has full control over
+ * overflow and the rest of the IV.  This implementation takes NO
+ * responsability for checking that the counter doesn't overflow
+ * into the rest of the IV when incremented.
+ */
+void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out,
+                        size_t len, const void *key,
+                        unsigned char ivec[16], unsigned char ecount_buf[16],
+                        unsigned int *num, block128_f block)
+{
+        unsigned int n;
+        size_t l=0;
+        assert(in && out && key && ecount_buf && num);
+        assert(*num < 16);
+        n = *num;
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+        if (16%sizeof(size_t) == 0) do { /* always true actually */
+                while (n && len) {
+                        *(out++) = *(in++) ^ ecount_buf[n];
+                        --len;
+                        n = (n+1) % 16;
+                }
+#if defined(STRICT_ALIGNMENT)
+                if (((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0)
+                        break;
+#endif
+                while (len>=16) {
+                        (*block)(ivec, ecount_buf, key);
+                        ctr128_inc_aligned(ivec);
+                        for (; n<16; n+=sizeof(size_t))
+                                *(size_t *)(out+n) =
+                                *(size_t *)(in+n) ^ *(size_t *)(ecount_buf+n);
+                        len -= 16;
+                        out += 16;
+                        in  += 16;
+                        n = 0;
+                }
+                if (len) {
+                        (*block)(ivec, ecount_buf, key);
+                        ctr128_inc_aligned(ivec);
+                        while (len--) {
+                                out[n] = in[n] ^ ecount_buf[n];
+                                ++n;
+                        }
+                }
+                *num = n;
+                return;
+        } while(0);
+        /* the rest would be commonly eliminated by x86* compiler */
+#endif
+        while (l<len) {
+                if (n==0) {
+                        (*block)(ivec, ecount_buf, key);
+                        ctr128_inc(ivec);
+                }
+                out[l] = in[l] ^ ecount_buf[n];
+                ++l;
+                n = (n+1) % 16;
+        }
+        *num=n;
+}
diff --git a/src/lib/libcrypto/modes/cts128.c b/src/lib/libcrypto/modes/cts128.c
new file mode 100644
index 0000000000..e0430f9fdc
--- /dev/null
+++ b/src/lib/libcrypto/modes/cts128.c
@@ -0,0 +1,259 @@
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
+ *
+ * Rights for redistribution and usage in source and binary
+ * forms are granted according to the OpenSSL license.
+ */
+#include "modes.h"
+#include <string.h>
+#ifndef MODES_DEBUG
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
+#endif
+#include <assert.h>
+/*
+ * Trouble with Ciphertext Stealing, CTS, mode is that there is no
+ * common official specification, but couple of cipher/application
+ * specific ones: RFC2040 and RFC3962. Then there is 'Proposal to
+ * Extend CBC Mode By "Ciphertext Stealing"' at NIST site, which
+ * deviates from mentioned RFCs. Most notably it allows input to be
+ * of block length and it doesn't flip the order of the last two
+ * blocks. CTS is being discussed even in ECB context, but it's not
+ * adopted for any known application. This implementation complies
+ * with mentioned RFCs and [as such] extends CBC mode.
+ */
+size_t CRYPTO_cts128_encrypt_block(const unsigned char *in, unsigned char *out,
+                        size_t len, const void *key,
+                        unsigned char ivec[16], block128_f block)
+{       size_t residue, n;
+        assert (in && out && key && ivec);
+        if (len <= 16) return 0;
+        if ((residue=len%16) == 0) residue = 16;
+        len -= residue;
+        CRYPTO_cbc128_encrypt(in,out,len,key,ivec,block);
+        in  += len;
+        out += len;
+        for (n=0; n<residue; ++n)
+                ivec[n] ^= in[n];
+        (*block)(ivec,ivec,key);
+        memcpy(out,out-16,residue);
+        memcpy(out-16,ivec,16); 
+        return len+residue;
+}
+size_t CRYPTO_cts128_encrypt(const unsigned char *in, unsigned char *out,
+                        size_t len, const void *key,
+                        unsigned char ivec[16], cbc128_f cbc)
+{       size_t residue;
+        union { size_t align; unsigned char c[16]; } tmp;
+        assert (in && out && key && ivec);
+        if (len <= 16) return 0;
+        if ((residue=len%16) == 0) residue = 16;
+        len -= residue;
+        (*cbc)(in,out,len,key,ivec,1);
+        in  += len;
+        out += len;
+#if defined(CBC_HANDLES_TRUNCATED_IO)
+        memcpy(tmp.c,out-16,16);
+        (*cbc)(in,out-16,residue,key,ivec,1);
+        memcpy(out,tmp.c,residue);
+#else
+        {
+        size_t n;
+        for (n=0; n<16; n+=sizeof(size_t))
+                *(size_t *)(tmp.c+n) = 0;
+        memcpy(tmp.c,in,residue);
+        }
+        memcpy(out,out-16,residue);
+        (*cbc)(tmp.c,out-16,16,key,ivec,1);
+#endif
+        return len+residue;
+}
+size_t CRYPTO_cts128_decrypt_block(const unsigned char *in, unsigned char *out,
+                        size_t len, const void *key,
+                        unsigned char ivec[16], block128_f block)
+{       size_t residue, n;
+        union { size_t align; unsigned char c[32]; } tmp;
+        assert (in && out && key && ivec);
+        if (len<=16) return 0;
+        if ((residue=len%16) == 0) residue = 16;
+        len -= 16+residue;
+        if (len) {
+                CRYPTO_cbc128_decrypt(in,out,len,key,ivec,block);
+                in  += len;
+                out += len;
+        }
+        (*block)(in,tmp.c+16,key);
+        for (n=0; n<16; n+=sizeof(size_t))
+                *(size_t *)(tmp.c+n) = *(size_t *)(tmp.c+16+n);
+        memcpy(tmp.c,in+16,residue);
+        (*block)(tmp.c,tmp.c,key);
+        for(n=0; n<16; ++n) {
+                unsigned char c = in[n];
+                out[n] = tmp.c[n] ^ ivec[n];
+                ivec[n] = c;
+        }
+        for(residue+=16; n<residue; ++n)
+                out[n] = tmp.c[n] ^ in[n];
+        return len+residue-16;
+}
+size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out,
+                        size_t len, const void *key,
+                        unsigned char ivec[16], cbc128_f cbc)
+{       size_t residue, n;
+        union { size_t align; unsigned char c[32]; } tmp;
+        assert (in && out && key && ivec);
+        if (len<=16) return 0;
+        if ((residue=len%16) == 0) residue = 16;
+        len -= 16+residue;
+        if (len) {
+                (*cbc)(in,out,len,key,ivec,0);
+                in  += len;
+                out += len;
+        }
+        for (n=16; n<32; n+=sizeof(size_t))
+                *(size_t *)(tmp.c+n) = 0;
+        /* this places in[16] at &tmp.c[16] and decrypted block at &tmp.c[0] */
+        (*cbc)(in,tmp.c,16,key,tmp.c+16,0);
+        memcpy(tmp.c,in+16,residue);
+#if defined(CBC_HANDLES_TRUNCATED_IO)
+        (*cbc)(tmp.c,out,16+residue,key,ivec,0);
+#else
+        (*cbc)(tmp.c,tmp.c,32,key,ivec,0);
+        memcpy(out,tmp.c,16+residue);
+#endif
+        return len+residue;
+}
+#if defined(SELFTEST)
+#include <stdio.h>
+#include <openssl/aes.h>
+/* test vectors from RFC 3962 */
+static const unsigned char test_key[16] = "chicken teriyaki";
+static const unsigned char test_input[64] =
+                "I would like the" " General Gau's C"
+                "hicken, please, " "and wonton soup.";
+static const unsigned char test_iv[16] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
+static const unsigned char vector_17[17] =
+{0xc6,0x35,0x35,0x68,0xf2,0xbf,0x8c,0xb4, 0xd8,0xa5,0x80,0x36,0x2d,0xa7,0xff,0x7f,
+ 0x97};
+static const unsigned char vector_31[31] =
+{0xfc,0x00,0x78,0x3e,0x0e,0xfd,0xb2,0xc1, 0xd4,0x45,0xd4,0xc8,0xef,0xf7,0xed,0x22,
+ 0x97,0x68,0x72,0x68,0xd6,0xec,0xcc,0xc0, 0xc0,0x7b,0x25,0xe2,0x5e,0xcf,0xe5};
+static const unsigned char vector_32[32] =
+{0x39,0x31,0x25,0x23,0xa7,0x86,0x62,0xd5, 0xbe,0x7f,0xcb,0xcc,0x98,0xeb,0xf5,0xa8,
+ 0x97,0x68,0x72,0x68,0xd6,0xec,0xcc,0xc0, 0xc0,0x7b,0x25,0xe2,0x5e,0xcf,0xe5,0x84};
+static const unsigned char vector_47[47] =
+{0x97,0x68,0x72,0x68,0xd6,0xec,0xcc,0xc0, 0xc0,0x7b,0x25,0xe2,0x5e,0xcf,0xe5,0x84,
+ 0xb3,0xff,0xfd,0x94,0x0c,0x16,0xa1,0x8c, 0x1b,0x55,0x49,0xd2,0xf8,0x38,0x02,0x9e,
+ 0x39,0x31,0x25,0x23,0xa7,0x86,0x62,0xd5, 0xbe,0x7f,0xcb,0xcc,0x98,0xeb,0xf5};
+static const unsigned char vector_48[48] =
+{0x97,0x68,0x72,0x68,0xd6,0xec,0xcc,0xc0, 0xc0,0x7b,0x25,0xe2,0x5e,0xcf,0xe5,0x84,
+ 0x9d,0xad,0x8b,0xbb,0x96,0xc4,0xcd,0xc0, 0x3b,0xc1,0x03,0xe1,0xa1,0x94,0xbb,0xd8,
+ 0x39,0x31,0x25,0x23,0xa7,0x86,0x62,0xd5, 0xbe,0x7f,0xcb,0xcc,0x98,0xeb,0xf5,0xa8};
+static const unsigned char vector_64[64] =
+{0x97,0x68,0x72,0x68,0xd6,0xec,0xcc,0xc0, 0xc0,0x7b,0x25,0xe2,0x5e,0xcf,0xe5,0x84,
+ 0x39,0x31,0x25,0x23,0xa7,0x86,0x62,0xd5, 0xbe,0x7f,0xcb,0xcc,0x98,0xeb,0xf5,0xa8,
+ 0x48,0x07,0xef,0xe8,0x36,0xee,0x89,0xa5, 0x26,0x73,0x0d,0xbc,0x2f,0x7b,0xc8,0x40,
+ 0x9d,0xad,0x8b,0xbb,0x96,0xc4,0xcd,0xc0, 0x3b,0xc1,0x03,0xe1,0xa1,0x94,0xbb,0xd8};
+static AES_KEY encks, decks;
+void test_vector(const unsigned char *vector,size_t len)
+{       unsigned char cleartext[64];
+        unsigned char iv[sizeof(test_iv)];
+        unsigned char ciphertext[64];
+        size_t tail;
+        printf("vector_%d\n",len); fflush(stdout);
+        if ((tail=len%16) == 0) tail = 16;
+        tail += 16;
+        /* test block-based encryption */
+        memcpy(iv,test_iv,sizeof(test_iv));
+        CRYPTO_cts128_encrypt_block(test_input,ciphertext,len,&encks,iv,(block128_f)AES_encrypt);
+        if (memcmp(ciphertext,vector,len))
+                fprintf(stderr,"output_%d mismatch\n",len), exit(1);
+        if (memcmp(iv,vector+len-tail,sizeof(iv)))
+                fprintf(stderr,"iv_%d mismatch\n",len), exit(1);
+        /* test block-based decryption */
+        memcpy(iv,test_iv,sizeof(test_iv));
+        CRYPTO_cts128_decrypt_block(ciphertext,cleartext,len,&decks,iv,(block128_f)AES_decrypt);
+        if (memcmp(cleartext,test_input,len))
+                fprintf(stderr,"input_%d mismatch\n",len), exit(2);
+        if (memcmp(iv,vector+len-tail,sizeof(iv)))
+                fprintf(stderr,"iv_%d mismatch\n",len), exit(2);
+        /* test streamed encryption */
+        memcpy(iv,test_iv,sizeof(test_iv));
+        CRYPTO_cts128_encrypt(test_input,ciphertext,len,&encks,iv,(cbc128_f)AES_cbc_encrypt);
+        if (memcmp(ciphertext,vector,len))
+                fprintf(stderr,"output_%d mismatch\n",len), exit(3);
+        if (memcmp(iv,vector+len-tail,sizeof(iv)))
+                fprintf(stderr,"iv_%d mismatch\n",len), exit(3);
+        /* test streamed decryption */
+        memcpy(iv,test_iv,sizeof(test_iv));
+        CRYPTO_cts128_decrypt(ciphertext,cleartext,len,&decks,iv,(cbc128_f)AES_cbc_encrypt);
+        if (memcmp(cleartext,test_input,len))
+                fprintf(stderr,"input_%d mismatch\n",len), exit(4);
+        if (memcmp(iv,vector+len-tail,sizeof(iv)))
+                fprintf(stderr,"iv_%d mismatch\n",len), exit(4);
+}
+main()
+{
+        AES_set_encrypt_key(test_key,128,&encks);
+        AES_set_decrypt_key(test_key,128,&decks);
+        test_vector(vector_17,sizeof(vector_17));
+        test_vector(vector_31,sizeof(vector_31));
+        test_vector(vector_32,sizeof(vector_32));
+        test_vector(vector_47,sizeof(vector_47));
+        test_vector(vector_48,sizeof(vector_48));
+        test_vector(vector_64,sizeof(vector_64));
+        exit(0);
+}
+#endif
diff --git a/src/lib/libcrypto/modes/modes.h b/src/lib/libcrypto/modes/modes.h
new file mode 100644
index 0000000000..af8d97d795
--- /dev/null
+++ b/src/lib/libcrypto/modes/modes.h
@@ -0,0 +1,59 @@
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
+ *
+ * Rights for redistribution and usage in source and binary
+ * forms are granted according to the OpenSSL license.
+ */
+#include <stddef.h>
+typedef void (*block128_f)(const unsigned char in[16],
+                        unsigned char out[16],
+                        const void *key);
+typedef void (*cbc128_f)(const unsigned char *in, unsigned char *out,
+                        size_t len, const void *key,
+                        unsigned char ivec[16], int enc);
+void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out,
+                        size_t len, const void *key,
+                        unsigned char ivec[16], block128_f block);
+void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out,
+                        size_t len, const void *key,
+                        unsigned char ivec[16], block128_f block);
+void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out,
+                        size_t len, const void *key,
+                        unsigned char ivec[16], unsigned char ecount_buf[16],
+                        unsigned int *num, block128_f block);
+void CRYPTO_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+                        size_t len, const void *key,
+                        unsigned char ivec[16], int *num,
+                        block128_f block);
+void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+                        size_t len, const void *key,
+                        unsigned char ivec[16], int *num,
+                        int enc, block128_f block);
+void CRYPTO_cfb128_8_encrypt(const unsigned char *in, unsigned char *out,
+                        size_t length, const void *key,
+                        unsigned char ivec[16], int *num,
+                        int enc, block128_f block);
+void CRYPTO_cfb128_1_encrypt(const unsigned char *in, unsigned char *out,
+                        size_t bits, const void *key,
+                        unsigned char ivec[16], int *num,
+                        int enc, block128_f block);
+size_t CRYPTO_cts128_encrypt_block(const unsigned char *in, unsigned char *out,
+                        size_t len, const void *key,
+                        unsigned char ivec[16], block128_f block);
+size_t CRYPTO_cts128_encrypt(const unsigned char *in, unsigned char *out,
+                        size_t len, const void *key,
+                        unsigned char ivec[16], cbc128_f cbc);
+size_t CRYPTO_cts128_decrypt_block(const unsigned char *in, unsigned char *out,
+                        size_t len, const void *key,
+                        unsigned char ivec[16], block128_f block);
+size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out,
+                        size_t len, const void *key,
+                        unsigned char ivec[16], cbc128_f cbc);
diff --git a/src/lib/libcrypto/modes/ofb128.c b/src/lib/libcrypto/modes/ofb128.c
new file mode 100644
index 0000000000..c732e2ec58
--- /dev/null
+++ b/src/lib/libcrypto/modes/ofb128.c
@@ -0,0 +1,128 @@
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+#include "modes.h"
+#include <string.h>
+#ifndef MODES_DEBUG
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
+#endif
+#include <assert.h>
+#define STRICT_ALIGNMENT
+#if defined(__i386) || defined(__i386__) || \
+    defined(__x86_64) || defined(__x86_64__) || \
+    defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \
+    defined(__s390__) || defined(__s390x__)
+#  undef STRICT_ALIGNMENT
+#endif
+/* The input and output encrypted as though 128bit ofb mode is being
+ * used.  The extra state information to record how much of the
+ * 128bit block we have used is contained in *num;
+ */
+void CRYPTO_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+                        size_t len, const void *key,
+                        unsigned char ivec[16], int *num,
+                        block128_f block)
+{
+        unsigned int n;
+        size_t l=0;
+        assert(in && out && key && ivec && num);
+        n = *num;
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+        if (16%sizeof(size_t) == 0) do { /* always true actually */
+                while (n && len) {
+                        *(out++) = *(in++) ^ ivec[n];
+                        --len;
+                        n = (n+1) % 16;
+                }
+#if defined(STRICT_ALIGNMENT)
+                if (((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0)
+                        break;
+#endif
+                while (len>=16) {
+                        (*block)(ivec, ivec, key);
+                        for (; n<16; n+=sizeof(size_t))
+                                *(size_t*)(out+n) =
+                                *(size_t*)(in+n) ^ *(size_t*)(ivec+n);
+                        len -= 16;
+                        out += 16;
+                        in  += 16;
+                        n = 0;
+                }
+                if (len) {
+                        (*block)(ivec, ivec, key);
+                        while (len--) {
+                                out[n] = in[n] ^ ivec[n];
+                                ++n;
+                        }
+                }
+                *num = n;
+                return;
+        } while(0);
+        /* the rest would be commonly eliminated by x86* compiler */
+#endif
+        while (l<len) {
+                if (n==0) {
+                        (*block)(ivec, ivec, key);
+                }
+                out[l] = in[l] ^ ivec[n];
+                ++l;
+                n = (n+1) % 16;
+        }
+        *num=n;
+}
diff --git a/src/lib/libcrypto/o_str.c b/src/lib/libcrypto/o_str.c
index 59cc25094b..56104a6c34 100644
--- a/src/lib/libcrypto/o_str.c
+++ b/src/lib/libcrypto/o_str.c
@@ -60,7 +60,9 @@
 #include <e_os.h>
 #include "o_str.h"
-#if !defined(OPENSSL_IMPLEMENTS_strncasecmp) && !defined(OPENSSL_SYSNAME_WIN32)
+#if !defined(OPENSSL_IMPLEMENTS_strncasecmp) && \
+    !defined(OPENSSL_SYSNAME_WIN32) && \
+    !defined(NETWARE_CLIB)
 # include <strings.h>
 #endif
diff --git a/src/lib/libcrypto/o_time.c b/src/lib/libcrypto/o_time.c
index e29091d650..eecbdd19f0 100644
--- a/src/lib/libcrypto/o_time.c
+++ b/src/lib/libcrypto/o_time.c
@@ -2,6 +2,9 @@
 /* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
 * project 2001.
 */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2008.
+ */
 /* ====================================================================
 * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
 *
@@ -73,7 +76,7 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result)
        {
        struct tm *ts = NULL;
-#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_OS2) && !defined(__CYGWIN32__) && (!defined(OPENSSL_SYS_VMS) || defined(gmtime_r)) && !defined(OPENSSL_SYS_MACOSX) && !defined(OPENSSL_SYS_SUNOS)
+#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_OS2) && (!defined(OPENSSL_SYS_VMS) || defined(gmtime_r)) && !defined(OPENSSL_SYS_MACOSX) && !defined(OPENSSL_SYS_SUNOS)
        /* should return &data, but doesn't on some systems,
           so we don't even look at the return value */
        gmtime_r(timer,result);
@@ -214,4 +217,150 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result)
                }
 #endif
        return ts;
-        }       
+        }
+/* Take a tm structure and add an offset to it. This avoids any OS issues
+ * with restricted date types and overflows which cause the year 2038
+ * problem.
+ */
+#define SECS_PER_DAY (24 * 60 * 60)
+static long date_to_julian(int y, int m, int d);
+static void julian_to_date(long jd, int *y, int *m, int *d);
+int OPENSSL_gmtime_adj(struct tm *tm, int off_day, long offset_sec)
+        {
+        int offset_hms, offset_day;
+        long time_jd;
+        int time_year, time_month, time_day;
+        /* split offset into days and day seconds */
+        offset_day = offset_sec / SECS_PER_DAY;
+        /* Avoid sign issues with % operator */
+        offset_hms  = offset_sec - (offset_day * SECS_PER_DAY);
+        offset_day += off_day;
+        /* Add current time seconds to offset */
+        offset_hms += tm->tm_hour * 3600 + tm->tm_min * 60 + tm->tm_sec;
+        /* Adjust day seconds if overflow */
+        if (offset_hms >= SECS_PER_DAY)
+                {
+                offset_day++;
+                offset_hms -= SECS_PER_DAY;
+                }
+        else if (offset_hms < 0)
+                {
+                offset_day--;
+                offset_hms += SECS_PER_DAY;
+                }
+        /* Convert date of time structure into a Julian day number.
+         */
+        time_year = tm->tm_year + 1900;
+        time_month = tm->tm_mon + 1;
+        time_day = tm->tm_mday;
+        time_jd = date_to_julian(time_year, time_month, time_day);
+        /* Work out Julian day of new date */
+        time_jd += offset_day;
+        if (time_jd < 0)
+                return 0;
+        /* Convert Julian day back to date */
+        julian_to_date(time_jd, &time_year, &time_month, &time_day);
+        if (time_year < 1900 || time_year > 9999)
+                return 0;
+        /* Update tm structure */
+        tm->tm_year = time_year - 1900;
+        tm->tm_mon = time_month - 1;
+        tm->tm_mday = time_day;
+        tm->tm_hour = offset_hms / 3600;
+        tm->tm_min = (offset_hms / 60) % 60;
+        tm->tm_sec = offset_hms % 60;
+        return 1;
+                
+}
+/* Convert date to and from julian day
+ * Uses Fliegel & Van Flandern algorithm
+ */
+static long date_to_julian(int y, int m, int d)
+{
+        return (1461 * (y + 4800 + (m - 14) / 12)) / 4 +
+                (367 * (m - 2 - 12 * ((m - 14) / 12))) / 12 -
+                (3 * ((y + 4900 + (m - 14) / 12) / 100)) / 4 +
+                d - 32075;
+}
+static void julian_to_date(long jd, int *y, int *m, int *d)
+        {
+        long  L = jd + 68569;
+        long  n = (4 * L) / 146097;
+        long  i, j;
+        L = L - (146097 * n + 3) / 4;
+        i = (4000 * (L + 1)) / 1461001;
+        L = L - (1461 * i) / 4 + 31;
+        j = (80 * L) / 2447;
+        *d = L - (2447 * j) / 80;
+        L = j / 11;
+        *m = j + 2 - (12 * L);
+        *y = 100 * (n - 49) + i + L;
+        }
+#ifdef OPENSSL_TIME_TEST
+#include <stdio.h>
+/* Time checking test code. Check times are identical for a wide range of
+ * offsets. This should be run on a machine with 64 bit time_t or it will
+ * trigger the very errors the routines fix.
+ */
+int main(int argc, char **argv)
+        {
+        long offset;
+        for (offset = 0; offset < 1000000; offset++)
+                {
+                check_time(offset);
+                check_time(-offset);
+                check_time(offset * 1000);
+                check_time(-offset * 1000);
+                }
+        }
+int check_time(long offset)
+        {
+        struct tm tm1, tm2;
+        time_t t1, t2;
+        time(&t1);
+        t2 = t1 + offset;
+        OPENSSL_gmtime(&t2, &tm2);
+        OPENSSL_gmtime(&t1, &tm1);
+        OPENSSL_gmtime_adj(&tm1, 0, offset);
+        if ((tm1.tm_year == tm2.tm_year) &&
+            (tm1.tm_mon == tm2.tm_mon) &&
+            (tm1.tm_mday == tm2.tm_mday) &&
+            (tm1.tm_hour == tm2.tm_hour) &&
+            (tm1.tm_min == tm2.tm_min) &&
+            (tm1.tm_sec == tm2.tm_sec))
+                return 1;
+        fprintf(stderr, "TIME ERROR!!\n");
+        fprintf(stderr, "Time1: %d/%d/%d, %d:%02d:%02d\n",
+                        tm2.tm_mday, tm2.tm_mon + 1, tm2.tm_year + 1900,
+                        tm2.tm_hour, tm2.tm_min, tm2.tm_sec);
+        fprintf(stderr, "Time2: %d/%d/%d, %d:%02d:%02d\n",
+                        tm1.tm_mday, tm1.tm_mon + 1, tm1.tm_year + 1900,
+                        tm1.tm_hour, tm1.tm_min, tm1.tm_sec);
+        return 0;
+        }
+#endif
diff --git a/src/lib/libcrypto/o_time.h b/src/lib/libcrypto/o_time.h
index e66044626d..e391da7508 100644
--- a/src/lib/libcrypto/o_time.h
+++ b/src/lib/libcrypto/o_time.h
@@ -62,5 +62,6 @@
 #include <time.h>
 struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result);
+int OPENSSL_gmtime_adj(struct tm *tm, int offset_day, long offset_sec);
 #endif
diff --git a/src/lib/libcrypto/objects/o_names.c b/src/lib/libcrypto/objects/o_names.c
index adb5731f76..84380a96a9 100644
--- a/src/lib/libcrypto/objects/o_names.c
+++ b/src/lib/libcrypto/objects/o_names.c
@@ -22,7 +22,8 @@
 /* I use the ex_data stuff to manage the identifiers for the obj_name_types
 * that applications may define.  I only really use the free function field.
 */
-static LHASH *names_lh=NULL;
+DECLARE_LHASH_OF(OBJ_NAME);
+static LHASH_OF(OBJ_NAME) *names_lh=NULL;
 static int names_type_num=OBJ_NAME_TYPE_NUM;
 typedef struct name_funcs_st
@@ -46,11 +47,14 @@ static unsigned long obj_name_hash(const void *a_void);
 /* static int obj_name_cmp(OBJ_NAME *a,OBJ_NAME *b); */
 static int obj_name_cmp(const void *a_void,const void *b_void);
+static IMPLEMENT_LHASH_HASH_FN(obj_name, OBJ_NAME)
+static IMPLEMENT_LHASH_COMP_FN(obj_name, OBJ_NAME)
 int OBJ_NAME_init(void)
        {
        if (names_lh != NULL) return(1);
        MemCheck_off();
-        names_lh=lh_new(obj_name_hash, obj_name_cmp);
+        names_lh=lh_OBJ_NAME_new();
        MemCheck_on();
        return(names_lh != NULL);
        }
@@ -164,7 +168,7 @@ const char *OBJ_NAME_get(const char *name, int type)
        for (;;)
        {
-                ret=(OBJ_NAME *)lh_retrieve(names_lh,&on);
+                ret=lh_OBJ_NAME_retrieve(names_lh,&on);
                if (ret == NULL) return(NULL);
                if ((ret->alias) && !alias)
                        {
@@ -200,7 +204,7 @@ int OBJ_NAME_add(const char *name, int type, const char *data)
        onp->type=type;
        onp->data=data;
-        ret=(OBJ_NAME *)lh_insert(names_lh,onp);
+        ret=lh_OBJ_NAME_insert(names_lh,onp);
        if (ret != NULL)
                {
                /* free things */
@@ -217,7 +221,7 @@ int OBJ_NAME_add(const char *name, int type, const char *data)
                }
        else
                {
-                if (lh_error(names_lh))
+                if (lh_OBJ_NAME_error(names_lh))
                        {
                        /* ERROR */
                        return(0);
@@ -235,7 +239,7 @@ int OBJ_NAME_remove(const char *name, int type)
        type&= ~OBJ_NAME_ALIAS;
        on.name=name;
        on.type=type;
-        ret=(OBJ_NAME *)lh_delete(names_lh,&on);
+        ret=lh_OBJ_NAME_delete(names_lh,&on);
        if (ret != NULL)
                {
                /* free things */
@@ -262,13 +266,13 @@ struct doall
        void *arg;
        };
-static void do_all_fn(const OBJ_NAME *name,struct doall *d)
+static void do_all_fn_doall_arg(const OBJ_NAME *name,struct doall *d)
        {
        if(name->type == d->type)
                d->fn(name,d->arg);
        }
-static IMPLEMENT_LHASH_DOALL_ARG_FN(do_all_fn, const OBJ_NAME *, struct doall *)
+static IMPLEMENT_LHASH_DOALL_ARG_FN(do_all_fn, const OBJ_NAME, struct doall)
 void OBJ_NAME_do_all(int type,void (*fn)(const OBJ_NAME *,void *arg),void *arg)
        {
@@ -278,7 +282,8 @@ void OBJ_NAME_do_all(int type,void (*fn)(const OBJ_NAME *,void *arg),void *arg)
        d.fn=fn;
        d.arg=arg;
-        lh_doall_arg(names_lh,LHASH_DOALL_ARG_FN(do_all_fn),&d);
+        lh_OBJ_NAME_doall_arg(names_lh, LHASH_DOALL_ARG_FN(do_all_fn),
+                              struct doall, &d);
        }
 struct doall_sorted
@@ -313,7 +318,7 @@ void OBJ_NAME_do_all_sorted(int type,void (*fn)(const OBJ_NAME *,void *arg),
        int n;
        d.type=type;
-        d.names=OPENSSL_malloc(lh_num_items(names_lh)*sizeof *d.names);
+        d.names=OPENSSL_malloc(lh_OBJ_NAME_num_items(names_lh)*sizeof *d.names);
        d.n=0;
        OBJ_NAME_do_all(type,do_all_sorted_fn,&d);
@@ -327,18 +332,16 @@ void OBJ_NAME_do_all_sorted(int type,void (*fn)(const OBJ_NAME *,void *arg),
 static int free_type;
-static void names_lh_free(OBJ_NAME *onp)
+static void names_lh_free_doall(OBJ_NAME *onp)
-{
+        {
-        if(onp == NULL)
+        if (onp == NULL)
                return;
-        if ((free_type < 0) || (free_type == onp->type))
+        if (free_type < 0 || free_type == onp->type)
-                {
                OBJ_NAME_remove(onp->name,onp->type);
-                }
        }
-static IMPLEMENT_LHASH_DOALL_FN(names_lh_free, OBJ_NAME *)
+static IMPLEMENT_LHASH_DOALL_FN(names_lh_free, OBJ_NAME)
 static void name_funcs_free(NAME_FUNCS *ptr)
        {
@@ -352,18 +355,18 @@ void OBJ_NAME_cleanup(int type)
        if (names_lh == NULL) return;
        free_type=type;
-        down_load=names_lh->down_load;
+        down_load=lh_OBJ_NAME_down_load(names_lh);
-        names_lh->down_load=0;
+        lh_OBJ_NAME_down_load(names_lh)=0;
-        lh_doall(names_lh,LHASH_DOALL_FN(names_lh_free));
+        lh_OBJ_NAME_doall(names_lh,LHASH_DOALL_FN(names_lh_free));
        if (type < 0)
                {
-                lh_free(names_lh);
+                lh_OBJ_NAME_free(names_lh);
                sk_NAME_FUNCS_pop_free(name_funcs_stack,name_funcs_free);
                names_lh=NULL;
                name_funcs_stack = NULL;
                }
        else
-                names_lh->down_load=down_load;
+                lh_OBJ_NAME_down_load(names_lh)=down_load;
        }
diff --git a/src/lib/libcrypto/objects/obj_dat.c b/src/lib/libcrypto/objects/obj_dat.c
index 7fd7433241..8a342ba3eb 100644
--- a/src/lib/libcrypto/objects/obj_dat.c
+++ b/src/lib/libcrypto/objects/obj_dat.c
@@ -74,16 +74,17 @@
 #define NUM_SN 0
 #define NUM_LN 0
 #define NUM_OBJ 0
-static unsigned char lvalues[1];
+static const unsigned char lvalues[1];
-static ASN1_OBJECT nid_objs[1];
+static const ASN1_OBJECT nid_objs[1];
-static ASN1_OBJECT *sn_objs[1];
+static const unsigned int sn_objs[1];
-static ASN1_OBJECT *ln_objs[1];
+static const unsigned int ln_objs[1];
-static ASN1_OBJECT *obj_objs[1];
+static const unsigned int obj_objs[1];
 #endif
-static int sn_cmp(const void *a, const void *b);
+DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, sn);
-static int ln_cmp(const void *a, const void *b);
+DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, ln);
-static int obj_cmp(const void *a, const void *b);
+DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, obj);
 #define ADDED_DATA      0
 #define ADDED_SNAME     1
 #define ADDED_LNAME     2
@@ -94,30 +95,27 @@ typedef struct added_obj_st
        int type;
        ASN1_OBJECT *obj;
        } ADDED_OBJ;
+DECLARE_LHASH_OF(ADDED_OBJ);
 static int new_nid=NUM_NID;
-static LHASH *added=NULL;
+static LHASH_OF(ADDED_OBJ) *added=NULL;
-static int sn_cmp(const void *a, const void *b)
+static int sn_cmp(const ASN1_OBJECT * const *a, const unsigned int *b)
-        {
+        { return(strcmp((*a)->sn,nid_objs[*b].sn)); }
-        const ASN1_OBJECT * const *ap = a, * const *bp = b;
-        return(strcmp((*ap)->sn,(*bp)->sn));
-        }
-static int ln_cmp(const void *a, const void *b)
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, sn);
-        { 
-        const ASN1_OBJECT * const *ap = a, * const *bp = b;
+static int ln_cmp(const ASN1_OBJECT * const *a, const unsigned int *b)
-        return(strcmp((*ap)->ln,(*bp)->ln));
+        { return(strcmp((*a)->ln,nid_objs[*b].ln)); }
-        }
-/* static unsigned long add_hash(ADDED_OBJ *ca) */
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, ln);
-static unsigned long add_hash(const void *ca_void)
+static unsigned long added_obj_hash(const ADDED_OBJ *ca)
        {
        const ASN1_OBJECT *a;
        int i;
        unsigned long ret=0;
        unsigned char *p;
-        const ADDED_OBJ *ca = (const ADDED_OBJ *)ca_void;
        a=ca->obj;
        switch (ca->type)
@@ -145,14 +143,12 @@ static unsigned long add_hash(const void *ca_void)
        ret|=ca->type<<30L;
        return(ret);
        }
+static IMPLEMENT_LHASH_HASH_FN(added_obj, ADDED_OBJ)
-/* static int add_cmp(ADDED_OBJ *ca, ADDED_OBJ *cb) */
+static int added_obj_cmp(const ADDED_OBJ *ca, const ADDED_OBJ *cb)
-static int add_cmp(const void *ca_void, const void *cb_void)
        {
        ASN1_OBJECT *a,*b;
        int i;
-        const ADDED_OBJ *ca = (const ADDED_OBJ *)ca_void;
-        const ADDED_OBJ *cb = (const ADDED_OBJ *)cb_void;
        i=ca->type-cb->type;
        if (i) return(i);
@@ -179,15 +175,16 @@ static int add_cmp(const void *ca_void, const void *cb_void)
                return 0;
                }
        }
+static IMPLEMENT_LHASH_COMP_FN(added_obj, ADDED_OBJ)
 static int init_added(void)
        {
        if (added != NULL) return(1);
-        added=lh_new(add_hash,add_cmp);
+        added=lh_ADDED_OBJ_new();
        return(added != NULL);
        }
-static void cleanup1(ADDED_OBJ *a)
+static void cleanup1_doall(ADDED_OBJ *a)
        {
        a->obj->nid=0;
        a->obj->flags|=ASN1_OBJECT_FLAG_DYNAMIC|
@@ -195,28 +192,46 @@ static void cleanup1(ADDED_OBJ *a)
                        ASN1_OBJECT_FLAG_DYNAMIC_DATA;
        }
-static void cleanup2(ADDED_OBJ *a)
+static void cleanup2_doall(ADDED_OBJ *a)
        { a->obj->nid++; }
-static void cleanup3(ADDED_OBJ *a)
+static void cleanup3_doall(ADDED_OBJ *a)
        {
        if (--a->obj->nid == 0)
                ASN1_OBJECT_free(a->obj);
        OPENSSL_free(a);
        }
-static IMPLEMENT_LHASH_DOALL_FN(cleanup1, ADDED_OBJ *)
+static IMPLEMENT_LHASH_DOALL_FN(cleanup1, ADDED_OBJ)
-static IMPLEMENT_LHASH_DOALL_FN(cleanup2, ADDED_OBJ *)
+static IMPLEMENT_LHASH_DOALL_FN(cleanup2, ADDED_OBJ)
-static IMPLEMENT_LHASH_DOALL_FN(cleanup3, ADDED_OBJ *)
+static IMPLEMENT_LHASH_DOALL_FN(cleanup3, ADDED_OBJ)
+/* The purpose of obj_cleanup_defer is to avoid EVP_cleanup() attempting
+ * to use freed up OIDs. If neccessary the actual freeing up of OIDs is
+ * delayed.
+ */
+int obj_cleanup_defer = 0;
+void check_defer(int nid)
+        {
+        if (!obj_cleanup_defer && nid >= NUM_NID)
+                        obj_cleanup_defer = 1;
+        }
 void OBJ_cleanup(void)
        {
+        if (obj_cleanup_defer)
+                {
+                obj_cleanup_defer = 2;
+                return ;
+                }
        if (added == NULL) return;
-        added->down_load=0;
+        lh_ADDED_OBJ_down_load(added) = 0;
-        lh_doall(added,LHASH_DOALL_FN(cleanup1)); /* zero counters */
+        lh_ADDED_OBJ_doall(added,LHASH_DOALL_FN(cleanup1)); /* zero counters */
-        lh_doall(added,LHASH_DOALL_FN(cleanup2)); /* set counters */
+        lh_ADDED_OBJ_doall(added,LHASH_DOALL_FN(cleanup2)); /* set counters */
-        lh_doall(added,LHASH_DOALL_FN(cleanup3)); /* free objects */
+        lh_ADDED_OBJ_doall(added,LHASH_DOALL_FN(cleanup3)); /* free objects */
-        lh_free(added);
+        lh_ADDED_OBJ_free(added);
        added=NULL;
        }
@@ -252,7 +267,7 @@ int OBJ_add_object(const ASN1_OBJECT *obj)
                        {
                        ao[i]->type=i;
                        ao[i]->obj=o;
-                        aop=(ADDED_OBJ *)lh_insert(added,ao[i]);
+                        aop=lh_ADDED_OBJ_insert(added,ao[i]);
                        /* memory leak, buit should not normally matter */
                        if (aop != NULL)
                                OPENSSL_free(aop);
@@ -292,7 +307,7 @@ ASN1_OBJECT *OBJ_nid2obj(int n)
                ad.type=ADDED_NID;
                ad.obj= &ob;
                ob.nid=n;
-                adp=(ADDED_OBJ *)lh_retrieve(added,&ad);
+                adp=lh_ADDED_OBJ_retrieve(added,&ad);
                if (adp != NULL)
                        return(adp->obj);
                else
@@ -324,7 +339,7 @@ const char *OBJ_nid2sn(int n)
                ad.type=ADDED_NID;
                ad.obj= &ob;
                ob.nid=n;
-                adp=(ADDED_OBJ *)lh_retrieve(added,&ad);
+                adp=lh_ADDED_OBJ_retrieve(added,&ad);
                if (adp != NULL)
                        return(adp->obj->sn);
                else
@@ -356,7 +371,7 @@ const char *OBJ_nid2ln(int n)
                ad.type=ADDED_NID;
                ad.obj= &ob;
                ob.nid=n;
-                adp=(ADDED_OBJ *)lh_retrieve(added,&ad);
+                adp=lh_ADDED_OBJ_retrieve(added,&ad);
                if (adp != NULL)
                        return(adp->obj->ln);
                else
@@ -367,9 +382,22 @@ const char *OBJ_nid2ln(int n)
                }
        }
+static int obj_cmp(const ASN1_OBJECT * const *ap, const unsigned int *bp)
+        {
+        int j;
+        const ASN1_OBJECT *a= *ap;
+        const ASN1_OBJECT *b= &nid_objs[*bp];
+        j=(a->length - b->length);
+        if (j) return(j);
+        return(memcmp(a->data,b->data,a->length));
+        }
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, obj);
 int OBJ_obj2nid(const ASN1_OBJECT *a)
        {
-        ASN1_OBJECT **op;
+        const unsigned int *op;
        ADDED_OBJ ad,*adp;
        if (a == NULL)
@@ -381,14 +409,13 @@ int OBJ_obj2nid(const ASN1_OBJECT *a)
                {
                ad.type=ADDED_DATA;
                ad.obj=(ASN1_OBJECT *)a; /* XXX: ugly but harmless */
-                adp=(ADDED_OBJ *)lh_retrieve(added,&ad);
+                adp=lh_ADDED_OBJ_retrieve(added,&ad);
                if (adp != NULL) return (adp->obj->nid);
                }
-        op=(ASN1_OBJECT **)OBJ_bsearch((const char *)&a,(const char *)obj_objs,
+        op=OBJ_bsearch_obj(&a, obj_objs, NUM_OBJ);
-                NUM_OBJ, sizeof(ASN1_OBJECT *),obj_cmp);
        if (op == NULL)
                return(NID_undef);
-        return((*op)->nid);
+        return(nid_objs[*op].nid);
        }
 /* Convert an object name into an ASN1_OBJECT
@@ -441,7 +468,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
        int i,n=0,len,nid, first, use_bn;
        BIGNUM *bl;
        unsigned long l;
-        unsigned char *p;
+        const unsigned char *p;
        char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2];
        if ((a == NULL) || (a->data == NULL)) {
@@ -456,10 +483,13 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
                s=OBJ_nid2ln(nid);
                if (s == NULL)
                        s=OBJ_nid2sn(nid);
-                if (buf)
+                if (s)
-                        BUF_strlcpy(buf,s,buf_len);
+                        {
-                n=strlen(s);
+                        if (buf)
-                return n;
+                                BUF_strlcpy(buf,s,buf_len);
+                        n=strlen(s);
+                        return n;
+                        }
                }
@@ -607,62 +637,56 @@ int OBJ_txt2nid(const char *s)
 int OBJ_ln2nid(const char *s)
        {
-        ASN1_OBJECT o,*oo= &o,**op;
+        ASN1_OBJECT o;
+        const ASN1_OBJECT *oo= &o;
        ADDED_OBJ ad,*adp;
+        const unsigned int *op;
        o.ln=s;
        if (added != NULL)
                {
                ad.type=ADDED_LNAME;
                ad.obj= &o;
-                adp=(ADDED_OBJ *)lh_retrieve(added,&ad);
+                adp=lh_ADDED_OBJ_retrieve(added,&ad);
                if (adp != NULL) return (adp->obj->nid);
                }
-        op=(ASN1_OBJECT **)OBJ_bsearch((char *)&oo,(char *)ln_objs, NUM_LN,
+        op=OBJ_bsearch_ln(&oo, ln_objs, NUM_LN);
-                sizeof(ASN1_OBJECT *),ln_cmp);
        if (op == NULL) return(NID_undef);
-        return((*op)->nid);
+        return(nid_objs[*op].nid);
        }
 int OBJ_sn2nid(const char *s)
        {
-        ASN1_OBJECT o,*oo= &o,**op;
+        ASN1_OBJECT o;
+        const ASN1_OBJECT *oo= &o;
        ADDED_OBJ ad,*adp;
+        const unsigned int *op;
        o.sn=s;
        if (added != NULL)
                {
                ad.type=ADDED_SNAME;
                ad.obj= &o;
-                adp=(ADDED_OBJ *)lh_retrieve(added,&ad);
+                adp=lh_ADDED_OBJ_retrieve(added,&ad);
                if (adp != NULL) return (adp->obj->nid);
                }
-        op=(ASN1_OBJECT **)OBJ_bsearch((char *)&oo,(char *)sn_objs,NUM_SN,
+        op=OBJ_bsearch_sn(&oo, sn_objs, NUM_SN);
-                sizeof(ASN1_OBJECT *),sn_cmp);
        if (op == NULL) return(NID_undef);
-        return((*op)->nid);
+        return(nid_objs[*op].nid);
        }
-static int obj_cmp(const void *ap, const void *bp)
+const void *OBJ_bsearch_(const void *key, const void *base, int num, int size,
-        {
+                         int (*cmp)(const void *, const void *))
-        int j;
-        const ASN1_OBJECT *a= *(ASN1_OBJECT * const *)ap;
-        const ASN1_OBJECT *b= *(ASN1_OBJECT * const *)bp;
-        j=(a->length - b->length);
-        if (j) return(j);
-        return(memcmp(a->data,b->data,a->length));
-        }
-const char *OBJ_bsearch(const char *key, const char *base, int num, int size,
-        int (*cmp)(const void *, const void *))
        {
-        return OBJ_bsearch_ex(key, base, num, size, cmp, 0);
+        return OBJ_bsearch_ex_(key, base, num, size, cmp, 0);
        }
-const char *OBJ_bsearch_ex(const char *key, const char *base, int num,
+const void *OBJ_bsearch_ex_(const void *key, const void *base_, int num,
-        int size, int (*cmp)(const void *, const void *), int flags)
+                            int size,
+                            int (*cmp)(const void *, const void *),
+                            int flags)
        {
+        const char *base=base_;
        int l,h,i=0,c=0;
        const char *p = NULL;
diff --git a/src/lib/libcrypto/objects/obj_dat.pl b/src/lib/libcrypto/objects/obj_dat.pl
index 7de2f77afd..c67f71c327 100644
--- a/src/lib/libcrypto/objects/obj_dat.pl
+++ b/src/lib/libcrypto/objects/obj_dat.pl
@@ -2,9 +2,7 @@
 # fixes bug in floating point emulation on sparc64 when
 # this script produces off-by-one output on sparc64
-eval 'use integer;';
+use integer;
-print STDERR "Warning: perl module integer not found.\n" if ($@);
 sub obj_cmp
        {
@@ -150,13 +148,13 @@ for ($i=0; $i<$n; $i++)
 @a=grep(defined($sn{$nid{$_}}),0 .. $n);
 foreach (sort { $sn{$nid{$a}} cmp $sn{$nid{$b}} } @a)
        {
-        push(@sn,sprintf("&(nid_objs[%2d]),/* \"$sn{$nid{$_}}\" */\n",$_));
+        push(@sn,sprintf("%2d,\t/* \"$sn{$nid{$_}}\" */\n",$_));
        }
 @a=grep(defined($ln{$nid{$_}}),0 .. $n);
 foreach (sort { $ln{$nid{$a}} cmp $ln{$nid{$b}} } @a)
        {
-        push(@ln,sprintf("&(nid_objs[%2d]),/* \"$ln{$nid{$_}}\" */\n",$_));
+        push(@ln,sprintf("%2d,\t/* \"$ln{$nid{$_}}\" */\n",$_));
        }
 @a=grep(defined($obj{$nid{$_}}),0 .. $n);
@@ -166,7 +164,7 @@ foreach (sort obj_cmp @a)
        $v=$objd{$m};
        $v =~ s/L//g;
        $v =~ s/,/ /g;
-        push(@ob,sprintf("&(nid_objs[%2d]),/* %-32s %s */\n",$_,$m,$v));
+        push(@ob,sprintf("%2d,\t/* %-32s %s */\n",$_,$m,$v));
        }
 print OUT <<'EOF';
@@ -241,11 +239,11 @@ printf OUT "#define NUM_SN %d\n",$#sn+1;
 printf OUT "#define NUM_LN %d\n",$#ln+1;
 printf OUT "#define NUM_OBJ %d\n\n",$#ob+1;
-printf OUT "static unsigned char lvalues[%d]={\n",$lvalues+1;
+printf OUT "static const unsigned char lvalues[%d]={\n",$lvalues+1;
 print OUT @lvalues;
 print OUT "};\n\n";
-printf OUT "static ASN1_OBJECT nid_objs[NUM_NID]={\n";
+printf OUT "static const ASN1_OBJECT nid_objs[NUM_NID]={\n";
 foreach (@out)
        {
        if (length($_) > 75)
@@ -269,15 +267,15 @@ foreach (@out)
        }
 print  OUT "};\n\n";
-printf OUT "static ASN1_OBJECT *sn_objs[NUM_SN]={\n";
+printf OUT "static const unsigned int sn_objs[NUM_SN]={\n";
 print  OUT @sn;
 print  OUT "};\n\n";
-printf OUT "static ASN1_OBJECT *ln_objs[NUM_LN]={\n";
+printf OUT "static const unsigned int ln_objs[NUM_LN]={\n";
 print  OUT @ln;
 print  OUT "};\n\n";
-printf OUT "static ASN1_OBJECT *obj_objs[NUM_OBJ]={\n";
+printf OUT "static const unsigned int obj_objs[NUM_OBJ]={\n";
 print  OUT @ob;
 print  OUT "};\n\n";
diff --git a/src/lib/libcrypto/objects/obj_err.c b/src/lib/libcrypto/objects/obj_err.c
index 12b48850c6..2e7a034c3f 100644
--- a/src/lib/libcrypto/objects/obj_err.c
+++ b/src/lib/libcrypto/objects/obj_err.c
@@ -1,6 +1,6 @@
 /* crypto/objects/obj_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
diff --git a/src/lib/libcrypto/objects/obj_lib.c b/src/lib/libcrypto/objects/obj_lib.c
index 706fa0b0e7..23e9d48cdf 100644
--- a/src/lib/libcrypto/objects/obj_lib.c
+++ b/src/lib/libcrypto/objects/obj_lib.c
@@ -66,7 +66,8 @@ ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o)
        {
        ASN1_OBJECT *r;
        int i;
-        char *ln=NULL;
+        char *ln=NULL,*sn=NULL;
+        unsigned char *data=NULL;
        if (o == NULL) return(NULL);
        if (!(o->flags & ASN1_OBJECT_FLAG_DYNAMIC))
@@ -79,42 +80,42 @@ ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o)
                OBJerr(OBJ_F_OBJ_DUP,ERR_R_ASN1_LIB);
                return(NULL);
                }
-        r->data=OPENSSL_malloc(o->length);
+        data=OPENSSL_malloc(o->length);
-        if (r->data == NULL)
+        if (data == NULL)
                goto err;
        if (o->data != NULL)
-                memcpy(r->data,o->data,o->length);
+                memcpy(data,o->data,o->length);
+        /* once data attached to object it remains const */
+        r->data = data;
        r->length=o->length;
        r->nid=o->nid;
        r->ln=r->sn=NULL;
        if (o->ln != NULL)
                {
                i=strlen(o->ln)+1;
-                r->ln=ln=OPENSSL_malloc(i);
+                ln=OPENSSL_malloc(i);
-                if (r->ln == NULL) goto err;
+                if (ln == NULL) goto err;
                memcpy(ln,o->ln,i);
+                r->ln=ln;
                }
        if (o->sn != NULL)
                {
-                char *s;
                i=strlen(o->sn)+1;
-                r->sn=s=OPENSSL_malloc(i);
+                sn=OPENSSL_malloc(i);
-                if (r->sn == NULL) goto err;
+                if (sn == NULL) goto err;
-                memcpy(s,o->sn,i);
+                memcpy(sn,o->sn,i);
+                r->sn=sn;
                }
        r->flags=o->flags|(ASN1_OBJECT_FLAG_DYNAMIC|
                ASN1_OBJECT_FLAG_DYNAMIC_STRINGS|ASN1_OBJECT_FLAG_DYNAMIC_DATA);
        return(r);
 err:
        OBJerr(OBJ_F_OBJ_DUP,ERR_R_MALLOC_FAILURE);
-        if (r != NULL)
+        if (ln != NULL)         OPENSSL_free(ln);
-                {
+        if (sn != NULL)         OPENSSL_free(sn);
-                if (ln != NULL) OPENSSL_free(ln);
+        if (data != NULL)       OPENSSL_free(data);
-                if (r->data != NULL) OPENSSL_free(r->data);
+        if (r != NULL)          OPENSSL_free(r);
-                OPENSSL_free(r);
-                }
        return(NULL);
        }
diff --git a/src/lib/libcrypto/objects/obj_mac.num b/src/lib/libcrypto/objects/obj_mac.num
index e3f56bc52c..8c50aac27f 100644
--- a/src/lib/libcrypto/objects/obj_mac.num
+++ b/src/lib/libcrypto/objects/obj_mac.num
@@ -856,3 +856,37 @@ hmac		855
 LocalKeySet             856
 freshest_crl            857
 id_on_permanentIdentifier               858
+searchGuide             859
+businessCategory                860
+postalAddress           861
+postOfficeBox           862
+physicalDeliveryOfficeName              863
+telephoneNumber         864
+telexNumber             865
+teletexTerminalIdentifier               866
+facsimileTelephoneNumber                867
+x121Address             868
+internationaliSDNNumber         869
+registeredAddress               870
+destinationIndicator            871
+preferredDeliveryMethod         872
+presentationAddress             873
+supportedApplicationContext             874
+member          875
+owner           876
+roleOccupant            877
+seeAlso         878
+userPassword            879
+userCertificate         880
+cACertificate           881
+authorityRevocationList         882
+certificateRevocationList               883
+crossCertificatePair            884
+enhancedSearchGuide             885
+protocolInformation             886
+distinguishedName               887
+uniqueMember            888
+houseIdentifier         889
+supportedAlgorithms             890
+deltaRevocationList             891
+dmdName         892
diff --git a/src/lib/libcrypto/objects/obj_xref.c b/src/lib/libcrypto/objects/obj_xref.c
new file mode 100644
index 0000000000..152eca5c67
--- /dev/null
+++ b/src/lib/libcrypto/objects/obj_xref.c
@@ -0,0 +1,231 @@
+/* crypto/objects/obj_xref.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2006.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <openssl/objects.h>
+#include "obj_xref.h"
+DECLARE_STACK_OF(nid_triple)
+STACK_OF(nid_triple) *sig_app, *sigx_app;
+static int sig_cmp(const nid_triple *a, const nid_triple *b)
+        {
+        return a->sign_id - b->sign_id;
+        }
+DECLARE_OBJ_BSEARCH_CMP_FN(nid_triple, nid_triple, sig);
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(nid_triple, nid_triple, sig);
+static int sig_sk_cmp(const nid_triple * const *a, const nid_triple * const *b)
+        {
+        return (*a)->sign_id - (*b)->sign_id;
+        }
+DECLARE_OBJ_BSEARCH_CMP_FN(const nid_triple *, const nid_triple *, sigx);
+static int sigx_cmp(const nid_triple * const *a, const nid_triple * const *b)
+        {
+        int ret;
+        ret = (*a)->hash_id - (*b)->hash_id;
+        if (ret)
+                return ret;
+        return (*a)->pkey_id - (*b)->pkey_id;
+        }
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(const nid_triple *, const nid_triple *, sigx);
+int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid)
+        {
+        nid_triple tmp;
+        const nid_triple *rv = NULL;
+        tmp.sign_id = signid;
+        if (sig_app)
+                {
+                int idx = sk_nid_triple_find(sig_app, &tmp);
+                if (idx >= 0)
+                        rv = sk_nid_triple_value(sig_app, idx);
+                }
+#ifndef OBJ_XREF_TEST2
+        if (rv == NULL)
+                {
+                rv = OBJ_bsearch_sig(&tmp, sigoid_srt,
+                                 sizeof(sigoid_srt) / sizeof(nid_triple));
+                }
+#endif
+        if (rv == NULL)
+                return 0;
+        *pdig_nid = rv->hash_id;
+        *ppkey_nid = rv->pkey_id;
+        return 1;
+        }
+int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid)
+        {
+        nid_triple tmp;
+        const nid_triple *t=&tmp;
+        const nid_triple **rv = NULL;
+        tmp.hash_id = dig_nid;
+        tmp.pkey_id = pkey_nid;
+        if (sigx_app)
+                {
+                int idx = sk_nid_triple_find(sigx_app, &tmp);
+                if (idx >= 0)
+                        {
+                        t = sk_nid_triple_value(sigx_app, idx);
+                        rv = &t;
+                        }
+                }
+#ifndef OBJ_XREF_TEST2
+        if (rv == NULL)
+                {
+                rv = OBJ_bsearch_sigx(&t, sigoid_srt_xref,
+                                 sizeof(sigoid_srt_xref) / sizeof(nid_triple *)
+                                 );
+                }
+#endif
+        if (rv == NULL)
+                return 0;
+        *psignid = (*rv)->sign_id;
+        return 1;
+        }
+int OBJ_add_sigid(int signid, int dig_id, int pkey_id)
+        {
+        nid_triple *ntr;
+        if (!sig_app)
+                sig_app = sk_nid_triple_new(sig_sk_cmp);
+        if (!sig_app)
+                return 0;
+        if (!sigx_app)
+                sigx_app = sk_nid_triple_new(sigx_cmp);
+        if (!sigx_app)
+                return 0;
+        ntr = OPENSSL_malloc(sizeof(int) * 3);
+        if (!ntr)
+                return 0;
+        ntr->sign_id = signid;
+        ntr->hash_id = dig_id;
+        ntr->pkey_id = pkey_id;
+        if (!sk_nid_triple_push(sig_app, ntr))
+                {
+                OPENSSL_free(ntr);
+                return 0;
+                }
+        if (!sk_nid_triple_push(sigx_app, ntr))
+                return 0;
+        sk_nid_triple_sort(sig_app);
+        sk_nid_triple_sort(sigx_app);
+        return 1;
+        }
+static void sid_free(nid_triple *tt)
+        {
+        OPENSSL_free(tt);
+        }
+void OBJ_sigid_free(void)
+        {
+        if (sig_app)
+                {
+                sk_nid_triple_pop_free(sig_app, sid_free);
+                sig_app = NULL;
+                }
+        if (sigx_app)
+                {
+                sk_nid_triple_free(sigx_app);
+                sigx_app = NULL;
+                }
+        }
+                
+#ifdef OBJ_XREF_TEST
+main()
+        {
+        int n1, n2, n3;
+        int i, rv;
+#ifdef OBJ_XREF_TEST2
+        for (i = 0; i < sizeof(sigoid_srt) / sizeof(nid_triple); i++)
+                {
+                OBJ_add_sigid(sigoid_srt[i][0], sigoid_srt[i][1],
+                                sigoid_srt[i][2]);
+                }
+#endif
+        for (i = 0; i < sizeof(sigoid_srt) / sizeof(nid_triple); i++)
+                {
+                n1 = sigoid_srt[i][0];
+                rv = OBJ_find_sigid_algs(n1, &n2, &n3);
+                printf("Forward: %d, %s %s %s\n", rv,
+                        OBJ_nid2ln(n1), OBJ_nid2ln(n2), OBJ_nid2ln(n3));
+                n1=0;
+                rv = OBJ_find_sigid_by_algs(&n1, n2, n3);
+                printf("Reverse: %d, %s %s %s\n", rv,
+                        OBJ_nid2ln(n1), OBJ_nid2ln(n2), OBJ_nid2ln(n3));
+                }
+        }
+        
+#endif
diff --git a/src/lib/libcrypto/objects/obj_xref.h b/src/lib/libcrypto/objects/obj_xref.h
new file mode 100644
index 0000000000..d5b9b8e198
--- /dev/null
+++ b/src/lib/libcrypto/objects/obj_xref.h
@@ -0,0 +1,75 @@
+/* AUTOGENERATED BY objxref.pl, DO NOT EDIT */
+typedef struct
+        {
+        int sign_id;
+        int hash_id;
+        int pkey_id;
+        } nid_triple;
+static const nid_triple sigoid_srt[] =
+        {
+        {NID_md2WithRSAEncryption, NID_md2, NID_rsaEncryption},
+        {NID_md5WithRSAEncryption, NID_md5, NID_rsaEncryption},
+        {NID_shaWithRSAEncryption, NID_sha, NID_rsaEncryption},
+        {NID_sha1WithRSAEncryption, NID_sha1, NID_rsaEncryption},
+        {NID_dsaWithSHA, NID_sha, NID_dsa},
+        {NID_dsaWithSHA1_2, NID_sha1, NID_dsa_2},
+        {NID_mdc2WithRSA, NID_mdc2, NID_rsaEncryption},
+        {NID_md5WithRSA, NID_md5, NID_rsa},
+        {NID_dsaWithSHA1, NID_sha1, NID_dsa},
+        {NID_sha1WithRSA, NID_sha1, NID_rsa},
+        {NID_ripemd160WithRSA, NID_ripemd160, NID_rsaEncryption},
+        {NID_md4WithRSAEncryption, NID_md4, NID_rsaEncryption},
+        {NID_ecdsa_with_SHA1, NID_sha1, NID_X9_62_id_ecPublicKey},
+        {NID_sha256WithRSAEncryption, NID_sha256, NID_rsaEncryption},
+        {NID_sha384WithRSAEncryption, NID_sha384, NID_rsaEncryption},
+        {NID_sha512WithRSAEncryption, NID_sha512, NID_rsaEncryption},
+        {NID_sha224WithRSAEncryption, NID_sha224, NID_rsaEncryption},
+        {NID_ecdsa_with_Recommended, NID_undef, NID_X9_62_id_ecPublicKey},
+        {NID_ecdsa_with_Specified, NID_undef, NID_X9_62_id_ecPublicKey},
+        {NID_ecdsa_with_SHA224, NID_sha224, NID_X9_62_id_ecPublicKey},
+        {NID_ecdsa_with_SHA256, NID_sha256, NID_X9_62_id_ecPublicKey},
+        {NID_ecdsa_with_SHA384, NID_sha384, NID_X9_62_id_ecPublicKey},
+        {NID_ecdsa_with_SHA512, NID_sha512, NID_X9_62_id_ecPublicKey},
+        {NID_dsa_with_SHA224, NID_sha224, NID_dsa},
+        {NID_dsa_with_SHA256, NID_sha256, NID_dsa},
+        {NID_id_GostR3411_94_with_GostR3410_2001, NID_id_GostR3411_94, NID_id_GostR3410_2001},
+        {NID_id_GostR3411_94_with_GostR3410_94, NID_id_GostR3411_94, NID_id_GostR3410_94},
+        {NID_id_GostR3411_94_with_GostR3410_94_cc, NID_id_GostR3411_94, NID_id_GostR3410_94_cc},
+        {NID_id_GostR3411_94_with_GostR3410_2001_cc, NID_id_GostR3411_94, NID_id_GostR3410_2001_cc},
+        };
+static const nid_triple * const sigoid_srt_xref[] =
+        {
+        &sigoid_srt[17],
+        &sigoid_srt[18],
+        &sigoid_srt[0],
+        &sigoid_srt[1],
+        &sigoid_srt[7],
+        &sigoid_srt[2],
+        &sigoid_srt[4],
+        &sigoid_srt[3],
+        &sigoid_srt[9],
+        &sigoid_srt[5],
+        &sigoid_srt[8],
+        &sigoid_srt[12],
+        &sigoid_srt[6],
+        &sigoid_srt[10],
+        &sigoid_srt[11],
+        &sigoid_srt[13],
+        &sigoid_srt[24],
+        &sigoid_srt[20],
+        &sigoid_srt[14],
+        &sigoid_srt[21],
+        &sigoid_srt[15],
+        &sigoid_srt[22],
+        &sigoid_srt[16],
+        &sigoid_srt[23],
+        &sigoid_srt[19],
+        &sigoid_srt[25],
+        &sigoid_srt[26],
+        &sigoid_srt[27],
+        &sigoid_srt[28],
+        };
diff --git a/src/lib/libcrypto/objects/obj_xref.txt b/src/lib/libcrypto/objects/obj_xref.txt
new file mode 100644
index 0000000000..e45b3d34b9
--- /dev/null
+++ b/src/lib/libcrypto/objects/obj_xref.txt
@@ -0,0 +1,42 @@
+# OID cross reference table.
+# Links signatures OIDs to their corresponding public key algorithms
+# and digests.
+md2WithRSAEncryption    md2     rsaEncryption
+md5WithRSAEncryption    md5     rsaEncryption
+shaWithRSAEncryption    sha     rsaEncryption
+sha1WithRSAEncryption   sha1    rsaEncryption
+md4WithRSAEncryption    md4     rsaEncryption
+sha256WithRSAEncryption sha256  rsaEncryption
+sha384WithRSAEncryption sha384  rsaEncryption
+sha512WithRSAEncryption sha512  rsaEncryption
+sha224WithRSAEncryption sha224  rsaEncryption
+mdc2WithRSA             mdc2    rsaEncryption
+ripemd160WithRSA        ripemd160 rsaEncryption
+# Alternative deprecated OIDs. By using the older "rsa" OID this
+# type will be recognized by not normally used.
+md5WithRSA              md5     rsa
+sha1WithRSA             sha1    rsa
+dsaWithSHA              sha     dsa
+dsaWithSHA1             sha1    dsa
+dsaWithSHA1_2           sha1    dsa_2
+ecdsa_with_SHA1         sha1    X9_62_id_ecPublicKey
+ecdsa_with_SHA224       sha224  X9_62_id_ecPublicKey
+ecdsa_with_SHA256       sha256  X9_62_id_ecPublicKey
+ecdsa_with_SHA384       sha384  X9_62_id_ecPublicKey
+ecdsa_with_SHA512       sha512  X9_62_id_ecPublicKey
+ecdsa_with_Recommended  undef   X9_62_id_ecPublicKey
+ecdsa_with_Specified    undef   X9_62_id_ecPublicKey
+dsa_with_SHA224         sha224  dsa
+dsa_with_SHA256         sha256  dsa
+id_GostR3411_94_with_GostR3410_2001     id_GostR3411_94 id_GostR3410_2001
+id_GostR3411_94_with_GostR3410_94       id_GostR3411_94 id_GostR3410_94
+id_GostR3411_94_with_GostR3410_94_cc    id_GostR3411_94 id_GostR3410_94_cc
+id_GostR3411_94_with_GostR3410_2001_cc  id_GostR3411_94 id_GostR3410_2001_cc
diff --git a/src/lib/libcrypto/objects/objects.h b/src/lib/libcrypto/objects/objects.h
index 7242f76fb0..bd0ee52feb 100644
--- a/src/lib/libcrypto/objects/objects.h
+++ b/src/lib/libcrypto/objects/objects.h
@@ -1011,10 +1011,91 @@ int		OBJ_txt2nid(const char *s);
 int             OBJ_ln2nid(const char *s);
 int             OBJ_sn2nid(const char *s);
 int             OBJ_cmp(const ASN1_OBJECT *a,const ASN1_OBJECT *b);
-const char *    OBJ_bsearch(const char *key,const char *base,int num,int size,
+const void *    OBJ_bsearch_(const void *key,const void *base,int num,int size,
-        int (*cmp)(const void *, const void *));
+                             int (*cmp)(const void *, const void *));
-const char *    OBJ_bsearch_ex(const char *key,const char *base,int num,
+const void *    OBJ_bsearch_ex_(const void *key,const void *base,int num,
-        int size, int (*cmp)(const void *, const void *), int flags);
+                                int size,
+                                int (*cmp)(const void *, const void *),
+                                int flags);
+#define _DECLARE_OBJ_BSEARCH_CMP_FN(scope, type1, type2, nm)    \
+  static int nm##_cmp_BSEARCH_CMP_FN(const void *, const void *); \
+  static int nm##_cmp(type1 const *, type2 const *); \
+  scope type2 * OBJ_bsearch_##nm(type1 *key, type2 const *base, int num)
+#define DECLARE_OBJ_BSEARCH_CMP_FN(type1, type2, cmp)   \
+  _DECLARE_OBJ_BSEARCH_CMP_FN(static, type1, type2, cmp)
+#define DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm)     \
+  type2 * OBJ_bsearch_##nm(type1 *key, type2 const *base, int num)
+/*
+ * Unsolved problem: if a type is actually a pointer type, like
+ * nid_triple is, then its impossible to get a const where you need
+ * it. Consider:
+ *
+ * typedef int nid_triple[3];
+ * const void *a_;
+ * const nid_triple const *a = a_;
+ *
+ * The assignement discards a const because what you really want is:
+ *
+ * const int const * const *a = a_;
+ *
+ * But if you do that, you lose the fact that a is an array of 3 ints,
+ * which breaks comparison functions.
+ *
+ * Thus we end up having to cast, sadly, or unpack the
+ * declarations. Or, as I finally did in this case, delcare nid_triple
+ * to be a struct, which it should have been in the first place.
+ *
+ * Ben, August 2008.
+ *
+ * Also, strictly speaking not all types need be const, but handling
+ * the non-constness means a lot of complication, and in practice
+ * comparison routines do always not touch their arguments.
+ */
+#define IMPLEMENT_OBJ_BSEARCH_CMP_FN(type1, type2, nm)  \
+  static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_)    \
+      { \
+      type1 const *a = a_; \
+      type2 const *b = b_; \
+      return nm##_cmp(a,b); \
+      } \
+  static type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \
+      { \
+      return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \
+                                        nm##_cmp_BSEARCH_CMP_FN); \
+      } \
+      extern void dummy_prototype(void)
+#define IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm)   \
+  static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_)    \
+      { \
+      type1 const *a = a_; \
+      type2 const *b = b_; \
+      return nm##_cmp(a,b); \
+      } \
+  type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \
+      { \
+      return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \
+                                        nm##_cmp_BSEARCH_CMP_FN); \
+      } \
+      extern void dummy_prototype(void)
+#define OBJ_bsearch(type1,key,type2,base,num,cmp)                              \
+  ((type2 *)OBJ_bsearch_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \
+                         num,sizeof(type2),                             \
+                         ((void)CHECKED_PTR_OF(type1,cmp##_type_1),     \
+                          (void)CHECKED_PTR_OF(type2,cmp##_type_2),     \
+                          cmp##_BSEARCH_CMP_FN)))
+#define OBJ_bsearch_ex(type1,key,type2,base,num,cmp,flags)                      \
+  ((type2 *)OBJ_bsearch_ex_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \
+                         num,sizeof(type2),                             \
+                         ((void)CHECKED_PTR_OF(type1,cmp##_type_1),     \
+                          (void)type_2=CHECKED_PTR_OF(type2,cmp##_type_2), \
+                          cmp##_BSEARCH_CMP_FN)),flags)
 int             OBJ_new_nid(int num);
 int             OBJ_add_object(const ASN1_OBJECT *obj);
@@ -1022,6 +1103,14 @@ int		OBJ_create(const char *oid,const char *sn,const char *ln);
 void            OBJ_cleanup(void );
 int             OBJ_create_objects(BIO *in);
+int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid);
+int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid);
+int OBJ_add_sigid(int signid, int dig_id, int pkey_id);
+void OBJ_sigid_free(void);
+extern int obj_cleanup_defer;
+void check_defer(int nid);
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
diff --git a/src/lib/libcrypto/objects/objects.pl b/src/lib/libcrypto/objects/objects.pl
index 76c06cc8f9..15c00bbd52 100644
--- a/src/lib/libcrypto/objects/objects.pl
+++ b/src/lib/libcrypto/objects/objects.pl
@@ -14,6 +14,8 @@ while(<NUMIN>)
        $Cname =~ s/^X//;
        if (defined($nidn{$mynum}))
                { die "$ARGV[1]:$o:There's already an object with NID ",$mynum," on line ",$order{$mynum},"\n"; }
+        if (defined($nid{$Cname}))
+                { die "$ARGV[1]:$o:There's already an object with name ",$Cname," on line ",$order{$nid{$Cname}},"\n"; }
        $nid{$Cname} = $mynum;
        $nidn{$mynum} = $Cname;
        $order{$mynum} = $o;
@@ -102,6 +104,7 @@ while (<IN>)
                $max_nid++;
                $nid{$Cname} = $max_nid;
                $nidn{$max_nid} = $Cname;
+print STDERR "Added OID $Cname\n";
                }
        $Cname="";
        }
diff --git a/src/lib/libcrypto/objects/objects.txt b/src/lib/libcrypto/objects/objects.txt
index a6a811b8e7..e61fe60cbf 100644
--- a/src/lib/libcrypto/objects/objects.txt
+++ b/src/lib/libcrypto/objects/objects.txt
@@ -20,7 +20,7 @@ identified-organization 132	: certicom-arc
 joint-iso-itu-t 23      : international-organizations   : International Organizations
 international-organizations 43  : wap
-wap 13                  : wap-wsg
+wap 1                   : wap-wsg
 joint-iso-itu-t 5 1 5   : selected-attribute-types      : Selected Attribute Types
@@ -664,18 +664,52 @@ X509 5			: 			: serialNumber
 X509 6                  : C                     : countryName
 X509 7                  : L                     : localityName
 X509 8                  : ST                    : stateOrProvinceName
-X509 9                  :                       : streetAddress
+X509 9                  : street                : streetAddress
 X509 10                 : O                     : organizationName
 X509 11                 : OU                    : organizationalUnitName
-X509 12                 :                       : title
+X509 12                 : title                 : title
 X509 13                 :                       : description
-X509 17                 :                       : postalCode
+X509 14                 :                       : searchGuide
+X509 15                 :                       : businessCategory
+X509 16                 :                       : postalAddress
+X509 17                 :                       : postalCode
+X509 18                 :                       : postOfficeBox
+X509 19                 :                       : physicalDeliveryOfficeName
+X509 20                 :                       : telephoneNumber
+X509 21                 :                       : telexNumber
+X509 22                 :                       : teletexTerminalIdentifier
+X509 23                 :                       : facsimileTelephoneNumber
+X509 24                 :                       : x121Address
+X509 25                 :                       : internationaliSDNNumber
+X509 26                 :                       : registeredAddress
+X509 27                 :                       : destinationIndicator
+X509 28                 :                       : preferredDeliveryMethod
+X509 29                 :                       : presentationAddress
+X509 30                 :                       : supportedApplicationContext
+X509 31                 : member                :
+X509 32                 : owner                 :
+X509 33                 :                       : roleOccupant
+X509 34                 : seeAlso               :
+X509 35                 :                       : userPassword
+X509 36                 :                       : userCertificate
+X509 37                 :                       : cACertificate
+X509 38                 :                       : authorityRevocationList
+X509 39                 :                       : certificateRevocationList
+X509 40                 :                       : crossCertificatePair
 X509 41                 : name                  : name
 X509 42                 : GN                    : givenName
-X509 43                 :                       : initials
+X509 43                 : initials              : initials
 X509 44                 :                       : generationQualifier
 X509 45                 :                       : x500UniqueIdentifier
 X509 46                 : dnQualifier           : dnQualifier
+X509 47                 :                       : enhancedSearchGuide
+X509 48                 :                       : protocolInformation
+X509 49                 :                       : distinguishedName
+X509 50                 :                       : uniqueMember
+X509 51                 :                       : houseIdentifier
+X509 52                 :                       : supportedAlgorithms
+X509 53                 :                       : deltaRevocationList
+X509 54                 : dmdName               :
 X509 65                 :                       : pseudonym
 X509 72                 : role                  : role
diff --git a/src/lib/libcrypto/objects/objxref.pl b/src/lib/libcrypto/objects/objxref.pl
new file mode 100644
index 0000000000..731d3ae22c
--- /dev/null
+++ b/src/lib/libcrypto/objects/objxref.pl
@@ -0,0 +1,107 @@
+#!/usr/local/bin/perl
+use strict;
+my %xref_tbl;
+my %oid_tbl;
+my ($mac_file, $xref_file) = @ARGV;
+open(IN, $mac_file) || die "Can't open $mac_file";
+# Read in OID nid values for a lookup table.
+while (<IN>)
+        {
+        chomp;
+        my ($name, $num) = /^(\S+)\s+(\S+)$/;
+        $oid_tbl{$name} = $num;
+        }
+close IN;
+open(IN, $xref_file) || die "Can't open $xref_file";
+my $ln = 1;
+while (<IN>)
+        {
+        chomp;
+        s/#.*$//;
+        next if (/^\S*$/);
+        my ($xr, $p1, $p2) = /^(\S+)\s+(\S+)\s+(\S+)/;
+        check_oid($xr);
+        check_oid($p1);
+        check_oid($p2);
+        $xref_tbl{$xr} = [$p1, $p2, $ln];
+        }
+my @xrkeys = keys %xref_tbl;
+my @srt1 = sort { $oid_tbl{$a} <=> $oid_tbl{$b}} @xrkeys;
+for(my $i = 0; $i <= $#srt1; $i++)
+        {
+        $xref_tbl{$srt1[$i]}[2] = $i;
+        }
+my @srt2 = sort
+        {
+        my$ap1 = $oid_tbl{$xref_tbl{$a}[0]};
+        my$bp1 = $oid_tbl{$xref_tbl{$b}[0]};
+        return $ap1 - $bp1 if ($ap1 != $bp1);
+        my$ap2 = $oid_tbl{$xref_tbl{$a}[1]};
+        my$bp2 = $oid_tbl{$xref_tbl{$b}[1]};
+        return $ap2 - $bp2;
+        } @xrkeys;
+my $pname = $0;
+$pname =~ s|^.[^/]/||;
+print <<EOF;
+/* AUTOGENERATED BY $pname, DO NOT EDIT */
+typedef struct
+        {
+        int sign_id;
+        int hash_id;
+        int pkey_id;
+        } nid_triple;
+static const nid_triple sigoid_srt[] =
+        {
+EOF
+foreach (@srt1)
+        {
+        my $xr = $_;
+        my ($p1, $p2) = @{$xref_tbl{$_}};
+        print "\t{NID_$xr, NID_$p1, NID_$p2},\n";
+        }
+print "\t};";
+print <<EOF;
+static const nid_triple * const sigoid_srt_xref[] =
+        {
+EOF
+foreach (@srt2)
+        {
+        my $x = $xref_tbl{$_}[2];
+        print "\t\&sigoid_srt\[$x\],\n";
+        }
+print "\t};\n\n";
+sub check_oid
+        {
+        my ($chk) = @_;
+        if (!exists $oid_tbl{$chk})
+                {
+                die "Not Found \"$chk\"\n";
+                }
+        }
diff --git a/src/lib/libcrypto/ocsp/ocsp.h b/src/lib/libcrypto/ocsp/ocsp.h
index a0577a717e..31e45744ba 100644
--- a/src/lib/libcrypto/ocsp/ocsp.h
+++ b/src/lib/libcrypto/ocsp/ocsp.h
@@ -64,6 +64,7 @@
 #ifndef HEADER_OCSP_H
 #define HEADER_OCSP_H
+#include <openssl/ossl_typ.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 #include <openssl/safestack.h>
@@ -394,17 +395,20 @@ typedef struct ocsp_service_locator_st
 #define ASN1_BIT_STRING_digest(data,type,md,len) \
        ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len)
-#define OCSP_CERTID_dup(cid) ASN1_dup_of(OCSP_CERTID,i2d_OCSP_CERTID,d2i_OCSP_CERTID,cid)
 #define OCSP_CERTSTATUS_dup(cs)\
                (OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\
                (char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs))
+OCSP_CERTID *OCSP_CERTID_dup(OCSP_CERTID *id);
 OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req);
 OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, char *path, OCSP_REQUEST *req,
                                                                int maxline);
 int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx);
 void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx);
+int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req);
+int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx,
+                const char *name, const char *value);
 OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer);
@@ -474,11 +478,6 @@ int OCSP_basic_sign(OCSP_BASICRESP *brsp,
                        X509 *signer, EVP_PKEY *key, const EVP_MD *dgst,
                        STACK_OF(X509) *certs, unsigned long flags);
-ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d,
-                                void *data, STACK_OF(ASN1_OBJECT) *sk);
-#define ASN1_STRING_encode_of(type,s,i2d,data,sk) \
-        ASN1_STRING_encode(s, CHECKED_I2D_OF(type, i2d), data, sk)
 X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim);
 X509_EXTENSION *OCSP_accept_responses_new(char **oids);
@@ -547,9 +546,9 @@ DECLARE_ASN1_FUNCTIONS(OCSP_REQINFO)
 DECLARE_ASN1_FUNCTIONS(OCSP_CRLID)
 DECLARE_ASN1_FUNCTIONS(OCSP_SERVICELOC)
-char *OCSP_response_status_str(long s);
+const char *OCSP_response_status_str(long s);
-char *OCSP_cert_status_str(long s);
+const char *OCSP_cert_status_str(long s);
-char *OCSP_crl_reason_str(long s);
+const char *OCSP_crl_reason_str(long s);
 int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* a, unsigned long flags);
 int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags);
@@ -582,7 +581,8 @@ void ERR_load_OCSP_strings(void);
 #define OCSP_F_OCSP_REQUEST_VERIFY                       116
 #define OCSP_F_OCSP_RESPONSE_GET1_BASIC                  111
 #define OCSP_F_OCSP_SENDREQ_BIO                          112
-#define OCSP_F_PARSE_HTTP_LINE1                          117
+#define OCSP_F_OCSP_SENDREQ_NBIO                         117
+#define OCSP_F_PARSE_HTTP_LINE1                          118
 #define OCSP_F_REQUEST_VERIFY                            113
 /* Reason codes. */
diff --git a/src/lib/libcrypto/ocsp/ocsp_cl.c b/src/lib/libcrypto/ocsp/ocsp_cl.c
index 17bab5fc59..9c14d9da27 100644
--- a/src/lib/libcrypto/ocsp/ocsp_cl.c
+++ b/src/lib/libcrypto/ocsp/ocsp_cl.c
@@ -155,7 +155,6 @@ int OCSP_request_sign(OCSP_REQUEST   *req,
                        goto err;
        if (!(req->optionalSignature = sig = OCSP_SIGNATURE_new())) goto err;
-        if (!dgst) dgst = EVP_sha1();
        if (key)
                {
                if (!X509_check_private_key(signer, key))
diff --git a/src/lib/libcrypto/ocsp/ocsp_err.c b/src/lib/libcrypto/ocsp/ocsp_err.c
index d2f2e79f44..0cedcea682 100644
--- a/src/lib/libcrypto/ocsp/ocsp_err.c
+++ b/src/lib/libcrypto/ocsp/ocsp_err.c
@@ -1,6 +1,6 @@
 /* crypto/ocsp/ocsp_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -86,6 +86,7 @@ static ERR_STRING_DATA OCSP_str_functs[]=
 {ERR_FUNC(OCSP_F_OCSP_REQUEST_VERIFY),  "OCSP_request_verify"},
 {ERR_FUNC(OCSP_F_OCSP_RESPONSE_GET1_BASIC),     "OCSP_response_get1_basic"},
 {ERR_FUNC(OCSP_F_OCSP_SENDREQ_BIO),     "OCSP_sendreq_bio"},
+{ERR_FUNC(OCSP_F_OCSP_SENDREQ_NBIO),    "OCSP_sendreq_nbio"},
 {ERR_FUNC(OCSP_F_PARSE_HTTP_LINE1),     "PARSE_HTTP_LINE1"},
 {ERR_FUNC(OCSP_F_REQUEST_VERIFY),       "REQUEST_VERIFY"},
 {0,NULL}
diff --git a/src/lib/libcrypto/ocsp/ocsp_ext.c b/src/lib/libcrypto/ocsp/ocsp_ext.c
index 815cc29d58..ec884cb08f 100644
--- a/src/lib/libcrypto/ocsp/ocsp_ext.c
+++ b/src/lib/libcrypto/ocsp/ocsp_ext.c
@@ -264,7 +264,7 @@ int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc)
        }
 /* also CRL Entry Extensions */
+#if 0
 ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d,
                                void *data, STACK_OF(ASN1_OBJECT) *sk)
        {
@@ -305,6 +305,7 @@ err:
        if (b) OPENSSL_free(b);
        return NULL;
        }
+#endif
 /* Nonce handling functions */
@@ -442,17 +443,10 @@ X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim)
                if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim))) 
                        goto err;
                }
-        if (!(x = X509_EXTENSION_new())) goto err;
+        x = X509V3_EXT_i2d(NID_id_pkix_OCSP_CrlID, 0, cid);
-        if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_CrlID))) goto err;
-        if (!(ASN1_STRING_encode_of(OCSP_CRLID,x->value,i2d_OCSP_CRLID,cid,
-                                    NULL)))
-                goto err;
-        OCSP_CRLID_free(cid);
-        return x;
 err:
-        if (x) X509_EXTENSION_free(x);
        if (cid) OCSP_CRLID_free(cid);
-        return NULL;
+        return x;
        }
 /*   AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER */
@@ -470,18 +464,10 @@ X509_EXTENSION *OCSP_accept_responses_new(char **oids)
                        sk_ASN1_OBJECT_push(sk, o);
                oids++;
                }
-        if (!(x = X509_EXTENSION_new())) goto err;
+        x = X509V3_EXT_i2d(NID_id_pkix_OCSP_acceptableResponses, 0, sk);
-        if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_acceptableResponses)))
-                goto err;
-        if (!(ASN1_STRING_encode_of(ASN1_OBJECT,x->value,i2d_ASN1_OBJECT,NULL,
-                                    sk)))
-                goto err;
-        sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free);
-        return x;
 err:
-        if (x) X509_EXTENSION_free(x);
        if (sk) sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free);
-        return NULL;
+        return x;
        }
 /*  ArchiveCutoff ::= GeneralizedTime */
@@ -492,16 +478,10 @@ X509_EXTENSION *OCSP_archive_cutoff_new(char* tim)
        if (!(gt = ASN1_GENERALIZEDTIME_new())) goto err;
        if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim))) goto err;
-        if (!(x = X509_EXTENSION_new())) goto err;
+        x = X509V3_EXT_i2d(NID_id_pkix_OCSP_archiveCutoff, 0, gt);
-        if (!(x->object=OBJ_nid2obj(NID_id_pkix_OCSP_archiveCutoff)))goto err;
-        if (!(ASN1_STRING_encode_of(ASN1_GENERALIZEDTIME,x->value,
-                                    i2d_ASN1_GENERALIZEDTIME,gt,NULL))) goto err;
-        ASN1_GENERALIZEDTIME_free(gt);
-        return x;
 err:
        if (gt) ASN1_GENERALIZEDTIME_free(gt);
-        if (x) X509_EXTENSION_free(x);
+        return x;
-        return NULL;
        }
 /* per ACCESS_DESCRIPTION parameter are oids, of which there are currently
@@ -530,16 +510,9 @@ X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, char **urls)
                if (!sk_ACCESS_DESCRIPTION_push(sloc->locator, ad)) goto err;
                urls++;
                }
-        if (!(x = X509_EXTENSION_new())) goto err;
+        x = X509V3_EXT_i2d(NID_id_pkix_OCSP_serviceLocator, 0, sloc);
-        if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_serviceLocator))) 
-                goto err;
-        if (!(ASN1_STRING_encode_of(OCSP_SERVICELOC,x->value,
-                                    i2d_OCSP_SERVICELOC,sloc,NULL))) goto err;
-        OCSP_SERVICELOC_free(sloc);
-        return x;
 err:
-        if (x) X509_EXTENSION_free(x);
        if (sloc) OCSP_SERVICELOC_free(sloc);
-        return NULL;
+        return x;
        }
diff --git a/src/lib/libcrypto/ocsp/ocsp_ht.c b/src/lib/libcrypto/ocsp/ocsp_ht.c
index 6abb30b2c0..12bbfcffd1 100644
--- a/src/lib/libcrypto/ocsp/ocsp_ht.c
+++ b/src/lib/libcrypto/ocsp/ocsp_ht.c
@@ -118,39 +118,65 @@ void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx)
        OPENSSL_free(rctx);
        }
-OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, char *path, OCSP_REQUEST *req,
+int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req)
-                                                                int maxline)
        {
-        static char post_hdr[] = "POST %s HTTP/1.0\r\n"
+        static const char req_hdr[] =
        "Content-Type: application/ocsp-request\r\n"
        "Content-Length: %d\r\n\r\n";
+        if (BIO_printf(rctx->mem, req_hdr, i2d_OCSP_REQUEST(req, NULL)) <= 0)
+                return 0;
+        if (i2d_OCSP_REQUEST_bio(rctx->mem, req) <= 0)
+                return 0;
+        rctx->state = OHS_ASN1_WRITE;
+        rctx->asn1_len = BIO_get_mem_data(rctx->mem, NULL);
+        return 1;
+        }
+int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx,
+                const char *name, const char *value)
+        {
+        if (!name)
+                return 0;
+        if (BIO_puts(rctx->mem, name) <= 0)
+                return 0;
+        if (value)
+                {
+                if (BIO_write(rctx->mem, ": ", 2) != 2)
+                        return 0;
+                if (BIO_puts(rctx->mem, value) <= 0)
+                        return 0;
+                }
+        if (BIO_write(rctx->mem, "\r\n", 2) != 2)
+                return 0;
+        return 1;
+        }
+OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, char *path, OCSP_REQUEST *req,
+                                                                int maxline)
+        {
+        static const char post_hdr[] = "POST %s HTTP/1.0\r\n";
        OCSP_REQ_CTX *rctx;
        rctx = OPENSSL_malloc(sizeof(OCSP_REQ_CTX));
-        rctx->state = OHS_FIRSTLINE;
+        rctx->state = OHS_ERROR;
        rctx->mem = BIO_new(BIO_s_mem());
        rctx->io = io;
+        rctx->asn1_len = 0;
        if (maxline > 0)
                rctx->iobuflen = maxline;
        else
                rctx->iobuflen = OCSP_MAX_LINE_LEN;
        rctx->iobuf = OPENSSL_malloc(rctx->iobuflen);
+        if (!rctx->iobuf)
+                return 0;
        if (!path)
                path = "/";
-        if (BIO_printf(rctx->mem, post_hdr, path,
+        if (BIO_printf(rctx->mem, post_hdr, path) <= 0)
-                                i2d_OCSP_REQUEST(req, NULL)) <= 0)
-                {
-                rctx->state = OHS_ERROR;
                return 0;
-                }
-        if (i2d_OCSP_REQUEST_bio(rctx->mem, req) <= 0)
+        if (req && !OCSP_REQ_CTX_set1_req(rctx, req))
-                {
-                rctx->state = OHS_ERROR;
                return 0;
-                }
-        rctx->state = OHS_ASN1_WRITE;
-        rctx->asn1_len = BIO_get_mem_data(rctx->mem, NULL);
        return rctx;
        }
diff --git a/src/lib/libcrypto/ocsp/ocsp_lib.c b/src/lib/libcrypto/ocsp/ocsp_lib.c
index 27450811d7..36905d76cd 100644
--- a/src/lib/libcrypto/ocsp/ocsp_lib.c
+++ b/src/lib/libcrypto/ocsp/ocsp_lib.c
@@ -69,6 +69,7 @@
 #include <openssl/pem.h>
 #include <openssl/x509v3.h>
 #include <openssl/ocsp.h>
+#include <openssl/asn1t.h>
 /* Convert a certificate and its issuer to an OCSP_CERTID */
@@ -260,3 +261,5 @@ int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pss
        return 0;
        }
+IMPLEMENT_ASN1_DUP_FUNCTION(OCSP_CERTID)
diff --git a/src/lib/libcrypto/ocsp/ocsp_prn.c b/src/lib/libcrypto/ocsp/ocsp_prn.c
index 3dfb51c1e4..1695c9c4ad 100644
--- a/src/lib/libcrypto/ocsp/ocsp_prn.c
+++ b/src/lib/libcrypto/ocsp/ocsp_prn.c
@@ -85,21 +85,21 @@ static int ocsp_certid_print(BIO *bp, OCSP_CERTID* a, int indent)
 typedef struct
        {
        long t;
-        char *m;
+        const char *m;
        } OCSP_TBLSTR;
-static char *table2string(long s, OCSP_TBLSTR *ts, int len)
+static const char *table2string(long s, const OCSP_TBLSTR *ts, int len)
 {
-        OCSP_TBLSTR *p;
+        const OCSP_TBLSTR *p;
        for (p=ts; p < ts + len; p++)
                if (p->t == s)
                         return p->m;
        return "(UNKNOWN)";
 }
-char *OCSP_response_status_str(long s)
+const char *OCSP_response_status_str(long s)
        {
-        static OCSP_TBLSTR rstat_tbl[] = {
+        static const OCSP_TBLSTR rstat_tbl[] = {
                { OCSP_RESPONSE_STATUS_SUCCESSFUL, "successful" },
                { OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, "malformedrequest" },
                { OCSP_RESPONSE_STATUS_INTERNALERROR, "internalerror" },
@@ -109,18 +109,18 @@ char *OCSP_response_status_str(long s)
        return table2string(s, rstat_tbl, 6);
        } 
-char *OCSP_cert_status_str(long s)
+const char *OCSP_cert_status_str(long s)
        {
-        static OCSP_TBLSTR cstat_tbl[] = {
+        static const OCSP_TBLSTR cstat_tbl[] = {
                { V_OCSP_CERTSTATUS_GOOD, "good" },
                { V_OCSP_CERTSTATUS_REVOKED, "revoked" },
                { V_OCSP_CERTSTATUS_UNKNOWN, "unknown" } };
        return table2string(s, cstat_tbl, 3);
        } 
-char *OCSP_crl_reason_str(long s)
+const char *OCSP_crl_reason_str(long s)
        {
-        OCSP_TBLSTR reason_tbl[] = {
+        static const OCSP_TBLSTR reason_tbl[] = {
          { OCSP_REVOKED_STATUS_UNSPECIFIED, "unspecified" },
          { OCSP_REVOKED_STATUS_KEYCOMPROMISE, "keyCompromise" },
          { OCSP_REVOKED_STATUS_CACOMPROMISE, "cACompromise" },
@@ -266,15 +266,16 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags)
                        if (!ASN1_GENERALIZEDTIME_print(bp,single->nextUpdate))
                                goto err;
                        }
-                if (!BIO_write(bp,"\n",1)) goto err;
+                if (BIO_write(bp,"\n",1) <= 0) goto err;
                if (!X509V3_extensions_print(bp,
                                        "Response Single Extensions",
                                        single->singleExtensions, flags, 8))
                                                        goto err;
-                if (!BIO_write(bp,"\n",1)) goto err;
+                if (BIO_write(bp,"\n",1) <= 0) goto err;
                }
        if (!X509V3_extensions_print(bp, "Response Extensions",
                                        rd->responseExtensions, flags, 4))
+                                                        goto err;
        if(X509_signature_print(bp, br->signatureAlgorithm, br->signature) <= 0)
                                                        goto err;
diff --git a/src/lib/libcrypto/ocsp/ocsp_vfy.c b/src/lib/libcrypto/ocsp/ocsp_vfy.c
index 4a0c3870d8..415d67e61c 100644
--- a/src/lib/libcrypto/ocsp/ocsp_vfy.c
+++ b/src/lib/libcrypto/ocsp/ocsp_vfy.c
@@ -308,6 +308,8 @@ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
                        }
                mdlen = EVP_MD_size(dgst);
+                if (mdlen < 0)
+                    return -1;
                if ((cid->issuerNameHash->length != mdlen) ||
                   (cid->issuerKeyHash->length != mdlen))
                        return 0;
@@ -316,7 +318,7 @@ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
                        return -1;
                if (memcmp(md, cid->issuerNameHash->data, mdlen))
                        return 0;
-                X509_pubkey_digest(cert, EVP_sha1(), md, NULL);
+                X509_pubkey_digest(cert, dgst, md, NULL);
                if (memcmp(md, cid->issuerKeyHash->data, mdlen))
                        return 0;
diff --git a/src/lib/libcrypto/opensslv.h b/src/lib/libcrypto/opensslv.h
index c6207f76b2..2fb110fa0e 100644
--- a/src/lib/libcrypto/opensslv.h
+++ b/src/lib/libcrypto/opensslv.h
@@ -12,7 +12,7 @@
 * 0.9.3-beta2    0x00903002 (same as ...beta2-dev)
 * 0.9.3          0x0090300f
 * 0.9.3a         0x0090301f
- * 0.9.4          0x0090400f
+ * 0.9.4          0x0090400f
 * 1.2.3z         0x102031af
 *
 * For continuity reasons (because 0.9.5 is already out, and is coded
@@ -25,11 +25,11 @@
 * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
 *  major minor fix final patch/beta)
 */
-#define OPENSSL_VERSION_NUMBER  0x009080bfL
+#define OPENSSL_VERSION_NUMBER  0x1000001fL
 #ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT    "OpenSSL 0.9.8k-fips 25 Mar 2009"
+#define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.0a-fips 1 Jun 2010"
 #else
-#define OPENSSL_VERSION_TEXT    "OpenSSL 0.9.8k 25 Mar 2009"
+#define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.0a 1 Jun 2010"
 #endif
 #define OPENSSL_VERSION_PTEXT   " part of " OPENSSL_VERSION_TEXT
@@ -83,7 +83,7 @@
 * should only keep the versions that are binary compatible with the current.
 */
 #define SHLIB_VERSION_HISTORY ""
-#define SHLIB_VERSION_NUMBER "0.9.8"
+#define SHLIB_VERSION_NUMBER "1.0.0"
 #endif /* HEADER_OPENSSLV_H */
diff --git a/src/lib/libcrypto/ossl_typ.h b/src/lib/libcrypto/ossl_typ.h
index 0e7a380880..12bd7014de 100644
--- a/src/lib/libcrypto/ossl_typ.h
+++ b/src/lib/libcrypto/ossl_typ.h
@@ -95,6 +95,8 @@ typedef int ASN1_BOOLEAN;
 typedef int ASN1_NULL;
 #endif
+typedef struct asn1_pctx_st ASN1_PCTX;
 #ifdef OPENSSL_SYS_WIN32
 #undef X509_NAME
 #undef X509_EXTENSIONS
@@ -122,6 +124,11 @@ typedef struct env_md_st EVP_MD;
 typedef struct env_md_ctx_st EVP_MD_CTX;
 typedef struct evp_pkey_st EVP_PKEY;
+typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD;
+typedef struct evp_pkey_method_st EVP_PKEY_METHOD;
+typedef struct evp_pkey_ctx_st EVP_PKEY_CTX;
 typedef struct dh_st DH;
 typedef struct dh_method DH_METHOD;
@@ -139,11 +146,14 @@ typedef struct ecdsa_method ECDSA_METHOD;
 typedef struct x509_st X509;
 typedef struct X509_algor_st X509_ALGOR;
 typedef struct X509_crl_st X509_CRL;
+typedef struct x509_crl_method_st X509_CRL_METHOD;
+typedef struct x509_revoked_st X509_REVOKED;
 typedef struct X509_name_st X509_NAME;
+typedef struct X509_pubkey_st X509_PUBKEY;
 typedef struct x509_store_st X509_STORE;
 typedef struct x509_store_ctx_st X509_STORE_CTX;
-typedef struct ssl_st SSL;
-typedef struct ssl_ctx_st SSL_CTX;
+typedef struct pkcs8_priv_key_info_st PKCS8_PRIV_KEY_INFO;
 typedef struct v3_ext_ctx X509V3_CTX;
 typedef struct conf_st CONF;
@@ -157,12 +167,19 @@ typedef struct ui_method_st UI_METHOD;
 typedef struct st_ERR_FNS ERR_FNS;
 typedef struct engine_st ENGINE;
+typedef struct ssl_st SSL;
+typedef struct ssl_ctx_st SSL_CTX;
 typedef struct X509_POLICY_NODE_st X509_POLICY_NODE;
 typedef struct X509_POLICY_LEVEL_st X509_POLICY_LEVEL;
 typedef struct X509_POLICY_TREE_st X509_POLICY_TREE;
 typedef struct X509_POLICY_CACHE_st X509_POLICY_CACHE;
+typedef struct AUTHORITY_KEYID_st AUTHORITY_KEYID;
+typedef struct DIST_POINT_st DIST_POINT;
+typedef struct ISSUING_DIST_POINT_st ISSUING_DIST_POINT;
+typedef struct NAME_CONSTRAINTS_st NAME_CONSTRAINTS;
  /* If placed in pkcs12.h, we end up with a circular depency with pkcs7.h */
 #define DECLARE_PKCS12_STACK_OF(type) /* Nothing */
 #define IMPLEMENT_PKCS12_STACK_OF(type) /* Nothing */
diff --git a/src/lib/libcrypto/pem/pem.h b/src/lib/libcrypto/pem/pem.h
index 6c193f1cbf..8a6ababe3a 100644
--- a/src/lib/libcrypto/pem/pem.h
+++ b/src/lib/libcrypto/pem/pem.h
@@ -134,6 +134,7 @@ extern "C" {
 #define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY"
 #define PEM_STRING_ECPARAMETERS "EC PARAMETERS"
 #define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY"
+#define PEM_STRING_PARAMETERS   "PARAMETERS"
 #define PEM_STRING_CMS          "CMS"
  /* Note that this structure is initialised by PEM_SealInit and cleaned up
@@ -183,11 +184,8 @@ typedef struct pem_ctx_st
        int num_recipient;
        PEM_USER **recipient;
-#ifndef OPENSSL_NO_STACK
+        /* XXX(ben): don#t think this is used! 
-        STACK *x509_chain;      /* certificate chain */
+                STACK *x509_chain;      / * certificate chain */
-#else
-        char *x509_chain;       /* certificate chain */
-#endif
        EVP_MD *md;             /* signature type */
        int md_enc;             /* is the md encrypted or not? */
@@ -224,28 +222,19 @@ typedef struct pem_ctx_st
 #define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \
 type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\
 { \
-    return (type*)PEM_ASN1_read(CHECKED_D2I_OF(type, d2i_##asn1), \
+return PEM_ASN1_read((d2i_of_void *)d2i_##asn1, str,fp,(void **)x,cb,u); \
-                                str, fp, \
-                                CHECKED_PPTR_OF(type, x), \
-                                cb, u); \
 } 
 #define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \
 int PEM_write_##name(FILE *fp, type *x) \
 { \
-    return PEM_ASN1_write(CHECKED_I2D_OF(type, i2d_##asn1), \
+return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,NULL,NULL,0,NULL,NULL); \
-                          str, fp, \
-                          CHECKED_PTR_OF(type, x), \
-                          NULL, NULL, 0, NULL, NULL); \
 }
 #define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) \
 int PEM_write_##name(FILE *fp, const type *x) \
 { \
-    return PEM_ASN1_write(CHECKED_I2D_OF(const type, i2d_##asn1), \
+return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,(void *)x,NULL,NULL,0,NULL,NULL); \
-                          str, fp, \
-                          CHECKED_PTR_OF(const type, x), \
-                          NULL, NULL, 0, NULL, NULL); \
 }
 #define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \
@@ -253,10 +242,7 @@ int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
             unsigned char *kstr, int klen, pem_password_cb *cb, \
                  void *u) \
        { \
-            return PEM_ASN1_write(CHECKED_I2D_OF(type, i2d_##asn1), \
+        return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u); \
-                                  str, fp, \
-                                  CHECKED_PTR_OF(type, x), \
-                                  enc, kstr, klen, cb, u); \
        }
 #define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) \
@@ -264,10 +250,7 @@ int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
             unsigned char *kstr, int klen, pem_password_cb *cb, \
                  void *u) \
        { \
-            return PEM_ASN1_write(CHECKED_I2D_OF(const type, i2d_##asn1), \
+        return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u); \
-                                  str, fp, \
-                                  CHECKED_PTR_OF(const type, x), \
-                                  enc, kstr, klen, cb, u); \
        }
 #endif
@@ -275,48 +258,33 @@ int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
 #define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \
 type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u)\
 { \
-    return (type*)PEM_ASN1_read_bio(CHECKED_D2I_OF(type, d2i_##asn1), \
+return PEM_ASN1_read_bio((d2i_of_void *)d2i_##asn1, str,bp,(void **)x,cb,u); \
-                                    str, bp, \
-                                    CHECKED_PPTR_OF(type, x), \
-                                    cb, u); \
 }
 #define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \
 int PEM_write_bio_##name(BIO *bp, type *x) \
 { \
-    return PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d_##asn1), \
+return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,x,NULL,NULL,0,NULL,NULL); \
-                              str, bp, \
-                              CHECKED_PTR_OF(type, x), \
-                              NULL, NULL, 0, NULL, NULL); \
 }
 #define IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \
 int PEM_write_bio_##name(BIO *bp, const type *x) \
 { \
-    return PEM_ASN1_write_bio(CHECKED_I2D_OF(const type, i2d_##asn1), \
+return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,(void *)x,NULL,NULL,0,NULL,NULL); \
-                              str, bp, \
-                              CHECKED_PTR_OF(const type, x), \
-                              NULL, NULL, 0, NULL, NULL); \
 }
 #define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \
 int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
             unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \
        { \
-            return PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d_##asn1), \
+        return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,x,enc,kstr,klen,cb,u); \
-                                      str, bp, \
-                                      CHECKED_PTR_OF(type, x), \
-                                      enc, kstr, klen, cb, u); \
        }
 #define IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \
 int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
             unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \
        { \
-            return PEM_ASN1_write_bio(CHECKED_I2D_OF(const type, i2d_##asn1), \
+        return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,(void *)x,enc,kstr,klen,cb,u); \
-                                      str, bp, \
-                                      CHECKED_PTR_OF(const type, x), \
-                                      enc, kstr, klen, cb, u); \
        }
 #define IMPLEMENT_PEM_write(name, type, str, asn1) \
@@ -353,11 +321,10 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
 /* These are the same except they are for the declarations */
-#if defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_NO_FP_API)
+#if defined(OPENSSL_NO_FP_API)
 #define DECLARE_PEM_read_fp(name, type) /**/
 #define DECLARE_PEM_write_fp(name, type) /**/
-#define DECLARE_PEM_write_fp_const(name, type) /**/
 #define DECLARE_PEM_write_cb_fp(name, type) /**/
 #else
@@ -428,138 +395,6 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
        DECLARE_PEM_read(name, type) \
        DECLARE_PEM_write_cb(name, type)
-#ifdef SSLEAY_MACROS
-#define PEM_write_SSL_SESSION(fp,x) \
-                PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \
-                        PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL,NULL)
-#define PEM_write_X509(fp,x) \
-                PEM_ASN1_write((int (*)())i2d_X509,PEM_STRING_X509,fp, \
-                        (char *)x, NULL,NULL,0,NULL,NULL)
-#define PEM_write_X509_REQ(fp,x) PEM_ASN1_write( \
-                (int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,fp,(char *)x, \
-                        NULL,NULL,0,NULL,NULL)
-#define PEM_write_X509_CRL(fp,x) \
-                PEM_ASN1_write((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL, \
-                        fp,(char *)x, NULL,NULL,0,NULL,NULL)
-#define PEM_write_RSAPrivateKey(fp,x,enc,kstr,klen,cb,u) \
-                PEM_ASN1_write((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,fp,\
-                        (char *)x,enc,kstr,klen,cb,u)
-#define PEM_write_RSAPublicKey(fp,x) \
-                PEM_ASN1_write((int (*)())i2d_RSAPublicKey,\
-                        PEM_STRING_RSA_PUBLIC,fp,(char *)x,NULL,NULL,0,NULL,NULL)
-#define PEM_write_DSAPrivateKey(fp,x,enc,kstr,klen,cb,u) \
-                PEM_ASN1_write((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,fp,\
-                        (char *)x,enc,kstr,klen,cb,u)
-#define PEM_write_PrivateKey(bp,x,enc,kstr,klen,cb,u) \
-                PEM_ASN1_write((int (*)())i2d_PrivateKey,\
-                (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\
-                        bp,(char *)x,enc,kstr,klen,cb,u)
-#define PEM_write_PKCS7(fp,x) \
-                PEM_ASN1_write((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,fp, \
-                        (char *)x, NULL,NULL,0,NULL,NULL)
-#define PEM_write_DHparams(fp,x) \
-                PEM_ASN1_write((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,fp,\
-                        (char *)x,NULL,NULL,0,NULL,NULL)
-#define PEM_write_NETSCAPE_CERT_SEQUENCE(fp,x) \
-                PEM_ASN1_write((int (*)())i2d_NETSCAPE_CERT_SEQUENCE, \
-                        PEM_STRING_X509,fp, \
-                        (char *)x, NULL,NULL,0,NULL,NULL)
-#define PEM_read_SSL_SESSION(fp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read( \
-        (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb,u)
-#define PEM_read_X509(fp,x,cb,u) (X509 *)PEM_ASN1_read( \
-        (char *(*)())d2i_X509,PEM_STRING_X509,fp,(char **)x,cb,u)
-#define PEM_read_X509_REQ(fp,x,cb,u) (X509_REQ *)PEM_ASN1_read( \
-        (char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,fp,(char **)x,cb,u)
-#define PEM_read_X509_CRL(fp,x,cb,u) (X509_CRL *)PEM_ASN1_read( \
-        (char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,fp,(char **)x,cb,u)
-#define PEM_read_RSAPrivateKey(fp,x,cb,u) (RSA *)PEM_ASN1_read( \
-        (char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,fp,(char **)x,cb,u)
-#define PEM_read_RSAPublicKey(fp,x,cb,u) (RSA *)PEM_ASN1_read( \
-        (char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,fp,(char **)x,cb,u)
-#define PEM_read_DSAPrivateKey(fp,x,cb,u) (DSA *)PEM_ASN1_read( \
-        (char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,fp,(char **)x,cb,u)
-#define PEM_read_PrivateKey(fp,x,cb,u) (EVP_PKEY *)PEM_ASN1_read( \
-        (char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,fp,(char **)x,cb,u)
-#define PEM_read_PKCS7(fp,x,cb,u) (PKCS7 *)PEM_ASN1_read( \
-        (char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,fp,(char **)x,cb,u)
-#define PEM_read_DHparams(fp,x,cb,u) (DH *)PEM_ASN1_read( \
-        (char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,fp,(char **)x,cb,u)
-#define PEM_read_NETSCAPE_CERT_SEQUENCE(fp,x,cb,u) \
-                (NETSCAPE_CERT_SEQUENCE *)PEM_ASN1_read( \
-        (char *(*)())d2i_NETSCAPE_CERT_SEQUENCE,PEM_STRING_X509,fp,\
-                                                        (char **)x,cb,u)
-#define PEM_write_bio_X509(bp,x) \
-                PEM_ASN1_write_bio((int (*)())i2d_X509,PEM_STRING_X509,bp, \
-                        (char *)x, NULL,NULL,0,NULL,NULL)
-#define PEM_write_bio_X509_REQ(bp,x) PEM_ASN1_write_bio( \
-                (int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,bp,(char *)x, \
-                        NULL,NULL,0,NULL,NULL)
-#define PEM_write_bio_X509_CRL(bp,x) \
-                PEM_ASN1_write_bio((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL,\
-                        bp,(char *)x, NULL,NULL,0,NULL,NULL)
-#define PEM_write_bio_RSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \
-                PEM_ASN1_write_bio((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,\
-                        bp,(char *)x,enc,kstr,klen,cb,u)
-#define PEM_write_bio_RSAPublicKey(bp,x) \
-                PEM_ASN1_write_bio((int (*)())i2d_RSAPublicKey, \
-                        PEM_STRING_RSA_PUBLIC,\
-                        bp,(char *)x,NULL,NULL,0,NULL,NULL)
-#define PEM_write_bio_DSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \
-                PEM_ASN1_write_bio((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,\
-                        bp,(char *)x,enc,kstr,klen,cb,u)
-#define PEM_write_bio_PrivateKey(bp,x,enc,kstr,klen,cb,u) \
-                PEM_ASN1_write_bio((int (*)())i2d_PrivateKey,\
-                (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\
-                        bp,(char *)x,enc,kstr,klen,cb,u)
-#define PEM_write_bio_PKCS7(bp,x) \
-                PEM_ASN1_write_bio((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,bp, \
-                        (char *)x, NULL,NULL,0,NULL,NULL)
-#define PEM_write_bio_DHparams(bp,x) \
-                PEM_ASN1_write_bio((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,\
-                        bp,(char *)x,NULL,NULL,0,NULL,NULL)
-#define PEM_write_bio_DSAparams(bp,x) \
-                PEM_ASN1_write_bio((int (*)())i2d_DSAparams, \
-                        PEM_STRING_DSAPARAMS,bp,(char *)x,NULL,NULL,0,NULL,NULL)
-#define PEM_write_bio_NETSCAPE_CERT_SEQUENCE(bp,x) \
-                PEM_ASN1_write_bio((int (*)())i2d_NETSCAPE_CERT_SEQUENCE, \
-                        PEM_STRING_X509,bp, \
-                        (char *)x, NULL,NULL,0,NULL,NULL)
-#define PEM_read_bio_X509(bp,x,cb,u) (X509 *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_X509,PEM_STRING_X509,bp,(char **)x,cb,u)
-#define PEM_read_bio_X509_REQ(bp,x,cb,u) (X509_REQ *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,bp,(char **)x,cb,u)
-#define PEM_read_bio_X509_CRL(bp,x,cb,u) (X509_CRL *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,bp,(char **)x,cb,u)
-#define PEM_read_bio_RSAPrivateKey(bp,x,cb,u) (RSA *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,bp,(char **)x,cb,u)
-#define PEM_read_bio_RSAPublicKey(bp,x,cb,u) (RSA *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,bp,(char **)x,cb,u)
-#define PEM_read_bio_DSAPrivateKey(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,bp,(char **)x,cb,u)
-#define PEM_read_bio_PrivateKey(bp,x,cb,u) (EVP_PKEY *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,bp,(char **)x,cb,u)
-#define PEM_read_bio_PKCS7(bp,x,cb,u) (PKCS7 *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,bp,(char **)x,cb,u)
-#define PEM_read_bio_DHparams(bp,x,cb,u) (DH *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,bp,(char **)x,cb,u)
-#define PEM_read_bio_DSAparams(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_DSAparams,PEM_STRING_DSAPARAMS,bp,(char **)x,cb,u)
-#define PEM_read_bio_NETSCAPE_CERT_SEQUENCE(bp,x,cb,u) \
-                (NETSCAPE_CERT_SEQUENCE *)PEM_ASN1_read_bio( \
-        (char *(*)())d2i_NETSCAPE_CERT_SEQUENCE,PEM_STRING_X509,bp,\
-                                                        (char **)x,cb,u)
-#endif
 #if 1
 /* "userdata": new with OpenSSL 0.9.4 */
 typedef int pem_password_cb(char *buf, int size, int rwflag, void *userdata);
@@ -581,40 +416,25 @@ int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char
             pem_password_cb *cb, void *u);
 void *  PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp,
                          void **x, pem_password_cb *cb, void *u);
+int     PEM_ASN1_write_bio(i2d_of_void *i2d,const char *name,BIO *bp, void *x,
-#define PEM_ASN1_read_bio_of(type,d2i,name,bp,x,cb,u) \
-    ((type*)PEM_ASN1_read_bio(CHECKED_D2I_OF(type, d2i), \
-                              name, bp,                 \
-                              CHECKED_PPTR_OF(type, x), \
-                              cb, u))
-int     PEM_ASN1_write_bio(i2d_of_void *i2d,const char *name,BIO *bp,char *x,
                           const EVP_CIPHER *enc,unsigned char *kstr,int klen,
                           pem_password_cb *cb, void *u);
-#define PEM_ASN1_write_bio_of(type,i2d,name,bp,x,enc,kstr,klen,cb,u) \
-    (PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d), \
-                        name, bp,                  \
-                        CHECKED_PTR_OF(type, x), \
-                        enc, kstr, klen, cb, u))
 STACK_OF(X509_INFO) *   PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u);
 int     PEM_X509_INFO_write_bio(BIO *bp,X509_INFO *xi, EVP_CIPHER *enc,
                unsigned char *kstr, int klen, pem_password_cb *cd, void *u);
 #endif
-#ifndef OPENSSL_SYS_WIN16
 int     PEM_read(FILE *fp, char **name, char **header,
                unsigned char **data,long *len);
 int     PEM_write(FILE *fp,char *name,char *hdr,unsigned char *data,long len);
 void *  PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x,
                      pem_password_cb *cb, void *u);
 int     PEM_ASN1_write(i2d_of_void *i2d,const char *name,FILE *fp,
-                       char *x,const EVP_CIPHER *enc,unsigned char *kstr,
+                       void *x,const EVP_CIPHER *enc,unsigned char *kstr,
                       int klen,pem_password_cb *callback, void *u);
 STACK_OF(X509_INFO) *   PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,
        pem_password_cb *cb, void *u);
-#endif
 int     PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type,
                EVP_MD *md_type, unsigned char **ek, int *ekl,
@@ -633,7 +453,6 @@ int	PEM_def_callback(char *buf, int num, int w, void *key);
 void    PEM_proc_type(char *buf, int type);
 void    PEM_dek_info(char *buf, const char *type, int len, char *str);
-#ifndef SSLEAY_MACROS
 #include <openssl/symhacks.h>
@@ -719,7 +538,21 @@ EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, vo
 int PEM_write_PKCS8PrivateKey(FILE *fp,EVP_PKEY *x,const EVP_CIPHER *enc,
                              char *kstr,int klen, pem_password_cb *cd, void *u);
-#endif /* SSLEAY_MACROS */
+EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x);
+int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x);
+EVP_PKEY *b2i_PrivateKey(const unsigned char **in, long length);
+EVP_PKEY *b2i_PublicKey(const unsigned char **in, long length);
+EVP_PKEY *b2i_PrivateKey_bio(BIO *in);
+EVP_PKEY *b2i_PublicKey_bio(BIO *in);
+int i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk);
+int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk);
+#ifndef OPENSSL_NO_RC4
+EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u);
+int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel,
+                pem_password_cb *cb, void *u);
+#endif
 /* BEGIN ERROR CODES */
@@ -731,10 +564,22 @@ void ERR_load_PEM_strings(void);
 /* Error codes for the PEM functions. */
 /* Function codes. */
+#define PEM_F_B2I_DSS                                    127
+#define PEM_F_B2I_PVK_BIO                                128
+#define PEM_F_B2I_RSA                                    129
+#define PEM_F_CHECK_BITLEN_DSA                           130
+#define PEM_F_CHECK_BITLEN_RSA                           131
 #define PEM_F_D2I_PKCS8PRIVATEKEY_BIO                    120
 #define PEM_F_D2I_PKCS8PRIVATEKEY_FP                     121
+#define PEM_F_DO_B2I                                     132
+#define PEM_F_DO_B2I_BIO                                 133
+#define PEM_F_DO_BLOB_HEADER                             134
 #define PEM_F_DO_PK8PKEY                                 126
 #define PEM_F_DO_PK8PKEY_FP                              125
+#define PEM_F_DO_PVK_BODY                                135
+#define PEM_F_DO_PVK_HEADER                              136
+#define PEM_F_I2B_PVK                                    137
+#define PEM_F_I2B_PVK_BIO                                138
 #define PEM_F_LOAD_IV                                    101
 #define PEM_F_PEM_ASN1_READ                              102
 #define PEM_F_PEM_ASN1_READ_BIO                          103
@@ -747,6 +592,7 @@ void ERR_load_PEM_strings(void);
 #define PEM_F_PEM_PK8PKEY                                119
 #define PEM_F_PEM_READ                                   108
 #define PEM_F_PEM_READ_BIO                               109
+#define PEM_F_PEM_READ_BIO_PARAMETERS                    140
 #define PEM_F_PEM_READ_BIO_PRIVATEKEY                    123
 #define PEM_F_PEM_READ_PRIVATEKEY                        124
 #define PEM_F_PEM_SEALFINAL                              110
@@ -754,6 +600,7 @@ void ERR_load_PEM_strings(void);
 #define PEM_F_PEM_SIGNFINAL                              112
 #define PEM_F_PEM_WRITE                                  113
 #define PEM_F_PEM_WRITE_BIO                              114
+#define PEM_F_PEM_WRITE_PRIVATEKEY                       139
 #define PEM_F_PEM_X509_INFO_READ                         115
 #define PEM_F_PEM_X509_INFO_READ_BIO                     116
 #define PEM_F_PEM_X509_INFO_WRITE_BIO                    117
@@ -763,18 +610,30 @@ void ERR_load_PEM_strings(void);
 #define PEM_R_BAD_DECRYPT                                101
 #define PEM_R_BAD_END_LINE                               102
 #define PEM_R_BAD_IV_CHARS                               103
+#define PEM_R_BAD_MAGIC_NUMBER                           116
 #define PEM_R_BAD_PASSWORD_READ                          104
+#define PEM_R_BAD_VERSION_NUMBER                         117
+#define PEM_R_BIO_WRITE_FAILURE                          118
+#define PEM_R_CIPHER_IS_NULL                             127
 #define PEM_R_ERROR_CONVERTING_PRIVATE_KEY               115
+#define PEM_R_EXPECTING_PRIVATE_KEY_BLOB                 119
+#define PEM_R_EXPECTING_PUBLIC_KEY_BLOB                  120
+#define PEM_R_INCONSISTENT_HEADER                        121
+#define PEM_R_KEYBLOB_HEADER_PARSE_ERROR                 122
+#define PEM_R_KEYBLOB_TOO_SHORT                          123
 #define PEM_R_NOT_DEK_INFO                               105
 #define PEM_R_NOT_ENCRYPTED                              106
 #define PEM_R_NOT_PROC_TYPE                              107
 #define PEM_R_NO_START_LINE                              108
 #define PEM_R_PROBLEMS_GETTING_PASSWORD                  109
 #define PEM_R_PUBLIC_KEY_NO_RSA                          110
+#define PEM_R_PVK_DATA_TOO_SHORT                         124
+#define PEM_R_PVK_TOO_SHORT                              125
 #define PEM_R_READ_KEY                                   111
 #define PEM_R_SHORT_HEADER                               112
 #define PEM_R_UNSUPPORTED_CIPHER                         113
 #define PEM_R_UNSUPPORTED_ENCRYPTION                     114
+#define PEM_R_UNSUPPORTED_KEY_COMPONENTS                 126
 #ifdef  __cplusplus
 }
diff --git a/src/lib/libcrypto/pem/pem_all.c b/src/lib/libcrypto/pem/pem_all.c
index 69dd19bf2e..3e7a6093ad 100644
--- a/src/lib/libcrypto/pem/pem_all.c
+++ b/src/lib/libcrypto/pem/pem_all.c
@@ -110,7 +110,6 @@
 */
 #include <stdio.h>
-#undef SSLEAY_MACROS
 #include "cryptlib.h"
 #include <openssl/bio.h>
 #include <openssl/evp.h>
@@ -194,49 +193,7 @@ RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb,
 #endif
-#ifdef OPENSSL_FIPS
-int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-{
-        EVP_PKEY *k;
-        int ret;
-        k = EVP_PKEY_new();
-        if (!k)
-                return 0;
-        EVP_PKEY_set1_RSA(k, x);
-        ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
-        EVP_PKEY_free(k);
-        return ret;
-}
-#ifndef OPENSSL_NO_FP_API
-int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-{
-        EVP_PKEY *k;
-        int ret;
-        k = EVP_PKEY_new();
-        if (!k)
-                return 0;
-        EVP_PKEY_set1_RSA(k, x);
-        ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
-        EVP_PKEY_free(k);
-        return ret;
-}
-#endif
-#else
 IMPLEMENT_PEM_write_cb_const(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey)
-#endif
 IMPLEMENT_PEM_rw_const(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey)
 IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY)
@@ -263,50 +220,10 @@ DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb,
 {
        EVP_PKEY *pktmp;
        pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);
-        return pkey_get_dsa(pktmp, dsa);
+        return pkey_get_dsa(pktmp, dsa);        /* will free pktmp */
 }
-#ifdef OPENSSL_FIPS
-int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-{
-        EVP_PKEY *k;
-        int ret;
-        k = EVP_PKEY_new();
-        if (!k)
-                return 0;
-        EVP_PKEY_set1_DSA(k, x);
-        ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
-        EVP_PKEY_free(k);
-        return ret;
-}
-#ifndef OPENSSL_NO_FP_API
-int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-{
-        EVP_PKEY *k;
-        int ret;
-        k = EVP_PKEY_new();
-        if (!k)
-                return 0;
-        EVP_PKEY_set1_DSA(k, x);
-        ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
-        EVP_PKEY_free(k);
-        return ret;
-}
-#endif
-#else
 IMPLEMENT_PEM_write_cb_const(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey)
-#endif
 IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY)
 #ifndef OPENSSL_NO_FP_API
@@ -316,7 +233,7 @@ DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **dsa, pem_password_cb *cb,
 {
        EVP_PKEY *pktmp;
        pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
-        return pkey_get_dsa(pktmp, dsa);
+        return pkey_get_dsa(pktmp, dsa);        /* will free pktmp */
 }
 #endif
@@ -347,54 +264,13 @@ EC_KEY *PEM_read_bio_ECPrivateKey(BIO *bp, EC_KEY **key, pem_password_cb *cb,
 {
        EVP_PKEY *pktmp;
        pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);
-        return pkey_get_eckey(pktmp, key);
+        return pkey_get_eckey(pktmp, key);      /* will free pktmp */
 }
 IMPLEMENT_PEM_rw_const(ECPKParameters, EC_GROUP, PEM_STRING_ECPARAMETERS, ECPKParameters)
-#ifdef OPENSSL_FIPS
-int PEM_write_bio_ECPrivateKey(BIO *bp, EC_KEY *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-{
-        EVP_PKEY *k;
-        int ret;
-        k = EVP_PKEY_new();
-        if (!k)
-                return 0;
-        EVP_PKEY_set1_EC_KEY(k, x);
-        ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
-        EVP_PKEY_free(k);
-        return ret;
-}
-#ifndef OPENSSL_NO_FP_API
-int PEM_write_ECPrivateKey(FILE *fp, EC_KEY *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-{
-        EVP_PKEY *k;
-        int ret;
-        k = EVP_PKEY_new();
-        if (!k)
-                return 0;
-        EVP_PKEY_set1_EC_KEY(k, x);
-        ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
-        EVP_PKEY_free(k);
-        return ret;
-}
-#endif
-#else
 IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY, ECPrivateKey)
-#endif
 IMPLEMENT_PEM_rw(EC_PUBKEY, EC_KEY, PEM_STRING_PUBLIC, EC_PUBKEY)
 #ifndef OPENSSL_NO_FP_API
@@ -404,7 +280,7 @@ EC_KEY *PEM_read_ECPrivateKey(FILE *fp, EC_KEY **eckey, pem_password_cb *cb,
 {
        EVP_PKEY *pktmp;
        pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
-        return pkey_get_eckey(pktmp, eckey);
+        return pkey_get_eckey(pktmp, eckey);    /* will free pktmp */
 }
 #endif
@@ -417,66 +293,4 @@ IMPLEMENT_PEM_rw_const(DHparams, DH, PEM_STRING_DHPARAMS, DHparams)
 #endif
-/* The PrivateKey case is not that straightforward.
- *   IMPLEMENT_PEM_rw_cb(PrivateKey, EVP_PKEY, PEM_STRING_EVP_PKEY, PrivateKey)
- * does not work, RSA and DSA keys have specific strings.
- * (When reading, parameter PEM_STRING_EVP_PKEY is a wildcard for anything
- * appropriate.)
- */
-#ifdef OPENSSL_FIPS
-static const char *pkey_str(EVP_PKEY *x)
-        {
-        switch (x->type)
-                {
-                case EVP_PKEY_RSA:
-                return PEM_STRING_RSA;
-                case EVP_PKEY_DSA:
-                return PEM_STRING_DSA;
-                case EVP_PKEY_EC:
-                return PEM_STRING_ECPRIVATEKEY;
-                default:
-                return NULL;
-                }
-        }
-int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-        {
-                if (FIPS_mode())
-                        return PEM_write_bio_PKCS8PrivateKey(bp, x, enc,
-                                                (char *)kstr, klen, cb, u);
-                else
-                        return PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey,
-                        pkey_str(x), bp,(char *)x,enc,kstr,klen,cb,u);
-        }
-#ifndef OPENSSL_NO_FP_API
-int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-        {
-                if (FIPS_mode())
-                        return PEM_write_PKCS8PrivateKey(fp, x, enc,
-                                                (char *)kstr, klen, cb, u);
-                else
-                        return PEM_ASN1_write((i2d_of_void *)i2d_PrivateKey,
-                        pkey_str(x), fp,(char *)x,enc,kstr,klen,cb,u);
-        }
-#endif
-#else
-IMPLEMENT_PEM_write_cb(PrivateKey, EVP_PKEY, ((x->type == EVP_PKEY_DSA)?PEM_STRING_DSA:\
-                        (x->type == EVP_PKEY_RSA)?PEM_STRING_RSA:PEM_STRING_ECPRIVATEKEY), PrivateKey)
-#endif
 IMPLEMENT_PEM_rw(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY)
diff --git a/src/lib/libcrypto/pem/pem_err.c b/src/lib/libcrypto/pem/pem_err.c
index 3133563d77..d644aeedd4 100644
--- a/src/lib/libcrypto/pem/pem_err.c
+++ b/src/lib/libcrypto/pem/pem_err.c
@@ -1,6 +1,6 @@
 /* crypto/pem/pem_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -70,10 +70,22 @@
 static ERR_STRING_DATA PEM_str_functs[]=
        {
+{ERR_FUNC(PEM_F_B2I_DSS),       "B2I_DSS"},
+{ERR_FUNC(PEM_F_B2I_PVK_BIO),   "b2i_PVK_bio"},
+{ERR_FUNC(PEM_F_B2I_RSA),       "B2I_RSA"},
+{ERR_FUNC(PEM_F_CHECK_BITLEN_DSA),      "CHECK_BITLEN_DSA"},
+{ERR_FUNC(PEM_F_CHECK_BITLEN_RSA),      "CHECK_BITLEN_RSA"},
 {ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_BIO),       "d2i_PKCS8PrivateKey_bio"},
 {ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_FP),        "d2i_PKCS8PrivateKey_fp"},
+{ERR_FUNC(PEM_F_DO_B2I),        "DO_B2I"},
+{ERR_FUNC(PEM_F_DO_B2I_BIO),    "DO_B2I_BIO"},
+{ERR_FUNC(PEM_F_DO_BLOB_HEADER),        "DO_BLOB_HEADER"},
 {ERR_FUNC(PEM_F_DO_PK8PKEY),    "DO_PK8PKEY"},
 {ERR_FUNC(PEM_F_DO_PK8PKEY_FP), "DO_PK8PKEY_FP"},
+{ERR_FUNC(PEM_F_DO_PVK_BODY),   "DO_PVK_BODY"},
+{ERR_FUNC(PEM_F_DO_PVK_HEADER), "DO_PVK_HEADER"},
+{ERR_FUNC(PEM_F_I2B_PVK),       "I2B_PVK"},
+{ERR_FUNC(PEM_F_I2B_PVK_BIO),   "i2b_PVK_bio"},
 {ERR_FUNC(PEM_F_LOAD_IV),       "LOAD_IV"},
 {ERR_FUNC(PEM_F_PEM_ASN1_READ), "PEM_ASN1_read"},
 {ERR_FUNC(PEM_F_PEM_ASN1_READ_BIO),     "PEM_ASN1_read_bio"},
@@ -86,6 +98,7 @@ static ERR_STRING_DATA PEM_str_functs[]=
 {ERR_FUNC(PEM_F_PEM_PK8PKEY),   "PEM_PK8PKEY"},
 {ERR_FUNC(PEM_F_PEM_READ),      "PEM_read"},
 {ERR_FUNC(PEM_F_PEM_READ_BIO),  "PEM_read_bio"},
+{ERR_FUNC(PEM_F_PEM_READ_BIO_PARAMETERS),       "PEM_read_bio_Parameters"},
 {ERR_FUNC(PEM_F_PEM_READ_BIO_PRIVATEKEY),       "PEM_READ_BIO_PRIVATEKEY"},
 {ERR_FUNC(PEM_F_PEM_READ_PRIVATEKEY),   "PEM_READ_PRIVATEKEY"},
 {ERR_FUNC(PEM_F_PEM_SEALFINAL), "PEM_SealFinal"},
@@ -93,6 +106,7 @@ static ERR_STRING_DATA PEM_str_functs[]=
 {ERR_FUNC(PEM_F_PEM_SIGNFINAL), "PEM_SignFinal"},
 {ERR_FUNC(PEM_F_PEM_WRITE),     "PEM_write"},
 {ERR_FUNC(PEM_F_PEM_WRITE_BIO), "PEM_write_bio"},
+{ERR_FUNC(PEM_F_PEM_WRITE_PRIVATEKEY),  "PEM_WRITE_PRIVATEKEY"},
 {ERR_FUNC(PEM_F_PEM_X509_INFO_READ),    "PEM_X509_INFO_read"},
 {ERR_FUNC(PEM_F_PEM_X509_INFO_READ_BIO),        "PEM_X509_INFO_read_bio"},
 {ERR_FUNC(PEM_F_PEM_X509_INFO_WRITE_BIO),       "PEM_X509_INFO_write_bio"},
@@ -105,18 +119,30 @@ static ERR_STRING_DATA PEM_str_reasons[]=
 {ERR_REASON(PEM_R_BAD_DECRYPT)           ,"bad decrypt"},
 {ERR_REASON(PEM_R_BAD_END_LINE)          ,"bad end line"},
 {ERR_REASON(PEM_R_BAD_IV_CHARS)          ,"bad iv chars"},
+{ERR_REASON(PEM_R_BAD_MAGIC_NUMBER)      ,"bad magic number"},
 {ERR_REASON(PEM_R_BAD_PASSWORD_READ)     ,"bad password read"},
+{ERR_REASON(PEM_R_BAD_VERSION_NUMBER)    ,"bad version number"},
+{ERR_REASON(PEM_R_BIO_WRITE_FAILURE)     ,"bio write failure"},
+{ERR_REASON(PEM_R_CIPHER_IS_NULL)        ,"cipher is null"},
 {ERR_REASON(PEM_R_ERROR_CONVERTING_PRIVATE_KEY),"error converting private key"},
+{ERR_REASON(PEM_R_EXPECTING_PRIVATE_KEY_BLOB),"expecting private key blob"},
+{ERR_REASON(PEM_R_EXPECTING_PUBLIC_KEY_BLOB),"expecting public key blob"},
+{ERR_REASON(PEM_R_INCONSISTENT_HEADER)   ,"inconsistent header"},
+{ERR_REASON(PEM_R_KEYBLOB_HEADER_PARSE_ERROR),"keyblob header parse error"},
+{ERR_REASON(PEM_R_KEYBLOB_TOO_SHORT)     ,"keyblob too short"},
 {ERR_REASON(PEM_R_NOT_DEK_INFO)          ,"not dek info"},
 {ERR_REASON(PEM_R_NOT_ENCRYPTED)         ,"not encrypted"},
 {ERR_REASON(PEM_R_NOT_PROC_TYPE)         ,"not proc type"},
 {ERR_REASON(PEM_R_NO_START_LINE)         ,"no start line"},
 {ERR_REASON(PEM_R_PROBLEMS_GETTING_PASSWORD),"problems getting password"},
 {ERR_REASON(PEM_R_PUBLIC_KEY_NO_RSA)     ,"public key no rsa"},
+{ERR_REASON(PEM_R_PVK_DATA_TOO_SHORT)    ,"pvk data too short"},
+{ERR_REASON(PEM_R_PVK_TOO_SHORT)         ,"pvk too short"},
 {ERR_REASON(PEM_R_READ_KEY)              ,"read key"},
 {ERR_REASON(PEM_R_SHORT_HEADER)          ,"short header"},
 {ERR_REASON(PEM_R_UNSUPPORTED_CIPHER)    ,"unsupported cipher"},
 {ERR_REASON(PEM_R_UNSUPPORTED_ENCRYPTION),"unsupported encryption"},
+{ERR_REASON(PEM_R_UNSUPPORTED_KEY_COMPONENTS),"unsupported key components"},
 {0,NULL}
        };
diff --git a/src/lib/libcrypto/pem/pem_info.c b/src/lib/libcrypto/pem/pem_info.c
index 3a273f6f70..1b2be527ed 100644
--- a/src/lib/libcrypto/pem/pem_info.c
+++ b/src/lib/libcrypto/pem/pem_info.c
@@ -98,8 +98,8 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pe
        long len,error=0;
        int ok=0;
        STACK_OF(X509_INFO) *ret=NULL;
-        unsigned int i,raw;
+        unsigned int i,raw,ptype;
-        d2i_of_void *d2i;
+        d2i_of_void *d2i = 0;
        if (sk == NULL)
                {
@@ -116,6 +116,7 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pe
        for (;;)
                {
                raw=0;
+                ptype = 0;
                i=PEM_read_bio(bp,&name,&header,&data,&len);
                if (i == 0)
                        {
@@ -166,7 +167,6 @@ start:
 #ifndef OPENSSL_NO_RSA
                        if (strcmp(name,PEM_STRING_RSA) == 0)
                        {
-                        d2i=(D2I_OF(void))d2i_RSAPrivateKey;
                        if (xi->x_pkey != NULL) 
                                {
                                if (!sk_X509_INFO_push(ret,xi)) goto err;
@@ -178,10 +178,8 @@ start:
                        xi->enc_len=0;
                        xi->x_pkey=X509_PKEY_new();
-                        if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL)
+                        ptype=EVP_PKEY_RSA;
-                                goto err;
+                        pp=&xi->x_pkey->dec_pkey;
-                        xi->x_pkey->dec_pkey->type=EVP_PKEY_RSA;
-                        pp=&(xi->x_pkey->dec_pkey->pkey.rsa);
                        if ((int)strlen(header) > 10) /* assume encrypted */
                                raw=1;
                        }
@@ -202,10 +200,8 @@ start:
                        xi->enc_len=0;
                        xi->x_pkey=X509_PKEY_new();
-                        if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL)
+                        ptype = EVP_PKEY_DSA;
-                                goto err;
+                        pp=&xi->x_pkey->dec_pkey;
-                        xi->x_pkey->dec_pkey->type=EVP_PKEY_DSA;
-                        pp=&xi->x_pkey->dec_pkey->pkey.dsa;
                        if ((int)strlen(header) > 10) /* assume encrypted */
                                raw=1;
                        }
@@ -226,10 +222,8 @@ start:
                        xi->enc_len=0;
 
                        xi->x_pkey=X509_PKEY_new();
-                        if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL)
+                        ptype = EVP_PKEY_EC;
-                                goto err;
+                        pp=&xi->x_pkey->dec_pkey;
-                        xi->x_pkey->dec_pkey->type=EVP_PKEY_EC;
-                        pp=&(xi->x_pkey->dec_pkey->pkey.ec);
                        if ((int)strlen(header) > 10) /* assume encrypted */
                                raw=1;
                        }
@@ -251,7 +245,15 @@ start:
                                if (!PEM_do_header(&cipher,data,&len,cb,u))
                                        goto err;
                                p=data;
-                                if (d2i(pp,&p,len) == NULL)
+                                if (ptype)
+                                        {
+                                        if (!d2i_PrivateKey(ptype, pp, &p, len))
+                                                {
+                                                PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,ERR_R_ASN1_LIB);
+                                                goto err;
+                                                }
+                                        }
+                                else if (d2i(pp,&p,len) == NULL)
                                        {
                                        PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,ERR_R_ASN1_LIB);
                                        goto err;
@@ -337,6 +339,12 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
                {
                if ( (xi->enc_data!=NULL) && (xi->enc_len>0) )
                        {
+                        if (enc == NULL)
+                                {
+                                PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,PEM_R_CIPHER_IS_NULL);
+                                goto err;
+                                }
                        /* copy from weirdo names into more normal things */
                        iv=xi->enc_cipher.iv;
                        data=(unsigned char *)xi->enc_data;
diff --git a/src/lib/libcrypto/pem/pem_lib.c b/src/lib/libcrypto/pem/pem_lib.c
index cbafefe416..42e4861bc1 100644
--- a/src/lib/libcrypto/pem/pem_lib.c
+++ b/src/lib/libcrypto/pem/pem_lib.c
@@ -57,6 +57,7 @@
 */
 #include <stdio.h>
+#include <ctype.h>
 #include "cryptlib.h"
 #include <openssl/buffer.h>
 #include <openssl/objects.h>
@@ -65,9 +66,13 @@
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/pkcs12.h>
+#include "asn1_locl.h"
 #ifndef OPENSSL_NO_DES
 #include <openssl/des.h>
 #endif
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
 const char PEM_version[]="PEM" OPENSSL_VERSION_PTEXT;
@@ -75,6 +80,7 @@ const char PEM_version[]="PEM" OPENSSL_VERSION_PTEXT;
 static int load_iv(char **fromp,unsigned char *to, int num);
 static int check_pem(const char *nm, const char *name);
+int pem_check_suffix(const char *pem_str, const char *suffix);
 int PEM_def_callback(char *buf, int num, int w, void *key)
        {
@@ -99,7 +105,7 @@ int PEM_def_callback(char *buf, int num, int w, void *key)
        for (;;)
                {
-                i=EVP_read_pw_string(buf,num,prompt,w);
+                i=EVP_read_pw_string_min(buf,MIN_LENGTH,num,prompt,w);
                if (i != 0)
                        {
                        PEMerr(PEM_F_PEM_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD);
@@ -183,20 +189,54 @@ static int check_pem(const char *nm, const char *name)
        /* Make PEM_STRING_EVP_PKEY match any private key */
-        if(!strcmp(nm,PEM_STRING_PKCS8) &&
+        if(!strcmp(name,PEM_STRING_EVP_PKEY))
-                !strcmp(name,PEM_STRING_EVP_PKEY)) return 1;
+                {
+                int slen;
-        if(!strcmp(nm,PEM_STRING_PKCS8INF) &&
+                const EVP_PKEY_ASN1_METHOD *ameth;
-                 !strcmp(name,PEM_STRING_EVP_PKEY)) return 1;
+                if(!strcmp(nm,PEM_STRING_PKCS8))
+                        return 1;
-        if(!strcmp(nm,PEM_STRING_RSA) &&
+                if(!strcmp(nm,PEM_STRING_PKCS8INF))
-                !strcmp(name,PEM_STRING_EVP_PKEY)) return 1;
+                        return 1;
+                slen = pem_check_suffix(nm, "PRIVATE KEY"); 
+                if (slen > 0)
+                        {
+                        /* NB: ENGINE implementations wont contain
+                         * a deprecated old private key decode function
+                         * so don't look for them.
+                         */
+                        ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen);
+                        if (ameth && ameth->old_priv_decode)
+                                return 1;
+                        }
+                return 0;
+                }
-        if(!strcmp(nm,PEM_STRING_DSA) &&
+        if(!strcmp(name,PEM_STRING_PARAMETERS))
-                 !strcmp(name,PEM_STRING_EVP_PKEY)) return 1;
+                {
+                int slen;
+                const EVP_PKEY_ASN1_METHOD *ameth;
+                slen = pem_check_suffix(nm, "PARAMETERS"); 
+                if (slen > 0)
+                        {
+                        ENGINE *e;
+                        ameth = EVP_PKEY_asn1_find_str(&e, nm, slen);
+                        if (ameth)
+                                {
+                                int r;
+                                if (ameth->param_decode)
+                                        r = 1;
+                                else
+                                        r = 0;
+#ifndef OPENSSL_NO_ENGINE
+                                if (e)
+                                        ENGINE_finish(e);
+#endif
+                                return r;
+                                }
+                        }
+                return 0;
+                }
-        if(!strcmp(nm,PEM_STRING_ECPRIVATEKEY) &&
-                 !strcmp(name,PEM_STRING_EVP_PKEY)) return 1;
        /* Permit older strings */
        if(!strcmp(nm,PEM_STRING_X509_OLD) &&
@@ -219,6 +259,14 @@ static int check_pem(const char *nm, const char *name)
        if(!strcmp(nm, PEM_STRING_PKCS7_SIGNED) &&
                !strcmp(name, PEM_STRING_PKCS7)) return 1;
+#ifndef OPENSSL_NO_CMS
+        if(!strcmp(nm, PEM_STRING_X509) &&
+                !strcmp(name, PEM_STRING_CMS)) return 1;
+        /* Allow CMS to be read from PKCS#7 headers */
+        if(!strcmp(nm, PEM_STRING_PKCS7) &&
+                !strcmp(name, PEM_STRING_CMS)) return 1;
+#endif
        return 0;
 }
@@ -264,7 +312,7 @@ err:
 #ifndef OPENSSL_NO_FP_API
 int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,
-                   char *x, const EVP_CIPHER *enc, unsigned char *kstr,
+                   void *x, const EVP_CIPHER *enc, unsigned char *kstr,
                   int klen, pem_password_cb *callback, void *u)
        {
        BIO *b;
@@ -283,7 +331,7 @@ int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,
 #endif
 int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
-                       char *x, const EVP_CIPHER *enc, unsigned char *kstr,
+                       void *x, const EVP_CIPHER *enc, unsigned char *kstr,
                       int klen, pem_password_cb *callback, void *u)
        {
        EVP_CIPHER_CTX ctx;
@@ -782,3 +830,25 @@ err:
        BUF_MEM_free(dataB);
        return(0);
        }
+/* Check pem string and return prefix length.
+ * If for example the pem_str == "RSA PRIVATE KEY" and suffix = "PRIVATE KEY"
+ * the return value is 3 for the string "RSA".
+ */
+int pem_check_suffix(const char *pem_str, const char *suffix)
+        {
+        int pem_len = strlen(pem_str);
+        int suffix_len = strlen(suffix);
+        const char *p;
+        if (suffix_len + 1 >= pem_len)
+                return 0;
+        p = pem_str + pem_len - suffix_len;
+        if (strcmp(p, suffix))
+                return 0;
+        p--;
+        if (*p != ' ')
+                return 0;
+        return p - pem_str;
+        }
diff --git a/src/lib/libcrypto/pem/pem_pkey.c b/src/lib/libcrypto/pem/pem_pkey.c
index 4da4c31ce5..8ecf24903b 100644
--- a/src/lib/libcrypto/pem/pem_pkey.c
+++ b/src/lib/libcrypto/pem/pem_pkey.c
@@ -65,7 +65,12 @@
 #include <openssl/x509.h>
 #include <openssl/pkcs12.h>
 #include <openssl/pem.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+#include "asn1_locl.h"
+int pem_check_suffix(const char *pem_str, const char *suffix);
 EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u)
        {
@@ -73,19 +78,14 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, vo
        const unsigned char *p=NULL;
        unsigned char *data=NULL;
        long len;
+        int slen;
        EVP_PKEY *ret=NULL;
        if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_EVP_PKEY, bp, cb, u))
                return NULL;
        p = data;
-        if (strcmp(nm,PEM_STRING_RSA) == 0)
+        if (strcmp(nm,PEM_STRING_PKCS8INF) == 0) {
-                ret=d2i_PrivateKey(EVP_PKEY_RSA,x,&p,len);
-        else if (strcmp(nm,PEM_STRING_DSA) == 0)
-                ret=d2i_PrivateKey(EVP_PKEY_DSA,x,&p,len);
-        else if (strcmp(nm,PEM_STRING_ECPRIVATEKEY) == 0)
-                ret=d2i_PrivateKey(EVP_PKEY_EC,x,&p,len);
-        else if (strcmp(nm,PEM_STRING_PKCS8INF) == 0) {
                PKCS8_PRIV_KEY_INFO *p8inf;
                p8inf=d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len);
                if(!p8inf) goto p8err;
@@ -119,7 +119,14 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, vo
                        *x = ret;
                }
                PKCS8_PRIV_KEY_INFO_free(p8inf);
-        }
+        } else if ((slen = pem_check_suffix(nm, "PRIVATE KEY")) > 0)
+                {
+                const EVP_PKEY_ASN1_METHOD *ameth;
+                ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen);
+                if (!ameth || !ameth->old_priv_decode)
+                        goto p8err;
+                ret=d2i_PrivateKey(ameth->pkey_id,x,&p,len);
+                }
 p8err:
        if (ret == NULL)
                PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY,ERR_R_ASN1_LIB);
@@ -130,6 +137,74 @@ err:
        return(ret);
        }
+int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+        {
+        char pem_str[80];
+        if (!x->ameth || x->ameth->priv_encode)
+                return PEM_write_bio_PKCS8PrivateKey(bp, x, enc,
+                                                        (char *)kstr, klen,
+                                                        cb, u);
+        BIO_snprintf(pem_str, 80, "%s PRIVATE KEY", x->ameth->pem_str);
+        return PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey,
+                                pem_str,bp,x,enc,kstr,klen,cb,u);
+        }
+EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x)
+        {
+        char *nm=NULL;
+        const unsigned char *p=NULL;
+        unsigned char *data=NULL;
+        long len;
+        int slen;
+        EVP_PKEY *ret=NULL;
+        if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_PARAMETERS,
+                                                                bp, 0, NULL))
+                return NULL;
+        p = data;
+        if ((slen = pem_check_suffix(nm, "PARAMETERS")) > 0)
+                {
+                ret = EVP_PKEY_new();
+                if (!ret)
+                        goto err;
+                if (!EVP_PKEY_set_type_str(ret, nm, slen)
+                        || !ret->ameth->param_decode
+                        || !ret->ameth->param_decode(ret, &p, len))
+                        {
+                        EVP_PKEY_free(ret);
+                        ret = NULL;
+                        goto err;
+                        }
+                if(x)
+                        {
+                        if(*x) EVP_PKEY_free((EVP_PKEY *)*x);
+                        *x = ret;
+                        }
+                }
+err:
+        if (ret == NULL)
+                PEMerr(PEM_F_PEM_READ_BIO_PARAMETERS,ERR_R_ASN1_LIB);
+        OPENSSL_free(nm);
+        OPENSSL_free(data);
+        return(ret);
+        }
+int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x)
+        {
+        char pem_str[80];
+        if (!x->ameth || !x->ameth->param_encode)
+                return 0;
+        BIO_snprintf(pem_str, 80, "%s PARAMETERS", x->ameth->pem_str);
+        return PEM_ASN1_write_bio(
+                (i2d_of_void *)x->ameth->param_encode,
+                                pem_str,bp,x,NULL,NULL,0,0,NULL);
+        }
 #ifndef OPENSSL_NO_FP_API
 EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u)
        {
@@ -146,4 +221,22 @@ EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void
        BIO_free(b);
        return(ret);
        }
+int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+        {
+        BIO *b;
+        int ret;
+        if ((b=BIO_new_fp(fp, BIO_NOCLOSE)) == NULL)
+                {
+                PEMerr(PEM_F_PEM_WRITE_PRIVATEKEY,ERR_R_BUF_LIB);
+                return 0;
+                }
+        ret=PEM_write_bio_PrivateKey(b, x, enc, kstr, klen, cb, u);
+        BIO_free(b);
+        return ret;
+        }
 #endif
diff --git a/src/lib/libcrypto/pem/pem_seal.c b/src/lib/libcrypto/pem/pem_seal.c
index 4e554e5481..59690b56ae 100644
--- a/src/lib/libcrypto/pem/pem_seal.c
+++ b/src/lib/libcrypto/pem/pem_seal.c
@@ -100,7 +100,7 @@ int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type,
        EVP_CIPHER_CTX_init(&ctx->cipher);
        ret=EVP_SealInit(&ctx->cipher,type,ek,ekl,iv,pubk,npubk);
-        if (!ret) goto err;
+        if (ret <= 0) goto err;
        /* base64 encode the keys */
        for (i=0; i<npubk; i++)
diff --git a/src/lib/libcrypto/pem/pem_x509.c b/src/lib/libcrypto/pem/pem_x509.c
index 3f709f13e6..b531057dc9 100644
--- a/src/lib/libcrypto/pem/pem_x509.c
+++ b/src/lib/libcrypto/pem/pem_x509.c
@@ -57,7 +57,6 @@
 */
 #include <stdio.h>
-#undef SSLEAY_MACROS
 #include "cryptlib.h"
 #include <openssl/bio.h>
 #include <openssl/evp.h>
diff --git a/src/lib/libcrypto/pem/pem_xaux.c b/src/lib/libcrypto/pem/pem_xaux.c
index 7cc7491009..328f796200 100644
--- a/src/lib/libcrypto/pem/pem_xaux.c
+++ b/src/lib/libcrypto/pem/pem_xaux.c
@@ -57,7 +57,6 @@
 */
 #include <stdio.h>
-#undef SSLEAY_MACROS
 #include "cryptlib.h"
 #include <openssl/bio.h>
 #include <openssl/evp.h>
diff --git a/src/lib/libcrypto/pem/pvkfmt.c b/src/lib/libcrypto/pem/pvkfmt.c
new file mode 100644
index 0000000000..d998a67fa5
--- /dev/null
+++ b/src/lib/libcrypto/pem/pvkfmt.c
@@ -0,0 +1,942 @@
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* Support for PVK format keys and related structures (such a PUBLICKEYBLOB
+ * and PRIVATEKEYBLOB).
+ */
+#include "cryptlib.h"
+#include <openssl/pem.h>
+#include <openssl/rand.h>
+#include <openssl/bn.h>
+#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA)
+#include <openssl/dsa.h>
+#include <openssl/rsa.h>
+/* Utility function: read a DWORD (4 byte unsigned integer) in little endian
+ * format
+ */
+static unsigned int read_ledword(const unsigned char **in)
+        {
+        const unsigned char *p = *in;
+        unsigned int ret;
+        ret = *p++;
+        ret |= (*p++ << 8);
+        ret |= (*p++ << 16);
+        ret |= (*p++ << 24);
+        *in = p;
+        return ret;
+        }
+/* Read a BIGNUM in little endian format. The docs say that this should take up 
+ * bitlen/8 bytes.
+ */
+static int read_lebn(const unsigned char **in, unsigned int nbyte, BIGNUM **r)
+        {
+        const unsigned char *p;
+        unsigned char *tmpbuf, *q;
+        unsigned int i;
+        p = *in + nbyte - 1;
+        tmpbuf = OPENSSL_malloc(nbyte);
+        if (!tmpbuf)
+                return 0;
+        q = tmpbuf;
+        for (i = 0; i < nbyte; i++)
+                *q++ = *p--;
+        *r = BN_bin2bn(tmpbuf, nbyte, NULL);
+        OPENSSL_free(tmpbuf);
+        if (*r)
+                {
+                *in += nbyte;
+                return 1;
+                }
+        else
+                return 0;
+        }
+/* Convert private key blob to EVP_PKEY: RSA and DSA keys supported */
+#define MS_PUBLICKEYBLOB        0x6
+#define MS_PRIVATEKEYBLOB       0x7
+#define MS_RSA1MAGIC            0x31415352L
+#define MS_RSA2MAGIC            0x32415352L
+#define MS_DSS1MAGIC            0x31535344L
+#define MS_DSS2MAGIC            0x32535344L
+#define MS_KEYALG_RSA_KEYX      0xa400
+#define MS_KEYALG_DSS_SIGN      0x2200
+#define MS_KEYTYPE_KEYX         0x1
+#define MS_KEYTYPE_SIGN         0x2
+/* The PVK file magic number: seems to spell out "bobsfile", who is Bob? */
+#define MS_PVKMAGIC             0xb0b5f11eL
+/* Salt length for PVK files */
+#define PVK_SALTLEN             0x10
+static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length,
+                                                unsigned int bitlen, int ispub);
+static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length,
+                                                unsigned int bitlen, int ispub);
+static int do_blob_header(const unsigned char **in, unsigned int length,
+                                unsigned int *pmagic, unsigned int *pbitlen,
+                                int *pisdss, int *pispub)
+        {
+        const unsigned char *p = *in;
+        if (length < 16)
+                return 0;
+        /* bType */
+        if (*p == MS_PUBLICKEYBLOB)
+                {
+                if (*pispub == 0)
+                        {
+                        PEMerr(PEM_F_DO_BLOB_HEADER,
+                                        PEM_R_EXPECTING_PRIVATE_KEY_BLOB);
+                        return 0;
+                        }
+                *pispub = 1;
+                }
+        else if (*p == MS_PRIVATEKEYBLOB)
+                {
+                if (*pispub == 1)
+                        {
+                        PEMerr(PEM_F_DO_BLOB_HEADER,
+                                        PEM_R_EXPECTING_PUBLIC_KEY_BLOB);
+                        return 0;
+                        }
+                *pispub = 0;
+                }
+        else
+                return 0;
+        p++;
+        /* Version */
+        if (*p++ != 0x2)
+                {
+                PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_BAD_VERSION_NUMBER);
+                return 0;
+                }
+        /* Ignore reserved, aiKeyAlg */
+        p+= 6;
+        *pmagic = read_ledword(&p);
+        *pbitlen = read_ledword(&p);
+        *pisdss = 0;
+        switch (*pmagic)
+                {
+                case MS_DSS1MAGIC:
+                *pisdss = 1;
+                case MS_RSA1MAGIC:
+                if (*pispub == 0)
+                        {
+                        PEMerr(PEM_F_DO_BLOB_HEADER,
+                                        PEM_R_EXPECTING_PRIVATE_KEY_BLOB);
+                        return 0;
+                        }
+                break;
+                case MS_DSS2MAGIC:
+                *pisdss = 1;
+                case MS_RSA2MAGIC:
+                if (*pispub == 1)
+                        {
+                        PEMerr(PEM_F_DO_BLOB_HEADER,
+                                        PEM_R_EXPECTING_PUBLIC_KEY_BLOB);
+                        return 0;
+                        }
+                break;
+                default:
+                PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_BAD_MAGIC_NUMBER);
+                return -1;
+                }
+        *in = p;
+        return 1;
+        }
+static unsigned int blob_length(unsigned bitlen, int isdss, int ispub)
+        {
+        unsigned int nbyte, hnbyte;
+        nbyte = (bitlen + 7) >> 3;
+        hnbyte = (bitlen + 15) >> 4;
+        if (isdss)
+                {
+                /* Expected length: 20 for q + 3 components bitlen each + 24
+                 * for seed structure.
+                 */
+                if (ispub)
+                        return  44 + 3 * nbyte;
+                /* Expected length: 20 for q, priv, 2 bitlen components + 24
+                 * for seed structure.
+                 */
+                else
+                        return 64 + 2 * nbyte;
+                }
+        else
+                {
+                /* Expected length: 4 for 'e' + 'n' */
+                if (ispub)
+                        return 4 + nbyte;
+                else
+                /* Expected length: 4 for 'e' and 7 other components.
+                 * 2 components are bitlen size, 5 are bitlen/2
+                 */
+                        return 4 + 2*nbyte + 5*hnbyte;
+                }
+        }
+static EVP_PKEY *do_b2i(const unsigned char **in, unsigned int length,
+                                                                int ispub)
+        {
+        const unsigned char *p = *in;
+        unsigned int bitlen, magic;
+        int isdss;
+        if (do_blob_header(&p, length, &magic, &bitlen, &isdss, &ispub) <= 0)
+                {
+                PEMerr(PEM_F_DO_B2I, PEM_R_KEYBLOB_HEADER_PARSE_ERROR);
+                return NULL;
+                }
+        length -= 16;
+        if (length < blob_length(bitlen, isdss, ispub))
+                {
+                PEMerr(PEM_F_DO_B2I, PEM_R_KEYBLOB_TOO_SHORT);
+                return NULL;
+                }
+        if (isdss)
+                return b2i_dss(&p, length, bitlen, ispub);
+        else
+                return b2i_rsa(&p, length, bitlen, ispub);
+        }
+static EVP_PKEY *do_b2i_bio(BIO *in, int ispub)
+        {
+        const unsigned char *p;
+        unsigned char hdr_buf[16], *buf = NULL;
+        unsigned int bitlen, magic, length;
+        int isdss;
+        EVP_PKEY *ret = NULL;
+        if (BIO_read(in, hdr_buf, 16) != 16)
+                {
+                PEMerr(PEM_F_DO_B2I_BIO, PEM_R_KEYBLOB_TOO_SHORT);
+                return NULL;
+                }
+        p = hdr_buf;
+        if (do_blob_header(&p, 16, &magic, &bitlen, &isdss, &ispub) <= 0)
+                return NULL;
+        length = blob_length(bitlen, isdss, ispub);
+        buf = OPENSSL_malloc(length);
+        if (!buf)
+                {
+                PEMerr(PEM_F_DO_B2I_BIO, ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        p = buf;
+        if (BIO_read(in, buf, length) != (int)length)
+                {
+                PEMerr(PEM_F_DO_B2I_BIO, PEM_R_KEYBLOB_TOO_SHORT);
+                goto err;
+                }
+        if (isdss)
+                ret = b2i_dss(&p, length, bitlen, ispub);
+        else
+                ret = b2i_rsa(&p, length, bitlen, ispub);
+        err:
+        if (buf)
+                OPENSSL_free(buf);
+        return ret;
+        }
+static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length,
+                                                unsigned int bitlen, int ispub)
+        {
+        const unsigned char *p = *in;
+        EVP_PKEY *ret = NULL;
+        DSA *dsa = NULL;
+        BN_CTX *ctx = NULL;
+        unsigned int nbyte;
+        nbyte = (bitlen + 7) >> 3;
+        dsa = DSA_new();
+        ret = EVP_PKEY_new();
+        if (!dsa || !ret)
+                goto memerr;
+        if (!read_lebn(&p, nbyte, &dsa->p))
+                goto memerr;
+        if (!read_lebn(&p, 20, &dsa->q))
+                goto memerr;
+        if (!read_lebn(&p, nbyte, &dsa->g))
+                goto memerr;
+        if (ispub)
+                {
+                if (!read_lebn(&p, nbyte, &dsa->pub_key))
+                        goto memerr;
+                }
+        else
+                {
+                if (!read_lebn(&p, 20, &dsa->priv_key))
+                        goto memerr;
+                /* Calculate public key */
+                if (!(dsa->pub_key = BN_new()))
+                        goto memerr;
+                if (!(ctx = BN_CTX_new()))
+                        goto memerr;
+                        
+                if (!BN_mod_exp(dsa->pub_key, dsa->g,
+                                                 dsa->priv_key, dsa->p, ctx))
+                        
+                        goto memerr;
+                BN_CTX_free(ctx);
+                }
+        EVP_PKEY_set1_DSA(ret, dsa);
+        DSA_free(dsa);
+        *in = p;
+        return ret;
+        memerr:
+        PEMerr(PEM_F_B2I_DSS, ERR_R_MALLOC_FAILURE);
+        if (dsa)
+                DSA_free(dsa);
+        if (ret)
+                EVP_PKEY_free(ret);
+        if (ctx)
+                BN_CTX_free(ctx);
+        return NULL;
+        }
+static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length,
+                                                unsigned int bitlen, int ispub)
+                
+        {
+        const unsigned char *p = *in;
+        EVP_PKEY *ret = NULL;
+        RSA *rsa = NULL;
+        unsigned int nbyte, hnbyte;
+        nbyte = (bitlen + 7) >> 3;
+        hnbyte = (bitlen + 15) >> 4;
+        rsa = RSA_new();
+        ret = EVP_PKEY_new();
+        if (!rsa || !ret)
+                goto memerr;
+        rsa->e = BN_new();
+        if (!rsa->e)
+                goto memerr;
+        if (!BN_set_word(rsa->e, read_ledword(&p)))
+                goto memerr;
+        if (!read_lebn(&p, nbyte, &rsa->n))
+                goto memerr;
+        if (!ispub)
+                {
+                if (!read_lebn(&p, hnbyte, &rsa->p))
+                        goto memerr;
+                if (!read_lebn(&p, hnbyte, &rsa->q))
+                        goto memerr;
+                if (!read_lebn(&p, hnbyte, &rsa->dmp1))
+                        goto memerr;
+                if (!read_lebn(&p, hnbyte, &rsa->dmq1))
+                        goto memerr;
+                if (!read_lebn(&p, hnbyte, &rsa->iqmp))
+                        goto memerr;
+                if (!read_lebn(&p, nbyte, &rsa->d))
+                        goto memerr;
+                }
+        EVP_PKEY_set1_RSA(ret, rsa);
+        RSA_free(rsa);
+        *in = p;
+        return ret;
+        memerr:
+        PEMerr(PEM_F_B2I_RSA, ERR_R_MALLOC_FAILURE);
+        if (rsa)
+                RSA_free(rsa);
+        if (ret)
+                EVP_PKEY_free(ret);
+        return NULL;
+        }
+EVP_PKEY *b2i_PrivateKey(const unsigned char **in, long length)
+        {
+        return do_b2i(in, length, 0);
+        }
+EVP_PKEY *b2i_PublicKey(const unsigned char **in, long length)
+        {
+        return do_b2i(in, length, 1);
+        }
+EVP_PKEY *b2i_PrivateKey_bio(BIO *in)
+        {
+        return do_b2i_bio(in, 0);
+        }
+EVP_PKEY *b2i_PublicKey_bio(BIO *in)
+        {
+        return do_b2i_bio(in, 1);
+        }
+static void write_ledword(unsigned char **out, unsigned int dw)
+        {
+        unsigned char *p = *out;
+        *p++ = dw & 0xff;
+        *p++ = (dw>>8) & 0xff;
+        *p++ = (dw>>16) & 0xff;
+        *p++ = (dw>>24) & 0xff;
+        *out = p;
+        }
+static void write_lebn(unsigned char **out, const BIGNUM *bn, int len)
+        {
+        int nb, i;
+        unsigned char *p = *out, *q, c;
+        nb = BN_num_bytes(bn);
+        BN_bn2bin(bn, p);
+        q = p + nb - 1;
+        /* In place byte order reversal */
+        for (i = 0; i < nb/2; i++)
+                {
+                c = *p;
+                *p++ = *q;
+                *q-- = c;
+                }
+        *out += nb;
+        /* Pad with zeroes if we have to */
+        if (len > 0)
+                {
+                len -= nb;
+                if (len > 0)
+                        {
+                        memset(*out, 0, len);
+                        *out += len;
+                        }
+                }
+        }
+static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *magic);
+static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *magic);
+static void write_rsa(unsigned char **out, RSA *rsa, int ispub);
+static void write_dsa(unsigned char **out, DSA *dsa, int ispub);
+        
+static int do_i2b(unsigned char **out, EVP_PKEY *pk, int ispub)
+        {
+        unsigned char *p;
+        unsigned int bitlen, magic = 0, keyalg;
+        int outlen, noinc = 0;
+        if (pk->type == EVP_PKEY_DSA)
+                {
+                bitlen = check_bitlen_dsa(pk->pkey.dsa, ispub, &magic);
+                keyalg = MS_KEYALG_DSS_SIGN;
+                }
+        else if (pk->type == EVP_PKEY_RSA)
+                {
+                bitlen = check_bitlen_rsa(pk->pkey.rsa, ispub, &magic);
+                keyalg = MS_KEYALG_RSA_KEYX;
+                }
+        else
+                return -1;
+        if (bitlen == 0)
+                return -1;
+        outlen = 16 + blob_length(bitlen,
+                        keyalg == MS_KEYALG_DSS_SIGN ? 1 : 0, ispub);
+        if (out == NULL)
+                return outlen;
+        if (*out)
+                p = *out;
+        else
+                {
+                p = OPENSSL_malloc(outlen);
+                if (!p)
+                        return -1;
+                *out = p;
+                noinc = 1;
+                }
+        if (ispub)
+                *p++ = MS_PUBLICKEYBLOB;
+        else
+                *p++ = MS_PRIVATEKEYBLOB;
+        *p++ = 0x2;
+        *p++ = 0;
+        *p++ = 0;
+        write_ledword(&p, keyalg);
+        write_ledword(&p, magic);
+        write_ledword(&p, bitlen);
+        if (keyalg == MS_KEYALG_DSS_SIGN)
+                write_dsa(&p, pk->pkey.dsa, ispub);
+        else
+                write_rsa(&p, pk->pkey.rsa, ispub);
+        if (!noinc)
+                *out += outlen;
+        return outlen;
+        }
+static int do_i2b_bio(BIO *out, EVP_PKEY *pk, int ispub)
+        {
+        unsigned char *tmp = NULL;
+        int outlen, wrlen;
+        outlen = do_i2b(&tmp, pk, ispub);
+        if (outlen < 0)
+                return -1;
+        wrlen = BIO_write(out, tmp, outlen);
+        OPENSSL_free(tmp);
+        if (wrlen == outlen)
+                return outlen;
+        return -1;
+        }
+static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *pmagic)
+        {
+        int bitlen;
+        bitlen = BN_num_bits(dsa->p);
+        if ((bitlen & 7) || (BN_num_bits(dsa->q) != 160)
+                || (BN_num_bits(dsa->g) > bitlen))
+                goto badkey;
+        if (ispub)
+                {
+                if (BN_num_bits(dsa->pub_key) > bitlen)
+                        goto badkey;
+                *pmagic = MS_DSS1MAGIC;
+                }
+        else
+                {
+                if (BN_num_bits(dsa->priv_key) > 160)
+                        goto badkey;
+                *pmagic = MS_DSS2MAGIC;
+                }
+        
+        return bitlen;
+        badkey:
+        PEMerr(PEM_F_CHECK_BITLEN_DSA, PEM_R_UNSUPPORTED_KEY_COMPONENTS);
+        return 0;
+        }
+static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *pmagic)
+        {
+        int nbyte, hnbyte, bitlen;
+        if (BN_num_bits(rsa->e) > 32)
+                goto badkey;
+        bitlen = BN_num_bits(rsa->n);
+        nbyte = BN_num_bytes(rsa->n);
+        hnbyte = (BN_num_bits(rsa->n) + 15) >> 4;
+        if (ispub)
+                {
+                *pmagic = MS_RSA1MAGIC;
+                return bitlen;
+                }
+        else
+        {
+                *pmagic = MS_RSA2MAGIC;
+                /* For private key each component must fit within nbyte or
+                 * hnbyte.
+                 */
+                if (BN_num_bytes(rsa->d) > nbyte)
+                        goto badkey;
+                if ((BN_num_bytes(rsa->iqmp) > hnbyte)
+                        || (BN_num_bytes(rsa->p) > hnbyte)
+                        || (BN_num_bytes(rsa->q) > hnbyte)
+                        || (BN_num_bytes(rsa->dmp1) > hnbyte)
+                        || (BN_num_bytes(rsa->dmq1) > hnbyte))
+                        goto badkey;
+        }
+        return bitlen;
+        badkey:
+        PEMerr(PEM_F_CHECK_BITLEN_RSA, PEM_R_UNSUPPORTED_KEY_COMPONENTS);
+        return 0;
+        }
+static void write_rsa(unsigned char **out, RSA *rsa, int ispub)
+        {
+        int nbyte, hnbyte;
+        nbyte = BN_num_bytes(rsa->n);
+        hnbyte = (BN_num_bits(rsa->n) + 15) >> 4;
+        write_lebn(out, rsa->e, 4);
+        write_lebn(out, rsa->n, -1);
+        if (ispub)
+                return;
+        write_lebn(out, rsa->p, hnbyte);
+        write_lebn(out, rsa->q, hnbyte);
+        write_lebn(out, rsa->dmp1, hnbyte);
+        write_lebn(out, rsa->dmq1, hnbyte);
+        write_lebn(out, rsa->iqmp, hnbyte);
+        write_lebn(out, rsa->d, nbyte);
+        }
+        
+static void write_dsa(unsigned char **out, DSA *dsa, int ispub)
+        {
+        int nbyte;
+        nbyte = BN_num_bytes(dsa->p);
+        write_lebn(out, dsa->p, nbyte);
+        write_lebn(out, dsa->q, 20);
+        write_lebn(out, dsa->g, nbyte);
+        if (ispub)
+                write_lebn(out, dsa->pub_key, nbyte);
+        else
+                write_lebn(out, dsa->priv_key, 20);
+        /* Set "invalid" for seed structure values */
+        memset(*out, 0xff, 24);
+        *out += 24;
+        return;
+        }
+        
+int i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk)
+        {
+        return do_i2b_bio(out, pk, 0);
+        }
+int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk)
+        {
+        return do_i2b_bio(out, pk, 1);
+        }
+#ifndef OPENSSL_NO_RC4
+static int do_PVK_header(const unsigned char **in, unsigned int length,
+                int skip_magic,
+                unsigned int *psaltlen, unsigned int *pkeylen)
+                
+        {
+        const unsigned char *p = *in;
+        unsigned int pvk_magic, keytype, is_encrypted;
+        if (skip_magic)
+                {
+                if (length < 20)
+                        {
+                        PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_PVK_TOO_SHORT);
+                        return 0;
+                        }
+                length -= 20;
+                }
+        else
+                {
+                if (length < 24)
+                        {
+                        PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_PVK_TOO_SHORT);
+                        return 0;
+                        }
+                length -= 24;
+                pvk_magic = read_ledword(&p);
+                if (pvk_magic != MS_PVKMAGIC)
+                        {
+                        PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_BAD_MAGIC_NUMBER);
+                        return 0;
+                        }
+                }
+        /* Skip reserved */
+        p += 4;
+        keytype = read_ledword(&p);
+        is_encrypted = read_ledword(&p);
+        *psaltlen = read_ledword(&p);
+        *pkeylen = read_ledword(&p);
+        if (is_encrypted && !*psaltlen)
+                {
+                PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_INCONSISTENT_HEADER);
+                return 0;
+                }
+        *in = p;
+        return 1;
+        }
+static int derive_pvk_key(unsigned char *key, 
+                        const unsigned char *salt, unsigned int saltlen,
+                        const unsigned char *pass, int passlen)
+        {
+        EVP_MD_CTX mctx;
+        EVP_MD_CTX_init(&mctx);
+        EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL);
+        EVP_DigestUpdate(&mctx, salt, saltlen);
+        EVP_DigestUpdate(&mctx, pass, passlen);
+        EVP_DigestFinal_ex(&mctx, key, NULL);
+        EVP_MD_CTX_cleanup(&mctx);
+        return 1;
+        }
+        
+static EVP_PKEY *do_PVK_body(const unsigned char **in,
+                unsigned int saltlen, unsigned int keylen,
+                pem_password_cb *cb, void *u)
+        {
+        EVP_PKEY *ret = NULL;
+        const unsigned char *p = *in;
+        unsigned int magic;
+        unsigned char *enctmp = NULL, *q;
+        if (saltlen)
+                {
+                char psbuf[PEM_BUFSIZE];
+                unsigned char keybuf[20];
+                EVP_CIPHER_CTX cctx;
+                int enctmplen, inlen;
+                if (cb)
+                        inlen=cb(psbuf,PEM_BUFSIZE,0,u);
+                else
+                        inlen=PEM_def_callback(psbuf,PEM_BUFSIZE,0,u);
+                if (inlen <= 0)
+                        {
+                        PEMerr(PEM_F_DO_PVK_BODY,PEM_R_BAD_PASSWORD_READ);
+                        return NULL;
+                        }
+                enctmp = OPENSSL_malloc(keylen + 8);
+                if (!enctmp)
+                        {
+                        PEMerr(PEM_F_DO_PVK_BODY, ERR_R_MALLOC_FAILURE);
+                        return NULL;
+                        }
+                if (!derive_pvk_key(keybuf, p, saltlen,
+                            (unsigned char *)psbuf, inlen))
+                        return NULL;
+                p += saltlen;
+                /* Copy BLOBHEADER across, decrypt rest */
+                memcpy(enctmp, p, 8);
+                p += 8;
+                inlen = keylen - 8;
+                q = enctmp + 8;
+                EVP_CIPHER_CTX_init(&cctx);
+                EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL);
+                EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen);
+                EVP_DecryptFinal_ex(&cctx, q + enctmplen, &enctmplen);
+                magic = read_ledword((const unsigned char **)&q);
+                if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC)
+                        {
+                        q = enctmp + 8;
+                        memset(keybuf + 5, 0, 11);
+                        EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf,
+                                                                NULL);
+                        OPENSSL_cleanse(keybuf, 20);
+                        EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen);
+                        EVP_DecryptFinal_ex(&cctx, q + enctmplen,
+                                                                &enctmplen);
+                        magic = read_ledword((const unsigned char **)&q);
+                        if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC)
+                                {
+                                EVP_CIPHER_CTX_cleanup(&cctx);
+                                PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_DECRYPT);
+                                goto err;
+                                }
+                        }
+                else
+                        OPENSSL_cleanse(keybuf, 20);
+                EVP_CIPHER_CTX_cleanup(&cctx);
+                p = enctmp;
+                }
+        ret = b2i_PrivateKey(&p, keylen);
+        err:
+        if (enctmp && saltlen)
+                OPENSSL_free(enctmp);
+        return ret;
+        }
+EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u)
+        {
+        unsigned char pvk_hdr[24], *buf = NULL;
+        const unsigned char *p;
+        int buflen;
+        EVP_PKEY *ret = NULL;
+        unsigned int saltlen, keylen;
+        if (BIO_read(in, pvk_hdr, 24) != 24)
+                {
+                PEMerr(PEM_F_B2I_PVK_BIO, PEM_R_PVK_DATA_TOO_SHORT);
+                return NULL;
+                }
+        p = pvk_hdr;
+        if (!do_PVK_header(&p, 24, 0, &saltlen, &keylen))
+                return 0;
+        buflen = (int) keylen + saltlen;
+        buf = OPENSSL_malloc(buflen);
+        if (!buf)
+                {
+                PEMerr(PEM_F_B2I_PVK_BIO, ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        p = buf;
+        if (BIO_read(in, buf, buflen) != buflen)
+                {
+                PEMerr(PEM_F_B2I_PVK_BIO, PEM_R_PVK_DATA_TOO_SHORT);
+                goto err;
+                }
+        ret = do_PVK_body(&p, saltlen, keylen, cb, u);
+        err:
+        if (buf)
+                {
+                OPENSSL_cleanse(buf, buflen);
+                OPENSSL_free(buf);
+                }
+        return ret;
+        }
+        
+        
+static int i2b_PVK(unsigned char **out, EVP_PKEY*pk, int enclevel,
+                pem_password_cb *cb, void *u)
+        {
+        int outlen = 24, noinc, pklen;
+        unsigned char *p, *salt = NULL;
+        if (enclevel)
+                outlen += PVK_SALTLEN;
+        pklen = do_i2b(NULL, pk, 0);
+        if (pklen < 0)
+                return -1;
+        outlen += pklen;
+        if (!out)
+                return outlen;
+        if (*out)
+                {
+                p = *out;
+                noinc = 0;
+                }
+        else
+                {
+                p = OPENSSL_malloc(outlen);
+                if (!p)
+                        {
+                        PEMerr(PEM_F_I2B_PVK,ERR_R_MALLOC_FAILURE);
+                        return -1;
+                        }
+                *out = p;
+                noinc = 1;
+                }
+        write_ledword(&p, MS_PVKMAGIC);
+        write_ledword(&p, 0);
+        if (pk->type == EVP_PKEY_DSA)
+                write_ledword(&p, MS_KEYTYPE_SIGN);
+        else
+                write_ledword(&p, MS_KEYTYPE_KEYX);
+        write_ledword(&p, enclevel ? 1 : 0);
+        write_ledword(&p, enclevel ? PVK_SALTLEN: 0);
+        write_ledword(&p, pklen);
+        if (enclevel)
+                {
+                if (RAND_bytes(p, PVK_SALTLEN) <= 0)
+                        goto error;
+                salt = p;
+                p += PVK_SALTLEN;
+                }
+        do_i2b(&p, pk, 0);
+        if (enclevel == 0)
+                return outlen;
+        else
+                {
+                char psbuf[PEM_BUFSIZE];
+                unsigned char keybuf[20];
+                EVP_CIPHER_CTX cctx;
+                int enctmplen, inlen;
+                if (cb)
+                        inlen=cb(psbuf,PEM_BUFSIZE,1,u);
+                else
+                        inlen=PEM_def_callback(psbuf,PEM_BUFSIZE,1,u);
+                if (inlen <= 0)
+                        {
+                        PEMerr(PEM_F_I2B_PVK,PEM_R_BAD_PASSWORD_READ);
+                        goto error;
+                        }
+                if (!derive_pvk_key(keybuf, salt, PVK_SALTLEN,
+                            (unsigned char *)psbuf, inlen))
+                        goto error;
+                if (enclevel == 1)
+                        memset(keybuf + 5, 0, 11);
+                p = salt + PVK_SALTLEN + 8;
+                EVP_CIPHER_CTX_init(&cctx);
+                EVP_EncryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL);
+                OPENSSL_cleanse(keybuf, 20);
+                EVP_DecryptUpdate(&cctx, p, &enctmplen, p, pklen - 8);
+                EVP_DecryptFinal_ex(&cctx, p + enctmplen, &enctmplen);
+                EVP_CIPHER_CTX_cleanup(&cctx);
+                }
+        return outlen;
+        error:
+        return -1;
+        }
+int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel,
+                pem_password_cb *cb, void *u)
+        {
+        unsigned char *tmp = NULL;
+        int outlen, wrlen;
+        outlen = i2b_PVK(&tmp, pk, enclevel, cb, u);
+        if (outlen < 0)
+                return -1;
+        wrlen = BIO_write(out, tmp, outlen);
+        OPENSSL_free(tmp);
+        if (wrlen == outlen)
+                {
+                PEMerr(PEM_F_I2B_PVK_BIO, PEM_R_BIO_WRITE_FAILURE);
+                return outlen;
+                }
+        return -1;
+        }
+#endif
+#endif
diff --git a/src/lib/libcrypto/perlasm/ppc-xlate.pl b/src/lib/libcrypto/perlasm/ppc-xlate.pl
new file mode 100755
index 0000000000..4579671c97
--- /dev/null
+++ b/src/lib/libcrypto/perlasm/ppc-xlate.pl
@@ -0,0 +1,152 @@
+#!/usr/bin/env perl
+# PowerPC assembler distiller by <appro>.
+my $flavour = shift;
+my $output = shift;
+open STDOUT,">$output" || die "can't open $output: $!";
+my %GLOBALS;
+my $dotinlocallabels=($flavour=~/linux/)?1:0;
+################################################################
+# directives which need special treatment on different platforms
+################################################################
+my $globl = sub {
+    my $junk = shift;
+    my $name = shift;
+    my $global = \$GLOBALS{$name};
+    my $ret;
+    $name =~ s|^[\.\_]||;
+ 
+    SWITCH: for ($flavour) {
+        /aix/           && do { $name = ".$name";
+                                last;
+                              };
+        /osx/           && do { $name = "_$name";
+                                last;
+                              };
+        /linux.*32/     && do { $ret .= ".globl $name\n";
+                                $ret .= ".type  $name,\@function";
+                                last;
+                              };
+        /linux.*64/     && do { $ret .= ".globl .$name\n";
+                                $ret .= ".type  .$name,\@function\n";
+                                $ret .= ".section       \".opd\",\"aw\"\n";
+                                $ret .= ".globl $name\n";
+                                $ret .= ".align 3\n";
+                                $ret .= "$name:\n";
+                                $ret .= ".quad  .$name,.TOC.\@tocbase,0\n";
+                                $ret .= ".size  $name,24\n";
+                                $ret .= ".previous\n";
+                                $name = ".$name";
+                                last;
+                              };
+    }
+    $ret = ".globl      $name" if (!$ret);
+    $$global = $name;
+    $ret;
+};
+my $text = sub {
+    ($flavour =~ /aix/) ? ".csect" : ".text";
+};
+my $machine = sub {
+    my $junk = shift;
+    my $arch = shift;
+    if ($flavour =~ /osx/)
+    {   $arch =~ s/\"//g;
+        $arch = ($flavour=~/64/) ? "ppc970-64" : "ppc970" if ($arch eq "any");
+    }
+    ".machine   $arch";
+};
+my $asciz = sub {
+    shift;
+    my $line = join(",",@_);
+    if ($line =~ /^"(.*)"$/)
+    {   ".byte  " . join(",",unpack("C*",$1),0) . "\n.align     2";     }
+    else
+    {   "";     }
+};
+################################################################
+# simplified mnemonics not handled by at least one assembler
+################################################################
+my $cmplw = sub {
+    my $f = shift;
+    my $cr = 0; $cr = shift if ($#_>1);
+    # Some out-of-date 32-bit GNU assembler just can't handle cmplw...
+    ($flavour =~ /linux.*32/) ?
+        "       .long   ".sprintf "0x%x",31<<26|$cr<<23|$_[0]<<16|$_[1]<<11|64 :
+        "       cmplw   ".join(',',$cr,@_);
+};
+my $bdnz = sub {
+    my $f = shift;
+    my $bo = $f=~/[\+\-]/ ? 16+9 : 16;  # optional "to be taken" hint
+    "   bc      $bo,0,".shift;
+} if ($flavour!~/linux/);
+my $bltlr = sub {
+    my $f = shift;
+    my $bo = $f=~/\-/ ? 12+2 : 12;      # optional "not to be taken" hint
+    ($flavour =~ /linux/) ?             # GNU as doesn't allow most recent hints
+        "       .long   ".sprintf "0x%x",19<<26|$bo<<21|16<<1 :
+        "       bclr    $bo,0";
+};
+my $bnelr = sub {
+    my $f = shift;
+    my $bo = $f=~/\-/ ? 4+2 : 4;        # optional "not to be taken" hint
+    ($flavour =~ /linux/) ?             # GNU as doesn't allow most recent hints
+        "       .long   ".sprintf "0x%x",19<<26|$bo<<21|2<<16|16<<1 :
+        "       bclr    $bo,2";
+};
+my $beqlr = sub {
+    my $f = shift;
+    my $bo = $f=~/-/ ? 12+2 : 12;       # optional "not to be taken" hint
+    ($flavour =~ /linux/) ?             # GNU as doesn't allow most recent hints
+        "       .long   ".sprintf "0x%X",19<<26|$bo<<21|2<<16|16<<1 :
+        "       bclr    $bo,2";
+};
+# GNU assembler can't handle extrdi rA,rS,16,48, or when sum of last two
+# arguments is 64, with "operand out of range" error.
+my $extrdi = sub {
+    my ($f,$ra,$rs,$n,$b) = @_;
+    $b = ($b+$n)&63; $n = 64-$n;
+    "   rldicl  $ra,$rs,$b,$n";
+};
+while($line=<>) {
+    $line =~ s|[#!;].*$||;      # get rid of asm-style comments...
+    $line =~ s|/\*.*\*/||;      # ... and C-style comments...
+    $line =~ s|^\s+||;          # ... and skip white spaces in beginning...
+    $line =~ s|\s+$||;          # ... and at the end
+    {
+        $line =~ s|\b\.L(\w+)|L$1|g;    # common denominator for Locallabel
+        $line =~ s|\bL(\w+)|\.L$1|g     if ($dotinlocallabels);
+    }
+    {
+        $line =~ s|(^[\.\w]+)\:\s*||;
+        my $label = $1;
+        printf "%s:",($GLOBALS{$label} or $label) if ($label);
+    }
+    {
+        $line =~ s|^\s*(\.?)(\w+)([\.\+\-]?)\s*||;
+        my $c = $1; $c = "\t" if ($c eq "");
+        my $mnemonic = $2;
+        my $f = $3;
+        my $opcode = eval("\$$mnemonic");
+        $line =~ s|\bc?[rf]([0-9]+)\b|$1|g if ($c ne "." and $flavour !~ /osx/);
+        if (ref($opcode) eq 'CODE') { $line = &$opcode($f,split(',',$line)); }
+        elsif ($mnemonic)           { $line = $c.$mnemonic.$f."\t".$line; }
+    }
+    print $line if ($line);
+    print "\n";
+}
+close STDOUT;
diff --git a/src/lib/libcrypto/perlasm/x86_64-xlate.pl b/src/lib/libcrypto/perlasm/x86_64-xlate.pl
index a4af769b4a..354673acc1 100755
--- a/src/lib/libcrypto/perlasm/x86_64-xlate.pl
+++ b/src/lib/libcrypto/perlasm/x86_64-xlate.pl
@@ -1,6 +1,6 @@
 #!/usr/bin/env perl
-# Ascetic x86_64 AT&T to MASM assembler translator by <appro>.
+# Ascetic x86_64 AT&T to MASM/NASM assembler translator by <appro>.
 #
 # Why AT&T to MASM and not vice versa? Several reasons. Because AT&T
 # format is way easier to parse. Because it's simpler to "gear" from
@@ -20,12 +20,11 @@
 # Currently recognized limitations:
 #
 # - can't use multiple ops per line;
-# - indirect calls and jumps are not supported;
 #
 # Dual-ABI styling rules.
 #
-# 1. Adhere to Unix register and stack layout [see the end for
+# 1. Adhere to Unix register and stack layout [see cross-reference
-#    explanation].
+#    ABI "card" at the end for explanation].
 # 2. Forget about "red zone," stick to more traditional blended
 #    stack frame allocation. If volatile storage is actually required
 #    that is. If not, just leave the stack as is.
@@ -42,21 +41,26 @@
 # 6. Don't use [or hand-code with .byte] "rep ret." "ret" mnemonic is
 #    required to identify the spots, where to inject Win64 epilogue!
 #    But on the pros, it's then prefixed with rep automatically:-)
-# 7. Due to MASM limitations [and certain general counter-intuitivity
+# 7. Stick to explicit ip-relative addressing. If you have to use
-#    of ip-relative addressing] generation of position-independent
+#    GOTPCREL addressing, stick to mov symbol@GOTPCREL(%rip),%r??.
-#    code is assisted by synthetic directive, .picmeup, which puts
+#    Both are recognized and translated to proper Win64 addressing
-#    address of the *next* instruction into target register.
+#    modes. To support legacy code a synthetic directive, .picmeup,
+#    is implemented. It puts address of the *next* instruction into
+#    target register, e.g.:
 #
-#    Example 1:
 #               .picmeup        %rax
 #               lea             .Label-.(%rax),%rax
-#    Example 2:
+#
-#               .picmeup        %rcx
+# 8. In order to provide for structured exception handling unified
-#       .Lpic_point:
+#    Win64 prologue copies %rsp value to %rax. For further details
-#               ...
+#    see SEH paragraph at the end.
-#               lea             .Label-.Lpic_point(%rcx),%rbp
+# 9. .init segment is allowed to contain calls to functions only.
+# a. If function accepts more than 4 arguments *and* >4th argument
-my $output = shift;
+#    is declared as non 64-bit value, do clear its upper part.
+my $flavour = shift;
+my $output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
 { my ($stddev,$stdino,@junk)=stat(STDOUT);
  my ($outdev,$outino,@junk)=stat($output);
@@ -65,13 +69,40 @@ my $output = shift;
        if ($stddev!=$outdev || $stdino!=$outino);
 }
+my $gas=1;      $gas=0 if ($output =~ /\.asm$/);
+my $elf=1;      $elf=0 if (!$gas);
+my $win64=0;
+my $prefix="";
+my $decor=".L";
 my $masmref=8 + 50727*2**-32;   # 8.00.50727 shipped with VS2005
-my $masm=$masmref if ($output =~ /\.asm/);
+my $masm=0;
-if ($masm && `ml64 2>&1` =~ m/Version ([0-9]+)\.([0-9]+)(\.([0-9]+))?/)
+my $PTR=" PTR";
-{   $masm=$1 + $2*2**-16 + $4*2**-32;   }
+my $nasmref=2.03;
+my $nasm=0;
+if    ($flavour eq "mingw64")   { $gas=1; $elf=0; $win64=1;
+                                  $prefix=`echo __USER_LABEL_PREFIX__ | $ENV{CC} -E -P -`;
+                                  chomp($prefix);
+                                }
+elsif ($flavour eq "macosx")    { $gas=1; $elf=0; $prefix="_"; $decor="L\$"; }
+elsif ($flavour eq "masm")      { $gas=0; $elf=0; $masm=$masmref; $win64=1; $decor="\$L\$"; }
+elsif ($flavour eq "nasm")      { $gas=0; $elf=0; $nasm=$nasmref; $win64=1; $decor="\$L\$"; $PTR=""; }
+elsif (!$gas)
+{   if ($ENV{ASM} =~ m/nasm/ && `nasm -v` =~ m/version ([0-9]+)\.([0-9]+)/i)
+    {   $nasm = $1 + $2*0.01; $PTR="";  }
+    elsif (`ml64 2>&1` =~ m/Version ([0-9]+)\.([0-9]+)(\.([0-9]+))?/)
+    {   $masm = $1 + $2*2**-16 + $4*2**-32;   }
+    die "no assembler found on %PATH" if (!($nasm || $masm));
+    $win64=1;
+    $elf=0;
+    $decor="\$L\$";
+}
 my $current_segment;
 my $current_function;
+my %globals;
 { package opcode;       # pick up opcodes
    sub re {
@@ -88,8 +119,10 @@ my $current_function;
            if ($self->{op} =~ /^(movz)b.*/) {  # movz is pain...
                $self->{op} = $1;
                $self->{sz} = "b";
-            } elsif ($self->{op} =~ /call/) {
+            } elsif ($self->{op} =~ /call|jmp/) {
-                $self->{sz} = ""
+                $self->{sz} = "";
+            } elsif ($self->{op} =~ /^p/ && $' !~ /^(ush|op)/) { # SSEn
+                $self->{sz} = "";
            } elsif ($self->{op} =~ /([a-z]{3,})([qlwb])$/) {
                $self->{op} = $1;
                $self->{sz} = $2;
@@ -105,13 +138,20 @@ my $current_function;
    }
    sub out {
        my $self = shift;
-        if (!$masm) {
+        if ($gas) {
            if ($self->{op} eq "movz") {        # movz is pain...
                sprintf "%s%s%s",$self->{op},$self->{sz},shift;
            } elsif ($self->{op} =~ /^set/) { 
                "$self->{op}";
            } elsif ($self->{op} eq "ret") {
-                ".byte  0xf3,0xc3";
+                my $epilogue = "";
+                if ($win64 && $current_function->{abi} eq "svr4") {
+                    $epilogue = "movq   8(%rsp),%rdi\n\t" .
+                                "movq   16(%rsp),%rsi\n\t";
+                }
+                $epilogue . ".byte      0xf3,0xc3";
+            } elsif ($self->{op} eq "call" && !$elf && $current_segment eq ".init") {
+                ".p2align\t3\n\t.quad";
            } else {
                "$self->{op}$self->{sz}";
            }
@@ -119,15 +159,25 @@ my $current_function;
            $self->{op} =~ s/^movz/movzx/;
            if ($self->{op} eq "ret") {
                $self->{op} = "";
-                if ($current_function->{abi} eq "svr4") {
+                if ($win64 && $current_function->{abi} eq "svr4") {
-                    $self->{op} = "mov  rdi,QWORD PTR 8[rsp]\t;WIN64 epilogue\n\t".
+                    $self->{op} = "mov  rdi,QWORD${PTR}[8+rsp]\t;WIN64 epilogue\n\t".
-                                  "mov  rsi,QWORD PTR 16[rsp]\n\t";
+                                  "mov  rsi,QWORD${PTR}[16+rsp]\n\t";
                }
                $self->{op} .= "DB\t0F3h,0C3h\t\t;repret";
-            }
+            } elsif ($self->{op} =~ /^(pop|push)f/) {
+                $self->{op} .= $self->{sz};
+            } elsif ($self->{op} eq "call" && $current_segment eq ".CRT\$XCU") {
+                $self->{op} = "ALIGN\t8\n\tDQ";
+            } 
            $self->{op};
        }
    }
+    sub mnemonic {
+        my $self=shift;
+        my $op=shift;
+        $self->{op}=$op if (defined($op));
+        $self->{op};
+    }
 }
 { package const;        # pick up constants, which start with $
    sub re {
@@ -145,14 +195,15 @@ my $current_function;
    sub out {
        my $self = shift;
-        if (!$masm) {
+        if ($gas) {
            # Solaris /usr/ccs/bin/as can't handle multiplications
            # in $self->{value}
-            $self->{value} =~ s/(?<![0-9a-f])(0[x0-9a-f]+)/oct($1)/egi;
+            $self->{value} =~ s/(?<![\w\$\.])(0x?[0-9a-f]+)/oct($1)/egi;
            $self->{value} =~ s/([0-9]+\s*[\*\/\%]\s*[0-9]+)/eval($1)/eg;
            sprintf "\$%s",$self->{value};
        } else {
-            $self->{value} =~ s/0x([0-9a-f]+)/0$1h/ig;
+            $self->{value} =~ s/(0b[0-1]+)/oct($1)/eig;
+            $self->{value} =~ s/0x([0-9a-f]+)/0$1h/ig if ($masm);
            sprintf "%s",$self->{value};
        }
    }
@@ -163,13 +214,19 @@ my $current_function;
        local   *line = shift;
        undef   $ret;
-        if ($line =~ /^([^\(,]*)\(([%\w,]+)\)/) {
+        # optional * ---vvv--- appears in indirect jmp/call
-            $self->{label} = $1;
+        if ($line =~ /^(\*?)([^\(,]*)\(([%\w,]+)\)/) {
-            ($self->{base},$self->{index},$self->{scale})=split(/,/,$2);
+            $self->{asterisk} = $1;
+            $self->{label} = $2;
+            ($self->{base},$self->{index},$self->{scale})=split(/,/,$3);
            $self->{scale} = 1 if (!defined($self->{scale}));
            $ret = $self;
            $line = substr($line,@+[0]); $line =~ s/^\s+//;
+            if ($win64 && $self->{label} =~ s/\@GOTPCREL//) {
+                die if (opcode->mnemonic() ne "mov");
+                opcode->mnemonic("lea");
+            }
            $self->{base}  =~ s/^%//;
            $self->{index} =~ s/^%// if (defined($self->{index}));
        }
@@ -180,42 +237,50 @@ my $current_function;
        my $self = shift;
        my $sz = shift;
+        $self->{label} =~ s/([_a-z][_a-z0-9]*)/$globals{$1} or $1/gei;
+        $self->{label} =~ s/\.L/$decor/g;
        # Silently convert all EAs to 64-bit. This is required for
        # elder GNU assembler and results in more compact code,
        # *but* most importantly AES module depends on this feature!
        $self->{index} =~ s/^[er](.?[0-9xpi])[d]?$/r\1/;
        $self->{base}  =~ s/^[er](.?[0-9xpi])[d]?$/r\1/;
-        if (!$masm) {
+        if ($gas) {
            # Solaris /usr/ccs/bin/as can't handle multiplications
-            # in $self->{label}
+            # in $self->{label}, new gas requires sign extension...
-            $self->{label} =~ s/(?<![0-9a-f])(0[x0-9a-f]+)/oct($1)/egi;
+            use integer;
+            $self->{label} =~ s/(?<![\w\$\.])(0x?[0-9a-f]+)/oct($1)/egi;
            $self->{label} =~ s/([0-9]+\s*[\*\/\%]\s*[0-9]+)/eval($1)/eg;
+            $self->{label} =~ s/([0-9]+)/$1<<32>>32/eg;
+            $self->{label} =~ s/^___imp_/__imp__/   if ($flavour eq "mingw64");
            if (defined($self->{index})) {
-                sprintf "%s(%%%s,%%%s,%d)",
+                sprintf "%s%s(%%%s,%%%s,%d)",$self->{asterisk},
                                        $self->{label},$self->{base},
                                        $self->{index},$self->{scale};
            } else {
-                sprintf "%s(%%%s)",     $self->{label},$self->{base};
+                sprintf "%s%s(%%%s)",   $self->{asterisk},$self->{label},$self->{base};
            }
        } else {
-            %szmap = ( b=>"BYTE", w=>"WORD", l=>"DWORD", q=>"QWORD" );
+            %szmap = ( b=>"BYTE$PTR", w=>"WORD$PTR", l=>"DWORD$PTR", q=>"QWORD$PTR" );
            $self->{label} =~ s/\./\$/g;
-            $self->{label} =~ s/0x([0-9a-f]+)/0$1h/ig;
+            $self->{label} =~ s/(?<![\w\$\.])0x([0-9a-f]+)/0$1h/ig;
            $self->{label} = "($self->{label})" if ($self->{label} =~ /[\*\+\-\/]/);
+            $sz="q" if ($self->{asterisk});
            if (defined($self->{index})) {
-                sprintf "%s PTR %s[%s*%d+%s]",$szmap{$sz},
+                sprintf "%s[%s%s*%d+%s]",$szmap{$sz},
-                                        $self->{label},
+                                        $self->{label}?"$self->{label}+":"",
                                        $self->{index},$self->{scale},
                                        $self->{base};
            } elsif ($self->{base} eq "rip") {
-                sprintf "%s PTR %s",$szmap{$sz},$self->{label};
+                sprintf "%s[%s]",$szmap{$sz},$self->{label};
            } else {
-                sprintf "%s PTR %s[%s]",$szmap{$sz},
+                sprintf "%s[%s%s]",$szmap{$sz},
-                                        $self->{label},$self->{base};
+                                        $self->{label}?"$self->{label}+":"",
+                                        $self->{base};
            }
        }
    }
@@ -227,9 +292,11 @@ my $current_function;
        local   *line = shift;
        undef   $ret;
-        if ($line =~ /^%(\w+)/) {
+        # optional * ---vvv--- appears in indirect jmp/call
+        if ($line =~ /^(\*?)%(\w+)/) {
            bless $self,$class;
-            $self->{value} = $1;
+            $self->{asterisk} = $1;
+            $self->{value} = $2;
            $ret = $self;
            $line = substr($line,@+[0]); $line =~ s/^\s+//;
        }
@@ -252,7 +319,8 @@ my $current_function;
    }
    sub out {
        my $self = shift;
-        sprintf $masm?"%s":"%%%s",$self->{value};
+        if ($gas)       { sprintf "%s%%%s",$self->{asterisk},$self->{value}; }
+        else            { $self->{value}; }
    }
 }
 { package label;        # pick up labels, which end with :
@@ -261,37 +329,63 @@ my $current_function;
        local   *line = shift;
        undef   $ret;
-        if ($line =~ /(^[\.\w]+\:)/) {
+        if ($line =~ /(^[\.\w]+)\:/) {
            $self->{value} = $1;
            $ret = $self;
            $line = substr($line,@+[0]); $line =~ s/^\s+//;
-            $self->{value} =~ s/\.L/\$L/ if ($masm);
+            $self->{value} =~ s/^\.L/$decor/;
        }
        $ret;
    }
    sub out {
        my $self = shift;
-        if (!$masm) {
+        if ($gas) {
-            $self->{value};
+            my $func = ($globals{$self->{value}} or $self->{value}) . ":";
-        } elsif ($self->{value} ne "$current_function->{name}:") {
+            if ($win64  &&
-            $self->{value};
+                        $current_function->{name} eq $self->{value} &&
-        } elsif ($current_function->{abi} eq "svr4") {
+                        $current_function->{abi} eq "svr4") {
-            my $func =  "$current_function->{name}      PROC\n".
+                $func .= "\n";
-                        "       mov     QWORD PTR 8[rsp],rdi\t;WIN64 prologue\n".
+                $func .= "      movq    %rdi,8(%rsp)\n";
-                        "       mov     QWORD PTR 16[rsp],rsi\n";
+                $func .= "      movq    %rsi,16(%rsp)\n";
+                $func .= "      movq    %rsp,%rax\n";
+                $func .= "${decor}SEH_begin_$current_function->{name}:\n";
+                my $narg = $current_function->{narg};
+                $narg=6 if (!defined($narg));
+                $func .= "      movq    %rcx,%rdi\n" if ($narg>0);
+                $func .= "      movq    %rdx,%rsi\n" if ($narg>1);
+                $func .= "      movq    %r8,%rdx\n"  if ($narg>2);
+                $func .= "      movq    %r9,%rcx\n"  if ($narg>3);
+                $func .= "      movq    40(%rsp),%r8\n" if ($narg>4);
+                $func .= "      movq    48(%rsp),%r9\n" if ($narg>5);
+            }
+            $func;
+        } elsif ($self->{value} ne "$current_function->{name}") {
+            $self->{value} .= ":" if ($masm && $ret!~m/^\$/);
+            $self->{value} . ":";
+        } elsif ($win64 && $current_function->{abi} eq "svr4") {
+            my $func =  "$current_function->{name}" .
+                        ($nasm ? ":" : "\tPROC $current_function->{scope}") .
+                        "\n";
+            $func .= "  mov     QWORD${PTR}[8+rsp],rdi\t;WIN64 prologue\n";
+            $func .= "  mov     QWORD${PTR}[16+rsp],rsi\n";
+            $func .= "  mov     rax,rsp\n";
+            $func .= "${decor}SEH_begin_$current_function->{name}:";
+            $func .= ":" if ($masm);
+            $func .= "\n";
            my $narg = $current_function->{narg};
            $narg=6 if (!defined($narg));
            $func .= "  mov     rdi,rcx\n" if ($narg>0);
            $func .= "  mov     rsi,rdx\n" if ($narg>1);
            $func .= "  mov     rdx,r8\n"  if ($narg>2);
            $func .= "  mov     rcx,r9\n"  if ($narg>3);
-            $func .= "  mov     r8,QWORD PTR 40[rsp]\n" if ($narg>4);
+            $func .= "  mov     r8,QWORD${PTR}[40+rsp]\n" if ($narg>4);
-            $func .= "  mov     r9,QWORD PTR 48[rsp]\n" if ($narg>5);
+            $func .= "  mov     r9,QWORD${PTR}[48+rsp]\n" if ($narg>5);
            $func .= "\n";
        } else {
-           "$current_function->{name}   PROC";
+           "$current_function->{name}".
+                        ($nasm ? ":" : "\tPROC $current_function->{scope}");
        }
    }
 }
@@ -306,13 +400,19 @@ my $current_function;
            $ret = $self;
            $line = substr($line,@+[0]); $line =~ s/^\s+//;
-            $self->{value} =~ s/\.L/\$L/g if ($masm);
+            $self->{value} =~ s/\@PLT// if (!$elf);
+            $self->{value} =~ s/([_a-z][_a-z0-9]*)/$globals{$1} or $1/gei;
+            $self->{value} =~ s/\.L/$decor/g;
        }
        $ret;
    }
    sub out {
        my $self = shift;
-        $self->{value};
+        if ($nasm && opcode->mnemonic()=~m/^j/) {
+            "NEAR ".$self->{value};
+        } else {
+            $self->{value};
+        }
    }
 }
 { package directive;    # pick up directives, which start with .
@@ -332,89 +432,181 @@ my $current_function;
                        "%r14"=>0x01358d4c,     "%r15"=>0x013d8d4c      );
        if ($line =~ /^\s*(\.\w+)/) {
-            if (!$masm) {
-                $self->{value} = $1;
-                $line =~ s/\@abi\-omnipotent/\@function/;
-                $line =~ s/\@function.*/\@function/;
-                if ($line =~ /\.picmeup\s+(%r[\w]+)/i) {
-                    $self->{value} = sprintf "\t.long\t0x%x,0x90000000",$opcode{$1};
-                } elsif ($line =~ /\.asciz\s+"(.*)"$/) {
-                    $self->{value} = ".byte\t".join(",",unpack("C*",$1),0);
-                } elsif ($line =~ /\.extern/) {
-                    $self->{value} = ""; # swallow extern
-                } else {
-                    $self->{value} = $line;
-                }
-                $line = "";
-                return $self;
-            }
            $dir = $1;
            $ret = $self;
            undef $self->{value};
            $line = substr($line,@+[0]); $line =~ s/^\s+//;
            SWITCH: for ($dir) {
-                /\.(text)/
+                /\.picmeup/ && do { if ($line =~ /(%r[\w]+)/i) {
-                            && do { my $v=undef;
+                                        $dir="\t.long";
-                                    $v="$current_segment\tENDS\n" if ($current_segment);
+                                        $line=sprintf "0x%x,0x90000000",$opcode{$1};
-                                    $current_segment = "_$1\$";
+                                    }
-                                    $current_segment =~ tr/[a-z]/[A-Z]/;
+                                    last;
-                                    $v.="$current_segment\tSEGMENT ";
+                                  };
-                                    $v.=$masm>=$masmref ? "ALIGN(64)" : "PAGE";
+                /\.global|\.globl|\.extern/
-                                    $v.=" 'CODE'";
+                            && do { $globals{$line} = $prefix . $line;
-                                    $self->{value} = $v;
+                                    $line = $globals{$line} if ($prefix);
                                    last;
                                  };
-                /\.extern/  && do { $self->{value} = "EXTRN\t".$line.":BYTE"; last;  };
-                /\.globl/   && do { $self->{value} = "PUBLIC\t".$line; last; };
                /\.type/    && do { ($sym,$type,$narg) = split(',',$line);
                                    if ($type eq "\@function") {
                                        undef $current_function;
                                        $current_function->{name} = $sym;
                                        $current_function->{abi}  = "svr4";
                                        $current_function->{narg} = $narg;
+                                        $current_function->{scope} = defined($globals{$sym})?"PUBLIC":"PRIVATE";
                                    } elsif ($type eq "\@abi-omnipotent") {
                                        undef $current_function;
                                        $current_function->{name} = $sym;
+                                        $current_function->{scope} = defined($globals{$sym})?"PUBLIC":"PRIVATE";
+                                    }
+                                    $line =~ s/\@abi\-omnipotent/\@function/;
+                                    $line =~ s/\@function.*/\@function/;
+                                    last;
+                                  };
+                /\.asciz/   && do { if ($line =~ /^"(.*)"$/) {
+                                        $dir  = ".byte";
+                                        $line = join(",",unpack("C*",$1),0);
                                    }
                                    last;
                                  };
+                /\.rva|\.long|\.quad/
+                            && do { $line =~ s/([_a-z][_a-z0-9]*)/$globals{$1} or $1/gei;
+                                    $line =~ s/\.L/$decor/g;
+                                    last;
+                                  };
+            }
+            if ($gas) {
+                $self->{value} = $dir . "\t" . $line;
+                if ($dir =~ /\.extern/) {
+                    $self->{value} = ""; # swallow extern
+                } elsif (!$elf && $dir =~ /\.type/) {
+                    $self->{value} = "";
+                    $self->{value} = ".def\t" . ($globals{$1} or $1) . ";\t" .
+                                (defined($globals{$1})?".scl 2;":".scl 3;") .
+                                "\t.type 32;\t.endef"
+                                if ($win64 && $line =~ /([^,]+),\@function/);
+                } elsif (!$elf && $dir =~ /\.size/) {
+                    $self->{value} = "";
+                    if (defined($current_function)) {
+                        $self->{value} .= "${decor}SEH_end_$current_function->{name}:"
+                                if ($win64 && $current_function->{abi} eq "svr4");
+                        undef $current_function;
+                    }
+                } elsif (!$elf && $dir =~ /\.align/) {
+                    $self->{value} = ".p2align\t" . (log($line)/log(2));
+                } elsif ($dir eq ".section") {
+                    $current_segment=$line;
+                    if (!$elf && $current_segment eq ".init") {
+                        if      ($flavour eq "macosx")  { $self->{value} = ".mod_init_func"; }
+                        elsif   ($flavour eq "mingw64") { $self->{value} = ".section\t.ctors"; }
+                    }
+                } elsif ($dir =~ /\.(text|data)/) {
+                    $current_segment=".$1";
+                }
+                $line = "";
+                return $self;
+            }
+            # non-gas case or nasm/masm
+            SWITCH: for ($dir) {
+                /\.text/    && do { my $v=undef;
+                                    if ($nasm) {
+                                        $v="section     .text code align=64\n";
+                                    } else {
+                                        $v="$current_segment\tENDS\n" if ($current_segment);
+                                        $current_segment = ".text\$";
+                                        $v.="$current_segment\tSEGMENT ";
+                                        $v.=$masm>=$masmref ? "ALIGN(64)" : "PAGE";
+                                        $v.=" 'CODE'";
+                                    }
+                                    $self->{value} = $v;
+                                    last;
+                                  };
+                /\.data/    && do { my $v=undef;
+                                    if ($nasm) {
+                                        $v="section     .data data align=8\n";
+                                    } else {
+                                        $v="$current_segment\tENDS\n" if ($current_segment);
+                                        $current_segment = "_DATA";
+                                        $v.="$current_segment\tSEGMENT";
+                                    }
+                                    $self->{value} = $v;
+                                    last;
+                                  };
+                /\.section/ && do { my $v=undef;
+                                    $line =~ s/([^,]*).*/$1/;
+                                    $line = ".CRT\$XCU" if ($line eq ".init");
+                                    if ($nasm) {
+                                        $v="section     $line";
+                                        if ($line=~/\.([px])data/) {
+                                            $v.=" rdata align=";
+                                            $v.=$1 eq "p"? 4 : 8;
+                                        }
+                                    } else {
+                                        $v="$current_segment\tENDS\n" if ($current_segment);
+                                        $v.="$line\tSEGMENT";
+                                        if ($line=~/\.([px])data/) {
+                                            $v.=" READONLY";
+                                            $v.=" ALIGN(".($1 eq "p" ? 4 : 8).")" if ($masm>=$masmref);
+                                        }
+                                    }
+                                    $current_segment = $line;
+                                    $self->{value} = $v;
+                                    last;
+                                  };
+                /\.extern/  && do { $self->{value}  = "EXTERN\t".$line;
+                                    $self->{value} .= ":NEAR" if ($masm);
+                                    last;
+                                  };
+                /\.globl|.global/
+                            && do { $self->{value}  = $masm?"PUBLIC":"global";
+                                    $self->{value} .= "\t".$line;
+                                    last;
+                                  };
                /\.size/    && do { if (defined($current_function)) {
-                                        $self->{value}="$current_function->{name}\tENDP";
+                                        undef $self->{value};
+                                        if ($current_function->{abi} eq "svr4") {
+                                            $self->{value}="${decor}SEH_end_$current_function->{name}:";
+                                            $self->{value}.=":\n" if($masm);
+                                        }
+                                        $self->{value}.="$current_function->{name}\tENDP" if($masm);
                                        undef $current_function;
                                    }
                                    last;
                                  };
                /\.align/   && do { $self->{value} = "ALIGN\t".$line; last; };
-                /\.(byte|value|long|quad)/
+                /\.(value|long|rva|quad)/
-                            && do { my @arr = split(',',$line);
+                            && do { my $sz  = substr($1,0,1);
-                                    my $sz  = substr($1,0,1);
+                                    my @arr = split(/,\s*/,$line);
                                    my $last = pop(@arr);
                                    my $conv = sub  {   my $var=shift;
-                                                        if ($var=~s/0x([0-9a-f]+)/0$1h/i) { $var; }
+                                                        $var=~s/^(0b[0-1]+)/oct($1)/eig;
-                                                        else { sprintf"0%Xh",$var; }
+                                                        $var=~s/^0x([0-9a-f]+)/0$1h/ig if ($masm);
+                                                        if ($sz eq "D" && ($current_segment=~/.[px]data/ || $dir eq ".rva"))
+                                                        { $var=~s/([_a-z\$\@][_a-z0-9\$\@]*)/$nasm?"$1 wrt ..imagebase":"imagerel $1"/egi; }
+                                                        $var;
                                                    };  
-                                    $sz =~ tr/bvlq/BWDQ/;
+                                    $sz =~ tr/bvlrq/BWDDQ/;
                                    $self->{value} = "\tD$sz\t";
                                    for (@arr) { $self->{value} .= &$conv($_).","; }
                                    $self->{value} .= &$conv($last);
                                    last;
                                  };
-                /\.picmeup/ && do { $self->{value} = sprintf"\tDD\t 0%Xh,090000000h",$opcode{$line};
+                /\.byte/    && do { my @str=split(/,\s*/,$line);
-                                    last;
+                                    map(s/(0b[0-1]+)/oct($1)/eig,@str);
-                                  };
+                                    map(s/0x([0-9a-f]+)/0$1h/ig,@str) if ($masm);       
-                /\.asciz/   && do { if ($line =~ /^"(.*)"$/) {
+                                    while ($#str>15) {
-                                        my @str=unpack("C*",$1);
-                                        push @str,0;
-                                        while ($#str>15) {
-                                            $self->{value}.="DB\t"
-                                                .join(",",@str[0..15])."\n";
-                                            foreach (0..15) { shift @str; }
-                                        }
                                        $self->{value}.="DB\t"
-                                                .join(",",@str) if (@str);
+                                                .join(",",@str[0..15])."\n";
+                                        foreach (0..15) { shift @str; }
                                    }
+                                    $self->{value}.="DB\t"
+                                                .join(",",@str) if (@str);
                                    last;
                                  };
            }
@@ -429,6 +621,15 @@ my $current_function;
    }
 }
+if ($nasm) {
+    print <<___;
+default rel
+___
+} elsif ($masm) {
+    print <<___;
+OPTION  DOTNAME
+___
+}
 while($line=<>) {
    chomp($line);
@@ -439,43 +640,42 @@ while($line=<>) {
    undef $label;
    undef $opcode;
-    undef $dst;
-    undef $src;
    undef $sz;
+    undef @args;
    if ($label=label->re(\$line))       { print $label->out(); }
    if (directive->re(\$line)) {
        printf "%s",directive->out();
-    } elsif ($opcode=opcode->re(\$line)) { ARGUMENT: {
+    } elsif ($opcode=opcode->re(\$line)) { ARGUMENT: while (1) {
+        my $arg;
-        if ($src=register->re(\$line))  { opcode->size($src->size()); }
-        elsif ($src=const->re(\$line))  { }
-        elsif ($src=ea->re(\$line))     { }
-        elsif ($src=expr->re(\$line))   { }
-        last ARGUMENT if ($line !~ /^,/);
+        if ($arg=register->re(\$line))  { opcode->size($arg->size()); }
+        elsif ($arg=const->re(\$line))  { }
+        elsif ($arg=ea->re(\$line))     { }
+        elsif ($arg=expr->re(\$line))   { }
+        else                            { last ARGUMENT; }
-        $line = substr($line,1); $line =~ s/^\s+//;
+        push @args,$arg;
-        if ($dst=register->re(\$line))  { opcode->size($dst->size()); }
+        last ARGUMENT if ($line !~ /^,/);
-        elsif ($dst=const->re(\$line))  { }
-        elsif ($dst=ea->re(\$line))     { }
+        $line =~ s/^,\s*//;
        } # ARGUMENT:
        $sz=opcode->size();
-        if (defined($dst)) {
+        if ($#args>=0) {
-            if (!$masm) {
+            my $insn;
-                printf "\t%s\t%s,%s",   $opcode->out($dst->size()),
+            if ($gas) {
-                                        $src->out($sz),$dst->out($sz);
+                $insn = $opcode->out($#args>=1?$args[$#args]->size():$sz);
            } else {
-                printf "\t%s\t%s,%s",   $opcode->out(),
+                $insn = $opcode->out();
-                                        $dst->out($sz),$src->out($sz);
+                $insn .= $sz if (map($_->out() =~ /x?mm/,@args));
+                @args = reverse(@args);
+                undef $sz if ($nasm && $opcode->mnemonic() eq "lea");
            }
-        } elsif (defined($src)) {
+            printf "\t%s\t%s",$insn,join(",",map($_->out($sz),@args));
-            printf "\t%s\t%s",$opcode->out(),$src->out($sz);
        } else {
            printf "\t%s",$opcode->out();
        }
@@ -484,11 +684,12 @@ while($line=<>) {
    print $line,"\n";
 }
-print "\n$current_segment\tENDS\nEND\n" if ($masm);
+print "\n$current_segment\tENDS\n"      if ($current_segment && $masm);
+print "END\n"                           if ($masm);
 close STDOUT;
-#################################################
+#################################################
 # Cross-reference x86_64 ABI "card"
 #
 #               Unix            Win64
@@ -552,3 +753,161 @@ close STDOUT;
 #       movq    16(%rsp),%rsi
 # endif
 #       ret
+#
+#################################################
+# Win64 SEH, Structured Exception Handling.
+#
+# Unlike on Unix systems(*) lack of Win64 stack unwinding information
+# has undesired side-effect at run-time: if an exception is raised in
+# assembler subroutine such as those in question (basically we're
+# referring to segmentation violations caused by malformed input
+# parameters), the application is briskly terminated without invoking
+# any exception handlers, most notably without generating memory dump
+# or any user notification whatsoever. This poses a problem. It's
+# possible to address it by registering custom language-specific
+# handler that would restore processor context to the state at
+# subroutine entry point and return "exception is not handled, keep
+# unwinding" code. Writing such handler can be a challenge... But it's
+# doable, though requires certain coding convention. Consider following
+# snippet:
+#
+# .type function,@function
+# function:
+#       movq    %rsp,%rax       # copy rsp to volatile register
+#       pushq   %r15            # save non-volatile registers
+#       pushq   %rbx
+#       pushq   %rbp
+#       movq    %rsp,%r11
+#       subq    %rdi,%r11       # prepare [variable] stack frame
+#       andq    $-64,%r11
+#       movq    %rax,0(%r11)    # check for exceptions
+#       movq    %r11,%rsp       # allocate [variable] stack frame
+#       movq    %rax,0(%rsp)    # save original rsp value
+# magic_point:
+#       ...
+#       movq    0(%rsp),%rcx    # pull original rsp value
+#       movq    -24(%rcx),%rbp  # restore non-volatile registers
+#       movq    -16(%rcx),%rbx
+#       movq    -8(%rcx),%r15
+#       movq    %rcx,%rsp       # restore original rsp
+#       ret
+# .size function,.-function
+#
+# The key is that up to magic_point copy of original rsp value remains
+# in chosen volatile register and no non-volatile register, except for
+# rsp, is modified. While past magic_point rsp remains constant till
+# the very end of the function. In this case custom language-specific
+# exception handler would look like this:
+#
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#               CONTEXT *context,DISPATCHER_CONTEXT *disp)
+# {     ULONG64 *rsp = (ULONG64 *)context->Rax;
+#       if (context->Rip >= magic_point)
+#       {   rsp = ((ULONG64 **)context->Rsp)[0];
+#           context->Rbp = rsp[-3];
+#           context->Rbx = rsp[-2];
+#           context->R15 = rsp[-1];
+#       }
+#       context->Rsp = (ULONG64)rsp;
+#       context->Rdi = rsp[1];
+#       context->Rsi = rsp[2];
+#
+#       memcpy (disp->ContextRecord,context,sizeof(CONTEXT));
+#       RtlVirtualUnwind(UNW_FLAG_NHANDLER,disp->ImageBase,
+#               dips->ControlPc,disp->FunctionEntry,disp->ContextRecord,
+#               &disp->HandlerData,&disp->EstablisherFrame,NULL);
+#       return ExceptionContinueSearch;
+# }
+#
+# It's appropriate to implement this handler in assembler, directly in
+# function's module. In order to do that one has to know members'
+# offsets in CONTEXT and DISPATCHER_CONTEXT structures and some constant
+# values. Here they are:
+#
+#       CONTEXT.Rax                             120
+#       CONTEXT.Rcx                             128
+#       CONTEXT.Rdx                             136
+#       CONTEXT.Rbx                             144
+#       CONTEXT.Rsp                             152
+#       CONTEXT.Rbp                             160
+#       CONTEXT.Rsi                             168
+#       CONTEXT.Rdi                             176
+#       CONTEXT.R8                              184
+#       CONTEXT.R9                              192
+#       CONTEXT.R10                             200
+#       CONTEXT.R11                             208
+#       CONTEXT.R12                             216
+#       CONTEXT.R13                             224
+#       CONTEXT.R14                             232
+#       CONTEXT.R15                             240
+#       CONTEXT.Rip                             248
+#       CONTEXT.Xmm6                            512
+#       sizeof(CONTEXT)                         1232
+#       DISPATCHER_CONTEXT.ControlPc            0
+#       DISPATCHER_CONTEXT.ImageBase            8
+#       DISPATCHER_CONTEXT.FunctionEntry        16
+#       DISPATCHER_CONTEXT.EstablisherFrame     24
+#       DISPATCHER_CONTEXT.TargetIp             32
+#       DISPATCHER_CONTEXT.ContextRecord        40
+#       DISPATCHER_CONTEXT.LanguageHandler      48
+#       DISPATCHER_CONTEXT.HandlerData          56
+#       UNW_FLAG_NHANDLER                       0
+#       ExceptionContinueSearch                 1
+#
+# In order to tie the handler to the function one has to compose
+# couple of structures: one for .xdata segment and one for .pdata.
+#
+# UNWIND_INFO structure for .xdata segment would be
+#
+# function_unwind_info:
+#       .byte   9,0,0,0
+#       .rva    handler
+#
+# This structure designates exception handler for a function with
+# zero-length prologue, no stack frame or frame register.
+#
+# To facilitate composing of .pdata structures, auto-generated "gear"
+# prologue copies rsp value to rax and denotes next instruction with
+# .LSEH_begin_{function_name} label. This essentially defines the SEH
+# styling rule mentioned in the beginning. Position of this label is
+# chosen in such manner that possible exceptions raised in the "gear"
+# prologue would be accounted to caller and unwound from latter's frame.
+# End of function is marked with respective .LSEH_end_{function_name}
+# label. To summarize, .pdata segment would contain
+#
+#       .rva    .LSEH_begin_function
+#       .rva    .LSEH_end_function
+#       .rva    function_unwind_info
+#
+# Reference to functon_unwind_info from .xdata segment is the anchor.
+# In case you wonder why references are 32-bit .rvas and not 64-bit
+# .quads. References put into these two segments are required to be
+# *relative* to the base address of the current binary module, a.k.a.
+# image base. No Win64 module, be it .exe or .dll, can be larger than
+# 2GB and thus such relative references can be and are accommodated in
+# 32 bits.
+#
+# Having reviewed the example function code, one can argue that "movq
+# %rsp,%rax" above is redundant. It is not! Keep in mind that on Unix
+# rax would contain an undefined value. If this "offends" you, use
+# another register and refrain from modifying rax till magic_point is
+# reached, i.e. as if it was a non-volatile register. If more registers
+# are required prior [variable] frame setup is completed, note that
+# nobody says that you can have only one "magic point." You can
+# "liberate" non-volatile registers by denoting last stack off-load
+# instruction and reflecting it in finer grade unwind logic in handler.
+# After all, isn't it why it's called *language-specific* handler...
+#
+# Attentive reader can notice that exceptions would be mishandled in
+# auto-generated "gear" epilogue. Well, exception effectively can't
+# occur there, because if memory area used by it was subject to
+# segmentation violation, then it would be raised upon call to the
+# function (and as already mentioned be accounted to caller, which is
+# not a problem). If you're still not comfortable, then define tail
+# "magic point" just prior ret instruction and have handler treat it...
+#
+# (*)   Note that we're talking about run-time, not debug-time. Lack of
+#       unwind information makes debugging hard on both Windows and
+#       Unix. "Unlike" referes to the fact that on Unix signal handler
+#       will always be invoked, core dumped and appropriate exit code
+#       returned to parent (for user notification).
diff --git a/src/lib/libcrypto/perlasm/x86asm.pl b/src/lib/libcrypto/perlasm/x86asm.pl
index 5979122158..28080caaa6 100644
--- a/src/lib/libcrypto/perlasm/x86asm.pl
+++ b/src/lib/libcrypto/perlasm/x86asm.pl
@@ -1,130 +1,207 @@
-#!/usr/local/bin/perl
+#!/usr/bin/env perl
 # require 'x86asm.pl';
-# &asm_init("cpp","des-586.pl");
+# &asm_init(<flavor>,"des-586.pl"[,$i386only]);
-# XXX
+# &function_begin("foo");
-# XXX
+# ...
-# main'asm_finish
+# &function_end("foo");
+# &asm_finish
-sub main'asm_finish
-        {
+$out=();
-        &file_end();
+$i386=0;
-        &asm_finish_cpp() if $cpp;
-        print &asm_get_output();
+# AUTOLOAD is this context has quite unpleasant side effect, namely
-        }
+# that typos in function calls effectively go to assembler output,
+# but on the pros side we don't have to implement one subroutine per
-sub main'asm_init
+# each opcode...
-        {
+sub ::AUTOLOAD
-        ($type,$fn,$i386)=@_;
+{ my $opcode = $AUTOLOAD;
-        $filename=$fn;
+    die "more than 4 arguments passed to $opcode" if ($#_>3);
-        $elf=$cpp=$coff=$aout=$win32=$netware=$mwerks=0;
-        if (    ($type eq "elf"))
+    $opcode =~ s/.*:://;
-                { $elf=1; require "x86unix.pl"; }
+    if    ($opcode =~ /^push/) { $stack+=4; }
-        elsif ( ($type eq "a.out"))
+    elsif ($opcode =~ /^pop/)  { $stack-=4; }
-                { $aout=1; require "x86unix.pl"; }
-        elsif ( ($type eq "coff" or $type eq "gaswin"))
+    &generic($opcode,@_) or die "undefined subroutine \&$AUTOLOAD";
-                { $coff=1; require "x86unix.pl"; }
+}
-        elsif ( ($type eq "cpp"))
-                { $cpp=1; require "x86unix.pl"; }
+sub ::emit
-        elsif ( ($type eq "win32"))
+{ my $opcode=shift;
-                { $win32=1; require "x86ms.pl"; }
-        elsif ( ($type eq "win32n"))
+    if ($#_==-1)    { push(@out,"\t$opcode\n");                         }
-                { $win32=1; require "x86nasm.pl"; }
+    else            { push(@out,"\t$opcode\t".join(',',@_)."\n");       }
-        elsif ( ($type eq "nw-nasm"))
+}
-                { $netware=1; require "x86nasm.pl"; }
-        elsif ( ($type eq "nw-mwasm"))
+sub ::LB
-                { $netware=1; $mwerks=1; require "x86nasm.pl"; }
+{   $_[0] =~ m/^e?([a-d])x$/o or die "$_[0] does not have a 'low byte'";
-        else
+  $1."l";
-                {
+}
-                print STDERR <<"EOF";
+sub ::HB
+{   $_[0] =~ m/^e?([a-d])x$/o or die "$_[0] does not have a 'high byte'";
+  $1."h";
+}
+sub ::stack_push{ my $num=$_[0]*4; $stack+=$num; &sub("esp",$num);      }
+sub ::stack_pop { my $num=$_[0]*4; $stack-=$num; &add("esp",$num);      }
+sub ::blindpop  { &pop($_[0]); $stack+=4;                               }
+sub ::wparam    { &DWP($stack+4*$_[0],"esp");                           }
+sub ::swtmp     { &DWP(4*$_[0],"esp");                                  }
+sub ::bswap
+{   if ($i386)  # emulate bswap for i386
+    {   &comment("bswap @_");
+        &xchg(&HB(@_),&LB(@_));
+        &ror (@_,16);
+        &xchg(&HB(@_),&LB(@_));
+    }
+    else
+    {   &generic("bswap",@_);   }
+}
+# These are made-up opcodes introduced over the years essentially
+# by ignorance, just alias them to real ones...
+sub ::movb      { &mov(@_);     }
+sub ::xorb      { &xor(@_);     }
+sub ::rotl      { &rol(@_);     }
+sub ::rotr      { &ror(@_);     }
+sub ::exch      { &xchg(@_);    }
+sub ::halt      { &hlt;         }
+sub ::movz      { &movzx(@_);   }
+sub ::pushf     { &pushfd;      }
+sub ::popf      { &popfd;       }
+# 3 argument instructions
+sub ::movq
+{ my($p1,$p2,$optimize)=@_;
+    if ($optimize && $p1=~/^mm[0-7]$/ && $p2=~/^mm[0-7]$/)
+    # movq between mmx registers can sink Intel CPUs
+    {   &::pshufw($p1,$p2,0xe4);                }
+    else
+    {   &::generic("movq",@_);                  }
+}
+# label management
+$lbdecor="L";           # local label decoration, set by package
+$label="000";
+sub ::islabel           # see is argument is a known label
+{ my $i;
+    foreach $i (values %label) { return $i if ($i eq $_[0]); }
+  $label{$_[0]};        # can be undef
+}
+sub ::label             # instantiate a function-scope label
+{   if (!defined($label{$_[0]}))
+    {   $label{$_[0]}="${lbdecor}${label}${_[0]}"; $label++;   }
+  $label{$_[0]};
+}
+sub ::LABEL             # instantiate a file-scope label
+{   $label{$_[0]}=$_[1] if (!defined($label{$_[0]}));
+  $label{$_[0]};
+}
+sub ::static_label      { &::LABEL($_[0],$lbdecor.$_[0]); }
+sub ::set_label_B       { push(@out,"@_:\n"); }
+sub ::set_label
+{ my $label=&::label($_[0]);
+    &::align($_[1]) if ($_[1]>1);
+    &::set_label_B($label);
+  $label;
+}
+sub ::wipe_labels       # wipes function-scope labels
+{   foreach $i (keys %label)
+    {   delete $label{$i} if ($label{$i} =~ /^\Q${lbdecor}\E[0-9]{3}/); }
+}
+# subroutine management
+sub ::function_begin
+{   &function_begin_B(@_);
+    $stack=4;
+    &push("ebp");
+    &push("ebx");
+    &push("esi");
+    &push("edi");
+}
+sub ::function_end
+{   &pop("edi");
+    &pop("esi");
+    &pop("ebx");
+    &pop("ebp");
+    &ret();
+    &function_end_B(@_);
+    $stack=0;
+    &wipe_labels();
+}
+sub ::function_end_A
+{   &pop("edi");
+    &pop("esi");
+    &pop("ebx");
+    &pop("ebp");
+    &ret();
+    $stack+=16; # readjust esp as if we didn't pop anything
+}
+sub ::asciz
+{ my @str=unpack("C*",shift);
+    push @str,0;
+    while ($#str>15) {
+        &data_byte(@str[0..15]);
+        foreach (0..15) { shift @str; }
+    }
+    &data_byte(@str) if (@str);
+}
+sub ::asm_finish
+{   &file_end();
+    print @out;
+}
+sub ::asm_init
+{ my ($type,$fn,$cpu)=@_;
+    $filename=$fn;
+    $i386=$cpu;
+    $elf=$cpp=$coff=$aout=$macosx=$win32=$netware=$mwerks=0;
+    if    (($type eq "elf"))
+    {   $elf=1;                 require "x86gas.pl";    }
+    elsif (($type eq "a\.out"))
+    {   $aout=1;                require "x86gas.pl";    }
+    elsif (($type eq "coff" or $type eq "gaswin"))
+    {   $coff=1;                require "x86gas.pl";    }
+    elsif (($type eq "win32n"))
+    {   $win32=1;               require "x86nasm.pl";   }
+    elsif (($type eq "nw-nasm"))
+    {   $netware=1;             require "x86nasm.pl";   }
+    #elsif (($type eq "nw-mwasm"))
+    #{  $netware=1; $mwerks=1;  require "x86nasm.pl";   }
+    elsif (($type eq "win32"))
+    {   $win32=1;               require "x86masm.pl";   }
+    elsif (($type eq "macosx"))
+    {   $aout=1; $macosx=1;     require "x86gas.pl";    }
+    else
+    {   print STDERR <<"EOF";
 Pick one target type from
        elf     - Linux, FreeBSD, Solaris x86, etc.
-        a.out   - OpenBSD, DJGPP, etc.
+        a.out   - DJGPP, elder OpenBSD, etc.
        coff    - GAS/COFF such as Win32 targets
-        win32   - Windows 95/Windows NT
        win32n  - Windows 95/Windows NT NASM format
        nw-nasm - NetWare NASM format
-        nw-mwasm- NetWare Metrowerks Assembler
+        macosx  - Mac OS X
 EOF
-                exit(1);
+        exit(1);
-                }
+    }
-        $pic=0;
+    $pic=0;
-        for (@ARGV) {   $pic=1 if (/\-[fK]PIC/i);       }
+    for (@ARGV) { $pic=1 if (/\-[fK]PIC/i); }
-        &asm_init_output();
+    $filename =~ s/\.pl$//;
+    &file($filename);
-&comment("Don't even think of reading this code");
+}
-&comment("It was automatically generated by $filename");
-&comment("Which is a perl program used to generate the x86 assember for");
-&comment("any of ELF, a.out, COFF, Win32, ...");
-&comment("eric <eay\@cryptsoft.com>");
-&comment("");
-        $filename =~ s/\.pl$//;
-        &file($filename);
-        }
-sub asm_finish_cpp
-        {
-        return unless $cpp;
-        local($tmp,$i);
-        foreach $i (&get_labels())
-                {
-                $tmp.="#define $i _$i\n";
-                }
-        print <<"EOF";
-/* Run the C pre-processor over this file with one of the following defined
- * ELF - elf object files,
- * OUT - a.out object files,
- * BSDI - BSDI style a.out object files
- * SOL - Solaris style elf
- */
-#define TYPE(a,b)       .type   a,b
-#define SIZE(a,b)       .size   a,b
-#if defined(OUT) || (defined(BSDI) && !defined(ELF))
-$tmp
-#endif
-#ifdef OUT
-#define OK      1
-#define ALIGN   4
-#if defined(__CYGWIN__) || defined(__DJGPP__) || (__MINGW32__)
-#undef SIZE
-#undef TYPE
-#define SIZE(a,b)
-#define TYPE(a,b)       .def a; .scl 2; .type 32; .endef
-#endif /* __CYGWIN || __DJGPP */
-#endif
-#if defined(BSDI) && !defined(ELF)
-#define OK              1
-#define ALIGN           4
-#undef SIZE
-#undef TYPE
-#define SIZE(a,b)
-#define TYPE(a,b)
-#endif
-#if defined(ELF) || defined(SOL)
-#define OK              1
-#define ALIGN           16
-#endif
-#ifndef OK
-You need to define one of
-ELF - elf systems - linux-elf, NetBSD and DG-UX
-OUT - a.out systems - linux-a.out and FreeBSD
-SOL - solaris systems, which are elf with strange comment lines
-BSDI - a.out with a very primative version of as.
-#endif
-/* Let the Assembler begin :-) */
-EOF
-        }
 1;
diff --git a/src/lib/libcrypto/perlasm/x86gas.pl b/src/lib/libcrypto/perlasm/x86gas.pl
new file mode 100644
index 0000000000..6eab727fd4
--- /dev/null
+++ b/src/lib/libcrypto/perlasm/x86gas.pl
@@ -0,0 +1,247 @@
+#!/usr/bin/env perl
+package x86gas;
+*out=\@::out;
+$::lbdecor=$::aout?"L":".L";            # local label decoration
+$nmdecor=($::aout or $::coff)?"_":"";   # external name decoration
+$initseg="";
+$align=16;
+$align=log($align)/log(2) if ($::aout);
+$com_start="#" if ($::aout or $::coff);
+sub opsize()
+{ my $reg=shift;
+    if    ($reg =~ m/^%e/o)             { "l"; }
+    elsif ($reg =~ m/^%[a-d][hl]$/o)    { "b"; }
+    elsif ($reg =~ m/^%[xm]/o)          { undef; }
+    else                                { "w"; }
+}
+# swap arguments;
+# expand opcode with size suffix;
+# prefix numeric constants with $;
+sub ::generic
+{ my($opcode,@arg)=@_;
+  my($suffix,$dst,$src);
+    @arg=reverse(@arg);
+    for (@arg)
+    {   s/^(\*?)(e?[a-dsixphl]{2})$/$1%$2/o;    # gp registers
+        s/^([xy]?mm[0-7])$/%$1/o;               # xmm/mmx registers
+        s/^(\-?[0-9]+)$/\$$1/o;                 # constants
+        s/^(\-?0x[0-9a-f]+)$/\$$1/o;            # constants
+    }
+    $dst = $arg[$#arg]          if ($#arg>=0);
+    $src = $arg[$#arg-1]        if ($#arg>=1);
+    if    ($dst =~ m/^%/o)      { $suffix=&opsize($dst); }
+    elsif ($src =~ m/^%/o)      { $suffix=&opsize($src); }
+    else                        { $suffix="l";           }
+    undef $suffix if ($dst =~ m/^%[xm]/o || $src =~ m/^%[xm]/o);
+    if ($#_==0)                         { &::emit($opcode);             }
+    elsif ($opcode =~ m/^j/o && $#_==1) { &::emit($opcode,@arg);        }
+    elsif ($opcode eq "call" && $#_==1) { &::emit($opcode,@arg);        }
+    elsif ($opcode =~ m/^set/&& $#_==1) { &::emit($opcode,@arg);        }
+    else                                { &::emit($opcode.$suffix,@arg);}
+  1;
+}
+#
+# opcodes not covered by ::generic above, mostly inconsistent namings...
+#
+sub ::movzx     { &::movzb(@_);                 }
+sub ::pushfd    { &::pushfl;                    }
+sub ::popfd     { &::popfl;                     }
+sub ::cpuid     { &::emit(".byte\t0x0f,0xa2");  }
+sub ::rdtsc     { &::emit(".byte\t0x0f,0x31");  }
+sub ::call      { &::emit("call",(&::islabel($_[0]) or "$nmdecor$_[0]")); }
+sub ::call_ptr  { &::generic("call","*$_[0]");  }
+sub ::jmp_ptr   { &::generic("jmp","*$_[0]");   }
+*::bswap = sub  { &::emit("bswap","%$_[0]");    } if (!$::i386);
+sub ::DWP
+{ my($addr,$reg1,$reg2,$idx)=@_;
+  my $ret="";
+    $addr =~ s/^\s+//;
+    # prepend global references with optional underscore
+    $addr =~ s/^([^\+\-0-9][^\+\-]*)/&::islabel($1) or "$nmdecor$1"/ige;
+    $reg1 = "%$reg1" if ($reg1);
+    $reg2 = "%$reg2" if ($reg2);
+    $ret .= $addr if (($addr ne "") && ($addr ne 0));
+    if ($reg2)
+    {   $idx!= 0 or $idx=1;
+        $ret .= "($reg1,$reg2,$idx)";
+    }
+    elsif ($reg1)
+    {   $ret .= "($reg1)";      }
+  $ret;
+}
+sub ::QWP       { &::DWP(@_);   }
+sub ::BP        { &::DWP(@_);   }
+sub ::BC        { @_;           }
+sub ::DWC       { @_;           }
+sub ::file
+{   push(@out,".file\t\"$_[0].s\"\n.text\n");   }
+sub ::function_begin_B
+{ my $func=shift;
+  my $global=($func !~ /^_/);
+  my $begin="${::lbdecor}_${func}_begin";
+    &::LABEL($func,$global?"$begin":"$nmdecor$func");
+    $func=$nmdecor.$func;
+    push(@out,".globl\t$func\n")        if ($global);
+    if ($::coff)
+    {   push(@out,".def\t$func;\t.scl\t".(3-$global).";\t.type\t32;\t.endef\n"); }
+    elsif (($::aout and !$::pic) or $::macosx)
+    { }
+    else
+    {   push(@out,".type        $func,\@function\n"); }
+    push(@out,".align\t$align\n");
+    push(@out,"$func:\n");
+    push(@out,"$begin:\n")              if ($global);
+    $::stack=4;
+}
+sub ::function_end_B
+{ my $func=shift;
+    push(@out,".size\t$nmdecor$func,.-".&::LABEL($func)."\n") if ($::elf);
+    $::stack=0;
+    &::wipe_labels();
+}
+sub ::comment
+        {
+        if (!defined($com_start) or $::elf)
+                {       # Regarding $::elf above...
+                        # GNU and SVR4 as'es use different comment delimiters,
+                push(@out,"\n");        # so we just skip ELF comments...
+                return;
+                }
+        foreach (@_)
+                {
+                if (/^\s*$/)
+                        { push(@out,"\n"); }
+                else
+                        { push(@out,"\t$com_start $_ $com_end\n"); }
+                }
+        }
+sub ::external_label
+{   foreach(@_) { &::LABEL($_,$nmdecor.$_); }   }
+sub ::public_label
+{   push(@out,".globl\t".&::LABEL($_[0],$nmdecor.$_[0])."\n");   }
+sub ::file_end
+{   if (grep {/\b${nmdecor}OPENSSL_ia32cap_P\b/i} @out) {
+        my $tmp=".comm\t${nmdecor}OPENSSL_ia32cap_P,4";
+        if ($::elf)     { push (@out,"$tmp,4\n"); }
+        else            { push (@out,"$tmp\n"); }
+    }
+    if ($::macosx)
+    {   if (%non_lazy_ptr)
+        {   push(@out,".section __IMPORT,__pointers,non_lazy_symbol_pointers\n");
+            foreach $i (keys %non_lazy_ptr)
+            {   push(@out,"$non_lazy_ptr{$i}:\n.indirect_symbol\t$i\n.long\t0\n");   }
+        }
+    }
+    push(@out,$initseg) if ($initseg);
+}
+sub ::data_byte {   push(@out,".byte\t".join(',',@_)."\n");   }
+sub ::data_word {   push(@out,".long\t".join(',',@_)."\n");   }
+sub ::align
+{ my $val=$_[0],$p2,$i;
+    if ($::aout)
+    {   for ($p2=0;$val!=0;$val>>=1) { $p2++; }
+        $val=$p2-1;
+        $val.=",0x90";
+    }
+    push(@out,".align\t$val\n");
+}
+sub ::picmeup
+{ my($dst,$sym,$base,$reflabel)=@_;
+    if ($::pic && ($::elf || $::aout))
+    {   if (!defined($base))
+        {   &::call(&::label("PIC_me_up"));
+            &::set_label("PIC_me_up");
+            &::blindpop($dst);
+            $base=$dst;
+            $reflabel=&::label("PIC_me_up");
+        }
+        if ($::macosx)
+        {   my $indirect=&::static_label("$nmdecor$sym\$non_lazy_ptr");
+            &::mov($dst,&::DWP("$indirect-$reflabel",$base));
+            $non_lazy_ptr{"$nmdecor$sym"}=$indirect;
+        }
+        else
+        {   &::lea($dst,&::DWP("_GLOBAL_OFFSET_TABLE_+[.-$reflabel]",
+                            $base));
+            &::mov($dst,&::DWP("$sym\@GOT",$dst));
+        }
+    }
+    else
+    {   &::lea($dst,&::DWP($sym));      }
+}
+sub ::initseg
+{ my $f=$nmdecor.shift;
+    if ($::elf)
+    {   $initseg.=<<___;
+.section        .init
+        call    $f
+        jmp     .Linitalign
+.align  $align
+.Linitalign:
+___
+    }
+    elsif ($::coff)
+    {   $initseg.=<<___;        # applies to both Cygwin and Mingw
+.section        .ctors
+.long   $f
+___
+    }
+    elsif ($::macosx)
+    {   $initseg.=<<___;
+.mod_init_func
+.align 2
+.long   $f
+___
+    }
+    elsif ($::aout)
+    {   my $ctor="${nmdecor}_GLOBAL_\$I\$$f";
+        $initseg.=".text\n";
+        $initseg.=".type        $ctor,\@function\n" if ($::pic);
+        $initseg.=<<___;        # OpenBSD way...
+.globl  $ctor
+.align  2
+$ctor:
+        jmp     $f
+___
+    }
+}
+sub ::dataseg
+{   push(@out,".data\n");   }
+1;
diff --git a/src/lib/libcrypto/pkcs12/p12_add.c b/src/lib/libcrypto/pkcs12/p12_add.c
index 1f3e378f5c..27ac5facfa 100644
--- a/src/lib/libcrypto/pkcs12/p12_add.c
+++ b/src/lib/libcrypto/pkcs12/p12_add.c
@@ -106,6 +106,7 @@ PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
             PKCS8_PRIV_KEY_INFO *p8)
 {
        PKCS12_SAFEBAG *bag;
+        const EVP_CIPHER *pbe_ciph;
        /* Set up the safe bag */
        if (!(bag = PKCS12_SAFEBAG_new())) {
@@ -114,8 +115,14 @@ PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
        }
        bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag);
+        pbe_ciph = EVP_get_cipherbynid(pbe_nid);
+        if (pbe_ciph)
+                pbe_nid = -1;
        if (!(bag->value.shkeybag = 
-          PKCS8_encrypt(pbe_nid, NULL, pass, passlen, salt, saltlen, iter,
+          PKCS8_encrypt(pbe_nid, pbe_ciph, pass, passlen, salt, saltlen, iter,
                                                                         p8))) {
                PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
                return NULL;
@@ -164,6 +171,7 @@ PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
 {
        PKCS7 *p7;
        X509_ALGOR *pbe;
+        const EVP_CIPHER *pbe_ciph;
        if (!(p7 = PKCS7_new())) {
                PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
                return NULL;
@@ -173,7 +181,15 @@ PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
                                PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE);
                return NULL;
        }
-        if (!(pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen))) {
+        pbe_ciph = EVP_get_cipherbynid(pbe_nid);
+        if (pbe_ciph)
+                pbe = PKCS5_pbe2_set(pbe_ciph, iter, salt, saltlen);
+        else
+                pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);
+        if (!pbe) {
                PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
                return NULL;
        }
diff --git a/src/lib/libcrypto/pkcs12/p12_attr.c b/src/lib/libcrypto/pkcs12/p12_attr.c
index 68d6c5ad15..e4d9c25647 100644
--- a/src/lib/libcrypto/pkcs12/p12_attr.c
+++ b/src/lib/libcrypto/pkcs12/p12_attr.c
@@ -139,7 +139,7 @@ char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag)
        ASN1_TYPE *atype;
        if (!(atype = PKCS12_get_attr(bag, NID_friendlyName))) return NULL;
        if (atype->type != V_ASN1_BMPSTRING) return NULL;
-        return uni2asc(atype->value.bmpstring->data,
+        return OPENSSL_uni2asc(atype->value.bmpstring->data,
                                 atype->value.bmpstring->length);
 }
diff --git a/src/lib/libcrypto/pkcs12/p12_crpt.c b/src/lib/libcrypto/pkcs12/p12_crpt.c
index f8b952e27e..b71d07b4d0 100644
--- a/src/lib/libcrypto/pkcs12/p12_crpt.c
+++ b/src/lib/libcrypto/pkcs12/p12_crpt.c
@@ -60,28 +60,10 @@
 #include "cryptlib.h"
 #include <openssl/pkcs12.h>
-/* PKCS#12 specific PBE functions */
+/* PKCS#12 PBE algorithms now in static table */
 void PKCS12_PBE_add(void)
 {
-#ifndef OPENSSL_NO_RC4
-EVP_PBE_alg_add(NID_pbe_WithSHA1And128BitRC4, EVP_rc4(), EVP_sha1(),
-                                                         PKCS12_PBE_keyivgen);
-EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC4, EVP_rc4_40(), EVP_sha1(),
-                                                         PKCS12_PBE_keyivgen);
-#endif
-#ifndef OPENSSL_NO_DES
-EVP_PBE_alg_add(NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
-                        EVP_des_ede3_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen);
-EVP_PBE_alg_add(NID_pbe_WithSHA1And2_Key_TripleDES_CBC, 
-                        EVP_des_ede_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen);
-#endif
-#ifndef OPENSSL_NO_RC2
-EVP_PBE_alg_add(NID_pbe_WithSHA1And128BitRC2_CBC, EVP_rc2_cbc(),
-                                        EVP_sha1(), PKCS12_PBE_keyivgen);
-EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC2_CBC, EVP_rc2_40_cbc(),
-                                        EVP_sha1(), PKCS12_PBE_keyivgen);
-#endif
 }
 int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
diff --git a/src/lib/libcrypto/pkcs12/p12_crt.c b/src/lib/libcrypto/pkcs12/p12_crt.c
index 9522342fa5..96b131defa 100644
--- a/src/lib/libcrypto/pkcs12/p12_crt.c
+++ b/src/lib/libcrypto/pkcs12/p12_crt.c
@@ -59,10 +59,6 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/pkcs12.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag);
@@ -94,14 +90,7 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
        /* Set defaults */
        if (!nid_cert)
-                {
-#ifdef OPENSSL_FIPS
-                if (FIPS_mode())
-                        nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
-                else
-#endif
                nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
-                }
        if (!nid_key)
                nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
        if (!iter)
diff --git a/src/lib/libcrypto/pkcs12/p12_key.c b/src/lib/libcrypto/pkcs12/p12_key.c
index 9e57eee4a4..a29794bbbc 100644
--- a/src/lib/libcrypto/pkcs12/p12_key.c
+++ b/src/lib/libcrypto/pkcs12/p12_key.c
@@ -81,15 +81,18 @@ int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
        int ret;
        unsigned char *unipass;
        int uniplen;
        if(!pass) {
                unipass = NULL;
                uniplen = 0;
-        } else if (!asc2uni(pass, passlen, &unipass, &uniplen)) {
+        } else if (!OPENSSL_asc2uni(pass, passlen, &unipass, &uniplen)) {
                PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC,ERR_R_MALLOC_FAILURE);
                return 0;
        }
        ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
                                                 id, iter, n, out, md_type);
+        if (ret <= 0)
+            return 0;
        if(unipass) {
                OPENSSL_cleanse(unipass, uniplen);      /* Clear password from memory */
                OPENSSL_free(unipass);
@@ -129,6 +132,8 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
 #endif
        v = EVP_MD_block_size (md_type);
        u = EVP_MD_size (md_type);
+        if (u < 0)
+            return 0;
        D = OPENSSL_malloc (v);
        Ai = OPENSSL_malloc (u);
        B = OPENSSL_malloc (v + 1);
diff --git a/src/lib/libcrypto/pkcs12/p12_kiss.c b/src/lib/libcrypto/pkcs12/p12_kiss.c
index 5c4c6ec988..292cc3ed4a 100644
--- a/src/lib/libcrypto/pkcs12/p12_kiss.c
+++ b/src/lib/libcrypto/pkcs12/p12_kiss.c
@@ -63,16 +63,13 @@
 /* Simplified PKCS#12 routines */
 static int parse_pk12( PKCS12 *p12, const char *pass, int passlen,
-                EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca);
+                EVP_PKEY **pkey, STACK_OF(X509) *ocerts);
 static int parse_bags( STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
-                       int passlen, EVP_PKEY **pkey, X509 **cert,
+                       int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts);
-                       STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid,
-                       char *keymatch);
 static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen,
-                        EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca,
+                        EVP_PKEY **pkey, STACK_OF(X509) *ocerts);
-                        ASN1_OCTET_STRING **keyid, char *keymatch);
 /* Parse and decrypt a PKCS#12 structure returning user key, user cert
 * and other (CA) certs. Note either ca should be NULL, *ca should be NULL,
@@ -83,24 +80,20 @@ static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen,
 int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
             STACK_OF(X509) **ca)
 {
+        STACK_OF(X509) *ocerts = NULL;
+        X509 *x = NULL;
        /* Check for NULL PKCS12 structure */
-        if(!p12) {
+        if(!p12)
+                {
                PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_INVALID_NULL_PKCS12_POINTER);
                return 0;
-        }
-        /* Allocate stack for ca certificates if needed */
-        if ((ca != NULL) && (*ca == NULL)) {
-                if (!(*ca = sk_X509_new_null())) {
-                        PKCS12err(PKCS12_F_PKCS12_PARSE,ERR_R_MALLOC_FAILURE);
-                        return 0;
                }
-        }
-        if(pkey) *pkey = NULL;
+        if(pkey)
-        if(cert) *cert = NULL;
+                *pkey = NULL;
+        if(cert)
+                *cert = NULL;
        /* Check the mac */
@@ -122,19 +115,61 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
                goto err;
        }
-        if (!parse_pk12 (p12, pass, -1, pkey, cert, ca))
+        /* Allocate stack for other certificates */
+        ocerts = sk_X509_new_null();
+        if (!ocerts)
+                {
+                PKCS12err(PKCS12_F_PKCS12_PARSE,ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        if (!parse_pk12 (p12, pass, -1, pkey, ocerts))
                {
                PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_PARSE_ERROR);
                goto err;
                }
+        while ((x = sk_X509_pop(ocerts)))
+                {
+                if (pkey && *pkey && cert && !*cert)
+                        {
+                        if (X509_check_private_key(x, *pkey))
+                                {
+                                *cert = x;
+                                x = NULL;
+                                }
+                        }
+                if (ca && x)
+                        {
+                        if (!*ca)
+                                *ca = sk_X509_new_null();
+                        if (!*ca)
+                                goto err;
+                        if (!sk_X509_push(*ca, x))
+                                goto err;
+                        x = NULL;
+                        }
+                if (x)
+                        X509_free(x);
+                }
+        if (ocerts)
+                sk_X509_pop_free(ocerts, X509_free);
        return 1;
 err:
-        if (pkey && *pkey) EVP_PKEY_free(*pkey);
+        if (pkey && *pkey)
-        if (cert && *cert) X509_free(*cert);
+                EVP_PKEY_free(*pkey);
-        if (ca) sk_X509_pop_free(*ca, X509_free);
+        if (cert && *cert)
+                X509_free(*cert);
+        if (x)
+                X509_free(*cert);
+        if (ocerts)
+                sk_X509_pop_free(ocerts, X509_free);
        return 0;
 }
@@ -142,15 +177,13 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
 /* Parse the outer PKCS#12 structure */
 static int parse_pk12(PKCS12 *p12, const char *pass, int passlen,
-             EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
+             EVP_PKEY **pkey, STACK_OF(X509) *ocerts)
 {
        STACK_OF(PKCS7) *asafes;
        STACK_OF(PKCS12_SAFEBAG) *bags;
        int i, bagnid;
        PKCS7 *p7;
-        ASN1_OCTET_STRING *keyid = NULL;
-        char keymatch = 0;
        if (!(asafes = PKCS12_unpack_authsafes (p12))) return 0;
        for (i = 0; i < sk_PKCS7_num (asafes); i++) {
                p7 = sk_PKCS7_value (asafes, i);
@@ -164,8 +197,7 @@ static int parse_pk12(PKCS12 *p12, const char *pass, int passlen,
                        sk_PKCS7_pop_free(asafes, PKCS7_free);
                        return 0;
                }
-                if (!parse_bags(bags, pass, passlen, pkey, cert, ca,
+                if (!parse_bags(bags, pass, passlen, pkey, ocerts)) {
-                                                         &keyid, &keymatch)) {
                        sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
                        sk_PKCS7_pop_free(asafes, PKCS7_free);
                        return 0;
@@ -173,89 +205,65 @@ static int parse_pk12(PKCS12 *p12, const char *pass, int passlen,
                sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
        }
        sk_PKCS7_pop_free(asafes, PKCS7_free);
-        if (keyid) M_ASN1_OCTET_STRING_free(keyid);
        return 1;
 }
 static int parse_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
-                      int passlen, EVP_PKEY **pkey, X509 **cert,
+                      int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts)
-                      STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid,
-                      char *keymatch)
 {
        int i;
        for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
                if (!parse_bag(sk_PKCS12_SAFEBAG_value (bags, i),
-                         pass, passlen, pkey, cert, ca, keyid,
+                                 pass, passlen, pkey, ocerts))
-                                                         keymatch)) return 0;
+                        return 0;
        }
        return 1;
 }
-#define MATCH_KEY  0x1
-#define MATCH_CERT 0x2
-#define MATCH_ALL  0x3
 static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
-                     EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca,
+                     EVP_PKEY **pkey, STACK_OF(X509) *ocerts)
-                     ASN1_OCTET_STRING **keyid,
-                     char *keymatch)
 {
        PKCS8_PRIV_KEY_INFO *p8;
        X509 *x509;
-        ASN1_OCTET_STRING *lkey = NULL, *ckid = NULL;
        ASN1_TYPE *attrib;
        ASN1_BMPSTRING *fname = NULL;
+        ASN1_OCTET_STRING *lkid = NULL;
        if ((attrib = PKCS12_get_attr (bag, NID_friendlyName)))
                fname = attrib->value.bmpstring;
-        if ((attrib = PKCS12_get_attr (bag, NID_localKeyID))) {
+        if ((attrib = PKCS12_get_attr (bag, NID_localKeyID)))
-                lkey = attrib->value.octet_string;
+                lkid = attrib->value.octet_string;
-                ckid = lkey;
-        }
-        /* Check for any local key id matching (if needed) */
-        if (lkey && ((*keymatch & MATCH_ALL) != MATCH_ALL)) {
-                if (*keyid) {
-                        if (M_ASN1_OCTET_STRING_cmp(*keyid, lkey)) lkey = NULL;
-                } else {
-                        if (!(*keyid = M_ASN1_OCTET_STRING_dup(lkey))) {
-                                PKCS12err(PKCS12_F_PARSE_BAG,ERR_R_MALLOC_FAILURE);
-                                return 0;
-                    }
-                }
-        }
-        
        switch (M_PKCS12_bag_type(bag))
        {
        case NID_keyBag:
-                if (!lkey || !pkey) return 1;   
+                if (!pkey || *pkey)
-                if (!(*pkey = EVP_PKCS82PKEY(bag->value.keybag))) return 0;
+                        return 1;       
-                *keymatch |= MATCH_KEY;
+                if (!(*pkey = EVP_PKCS82PKEY(bag->value.keybag)))
+                        return 0;
        break;
        case NID_pkcs8ShroudedKeyBag:
-                if (!lkey || !pkey) return 1;   
+                if (!pkey || *pkey)
+                        return 1;       
                if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen)))
                                return 0;
                *pkey = EVP_PKCS82PKEY(p8);
                PKCS8_PRIV_KEY_INFO_free(p8);
                if (!(*pkey)) return 0;
-                *keymatch |= MATCH_KEY;
        break;
        case NID_certBag:
                if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate )
-                                                                 return 1;
+                        return 1;
-                if (!(x509 = PKCS12_certbag2x509(bag))) return 0;
+                if (!(x509 = PKCS12_certbag2x509(bag)))
-                if(ckid)
+                        return 0;
+                if(lkid && !X509_keyid_set1(x509, lkid->data, lkid->length))
                        {
-                        if (!X509_keyid_set1(x509, ckid->data, ckid->length))
+                        X509_free(x509);
-                                {
+                        return 0;
-                                X509_free(x509);
-                                return 0;
-                                }
                        }
                if(fname) {
                        int len, r;
@@ -272,20 +280,17 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
                        }
                }
+                if(!sk_X509_push(ocerts, x509))
+                        {
+                        X509_free(x509);
+                        return 0;
+                        }
-                if (lkey) {
-                        *keymatch |= MATCH_CERT;
-                        if (cert) *cert = x509;
-                        else X509_free(x509);
-                } else {
-                        if(ca) sk_X509_push (*ca, x509);
-                        else X509_free(x509);
-                }
        break;
        case NID_safeContentsBag:
                return parse_bags(bag->value.safes, pass, passlen,
-                                        pkey, cert, ca, keyid, keymatch);
+                                        pkey, ocerts);
        break;
        default:
diff --git a/src/lib/libcrypto/pkcs12/p12_mutl.c b/src/lib/libcrypto/pkcs12/p12_mutl.c
index 70bfef6e5d..9ab740d51f 100644
--- a/src/lib/libcrypto/pkcs12/p12_mutl.c
+++ b/src/lib/libcrypto/pkcs12/p12_mutl.c
@@ -71,6 +71,7 @@ int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
        HMAC_CTX hmac;
        unsigned char key[EVP_MAX_MD_SIZE], *salt;
        int saltlen, iter;
+        int md_size;
        if (!PKCS7_type_is_data(p12->authsafes))
                {
@@ -87,13 +88,16 @@ int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
                PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_UNKNOWN_DIGEST_ALGORITHM);
                return 0;
        }
+        md_size = EVP_MD_size(md_type);
+        if (md_size < 0)
+            return 0;
        if(!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter,
-                                 EVP_MD_size(md_type), key, md_type)) {
+                                 md_size, key, md_type)) {
                PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_KEY_GEN_ERROR);
                return 0;
        }
        HMAC_CTX_init(&hmac);
-        HMAC_Init_ex(&hmac, key, EVP_MD_size(md_type), md_type, NULL);
+        HMAC_Init_ex(&hmac, key, md_size, md_type, NULL);
        HMAC_Update(&hmac, p12->authsafes->d.data->data,
                                         p12->authsafes->d.data->length);
        HMAC_Final(&hmac, mac, maclen);
diff --git a/src/lib/libcrypto/pkcs12/p12_npas.c b/src/lib/libcrypto/pkcs12/p12_npas.c
index 47e5e9c377..2f71355150 100644
--- a/src/lib/libcrypto/pkcs12/p12_npas.c
+++ b/src/lib/libcrypto/pkcs12/p12_npas.c
@@ -120,8 +120,13 @@ static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass)
                        bags = PKCS12_unpack_p7data(p7);
                } else if (bagnid == NID_pkcs7_encrypted) {
                        bags = PKCS12_unpack_p7encdata(p7, oldpass, -1);
-                        alg_get(p7->d.encrypted->enc_data->algorithm,
+                        if (!alg_get(p7->d.encrypted->enc_data->algorithm,
-                                &pbe_nid, &pbe_iter, &pbe_saltlen);
+                                &pbe_nid, &pbe_iter, &pbe_saltlen))
+                                {
+                                sk_PKCS12_SAFEBAG_pop_free(bags,
+                                                PKCS12_SAFEBAG_free);
+                                bags = NULL;
+                                }
                } else continue;
                if (!bags) {
                        sk_PKCS7_pop_free(asafes, PKCS7_free);
@@ -193,7 +198,9 @@ static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass)
        if(M_PKCS12_bag_type(bag) != NID_pkcs8ShroudedKeyBag) return 1;
        if (!(p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1))) return 0;
-        alg_get(bag->value.shkeybag->algor, &p8_nid, &p8_iter, &p8_saltlen);
+        if (!alg_get(bag->value.shkeybag->algor, &p8_nid, &p8_iter,
+                                                        &p8_saltlen))
+                return 0;
        if(!(p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen,
                                                     p8_iter, p8))) return 0;
        X509_SIG_free(bag->value.shkeybag);
@@ -208,9 +215,11 @@ static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen)
        p = alg->parameter->value.sequence->data;
        pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length);
+        if (!pbe)
+                return 0;
        *pnid = OBJ_obj2nid(alg->algorithm);
        *piter = ASN1_INTEGER_get(pbe->iter);
        *psaltlen = pbe->salt->length;
        PBEPARAM_free(pbe);
-        return 0;
+        return 1;
 }
diff --git a/src/lib/libcrypto/pkcs12/p12_utl.c b/src/lib/libcrypto/pkcs12/p12_utl.c
index ca30ac4f6d..59c6f453f6 100644
--- a/src/lib/libcrypto/pkcs12/p12_utl.c
+++ b/src/lib/libcrypto/pkcs12/p12_utl.c
@@ -62,7 +62,7 @@
 /* Cheap and nasty Unicode stuff */
-unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen)
+unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen)
 {
        int ulen, i;
        unsigned char *unitmp;
@@ -81,7 +81,7 @@ unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *un
        return unitmp;
 }
-char *uni2asc(unsigned char *uni, int unilen)
+char *OPENSSL_uni2asc(unsigned char *uni, int unilen)
 {
        int asclen, i;
        char *asctmp;
diff --git a/src/lib/libcrypto/pkcs12/pk12err.c b/src/lib/libcrypto/pkcs12/pk12err.c
index 07a1fb6907..f6ddf2df12 100644
--- a/src/lib/libcrypto/pkcs12/pk12err.c
+++ b/src/lib/libcrypto/pkcs12/pk12err.c
@@ -1,6 +1,6 @@
 /* crypto/pkcs12/pk12err.c */
 /* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
diff --git a/src/lib/libcrypto/pkcs12/pkcs12.h b/src/lib/libcrypto/pkcs12/pkcs12.h
index 4bee605dc0..b17eb9f42b 100644
--- a/src/lib/libcrypto/pkcs12/pkcs12.h
+++ b/src/lib/libcrypto/pkcs12/pkcs12.h
@@ -108,8 +108,6 @@ PKCS12_MAC_DATA *mac;
 PKCS7 *authsafes;
 } PKCS12;
-PREDECLARE_STACK_OF(PKCS12_SAFEBAG)
 typedef struct {
 ASN1_OBJECT *type;
 union {
@@ -232,8 +230,8 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
                   const EVP_MD *md_type);
 int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt,
                                         int saltlen, const EVP_MD *md_type);
-unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen);
+unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen);
-char *uni2asc(unsigned char *uni, int unilen);
+char *OPENSSL_uni2asc(unsigned char *uni, int unilen);
 DECLARE_ASN1_FUNCTIONS(PKCS12)
 DECLARE_ASN1_FUNCTIONS(PKCS12_MAC_DATA)
diff --git a/src/lib/libcrypto/pkcs7/bio_pk7.c b/src/lib/libcrypto/pkcs7/bio_pk7.c
new file mode 100644
index 0000000000..c8d06d6cdc
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/bio_pk7.c
@@ -0,0 +1,69 @@
+/* bio_pk7.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+#include <openssl/asn1.h>
+#include <openssl/pkcs7.h>
+#include <openssl/bio.h>
+#ifndef OPENSSL_SYSNAME_NETWARE
+#include <memory.h>
+#endif
+#include <stdio.h>
+/* Streaming encode support for PKCS#7 */
+BIO *BIO_new_PKCS7(BIO *out, PKCS7 *p7) 
+        {
+        return BIO_new_NDEF(out, (ASN1_VALUE *)p7, ASN1_ITEM_rptr(PKCS7));
+        }
diff --git a/src/lib/libcrypto/pkcs7/pk7_asn1.c b/src/lib/libcrypto/pkcs7/pk7_asn1.c
index 1f70d31386..b7ec2883cb 100644
--- a/src/lib/libcrypto/pkcs7/pk7_asn1.c
+++ b/src/lib/libcrypto/pkcs7/pk7_asn1.c
@@ -77,10 +77,39 @@ ASN1_ADB(PKCS7) = {
        ADB_ENTRY(NID_pkcs7_encrypted, ASN1_NDEF_EXP_OPT(PKCS7, d.encrypted, PKCS7_ENCRYPT, 0))
 } ASN1_ADB_END(PKCS7, 0, type, 0, &p7default_tt, NULL);
-ASN1_NDEF_SEQUENCE(PKCS7) = {
+/* PKCS#7 streaming support */
+static int pk7_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                                                        void *exarg)
+{
+        ASN1_STREAM_ARG *sarg = exarg;
+        PKCS7 **pp7 = (PKCS7 **)pval;
+        switch(operation)
+                {
+                case ASN1_OP_STREAM_PRE:
+                if (PKCS7_stream(&sarg->boundary, *pp7) <= 0)
+                        return 0;
+                case ASN1_OP_DETACHED_PRE:
+                sarg->ndef_bio = PKCS7_dataInit(*pp7, sarg->out);
+                if (!sarg->ndef_bio)
+                        return 0;
+                break;
+                case ASN1_OP_STREAM_POST:
+                case ASN1_OP_DETACHED_POST:
+                if (PKCS7_dataFinal(*pp7, sarg->ndef_bio) <= 0)
+                        return 0;
+                break;
+                }
+        return 1;
+}
+ASN1_NDEF_SEQUENCE_cb(PKCS7, pk7_cb) = {
        ASN1_SIMPLE(PKCS7, type, ASN1_OBJECT),
        ASN1_ADB_OBJECT(PKCS7)
-}ASN1_NDEF_SEQUENCE_END(PKCS7)
+}ASN1_NDEF_SEQUENCE_END_cb(PKCS7, PKCS7)
 IMPLEMENT_ASN1_FUNCTIONS(PKCS7)
 IMPLEMENT_ASN1_NDEF_FUNCTION(PKCS7)
@@ -98,7 +127,8 @@ ASN1_NDEF_SEQUENCE(PKCS7_SIGNED) = {
 IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGNED)
 /* Minor tweak to operation: free up EVP_PKEY */
-static int si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+static int si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                                                        void *exarg)
 {
        if(operation == ASN1_OP_FREE_POST) {
                PKCS7_SIGNER_INFO *si = (PKCS7_SIGNER_INFO *)*pval;
@@ -140,7 +170,8 @@ ASN1_NDEF_SEQUENCE(PKCS7_ENVELOPE) = {
 IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENVELOPE)
 /* Minor tweak to operation: free up X509 */
-static int ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+static int ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                                                                void *exarg)
 {
        if(operation == ASN1_OP_FREE_POST) {
                PKCS7_RECIP_INFO *ri = (PKCS7_RECIP_INFO *)*pval;
@@ -161,7 +192,7 @@ IMPLEMENT_ASN1_FUNCTIONS(PKCS7_RECIP_INFO)
 ASN1_NDEF_SEQUENCE(PKCS7_ENC_CONTENT) = {
        ASN1_SIMPLE(PKCS7_ENC_CONTENT, content_type, ASN1_OBJECT),
        ASN1_SIMPLE(PKCS7_ENC_CONTENT, algorithm, X509_ALGOR),
-        ASN1_IMP_OPT(PKCS7_ENC_CONTENT, enc_data, ASN1_OCTET_STRING, 0)
+        ASN1_IMP_OPT(PKCS7_ENC_CONTENT, enc_data, ASN1_OCTET_STRING_NDEF, 0)
 } ASN1_NDEF_SEQUENCE_END(PKCS7_ENC_CONTENT)
 IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENC_CONTENT)
@@ -212,3 +243,5 @@ ASN1_ITEM_TEMPLATE(PKCS7_ATTR_VERIFY) =
        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL,
                                V_ASN1_SET, PKCS7_ATTRIBUTES, X509_ATTRIBUTE)
 ASN1_ITEM_TEMPLATE_END(PKCS7_ATTR_VERIFY)
+IMPLEMENT_ASN1_PRINT_FUNCTION(PKCS7)
diff --git a/src/lib/libcrypto/pkcs7/pk7_attr.c b/src/lib/libcrypto/pkcs7/pk7_attr.c
index d549717169..a97db51210 100644
--- a/src/lib/libcrypto/pkcs7/pk7_attr.c
+++ b/src/lib/libcrypto/pkcs7/pk7_attr.c
@@ -60,6 +60,7 @@
 #include <stdlib.h>
 #include <openssl/bio.h>
 #include <openssl/asn1.h>
+#include <openssl/asn1t.h>
 #include <openssl/pem.h>
 #include <openssl/pkcs7.h>
 #include <openssl/x509.h>
@@ -68,27 +69,12 @@
 int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK_OF(X509_ALGOR) *cap)
 {
        ASN1_STRING *seq;
-        unsigned char *p, *pp;
-        int len;
-        len=i2d_ASN1_SET_OF_X509_ALGOR(cap,NULL,i2d_X509_ALGOR,
-                                       V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL,
-                                       IS_SEQUENCE);
-        if(!(pp=(unsigned char *)OPENSSL_malloc(len))) {
-                PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE);
-                return 0;
-        }
-        p=pp;
-        i2d_ASN1_SET_OF_X509_ALGOR(cap,&p,i2d_X509_ALGOR, V_ASN1_SEQUENCE,
-                                   V_ASN1_UNIVERSAL, IS_SEQUENCE);
        if(!(seq = ASN1_STRING_new())) {
                PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE);
                return 0;
        }
-        if(!ASN1_STRING_set (seq, pp, len)) {
+        seq->length = ASN1_item_i2d((ASN1_VALUE *)cap,&seq->data,
-                PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE);
+                                ASN1_ITEM_rptr(X509_ALGORS));
-                return 0;
-        }
-        OPENSSL_free (pp);
        return PKCS7_add_signed_attribute(si, NID_SMIMECapabilities,
                                                        V_ASN1_SEQUENCE, seq);
 }
@@ -102,10 +88,9 @@ STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si)
        if (!cap || (cap->type != V_ASN1_SEQUENCE))
                return NULL;
        p = cap->value.sequence->data;
-        return d2i_ASN1_SET_OF_X509_ALGOR(NULL, &p,
+        return (STACK_OF(X509_ALGOR) *)
-                                          cap->value.sequence->length,
+                ASN1_item_d2i(NULL, &p, cap->value.sequence->length,
-                                          d2i_X509_ALGOR, X509_ALGOR_free,
+                                ASN1_ITEM_rptr(X509_ALGORS));
-                                          V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
        }
 /* Basic smime-capabilities OID and optional integer arg */
@@ -139,3 +124,42 @@ int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg)
        sk_X509_ALGOR_push (sk, alg);
        return 1;
 }
+int PKCS7_add_attrib_content_type(PKCS7_SIGNER_INFO *si, ASN1_OBJECT *coid)
+        {
+        if (PKCS7_get_signed_attribute(si, NID_pkcs9_contentType))
+                return 0;
+        if (!coid)
+                coid = OBJ_nid2obj(NID_pkcs7_data);
+        return PKCS7_add_signed_attribute(si, NID_pkcs9_contentType,
+                                V_ASN1_OBJECT, coid);
+        }
+int PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t)
+        {
+        if (!t && !(t=X509_gmtime_adj(NULL,0)))
+                {
+                PKCS7err(PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME,
+                                ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        return PKCS7_add_signed_attribute(si, NID_pkcs9_signingTime,
+                                                V_ASN1_UTCTIME, t);
+        }
+int PKCS7_add1_attrib_digest(PKCS7_SIGNER_INFO *si,
+                                const unsigned char *md, int mdlen)
+        {
+        ASN1_OCTET_STRING *os;
+        os = ASN1_OCTET_STRING_new();
+        if (!os)
+                return 0;
+        if (!ASN1_STRING_set(os, md, mdlen)
+                || !PKCS7_add_signed_attribute(si, NID_pkcs9_messageDigest,
+                                                V_ASN1_OCTET_STRING, os))
+                {
+                ASN1_OCTET_STRING_free(os);
+                return 0;
+                }
+        return 1;
+        }
diff --git a/src/lib/libcrypto/pkcs7/pk7_doit.c b/src/lib/libcrypto/pkcs7/pk7_doit.c
index a03d7ebedf..451de84489 100644
--- a/src/lib/libcrypto/pkcs7/pk7_doit.c
+++ b/src/lib/libcrypto/pkcs7/pk7_doit.c
@@ -138,6 +138,121 @@ static int PKCS7_bio_add_digest(BIO **pbio, X509_ALGOR *alg)
        }
+static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri,
+                                        unsigned char *key, int keylen)
+        {
+        EVP_PKEY_CTX *pctx = NULL;
+        EVP_PKEY *pkey = NULL;
+        unsigned char *ek = NULL;
+        int ret = 0;
+        size_t eklen;
+        pkey = X509_get_pubkey(ri->cert);
+        if (!pkey)
+                return 0;
+        pctx = EVP_PKEY_CTX_new(pkey, NULL);
+        if (!pctx)
+                return 0;
+        if (EVP_PKEY_encrypt_init(pctx) <= 0)
+                goto err;
+        if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT,
+                                EVP_PKEY_CTRL_PKCS7_ENCRYPT, 0, ri) <= 0)
+                {
+                PKCS7err(PKCS7_F_PKCS7_ENCODE_RINFO, PKCS7_R_CTRL_ERROR);
+                goto err;
+                }
+        if (EVP_PKEY_encrypt(pctx, NULL, &eklen, key, keylen) <= 0)
+                goto err;
+        ek = OPENSSL_malloc(eklen);
+        if (ek == NULL)
+                {
+                PKCS7err(PKCS7_F_PKCS7_ENCODE_RINFO, ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        if (EVP_PKEY_encrypt(pctx, ek, &eklen, key, keylen) <= 0)
+                goto err;
+        ASN1_STRING_set0(ri->enc_key, ek, eklen);
+        ek = NULL;
+        ret = 1;
+        err:
+        if (pkey)
+                EVP_PKEY_free(pkey);
+        if (pctx)
+                EVP_PKEY_CTX_free(pctx);
+        if (ek)
+                OPENSSL_free(ek);
+        return ret;
+        }
+static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen,
+                               PKCS7_RECIP_INFO *ri, EVP_PKEY *pkey)
+        {
+        EVP_PKEY_CTX *pctx = NULL;
+        unsigned char *ek = NULL;
+        size_t eklen;
+        int ret = 0;
+        pctx = EVP_PKEY_CTX_new(pkey, NULL);
+        if (!pctx)
+                return 0;
+        if (EVP_PKEY_decrypt_init(pctx) <= 0)
+                goto err;
+        if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DECRYPT,
+                                EVP_PKEY_CTRL_PKCS7_DECRYPT, 0, ri) <= 0)
+                {
+                PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, PKCS7_R_CTRL_ERROR);
+                goto err;
+                }
+        if (EVP_PKEY_decrypt(pctx, NULL, &eklen,
+                                ri->enc_key->data, ri->enc_key->length) <= 0)
+                goto err;
+        ek = OPENSSL_malloc(eklen);
+        if (ek == NULL)
+                {
+                PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        if (EVP_PKEY_decrypt(pctx, ek, &eklen,
+                                ri->enc_key->data, ri->enc_key->length) <= 0)
+                {
+                PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_EVP_LIB);
+                goto err;
+                }
+        ret = 1;
+        *pek = ek;
+        *peklen = eklen;
+        err:
+        if (pctx)
+                EVP_PKEY_CTX_free(pctx);
+        if (!ret && ek)
+                OPENSSL_free(ek);
+        return ret;
+        }
 BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
        {
        int i;
@@ -148,7 +263,6 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
        STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL;
        X509_ALGOR *xalg=NULL;
        PKCS7_RECIP_INFO *ri=NULL;
-        EVP_PKEY *pkey;
        ASN1_OCTET_STRING *os=NULL;
        i=OBJ_obj2nid(p7->type);
@@ -187,6 +301,8 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
                xa = p7->d.digest->md;
                os = PKCS7_get_octet_string(p7->d.digest->contents);
                break;
+        case NID_pkcs7_data:
+                break;
        default:
                PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
                goto err;
@@ -204,8 +320,6 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
                unsigned char key[EVP_MAX_KEY_LENGTH];
                unsigned char iv[EVP_MAX_IV_LENGTH];
                int keylen,ivlen;
-                int jj,max;
-                unsigned char *tmp;
                EVP_CIPHER_CTX *ctx;
                if ((btmp=BIO_new(BIO_f_cipher())) == NULL)
@@ -234,52 +348,16 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
                                        goto err;
                        }
                        if(EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0)
-                               goto err;
+                                goto err;
                }
                /* Lets do the pub key stuff :-) */
-                max=0;
                for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)
                        {
                        ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
-                        if (ri->cert == NULL)
+                        if (pkcs7_encode_rinfo(ri, key, keylen) <= 0)
-                                {
-                                PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_MISSING_CERIPEND_INFO);
-                                goto err;
-                                }
-                        if ((pkey=X509_get_pubkey(ri->cert)) == NULL)
-                                goto err;
-                        jj=EVP_PKEY_size(pkey);
-                        EVP_PKEY_free(pkey);
-                        if (max < jj) max=jj;
-                        }
-                if ((tmp=(unsigned char *)OPENSSL_malloc(max)) == NULL)
-                        {
-                        PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                        }
-                for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)
-                        {
-                        ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
-                        if ((pkey=X509_get_pubkey(ri->cert)) == NULL)
-                                goto err;
-                        jj=EVP_PKEY_encrypt(tmp,key,keylen,pkey);
-                        EVP_PKEY_free(pkey);
-                        if (jj <= 0)
-                                {
-                                PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_EVP_LIB);
-                                OPENSSL_free(tmp);
                                goto err;
-                                }
-                        if (!M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj))
-                                {
-                                PKCS7err(PKCS7_F_PKCS7_DATAINIT,
-                                        ERR_R_MALLOC_FAILURE);
-                                OPENSSL_free(tmp);
-                                goto err;
-                                }
                        }
-                OPENSSL_free(tmp);
                OPENSSL_cleanse(key, keylen);
                if (out == NULL)
@@ -303,7 +381,10 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
                        BIO_set_mem_eof_return(bio,0);
                        }
                }
-        BIO_push(out,bio);
+        if (out)
+                BIO_push(out,bio);
+        else
+                out = bio;
        bio=NULL;
        if (0)
                {
@@ -333,7 +414,6 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
        {
        int i,j;
        BIO *out=NULL,*btmp=NULL,*etmp=NULL,*bio=NULL;
-        unsigned char *tmp=NULL;
        X509_ALGOR *xa;
        ASN1_OCTET_STRING *data_body=NULL;
        const EVP_MD *evp_md;
@@ -423,7 +503,8 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
                int max;
                X509_OBJECT ret;
 #endif
-                int jj;
+                unsigned char *ek = NULL;
+                int eklen;
                if ((etmp=BIO_new(BIO_f_cipher())) == NULL)
                        {
@@ -438,26 +519,21 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
                 * (if any)
                 */
-                if (pcert) {
+                if (pcert)
-                        for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) {
+                        {
+                        for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)
+                                {
                                ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
                                if (!pkcs7_cmp_ri(ri, pcert))
                                        break;
                                ri=NULL;
-                        }
+                                }
-                        if (ri == NULL) {
+                        if (ri == NULL)
+                                {
                                PKCS7err(PKCS7_F_PKCS7_DATADECODE,
                                      PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE);
                                goto err;
-                        }
+                                }
-                }
-                jj=EVP_PKEY_size(pkey);
-                tmp=(unsigned char *)OPENSSL_malloc(jj+10);
-                if (tmp == NULL)
-                        {
-                        PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_MALLOC_FAILURE);
-                        goto err;
                        }
                /* If we haven't got a certificate try each ri in turn */
@@ -467,11 +543,8 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
                        for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)
                                {
                                ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
-                                jj=EVP_PKEY_decrypt(tmp,
+                                if (pkcs7_decrypt_rinfo(&ek, &eklen,
-                                        M_ASN1_STRING_data(ri->enc_key),
+                                                        ri, pkey) > 0)
-                                        M_ASN1_STRING_length(ri->enc_key),
-                                                pkey);
-                                if (jj > 0)
                                        break;
                                ERR_clear_error();
                                ri = NULL;
@@ -485,15 +558,8 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
                        }
                else
                        {
-                        jj=EVP_PKEY_decrypt(tmp,
+                        if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey) <= 0)
-                                M_ASN1_STRING_data(ri->enc_key),
-                                M_ASN1_STRING_length(ri->enc_key), pkey);
-                        if (jj <= 0)
-                                {
-                                PKCS7err(PKCS7_F_PKCS7_DATADECODE,
-                                                                ERR_R_EVP_LIB);
                                goto err;
-                                }
                        }
                evp_ctx=NULL;
@@ -503,22 +569,26 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
                if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0)
                        goto err;
-                if (jj != EVP_CIPHER_CTX_key_length(evp_ctx)) {
+                if (eklen != EVP_CIPHER_CTX_key_length(evp_ctx)) {
                        /* Some S/MIME clients don't use the same key
                         * and effective key length. The key length is
                         * determined by the size of the decrypted RSA key.
                         */
-                        if(!EVP_CIPHER_CTX_set_key_length(evp_ctx, jj))
+                        if(!EVP_CIPHER_CTX_set_key_length(evp_ctx, eklen))
                                {
                                PKCS7err(PKCS7_F_PKCS7_DATADECODE,
                                        PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH);
                                goto err;
                                }
                } 
-                if (EVP_CipherInit_ex(evp_ctx,NULL,NULL,tmp,NULL,0) <= 0)
+                if (EVP_CipherInit_ex(evp_ctx,NULL,NULL,ek,NULL,0) <= 0)
                        goto err;
-                OPENSSL_cleanse(tmp,jj);
+                if (ek)
+                        {
+                        OPENSSL_cleanse(ek,eklen);
+                        OPENSSL_free(ek);
+                        }
                if (out == NULL)
                        out=etmp;
@@ -566,8 +636,6 @@ err:
                if (bio != NULL) BIO_free_all(bio);
                out=NULL;
                }
-        if (tmp != NULL)
-                OPENSSL_free(tmp);
        return(out);
        }
@@ -594,13 +662,43 @@ static BIO *PKCS7_find_digest(EVP_MD_CTX **pmd, BIO *bio, int nid)
        return NULL;
        }
+static int do_pkcs7_signed_attrib(PKCS7_SIGNER_INFO *si, EVP_MD_CTX *mctx)
+        {
+        unsigned char md_data[EVP_MAX_MD_SIZE];
+        unsigned int md_len;
+        /* Add signing time if not already present */
+        if (!PKCS7_get_signed_attribute(si, NID_pkcs9_signingTime))
+                {
+                if (!PKCS7_add0_attrib_signing_time(si, NULL))
+                        {
+                        PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB,
+                                        ERR_R_MALLOC_FAILURE);
+                        return 0;
+                        }
+                }
+        /* Add digest */
+        EVP_DigestFinal_ex(mctx, md_data,&md_len);
+        if (!PKCS7_add1_attrib_digest(si, md_data, md_len))
+                {
+                PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        /* Now sign the attributes */
+        if (!PKCS7_SIGNER_INFO_sign(si))
+                        return 0;
+        return 1;
+        }
+        
+                                
 int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
        {
        int ret=0;
        int i,j;
        BIO *btmp;
-        BUF_MEM *buf_mem=NULL;
-        BUF_MEM *buf=NULL;
        PKCS7_SIGNER_INFO *si;
        EVP_MD_CTX *mdc,ctx_tmp;
        STACK_OF(X509_ATTRIBUTE) *sk;
@@ -613,24 +711,37 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
        switch (i)
                {
+        case NID_pkcs7_data:
+                os = p7->d.data;
+                break;
        case NID_pkcs7_signedAndEnveloped:
                /* XXXXXXXXXXXXXXXX */
                si_sk=p7->d.signed_and_enveloped->signer_info;
-                if (!(os=M_ASN1_OCTET_STRING_new()))
+                os = p7->d.signed_and_enveloped->enc_data->enc_data;
+                if (!os)
                        {
-                        PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_MALLOC_FAILURE);
+                        os=M_ASN1_OCTET_STRING_new();
-                        goto err;
+                        if (!os)
+                                {
+                                PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_MALLOC_FAILURE);
+                                goto err;
+                                }
+                        p7->d.signed_and_enveloped->enc_data->enc_data=os;
                        }
-                p7->d.signed_and_enveloped->enc_data->enc_data=os;
                break;
        case NID_pkcs7_enveloped:
                /* XXXXXXXXXXXXXXXX */
-                if (!(os=M_ASN1_OCTET_STRING_new()))
+                os = p7->d.enveloped->enc_data->enc_data;
+                if (!os)
                        {
-                        PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_MALLOC_FAILURE);
+                        os=M_ASN1_OCTET_STRING_new();
-                        goto err;
+                        if (!os)
+                                {
+                                PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_MALLOC_FAILURE);
+                                goto err;
+                                }
+                        p7->d.enveloped->enc_data->enc_data=os;
                        }
-                p7->d.enveloped->enc_data->enc_data=os;
                break;
        case NID_pkcs7_signed:
                si_sk=p7->d.sign->signer_info;
@@ -652,21 +763,20 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
                        }
                break;
+        default:
+                PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
+                goto err;
                }
        if (si_sk != NULL)
                {
-                if ((buf=BUF_MEM_new()) == NULL)
-                        {
-                        PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_BIO_LIB);
-                        goto err;
-                        }
                for (i=0; i<sk_PKCS7_SIGNER_INFO_num(si_sk); i++)
                        {
                        si=sk_PKCS7_SIGNER_INFO_value(si_sk,i);
-                        if (si->pkey == NULL) continue;
+                        if (si->pkey == NULL)
+                                continue;
-                        j=OBJ_obj2nid(si->digest_alg->algorithm);
+                        j = OBJ_obj2nid(si->digest_alg->algorithm);
                        btmp=bio;
@@ -678,97 +788,33 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
                        /* We now have the EVP_MD_CTX, lets do the
                         * signing. */
                        EVP_MD_CTX_copy_ex(&ctx_tmp,mdc);
-                        if (!BUF_MEM_grow_clean(buf,EVP_PKEY_size(si->pkey)))
-                                {
-                                PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_BIO_LIB);
-                                goto err;
-                                }
                        sk=si->auth_attr;
                        /* If there are attributes, we add the digest
                         * attribute and only sign the attributes */
-                        if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0))
+                        if (sk_X509_ATTRIBUTE_num(sk) > 0)
                                {
-                                unsigned char md_data[EVP_MAX_MD_SIZE], *abuf=NULL;
+                                if (!do_pkcs7_signed_attrib(si, &ctx_tmp))
-                                unsigned int md_len, alen;
-                                ASN1_OCTET_STRING *digest;
-                                ASN1_UTCTIME *sign_time;
-                                const EVP_MD *md_tmp;
-                                /* Add signing time if not already present */
-                                if (!PKCS7_get_signed_attribute(si,
-                                                        NID_pkcs9_signingTime))
-                                        {
-                                        if (!(sign_time=X509_gmtime_adj(NULL,0)))
-                                                {
-                                                PKCS7err(PKCS7_F_PKCS7_DATAFINAL,
-                                                        ERR_R_MALLOC_FAILURE);
-                                                goto err;
-                                                }
-                                        if (!PKCS7_add_signed_attribute(si,
-                                                NID_pkcs9_signingTime,
-                                                V_ASN1_UTCTIME,sign_time))
-                                                {
-                                                M_ASN1_UTCTIME_free(sign_time);
-                                                goto err;
-                                                }
-                                        }
-                                /* Add digest */
-                                md_tmp=EVP_MD_CTX_md(&ctx_tmp);
-                                EVP_DigestFinal_ex(&ctx_tmp,md_data,&md_len);
-                                if (!(digest=M_ASN1_OCTET_STRING_new()))
-                                        {
-                                        PKCS7err(PKCS7_F_PKCS7_DATAFINAL,
-                                                ERR_R_MALLOC_FAILURE);
                                        goto err;
-                                        }
+                                }
-                                if (!M_ASN1_OCTET_STRING_set(digest,md_data,
+                        else
-                                                                md_len))
+                                {
-                                        {
+                                unsigned char *abuf = NULL;
-                                        PKCS7err(PKCS7_F_PKCS7_DATAFINAL,
+                                unsigned int abuflen;
-                                                ERR_R_MALLOC_FAILURE);
+                                abuflen = EVP_PKEY_size(si->pkey);
-                                        M_ASN1_OCTET_STRING_free(digest);
+                                abuf = OPENSSL_malloc(abuflen);
+                                if (!abuf)
                                        goto err;
-                                        }
-                                if (!PKCS7_add_signed_attribute(si,
+                                if (!EVP_SignFinal(&ctx_tmp, abuf, &abuflen,
-                                        NID_pkcs9_messageDigest,
+                                                        si->pkey))
-                                        V_ASN1_OCTET_STRING,digest))
                                        {
-                                        M_ASN1_OCTET_STRING_free(digest);
+                                        PKCS7err(PKCS7_F_PKCS7_DATAFINAL,
+                                                        ERR_R_EVP_LIB);
                                        goto err;
                                        }
+                                ASN1_STRING_set0(si->enc_digest, abuf, abuflen);
-                                /* Now sign the attributes */
-                                EVP_SignInit_ex(&ctx_tmp,md_tmp,NULL);
-                                alen = ASN1_item_i2d((ASN1_VALUE *)sk,&abuf,
-                                                        ASN1_ITEM_rptr(PKCS7_ATTR_SIGN));
-                                if(!abuf) goto err;
-                                EVP_SignUpdate(&ctx_tmp,abuf,alen);
-                                OPENSSL_free(abuf);
-                                }
-#ifndef OPENSSL_NO_DSA
-                        if (si->pkey->type == EVP_PKEY_DSA)
-                                ctx_tmp.digest=EVP_dss1();
-#endif
-#ifndef OPENSSL_NO_ECDSA
-                        if (si->pkey->type == EVP_PKEY_EC)
-                                ctx_tmp.digest=EVP_ecdsa();
-#endif
-                        if (!EVP_SignFinal(&ctx_tmp,(unsigned char *)buf->data,
-                                (unsigned int *)&buf->length,si->pkey))
-                                {
-                                PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_EVP_LIB);
-                                goto err;
-                                }
-                        if (!ASN1_STRING_set(si->enc_digest,
-                                (unsigned char *)buf->data,buf->length))
-                                {
-                                PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_ASN1_LIB);
-                                goto err;
                                }
                        }
                }
@@ -783,34 +829,90 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
                M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len);
                }
-        if (!PKCS7_is_detached(p7))
+        if (!PKCS7_is_detached(p7) && !(os->flags & ASN1_STRING_FLAG_NDEF))
                {
+                char *cont;
+                long contlen;
                btmp=BIO_find_type(bio,BIO_TYPE_MEM);
                if (btmp == NULL)
                        {
                        PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
                        goto err;
                        }
-                BIO_get_mem_ptr(btmp,&buf_mem);
+                contlen = BIO_get_mem_data(btmp, &cont);
                /* Mark the BIO read only then we can use its copy of the data
                 * instead of making an extra copy.
                 */
                BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
                BIO_set_mem_eof_return(btmp, 0);
-                os->data = (unsigned char *)buf_mem->data;
+                ASN1_STRING_set0(os, (unsigned char *)cont, contlen);
-                os->length = buf_mem->length;
-#if 0
-                M_ASN1_OCTET_STRING_set(os,
-                        (unsigned char *)buf_mem->data,buf_mem->length);
-#endif
                }
        ret=1;
 err:
        EVP_MD_CTX_cleanup(&ctx_tmp);
-        if (buf != NULL) BUF_MEM_free(buf);
        return(ret);
        }
+int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si)
+        {
+        EVP_MD_CTX mctx;
+        EVP_PKEY_CTX *pctx;
+        unsigned char *abuf = NULL;
+        int alen;
+        size_t siglen;
+        const EVP_MD *md = NULL;
+        md = EVP_get_digestbyobj(si->digest_alg->algorithm);
+        if (md == NULL)
+                return 0;
+        EVP_MD_CTX_init(&mctx);
+        if (EVP_DigestSignInit(&mctx, &pctx, md,NULL, si->pkey) <= 0)
+                goto err;
+        if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
+                                EVP_PKEY_CTRL_PKCS7_SIGN, 0, si) <= 0)
+                {
+                PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, PKCS7_R_CTRL_ERROR);
+                goto err;
+                }
+        alen = ASN1_item_i2d((ASN1_VALUE *)si->auth_attr,&abuf,
+                                ASN1_ITEM_rptr(PKCS7_ATTR_SIGN));
+        if(!abuf)
+                goto err;
+        if (EVP_DigestSignUpdate(&mctx,abuf,alen) <= 0)
+                goto err;
+        OPENSSL_free(abuf);
+        if (EVP_DigestSignFinal(&mctx, NULL, &siglen) <= 0)
+                goto err;
+        abuf = OPENSSL_malloc(siglen);
+        if(!abuf)
+                goto err;
+        if (EVP_DigestSignFinal(&mctx, abuf, &siglen) <= 0)
+                goto err;
+        if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
+                                EVP_PKEY_CTRL_PKCS7_SIGN, 1, si) <= 0)
+                {
+                PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, PKCS7_R_CTRL_ERROR);
+                goto err;
+                }
+        EVP_MD_CTX_cleanup(&mctx);
+        ASN1_STRING_set0(si->enc_digest, abuf, siglen);
+        return 1;
+        err:
+        if (abuf)
+                OPENSSL_free(abuf);
+        EVP_MD_CTX_cleanup(&mctx);
+        return 0;
+        }
 int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio,
             PKCS7 *p7, PKCS7_SIGNER_INFO *si)
        {
@@ -922,7 +1024,8 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
        if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0))
                {
                unsigned char md_dat[EVP_MAX_MD_SIZE], *abuf = NULL;
-                unsigned int md_len, alen;
+                unsigned int md_len;
+                int alen;
                ASN1_OCTET_STRING *message_digest;
                EVP_DigestFinal_ex(&mdc_tmp,md_dat,&md_len);
@@ -954,6 +1057,12 @@ for (ii=0; ii<md_len; ii++) printf("%02X",md_dat[ii]); printf(" calc\n");
                alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf,
                                                ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY));
+                if (alen <= 0) 
+                        {
+                        PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,ERR_R_ASN1_LIB);
+                        ret = -1;
+                        goto err;
+                        }
                EVP_VerifyUpdate(&mdc_tmp, abuf, alen);
                OPENSSL_free(abuf);
@@ -966,12 +1075,6 @@ for (ii=0; ii<md_len; ii++) printf("%02X",md_dat[ii]); printf(" calc\n");
                ret = -1;
                goto err;
                }
-#ifndef OPENSSL_NO_DSA
-        if(pkey->type == EVP_PKEY_DSA) mdc_tmp.digest=EVP_dss1();
-#endif
-#ifndef OPENSSL_NO_ECDSA
-        if (pkey->type == EVP_PKEY_EC) mdc_tmp.digest=EVP_ecdsa();
-#endif
        i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length, pkey);
        EVP_PKEY_free(pkey);
@@ -1107,8 +1210,9 @@ static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
        if (*sk == NULL)
                {
-                if (!(*sk = sk_X509_ATTRIBUTE_new_null()))
+                *sk = sk_X509_ATTRIBUTE_new_null();
-                        return 0;
+                if (*sk == NULL)
+                        return 0;       
 new_attrib:
                if (!(attr=X509_ATTRIBUTE_create(nid,atrtype,value)))
                        return 0;
diff --git a/src/lib/libcrypto/pkcs7/pk7_lib.c b/src/lib/libcrypto/pkcs7/pk7_lib.c
index f2490941a3..3ca0952792 100644
--- a/src/lib/libcrypto/pkcs7/pk7_lib.c
+++ b/src/lib/libcrypto/pkcs7/pk7_lib.c
@@ -60,6 +60,7 @@
 #include "cryptlib.h"
 #include <openssl/objects.h>
 #include <openssl/x509.h>
+#include "asn1_locl.h"
 long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg)
        {
@@ -314,7 +315,7 @@ int PKCS7_add_certificate(PKCS7 *p7, X509 *x509)
                *sk=sk_X509_new_null();
        if (*sk == NULL)
                {
-                PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE,ERR_R_MALLOC_FAILURE);
+                PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE, ERR_R_MALLOC_FAILURE);
                return 0;
                }
        CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
@@ -365,13 +366,8 @@ int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl)
 int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
             const EVP_MD *dgst)
        {
-        int nid;
+        int ret;
-        char is_dsa;
-        if (pkey->type == EVP_PKEY_DSA || pkey->type == EVP_PKEY_EC)
-                is_dsa = 1;
-        else
-                is_dsa = 0;
        /* We now need to add another PKCS7_SIGNER_INFO entry */
        if (!ASN1_INTEGER_set(p7i->version,1))
                goto err;
@@ -391,65 +387,55 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
        p7i->pkey=pkey;
        /* Set the algorithms */
-        if (is_dsa) p7i->digest_alg->algorithm=OBJ_nid2obj(NID_sha1);
-        else    
-                p7i->digest_alg->algorithm=OBJ_nid2obj(EVP_MD_type(dgst));
-        if (p7i->digest_alg->parameter != NULL)
+        X509_ALGOR_set0(p7i->digest_alg, OBJ_nid2obj(EVP_MD_type(dgst)),
-                ASN1_TYPE_free(p7i->digest_alg->parameter);
+                                V_ASN1_NULL, NULL);
-        if ((p7i->digest_alg->parameter=ASN1_TYPE_new()) == NULL)
-                goto err;
-        p7i->digest_alg->parameter->type=V_ASN1_NULL;
-        if (p7i->digest_enc_alg->parameter != NULL)
+        if (pkey->ameth && pkey->ameth->pkey_ctrl)
-                ASN1_TYPE_free(p7i->digest_enc_alg->parameter);
-        nid = EVP_PKEY_type(pkey->type);
-        if (nid == EVP_PKEY_RSA)
                {
-                p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_rsaEncryption);
+                ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_SIGN,
-                if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new()))
+                                                0, p7i);
-                        goto err;
+                if (ret > 0)
-                p7i->digest_enc_alg->parameter->type=V_ASN1_NULL;
+                        return 1;
-                }
+                if (ret != -2)
-        else if (nid == EVP_PKEY_DSA)
+                        {
-                {
+                        PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET,
-#if 1
+                                        PKCS7_R_SIGNING_CTRL_FAILURE);
-                /* use 'dsaEncryption' OID for compatibility with other software
+                        return 0;
-                 * (PKCS #7 v1.5 does specify how to handle DSA) ... */
+                        }
-                p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_dsa);
-#else
-                /* ... although the 'dsaWithSHA1' OID (as required by RFC 2630 for CMS)
-                 * would make more sense. */
-                p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_dsaWithSHA1);
-#endif
-                p7i->digest_enc_alg->parameter = NULL; /* special case for DSA: omit 'parameter'! */
-                }
-        else if (nid == EVP_PKEY_EC)
-                {
-                p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_ecdsa_with_SHA1);
-                if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new()))
-                        goto err;
-                p7i->digest_enc_alg->parameter->type=V_ASN1_NULL;
                }
-        else
+        PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET,
-                return(0);
+                        PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
-        return(1);
 err:
-        return(0);
+        return 0;
        }
 PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey,
             const EVP_MD *dgst)
        {
-        PKCS7_SIGNER_INFO *si;
+        PKCS7_SIGNER_INFO *si = NULL;
+        if (dgst == NULL)
+                {
+                int def_nid;
+                if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) <= 0)
+                        goto err;
+                dgst = EVP_get_digestbynid(def_nid);
+                if (dgst == NULL)
+                        {
+                        PKCS7err(PKCS7_F_PKCS7_ADD_SIGNATURE,
+                                                PKCS7_R_NO_DEFAULT_DIGEST);
+                        goto err;
+                        }
+                }
        if ((si=PKCS7_SIGNER_INFO_new()) == NULL) goto err;
        if (!PKCS7_SIGNER_INFO_set(si,x509,pkey,dgst)) goto err;
        if (!PKCS7_add_signer(p7,si)) goto err;
        return(si);
 err:
-        PKCS7_SIGNER_INFO_free(si);
+        if (si)
+                PKCS7_SIGNER_INFO_free(si);
        return(NULL);
        }
@@ -485,6 +471,23 @@ STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7)
                return(NULL);
        }
+void PKCS7_SIGNER_INFO_get0_algs(PKCS7_SIGNER_INFO *si, EVP_PKEY **pk,
+                                        X509_ALGOR **pdig, X509_ALGOR **psig)
+        {
+        if (pk)
+                *pk = si->pkey;
+        if (pdig)
+                *pdig = si->digest_alg;
+        if (psig)
+                *psig = si->digest_enc_alg;
+        }
+void PKCS7_RECIP_INFO_get0_alg(PKCS7_RECIP_INFO *ri, X509_ALGOR **penc)
+        {
+        if (penc)
+                *penc = ri->key_enc_algor;
+        }
 PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509)
        {
        PKCS7_RECIP_INFO *ri;
@@ -492,10 +495,11 @@ PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509)
        if ((ri=PKCS7_RECIP_INFO_new()) == NULL) goto err;
        if (!PKCS7_RECIP_INFO_set(ri,x509)) goto err;
        if (!PKCS7_add_recipient_info(p7,ri)) goto err;
-        return(ri);
+        return ri;
 err:
-        PKCS7_RECIP_INFO_free(ri);
+        if (ri)
-        return(NULL);
+                PKCS7_RECIP_INFO_free(ri);
+        return NULL;
        }
 int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri)
@@ -524,6 +528,8 @@ int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri)
 int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509)
        {
+        int ret;
+        EVP_PKEY *pkey = NULL;
        if (!ASN1_INTEGER_set(p7i->version,0))
                return 0;
        if (!X509_NAME_set(&p7i->issuer_and_serial->issuer,
@@ -535,14 +541,41 @@ int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509)
                M_ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
                return 0;
-        X509_ALGOR_free(p7i->key_enc_algor);
+        pkey = X509_get_pubkey(x509);
-        if (!(p7i->key_enc_algor= X509_ALGOR_dup(x509->cert_info->key->algor)))
-                return 0;
+        if (!pkey || !pkey->ameth || !pkey->ameth->pkey_ctrl)
+                {
+                PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,
+                        PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
+                goto err;
+                }
+        ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_ENCRYPT,
+                                                0, p7i);
+        if (ret == -2)
+                {
+                PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,
+                        PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
+                goto err;
+                }
+        if (ret <= 0)
+                {
+                PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,
+                                PKCS7_R_ENCRYPTION_CTRL_FAILURE);
+                goto err;
+                }
+        EVP_PKEY_free(pkey);
        CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
        p7i->cert=x509;
-        return(1);
+        return 1;
+        err:
+        if (pkey)
+                EVP_PKEY_free(pkey);
+        return 0;
        }
 X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si)
@@ -587,3 +620,48 @@ int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher)
        return 1;
        }
+int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7)
+        {
+        ASN1_OCTET_STRING *os = NULL;
+        switch (OBJ_obj2nid(p7->type))
+                {
+                case NID_pkcs7_data:
+                os = p7->d.data;
+                break;
+                case NID_pkcs7_signedAndEnveloped:
+                os = p7->d.signed_and_enveloped->enc_data->enc_data;
+                if (os == NULL)
+                        {
+                        os=M_ASN1_OCTET_STRING_new();
+                        p7->d.signed_and_enveloped->enc_data->enc_data=os;
+                        }
+                break;
+                case NID_pkcs7_enveloped:
+                os = p7->d.enveloped->enc_data->enc_data;
+                if (os == NULL)
+                        {
+                        os=M_ASN1_OCTET_STRING_new();
+                        p7->d.enveloped->enc_data->enc_data=os;
+                        }
+                break;
+                case NID_pkcs7_signed:
+                os=p7->d.sign->contents->d.data;
+                break;
+                default:
+                os = NULL;
+                break;
+                }
+        
+        if (os == NULL)
+                return 0;
+        os->flags |= ASN1_STRING_FLAG_NDEF;
+        *boundary = &os->data;
+        return 1;
+        }
diff --git a/src/lib/libcrypto/pkcs7/pk7_mime.c b/src/lib/libcrypto/pkcs7/pk7_mime.c
index bf190360d7..938f79a646 100644
--- a/src/lib/libcrypto/pkcs7/pk7_mime.c
+++ b/src/lib/libcrypto/pkcs7/pk7_mime.c
@@ -50,10 +50,6 @@
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
 */
 #include <stdio.h>
@@ -61,662 +57,41 @@
 #include "cryptlib.h"
 #include <openssl/rand.h>
 #include <openssl/x509.h>
+#include <openssl/asn1.h>
-/* MIME and related routines */
+/* PKCS#7 wrappers round generalised stream and MIME routines */
-/* MIME format structures
- * Note that all are translated to lower case apart from
- * parameter values. Quotes are stripped off
- */
-typedef struct {
-char *param_name;                       /* Param name e.g. "micalg" */
-char *param_value;                      /* Param value e.g. "sha1" */
-} MIME_PARAM;
-DECLARE_STACK_OF(MIME_PARAM)
-IMPLEMENT_STACK_OF(MIME_PARAM)
-typedef struct {
-char *name;                             /* Name of line e.g. "content-type" */
-char *value;                            /* Value of line e.g. "text/plain" */
-STACK_OF(MIME_PARAM) *params;           /* Zero or more parameters */
-} MIME_HEADER;
-DECLARE_STACK_OF(MIME_HEADER)
+int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *in, int flags)
-IMPLEMENT_STACK_OF(MIME_HEADER)
+        {
+        return i2d_ASN1_bio_stream(out, (ASN1_VALUE *)p7, in, flags,
-static int pkcs7_output_data(BIO *bio, BIO *data, PKCS7 *p7, int flags);
+                                        ASN1_ITEM_rptr(PKCS7));
-static int B64_write_PKCS7(BIO *bio, PKCS7 *p7);
-static PKCS7 *B64_read_PKCS7(BIO *bio);
-static char * strip_ends(char *name);
-static char * strip_start(char *name);
-static char * strip_end(char *name);
-static MIME_HEADER *mime_hdr_new(char *name, char *value);
-static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value);
-static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio);
-static int mime_hdr_cmp(const MIME_HEADER * const *a,
-                        const MIME_HEADER * const *b);
-static int mime_param_cmp(const MIME_PARAM * const *a,
-                        const MIME_PARAM * const *b);
-static void mime_param_free(MIME_PARAM *param);
-static int mime_bound_check(char *line, int linelen, char *bound, int blen);
-static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret);
-static int strip_eol(char *linebuf, int *plen);
-static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name);
-static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name);
-static void mime_hdr_free(MIME_HEADER *hdr);
-#define MAX_SMLEN 1024
-#define mime_debug(x) /* x */
-/* Base 64 read and write of PKCS#7 structure */
-static int B64_write_PKCS7(BIO *bio, PKCS7 *p7)
-{
-        BIO *b64;
-        if(!(b64 = BIO_new(BIO_f_base64()))) {
-                PKCS7err(PKCS7_F_B64_WRITE_PKCS7,ERR_R_MALLOC_FAILURE);
-                return 0;
        }
-        bio = BIO_push(b64, bio);
-        i2d_PKCS7_bio(bio, p7);
-        (void)BIO_flush(bio);
-        bio = BIO_pop(bio);
-        BIO_free(b64);
-        return 1;
-}
-static PKCS7 *B64_read_PKCS7(BIO *bio)
+int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *in, int flags)
-{
+        {
-        BIO *b64;
+        return PEM_write_bio_ASN1_stream(out, (ASN1_VALUE *) p7, in, flags,
-        PKCS7 *p7;
+                                                "PKCS7",
-        if(!(b64 = BIO_new(BIO_f_base64()))) {
+                                                ASN1_ITEM_rptr(PKCS7));
-                PKCS7err(PKCS7_F_B64_READ_PKCS7,ERR_R_MALLOC_FAILURE);
-                return 0;
        }
-        bio = BIO_push(b64, bio);
-        if(!(p7 = d2i_PKCS7_bio(bio, NULL))) 
-                PKCS7err(PKCS7_F_B64_READ_PKCS7,PKCS7_R_DECODE_ERROR);
-        (void)BIO_flush(bio);
-        bio = BIO_pop(bio);
-        BIO_free(b64);
-        return p7;
-}
-/* SMIME sender */
 int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
-{
-        char bound[33], c;
-        int i;
-        char *mime_prefix, *mime_eol, *msg_type=NULL;
-        if (flags & PKCS7_NOOLDMIMETYPE)
-                mime_prefix = "application/pkcs7-";
-        else
-                mime_prefix = "application/x-pkcs7-";
-        if (flags & PKCS7_CRLFEOL)
-                mime_eol = "\r\n";
-        else
-                mime_eol = "\n";
-        if((flags & PKCS7_DETACHED) && data) {
-        /* We want multipart/signed */
-                /* Generate a random boundary */
-                RAND_pseudo_bytes((unsigned char *)bound, 32);
-                for(i = 0; i < 32; i++) {
-                        c = bound[i] & 0xf;
-                        if(c < 10) c += '0';
-                        else c += 'A' - 10;
-                        bound[i] = c;
-                }
-                bound[32] = 0;
-                BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
-                BIO_printf(bio, "Content-Type: multipart/signed;");
-                BIO_printf(bio, " protocol=\"%ssignature\";", mime_prefix);
-                BIO_printf(bio, " micalg=sha1; boundary=\"----%s\"%s%s",
-                                                bound, mime_eol, mime_eol);
-                BIO_printf(bio, "This is an S/MIME signed message%s%s",
-                                                mime_eol, mime_eol);
-                /* Now write out the first part */
-                BIO_printf(bio, "------%s%s", bound, mime_eol);
-                pkcs7_output_data(bio, data, p7, flags);
-                BIO_printf(bio, "%s------%s%s", mime_eol, bound, mime_eol);
-                /* Headers for signature */
-                BIO_printf(bio, "Content-Type: %ssignature;", mime_prefix); 
-                BIO_printf(bio, " name=\"smime.p7s\"%s", mime_eol);
-                BIO_printf(bio, "Content-Transfer-Encoding: base64%s",
-                                                                mime_eol);
-                BIO_printf(bio, "Content-Disposition: attachment;");
-                BIO_printf(bio, " filename=\"smime.p7s\"%s%s",
-                                                        mime_eol, mime_eol);
-                B64_write_PKCS7(bio, p7);
-                BIO_printf(bio,"%s------%s--%s%s", mime_eol, bound,
-                                                        mime_eol, mime_eol);
-                return 1;
-        }
-        /* Determine smime-type header */
-        if (PKCS7_type_is_enveloped(p7))
-                msg_type = "enveloped-data";
-        else if (PKCS7_type_is_signed(p7))
-                {
-                /* If we have any signers it is signed-data othewise 
-                 * certs-only.
-                 */
-                STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
-                sinfos = PKCS7_get_signer_info(p7);
-                if (sk_PKCS7_SIGNER_INFO_num(sinfos) > 0)
-                        msg_type = "signed-data";
-                else
-                        msg_type = "certs-only";
-                }
-        /* MIME headers */
-        BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
-        BIO_printf(bio, "Content-Disposition: attachment;");
-        BIO_printf(bio, " filename=\"smime.p7m\"%s", mime_eol);
-        BIO_printf(bio, "Content-Type: %smime;", mime_prefix);
-        if (msg_type)
-                BIO_printf(bio, " smime-type=%s;", msg_type);
-        BIO_printf(bio, " name=\"smime.p7m\"%s", mime_eol);
-        BIO_printf(bio, "Content-Transfer-Encoding: base64%s%s",
-                                                mime_eol, mime_eol);
-        B64_write_PKCS7(bio, p7);
-        BIO_printf(bio, "%s", mime_eol);
-        return 1;
-}
-/* Handle output of PKCS#7 data */
-static int pkcs7_output_data(BIO *out, BIO *data, PKCS7 *p7, int flags)
        {
-        BIO *tmpbio, *p7bio;
+        STACK_OF(X509_ALGOR) *mdalgs;
+        int ctype_nid = OBJ_obj2nid(p7->type);
-        if (!(flags & PKCS7_STREAM))
+        if (ctype_nid == NID_pkcs7_signed)
-                {
+                mdalgs = p7->d.sign->md_algs;
-                SMIME_crlf_copy(data, out, flags);
+        else
-                return 1;
+                mdalgs = NULL;
-                }
-        /* Partial sign operation */
-        /* Initialize sign operation */
-        p7bio = PKCS7_dataInit(p7, out);
-        /* Copy data across, computing digests etc */
-        SMIME_crlf_copy(data, p7bio, flags);
-        /* Must be detached */
-        PKCS7_set_detached(p7, 1);
-        /* Finalize signatures */
-        PKCS7_dataFinal(p7, p7bio);
-        /* Now remove any digests prepended to the BIO */
-        while (p7bio != out)
+        flags ^= SMIME_OLDMIME;
-                {
-                tmpbio = BIO_pop(p7bio);
-                BIO_free(p7bio);
-                p7bio = tmpbio;
-                }
-        return 1;
+        return SMIME_write_ASN1(bio, (ASN1_VALUE *)p7, data, flags,
+                                        ctype_nid, NID_undef, mdalgs,
+                                        ASN1_ITEM_rptr(PKCS7)); 
        }
-/* SMIME reader: handle multipart/signed and opaque signing.
- * in multipart case the content is placed in a memory BIO
- * pointed to by "bcont". In opaque this is set to NULL
- */
 PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont)
-{
-        BIO *p7in;
-        STACK_OF(MIME_HEADER) *headers = NULL;
-        STACK_OF(BIO) *parts = NULL;
-        MIME_HEADER *hdr;
-        MIME_PARAM *prm;
-        PKCS7 *p7;
-        int ret;
-        if(bcont) *bcont = NULL;
-        if (!(headers = mime_parse_hdr(bio))) {
-                PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_MIME_PARSE_ERROR);
-                return NULL;
-        }
-        if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
-                sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-                PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_CONTENT_TYPE);
-                return NULL;
-        }
-        /* Handle multipart/signed */
-        if(!strcmp(hdr->value, "multipart/signed")) {
-                /* Split into two parts */
-                prm = mime_param_find(hdr, "boundary");
-                if(!prm || !prm->param_value) {
-                        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-                        PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_MULTIPART_BOUNDARY);
-                        return NULL;
-                }
-                ret = multi_split(bio, prm->param_value, &parts);
-                sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-                if(!ret || (sk_BIO_num(parts) != 2) ) {
-                        PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_MULTIPART_BODY_FAILURE);
-                        sk_BIO_pop_free(parts, BIO_vfree);
-                        return NULL;
-                }
-                /* Parse the signature piece */
-                p7in = sk_BIO_value(parts, 1);
-                if (!(headers = mime_parse_hdr(p7in))) {
-                        PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_MIME_SIG_PARSE_ERROR);
-                        sk_BIO_pop_free(parts, BIO_vfree);
-                        return NULL;
-                }
-                /* Get content type */
-                if(!(hdr = mime_hdr_find(headers, "content-type")) ||
-                                                                 !hdr->value) {
-                        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-                        PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_SIG_CONTENT_TYPE);
-                        return NULL;
-                }
-                if(strcmp(hdr->value, "application/x-pkcs7-signature") &&
-                        strcmp(hdr->value, "application/pkcs7-signature")) {
-                        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-                        PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_SIG_INVALID_MIME_TYPE);
-                        ERR_add_error_data(2, "type: ", hdr->value);
-                        sk_BIO_pop_free(parts, BIO_vfree);
-                        return NULL;
-                }
-                sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-                /* Read in PKCS#7 */
-                if(!(p7 = B64_read_PKCS7(p7in))) {
-                        PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_PKCS7_SIG_PARSE_ERROR);
-                        sk_BIO_pop_free(parts, BIO_vfree);
-                        return NULL;
-                }
-                if(bcont) {
-                        *bcont = sk_BIO_value(parts, 0);
-                        BIO_free(p7in);
-                        sk_BIO_free(parts);
-                } else sk_BIO_pop_free(parts, BIO_vfree);
-                return p7;
-        }
-                
-        /* OK, if not multipart/signed try opaque signature */
-        if (strcmp (hdr->value, "application/x-pkcs7-mime") &&
-            strcmp (hdr->value, "application/pkcs7-mime")) {
-                PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_INVALID_MIME_TYPE);
-                ERR_add_error_data(2, "type: ", hdr->value);
-                sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-                return NULL;
-        }
-        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-        
-        if(!(p7 = B64_read_PKCS7(bio))) {
-                PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_PKCS7_PARSE_ERROR);
-                return NULL;
-        }
-        return p7;
-}
-/* Split a multipart/XXX message body into component parts: result is
- * canonical parts in a STACK of bios
- */
-static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret)
-{
-        char linebuf[MAX_SMLEN];
-        int len, blen;
-        int eol = 0, next_eol = 0;
-        BIO *bpart = NULL;
-        STACK_OF(BIO) *parts;
-        char state, part, first;
-        blen = strlen(bound);
-        part = 0;
-        state = 0;
-        first = 1;
-        parts = sk_BIO_new_null();
-        *ret = parts;
-        while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
-                state = mime_bound_check(linebuf, len, bound, blen);
-                if(state == 1) {
-                        first = 1;
-                        part++;
-                } else if(state == 2) {
-                        sk_BIO_push(parts, bpart);
-                        return 1;
-                } else if(part) {
-                        /* Strip CR+LF from linebuf */
-                        next_eol = strip_eol(linebuf, &len);
-                        if(first) {
-                                first = 0;
-                                if(bpart) sk_BIO_push(parts, bpart);
-                                bpart = BIO_new(BIO_s_mem());
-                                BIO_set_mem_eof_return(bpart, 0);
-                        } else if (eol)
-                                BIO_write(bpart, "\r\n", 2);
-                        eol = next_eol;
-                        if (len)
-                                BIO_write(bpart, linebuf, len);
-                }
-        }
-        return 0;
-}
-/* This is the big one: parse MIME header lines up to message body */
-#define MIME_INVALID    0
-#define MIME_START      1
-#define MIME_TYPE       2
-#define MIME_NAME       3
-#define MIME_VALUE      4
-#define MIME_QUOTE      5
-#define MIME_COMMENT    6
-static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio)
-{
-        char *p, *q, c;
-        char *ntmp;
-        char linebuf[MAX_SMLEN];
-        MIME_HEADER *mhdr = NULL;
-        STACK_OF(MIME_HEADER) *headers;
-        int len, state, save_state = 0;
-        headers = sk_MIME_HEADER_new(mime_hdr_cmp);
-        while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
-        /* If whitespace at line start then continuation line */
-        if(mhdr && isspace((unsigned char)linebuf[0])) state = MIME_NAME;
-        else state = MIME_START;
-        ntmp = NULL;
-        /* Go through all characters */
-        for(p = linebuf, q = linebuf; (c = *p) && (c!='\r') && (c!='\n'); p++) {
-        /* State machine to handle MIME headers
-         * if this looks horrible that's because it *is*
-         */
-                switch(state) {
-                        case MIME_START:
-                        if(c == ':') {
-                                state = MIME_TYPE;
-                                *p = 0;
-                                ntmp = strip_ends(q);
-                                q = p + 1;
-                        }
-                        break;
-                        case MIME_TYPE:
-                        if(c == ';') {
-                                mime_debug("Found End Value\n");
-                                *p = 0;
-                                mhdr = mime_hdr_new(ntmp, strip_ends(q));
-                                sk_MIME_HEADER_push(headers, mhdr);
-                                ntmp = NULL;
-                                q = p + 1;
-                                state = MIME_NAME;
-                        } else if(c == '(') {
-                                save_state = state;
-                                state = MIME_COMMENT;
-                        }
-                        break;
-                        case MIME_COMMENT:
-                        if(c == ')') {
-                                state = save_state;
-                        }
-                        break;
-                        case MIME_NAME:
-                        if(c == '=') {
-                                state = MIME_VALUE;
-                                *p = 0;
-                                ntmp = strip_ends(q);
-                                q = p + 1;
-                        }
-                        break ;
-                        case MIME_VALUE:
-                        if(c == ';') {
-                                state = MIME_NAME;
-                                *p = 0;
-                                mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
-                                ntmp = NULL;
-                                q = p + 1;
-                        } else if (c == '"') {
-                                mime_debug("Found Quote\n");
-                                state = MIME_QUOTE;
-                        } else if(c == '(') {
-                                save_state = state;
-                                state = MIME_COMMENT;
-                        }
-                        break;
-                        case MIME_QUOTE:
-                        if(c == '"') {
-                                mime_debug("Found Match Quote\n");
-                                state = MIME_VALUE;
-                        }
-                        break;
-                }
-        }
-        if(state == MIME_TYPE) {
-                mhdr = mime_hdr_new(ntmp, strip_ends(q));
-                sk_MIME_HEADER_push(headers, mhdr);
-        } else if(state == MIME_VALUE)
-                         mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
-        if(p == linebuf) break; /* Blank line means end of headers */
-}
-return headers;
-}
-static char *strip_ends(char *name)
-{
-        return strip_end(strip_start(name));
-}
-/* Strip a parameter of whitespace from start of param */
-static char *strip_start(char *name)
-{
-        char *p, c;
-        /* Look for first non white space or quote */
-        for(p = name; (c = *p) ;p++) {
-                if(c == '"') {
-                        /* Next char is start of string if non null */
-                        if(p[1]) return p + 1;
-                        /* Else null string */
-                        return NULL;
-                }
-                if(!isspace((unsigned char)c)) return p;
-        }
-        return NULL;
-}
-/* As above but strip from end of string : maybe should handle brackets? */
-static char *strip_end(char *name)
-{
-        char *p, c;
-        if(!name) return NULL;
-        /* Look for first non white space or quote */
-        for(p = name + strlen(name) - 1; p >= name ;p--) {
-                c = *p;
-                if(c == '"') {
-                        if(p - 1 == name) return NULL;
-                        *p = 0;
-                        return name;
-                }
-                if(isspace((unsigned char)c)) *p = 0;   
-                else return name;
-        }
-        return NULL;
-}
-static MIME_HEADER *mime_hdr_new(char *name, char *value)
-{
-        MIME_HEADER *mhdr;
-        char *tmpname, *tmpval, *p;
-        int c;
-        if(name) {
-                if(!(tmpname = BUF_strdup(name))) return NULL;
-                for(p = tmpname ; *p; p++) {
-                        c = *p;
-                        if(isupper(c)) {
-                                c = tolower(c);
-                                *p = c;
-                        }
-                }
-        } else tmpname = NULL;
-        if(value) {
-                if(!(tmpval = BUF_strdup(value))) return NULL;
-                for(p = tmpval ; *p; p++) {
-                        c = *p;
-                        if(isupper(c)) {
-                                c = tolower(c);
-                                *p = c;
-                        }
-                }
-        } else tmpval = NULL;
-        mhdr = (MIME_HEADER *) OPENSSL_malloc(sizeof(MIME_HEADER));
-        if(!mhdr) return NULL;
-        mhdr->name = tmpname;
-        mhdr->value = tmpval;
-        if(!(mhdr->params = sk_MIME_PARAM_new(mime_param_cmp))) return NULL;
-        return mhdr;
-}
-                
-static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value)
-{
-        char *tmpname, *tmpval, *p;
-        int c;
-        MIME_PARAM *mparam;
-        if(name) {
-                tmpname = BUF_strdup(name);
-                if(!tmpname) return 0;
-                for(p = tmpname ; *p; p++) {
-                        c = *p;
-                        if(isupper(c)) {
-                                c = tolower(c);
-                                *p = c;
-                        }
-                }
-        } else tmpname = NULL;
-        if(value) {
-                tmpval = BUF_strdup(value);
-                if(!tmpval) return 0;
-        } else tmpval = NULL;
-        /* Parameter values are case sensitive so leave as is */
-        mparam = (MIME_PARAM *) OPENSSL_malloc(sizeof(MIME_PARAM));
-        if(!mparam) return 0;
-        mparam->param_name = tmpname;
-        mparam->param_value = tmpval;
-        sk_MIME_PARAM_push(mhdr->params, mparam);
-        return 1;
-}
-static int mime_hdr_cmp(const MIME_HEADER * const *a,
-                        const MIME_HEADER * const *b)
-{
-        return(strcmp((*a)->name, (*b)->name));
-}
-static int mime_param_cmp(const MIME_PARAM * const *a,
-                        const MIME_PARAM * const *b)
-{
-        return(strcmp((*a)->param_name, (*b)->param_name));
-}
-/* Find a header with a given name (if possible) */
-static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name)
-{
-        MIME_HEADER htmp;
-        int idx;
-        htmp.name = name;
-        idx = sk_MIME_HEADER_find(hdrs, &htmp);
-        if(idx < 0) return NULL;
-        return sk_MIME_HEADER_value(hdrs, idx);
-}
-static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name)
-{
-        MIME_PARAM param;
-        int idx;
-        param.param_name = name;
-        idx = sk_MIME_PARAM_find(hdr->params, &param);
-        if(idx < 0) return NULL;
-        return sk_MIME_PARAM_value(hdr->params, idx);
-}
-static void mime_hdr_free(MIME_HEADER *hdr)
-{
-        if(hdr->name) OPENSSL_free(hdr->name);
-        if(hdr->value) OPENSSL_free(hdr->value);
-        if(hdr->params) sk_MIME_PARAM_pop_free(hdr->params, mime_param_free);
-        OPENSSL_free(hdr);
-}
-static void mime_param_free(MIME_PARAM *param)
-{
-        if(param->param_name) OPENSSL_free(param->param_name);
-        if(param->param_value) OPENSSL_free(param->param_value);
-        OPENSSL_free(param);
-}
-/* Check for a multipart boundary. Returns:
- * 0 : no boundary
- * 1 : part boundary
- * 2 : final boundary
- */
-static int mime_bound_check(char *line, int linelen, char *bound, int blen)
-{
-        if(linelen == -1) linelen = strlen(line);
-        if(blen == -1) blen = strlen(bound);
-        /* Quickly eliminate if line length too short */
-        if(blen + 2 > linelen) return 0;
-        /* Check for part boundary */
-        if(!strncmp(line, "--", 2) && !strncmp(line + 2, bound, blen)) {
-                if(!strncmp(line + blen + 2, "--", 2)) return 2;
-                else return 1;
-        }
-        return 0;
-}
-static int strip_eol(char *linebuf, int *plen)
        {
-        int len = *plen;
+        return (PKCS7 *)SMIME_read_ASN1(bio, bcont, ASN1_ITEM_rptr(PKCS7));
-        char *p, c;
-        int is_eol = 0;
-        p = linebuf + len - 1;
-        for (p = linebuf + len - 1; len > 0; len--, p--)
-                {
-                c = *p;
-                if (c == '\n')
-                        is_eol = 1;
-                else if (c != '\r')
-                        break;
-                }
-        *plen = len;
-        return is_eol;
        }
diff --git a/src/lib/libcrypto/pkcs7/pk7_smime.c b/src/lib/libcrypto/pkcs7/pk7_smime.c
index fd18ec3d95..86742d0dcd 100644
--- a/src/lib/libcrypto/pkcs7/pk7_smime.c
+++ b/src/lib/libcrypto/pkcs7/pk7_smime.c
@@ -63,24 +63,19 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
+static int pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si);
 PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
                  BIO *data, int flags)
 {
-        PKCS7 *p7 = NULL;
+        PKCS7 *p7;
-        PKCS7_SIGNER_INFO *si;
-        BIO *p7bio = NULL;
-        STACK_OF(X509_ALGOR) *smcap = NULL;
        int i;
-        if(!X509_check_private_key(signcert, pkey)) {
+        if(!(p7 = PKCS7_new()))
-                PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+                {
-                return NULL;
-        }
-        if(!(p7 = PKCS7_new())) {
                PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
                return NULL;
-        }
+                }
        if (!PKCS7_set_type(p7, NID_pkcs7_signed))
                goto err;
@@ -88,82 +83,185 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
        if (!PKCS7_content_new(p7, NID_pkcs7_data))
                goto err;
-        if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha1()))) {
+        if (pkey && !PKCS7_sign_add_signer(p7, signcert, pkey, NULL, flags))
-                PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
+                {
+                PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNER_ERROR);
                goto err;
-        }
+                }
-        if(!(flags & PKCS7_NOCERTS)) {
+        if(!(flags & PKCS7_NOCERTS))
-                if (!PKCS7_add_certificate(p7, signcert))
+                {
-                        goto err;
+                for(i = 0; i < sk_X509_num(certs); i++)
-                if(certs) for(i = 0; i < sk_X509_num(certs); i++)
+                        {
                        if (!PKCS7_add_certificate(p7, sk_X509_value(certs, i)))
                                goto err;
-        }
+                        }
+                }
-        if(!(flags & PKCS7_NOATTR)) {
+        if(flags & PKCS7_DETACHED)
-                if (!PKCS7_add_signed_attribute(si, NID_pkcs9_contentType,
+                PKCS7_set_detached(p7, 1);
-                                V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data)))
-                        goto err;
+        if (flags & (PKCS7_STREAM|PKCS7_PARTIAL))
-                /* Add SMIMECapabilities */
+                return p7;
-                if(!(flags & PKCS7_NOSMIMECAP))
+        if (PKCS7_final(p7, data, flags))
+                return p7;
+        err:
+        PKCS7_free(p7);
+        return NULL;
+}
+int PKCS7_final(PKCS7 *p7, BIO *data, int flags)
+        {
+        BIO *p7bio;
+        int ret = 0;
+        if (!(p7bio = PKCS7_dataInit(p7, NULL)))
                {
-                if(!(smcap = sk_X509_ALGOR_new_null())) {
+                PKCS7err(PKCS7_F_PKCS7_FINAL,ERR_R_MALLOC_FAILURE);
-                        PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
+                return 0;
-                        goto err;
-                }
-#ifndef OPENSSL_NO_DES
-                if (!PKCS7_simple_smimecap (smcap, NID_des_ede3_cbc, -1))
-                        goto err;
-#endif
-#ifndef OPENSSL_NO_RC2
-                if (!PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 128))
-                        goto err;
-                if (!PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 64))
-                        goto err;
-#endif
-#ifndef OPENSSL_NO_DES
-                if (!PKCS7_simple_smimecap (smcap, NID_des_cbc, -1))
-                        goto err;
-#endif
-#ifndef OPENSSL_NO_RC2
-                if (!PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 40))
-                        goto err;
-#endif
-                if (!PKCS7_add_attrib_smimecap (si, smcap))
-                        goto err;
-                sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
-                smcap = NULL;
                }
-        }
-        if(flags & PKCS7_DETACHED)PKCS7_set_detached(p7, 1);
+        SMIME_crlf_copy(data, p7bio, flags);
-        if (flags & PKCS7_STREAM)
+        (void)BIO_flush(p7bio);
-                return p7;
-        if (!(p7bio = PKCS7_dataInit(p7, NULL))) {
+        if (!PKCS7_dataFinal(p7,p7bio))
-                PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
+                {
+                PKCS7err(PKCS7_F_PKCS7_FINAL,PKCS7_R_PKCS7_DATASIGN);
                goto err;
+                }
+        ret = 1;
+        err:
+        BIO_free_all(p7bio);
+        return ret;
        }
-        SMIME_crlf_copy(data, p7bio, flags);
+/* Check to see if a cipher exists and if so add S/MIME capabilities */
+static int add_cipher_smcap(STACK_OF(X509_ALGOR) *sk, int nid, int arg)
+        {
+        if (EVP_get_cipherbynid(nid))
+                return PKCS7_simple_smimecap(sk, nid, arg);
+        return 1;
+        }
-        if (!PKCS7_dataFinal(p7,p7bio)) {
+static int add_digest_smcap(STACK_OF(X509_ALGOR) *sk, int nid, int arg)
-                PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_DATASIGN);
+        {
-                goto err;
+        if (EVP_get_digestbynid(nid))
+                return PKCS7_simple_smimecap(sk, nid, arg);
+        return 1;
        }
-        BIO_free_all(p7bio);
+PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert,
-        return p7;
+                                        EVP_PKEY *pkey, const EVP_MD *md,
-err:
+                                        int flags)
-        sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
+        {
-        BIO_free_all(p7bio);
+        PKCS7_SIGNER_INFO *si = NULL;
-        PKCS7_free(p7);
+        STACK_OF(X509_ALGOR) *smcap = NULL;
+        if(!X509_check_private_key(signcert, pkey))
+                {
+                PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER,
+                        PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+                return NULL;
+                }
+        if (!(si = PKCS7_add_signature(p7,signcert,pkey, md)))
+                {
+                PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER,
+                                PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
+                return NULL;
+                }
+        if(!(flags & PKCS7_NOCERTS))
+                {
+                if (!PKCS7_add_certificate(p7, signcert))
+                        goto err;
+                }
+        if(!(flags & PKCS7_NOATTR))
+                {
+                if (!PKCS7_add_attrib_content_type(si, NULL))
+                        goto err;
+                /* Add SMIMECapabilities */
+                if(!(flags & PKCS7_NOSMIMECAP))
+                        {
+                        if(!(smcap = sk_X509_ALGOR_new_null()))
+                                {
+                                PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER,
+                                        ERR_R_MALLOC_FAILURE);
+                                goto err;
+                                }
+                        if (!add_cipher_smcap(smcap, NID_aes_256_cbc, -1)
+                        || !add_digest_smcap(smcap, NID_id_GostR3411_94, -1)
+                        || !add_cipher_smcap(smcap, NID_id_Gost28147_89, -1)
+                                || !add_cipher_smcap(smcap, NID_aes_192_cbc, -1)
+                                || !add_cipher_smcap(smcap, NID_aes_128_cbc, -1)
+                        || !add_cipher_smcap(smcap, NID_des_ede3_cbc, -1)
+                                || !add_cipher_smcap(smcap, NID_rc2_cbc, 128)
+                                || !add_cipher_smcap(smcap, NID_rc2_cbc, 64)
+                                || !add_cipher_smcap(smcap, NID_des_cbc, -1)
+                                || !add_cipher_smcap(smcap, NID_rc2_cbc, 40)
+                                || !PKCS7_add_attrib_smimecap (si, smcap))
+                                goto err;
+                        sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
+                        smcap = NULL;
+                        }
+                if (flags & PKCS7_REUSE_DIGEST)
+                        {
+                        if (!pkcs7_copy_existing_digest(p7, si))
+                                goto err;
+                        if (!(flags & PKCS7_PARTIAL) &&
+                                        !PKCS7_SIGNER_INFO_sign(si))
+                                goto err;
+                        }
+                }
+        return si;
+        err:
+        if (smcap)
+                sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
        return NULL;
-}
+        }
+/* Search for a digest matching SignerInfo digest type and if found
+ * copy across.
+ */
+static int pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si)
+        {
+        int i;
+        STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
+        PKCS7_SIGNER_INFO *sitmp;
+        ASN1_OCTET_STRING *osdig = NULL;
+        sinfos = PKCS7_get_signer_info(p7);
+        for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++)
+                {
+                sitmp = sk_PKCS7_SIGNER_INFO_value(sinfos, i);
+                if (si == sitmp)
+                        break;
+                if (sk_X509_ATTRIBUTE_num(sitmp->auth_attr) <= 0)
+                        continue;
+                if (!OBJ_cmp(si->digest_alg->algorithm,
+                                sitmp->digest_alg->algorithm))
+                        {
+                        osdig = PKCS7_digest_from_attributes(sitmp->auth_attr);
+                        break;
+                        }
+                }
+        if (osdig)
+                return PKCS7_add1_attrib_digest(si, osdig->data, osdig->length);
+        PKCS7err(PKCS7_F_PKCS7_COPY_EXISTING_DIGEST,
+                        PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND);
+        return 0;
+        }
 int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
                                        BIO *indata, BIO *out, int flags)
@@ -354,7 +452,7 @@ STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags)
        if(sk_PKCS7_SIGNER_INFO_num(sinfos) <= 0) {
                PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_NO_SIGNERS);
-                return NULL;
+                return 0;
        }
        if(!(signers = sk_X509_new_null())) {
@@ -377,12 +475,12 @@ STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags)
            if (!signer) {
                        PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND);
                        sk_X509_free(signers);
-                        return NULL;
+                        return 0;
            }
            if (!sk_X509_push(signers, signer)) {
-                        sk_X509_free(signers);
+                sk_X509_free(signers);
-                        return NULL;
+                return NULL;
            }
        }
        return signers;
@@ -405,7 +503,7 @@ PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
        if (!PKCS7_set_type(p7, NID_pkcs7_enveloped))
                goto err;
-        if(!PKCS7_set_cipher(p7, cipher)) {
+        if (!PKCS7_set_cipher(p7, cipher)) {
                PKCS7err(PKCS7_F_PKCS7_ENCRYPT,PKCS7_R_ERROR_SETTING_CIPHER);
                goto err;
        }
@@ -419,22 +517,11 @@ PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
                }
        }
-        if(!(p7bio = PKCS7_dataInit(p7, NULL))) {
+        if (flags & PKCS7_STREAM)
-                PKCS7err(PKCS7_F_PKCS7_ENCRYPT,ERR_R_MALLOC_FAILURE);
+                return p7;
-                goto err;
-        }
-        SMIME_crlf_copy(in, p7bio, flags);
-        (void)BIO_flush(p7bio);
-        if (!PKCS7_dataFinal(p7,p7bio)) {
-                PKCS7err(PKCS7_F_PKCS7_ENCRYPT,PKCS7_R_PKCS7_DATAFINAL_ERROR);
-                goto err;
-        }
-        BIO_free_all(p7bio);
-        return p7;
+        if (PKCS7_final(p7, in, flags))
+                return p7;
        err:
diff --git a/src/lib/libcrypto/pkcs7/pkcs7.h b/src/lib/libcrypto/pkcs7/pkcs7.h
index cc092d262d..e4d443193c 100644
--- a/src/lib/libcrypto/pkcs7/pkcs7.h
+++ b/src/lib/libcrypto/pkcs7/pkcs7.h
@@ -232,6 +232,9 @@ DECLARE_PKCS12_STACK_OF(PKCS7)
 #define PKCS7_type_is_signedAndEnveloped(a) \
                (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped)
 #define PKCS7_type_is_data(a)   (OBJ_obj2nid((a)->type) == NID_pkcs7_data)
+#define PKCS7_type_is_digest(a)   (OBJ_obj2nid((a)->type) == NID_pkcs7_digest)
+#define PKCS7_type_is_encrypted(a) \
+                (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted)
 #define PKCS7_type_is_digest(a)   (OBJ_obj2nid((a)->type) == NID_pkcs7_digest)
@@ -242,14 +245,6 @@ DECLARE_PKCS12_STACK_OF(PKCS7)
 #define PKCS7_is_detached(p7) (PKCS7_type_is_signed(p7) && PKCS7_get_detached(p7))
-#ifdef SSLEAY_MACROS
-#ifndef PKCS7_ISSUER_AND_SERIAL_digest
-#define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \
-        ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\
-                        (char *)data,md,len)
-#endif
-#endif
 /* S/MIME related flags */
 #define PKCS7_TEXT              0x1
@@ -266,6 +261,8 @@ DECLARE_PKCS12_STACK_OF(PKCS7)
 #define PKCS7_CRLFEOL           0x800
 #define PKCS7_STREAM            0x1000
 #define PKCS7_NOCRL             0x2000
+#define PKCS7_PARTIAL           0x4000
+#define PKCS7_REUSE_DIGEST      0x8000
 /* Flags: for compatibility with older code */
@@ -281,7 +278,6 @@ DECLARE_PKCS12_STACK_OF(PKCS7)
 DECLARE_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL)
-#ifndef SSLEAY_MACROS
 int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,const EVP_MD *type,
        unsigned char *md,unsigned int *len);
 #ifndef OPENSSL_NO_FP_API
@@ -291,7 +287,8 @@ int i2d_PKCS7_fp(FILE *fp,PKCS7 *p7);
 PKCS7 *PKCS7_dup(PKCS7 *p7);
 PKCS7 *d2i_PKCS7_bio(BIO *bp,PKCS7 **p7);
 int i2d_PKCS7_bio(BIO *bp,PKCS7 *p7);
-#endif
+int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *in, int flags);
+int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *in, int flags);
 DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNER_INFO)
 DECLARE_ASN1_FUNCTIONS(PKCS7_RECIP_INFO)
@@ -307,6 +304,7 @@ DECLARE_ASN1_ITEM(PKCS7_ATTR_SIGN)
 DECLARE_ASN1_ITEM(PKCS7_ATTR_VERIFY)
 DECLARE_ASN1_NDEF_FUNCTION(PKCS7)
+DECLARE_ASN1_PRINT_FUNCTION(PKCS7)
 long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg);
@@ -315,6 +313,7 @@ int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other);
 int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data);
 int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
        const EVP_MD *dgst);
+int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si);
 int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);
 int PKCS7_add_certificate(PKCS7 *p7, X509 *x509);
 int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);
@@ -336,9 +335,13 @@ int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md);
 STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7);
 PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509);
+void PKCS7_SIGNER_INFO_get0_algs(PKCS7_SIGNER_INFO *si, EVP_PKEY **pk,
+                                        X509_ALGOR **pdig, X509_ALGOR **psig);
+void PKCS7_RECIP_INFO_get0_alg(PKCS7_RECIP_INFO *ri, X509_ALGOR **penc);
 int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri);
 int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509);
 int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher);
+int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7);
 PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx);
 ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk);
@@ -355,6 +358,12 @@ int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si,STACK_OF(X509_ATTRIBUTE) *sk);
 PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
                                                        BIO *data, int flags);
+PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7,
+                        X509 *signcert, EVP_PKEY *pkey, const EVP_MD *md,
+                        int flags);
+int PKCS7_final(PKCS7 *p7, BIO *data, int flags);
 int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
                                        BIO *indata, BIO *out, int flags);
 STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags);
@@ -367,10 +376,16 @@ int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si,
 STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si);
 int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg);
+int PKCS7_add_attrib_content_type(PKCS7_SIGNER_INFO *si, ASN1_OBJECT *coid);
+int PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t);
+int PKCS7_add1_attrib_digest(PKCS7_SIGNER_INFO *si,
+                                const unsigned char *md, int mdlen);
 int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags);
 PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont);
-int SMIME_crlf_copy(BIO *in, BIO *out, int flags);
-int SMIME_text(BIO *in, BIO *out);
+BIO *BIO_new_PKCS7(BIO *out, PKCS7 *p7);
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
@@ -383,12 +398,17 @@ void ERR_load_PKCS7_strings(void);
 /* Function codes. */
 #define PKCS7_F_B64_READ_PKCS7                           120
 #define PKCS7_F_B64_WRITE_PKCS7                          121
+#define PKCS7_F_DO_PKCS7_SIGNED_ATTRIB                   136
+#define PKCS7_F_I2D_PKCS7_BIO_STREAM                     140
+#define PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME           135
 #define PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP                118
 #define PKCS7_F_PKCS7_ADD_CERTIFICATE                    100
 #define PKCS7_F_PKCS7_ADD_CRL                            101
 #define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO                 102
+#define PKCS7_F_PKCS7_ADD_SIGNATURE                      131
 #define PKCS7_F_PKCS7_ADD_SIGNER                         103
 #define PKCS7_F_PKCS7_BIO_ADD_DIGEST                     125
+#define PKCS7_F_PKCS7_COPY_EXISTING_DIGEST               138
 #define PKCS7_F_PKCS7_CTRL                               104
 #define PKCS7_F_PKCS7_DATADECODE                         112
 #define PKCS7_F_PKCS7_DATAFINAL                          128
@@ -396,15 +416,22 @@ void ERR_load_PKCS7_strings(void);
 #define PKCS7_F_PKCS7_DATASIGN                           106
 #define PKCS7_F_PKCS7_DATAVERIFY                         107
 #define PKCS7_F_PKCS7_DECRYPT                            114
+#define PKCS7_F_PKCS7_DECRYPT_RINFO                      133
+#define PKCS7_F_PKCS7_ENCODE_RINFO                       132
 #define PKCS7_F_PKCS7_ENCRYPT                            115
+#define PKCS7_F_PKCS7_FINAL                              134
 #define PKCS7_F_PKCS7_FIND_DIGEST                        127
 #define PKCS7_F_PKCS7_GET0_SIGNERS                       124
+#define PKCS7_F_PKCS7_RECIP_INFO_SET                     130
 #define PKCS7_F_PKCS7_SET_CIPHER                         108
 #define PKCS7_F_PKCS7_SET_CONTENT                        109
 #define PKCS7_F_PKCS7_SET_DIGEST                         126
 #define PKCS7_F_PKCS7_SET_TYPE                           110
 #define PKCS7_F_PKCS7_SIGN                               116
 #define PKCS7_F_PKCS7_SIGNATUREVERIFY                    113
+#define PKCS7_F_PKCS7_SIGNER_INFO_SET                    129
+#define PKCS7_F_PKCS7_SIGNER_INFO_SIGN                   139
+#define PKCS7_F_PKCS7_SIGN_ADD_SIGNER                    137
 #define PKCS7_F_PKCS7_SIMPLE_SMIMECAP                    119
 #define PKCS7_F_PKCS7_VERIFY                             117
 #define PKCS7_F_SMIME_READ_PKCS7                         122
@@ -415,10 +442,13 @@ void ERR_load_PKCS7_strings(void);
 #define PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER          144
 #define PKCS7_R_CIPHER_NOT_INITIALIZED                   116
 #define PKCS7_R_CONTENT_AND_DATA_PRESENT                 118
+#define PKCS7_R_CTRL_ERROR                               152
 #define PKCS7_R_DECODE_ERROR                             130
 #define PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH            100
 #define PKCS7_R_DECRYPT_ERROR                            119
 #define PKCS7_R_DIGEST_FAILURE                           101
+#define PKCS7_R_ENCRYPTION_CTRL_FAILURE                  149
+#define PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 150
 #define PKCS7_R_ERROR_ADDING_RECIPIENT                   120
 #define PKCS7_R_ERROR_SETTING_CIPHER                     121
 #define PKCS7_R_INVALID_MIME_TYPE                        131
@@ -429,6 +459,8 @@ void ERR_load_PKCS7_strings(void);
 #define PKCS7_R_MISSING_CERIPEND_INFO                    103
 #define PKCS7_R_NO_CONTENT                               122
 #define PKCS7_R_NO_CONTENT_TYPE                          135
+#define PKCS7_R_NO_DEFAULT_DIGEST                        151
+#define PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND            154
 #define PKCS7_R_NO_MULTIPART_BODY_FAILURE                136
 #define PKCS7_R_NO_MULTIPART_BOUNDARY                    137
 #define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE         115
@@ -438,6 +470,7 @@ void ERR_load_PKCS7_strings(void);
 #define PKCS7_R_NO_SIG_CONTENT_TYPE                      138
 #define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE     104
 #define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR                124
+#define PKCS7_R_PKCS7_ADD_SIGNER_ERROR                   153
 #define PKCS7_R_PKCS7_DATAFINAL                          126
 #define PKCS7_R_PKCS7_DATAFINAL_ERROR                    125
 #define PKCS7_R_PKCS7_DATASIGN                           145
@@ -446,6 +479,8 @@ void ERR_load_PKCS7_strings(void);
 #define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE   127
 #define PKCS7_R_SIGNATURE_FAILURE                        105
 #define PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND             128
+#define PKCS7_R_SIGNING_CTRL_FAILURE                     147
+#define PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE  148
 #define PKCS7_R_SIG_INVALID_MIME_TYPE                    141
 #define PKCS7_R_SMIME_TEXT_ERROR                         129
 #define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE               106
diff --git a/src/lib/libcrypto/pkcs7/pkcs7err.c b/src/lib/libcrypto/pkcs7/pkcs7err.c
index c0e3d4cd33..d0af32a265 100644
--- a/src/lib/libcrypto/pkcs7/pkcs7err.c
+++ b/src/lib/libcrypto/pkcs7/pkcs7err.c
@@ -1,6 +1,6 @@
 /* crypto/pkcs7/pkcs7err.c */
 /* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -72,12 +72,17 @@ static ERR_STRING_DATA PKCS7_str_functs[]=
        {
 {ERR_FUNC(PKCS7_F_B64_READ_PKCS7),      "B64_READ_PKCS7"},
 {ERR_FUNC(PKCS7_F_B64_WRITE_PKCS7),     "B64_WRITE_PKCS7"},
+{ERR_FUNC(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB),      "DO_PKCS7_SIGNED_ATTRIB"},
+{ERR_FUNC(PKCS7_F_I2D_PKCS7_BIO_STREAM),        "i2d_PKCS7_bio_stream"},
+{ERR_FUNC(PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME),      "PKCS7_add0_attrib_signing_time"},
 {ERR_FUNC(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP),   "PKCS7_add_attrib_smimecap"},
 {ERR_FUNC(PKCS7_F_PKCS7_ADD_CERTIFICATE),       "PKCS7_add_certificate"},
 {ERR_FUNC(PKCS7_F_PKCS7_ADD_CRL),       "PKCS7_add_crl"},
 {ERR_FUNC(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO),    "PKCS7_add_recipient_info"},
+{ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNATURE), "PKCS7_add_signature"},
 {ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNER),    "PKCS7_add_signer"},
 {ERR_FUNC(PKCS7_F_PKCS7_BIO_ADD_DIGEST),        "PKCS7_BIO_ADD_DIGEST"},
+{ERR_FUNC(PKCS7_F_PKCS7_COPY_EXISTING_DIGEST),  "PKCS7_COPY_EXISTING_DIGEST"},
 {ERR_FUNC(PKCS7_F_PKCS7_CTRL),  "PKCS7_ctrl"},
 {ERR_FUNC(PKCS7_F_PKCS7_DATADECODE),    "PKCS7_dataDecode"},
 {ERR_FUNC(PKCS7_F_PKCS7_DATAFINAL),     "PKCS7_dataFinal"},
@@ -85,15 +90,22 @@ static ERR_STRING_DATA PKCS7_str_functs[]=
 {ERR_FUNC(PKCS7_F_PKCS7_DATASIGN),      "PKCS7_DATASIGN"},
 {ERR_FUNC(PKCS7_F_PKCS7_DATAVERIFY),    "PKCS7_dataVerify"},
 {ERR_FUNC(PKCS7_F_PKCS7_DECRYPT),       "PKCS7_decrypt"},
+{ERR_FUNC(PKCS7_F_PKCS7_DECRYPT_RINFO), "PKCS7_DECRYPT_RINFO"},
+{ERR_FUNC(PKCS7_F_PKCS7_ENCODE_RINFO),  "PKCS7_ENCODE_RINFO"},
 {ERR_FUNC(PKCS7_F_PKCS7_ENCRYPT),       "PKCS7_encrypt"},
+{ERR_FUNC(PKCS7_F_PKCS7_FINAL), "PKCS7_final"},
 {ERR_FUNC(PKCS7_F_PKCS7_FIND_DIGEST),   "PKCS7_FIND_DIGEST"},
 {ERR_FUNC(PKCS7_F_PKCS7_GET0_SIGNERS),  "PKCS7_get0_signers"},
+{ERR_FUNC(PKCS7_F_PKCS7_RECIP_INFO_SET),        "PKCS7_RECIP_INFO_set"},
 {ERR_FUNC(PKCS7_F_PKCS7_SET_CIPHER),    "PKCS7_set_cipher"},
 {ERR_FUNC(PKCS7_F_PKCS7_SET_CONTENT),   "PKCS7_set_content"},
 {ERR_FUNC(PKCS7_F_PKCS7_SET_DIGEST),    "PKCS7_set_digest"},
 {ERR_FUNC(PKCS7_F_PKCS7_SET_TYPE),      "PKCS7_set_type"},
 {ERR_FUNC(PKCS7_F_PKCS7_SIGN),  "PKCS7_sign"},
 {ERR_FUNC(PKCS7_F_PKCS7_SIGNATUREVERIFY),       "PKCS7_signatureVerify"},
+{ERR_FUNC(PKCS7_F_PKCS7_SIGNER_INFO_SET),       "PKCS7_SIGNER_INFO_set"},
+{ERR_FUNC(PKCS7_F_PKCS7_SIGNER_INFO_SIGN),      "PKCS7_SIGNER_INFO_sign"},
+{ERR_FUNC(PKCS7_F_PKCS7_SIGN_ADD_SIGNER),       "PKCS7_sign_add_signer"},
 {ERR_FUNC(PKCS7_F_PKCS7_SIMPLE_SMIMECAP),       "PKCS7_simple_smimecap"},
 {ERR_FUNC(PKCS7_F_PKCS7_VERIFY),        "PKCS7_verify"},
 {ERR_FUNC(PKCS7_F_SMIME_READ_PKCS7),    "SMIME_read_PKCS7"},
@@ -107,10 +119,13 @@ static ERR_STRING_DATA PKCS7_str_reasons[]=
 {ERR_REASON(PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER),"cipher has no object identifier"},
 {ERR_REASON(PKCS7_R_CIPHER_NOT_INITIALIZED),"cipher not initialized"},
 {ERR_REASON(PKCS7_R_CONTENT_AND_DATA_PRESENT),"content and data present"},
+{ERR_REASON(PKCS7_R_CTRL_ERROR)          ,"ctrl error"},
 {ERR_REASON(PKCS7_R_DECODE_ERROR)        ,"decode error"},
 {ERR_REASON(PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH),"decrypted key is wrong length"},
 {ERR_REASON(PKCS7_R_DECRYPT_ERROR)       ,"decrypt error"},
 {ERR_REASON(PKCS7_R_DIGEST_FAILURE)      ,"digest failure"},
+{ERR_REASON(PKCS7_R_ENCRYPTION_CTRL_FAILURE),"encryption ctrl failure"},
+{ERR_REASON(PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),"encryption not supported for this key type"},
 {ERR_REASON(PKCS7_R_ERROR_ADDING_RECIPIENT),"error adding recipient"},
 {ERR_REASON(PKCS7_R_ERROR_SETTING_CIPHER),"error setting cipher"},
 {ERR_REASON(PKCS7_R_INVALID_MIME_TYPE)   ,"invalid mime type"},
@@ -121,6 +136,8 @@ static ERR_STRING_DATA PKCS7_str_reasons[]=
 {ERR_REASON(PKCS7_R_MISSING_CERIPEND_INFO),"missing ceripend info"},
 {ERR_REASON(PKCS7_R_NO_CONTENT)          ,"no content"},
 {ERR_REASON(PKCS7_R_NO_CONTENT_TYPE)     ,"no content type"},
+{ERR_REASON(PKCS7_R_NO_DEFAULT_DIGEST)   ,"no default digest"},
+{ERR_REASON(PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND),"no matching digest type found"},
 {ERR_REASON(PKCS7_R_NO_MULTIPART_BODY_FAILURE),"no multipart body failure"},
 {ERR_REASON(PKCS7_R_NO_MULTIPART_BOUNDARY),"no multipart boundary"},
 {ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE),"no recipient matches certificate"},
@@ -130,6 +147,7 @@ static ERR_STRING_DATA PKCS7_str_reasons[]=
 {ERR_REASON(PKCS7_R_NO_SIG_CONTENT_TYPE) ,"no sig content type"},
 {ERR_REASON(PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE),"operation not supported on this type"},
 {ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR),"pkcs7 add signature error"},
+{ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNER_ERROR),"pkcs7 add signer error"},
 {ERR_REASON(PKCS7_R_PKCS7_DATAFINAL)     ,"pkcs7 datafinal"},
 {ERR_REASON(PKCS7_R_PKCS7_DATAFINAL_ERROR),"pkcs7 datafinal error"},
 {ERR_REASON(PKCS7_R_PKCS7_DATASIGN)      ,"pkcs7 datasign"},
@@ -138,6 +156,8 @@ static ERR_STRING_DATA PKCS7_str_reasons[]=
 {ERR_REASON(PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),"private key does not match certificate"},
 {ERR_REASON(PKCS7_R_SIGNATURE_FAILURE)   ,"signature failure"},
 {ERR_REASON(PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND),"signer certificate not found"},
+{ERR_REASON(PKCS7_R_SIGNING_CTRL_FAILURE),"signing ctrl failure"},
+{ERR_REASON(PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),"signing not supported for this key type"},
 {ERR_REASON(PKCS7_R_SIG_INVALID_MIME_TYPE),"sig invalid mime type"},
 {ERR_REASON(PKCS7_R_SMIME_TEXT_ERROR)    ,"smime text error"},
 {ERR_REASON(PKCS7_R_UNABLE_TO_FIND_CERTIFICATE),"unable to find certificate"},
diff --git a/src/lib/libcrypto/ppccpuid.pl b/src/lib/libcrypto/ppccpuid.pl
index fe44ff07bc..369e1d0df9 100755
--- a/src/lib/libcrypto/ppccpuid.pl
+++ b/src/lib/libcrypto/ppccpuid.pl
@@ -67,6 +67,8 @@ Loop:	lwarx	r5,0,r3
        $CMPLI  r4,7
        li      r0,0
        bge     Lot
+        $CMPLI  r4,0
+        beqlr-
 Little: mtctr   r4
        stb     r0,0(r3)
        addi    r3,r3,1
diff --git a/src/lib/libcrypto/rand/rand.h b/src/lib/libcrypto/rand/rand.h
index ea89153cba..ac6c021763 100644
--- a/src/lib/libcrypto/rand/rand.h
+++ b/src/lib/libcrypto/rand/rand.h
@@ -72,7 +72,7 @@ extern "C" {
 #endif
 #if defined(OPENSSL_FIPS)
-#define FIPS_RAND_SIZE_T int
+#define FIPS_RAND_SIZE_T size_t
 #endif
 /* Already defined in ossl_typ.h */
@@ -111,15 +111,6 @@ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes);
 int RAND_egd(const char *path);
 int RAND_egd_bytes(const char *path,int bytes);
 int RAND_poll(void);
-#ifndef OPENSSL_NO_ENGINE
-#ifdef OPENSSL_FIPS
-void int_RAND_init_engine_callbacks(void);
-void int_RAND_set_callbacks(
-        int (*set_rand_func)(const RAND_METHOD *meth,
-                                                const RAND_METHOD **pmeth),
-        const RAND_METHOD *(*get_rand_func)(const RAND_METHOD **pmeth));
-#endif
-#endif
 #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
@@ -137,29 +128,11 @@ void ERR_load_RAND_strings(void);
 /* Error codes for the RAND functions. */
 /* Function codes. */
-#define RAND_F_ENG_RAND_GET_RAND_METHOD                  108
-#define RAND_F_FIPS_RAND                                 103
-#define RAND_F_FIPS_RAND_BYTES                           102
-#define RAND_F_FIPS_RAND_GET_RAND_METHOD                 109
-#define RAND_F_FIPS_RAND_SET_DT                          106
-#define RAND_F_FIPS_SET_DT                               104
-#define RAND_F_FIPS_SET_PRNG_SEED                        107
-#define RAND_F_FIPS_SET_TEST_MODE                        105
 #define RAND_F_RAND_GET_RAND_METHOD                      101
 #define RAND_F_SSLEAY_RAND_BYTES                         100
 /* Reason codes. */
-#define RAND_R_NON_FIPS_METHOD                           105
-#define RAND_R_NOT_IN_TEST_MODE                          106
-#define RAND_R_NO_KEY_SET                                107
-#define RAND_R_PRNG_ASKING_FOR_TOO_MUCH                  101
-#define RAND_R_PRNG_ERROR                                108
-#define RAND_R_PRNG_KEYED                                109
-#define RAND_R_PRNG_NOT_REKEYED                          102
-#define RAND_R_PRNG_NOT_RESEEDED                         103
 #define RAND_R_PRNG_NOT_SEEDED                           100
-#define RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY              110
-#define RAND_R_PRNG_STUCK                                104
 #ifdef  __cplusplus
 }
diff --git a/src/lib/libcrypto/rand/rand_err.c b/src/lib/libcrypto/rand/rand_err.c
index 829fb44d77..03cda4dd92 100644
--- a/src/lib/libcrypto/rand/rand_err.c
+++ b/src/lib/libcrypto/rand/rand_err.c
@@ -1,6 +1,6 @@
 /* crypto/rand/rand_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -70,14 +70,6 @@
 static ERR_STRING_DATA RAND_str_functs[]=
        {
-{ERR_FUNC(RAND_F_ENG_RAND_GET_RAND_METHOD),     "ENG_RAND_GET_RAND_METHOD"},
-{ERR_FUNC(RAND_F_FIPS_RAND),    "FIPS_RAND"},
-{ERR_FUNC(RAND_F_FIPS_RAND_BYTES),      "FIPS_RAND_BYTES"},
-{ERR_FUNC(RAND_F_FIPS_RAND_GET_RAND_METHOD),    "FIPS_RAND_GET_RAND_METHOD"},
-{ERR_FUNC(RAND_F_FIPS_RAND_SET_DT),     "FIPS_RAND_SET_DT"},
-{ERR_FUNC(RAND_F_FIPS_SET_DT),  "FIPS_SET_DT"},
-{ERR_FUNC(RAND_F_FIPS_SET_PRNG_SEED),   "FIPS_SET_PRNG_SEED"},
-{ERR_FUNC(RAND_F_FIPS_SET_TEST_MODE),   "FIPS_SET_TEST_MODE"},
 {ERR_FUNC(RAND_F_RAND_GET_RAND_METHOD), "RAND_get_rand_method"},
 {ERR_FUNC(RAND_F_SSLEAY_RAND_BYTES),    "SSLEAY_RAND_BYTES"},
 {0,NULL}
@@ -85,17 +77,7 @@ static ERR_STRING_DATA RAND_str_functs[]=
 static ERR_STRING_DATA RAND_str_reasons[]=
        {
-{ERR_REASON(RAND_R_NON_FIPS_METHOD)      ,"non fips method"},
-{ERR_REASON(RAND_R_NOT_IN_TEST_MODE)     ,"not in test mode"},
-{ERR_REASON(RAND_R_NO_KEY_SET)           ,"no key set"},
-{ERR_REASON(RAND_R_PRNG_ASKING_FOR_TOO_MUCH),"prng asking for too much"},
-{ERR_REASON(RAND_R_PRNG_ERROR)           ,"prng error"},
-{ERR_REASON(RAND_R_PRNG_KEYED)           ,"prng keyed"},
-{ERR_REASON(RAND_R_PRNG_NOT_REKEYED)     ,"prng not rekeyed"},
-{ERR_REASON(RAND_R_PRNG_NOT_RESEEDED)    ,"prng not reseeded"},
 {ERR_REASON(RAND_R_PRNG_NOT_SEEDED)      ,"PRNG not seeded"},
-{ERR_REASON(RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY),"prng seed must not match key"},
-{ERR_REASON(RAND_R_PRNG_STUCK)           ,"prng stuck"},
 {0,NULL}
        };
diff --git a/src/lib/libcrypto/rand/rand_lib.c b/src/lib/libcrypto/rand/rand_lib.c
index da6b4e0e86..513e338985 100644
--- a/src/lib/libcrypto/rand/rand_lib.c
+++ b/src/lib/libcrypto/rand/rand_lib.c
@@ -60,82 +60,15 @@
 #include <time.h>
 #include "cryptlib.h"
 #include <openssl/rand.h>
-#include "rand_lcl.h"
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#include <openssl/fips_rand.h>
-#endif
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
 #endif
-static const RAND_METHOD *default_RAND_meth = NULL;
-#ifdef OPENSSL_FIPS
-static int fips_RAND_set_rand_method(const RAND_METHOD *meth,
-                                        const RAND_METHOD **pmeth)
-        {
-        *pmeth = meth;
-        return 1;
-        }
-static const RAND_METHOD *fips_RAND_get_rand_method(const RAND_METHOD **pmeth)
-        {
-        if (!*pmeth)
-                {
-                if(FIPS_mode())
-                        *pmeth=FIPS_rand_method();
-                else
-                        *pmeth = RAND_SSLeay();
-                }
-        if(FIPS_mode()
-                && *pmeth != FIPS_rand_check())
-            {
-            RANDerr(RAND_F_FIPS_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD);
-            return 0;
-            }
-        return *pmeth;
-        }
-static int (*RAND_set_rand_method_func)(const RAND_METHOD *meth,
-                                                const RAND_METHOD **pmeth)
-        = fips_RAND_set_rand_method;
-static const RAND_METHOD *(*RAND_get_rand_method_func)
-                                                (const RAND_METHOD **pmeth)
-        = fips_RAND_get_rand_method;
-#ifndef OPENSSL_NO_ENGINE
-void int_RAND_set_callbacks(
-        int (*set_rand_func)(const RAND_METHOD *meth,
-                                                const RAND_METHOD **pmeth),
-        const RAND_METHOD *(*get_rand_func)
-                                                (const RAND_METHOD **pmeth))
-        {
-        RAND_set_rand_method_func = set_rand_func;
-        RAND_get_rand_method_func = get_rand_func;
-        }
-#endif
-int RAND_set_rand_method(const RAND_METHOD *meth)
-        {
-        return RAND_set_rand_method_func(meth, &default_RAND_meth);
-        }
-const RAND_METHOD *RAND_get_rand_method(void)
-        {
-        return RAND_get_rand_method_func(&default_RAND_meth);
-        }
-#else
 #ifndef OPENSSL_NO_ENGINE
 /* non-NULL if default_RAND_meth is ENGINE-provided */
 static ENGINE *funct_ref =NULL;
 #endif
+static const RAND_METHOD *default_RAND_meth = NULL;
 int RAND_set_rand_method(const RAND_METHOD *meth)
        {
@@ -196,8 +129,6 @@ int RAND_set_rand_engine(ENGINE *engine)
        }
 #endif
-#endif
 void RAND_cleanup(void)
        {
        const RAND_METHOD *meth = RAND_get_rand_method();
diff --git a/src/lib/libcrypto/rand/randfile.c b/src/lib/libcrypto/rand/randfile.c
index d108353bbc..4ed40b7b70 100644
--- a/src/lib/libcrypto/rand/randfile.c
+++ b/src/lib/libcrypto/rand/randfile.c
@@ -75,9 +75,7 @@
 #ifndef NO_SYS_TYPES_H
 # include <sys/types.h>
 #endif
-#ifdef MAC_OS_pre_X
+#ifndef OPENSSL_NO_POSIX_IO
-# include <stat.h>
-#else
 # include <sys/stat.h>
 #endif
@@ -111,14 +109,26 @@ int RAND_load_file(const char *file, long bytes)
         * if bytes == -1, read complete file. */
        MS_STATIC unsigned char buf[BUFSIZE];
+#ifndef OPENSSL_NO_POSIX_IO
        struct stat sb;
+#endif
        int i,ret=0,n;
        FILE *in;
        if (file == NULL) return(0);
+#ifndef OPENSSL_NO_POSIX_IO
+#ifdef PURIFY
+        /* struct stat can have padding and unused fields that may not be
+         * initialized in the call to stat(). We need to clear the entire
+         * structure before calling RAND_add() to avoid complaints from
+         * applications such as Valgrind.
+         */
+        memset(&sb, 0, sizeof(sb));
+#endif
        if (stat(file,&sb) < 0) return(0);
        RAND_add(&sb,sizeof(sb),0.0);
+#endif
        if (bytes == 0) return(ret);
 #ifdef OPENSSL_SYS_VMS
@@ -127,7 +137,7 @@ int RAND_load_file(const char *file, long bytes)
        in=fopen(file,"rb");
 #endif
        if (in == NULL) goto err;
-#if defined(S_IFBLK) && defined(S_IFCHR)
+#if defined(S_IFBLK) && defined(S_IFCHR) && !defined(OPNESSL_NO_POSIX_IO)
        if (sb.st_mode & (S_IFBLK | S_IFCHR)) {
          /* this file is a device. we don't want read an infinite number
           * of bytes from a random device, nor do we want to use buffered
@@ -170,12 +180,13 @@ int RAND_write_file(const char *file)
        int i,ret=0,rand_err=0;
        FILE *out = NULL;
        int n;
+#ifndef OPENSSL_NO_POSIX_IO
        struct stat sb;
        
        i=stat(file,&sb);
        if (i != -1) { 
-#if defined(S_IFBLK) && defined(S_IFCHR)
+#if defined(S_ISBLK) && defined(S_ISCHR)
-          if (sb.st_mode & (S_IFBLK | S_IFCHR)) {
+          if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) {
            /* this file is a device. we don't write back to it. 
             * we "succeed" on the assumption this is some sort 
             * of random device. Otherwise attempting to write to 
@@ -185,14 +196,16 @@ int RAND_write_file(const char *file)
          }
 #endif
        }
+#endif
-#if defined(O_CREAT) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_VMS)
+#if defined(O_CREAT) && !defined(OPENSSL_NO_POSIX_IO) && !defined(OPENSSL_SYS_VMS)
        {
-        /* For some reason Win32 can't write to files created this way */
+#ifndef O_BINARY
-        
+#define O_BINARY 0
+#endif
        /* chmod(..., 0600) is too late to protect the file,
         * permissions should be restrictive from the start */
-        int fd = open(file, O_CREAT, 0600);
+        int fd = open(file, O_WRONLY|O_CREAT|O_BINARY, 0600);
        if (fd != -1)
                out = fdopen(fd, "wb");
        }
diff --git a/src/lib/libcrypto/rc2/rc2.h b/src/lib/libcrypto/rc2/rc2.h
index e542ec94ff..34c8362317 100644
--- a/src/lib/libcrypto/rc2/rc2.h
+++ b/src/lib/libcrypto/rc2/rc2.h
@@ -79,9 +79,7 @@ typedef struct rc2_key_st
        RC2_INT data[64];
        } RC2_KEY;
-#ifdef OPENSSL_FIPS 
+ 
-void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits);
-#endif
 void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits);
 void RC2_ecb_encrypt(const unsigned char *in,unsigned char *out,RC2_KEY *key,
                     int enc);
diff --git a/src/lib/libcrypto/rc2/rc2_skey.c b/src/lib/libcrypto/rc2/rc2_skey.c
index 4e000e5b99..0150b0e035 100644
--- a/src/lib/libcrypto/rc2/rc2_skey.c
+++ b/src/lib/libcrypto/rc2/rc2_skey.c
@@ -57,14 +57,9 @@
 */
 #include <openssl/rc2.h>
-#include <openssl/crypto.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 #include "rc2_locl.h"
-static unsigned char key_table[256]={
+static const unsigned char key_table[256]={
        0xd9,0x78,0xf9,0xc4,0x19,0xdd,0xb5,0xed,0x28,0xe9,0xfd,0x79,
        0x4a,0xa0,0xd8,0x9d,0xc6,0x7e,0x37,0x83,0x2b,0x76,0x53,0x8e,
        0x62,0x4c,0x64,0x88,0x44,0x8b,0xfb,0xa2,0x17,0x9a,0x59,0xf5,
@@ -99,20 +94,8 @@ static unsigned char key_table[256]={
 * BSAFE uses the 'retarded' version.  What I previously shipped is
 * the same as specifying 1024 for the 'bits' parameter.  Bsafe uses
 * a version where the bits parameter is the same as len*8 */
-#ifdef OPENSSL_FIPS
 void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits)
        {
-        if (FIPS_mode())
-                FIPS_BAD_ABORT(RC2)
-        private_RC2_set_key(key, len, data, bits);
-        }
-void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,
-                                                                int bits)
-#else
-void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits)
-#endif
-        {
        int i,j;
        unsigned char *k;
        RC2_INT *ki;
diff --git a/src/lib/libcrypto/rc4/asm/rc4-586.pl b/src/lib/libcrypto/rc4/asm/rc4-586.pl
index ef7eee766c..38a44a70ef 100644
--- a/src/lib/libcrypto/rc4/asm/rc4-586.pl
+++ b/src/lib/libcrypto/rc4/asm/rc4-586.pl
@@ -1,14 +1,21 @@
-#!/usr/local/bin/perl
+#!/usr/bin/env perl
+# ====================================================================
+# [Re]written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
 # At some point it became apparent that the original SSLeay RC4
-# assembler implementation performs suboptimaly on latest IA-32
+# assembler implementation performs suboptimally on latest IA-32
 # microarchitectures. After re-tuning performance has changed as
 # following:
 #
-# Pentium       +0%
+# Pentium       -10%
-# Pentium III   +17%
+# Pentium III   +12%
-# AMD           +52%(*)
+# AMD           +50%(*)
-# P4            +180%(**)
+# P4            +250%(**)
 #
 # (*)   This number is actually a trade-off:-) It's possible to
 #       achieve +72%, but at the cost of -48% off PIII performance.
@@ -17,214 +24,247 @@
 #       For reference! This code delivers ~80% of rc4-amd64.pl
 #       performance on the same Opteron machine.
 # (**)  This number requires compressed key schedule set up by
-#       RC4_set_key and therefore doesn't apply to 0.9.7 [option for
+#       RC4_set_key [see commentary below for further details].
-#       compressed key schedule is implemented in 0.9.8 and later,
-#       see commentary section in rc4_skey.c for further details].
 #
 #                                       <appro@fy.chalmers.se>
-push(@INC,"perlasm","../../perlasm");
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
 require "x86asm.pl";
 &asm_init($ARGV[0],"rc4-586.pl");
-$x="eax";
+$xx="eax";
-$y="ebx";
+$yy="ebx";
 $tx="ecx";
 $ty="edx";
-$in="esi";
+$inp="esi";
-$out="edi";
+$out="ebp";
-$d="ebp";
+$dat="edi";
-&RC4("RC4");
+sub RC4_loop {
+  my $i=shift;
-&asm_finish();
+  my $func = ($i==0)?*mov:*or;
-sub RC4_loop
+        &add    (&LB($yy),&LB($tx));
-        {
+        &mov    ($ty,&DWP(0,$dat,$yy,4));
-        local($n,$p,$char)=@_;
+        &mov    (&DWP(0,$dat,$yy,4),$tx);
+        &mov    (&DWP(0,$dat,$xx,4),$ty);
-        &comment("Round $n");
+        &add    ($ty,$tx);
+        &inc    (&LB($xx));
-        if ($char)
+        &and    ($ty,0xff);
-                {
+        &ror    ($out,8)        if ($i!=0);
-                if ($p >= 0)
+        if ($i<3) {
-                        {
+          &mov  ($tx,&DWP(0,$dat,$xx,4));
-                         &mov($ty,      &swtmp(2));
+        } else {
-                        &cmp($ty,       $in);
+          &mov  ($tx,&wparam(3));       # reload [re-biased] out
-                         &jbe(&label("finished"));
-                        &inc($in);
-                        }
-                else
-                        {
-                        &add($ty,       8);
-                         &inc($in);
-                        &cmp($ty,       $in);
-                         &jb(&label("finished"));
-                        &mov(&swtmp(2), $ty);
-                        }
-                }
-        # Moved out
-        # &mov( $tx,            &DWP(0,$d,$x,4)) if $p < 0;
-        &add(   &LB($y),        &LB($tx));
-        &mov(   $ty,            &DWP(0,$d,$y,4));
-         # XXX
-        &mov(   &DWP(0,$d,$x,4),$ty);
-         &add(  $ty,            $tx);
-        &mov(   &DWP(0,$d,$y,4),$tx);
-         &and(  $ty,            0xff);
-         &inc(  &LB($x));                       # NEXT ROUND
-        &mov(   $tx,            &DWP(0,$d,$x,4)) if $p < 1; # NEXT ROUND
-         &mov(  $ty,            &DWP(0,$d,$ty,4));
-        if (!$char)
-                {
-                #moved up into last round
-                if ($p >= 1)
-                        {
-                        &add(   $out,   8)
-                        }
-                &movb(  &BP($n,"esp","",0),     &LB($ty));
-                }
-        else
-                {
-                # Note in+=8 has occured
-                &movb(  &HB($ty),       &BP(-1,$in,"",0));
-                 # XXX
-                &xorb(&LB($ty),         &HB($ty));
-                 # XXX
-                &movb(&BP($n,$out,"",0),&LB($ty));
-                }
        }
+        &$func  ($out,&DWP(0,$dat,$ty,4));
+}
-sub RC4
-        {
+# void RC4(RC4_KEY *key,size_t len,const unsigned char *inp,unsigned char *out);
-        local($name)=@_;
+&function_begin("RC4");
+        &mov    ($dat,&wparam(0));      # load key schedule pointer
-        &function_begin_B($name,"");
+        &mov    ($ty, &wparam(1));      # load len
+        &mov    ($inp,&wparam(2));      # load inp
-        &mov($ty,&wparam(1));           # len
+        &mov    ($out,&wparam(3));      # load out
-        &cmp($ty,0);
-        &jne(&label("proceed"));
+        &xor    ($xx,$xx);              # avoid partial register stalls
-        &ret();
+        &xor    ($yy,$yy);
-        &set_label("proceed");
+        &cmp    ($ty,0);                # safety net
-        &comment("");
+        &je     (&label("abort"));
-        &push("ebp");
+        &mov    (&LB($xx),&BP(0,$dat)); # load key->x
-         &push("ebx");
+        &mov    (&LB($yy),&BP(4,$dat)); # load key->y
-        &push("esi");
+        &add    ($dat,8);
-         &xor(  $x,     $x);            # avoid partial register stalls
-        &push("edi");
+        &lea    ($tx,&DWP(0,$inp,$ty));
-         &xor(  $y,     $y);            # avoid partial register stalls
+        &sub    ($out,$inp);            # re-bias out
-        &mov(   $d,     &wparam(0));    # key
+        &mov    (&wparam(1),$tx);       # save input+len
-         &mov(  $in,    &wparam(2));
+        &inc    (&LB($xx));
-        &movb(  &LB($x),        &BP(0,$d,"",1));
-         &movb( &LB($y),        &BP(4,$d,"",1));
+        # detect compressed key schedule...
+        &cmp    (&DWP(256,$dat),-1);
-        &mov(   $out,   &wparam(3));
+        &je     (&label("RC4_CHAR"));
-         &inc(  &LB($x));
+        &mov    ($tx,&DWP(0,$dat,$xx,4));
-        &stack_push(3); # 3 temp variables
-         &add(  $d,     8);
+        &and    ($ty,-4);               # how many 4-byte chunks?
+        &jz     (&label("loop1"));
-        # detect compressed schedule, see commentary section in rc4_skey.c...
-        # in 0.9.7 context ~50 bytes below RC4_CHAR label remain redundant,
+        &lea    ($ty,&DWP(-4,$inp,$ty));
-        # as compressed key schedule is set up in 0.9.8 and later.
+        &mov    (&wparam(2),$ty);       # save input+(len/4)*4-4
-        &cmp(&DWP(256,$d),-1);
+        &mov    (&wparam(3),$out);      # $out as accumulator in this loop
-        &je(&label("RC4_CHAR"));
+        &set_label("loop4",16);
-         &lea(  $ty,    &DWP(-8,$ty,$in));
+                for ($i=0;$i<4;$i++) { RC4_loop($i); }
+                &ror    ($out,8);
-        # check for 0 length input
+                &xor    ($out,&DWP(0,$inp));
+                &cmp    ($inp,&wparam(2));      # compare to input+(len/4)*4-4
-         &mov(  &swtmp(2),      $ty);   # this is now address to exit at
+                &mov    (&DWP(0,$tx,$inp),$out);# $tx holds re-biased out here
-        &mov(   $tx,    &DWP(0,$d,$x,4));
+                &lea    ($inp,&DWP(4,$inp));
+                &mov    ($tx,&DWP(0,$dat,$xx,4));
-         &cmp(  $ty,    $in);
+        &jb     (&label("loop4"));
-        &jb(    &label("end")); # less than 8 bytes
+        &cmp    ($inp,&wparam(1));      # compare to input+len
-        &set_label("start");
+        &je     (&label("done"));
+        &mov    ($out,&wparam(3));      # restore $out
-        # filling DELAY SLOT
-        &add(   $in,    8);
+        &set_label("loop1",16);
+                &add    (&LB($yy),&LB($tx));
-        &RC4_loop(0,-1,0);
+                &mov    ($ty,&DWP(0,$dat,$yy,4));
-        &RC4_loop(1,0,0);
+                &mov    (&DWP(0,$dat,$yy,4),$tx);
-        &RC4_loop(2,0,0);
+                &mov    (&DWP(0,$dat,$xx,4),$ty);
-        &RC4_loop(3,0,0);
+                &add    ($ty,$tx);
-        &RC4_loop(4,0,0);
+                &inc    (&LB($xx));
-        &RC4_loop(5,0,0);
+                &and    ($ty,0xff);
-        &RC4_loop(6,0,0);
+                &mov    ($ty,&DWP(0,$dat,$ty,4));
-        &RC4_loop(7,1,0);
+                &xor    (&LB($ty),&BP(0,$inp));
-        
+                &lea    ($inp,&DWP(1,$inp));
-        &comment("apply the cipher text");
+                &mov    ($tx,&DWP(0,$dat,$xx,4));
-        # xor the cipher data with input
+                &cmp    ($inp,&wparam(1));      # compare to input+len
+                &mov    (&BP(-1,$out,$inp),&LB($ty));
-        #&add(  $out,   8); #moved up into last round
+        &jb     (&label("loop1"));
-        &mov(   $tx,    &swtmp(0));
+        &jmp    (&label("done"));
-         &mov(  $ty,    &DWP(-8,$in,"",0));
-        &xor(   $tx,    $ty);
+# this is essentially Intel P4 specific codepath...
-         &mov(  $ty,    &DWP(-4,$in,"",0)); 
+&set_label("RC4_CHAR",16);
-        &mov(   &DWP(-8,$out,"",0),     $tx);
+        &movz   ($tx,&BP(0,$dat,$xx));
-         &mov(  $tx,    &swtmp(1));
-        &xor(   $tx,    $ty);
-         &mov(  $ty,    &swtmp(2));     # load end ptr;
-        &mov(   &DWP(-4,$out,"",0),     $tx);
-         &mov(  $tx,            &DWP(0,$d,$x,4));
-        &cmp($in,       $ty);
-         &jbe(&label("start"));
-        &set_label("end");
-        # There is quite a bit of extra crap in RC4_loop() for this
-        # first round
-        &RC4_loop(0,-1,1);
-        &RC4_loop(1,0,1);
-        &RC4_loop(2,0,1);
-        &RC4_loop(3,0,1);
-        &RC4_loop(4,0,1);
-        &RC4_loop(5,0,1);
-        &RC4_loop(6,1,1);
-        &jmp(&label("finished"));
-        &align(16);
-        # this is essentially Intel P4 specific codepath, see rc4_skey.c,
-        # and is engaged in 0.9.8 and later context...
-        &set_label("RC4_CHAR");
-        &lea    ($ty,&DWP(0,$in,$ty));
-        &mov    (&swtmp(2),$ty);
-        &movz   ($tx,&BP(0,$d,$x));
        # strangely enough unrolled loop performs over 20% slower...
-        &set_label("RC4_CHAR_loop");
+        &set_label("cloop1");
-                &add    (&LB($y),&LB($tx));
+                &add    (&LB($yy),&LB($tx));
-                &movz   ($ty,&BP(0,$d,$y));
+                &movz   ($ty,&BP(0,$dat,$yy));
-                &movb   (&BP(0,$d,$y),&LB($tx));
+                &mov    (&BP(0,$dat,$yy),&LB($tx));
-                &movb   (&BP(0,$d,$x),&LB($ty));
+                &mov    (&BP(0,$dat,$xx),&LB($ty));
                &add    (&LB($ty),&LB($tx));
-                &movz   ($ty,&BP(0,$d,$ty));
+                &movz   ($ty,&BP(0,$dat,$ty));
-                &add    (&LB($x),1);
+                &add    (&LB($xx),1);
-                &xorb   (&LB($ty),&BP(0,$in));
+                &xor    (&LB($ty),&BP(0,$inp));
-                &lea    ($in,&DWP(1,$in));
+                &lea    ($inp,&DWP(1,$inp));
-                &movz   ($tx,&BP(0,$d,$x));
+                &movz   ($tx,&BP(0,$dat,$xx));
-                &cmp    ($in,&swtmp(2));
+                &cmp    ($inp,&wparam(1));
-                &movb   (&BP(0,$out),&LB($ty));
+                &mov    (&BP(-1,$out,$inp),&LB($ty));
-                &lea    ($out,&DWP(1,$out));
+        &jb     (&label("cloop1"));
-        &jb     (&label("RC4_CHAR_loop"));
+&set_label("done");
-        &set_label("finished");
+        &dec    (&LB($xx));
-        &dec(   $x);
+        &mov    (&BP(-4,$dat),&LB($yy));        # save key->y
-         &stack_pop(3);
+        &mov    (&BP(-8,$dat),&LB($xx));        # save key->x
-        &movb(  &BP(-4,$d,"",0),&LB($y));
+&set_label("abort");
-         &movb( &BP(-8,$d,"",0),&LB($x));
+&function_end("RC4");
-        &function_end($name);
+########################################################################
-        }
+$inp="esi";
+$out="edi";
+$idi="ebp";
+$ido="ecx";
+$idx="edx";
+&external_label("OPENSSL_ia32cap_P");
+# void RC4_set_key(RC4_KEY *key,int len,const unsigned char *data);
+&function_begin("RC4_set_key");
+        &mov    ($out,&wparam(0));              # load key
+        &mov    ($idi,&wparam(1));              # load len
+        &mov    ($inp,&wparam(2));              # load data
+        &picmeup($idx,"OPENSSL_ia32cap_P");
+        &lea    ($out,&DWP(2*4,$out));          # &key->data
+        &lea    ($inp,&DWP(0,$inp,$idi));       # $inp to point at the end
+        &neg    ($idi);
+        &xor    ("eax","eax");
+        &mov    (&DWP(-4,$out),$idi);           # borrow key->y
+        &bt     (&DWP(0,$idx),20);              # check for bit#20
+        &jc     (&label("c1stloop"));
+&set_label("w1stloop",16);
+        &mov    (&DWP(0,$out,"eax",4),"eax");   # key->data[i]=i;
+        &add    (&LB("eax"),1);                 # i++;
+        &jnc    (&label("w1stloop"));
+        &xor    ($ido,$ido);
+        &xor    ($idx,$idx);
+&set_label("w2ndloop",16);
+        &mov    ("eax",&DWP(0,$out,$ido,4));
+        &add    (&LB($idx),&BP(0,$inp,$idi));
+        &add    (&LB($idx),&LB("eax"));
+        &add    ($idi,1);
+        &mov    ("ebx",&DWP(0,$out,$idx,4));
+        &jnz    (&label("wnowrap"));
+          &mov  ($idi,&DWP(-4,$out));
+        &set_label("wnowrap");
+        &mov    (&DWP(0,$out,$idx,4),"eax");
+        &mov    (&DWP(0,$out,$ido,4),"ebx");
+        &add    (&LB($ido),1);
+        &jnc    (&label("w2ndloop"));
+&jmp    (&label("exit"));
+# Unlike all other x86 [and x86_64] implementations, Intel P4 core
+# [including EM64T] was found to perform poorly with above "32-bit" key
+# schedule, a.k.a. RC4_INT. Performance improvement for IA-32 hand-coded
+# assembler turned out to be 3.5x if re-coded for compressed 8-bit one,
+# a.k.a. RC4_CHAR! It's however inappropriate to just switch to 8-bit
+# schedule for x86[_64], because non-P4 implementations suffer from
+# significant performance losses then, e.g. PIII exhibits >2x
+# deterioration, and so does Opteron. In order to assure optimal
+# all-round performance, we detect P4 at run-time and set up compressed
+# key schedule, which is recognized by RC4 procedure.
+&set_label("c1stloop",16);
+        &mov    (&BP(0,$out,"eax"),&LB("eax")); # key->data[i]=i;
+        &add    (&LB("eax"),1);                 # i++;
+        &jnc    (&label("c1stloop"));
+        &xor    ($ido,$ido);
+        &xor    ($idx,$idx);
+        &xor    ("ebx","ebx");
+&set_label("c2ndloop",16);
+        &mov    (&LB("eax"),&BP(0,$out,$ido));
+        &add    (&LB($idx),&BP(0,$inp,$idi));
+        &add    (&LB($idx),&LB("eax"));
+        &add    ($idi,1);
+        &mov    (&LB("ebx"),&BP(0,$out,$idx));
+        &jnz    (&label("cnowrap"));
+          &mov  ($idi,&DWP(-4,$out));
+        &set_label("cnowrap");
+        &mov    (&BP(0,$out,$idx),&LB("eax"));
+        &mov    (&BP(0,$out,$ido),&LB("ebx"));
+        &add    (&LB($ido),1);
+        &jnc    (&label("c2ndloop"));
+        &mov    (&DWP(256,$out),-1);            # mark schedule as compressed
+&set_label("exit");
+        &xor    ("eax","eax");
+        &mov    (&DWP(-8,$out),"eax");          # key->x=0;
+        &mov    (&DWP(-4,$out),"eax");          # key->y=0;
+&function_end("RC4_set_key");
+# const char *RC4_options(void);
+&function_begin_B("RC4_options");
+        &call   (&label("pic_point"));
+&set_label("pic_point");
+        &blindpop("eax");
+        &lea    ("eax",&DWP(&label("opts")."-".&label("pic_point"),"eax"));
+        &picmeup("edx","OPENSSL_ia32cap_P");
+        &bt     (&DWP(0,"edx"),20);
+        &jnc    (&label("skip"));
+          &add  ("eax",12);
+        &set_label("skip");
+        &ret    ();
+&set_label("opts",64);
+&asciz  ("rc4(4x,int)");
+&asciz  ("rc4(1x,char)");
+&asciz  ("RC4 for x86, CRYPTOGAMS by <appro\@openssl.org>");
+&align  (64);
+&function_end_B("RC4_options");
+&asm_finish();
diff --git a/src/lib/libcrypto/rc4/asm/rc4-ia64.pl b/src/lib/libcrypto/rc4/asm/rc4-ia64.pl
new file mode 100644
index 0000000000..49cd5b5e69
--- /dev/null
+++ b/src/lib/libcrypto/rc4/asm/rc4-ia64.pl
@@ -0,0 +1,755 @@
+#!/usr/bin/env perl
+#
+# ====================================================================
+# Written by David Mosberger <David.Mosberger@acm.org> based on the
+# Itanium optimized Crypto code which was released by HP Labs at
+# http://www.hpl.hp.com/research/linux/crypto/.
+#
+# Copyright (c) 2005 Hewlett-Packard Development Company, L.P.
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.  */
+# This is a little helper program which generates a software-pipelined
+# for RC4 encryption.  The basic algorithm looks like this:
+#
+#   for (counter = 0; counter < len; ++counter)
+#     {
+#       in = inp[counter];
+#       SI = S[I];
+#       J = (SI + J) & 0xff;
+#       SJ = S[J];
+#       T = (SI + SJ) & 0xff;
+#       S[I] = SJ, S[J] = SI;
+#       ST = S[T];
+#       outp[counter] = in ^ ST;
+#       I = (I + 1) & 0xff;
+#     }
+#
+# Pipelining this loop isn't easy, because the stores to the S[] array
+# need to be observed in the right order.  The loop generated by the
+# code below has the following pipeline diagram:
+#
+#      cycle
+#     | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 |10 |11 |12 |13 |14 |15 |16 |17 |
+# iter
+#   1: xxx LDI xxx xxx xxx LDJ xxx SWP xxx LDT xxx xxx
+#   2:             xxx LDI xxx xxx xxx LDJ xxx SWP xxx LDT xxx xxx
+#   3:                         xxx LDI xxx xxx xxx LDJ xxx SWP xxx LDT xxx xxx
+#
+#   where:
+#       LDI = load of S[I]
+#       LDJ = load of S[J]
+#       SWP = swap of S[I] and S[J]
+#       LDT = load of S[T]
+#
+# Note that in the above diagram, the major trouble-spot is that LDI
+# of the 2nd iteration is performed BEFORE the SWP of the first
+# iteration.  Fortunately, this is easy to detect (I of the 1st
+# iteration will be equal to J of the 2nd iteration) and when this
+# happens, we simply forward the proper value from the 1st iteration
+# to the 2nd one.  The proper value in this case is simply the value
+# of S[I] from the first iteration (thanks to the fact that SWP
+# simply swaps the contents of S[I] and S[J]).
+#
+# Another potential trouble-spot is in cycle 7, where SWP of the 1st
+# iteration issues at the same time as the LDI of the 3rd iteration.
+# However, thanks to IA-64 execution semantics, this can be taken
+# care of simply by placing LDI later in the instruction-group than
+# SWP.  IA-64 CPUs will automatically forward the value if they
+# detect that the SWP and LDI are accessing the same memory-location.
+# The core-loop that can be pipelined then looks like this (annotated
+# with McKinley/Madison issue port & latency numbers, assuming L1
+# cache hits for the most part):
+# operation:        instruction:                    issue-ports:  latency
+# ------------------  -----------------------------   ------------- -------
+# Data = *inp++       ld1 data = [inp], 1             M0-M1         1 cyc     c0
+#                     shladd Iptr = I, KeyTable, 3    M0-M3, I0, I1 1 cyc
+# I = (I + 1) & 0xff  padd1 nextI = I, one            M0-M3, I0, I1 3 cyc
+#                     ;;
+# SI = S[I]           ld8 SI = [Iptr]                 M0-M1         1 cyc     c1 * after SWAP!
+#                     ;;
+#                     cmp.eq.unc pBypass = I, J                                  * after J is valid!
+# J = SI + J          add J = J, SI                   M0-M3, I0, I1 1 cyc     c2
+#                     (pBypass) br.cond.spnt Bypass
+#                     ;;
+# ---------------------------------------------------------------------------------------
+# J = J & 0xff        zxt1 J = J                      I0, I1, 1 cyc           c3
+#                     ;;
+#                     shladd Jptr = J, KeyTable, 3    M0-M3, I0, I1 1 cyc     c4
+#                     ;;
+# SJ = S[J]           ld8 SJ = [Jptr]                 M0-M1         1 cyc     c5
+#                     ;;
+# ---------------------------------------------------------------------------------------
+# T = (SI + SJ)       add T = SI, SJ                  M0-M3, I0, I1 1 cyc     c6
+#                     ;;
+# T = T & 0xff        zxt1 T = T                      I0, I1        1 cyc
+# S[I] = SJ           st8 [Iptr] = SJ                 M2-M3                   c7
+# S[J] = SI           st8 [Jptr] = SI                 M2-M3
+#                     ;;
+#                     shladd Tptr = T, KeyTable, 3    M0-M3, I0, I1 1 cyc     c8
+#                     ;;
+# ---------------------------------------------------------------------------------------
+# T = S[T]            ld8 T = [Tptr]                  M0-M1         1 cyc     c9
+#                     ;;
+# data ^= T           xor data = data, T              M0-M3, I0, I1 1 cyc     c10
+#                     ;;
+# *out++ = Data ^ T   dep word = word, data, 8, POS   I0, I1        1 cyc     c11
+#                     ;;
+# ---------------------------------------------------------------------------------------
+# There are several points worth making here:
+#   - Note that due to the bypass/forwarding-path, the first two
+#     phases of the loop are strangly mingled together.  In
+#     particular, note that the first stage of the pipeline is
+#     using the value of "J", as calculated by the second stage.
+#   - Each bundle-pair will have exactly 6 instructions.
+#   - Pipelined, the loop can execute in 3 cycles/iteration and
+#     4 stages.  However, McKinley/Madison can issue "st1" to
+#     the same bank at a rate of at most one per 4 cycles.  Thus,
+#     instead of storing each byte, we accumulate them in a word
+#     and then write them back at once with a single "st8" (this
+#     implies that the setup code needs to ensure that the output
+#     buffer is properly aligned, if need be, by encoding the
+#     first few bytes separately).
+#   - There is no space for a "br.ctop" instruction.  For this
+#     reason we can't use module-loop support in IA-64 and have
+#     to do a traditional, purely software-pipelined loop.
+#   - We can't replace any of the remaining "add/zxt1" pairs with
+#     "padd1" because the latency for that instruction is too high
+#     and would push the loop to the point where more bypasses
+#     would be needed, which we don't have space for.
+#   - The above loop runs at around 3.26 cycles/byte, or roughly
+#     440 MByte/sec on a 1.5GHz Madison.  This is well below the
+#     system bus bandwidth and hence with judicious use of
+#     "lfetch" this loop can run at (almost) peak speed even when
+#     the input and output data reside in memory.  The
+#     max. latency that can be tolerated is (PREFETCH_DISTANCE *
+#     L2_LINE_SIZE * 3 cyc), or about 384 cycles assuming (at
+#     least) 1-ahead prefetching of 128 byte cache-lines.  Note
+#     that we do NOT prefetch into L1, since that would only
+#     interfere with the S[] table values stored there.  This is
+#     acceptable because there is a 10 cycle latency between
+#     load and first use of the input data.
+#   - We use a branch to out-of-line bypass-code of cycle-pressure:
+#     we calculate the next J, check for the need to activate the
+#     bypass path, and activate the bypass path ALL IN THE SAME
+#     CYCLE.  If we didn't have these constraints, we could do
+#     the bypass with a simple conditional move instruction.
+#     Fortunately, the bypass paths get activated relatively
+#     infrequently, so the extra branches don't cost all that much
+#     (about 0.04 cycles/byte, measured on a 16396 byte file with
+#     random input data).
+#
+$phases = 4;            # number of stages/phases in the pipelined-loop
+$unroll_count = 6;      # number of times we unrolled it
+$pComI = (1 << 0);
+$pComJ = (1 << 1);
+$pComT = (1 << 2);
+$pOut  = (1 << 3);
+$NData = 4;
+$NIP = 3;
+$NJP = 2;
+$NI = 2;
+$NSI = 3;
+$NSJ = 2;
+$NT = 2;
+$NOutWord = 2;
+#
+# $threshold is the minimum length before we attempt to use the
+# big software-pipelined loop.  It MUST be greater-or-equal
+# to:
+#               PHASES * (UNROLL_COUNT + 1) + 7
+#
+# The "+ 7" comes from the fact we may have to encode up to
+#   7 bytes separately before the output pointer is aligned.
+#
+$threshold = (3 * ($phases * ($unroll_count + 1)) + 7);
+sub I {
+    local *code = shift;
+    local $format = shift;
+    $code .= sprintf ("\t\t".$format."\n", @_);
+}
+sub P {
+    local *code = shift;
+    local $format = shift;
+    $code .= sprintf ($format."\n", @_);
+}
+sub STOP {
+    local *code = shift;
+    $code .=<<___;
+                ;;
+___
+}
+sub emit_body {
+    local *c = shift;
+    local *bypass = shift;
+    local ($iteration, $p) = @_;
+    local $i0 = $iteration;
+    local $i1 = $iteration - 1;
+    local $i2 = $iteration - 2;
+    local $i3 = $iteration - 3;
+    local $iw0 = ($iteration - 3) / 8;
+    local $iw1 = ($iteration > 3) ? ($iteration - 4) / 8 : 1;
+    local $byte_num = ($iteration - 3) % 8;
+    local $label = $iteration + 1;
+    local $pAny = ($p & 0xf) == 0xf;
+    local $pByp = (($p & $pComI) && ($iteration > 0));
+    $c.=<<___;
+//////////////////////////////////////////////////
+___
+    if (($p & 0xf) == 0) {
+        $c.="#ifdef HOST_IS_BIG_ENDIAN\n";
+        &I(\$c,"shr.u   OutWord[%u] = OutWord[%u], 32;;",
+                                $iw1 % $NOutWord, $iw1 % $NOutWord);
+        $c.="#endif\n";
+        &I(\$c, "st4 [OutPtr] = OutWord[%u], 4", $iw1 % $NOutWord);
+        return;
+    }
+    # Cycle 0
+    &I(\$c, "{ .mmi")                                         if ($pAny);
+    &I(\$c, "ld1    Data[%u] = [InPtr], 1", $i0 % $NData)     if ($p & $pComI);
+    &I(\$c, "padd1  I[%u] = One, I[%u]", $i0 % $NI, $i1 % $NI)if ($p & $pComI);
+    &I(\$c, "zxt1   J = J")                                   if ($p & $pComJ);
+    &I(\$c, "}")                                              if ($pAny);
+    &I(\$c, "{ .mmi")                                         if ($pAny);
+    &I(\$c, "LKEY   T[%u] = [T[%u]]", $i1 % $NT, $i1 % $NT)   if ($p & $pOut);
+    &I(\$c, "add    T[%u] = SI[%u], SJ[%u]",
+       $i0 % $NT, $i2 % $NSI, $i1 % $NSJ)                     if ($p & $pComT);
+    &I(\$c, "KEYADDR(IPr[%u], I[%u])", $i0 % $NIP, $i1 % $NI) if ($p & $pComI);
+    &I(\$c, "}")                                              if ($pAny);
+    &STOP(\$c);
+    # Cycle 1
+    &I(\$c, "{ .mmi")                                         if ($pAny);
+    &I(\$c, "SKEY   [IPr[%u]] = SJ[%u]", $i2 % $NIP, $i1%$NSJ)if ($p & $pComT);
+    &I(\$c, "SKEY   [JP[%u]] = SI[%u]", $i1 % $NJP, $i2%$NSI) if ($p & $pComT);
+    &I(\$c, "zxt1   T[%u] = T[%u]", $i0 % $NT, $i0 % $NT)     if ($p & $pComT);
+    &I(\$c, "}")                                              if ($pAny);
+    &I(\$c, "{ .mmi")                                         if ($pAny);
+    &I(\$c, "LKEY   SI[%u] = [IPr[%u]]", $i0 % $NSI, $i0%$NIP)if ($p & $pComI);
+    &I(\$c, "KEYADDR(JP[%u], J)", $i0 % $NJP)                 if ($p & $pComJ);
+    &I(\$c, "xor    Data[%u] = Data[%u], T[%u]",
+       $i3 % $NData, $i3 % $NData, $i1 % $NT)                 if ($p & $pOut);
+    &I(\$c, "}")                                              if ($pAny);
+    &STOP(\$c);
+    # Cycle 2
+    &I(\$c, "{ .mmi")                                         if ($pAny);
+    &I(\$c, "LKEY   SJ[%u] = [JP[%u]]", $i0 % $NSJ, $i0%$NJP) if ($p & $pComJ);
+    &I(\$c, "cmp.eq pBypass, p0 = I[%u], J", $i1 % $NI)       if ($pByp);
+    &I(\$c, "dep OutWord[%u] = Data[%u], OutWord[%u], BYTE_POS(%u), 8",
+       $iw0%$NOutWord, $i3%$NData, $iw1%$NOutWord, $byte_num) if ($p & $pOut);
+    &I(\$c, "}")                                              if ($pAny);
+    &I(\$c, "{ .mmb")                                         if ($pAny);
+    &I(\$c, "add    J = J, SI[%u]", $i0 % $NSI)               if ($p & $pComI);
+    &I(\$c, "KEYADDR(T[%u], T[%u])", $i0 % $NT, $i0 % $NT)    if ($p & $pComT);
+    &P(\$c, "(pBypass)\tbr.cond.spnt.many .rc4Bypass%u",$label)if ($pByp);
+    &I(\$c, "}") if ($pAny);
+    &STOP(\$c);
+    &P(\$c, ".rc4Resume%u:", $label)                          if ($pByp);
+    if ($byte_num == 0 && $iteration >= $phases) {
+        &I(\$c, "st8 [OutPtr] = OutWord[%u], 8",
+           $iw1 % $NOutWord)                                  if ($p & $pOut);
+        if ($iteration == (1 + $unroll_count) * $phases - 1) {
+            if ($unroll_count == 6) {
+                &I(\$c, "mov OutWord[%u] = OutWord[%u]",
+                   $iw1 % $NOutWord, $iw0 % $NOutWord);
+            }
+            &I(\$c, "lfetch.nt1 [InPrefetch], %u",
+               $unroll_count * $phases);
+            &I(\$c, "lfetch.excl.nt1 [OutPrefetch], %u",
+               $unroll_count * $phases);
+            &I(\$c, "br.cloop.sptk.few .rc4Loop");
+        }
+    }
+    if ($pByp) {
+        &P(\$bypass, ".rc4Bypass%u:", $label);
+        &I(\$bypass, "sub J = J, SI[%u]", $i0 % $NSI);
+        &I(\$bypass, "nop 0");
+        &I(\$bypass, "nop 0");
+        &I(\$bypass, ";;");
+        &I(\$bypass, "add J = J, SI[%u]", $i1 % $NSI);
+        &I(\$bypass, "mov SI[%u] = SI[%u]", $i0 % $NSI, $i1 % $NSI);
+        &I(\$bypass, "br.sptk.many .rc4Resume%u\n", $label);
+        &I(\$bypass, ";;");
+    }
+}
+$code=<<___;
+.ident \"rc4-ia64.s, version 3.0\"
+.ident \"Copyright (c) 2005 Hewlett-Packard Development Company, L.P.\"
+#define LCSave          r8
+#define PRSave          r9
+/* Inputs become invalid once rotation begins!  */
+#define StateTable      in0
+#define DataLen         in1
+#define InputBuffer     in2
+#define OutputBuffer    in3
+#define KTable          r14
+#define J               r15
+#define InPtr           r16
+#define OutPtr          r17
+#define InPrefetch      r18
+#define OutPrefetch     r19
+#define One             r20
+#define LoopCount       r21
+#define Remainder       r22
+#define IFinal          r23
+#define EndPtr          r24
+#define tmp0            r25
+#define tmp1            r26
+#define pBypass         p6
+#define pDone           p7
+#define pSmall          p8
+#define pAligned        p9
+#define pUnaligned      p10
+#define pComputeI       pPhase[0]
+#define pComputeJ       pPhase[1]
+#define pComputeT       pPhase[2]
+#define pOutput         pPhase[3]
+#define RetVal          r8
+#define L_OK            p7
+#define L_NOK           p8
+#define _NINPUTS        4
+#define _NOUTPUT        0
+#define _NROTATE        24
+#define _NLOCALS        (_NROTATE - _NINPUTS - _NOUTPUT)
+#ifndef SZ
+# define SZ     4       // this must be set to sizeof(RC4_INT)
+#endif
+#if SZ == 1
+# define LKEY                   ld1
+# define SKEY                   st1
+# define KEYADDR(dst, i)        add dst = i, KTable
+#elif SZ == 2
+# define LKEY                   ld2
+# define SKEY                   st2
+# define KEYADDR(dst, i)        shladd dst = i, 1, KTable
+#elif SZ == 4
+# define LKEY                   ld4
+# define SKEY                   st4
+# define KEYADDR(dst, i)        shladd dst = i, 2, KTable
+#else
+# define LKEY                   ld8
+# define SKEY                   st8
+# define KEYADDR(dst, i)        shladd dst = i, 3, KTable
+#endif
+#if defined(_HPUX_SOURCE) && !defined(_LP64)
+# define ADDP   addp4
+#else
+# define ADDP   add
+#endif
+/* Define a macro for the bit number of the n-th byte: */
+#if defined(_HPUX_SOURCE) || defined(B_ENDIAN)
+# define HOST_IS_BIG_ENDIAN
+# define BYTE_POS(n)    (56 - (8 * (n)))
+#else
+# define BYTE_POS(n)    (8 * (n))
+#endif
+/*
+   We must perform the first phase of the pipeline explicitly since
+   we will always load from the stable the first time. The br.cexit
+   will never be taken since regardless of the number of bytes because
+   the epilogue count is 4.
+*/
+/* MODSCHED_RC4 macro was split to _PROLOGUE and _LOOP, because HP-UX
+   assembler failed on original macro with syntax error. <appro> */
+#define MODSCHED_RC4_PROLOGUE                                              \\
+        {                                                                  \\
+                                ld1             Data[0] = [InPtr], 1;      \\
+                                add             IFinal = 1, I[1];          \\
+                                KEYADDR(IPr[0], I[1]);                     \\
+        } ;;                                                               \\
+        {                                                                  \\
+                                LKEY            SI[0] = [IPr[0]];          \\
+                                mov             pr.rot = 0x10000;          \\
+                                mov             ar.ec = 4;                 \\
+        } ;;                                                               \\
+        {                                                                  \\
+                                add             J = J, SI[0];              \\
+                                zxt1            I[0] = IFinal;             \\
+                                br.cexit.spnt.few .+16; /* never taken */  \\
+        } ;;
+#define MODSCHED_RC4_LOOP(label)                                           \\
+label:                                                                     \\
+        {       .mmi;                                                      \\
+                (pComputeI)     ld1             Data[0] = [InPtr], 1;      \\
+                (pComputeI)     add             IFinal = 1, I[1];          \\
+                (pComputeJ)     zxt1            J = J;                     \\
+        }{      .mmi;                                                      \\
+                (pOutput)       LKEY            T[1] = [T[1]];             \\
+                (pComputeT)     add             T[0] = SI[2], SJ[1];       \\
+                (pComputeI)     KEYADDR(IPr[0], I[1]);                     \\
+        } ;;                                                               \\
+        {       .mmi;                                                      \\
+                (pComputeT)     SKEY            [IPr[2]] = SJ[1];          \\
+                (pComputeT)     SKEY            [JP[1]] = SI[2];           \\
+                (pComputeT)     zxt1            T[0] = T[0];               \\
+        }{      .mmi;                                                      \\
+                (pComputeI)     LKEY            SI[0] = [IPr[0]];          \\
+                (pComputeJ)     KEYADDR(JP[0], J);                         \\
+                (pComputeI)     cmp.eq.unc      pBypass, p0 = I[1], J;     \\
+        } ;;                                                               \\
+        {       .mmi;                                                      \\
+                (pComputeJ)     LKEY            SJ[0] = [JP[0]];           \\
+                (pOutput)       xor             Data[3] = Data[3], T[1];   \\
+                                nop             0x0;                       \\
+        }{      .mmi;                                                      \\
+                (pComputeT)     KEYADDR(T[0], T[0]);                       \\
+                (pBypass)       mov             SI[0] = SI[1];             \\
+                (pComputeI)     zxt1            I[0] = IFinal;             \\
+        } ;;                                                               \\
+        {       .mmb;                                                      \\
+                (pOutput)       st1             [OutPtr] = Data[3], 1;     \\
+                (pComputeI)     add             J = J, SI[0];              \\
+                                br.ctop.sptk.few label;                    \\
+        } ;;
+        .text
+        .align  32
+        .type   RC4, \@function
+        .global RC4
+        .proc   RC4
+        .prologue
+RC4:
+        {
+                .mmi
+                alloc   r2 = ar.pfs, _NINPUTS, _NLOCALS, _NOUTPUT, _NROTATE
+                .rotr Data[4], I[2], IPr[3], SI[3], JP[2], SJ[2], T[2], \\
+                      OutWord[2]
+                .rotp pPhase[4]
+                ADDP            InPrefetch = 0, InputBuffer
+                ADDP            KTable = 0, StateTable
+        }
+        {
+                .mmi
+                ADDP            InPtr = 0, InputBuffer
+                ADDP            OutPtr = 0, OutputBuffer
+                mov             RetVal = r0
+        }
+        ;;
+        {
+                .mmi
+                lfetch.nt1      [InPrefetch], 0x80
+                ADDP            OutPrefetch = 0, OutputBuffer
+        }
+        {               // Return 0 if the input length is nonsensical
+                .mib
+                ADDP            StateTable = 0, StateTable
+                cmp.ge.unc      L_NOK, L_OK = r0, DataLen
+        (L_NOK) br.ret.sptk.few rp
+        }
+        ;;
+        {
+                .mib
+                cmp.eq.or       L_NOK, L_OK = r0, InPtr
+                cmp.eq.or       L_NOK, L_OK = r0, OutPtr
+                nop             0x0
+        }
+        {
+                .mib
+                cmp.eq.or       L_NOK, L_OK = r0, StateTable
+                nop             0x0
+        (L_NOK) br.ret.sptk.few rp
+        }
+        ;;
+                LKEY            I[1] = [KTable], SZ
+/* Prefetch the state-table. It contains 256 elements of size SZ */
+#if SZ == 1
+                ADDP            tmp0 = 1*128, StateTable
+#elif SZ == 2
+                ADDP            tmp0 = 3*128, StateTable
+                ADDP            tmp1 = 2*128, StateTable
+#elif SZ == 4
+                ADDP            tmp0 = 7*128, StateTable
+                ADDP            tmp1 = 6*128, StateTable
+#elif SZ == 8
+                ADDP            tmp0 = 15*128, StateTable
+                ADDP            tmp1 = 14*128, StateTable
+#endif
+                ;;
+#if SZ >= 8
+                lfetch.fault.nt1                [tmp0], -256    // 15
+                lfetch.fault.nt1                [tmp1], -256;;
+                lfetch.fault.nt1                [tmp0], -256    // 13
+                lfetch.fault.nt1                [tmp1], -256;;
+                lfetch.fault.nt1                [tmp0], -256    // 11
+                lfetch.fault.nt1                [tmp1], -256;;
+                lfetch.fault.nt1                [tmp0], -256    //  9
+                lfetch.fault.nt1                [tmp1], -256;;
+#endif
+#if SZ >= 4
+                lfetch.fault.nt1                [tmp0], -256    //  7
+                lfetch.fault.nt1                [tmp1], -256;;
+                lfetch.fault.nt1                [tmp0], -256    //  5
+                lfetch.fault.nt1                [tmp1], -256;;
+#endif
+#if SZ >= 2
+                lfetch.fault.nt1                [tmp0], -256    //  3
+                lfetch.fault.nt1                [tmp1], -256;;
+#endif
+        {
+                .mii
+                lfetch.fault.nt1                [tmp0]          //  1
+                add             I[1]=1,I[1];;
+                zxt1            I[1]=I[1]
+        }
+        {
+                .mmi
+                lfetch.nt1      [InPrefetch], 0x80
+                lfetch.excl.nt1 [OutPrefetch], 0x80
+                .save           pr, PRSave
+                mov             PRSave = pr
+        } ;;
+        {
+                .mmi
+                lfetch.excl.nt1 [OutPrefetch], 0x80
+                LKEY            J = [KTable], SZ
+                ADDP            EndPtr = DataLen, InPtr
+        }  ;;
+        {
+                .mmi
+                ADDP            EndPtr = -1, EndPtr     // Make it point to
+                                                        // last data byte.
+                mov             One = 1
+                .save           ar.lc, LCSave
+                mov             LCSave = ar.lc
+                .body
+        } ;;
+        {
+                .mmb
+                sub             Remainder = 0, OutPtr
+                cmp.gtu         pSmall, p0 = $threshold, DataLen
+(pSmall)        br.cond.dpnt    .rc4Remainder           // Data too small for
+                                                        // big loop.
+        } ;;
+        {
+                .mmi
+                and             Remainder = 0x7, Remainder
+                ;;
+                cmp.eq          pAligned, pUnaligned = Remainder, r0
+                nop             0x0
+        } ;;
+        {
+                .mmb
+.pred.rel       "mutex",pUnaligned,pAligned
+(pUnaligned)    add             Remainder = -1, Remainder
+(pAligned)      sub             Remainder = EndPtr, InPtr
+(pAligned)      br.cond.dptk.many .rc4Aligned
+        } ;;
+        {
+                .mmi
+                nop             0x0
+                nop             0x0
+                mov.i           ar.lc = Remainder
+        }
+/* Do the initial few bytes via the compact, modulo-scheduled loop
+   until the output pointer is 8-byte-aligned.  */
+                MODSCHED_RC4_PROLOGUE
+                MODSCHED_RC4_LOOP(.RC4AlignLoop)
+        {
+                .mib
+                sub             Remainder = EndPtr, InPtr
+                zxt1            IFinal = IFinal
+                clrrrb                          // Clear CFM.rrb.pr so
+                ;;                              // next "mov pr.rot = N"
+                                                // does the right thing.
+        }
+        {
+                .mmi
+                mov             I[1] = IFinal
+                nop             0x0
+                nop             0x0
+        } ;;
+.rc4Aligned:
+/*
+   Unrolled loop count = (Remainder - ($unroll_count+1)*$phases)/($unroll_count*$phases)
+ */
+        {
+                .mlx
+                add     LoopCount = 1 - ($unroll_count + 1)*$phases, Remainder
+                movl            Remainder = 0xaaaaaaaaaaaaaaab
+        } ;;
+        {
+                .mmi
+                setf.sig        f6 = LoopCount          // M2, M3       6 cyc
+                setf.sig        f7 = Remainder          // M2, M3       6 cyc
+                nop             0x0
+        } ;;
+        {
+                .mfb
+                nop             0x0
+                xmpy.hu         f6 = f6, f7
+                nop             0x0
+        } ;;
+        {
+                .mmi
+                getf.sig        LoopCount = f6;;        // M2           5 cyc
+                nop             0x0
+                shr.u           LoopCount = LoopCount, 4
+        } ;;
+        {
+                .mmi
+                nop             0x0
+                nop             0x0
+                mov.i           ar.lc = LoopCount
+        } ;;
+/* Now comes the unrolled loop: */
+.rc4Prologue:
+___
+$iteration = 0;
+# Generate the prologue:
+$predicates = 1;
+for ($i = 0; $i < $phases; ++$i) {
+    &emit_body (\$code, \$bypass, $iteration++, $predicates);
+    $predicates = ($predicates << 1) | 1;
+}
+$code.=<<___;
+.rc4Loop:
+___
+# Generate the body:
+for ($i = 0; $i < $unroll_count*$phases; ++$i) {
+    &emit_body (\$code, \$bypass, $iteration++, $predicates);
+}
+$code.=<<___;
+.rc4Epilogue:
+___
+# Generate the epilogue:
+for ($i = 0; $i < $phases; ++$i) {
+    $predicates <<= 1;
+    &emit_body (\$code, \$bypass, $iteration++, $predicates);
+}
+$code.=<<___;
+        {
+                .mmi
+                lfetch.nt1      [EndPtr]        // fetch line with last byte
+                mov             IFinal = I[1]
+                nop             0x0
+        }
+.rc4Remainder:
+        {
+                .mmi
+                sub             Remainder = EndPtr, InPtr       // Calculate
+                                                                // # of bytes
+                                                                // left - 1
+                nop             0x0
+                nop             0x0
+        } ;;
+        {
+                .mib
+                cmp.eq          pDone, p0 = -1, Remainder // done already?
+                mov.i           ar.lc = Remainder
+(pDone)         br.cond.dptk.few .rc4Complete
+        }
+/* Do the remaining bytes via the compact, modulo-scheduled loop */
+                MODSCHED_RC4_PROLOGUE
+                MODSCHED_RC4_LOOP(.RC4RestLoop)
+.rc4Complete:
+        {
+                .mmi
+                add             KTable = -SZ, KTable
+                add             IFinal = -1, IFinal
+                mov             ar.lc = LCSave
+        } ;;
+        {
+                .mii
+                SKEY            [KTable] = J,-SZ
+                zxt1            IFinal = IFinal
+                mov             pr = PRSave, 0x1FFFF
+        } ;;
+        {
+                .mib
+                SKEY            [KTable] = IFinal
+                add             RetVal = 1, r0
+                br.ret.sptk.few rp
+        } ;;
+___
+# Last but not least, emit the code for the bypass-code of the unrolled loop:
+$code.=$bypass;
+$code.=<<___;
+        .endp RC4
+___
+print $code;
diff --git a/src/lib/libcrypto/rc4/asm/rc4-s390x.pl b/src/lib/libcrypto/rc4/asm/rc4-s390x.pl
new file mode 100644
index 0000000000..96681fa05e
--- /dev/null
+++ b/src/lib/libcrypto/rc4/asm/rc4-s390x.pl
@@ -0,0 +1,205 @@
+#!/usr/bin/env perl
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# February 2009
+#
+# Performance is 2x of gcc 3.4.6 on z10. Coding "secret" is to
+# "cluster" Address Generation Interlocks, so that one pipeline stall
+# resolves several dependencies.
+$rp="%r14";
+$sp="%r15";
+$code=<<___;
+.text
+___
+# void RC4(RC4_KEY *key,size_t len,const void *inp,void *out)
+{
+$acc="%r0";
+$cnt="%r1";
+$key="%r2";
+$len="%r3";
+$inp="%r4";
+$out="%r5";
+@XX=("%r6","%r7");
+@TX=("%r8","%r9");
+$YY="%r10";
+$TY="%r11";
+$code.=<<___;
+.globl  RC4
+.type   RC4,\@function
+.align  64
+RC4:
+        stmg    %r6,%r11,48($sp)
+        llgc    $XX[0],0($key)
+        llgc    $YY,1($key)
+        la      $XX[0],1($XX[0])
+        nill    $XX[0],0xff
+        srlg    $cnt,$len,3
+        ltgr    $cnt,$cnt
+        llgc    $TX[0],2($XX[0],$key)
+        jz      .Lshort
+        j       .Loop8
+.align  64
+.Loop8:
+___
+for ($i=0;$i<8;$i++) {
+$code.=<<___;
+        la      $YY,0($YY,$TX[0])       # $i
+        nill    $YY,255
+        la      $XX[1],1($XX[0])
+        nill    $XX[1],255
+___
+$code.=<<___ if ($i==1);
+        llgc    $acc,2($TY,$key)
+___
+$code.=<<___ if ($i>1);
+        sllg    $acc,$acc,8
+        ic      $acc,2($TY,$key)
+___
+$code.=<<___;
+        llgc    $TY,2($YY,$key)
+        stc     $TX[0],2($YY,$key)
+        llgc    $TX[1],2($XX[1],$key)
+        stc     $TY,2($XX[0],$key)
+        cr      $XX[1],$YY
+        jne     .Lcmov$i
+        la      $TX[1],0($TX[0])
+.Lcmov$i:
+        la      $TY,0($TY,$TX[0])
+        nill    $TY,255
+___
+push(@TX,shift(@TX)); push(@XX,shift(@XX));     # "rotate" registers
+}
+$code.=<<___;
+        lg      $TX[1],0($inp)
+        sllg    $acc,$acc,8
+        la      $inp,8($inp)
+        ic      $acc,2($TY,$key)
+        xgr     $acc,$TX[1]
+        stg     $acc,0($out)
+        la      $out,8($out)
+        brct    $cnt,.Loop8
+.Lshort:
+        lghi    $acc,7
+        ngr     $len,$acc
+        jz      .Lexit
+        j       .Loop1
+.align  16
+.Loop1:
+        la      $YY,0($YY,$TX[0])
+        nill    $YY,255
+        llgc    $TY,2($YY,$key)
+        stc     $TX[0],2($YY,$key)
+        stc     $TY,2($XX[0],$key)
+        ar      $TY,$TX[0]
+        ahi     $XX[0],1
+        nill    $TY,255
+        nill    $XX[0],255
+        llgc    $acc,0($inp)
+        la      $inp,1($inp)
+        llgc    $TY,2($TY,$key)
+        llgc    $TX[0],2($XX[0],$key)
+        xr      $acc,$TY
+        stc     $acc,0($out)
+        la      $out,1($out)
+        brct    $len,.Loop1
+.Lexit:
+        ahi     $XX[0],-1
+        stc     $XX[0],0($key)
+        stc     $YY,1($key)
+        lmg     %r6,%r11,48($sp)
+        br      $rp
+.size   RC4,.-RC4
+.string "RC4 for s390x, CRYPTOGAMS by <appro\@openssl.org>"
+___
+}
+# void RC4_set_key(RC4_KEY *key,unsigned int len,const void *inp)
+{
+$cnt="%r0";
+$idx="%r1";
+$key="%r2";
+$len="%r3";
+$inp="%r4";
+$acc="%r5";
+$dat="%r6";
+$ikey="%r7";
+$iinp="%r8";
+$code.=<<___;
+.globl  RC4_set_key
+.type   RC4_set_key,\@function
+.align  64
+RC4_set_key:
+        stmg    %r6,%r8,48($sp)
+        lhi     $cnt,256
+        la      $idx,0(%r0)
+        sth     $idx,0($key)
+.align  4
+.L1stloop:
+        stc     $idx,2($idx,$key)
+        la      $idx,1($idx)
+        brct    $cnt,.L1stloop
+        lghi    $ikey,-256
+        lr      $cnt,$len
+        la      $iinp,0(%r0)
+        la      $idx,0(%r0)
+.align  16
+.L2ndloop:
+        llgc    $acc,2+256($ikey,$key)
+        llgc    $dat,0($iinp,$inp)
+        la      $idx,0($idx,$acc)
+        la      $ikey,1($ikey)
+        la      $idx,0($idx,$dat)
+        nill    $idx,255
+        la      $iinp,1($iinp)
+        tml     $ikey,255
+        llgc    $dat,2($idx,$key)
+        stc     $dat,2+256-1($ikey,$key)
+        stc     $acc,2($idx,$key)
+        jz      .Ldone
+        brct    $cnt,.L2ndloop
+        lr      $cnt,$len
+        la      $iinp,0(%r0)
+        j       .L2ndloop
+.Ldone:
+        lmg     %r6,%r8,48($sp)
+        br      $rp
+.size   RC4_set_key,.-RC4_set_key
+___
+}
+# const char *RC4_options()
+$code.=<<___;
+.globl  RC4_options
+.type   RC4_options,\@function
+.align  16
+RC4_options:
+        larl    %r2,.Loptions
+        br      %r14
+.size   RC4_options,.-RC4_options
+.section        .rodata
+.Loptions:
+.align  8
+.string "rc4(8x,char)"
+___
+print $code;
diff --git a/src/lib/libcrypto/rc4/asm/rc4-x86_64.pl b/src/lib/libcrypto/rc4/asm/rc4-x86_64.pl
index 00c6fa28aa..677be5fe25 100755
--- a/src/lib/libcrypto/rc4/asm/rc4-x86_64.pl
+++ b/src/lib/libcrypto/rc4/asm/rc4-x86_64.pl
@@ -58,14 +58,18 @@
 # fit for Core2 and therefore the code was modified to skip cloop8 on
 # this CPU.
-$output=shift;
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
 $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
 ( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
 ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
 die "can't locate x86_64-xlate.pl";
-open STDOUT,"| $^X $xlate $output";
+open STDOUT,"| $^X $xlate $flavour $output";
 $dat="%rdi";        # arg1
 $len="%rsi";        # arg2
@@ -87,8 +91,10 @@ RC4:	or	$len,$len
        jne     .Lentry
        ret
 .Lentry:
+        push    %rbx
        push    %r12
        push    %r13
+.Lprologue:
        add     \$8,$dat
        movl    -8($dat),$XX[0]#d
@@ -133,16 +139,8 @@ $code.=<<___;
        jnz     .Lloop8
        cmp     \$0,$len
        jne     .Lloop1
-___
+        jmp     .Lexit
-$code.=<<___;
-.Lexit:
-        sub     \$1,$XX[0]#b
-        movl    $XX[0]#d,-8($dat)
-        movl    $YY#d,-4($dat)
-        pop     %r13
-        pop     %r12
-        ret
 .align  16
 .Lloop1:
        add     $TX[0]#b,$YY#b
@@ -167,9 +165,8 @@ $code.=<<___;
        movzb   ($dat,$XX[0]),$TX[0]#d
        test    \$-8,$len
        jz      .Lcloop1
-        cmp     \$0,260($dat)
+        cmpl    \$0,260($dat)
        jnz     .Lcloop1
-        push    %rbx
        jmp     .Lcloop8
 .align  16
 .Lcloop8:
@@ -224,7 +221,6 @@ $code.=<<___;
        test    \$-8,$len
        jnz     .Lcloop8
-        pop     %rbx
        cmp     \$0,$len
        jne     .Lcloop1
        jmp     .Lexit
@@ -249,6 +245,19 @@ $code.=<<___;
        sub     \$1,$len
        jnz     .Lcloop1
        jmp     .Lexit
+.align  16
+.Lexit:
+        sub     \$1,$XX[0]#b
+        movl    $XX[0]#d,-8($dat)
+        movl    $YY#d,-4($dat)
+        mov     (%rsp),%r13
+        mov     8(%rsp),%r12
+        mov     16(%rsp),%rbx
+        add     \$24,%rsp
+.Lepilogue:
+        ret
 .size   RC4,.-RC4
 ___
@@ -333,11 +342,10 @@ RC4_set_key:
 .size   RC4_set_key,.-RC4_set_key
 .globl  RC4_options
-.type   RC4_options,\@function,0
+.type   RC4_options,\@abi-omnipotent
 .align  16
 RC4_options:
-        .picmeup %rax
+        lea     .Lopts(%rip),%rax
-        lea     .Lopts-.(%rax),%rax
        mov     OPENSSL_ia32cap_P(%rip),%edx
        bt      \$20,%edx
        jnc     .Ldone
@@ -357,9 +365,139 @@ RC4_options:
 .size   RC4_options,.-RC4_options
 ___
-$code =~ s/#([bwd])/$1/gm;
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#               CONTEXT *context,DISPATCHER_CONTEXT *disp)
+if ($win64) {
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+$code.=<<___;
+.extern __imp_RtlVirtualUnwind
+.type   stream_se_handler,\@abi-omnipotent
+.align  16
+stream_se_handler:
+        push    %rsi
+        push    %rdi
+        push    %rbx
+        push    %rbp
+        push    %r12
+        push    %r13
+        push    %r14
+        push    %r15
+        pushfq
+        sub     \$64,%rsp
-$code =~ s/RC4_set_key/private_RC4_set_key/g if ($ENV{FIPSCANLIB} ne "");
+        mov     120($context),%rax      # pull context->Rax
+        mov     248($context),%rbx      # pull context->Rip
+        lea     .Lprologue(%rip),%r10
+        cmp     %r10,%rbx               # context->Rip<prologue label
+        jb      .Lin_prologue
+        mov     152($context),%rax      # pull context->Rsp
+        lea     .Lepilogue(%rip),%r10
+        cmp     %r10,%rbx               # context->Rip>=epilogue label
+        jae     .Lin_prologue
+        lea     24(%rax),%rax
+        mov     -8(%rax),%rbx
+        mov     -16(%rax),%r12
+        mov     -24(%rax),%r13
+        mov     %rbx,144($context)      # restore context->Rbx
+        mov     %r12,216($context)      # restore context->R12
+        mov     %r13,224($context)      # restore context->R13
+.Lin_prologue:
+        mov     8(%rax),%rdi
+        mov     16(%rax),%rsi
+        mov     %rax,152($context)      # restore context->Rsp
+        mov     %rsi,168($context)      # restore context->Rsi
+        mov     %rdi,176($context)      # restore context->Rdi
+        jmp     .Lcommon_seh_exit
+.size   stream_se_handler,.-stream_se_handler
+.type   key_se_handler,\@abi-omnipotent
+.align  16
+key_se_handler:
+        push    %rsi
+        push    %rdi
+        push    %rbx
+        push    %rbp
+        push    %r12
+        push    %r13
+        push    %r14
+        push    %r15
+        pushfq
+        sub     \$64,%rsp
+        mov     152($context),%rax      # pull context->Rsp
+        mov     8(%rax),%rdi
+        mov     16(%rax),%rsi
+        mov     %rsi,168($context)      # restore context->Rsi
+        mov     %rdi,176($context)      # restore context->Rdi
+.Lcommon_seh_exit:
+        mov     40($disp),%rdi          # disp->ContextRecord
+        mov     $context,%rsi           # context
+        mov     \$154,%ecx              # sizeof(CONTEXT)
+        .long   0xa548f3fc              # cld; rep movsq
+        mov     $disp,%rsi
+        xor     %rcx,%rcx               # arg1, UNW_FLAG_NHANDLER
+        mov     8(%rsi),%rdx            # arg2, disp->ImageBase
+        mov     0(%rsi),%r8             # arg3, disp->ControlPc
+        mov     16(%rsi),%r9            # arg4, disp->FunctionEntry
+        mov     40(%rsi),%r10           # disp->ContextRecord
+        lea     56(%rsi),%r11           # &disp->HandlerData
+        lea     24(%rsi),%r12           # &disp->EstablisherFrame
+        mov     %r10,32(%rsp)           # arg5
+        mov     %r11,40(%rsp)           # arg6
+        mov     %r12,48(%rsp)           # arg7
+        mov     %rcx,56(%rsp)           # arg8, (NULL)
+        call    *__imp_RtlVirtualUnwind(%rip)
+        mov     \$1,%eax                # ExceptionContinueSearch
+        add     \$64,%rsp
+        popfq
+        pop     %r15
+        pop     %r14
+        pop     %r13
+        pop     %r12
+        pop     %rbp
+        pop     %rbx
+        pop     %rdi
+        pop     %rsi
+        ret
+.size   key_se_handler,.-key_se_handler
+.section        .pdata
+.align  4
+        .rva    .LSEH_begin_RC4
+        .rva    .LSEH_end_RC4
+        .rva    .LSEH_info_RC4
+        .rva    .LSEH_begin_RC4_set_key
+        .rva    .LSEH_end_RC4_set_key
+        .rva    .LSEH_info_RC4_set_key
+.section        .xdata
+.align  8
+.LSEH_info_RC4:
+        .byte   9,0,0,0
+        .rva    stream_se_handler
+.LSEH_info_RC4_set_key:
+        .byte   9,0,0,0
+        .rva    key_se_handler
+___
+}
+$code =~ s/#([bwd])/$1/gm;
 print $code;
diff --git a/src/lib/libcrypto/rc4/rc4.h b/src/lib/libcrypto/rc4/rc4.h
index 2d8620d33b..29d1acccf5 100644
--- a/src/lib/libcrypto/rc4/rc4.h
+++ b/src/lib/libcrypto/rc4/rc4.h
@@ -64,6 +64,8 @@
 #error RC4 is disabled.
 #endif
+#include <stddef.h>
 #ifdef  __cplusplus
 extern "C" {
 #endif
@@ -76,11 +78,8 @@ typedef struct rc4_key_st
 
 const char *RC4_options(void);
-#ifdef OPENSSL_FIPS
-void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
-#endif
 void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
-void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
+void RC4(RC4_KEY *key, size_t len, const unsigned char *indata,
                unsigned char *outdata);
 #ifdef  __cplusplus
diff --git a/src/lib/libcrypto/rc4/rc4_enc.c b/src/lib/libcrypto/rc4/rc4_enc.c
index 0660ea60a2..8c4fc6c7a3 100644
--- a/src/lib/libcrypto/rc4/rc4_enc.c
+++ b/src/lib/libcrypto/rc4/rc4_enc.c
@@ -67,12 +67,12 @@
 * Date: Wed, 14 Sep 1994 06:35:31 GMT
 */
-void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
+void RC4(RC4_KEY *key, size_t len, const unsigned char *indata,
             unsigned char *outdata)
        {
        register RC4_INT *d;
        register RC4_INT x,y,tx,ty;
-        int i;
+        size_t i;
        
        x=key->x;     
        y=key->y;     
@@ -120,8 +120,8 @@ void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
                        (RC4_CHUNK)d[(tx+ty)&0xff]\
                        )
-        if ( ( ((unsigned long)indata  & (sizeof(RC4_CHUNK)-1)) | 
+        if ( ( ((size_t)indata  & (sizeof(RC4_CHUNK)-1)) | 
-               ((unsigned long)outdata & (sizeof(RC4_CHUNK)-1)) ) == 0 )
+               ((size_t)outdata & (sizeof(RC4_CHUNK)-1)) ) == 0 )
                {
                RC4_CHUNK ichunk,otp;
                const union { long one; char little; } is_endian = {1};
@@ -157,7 +157,7 @@ void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
                if (!is_endian.little)
                        {       /* BIG-ENDIAN CASE */
 # define BESHFT(c)      (((sizeof(RC4_CHUNK)-(c)-1)*8)&(sizeof(RC4_CHUNK)*8-1))
-                        for (;len&~(sizeof(RC4_CHUNK)-1);len-=sizeof(RC4_CHUNK))
+                        for (;len&(0-sizeof(RC4_CHUNK));len-=sizeof(RC4_CHUNK))
                                {
                                ichunk  = *(RC4_CHUNK *)indata;
                                otp  = RC4_STEP<<BESHFT(0);
@@ -210,7 +210,7 @@ void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
                else
                        {       /* LITTLE-ENDIAN CASE */
 # define LESHFT(c)      (((c)*8)&(sizeof(RC4_CHUNK)*8-1))
-                        for (;len&~(sizeof(RC4_CHUNK)-1);len-=sizeof(RC4_CHUNK))
+                        for (;len&(0-sizeof(RC4_CHUNK));len-=sizeof(RC4_CHUNK))
                                {
                                ichunk  = *(RC4_CHUNK *)indata;
                                otp  = RC4_STEP;
@@ -276,7 +276,7 @@ void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
 #define RC4_LOOP(a,b,i) LOOP(a[i],b[i])
 #endif
-        i=(int)(len>>3L);
+        i=len>>3;
        if (i)
                {
                for (;;)
@@ -296,7 +296,7 @@ void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
                        if (--i == 0) break;
                        }
                }
-        i=(int)len&0x07;
+        i=len&0x07;
        if (i)
                {
                for (;;)
diff --git a/src/lib/libcrypto/rc4/rc4_skey.c b/src/lib/libcrypto/rc4/rc4_skey.c
index 4478d1a4b3..b22c40b0bd 100644
--- a/src/lib/libcrypto/rc4/rc4_skey.c
+++ b/src/lib/libcrypto/rc4/rc4_skey.c
@@ -59,11 +59,6 @@
 #include <openssl/rc4.h>
 #include "rc4_locl.h"
 #include <openssl/opensslv.h>
-#include <openssl/crypto.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 const char RC4_version[]="RC4" OPENSSL_VERSION_PTEXT;
@@ -90,11 +85,7 @@ const char *RC4_options(void)
 * Date: Wed, 14 Sep 1994 06:35:31 GMT
 */
-#ifdef OPENSSL_FIPS
-void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data)
-#else
 void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data)
-#endif
        {
        register RC4_INT tmp;
        register int id1,id2;
@@ -128,20 +119,14 @@ void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data)
                 * implementations suffer from significant performance
                 * losses then, e.g. PIII exhibits >2x deterioration,
                 * and so does Opteron. In order to assure optimal
-                 * all-round performance, we detect P4 at run-time by
+                 * all-round performance, let us [try to] detect P4 at
-                 * checking upon reserved bit 20 in CPU capability
+                 * run-time by checking upon HTT bit in CPU capability
                 * vector and set up compressed key schedule, which is
                 * recognized by correspondingly updated assembler
-                 * module... Bit 20 is set up by OPENSSL_ia32_cpuid.
+                 * module...
-                 *
                 *                              <appro@fy.chalmers.se>
                 */
-#ifdef OPENSSL_FIPS
-                unsigned long *ia32cap_ptr = OPENSSL_ia32cap_loc();
-                if (ia32cap_ptr && (*ia32cap_ptr & (1<<28))) {
-#else
                if (OPENSSL_ia32cap_P & (1<<28)) {
-#endif
                        unsigned char *cp=(unsigned char *)d;
                        for (i=0;i<256;i++) cp[i]=i;
diff --git a/src/lib/libcrypto/ripemd/asm/rmd-586.pl b/src/lib/libcrypto/ripemd/asm/rmd-586.pl
index 4f3c4c967f..e8b2bc2db2 100644
--- a/src/lib/libcrypto/ripemd/asm/rmd-586.pl
+++ b/src/lib/libcrypto/ripemd/asm/rmd-586.pl
@@ -5,7 +5,8 @@
 $normal=0;
-push(@INC,"perlasm","../../perlasm");
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
 require "x86asm.pl";
 &asm_init($ARGV[0],$0);
diff --git a/src/lib/libcrypto/ripemd/ripemd.h b/src/lib/libcrypto/ripemd/ripemd.h
index 3b6d04386d..5942eb6180 100644
--- a/src/lib/libcrypto/ripemd/ripemd.h
+++ b/src/lib/libcrypto/ripemd/ripemd.h
@@ -70,7 +70,7 @@ extern "C" {
 #error RIPEMD is disabled.
 #endif
-#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)
+#if defined(__LP32__)
 #define RIPEMD160_LONG unsigned long
 #elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
 #define RIPEMD160_LONG unsigned long
@@ -90,9 +90,7 @@ typedef struct RIPEMD160state_st
        RIPEMD160_LONG data[RIPEMD160_LBLOCK];
        unsigned int   num;
        } RIPEMD160_CTX;
-#ifdef OPENSSL_FIPS
-int private_RIPEMD160_Init(RIPEMD160_CTX *c);
-#endif
 int RIPEMD160_Init(RIPEMD160_CTX *c);
 int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, size_t len);
 int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c);
diff --git a/src/lib/libcrypto/ripemd/rmd_dgst.c b/src/lib/libcrypto/ripemd/rmd_dgst.c
index ead11d075a..59b017f8c0 100644
--- a/src/lib/libcrypto/ripemd/rmd_dgst.c
+++ b/src/lib/libcrypto/ripemd/rmd_dgst.c
@@ -59,11 +59,6 @@
 #include <stdio.h>
 #include "rmd_locl.h"
 #include <openssl/opensslv.h>
-#include <openssl/err.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 const char RMD160_version[]="RIPE-MD160" OPENSSL_VERSION_PTEXT;
@@ -74,16 +69,14 @@ const char RMD160_version[]="RIPE-MD160" OPENSSL_VERSION_PTEXT;
     void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p,size_t num);
 #  endif
-FIPS_NON_FIPS_MD_Init(RIPEMD160)
+int RIPEMD160_Init(RIPEMD160_CTX *c)
        {
+        memset (c,0,sizeof(*c));
        c->A=RIPEMD160_A;
        c->B=RIPEMD160_B;
        c->C=RIPEMD160_C;
        c->D=RIPEMD160_D;
        c->E=RIPEMD160_E;
-        c->Nl=0;
-        c->Nh=0;
-        c->num=0;
        return 1;
        }
diff --git a/src/lib/libcrypto/ripemd/rmd_locl.h b/src/lib/libcrypto/ripemd/rmd_locl.h
index ce12a8000e..f14b346e66 100644
--- a/src/lib/libcrypto/ripemd/rmd_locl.h
+++ b/src/lib/libcrypto/ripemd/rmd_locl.h
@@ -72,7 +72,7 @@
 */
 #ifdef RMD160_ASM
 # if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
-#  define ripemd160_block_host_order ripemd160_block_asm_data_order
+#  define ripemd160_block_data_order ripemd160_block_asm_data_order
 # endif
 #endif
diff --git a/src/lib/libcrypto/rsa/rsa.h b/src/lib/libcrypto/rsa/rsa.h
index 5bb932ae15..cf74343657 100644
--- a/src/lib/libcrypto/rsa/rsa.h
+++ b/src/lib/libcrypto/rsa/rsa.h
@@ -74,25 +74,6 @@
 #error RSA is disabled.
 #endif
-/* If this flag is set the RSA method is FIPS compliant and can be used
- * in FIPS mode. This is set in the validated module method. If an
- * application sets this flag in its own methods it is its reposibility
- * to ensure the result is compliant.
- */
-#define RSA_FLAG_FIPS_METHOD                    0x0400
-/* If this flag is set the operations normally disabled in FIPS mode are
- * permitted it is then the applications responsibility to ensure that the
- * usage is compliant.
- */
-#define RSA_FLAG_NON_FIPS_ALLOW                 0x0400
-#ifdef OPENSSL_FIPS
-#define FIPS_RSA_SIZE_T int
-#endif
 #ifdef  __cplusplus
 extern "C" {
 #endif
@@ -136,7 +117,8 @@ struct rsa_meth_st
                unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
        int (*rsa_verify)(int dtype,
                const unsigned char *m, unsigned int m_length,
-                unsigned char *sigbuf, unsigned int siglen, const RSA *rsa);
+                const unsigned char *sigbuf, unsigned int siglen,
+                                                                const RSA *rsa);
 /* If this callback is NULL, the builtin software RSA key-gen will be used. This
 * is for behavioural compatibility whilst the code gets rewired, but one day
 * it would be nice to assume there are no such things as "builtin software"
@@ -182,8 +164,6 @@ struct rsa_st
 # define OPENSSL_RSA_MAX_MODULUS_BITS   16384
 #endif
-#define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 1024
 #ifndef OPENSSL_RSA_SMALL_MODULUS_BITS
 # define OPENSSL_RSA_SMALL_MODULUS_BITS 3072
 #endif
@@ -238,11 +218,37 @@ struct rsa_st
 #endif
+#define EVP_PKEY_CTX_set_rsa_padding(ctx, pad) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, -1, EVP_PKEY_CTRL_RSA_PADDING, \
+                                pad, NULL)
+#define EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, len) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, \
+                                (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \
+                                EVP_PKEY_CTRL_RSA_PSS_SALTLEN, \
+                                len, NULL)
+#define EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_KEYGEN, \
+                                EVP_PKEY_CTRL_RSA_KEYGEN_BITS, bits, NULL)
+#define EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_KEYGEN, \
+                                EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, 0, pubexp)
+#define EVP_PKEY_CTRL_RSA_PADDING       (EVP_PKEY_ALG_CTRL + 1)
+#define EVP_PKEY_CTRL_RSA_PSS_SALTLEN   (EVP_PKEY_ALG_CTRL + 2)
+#define EVP_PKEY_CTRL_RSA_KEYGEN_BITS   (EVP_PKEY_ALG_CTRL + 3)
+#define EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP (EVP_PKEY_ALG_CTRL + 4)
 #define RSA_PKCS1_PADDING       1
 #define RSA_SSLV23_PADDING      2
 #define RSA_NO_PADDING          3
 #define RSA_PKCS1_OAEP_PADDING  4
 #define RSA_X931_PADDING        5
+/* EVP_PKEY_ only */
+#define RSA_PKCS1_PSS_PADDING   6
 #define RSA_PKCS1_PADDING_SIZE  11
@@ -261,11 +267,6 @@ RSA *	RSA_generate_key(int bits, unsigned long e,void
 /* New version */
 int     RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
-int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2,
-                        const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *Xp,
-                        const BIGNUM *Xq1, const BIGNUM *Xq2, const BIGNUM *Xq,
-                        const BIGNUM *e, BN_GENCB *cb);
-int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb);
 int     RSA_check_key(const RSA *);
        /* next 4 return -1 on error */
@@ -283,11 +284,6 @@ int	RSA_up_ref(RSA *r);
 int     RSA_flags(const RSA *r);
-#ifdef OPENSSL_FIPS
-RSA *FIPS_rsa_new(void);
-void FIPS_rsa_free(RSA *r);
-#endif
 void RSA_set_default_method(const RSA_METHOD *meth);
 const RSA_METHOD *RSA_get_default_method(void);
 const RSA_METHOD *RSA_get_method(const RSA *rsa);
@@ -333,7 +329,7 @@ RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length,
 int RSA_sign(int type, const unsigned char *m, unsigned int m_length,
        unsigned char *sigret, unsigned int *siglen, RSA *rsa);
 int RSA_verify(int type, const unsigned char *m, unsigned int m_length,
-        unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
+        const unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
 /* The following 2 function sign and verify a ASN1_OCTET_STRING
 * object inside PKCS#1 padded RSA encryption */
@@ -401,9 +397,15 @@ void ERR_load_RSA_strings(void);
 /* Error codes for the RSA functions. */
 /* Function codes. */
-#define RSA_F_FIPS_RSA_SIGN                              140
+#define RSA_F_CHECK_PADDING_MD                           140
-#define RSA_F_FIPS_RSA_VERIFY                            141
+#define RSA_F_DO_RSA_PRINT                               146
+#define RSA_F_INT_RSA_VERIFY                             145
 #define RSA_F_MEMORY_LOCK                                100
+#define RSA_F_OLD_RSA_PRIV_DECODE                        147
+#define RSA_F_PKEY_RSA_CTRL                              143
+#define RSA_F_PKEY_RSA_CTRL_STR                          144
+#define RSA_F_PKEY_RSA_SIGN                              142
+#define RSA_F_PKEY_RSA_VERIFYRECOVER                     141
 #define RSA_F_RSA_BUILTIN_KEYGEN                         129
 #define RSA_F_RSA_CHECK_KEY                              123
 #define RSA_F_RSA_EAY_PRIVATE_DECRYPT                    101
@@ -434,11 +436,10 @@ void ERR_load_RSA_strings(void);
 #define RSA_F_RSA_PADDING_CHECK_X931                     128
 #define RSA_F_RSA_PRINT                                  115
 #define RSA_F_RSA_PRINT_FP                               116
-#define RSA_F_RSA_PRIVATE_ENCRYPT                        137
+#define RSA_F_RSA_PRIV_DECODE                            137
-#define RSA_F_RSA_PUBLIC_DECRYPT                         138
+#define RSA_F_RSA_PRIV_ENCODE                            138
+#define RSA_F_RSA_PUB_DECODE                             139
 #define RSA_F_RSA_SETUP_BLINDING                         136
-#define RSA_F_RSA_SET_DEFAULT_METHOD                     139
-#define RSA_F_RSA_SET_METHOD                             142
 #define RSA_F_RSA_SIGN                                   117
 #define RSA_F_RSA_SIGN_ASN1_OCTET_STRING                 118
 #define RSA_F_RSA_VERIFY                                 119
@@ -464,20 +465,25 @@ void ERR_load_RSA_strings(void);
 #define RSA_R_DMQ1_NOT_CONGRUENT_TO_D                    125
 #define RSA_R_D_E_NOT_CONGRUENT_TO_1                     123
 #define RSA_R_FIRST_OCTET_INVALID                        133
+#define RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE        144
+#define RSA_R_INVALID_DIGEST_LENGTH                      143
 #define RSA_R_INVALID_HEADER                             137
+#define RSA_R_INVALID_KEYBITS                            145
 #define RSA_R_INVALID_MESSAGE_LENGTH                     131
 #define RSA_R_INVALID_PADDING                            138
+#define RSA_R_INVALID_PADDING_MODE                       141
+#define RSA_R_INVALID_PSS_SALTLEN                        146
 #define RSA_R_INVALID_TRAILER                            139
+#define RSA_R_INVALID_X931_DIGEST                        142
 #define RSA_R_IQMP_NOT_INVERSE_OF_Q                      126
 #define RSA_R_KEY_SIZE_TOO_SMALL                         120
 #define RSA_R_LAST_OCTET_INVALID                         134
 #define RSA_R_MODULUS_TOO_LARGE                          105
-#define RSA_R_NON_FIPS_METHOD                            141
 #define RSA_R_NO_PUBLIC_EXPONENT                         140
 #define RSA_R_NULL_BEFORE_BLOCK_MISSING                  113
 #define RSA_R_N_DOES_NOT_EQUAL_P_Q                       127
 #define RSA_R_OAEP_DECODING_ERROR                        121
-#define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE         142
+#define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE   148
 #define RSA_R_PADDING_CHECK_FAILED                       114
 #define RSA_R_P_NOT_PRIME                                128
 #define RSA_R_Q_NOT_PRIME                                129
@@ -488,6 +494,7 @@ void ERR_load_RSA_strings(void);
 #define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116
 #define RSA_R_UNKNOWN_ALGORITHM_TYPE                     117
 #define RSA_R_UNKNOWN_PADDING_TYPE                       118
+#define RSA_R_VALUE_MISSING                              147
 #define RSA_R_WRONG_SIGNATURE_LENGTH                     119
 #ifdef  __cplusplus
diff --git a/src/lib/libcrypto/rsa/rsa_ameth.c b/src/lib/libcrypto/rsa/rsa_ameth.c
new file mode 100644
index 0000000000..8c3209885e
--- /dev/null
+++ b/src/lib/libcrypto/rsa/rsa_ameth.c
@@ -0,0 +1,349 @@
+/* crypto/rsa/rsa_ameth.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2006.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/rsa.h>
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_CMS
+#include <openssl/cms.h>
+#endif
+#include "asn1_locl.h"
+static int rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
+        {
+        unsigned char *penc = NULL;
+        int penclen;
+        penclen = i2d_RSAPublicKey(pkey->pkey.rsa, &penc);
+        if (penclen <= 0)
+                return 0;
+        if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_RSA),
+                                V_ASN1_NULL, NULL, penc, penclen))
+                return 1;
+        OPENSSL_free(penc);
+        return 0;
+        }
+static int rsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
+        {
+        const unsigned char *p;
+        int pklen;
+        RSA *rsa = NULL;
+        if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, NULL, pubkey))
+                return 0;
+        if (!(rsa = d2i_RSAPublicKey(NULL, &p, pklen)))
+                {
+                RSAerr(RSA_F_RSA_PUB_DECODE, ERR_R_RSA_LIB);
+                return 0;
+                }
+        EVP_PKEY_assign_RSA (pkey, rsa);
+        return 1;
+        }
+static int rsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
+        {
+        if (BN_cmp(b->pkey.rsa->n,a->pkey.rsa->n) != 0
+                || BN_cmp(b->pkey.rsa->e,a->pkey.rsa->e) != 0)
+                        return 0;
+        return 1;
+        }
+static int old_rsa_priv_decode(EVP_PKEY *pkey,
+                                        const unsigned char **pder, int derlen)
+        {
+        RSA *rsa;
+        if (!(rsa = d2i_RSAPrivateKey (NULL, pder, derlen)))
+                {
+                RSAerr(RSA_F_OLD_RSA_PRIV_DECODE, ERR_R_RSA_LIB);
+                return 0;
+                }
+        EVP_PKEY_assign_RSA(pkey, rsa);
+        return 1;
+        }
+static int old_rsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder)
+        {
+        return i2d_RSAPrivateKey(pkey->pkey.rsa, pder);
+        }
+static int rsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
+        {
+        unsigned char *rk = NULL;
+        int rklen;
+        rklen = i2d_RSAPrivateKey(pkey->pkey.rsa, &rk);
+        if (rklen <= 0)
+                {
+                RSAerr(RSA_F_RSA_PRIV_ENCODE,ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_rsaEncryption), 0,
+                                V_ASN1_NULL, NULL, rk, rklen))
+                {
+                RSAerr(RSA_F_RSA_PRIV_ENCODE,ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        return 1;
+        }
+static int rsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
+        {
+        const unsigned char *p;
+        int pklen;
+        if (!PKCS8_pkey_get0(NULL, &p, &pklen, NULL, p8))
+                return 0;
+        return old_rsa_priv_decode(pkey, &p, pklen);
+        }
+static int int_rsa_size(const EVP_PKEY *pkey)
+        {
+        return RSA_size(pkey->pkey.rsa);
+        }
+static int rsa_bits(const EVP_PKEY *pkey)
+        {
+        return BN_num_bits(pkey->pkey.rsa->n);
+        }
+static void int_rsa_free(EVP_PKEY *pkey)
+        {
+        RSA_free(pkey->pkey.rsa);
+        }
+static void update_buflen(const BIGNUM *b, size_t *pbuflen)
+        {
+        size_t i;
+        if (!b)
+                return;
+        if (*pbuflen < (i = (size_t)BN_num_bytes(b)))
+                        *pbuflen = i;
+        }
+static int do_rsa_print(BIO *bp, const RSA *x, int off, int priv)
+        {
+        char *str;
+        const char *s;
+        unsigned char *m=NULL;
+        int ret=0, mod_len = 0;
+        size_t buf_len=0;
+        update_buflen(x->n, &buf_len);
+        update_buflen(x->e, &buf_len);
+        if (priv)
+                {
+                update_buflen(x->d, &buf_len);
+                update_buflen(x->p, &buf_len);
+                update_buflen(x->q, &buf_len);
+                update_buflen(x->dmp1, &buf_len);
+                update_buflen(x->dmq1, &buf_len);
+                update_buflen(x->iqmp, &buf_len);
+                }
+        m=(unsigned char *)OPENSSL_malloc(buf_len+10);
+        if (m == NULL)
+                {
+                RSAerr(RSA_F_DO_RSA_PRINT,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        if (x->n != NULL)
+                mod_len = BN_num_bits(x->n);
+        if(!BIO_indent(bp,off,128))
+                goto err;
+        if (priv && x->d)
+                {
+                if (BIO_printf(bp,"Private-Key: (%d bit)\n", mod_len)
+                        <= 0) goto err;
+                str = "modulus:";
+                s = "publicExponent:";
+                }
+        else
+                {
+                if (BIO_printf(bp,"Public-Key: (%d bit)\n", mod_len)
+                        <= 0) goto err;
+                str = "Modulus:";
+                s= "Exponent:";
+                }
+        if (!ASN1_bn_print(bp,str,x->n,m,off)) goto err;
+        if (!ASN1_bn_print(bp,s,x->e,m,off))
+                goto err;
+        if (priv)
+                {
+                if (!ASN1_bn_print(bp,"privateExponent:",x->d,m,off))
+                        goto err;
+                if (!ASN1_bn_print(bp,"prime1:",x->p,m,off))
+                        goto err;
+                if (!ASN1_bn_print(bp,"prime2:",x->q,m,off))
+                        goto err;
+                if (!ASN1_bn_print(bp,"exponent1:",x->dmp1,m,off))
+                        goto err;
+                if (!ASN1_bn_print(bp,"exponent2:",x->dmq1,m,off))
+                        goto err;
+                if (!ASN1_bn_print(bp,"coefficient:",x->iqmp,m,off))
+                        goto err;
+                }
+        ret=1;
+err:
+        if (m != NULL) OPENSSL_free(m);
+        return(ret);
+        }
+static int rsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                                                        ASN1_PCTX *ctx)
+        {
+        return do_rsa_print(bp, pkey->pkey.rsa, indent, 0);
+        }
+static int rsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                                                        ASN1_PCTX *ctx)
+        {
+        return do_rsa_print(bp, pkey->pkey.rsa, indent, 1);
+        }
+static int rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
+        {
+        X509_ALGOR *alg = NULL;
+        switch (op)
+                {
+                case ASN1_PKEY_CTRL_PKCS7_SIGN:
+                if (arg1 == 0)
+                        PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, NULL, &alg);
+                break;
+                case ASN1_PKEY_CTRL_PKCS7_ENCRYPT:
+                if (arg1 == 0)
+                        PKCS7_RECIP_INFO_get0_alg(arg2, &alg);
+                break;
+#ifndef OPENSSL_NO_CMS
+                case ASN1_PKEY_CTRL_CMS_SIGN:
+                if (arg1 == 0)
+                        CMS_SignerInfo_get0_algs(arg2, NULL, NULL, NULL, &alg);
+                break;
+                case ASN1_PKEY_CTRL_CMS_ENVELOPE:
+                if (arg1 == 0)
+                        CMS_RecipientInfo_ktri_get0_algs(arg2, NULL, NULL, &alg);
+                break;
+#endif
+                case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
+                *(int *)arg2 = NID_sha1;
+                return 1;
+                default:
+                return -2;
+                }
+        if (alg)
+                X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption),
+                                                        V_ASN1_NULL, 0);
+        return 1;
+        }
+const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = 
+        {
+                {
+                EVP_PKEY_RSA,
+                EVP_PKEY_RSA,
+                ASN1_PKEY_SIGPARAM_NULL,
+                "RSA",
+                "OpenSSL RSA method",
+                rsa_pub_decode,
+                rsa_pub_encode,
+                rsa_pub_cmp,
+                rsa_pub_print,
+                rsa_priv_decode,
+                rsa_priv_encode,
+                rsa_priv_print,
+                int_rsa_size,
+                rsa_bits,
+                0,0,0,0,0,0,
+                int_rsa_free,
+                rsa_pkey_ctrl,
+                old_rsa_priv_decode,
+                old_rsa_priv_encode
+                },
+                {
+                EVP_PKEY_RSA2,
+                EVP_PKEY_RSA,
+                ASN1_PKEY_ALIAS
+                }
+        };
diff --git a/src/lib/libcrypto/rsa/rsa_asn1.c b/src/lib/libcrypto/rsa/rsa_asn1.c
index 6e8a803e81..4efca8cdc8 100644
--- a/src/lib/libcrypto/rsa/rsa_asn1.c
+++ b/src/lib/libcrypto/rsa/rsa_asn1.c
@@ -3,7 +3,7 @@
 * project 2000.
 */
 /* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -62,19 +62,9 @@
 #include <openssl/rsa.h>
 #include <openssl/asn1t.h>
-static ASN1_METHOD method={
-        (I2D_OF(void))     i2d_RSAPrivateKey,
-        (D2I_OF(void))     d2i_RSAPrivateKey,
-        (void *(*)(void))  RSA_new,
-        (void (*)(void *)) RSA_free};
-ASN1_METHOD *RSAPrivateKey_asn1_meth(void)
-        {
-        return(&method);
-        }
 /* Override the default free and new methods */
-static int rsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+static int rsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                                                                void *exarg)
 {
        if(operation == ASN1_OP_NEW_PRE) {
                *pval = (ASN1_VALUE *)RSA_new();
diff --git a/src/lib/libcrypto/rsa/rsa_eay.c b/src/lib/libcrypto/rsa/rsa_eay.c
index 0ac6418449..c5eaeeae6b 100644
--- a/src/lib/libcrypto/rsa/rsa_eay.c
+++ b/src/lib/libcrypto/rsa/rsa_eay.c
@@ -115,7 +115,7 @@
 #include <openssl/rsa.h>
 #include <openssl/rand.h>
-#if !defined(RSA_NULL) && !defined(OPENSSL_FIPS)
+#ifndef RSA_NULL
 static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
                unsigned char *to, RSA *rsa,int padding);
@@ -256,6 +256,7 @@ static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx)
 {
        BN_BLINDING *ret;
        int got_write_lock = 0;
+        CRYPTO_THREADID cur;
        CRYPTO_r_lock(CRYPTO_LOCK_RSA);
@@ -273,7 +274,8 @@ static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx)
        if (ret == NULL)
                goto err;
-        if (BN_BLINDING_get_thread_id(ret) == CRYPTO_thread_id())
+        CRYPTO_THREADID_current(&cur);
+        if (!CRYPTO_THREADID_cmp(&cur, BN_BLINDING_thread_id(ret)))
                {
                /* rsa->blinding is ours! */
diff --git a/src/lib/libcrypto/rsa/rsa_err.c b/src/lib/libcrypto/rsa/rsa_err.c
index 501f5ea389..cf9f1106b0 100644
--- a/src/lib/libcrypto/rsa/rsa_err.c
+++ b/src/lib/libcrypto/rsa/rsa_err.c
@@ -1,6 +1,6 @@
 /* crypto/rsa/rsa_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -70,9 +70,15 @@
 static ERR_STRING_DATA RSA_str_functs[]=
        {
-{ERR_FUNC(RSA_F_FIPS_RSA_SIGN), "FIPS_RSA_SIGN"},
+{ERR_FUNC(RSA_F_CHECK_PADDING_MD),      "CHECK_PADDING_MD"},
-{ERR_FUNC(RSA_F_FIPS_RSA_VERIFY),       "FIPS_RSA_VERIFY"},
+{ERR_FUNC(RSA_F_DO_RSA_PRINT),  "DO_RSA_PRINT"},
+{ERR_FUNC(RSA_F_INT_RSA_VERIFY),        "INT_RSA_VERIFY"},
 {ERR_FUNC(RSA_F_MEMORY_LOCK),   "MEMORY_LOCK"},
+{ERR_FUNC(RSA_F_OLD_RSA_PRIV_DECODE),   "OLD_RSA_PRIV_DECODE"},
+{ERR_FUNC(RSA_F_PKEY_RSA_CTRL), "PKEY_RSA_CTRL"},
+{ERR_FUNC(RSA_F_PKEY_RSA_CTRL_STR),     "PKEY_RSA_CTRL_STR"},
+{ERR_FUNC(RSA_F_PKEY_RSA_SIGN), "PKEY_RSA_SIGN"},
+{ERR_FUNC(RSA_F_PKEY_RSA_VERIFYRECOVER),        "PKEY_RSA_VERIFYRECOVER"},
 {ERR_FUNC(RSA_F_RSA_BUILTIN_KEYGEN),    "RSA_BUILTIN_KEYGEN"},
 {ERR_FUNC(RSA_F_RSA_CHECK_KEY), "RSA_check_key"},
 {ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_DECRYPT),       "RSA_EAY_PRIVATE_DECRYPT"},
@@ -103,11 +109,10 @@ static ERR_STRING_DATA RSA_str_functs[]=
 {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_X931),        "RSA_padding_check_X931"},
 {ERR_FUNC(RSA_F_RSA_PRINT),     "RSA_print"},
 {ERR_FUNC(RSA_F_RSA_PRINT_FP),  "RSA_print_fp"},
-{ERR_FUNC(RSA_F_RSA_PRIVATE_ENCRYPT),   "RSA_private_encrypt"},
+{ERR_FUNC(RSA_F_RSA_PRIV_DECODE),       "RSA_PRIV_DECODE"},
-{ERR_FUNC(RSA_F_RSA_PUBLIC_DECRYPT),    "RSA_public_decrypt"},
+{ERR_FUNC(RSA_F_RSA_PRIV_ENCODE),       "RSA_PRIV_ENCODE"},
+{ERR_FUNC(RSA_F_RSA_PUB_DECODE),        "RSA_PUB_DECODE"},
 {ERR_FUNC(RSA_F_RSA_SETUP_BLINDING),    "RSA_setup_blinding"},
-{ERR_FUNC(RSA_F_RSA_SET_DEFAULT_METHOD),        "RSA_set_default_method"},
-{ERR_FUNC(RSA_F_RSA_SET_METHOD),        "RSA_set_method"},
 {ERR_FUNC(RSA_F_RSA_SIGN),      "RSA_sign"},
 {ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING),    "RSA_sign_ASN1_OCTET_STRING"},
 {ERR_FUNC(RSA_F_RSA_VERIFY),    "RSA_verify"},
@@ -136,20 +141,25 @@ static ERR_STRING_DATA RSA_str_reasons[]=
 {ERR_REASON(RSA_R_DMQ1_NOT_CONGRUENT_TO_D),"dmq1 not congruent to d"},
 {ERR_REASON(RSA_R_D_E_NOT_CONGRUENT_TO_1),"d e not congruent to 1"},
 {ERR_REASON(RSA_R_FIRST_OCTET_INVALID)   ,"first octet invalid"},
+{ERR_REASON(RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE),"illegal or unsupported padding mode"},
+{ERR_REASON(RSA_R_INVALID_DIGEST_LENGTH) ,"invalid digest length"},
 {ERR_REASON(RSA_R_INVALID_HEADER)        ,"invalid header"},
+{ERR_REASON(RSA_R_INVALID_KEYBITS)       ,"invalid keybits"},
 {ERR_REASON(RSA_R_INVALID_MESSAGE_LENGTH),"invalid message length"},
 {ERR_REASON(RSA_R_INVALID_PADDING)       ,"invalid padding"},
+{ERR_REASON(RSA_R_INVALID_PADDING_MODE)  ,"invalid padding mode"},
+{ERR_REASON(RSA_R_INVALID_PSS_SALTLEN)   ,"invalid pss saltlen"},
 {ERR_REASON(RSA_R_INVALID_TRAILER)       ,"invalid trailer"},
+{ERR_REASON(RSA_R_INVALID_X931_DIGEST)   ,"invalid x931 digest"},
 {ERR_REASON(RSA_R_IQMP_NOT_INVERSE_OF_Q) ,"iqmp not inverse of q"},
 {ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL)    ,"key size too small"},
 {ERR_REASON(RSA_R_LAST_OCTET_INVALID)    ,"last octet invalid"},
 {ERR_REASON(RSA_R_MODULUS_TOO_LARGE)     ,"modulus too large"},
-{ERR_REASON(RSA_R_NON_FIPS_METHOD)       ,"non fips method"},
 {ERR_REASON(RSA_R_NO_PUBLIC_EXPONENT)    ,"no public exponent"},
 {ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING),"null before block missing"},
 {ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q)  ,"n does not equal p q"},
 {ERR_REASON(RSA_R_OAEP_DECODING_ERROR)   ,"oaep decoding error"},
-{ERR_REASON(RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE),"operation not allowed in fips mode"},
+{ERR_REASON(RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),"operation not supported for this keytype"},
 {ERR_REASON(RSA_R_PADDING_CHECK_FAILED)  ,"padding check failed"},
 {ERR_REASON(RSA_R_P_NOT_PRIME)           ,"p not prime"},
 {ERR_REASON(RSA_R_Q_NOT_PRIME)           ,"q not prime"},
@@ -160,6 +170,7 @@ static ERR_STRING_DATA RSA_str_reasons[]=
 {ERR_REASON(RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),"the asn1 object identifier is not known for this md"},
 {ERR_REASON(RSA_R_UNKNOWN_ALGORITHM_TYPE),"unknown algorithm type"},
 {ERR_REASON(RSA_R_UNKNOWN_PADDING_TYPE)  ,"unknown padding type"},
+{ERR_REASON(RSA_R_VALUE_MISSING)         ,"value missing"},
 {ERR_REASON(RSA_R_WRONG_SIGNATURE_LENGTH),"wrong signature length"},
 {0,NULL}
        };
diff --git a/src/lib/libcrypto/rsa/rsa_gen.c b/src/lib/libcrypto/rsa/rsa_gen.c
index 41278f83c6..767f7ab682 100644
--- a/src/lib/libcrypto/rsa/rsa_gen.c
+++ b/src/lib/libcrypto/rsa/rsa_gen.c
@@ -68,8 +68,6 @@
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
-#ifndef OPENSSL_FIPS
 static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb);
 /* NB: this wrapper would normally be placed in rsa_lib.c and the static
@@ -219,4 +217,3 @@ err:
        return ok;
        }
-#endif
diff --git a/src/lib/libcrypto/rsa/rsa_lib.c b/src/lib/libcrypto/rsa/rsa_lib.c
index 5714841f4c..de45088d76 100644
--- a/src/lib/libcrypto/rsa/rsa_lib.c
+++ b/src/lib/libcrypto/rsa/rsa_lib.c
@@ -67,6 +67,224 @@
 #include <openssl/engine.h>
 #endif
+const char RSA_version[]="RSA" OPENSSL_VERSION_PTEXT;
+static const RSA_METHOD *default_RSA_meth=NULL;
+RSA *RSA_new(void)
+        {
+        RSA *r=RSA_new_method(NULL);
+        return r;
+        }
+void RSA_set_default_method(const RSA_METHOD *meth)
+        {
+        default_RSA_meth = meth;
+        }
+const RSA_METHOD *RSA_get_default_method(void)
+        {
+        if (default_RSA_meth == NULL)
+                {
+#ifdef RSA_NULL
+                default_RSA_meth=RSA_null_method();
+#else
+#if 0 /* was: #ifdef RSAref */
+                default_RSA_meth=RSA_PKCS1_RSAref();
+#else
+                default_RSA_meth=RSA_PKCS1_SSLeay();
+#endif
+#endif
+                }
+        return default_RSA_meth;
+        }
+const RSA_METHOD *RSA_get_method(const RSA *rsa)
+        {
+        return rsa->meth;
+        }
+int RSA_set_method(RSA *rsa, const RSA_METHOD *meth)
+        {
+        /* NB: The caller is specifically setting a method, so it's not up to us
+         * to deal with which ENGINE it comes from. */
+        const RSA_METHOD *mtmp;
+        mtmp = rsa->meth;
+        if (mtmp->finish) mtmp->finish(rsa);
+#ifndef OPENSSL_NO_ENGINE
+        if (rsa->engine)
+                {
+                ENGINE_finish(rsa->engine);
+                rsa->engine = NULL;
+                }
+#endif
+        rsa->meth = meth;
+        if (meth->init) meth->init(rsa);
+        return 1;
+        }
+RSA *RSA_new_method(ENGINE *engine)
+        {
+        RSA *ret;
+        ret=(RSA *)OPENSSL_malloc(sizeof(RSA));
+        if (ret == NULL)
+                {
+                RSAerr(RSA_F_RSA_NEW_METHOD,ERR_R_MALLOC_FAILURE);
+                return NULL;
+                }
+        ret->meth = RSA_get_default_method();
+#ifndef OPENSSL_NO_ENGINE
+        if (engine)
+                {
+                if (!ENGINE_init(engine))
+                        {
+                        RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB);
+                        OPENSSL_free(ret);
+                        return NULL;
+                        }
+                ret->engine = engine;
+                }
+        else
+                ret->engine = ENGINE_get_default_RSA();
+        if(ret->engine)
+                {
+                ret->meth = ENGINE_get_RSA(ret->engine);
+                if(!ret->meth)
+                        {
+                        RSAerr(RSA_F_RSA_NEW_METHOD,
+                                ERR_R_ENGINE_LIB);
+                        ENGINE_finish(ret->engine);
+                        OPENSSL_free(ret);
+                        return NULL;
+                        }
+                }
+#endif
+        ret->pad=0;
+        ret->version=0;
+        ret->n=NULL;
+        ret->e=NULL;
+        ret->d=NULL;
+        ret->p=NULL;
+        ret->q=NULL;
+        ret->dmp1=NULL;
+        ret->dmq1=NULL;
+        ret->iqmp=NULL;
+        ret->references=1;
+        ret->_method_mod_n=NULL;
+        ret->_method_mod_p=NULL;
+        ret->_method_mod_q=NULL;
+        ret->blinding=NULL;
+        ret->mt_blinding=NULL;
+        ret->bignum_data=NULL;
+        ret->flags=ret->meth->flags;
+        if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data))
+                {
+#ifndef OPENSSL_NO_ENGINE
+        if (ret->engine)
+                ENGINE_finish(ret->engine);
+#endif
+                OPENSSL_free(ret);
+                return(NULL);
+                }
+        if ((ret->meth->init != NULL) && !ret->meth->init(ret))
+                {
+#ifndef OPENSSL_NO_ENGINE
+                if (ret->engine)
+                        ENGINE_finish(ret->engine);
+#endif
+                CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
+                OPENSSL_free(ret);
+                ret=NULL;
+                }
+        return(ret);
+        }
+void RSA_free(RSA *r)
+        {
+        int i;
+        if (r == NULL) return;
+        i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_RSA);
+#ifdef REF_PRINT
+        REF_PRINT("RSA",r);
+#endif
+        if (i > 0) return;
+#ifdef REF_CHECK
+        if (i < 0)
+                {
+                fprintf(stderr,"RSA_free, bad reference count\n");
+                abort();
+                }
+#endif
+        if (r->meth->finish)
+                r->meth->finish(r);
+#ifndef OPENSSL_NO_ENGINE
+        if (r->engine)
+                ENGINE_finish(r->engine);
+#endif
+        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data);
+        if (r->n != NULL) BN_clear_free(r->n);
+        if (r->e != NULL) BN_clear_free(r->e);
+        if (r->d != NULL) BN_clear_free(r->d);
+        if (r->p != NULL) BN_clear_free(r->p);
+        if (r->q != NULL) BN_clear_free(r->q);
+        if (r->dmp1 != NULL) BN_clear_free(r->dmp1);
+        if (r->dmq1 != NULL) BN_clear_free(r->dmq1);
+        if (r->iqmp != NULL) BN_clear_free(r->iqmp);
+        if (r->blinding != NULL) BN_BLINDING_free(r->blinding);
+        if (r->mt_blinding != NULL) BN_BLINDING_free(r->mt_blinding);
+        if (r->bignum_data != NULL) OPENSSL_free_locked(r->bignum_data);
+        OPENSSL_free(r);
+        }
+int RSA_up_ref(RSA *r)
+        {
+        int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_RSA);
+#ifdef REF_PRINT
+        REF_PRINT("RSA",r);
+#endif
+#ifdef REF_CHECK
+        if (i < 2)
+                {
+                fprintf(stderr, "RSA_up_ref, bad reference count\n");
+                abort();
+                }
+#endif
+        return ((i > 1) ? 1 : 0);
+        }
+int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+             CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+        {
+        return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, argl, argp,
+                                new_func, dup_func, free_func);
+        }
+int RSA_set_ex_data(RSA *r, int idx, void *arg)
+        {
+        return(CRYPTO_set_ex_data(&r->ex_data,idx,arg));
+        }
+void *RSA_get_ex_data(const RSA *r, int idx)
+        {
+        return(CRYPTO_get_ex_data(&r->ex_data,idx));
+        }
+int RSA_size(const RSA *r)
+        {
+        return(BN_num_bytes(r->n));
+        }
 int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
             RSA *rsa, int padding)
        {
@@ -76,13 +294,6 @@ int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
 int RSA_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
             RSA *rsa, int padding)
        {
-#ifdef OPENSSL_FIPS
-        if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
-                {
-                RSAerr(RSA_F_RSA_PRIVATE_ENCRYPT, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
-                return 0;
-                }
-#endif
        return(rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding));
        }
@@ -95,19 +306,12 @@ int RSA_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
 int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
             RSA *rsa, int padding)
        {
-#ifdef OPENSSL_FIPS
-        if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
-                {
-                RSAerr(RSA_F_RSA_PUBLIC_DECRYPT, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
-                return 0;
-                }
-#endif
        return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding));
        }
-int RSA_size(const RSA *r)
+int RSA_flags(const RSA *r)
        {
-        return(BN_num_bytes(r->n));
+        return((r == NULL)?0:r->meth->flags);
        }
 void RSA_blinding_off(RSA *rsa)
@@ -222,7 +426,7 @@ BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx)
                RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_BN_LIB);
                goto err;
                }
-        BN_BLINDING_set_thread_id(ret, CRYPTO_thread_id());
+        CRYPTO_THREADID_current(BN_BLINDING_thread_id(ret));
 err:
        BN_CTX_end(ctx);
        if (in_ctx == NULL)
@@ -232,3 +436,48 @@ err:
        return ret;
 }
+int RSA_memory_lock(RSA *r)
+        {
+        int i,j,k,off;
+        char *p;
+        BIGNUM *bn,**t[6],*b;
+        BN_ULONG *ul;
+        if (r->d == NULL) return(1);
+        t[0]= &r->d;
+        t[1]= &r->p;
+        t[2]= &r->q;
+        t[3]= &r->dmp1;
+        t[4]= &r->dmq1;
+        t[5]= &r->iqmp;
+        k=sizeof(BIGNUM)*6;
+        off=k/sizeof(BN_ULONG)+1;
+        j=1;
+        for (i=0; i<6; i++)
+                j+= (*t[i])->top;
+        if ((p=OPENSSL_malloc_locked((off+j)*sizeof(BN_ULONG))) == NULL)
+                {
+                RSAerr(RSA_F_RSA_MEMORY_LOCK,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+        bn=(BIGNUM *)p;
+        ul=(BN_ULONG *)&(p[off]);
+        for (i=0; i<6; i++)
+                {
+                b= *(t[i]);
+                *(t[i])= &(bn[i]);
+                memcpy((char *)&(bn[i]),(char *)b,sizeof(BIGNUM));
+                bn[i].flags=BN_FLG_STATIC_DATA;
+                bn[i].d=ul;
+                memcpy((char *)ul,b->d,sizeof(BN_ULONG)*b->top);
+                ul+=b->top;
+                BN_clear_free(b);
+                }
+        
+        /* I should fix this so it can still be done */
+        r->flags&= ~(RSA_FLAG_CACHE_PRIVATE|RSA_FLAG_CACHE_PUBLIC);
+        r->bignum_data=p;
+        return(1);
+        }
diff --git a/src/lib/libcrypto/rsa/rsa_locl.h b/src/lib/libcrypto/rsa/rsa_locl.h
new file mode 100644
index 0000000000..f5d2d56628
--- /dev/null
+++ b/src/lib/libcrypto/rsa/rsa_locl.h
@@ -0,0 +1,4 @@
+extern int int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
+                unsigned char *rm, size_t *prm_len,
+                const unsigned char *sigbuf, size_t siglen,
+                RSA *rsa);
diff --git a/src/lib/libcrypto/rsa/rsa_oaep.c b/src/lib/libcrypto/rsa/rsa_oaep.c
index 4d30c9d2d3..e238d10e5c 100644
--- a/src/lib/libcrypto/rsa/rsa_oaep.c
+++ b/src/lib/libcrypto/rsa/rsa_oaep.c
@@ -28,7 +28,7 @@
 #include <openssl/rand.h>
 #include <openssl/sha.h>
-int MGF1(unsigned char *mask, long len,
+static int MGF1(unsigned char *mask, long len,
        const unsigned char *seed, long seedlen);
 int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
@@ -52,13 +52,6 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
                return 0;
                }
-        dbmask = OPENSSL_malloc(emlen - SHA_DIGEST_LENGTH);
-        if (dbmask == NULL)
-                {
-                RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);
-                return 0;
-                }
        to[0] = 0;
        seed = to + 1;
        db = to + SHA_DIGEST_LENGTH + 1;
@@ -76,11 +69,20 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
           20);
 #endif
-        MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH);
+        dbmask = OPENSSL_malloc(emlen - SHA_DIGEST_LENGTH);
+        if (dbmask == NULL)
+                {
+                RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        if (MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH) < 0)
+                return 0;
        for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++)
                db[i] ^= dbmask[i];
-        MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH);
+        if (MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH) < 0)
+                return 0;
        for (i = 0; i < SHA_DIGEST_LENGTH; i++)
                seed[i] ^= seedmask[i];
@@ -133,11 +135,13 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
        maskeddb = padded_from + SHA_DIGEST_LENGTH;
-        MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen);
+        if (MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen))
+                return -1;
        for (i = 0; i < SHA_DIGEST_LENGTH; i++)
                seed[i] ^= padded_from[i];
  
-        MGF1(db, dblen, seed, SHA_DIGEST_LENGTH);
+        if (MGF1(db, dblen, seed, SHA_DIGEST_LENGTH))
+                return -1;
        for (i = 0; i < dblen; i++)
                db[i] ^= maskeddb[i];
@@ -187,7 +191,9 @@ int PKCS1_MGF1(unsigned char *mask, long len,
        int mdlen;
        EVP_MD_CTX_init(&c);
-        mdlen = M_EVP_MD_size(dgst);
+        mdlen = EVP_MD_size(dgst);
+        if (mdlen < 0)
+                return -1;
        for (i = 0; outlen < len; i++)
                {
                cnt[0] = (unsigned char)((i >> 24) & 255);
@@ -213,7 +219,8 @@ int PKCS1_MGF1(unsigned char *mask, long len,
        return 0;
        }
-int MGF1(unsigned char *mask, long len, const unsigned char *seed, long seedlen)
+static int MGF1(unsigned char *mask, long len, const unsigned char *seed,
+                 long seedlen)
        {
        return PKCS1_MGF1(mask, len, seed, seedlen, EVP_sha1());
        }
diff --git a/src/lib/libcrypto/rsa/rsa_pmeth.c b/src/lib/libcrypto/rsa/rsa_pmeth.c
new file mode 100644
index 0000000000..c6892ecd09
--- /dev/null
+++ b/src/lib/libcrypto/rsa/rsa_pmeth.c
@@ -0,0 +1,587 @@
+/* crypto/rsa/rsa_pmeth.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2006.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/rsa.h>
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include "evp_locl.h"
+#include "rsa_locl.h"
+/* RSA pkey context structure */
+typedef struct
+        {
+        /* Key gen parameters */
+        int nbits;
+        BIGNUM *pub_exp;
+        /* Keygen callback info */
+        int gentmp[2];
+        /* RSA padding mode */
+        int pad_mode;
+        /* message digest */
+        const EVP_MD *md;
+        /* PSS/OAEP salt length */
+        int saltlen;
+        /* Temp buffer */
+        unsigned char *tbuf;
+        } RSA_PKEY_CTX;
+static int pkey_rsa_init(EVP_PKEY_CTX *ctx)
+        {
+        RSA_PKEY_CTX *rctx;
+        rctx = OPENSSL_malloc(sizeof(RSA_PKEY_CTX));
+        if (!rctx)
+                return 0;
+        rctx->nbits = 1024;
+        rctx->pub_exp = NULL;
+        rctx->pad_mode = RSA_PKCS1_PADDING;
+        rctx->md = NULL;
+        rctx->tbuf = NULL;
+        rctx->saltlen = -2;
+        ctx->data = rctx;
+        ctx->keygen_info = rctx->gentmp;
+        ctx->keygen_info_count = 2;
+        
+        return 1;
+        }
+static int pkey_rsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
+        {
+        RSA_PKEY_CTX *dctx, *sctx;
+        if (!pkey_rsa_init(dst))
+                return 0;
+        sctx = src->data;
+        dctx = dst->data;
+        dctx->nbits = sctx->nbits;
+        if (sctx->pub_exp)
+                {
+                dctx->pub_exp = BN_dup(sctx->pub_exp);
+                if (!dctx->pub_exp)
+                        return 0;
+                }
+        dctx->pad_mode = sctx->pad_mode;
+        dctx->md = sctx->md;
+        return 1;
+        }
+static int setup_tbuf(RSA_PKEY_CTX *ctx, EVP_PKEY_CTX *pk)
+        {
+        if (ctx->tbuf)
+                return 1;
+        ctx->tbuf = OPENSSL_malloc(EVP_PKEY_size(pk->pkey));
+        if (!ctx->tbuf)
+                return 0;
+        return 1;
+        }
+static void pkey_rsa_cleanup(EVP_PKEY_CTX *ctx)
+        {
+        RSA_PKEY_CTX *rctx = ctx->data;
+        if (rctx)
+                {
+                if (rctx->pub_exp)
+                        BN_free(rctx->pub_exp);
+                if (rctx->tbuf)
+                        OPENSSL_free(rctx->tbuf);
+                OPENSSL_free(rctx);
+                }
+        }
+static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+                                        const unsigned char *tbs, size_t tbslen)
+        {
+        int ret;
+        RSA_PKEY_CTX *rctx = ctx->data;
+        RSA *rsa = ctx->pkey->pkey.rsa;
+        if (rctx->md)
+                {
+                if (tbslen != (size_t)EVP_MD_size(rctx->md))
+                        {
+                        RSAerr(RSA_F_PKEY_RSA_SIGN,
+                                        RSA_R_INVALID_DIGEST_LENGTH);
+                        return -1;
+                        }
+                if (rctx->pad_mode == RSA_X931_PADDING)
+                        {
+                        if (!setup_tbuf(rctx, ctx))
+                                return -1;
+                        memcpy(rctx->tbuf, tbs, tbslen);
+                        rctx->tbuf[tbslen] =
+                                RSA_X931_hash_id(EVP_MD_type(rctx->md));
+                        ret = RSA_private_encrypt(tbslen + 1, rctx->tbuf,
+                                                sig, rsa, RSA_X931_PADDING);
+                        }
+                else if (rctx->pad_mode == RSA_PKCS1_PADDING)
+                        {
+                        unsigned int sltmp;
+                        ret = RSA_sign(EVP_MD_type(rctx->md),
+                                                tbs, tbslen, sig, &sltmp, rsa);
+                        if (ret <= 0)
+                                return ret;
+                        ret = sltmp;
+                        }
+                else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING)
+                        {
+                        if (!setup_tbuf(rctx, ctx))
+                                return -1;
+                        if (!RSA_padding_add_PKCS1_PSS(rsa, rctx->tbuf, tbs,
+                                                rctx->md, rctx->saltlen))
+                                return -1;
+                        ret = RSA_private_encrypt(RSA_size(rsa), rctx->tbuf,
+                                                sig, rsa, RSA_NO_PADDING);
+                        }
+                else
+                        return -1;
+                }
+        else
+                ret = RSA_private_encrypt(tbslen, tbs, sig, ctx->pkey->pkey.rsa,
+                                                        rctx->pad_mode);
+        if (ret < 0)
+                return ret;
+        *siglen = ret;
+        return 1;
+        }
+static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx,
+                                        unsigned char *rout, size_t *routlen,
+                                        const unsigned char *sig, size_t siglen)
+        {
+        int ret;
+        RSA_PKEY_CTX *rctx = ctx->data;
+        if (rctx->md)
+                {
+                if (rctx->pad_mode == RSA_X931_PADDING)
+                        {
+                        if (!setup_tbuf(rctx, ctx))
+                                return -1;
+                        ret = RSA_public_decrypt(siglen, sig,
+                                                rctx->tbuf, ctx->pkey->pkey.rsa,
+                                                RSA_X931_PADDING);
+                        if (ret < 1)
+                                return 0;
+                        ret--;
+                        if (rctx->tbuf[ret] !=
+                                RSA_X931_hash_id(EVP_MD_type(rctx->md)))
+                                {
+                                RSAerr(RSA_F_PKEY_RSA_VERIFYRECOVER,
+                                                RSA_R_ALGORITHM_MISMATCH);
+                                return 0;
+                                }
+                        if (ret != EVP_MD_size(rctx->md))
+                                {
+                                RSAerr(RSA_F_PKEY_RSA_VERIFYRECOVER,
+                                        RSA_R_INVALID_DIGEST_LENGTH);
+                                return 0;
+                                }
+                        if (rout)
+                                memcpy(rout, rctx->tbuf, ret);
+                        }
+                else if (rctx->pad_mode == RSA_PKCS1_PADDING)
+                        {
+                        size_t sltmp;
+                        ret = int_rsa_verify(EVP_MD_type(rctx->md),
+                                                NULL, 0, rout, &sltmp,
+                                        sig, siglen, ctx->pkey->pkey.rsa);
+                        if (ret <= 0)
+                                return 0;
+                        ret = sltmp;
+                        }
+                else
+                        return -1;
+                }
+        else
+                ret = RSA_public_decrypt(siglen, sig, rout, ctx->pkey->pkey.rsa,
+                                                        rctx->pad_mode);
+        if (ret < 0)
+                return ret;
+        *routlen = ret;
+        return 1;
+        }
+static int pkey_rsa_verify(EVP_PKEY_CTX *ctx,
+                                        const unsigned char *sig, size_t siglen,
+                                        const unsigned char *tbs, size_t tbslen)
+        {
+        RSA_PKEY_CTX *rctx = ctx->data;
+        RSA *rsa = ctx->pkey->pkey.rsa;
+        size_t rslen;
+        if (rctx->md)
+                {
+                if (rctx->pad_mode == RSA_PKCS1_PADDING)
+                        return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen,
+                                        sig, siglen, rsa);
+                if (rctx->pad_mode == RSA_X931_PADDING)
+                        {
+                        if (pkey_rsa_verifyrecover(ctx, NULL, &rslen,
+                                        sig, siglen) <= 0)
+                                return 0;
+                        }
+                else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING)
+                        {
+                        int ret;
+                        if (!setup_tbuf(rctx, ctx))
+                                return -1;
+                        ret = RSA_public_decrypt(siglen, sig, rctx->tbuf,
+                                                        rsa, RSA_NO_PADDING);
+                        if (ret <= 0)
+                                return 0;
+                        ret = RSA_verify_PKCS1_PSS(rsa, tbs, rctx->md,
+                                                rctx->tbuf, rctx->saltlen);
+                        if (ret <= 0)
+                                return 0;
+                        return 1;
+                        }
+                else
+                        return -1;
+                }
+        else
+                {
+                if (!setup_tbuf(rctx, ctx))
+                        return -1;
+                rslen = RSA_public_decrypt(siglen, sig, rctx->tbuf,
+                                                rsa, rctx->pad_mode);
+                if (rslen == 0)
+                        return 0;
+                }
+        if ((rslen != tbslen) || memcmp(tbs, rctx->tbuf, rslen))
+                return 0;
+        return 1;
+                        
+        }
+        
+static int pkey_rsa_encrypt(EVP_PKEY_CTX *ctx,
+                                        unsigned char *out, size_t *outlen,
+                                        const unsigned char *in, size_t inlen)
+        {
+        int ret;
+        RSA_PKEY_CTX *rctx = ctx->data;
+        ret = RSA_public_encrypt(inlen, in, out, ctx->pkey->pkey.rsa,
+                                                        rctx->pad_mode);
+        if (ret < 0)
+                return ret;
+        *outlen = ret;
+        return 1;
+        }
+static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx,
+                                        unsigned char *out, size_t *outlen,
+                                        const unsigned char *in, size_t inlen)
+        {
+        int ret;
+        RSA_PKEY_CTX *rctx = ctx->data;
+        ret = RSA_private_decrypt(inlen, in, out, ctx->pkey->pkey.rsa,
+                                                        rctx->pad_mode);
+        if (ret < 0)
+                return ret;
+        *outlen = ret;
+        return 1;
+        }
+static int check_padding_md(const EVP_MD *md, int padding)
+        {
+        if (!md)
+                return 1;
+        if (padding == RSA_NO_PADDING)
+                {
+                RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_PADDING_MODE);
+                return 0;
+                }
+        if (padding == RSA_X931_PADDING)
+                {
+                if (RSA_X931_hash_id(EVP_MD_type(md)) == -1)
+                        {
+                        RSAerr(RSA_F_CHECK_PADDING_MD,
+                                                RSA_R_INVALID_X931_DIGEST);
+                        return 0;
+                        }
+                return 1;
+                }
+        return 1;
+        }
+                        
+static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+        {
+        RSA_PKEY_CTX *rctx = ctx->data;
+        switch (type)
+                {
+                case EVP_PKEY_CTRL_RSA_PADDING:
+                if ((p1 >= RSA_PKCS1_PADDING) && (p1 <= RSA_PKCS1_PSS_PADDING))
+                        {
+                        if (!check_padding_md(rctx->md, p1))
+                                return 0;
+                        if (p1 == RSA_PKCS1_PSS_PADDING) 
+                                {
+                                if (!(ctx->operation &
+                                     (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY)))
+                                        goto bad_pad;
+                                if (!rctx->md)
+                                        rctx->md = EVP_sha1();
+                                }
+                        if (p1 == RSA_PKCS1_OAEP_PADDING) 
+                                {
+                                if (!(ctx->operation & EVP_PKEY_OP_TYPE_CRYPT))
+                                        goto bad_pad;
+                                if (!rctx->md)
+                                        rctx->md = EVP_sha1();
+                                }
+                        rctx->pad_mode = p1;
+                        return 1;
+                        }
+                bad_pad:
+                RSAerr(RSA_F_PKEY_RSA_CTRL,
+                                RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE);
+                return -2;
+                case EVP_PKEY_CTRL_RSA_PSS_SALTLEN:
+                if (p1 < -2)
+                        return -2;
+                if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING)
+                        {
+                        RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PSS_SALTLEN);
+                        return -2;
+                        }
+                rctx->saltlen = p1;
+                return 1;
+                case EVP_PKEY_CTRL_RSA_KEYGEN_BITS:
+                if (p1 < 256)
+                        {
+                        RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_KEYBITS);
+                        return -2;
+                        }
+                rctx->nbits = p1;
+                return 1;
+                case EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP:
+                if (!p2)
+                        return -2;
+                rctx->pub_exp = p2;
+                return 1;
+                case EVP_PKEY_CTRL_MD:
+                if (!check_padding_md(p2, rctx->pad_mode))
+                        return 0;
+                rctx->md = p2;
+                return 1;
+                case EVP_PKEY_CTRL_DIGESTINIT:
+                case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
+                case EVP_PKEY_CTRL_PKCS7_DECRYPT:
+                case EVP_PKEY_CTRL_PKCS7_SIGN:
+#ifndef OPENSSL_NO_CMS
+                case EVP_PKEY_CTRL_CMS_ENCRYPT:
+                case EVP_PKEY_CTRL_CMS_DECRYPT:
+                case EVP_PKEY_CTRL_CMS_SIGN:
+#endif
+                return 1;
+                case EVP_PKEY_CTRL_PEER_KEY:
+                        RSAerr(RSA_F_PKEY_RSA_CTRL,
+                        RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                        return -2;      
+                default:
+                return -2;
+                }
+        }
+                        
+static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx,
+                        const char *type, const char *value)
+        {
+        if (!value)
+                {
+                RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_VALUE_MISSING);
+                return 0;
+                }
+        if (!strcmp(type, "rsa_padding_mode"))
+                {
+                int pm;
+                if (!strcmp(value, "pkcs1"))
+                        pm = RSA_PKCS1_PADDING;
+                else if (!strcmp(value, "sslv23"))
+                        pm = RSA_SSLV23_PADDING;
+                else if (!strcmp(value, "none"))
+                        pm = RSA_NO_PADDING;
+                else if (!strcmp(value, "oeap"))
+                        pm = RSA_PKCS1_OAEP_PADDING;
+                else if (!strcmp(value, "x931"))
+                        pm = RSA_X931_PADDING;
+                else if (!strcmp(value, "pss"))
+                        pm = RSA_PKCS1_PSS_PADDING;
+                else
+                        {
+                        RSAerr(RSA_F_PKEY_RSA_CTRL_STR,
+                                                RSA_R_UNKNOWN_PADDING_TYPE);
+                        return -2;
+                        }
+                return EVP_PKEY_CTX_set_rsa_padding(ctx, pm);
+                }
+        if (!strcmp(type, "rsa_pss_saltlen"))
+                {
+                int saltlen;
+                saltlen = atoi(value);
+                return EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, saltlen);
+                }
+        if (!strcmp(type, "rsa_keygen_bits"))
+                {
+                int nbits;
+                nbits = atoi(value);
+                return EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, nbits);
+                }
+        if (!strcmp(type, "rsa_keygen_pubexp"))
+                {
+                int ret;
+                BIGNUM *pubexp = NULL;
+                if (!BN_asc2bn(&pubexp, value))
+                        return 0;
+                ret = EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp);
+                if (ret <= 0)
+                        BN_free(pubexp);
+                return ret;
+                }
+        return -2;
+        }
+static int pkey_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+        {
+        RSA *rsa = NULL;
+        RSA_PKEY_CTX *rctx = ctx->data;
+        BN_GENCB *pcb, cb;
+        int ret;
+        if (!rctx->pub_exp)
+                {
+                rctx->pub_exp = BN_new();
+                if (!rctx->pub_exp || !BN_set_word(rctx->pub_exp, RSA_F4))
+                        return 0;
+                }
+        rsa = RSA_new();
+        if (!rsa)
+                return 0;
+        if (ctx->pkey_gencb)
+                {
+                pcb = &cb;
+                evp_pkey_set_cb_translate(pcb, ctx);
+                }
+        else
+                pcb = NULL;
+        ret = RSA_generate_key_ex(rsa, rctx->nbits, rctx->pub_exp, pcb);
+        if (ret > 0)
+                EVP_PKEY_assign_RSA(pkey, rsa);
+        else
+                RSA_free(rsa);
+        return ret;
+        }
+const EVP_PKEY_METHOD rsa_pkey_meth = 
+        {
+        EVP_PKEY_RSA,
+        EVP_PKEY_FLAG_AUTOARGLEN,
+        pkey_rsa_init,
+        pkey_rsa_copy,
+        pkey_rsa_cleanup,
+        0,0,
+        0,
+        pkey_rsa_keygen,
+        0,
+        pkey_rsa_sign,
+        0,
+        pkey_rsa_verify,
+        0,
+        pkey_rsa_verifyrecover,
+        0,0,0,0,
+        0,
+        pkey_rsa_encrypt,
+        0,
+        pkey_rsa_decrypt,
+        0,0,
+        pkey_rsa_ctrl,
+        pkey_rsa_ctrl_str
+        };
diff --git a/src/lib/libcrypto/rsa/rsa_prn.c b/src/lib/libcrypto/rsa/rsa_prn.c
new file mode 100644
index 0000000000..224db0fae5
--- /dev/null
+++ b/src/lib/libcrypto/rsa/rsa_prn.c
@@ -0,0 +1,93 @@
+/* crypto/rsa/rsa_prn.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2006.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#ifndef OPENSSL_NO_FP_API
+int RSA_print_fp(FILE *fp, const RSA *x, int off)
+        {
+        BIO *b;
+        int ret;
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                {
+                RSAerr(RSA_F_RSA_PRINT_FP,ERR_R_BUF_LIB);
+                return(0);
+                }
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=RSA_print(b,x,off);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+int RSA_print(BIO *bp, const RSA *x, int off)
+        {
+        EVP_PKEY *pk;
+        int ret;
+        pk = EVP_PKEY_new();
+        if (!pk || !EVP_PKEY_set1_RSA(pk, (RSA *)x))
+                return 0;
+        ret = EVP_PKEY_print_private(bp, pk, off, NULL);
+        EVP_PKEY_free(pk);
+        return ret;
+        }
diff --git a/src/lib/libcrypto/rsa/rsa_pss.c b/src/lib/libcrypto/rsa/rsa_pss.c
index 9b993aca49..ac211e2ffe 100644
--- a/src/lib/libcrypto/rsa/rsa_pss.c
+++ b/src/lib/libcrypto/rsa/rsa_pss.c
@@ -81,7 +81,9 @@ int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
        EVP_MD_CTX ctx;
        unsigned char H_[EVP_MAX_MD_SIZE];
-        hLen = M_EVP_MD_size(Hash);
+        hLen = EVP_MD_size(Hash);
+        if (hLen < 0)
+                goto err;
        /*
         * Negative sLen has special meanings:
         *      -1      sLen == hLen
@@ -126,7 +128,8 @@ int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
                RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, ERR_R_MALLOC_FAILURE);
                goto err;
                }
-        PKCS1_MGF1(DB, maskedDBLen, H, hLen, Hash);
+        if (PKCS1_MGF1(DB, maskedDBLen, H, hLen, Hash) < 0)
+                goto err;
        for (i = 0; i < maskedDBLen; i++)
                DB[i] ^= EM[i];
        if (MSBits)
@@ -176,7 +179,9 @@ int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
        unsigned char *H, *salt = NULL, *p;
        EVP_MD_CTX ctx;
-        hLen = M_EVP_MD_size(Hash);
+        hLen = EVP_MD_size(Hash);
+        if (hLen < 0)
+                goto err;
        /*
         * Negative sLen has special meanings:
         *      -1      sLen == hLen
@@ -217,7 +222,7 @@ int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
                                ERR_R_MALLOC_FAILURE);
                        goto err;
                        }
-                if (!RAND_bytes(salt, sLen))
+                if (RAND_bytes(salt, sLen) <= 0)
                        goto err;
                }
        maskedDBLen = emLen - hLen - 1;
@@ -232,7 +237,8 @@ int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
        EVP_MD_CTX_cleanup(&ctx);
        /* Generate dbMask in place then perform XOR on it */
-        PKCS1_MGF1(EM, maskedDBLen, H, hLen, Hash);
+        if (PKCS1_MGF1(EM, maskedDBLen, H, hLen, Hash))
+                goto err;
        p = EM;
diff --git a/src/lib/libcrypto/rsa/rsa_sign.c b/src/lib/libcrypto/rsa/rsa_sign.c
index 5488c06f6d..0be4ec7fb0 100644
--- a/src/lib/libcrypto/rsa/rsa_sign.c
+++ b/src/lib/libcrypto/rsa/rsa_sign.c
@@ -62,6 +62,7 @@
 #include <openssl/rsa.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
+#include "rsa_locl.h"
 /* Size of an SSL signature: MD5+SHA1 */
 #define SSL_SIG_LENGTH  36
@@ -90,14 +91,6 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
                i = SSL_SIG_LENGTH;
                s = m;
        } else {
-        /* NB: in FIPS mode block anything that isn't a TLS signature */
-#ifdef OPENSSL_FIPS
-                if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
-                        {
-                        RSAerr(RSA_F_RSA_SIGN, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
-                        return 0;
-                        }
-#endif
                sig.algor= &algor;
                sig.algor->algorithm=OBJ_nid2obj(type);
                if (sig.algor->algorithm == NULL)
@@ -150,8 +143,11 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
        return(ret);
        }
-int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
+int int_rsa_verify(int dtype, const unsigned char *m,
-             unsigned char *sigbuf, unsigned int siglen, RSA *rsa)
+                          unsigned int m_len,
+                          unsigned char *rm, size_t *prm_len,
+                          const unsigned char *sigbuf, size_t siglen,
+                          RSA *rsa)
        {
        int i,ret=0,sigtype;
        unsigned char *s;
@@ -159,38 +155,30 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
        if (siglen != (unsigned int)RSA_size(rsa))
                {
-                RSAerr(RSA_F_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH);
+                RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH);
                return(0);
                }
-        if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify)
+        if((dtype == NID_md5_sha1) && rm)
                {
-                return rsa->meth->rsa_verify(dtype, m, m_len,
+                i = RSA_public_decrypt((int)siglen,
-                        sigbuf, siglen, rsa);
+                                        sigbuf,rm,rsa,RSA_PKCS1_PADDING);
+                if (i <= 0)
+                        return 0;
+                *prm_len = i;
+                return 1;
                }
        s=(unsigned char *)OPENSSL_malloc((unsigned int)siglen);
        if (s == NULL)
                {
-                RSAerr(RSA_F_RSA_VERIFY,ERR_R_MALLOC_FAILURE);
+                RSAerr(RSA_F_INT_RSA_VERIFY,ERR_R_MALLOC_FAILURE);
                goto err;
                }
-        if(dtype == NID_md5_sha1)
+        if((dtype == NID_md5_sha1) && (m_len != SSL_SIG_LENGTH) ) {
-                {
+                        RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_INVALID_MESSAGE_LENGTH);
-                if (m_len != SSL_SIG_LENGTH)
-                        {
-                        RSAerr(RSA_F_RSA_VERIFY,RSA_R_INVALID_MESSAGE_LENGTH);
                        goto err;
-                        }
+        }
-                }
-        /* NB: in FIPS mode block anything that isn't a TLS signature */
-#ifdef OPENSSL_FIPS
-        else if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
-                {
-                RSAerr(RSA_F_RSA_VERIFY, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
-                return 0;
-                }
-#endif
        i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING);
        if (i <= 0) goto err;
@@ -198,7 +186,7 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
        /* Special case: SSL signature */
        if(dtype == NID_md5_sha1) {
                if((i != SSL_SIG_LENGTH) || memcmp(s, m, SSL_SIG_LENGTH))
-                                RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
+                                RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
                else ret = 1;
        } else {
                const unsigned char *p=s;
@@ -209,7 +197,7 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
                /* Excess data can be used to create forgeries */
                if(p != s+i)
                        {
-                        RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
+                        RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
                        goto err;
                        }
@@ -218,7 +206,7 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
                if(sig->algor->parameter
                   && ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL)
                        {
-                        RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
+                        RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
                        goto err;
                        }
@@ -244,15 +232,30 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
                                }
                        else
                                {
-                                RSAerr(RSA_F_RSA_VERIFY,
+                                RSAerr(RSA_F_INT_RSA_VERIFY,
                                                RSA_R_ALGORITHM_MISMATCH);
                                goto err;
                                }
                        }
-                if (    ((unsigned int)sig->digest->length != m_len) ||
+                if (rm)
+                        {
+                        const EVP_MD *md;
+                        md = EVP_get_digestbynid(dtype);
+                        if (md && (EVP_MD_size(md) != sig->digest->length))
+                                RSAerr(RSA_F_INT_RSA_VERIFY,
+                                                RSA_R_INVALID_DIGEST_LENGTH);
+                        else
+                                {
+                                memcpy(rm, sig->digest->data,
+                                                        sig->digest->length);
+                                *prm_len = sig->digest->length;
+                                ret = 1;
+                                }
+                        }
+                else if (((unsigned int)sig->digest->length != m_len) ||
                        (memcmp(m,sig->digest->data,m_len) != 0))
                        {
-                        RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
+                        RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
                        }
                else
                        ret=1;
@@ -267,3 +270,16 @@ err:
        return(ret);
        }
+int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
+                const unsigned char *sigbuf, unsigned int siglen,
+                RSA *rsa)
+        {
+        if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify)
+                {
+                return rsa->meth->rsa_verify(dtype, m, m_len,
+                        sigbuf, siglen, rsa);
+                }
+        return int_rsa_verify(dtype, m, m_len, NULL, NULL, sigbuf, siglen, rsa);
+        }
diff --git a/src/lib/libcrypto/s390xcap.c b/src/lib/libcrypto/s390xcap.c
new file mode 100644
index 0000000000..ffbe0235f9
--- /dev/null
+++ b/src/lib/libcrypto/s390xcap.c
@@ -0,0 +1,37 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <setjmp.h>
+#include <signal.h>
+extern unsigned long OPENSSL_s390xcap_P;
+static sigjmp_buf ill_jmp;
+static void ill_handler (int sig) { siglongjmp(ill_jmp,sig); }
+unsigned long OPENSSL_s390x_facilities(void);
+void OPENSSL_cpuid_setup(void)
+        {
+        sigset_t oset;
+        struct sigaction ill_act,oact;
+        if (OPENSSL_s390xcap_P) return;
+        memset(&ill_act,0,sizeof(ill_act));
+        ill_act.sa_handler = ill_handler;
+        sigfillset(&ill_act.sa_mask);
+        sigdelset(&ill_act.sa_mask,SIGILL);
+        sigdelset(&ill_act.sa_mask,SIGTRAP);
+        sigprocmask(SIG_SETMASK,&ill_act.sa_mask,&oset);
+        sigaction (SIGILL,&ill_act,&oact);
+        /* protection against missing store-facility-list-extended */
+        if (sigsetjmp(ill_jmp,0) == 0)
+                OPENSSL_s390xcap_P = OPENSSL_s390x_facilities();
+        else
+                OPENSSL_s390xcap_P = 1UL<<63;
+        sigaction (SIGILL,&oact,NULL);
+        sigprocmask(SIG_SETMASK,&oset,NULL);
+        }
diff --git a/src/lib/libcrypto/s390xcpuid.S b/src/lib/libcrypto/s390xcpuid.S
index 8500133ad0..b053c6a281 100644
--- a/src/lib/libcrypto/s390xcpuid.S
+++ b/src/lib/libcrypto/s390xcpuid.S
@@ -1,12 +1,5 @@
 .text
-.globl  OPENSSL_cpuid_setup
-.type   OPENSSL_cpuid_setup,@function
-.align  16
-OPENSSL_cpuid_setup:
-        br      %r14            # reserved for future
-.size   OPENSSL_cpuid_setup,.-OPENSSL_cpuid_setup
 .globl  OPENSSL_s390x_facilities
 .type   OPENSSL_s390x_facilities,@function
 .align  16
@@ -14,6 +7,8 @@ OPENSSL_s390x_facilities:
        lghi    %r0,0
        .long   0xb2b0f010      # stfle 16(%r15)
        lg      %r2,16(%r15)
+        larl    %r1,OPENSSL_s390xcap_P
+        stg     %r2,0(%r1)
        br      %r14
 .size   OPENSSL_s390x_facilities,.-OPENSSL_s390x_facilities
@@ -67,6 +62,8 @@ OPENSSL_cleanse:
        lghi    %r0,0
        clgr    %r3,%r4
        jh      .Lot
+        clgr    %r3,%r0
+        bcr     8,%r14
 .Little:
        stc     %r0,0(%r2)
        la      %r2,1(%r2)
@@ -88,3 +85,8 @@ OPENSSL_cleanse:
        jnz     .Little
        br      %r14
 .size   OPENSSL_cleanse,.-OPENSSL_cleanse
+.section        .init
+        brasl   %r14,OPENSSL_cpuid_setup
+.comm   OPENSSL_s390xcap_P,8,8
diff --git a/src/lib/libcrypto/sha/asm/sha1-586.pl b/src/lib/libcrypto/sha/asm/sha1-586.pl
index a787dd37da..a1f876281a 100644
--- a/src/lib/libcrypto/sha/asm/sha1-586.pl
+++ b/src/lib/libcrypto/sha/asm/sha1-586.pl
@@ -215,5 +215,6 @@ sub BODY_40_59
        &stack_pop(16);
 &function_end("sha1_block_data_order");
+&asciz("SHA1 block transform for x86, CRYPTOGAMS by <appro\@openssl.org>");
 &asm_finish();
diff --git a/src/lib/libcrypto/sha/asm/sha1-armv4-large.pl b/src/lib/libcrypto/sha/asm/sha1-armv4-large.pl
new file mode 100644
index 0000000000..88861af641
--- /dev/null
+++ b/src/lib/libcrypto/sha/asm/sha1-armv4-large.pl
@@ -0,0 +1,234 @@
+#!/usr/bin/env perl
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+# sha1_block procedure for ARMv4.
+#
+# January 2007.
+# Size/performance trade-off
+# ====================================================================
+# impl          size in bytes   comp cycles[*]  measured performance
+# ====================================================================
+# thumb         304             3212            4420
+# armv4-small   392/+29%        1958/+64%       2250/+96%
+# armv4-compact 740/+89%        1552/+26%       1840/+22%
+# armv4-large   1420/+92%       1307/+19%       1370/+34%[***]
+# full unroll   ~5100/+260%     ~1260/+4%       ~1300/+5%
+# ====================================================================
+# thumb         = same as 'small' but in Thumb instructions[**] and
+#                 with recurring code in two private functions;
+# small         = detached Xload/update, loops are folded;
+# compact       = detached Xload/update, 5x unroll;
+# large         = interleaved Xload/update, 5x unroll;
+# full unroll   = interleaved Xload/update, full unroll, estimated[!];
+#
+# [*]   Manually counted instructions in "grand" loop body. Measured
+#       performance is affected by prologue and epilogue overhead,
+#       i-cache availability, branch penalties, etc.
+# [**]  While each Thumb instruction is twice smaller, they are not as
+#       diverse as ARM ones: e.g., there are only two arithmetic
+#       instructions with 3 arguments, no [fixed] rotate, addressing
+#       modes are limited. As result it takes more instructions to do
+#       the same job in Thumb, therefore the code is never twice as
+#       small and always slower.
+# [***] which is also ~35% better than compiler generated code.
+$output=shift;
+open STDOUT,">$output";
+$ctx="r0";
+$inp="r1";
+$len="r2";
+$a="r3";
+$b="r4";
+$c="r5";
+$d="r6";
+$e="r7";
+$K="r8";
+$t0="r9";
+$t1="r10";
+$t2="r11";
+$t3="r12";
+$Xi="r14";
+@V=($a,$b,$c,$d,$e);
+# One can optimize this for aligned access on big-endian architecture,
+# but code's endian neutrality makes it too pretty:-)
+sub Xload {
+my ($a,$b,$c,$d,$e)=@_;
+$code.=<<___;
+        ldrb    $t0,[$inp],#4
+        ldrb    $t1,[$inp,#-3]
+        ldrb    $t2,[$inp,#-2]
+        ldrb    $t3,[$inp,#-1]
+        add     $e,$K,$e,ror#2                  @ E+=K_00_19
+        orr     $t0,$t1,$t0,lsl#8
+        add     $e,$e,$a,ror#27                 @ E+=ROR(A,27)
+        orr     $t0,$t2,$t0,lsl#8
+        eor     $t1,$c,$d                       @ F_xx_xx
+        orr     $t0,$t3,$t0,lsl#8
+        add     $e,$e,$t0                       @ E+=X[i]
+        str     $t0,[$Xi,#-4]!
+___
+}
+sub Xupdate {
+my ($a,$b,$c,$d,$e,$flag)=@_;
+$code.=<<___;
+        ldr     $t0,[$Xi,#15*4]
+        ldr     $t1,[$Xi,#13*4]
+        ldr     $t2,[$Xi,#7*4]
+        ldr     $t3,[$Xi,#2*4]
+        add     $e,$K,$e,ror#2                  @ E+=K_xx_xx
+        eor     $t0,$t0,$t1
+        eor     $t0,$t0,$t2
+        eor     $t0,$t0,$t3
+        add     $e,$e,$a,ror#27                 @ E+=ROR(A,27)
+___
+$code.=<<___ if (!defined($flag));
+        eor     $t1,$c,$d                       @ F_xx_xx, but not in 40_59
+___
+$code.=<<___;
+        mov     $t0,$t0,ror#31
+        add     $e,$e,$t0                       @ E+=X[i]
+        str     $t0,[$Xi,#-4]!
+___
+}
+sub BODY_00_15 {
+my ($a,$b,$c,$d,$e)=@_;
+        &Xload(@_);
+$code.=<<___;
+        and     $t1,$b,$t1,ror#2
+        eor     $t1,$t1,$d,ror#2                @ F_00_19(B,C,D)
+        add     $e,$e,$t1                       @ E+=F_00_19(B,C,D)
+___
+}
+sub BODY_16_19 {
+my ($a,$b,$c,$d,$e)=@_;
+        &Xupdate(@_);
+$code.=<<___;
+        and     $t1,$b,$t1,ror#2
+        eor     $t1,$t1,$d,ror#2                @ F_00_19(B,C,D)
+        add     $e,$e,$t1                       @ E+=F_00_19(B,C,D)
+___
+}
+sub BODY_20_39 {
+my ($a,$b,$c,$d,$e)=@_;
+        &Xupdate(@_);
+$code.=<<___;
+        eor     $t1,$b,$t1,ror#2                @ F_20_39(B,C,D)
+        add     $e,$e,$t1                       @ E+=F_20_39(B,C,D)
+___
+}
+sub BODY_40_59 {
+my ($a,$b,$c,$d,$e)=@_;
+        &Xupdate(@_,1);
+$code.=<<___;
+        and     $t1,$b,$c,ror#2
+        orr     $t2,$b,$c,ror#2
+        and     $t2,$t2,$d,ror#2
+        orr     $t1,$t1,$t2                     @ F_40_59(B,C,D)
+        add     $e,$e,$t1                       @ E+=F_40_59(B,C,D)
+___
+}
+$code=<<___;
+.text
+.global sha1_block_data_order
+.type   sha1_block_data_order,%function
+.align  2
+sha1_block_data_order:
+        stmdb   sp!,{r4-r12,lr}
+        add     $len,$inp,$len,lsl#6    @ $len to point at the end of $inp
+        ldmia   $ctx,{$a,$b,$c,$d,$e}
+.Lloop:
+        ldr     $K,.LK_00_19
+        mov     $Xi,sp
+        sub     sp,sp,#15*4
+        mov     $c,$c,ror#30
+        mov     $d,$d,ror#30
+        mov     $e,$e,ror#30            @ [6]
+.L_00_15:
+___
+for($i=0;$i<5;$i++) {
+        &BODY_00_15(@V);        unshift(@V,pop(@V));
+}
+$code.=<<___;
+        teq     $Xi,sp
+        bne     .L_00_15                @ [((11+4)*5+2)*3]
+___
+        &BODY_00_15(@V);        unshift(@V,pop(@V));
+        &BODY_16_19(@V);        unshift(@V,pop(@V));
+        &BODY_16_19(@V);        unshift(@V,pop(@V));
+        &BODY_16_19(@V);        unshift(@V,pop(@V));
+        &BODY_16_19(@V);        unshift(@V,pop(@V));
+$code.=<<___;
+        ldr     $K,.LK_20_39            @ [+15+16*4]
+        sub     sp,sp,#25*4
+        cmn     sp,#0                   @ [+3], clear carry to denote 20_39
+.L_20_39_or_60_79:
+___
+for($i=0;$i<5;$i++) {
+        &BODY_20_39(@V);        unshift(@V,pop(@V));
+}
+$code.=<<___;
+        teq     $Xi,sp                  @ preserve carry
+        bne     .L_20_39_or_60_79       @ [+((12+3)*5+2)*4]
+        bcs     .L_done                 @ [+((12+3)*5+2)*4], spare 300 bytes
+        ldr     $K,.LK_40_59
+        sub     sp,sp,#20*4             @ [+2]
+.L_40_59:
+___
+for($i=0;$i<5;$i++) {
+        &BODY_40_59(@V);        unshift(@V,pop(@V));
+}
+$code.=<<___;
+        teq     $Xi,sp
+        bne     .L_40_59                @ [+((12+5)*5+2)*4]
+        ldr     $K,.LK_60_79
+        sub     sp,sp,#20*4
+        cmp     sp,#0                   @ set carry to denote 60_79
+        b       .L_20_39_or_60_79       @ [+4], spare 300 bytes
+.L_done:
+        add     sp,sp,#80*4             @ "deallocate" stack frame
+        ldmia   $ctx,{$K,$t0,$t1,$t2,$t3}
+        add     $a,$K,$a
+        add     $b,$t0,$b
+        add     $c,$t1,$c,ror#2
+        add     $d,$t2,$d,ror#2
+        add     $e,$t3,$e,ror#2
+        stmia   $ctx,{$a,$b,$c,$d,$e}
+        teq     $inp,$len
+        bne     .Lloop                  @ [+18], total 1307
+        ldmia   sp!,{r4-r12,lr}
+        tst     lr,#1
+        moveq   pc,lr                   @ be binary compatible with V4, yet
+        bx      lr                      @ interoperable with Thumb ISA:-)
+.align  2
+.LK_00_19:      .word   0x5a827999
+.LK_20_39:      .word   0x6ed9eba1
+.LK_40_59:      .word   0x8f1bbcdc
+.LK_60_79:      .word   0xca62c1d6
+.size   sha1_block_data_order,.-sha1_block_data_order
+.asciz  "SHA1 block transform for ARMv4, CRYPTOGAMS by <appro\@openssl.org>"
+.align  2
+___
+$code =~ s/\bbx\s+lr\b/.word\t0xe12fff1e/gm;    # make it possible to compile with -march=armv4
+print $code;
+close STDOUT; # enforce flush
diff --git a/src/lib/libcrypto/sha/asm/sha1-ppc.pl b/src/lib/libcrypto/sha/asm/sha1-ppc.pl
new file mode 100755
index 0000000000..dcd0fcdfcf
--- /dev/null
+++ b/src/lib/libcrypto/sha/asm/sha1-ppc.pl
@@ -0,0 +1,319 @@
+#!/usr/bin/env perl
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+# I let hardware handle unaligned input(*), except on page boundaries
+# (see below for details). Otherwise straightforward implementation
+# with X vector in register bank. The module is big-endian [which is
+# not big deal as there're no little-endian targets left around].
+#
+# (*) this means that this module is inappropriate for PPC403? Does
+#     anybody know if pre-POWER3 can sustain unaligned load?
+#                       -m64    -m32
+# ----------------------------------
+# PPC970,gcc-4.0.0      +76%    +59%
+# Power6,xlc-7          +68%    +33%
+$flavour = shift;
+if ($flavour =~ /64/) {
+        $SIZE_T =8;
+        $UCMP   ="cmpld";
+        $STU    ="stdu";
+        $POP    ="ld";
+        $PUSH   ="std";
+} elsif ($flavour =~ /32/) {
+        $SIZE_T =4;
+        $UCMP   ="cmplw";
+        $STU    ="stwu";
+        $POP    ="lwz";
+        $PUSH   ="stw";
+} else { die "nonsense $flavour"; }
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
+die "can't locate ppc-xlate.pl";
+open STDOUT,"| $^X $xlate $flavour ".shift || die "can't call $xlate: $!";
+$FRAME=24*$SIZE_T;
+$K  ="r0";
+$sp ="r1";
+$toc="r2";
+$ctx="r3";
+$inp="r4";
+$num="r5";
+$t0 ="r15";
+$t1 ="r6";
+$A  ="r7";
+$B  ="r8";
+$C  ="r9";
+$D  ="r10";
+$E  ="r11";
+$T  ="r12";
+@V=($A,$B,$C,$D,$E,$T);
+@X=("r16","r17","r18","r19","r20","r21","r22","r23",
+    "r24","r25","r26","r27","r28","r29","r30","r31");
+sub BODY_00_19 {
+my ($i,$a,$b,$c,$d,$e,$f)=@_;
+my $j=$i+1;
+$code.=<<___ if ($i==0);
+        lwz     @X[$i],`$i*4`($inp)
+___
+$code.=<<___ if ($i<15);
+        lwz     @X[$j],`$j*4`($inp)
+        add     $f,$K,$e
+        rotlwi  $e,$a,5
+        add     $f,$f,@X[$i]
+        and     $t0,$c,$b
+        add     $f,$f,$e
+        andc    $t1,$d,$b
+        rotlwi  $b,$b,30
+        or      $t0,$t0,$t1
+        add     $f,$f,$t0
+___
+$code.=<<___ if ($i>=15);
+        add     $f,$K,$e
+        rotlwi  $e,$a,5
+        xor     @X[$j%16],@X[$j%16],@X[($j+2)%16]
+        add     $f,$f,@X[$i%16]
+        and     $t0,$c,$b
+        xor     @X[$j%16],@X[$j%16],@X[($j+8)%16]
+        add     $f,$f,$e
+        andc    $t1,$d,$b
+        rotlwi  $b,$b,30
+        or      $t0,$t0,$t1
+        xor     @X[$j%16],@X[$j%16],@X[($j+13)%16]
+        add     $f,$f,$t0
+        rotlwi  @X[$j%16],@X[$j%16],1
+___
+}
+sub BODY_20_39 {
+my ($i,$a,$b,$c,$d,$e,$f)=@_;
+my $j=$i+1;
+$code.=<<___ if ($i<79);
+        add     $f,$K,$e
+        rotlwi  $e,$a,5
+        xor     @X[$j%16],@X[$j%16],@X[($j+2)%16]
+        add     $f,$f,@X[$i%16]
+        xor     $t0,$b,$c
+        xor     @X[$j%16],@X[$j%16],@X[($j+8)%16]
+        add     $f,$f,$e
+        rotlwi  $b,$b,30
+        xor     $t0,$t0,$d
+        xor     @X[$j%16],@X[$j%16],@X[($j+13)%16]
+        add     $f,$f,$t0
+        rotlwi  @X[$j%16],@X[$j%16],1
+___
+$code.=<<___ if ($i==79);
+        add     $f,$K,$e
+        rotlwi  $e,$a,5
+        lwz     r16,0($ctx)
+        add     $f,$f,@X[$i%16]
+        xor     $t0,$b,$c
+        lwz     r17,4($ctx)
+        add     $f,$f,$e
+        rotlwi  $b,$b,30
+        lwz     r18,8($ctx)
+        xor     $t0,$t0,$d
+        lwz     r19,12($ctx)
+        add     $f,$f,$t0
+        lwz     r20,16($ctx)
+___
+}
+sub BODY_40_59 {
+my ($i,$a,$b,$c,$d,$e,$f)=@_;
+my $j=$i+1;
+$code.=<<___;
+        add     $f,$K,$e
+        rotlwi  $e,$a,5
+        xor     @X[$j%16],@X[$j%16],@X[($j+2)%16]
+        add     $f,$f,@X[$i%16]
+        and     $t0,$b,$c
+        xor     @X[$j%16],@X[$j%16],@X[($j+8)%16]
+        add     $f,$f,$e
+        or      $t1,$b,$c
+        rotlwi  $b,$b,30
+        xor     @X[$j%16],@X[$j%16],@X[($j+13)%16]
+        and     $t1,$t1,$d
+        or      $t0,$t0,$t1
+        rotlwi  @X[$j%16],@X[$j%16],1
+        add     $f,$f,$t0
+___
+}
+$code=<<___;
+.machine        "any"
+.text
+.globl  .sha1_block_data_order
+.align  4
+.sha1_block_data_order:
+        mflr    r0
+        $STU    $sp,`-($FRAME+64)`($sp)
+        $PUSH   r0,`$FRAME-$SIZE_T*18`($sp)
+        $PUSH   r15,`$FRAME-$SIZE_T*17`($sp)
+        $PUSH   r16,`$FRAME-$SIZE_T*16`($sp)
+        $PUSH   r17,`$FRAME-$SIZE_T*15`($sp)
+        $PUSH   r18,`$FRAME-$SIZE_T*14`($sp)
+        $PUSH   r19,`$FRAME-$SIZE_T*13`($sp)
+        $PUSH   r20,`$FRAME-$SIZE_T*12`($sp)
+        $PUSH   r21,`$FRAME-$SIZE_T*11`($sp)
+        $PUSH   r22,`$FRAME-$SIZE_T*10`($sp)
+        $PUSH   r23,`$FRAME-$SIZE_T*9`($sp)
+        $PUSH   r24,`$FRAME-$SIZE_T*8`($sp)
+        $PUSH   r25,`$FRAME-$SIZE_T*7`($sp)
+        $PUSH   r26,`$FRAME-$SIZE_T*6`($sp)
+        $PUSH   r27,`$FRAME-$SIZE_T*5`($sp)
+        $PUSH   r28,`$FRAME-$SIZE_T*4`($sp)
+        $PUSH   r29,`$FRAME-$SIZE_T*3`($sp)
+        $PUSH   r30,`$FRAME-$SIZE_T*2`($sp)
+        $PUSH   r31,`$FRAME-$SIZE_T*1`($sp)
+        lwz     $A,0($ctx)
+        lwz     $B,4($ctx)
+        lwz     $C,8($ctx)
+        lwz     $D,12($ctx)
+        lwz     $E,16($ctx)
+        andi.   r0,$inp,3
+        bne     Lunaligned
+Laligned:
+        mtctr   $num
+        bl      Lsha1_block_private
+Ldone:
+        $POP    r0,`$FRAME-$SIZE_T*18`($sp)
+        $POP    r15,`$FRAME-$SIZE_T*17`($sp)
+        $POP    r16,`$FRAME-$SIZE_T*16`($sp)
+        $POP    r17,`$FRAME-$SIZE_T*15`($sp)
+        $POP    r18,`$FRAME-$SIZE_T*14`($sp)
+        $POP    r19,`$FRAME-$SIZE_T*13`($sp)
+        $POP    r20,`$FRAME-$SIZE_T*12`($sp)
+        $POP    r21,`$FRAME-$SIZE_T*11`($sp)
+        $POP    r22,`$FRAME-$SIZE_T*10`($sp)
+        $POP    r23,`$FRAME-$SIZE_T*9`($sp)
+        $POP    r24,`$FRAME-$SIZE_T*8`($sp)
+        $POP    r25,`$FRAME-$SIZE_T*7`($sp)
+        $POP    r26,`$FRAME-$SIZE_T*6`($sp)
+        $POP    r27,`$FRAME-$SIZE_T*5`($sp)
+        $POP    r28,`$FRAME-$SIZE_T*4`($sp)
+        $POP    r29,`$FRAME-$SIZE_T*3`($sp)
+        $POP    r30,`$FRAME-$SIZE_T*2`($sp)
+        $POP    r31,`$FRAME-$SIZE_T*1`($sp)
+        mtlr    r0
+        addi    $sp,$sp,`$FRAME+64`
+        blr
+___
+# PowerPC specification allows an implementation to be ill-behaved
+# upon unaligned access which crosses page boundary. "Better safe
+# than sorry" principle makes me treat it specially. But I don't
+# look for particular offending word, but rather for 64-byte input
+# block which crosses the boundary. Once found that block is aligned
+# and hashed separately...
+$code.=<<___;
+.align  4
+Lunaligned:
+        subfic  $t1,$inp,4096
+        andi.   $t1,$t1,4095    ; distance to closest page boundary
+        srwi.   $t1,$t1,6       ; t1/=64
+        beq     Lcross_page
+        $UCMP   $num,$t1
+        ble-    Laligned        ; didn't cross the page boundary
+        mtctr   $t1
+        subfc   $num,$t1,$num
+        bl      Lsha1_block_private
+Lcross_page:
+        li      $t1,16
+        mtctr   $t1
+        addi    r20,$sp,$FRAME  ; spot below the frame
+Lmemcpy:
+        lbz     r16,0($inp)
+        lbz     r17,1($inp)
+        lbz     r18,2($inp)
+        lbz     r19,3($inp)
+        addi    $inp,$inp,4
+        stb     r16,0(r20)
+        stb     r17,1(r20)
+        stb     r18,2(r20)
+        stb     r19,3(r20)
+        addi    r20,r20,4
+        bdnz    Lmemcpy
+        $PUSH   $inp,`$FRAME-$SIZE_T*19`($sp)
+        li      $t1,1
+        addi    $inp,$sp,$FRAME
+        mtctr   $t1
+        bl      Lsha1_block_private
+        $POP    $inp,`$FRAME-$SIZE_T*19`($sp)
+        addic.  $num,$num,-1
+        bne-    Lunaligned
+        b       Ldone
+___
+# This is private block function, which uses tailored calling
+# interface, namely upon entry SHA_CTX is pre-loaded to given
+# registers and counter register contains amount of chunks to
+# digest...
+$code.=<<___;
+.align  4
+Lsha1_block_private:
+___
+$code.=<<___;   # load K_00_19
+        lis     $K,0x5a82
+        ori     $K,$K,0x7999
+___
+for($i=0;$i<20;$i++)    { &BODY_00_19($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;   # load K_20_39
+        lis     $K,0x6ed9
+        ori     $K,$K,0xeba1
+___
+for(;$i<40;$i++)        { &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;   # load K_40_59
+        lis     $K,0x8f1b
+        ori     $K,$K,0xbcdc
+___
+for(;$i<60;$i++)        { &BODY_40_59($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;   # load K_60_79
+        lis     $K,0xca62
+        ori     $K,$K,0xc1d6
+___
+for(;$i<80;$i++)        { &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+        add     r16,r16,$E
+        add     r17,r17,$T
+        add     r18,r18,$A
+        add     r19,r19,$B
+        add     r20,r20,$C
+        stw     r16,0($ctx)
+        mr      $A,r16
+        stw     r17,4($ctx)
+        mr      $B,r17
+        stw     r18,8($ctx)
+        mr      $C,r18
+        stw     r19,12($ctx)
+        mr      $D,r19
+        stw     r20,16($ctx)
+        mr      $E,r20
+        addi    $inp,$inp,`16*4`
+        bdnz-   Lsha1_block_private
+        blr
+___
+$code.=<<___;
+.asciz  "SHA1 block transform for PPC, CRYPTOGAMS by <appro\@fy.chalmers.se>"
+___
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+print $code;
+close STDOUT;
diff --git a/src/lib/libcrypto/sha/asm/sha1-s390x.pl b/src/lib/libcrypto/sha/asm/sha1-s390x.pl
new file mode 100644
index 0000000000..4b17848287
--- /dev/null
+++ b/src/lib/libcrypto/sha/asm/sha1-s390x.pl
@@ -0,0 +1,226 @@
+#!/usr/bin/env perl
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+# SHA1 block procedure for s390x.
+# April 2007.
+#
+# Performance is >30% better than gcc 3.3 generated code. But the real
+# twist is that SHA1 hardware support is detected and utilized. In
+# which case performance can reach further >4.5x for larger chunks.
+# January 2009.
+#
+# Optimize Xupdate for amount of memory references and reschedule
+# instructions to favour dual-issue z10 pipeline. On z10 hardware is
+# "only" ~2.3x faster than software.
+$kimdfunc=1;    # magic function code for kimd instruction
+$output=shift;
+open STDOUT,">$output";
+$K_00_39="%r0"; $K=$K_00_39;
+$K_40_79="%r1";
+$ctx="%r2";     $prefetch="%r2";
+$inp="%r3";
+$len="%r4";
+$A="%r5";
+$B="%r6";
+$C="%r7";
+$D="%r8";
+$E="%r9";       @V=($A,$B,$C,$D,$E);
+$t0="%r10";
+$t1="%r11";
+@X=("%r12","%r13","%r14");
+$sp="%r15";
+$frame=160+16*4;
+sub Xupdate {
+my $i=shift;
+$code.=<<___ if ($i==15);
+        lg      $prefetch,160($sp)      ### Xupdate(16) warm-up
+        lr      $X[0],$X[2]
+___
+return if ($i&1);       # Xupdate is vectorized and executed every 2nd cycle
+$code.=<<___ if ($i<16);
+        lg      $X[0],`$i*4`($inp)      ### Xload($i)
+        rllg    $X[1],$X[0],32
+___
+$code.=<<___ if ($i>=16);
+        xgr     $X[0],$prefetch         ### Xupdate($i)
+        lg      $prefetch,`160+4*(($i+2)%16)`($sp)
+        xg      $X[0],`160+4*(($i+8)%16)`($sp)
+        xgr     $X[0],$prefetch
+        rll     $X[0],$X[0],1
+        rllg    $X[1],$X[0],32
+        rll     $X[1],$X[1],1
+        rllg    $X[0],$X[1],32
+        lr      $X[2],$X[1]             # feedback
+___
+$code.=<<___ if ($i<=70);
+        stg     $X[0],`160+4*($i%16)`($sp)
+___
+unshift(@X,pop(@X));
+}
+sub BODY_00_19 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $xi=$X[1];
+        &Xupdate($i);
+$code.=<<___;
+        alr     $e,$K           ### $i
+        rll     $t1,$a,5
+        lr      $t0,$d
+        xr      $t0,$c
+        alr     $e,$t1
+        nr      $t0,$b
+        alr     $e,$xi
+        xr      $t0,$d
+        rll     $b,$b,30
+        alr     $e,$t0
+___
+}
+sub BODY_20_39 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $xi=$X[1];
+        &Xupdate($i);
+$code.=<<___;
+        alr     $e,$K           ### $i
+        rll     $t1,$a,5
+        lr      $t0,$b
+        alr     $e,$t1
+        xr      $t0,$c
+        alr     $e,$xi
+        xr      $t0,$d
+        rll     $b,$b,30
+        alr     $e,$t0
+___
+}
+sub BODY_40_59 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $xi=$X[1];
+        &Xupdate($i);
+$code.=<<___;
+        alr     $e,$K           ### $i
+        rll     $t1,$a,5
+        lr      $t0,$b
+        alr     $e,$t1
+        or      $t0,$c
+        lr      $t1,$b
+        nr      $t0,$d
+        nr      $t1,$c
+        alr     $e,$xi
+        or      $t0,$t1
+        rll     $b,$b,30
+        alr     $e,$t0
+___
+}
+$code.=<<___;
+.text
+.align  64
+.type   Ktable,\@object
+Ktable: .long   0x5a827999,0x6ed9eba1,0x8f1bbcdc,0xca62c1d6
+        .skip   48      #.long  0,0,0,0,0,0,0,0,0,0,0,0
+.size   Ktable,.-Ktable
+.globl  sha1_block_data_order
+.type   sha1_block_data_order,\@function
+sha1_block_data_order:
+___
+$code.=<<___ if ($kimdfunc);
+        larl    %r1,OPENSSL_s390xcap_P
+        lg      %r0,0(%r1)
+        tmhl    %r0,0x4000      # check for message-security assist
+        jz      .Lsoftware
+        lghi    %r0,0
+        la      %r1,16($sp)
+        .long   0xb93e0002      # kimd %r0,%r2
+        lg      %r0,16($sp)
+        tmhh    %r0,`0x8000>>$kimdfunc`
+        jz      .Lsoftware
+        lghi    %r0,$kimdfunc
+        lgr     %r1,$ctx
+        lgr     %r2,$inp
+        sllg    %r3,$len,6
+        .long   0xb93e0002      # kimd %r0,%r2
+        brc     1,.-4           # pay attention to "partial completion"
+        br      %r14
+.align  16
+.Lsoftware:
+___
+$code.=<<___;
+        lghi    %r1,-$frame
+        stg     $ctx,16($sp)
+        stmg    %r6,%r15,48($sp)
+        lgr     %r0,$sp
+        la      $sp,0(%r1,$sp)
+        stg     %r0,0($sp)
+        larl    $t0,Ktable
+        llgf    $A,0($ctx)
+        llgf    $B,4($ctx)
+        llgf    $C,8($ctx)
+        llgf    $D,12($ctx)
+        llgf    $E,16($ctx)
+        lg      $K_00_39,0($t0)
+        lg      $K_40_79,8($t0)
+.Lloop:
+        rllg    $K_00_39,$K_00_39,32
+___
+for ($i=0;$i<20;$i++)   { &BODY_00_19($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+        rllg    $K_00_39,$K_00_39,32
+___
+for (;$i<40;$i++)       { &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;   $K=$K_40_79;
+        rllg    $K_40_79,$K_40_79,32
+___
+for (;$i<60;$i++)       { &BODY_40_59($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+        rllg    $K_40_79,$K_40_79,32
+___
+for (;$i<80;$i++)       { &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+        lg      $ctx,`$frame+16`($sp)
+        la      $inp,64($inp)
+        al      $A,0($ctx)
+        al      $B,4($ctx)
+        al      $C,8($ctx)
+        al      $D,12($ctx)
+        al      $E,16($ctx)
+        st      $A,0($ctx)
+        st      $B,4($ctx)
+        st      $C,8($ctx)
+        st      $D,12($ctx)
+        st      $E,16($ctx)
+        brct    $len,.Lloop
+        lmg     %r6,%r15,`$frame+48`($sp)
+        br      %r14
+.size   sha1_block_data_order,.-sha1_block_data_order
+.string "SHA1 block transform for s390x, CRYPTOGAMS by <appro\@openssl.org>"
+.comm   OPENSSL_s390xcap_P,8,8
+___
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+print $code;
+close STDOUT;
diff --git a/src/lib/libcrypto/sha/asm/sha1-sparcv9.pl b/src/lib/libcrypto/sha/asm/sha1-sparcv9.pl
new file mode 100644
index 0000000000..8306fc88cc
--- /dev/null
+++ b/src/lib/libcrypto/sha/asm/sha1-sparcv9.pl
@@ -0,0 +1,283 @@
+#!/usr/bin/env perl
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+# Performance improvement is not really impressive on pre-T1 CPU: +8%
+# over Sun C and +25% over gcc [3.3]. While on T1, a.k.a. Niagara, it
+# turned to be 40% faster than 64-bit code generated by Sun C 5.8 and
+# >2x than 64-bit code generated by gcc 3.4. And there is a gimmick.
+# X[16] vector is packed to 8 64-bit registers and as result nothing
+# is spilled on stack. In addition input data is loaded in compact
+# instruction sequence, thus minimizing the window when the code is
+# subject to [inter-thread] cache-thrashing hazard. The goal is to
+# ensure scalability on UltraSPARC T1, or rather to avoid decay when
+# amount of active threads exceeds the number of physical cores.
+$bits=32;
+for (@ARGV)     { $bits=64 if (/\-m64/ || /\-xarch\=v9/); }
+if ($bits==64)  { $bias=2047; $frame=192; }
+else            { $bias=0;    $frame=112; }
+$output=shift;
+open STDOUT,">$output";
+@X=("%o0","%o1","%o2","%o3","%o4","%o5","%g1","%o7");
+$rot1m="%g2";
+$tmp64="%g3";
+$Xi="%g4";
+$A="%l0";
+$B="%l1";
+$C="%l2";
+$D="%l3";
+$E="%l4";
+@V=($A,$B,$C,$D,$E);
+$K_00_19="%l5";
+$K_20_39="%l6";
+$K_40_59="%l7";
+$K_60_79="%g5";
+@K=($K_00_19,$K_20_39,$K_40_59,$K_60_79);
+$ctx="%i0";
+$inp="%i1";
+$len="%i2";
+$tmp0="%i3";
+$tmp1="%i4";
+$tmp2="%i5";
+sub BODY_00_15 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $xi=($i&1)?@X[($i/2)%8]:$Xi;
+$code.=<<___;
+        sll     $a,5,$tmp0              !! $i
+        add     @K[$i/20],$e,$e
+        srl     $a,27,$tmp1
+        add     $tmp0,$e,$e
+        and     $c,$b,$tmp0
+        add     $tmp1,$e,$e
+        sll     $b,30,$tmp2
+        andn    $d,$b,$tmp1
+        srl     $b,2,$b
+        or      $tmp1,$tmp0,$tmp1
+        or      $tmp2,$b,$b
+        add     $xi,$e,$e
+___
+if ($i&1 && $i<15) {
+        $code.=
+        "       srlx    @X[(($i+1)/2)%8],32,$Xi\n";
+}
+$code.=<<___;
+        add     $tmp1,$e,$e
+___
+}
+sub Xupdate {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=$i/2;
+if ($i&1) {
+$code.=<<___;
+        sll     $a,5,$tmp0              !! $i
+        add     @K[$i/20],$e,$e
+        srl     $a,27,$tmp1
+___
+} else {
+$code.=<<___;
+        sllx    @X[($j+6)%8],32,$Xi     ! Xupdate($i)
+        xor     @X[($j+1)%8],@X[$j%8],@X[$j%8]
+        srlx    @X[($j+7)%8],32,$tmp1
+        xor     @X[($j+4)%8],@X[$j%8],@X[$j%8]
+        sll     $a,5,$tmp0              !! $i
+        or      $tmp1,$Xi,$Xi
+        add     @K[$i/20],$e,$e         !!
+        xor     $Xi,@X[$j%8],@X[$j%8]
+        srlx    @X[$j%8],31,$Xi
+        add     @X[$j%8],@X[$j%8],@X[$j%8]
+        and     $Xi,$rot1m,$Xi
+        andn    @X[$j%8],$rot1m,@X[$j%8]
+        srl     $a,27,$tmp1             !!
+        or      $Xi,@X[$j%8],@X[$j%8]
+___
+}
+}
+sub BODY_16_19 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+        &Xupdate(@_);
+    if ($i&1) {
+        $xi=@X[($i/2)%8];
+    } else {
+        $xi=$Xi;
+        $code.="\tsrlx  @X[($i/2)%8],32,$xi\n";
+    }
+$code.=<<___;
+        add     $tmp0,$e,$e             !!
+        and     $c,$b,$tmp0
+        add     $tmp1,$e,$e
+        sll     $b,30,$tmp2
+        add     $xi,$e,$e
+        andn    $d,$b,$tmp1
+        srl     $b,2,$b
+        or      $tmp1,$tmp0,$tmp1
+        or      $tmp2,$b,$b
+        add     $tmp1,$e,$e
+___
+}
+sub BODY_20_39 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $xi;
+        &Xupdate(@_);
+    if ($i&1) {
+        $xi=@X[($i/2)%8];
+    } else {
+        $xi=$Xi;
+        $code.="\tsrlx  @X[($i/2)%8],32,$xi\n";
+    }
+$code.=<<___;
+        add     $tmp0,$e,$e             !!
+        xor     $c,$b,$tmp0
+        add     $tmp1,$e,$e
+        sll     $b,30,$tmp2
+        xor     $d,$tmp0,$tmp1
+        srl     $b,2,$b
+        add     $tmp1,$e,$e
+        or      $tmp2,$b,$b
+        add     $xi,$e,$e
+___
+}
+sub BODY_40_59 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $xi;
+        &Xupdate(@_);
+    if ($i&1) {
+        $xi=@X[($i/2)%8];
+    } else {
+        $xi=$Xi;
+        $code.="\tsrlx  @X[($i/2)%8],32,$xi\n";
+    }
+$code.=<<___;
+        add     $tmp0,$e,$e             !!
+        and     $c,$b,$tmp0
+        add     $tmp1,$e,$e
+        sll     $b,30,$tmp2
+        or      $c,$b,$tmp1
+        srl     $b,2,$b
+        and     $d,$tmp1,$tmp1
+        add     $xi,$e,$e
+        or      $tmp1,$tmp0,$tmp1
+        or      $tmp2,$b,$b
+        add     $tmp1,$e,$e
+___
+}
+$code.=<<___ if ($bits==64);
+.register       %g2,#scratch
+.register       %g3,#scratch
+___
+$code.=<<___;
+.section        ".text",#alloc,#execinstr
+.align  32
+.globl  sha1_block_data_order
+sha1_block_data_order:
+        save    %sp,-$frame,%sp
+        sllx    $len,6,$len
+        add     $inp,$len,$len
+        or      %g0,1,$rot1m
+        sllx    $rot1m,32,$rot1m
+        or      $rot1m,1,$rot1m
+        ld      [$ctx+0],$A
+        ld      [$ctx+4],$B
+        ld      [$ctx+8],$C
+        ld      [$ctx+12],$D
+        ld      [$ctx+16],$E
+        andn    $inp,7,$tmp0
+        sethi   %hi(0x5a827999),$K_00_19
+        or      $K_00_19,%lo(0x5a827999),$K_00_19
+        sethi   %hi(0x6ed9eba1),$K_20_39
+        or      $K_20_39,%lo(0x6ed9eba1),$K_20_39
+        sethi   %hi(0x8f1bbcdc),$K_40_59
+        or      $K_40_59,%lo(0x8f1bbcdc),$K_40_59
+        sethi   %hi(0xca62c1d6),$K_60_79
+        or      $K_60_79,%lo(0xca62c1d6),$K_60_79
+.Lloop:
+        ldx     [$tmp0+0],@X[0]
+        ldx     [$tmp0+16],@X[2]
+        ldx     [$tmp0+32],@X[4]
+        ldx     [$tmp0+48],@X[6]
+        and     $inp,7,$tmp1
+        ldx     [$tmp0+8],@X[1]
+        sll     $tmp1,3,$tmp1
+        ldx     [$tmp0+24],@X[3]
+        subcc   %g0,$tmp1,$tmp2 ! should be 64-$tmp1, but -$tmp1 works too
+        ldx     [$tmp0+40],@X[5]
+        bz,pt   %icc,.Laligned
+        ldx     [$tmp0+56],@X[7]
+        sllx    @X[0],$tmp1,@X[0]
+        ldx     [$tmp0+64],$tmp64
+___
+for($i=0;$i<7;$i++)
+{   $code.=<<___;
+        srlx    @X[$i+1],$tmp2,$Xi
+        sllx    @X[$i+1],$tmp1,@X[$i+1]
+        or      $Xi,@X[$i],@X[$i]
+___
+}
+$code.=<<___;
+        srlx    $tmp64,$tmp2,$tmp64
+        or      $tmp64,@X[7],@X[7]
+.Laligned:
+        srlx    @X[0],32,$Xi
+___
+for ($i=0;$i<16;$i++)   { &BODY_00_15($i,@V); unshift(@V,pop(@V)); }
+for (;$i<20;$i++)       { &BODY_16_19($i,@V); unshift(@V,pop(@V)); }
+for (;$i<40;$i++)       { &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+for (;$i<60;$i++)       { &BODY_40_59($i,@V); unshift(@V,pop(@V)); }
+for (;$i<80;$i++)       { &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+        ld      [$ctx+0],@X[0]
+        ld      [$ctx+4],@X[1]
+        ld      [$ctx+8],@X[2]
+        ld      [$ctx+12],@X[3]
+        add     $inp,64,$inp
+        ld      [$ctx+16],@X[4]
+        cmp     $inp,$len
+        add     $A,@X[0],$A
+        st      $A,[$ctx+0]
+        add     $B,@X[1],$B
+        st      $B,[$ctx+4]
+        add     $C,@X[2],$C
+        st      $C,[$ctx+8]
+        add     $D,@X[3],$D
+        st      $D,[$ctx+12]
+        add     $E,@X[4],$E
+        st      $E,[$ctx+16]
+        bne     `$bits==64?"%xcc":"%icc"`,.Lloop
+        andn    $inp,7,$tmp0
+        ret
+        restore
+.type   sha1_block_data_order,#function
+.size   sha1_block_data_order,(.-sha1_block_data_order)
+.asciz  "SHA1 block transform for SPARCv9, CRYPTOGAMS by <appro\@openssl.org>"
+___
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+print $code;
+close STDOUT;
diff --git a/src/lib/libcrypto/sha/asm/sha1-sparcv9a.pl b/src/lib/libcrypto/sha/asm/sha1-sparcv9a.pl
new file mode 100644
index 0000000000..15eb854bad
--- /dev/null
+++ b/src/lib/libcrypto/sha/asm/sha1-sparcv9a.pl
@@ -0,0 +1,600 @@
+#!/usr/bin/env perl
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+# January 2009
+#
+# Provided that UltraSPARC VIS instructions are pipe-lined(*) and
+# pairable(*) with IALU ones, offloading of Xupdate to the UltraSPARC
+# Graphic Unit would make it possible to achieve higher instruction-
+# level parallelism, ILP, and thus higher performance. It should be
+# explicitly noted that ILP is the keyword, and it means that this
+# code would be unsuitable for cores like UltraSPARC-Tx. The idea is
+# not really novel, Sun had VIS-powered implementation for a while.
+# Unlike Sun's implementation this one can process multiple unaligned
+# input blocks, and as such works as drop-in replacement for OpenSSL
+# sha1_block_data_order. Performance improvement was measured to be
+# 40% over pure IALU sha1-sparcv9.pl on UltraSPARC-IIi, but 12% on
+# UltraSPARC-III. See below for discussion...
+#
+# The module does not present direct interest for OpenSSL, because
+# it doesn't provide better performance on contemporary SPARCv9 CPUs,
+# UltraSPARC-Tx and SPARC64-V[II] to be specific. Those who feel they
+# absolutely must score on UltraSPARC-I-IV can simply replace
+# crypto/sha/asm/sha1-sparcv9.pl with this module.
+#
+# (*)   "Pipe-lined" means that even if it takes several cycles to
+#       complete, next instruction using same functional unit [but not
+#       depending on the result of the current instruction] can start
+#       execution without having to wait for the unit. "Pairable"
+#       means that two [or more] independent instructions can be
+#       issued at the very same time.
+$bits=32;
+for (@ARGV)     { $bits=64 if (/\-m64/ || /\-xarch\=v9/); }
+if ($bits==64)  { $bias=2047; $frame=192; }
+else            { $bias=0;    $frame=112; }
+$output=shift;
+open STDOUT,">$output";
+$ctx="%i0";
+$inp="%i1";
+$len="%i2";
+$tmp0="%i3";
+$tmp1="%i4";
+$tmp2="%i5";
+$tmp3="%g5";
+$base="%g1";
+$align="%g4";
+$Xfer="%o5";
+$nXfer=$tmp3;
+$Xi="%o7";
+$A="%l0";
+$B="%l1";
+$C="%l2";
+$D="%l3";
+$E="%l4";
+@V=($A,$B,$C,$D,$E);
+$Actx="%o0";
+$Bctx="%o1";
+$Cctx="%o2";
+$Dctx="%o3";
+$Ectx="%o4";
+$fmul="%f32";
+$VK_00_19="%f34";
+$VK_20_39="%f36";
+$VK_40_59="%f38";
+$VK_60_79="%f40";
+@VK=($VK_00_19,$VK_20_39,$VK_40_59,$VK_60_79);
+@X=("%f0", "%f1", "%f2", "%f3", "%f4", "%f5", "%f6", "%f7",
+    "%f8", "%f9","%f10","%f11","%f12","%f13","%f14","%f15","%f16");
+# This is reference 2x-parallelized VIS-powered Xupdate procedure. It
+# covers even K_NN_MM addition...
+sub Xupdate {
+my ($i)=@_;
+my $K=@VK[($i+16)/20];
+my $j=($i+16)%16;
+#       [ provided that GSR.alignaddr_offset is 5, $mul contains
+#         0x100ULL<<32|0x100 value and K_NN_MM are pre-loaded to
+#         chosen registers... ]
+$code.=<<___;
+        fxors           @X[($j+13)%16],@X[$j],@X[$j]    !-1/-1/-1:X[0]^=X[13]
+        fxors           @X[($j+14)%16],@X[$j+1],@X[$j+1]! 0/ 0/ 0:X[1]^=X[14]
+        fxor            @X[($j+2)%16],@X[($j+8)%16],%f18! 1/ 1/ 1:Tmp=X[2,3]^X[8,9]
+        fxor            %f18,@X[$j],@X[$j]              ! 2/ 4/ 3:X[0,1]^=X[2,3]^X[8,9]
+        faligndata      @X[$j],@X[$j],%f18              ! 3/ 7/ 5:Tmp=X[0,1]>>>24
+        fpadd32         @X[$j],@X[$j],@X[$j]            ! 4/ 8/ 6:X[0,1]<<=1
+        fmul8ulx16      %f18,$fmul,%f18                 ! 5/10/ 7:Tmp>>=7, Tmp&=1
+        ![fxors         %f15,%f2,%f2]
+        for             %f18,@X[$j],@X[$j]              ! 8/14/10:X[0,1]|=Tmp
+        ![fxors         %f0,%f3,%f3]                    !10/17/12:X[0] dependency
+        fpadd32         $K,@X[$j],%f20
+        std             %f20,[$Xfer+`4*$j`]
+___
+# The numbers delimited with slash are the earliest possible dispatch
+# cycles for given instruction assuming 1 cycle latency for simple VIS
+# instructions, such as on UltraSPARC-I&II, 3 cycles latency, such as
+# on UltraSPARC-III&IV, and 2 cycles latency(*), respectively. Being
+# 2x-parallelized the procedure is "worth" 5, 8.5 or 6 ticks per SHA1
+# round. As [long as] FPU/VIS instructions are perfectly pairable with
+# IALU ones, the round timing is defined by the maximum between VIS
+# and IALU timings. The latter varies from round to round and averages
+# out at 6.25 ticks. This means that USI&II should operate at IALU
+# rate, while USIII&IV - at VIS rate. This explains why performance
+# improvement varies among processors. Well, given that pure IALU
+# sha1-sparcv9.pl module exhibits virtually uniform performance of
+# ~9.3 cycles per SHA1 round. Timings mentioned above are theoretical
+# lower limits. Real-life performance was measured to be 6.6 cycles
+# per SHA1 round on USIIi and 8.3 on USIII. The latter is lower than
+# half-round VIS timing, because there are 16 Xupdate-free rounds,
+# which "push down" average theoretical timing to 8 cycles...
+# (*)   SPARC64-V[II] was originally believed to have 2 cycles VIS
+#       latency. Well, it might have, but it doesn't have dedicated
+#       VIS-unit. Instead, VIS instructions are executed by other
+#       functional units, ones used here - by IALU. This doesn't
+#       improve effective ILP...
+}
+# The reference Xupdate procedure is then "strained" over *pairs* of
+# BODY_NN_MM and kind of modulo-scheduled in respect to X[n]^=X[n+13]
+# and K_NN_MM addition. It's "running" 15 rounds ahead, which leaves
+# plenty of room to amortize for read-after-write hazard, as well as
+# to fetch and align input for the next spin. The VIS instructions are
+# scheduled for latency of 2 cycles, because there are not enough IALU
+# instructions to schedule for latency of 3, while scheduling for 1
+# would give no gain on USI&II anyway.
+sub BODY_00_19 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=$i&~1;
+my $k=($j+16+2)%16;     # ahead reference
+my $l=($j+16-2)%16;     # behind reference
+my $K=@VK[($j+16-2)/20];
+$j=($j+16)%16;
+$code.=<<___ if (!($i&1));
+        sll             $a,5,$tmp0                      !! $i
+        and             $c,$b,$tmp3
+        ld              [$Xfer+`4*($i%16)`],$Xi
+         fxors          @X[($j+14)%16],@X[$j+1],@X[$j+1]! 0/ 0/ 0:X[1]^=X[14]
+        srl             $a,27,$tmp1
+        add             $tmp0,$e,$e
+         fxor           @X[($j+2)%16],@X[($j+8)%16],%f18! 1/ 1/ 1:Tmp=X[2,3]^X[8,9]
+        sll             $b,30,$tmp2
+        add             $tmp1,$e,$e
+        andn            $d,$b,$tmp1
+        add             $Xi,$e,$e
+         fxor           %f18,@X[$j],@X[$j]              ! 2/ 4/ 3:X[0,1]^=X[2,3]^X[8,9]
+        srl             $b,2,$b
+        or              $tmp1,$tmp3,$tmp1
+        or              $tmp2,$b,$b
+        add             $tmp1,$e,$e
+         faligndata     @X[$j],@X[$j],%f18              ! 3/ 7/ 5:Tmp=X[0,1]>>>24
+___
+$code.=<<___ if ($i&1);
+        sll             $a,5,$tmp0                      !! $i
+        and             $c,$b,$tmp3
+        ld              [$Xfer+`4*($i%16)`],$Xi
+         fpadd32        @X[$j],@X[$j],@X[$j]            ! 4/ 8/ 6:X[0,1]<<=1
+        srl             $a,27,$tmp1
+        add             $tmp0,$e,$e
+         fmul8ulx16     %f18,$fmul,%f18                 ! 5/10/ 7:Tmp>>=7, Tmp&=1
+        sll             $b,30,$tmp2
+        add             $tmp1,$e,$e
+         fpadd32        $K,@X[$l],%f20                  !
+        andn            $d,$b,$tmp1
+        add             $Xi,$e,$e
+         fxors          @X[($k+13)%16],@X[$k],@X[$k]    !-1/-1/-1:X[0]^=X[13]
+        srl             $b,2,$b
+        or              $tmp1,$tmp3,$tmp1
+         fxor           %f18,@X[$j],@X[$j]              ! 8/14/10:X[0,1]|=Tmp
+        or              $tmp2,$b,$b
+        add             $tmp1,$e,$e
+___
+$code.=<<___ if ($i&1 && $i>=2);
+         std            %f20,[$Xfer+`4*$l`]             !
+___
+}
+sub BODY_20_39 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=$i&~1;
+my $k=($j+16+2)%16;     # ahead reference
+my $l=($j+16-2)%16;     # behind reference
+my $K=@VK[($j+16-2)/20];
+$j=($j+16)%16;
+$code.=<<___ if (!($i&1) && $i<64);
+        sll             $a,5,$tmp0                      !! $i
+        ld              [$Xfer+`4*($i%16)`],$Xi
+         fxors          @X[($j+14)%16],@X[$j+1],@X[$j+1]! 0/ 0/ 0:X[1]^=X[14]
+        srl             $a,27,$tmp1
+        add             $tmp0,$e,$e
+         fxor           @X[($j+2)%16],@X[($j+8)%16],%f18! 1/ 1/ 1:Tmp=X[2,3]^X[8,9]
+        xor             $c,$b,$tmp0
+        add             $tmp1,$e,$e
+        sll             $b,30,$tmp2
+        xor             $d,$tmp0,$tmp1
+         fxor           %f18,@X[$j],@X[$j]              ! 2/ 4/ 3:X[0,1]^=X[2,3]^X[8,9]
+        srl             $b,2,$b
+        add             $tmp1,$e,$e
+        or              $tmp2,$b,$b
+        add             $Xi,$e,$e
+         faligndata     @X[$j],@X[$j],%f18              ! 3/ 7/ 5:Tmp=X[0,1]>>>24
+___
+$code.=<<___ if ($i&1 && $i<64);
+        sll             $a,5,$tmp0                      !! $i
+        ld              [$Xfer+`4*($i%16)`],$Xi
+         fpadd32        @X[$j],@X[$j],@X[$j]            ! 4/ 8/ 6:X[0,1]<<=1
+        srl             $a,27,$tmp1
+        add             $tmp0,$e,$e
+         fmul8ulx16     %f18,$fmul,%f18                 ! 5/10/ 7:Tmp>>=7, Tmp&=1
+        xor             $c,$b,$tmp0
+        add             $tmp1,$e,$e
+         fpadd32        $K,@X[$l],%f20                  !
+        sll             $b,30,$tmp2
+        xor             $d,$tmp0,$tmp1
+         fxors          @X[($k+13)%16],@X[$k],@X[$k]    !-1/-1/-1:X[0]^=X[13]
+        srl             $b,2,$b
+        add             $tmp1,$e,$e
+         fxor           %f18,@X[$j],@X[$j]              ! 8/14/10:X[0,1]|=Tmp
+        or              $tmp2,$b,$b
+        add             $Xi,$e,$e
+         std            %f20,[$Xfer+`4*$l`]             !
+___
+$code.=<<___ if ($i==64);
+        sll             $a,5,$tmp0                      !! $i
+        ld              [$Xfer+`4*($i%16)`],$Xi
+         fpadd32        $K,@X[$l],%f20
+        srl             $a,27,$tmp1
+        add             $tmp0,$e,$e
+        xor             $c,$b,$tmp0
+        add             $tmp1,$e,$e
+        sll             $b,30,$tmp2
+        xor             $d,$tmp0,$tmp1
+         std            %f20,[$Xfer+`4*$l`]
+        srl             $b,2,$b
+        add             $tmp1,$e,$e
+        or              $tmp2,$b,$b
+        add             $Xi,$e,$e
+___
+$code.=<<___ if ($i>64);
+        sll             $a,5,$tmp0                      !! $i
+        ld              [$Xfer+`4*($i%16)`],$Xi
+        srl             $a,27,$tmp1
+        add             $tmp0,$e,$e
+        xor             $c,$b,$tmp0
+        add             $tmp1,$e,$e
+        sll             $b,30,$tmp2
+        xor             $d,$tmp0,$tmp1
+        srl             $b,2,$b
+        add             $tmp1,$e,$e
+        or              $tmp2,$b,$b
+        add             $Xi,$e,$e
+___
+}
+sub BODY_40_59 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=$i&~1;
+my $k=($j+16+2)%16;     # ahead reference
+my $l=($j+16-2)%16;     # behind reference
+my $K=@VK[($j+16-2)/20];
+$j=($j+16)%16;
+$code.=<<___ if (!($i&1));
+        sll             $a,5,$tmp0                      !! $i
+        ld              [$Xfer+`4*($i%16)`],$Xi
+         fxors          @X[($j+14)%16],@X[$j+1],@X[$j+1]! 0/ 0/ 0:X[1]^=X[14]
+        srl             $a,27,$tmp1
+        add             $tmp0,$e,$e
+         fxor           @X[($j+2)%16],@X[($j+8)%16],%f18! 1/ 1/ 1:Tmp=X[2,3]^X[8,9]
+        and             $c,$b,$tmp0
+        add             $tmp1,$e,$e
+        sll             $b,30,$tmp2
+        or              $c,$b,$tmp1
+         fxor           %f18,@X[$j],@X[$j]              ! 2/ 4/ 3:X[0,1]^=X[2,3]^X[8,9]
+        srl             $b,2,$b
+        and             $d,$tmp1,$tmp1
+        add             $Xi,$e,$e
+        or              $tmp1,$tmp0,$tmp1
+         faligndata     @X[$j],@X[$j],%f18              ! 3/ 7/ 5:Tmp=X[0,1]>>>24
+        or              $tmp2,$b,$b
+        add             $tmp1,$e,$e
+         fpadd32        @X[$j],@X[$j],@X[$j]            ! 4/ 8/ 6:X[0,1]<<=1
+___
+$code.=<<___ if ($i&1);
+        sll             $a,5,$tmp0                      !! $i
+        ld              [$Xfer+`4*($i%16)`],$Xi
+        srl             $a,27,$tmp1
+        add             $tmp0,$e,$e
+         fmul8ulx16     %f18,$fmul,%f18                 ! 5/10/ 7:Tmp>>=7, Tmp&=1
+        and             $c,$b,$tmp0
+        add             $tmp1,$e,$e
+         fpadd32        $K,@X[$l],%f20                  !
+        sll             $b,30,$tmp2
+        or              $c,$b,$tmp1
+         fxors          @X[($k+13)%16],@X[$k],@X[$k]    !-1/-1/-1:X[0]^=X[13]
+        srl             $b,2,$b
+        and             $d,$tmp1,$tmp1
+         fxor           %f18,@X[$j],@X[$j]              ! 8/14/10:X[0,1]|=Tmp
+        add             $Xi,$e,$e
+        or              $tmp1,$tmp0,$tmp1
+        or              $tmp2,$b,$b
+        add             $tmp1,$e,$e
+         std            %f20,[$Xfer+`4*$l`]             !
+___
+}
+# If there is more data to process, then we pre-fetch the data for
+# next iteration in last ten rounds...
+sub BODY_70_79 {
+my ($i,$a,$b,$c,$d,$e)=@_;
+my $j=$i&~1;
+my $m=($i%8)*2;
+$j=($j+16)%16;
+$code.=<<___ if ($i==70);
+        sll             $a,5,$tmp0                      !! $i
+        ld              [$Xfer+`4*($i%16)`],$Xi
+        srl             $a,27,$tmp1
+        add             $tmp0,$e,$e
+         ldd            [$inp+64],@X[0]
+        xor             $c,$b,$tmp0
+        add             $tmp1,$e,$e
+        sll             $b,30,$tmp2
+        xor             $d,$tmp0,$tmp1
+        srl             $b,2,$b
+        add             $tmp1,$e,$e
+        or              $tmp2,$b,$b
+        add             $Xi,$e,$e
+        and             $inp,-64,$nXfer
+        inc             64,$inp
+        and             $nXfer,255,$nXfer
+        alignaddr       %g0,$align,%g0
+        add             $base,$nXfer,$nXfer
+___
+$code.=<<___ if ($i==71);
+        sll             $a,5,$tmp0                      !! $i
+        ld              [$Xfer+`4*($i%16)`],$Xi
+        srl             $a,27,$tmp1
+        add             $tmp0,$e,$e
+        xor             $c,$b,$tmp0
+        add             $tmp1,$e,$e
+        sll             $b,30,$tmp2
+        xor             $d,$tmp0,$tmp1
+        srl             $b,2,$b
+        add             $tmp1,$e,$e
+        or              $tmp2,$b,$b
+        add             $Xi,$e,$e
+___
+$code.=<<___ if ($i>=72);
+         faligndata     @X[$m],@X[$m+2],@X[$m]
+        sll             $a,5,$tmp0                      !! $i
+        ld              [$Xfer+`4*($i%16)`],$Xi
+        srl             $a,27,$tmp1
+        add             $tmp0,$e,$e
+        xor             $c,$b,$tmp0
+        add             $tmp1,$e,$e
+         fpadd32        $VK_00_19,@X[$m],%f20
+        sll             $b,30,$tmp2
+        xor             $d,$tmp0,$tmp1
+        srl             $b,2,$b
+        add             $tmp1,$e,$e
+        or              $tmp2,$b,$b
+        add             $Xi,$e,$e
+___
+$code.=<<___ if ($i<77);
+         ldd            [$inp+`8*($i+1-70)`],@X[2*($i+1-70)]
+___
+$code.=<<___ if ($i==77);       # redundant if $inp was aligned
+         add            $align,63,$tmp0
+         and            $tmp0,-8,$tmp0
+         ldd            [$inp+$tmp0],@X[16]
+___
+$code.=<<___ if ($i>=72);
+         std            %f20,[$nXfer+`4*$m`]
+___
+}
+$code.=<<___;
+.section        ".text",#alloc,#execinstr
+.align  64
+vis_const:
+.long   0x5a827999,0x5a827999   ! K_00_19
+.long   0x6ed9eba1,0x6ed9eba1   ! K_20_39
+.long   0x8f1bbcdc,0x8f1bbcdc   ! K_40_59
+.long   0xca62c1d6,0xca62c1d6   ! K_60_79
+.long   0x00000100,0x00000100
+.align  64
+.type   vis_const,#object
+.size   vis_const,(.-vis_const)
+.globl  sha1_block_data_order
+sha1_block_data_order:
+        save    %sp,-$frame,%sp
+        add     %fp,$bias-256,$base
+1:      call    .+8
+        add     %o7,vis_const-1b,$tmp0
+        ldd     [$tmp0+0],$VK_00_19
+        ldd     [$tmp0+8],$VK_20_39
+        ldd     [$tmp0+16],$VK_40_59
+        ldd     [$tmp0+24],$VK_60_79
+        ldd     [$tmp0+32],$fmul
+        ld      [$ctx+0],$Actx
+        and     $base,-256,$base
+        ld      [$ctx+4],$Bctx
+        sub     $base,$bias+$frame,%sp
+        ld      [$ctx+8],$Cctx
+        and     $inp,7,$align
+        ld      [$ctx+12],$Dctx
+        and     $inp,-8,$inp
+        ld      [$ctx+16],$Ectx
+        ! X[16] is maintained in FP register bank
+        alignaddr       %g0,$align,%g0
+        ldd             [$inp+0],@X[0]
+        sub             $inp,-64,$Xfer
+        ldd             [$inp+8],@X[2]
+        and             $Xfer,-64,$Xfer
+        ldd             [$inp+16],@X[4]
+        and             $Xfer,255,$Xfer
+        ldd             [$inp+24],@X[6]
+        add             $base,$Xfer,$Xfer
+        ldd             [$inp+32],@X[8]
+        ldd             [$inp+40],@X[10]
+        ldd             [$inp+48],@X[12]
+        brz,pt          $align,.Laligned
+        ldd             [$inp+56],@X[14]
+        ldd             [$inp+64],@X[16]
+        faligndata      @X[0],@X[2],@X[0]
+        faligndata      @X[2],@X[4],@X[2]
+        faligndata      @X[4],@X[6],@X[4]
+        faligndata      @X[6],@X[8],@X[6]
+        faligndata      @X[8],@X[10],@X[8]
+        faligndata      @X[10],@X[12],@X[10]
+        faligndata      @X[12],@X[14],@X[12]
+        faligndata      @X[14],@X[16],@X[14]
+.Laligned:
+        mov             5,$tmp0
+        dec             1,$len
+        alignaddr       %g0,$tmp0,%g0
+        fpadd32         $VK_00_19,@X[0],%f16
+        fpadd32         $VK_00_19,@X[2],%f18
+        fpadd32         $VK_00_19,@X[4],%f20
+        fpadd32         $VK_00_19,@X[6],%f22
+        fpadd32         $VK_00_19,@X[8],%f24
+        fpadd32         $VK_00_19,@X[10],%f26
+        fpadd32         $VK_00_19,@X[12],%f28
+        fpadd32         $VK_00_19,@X[14],%f30
+        std             %f16,[$Xfer+0]
+        mov             $Actx,$A
+        std             %f18,[$Xfer+8]
+        mov             $Bctx,$B
+        std             %f20,[$Xfer+16]
+        mov             $Cctx,$C
+        std             %f22,[$Xfer+24]
+        mov             $Dctx,$D
+        std             %f24,[$Xfer+32]
+        mov             $Ectx,$E
+        std             %f26,[$Xfer+40]
+        fxors           @X[13],@X[0],@X[0]
+        std             %f28,[$Xfer+48]
+        ba              .Loop
+        std             %f30,[$Xfer+56]
+.align  32
+.Loop:
+___
+for ($i=0;$i<20;$i++)   { &BODY_00_19($i,@V); unshift(@V,pop(@V)); }
+for (;$i<40;$i++)       { &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+for (;$i<60;$i++)       { &BODY_40_59($i,@V); unshift(@V,pop(@V)); }
+for (;$i<70;$i++)       { &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+        tst             $len
+        bz,pn           `$bits==32?"%icc":"%xcc"`,.Ltail
+        nop
+___
+for (;$i<80;$i++)       { &BODY_70_79($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+        add             $A,$Actx,$Actx
+        add             $B,$Bctx,$Bctx
+        add             $C,$Cctx,$Cctx
+        add             $D,$Dctx,$Dctx
+        add             $E,$Ectx,$Ectx
+        mov             5,$tmp0
+        fxors           @X[13],@X[0],@X[0]
+        mov             $Actx,$A
+        mov             $Bctx,$B
+        mov             $Cctx,$C
+        mov             $Dctx,$D
+        mov             $Ectx,$E
+        alignaddr       %g0,$tmp0,%g0   
+        dec             1,$len
+        ba              .Loop
+        mov             $nXfer,$Xfer
+.align  32
+.Ltail:
+___
+for($i=70;$i<80;$i++)   { &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+        add     $A,$Actx,$Actx
+        add     $B,$Bctx,$Bctx
+        add     $C,$Cctx,$Cctx
+        add     $D,$Dctx,$Dctx
+        add     $E,$Ectx,$Ectx
+        st      $Actx,[$ctx+0]
+        st      $Bctx,[$ctx+4]
+        st      $Cctx,[$ctx+8]
+        st      $Dctx,[$ctx+12]
+        st      $Ectx,[$ctx+16]
+        ret
+        restore
+.type   sha1_block_data_order,#function
+.size   sha1_block_data_order,(.-sha1_block_data_order)
+.asciz  "SHA1 block transform for SPARCv9a, CRYPTOGAMS by <appro\@openssl.org>"
+___
+# Purpose of these subroutines is to explicitly encode VIS instructions,
+# so that one can compile the module without having to specify VIS
+# extentions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
+# Idea is to reserve for option to produce "universal" binary and let
+# programmer detect if current CPU is VIS capable at run-time.
+sub unvis {
+my ($mnemonic,$rs1,$rs2,$rd)=@_;
+my $ref,$opf;
+my %visopf = (  "fmul8ulx16"    => 0x037,
+                "faligndata"    => 0x048,
+                "fpadd32"       => 0x052,
+                "fxor"          => 0x06c,
+                "fxors"         => 0x06d        );
+    $ref = "$mnemonic\t$rs1,$rs2,$rd";
+    if ($opf=$visopf{$mnemonic}) {
+        foreach ($rs1,$rs2,$rd) {
+            return $ref if (!/%f([0-9]{1,2})/);
+            $_=$1;
+            if ($1>=32) {
+                return $ref if ($1&1);
+                # re-encode for upper double register addressing
+                $_=($1|$1>>5)&31;
+            }
+        }
+        return  sprintf ".word\t0x%08x !%s",
+                        0x81b00000|$rd<<25|$rs1<<14|$opf<<5|$rs2,
+                        $ref;
+    } else {
+        return $ref;
+    }
+}
+sub unalignaddr {
+my ($mnemonic,$rs1,$rs2,$rd)=@_;
+my %bias = ( "g" => 0, "o" => 8, "l" => 16, "i" => 24 );
+my $ref="$mnemonic\t$rs1,$rs2,$rd";
+    foreach ($rs1,$rs2,$rd) {
+        if (/%([goli])([0-7])/) { $_=$bias{$1}+$2; }
+        else                    { return $ref; }
+    }
+    return  sprintf ".word\t0x%08x !%s",
+                    0x81b00300|$rd<<25|$rs1<<14|$rs2,
+                    $ref;
+}
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+$code =~ s/\b(f[^\s]*)\s+(%f[0-9]{1,2}),(%f[0-9]{1,2}),(%f[0-9]{1,2})/
+                &unvis($1,$2,$3,$4)
+          /gem;
+$code =~ s/\b(alignaddr)\s+(%[goli][0-7]),(%[goli][0-7]),(%[goli][0-7])/
+                &unalignaddr($1,$2,$3,$4)
+          /gem;
+print $code;
+close STDOUT;
diff --git a/src/lib/libcrypto/sha/asm/sha1-thumb.pl b/src/lib/libcrypto/sha/asm/sha1-thumb.pl
new file mode 100644
index 0000000000..7c9ea9b029
--- /dev/null
+++ b/src/lib/libcrypto/sha/asm/sha1-thumb.pl
@@ -0,0 +1,259 @@
+#!/usr/bin/env perl
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+# sha1_block for Thumb.
+#
+# January 2007.
+#
+# The code does not present direct interest to OpenSSL, because of low
+# performance. Its purpose is to establish _size_ benchmark. Pretty
+# useless one I must say, because 30% or 88 bytes larger ARMv4 code
+# [avialable on demand] is almost _twice_ as fast. It should also be
+# noted that in-lining of .Lcommon and .Lrotate improves performance
+# by over 40%, while code increases by only 10% or 32 bytes. But once
+# again, the goal was to establish _size_ benchmark, not performance.
+$output=shift;
+open STDOUT,">$output";
+$inline=0;
+#$cheat_on_binutils=1;
+$t0="r0";
+$t1="r1";
+$t2="r2";
+$a="r3";
+$b="r4";
+$c="r5";
+$d="r6";
+$e="r7";
+$K="r8";        # "upper" registers can be used in add/sub and mov insns
+$ctx="r9";
+$inp="r10";
+$len="r11";
+$Xi="r12";
+sub common {
+<<___;
+        sub     $t0,#4
+        ldr     $t1,[$t0]
+        add     $e,$K                   @ E+=K_xx_xx
+        lsl     $t2,$a,#5
+        add     $t2,$e
+        lsr     $e,$a,#27
+        add     $t2,$e                  @ E+=ROR(A,27)
+        add     $t2,$t1                 @ E+=X[i]
+___
+}
+sub rotate {
+<<___;
+        mov     $e,$d                   @ E=D
+        mov     $d,$c                   @ D=C
+        lsl     $c,$b,#30
+        lsr     $b,$b,#2
+        orr     $c,$b                   @ C=ROR(B,2)
+        mov     $b,$a                   @ B=A
+        add     $a,$t2,$t1              @ A=E+F_xx_xx(B,C,D)
+___
+}
+sub BODY_00_19 {
+$code.=$inline?&common():"\tbl  .Lcommon\n";
+$code.=<<___;
+        mov     $t1,$c
+        eor     $t1,$d
+        and     $t1,$b
+        eor     $t1,$d                  @ F_00_19(B,C,D)
+___
+$code.=$inline?&rotate():"\tbl  .Lrotate\n";
+}
+sub BODY_20_39 {
+$code.=$inline?&common():"\tbl  .Lcommon\n";
+$code.=<<___;
+        mov     $t1,$b
+        eor     $t1,$c
+        eor     $t1,$d                  @ F_20_39(B,C,D)
+___
+$code.=$inline?&rotate():"\tbl  .Lrotate\n";
+}
+sub BODY_40_59 {
+$code.=$inline?&common():"\tbl  .Lcommon\n";
+$code.=<<___;
+        mov     $t1,$b
+        and     $t1,$c
+        mov     $e,$b
+        orr     $e,$c
+        and     $e,$d
+        orr     $t1,$e                  @ F_40_59(B,C,D)
+___
+$code.=$inline?&rotate():"\tbl  .Lrotate\n";
+}
+$code=<<___;
+.text
+.code   16
+.global sha1_block_data_order
+.type   sha1_block_data_order,%function
+.align  2
+sha1_block_data_order:
+___
+if ($cheat_on_binutils) {
+$code.=<<___;
+.code   32
+        add     r3,pc,#1
+        bx      r3                      @ switch to Thumb ISA
+.code   16
+___
+}
+$code.=<<___;
+        push    {r4-r7}
+        mov     r3,r8
+        mov     r4,r9
+        mov     r5,r10
+        mov     r6,r11
+        mov     r7,r12
+        push    {r3-r7,lr}
+        lsl     r2,#6
+        mov     $ctx,r0                 @ save context
+        mov     $inp,r1                 @ save inp
+        mov     $len,r2                 @ save len
+        add     $len,$inp               @ $len to point at inp end
+.Lloop:
+        mov     $Xi,sp
+        mov     $t2,sp
+        sub     $t2,#16*4               @ [3]
+.LXload:
+        ldrb    $a,[$t1,#0]             @ $t1 is r1 and holds inp
+        ldrb    $b,[$t1,#1]
+        ldrb    $c,[$t1,#2]
+        ldrb    $d,[$t1,#3]
+        lsl     $a,#24
+        lsl     $b,#16
+        lsl     $c,#8
+        orr     $a,$b
+        orr     $a,$c
+        orr     $a,$d
+        add     $t1,#4
+        push    {$a}
+        cmp     sp,$t2
+        bne     .LXload                 @ [+14*16]
+        mov     $inp,$t1                @ update $inp
+        sub     $t2,#32*4
+        sub     $t2,#32*4
+        mov     $e,#31                  @ [+4]
+.LXupdate:
+        ldr     $a,[sp,#15*4]
+        ldr     $b,[sp,#13*4]
+        ldr     $c,[sp,#7*4]
+        ldr     $d,[sp,#2*4]
+        eor     $a,$b
+        eor     $a,$c
+        eor     $a,$d
+        ror     $a,$e
+        push    {$a}
+        cmp     sp,$t2
+        bne     .LXupdate               @ [+(11+1)*64]
+        ldmia   $t0!,{$a,$b,$c,$d,$e}   @ $t0 is r0 and holds ctx
+        mov     $t0,$Xi
+        ldr     $t2,.LK_00_19
+        mov     $t1,$t0
+        sub     $t1,#20*4
+        mov     $Xi,$t1
+        mov     $K,$t2                  @ [+7+4]
+.L_00_19:
+___
+        &BODY_00_19();
+$code.=<<___;
+        cmp     $Xi,$t0
+        bne     .L_00_19                @ [+(2+9+4+2+8+2)*20]
+        ldr     $t2,.LK_20_39
+        mov     $t1,$t0
+        sub     $t1,#20*4
+        mov     $Xi,$t1
+        mov     $K,$t2                  @ [+5]
+.L_20_39_or_60_79:
+___
+        &BODY_20_39();
+$code.=<<___;
+        cmp     $Xi,$t0
+        bne     .L_20_39_or_60_79       @ [+(2+9+3+2+8+2)*20*2]
+        cmp     sp,$t0
+        beq     .Ldone                  @ [+2]
+        ldr     $t2,.LK_40_59
+        mov     $t1,$t0
+        sub     $t1,#20*4
+        mov     $Xi,$t1
+        mov     $K,$t2                  @ [+5]
+.L_40_59:
+___
+        &BODY_40_59();
+$code.=<<___;
+        cmp     $Xi,$t0
+        bne     .L_40_59                @ [+(2+9+6+2+8+2)*20]
+        ldr     $t2,.LK_60_79
+        mov     $Xi,sp
+        mov     $K,$t2
+        b       .L_20_39_or_60_79       @ [+4]
+.Ldone:
+        mov     $t0,$ctx
+        ldr     $t1,[$t0,#0]
+        ldr     $t2,[$t0,#4]
+        add     $a,$t1
+        ldr     $t1,[$t0,#8]
+        add     $b,$t2
+        ldr     $t2,[$t0,#12]
+        add     $c,$t1
+        ldr     $t1,[$t0,#16]
+        add     $d,$t2
+        add     $e,$t1
+        stmia   $t0!,{$a,$b,$c,$d,$e}   @ [+20]
+        add     sp,#80*4                @ deallocate stack frame
+        mov     $t0,$ctx                @ restore ctx
+        mov     $t1,$inp                @ restore inp
+        cmp     $t1,$len
+        beq     .Lexit
+        b       .Lloop                  @ [+6] total 3212 cycles
+.Lexit:
+        pop     {r2-r7}
+        mov     r8,r2
+        mov     r9,r3
+        mov     r10,r4
+        mov     r11,r5
+        mov     r12,r6
+        mov     lr,r7
+        pop     {r4-r7}
+        bx      lr
+.align  2
+___
+$code.=".Lcommon:\n".&common()."\tmov   pc,lr\n" if (!$inline);
+$code.=".Lrotate:\n".&rotate()."\tmov   pc,lr\n" if (!$inline);
+$code.=<<___;
+.align  2
+.LK_00_19:      .word   0x5a827999
+.LK_20_39:      .word   0x6ed9eba1
+.LK_40_59:      .word   0x8f1bbcdc
+.LK_60_79:      .word   0xca62c1d6
+.size   sha1_block_data_order,.-sha1_block_data_order
+.asciz  "SHA1 block transform for Thumb, CRYPTOGAMS by <appro\@openssl.org>"
+___
+print $code;
+close STDOUT; # enforce flush
diff --git a/src/lib/libcrypto/sha/asm/sha1-x86_64.pl b/src/lib/libcrypto/sha/asm/sha1-x86_64.pl
index f7ed67a726..4edc5ea9ad 100755
--- a/src/lib/libcrypto/sha/asm/sha1-x86_64.pl
+++ b/src/lib/libcrypto/sha/asm/sha1-x86_64.pl
@@ -29,14 +29,18 @@
 # Xeon P4       +65%            +0%             9.9
 # Core2         +60%            +10%            7.0
-$output=shift;
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
 $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
 ( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
 ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
 die "can't locate x86_64-xlate.pl";
-open STDOUT,"| $^X $xlate $output";
+open STDOUT,"| $^X $xlate $flavour $output";
 $ctx="%rdi";    # 1st arg
 $inp="%rsi";    # 2nd arg
@@ -69,13 +73,14 @@ $func:
        push    %rbx
        push    %rbp
        push    %r12
-        mov     %rsp,%rax
+        mov     %rsp,%r11
        mov     %rdi,$ctx       # reassigned argument
        sub     \$`8+16*4`,%rsp
        mov     %rsi,$inp       # reassigned argument
        and     \$-64,%rsp
        mov     %rdx,$num       # reassigned argument
-        mov     %rax,`16*4`(%rsp)
+        mov     %r11,`16*4`(%rsp)
+.Lprologue:
        mov     0($ctx),$A
        mov     4($ctx),$B
@@ -88,10 +93,12 @@ ___
 sub EPILOGUE {
 my $func=shift;
 $code.=<<___;
-        mov     `16*4`(%rsp),%rsp
+        mov     `16*4`(%rsp),%rsi
-        pop     %r12
+        mov     (%rsi),%r12
-        pop     %rbp
+        mov     8(%rsi),%rbp
-        pop     %rbx
+        mov     16(%rsi),%rbx
+        lea     24(%rsi),%rsp
+.Lepilogue:
        ret
 .size   $func,.-$func
 ___
@@ -233,7 +240,109 @@ ___
 &EPILOGUE("sha1_block_data_order");
 $code.=<<___;
 .asciz  "SHA1 block transform for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
+.align  16
+___
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#               CONTEXT *context,DISPATCHER_CONTEXT *disp)
+if ($win64) {
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+$code.=<<___;
+.extern __imp_RtlVirtualUnwind
+.type   se_handler,\@abi-omnipotent
+.align  16
+se_handler:
+        push    %rsi
+        push    %rdi
+        push    %rbx
+        push    %rbp
+        push    %r12
+        push    %r13
+        push    %r14
+        push    %r15
+        pushfq
+        sub     \$64,%rsp
+        mov     120($context),%rax      # pull context->Rax
+        mov     248($context),%rbx      # pull context->Rip
+        lea     .Lprologue(%rip),%r10
+        cmp     %r10,%rbx               # context->Rip<.Lprologue
+        jb      .Lin_prologue
+        mov     152($context),%rax      # pull context->Rsp
+        lea     .Lepilogue(%rip),%r10
+        cmp     %r10,%rbx               # context->Rip>=.Lepilogue
+        jae     .Lin_prologue
+        mov     `16*4`(%rax),%rax       # pull saved stack pointer
+        lea     24(%rax),%rax
+        mov     -8(%rax),%rbx
+        mov     -16(%rax),%rbp
+        mov     -24(%rax),%r12
+        mov     %rbx,144($context)      # restore context->Rbx
+        mov     %rbp,160($context)      # restore context->Rbp
+        mov     %r12,216($context)      # restore context->R12
+.Lin_prologue:
+        mov     8(%rax),%rdi
+        mov     16(%rax),%rsi
+        mov     %rax,152($context)      # restore context->Rsp
+        mov     %rsi,168($context)      # restore context->Rsi
+        mov     %rdi,176($context)      # restore context->Rdi
+        mov     40($disp),%rdi          # disp->ContextRecord
+        mov     $context,%rsi           # context
+        mov     \$154,%ecx              # sizeof(CONTEXT)
+        .long   0xa548f3fc              # cld; rep movsq
+        mov     $disp,%rsi
+        xor     %rcx,%rcx               # arg1, UNW_FLAG_NHANDLER
+        mov     8(%rsi),%rdx            # arg2, disp->ImageBase
+        mov     0(%rsi),%r8             # arg3, disp->ControlPc
+        mov     16(%rsi),%r9            # arg4, disp->FunctionEntry
+        mov     40(%rsi),%r10           # disp->ContextRecord
+        lea     56(%rsi),%r11           # &disp->HandlerData
+        lea     24(%rsi),%r12           # &disp->EstablisherFrame
+        mov     %r10,32(%rsp)           # arg5
+        mov     %r11,40(%rsp)           # arg6
+        mov     %r12,48(%rsp)           # arg7
+        mov     %rcx,56(%rsp)           # arg8, (NULL)
+        call    *__imp_RtlVirtualUnwind(%rip)
+        mov     \$1,%eax                # ExceptionContinueSearch
+        add     \$64,%rsp
+        popfq
+        pop     %r15
+        pop     %r14
+        pop     %r13
+        pop     %r12
+        pop     %rbp
+        pop     %rbx
+        pop     %rdi
+        pop     %rsi
+        ret
+.size   se_handler,.-se_handler
+.section        .pdata
+.align  4
+        .rva    .LSEH_begin_sha1_block_data_order
+        .rva    .LSEH_end_sha1_block_data_order
+        .rva    .LSEH_info_sha1_block_data_order
+.section        .xdata
+.align  8
+.LSEH_info_sha1_block_data_order:
+        .byte   9,0,0,0
+        .rva    se_handler
 ___
+}
 ####################################################################
diff --git a/src/lib/libcrypto/sha/asm/sha256-586.pl b/src/lib/libcrypto/sha/asm/sha256-586.pl
new file mode 100644
index 0000000000..ecc8b69c75
--- /dev/null
+++ b/src/lib/libcrypto/sha/asm/sha256-586.pl
@@ -0,0 +1,251 @@
+#!/usr/bin/env perl
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# SHA256 block transform for x86. September 2007.
+#
+# Performance in clock cycles per processed byte (less is better):
+#
+#               Pentium PIII    P4      AMD K8  Core2
+# gcc           46      36      41      27      26
+# icc           57      33      38      25      23      
+# x86 asm       40      30      35      20      20
+# x86_64 asm(*) -       -       21      15.8    16.5
+#
+# (*) x86_64 assembler performance is presented for reference
+#     purposes.
+#
+# Performance improvement over compiler generated code varies from
+# 10% to 40% [see above]. Not very impressive on some �-archs, but
+# it's 5 times smaller and optimizies amount of writes.
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "x86asm.pl";
+&asm_init($ARGV[0],"sha512-586.pl",$ARGV[$#ARGV] eq "386");
+$A="eax";
+$E="edx";
+$T="ebx";
+$Aoff=&DWP(0,"esp");
+$Boff=&DWP(4,"esp");
+$Coff=&DWP(8,"esp");
+$Doff=&DWP(12,"esp");
+$Eoff=&DWP(16,"esp");
+$Foff=&DWP(20,"esp");
+$Goff=&DWP(24,"esp");
+$Hoff=&DWP(28,"esp");
+$Xoff=&DWP(32,"esp");
+$K256="ebp";
+sub BODY_00_15() {
+    my $in_16_63=shift;
+        &mov    ("ecx",$E);
+         &add   ($T,&DWP(4*(8+15+16-9),"esp"))  if ($in_16_63); # T += X[-7]
+        &ror    ("ecx",6);
+        &mov    ("edi",$E);
+        &ror    ("edi",11);
+         &mov   ("esi",$Foff);
+        &xor    ("ecx","edi");
+        &ror    ("edi",25-11);
+         &mov   (&DWP(4*(8+15),"esp"),$T)       if ($in_16_63); # save X[0]
+        &xor    ("ecx","edi");  # Sigma1(e)
+         &mov   ("edi",$Goff);
+        &add    ($T,"ecx");     # T += Sigma1(e)
+         &mov   ($Eoff,$E);     # modulo-scheduled
+        &xor    ("esi","edi");
+         &mov   ("ecx",$A);
+        &and    ("esi",$E);
+         &mov   ($E,$Doff);     # e becomes d, which is e in next iteration
+        &xor    ("esi","edi");  # Ch(e,f,g)
+         &mov   ("edi",$A);
+        &add    ($T,"esi");     # T += Ch(e,f,g)
+        &ror    ("ecx",2);
+         &add   ($T,$Hoff);     # T += h
+        &ror    ("edi",13);
+         &mov   ("esi",$Boff);
+        &xor    ("ecx","edi");
+        &ror    ("edi",22-13);
+         &add   ($E,$T);        # d += T
+        &xor    ("ecx","edi");  # Sigma0(a)
+         &mov   ("edi",$Coff);
+        &add    ($T,"ecx");     # T += Sigma0(a)
+         &mov   ($Aoff,$A);     # modulo-scheduled
+        &mov    ("ecx",$A);
+         &sub   ("esp",4);
+        &or     ($A,"esi");     # a becomes h, which is a in next iteration
+        &and    ("ecx","esi");
+        &and    ($A,"edi");
+         &mov   ("esi",&DWP(0,$K256));
+        &or     ($A,"ecx");     # h=Maj(a,b,c)
+        &add    ($K256,4);
+        &add    ($A,$T);        # h += T
+         &mov   ($T,&DWP(4*(8+15+16-1),"esp"))  if ($in_16_63); # preload T
+        &add    ($E,"esi");     # d += K256[i]
+        &add    ($A,"esi");     # h += K256[i]
+}
+&function_begin("sha256_block_data_order");
+        &mov    ("esi",wparam(0));      # ctx
+        &mov    ("edi",wparam(1));      # inp
+        &mov    ("eax",wparam(2));      # num
+        &mov    ("ebx","esp");          # saved sp
+        &call   (&label("pic_point"));  # make it PIC!
+&set_label("pic_point");
+        &blindpop($K256);
+        &lea    ($K256,&DWP(&label("K256")."-".&label("pic_point"),$K256));
+        &sub    ("esp",16);
+        &and    ("esp",-64);
+        &shl    ("eax",6);
+        &add    ("eax","edi");
+        &mov    (&DWP(0,"esp"),"esi");  # ctx
+        &mov    (&DWP(4,"esp"),"edi");  # inp
+        &mov    (&DWP(8,"esp"),"eax");  # inp+num*128
+        &mov    (&DWP(12,"esp"),"ebx"); # saved sp
+&set_label("loop",16);
+    # copy input block to stack reversing byte and dword order
+    for($i=0;$i<4;$i++) {
+        &mov    ("eax",&DWP($i*16+0,"edi"));
+        &mov    ("ebx",&DWP($i*16+4,"edi"));
+        &mov    ("ecx",&DWP($i*16+8,"edi"));
+        &mov    ("edx",&DWP($i*16+12,"edi"));
+        &bswap  ("eax");
+        &bswap  ("ebx");
+        &bswap  ("ecx");
+        &bswap  ("edx");
+        &push   ("eax");
+        &push   ("ebx");
+        &push   ("ecx");
+        &push   ("edx");
+    }
+        &add    ("edi",64);
+        &sub    ("esp",4*8);            # place for A,B,C,D,E,F,G,H
+        &mov    (&DWP(4*(8+16)+4,"esp"),"edi");
+        # copy ctx->h[0-7] to A,B,C,D,E,F,G,H on stack
+        &mov    ($A,&DWP(0,"esi"));
+        &mov    ("ebx",&DWP(4,"esi"));
+        &mov    ("ecx",&DWP(8,"esi"));
+        &mov    ("edi",&DWP(12,"esi"));
+        # &mov  ($Aoff,$A);
+        &mov    ($Boff,"ebx");
+        &mov    ($Coff,"ecx");
+        &mov    ($Doff,"edi");
+        &mov    ($E,&DWP(16,"esi"));    
+        &mov    ("ebx",&DWP(20,"esi"));
+        &mov    ("ecx",&DWP(24,"esi"));
+        &mov    ("edi",&DWP(28,"esi"));
+        # &mov  ($Eoff,$E);
+        &mov    ($Foff,"ebx");
+        &mov    ($Goff,"ecx");
+        &mov    ($Hoff,"edi");
+&set_label("00_15",16);
+        &mov    ($T,&DWP(4*(8+15),"esp"));
+        &BODY_00_15();
+        &cmp    ("esi",0xc19bf174);
+        &jne    (&label("00_15"));
+        &mov    ($T,&DWP(4*(8+15+16-1),"esp")); # preloaded in BODY_00_15(1)
+&set_label("16_63",16);
+        &mov    ("esi",$T);
+         &mov   ("ecx",&DWP(4*(8+15+16-14),"esp"));
+        &shr    ($T,3);
+        &ror    ("esi",7);
+        &xor    ($T,"esi");
+        &ror    ("esi",18-7);
+         &mov   ("edi","ecx");
+        &xor    ($T,"esi");                     # T = sigma0(X[-15])
+        &shr    ("ecx",10);
+         &mov   ("esi",&DWP(4*(8+15+16),"esp"));
+        &ror    ("edi",17);
+        &xor    ("ecx","edi");
+        &ror    ("edi",19-17);
+         &add   ($T,"esi");                     # T += X[-16]
+        &xor    ("edi","ecx")                   # sigma1(X[-2])
+        &add    ($T,"edi");                     # T += sigma1(X[-2])
+        # &add  ($T,&DWP(4*(8+15+16-9),"esp")); # T += X[-7], moved to BODY_00_15(1)
+        # &mov  (&DWP(4*(8+15),"esp"),$T);      # save X[0]
+        &BODY_00_15(1);
+        &cmp    ("esi",0xc67178f2);
+        &jne    (&label("16_63"));
+        &mov    ("esi",&DWP(4*(8+16+64)+0,"esp"));#ctx
+        # &mov  ($A,$Aoff);
+        &mov    ("ebx",$Boff);
+        &mov    ("ecx",$Coff);
+        &mov    ("edi",$Doff);
+        &add    ($A,&DWP(0,"esi"));
+        &add    ("ebx",&DWP(4,"esi"));
+        &add    ("ecx",&DWP(8,"esi"));
+        &add    ("edi",&DWP(12,"esi"));
+        &mov    (&DWP(0,"esi"),$A);
+        &mov    (&DWP(4,"esi"),"ebx");
+        &mov    (&DWP(8,"esi"),"ecx");
+        &mov    (&DWP(12,"esi"),"edi");
+        # &mov  ($E,$Eoff);
+        &mov    ("eax",$Foff);
+        &mov    ("ebx",$Goff);
+        &mov    ("ecx",$Hoff);
+        &mov    ("edi",&DWP(4*(8+16+64)+4,"esp"));#inp
+        &add    ($E,&DWP(16,"esi"));
+        &add    ("eax",&DWP(20,"esi"));
+        &add    ("ebx",&DWP(24,"esi"));
+        &add    ("ecx",&DWP(28,"esi"));
+        &mov    (&DWP(16,"esi"),$E);
+        &mov    (&DWP(20,"esi"),"eax");
+        &mov    (&DWP(24,"esi"),"ebx");
+        &mov    (&DWP(28,"esi"),"ecx");
+        &add    ("esp",4*(8+16+64));            # destroy frame
+        &sub    ($K256,4*64);                   # rewind K
+        &cmp    ("edi",&DWP(8,"esp"));          # are we done yet?
+        &jb     (&label("loop"));
+        &mov    ("esp",&DWP(12,"esp"));         # restore sp
+&function_end_A();
+&set_label("K256",64);  # Yes! I keep it in the code segment!
+        &data_word(0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5);
+        &data_word(0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5);
+        &data_word(0xd807aa98,0x12835b01,0x243185be,0x550c7dc3);
+        &data_word(0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174);
+        &data_word(0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc);
+        &data_word(0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da);
+        &data_word(0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7);
+        &data_word(0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967);
+        &data_word(0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13);
+        &data_word(0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85);
+        &data_word(0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3);
+        &data_word(0xd192e819,0xd6990624,0xf40e3585,0x106aa070);
+        &data_word(0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5);
+        &data_word(0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3);
+        &data_word(0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208);
+        &data_word(0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2);
+&function_end_B("sha256_block_data_order");
+&asciz("SHA256 block transform for x86, CRYPTOGAMS by <appro\@openssl.org>");
+&asm_finish();
diff --git a/src/lib/libcrypto/sha/asm/sha256-armv4.pl b/src/lib/libcrypto/sha/asm/sha256-armv4.pl
new file mode 100644
index 0000000000..48d846deec
--- /dev/null
+++ b/src/lib/libcrypto/sha/asm/sha256-armv4.pl
@@ -0,0 +1,181 @@
+#!/usr/bin/env perl
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+# SHA256 block procedure for ARMv4. May 2007.
+# Performance is ~2x better than gcc 3.4 generated code and in "abso-
+# lute" terms is ~2250 cycles per 64-byte block or ~35 cycles per
+# byte.
+$output=shift;
+open STDOUT,">$output";
+$ctx="r0";      $t0="r0";
+$inp="r1";
+$len="r2";      $t1="r2";
+$T1="r3";
+$A="r4";
+$B="r5";
+$C="r6";
+$D="r7";
+$E="r8";
+$F="r9";
+$G="r10";
+$H="r11";
+@V=($A,$B,$C,$D,$E,$F,$G,$H);
+$t2="r12";
+$Ktbl="r14";
+@Sigma0=( 2,13,22);
+@Sigma1=( 6,11,25);
+@sigma0=( 7,18, 3);
+@sigma1=(17,19,10);
+sub BODY_00_15 {
+my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_;
+$code.=<<___ if ($i<16);
+        ldrb    $T1,[$inp,#3]                   @ $i
+        ldrb    $t2,[$inp,#2]
+        ldrb    $t1,[$inp,#1]
+        ldrb    $t0,[$inp],#4
+        orr     $T1,$T1,$t2,lsl#8
+        orr     $T1,$T1,$t1,lsl#16
+        orr     $T1,$T1,$t0,lsl#24
+        `"str   $inp,[sp,#17*4]"        if ($i==15)`
+___
+$code.=<<___;
+        ldr     $t2,[$Ktbl],#4                  @ *K256++
+        str     $T1,[sp,#`$i%16`*4]
+        mov     $t0,$e,ror#$Sigma1[0]
+        eor     $t0,$t0,$e,ror#$Sigma1[1]
+        eor     $t0,$t0,$e,ror#$Sigma1[2]       @ Sigma1(e)
+        add     $T1,$T1,$t0
+        eor     $t1,$f,$g
+        and     $t1,$t1,$e
+        eor     $t1,$t1,$g                      @ Ch(e,f,g)
+        add     $T1,$T1,$t1
+        add     $T1,$T1,$h
+        add     $T1,$T1,$t2
+        mov     $h,$a,ror#$Sigma0[0]
+        eor     $h,$h,$a,ror#$Sigma0[1]
+        eor     $h,$h,$a,ror#$Sigma0[2]         @ Sigma0(a)
+        orr     $t0,$a,$b
+        and     $t0,$t0,$c
+        and     $t1,$a,$b
+        orr     $t0,$t0,$t1                     @ Maj(a,b,c)
+        add     $h,$h,$t0
+        add     $d,$d,$T1
+        add     $h,$h,$T1
+___
+}
+sub BODY_16_XX {
+my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_;
+$code.=<<___;
+        ldr     $t1,[sp,#`($i+1)%16`*4] @ $i
+        ldr     $t2,[sp,#`($i+14)%16`*4]
+        ldr     $T1,[sp,#`($i+0)%16`*4]
+        ldr     $inp,[sp,#`($i+9)%16`*4]
+        mov     $t0,$t1,ror#$sigma0[0]
+        eor     $t0,$t0,$t1,ror#$sigma0[1]
+        eor     $t0,$t0,$t1,lsr#$sigma0[2]      @ sigma0(X[i+1])
+        mov     $t1,$t2,ror#$sigma1[0]
+        eor     $t1,$t1,$t2,ror#$sigma1[1]
+        eor     $t1,$t1,$t2,lsr#$sigma1[2]      @ sigma1(X[i+14])
+        add     $T1,$T1,$t0
+        add     $T1,$T1,$t1
+        add     $T1,$T1,$inp
+___
+        &BODY_00_15(@_);
+}
+$code=<<___;
+.text
+.code   32
+.type   K256,%object
+.align  5
+K256:
+.word   0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
+.word   0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
+.word   0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
+.word   0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
+.word   0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
+.word   0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
+.word   0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
+.word   0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
+.word   0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
+.word   0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
+.word   0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
+.word   0xd192e819,0xd6990624,0xf40e3585,0x106aa070
+.word   0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
+.word   0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
+.word   0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
+.word   0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
+.size   K256,.-K256
+.global sha256_block_data_order
+.type   sha256_block_data_order,%function
+sha256_block_data_order:
+        sub     r3,pc,#8                @ sha256_block_data_order
+        add     $len,$inp,$len,lsl#6    @ len to point at the end of inp
+        stmdb   sp!,{$ctx,$inp,$len,r4-r12,lr}
+        ldmia   $ctx,{$A,$B,$C,$D,$E,$F,$G,$H}
+        sub     $Ktbl,r3,#256           @ K256
+        sub     sp,sp,#16*4             @ alloca(X[16])
+.Loop:
+___
+for($i=0;$i<16;$i++)    { &BODY_00_15($i,@V); unshift(@V,pop(@V)); }
+$code.=".Lrounds_16_xx:\n";
+for (;$i<32;$i++)       { &BODY_16_XX($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+        and     $t2,$t2,#0xff
+        cmp     $t2,#0xf2
+        bne     .Lrounds_16_xx
+        ldr     $T1,[sp,#16*4]          @ pull ctx
+        ldr     $t0,[$T1,#0]
+        ldr     $t1,[$T1,#4]
+        ldr     $t2,[$T1,#8]
+        add     $A,$A,$t0
+        ldr     $t0,[$T1,#12]
+        add     $B,$B,$t1
+        ldr     $t1,[$T1,#16]
+        add     $C,$C,$t2
+        ldr     $t2,[$T1,#20]
+        add     $D,$D,$t0
+        ldr     $t0,[$T1,#24]
+        add     $E,$E,$t1
+        ldr     $t1,[$T1,#28]
+        add     $F,$F,$t2
+        ldr     $inp,[sp,#17*4]         @ pull inp
+        ldr     $t2,[sp,#18*4]          @ pull inp+len
+        add     $G,$G,$t0
+        add     $H,$H,$t1
+        stmia   $T1,{$A,$B,$C,$D,$E,$F,$G,$H}
+        cmp     $inp,$t2
+        sub     $Ktbl,$Ktbl,#256        @ rewind Ktbl
+        bne     .Loop
+        add     sp,sp,#`16+3`*4 @ destroy frame
+        ldmia   sp!,{r4-r12,lr}
+        tst     lr,#1
+        moveq   pc,lr                   @ be binary compatible with V4, yet
+        bx      lr                      @ interoperable with Thumb ISA:-)
+.size   sha256_block_data_order,.-sha256_block_data_order
+.asciz  "SHA256 block transform for ARMv4, CRYPTOGAMS by <appro\@openssl.org>"
+.align  2
+___
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+$code =~ s/\bbx\s+lr\b/.word\t0xe12fff1e/gm;    # make it possible to compile with -march=armv4
+print $code;
+close STDOUT; # enforce flush
diff --git a/src/lib/libcrypto/sha/asm/sha512-586.pl b/src/lib/libcrypto/sha/asm/sha512-586.pl
new file mode 100644
index 0000000000..5b9f3337ad
--- /dev/null
+++ b/src/lib/libcrypto/sha/asm/sha512-586.pl
@@ -0,0 +1,644 @@
+#!/usr/bin/env perl
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# SHA512 block transform for x86. September 2007.
+#
+# Performance in clock cycles per processed byte (less is better):
+#
+#               Pentium PIII    P4      AMD K8  Core2
+# gcc           100     75      116     54      66
+# icc           97      77      95      55      57
+# x86 asm       61      56      82      36      40
+# SSE2 asm      -       -       38      24      20
+# x86_64 asm(*) -       -       30      10.0    10.5
+#
+# (*) x86_64 assembler performance is presented for reference
+#     purposes.
+#
+# IALU code-path is optimized for elder Pentiums. On vanilla Pentium
+# performance improvement over compiler generated code reaches ~60%,
+# while on PIII - ~35%. On newer �-archs improvement varies from 15%
+# to 50%, but it's less important as they are expected to execute SSE2
+# code-path, which is commonly ~2-3x faster [than compiler generated
+# code]. SSE2 code-path is as fast as original sha512-sse2.pl, even
+# though it does not use 128-bit operations. The latter means that
+# SSE2-aware kernel is no longer required to execute the code. Another
+# difference is that new code optimizes amount of writes, but at the
+# cost of increased data cache "footprint" by 1/2KB.
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "x86asm.pl";
+&asm_init($ARGV[0],"sha512-586.pl",$ARGV[$#ARGV] eq "386");
+$sse2=0;
+for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
+&external_label("OPENSSL_ia32cap_P") if ($sse2);
+$Tlo=&DWP(0,"esp");     $Thi=&DWP(4,"esp");
+$Alo=&DWP(8,"esp");     $Ahi=&DWP(8+4,"esp");
+$Blo=&DWP(16,"esp");    $Bhi=&DWP(16+4,"esp");
+$Clo=&DWP(24,"esp");    $Chi=&DWP(24+4,"esp");
+$Dlo=&DWP(32,"esp");    $Dhi=&DWP(32+4,"esp");
+$Elo=&DWP(40,"esp");    $Ehi=&DWP(40+4,"esp");
+$Flo=&DWP(48,"esp");    $Fhi=&DWP(48+4,"esp");
+$Glo=&DWP(56,"esp");    $Ghi=&DWP(56+4,"esp");
+$Hlo=&DWP(64,"esp");    $Hhi=&DWP(64+4,"esp");
+$K512="ebp";
+$Asse2=&QWP(0,"esp");
+$Bsse2=&QWP(8,"esp");
+$Csse2=&QWP(16,"esp");
+$Dsse2=&QWP(24,"esp");
+$Esse2=&QWP(32,"esp");
+$Fsse2=&QWP(40,"esp");
+$Gsse2=&QWP(48,"esp");
+$Hsse2=&QWP(56,"esp");
+$A="mm0";       # B-D and
+$E="mm4";       # F-H are commonly loaded to respectively mm1-mm3 and
+                # mm5-mm7, but it's done on on-demand basis...
+sub BODY_00_15_sse2 {
+    my $prefetch=shift;
+        &movq   ("mm5",$Fsse2);                 # load f
+        &movq   ("mm6",$Gsse2);                 # load g
+        &movq   ("mm7",$Hsse2);                 # load h
+        &movq   ("mm1",$E);                     # %mm1 is sliding right
+        &movq   ("mm2",$E);                     # %mm2 is sliding left
+        &psrlq  ("mm1",14);
+        &movq   ($Esse2,$E);                    # modulo-scheduled save e
+        &psllq  ("mm2",23);
+        &movq   ("mm3","mm1");                  # %mm3 is T1
+        &psrlq  ("mm1",4);
+        &pxor   ("mm3","mm2");
+        &psllq  ("mm2",23);
+        &pxor   ("mm3","mm1");
+        &psrlq  ("mm1",23);
+        &pxor   ("mm3","mm2");
+        &psllq  ("mm2",4);
+        &pxor   ("mm3","mm1");
+        &paddq  ("mm7",QWP(0,$K512));           # h+=K512[i]
+        &pxor   ("mm3","mm2");                  # T1=Sigma1_512(e)
+        &pxor   ("mm5","mm6");                  # f^=g
+        &movq   ("mm1",$Bsse2);                 # load b
+        &pand   ("mm5",$E);                     # f&=e
+        &movq   ("mm2",$Csse2);                 # load c
+        &pxor   ("mm5","mm6");                  # f^=g
+        &movq   ($E,$Dsse2);                    # e = load d
+        &paddq  ("mm3","mm5");                  # T1+=Ch(e,f,g)
+        &movq   (&QWP(0,"esp"),$A);             # modulo-scheduled save a
+        &paddq  ("mm3","mm7");                  # T1+=h
+        &movq   ("mm5",$A);                     # %mm5 is sliding right
+        &movq   ("mm6",$A);                     # %mm6 is sliding left
+        &paddq  ("mm3",&QWP(8*9,"esp"));        # T1+=X[0]
+        &psrlq  ("mm5",28);
+        &paddq  ($E,"mm3");                     # e += T1
+        &psllq  ("mm6",25);
+        &movq   ("mm7","mm5");                  # %mm7 is T2
+        &psrlq  ("mm5",6);
+        &pxor   ("mm7","mm6");
+        &psllq  ("mm6",5);
+        &pxor   ("mm7","mm5");
+        &psrlq  ("mm5",5);
+        &pxor   ("mm7","mm6");
+        &psllq  ("mm6",6);
+        &pxor   ("mm7","mm5");
+        &sub    ("esp",8);
+        &pxor   ("mm7","mm6");                  # T2=Sigma0_512(a)
+        &movq   ("mm5",$A);                     # %mm5=a
+        &por    ($A,"mm2");                     # a=a|c
+        &movq   ("mm6",&QWP(8*(9+16-14),"esp")) if ($prefetch);
+        &pand   ("mm5","mm2");                  # %mm5=a&c
+        &pand   ($A,"mm1");                     # a=(a|c)&b
+        &movq   ("mm2",&QWP(8*(9+16-1),"esp"))  if ($prefetch);
+        &por    ("mm5",$A);                     # %mm5=(a&c)|((a|c)&b)
+        &paddq  ("mm7","mm5");                  # T2+=Maj(a,b,c)
+        &movq   ($A,"mm3");                     # a=T1
+        &mov    (&LB("edx"),&BP(0,$K512));
+        &paddq  ($A,"mm7");                     # a+=T2
+        &add    ($K512,8);
+}
+sub BODY_00_15_x86 {
+        #define Sigma1(x)       (ROTR((x),14) ^ ROTR((x),18)  ^ ROTR((x),41))
+        #       LO              lo>>14^hi<<18 ^ lo>>18^hi<<14 ^ hi>>9^lo<<23
+        #       HI              hi>>14^lo<<18 ^ hi>>18^lo<<14 ^ lo>>9^hi<<23
+        &mov    ("ecx",$Elo);
+        &mov    ("edx",$Ehi);
+        &mov    ("esi","ecx");
+        &shr    ("ecx",9)       # lo>>9
+        &mov    ("edi","edx");
+        &shr    ("edx",9)       # hi>>9
+        &mov    ("ebx","ecx");
+        &shl    ("esi",14);     # lo<<14
+        &mov    ("eax","edx");
+        &shl    ("edi",14);     # hi<<14
+        &xor    ("ebx","esi");
+        &shr    ("ecx",14-9);   # lo>>14
+        &xor    ("eax","edi");
+        &shr    ("edx",14-9);   # hi>>14
+        &xor    ("eax","ecx");
+        &shl    ("esi",18-14);  # lo<<18
+        &xor    ("ebx","edx");
+        &shl    ("edi",18-14);  # hi<<18
+        &xor    ("ebx","esi");
+        &shr    ("ecx",18-14);  # lo>>18
+        &xor    ("eax","edi");
+        &shr    ("edx",18-14);  # hi>>18
+        &xor    ("eax","ecx");
+        &shl    ("esi",23-18);  # lo<<23
+        &xor    ("ebx","edx");
+        &shl    ("edi",23-18);  # hi<<23
+        &xor    ("eax","esi");
+        &xor    ("ebx","edi");                  # T1 = Sigma1(e)
+        &mov    ("ecx",$Flo);
+        &mov    ("edx",$Fhi);
+        &mov    ("esi",$Glo);
+        &mov    ("edi",$Ghi);
+         &add   ("eax",$Hlo);
+         &adc   ("ebx",$Hhi);                   # T1 += h
+        &xor    ("ecx","esi");
+        &xor    ("edx","edi");
+        &and    ("ecx",$Elo);
+        &and    ("edx",$Ehi);
+         &add   ("eax",&DWP(8*(9+15)+0,"esp"));
+         &adc   ("ebx",&DWP(8*(9+15)+4,"esp")); # T1 += X[0]
+        &xor    ("ecx","esi");
+        &xor    ("edx","edi");                  # Ch(e,f,g) = (f^g)&e)^g
+        &mov    ("esi",&DWP(0,$K512));
+        &mov    ("edi",&DWP(4,$K512));          # K[i]
+        &add    ("eax","ecx");
+        &adc    ("ebx","edx");                  # T1 += Ch(e,f,g)
+        &mov    ("ecx",$Dlo);
+        &mov    ("edx",$Dhi);
+        &add    ("eax","esi");
+        &adc    ("ebx","edi");                  # T1 += K[i]
+        &mov    ($Tlo,"eax");
+        &mov    ($Thi,"ebx");                   # put T1 away
+        &add    ("eax","ecx");
+        &adc    ("ebx","edx");                  # d += T1
+        #define Sigma0(x)       (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39))
+        #       LO              lo>>28^hi<<4  ^ hi>>2^lo<<30 ^ hi>>7^lo<<25
+        #       HI              hi>>28^lo<<4  ^ lo>>2^hi<<30 ^ lo>>7^hi<<25
+        &mov    ("ecx",$Alo);
+        &mov    ("edx",$Ahi);
+        &mov    ($Dlo,"eax");
+        &mov    ($Dhi,"ebx");
+        &mov    ("esi","ecx");
+        &shr    ("ecx",2)       # lo>>2
+        &mov    ("edi","edx");
+        &shr    ("edx",2)       # hi>>2
+        &mov    ("ebx","ecx");
+        &shl    ("esi",4);      # lo<<4
+        &mov    ("eax","edx");
+        &shl    ("edi",4);      # hi<<4
+        &xor    ("ebx","esi");
+        &shr    ("ecx",7-2);    # lo>>7
+        &xor    ("eax","edi");
+        &shr    ("edx",7-2);    # hi>>7
+        &xor    ("ebx","ecx");
+        &shl    ("esi",25-4);   # lo<<25
+        &xor    ("eax","edx");
+        &shl    ("edi",25-4);   # hi<<25
+        &xor    ("eax","esi");
+        &shr    ("ecx",28-7);   # lo>>28
+        &xor    ("ebx","edi");
+        &shr    ("edx",28-7);   # hi>>28
+        &xor    ("eax","ecx");
+        &shl    ("esi",30-25);  # lo<<30
+        &xor    ("ebx","edx");
+        &shl    ("edi",30-25);  # hi<<30
+        &xor    ("eax","esi");
+        &xor    ("ebx","edi");                  # Sigma0(a)
+        &mov    ("ecx",$Alo);
+        &mov    ("edx",$Ahi);
+        &mov    ("esi",$Blo);
+        &mov    ("edi",$Bhi);
+        &add    ("eax",$Tlo);
+        &adc    ("ebx",$Thi);                   # T1 = Sigma0(a)+T1
+        &or     ("ecx","esi");
+        &or     ("edx","edi");
+        &and    ("ecx",$Clo);
+        &and    ("edx",$Chi);
+        &and    ("esi",$Alo);
+        &and    ("edi",$Ahi);
+        &or     ("ecx","esi");
+        &or     ("edx","edi");                  # Maj(a,b,c) = ((a|b)&c)|(a&b)
+        &add    ("eax","ecx");
+        &adc    ("ebx","edx");                  # T1 += Maj(a,b,c)
+        &mov    ($Tlo,"eax");
+        &mov    ($Thi,"ebx");
+        &mov    (&LB("edx"),&BP(0,$K512));      # pre-fetch LSB of *K
+        &sub    ("esp",8);
+        &lea    ($K512,&DWP(8,$K512));          # K++
+}
+&function_begin("sha512_block_data_order");
+        &mov    ("esi",wparam(0));      # ctx
+        &mov    ("edi",wparam(1));      # inp
+        &mov    ("eax",wparam(2));      # num
+        &mov    ("ebx","esp");          # saved sp
+        &call   (&label("pic_point"));  # make it PIC!
+&set_label("pic_point");
+        &blindpop($K512);
+        &lea    ($K512,&DWP(&label("K512")."-".&label("pic_point"),$K512));
+        &sub    ("esp",16);
+        &and    ("esp",-64);
+        &shl    ("eax",7);
+        &add    ("eax","edi");
+        &mov    (&DWP(0,"esp"),"esi");  # ctx
+        &mov    (&DWP(4,"esp"),"edi");  # inp
+        &mov    (&DWP(8,"esp"),"eax");  # inp+num*128
+        &mov    (&DWP(12,"esp"),"ebx"); # saved sp
+if ($sse2) {
+        &picmeup("edx","OPENSSL_ia32cap_P",$K512,&label("K512"));
+        &bt     (&DWP(0,"edx"),26);
+        &jnc    (&label("loop_x86"));
+        # load ctx->h[0-7]
+        &movq   ($A,&QWP(0,"esi"));
+        &movq   ("mm1",&QWP(8,"esi"));
+        &movq   ("mm2",&QWP(16,"esi"));
+        &movq   ("mm3",&QWP(24,"esi"));
+        &movq   ($E,&QWP(32,"esi"));
+        &movq   ("mm5",&QWP(40,"esi"));
+        &movq   ("mm6",&QWP(48,"esi"));
+        &movq   ("mm7",&QWP(56,"esi"));
+        &sub    ("esp",8*10);
+&set_label("loop_sse2",16);
+        # &movq ($Asse2,$A);
+        &movq   ($Bsse2,"mm1");
+        &movq   ($Csse2,"mm2");
+        &movq   ($Dsse2,"mm3");
+        # &movq ($Esse2,$E);
+        &movq   ($Fsse2,"mm5");
+        &movq   ($Gsse2,"mm6");
+        &movq   ($Hsse2,"mm7");
+        &mov    ("ecx",&DWP(0,"edi"));
+        &mov    ("edx",&DWP(4,"edi"));
+        &add    ("edi",8);
+        &bswap  ("ecx");
+        &bswap  ("edx");
+        &mov    (&DWP(8*9+4,"esp"),"ecx");
+        &mov    (&DWP(8*9+0,"esp"),"edx");
+&set_label("00_14_sse2",16);
+        &mov    ("eax",&DWP(0,"edi"));
+        &mov    ("ebx",&DWP(4,"edi"));
+        &add    ("edi",8);
+        &bswap  ("eax");
+        &bswap  ("ebx");
+        &mov    (&DWP(8*8+4,"esp"),"eax");
+        &mov    (&DWP(8*8+0,"esp"),"ebx");
+        &BODY_00_15_sse2();
+        &cmp    (&LB("edx"),0x35);
+        &jne    (&label("00_14_sse2"));
+        &BODY_00_15_sse2(1);
+&set_label("16_79_sse2",16);
+        #&movq  ("mm2",&QWP(8*(9+16-1),"esp")); #prefetched in BODY_00_15 
+        #&movq  ("mm6",&QWP(8*(9+16-14),"esp"));
+        &movq   ("mm1","mm2");
+        &psrlq  ("mm2",1);
+        &movq   ("mm7","mm6");
+        &psrlq  ("mm6",6);
+        &movq   ("mm3","mm2");
+        &psrlq  ("mm2",7-1);
+        &movq   ("mm5","mm6");
+        &psrlq  ("mm6",19-6);
+        &pxor   ("mm3","mm2");
+        &psrlq  ("mm2",8-7);
+        &pxor   ("mm5","mm6");
+        &psrlq  ("mm6",61-19);
+        &pxor   ("mm3","mm2");
+        &movq   ("mm2",&QWP(8*(9+16),"esp"));
+        &psllq  ("mm1",56);
+        &pxor   ("mm5","mm6");
+        &psllq  ("mm7",3);
+        &pxor   ("mm3","mm1");
+        &paddq  ("mm2",&QWP(8*(9+16-9),"esp"));
+        &psllq  ("mm1",63-56);
+        &pxor   ("mm5","mm7");
+        &psllq  ("mm7",45-3);
+        &pxor   ("mm3","mm1");
+        &pxor   ("mm5","mm7");
+        &paddq  ("mm3","mm5");
+        &paddq  ("mm3","mm2");
+        &movq   (&QWP(8*9,"esp"),"mm3");
+        &BODY_00_15_sse2(1);
+        &cmp    (&LB("edx"),0x17);
+        &jne    (&label("16_79_sse2"));
+        # &movq ($A,$Asse2);
+        &movq   ("mm1",$Bsse2);
+        &movq   ("mm2",$Csse2);
+        &movq   ("mm3",$Dsse2);
+        # &movq ($E,$Esse2);
+        &movq   ("mm5",$Fsse2);
+        &movq   ("mm6",$Gsse2);
+        &movq   ("mm7",$Hsse2);
+        &paddq  ($A,&QWP(0,"esi"));
+        &paddq  ("mm1",&QWP(8,"esi"));
+        &paddq  ("mm2",&QWP(16,"esi"));
+        &paddq  ("mm3",&QWP(24,"esi"));
+        &paddq  ($E,&QWP(32,"esi"));
+        &paddq  ("mm5",&QWP(40,"esi"));
+        &paddq  ("mm6",&QWP(48,"esi"));
+        &paddq  ("mm7",&QWP(56,"esi"));
+        &movq   (&QWP(0,"esi"),$A);
+        &movq   (&QWP(8,"esi"),"mm1");
+        &movq   (&QWP(16,"esi"),"mm2");
+        &movq   (&QWP(24,"esi"),"mm3");
+        &movq   (&QWP(32,"esi"),$E);
+        &movq   (&QWP(40,"esi"),"mm5");
+        &movq   (&QWP(48,"esi"),"mm6");
+        &movq   (&QWP(56,"esi"),"mm7");
+        &add    ("esp",8*80);                   # destroy frame
+        &sub    ($K512,8*80);                   # rewind K
+        &cmp    ("edi",&DWP(8*10+8,"esp"));     # are we done yet?
+        &jb     (&label("loop_sse2"));
+        &emms   ();
+        &mov    ("esp",&DWP(8*10+12,"esp"));    # restore sp
+&function_end_A();
+}
+&set_label("loop_x86",16);
+    # copy input block to stack reversing byte and qword order
+    for ($i=0;$i<8;$i++) {
+        &mov    ("eax",&DWP($i*16+0,"edi"));
+        &mov    ("ebx",&DWP($i*16+4,"edi"));
+        &mov    ("ecx",&DWP($i*16+8,"edi"));
+        &mov    ("edx",&DWP($i*16+12,"edi"));
+        &bswap  ("eax");
+        &bswap  ("ebx");
+        &bswap  ("ecx");
+        &bswap  ("edx");
+        &push   ("eax");
+        &push   ("ebx");
+        &push   ("ecx");
+        &push   ("edx");
+    }
+        &add    ("edi",128);
+        &sub    ("esp",9*8);            # place for T,A,B,C,D,E,F,G,H
+        &mov    (&DWP(8*(9+16)+4,"esp"),"edi");
+        # copy ctx->h[0-7] to A,B,C,D,E,F,G,H on stack
+        &lea    ("edi",&DWP(8,"esp"));
+        &mov    ("ecx",16);
+        &data_word(0xA5F3F689);         # rep movsd
+&set_label("00_15_x86",16);
+        &BODY_00_15_x86();
+        &cmp    (&LB("edx"),0x94);
+        &jne    (&label("00_15_x86"));
+&set_label("16_79_x86",16);
+        #define sigma0(x)       (ROTR((x),1)  ^ ROTR((x),8)  ^ ((x)>>7))
+        #       LO              lo>>1^hi<<31  ^ lo>>8^hi<<24 ^ lo>>7^hi<<25
+        #       HI              hi>>1^lo<<31  ^ hi>>8^lo<<24 ^ hi>>7
+        &mov    ("ecx",&DWP(8*(9+15+16-1)+0,"esp"));
+        &mov    ("edx",&DWP(8*(9+15+16-1)+4,"esp"));
+        &mov    ("esi","ecx");
+        &shr    ("ecx",1)       # lo>>1
+        &mov    ("edi","edx");
+        &shr    ("edx",1)       # hi>>1
+        &mov    ("eax","ecx");
+        &shl    ("esi",24);     # lo<<24
+        &mov    ("ebx","edx");
+        &shl    ("edi",24);     # hi<<24
+        &xor    ("ebx","esi");
+        &shr    ("ecx",7-1);    # lo>>7
+        &xor    ("eax","edi");
+        &shr    ("edx",7-1);    # hi>>7
+        &xor    ("eax","ecx");
+        &shl    ("esi",31-24);  # lo<<31
+        &xor    ("ebx","edx");
+        &shl    ("edi",25-24);  # hi<<25
+        &xor    ("ebx","esi");
+        &shr    ("ecx",8-7);    # lo>>8
+        &xor    ("eax","edi");
+        &shr    ("edx",8-7);    # hi>>8
+        &xor    ("eax","ecx");
+        &shl    ("edi",31-25);  # hi<<31
+        &xor    ("ebx","edx");
+        &xor    ("eax","edi");                  # T1 = sigma0(X[-15])
+        &mov    (&DWP(0,"esp"),"eax");
+        &mov    (&DWP(4,"esp"),"ebx");          # put T1 away
+        #define sigma1(x)       (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6))
+        #       LO              lo>>19^hi<<13 ^ hi>>29^lo<<3 ^ lo>>6^hi<<26
+        #       HI              hi>>19^lo<<13 ^ lo>>29^hi<<3 ^ hi>>6
+        &mov    ("ecx",&DWP(8*(9+15+16-14)+0,"esp"));
+        &mov    ("edx",&DWP(8*(9+15+16-14)+4,"esp"));
+        &mov    ("esi","ecx");
+        &shr    ("ecx",6)       # lo>>6
+        &mov    ("edi","edx");
+        &shr    ("edx",6)       # hi>>6
+        &mov    ("eax","ecx");
+        &shl    ("esi",3);      # lo<<3
+        &mov    ("ebx","edx");
+        &shl    ("edi",3);      # hi<<3
+        &xor    ("eax","esi");
+        &shr    ("ecx",19-6);   # lo>>19
+        &xor    ("ebx","edi");
+        &shr    ("edx",19-6);   # hi>>19
+        &xor    ("eax","ecx");
+        &shl    ("esi",13-3);   # lo<<13
+        &xor    ("ebx","edx");
+        &shl    ("edi",13-3);   # hi<<13
+        &xor    ("ebx","esi");
+        &shr    ("ecx",29-19);  # lo>>29
+        &xor    ("eax","edi");
+        &shr    ("edx",29-19);  # hi>>29
+        &xor    ("ebx","ecx");
+        &shl    ("edi",26-13);  # hi<<26
+        &xor    ("eax","edx");
+        &xor    ("eax","edi");                  # sigma1(X[-2])
+        &mov    ("ecx",&DWP(8*(9+15+16)+0,"esp"));
+        &mov    ("edx",&DWP(8*(9+15+16)+4,"esp"));
+        &add    ("eax",&DWP(0,"esp"));
+        &adc    ("ebx",&DWP(4,"esp"));          # T1 = sigma1(X[-2])+T1
+        &mov    ("esi",&DWP(8*(9+15+16-9)+0,"esp"));
+        &mov    ("edi",&DWP(8*(9+15+16-9)+4,"esp"));
+        &add    ("eax","ecx");
+        &adc    ("ebx","edx");                  # T1 += X[-16]
+        &add    ("eax","esi");
+        &adc    ("ebx","edi");                  # T1 += X[-7]
+        &mov    (&DWP(8*(9+15)+0,"esp"),"eax");
+        &mov    (&DWP(8*(9+15)+4,"esp"),"ebx"); # save X[0]
+        &BODY_00_15_x86();
+        &cmp    (&LB("edx"),0x17);
+        &jne    (&label("16_79_x86"));
+        &mov    ("esi",&DWP(8*(9+16+80)+0,"esp"));# ctx
+        &mov    ("edi",&DWP(8*(9+16+80)+4,"esp"));# inp
+    for($i=0;$i<4;$i++) {
+        &mov    ("eax",&DWP($i*16+0,"esi"));
+        &mov    ("ebx",&DWP($i*16+4,"esi"));
+        &mov    ("ecx",&DWP($i*16+8,"esi"));
+        &mov    ("edx",&DWP($i*16+12,"esi"));
+        &add    ("eax",&DWP(8+($i*16)+0,"esp"));
+        &adc    ("ebx",&DWP(8+($i*16)+4,"esp"));
+        &mov    (&DWP($i*16+0,"esi"),"eax");
+        &mov    (&DWP($i*16+4,"esi"),"ebx");
+        &add    ("ecx",&DWP(8+($i*16)+8,"esp"));
+        &adc    ("edx",&DWP(8+($i*16)+12,"esp"));
+        &mov    (&DWP($i*16+8,"esi"),"ecx");
+        &mov    (&DWP($i*16+12,"esi"),"edx");
+    }
+        &add    ("esp",8*(9+16+80));            # destroy frame
+        &sub    ($K512,8*80);                   # rewind K
+        &cmp    ("edi",&DWP(8,"esp"));          # are we done yet?
+        &jb     (&label("loop_x86"));
+        &mov    ("esp",&DWP(12,"esp"));         # restore sp
+&function_end_A();
+&set_label("K512",64);  # Yes! I keep it in the code segment!
+        &data_word(0xd728ae22,0x428a2f98);      # u64
+        &data_word(0x23ef65cd,0x71374491);      # u64
+        &data_word(0xec4d3b2f,0xb5c0fbcf);      # u64
+        &data_word(0x8189dbbc,0xe9b5dba5);      # u64
+        &data_word(0xf348b538,0x3956c25b);      # u64
+        &data_word(0xb605d019,0x59f111f1);      # u64
+        &data_word(0xaf194f9b,0x923f82a4);      # u64
+        &data_word(0xda6d8118,0xab1c5ed5);      # u64
+        &data_word(0xa3030242,0xd807aa98);      # u64
+        &data_word(0x45706fbe,0x12835b01);      # u64
+        &data_word(0x4ee4b28c,0x243185be);      # u64
+        &data_word(0xd5ffb4e2,0x550c7dc3);      # u64
+        &data_word(0xf27b896f,0x72be5d74);      # u64
+        &data_word(0x3b1696b1,0x80deb1fe);      # u64
+        &data_word(0x25c71235,0x9bdc06a7);      # u64
+        &data_word(0xcf692694,0xc19bf174);      # u64
+        &data_word(0x9ef14ad2,0xe49b69c1);      # u64
+        &data_word(0x384f25e3,0xefbe4786);      # u64
+        &data_word(0x8b8cd5b5,0x0fc19dc6);      # u64
+        &data_word(0x77ac9c65,0x240ca1cc);      # u64
+        &data_word(0x592b0275,0x2de92c6f);      # u64
+        &data_word(0x6ea6e483,0x4a7484aa);      # u64
+        &data_word(0xbd41fbd4,0x5cb0a9dc);      # u64
+        &data_word(0x831153b5,0x76f988da);      # u64
+        &data_word(0xee66dfab,0x983e5152);      # u64
+        &data_word(0x2db43210,0xa831c66d);      # u64
+        &data_word(0x98fb213f,0xb00327c8);      # u64
+        &data_word(0xbeef0ee4,0xbf597fc7);      # u64
+        &data_word(0x3da88fc2,0xc6e00bf3);      # u64
+        &data_word(0x930aa725,0xd5a79147);      # u64
+        &data_word(0xe003826f,0x06ca6351);      # u64
+        &data_word(0x0a0e6e70,0x14292967);      # u64
+        &data_word(0x46d22ffc,0x27b70a85);      # u64
+        &data_word(0x5c26c926,0x2e1b2138);      # u64
+        &data_word(0x5ac42aed,0x4d2c6dfc);      # u64
+        &data_word(0x9d95b3df,0x53380d13);      # u64
+        &data_word(0x8baf63de,0x650a7354);      # u64
+        &data_word(0x3c77b2a8,0x766a0abb);      # u64
+        &data_word(0x47edaee6,0x81c2c92e);      # u64
+        &data_word(0x1482353b,0x92722c85);      # u64
+        &data_word(0x4cf10364,0xa2bfe8a1);      # u64
+        &data_word(0xbc423001,0xa81a664b);      # u64
+        &data_word(0xd0f89791,0xc24b8b70);      # u64
+        &data_word(0x0654be30,0xc76c51a3);      # u64
+        &data_word(0xd6ef5218,0xd192e819);      # u64
+        &data_word(0x5565a910,0xd6990624);      # u64
+        &data_word(0x5771202a,0xf40e3585);      # u64
+        &data_word(0x32bbd1b8,0x106aa070);      # u64
+        &data_word(0xb8d2d0c8,0x19a4c116);      # u64
+        &data_word(0x5141ab53,0x1e376c08);      # u64
+        &data_word(0xdf8eeb99,0x2748774c);      # u64
+        &data_word(0xe19b48a8,0x34b0bcb5);      # u64
+        &data_word(0xc5c95a63,0x391c0cb3);      # u64
+        &data_word(0xe3418acb,0x4ed8aa4a);      # u64
+        &data_word(0x7763e373,0x5b9cca4f);      # u64
+        &data_word(0xd6b2b8a3,0x682e6ff3);      # u64
+        &data_word(0x5defb2fc,0x748f82ee);      # u64
+        &data_word(0x43172f60,0x78a5636f);      # u64
+        &data_word(0xa1f0ab72,0x84c87814);      # u64
+        &data_word(0x1a6439ec,0x8cc70208);      # u64
+        &data_word(0x23631e28,0x90befffa);      # u64
+        &data_word(0xde82bde9,0xa4506ceb);      # u64
+        &data_word(0xb2c67915,0xbef9a3f7);      # u64
+        &data_word(0xe372532b,0xc67178f2);      # u64
+        &data_word(0xea26619c,0xca273ece);      # u64
+        &data_word(0x21c0c207,0xd186b8c7);      # u64
+        &data_word(0xcde0eb1e,0xeada7dd6);      # u64
+        &data_word(0xee6ed178,0xf57d4f7f);      # u64
+        &data_word(0x72176fba,0x06f067aa);      # u64
+        &data_word(0xa2c898a6,0x0a637dc5);      # u64
+        &data_word(0xbef90dae,0x113f9804);      # u64
+        &data_word(0x131c471b,0x1b710b35);      # u64
+        &data_word(0x23047d84,0x28db77f5);      # u64
+        &data_word(0x40c72493,0x32caab7b);      # u64
+        &data_word(0x15c9bebc,0x3c9ebe0a);      # u64
+        &data_word(0x9c100d4c,0x431d67c4);      # u64
+        &data_word(0xcb3e42b6,0x4cc5d4be);      # u64
+        &data_word(0xfc657e2a,0x597f299c);      # u64
+        &data_word(0x3ad6faec,0x5fcb6fab);      # u64
+        &data_word(0x4a475817,0x6c44198c);      # u64
+&function_end_B("sha512_block_data_order");
+&asciz("SHA512 block transform for x86, CRYPTOGAMS by <appro\@openssl.org>");
+&asm_finish();
diff --git a/src/lib/libcrypto/sha/asm/sha512-armv4.pl b/src/lib/libcrypto/sha/asm/sha512-armv4.pl
new file mode 100644
index 0000000000..4fbb94a914
--- /dev/null
+++ b/src/lib/libcrypto/sha/asm/sha512-armv4.pl
@@ -0,0 +1,399 @@
+#!/usr/bin/env perl
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+# SHA512 block procedure for ARMv4. September 2007.
+# This code is ~4.5 (four and a half) times faster than code generated
+# by gcc 3.4 and it spends ~72 clock cycles per byte. 
+# Byte order [in]dependence. =========================================
+#
+# Caller is expected to maintain specific *dword* order in h[0-7],
+# namely with most significant dword at *lower* address, which is
+# reflected in below two parameters. *Byte* order within these dwords
+# in turn is whatever *native* byte order on current platform.
+$hi=0;
+$lo=4;
+# ====================================================================
+$output=shift;
+open STDOUT,">$output";
+$ctx="r0";
+$inp="r1";
+$len="r2";
+$Tlo="r3";
+$Thi="r4";
+$Alo="r5";
+$Ahi="r6";
+$Elo="r7";
+$Ehi="r8";
+$t0="r9";
+$t1="r10";
+$t2="r11";
+$t3="r12";
+############    r13 is stack pointer
+$Ktbl="r14";
+############    r15 is program counter
+$Aoff=8*0;
+$Boff=8*1;
+$Coff=8*2;
+$Doff=8*3;
+$Eoff=8*4;
+$Foff=8*5;
+$Goff=8*6;
+$Hoff=8*7;
+$Xoff=8*8;
+sub BODY_00_15() {
+my $magic = shift;
+$code.=<<___;
+        ldr     $t2,[sp,#$Hoff+0]       @ h.lo
+        ldr     $t3,[sp,#$Hoff+4]       @ h.hi
+        @ Sigma1(x)     (ROTR((x),14) ^ ROTR((x),18)  ^ ROTR((x),41))
+        @ LO            lo>>14^hi<<18 ^ lo>>18^hi<<14 ^ hi>>9^lo<<23
+        @ HI            hi>>14^lo<<18 ^ hi>>18^lo<<14 ^ lo>>9^hi<<23
+        mov     $t0,$Elo,lsr#14
+        mov     $t1,$Ehi,lsr#14
+        eor     $t0,$t0,$Ehi,lsl#18
+        eor     $t1,$t1,$Elo,lsl#18
+        eor     $t0,$t0,$Elo,lsr#18
+        eor     $t1,$t1,$Ehi,lsr#18
+        eor     $t0,$t0,$Ehi,lsl#14
+        eor     $t1,$t1,$Elo,lsl#14
+        eor     $t0,$t0,$Ehi,lsr#9
+        eor     $t1,$t1,$Elo,lsr#9
+        eor     $t0,$t0,$Elo,lsl#23
+        eor     $t1,$t1,$Ehi,lsl#23     @ Sigma1(e)
+        adds    $Tlo,$Tlo,$t0
+        adc     $Thi,$Thi,$t1           @ T += Sigma1(e)
+        adds    $Tlo,$Tlo,$t2
+        adc     $Thi,$Thi,$t3           @ T += h
+        ldr     $t0,[sp,#$Foff+0]       @ f.lo
+        ldr     $t1,[sp,#$Foff+4]       @ f.hi
+        ldr     $t2,[sp,#$Goff+0]       @ g.lo
+        ldr     $t3,[sp,#$Goff+4]       @ g.hi
+        str     $Elo,[sp,#$Eoff+0]
+        str     $Ehi,[sp,#$Eoff+4]
+        str     $Alo,[sp,#$Aoff+0]
+        str     $Ahi,[sp,#$Aoff+4]
+        eor     $t0,$t0,$t2
+        eor     $t1,$t1,$t3
+        and     $t0,$t0,$Elo
+        and     $t1,$t1,$Ehi
+        eor     $t0,$t0,$t2
+        eor     $t1,$t1,$t3             @ Ch(e,f,g)
+        ldr     $t2,[$Ktbl,#4]          @ K[i].lo
+        ldr     $t3,[$Ktbl,#0]          @ K[i].hi
+        ldr     $Elo,[sp,#$Doff+0]      @ d.lo
+        ldr     $Ehi,[sp,#$Doff+4]      @ d.hi
+        adds    $Tlo,$Tlo,$t0
+        adc     $Thi,$Thi,$t1           @ T += Ch(e,f,g)
+        adds    $Tlo,$Tlo,$t2
+        adc     $Thi,$Thi,$t3           @ T += K[i]
+        adds    $Elo,$Elo,$Tlo
+        adc     $Ehi,$Ehi,$Thi          @ d += T
+        and     $t0,$t2,#0xff
+        teq     $t0,#$magic
+        orreq   $Ktbl,$Ktbl,#1
+        ldr     $t2,[sp,#$Boff+0]       @ b.lo
+        ldr     $t3,[sp,#$Coff+0]       @ c.lo
+        @ Sigma0(x)     (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39))
+        @ LO            lo>>28^hi<<4  ^ hi>>2^lo<<30 ^ hi>>7^lo<<25
+        @ HI            hi>>28^lo<<4  ^ lo>>2^hi<<30 ^ lo>>7^hi<<25
+        mov     $t0,$Alo,lsr#28
+        mov     $t1,$Ahi,lsr#28
+        eor     $t0,$t0,$Ahi,lsl#4
+        eor     $t1,$t1,$Alo,lsl#4
+        eor     $t0,$t0,$Ahi,lsr#2
+        eor     $t1,$t1,$Alo,lsr#2
+        eor     $t0,$t0,$Alo,lsl#30
+        eor     $t1,$t1,$Ahi,lsl#30
+        eor     $t0,$t0,$Ahi,lsr#7
+        eor     $t1,$t1,$Alo,lsr#7
+        eor     $t0,$t0,$Alo,lsl#25
+        eor     $t1,$t1,$Ahi,lsl#25     @ Sigma0(a)
+        adds    $Tlo,$Tlo,$t0
+        adc     $Thi,$Thi,$t1           @ T += Sigma0(a)
+        and     $t0,$Alo,$t2
+        orr     $Alo,$Alo,$t2
+        ldr     $t1,[sp,#$Boff+4]       @ b.hi
+        ldr     $t2,[sp,#$Coff+4]       @ c.hi
+        and     $Alo,$Alo,$t3
+        orr     $Alo,$Alo,$t0           @ Maj(a,b,c).lo
+        and     $t3,$Ahi,$t1
+        orr     $Ahi,$Ahi,$t1
+        and     $Ahi,$Ahi,$t2
+        orr     $Ahi,$Ahi,$t3           @ Maj(a,b,c).hi
+        adds    $Alo,$Alo,$Tlo
+        adc     $Ahi,$Ahi,$Thi          @ h += T
+        sub     sp,sp,#8
+        add     $Ktbl,$Ktbl,#8
+___
+}
+$code=<<___;
+.text
+.code   32
+.type   K512,%object
+.align  5
+K512:
+.word   0x428a2f98,0xd728ae22, 0x71374491,0x23ef65cd
+.word   0xb5c0fbcf,0xec4d3b2f, 0xe9b5dba5,0x8189dbbc
+.word   0x3956c25b,0xf348b538, 0x59f111f1,0xb605d019
+.word   0x923f82a4,0xaf194f9b, 0xab1c5ed5,0xda6d8118
+.word   0xd807aa98,0xa3030242, 0x12835b01,0x45706fbe
+.word   0x243185be,0x4ee4b28c, 0x550c7dc3,0xd5ffb4e2
+.word   0x72be5d74,0xf27b896f, 0x80deb1fe,0x3b1696b1
+.word   0x9bdc06a7,0x25c71235, 0xc19bf174,0xcf692694
+.word   0xe49b69c1,0x9ef14ad2, 0xefbe4786,0x384f25e3
+.word   0x0fc19dc6,0x8b8cd5b5, 0x240ca1cc,0x77ac9c65
+.word   0x2de92c6f,0x592b0275, 0x4a7484aa,0x6ea6e483
+.word   0x5cb0a9dc,0xbd41fbd4, 0x76f988da,0x831153b5
+.word   0x983e5152,0xee66dfab, 0xa831c66d,0x2db43210
+.word   0xb00327c8,0x98fb213f, 0xbf597fc7,0xbeef0ee4
+.word   0xc6e00bf3,0x3da88fc2, 0xd5a79147,0x930aa725
+.word   0x06ca6351,0xe003826f, 0x14292967,0x0a0e6e70
+.word   0x27b70a85,0x46d22ffc, 0x2e1b2138,0x5c26c926
+.word   0x4d2c6dfc,0x5ac42aed, 0x53380d13,0x9d95b3df
+.word   0x650a7354,0x8baf63de, 0x766a0abb,0x3c77b2a8
+.word   0x81c2c92e,0x47edaee6, 0x92722c85,0x1482353b
+.word   0xa2bfe8a1,0x4cf10364, 0xa81a664b,0xbc423001
+.word   0xc24b8b70,0xd0f89791, 0xc76c51a3,0x0654be30
+.word   0xd192e819,0xd6ef5218, 0xd6990624,0x5565a910
+.word   0xf40e3585,0x5771202a, 0x106aa070,0x32bbd1b8
+.word   0x19a4c116,0xb8d2d0c8, 0x1e376c08,0x5141ab53
+.word   0x2748774c,0xdf8eeb99, 0x34b0bcb5,0xe19b48a8
+.word   0x391c0cb3,0xc5c95a63, 0x4ed8aa4a,0xe3418acb
+.word   0x5b9cca4f,0x7763e373, 0x682e6ff3,0xd6b2b8a3
+.word   0x748f82ee,0x5defb2fc, 0x78a5636f,0x43172f60
+.word   0x84c87814,0xa1f0ab72, 0x8cc70208,0x1a6439ec
+.word   0x90befffa,0x23631e28, 0xa4506ceb,0xde82bde9
+.word   0xbef9a3f7,0xb2c67915, 0xc67178f2,0xe372532b
+.word   0xca273ece,0xea26619c, 0xd186b8c7,0x21c0c207
+.word   0xeada7dd6,0xcde0eb1e, 0xf57d4f7f,0xee6ed178
+.word   0x06f067aa,0x72176fba, 0x0a637dc5,0xa2c898a6
+.word   0x113f9804,0xbef90dae, 0x1b710b35,0x131c471b
+.word   0x28db77f5,0x23047d84, 0x32caab7b,0x40c72493
+.word   0x3c9ebe0a,0x15c9bebc, 0x431d67c4,0x9c100d4c
+.word   0x4cc5d4be,0xcb3e42b6, 0x597f299c,0xfc657e2a
+.word   0x5fcb6fab,0x3ad6faec, 0x6c44198c,0x4a475817
+.size   K512,.-K512
+.global sha512_block_data_order
+.type   sha512_block_data_order,%function
+sha512_block_data_order:
+        sub     r3,pc,#8                @ sha512_block_data_order
+        add     $len,$inp,$len,lsl#7    @ len to point at the end of inp
+        stmdb   sp!,{r4-r12,lr}
+        sub     $Ktbl,r3,#640           @ K512
+        sub     sp,sp,#9*8
+        ldr     $Elo,[$ctx,#$Eoff+$lo]
+        ldr     $Ehi,[$ctx,#$Eoff+$hi]
+        ldr     $t0, [$ctx,#$Goff+$lo]
+        ldr     $t1, [$ctx,#$Goff+$hi]
+        ldr     $t2, [$ctx,#$Hoff+$lo]
+        ldr     $t3, [$ctx,#$Hoff+$hi]
+.Loop:
+        str     $t0, [sp,#$Goff+0]
+        str     $t1, [sp,#$Goff+4]
+        str     $t2, [sp,#$Hoff+0]
+        str     $t3, [sp,#$Hoff+4]
+        ldr     $Alo,[$ctx,#$Aoff+$lo]
+        ldr     $Ahi,[$ctx,#$Aoff+$hi]
+        ldr     $Tlo,[$ctx,#$Boff+$lo]
+        ldr     $Thi,[$ctx,#$Boff+$hi]
+        ldr     $t0, [$ctx,#$Coff+$lo]
+        ldr     $t1, [$ctx,#$Coff+$hi]
+        ldr     $t2, [$ctx,#$Doff+$lo]
+        ldr     $t3, [$ctx,#$Doff+$hi]
+        str     $Tlo,[sp,#$Boff+0]
+        str     $Thi,[sp,#$Boff+4]
+        str     $t0, [sp,#$Coff+0]
+        str     $t1, [sp,#$Coff+4]
+        str     $t2, [sp,#$Doff+0]
+        str     $t3, [sp,#$Doff+4]
+        ldr     $Tlo,[$ctx,#$Foff+$lo]
+        ldr     $Thi,[$ctx,#$Foff+$hi]
+        str     $Tlo,[sp,#$Foff+0]
+        str     $Thi,[sp,#$Foff+4]
+.L00_15:
+        ldrb    $Tlo,[$inp,#7]
+        ldrb    $t0, [$inp,#6]
+        ldrb    $t1, [$inp,#5]
+        ldrb    $t2, [$inp,#4]
+        ldrb    $Thi,[$inp,#3]
+        ldrb    $t3, [$inp,#2]
+        orr     $Tlo,$Tlo,$t0,lsl#8
+        ldrb    $t0, [$inp,#1]
+        orr     $Tlo,$Tlo,$t1,lsl#16
+        ldrb    $t1, [$inp],#8
+        orr     $Tlo,$Tlo,$t2,lsl#24
+        orr     $Thi,$Thi,$t3,lsl#8
+        orr     $Thi,$Thi,$t0,lsl#16
+        orr     $Thi,$Thi,$t1,lsl#24
+        str     $Tlo,[sp,#$Xoff+0]
+        str     $Thi,[sp,#$Xoff+4]
+___
+        &BODY_00_15(0x94);
+$code.=<<___;
+        tst     $Ktbl,#1
+        beq     .L00_15
+        bic     $Ktbl,$Ktbl,#1
+.L16_79:
+        ldr     $t0,[sp,#`$Xoff+8*(16-1)`+0]
+        ldr     $t1,[sp,#`$Xoff+8*(16-1)`+4]
+        ldr     $t2,[sp,#`$Xoff+8*(16-14)`+0]
+        ldr     $t3,[sp,#`$Xoff+8*(16-14)`+4]
+        @ sigma0(x)     (ROTR((x),1)  ^ ROTR((x),8)  ^ ((x)>>7))
+        @ LO            lo>>1^hi<<31  ^ lo>>8^hi<<24 ^ lo>>7^hi<<25
+        @ HI            hi>>1^lo<<31  ^ hi>>8^lo<<24 ^ hi>>7
+        mov     $Tlo,$t0,lsr#1
+        mov     $Thi,$t1,lsr#1
+        eor     $Tlo,$Tlo,$t1,lsl#31
+        eor     $Thi,$Thi,$t0,lsl#31
+        eor     $Tlo,$Tlo,$t0,lsr#8
+        eor     $Thi,$Thi,$t1,lsr#8
+        eor     $Tlo,$Tlo,$t1,lsl#24
+        eor     $Thi,$Thi,$t0,lsl#24
+        eor     $Tlo,$Tlo,$t0,lsr#7
+        eor     $Thi,$Thi,$t1,lsr#7
+        eor     $Tlo,$Tlo,$t1,lsl#25
+        @ sigma1(x)     (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6))
+        @ LO            lo>>19^hi<<13 ^ hi>>29^lo<<3 ^ lo>>6^hi<<26
+        @ HI            hi>>19^lo<<13 ^ lo>>29^hi<<3 ^ hi>>6
+        mov     $t0,$t2,lsr#19
+        mov     $t1,$t3,lsr#19
+        eor     $t0,$t0,$t3,lsl#13
+        eor     $t1,$t1,$t2,lsl#13
+        eor     $t0,$t0,$t3,lsr#29
+        eor     $t1,$t1,$t2,lsr#29
+        eor     $t0,$t0,$t2,lsl#3
+        eor     $t1,$t1,$t3,lsl#3
+        eor     $t0,$t0,$t2,lsr#6
+        eor     $t1,$t1,$t3,lsr#6
+        eor     $t0,$t0,$t3,lsl#26
+        ldr     $t2,[sp,#`$Xoff+8*(16-9)`+0]
+        ldr     $t3,[sp,#`$Xoff+8*(16-9)`+4]
+        adds    $Tlo,$Tlo,$t0
+        adc     $Thi,$Thi,$t1
+        ldr     $t0,[sp,#`$Xoff+8*16`+0]
+        ldr     $t1,[sp,#`$Xoff+8*16`+4]
+        adds    $Tlo,$Tlo,$t2
+        adc     $Thi,$Thi,$t3
+        adds    $Tlo,$Tlo,$t0
+        adc     $Thi,$Thi,$t1
+        str     $Tlo,[sp,#$Xoff+0]
+        str     $Thi,[sp,#$Xoff+4]
+___
+        &BODY_00_15(0x17);
+$code.=<<___;
+        tst     $Ktbl,#1
+        beq     .L16_79
+        bic     $Ktbl,$Ktbl,#1
+        ldr     $Tlo,[sp,#$Boff+0]
+        ldr     $Thi,[sp,#$Boff+4]
+        ldr     $t0, [$ctx,#$Aoff+$lo]
+        ldr     $t1, [$ctx,#$Aoff+$hi]
+        ldr     $t2, [$ctx,#$Boff+$lo]
+        ldr     $t3, [$ctx,#$Boff+$hi]
+        adds    $t0,$Alo,$t0
+        adc     $t1,$Ahi,$t1
+        adds    $t2,$Tlo,$t2
+        adc     $t3,$Thi,$t3
+        str     $t0, [$ctx,#$Aoff+$lo]
+        str     $t1, [$ctx,#$Aoff+$hi]
+        str     $t2, [$ctx,#$Boff+$lo]
+        str     $t3, [$ctx,#$Boff+$hi]
+        ldr     $Alo,[sp,#$Coff+0]
+        ldr     $Ahi,[sp,#$Coff+4]
+        ldr     $Tlo,[sp,#$Doff+0]
+        ldr     $Thi,[sp,#$Doff+4]
+        ldr     $t0, [$ctx,#$Coff+$lo]
+        ldr     $t1, [$ctx,#$Coff+$hi]
+        ldr     $t2, [$ctx,#$Doff+$lo]
+        ldr     $t3, [$ctx,#$Doff+$hi]
+        adds    $t0,$Alo,$t0
+        adc     $t1,$Ahi,$t1
+        adds    $t2,$Tlo,$t2
+        adc     $t3,$Thi,$t3
+        str     $t0, [$ctx,#$Coff+$lo]
+        str     $t1, [$ctx,#$Coff+$hi]
+        str     $t2, [$ctx,#$Doff+$lo]
+        str     $t3, [$ctx,#$Doff+$hi]
+        ldr     $Tlo,[sp,#$Foff+0]
+        ldr     $Thi,[sp,#$Foff+4]
+        ldr     $t0, [$ctx,#$Eoff+$lo]
+        ldr     $t1, [$ctx,#$Eoff+$hi]
+        ldr     $t2, [$ctx,#$Foff+$lo]
+        ldr     $t3, [$ctx,#$Foff+$hi]
+        adds    $Elo,$Elo,$t0
+        adc     $Ehi,$Ehi,$t1
+        adds    $t2,$Tlo,$t2
+        adc     $t3,$Thi,$t3
+        str     $Elo,[$ctx,#$Eoff+$lo]
+        str     $Ehi,[$ctx,#$Eoff+$hi]
+        str     $t2, [$ctx,#$Foff+$lo]
+        str     $t3, [$ctx,#$Foff+$hi]
+        ldr     $Alo,[sp,#$Goff+0]
+        ldr     $Ahi,[sp,#$Goff+4]
+        ldr     $Tlo,[sp,#$Hoff+0]
+        ldr     $Thi,[sp,#$Hoff+4]
+        ldr     $t0, [$ctx,#$Goff+$lo]
+        ldr     $t1, [$ctx,#$Goff+$hi]
+        ldr     $t2, [$ctx,#$Hoff+$lo]
+        ldr     $t3, [$ctx,#$Hoff+$hi]
+        adds    $t0,$Alo,$t0
+        adc     $t1,$Ahi,$t1
+        adds    $t2,$Tlo,$t2
+        adc     $t3,$Thi,$t3
+        str     $t0, [$ctx,#$Goff+$lo]
+        str     $t1, [$ctx,#$Goff+$hi]
+        str     $t2, [$ctx,#$Hoff+$lo]
+        str     $t3, [$ctx,#$Hoff+$hi]
+        add     sp,sp,#640
+        sub     $Ktbl,$Ktbl,#640
+        teq     $inp,$len
+        bne     .Loop
+        add     sp,sp,#8*9              @ destroy frame
+        ldmia   sp!,{r4-r12,lr}
+        tst     lr,#1
+        moveq   pc,lr                   @ be binary compatible with V4, yet
+        bx      lr                      @ interoperable with Thumb ISA:-)
+.size   sha512_block_data_order,.-sha512_block_data_order
+.asciz  "SHA512 block transform for ARMv4, CRYPTOGAMS by <appro\@openssl.org>"
+.align  2
+___
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+$code =~ s/\bbx\s+lr\b/.word\t0xe12fff1e/gm;    # make it possible to compile with -march=armv4
+print $code;
+close STDOUT; # enforce flush
diff --git a/src/lib/libcrypto/sha/asm/sha512-ppc.pl b/src/lib/libcrypto/sha/asm/sha512-ppc.pl
new file mode 100755
index 0000000000..768a6a6fad
--- /dev/null
+++ b/src/lib/libcrypto/sha/asm/sha512-ppc.pl
@@ -0,0 +1,462 @@
+#!/usr/bin/env perl
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+# I let hardware handle unaligned input, except on page boundaries
+# (see below for details). Otherwise straightforward implementation
+# with X vector in register bank. The module is big-endian [which is
+# not big deal as there're no little-endian targets left around].
+#                       sha256          |       sha512
+#                       -m64    -m32    |       -m64    -m32
+# --------------------------------------+-----------------------
+# PPC970,gcc-4.0.0      +50%    +38%    |       +40%    +410%(*)
+# Power6,xlc-7          +150%   +90%    |       +100%   +430%(*)
+#
+# (*)   64-bit code in 32-bit application context, which actually is
+#       on TODO list. It should be noted that for safe deployment in
+#       32-bit *mutli-threaded* context asyncronous signals should be
+#       blocked upon entry to SHA512 block routine. This is because
+#       32-bit signaling procedure invalidates upper halves of GPRs.
+#       Context switch procedure preserves them, but not signaling:-(
+# Second version is true multi-thread safe. Trouble with the original
+# version was that it was using thread local storage pointer register.
+# Well, it scrupulously preserved it, but the problem would arise the
+# moment asynchronous signal was delivered and signal handler would
+# dereference the TLS pointer. While it's never the case in openssl
+# application or test suite, we have to respect this scenario and not
+# use TLS pointer register. Alternative would be to require caller to
+# block signals prior calling this routine. For the record, in 32-bit
+# context R2 serves as TLS pointer, while in 64-bit context - R13.
+$flavour=shift;
+$output =shift;
+if ($flavour =~ /64/) {
+        $SIZE_T=8;
+        $STU="stdu";
+        $UCMP="cmpld";
+        $SHL="sldi";
+        $POP="ld";
+        $PUSH="std";
+} elsif ($flavour =~ /32/) {
+        $SIZE_T=4;
+        $STU="stwu";
+        $UCMP="cmplw";
+        $SHL="slwi";
+        $POP="lwz";
+        $PUSH="stw";
+} else { die "nonsense $flavour"; }
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
+die "can't locate ppc-xlate.pl";
+open STDOUT,"| $^X $xlate $flavour $output" || die "can't call $xlate: $!";
+if ($output =~ /512/) {
+        $func="sha512_block_data_order";
+        $SZ=8;
+        @Sigma0=(28,34,39);
+        @Sigma1=(14,18,41);
+        @sigma0=(1,  8, 7);
+        @sigma1=(19,61, 6);
+        $rounds=80;
+        $LD="ld";
+        $ST="std";
+        $ROR="rotrdi";
+        $SHR="srdi";
+} else {
+        $func="sha256_block_data_order";
+        $SZ=4;
+        @Sigma0=( 2,13,22);
+        @Sigma1=( 6,11,25);
+        @sigma0=( 7,18, 3);
+        @sigma1=(17,19,10);
+        $rounds=64;
+        $LD="lwz";
+        $ST="stw";
+        $ROR="rotrwi";
+        $SHR="srwi";
+}
+$FRAME=32*$SIZE_T;
+$sp ="r1";
+$toc="r2";
+$ctx="r3";      # zapped by $a0
+$inp="r4";      # zapped by $a1
+$num="r5";      # zapped by $t0
+$T  ="r0";
+$a0 ="r3";
+$a1 ="r4";
+$t0 ="r5";
+$t1 ="r6";
+$Tbl="r7";
+$A  ="r8";
+$B  ="r9";
+$C  ="r10";
+$D  ="r11";
+$E  ="r12";
+$F  ="r13";     $F="r2" if ($SIZE_T==8);# reassigned to exempt TLS pointer
+$G  ="r14";
+$H  ="r15";
+@V=($A,$B,$C,$D,$E,$F,$G,$H);
+@X=("r16","r17","r18","r19","r20","r21","r22","r23",
+    "r24","r25","r26","r27","r28","r29","r30","r31");
+$inp="r31";     # reassigned $inp! aliases with @X[15]
+sub ROUND_00_15 {
+my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_;
+$code.=<<___;
+        $LD     $T,`$i*$SZ`($Tbl)
+        $ROR    $a0,$e,$Sigma1[0]
+        $ROR    $a1,$e,$Sigma1[1]
+        and     $t0,$f,$e
+        andc    $t1,$g,$e
+        add     $T,$T,$h
+        xor     $a0,$a0,$a1
+        $ROR    $a1,$a1,`$Sigma1[2]-$Sigma1[1]`
+        or      $t0,$t0,$t1             ; Ch(e,f,g)
+        add     $T,$T,@X[$i]
+        xor     $a0,$a0,$a1             ; Sigma1(e)
+        add     $T,$T,$t0
+        add     $T,$T,$a0
+        $ROR    $a0,$a,$Sigma0[0]
+        $ROR    $a1,$a,$Sigma0[1]
+        and     $t0,$a,$b
+        and     $t1,$a,$c
+        xor     $a0,$a0,$a1
+        $ROR    $a1,$a1,`$Sigma0[2]-$Sigma0[1]`
+        xor     $t0,$t0,$t1
+        and     $t1,$b,$c
+        xor     $a0,$a0,$a1             ; Sigma0(a)
+        add     $d,$d,$T
+        xor     $t0,$t0,$t1             ; Maj(a,b,c)
+        add     $h,$T,$a0
+        add     $h,$h,$t0
+___
+}
+sub ROUND_16_xx {
+my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_;
+$i-=16;
+$code.=<<___;
+        $ROR    $a0,@X[($i+1)%16],$sigma0[0]
+        $ROR    $a1,@X[($i+1)%16],$sigma0[1]
+        $ROR    $t0,@X[($i+14)%16],$sigma1[0]
+        $ROR    $t1,@X[($i+14)%16],$sigma1[1]
+        xor     $a0,$a0,$a1
+        $SHR    $a1,@X[($i+1)%16],$sigma0[2]
+        xor     $t0,$t0,$t1
+        $SHR    $t1,@X[($i+14)%16],$sigma1[2]
+        add     @X[$i],@X[$i],@X[($i+9)%16]
+        xor     $a0,$a0,$a1             ; sigma0(X[(i+1)&0x0f])
+        xor     $t0,$t0,$t1             ; sigma1(X[(i+14)&0x0f])
+        add     @X[$i],@X[$i],$a0
+        add     @X[$i],@X[$i],$t0
+___
+&ROUND_00_15($i,$a,$b,$c,$d,$e,$f,$g,$h);
+}
+$code=<<___;
+.machine        "any"
+.text
+.globl  $func
+.align  6
+$func:
+        mflr    r0
+        $STU    $sp,`-($FRAME+16*$SZ)`($sp)
+        $SHL    $num,$num,`log(16*$SZ)/log(2)`
+        $PUSH   $ctx,`$FRAME-$SIZE_T*22`($sp)
+        $PUSH   r0,`$FRAME-$SIZE_T*21`($sp)
+        $PUSH   $toc,`$FRAME-$SIZE_T*20`($sp)
+        $PUSH   r13,`$FRAME-$SIZE_T*19`($sp)
+        $PUSH   r14,`$FRAME-$SIZE_T*18`($sp)
+        $PUSH   r15,`$FRAME-$SIZE_T*17`($sp)
+        $PUSH   r16,`$FRAME-$SIZE_T*16`($sp)
+        $PUSH   r17,`$FRAME-$SIZE_T*15`($sp)
+        $PUSH   r18,`$FRAME-$SIZE_T*14`($sp)
+        $PUSH   r19,`$FRAME-$SIZE_T*13`($sp)
+        $PUSH   r20,`$FRAME-$SIZE_T*12`($sp)
+        $PUSH   r21,`$FRAME-$SIZE_T*11`($sp)
+        $PUSH   r22,`$FRAME-$SIZE_T*10`($sp)
+        $PUSH   r23,`$FRAME-$SIZE_T*9`($sp)
+        $PUSH   r24,`$FRAME-$SIZE_T*8`($sp)
+        $PUSH   r25,`$FRAME-$SIZE_T*7`($sp)
+        $PUSH   r26,`$FRAME-$SIZE_T*6`($sp)
+        $PUSH   r27,`$FRAME-$SIZE_T*5`($sp)
+        $PUSH   r28,`$FRAME-$SIZE_T*4`($sp)
+        $PUSH   r29,`$FRAME-$SIZE_T*3`($sp)
+        $PUSH   r30,`$FRAME-$SIZE_T*2`($sp)
+        $PUSH   r31,`$FRAME-$SIZE_T*1`($sp)
+        $LD     $A,`0*$SZ`($ctx)
+        mr      $inp,r4                         ; incarnate $inp
+        $LD     $B,`1*$SZ`($ctx)
+        $LD     $C,`2*$SZ`($ctx)
+        $LD     $D,`3*$SZ`($ctx)
+        $LD     $E,`4*$SZ`($ctx)
+        $LD     $F,`5*$SZ`($ctx)
+        $LD     $G,`6*$SZ`($ctx)
+        $LD     $H,`7*$SZ`($ctx)
+        b       LPICmeup
+LPICedup:
+        andi.   r0,$inp,3
+        bne     Lunaligned
+Laligned:
+        add     $num,$inp,$num
+        $PUSH   $num,`$FRAME-$SIZE_T*24`($sp)   ; end pointer
+        $PUSH   $inp,`$FRAME-$SIZE_T*23`($sp)   ; inp pointer
+        bl      Lsha2_block_private
+Ldone:
+        $POP    r0,`$FRAME-$SIZE_T*21`($sp)
+        $POP    $toc,`$FRAME-$SIZE_T*20`($sp)
+        $POP    r13,`$FRAME-$SIZE_T*19`($sp)
+        $POP    r14,`$FRAME-$SIZE_T*18`($sp)
+        $POP    r15,`$FRAME-$SIZE_T*17`($sp)
+        $POP    r16,`$FRAME-$SIZE_T*16`($sp)
+        $POP    r17,`$FRAME-$SIZE_T*15`($sp)
+        $POP    r18,`$FRAME-$SIZE_T*14`($sp)
+        $POP    r19,`$FRAME-$SIZE_T*13`($sp)
+        $POP    r20,`$FRAME-$SIZE_T*12`($sp)
+        $POP    r21,`$FRAME-$SIZE_T*11`($sp)
+        $POP    r22,`$FRAME-$SIZE_T*10`($sp)
+        $POP    r23,`$FRAME-$SIZE_T*9`($sp)
+        $POP    r24,`$FRAME-$SIZE_T*8`($sp)
+        $POP    r25,`$FRAME-$SIZE_T*7`($sp)
+        $POP    r26,`$FRAME-$SIZE_T*6`($sp)
+        $POP    r27,`$FRAME-$SIZE_T*5`($sp)
+        $POP    r28,`$FRAME-$SIZE_T*4`($sp)
+        $POP    r29,`$FRAME-$SIZE_T*3`($sp)
+        $POP    r30,`$FRAME-$SIZE_T*2`($sp)
+        $POP    r31,`$FRAME-$SIZE_T*1`($sp)
+        mtlr    r0
+        addi    $sp,$sp,`$FRAME+16*$SZ`
+        blr
+___
+# PowerPC specification allows an implementation to be ill-behaved
+# upon unaligned access which crosses page boundary. "Better safe
+# than sorry" principle makes me treat it specially. But I don't
+# look for particular offending word, but rather for the input
+# block which crosses the boundary. Once found that block is aligned
+# and hashed separately...
+$code.=<<___;
+.align  4
+Lunaligned:
+        subfic  $t1,$inp,4096
+        andi.   $t1,$t1,`4096-16*$SZ`   ; distance to closest page boundary
+        beq     Lcross_page
+        $UCMP   $num,$t1
+        ble-    Laligned                ; didn't cross the page boundary
+        subfc   $num,$t1,$num
+        add     $t1,$inp,$t1
+        $PUSH   $num,`$FRAME-$SIZE_T*25`($sp)   ; save real remaining num
+        $PUSH   $t1,`$FRAME-$SIZE_T*24`($sp)    ; intermediate end pointer
+        $PUSH   $inp,`$FRAME-$SIZE_T*23`($sp)   ; inp pointer
+        bl      Lsha2_block_private
+        ; $inp equals to the intermediate end pointer here
+        $POP    $num,`$FRAME-$SIZE_T*25`($sp)   ; restore real remaining num
+Lcross_page:
+        li      $t1,`16*$SZ/4`
+        mtctr   $t1
+        addi    r20,$sp,$FRAME                  ; aligned spot below the frame
+Lmemcpy:
+        lbz     r16,0($inp)
+        lbz     r17,1($inp)
+        lbz     r18,2($inp)
+        lbz     r19,3($inp)
+        addi    $inp,$inp,4
+        stb     r16,0(r20)
+        stb     r17,1(r20)
+        stb     r18,2(r20)
+        stb     r19,3(r20)
+        addi    r20,r20,4
+        bdnz    Lmemcpy
+        $PUSH   $inp,`$FRAME-$SIZE_T*26`($sp)   ; save real inp
+        addi    $t1,$sp,`$FRAME+16*$SZ`         ; fictitious end pointer
+        addi    $inp,$sp,$FRAME                 ; fictitious inp pointer
+        $PUSH   $num,`$FRAME-$SIZE_T*25`($sp)   ; save real num
+        $PUSH   $t1,`$FRAME-$SIZE_T*24`($sp)    ; end pointer
+        $PUSH   $inp,`$FRAME-$SIZE_T*23`($sp)   ; inp pointer
+        bl      Lsha2_block_private
+        $POP    $inp,`$FRAME-$SIZE_T*26`($sp)   ; restore real inp
+        $POP    $num,`$FRAME-$SIZE_T*25`($sp)   ; restore real num
+        addic.  $num,$num,`-16*$SZ`             ; num--
+        bne-    Lunaligned
+        b       Ldone
+___
+$code.=<<___;
+.align  4
+Lsha2_block_private:
+___
+for($i=0;$i<16;$i++) {
+$code.=<<___ if ($SZ==4);
+        lwz     @X[$i],`$i*$SZ`($inp)
+___
+# 64-bit loads are split to 2x32-bit ones, as CPU can't handle
+# unaligned 64-bit loads, only 32-bit ones...
+$code.=<<___ if ($SZ==8);
+        lwz     $t0,`$i*$SZ`($inp)
+        lwz     @X[$i],`$i*$SZ+4`($inp)
+        insrdi  @X[$i],$t0,32,0
+___
+        &ROUND_00_15($i,@V);
+        unshift(@V,pop(@V));
+}
+$code.=<<___;
+        li      $T,`$rounds/16-1`
+        mtctr   $T
+.align  4
+Lrounds:
+        addi    $Tbl,$Tbl,`16*$SZ`
+___
+for(;$i<32;$i++) {
+        &ROUND_16_xx($i,@V);
+        unshift(@V,pop(@V));
+}
+$code.=<<___;
+        bdnz-   Lrounds
+        $POP    $ctx,`$FRAME-$SIZE_T*22`($sp)
+        $POP    $inp,`$FRAME-$SIZE_T*23`($sp)   ; inp pointer
+        $POP    $num,`$FRAME-$SIZE_T*24`($sp)   ; end pointer
+        subi    $Tbl,$Tbl,`($rounds-16)*$SZ`    ; rewind Tbl
+        $LD     r16,`0*$SZ`($ctx)
+        $LD     r17,`1*$SZ`($ctx)
+        $LD     r18,`2*$SZ`($ctx)
+        $LD     r19,`3*$SZ`($ctx)
+        $LD     r20,`4*$SZ`($ctx)
+        $LD     r21,`5*$SZ`($ctx)
+        $LD     r22,`6*$SZ`($ctx)
+        addi    $inp,$inp,`16*$SZ`              ; advance inp
+        $LD     r23,`7*$SZ`($ctx)
+        add     $A,$A,r16
+        add     $B,$B,r17
+        $PUSH   $inp,`$FRAME-$SIZE_T*23`($sp)
+        add     $C,$C,r18
+        $ST     $A,`0*$SZ`($ctx)
+        add     $D,$D,r19
+        $ST     $B,`1*$SZ`($ctx)
+        add     $E,$E,r20
+        $ST     $C,`2*$SZ`($ctx)
+        add     $F,$F,r21
+        $ST     $D,`3*$SZ`($ctx)
+        add     $G,$G,r22
+        $ST     $E,`4*$SZ`($ctx)
+        add     $H,$H,r23
+        $ST     $F,`5*$SZ`($ctx)
+        $ST     $G,`6*$SZ`($ctx)
+        $UCMP   $inp,$num
+        $ST     $H,`7*$SZ`($ctx)
+        bne     Lsha2_block_private
+        blr
+___
+# Ugly hack here, because PPC assembler syntax seem to vary too
+# much from platforms to platform...
+$code.=<<___;
+.align  6
+LPICmeup:
+        bl      LPIC
+        addi    $Tbl,$Tbl,`64-4`        ; "distance" between . and last nop
+        b       LPICedup
+        nop
+        nop
+        nop
+        nop
+        nop
+LPIC:   mflr    $Tbl
+        blr
+        nop
+        nop
+        nop
+        nop
+        nop
+        nop
+___
+$code.=<<___ if ($SZ==8);
+        .long   0x428a2f98,0xd728ae22,0x71374491,0x23ef65cd
+        .long   0xb5c0fbcf,0xec4d3b2f,0xe9b5dba5,0x8189dbbc
+        .long   0x3956c25b,0xf348b538,0x59f111f1,0xb605d019
+        .long   0x923f82a4,0xaf194f9b,0xab1c5ed5,0xda6d8118
+        .long   0xd807aa98,0xa3030242,0x12835b01,0x45706fbe
+        .long   0x243185be,0x4ee4b28c,0x550c7dc3,0xd5ffb4e2
+        .long   0x72be5d74,0xf27b896f,0x80deb1fe,0x3b1696b1
+        .long   0x9bdc06a7,0x25c71235,0xc19bf174,0xcf692694
+        .long   0xe49b69c1,0x9ef14ad2,0xefbe4786,0x384f25e3
+        .long   0x0fc19dc6,0x8b8cd5b5,0x240ca1cc,0x77ac9c65
+        .long   0x2de92c6f,0x592b0275,0x4a7484aa,0x6ea6e483
+        .long   0x5cb0a9dc,0xbd41fbd4,0x76f988da,0x831153b5
+        .long   0x983e5152,0xee66dfab,0xa831c66d,0x2db43210
+        .long   0xb00327c8,0x98fb213f,0xbf597fc7,0xbeef0ee4
+        .long   0xc6e00bf3,0x3da88fc2,0xd5a79147,0x930aa725
+        .long   0x06ca6351,0xe003826f,0x14292967,0x0a0e6e70
+        .long   0x27b70a85,0x46d22ffc,0x2e1b2138,0x5c26c926
+        .long   0x4d2c6dfc,0x5ac42aed,0x53380d13,0x9d95b3df
+        .long   0x650a7354,0x8baf63de,0x766a0abb,0x3c77b2a8
+        .long   0x81c2c92e,0x47edaee6,0x92722c85,0x1482353b
+        .long   0xa2bfe8a1,0x4cf10364,0xa81a664b,0xbc423001
+        .long   0xc24b8b70,0xd0f89791,0xc76c51a3,0x0654be30
+        .long   0xd192e819,0xd6ef5218,0xd6990624,0x5565a910
+        .long   0xf40e3585,0x5771202a,0x106aa070,0x32bbd1b8
+        .long   0x19a4c116,0xb8d2d0c8,0x1e376c08,0x5141ab53
+        .long   0x2748774c,0xdf8eeb99,0x34b0bcb5,0xe19b48a8
+        .long   0x391c0cb3,0xc5c95a63,0x4ed8aa4a,0xe3418acb
+        .long   0x5b9cca4f,0x7763e373,0x682e6ff3,0xd6b2b8a3
+        .long   0x748f82ee,0x5defb2fc,0x78a5636f,0x43172f60
+        .long   0x84c87814,0xa1f0ab72,0x8cc70208,0x1a6439ec
+        .long   0x90befffa,0x23631e28,0xa4506ceb,0xde82bde9
+        .long   0xbef9a3f7,0xb2c67915,0xc67178f2,0xe372532b
+        .long   0xca273ece,0xea26619c,0xd186b8c7,0x21c0c207
+        .long   0xeada7dd6,0xcde0eb1e,0xf57d4f7f,0xee6ed178
+        .long   0x06f067aa,0x72176fba,0x0a637dc5,0xa2c898a6
+        .long   0x113f9804,0xbef90dae,0x1b710b35,0x131c471b
+        .long   0x28db77f5,0x23047d84,0x32caab7b,0x40c72493
+        .long   0x3c9ebe0a,0x15c9bebc,0x431d67c4,0x9c100d4c
+        .long   0x4cc5d4be,0xcb3e42b6,0x597f299c,0xfc657e2a
+        .long   0x5fcb6fab,0x3ad6faec,0x6c44198c,0x4a475817
+___
+$code.=<<___ if ($SZ==4);
+        .long   0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
+        .long   0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
+        .long   0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
+        .long   0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
+        .long   0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
+        .long   0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
+        .long   0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
+        .long   0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
+        .long   0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
+        .long   0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
+        .long   0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
+        .long   0xd192e819,0xd6990624,0xf40e3585,0x106aa070
+        .long   0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
+        .long   0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
+        .long   0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
+        .long   0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
+___
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+print $code;
+close STDOUT;
diff --git a/src/lib/libcrypto/sha/asm/sha512-s390x.pl b/src/lib/libcrypto/sha/asm/sha512-s390x.pl
new file mode 100644
index 0000000000..e7ef2d5a9f
--- /dev/null
+++ b/src/lib/libcrypto/sha/asm/sha512-s390x.pl
@@ -0,0 +1,301 @@
+#!/usr/bin/env perl
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+# SHA256/512 block procedures for s390x.
+# April 2007.
+#
+# sha256_block_data_order is reportedly >3 times faster than gcc 3.3
+# generated code (must be a bug in compiler, as improvement is
+# "pathologically" high, in particular in comparison to other SHA
+# modules). But the real twist is that it detects if hardware support
+# for SHA256 is available and in such case utilizes it. Then the
+# performance can reach >6.5x of assembler one for larger chunks.
+#
+# sha512_block_data_order is ~70% faster than gcc 3.3 generated code.
+# January 2009.
+#
+# Add support for hardware SHA512 and reschedule instructions to
+# favour dual-issue z10 pipeline. Hardware SHA256/512 is ~4.7x faster
+# than software.
+$t0="%r0";
+$t1="%r1";
+$ctx="%r2";     $t2="%r2";
+$inp="%r3";
+$len="%r4";     # used as index in inner loop
+$A="%r5";
+$B="%r6";
+$C="%r7";
+$D="%r8";
+$E="%r9";
+$F="%r10";
+$G="%r11";
+$H="%r12";      @V=($A,$B,$C,$D,$E,$F,$G,$H);
+$tbl="%r13";
+$T1="%r14";
+$sp="%r15";
+$output=shift;
+open STDOUT,">$output";
+if ($output =~ /512/) {
+        $label="512";
+        $SZ=8;
+        $LD="lg";       # load from memory
+        $ST="stg";      # store to memory
+        $ADD="alg";     # add with memory operand
+        $ROT="rllg";    # rotate left
+        $SHR="srlg";    # logical right shift [see even at the end]
+        @Sigma0=(25,30,36);
+        @Sigma1=(23,46,50);
+        @sigma0=(56,63, 7);
+        @sigma1=( 3,45, 6);
+        $rounds=80;
+        $kimdfunc=3;    # 0 means unknown/unsupported/unimplemented/disabled
+} else {
+        $label="256";
+        $SZ=4;
+        $LD="llgf";     # load from memory
+        $ST="st";       # store to memory
+        $ADD="al";      # add with memory operand
+        $ROT="rll";     # rotate left
+        $SHR="srl";     # logical right shift
+        @Sigma0=(10,19,30);
+        @Sigma1=( 7,21,26);
+        @sigma0=(14,25, 3);
+        @sigma1=(13,15,10);
+        $rounds=64;
+        $kimdfunc=2;    # magic function code for kimd instruction
+}
+$Func="sha${label}_block_data_order";
+$Table="K${label}";
+$frame=160+16*$SZ;
+sub BODY_00_15 {
+my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_;
+$code.=<<___ if ($i<16);
+        $LD     $T1,`$i*$SZ`($inp)      ### $i
+___
+$code.=<<___;
+        $ROT    $t0,$e,$Sigma1[0]
+        $ROT    $t1,$e,$Sigma1[1]
+         lgr    $t2,$f
+        xgr     $t0,$t1
+        $ROT    $t1,$t1,`$Sigma1[2]-$Sigma1[1]`
+         xgr    $t2,$g
+        $ST     $T1,`160+$SZ*($i%16)`($sp)
+        xgr     $t0,$t1                 # Sigma1(e)
+        la      $T1,0($T1,$h)           # T1+=h
+         ngr    $t2,$e
+         lgr    $t1,$a
+        algr    $T1,$t0                 # T1+=Sigma1(e)
+        $ROT    $h,$a,$Sigma0[0]
+         xgr    $t2,$g                  # Ch(e,f,g)
+        $ADD    $T1,`$i*$SZ`($len,$tbl) # T1+=K[i]
+        $ROT    $t0,$a,$Sigma0[1]
+        algr    $T1,$t2                 # T1+=Ch(e,f,g)
+         ogr    $t1,$b
+        xgr     $h,$t0
+         lgr    $t2,$a
+         ngr    $t1,$c
+        $ROT    $t0,$t0,`$Sigma0[2]-$Sigma0[1]`
+        xgr     $h,$t0                  # h=Sigma0(a)
+         ngr    $t2,$b
+        algr    $h,$T1                  # h+=T1
+         ogr    $t2,$t1                 # Maj(a,b,c)
+        la      $d,0($d,$T1)            # d+=T1
+        algr    $h,$t2                  # h+=Maj(a,b,c)
+___
+}
+sub BODY_16_XX {
+my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_;
+$code.=<<___;
+        $LD     $T1,`160+$SZ*(($i+1)%16)`($sp)  ### $i
+        $LD     $t1,`160+$SZ*(($i+14)%16)`($sp)
+        $ROT    $t0,$T1,$sigma0[0]
+        $SHR    $T1,$sigma0[2]
+        $ROT    $t2,$t0,`$sigma0[1]-$sigma0[0]`
+        xgr     $T1,$t0
+        $ROT    $t0,$t1,$sigma1[0]
+        xgr     $T1,$t2                         # sigma0(X[i+1])
+        $SHR    $t1,$sigma1[2]
+        $ADD    $T1,`160+$SZ*($i%16)`($sp)      # +=X[i]
+        xgr     $t1,$t0
+        $ROT    $t0,$t0,`$sigma1[1]-$sigma1[0]`
+        $ADD    $T1,`160+$SZ*(($i+9)%16)`($sp)  # +=X[i+9]
+        xgr     $t1,$t0                         # sigma1(X[i+14])
+        algr    $T1,$t1                         # +=sigma1(X[i+14])
+___
+        &BODY_00_15(@_);
+}
+$code.=<<___;
+.text
+.align  64
+.type   $Table,\@object
+$Table:
+___
+$code.=<<___ if ($SZ==4);
+        .long   0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
+        .long   0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
+        .long   0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
+        .long   0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
+        .long   0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
+        .long   0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
+        .long   0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
+        .long   0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
+        .long   0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
+        .long   0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
+        .long   0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
+        .long   0xd192e819,0xd6990624,0xf40e3585,0x106aa070
+        .long   0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
+        .long   0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
+        .long   0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
+        .long   0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
+___
+$code.=<<___ if ($SZ==8);
+        .quad   0x428a2f98d728ae22,0x7137449123ef65cd
+        .quad   0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc
+        .quad   0x3956c25bf348b538,0x59f111f1b605d019
+        .quad   0x923f82a4af194f9b,0xab1c5ed5da6d8118
+        .quad   0xd807aa98a3030242,0x12835b0145706fbe
+        .quad   0x243185be4ee4b28c,0x550c7dc3d5ffb4e2
+        .quad   0x72be5d74f27b896f,0x80deb1fe3b1696b1
+        .quad   0x9bdc06a725c71235,0xc19bf174cf692694
+        .quad   0xe49b69c19ef14ad2,0xefbe4786384f25e3
+        .quad   0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65
+        .quad   0x2de92c6f592b0275,0x4a7484aa6ea6e483
+        .quad   0x5cb0a9dcbd41fbd4,0x76f988da831153b5
+        .quad   0x983e5152ee66dfab,0xa831c66d2db43210
+        .quad   0xb00327c898fb213f,0xbf597fc7beef0ee4
+        .quad   0xc6e00bf33da88fc2,0xd5a79147930aa725
+        .quad   0x06ca6351e003826f,0x142929670a0e6e70
+        .quad   0x27b70a8546d22ffc,0x2e1b21385c26c926
+        .quad   0x4d2c6dfc5ac42aed,0x53380d139d95b3df
+        .quad   0x650a73548baf63de,0x766a0abb3c77b2a8
+        .quad   0x81c2c92e47edaee6,0x92722c851482353b
+        .quad   0xa2bfe8a14cf10364,0xa81a664bbc423001
+        .quad   0xc24b8b70d0f89791,0xc76c51a30654be30
+        .quad   0xd192e819d6ef5218,0xd69906245565a910
+        .quad   0xf40e35855771202a,0x106aa07032bbd1b8
+        .quad   0x19a4c116b8d2d0c8,0x1e376c085141ab53
+        .quad   0x2748774cdf8eeb99,0x34b0bcb5e19b48a8
+        .quad   0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb
+        .quad   0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3
+        .quad   0x748f82ee5defb2fc,0x78a5636f43172f60
+        .quad   0x84c87814a1f0ab72,0x8cc702081a6439ec
+        .quad   0x90befffa23631e28,0xa4506cebde82bde9
+        .quad   0xbef9a3f7b2c67915,0xc67178f2e372532b
+        .quad   0xca273eceea26619c,0xd186b8c721c0c207
+        .quad   0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178
+        .quad   0x06f067aa72176fba,0x0a637dc5a2c898a6
+        .quad   0x113f9804bef90dae,0x1b710b35131c471b
+        .quad   0x28db77f523047d84,0x32caab7b40c72493
+        .quad   0x3c9ebe0a15c9bebc,0x431d67c49c100d4c
+        .quad   0x4cc5d4becb3e42b6,0x597f299cfc657e2a
+        .quad   0x5fcb6fab3ad6faec,0x6c44198c4a475817
+___
+$code.=<<___;
+.size   $Table,.-$Table
+.globl  $Func
+.type   $Func,\@function
+$Func:
+___
+$code.=<<___ if ($kimdfunc);
+        larl    %r1,OPENSSL_s390xcap_P
+        lg      %r0,0(%r1)
+        tmhl    %r0,0x4000      # check for message-security assist
+        jz      .Lsoftware
+        lghi    %r0,0
+        la      %r1,16($sp)
+        .long   0xb93e0002      # kimd %r0,%r2
+        lg      %r0,16($sp)
+        tmhh    %r0,`0x8000>>$kimdfunc`
+        jz      .Lsoftware
+        lghi    %r0,$kimdfunc
+        lgr     %r1,$ctx
+        lgr     %r2,$inp
+        sllg    %r3,$len,`log(16*$SZ)/log(2)`
+        .long   0xb93e0002      # kimd %r0,%r2
+        brc     1,.-4           # pay attention to "partial completion"
+        br      %r14
+.align  16
+.Lsoftware:
+___
+$code.=<<___;
+        sllg    $len,$len,`log(16*$SZ)/log(2)`
+        lghi    %r1,-$frame
+        agr     $len,$inp
+        stmg    $ctx,%r15,16($sp)
+        lgr     %r0,$sp
+        la      $sp,0(%r1,$sp)
+        stg     %r0,0($sp)
+        larl    $tbl,$Table
+        $LD     $A,`0*$SZ`($ctx)
+        $LD     $B,`1*$SZ`($ctx)
+        $LD     $C,`2*$SZ`($ctx)
+        $LD     $D,`3*$SZ`($ctx)
+        $LD     $E,`4*$SZ`($ctx)
+        $LD     $F,`5*$SZ`($ctx)
+        $LD     $G,`6*$SZ`($ctx)
+        $LD     $H,`7*$SZ`($ctx)
+.Lloop:
+        lghi    $len,0
+___
+for ($i=0;$i<16;$i++)   { &BODY_00_15($i,@V); unshift(@V,pop(@V)); }
+$code.=".Lrounds_16_xx:\n";
+for (;$i<32;$i++)       { &BODY_16_XX($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+        aghi    $len,`16*$SZ`
+        lghi    $t0,`($rounds-16)*$SZ`
+        clgr    $len,$t0
+        jne     .Lrounds_16_xx
+        lg      $ctx,`$frame+16`($sp)
+        la      $inp,`16*$SZ`($inp)
+        $ADD    $A,`0*$SZ`($ctx)
+        $ADD    $B,`1*$SZ`($ctx)
+        $ADD    $C,`2*$SZ`($ctx)
+        $ADD    $D,`3*$SZ`($ctx)
+        $ADD    $E,`4*$SZ`($ctx)
+        $ADD    $F,`5*$SZ`($ctx)
+        $ADD    $G,`6*$SZ`($ctx)
+        $ADD    $H,`7*$SZ`($ctx)
+        $ST     $A,`0*$SZ`($ctx)
+        $ST     $B,`1*$SZ`($ctx)
+        $ST     $C,`2*$SZ`($ctx)
+        $ST     $D,`3*$SZ`($ctx)
+        $ST     $E,`4*$SZ`($ctx)
+        $ST     $F,`5*$SZ`($ctx)
+        $ST     $G,`6*$SZ`($ctx)
+        $ST     $H,`7*$SZ`($ctx)
+        clg     $inp,`$frame+32`($sp)
+        jne     .Lloop
+        lmg     %r6,%r15,`$frame+48`($sp)       
+        br      %r14
+.size   $Func,.-$Func
+.string "SHA${label} block transform for s390x, CRYPTOGAMS by <appro\@openssl.org>"
+.comm   OPENSSL_s390xcap_P,8,8
+___
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+# unlike 32-bit shift 64-bit one takes three arguments
+$code =~ s/(srlg\s+)(%r[0-9]+),/$1$2,$2,/gm;
+print $code;
+close STDOUT;
diff --git a/src/lib/libcrypto/sha/asm/sha512-sparcv9.pl b/src/lib/libcrypto/sha/asm/sha512-sparcv9.pl
new file mode 100644
index 0000000000..54241aab50
--- /dev/null
+++ b/src/lib/libcrypto/sha/asm/sha512-sparcv9.pl
@@ -0,0 +1,593 @@
+#!/usr/bin/env perl
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+# SHA256 performance improvement over compiler generated code varies
+# from 40% for Sun C [32-bit build] to 70% for gcc [3.3, 64-bit
+# build]. Just like in SHA1 module I aim to ensure scalability on
+# UltraSPARC T1 by packing X[16] to 8 64-bit registers.
+# SHA512 on pre-T1 UltraSPARC.
+#
+# Performance is >75% better than 64-bit code generated by Sun C and
+# over 2x than 32-bit code. X[16] resides on stack, but access to it
+# is scheduled for L2 latency and staged through 32 least significant
+# bits of %l0-%l7. The latter is done to achieve 32-/64-bit ABI
+# duality. Nevetheless it's ~40% faster than SHA256, which is pretty
+# good [optimal coefficient is 50%].
+#
+# SHA512 on UltraSPARC T1.
+#
+# It's not any faster than 64-bit code generated by Sun C 5.8. This is
+# because 64-bit code generator has the advantage of using 64-bit
+# loads(*) to access X[16], which I consciously traded for 32-/64-bit
+# ABI duality [as per above]. But it surpasses 32-bit Sun C generated
+# code by 60%, not to mention that it doesn't suffer from severe decay
+# when running 4 times physical cores threads and that it leaves gcc
+# [3.4] behind by over 4x factor! If compared to SHA256, single thread
+# performance is only 10% better, but overall throughput for maximum
+# amount of threads for given CPU exceeds corresponding one of SHA256
+# by 30% [again, optimal coefficient is 50%].
+#
+# (*)   Unlike pre-T1 UltraSPARC loads on T1 are executed strictly
+#       in-order, i.e. load instruction has to complete prior next
+#       instruction in given thread is executed, even if the latter is
+#       not dependent on load result! This means that on T1 two 32-bit
+#       loads are always slower than one 64-bit load. Once again this
+#       is unlike pre-T1 UltraSPARC, where, if scheduled appropriately,
+#       2x32-bit loads can be as fast as 1x64-bit ones.
+$bits=32;
+for (@ARGV)     { $bits=64 if (/\-m64/ || /\-xarch\=v9/); }
+if ($bits==64)  { $bias=2047; $frame=192; }
+else            { $bias=0;    $frame=112; }
+$output=shift;
+open STDOUT,">$output";
+if ($output =~ /512/) {
+        $label="512";
+        $SZ=8;
+        $LD="ldx";              # load from memory
+        $ST="stx";              # store to memory
+        $SLL="sllx";            # shift left logical
+        $SRL="srlx";            # shift right logical
+        @Sigma0=(28,34,39);
+        @Sigma1=(14,18,41);
+        @sigma0=( 7, 1, 8);     # right shift first
+        @sigma1=( 6,19,61);     # right shift first
+        $lastK=0x817;
+        $rounds=80;
+        $align=4;
+        $locals=16*$SZ;         # X[16]
+        $A="%o0";
+        $B="%o1";
+        $C="%o2";
+        $D="%o3";
+        $E="%o4";
+        $F="%o5";
+        $G="%g1";
+        $H="%o7";
+        @V=($A,$B,$C,$D,$E,$F,$G,$H);
+} else {
+        $label="256";
+        $SZ=4;
+        $LD="ld";               # load from memory
+        $ST="st";               # store to memory
+        $SLL="sll";             # shift left logical
+        $SRL="srl";             # shift right logical
+        @Sigma0=( 2,13,22);
+        @Sigma1=( 6,11,25);
+        @sigma0=( 3, 7,18);     # right shift first
+        @sigma1=(10,17,19);     # right shift first
+        $lastK=0x8f2;
+        $rounds=64;
+        $align=8;
+        $locals=0;              # X[16] is register resident
+        @X=("%o0","%o1","%o2","%o3","%o4","%o5","%g1","%o7");
+        
+        $A="%l0";
+        $B="%l1";
+        $C="%l2";
+        $D="%l3";
+        $E="%l4";
+        $F="%l5";
+        $G="%l6";
+        $H="%l7";
+        @V=($A,$B,$C,$D,$E,$F,$G,$H);
+}
+$T1="%g2";
+$tmp0="%g3";
+$tmp1="%g4";
+$tmp2="%g5";
+$ctx="%i0";
+$inp="%i1";
+$len="%i2";
+$Ktbl="%i3";
+$tmp31="%i4";
+$tmp32="%i5";
+########### SHA256
+$Xload = sub {
+my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_;
+    if ($i==0) {
+$code.=<<___;
+        ldx     [$inp+0],@X[0]
+        ldx     [$inp+16],@X[2]
+        ldx     [$inp+32],@X[4]
+        ldx     [$inp+48],@X[6]
+        ldx     [$inp+8],@X[1]
+        ldx     [$inp+24],@X[3]
+        subcc   %g0,$tmp31,$tmp32 ! should be 64-$tmp31, but -$tmp31 works too
+        ldx     [$inp+40],@X[5]
+        bz,pt   %icc,.Laligned
+        ldx     [$inp+56],@X[7]
+        sllx    @X[0],$tmp31,@X[0]
+        ldx     [$inp+64],$T1
+___
+for($j=0;$j<7;$j++)
+{   $code.=<<___;
+        srlx    @X[$j+1],$tmp32,$tmp1
+        sllx    @X[$j+1],$tmp31,@X[$j+1]
+        or      $tmp1,@X[$j],@X[$j]
+___
+}
+$code.=<<___;
+        srlx    $T1,$tmp32,$T1
+        or      $T1,@X[7],@X[7]
+.Laligned:
+___
+    }
+    if ($i&1) {
+        $code.="\tadd   @X[$i/2],$h,$T1\n";
+    } else {
+        $code.="\tsrlx  @X[$i/2],32,$T1\n\tadd  $h,$T1,$T1\n";
+    }
+} if ($SZ==4);
+########### SHA512
+$Xload = sub {
+my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_;
+my @pair=("%l".eval(($i*2)%8),"%l".eval(($i*2)%8+1),"%l".eval((($i+1)*2)%8));
+$code.=<<___ if ($i==0);
+        ld      [$inp+0],%l0
+        ld      [$inp+4],%l1
+        ld      [$inp+8],%l2
+        ld      [$inp+12],%l3
+        ld      [$inp+16],%l4
+        ld      [$inp+20],%l5
+        ld      [$inp+24],%l6
+        ld      [$inp+28],%l7
+___
+$code.=<<___ if ($i<15);
+        sllx    @pair[1],$tmp31,$tmp2   ! Xload($i)
+        add     $tmp31,32,$tmp0
+        sllx    @pair[0],$tmp0,$tmp1
+        `"ld    [$inp+".eval(32+0+$i*8)."],@pair[0]"    if ($i<12)`
+        srlx    @pair[2],$tmp32,@pair[1]
+        or      $tmp1,$tmp2,$tmp2
+        or      @pair[1],$tmp2,$tmp2
+        `"ld    [$inp+".eval(32+4+$i*8)."],@pair[1]"    if ($i<12)`
+        add     $h,$tmp2,$T1
+        $ST     $tmp2,[%sp+`$bias+$frame+$i*$SZ`]
+___
+$code.=<<___ if ($i==12);
+        brnz,a  $tmp31,.+8
+        ld      [$inp+128],%l0
+___
+$code.=<<___ if ($i==15);
+        ld      [%sp+`$bias+$frame+(($i+1+1)%16)*$SZ+0`],%l2
+        sllx    @pair[1],$tmp31,$tmp2   ! Xload($i)
+        add     $tmp31,32,$tmp0
+        ld      [%sp+`$bias+$frame+(($i+1+1)%16)*$SZ+4`],%l3
+        sllx    @pair[0],$tmp0,$tmp1
+        ld      [%sp+`$bias+$frame+(($i+1+9)%16)*$SZ+0`],%l4
+        srlx    @pair[2],$tmp32,@pair[1]
+        or      $tmp1,$tmp2,$tmp2
+        ld      [%sp+`$bias+$frame+(($i+1+9)%16)*$SZ+4`],%l5
+        or      @pair[1],$tmp2,$tmp2
+        ld      [%sp+`$bias+$frame+(($i+1+14)%16)*$SZ+0`],%l6
+        add     $h,$tmp2,$T1
+        $ST     $tmp2,[%sp+`$bias+$frame+$i*$SZ`]
+        ld      [%sp+`$bias+$frame+(($i+1+14)%16)*$SZ+4`],%l7
+        ld      [%sp+`$bias+$frame+(($i+1+0)%16)*$SZ+0`],%l0
+        ld      [%sp+`$bias+$frame+(($i+1+0)%16)*$SZ+4`],%l1
+___
+} if ($SZ==8);
+########### common
+sub BODY_00_15 {
+my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_;
+    if ($i<16) {
+        &$Xload(@_);
+    } else {
+        $code.="\tadd   $h,$T1,$T1\n";
+    }
+$code.=<<___;
+        $SRL    $e,@Sigma1[0],$h        !! $i
+        xor     $f,$g,$tmp2
+        $SLL    $e,`$SZ*8-@Sigma1[2]`,$tmp1
+        and     $e,$tmp2,$tmp2
+        $SRL    $e,@Sigma1[1],$tmp0
+        xor     $tmp1,$h,$h
+        $SLL    $e,`$SZ*8-@Sigma1[1]`,$tmp1
+        xor     $tmp0,$h,$h
+        $SRL    $e,@Sigma1[2],$tmp0
+        xor     $tmp1,$h,$h
+        $SLL    $e,`$SZ*8-@Sigma1[0]`,$tmp1
+        xor     $tmp0,$h,$h
+        xor     $g,$tmp2,$tmp2          ! Ch(e,f,g)
+        xor     $tmp1,$h,$tmp0          ! Sigma1(e)
+        $SRL    $a,@Sigma0[0],$h
+        add     $tmp2,$T1,$T1
+        $LD     [$Ktbl+`$i*$SZ`],$tmp2  ! K[$i]
+        $SLL    $a,`$SZ*8-@Sigma0[2]`,$tmp1
+        add     $tmp0,$T1,$T1
+        $SRL    $a,@Sigma0[1],$tmp0
+        xor     $tmp1,$h,$h
+        $SLL    $a,`$SZ*8-@Sigma0[1]`,$tmp1
+        xor     $tmp0,$h,$h
+        $SRL    $a,@Sigma0[2],$tmp0
+        xor     $tmp1,$h,$h     
+        $SLL    $a,`$SZ*8-@Sigma0[0]`,$tmp1
+        xor     $tmp0,$h,$h
+        xor     $tmp1,$h,$h             ! Sigma0(a)
+        or      $a,$b,$tmp0
+        and     $a,$b,$tmp1
+        and     $c,$tmp0,$tmp0
+        or      $tmp0,$tmp1,$tmp1       ! Maj(a,b,c)
+        add     $tmp2,$T1,$T1           ! +=K[$i]
+        add     $tmp1,$h,$h
+        add     $T1,$d,$d
+        add     $T1,$h,$h
+___
+}
+########### SHA256
+$BODY_16_XX = sub {
+my $i=@_[0];
+my $xi;
+    if ($i&1) {
+        $xi=$tmp32;
+        $code.="\tsrlx  @X[(($i+1)/2)%8],32,$xi\n";
+    } else {
+        $xi=@X[(($i+1)/2)%8];
+    }
+$code.=<<___;
+        srl     $xi,@sigma0[0],$T1              !! Xupdate($i)
+        sll     $xi,`32-@sigma0[2]`,$tmp1
+        srl     $xi,@sigma0[1],$tmp0
+        xor     $tmp1,$T1,$T1
+        sll     $tmp1,`@sigma0[2]-@sigma0[1]`,$tmp1
+        xor     $tmp0,$T1,$T1
+        srl     $xi,@sigma0[2],$tmp0
+        xor     $tmp1,$T1,$T1
+___
+    if ($i&1) {
+        $xi=@X[(($i+14)/2)%8];
+    } else {
+        $xi=$tmp32;
+        $code.="\tsrlx  @X[(($i+14)/2)%8],32,$xi\n";
+    }
+$code.=<<___;
+        srl     $xi,@sigma1[0],$tmp2
+        xor     $tmp0,$T1,$T1                   ! T1=sigma0(X[i+1])
+        sll     $xi,`32-@sigma1[2]`,$tmp1
+        srl     $xi,@sigma1[1],$tmp0
+        xor     $tmp1,$tmp2,$tmp2
+        sll     $tmp1,`@sigma1[2]-@sigma1[1]`,$tmp1
+        xor     $tmp0,$tmp2,$tmp2
+        srl     $xi,@sigma1[2],$tmp0
+        xor     $tmp1,$tmp2,$tmp2
+___
+    if ($i&1) {
+        $xi=@X[($i/2)%8];
+$code.=<<___;
+        srlx    @X[(($i+9)/2)%8],32,$tmp1       ! X[i+9]
+        xor     $tmp0,$tmp2,$tmp2               ! sigma1(X[i+14])
+        srl     @X[($i/2)%8],0,$tmp0
+        add     $xi,$T1,$T1                     ! +=X[i]
+        xor     $tmp0,@X[($i/2)%8],@X[($i/2)%8]
+        add     $tmp2,$T1,$T1
+        add     $tmp1,$T1,$T1
+        srl     $T1,0,$T1
+        or      $T1,@X[($i/2)%8],@X[($i/2)%8]
+___
+    } else {
+        $xi=@X[(($i+9)/2)%8];
+$code.=<<___;
+        srlx    @X[($i/2)%8],32,$tmp1           ! X[i]
+        xor     $tmp0,$tmp2,$tmp2               ! sigma1(X[i+14])
+        srl     @X[($i/2)%8],0,@X[($i/2)%8]
+        add     $xi,$T1,$T1                     ! +=X[i+9]
+        add     $tmp2,$T1,$T1
+        add     $tmp1,$T1,$T1
+        sllx    $T1,32,$tmp0
+        or      $tmp0,@X[($i/2)%8],@X[($i/2)%8]
+___
+    }
+    &BODY_00_15(@_);
+} if ($SZ==4);
+########### SHA512
+$BODY_16_XX = sub {
+my $i=@_[0];
+my @pair=("%l".eval(($i*2)%8),"%l".eval(($i*2)%8+1));
+$code.=<<___;
+        sllx    %l2,32,$tmp0            !! Xupdate($i)
+        or      %l3,$tmp0,$tmp0
+        srlx    $tmp0,@sigma0[0],$T1
+        ld      [%sp+`$bias+$frame+(($i+1+1)%16)*$SZ+0`],%l2
+        sllx    $tmp0,`64-@sigma0[2]`,$tmp1
+        ld      [%sp+`$bias+$frame+(($i+1+1)%16)*$SZ+4`],%l3
+        srlx    $tmp0,@sigma0[1],$tmp0
+        xor     $tmp1,$T1,$T1
+        sllx    $tmp1,`@sigma0[2]-@sigma0[1]`,$tmp1
+        xor     $tmp0,$T1,$T1
+        srlx    $tmp0,`@sigma0[2]-@sigma0[1]`,$tmp0
+        xor     $tmp1,$T1,$T1
+        sllx    %l6,32,$tmp2
+        xor     $tmp0,$T1,$T1           ! sigma0(X[$i+1])
+        or      %l7,$tmp2,$tmp2
+        srlx    $tmp2,@sigma1[0],$tmp1
+        ld      [%sp+`$bias+$frame+(($i+1+14)%16)*$SZ+0`],%l6
+        sllx    $tmp2,`64-@sigma1[2]`,$tmp0
+        ld      [%sp+`$bias+$frame+(($i+1+14)%16)*$SZ+4`],%l7
+        srlx    $tmp2,@sigma1[1],$tmp2
+        xor     $tmp0,$tmp1,$tmp1
+        sllx    $tmp0,`@sigma1[2]-@sigma1[1]`,$tmp0
+        xor     $tmp2,$tmp1,$tmp1
+        srlx    $tmp2,`@sigma1[2]-@sigma1[1]`,$tmp2
+        xor     $tmp0,$tmp1,$tmp1
+        sllx    %l4,32,$tmp0
+        xor     $tmp2,$tmp1,$tmp1       ! sigma1(X[$i+14])
+        ld      [%sp+`$bias+$frame+(($i+1+9)%16)*$SZ+0`],%l4
+        or      %l5,$tmp0,$tmp0
+        ld      [%sp+`$bias+$frame+(($i+1+9)%16)*$SZ+4`],%l5
+        sllx    %l0,32,$tmp2
+        add     $tmp1,$T1,$T1
+        ld      [%sp+`$bias+$frame+(($i+1+0)%16)*$SZ+0`],%l0
+        or      %l1,$tmp2,$tmp2
+        add     $tmp0,$T1,$T1           ! +=X[$i+9]
+        ld      [%sp+`$bias+$frame+(($i+1+0)%16)*$SZ+4`],%l1
+        add     $tmp2,$T1,$T1           ! +=X[$i]
+        $ST     $T1,[%sp+`$bias+$frame+($i%16)*$SZ`]
+___
+    &BODY_00_15(@_);
+} if ($SZ==8);
+$code.=<<___ if ($bits==64);
+.register       %g2,#scratch
+.register       %g3,#scratch
+___
+$code.=<<___;
+.section        ".text",#alloc,#execinstr
+.align  64
+K${label}:
+.type   K${label},#object
+___
+if ($SZ==4) {
+$code.=<<___;
+        .long   0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5
+        .long   0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5
+        .long   0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3
+        .long   0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174
+        .long   0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc
+        .long   0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da
+        .long   0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7
+        .long   0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967
+        .long   0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13
+        .long   0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85
+        .long   0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3
+        .long   0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070
+        .long   0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5
+        .long   0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3
+        .long   0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208
+        .long   0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
+___
+} else {
+$code.=<<___;
+        .long   0x428a2f98,0xd728ae22, 0x71374491,0x23ef65cd
+        .long   0xb5c0fbcf,0xec4d3b2f, 0xe9b5dba5,0x8189dbbc
+        .long   0x3956c25b,0xf348b538, 0x59f111f1,0xb605d019
+        .long   0x923f82a4,0xaf194f9b, 0xab1c5ed5,0xda6d8118
+        .long   0xd807aa98,0xa3030242, 0x12835b01,0x45706fbe
+        .long   0x243185be,0x4ee4b28c, 0x550c7dc3,0xd5ffb4e2
+        .long   0x72be5d74,0xf27b896f, 0x80deb1fe,0x3b1696b1
+        .long   0x9bdc06a7,0x25c71235, 0xc19bf174,0xcf692694
+        .long   0xe49b69c1,0x9ef14ad2, 0xefbe4786,0x384f25e3
+        .long   0x0fc19dc6,0x8b8cd5b5, 0x240ca1cc,0x77ac9c65
+        .long   0x2de92c6f,0x592b0275, 0x4a7484aa,0x6ea6e483
+        .long   0x5cb0a9dc,0xbd41fbd4, 0x76f988da,0x831153b5
+        .long   0x983e5152,0xee66dfab, 0xa831c66d,0x2db43210
+        .long   0xb00327c8,0x98fb213f, 0xbf597fc7,0xbeef0ee4
+        .long   0xc6e00bf3,0x3da88fc2, 0xd5a79147,0x930aa725
+        .long   0x06ca6351,0xe003826f, 0x14292967,0x0a0e6e70
+        .long   0x27b70a85,0x46d22ffc, 0x2e1b2138,0x5c26c926
+        .long   0x4d2c6dfc,0x5ac42aed, 0x53380d13,0x9d95b3df
+        .long   0x650a7354,0x8baf63de, 0x766a0abb,0x3c77b2a8
+        .long   0x81c2c92e,0x47edaee6, 0x92722c85,0x1482353b
+        .long   0xa2bfe8a1,0x4cf10364, 0xa81a664b,0xbc423001
+        .long   0xc24b8b70,0xd0f89791, 0xc76c51a3,0x0654be30
+        .long   0xd192e819,0xd6ef5218, 0xd6990624,0x5565a910
+        .long   0xf40e3585,0x5771202a, 0x106aa070,0x32bbd1b8
+        .long   0x19a4c116,0xb8d2d0c8, 0x1e376c08,0x5141ab53
+        .long   0x2748774c,0xdf8eeb99, 0x34b0bcb5,0xe19b48a8
+        .long   0x391c0cb3,0xc5c95a63, 0x4ed8aa4a,0xe3418acb
+        .long   0x5b9cca4f,0x7763e373, 0x682e6ff3,0xd6b2b8a3
+        .long   0x748f82ee,0x5defb2fc, 0x78a5636f,0x43172f60
+        .long   0x84c87814,0xa1f0ab72, 0x8cc70208,0x1a6439ec
+        .long   0x90befffa,0x23631e28, 0xa4506ceb,0xde82bde9
+        .long   0xbef9a3f7,0xb2c67915, 0xc67178f2,0xe372532b
+        .long   0xca273ece,0xea26619c, 0xd186b8c7,0x21c0c207
+        .long   0xeada7dd6,0xcde0eb1e, 0xf57d4f7f,0xee6ed178
+        .long   0x06f067aa,0x72176fba, 0x0a637dc5,0xa2c898a6
+        .long   0x113f9804,0xbef90dae, 0x1b710b35,0x131c471b
+        .long   0x28db77f5,0x23047d84, 0x32caab7b,0x40c72493
+        .long   0x3c9ebe0a,0x15c9bebc, 0x431d67c4,0x9c100d4c
+        .long   0x4cc5d4be,0xcb3e42b6, 0x597f299c,0xfc657e2a
+        .long   0x5fcb6fab,0x3ad6faec, 0x6c44198c,0x4a475817
+___
+}
+$code.=<<___;
+.size   K${label},.-K${label}
+.globl  sha${label}_block_data_order
+sha${label}_block_data_order:
+        save    %sp,`-$frame-$locals`,%sp
+        and     $inp,`$align-1`,$tmp31
+        sllx    $len,`log(16*$SZ)/log(2)`,$len
+        andn    $inp,`$align-1`,$inp
+        sll     $tmp31,3,$tmp31
+        add     $inp,$len,$len
+___
+$code.=<<___ if ($SZ==8); # SHA512
+        mov     32,$tmp32
+        sub     $tmp32,$tmp31,$tmp32
+___
+$code.=<<___;
+.Lpic:  call    .+8
+        add     %o7,K${label}-.Lpic,$Ktbl
+        $LD     [$ctx+`0*$SZ`],$A
+        $LD     [$ctx+`1*$SZ`],$B
+        $LD     [$ctx+`2*$SZ`],$C
+        $LD     [$ctx+`3*$SZ`],$D
+        $LD     [$ctx+`4*$SZ`],$E
+        $LD     [$ctx+`5*$SZ`],$F
+        $LD     [$ctx+`6*$SZ`],$G
+        $LD     [$ctx+`7*$SZ`],$H
+.Lloop:
+___
+for ($i=0;$i<16;$i++)   { &BODY_00_15($i,@V); unshift(@V,pop(@V)); }
+$code.=".L16_xx:\n";
+for (;$i<32;$i++)       { &$BODY_16_XX($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+        and     $tmp2,0xfff,$tmp2
+        cmp     $tmp2,$lastK
+        bne     .L16_xx
+        add     $Ktbl,`16*$SZ`,$Ktbl    ! Ktbl+=16
+___
+$code.=<<___ if ($SZ==4); # SHA256
+        $LD     [$ctx+`0*$SZ`],@X[0]
+        $LD     [$ctx+`1*$SZ`],@X[1]
+        $LD     [$ctx+`2*$SZ`],@X[2]
+        $LD     [$ctx+`3*$SZ`],@X[3]
+        $LD     [$ctx+`4*$SZ`],@X[4]
+        $LD     [$ctx+`5*$SZ`],@X[5]
+        $LD     [$ctx+`6*$SZ`],@X[6]
+        $LD     [$ctx+`7*$SZ`],@X[7]
+        add     $A,@X[0],$A
+        $ST     $A,[$ctx+`0*$SZ`]
+        add     $B,@X[1],$B
+        $ST     $B,[$ctx+`1*$SZ`]
+        add     $C,@X[2],$C
+        $ST     $C,[$ctx+`2*$SZ`]
+        add     $D,@X[3],$D
+        $ST     $D,[$ctx+`3*$SZ`]
+        add     $E,@X[4],$E
+        $ST     $E,[$ctx+`4*$SZ`]
+        add     $F,@X[5],$F
+        $ST     $F,[$ctx+`5*$SZ`]
+        add     $G,@X[6],$G
+        $ST     $G,[$ctx+`6*$SZ`]
+        add     $H,@X[7],$H
+        $ST     $H,[$ctx+`7*$SZ`]
+___
+$code.=<<___ if ($SZ==8); # SHA512
+        ld      [$ctx+`0*$SZ+0`],%l0
+        ld      [$ctx+`0*$SZ+4`],%l1
+        ld      [$ctx+`1*$SZ+0`],%l2
+        ld      [$ctx+`1*$SZ+4`],%l3
+        ld      [$ctx+`2*$SZ+0`],%l4
+        ld      [$ctx+`2*$SZ+4`],%l5
+        ld      [$ctx+`3*$SZ+0`],%l6
+        sllx    %l0,32,$tmp0
+        ld      [$ctx+`3*$SZ+4`],%l7
+        sllx    %l2,32,$tmp1
+        or      %l1,$tmp0,$tmp0
+        or      %l3,$tmp1,$tmp1
+        add     $tmp0,$A,$A
+        add     $tmp1,$B,$B
+        $ST     $A,[$ctx+`0*$SZ`]
+        sllx    %l4,32,$tmp2
+        $ST     $B,[$ctx+`1*$SZ`]
+        sllx    %l6,32,$T1
+        or      %l5,$tmp2,$tmp2
+        or      %l7,$T1,$T1
+        add     $tmp2,$C,$C
+        $ST     $C,[$ctx+`2*$SZ`]
+        add     $T1,$D,$D
+        $ST     $D,[$ctx+`3*$SZ`]
+        ld      [$ctx+`4*$SZ+0`],%l0
+        ld      [$ctx+`4*$SZ+4`],%l1
+        ld      [$ctx+`5*$SZ+0`],%l2
+        ld      [$ctx+`5*$SZ+4`],%l3
+        ld      [$ctx+`6*$SZ+0`],%l4
+        ld      [$ctx+`6*$SZ+4`],%l5
+        ld      [$ctx+`7*$SZ+0`],%l6
+        sllx    %l0,32,$tmp0
+        ld      [$ctx+`7*$SZ+4`],%l7
+        sllx    %l2,32,$tmp1
+        or      %l1,$tmp0,$tmp0
+        or      %l3,$tmp1,$tmp1
+        add     $tmp0,$E,$E
+        add     $tmp1,$F,$F
+        $ST     $E,[$ctx+`4*$SZ`]
+        sllx    %l4,32,$tmp2
+        $ST     $F,[$ctx+`5*$SZ`]
+        sllx    %l6,32,$T1
+        or      %l5,$tmp2,$tmp2
+        or      %l7,$T1,$T1
+        add     $tmp2,$G,$G
+        $ST     $G,[$ctx+`6*$SZ`]
+        add     $T1,$H,$H
+        $ST     $H,[$ctx+`7*$SZ`]
+___
+$code.=<<___;
+        add     $inp,`16*$SZ`,$inp              ! advance inp
+        cmp     $inp,$len
+        bne     `$bits==64?"%xcc":"%icc"`,.Lloop
+        sub     $Ktbl,`($rounds-16)*$SZ`,$Ktbl  ! rewind Ktbl
+        ret
+        restore
+.type   sha${label}_block_data_order,#function
+.size   sha${label}_block_data_order,(.-sha${label}_block_data_order)
+.asciz  "SHA${label} block transform for SPARCv9, CRYPTOGAMS by <appro\@openssl.org>"
+___
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+print $code;
+close STDOUT;
diff --git a/src/lib/libcrypto/sha/asm/sha512-x86_64.pl b/src/lib/libcrypto/sha/asm/sha512-x86_64.pl
index b6252d31ec..e6643f8cf6 100755
--- a/src/lib/libcrypto/sha/asm/sha512-x86_64.pl
+++ b/src/lib/libcrypto/sha/asm/sha512-x86_64.pl
@@ -40,14 +40,18 @@
 # sha256_block:-( This is presumably because 64-bit shifts/rotates
 # apparently are not atomic instructions, but implemented in microcode.
-$output=shift;
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
 $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
 ( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
 ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
 die "can't locate x86_64-xlate.pl";
-open STDOUT,"| $^X $xlate $output";
+open STDOUT,"| $^X $xlate $flavour $output";
 if ($output =~ /512/) {
        $func="sha512_block_data_order";
@@ -186,7 +190,7 @@ $func:
        push    %r13
        push    %r14
        push    %r15
-        mov     %rsp,%rbp               # copy %rsp
+        mov     %rsp,%r11               # copy %rsp
        shl     \$4,%rdx                # num*16
        sub     \$$framesz,%rsp
        lea     ($inp,%rdx,$SZ),%rdx    # inp+num*16*$SZ
@@ -194,10 +198,10 @@ $func:
        mov     $ctx,$_ctx              # save ctx, 1st arg
        mov     $inp,$_inp              # save inp, 2nd arh
        mov     %rdx,$_end              # save end pointer, "3rd" arg
-        mov     %rbp,$_rsp              # save copy of %rsp
+        mov     %r11,$_rsp              # save copy of %rsp
+.Lprologue:
-        .picmeup $Tbl
+        lea     $TABLE(%rip),$Tbl
-        lea     $TABLE-.($Tbl),$Tbl
        mov     $SZ*0($ctx),$A
        mov     $SZ*1($ctx),$B
@@ -257,14 +261,15 @@ $code.=<<___;
        mov     $H,$SZ*7($ctx)
        jb      .Lloop
-        mov     $_rsp,%rsp
+        mov     $_rsp,%rsi
-        pop     %r15
+        mov     (%rsi),%r15
-        pop     %r14
+        mov     8(%rsi),%r14
-        pop     %r13
+        mov     16(%rsi),%r13
-        pop     %r12
+        mov     24(%rsi),%r12
-        pop     %rbp
+        mov     32(%rsi),%rbp
-        pop     %rbx
+        mov     40(%rsi),%rbx
+        lea     48(%rsi),%rsp
+.Lepilogue:
        ret
 .size   $func,.-$func
 ___
@@ -339,6 +344,113 @@ $TABLE:
 ___
 }
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#               CONTEXT *context,DISPATCHER_CONTEXT *disp)
+if ($win64) {
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+$code.=<<___;
+.extern __imp_RtlVirtualUnwind
+.type   se_handler,\@abi-omnipotent
+.align  16
+se_handler:
+        push    %rsi
+        push    %rdi
+        push    %rbx
+        push    %rbp
+        push    %r12
+        push    %r13
+        push    %r14
+        push    %r15
+        pushfq
+        sub     \$64,%rsp
+        mov     120($context),%rax      # pull context->Rax
+        mov     248($context),%rbx      # pull context->Rip
+        lea     .Lprologue(%rip),%r10
+        cmp     %r10,%rbx               # context->Rip<.Lprologue
+        jb      .Lin_prologue
+        mov     152($context),%rax      # pull context->Rsp
+        lea     .Lepilogue(%rip),%r10
+        cmp     %r10,%rbx               # context->Rip>=.Lepilogue
+        jae     .Lin_prologue
+        mov     16*$SZ+3*8(%rax),%rax   # pull $_rsp
+        lea     48(%rax),%rax
+        mov     -8(%rax),%rbx
+        mov     -16(%rax),%rbp
+        mov     -24(%rax),%r12
+        mov     -32(%rax),%r13
+        mov     -40(%rax),%r14
+        mov     -48(%rax),%r15
+        mov     %rbx,144($context)      # restore context->Rbx
+        mov     %rbp,160($context)      # restore context->Rbp
+        mov     %r12,216($context)      # restore context->R12
+        mov     %r13,224($context)      # restore context->R13
+        mov     %r14,232($context)      # restore context->R14
+        mov     %r15,240($context)      # restore context->R15
+.Lin_prologue:
+        mov     8(%rax),%rdi
+        mov     16(%rax),%rsi
+        mov     %rax,152($context)      # restore context->Rsp
+        mov     %rsi,168($context)      # restore context->Rsi
+        mov     %rdi,176($context)      # restore context->Rdi
+        mov     40($disp),%rdi          # disp->ContextRecord
+        mov     $context,%rsi           # context
+        mov     \$154,%ecx              # sizeof(CONTEXT)
+        .long   0xa548f3fc              # cld; rep movsq
+        mov     $disp,%rsi
+        xor     %rcx,%rcx               # arg1, UNW_FLAG_NHANDLER
+        mov     8(%rsi),%rdx            # arg2, disp->ImageBase
+        mov     0(%rsi),%r8             # arg3, disp->ControlPc
+        mov     16(%rsi),%r9            # arg4, disp->FunctionEntry
+        mov     40(%rsi),%r10           # disp->ContextRecord
+        lea     56(%rsi),%r11           # &disp->HandlerData
+        lea     24(%rsi),%r12           # &disp->EstablisherFrame
+        mov     %r10,32(%rsp)           # arg5
+        mov     %r11,40(%rsp)           # arg6
+        mov     %r12,48(%rsp)           # arg7
+        mov     %rcx,56(%rsp)           # arg8, (NULL)
+        call    *__imp_RtlVirtualUnwind(%rip)
+        mov     \$1,%eax                # ExceptionContinueSearch
+        add     \$64,%rsp
+        popfq
+        pop     %r15
+        pop     %r14
+        pop     %r13
+        pop     %r12
+        pop     %rbp
+        pop     %rbx
+        pop     %rdi
+        pop     %rsi
+        ret
+.size   se_handler,.-se_handler
+.section        .pdata
+.align  4
+        .rva    .LSEH_begin_$func
+        .rva    .LSEH_end_$func
+        .rva    .LSEH_info_$func
+.section        .xdata
+.align  8
+.LSEH_info_$func:
+        .byte   9,0,0,0
+        .rva    se_handler
+___
+}
 $code =~ s/\`([^\`]*)\`/eval $1/gem;
 print $code;
 close STDOUT;
diff --git a/src/lib/libcrypto/sha/sha.h b/src/lib/libcrypto/sha/sha.h
index 47a2c29f66..16cacf9fc0 100644
--- a/src/lib/libcrypto/sha/sha.h
+++ b/src/lib/libcrypto/sha/sha.h
@@ -81,7 +81,7 @@ extern "C" {
 * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 */
-#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)
+#if defined(__LP32__)
 #define SHA_LONG unsigned long
 #elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
 #define SHA_LONG unsigned long
@@ -106,9 +106,6 @@ typedef struct SHAstate_st
        } SHA_CTX;
 #ifndef OPENSSL_NO_SHA0
-#ifdef OPENSSL_FIPS
-int private_SHA_Init(SHA_CTX *c);
-#endif
 int SHA_Init(SHA_CTX *c);
 int SHA_Update(SHA_CTX *c, const void *data, size_t len);
 int SHA_Final(unsigned char *md, SHA_CTX *c);
diff --git a/src/lib/libcrypto/sha/sha1_one.c b/src/lib/libcrypto/sha/sha1_one.c
index 4831174198..7c65b60276 100644
--- a/src/lib/libcrypto/sha/sha1_one.c
+++ b/src/lib/libcrypto/sha/sha1_one.c
@@ -61,7 +61,7 @@
 #include <openssl/sha.h>
 #include <openssl/crypto.h>
-#if !defined(OPENSSL_NO_SHA1)
+#ifndef OPENSSL_NO_SHA1
 unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md)
        {
        SHA_CTX c;
diff --git a/src/lib/libcrypto/sha/sha1dgst.c b/src/lib/libcrypto/sha/sha1dgst.c
index d31f0781a0..50d1925cde 100644
--- a/src/lib/libcrypto/sha/sha1dgst.c
+++ b/src/lib/libcrypto/sha/sha1dgst.c
@@ -63,10 +63,6 @@
 #define SHA_1
 #include <openssl/opensslv.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 const char SHA1_version[]="SHA1" OPENSSL_VERSION_PTEXT;
diff --git a/src/lib/libcrypto/sha/sha256.c b/src/lib/libcrypto/sha/sha256.c
index 3256a83e98..8952d87673 100644
--- a/src/lib/libcrypto/sha/sha256.c
+++ b/src/lib/libcrypto/sha/sha256.c
@@ -12,39 +12,29 @@
 #include <openssl/crypto.h>
 #include <openssl/sha.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 #include <openssl/opensslv.h>
 const char SHA256_version[]="SHA-256" OPENSSL_VERSION_PTEXT;
 int SHA224_Init (SHA256_CTX *c)
        {
-#ifdef OPENSSL_FIPS
+        memset (c,0,sizeof(*c));
-        FIPS_selftest_check();
-#endif
        c->h[0]=0xc1059ed8UL;   c->h[1]=0x367cd507UL;
        c->h[2]=0x3070dd17UL;   c->h[3]=0xf70e5939UL;
        c->h[4]=0xffc00b31UL;   c->h[5]=0x68581511UL;
        c->h[6]=0x64f98fa7UL;   c->h[7]=0xbefa4fa4UL;
-        c->Nl=0;        c->Nh=0;
+        c->md_len=SHA224_DIGEST_LENGTH;
-        c->num=0;       c->md_len=SHA224_DIGEST_LENGTH;
        return 1;
        }
 int SHA256_Init (SHA256_CTX *c)
        {
-#ifdef OPENSSL_FIPS
+        memset (c,0,sizeof(*c));
-        FIPS_selftest_check();
-#endif
        c->h[0]=0x6a09e667UL;   c->h[1]=0xbb67ae85UL;
        c->h[2]=0x3c6ef372UL;   c->h[3]=0xa54ff53aUL;
        c->h[4]=0x510e527fUL;   c->h[5]=0x9b05688cUL;
        c->h[6]=0x1f83d9abUL;   c->h[7]=0x5be0cd19UL;
-        c->Nl=0;        c->Nh=0;
+        c->md_len=SHA256_DIGEST_LENGTH;
-        c->num=0;       c->md_len=SHA256_DIGEST_LENGTH;
        return 1;
        }
@@ -94,21 +84,21 @@ int SHA224_Final (unsigned char *md, SHA256_CTX *c)
 */
 #define HASH_MAKE_STRING(c,s)   do {    \
        unsigned long ll;               \
-        unsigned int  xn;               \
+        unsigned int  nn;               \
        switch ((c)->md_len)            \
        {   case SHA224_DIGEST_LENGTH:  \
-                for (xn=0;xn<SHA224_DIGEST_LENGTH/4;xn++)       \
+                for (nn=0;nn<SHA224_DIGEST_LENGTH/4;nn++)       \
-                {   ll=(c)->h[xn]; HOST_l2c(ll,(s));   }        \
+                {   ll=(c)->h[nn]; HOST_l2c(ll,(s));   }        \
                break;                  \
            case SHA256_DIGEST_LENGTH:  \
-                for (xn=0;xn<SHA256_DIGEST_LENGTH/4;xn++)       \
+                for (nn=0;nn<SHA256_DIGEST_LENGTH/4;nn++)       \
-                {   ll=(c)->h[xn]; HOST_l2c(ll,(s));   }        \
+                {   ll=(c)->h[nn]; HOST_l2c(ll,(s));   }        \
                break;                  \
            default:                    \
                if ((c)->md_len > SHA256_DIGEST_LENGTH) \
                    return 0;                           \
-                for (xn=0;xn<(c)->md_len/4;xn++)                \
+                for (nn=0;nn<(c)->md_len/4;nn++)                \
-                {   ll=(c)->h[xn]; HOST_l2c(ll,(s));   }        \
+                {   ll=(c)->h[nn]; HOST_l2c(ll,(s));   }        \
                break;                  \
        }                               \
        } while (0)
diff --git a/src/lib/libcrypto/sha/sha512.c b/src/lib/libcrypto/sha/sha512.c
index f5ed468b85..cbc0e58c48 100644
--- a/src/lib/libcrypto/sha/sha512.c
+++ b/src/lib/libcrypto/sha/sha512.c
@@ -5,10 +5,6 @@
 * ====================================================================
 */
 #include <openssl/opensslconf.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512)
 /*
 * IMPLEMENTATION NOTES.
@@ -65,9 +61,19 @@ const char SHA512_version[]="SHA-512" OPENSSL_VERSION_PTEXT;
 int SHA384_Init (SHA512_CTX *c)
        {
-#ifdef OPENSSL_FIPS
+#if defined(SHA512_ASM) && (defined(__arm__) || defined(__arm))
-        FIPS_selftest_check();
+        /* maintain dword order required by assembler module */
-#endif
+        unsigned int *h = (unsigned int *)c->h;
+        h[0]  = 0xcbbb9d5d; h[1]  = 0xc1059ed8;
+        h[2]  = 0x629a292a; h[3]  = 0x367cd507;
+        h[4]  = 0x9159015a; h[5]  = 0x3070dd17;
+        h[6]  = 0x152fecd8; h[7]  = 0xf70e5939;
+        h[8]  = 0x67332667; h[9]  = 0xffc00b31;
+        h[10] = 0x8eb44a87; h[11] = 0x68581511;
+        h[12] = 0xdb0c2e0d; h[13] = 0x64f98fa7;
+        h[14] = 0x47b5481d; h[15] = 0xbefa4fa4;
+#else
        c->h[0]=U64(0xcbbb9d5dc1059ed8);
        c->h[1]=U64(0x629a292a367cd507);
        c->h[2]=U64(0x9159015a3070dd17);
@@ -76,6 +82,7 @@ int SHA384_Init (SHA512_CTX *c)
        c->h[5]=U64(0x8eb44a8768581511);
        c->h[6]=U64(0xdb0c2e0d64f98fa7);
        c->h[7]=U64(0x47b5481dbefa4fa4);
+#endif
        c->Nl=0;        c->Nh=0;
        c->num=0;       c->md_len=SHA384_DIGEST_LENGTH;
        return 1;
@@ -83,9 +90,19 @@ int SHA384_Init (SHA512_CTX *c)
 int SHA512_Init (SHA512_CTX *c)
        {
-#ifdef OPENSSL_FIPS
+#if defined(SHA512_ASM) && (defined(__arm__) || defined(__arm))
-        FIPS_selftest_check();
+        /* maintain dword order required by assembler module */
-#endif
+        unsigned int *h = (unsigned int *)c->h;
+        h[0]  = 0x6a09e667; h[1]  = 0xf3bcc908;
+        h[2]  = 0xbb67ae85; h[3]  = 0x84caa73b;
+        h[4]  = 0x3c6ef372; h[5]  = 0xfe94f82b;
+        h[6]  = 0xa54ff53a; h[7]  = 0x5f1d36f1;
+        h[8]  = 0x510e527f; h[9]  = 0xade682d1;
+        h[10] = 0x9b05688c; h[11] = 0x2b3e6c1f;
+        h[12] = 0x1f83d9ab; h[13] = 0xfb41bd6b;
+        h[14] = 0x5be0cd19; h[15] = 0x137e2179;
+#else
        c->h[0]=U64(0x6a09e667f3bcc908);
        c->h[1]=U64(0xbb67ae8584caa73b);
        c->h[2]=U64(0x3c6ef372fe94f82b);
@@ -94,6 +111,7 @@ int SHA512_Init (SHA512_CTX *c)
        c->h[5]=U64(0x9b05688c2b3e6c1f);
        c->h[6]=U64(0x1f83d9abfb41bd6b);
        c->h[7]=U64(0x5be0cd19137e2179);
+#endif
        c->Nl=0;        c->Nh=0;
        c->num=0;       c->md_len=SHA512_DIGEST_LENGTH;
        return 1;
@@ -142,6 +160,24 @@ int SHA512_Final (unsigned char *md, SHA512_CTX *c)
        if (md==0) return 0;
+#if defined(SHA512_ASM) && (defined(__arm__) || defined(__arm))
+        /* recall assembler dword order... */
+        n = c->md_len;
+        if (n == SHA384_DIGEST_LENGTH || n == SHA512_DIGEST_LENGTH)
+                {
+                unsigned int *h = (unsigned int *)c->h, t;
+                for (n/=4;n;n--)
+                        {
+                        t = *(h++);
+                        *(md++) = (unsigned char)(t>>24);
+                        *(md++) = (unsigned char)(t>>16);
+                        *(md++) = (unsigned char)(t>>8);
+                        *(md++) = (unsigned char)(t);
+                        }
+                }
+        else    return 0;
+#else
        switch (c->md_len)
                {
                /* Let compiler decide if it's appropriate to unroll... */
@@ -178,7 +214,7 @@ int SHA512_Final (unsigned char *md, SHA512_CTX *c)
                /* ... as well as make sure md_len is not abused. */
                default:        return 0;
                }
+#endif
        return 1;
        }
@@ -204,7 +240,7 @@ int SHA512_Update (SHA512_CTX *c, const void *_data, size_t len)
                if (len < n)
                        {
-                        memcpy (p+c->num,data,len), c->num += len;
+                        memcpy (p+c->num,data,len), c->num += (unsigned int)len;
                        return 1;
                        }
                else    {
@@ -314,7 +350,7 @@ static const SHA_LONG64 K512[80] = {
 #ifndef PEDANTIC
 # if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
 #  if defined(__x86_64) || defined(__x86_64__)
-#   define ROTR(a,n)    ({ unsigned long ret;           \
+#   define ROTR(a,n)    ({ SHA_LONG64 ret;              \
                                asm ("rorq %1,%0"       \
                                : "=r"(ret)             \
                                : "J"(n),"0"(a)         \
@@ -337,20 +373,21 @@ static const SHA_LONG64 K512[80] = {
                                ((SHA_LONG64)hi)<<32|lo;        })
 #   else
 #    define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\
-                         unsigned int hi=p[0],lo=p[1];                  \
+                         unsigned int hi=p[0],lo=p[1];          \
                                asm ("bswapl %0; bswapl %1;"    \
                                : "=r"(lo),"=r"(hi)             \
                                : "0"(lo),"1"(hi));             \
                                ((SHA_LONG64)hi)<<32|lo;        })
 #   endif
 #  elif (defined(_ARCH_PPC) && defined(__64BIT__)) || defined(_ARCH_PPC64)
-#   define ROTR(a,n)    ({ unsigned long ret;           \
+#   define ROTR(a,n)    ({ SHA_LONG64 ret;              \
                                asm ("rotrdi %0,%1,%2"  \
                                : "=r"(ret)             \
                                : "r"(a),"K"(n)); ret;  })
 #  endif
 # elif defined(_MSC_VER)
 #  if defined(_WIN64)   /* applies to both IA-64 and AMD64 */
+#   pragma intrinsic(_rotr64)
 #   define ROTR(a,n)    _rotr64((a),n)
 #  endif
 #  if defined(_M_IX86) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
@@ -398,15 +435,66 @@ static const SHA_LONG64 K512[80] = {
 #define Ch(x,y,z)       (((x) & (y)) ^ ((~(x)) & (z)))
 #define Maj(x,y,z)      (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
-#if defined(OPENSSL_IA32_SSE2) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY)
-#define GO_FOR_SSE2(ctx,in,num)         do {            \
+#if defined(__i386) || defined(__i386__) || defined(_M_IX86)
-        void    sha512_block_sse2(void *,const void *,size_t);  \
+/*
-        if (!(OPENSSL_ia32cap_P & (1<<26))) break;      \
+ * This code should give better results on 32-bit CPU with less than
-        sha512_block_sse2(ctx->h,in,num); return;       \
+ * ~24 registers, both size and performance wise...
-                                        } while (0)
+ */
+static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num)
+        {
+        const SHA_LONG64 *W=in;
+        SHA_LONG64      A,E,T;
+        SHA_LONG64      X[9+80],*F;
+        int i;
+                        while (num--) {
+        F    = X+80;
+        A    = ctx->h[0];       F[1] = ctx->h[1];
+        F[2] = ctx->h[2];       F[3] = ctx->h[3];
+        E    = ctx->h[4];       F[5] = ctx->h[5];
+        F[6] = ctx->h[6];       F[7] = ctx->h[7];
+        for (i=0;i<16;i++,F--)
+                {
+#ifdef B_ENDIAN
+                T = W[i];
+#else
+                T = PULL64(W[i]);
 #endif
+                F[0] = A;
+                F[4] = E;
+                F[8] = T;
+                T   += F[7] + Sigma1(E) + Ch(E,F[5],F[6]) + K512[i];
+                E    = F[3] + T;
+                A    = T + Sigma0(A) + Maj(A,F[1],F[2]);
+                }
+        for (;i<80;i++,F--)
+                {
+                T    = sigma0(F[8+16-1]);
+                T   += sigma1(F[8+16-14]);
+                T   += F[8+16] + F[8+16-9];
+                F[0] = A;
+                F[4] = E;
+                F[8] = T;
+                T   += F[7] + Sigma1(E) + Ch(E,F[5],F[6]) + K512[i];
+                E    = F[3] + T;
+                A    = T + Sigma0(A) + Maj(A,F[1],F[2]);
+                }
-#ifdef OPENSSL_SMALL_FOOTPRINT
+        ctx->h[0] += A;         ctx->h[1] += F[1];
+        ctx->h[2] += F[2];      ctx->h[3] += F[3];
+        ctx->h[4] += E;         ctx->h[5] += F[5];
+        ctx->h[6] += F[6];      ctx->h[7] += F[7];
+                        W+=SHA_LBLOCK;
+                        }
+        }
+#elif defined(OPENSSL_SMALL_FOOTPRINT)
 static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num)
        {
@@ -415,10 +503,6 @@ static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num
        SHA_LONG64      X[16];
        int i;
-#ifdef GO_FOR_SSE2
-        GO_FOR_SSE2(ctx,in,num);
-#endif
                        while (num--) {
        a = ctx->h[0];  b = ctx->h[1];  c = ctx->h[2];  d = ctx->h[3];
@@ -463,11 +547,11 @@ static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num
        h = Sigma0(a) + Maj(a,b,c);                     \
        d += T1;        h += T1;                } while (0)
-#define ROUND_16_80(i,a,b,c,d,e,f,g,h,X)        do {    \
+#define ROUND_16_80(i,j,a,b,c,d,e,f,g,h,X)      do {    \
-        s0 = X[(i+1)&0x0f];     s0 = sigma0(s0);        \
+        s0 = X[(j+1)&0x0f];     s0 = sigma0(s0);        \
-        s1 = X[(i+14)&0x0f];    s1 = sigma1(s1);        \
+        s1 = X[(j+14)&0x0f];    s1 = sigma1(s1);        \
-        T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f];    \
+        T1 = X[(j)&0x0f] += s0 + s1 + X[(j+9)&0x0f];    \
-        ROUND_00_15(i,a,b,c,d,e,f,g,h);         } while (0)
+        ROUND_00_15(i+j,a,b,c,d,e,f,g,h);               } while (0)
 static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num)
        {
@@ -476,10 +560,6 @@ static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num
        SHA_LONG64      X[16];
        int i;
-#ifdef GO_FOR_SSE2
-        GO_FOR_SSE2(ctx,in,num);
-#endif
                        while (num--) {
        a = ctx->h[0];  b = ctx->h[1];  c = ctx->h[2];  d = ctx->h[3];
@@ -521,16 +601,24 @@ static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num
        T1 = X[15] = PULL64(W[15]);     ROUND_00_15(15,b,c,d,e,f,g,h,a);
 #endif
-        for (i=16;i<80;i+=8)
+        for (i=16;i<80;i+=16)
                {
-                ROUND_16_80(i+0,a,b,c,d,e,f,g,h,X);
+                ROUND_16_80(i, 0,a,b,c,d,e,f,g,h,X);
-                ROUND_16_80(i+1,h,a,b,c,d,e,f,g,X);
+                ROUND_16_80(i, 1,h,a,b,c,d,e,f,g,X);
-                ROUND_16_80(i+2,g,h,a,b,c,d,e,f,X);
+                ROUND_16_80(i, 2,g,h,a,b,c,d,e,f,X);
-                ROUND_16_80(i+3,f,g,h,a,b,c,d,e,X);
+                ROUND_16_80(i, 3,f,g,h,a,b,c,d,e,X);
-                ROUND_16_80(i+4,e,f,g,h,a,b,c,d,X);
+                ROUND_16_80(i, 4,e,f,g,h,a,b,c,d,X);
-                ROUND_16_80(i+5,d,e,f,g,h,a,b,c,X);
+                ROUND_16_80(i, 5,d,e,f,g,h,a,b,c,X);
-                ROUND_16_80(i+6,c,d,e,f,g,h,a,b,X);
+                ROUND_16_80(i, 6,c,d,e,f,g,h,a,b,X);
-                ROUND_16_80(i+7,b,c,d,e,f,g,h,a,X);
+                ROUND_16_80(i, 7,b,c,d,e,f,g,h,a,X);
+                ROUND_16_80(i, 8,a,b,c,d,e,f,g,h,X);
+                ROUND_16_80(i, 9,h,a,b,c,d,e,f,g,X);
+                ROUND_16_80(i,10,g,h,a,b,c,d,e,f,X);
+                ROUND_16_80(i,11,f,g,h,a,b,c,d,e,X);
+                ROUND_16_80(i,12,e,f,g,h,a,b,c,d,X);
+                ROUND_16_80(i,13,d,e,f,g,h,a,b,c,X);
+                ROUND_16_80(i,14,c,d,e,f,g,h,a,b,X);
+                ROUND_16_80(i,15,b,c,d,e,f,g,h,a,X);
                }
        ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d;
@@ -544,4 +632,10 @@ static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num
 #endif /* SHA512_ASM */
-#endif /* OPENSSL_NO_SHA512 */
+#else /* !OPENSSL_NO_SHA512 */
+#if defined(PEDANTIC) || defined(__DECC) || defined(OPENSSL_SYS_MACOSX)
+static void *dummy=&dummy;
+#endif
+#endif /* !OPENSSL_NO_SHA512 */
diff --git a/src/lib/libcrypto/sha/sha_locl.h b/src/lib/libcrypto/sha/sha_locl.h
index da46ddfe79..672c26eee1 100644
--- a/src/lib/libcrypto/sha/sha_locl.h
+++ b/src/lib/libcrypto/sha/sha_locl.h
@@ -122,23 +122,14 @@ void sha1_block_data_order (SHA_CTX *c, const void *p,size_t num);
 #define INIT_DATA_h3 0x10325476UL
 #define INIT_DATA_h4 0xc3d2e1f0UL
-#if defined(SHA_0) && defined(OPENSSL_FIPS)
-FIPS_NON_FIPS_MD_Init(SHA)
-#else
 int HASH_INIT (SHA_CTX *c)
-#endif
        {
-#if defined(SHA_1) && defined(OPENSSL_FIPS)
+        memset (c,0,sizeof(*c));
-        FIPS_selftest_check();
-#endif
        c->h0=INIT_DATA_h0;
        c->h1=INIT_DATA_h1;
        c->h2=INIT_DATA_h2;
        c->h3=INIT_DATA_h3;
        c->h4=INIT_DATA_h4;
-        c->Nl=0;
-        c->Nh=0;
-        c->num=0;
        return 1;
        }
diff --git a/src/lib/libcrypto/sparccpuid.S b/src/lib/libcrypto/sparccpuid.S
index c17350fc89..aa8b11efc9 100644
--- a/src/lib/libcrypto/sparccpuid.S
+++ b/src/lib/libcrypto/sparccpuid.S
@@ -34,7 +34,8 @@ OPENSSL_wipe_cpu:
        nop
        call    .PIC.zero.up
        mov     .zero-(.-4),%o0
-        ldd     [%o0],%f0
+        ld      [%o0],%f0
+        ld      [%o0],%f1
        subcc   %g0,1,%o0
        ! Following is V9 "rd %ccr,%o0" instruction. However! V8
@@ -166,6 +167,7 @@ walk_reg_wins:
 .global OPENSSL_atomic_add
 .type   OPENSSL_atomic_add,#function
+.align  32
 OPENSSL_atomic_add:
 #ifndef ABI64
        subcc   %g0,1,%o2
@@ -177,7 +179,7 @@ OPENSSL_atomic_add:
        ba      .enter
        nop
 #ifdef __sun
-! Note that you don't have to link with libthread to call thr_yield,
+! Note that you do not have to link with libthread to call thr_yield,
 ! as libc provides a stub, which is overloaded the moment you link
 ! with *either* libpthread or libthread...
 #define YIELD_CPU       thr_yield
@@ -213,27 +215,106 @@ OPENSSL_atomic_add:
        sra     %o0,%g0,%o0     ! we return signed int, remember?
 .size   OPENSSL_atomic_add,.-OPENSSL_atomic_add
-.global OPENSSL_rdtsc
+.global _sparcv9_rdtick
+.align  32
+_sparcv9_rdtick:
        subcc   %g0,1,%o0
        .word   0x91408000      !rd     %ccr,%o0
        cmp     %o0,0x99
-        bne     .notsc
+        bne     .notick
        xor     %o0,%o0,%o0
-        save    %sp,FRAME-16,%sp
+        .word   0x91410000      !rd     %tick,%o0
-        mov     513,%o0         !SI_PLATFORM
+        retl
-        add     %sp,BIAS+16,%o1
+        .word   0x93323020      !srlx   %o2,32,%o1
-        call    sysinfo
+.notick:
-        mov     256,%o2
+        retl
+        xor     %o1,%o1,%o1
+.type   _sparcv9_rdtick,#function
+.size   _sparcv9_rdtick,.-_sparcv9_rdtick
-        add     %sp,BIAS-16,%o1
+.global OPENSSL_cleanse
-        ld      [%o1],%l0
+.align  32
-        ld      [%o1+4],%l1
+OPENSSL_cleanse:
-        ld      [%o1+8],%l2
+        cmp     %o1,14
-        mov     %lo('SUNW'),%l3
+        nop
-        ret
+#ifdef ABI64
-        restore
+        bgu     %xcc,.Lot
-.notsc:
+#else
+        bgu     .Lot
+#endif
+        cmp     %o1,0
+        bne     .Little
+        nop
+        retl
+        nop
+.Little:
+        stb     %g0,[%o0]
+        subcc   %o1,1,%o1
+        bnz     .Little
+        add     %o0,1,%o0
+        retl
+        nop
+.align  32
+.Lot:
+#ifndef ABI64
+        subcc   %g0,1,%g1
+        ! see above for explanation
+        .word   0x83408000      !rd     %ccr,%g1
+        cmp     %g1,0x99
+        bne     .v8lot
+        nop
+#endif
+.v9lot: andcc   %o0,7,%g0
+        bz      .v9aligned
+        nop
+        stb     %g0,[%o0]
+        sub     %o1,1,%o1
+        ba      .v9lot
+        add     %o0,1,%o0
+.align  16,0x01000000
+.v9aligned:
+        .word   0xc0720000      !stx    %g0,[%o0]
+        sub     %o1,8,%o1
+        andcc   %o1,-8,%g0
+#ifdef ABI64
+        .word   0x126ffffd      !bnz    %xcc,.v9aligned
+#else
+        .word   0x124ffffd      !bnz    %icc,.v9aligned
+#endif
+        add     %o0,8,%o0
+        cmp     %o1,0
+        bne     .Little
+        nop
        retl
        nop
-.type   OPENSSL_rdtsc,#function
+#ifndef ABI64
-.size   OPENSSL_rdtsc,.-OPENSSL_atomic_add
+.v8lot: andcc   %o0,3,%g0
+        bz      .v8aligned
+        nop
+        stb     %g0,[%o0]
+        sub     %o1,1,%o1
+        ba      .v8lot
+        add     %o0,1,%o0
+        nop
+.v8aligned:
+        st      %g0,[%o0]
+        sub     %o1,4,%o1
+        andcc   %o1,-4,%g0
+        bnz     .v8aligned
+        add     %o0,4,%o0
+        cmp     %o1,0
+        bne     .Little
+        nop
+        retl
+        nop
+#endif
+.type   OPENSSL_cleanse,#function
+.size   OPENSSL_cleanse,.-OPENSSL_cleanse
+.section        ".init",#alloc,#execinstr
+        call    OPENSSL_cpuid_setup
+        nop
diff --git a/src/lib/libcrypto/stack/safestack.h b/src/lib/libcrypto/stack/safestack.h
index 40b17902e0..891cb84a51 100644
--- a/src/lib/libcrypto/stack/safestack.h
+++ b/src/lib/libcrypto/stack/safestack.h
@@ -57,18 +57,27 @@
 #include <openssl/stack.h>
-#ifdef DEBUG_SAFESTACK
 #ifndef CHECKED_PTR_OF
 #define CHECKED_PTR_OF(type, p) \
    ((void*) (1 ? p : (type*)0))
 #endif
+/* In C++ we get problems because an explicit cast is needed from (void *)
+ * we use CHECKED_STACK_OF to ensure the correct type is passed in the macros
+ * below. 
+ */
+#define CHECKED_STACK_OF(type, p) \
+    ((_STACK*) (1 ? p : (STACK_OF(type)*)0))
 #define CHECKED_SK_FREE_FUNC(type, p) \
    ((void (*)(void *)) ((1 ? p : (void (*)(type *))0)))
+#define CHECKED_SK_FREE_FUNC2(type, p) \
+    ((void (*)(void *)) ((1 ? p : (void (*)(type))0)))
 #define CHECKED_SK_CMP_FUNC(type, p) \
-    ((int (*)(const char * const *, const char * const *)) \
+    ((int (*)(const void *, const void *)) \
        ((1 ? p : (int (*)(const type * const *, const type * const *))0)))
 #define STACK_OF(type) struct stack_st_##type
@@ -77,11 +86,51 @@
 #define DECLARE_STACK_OF(type) \
 STACK_OF(type) \
    { \
-    STACK stack; \
+    _STACK stack; \
+    };
+#define DECLARE_SPECIAL_STACK_OF(type, type2) \
+STACK_OF(type) \
+    { \
+    _STACK stack; \
    };
 #define IMPLEMENT_STACK_OF(type) /* nada (obsolete in new safestack approach)*/
+/* Strings are special: normally an lhash entry will point to a single
+ * (somewhat) mutable object. In the case of strings:
+ *
+ * a) Instead of a single char, there is an array of chars, NUL-terminated.
+ * b) The string may have be immutable.
+ *
+ * So, they need their own declarations. Especially important for
+ * type-checking tools, such as Deputy.
+ *
+o * In practice, however, it appears to be hard to have a const
+ * string. For now, I'm settling for dealing with the fact it is a
+ * string at all.
+ */
+typedef char *OPENSSL_STRING;
+typedef const char *OPENSSL_CSTRING;
+/* Confusingly, LHASH_OF(STRING) deals with char ** throughout, but
+ * STACK_OF(STRING) is really more like STACK_OF(char), only, as
+ * mentioned above, instead of a single char each entry is a
+ * NUL-terminated array of chars. So, we have to implement STRING
+ * specially for STACK_OF. This is dealt with in the autogenerated
+ * macros below.
+ */
+DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char)
+/* Similarly, we sometimes use a block of characters, NOT
+ * nul-terminated. These should also be distinguished from "normal"
+ * stacks. */
+typedef void *OPENSSL_BLOCK;
+DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void)
 /* SKM_sk_... stack macros are internal to safestack.h:
 * never use them directly, use sk_<type>_... instead */
 #define SKM_sk_new(type, cmp) \
@@ -89,52 +138,55 @@ STACK_OF(type) \
 #define SKM_sk_new_null(type) \
        ((STACK_OF(type) *)sk_new_null())
 #define SKM_sk_free(type, st) \
-        sk_free(CHECKED_PTR_OF(STACK_OF(type), st))
+        sk_free(CHECKED_STACK_OF(type, st))
 #define SKM_sk_num(type, st) \
-        sk_num(CHECKED_PTR_OF(STACK_OF(type), st))
+        sk_num(CHECKED_STACK_OF(type, st))
 #define SKM_sk_value(type, st,i) \
-        ((type *)sk_value(CHECKED_PTR_OF(STACK_OF(type), st), i))
+        ((type *)sk_value(CHECKED_STACK_OF(type, st), i))
 #define SKM_sk_set(type, st,i,val) \
-        sk_set(CHECKED_PTR_OF(STACK_OF(type), st), i, CHECKED_PTR_OF(type, val))
+        sk_set(CHECKED_STACK_OF(type, st), i, CHECKED_PTR_OF(type, val))
 #define SKM_sk_zero(type, st) \
-        sk_zero(CHECKED_PTR_OF(STACK_OF(type), st))
+        sk_zero(CHECKED_STACK_OF(type, st))
-#define SKM_sk_push(type, st,val) \
+#define SKM_sk_push(type, st, val) \
-        sk_push(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val))
+        sk_push(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val))
-#define SKM_sk_unshift(type, st,val) \
+#define SKM_sk_unshift(type, st, val) \
-        sk_unshift(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val))
+        sk_unshift(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val))
-#define SKM_sk_find(type, st,val) \
+#define SKM_sk_find(type, st, val) \
-        sk_find(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val))
+        sk_find(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val))
-#define SKM_sk_delete(type, st,i) \
+#define SKM_sk_find_ex(type, st, val) \
-        (type *)sk_delete(CHECKED_PTR_OF(STACK_OF(type), st), i)
+        sk_find_ex(CHECKED_STACK_OF(type, st), \
-#define SKM_sk_delete_ptr(type, st,ptr) \
+                   CHECKED_PTR_OF(type, val))
-        (type *)sk_delete_ptr(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, ptr))
+#define SKM_sk_delete(type, st, i) \
-#define SKM_sk_insert(type, st,val,i) \
+        (type *)sk_delete(CHECKED_STACK_OF(type, st), i)
-        sk_insert(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val), i)
+#define SKM_sk_delete_ptr(type, st, ptr) \
-#define SKM_sk_set_cmp_func(type, st,cmp) \
+        (type *)sk_delete_ptr(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, ptr))
+#define SKM_sk_insert(type, st,val, i) \
+        sk_insert(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val), i)
+#define SKM_sk_set_cmp_func(type, st, cmp) \
        ((int (*)(const type * const *,const type * const *)) \
-        sk_set_cmp_func(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_SK_CMP_FUNC(type, cmp)))
+        sk_set_cmp_func(CHECKED_STACK_OF(type, st), CHECKED_SK_CMP_FUNC(type, cmp)))
 #define SKM_sk_dup(type, st) \
-        (STACK_OF(type) *)sk_dup(CHECKED_PTR_OF(STACK_OF(type), st))
+        (STACK_OF(type) *)sk_dup(CHECKED_STACK_OF(type, st))
-#define SKM_sk_pop_free(type, st,free_func) \
+#define SKM_sk_pop_free(type, st, free_func) \
-        sk_pop_free(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_SK_FREE_FUNC(type, free_func))
+        sk_pop_free(CHECKED_STACK_OF(type, st), CHECKED_SK_FREE_FUNC(type, free_func))
 #define SKM_sk_shift(type, st) \
-        (type *)sk_shift(CHECKED_PTR_OF(STACK_OF(type), st))
+        (type *)sk_shift(CHECKED_STACK_OF(type, st))
 #define SKM_sk_pop(type, st) \
-        (type *)sk_pop(CHECKED_PTR_OF(STACK_OF(type), st))
+        (type *)sk_pop(CHECKED_STACK_OF(type, st))
 #define SKM_sk_sort(type, st) \
-        sk_sort(CHECKED_PTR_OF(STACK_OF(type), st))
+        sk_sort(CHECKED_STACK_OF(type, st))
 #define SKM_sk_is_sorted(type, st) \
-        sk_is_sorted(CHECKED_PTR_OF(STACK_OF(type), st))
+        sk_is_sorted(CHECKED_STACK_OF(type, st))
 #define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-        (STACK_OF(type) *)d2i_ASN1_SET(CHECKED_PTR_OF(STACK_OF(type), st), \
+  (STACK_OF(type) *)d2i_ASN1_SET((STACK_OF(OPENSSL_BLOCK) **)CHECKED_STACK_OF(type, st), \
                                pp, length, \
                                CHECKED_D2I_OF(type, d2i_func), \
                                CHECKED_SK_FREE_FUNC(type, free_func), \
                                ex_tag, ex_class)
 #define SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \
-        i2d_ASN1_SET(CHECKED_PTR_OF(STACK_OF(type), st), pp, \
+  i2d_ASN1_SET((STACK_OF(OPENSSL_BLOCK) *)CHECKED_STACK_OF(type, st), pp, \
                                CHECKED_I2D_OF(type, i2d_func), \
                                ex_tag, ex_class, is_set)
@@ -151,72 +203,8 @@ STACK_OF(type) \
                                CHECKED_SK_FREE_FUNC(type, free_func), \
                                pass, passlen, oct, seq)
-#else
-#define STACK_OF(type) STACK
-#define PREDECLARE_STACK_OF(type) /* nada */
-#define DECLARE_STACK_OF(type)    /* nada */
-#define IMPLEMENT_STACK_OF(type)  /* nada */
-#define SKM_sk_new(type, cmp) \
-        sk_new((int (*)(const char * const *, const char * const *))(cmp))
-#define SKM_sk_new_null(type) \
-        sk_new_null()
-#define SKM_sk_free(type, st) \
-        sk_free(st)
-#define SKM_sk_num(type, st) \
-        sk_num(st)
-#define SKM_sk_value(type, st,i) \
-        ((type *)sk_value(st, i))
-#define SKM_sk_set(type, st,i,val) \
-        ((type *)sk_set(st, i,(char *)val))
-#define SKM_sk_zero(type, st) \
-        sk_zero(st)
-#define SKM_sk_push(type, st,val) \
-        sk_push(st, (char *)val)
-#define SKM_sk_unshift(type, st,val) \
-        sk_unshift(st, (char *)val)
-#define SKM_sk_find(type, st,val) \
-        sk_find(st, (char *)val)
-#define SKM_sk_delete(type, st,i) \
-        ((type *)sk_delete(st, i))
-#define SKM_sk_delete_ptr(type, st,ptr) \
-        ((type *)sk_delete_ptr(st,(char *)ptr))
-#define SKM_sk_insert(type, st,val,i) \
-        sk_insert(st, (char *)val, i)
-#define SKM_sk_set_cmp_func(type, st,cmp) \
-        ((int (*)(const type * const *,const type * const *)) \
-        sk_set_cmp_func(st, (int (*)(const char * const *, const char * const *))(cmp)))
-#define SKM_sk_dup(type, st) \
-        sk_dup(st)
-#define SKM_sk_pop_free(type, st,free_func) \
-        sk_pop_free(st, (void (*)(void *))free_func)
-#define SKM_sk_shift(type, st) \
-        ((type *)sk_shift(st))
-#define SKM_sk_pop(type, st) \
-        ((type *)sk_pop(st))
-#define SKM_sk_sort(type, st) \
-        sk_sort(st)
-#define SKM_sk_is_sorted(type, st) \
-        sk_is_sorted(st)
-#define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-        d2i_ASN1_SET(st,pp,length, (void *(*)(void ** ,const unsigned char ** ,long))d2i_func, (void (*)(void *))free_func, ex_tag,ex_class)
-#define SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \
-        i2d_ASN1_SET(st,pp,(int (*)(void *, unsigned char **))i2d_func,ex_tag,ex_class,is_set)
-#define SKM_ASN1_seq_pack(type, st, i2d_func, buf, len) \
-        ASN1_seq_pack(st, (int (*)(void *, unsigned char **))i2d_func, buf, len)
-#define SKM_ASN1_seq_unpack(type, buf, len, d2i_func, free_func) \
-        ASN1_seq_unpack(buf,len,(void *(*)(void **,const unsigned char **,long))d2i_func, (void(*)(void *))free_func)
-#define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \
-        ((STACK *)PKCS12_decrypt_d2i(algor,(char *(*)())d2i_func, (void(*)(void *))free_func,pass,passlen,oct,seq))
-#endif
 /* This block of defines is updated by util/mkstack.pl, please do not touch! */
-#define sk_ACCESS_DESCRIPTION_new(st) SKM_sk_new(ACCESS_DESCRIPTION, (st))
+#define sk_ACCESS_DESCRIPTION_new(cmp) SKM_sk_new(ACCESS_DESCRIPTION, (cmp))
 #define sk_ACCESS_DESCRIPTION_new_null() SKM_sk_new_null(ACCESS_DESCRIPTION)
 #define sk_ACCESS_DESCRIPTION_free(st) SKM_sk_free(ACCESS_DESCRIPTION, (st))
 #define sk_ACCESS_DESCRIPTION_num(st) SKM_sk_num(ACCESS_DESCRIPTION, (st))
@@ -238,7 +226,7 @@ STACK_OF(type) \
 #define sk_ACCESS_DESCRIPTION_sort(st) SKM_sk_sort(ACCESS_DESCRIPTION, (st))
 #define sk_ACCESS_DESCRIPTION_is_sorted(st) SKM_sk_is_sorted(ACCESS_DESCRIPTION, (st))
-#define sk_ASIdOrRange_new(st) SKM_sk_new(ASIdOrRange, (st))
+#define sk_ASIdOrRange_new(cmp) SKM_sk_new(ASIdOrRange, (cmp))
 #define sk_ASIdOrRange_new_null() SKM_sk_new_null(ASIdOrRange)
 #define sk_ASIdOrRange_free(st) SKM_sk_free(ASIdOrRange, (st))
 #define sk_ASIdOrRange_num(st) SKM_sk_num(ASIdOrRange, (st))
@@ -260,7 +248,7 @@ STACK_OF(type) \
 #define sk_ASIdOrRange_sort(st) SKM_sk_sort(ASIdOrRange, (st))
 #define sk_ASIdOrRange_is_sorted(st) SKM_sk_is_sorted(ASIdOrRange, (st))
-#define sk_ASN1_GENERALSTRING_new(st) SKM_sk_new(ASN1_GENERALSTRING, (st))
+#define sk_ASN1_GENERALSTRING_new(cmp) SKM_sk_new(ASN1_GENERALSTRING, (cmp))
 #define sk_ASN1_GENERALSTRING_new_null() SKM_sk_new_null(ASN1_GENERALSTRING)
 #define sk_ASN1_GENERALSTRING_free(st) SKM_sk_free(ASN1_GENERALSTRING, (st))
 #define sk_ASN1_GENERALSTRING_num(st) SKM_sk_num(ASN1_GENERALSTRING, (st))
@@ -282,7 +270,7 @@ STACK_OF(type) \
 #define sk_ASN1_GENERALSTRING_sort(st) SKM_sk_sort(ASN1_GENERALSTRING, (st))
 #define sk_ASN1_GENERALSTRING_is_sorted(st) SKM_sk_is_sorted(ASN1_GENERALSTRING, (st))
-#define sk_ASN1_INTEGER_new(st) SKM_sk_new(ASN1_INTEGER, (st))
+#define sk_ASN1_INTEGER_new(cmp) SKM_sk_new(ASN1_INTEGER, (cmp))
 #define sk_ASN1_INTEGER_new_null() SKM_sk_new_null(ASN1_INTEGER)
 #define sk_ASN1_INTEGER_free(st) SKM_sk_free(ASN1_INTEGER, (st))
 #define sk_ASN1_INTEGER_num(st) SKM_sk_num(ASN1_INTEGER, (st))
@@ -304,7 +292,7 @@ STACK_OF(type) \
 #define sk_ASN1_INTEGER_sort(st) SKM_sk_sort(ASN1_INTEGER, (st))
 #define sk_ASN1_INTEGER_is_sorted(st) SKM_sk_is_sorted(ASN1_INTEGER, (st))
-#define sk_ASN1_OBJECT_new(st) SKM_sk_new(ASN1_OBJECT, (st))
+#define sk_ASN1_OBJECT_new(cmp) SKM_sk_new(ASN1_OBJECT, (cmp))
 #define sk_ASN1_OBJECT_new_null() SKM_sk_new_null(ASN1_OBJECT)
 #define sk_ASN1_OBJECT_free(st) SKM_sk_free(ASN1_OBJECT, (st))
 #define sk_ASN1_OBJECT_num(st) SKM_sk_num(ASN1_OBJECT, (st))
@@ -326,7 +314,7 @@ STACK_OF(type) \
 #define sk_ASN1_OBJECT_sort(st) SKM_sk_sort(ASN1_OBJECT, (st))
 #define sk_ASN1_OBJECT_is_sorted(st) SKM_sk_is_sorted(ASN1_OBJECT, (st))
-#define sk_ASN1_STRING_TABLE_new(st) SKM_sk_new(ASN1_STRING_TABLE, (st))
+#define sk_ASN1_STRING_TABLE_new(cmp) SKM_sk_new(ASN1_STRING_TABLE, (cmp))
 #define sk_ASN1_STRING_TABLE_new_null() SKM_sk_new_null(ASN1_STRING_TABLE)
 #define sk_ASN1_STRING_TABLE_free(st) SKM_sk_free(ASN1_STRING_TABLE, (st))
 #define sk_ASN1_STRING_TABLE_num(st) SKM_sk_num(ASN1_STRING_TABLE, (st))
@@ -348,7 +336,7 @@ STACK_OF(type) \
 #define sk_ASN1_STRING_TABLE_sort(st) SKM_sk_sort(ASN1_STRING_TABLE, (st))
 #define sk_ASN1_STRING_TABLE_is_sorted(st) SKM_sk_is_sorted(ASN1_STRING_TABLE, (st))
-#define sk_ASN1_TYPE_new(st) SKM_sk_new(ASN1_TYPE, (st))
+#define sk_ASN1_TYPE_new(cmp) SKM_sk_new(ASN1_TYPE, (cmp))
 #define sk_ASN1_TYPE_new_null() SKM_sk_new_null(ASN1_TYPE)
 #define sk_ASN1_TYPE_free(st) SKM_sk_free(ASN1_TYPE, (st))
 #define sk_ASN1_TYPE_num(st) SKM_sk_num(ASN1_TYPE, (st))
@@ -370,7 +358,29 @@ STACK_OF(type) \
 #define sk_ASN1_TYPE_sort(st) SKM_sk_sort(ASN1_TYPE, (st))
 #define sk_ASN1_TYPE_is_sorted(st) SKM_sk_is_sorted(ASN1_TYPE, (st))
-#define sk_ASN1_VALUE_new(st) SKM_sk_new(ASN1_VALUE, (st))
+#define sk_ASN1_UTF8STRING_new(cmp) SKM_sk_new(ASN1_UTF8STRING, (cmp))
+#define sk_ASN1_UTF8STRING_new_null() SKM_sk_new_null(ASN1_UTF8STRING)
+#define sk_ASN1_UTF8STRING_free(st) SKM_sk_free(ASN1_UTF8STRING, (st))
+#define sk_ASN1_UTF8STRING_num(st) SKM_sk_num(ASN1_UTF8STRING, (st))
+#define sk_ASN1_UTF8STRING_value(st, i) SKM_sk_value(ASN1_UTF8STRING, (st), (i))
+#define sk_ASN1_UTF8STRING_set(st, i, val) SKM_sk_set(ASN1_UTF8STRING, (st), (i), (val))
+#define sk_ASN1_UTF8STRING_zero(st) SKM_sk_zero(ASN1_UTF8STRING, (st))
+#define sk_ASN1_UTF8STRING_push(st, val) SKM_sk_push(ASN1_UTF8STRING, (st), (val))
+#define sk_ASN1_UTF8STRING_unshift(st, val) SKM_sk_unshift(ASN1_UTF8STRING, (st), (val))
+#define sk_ASN1_UTF8STRING_find(st, val) SKM_sk_find(ASN1_UTF8STRING, (st), (val))
+#define sk_ASN1_UTF8STRING_find_ex(st, val) SKM_sk_find_ex(ASN1_UTF8STRING, (st), (val))
+#define sk_ASN1_UTF8STRING_delete(st, i) SKM_sk_delete(ASN1_UTF8STRING, (st), (i))
+#define sk_ASN1_UTF8STRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_UTF8STRING, (st), (ptr))
+#define sk_ASN1_UTF8STRING_insert(st, val, i) SKM_sk_insert(ASN1_UTF8STRING, (st), (val), (i))
+#define sk_ASN1_UTF8STRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_UTF8STRING, (st), (cmp))
+#define sk_ASN1_UTF8STRING_dup(st) SKM_sk_dup(ASN1_UTF8STRING, st)
+#define sk_ASN1_UTF8STRING_pop_free(st, free_func) SKM_sk_pop_free(ASN1_UTF8STRING, (st), (free_func))
+#define sk_ASN1_UTF8STRING_shift(st) SKM_sk_shift(ASN1_UTF8STRING, (st))
+#define sk_ASN1_UTF8STRING_pop(st) SKM_sk_pop(ASN1_UTF8STRING, (st))
+#define sk_ASN1_UTF8STRING_sort(st) SKM_sk_sort(ASN1_UTF8STRING, (st))
+#define sk_ASN1_UTF8STRING_is_sorted(st) SKM_sk_is_sorted(ASN1_UTF8STRING, (st))
+#define sk_ASN1_VALUE_new(cmp) SKM_sk_new(ASN1_VALUE, (cmp))
 #define sk_ASN1_VALUE_new_null() SKM_sk_new_null(ASN1_VALUE)
 #define sk_ASN1_VALUE_free(st) SKM_sk_free(ASN1_VALUE, (st))
 #define sk_ASN1_VALUE_num(st) SKM_sk_num(ASN1_VALUE, (st))
@@ -392,7 +402,7 @@ STACK_OF(type) \
 #define sk_ASN1_VALUE_sort(st) SKM_sk_sort(ASN1_VALUE, (st))
 #define sk_ASN1_VALUE_is_sorted(st) SKM_sk_is_sorted(ASN1_VALUE, (st))
-#define sk_BIO_new(st) SKM_sk_new(BIO, (st))
+#define sk_BIO_new(cmp) SKM_sk_new(BIO, (cmp))
 #define sk_BIO_new_null() SKM_sk_new_null(BIO)
 #define sk_BIO_free(st) SKM_sk_free(BIO, (st))
 #define sk_BIO_num(st) SKM_sk_num(BIO, (st))
@@ -414,7 +424,51 @@ STACK_OF(type) \
 #define sk_BIO_sort(st) SKM_sk_sort(BIO, (st))
 #define sk_BIO_is_sorted(st) SKM_sk_is_sorted(BIO, (st))
-#define sk_CMS_CertificateChoices_new(st) SKM_sk_new(CMS_CertificateChoices, (st))
+#define sk_BY_DIR_ENTRY_new(cmp) SKM_sk_new(BY_DIR_ENTRY, (cmp))
+#define sk_BY_DIR_ENTRY_new_null() SKM_sk_new_null(BY_DIR_ENTRY)
+#define sk_BY_DIR_ENTRY_free(st) SKM_sk_free(BY_DIR_ENTRY, (st))
+#define sk_BY_DIR_ENTRY_num(st) SKM_sk_num(BY_DIR_ENTRY, (st))
+#define sk_BY_DIR_ENTRY_value(st, i) SKM_sk_value(BY_DIR_ENTRY, (st), (i))
+#define sk_BY_DIR_ENTRY_set(st, i, val) SKM_sk_set(BY_DIR_ENTRY, (st), (i), (val))
+#define sk_BY_DIR_ENTRY_zero(st) SKM_sk_zero(BY_DIR_ENTRY, (st))
+#define sk_BY_DIR_ENTRY_push(st, val) SKM_sk_push(BY_DIR_ENTRY, (st), (val))
+#define sk_BY_DIR_ENTRY_unshift(st, val) SKM_sk_unshift(BY_DIR_ENTRY, (st), (val))
+#define sk_BY_DIR_ENTRY_find(st, val) SKM_sk_find(BY_DIR_ENTRY, (st), (val))
+#define sk_BY_DIR_ENTRY_find_ex(st, val) SKM_sk_find_ex(BY_DIR_ENTRY, (st), (val))
+#define sk_BY_DIR_ENTRY_delete(st, i) SKM_sk_delete(BY_DIR_ENTRY, (st), (i))
+#define sk_BY_DIR_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(BY_DIR_ENTRY, (st), (ptr))
+#define sk_BY_DIR_ENTRY_insert(st, val, i) SKM_sk_insert(BY_DIR_ENTRY, (st), (val), (i))
+#define sk_BY_DIR_ENTRY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(BY_DIR_ENTRY, (st), (cmp))
+#define sk_BY_DIR_ENTRY_dup(st) SKM_sk_dup(BY_DIR_ENTRY, st)
+#define sk_BY_DIR_ENTRY_pop_free(st, free_func) SKM_sk_pop_free(BY_DIR_ENTRY, (st), (free_func))
+#define sk_BY_DIR_ENTRY_shift(st) SKM_sk_shift(BY_DIR_ENTRY, (st))
+#define sk_BY_DIR_ENTRY_pop(st) SKM_sk_pop(BY_DIR_ENTRY, (st))
+#define sk_BY_DIR_ENTRY_sort(st) SKM_sk_sort(BY_DIR_ENTRY, (st))
+#define sk_BY_DIR_ENTRY_is_sorted(st) SKM_sk_is_sorted(BY_DIR_ENTRY, (st))
+#define sk_BY_DIR_HASH_new(cmp) SKM_sk_new(BY_DIR_HASH, (cmp))
+#define sk_BY_DIR_HASH_new_null() SKM_sk_new_null(BY_DIR_HASH)
+#define sk_BY_DIR_HASH_free(st) SKM_sk_free(BY_DIR_HASH, (st))
+#define sk_BY_DIR_HASH_num(st) SKM_sk_num(BY_DIR_HASH, (st))
+#define sk_BY_DIR_HASH_value(st, i) SKM_sk_value(BY_DIR_HASH, (st), (i))
+#define sk_BY_DIR_HASH_set(st, i, val) SKM_sk_set(BY_DIR_HASH, (st), (i), (val))
+#define sk_BY_DIR_HASH_zero(st) SKM_sk_zero(BY_DIR_HASH, (st))
+#define sk_BY_DIR_HASH_push(st, val) SKM_sk_push(BY_DIR_HASH, (st), (val))
+#define sk_BY_DIR_HASH_unshift(st, val) SKM_sk_unshift(BY_DIR_HASH, (st), (val))
+#define sk_BY_DIR_HASH_find(st, val) SKM_sk_find(BY_DIR_HASH, (st), (val))
+#define sk_BY_DIR_HASH_find_ex(st, val) SKM_sk_find_ex(BY_DIR_HASH, (st), (val))
+#define sk_BY_DIR_HASH_delete(st, i) SKM_sk_delete(BY_DIR_HASH, (st), (i))
+#define sk_BY_DIR_HASH_delete_ptr(st, ptr) SKM_sk_delete_ptr(BY_DIR_HASH, (st), (ptr))
+#define sk_BY_DIR_HASH_insert(st, val, i) SKM_sk_insert(BY_DIR_HASH, (st), (val), (i))
+#define sk_BY_DIR_HASH_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(BY_DIR_HASH, (st), (cmp))
+#define sk_BY_DIR_HASH_dup(st) SKM_sk_dup(BY_DIR_HASH, st)
+#define sk_BY_DIR_HASH_pop_free(st, free_func) SKM_sk_pop_free(BY_DIR_HASH, (st), (free_func))
+#define sk_BY_DIR_HASH_shift(st) SKM_sk_shift(BY_DIR_HASH, (st))
+#define sk_BY_DIR_HASH_pop(st) SKM_sk_pop(BY_DIR_HASH, (st))
+#define sk_BY_DIR_HASH_sort(st) SKM_sk_sort(BY_DIR_HASH, (st))
+#define sk_BY_DIR_HASH_is_sorted(st) SKM_sk_is_sorted(BY_DIR_HASH, (st))
+#define sk_CMS_CertificateChoices_new(cmp) SKM_sk_new(CMS_CertificateChoices, (cmp))
 #define sk_CMS_CertificateChoices_new_null() SKM_sk_new_null(CMS_CertificateChoices)
 #define sk_CMS_CertificateChoices_free(st) SKM_sk_free(CMS_CertificateChoices, (st))
 #define sk_CMS_CertificateChoices_num(st) SKM_sk_num(CMS_CertificateChoices, (st))
@@ -436,7 +490,7 @@ STACK_OF(type) \
 #define sk_CMS_CertificateChoices_sort(st) SKM_sk_sort(CMS_CertificateChoices, (st))
 #define sk_CMS_CertificateChoices_is_sorted(st) SKM_sk_is_sorted(CMS_CertificateChoices, (st))
-#define sk_CMS_RecipientInfo_new(st) SKM_sk_new(CMS_RecipientInfo, (st))
+#define sk_CMS_RecipientInfo_new(cmp) SKM_sk_new(CMS_RecipientInfo, (cmp))
 #define sk_CMS_RecipientInfo_new_null() SKM_sk_new_null(CMS_RecipientInfo)
 #define sk_CMS_RecipientInfo_free(st) SKM_sk_free(CMS_RecipientInfo, (st))
 #define sk_CMS_RecipientInfo_num(st) SKM_sk_num(CMS_RecipientInfo, (st))
@@ -458,7 +512,7 @@ STACK_OF(type) \
 #define sk_CMS_RecipientInfo_sort(st) SKM_sk_sort(CMS_RecipientInfo, (st))
 #define sk_CMS_RecipientInfo_is_sorted(st) SKM_sk_is_sorted(CMS_RecipientInfo, (st))
-#define sk_CMS_RevocationInfoChoice_new(st) SKM_sk_new(CMS_RevocationInfoChoice, (st))
+#define sk_CMS_RevocationInfoChoice_new(cmp) SKM_sk_new(CMS_RevocationInfoChoice, (cmp))
 #define sk_CMS_RevocationInfoChoice_new_null() SKM_sk_new_null(CMS_RevocationInfoChoice)
 #define sk_CMS_RevocationInfoChoice_free(st) SKM_sk_free(CMS_RevocationInfoChoice, (st))
 #define sk_CMS_RevocationInfoChoice_num(st) SKM_sk_num(CMS_RevocationInfoChoice, (st))
@@ -480,7 +534,7 @@ STACK_OF(type) \
 #define sk_CMS_RevocationInfoChoice_sort(st) SKM_sk_sort(CMS_RevocationInfoChoice, (st))
 #define sk_CMS_RevocationInfoChoice_is_sorted(st) SKM_sk_is_sorted(CMS_RevocationInfoChoice, (st))
-#define sk_CMS_SignerInfo_new(st) SKM_sk_new(CMS_SignerInfo, (st))
+#define sk_CMS_SignerInfo_new(cmp) SKM_sk_new(CMS_SignerInfo, (cmp))
 #define sk_CMS_SignerInfo_new_null() SKM_sk_new_null(CMS_SignerInfo)
 #define sk_CMS_SignerInfo_free(st) SKM_sk_free(CMS_SignerInfo, (st))
 #define sk_CMS_SignerInfo_num(st) SKM_sk_num(CMS_SignerInfo, (st))
@@ -502,7 +556,7 @@ STACK_OF(type) \
 #define sk_CMS_SignerInfo_sort(st) SKM_sk_sort(CMS_SignerInfo, (st))
 #define sk_CMS_SignerInfo_is_sorted(st) SKM_sk_is_sorted(CMS_SignerInfo, (st))
-#define sk_CONF_IMODULE_new(st) SKM_sk_new(CONF_IMODULE, (st))
+#define sk_CONF_IMODULE_new(cmp) SKM_sk_new(CONF_IMODULE, (cmp))
 #define sk_CONF_IMODULE_new_null() SKM_sk_new_null(CONF_IMODULE)
 #define sk_CONF_IMODULE_free(st) SKM_sk_free(CONF_IMODULE, (st))
 #define sk_CONF_IMODULE_num(st) SKM_sk_num(CONF_IMODULE, (st))
@@ -524,7 +578,7 @@ STACK_OF(type) \
 #define sk_CONF_IMODULE_sort(st) SKM_sk_sort(CONF_IMODULE, (st))
 #define sk_CONF_IMODULE_is_sorted(st) SKM_sk_is_sorted(CONF_IMODULE, (st))
-#define sk_CONF_MODULE_new(st) SKM_sk_new(CONF_MODULE, (st))
+#define sk_CONF_MODULE_new(cmp) SKM_sk_new(CONF_MODULE, (cmp))
 #define sk_CONF_MODULE_new_null() SKM_sk_new_null(CONF_MODULE)
 #define sk_CONF_MODULE_free(st) SKM_sk_free(CONF_MODULE, (st))
 #define sk_CONF_MODULE_num(st) SKM_sk_num(CONF_MODULE, (st))
@@ -546,7 +600,7 @@ STACK_OF(type) \
 #define sk_CONF_MODULE_sort(st) SKM_sk_sort(CONF_MODULE, (st))
 #define sk_CONF_MODULE_is_sorted(st) SKM_sk_is_sorted(CONF_MODULE, (st))
-#define sk_CONF_VALUE_new(st) SKM_sk_new(CONF_VALUE, (st))
+#define sk_CONF_VALUE_new(cmp) SKM_sk_new(CONF_VALUE, (cmp))
 #define sk_CONF_VALUE_new_null() SKM_sk_new_null(CONF_VALUE)
 #define sk_CONF_VALUE_free(st) SKM_sk_free(CONF_VALUE, (st))
 #define sk_CONF_VALUE_num(st) SKM_sk_num(CONF_VALUE, (st))
@@ -568,7 +622,7 @@ STACK_OF(type) \
 #define sk_CONF_VALUE_sort(st) SKM_sk_sort(CONF_VALUE, (st))
 #define sk_CONF_VALUE_is_sorted(st) SKM_sk_is_sorted(CONF_VALUE, (st))
-#define sk_CRYPTO_EX_DATA_FUNCS_new(st) SKM_sk_new(CRYPTO_EX_DATA_FUNCS, (st))
+#define sk_CRYPTO_EX_DATA_FUNCS_new(cmp) SKM_sk_new(CRYPTO_EX_DATA_FUNCS, (cmp))
 #define sk_CRYPTO_EX_DATA_FUNCS_new_null() SKM_sk_new_null(CRYPTO_EX_DATA_FUNCS)
 #define sk_CRYPTO_EX_DATA_FUNCS_free(st) SKM_sk_free(CRYPTO_EX_DATA_FUNCS, (st))
 #define sk_CRYPTO_EX_DATA_FUNCS_num(st) SKM_sk_num(CRYPTO_EX_DATA_FUNCS, (st))
@@ -590,7 +644,7 @@ STACK_OF(type) \
 #define sk_CRYPTO_EX_DATA_FUNCS_sort(st) SKM_sk_sort(CRYPTO_EX_DATA_FUNCS, (st))
 #define sk_CRYPTO_EX_DATA_FUNCS_is_sorted(st) SKM_sk_is_sorted(CRYPTO_EX_DATA_FUNCS, (st))
-#define sk_CRYPTO_dynlock_new(st) SKM_sk_new(CRYPTO_dynlock, (st))
+#define sk_CRYPTO_dynlock_new(cmp) SKM_sk_new(CRYPTO_dynlock, (cmp))
 #define sk_CRYPTO_dynlock_new_null() SKM_sk_new_null(CRYPTO_dynlock)
 #define sk_CRYPTO_dynlock_free(st) SKM_sk_free(CRYPTO_dynlock, (st))
 #define sk_CRYPTO_dynlock_num(st) SKM_sk_num(CRYPTO_dynlock, (st))
@@ -612,7 +666,7 @@ STACK_OF(type) \
 #define sk_CRYPTO_dynlock_sort(st) SKM_sk_sort(CRYPTO_dynlock, (st))
 #define sk_CRYPTO_dynlock_is_sorted(st) SKM_sk_is_sorted(CRYPTO_dynlock, (st))
-#define sk_DIST_POINT_new(st) SKM_sk_new(DIST_POINT, (st))
+#define sk_DIST_POINT_new(cmp) SKM_sk_new(DIST_POINT, (cmp))
 #define sk_DIST_POINT_new_null() SKM_sk_new_null(DIST_POINT)
 #define sk_DIST_POINT_free(st) SKM_sk_free(DIST_POINT, (st))
 #define sk_DIST_POINT_num(st) SKM_sk_num(DIST_POINT, (st))
@@ -634,7 +688,7 @@ STACK_OF(type) \
 #define sk_DIST_POINT_sort(st) SKM_sk_sort(DIST_POINT, (st))
 #define sk_DIST_POINT_is_sorted(st) SKM_sk_is_sorted(DIST_POINT, (st))
-#define sk_ENGINE_new(st) SKM_sk_new(ENGINE, (st))
+#define sk_ENGINE_new(cmp) SKM_sk_new(ENGINE, (cmp))
 #define sk_ENGINE_new_null() SKM_sk_new_null(ENGINE)
 #define sk_ENGINE_free(st) SKM_sk_free(ENGINE, (st))
 #define sk_ENGINE_num(st) SKM_sk_num(ENGINE, (st))
@@ -656,7 +710,7 @@ STACK_OF(type) \
 #define sk_ENGINE_sort(st) SKM_sk_sort(ENGINE, (st))
 #define sk_ENGINE_is_sorted(st) SKM_sk_is_sorted(ENGINE, (st))
-#define sk_ENGINE_CLEANUP_ITEM_new(st) SKM_sk_new(ENGINE_CLEANUP_ITEM, (st))
+#define sk_ENGINE_CLEANUP_ITEM_new(cmp) SKM_sk_new(ENGINE_CLEANUP_ITEM, (cmp))
 #define sk_ENGINE_CLEANUP_ITEM_new_null() SKM_sk_new_null(ENGINE_CLEANUP_ITEM)
 #define sk_ENGINE_CLEANUP_ITEM_free(st) SKM_sk_free(ENGINE_CLEANUP_ITEM, (st))
 #define sk_ENGINE_CLEANUP_ITEM_num(st) SKM_sk_num(ENGINE_CLEANUP_ITEM, (st))
@@ -678,7 +732,117 @@ STACK_OF(type) \
 #define sk_ENGINE_CLEANUP_ITEM_sort(st) SKM_sk_sort(ENGINE_CLEANUP_ITEM, (st))
 #define sk_ENGINE_CLEANUP_ITEM_is_sorted(st) SKM_sk_is_sorted(ENGINE_CLEANUP_ITEM, (st))
-#define sk_GENERAL_NAME_new(st) SKM_sk_new(GENERAL_NAME, (st))
+#define sk_ESS_CERT_ID_new(cmp) SKM_sk_new(ESS_CERT_ID, (cmp))
+#define sk_ESS_CERT_ID_new_null() SKM_sk_new_null(ESS_CERT_ID)
+#define sk_ESS_CERT_ID_free(st) SKM_sk_free(ESS_CERT_ID, (st))
+#define sk_ESS_CERT_ID_num(st) SKM_sk_num(ESS_CERT_ID, (st))
+#define sk_ESS_CERT_ID_value(st, i) SKM_sk_value(ESS_CERT_ID, (st), (i))
+#define sk_ESS_CERT_ID_set(st, i, val) SKM_sk_set(ESS_CERT_ID, (st), (i), (val))
+#define sk_ESS_CERT_ID_zero(st) SKM_sk_zero(ESS_CERT_ID, (st))
+#define sk_ESS_CERT_ID_push(st, val) SKM_sk_push(ESS_CERT_ID, (st), (val))
+#define sk_ESS_CERT_ID_unshift(st, val) SKM_sk_unshift(ESS_CERT_ID, (st), (val))
+#define sk_ESS_CERT_ID_find(st, val) SKM_sk_find(ESS_CERT_ID, (st), (val))
+#define sk_ESS_CERT_ID_find_ex(st, val) SKM_sk_find_ex(ESS_CERT_ID, (st), (val))
+#define sk_ESS_CERT_ID_delete(st, i) SKM_sk_delete(ESS_CERT_ID, (st), (i))
+#define sk_ESS_CERT_ID_delete_ptr(st, ptr) SKM_sk_delete_ptr(ESS_CERT_ID, (st), (ptr))
+#define sk_ESS_CERT_ID_insert(st, val, i) SKM_sk_insert(ESS_CERT_ID, (st), (val), (i))
+#define sk_ESS_CERT_ID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ESS_CERT_ID, (st), (cmp))
+#define sk_ESS_CERT_ID_dup(st) SKM_sk_dup(ESS_CERT_ID, st)
+#define sk_ESS_CERT_ID_pop_free(st, free_func) SKM_sk_pop_free(ESS_CERT_ID, (st), (free_func))
+#define sk_ESS_CERT_ID_shift(st) SKM_sk_shift(ESS_CERT_ID, (st))
+#define sk_ESS_CERT_ID_pop(st) SKM_sk_pop(ESS_CERT_ID, (st))
+#define sk_ESS_CERT_ID_sort(st) SKM_sk_sort(ESS_CERT_ID, (st))
+#define sk_ESS_CERT_ID_is_sorted(st) SKM_sk_is_sorted(ESS_CERT_ID, (st))
+#define sk_EVP_MD_new(cmp) SKM_sk_new(EVP_MD, (cmp))
+#define sk_EVP_MD_new_null() SKM_sk_new_null(EVP_MD)
+#define sk_EVP_MD_free(st) SKM_sk_free(EVP_MD, (st))
+#define sk_EVP_MD_num(st) SKM_sk_num(EVP_MD, (st))
+#define sk_EVP_MD_value(st, i) SKM_sk_value(EVP_MD, (st), (i))
+#define sk_EVP_MD_set(st, i, val) SKM_sk_set(EVP_MD, (st), (i), (val))
+#define sk_EVP_MD_zero(st) SKM_sk_zero(EVP_MD, (st))
+#define sk_EVP_MD_push(st, val) SKM_sk_push(EVP_MD, (st), (val))
+#define sk_EVP_MD_unshift(st, val) SKM_sk_unshift(EVP_MD, (st), (val))
+#define sk_EVP_MD_find(st, val) SKM_sk_find(EVP_MD, (st), (val))
+#define sk_EVP_MD_find_ex(st, val) SKM_sk_find_ex(EVP_MD, (st), (val))
+#define sk_EVP_MD_delete(st, i) SKM_sk_delete(EVP_MD, (st), (i))
+#define sk_EVP_MD_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_MD, (st), (ptr))
+#define sk_EVP_MD_insert(st, val, i) SKM_sk_insert(EVP_MD, (st), (val), (i))
+#define sk_EVP_MD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_MD, (st), (cmp))
+#define sk_EVP_MD_dup(st) SKM_sk_dup(EVP_MD, st)
+#define sk_EVP_MD_pop_free(st, free_func) SKM_sk_pop_free(EVP_MD, (st), (free_func))
+#define sk_EVP_MD_shift(st) SKM_sk_shift(EVP_MD, (st))
+#define sk_EVP_MD_pop(st) SKM_sk_pop(EVP_MD, (st))
+#define sk_EVP_MD_sort(st) SKM_sk_sort(EVP_MD, (st))
+#define sk_EVP_MD_is_sorted(st) SKM_sk_is_sorted(EVP_MD, (st))
+#define sk_EVP_PBE_CTL_new(cmp) SKM_sk_new(EVP_PBE_CTL, (cmp))
+#define sk_EVP_PBE_CTL_new_null() SKM_sk_new_null(EVP_PBE_CTL)
+#define sk_EVP_PBE_CTL_free(st) SKM_sk_free(EVP_PBE_CTL, (st))
+#define sk_EVP_PBE_CTL_num(st) SKM_sk_num(EVP_PBE_CTL, (st))
+#define sk_EVP_PBE_CTL_value(st, i) SKM_sk_value(EVP_PBE_CTL, (st), (i))
+#define sk_EVP_PBE_CTL_set(st, i, val) SKM_sk_set(EVP_PBE_CTL, (st), (i), (val))
+#define sk_EVP_PBE_CTL_zero(st) SKM_sk_zero(EVP_PBE_CTL, (st))
+#define sk_EVP_PBE_CTL_push(st, val) SKM_sk_push(EVP_PBE_CTL, (st), (val))
+#define sk_EVP_PBE_CTL_unshift(st, val) SKM_sk_unshift(EVP_PBE_CTL, (st), (val))
+#define sk_EVP_PBE_CTL_find(st, val) SKM_sk_find(EVP_PBE_CTL, (st), (val))
+#define sk_EVP_PBE_CTL_find_ex(st, val) SKM_sk_find_ex(EVP_PBE_CTL, (st), (val))
+#define sk_EVP_PBE_CTL_delete(st, i) SKM_sk_delete(EVP_PBE_CTL, (st), (i))
+#define sk_EVP_PBE_CTL_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_PBE_CTL, (st), (ptr))
+#define sk_EVP_PBE_CTL_insert(st, val, i) SKM_sk_insert(EVP_PBE_CTL, (st), (val), (i))
+#define sk_EVP_PBE_CTL_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_PBE_CTL, (st), (cmp))
+#define sk_EVP_PBE_CTL_dup(st) SKM_sk_dup(EVP_PBE_CTL, st)
+#define sk_EVP_PBE_CTL_pop_free(st, free_func) SKM_sk_pop_free(EVP_PBE_CTL, (st), (free_func))
+#define sk_EVP_PBE_CTL_shift(st) SKM_sk_shift(EVP_PBE_CTL, (st))
+#define sk_EVP_PBE_CTL_pop(st) SKM_sk_pop(EVP_PBE_CTL, (st))
+#define sk_EVP_PBE_CTL_sort(st) SKM_sk_sort(EVP_PBE_CTL, (st))
+#define sk_EVP_PBE_CTL_is_sorted(st) SKM_sk_is_sorted(EVP_PBE_CTL, (st))
+#define sk_EVP_PKEY_ASN1_METHOD_new(cmp) SKM_sk_new(EVP_PKEY_ASN1_METHOD, (cmp))
+#define sk_EVP_PKEY_ASN1_METHOD_new_null() SKM_sk_new_null(EVP_PKEY_ASN1_METHOD)
+#define sk_EVP_PKEY_ASN1_METHOD_free(st) SKM_sk_free(EVP_PKEY_ASN1_METHOD, (st))
+#define sk_EVP_PKEY_ASN1_METHOD_num(st) SKM_sk_num(EVP_PKEY_ASN1_METHOD, (st))
+#define sk_EVP_PKEY_ASN1_METHOD_value(st, i) SKM_sk_value(EVP_PKEY_ASN1_METHOD, (st), (i))
+#define sk_EVP_PKEY_ASN1_METHOD_set(st, i, val) SKM_sk_set(EVP_PKEY_ASN1_METHOD, (st), (i), (val))
+#define sk_EVP_PKEY_ASN1_METHOD_zero(st) SKM_sk_zero(EVP_PKEY_ASN1_METHOD, (st))
+#define sk_EVP_PKEY_ASN1_METHOD_push(st, val) SKM_sk_push(EVP_PKEY_ASN1_METHOD, (st), (val))
+#define sk_EVP_PKEY_ASN1_METHOD_unshift(st, val) SKM_sk_unshift(EVP_PKEY_ASN1_METHOD, (st), (val))
+#define sk_EVP_PKEY_ASN1_METHOD_find(st, val) SKM_sk_find(EVP_PKEY_ASN1_METHOD, (st), (val))
+#define sk_EVP_PKEY_ASN1_METHOD_find_ex(st, val) SKM_sk_find_ex(EVP_PKEY_ASN1_METHOD, (st), (val))
+#define sk_EVP_PKEY_ASN1_METHOD_delete(st, i) SKM_sk_delete(EVP_PKEY_ASN1_METHOD, (st), (i))
+#define sk_EVP_PKEY_ASN1_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_PKEY_ASN1_METHOD, (st), (ptr))
+#define sk_EVP_PKEY_ASN1_METHOD_insert(st, val, i) SKM_sk_insert(EVP_PKEY_ASN1_METHOD, (st), (val), (i))
+#define sk_EVP_PKEY_ASN1_METHOD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_PKEY_ASN1_METHOD, (st), (cmp))
+#define sk_EVP_PKEY_ASN1_METHOD_dup(st) SKM_sk_dup(EVP_PKEY_ASN1_METHOD, st)
+#define sk_EVP_PKEY_ASN1_METHOD_pop_free(st, free_func) SKM_sk_pop_free(EVP_PKEY_ASN1_METHOD, (st), (free_func))
+#define sk_EVP_PKEY_ASN1_METHOD_shift(st) SKM_sk_shift(EVP_PKEY_ASN1_METHOD, (st))
+#define sk_EVP_PKEY_ASN1_METHOD_pop(st) SKM_sk_pop(EVP_PKEY_ASN1_METHOD, (st))
+#define sk_EVP_PKEY_ASN1_METHOD_sort(st) SKM_sk_sort(EVP_PKEY_ASN1_METHOD, (st))
+#define sk_EVP_PKEY_ASN1_METHOD_is_sorted(st) SKM_sk_is_sorted(EVP_PKEY_ASN1_METHOD, (st))
+#define sk_EVP_PKEY_METHOD_new(cmp) SKM_sk_new(EVP_PKEY_METHOD, (cmp))
+#define sk_EVP_PKEY_METHOD_new_null() SKM_sk_new_null(EVP_PKEY_METHOD)
+#define sk_EVP_PKEY_METHOD_free(st) SKM_sk_free(EVP_PKEY_METHOD, (st))
+#define sk_EVP_PKEY_METHOD_num(st) SKM_sk_num(EVP_PKEY_METHOD, (st))
+#define sk_EVP_PKEY_METHOD_value(st, i) SKM_sk_value(EVP_PKEY_METHOD, (st), (i))
+#define sk_EVP_PKEY_METHOD_set(st, i, val) SKM_sk_set(EVP_PKEY_METHOD, (st), (i), (val))
+#define sk_EVP_PKEY_METHOD_zero(st) SKM_sk_zero(EVP_PKEY_METHOD, (st))
+#define sk_EVP_PKEY_METHOD_push(st, val) SKM_sk_push(EVP_PKEY_METHOD, (st), (val))
+#define sk_EVP_PKEY_METHOD_unshift(st, val) SKM_sk_unshift(EVP_PKEY_METHOD, (st), (val))
+#define sk_EVP_PKEY_METHOD_find(st, val) SKM_sk_find(EVP_PKEY_METHOD, (st), (val))
+#define sk_EVP_PKEY_METHOD_find_ex(st, val) SKM_sk_find_ex(EVP_PKEY_METHOD, (st), (val))
+#define sk_EVP_PKEY_METHOD_delete(st, i) SKM_sk_delete(EVP_PKEY_METHOD, (st), (i))
+#define sk_EVP_PKEY_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_PKEY_METHOD, (st), (ptr))
+#define sk_EVP_PKEY_METHOD_insert(st, val, i) SKM_sk_insert(EVP_PKEY_METHOD, (st), (val), (i))
+#define sk_EVP_PKEY_METHOD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_PKEY_METHOD, (st), (cmp))
+#define sk_EVP_PKEY_METHOD_dup(st) SKM_sk_dup(EVP_PKEY_METHOD, st)
+#define sk_EVP_PKEY_METHOD_pop_free(st, free_func) SKM_sk_pop_free(EVP_PKEY_METHOD, (st), (free_func))
+#define sk_EVP_PKEY_METHOD_shift(st) SKM_sk_shift(EVP_PKEY_METHOD, (st))
+#define sk_EVP_PKEY_METHOD_pop(st) SKM_sk_pop(EVP_PKEY_METHOD, (st))
+#define sk_EVP_PKEY_METHOD_sort(st) SKM_sk_sort(EVP_PKEY_METHOD, (st))
+#define sk_EVP_PKEY_METHOD_is_sorted(st) SKM_sk_is_sorted(EVP_PKEY_METHOD, (st))
+#define sk_GENERAL_NAME_new(cmp) SKM_sk_new(GENERAL_NAME, (cmp))
 #define sk_GENERAL_NAME_new_null() SKM_sk_new_null(GENERAL_NAME)
 #define sk_GENERAL_NAME_free(st) SKM_sk_free(GENERAL_NAME, (st))
 #define sk_GENERAL_NAME_num(st) SKM_sk_num(GENERAL_NAME, (st))
@@ -700,7 +864,7 @@ STACK_OF(type) \
 #define sk_GENERAL_NAME_sort(st) SKM_sk_sort(GENERAL_NAME, (st))
 #define sk_GENERAL_NAME_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAME, (st))
-#define sk_GENERAL_NAMES_new(st) SKM_sk_new(GENERAL_NAMES, (st))
+#define sk_GENERAL_NAMES_new(cmp) SKM_sk_new(GENERAL_NAMES, (cmp))
 #define sk_GENERAL_NAMES_new_null() SKM_sk_new_null(GENERAL_NAMES)
 #define sk_GENERAL_NAMES_free(st) SKM_sk_free(GENERAL_NAMES, (st))
 #define sk_GENERAL_NAMES_num(st) SKM_sk_num(GENERAL_NAMES, (st))
@@ -722,7 +886,7 @@ STACK_OF(type) \
 #define sk_GENERAL_NAMES_sort(st) SKM_sk_sort(GENERAL_NAMES, (st))
 #define sk_GENERAL_NAMES_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAMES, (st))
-#define sk_GENERAL_SUBTREE_new(st) SKM_sk_new(GENERAL_SUBTREE, (st))
+#define sk_GENERAL_SUBTREE_new(cmp) SKM_sk_new(GENERAL_SUBTREE, (cmp))
 #define sk_GENERAL_SUBTREE_new_null() SKM_sk_new_null(GENERAL_SUBTREE)
 #define sk_GENERAL_SUBTREE_free(st) SKM_sk_free(GENERAL_SUBTREE, (st))
 #define sk_GENERAL_SUBTREE_num(st) SKM_sk_num(GENERAL_SUBTREE, (st))
@@ -744,7 +908,7 @@ STACK_OF(type) \
 #define sk_GENERAL_SUBTREE_sort(st) SKM_sk_sort(GENERAL_SUBTREE, (st))
 #define sk_GENERAL_SUBTREE_is_sorted(st) SKM_sk_is_sorted(GENERAL_SUBTREE, (st))
-#define sk_IPAddressFamily_new(st) SKM_sk_new(IPAddressFamily, (st))
+#define sk_IPAddressFamily_new(cmp) SKM_sk_new(IPAddressFamily, (cmp))
 #define sk_IPAddressFamily_new_null() SKM_sk_new_null(IPAddressFamily)
 #define sk_IPAddressFamily_free(st) SKM_sk_free(IPAddressFamily, (st))
 #define sk_IPAddressFamily_num(st) SKM_sk_num(IPAddressFamily, (st))
@@ -766,7 +930,7 @@ STACK_OF(type) \
 #define sk_IPAddressFamily_sort(st) SKM_sk_sort(IPAddressFamily, (st))
 #define sk_IPAddressFamily_is_sorted(st) SKM_sk_is_sorted(IPAddressFamily, (st))
-#define sk_IPAddressOrRange_new(st) SKM_sk_new(IPAddressOrRange, (st))
+#define sk_IPAddressOrRange_new(cmp) SKM_sk_new(IPAddressOrRange, (cmp))
 #define sk_IPAddressOrRange_new_null() SKM_sk_new_null(IPAddressOrRange)
 #define sk_IPAddressOrRange_free(st) SKM_sk_free(IPAddressOrRange, (st))
 #define sk_IPAddressOrRange_num(st) SKM_sk_num(IPAddressOrRange, (st))
@@ -788,7 +952,7 @@ STACK_OF(type) \
 #define sk_IPAddressOrRange_sort(st) SKM_sk_sort(IPAddressOrRange, (st))
 #define sk_IPAddressOrRange_is_sorted(st) SKM_sk_is_sorted(IPAddressOrRange, (st))
-#define sk_KRB5_APREQBODY_new(st) SKM_sk_new(KRB5_APREQBODY, (st))
+#define sk_KRB5_APREQBODY_new(cmp) SKM_sk_new(KRB5_APREQBODY, (cmp))
 #define sk_KRB5_APREQBODY_new_null() SKM_sk_new_null(KRB5_APREQBODY)
 #define sk_KRB5_APREQBODY_free(st) SKM_sk_free(KRB5_APREQBODY, (st))
 #define sk_KRB5_APREQBODY_num(st) SKM_sk_num(KRB5_APREQBODY, (st))
@@ -810,7 +974,7 @@ STACK_OF(type) \
 #define sk_KRB5_APREQBODY_sort(st) SKM_sk_sort(KRB5_APREQBODY, (st))
 #define sk_KRB5_APREQBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_APREQBODY, (st))
-#define sk_KRB5_AUTHDATA_new(st) SKM_sk_new(KRB5_AUTHDATA, (st))
+#define sk_KRB5_AUTHDATA_new(cmp) SKM_sk_new(KRB5_AUTHDATA, (cmp))
 #define sk_KRB5_AUTHDATA_new_null() SKM_sk_new_null(KRB5_AUTHDATA)
 #define sk_KRB5_AUTHDATA_free(st) SKM_sk_free(KRB5_AUTHDATA, (st))
 #define sk_KRB5_AUTHDATA_num(st) SKM_sk_num(KRB5_AUTHDATA, (st))
@@ -832,7 +996,7 @@ STACK_OF(type) \
 #define sk_KRB5_AUTHDATA_sort(st) SKM_sk_sort(KRB5_AUTHDATA, (st))
 #define sk_KRB5_AUTHDATA_is_sorted(st) SKM_sk_is_sorted(KRB5_AUTHDATA, (st))
-#define sk_KRB5_AUTHENTBODY_new(st) SKM_sk_new(KRB5_AUTHENTBODY, (st))
+#define sk_KRB5_AUTHENTBODY_new(cmp) SKM_sk_new(KRB5_AUTHENTBODY, (cmp))
 #define sk_KRB5_AUTHENTBODY_new_null() SKM_sk_new_null(KRB5_AUTHENTBODY)
 #define sk_KRB5_AUTHENTBODY_free(st) SKM_sk_free(KRB5_AUTHENTBODY, (st))
 #define sk_KRB5_AUTHENTBODY_num(st) SKM_sk_num(KRB5_AUTHENTBODY, (st))
@@ -854,7 +1018,7 @@ STACK_OF(type) \
 #define sk_KRB5_AUTHENTBODY_sort(st) SKM_sk_sort(KRB5_AUTHENTBODY, (st))
 #define sk_KRB5_AUTHENTBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_AUTHENTBODY, (st))
-#define sk_KRB5_CHECKSUM_new(st) SKM_sk_new(KRB5_CHECKSUM, (st))
+#define sk_KRB5_CHECKSUM_new(cmp) SKM_sk_new(KRB5_CHECKSUM, (cmp))
 #define sk_KRB5_CHECKSUM_new_null() SKM_sk_new_null(KRB5_CHECKSUM)
 #define sk_KRB5_CHECKSUM_free(st) SKM_sk_free(KRB5_CHECKSUM, (st))
 #define sk_KRB5_CHECKSUM_num(st) SKM_sk_num(KRB5_CHECKSUM, (st))
@@ -876,7 +1040,7 @@ STACK_OF(type) \
 #define sk_KRB5_CHECKSUM_sort(st) SKM_sk_sort(KRB5_CHECKSUM, (st))
 #define sk_KRB5_CHECKSUM_is_sorted(st) SKM_sk_is_sorted(KRB5_CHECKSUM, (st))
-#define sk_KRB5_ENCDATA_new(st) SKM_sk_new(KRB5_ENCDATA, (st))
+#define sk_KRB5_ENCDATA_new(cmp) SKM_sk_new(KRB5_ENCDATA, (cmp))
 #define sk_KRB5_ENCDATA_new_null() SKM_sk_new_null(KRB5_ENCDATA)
 #define sk_KRB5_ENCDATA_free(st) SKM_sk_free(KRB5_ENCDATA, (st))
 #define sk_KRB5_ENCDATA_num(st) SKM_sk_num(KRB5_ENCDATA, (st))
@@ -898,7 +1062,7 @@ STACK_OF(type) \
 #define sk_KRB5_ENCDATA_sort(st) SKM_sk_sort(KRB5_ENCDATA, (st))
 #define sk_KRB5_ENCDATA_is_sorted(st) SKM_sk_is_sorted(KRB5_ENCDATA, (st))
-#define sk_KRB5_ENCKEY_new(st) SKM_sk_new(KRB5_ENCKEY, (st))
+#define sk_KRB5_ENCKEY_new(cmp) SKM_sk_new(KRB5_ENCKEY, (cmp))
 #define sk_KRB5_ENCKEY_new_null() SKM_sk_new_null(KRB5_ENCKEY)
 #define sk_KRB5_ENCKEY_free(st) SKM_sk_free(KRB5_ENCKEY, (st))
 #define sk_KRB5_ENCKEY_num(st) SKM_sk_num(KRB5_ENCKEY, (st))
@@ -920,7 +1084,7 @@ STACK_OF(type) \
 #define sk_KRB5_ENCKEY_sort(st) SKM_sk_sort(KRB5_ENCKEY, (st))
 #define sk_KRB5_ENCKEY_is_sorted(st) SKM_sk_is_sorted(KRB5_ENCKEY, (st))
-#define sk_KRB5_PRINCNAME_new(st) SKM_sk_new(KRB5_PRINCNAME, (st))
+#define sk_KRB5_PRINCNAME_new(cmp) SKM_sk_new(KRB5_PRINCNAME, (cmp))
 #define sk_KRB5_PRINCNAME_new_null() SKM_sk_new_null(KRB5_PRINCNAME)
 #define sk_KRB5_PRINCNAME_free(st) SKM_sk_free(KRB5_PRINCNAME, (st))
 #define sk_KRB5_PRINCNAME_num(st) SKM_sk_num(KRB5_PRINCNAME, (st))
@@ -942,7 +1106,7 @@ STACK_OF(type) \
 #define sk_KRB5_PRINCNAME_sort(st) SKM_sk_sort(KRB5_PRINCNAME, (st))
 #define sk_KRB5_PRINCNAME_is_sorted(st) SKM_sk_is_sorted(KRB5_PRINCNAME, (st))
-#define sk_KRB5_TKTBODY_new(st) SKM_sk_new(KRB5_TKTBODY, (st))
+#define sk_KRB5_TKTBODY_new(cmp) SKM_sk_new(KRB5_TKTBODY, (cmp))
 #define sk_KRB5_TKTBODY_new_null() SKM_sk_new_null(KRB5_TKTBODY)
 #define sk_KRB5_TKTBODY_free(st) SKM_sk_free(KRB5_TKTBODY, (st))
 #define sk_KRB5_TKTBODY_num(st) SKM_sk_num(KRB5_TKTBODY, (st))
@@ -964,7 +1128,29 @@ STACK_OF(type) \
 #define sk_KRB5_TKTBODY_sort(st) SKM_sk_sort(KRB5_TKTBODY, (st))
 #define sk_KRB5_TKTBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_TKTBODY, (st))
-#define sk_MIME_HEADER_new(st) SKM_sk_new(MIME_HEADER, (st))
+#define sk_MEM_OBJECT_DATA_new(cmp) SKM_sk_new(MEM_OBJECT_DATA, (cmp))
+#define sk_MEM_OBJECT_DATA_new_null() SKM_sk_new_null(MEM_OBJECT_DATA)
+#define sk_MEM_OBJECT_DATA_free(st) SKM_sk_free(MEM_OBJECT_DATA, (st))
+#define sk_MEM_OBJECT_DATA_num(st) SKM_sk_num(MEM_OBJECT_DATA, (st))
+#define sk_MEM_OBJECT_DATA_value(st, i) SKM_sk_value(MEM_OBJECT_DATA, (st), (i))
+#define sk_MEM_OBJECT_DATA_set(st, i, val) SKM_sk_set(MEM_OBJECT_DATA, (st), (i), (val))
+#define sk_MEM_OBJECT_DATA_zero(st) SKM_sk_zero(MEM_OBJECT_DATA, (st))
+#define sk_MEM_OBJECT_DATA_push(st, val) SKM_sk_push(MEM_OBJECT_DATA, (st), (val))
+#define sk_MEM_OBJECT_DATA_unshift(st, val) SKM_sk_unshift(MEM_OBJECT_DATA, (st), (val))
+#define sk_MEM_OBJECT_DATA_find(st, val) SKM_sk_find(MEM_OBJECT_DATA, (st), (val))
+#define sk_MEM_OBJECT_DATA_find_ex(st, val) SKM_sk_find_ex(MEM_OBJECT_DATA, (st), (val))
+#define sk_MEM_OBJECT_DATA_delete(st, i) SKM_sk_delete(MEM_OBJECT_DATA, (st), (i))
+#define sk_MEM_OBJECT_DATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(MEM_OBJECT_DATA, (st), (ptr))
+#define sk_MEM_OBJECT_DATA_insert(st, val, i) SKM_sk_insert(MEM_OBJECT_DATA, (st), (val), (i))
+#define sk_MEM_OBJECT_DATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MEM_OBJECT_DATA, (st), (cmp))
+#define sk_MEM_OBJECT_DATA_dup(st) SKM_sk_dup(MEM_OBJECT_DATA, st)
+#define sk_MEM_OBJECT_DATA_pop_free(st, free_func) SKM_sk_pop_free(MEM_OBJECT_DATA, (st), (free_func))
+#define sk_MEM_OBJECT_DATA_shift(st) SKM_sk_shift(MEM_OBJECT_DATA, (st))
+#define sk_MEM_OBJECT_DATA_pop(st) SKM_sk_pop(MEM_OBJECT_DATA, (st))
+#define sk_MEM_OBJECT_DATA_sort(st) SKM_sk_sort(MEM_OBJECT_DATA, (st))
+#define sk_MEM_OBJECT_DATA_is_sorted(st) SKM_sk_is_sorted(MEM_OBJECT_DATA, (st))
+#define sk_MIME_HEADER_new(cmp) SKM_sk_new(MIME_HEADER, (cmp))
 #define sk_MIME_HEADER_new_null() SKM_sk_new_null(MIME_HEADER)
 #define sk_MIME_HEADER_free(st) SKM_sk_free(MIME_HEADER, (st))
 #define sk_MIME_HEADER_num(st) SKM_sk_num(MIME_HEADER, (st))
@@ -986,51 +1172,7 @@ STACK_OF(type) \
 #define sk_MIME_HEADER_sort(st) SKM_sk_sort(MIME_HEADER, (st))
 #define sk_MIME_HEADER_is_sorted(st) SKM_sk_is_sorted(MIME_HEADER, (st))
-#define sk_MIME_HEADER_new(st) SKM_sk_new(MIME_HEADER, (st))
+#define sk_MIME_PARAM_new(cmp) SKM_sk_new(MIME_PARAM, (cmp))
-#define sk_MIME_HEADER_new_null() SKM_sk_new_null(MIME_HEADER)
-#define sk_MIME_HEADER_free(st) SKM_sk_free(MIME_HEADER, (st))
-#define sk_MIME_HEADER_num(st) SKM_sk_num(MIME_HEADER, (st))
-#define sk_MIME_HEADER_value(st, i) SKM_sk_value(MIME_HEADER, (st), (i))
-#define sk_MIME_HEADER_set(st, i, val) SKM_sk_set(MIME_HEADER, (st), (i), (val))
-#define sk_MIME_HEADER_zero(st) SKM_sk_zero(MIME_HEADER, (st))
-#define sk_MIME_HEADER_push(st, val) SKM_sk_push(MIME_HEADER, (st), (val))
-#define sk_MIME_HEADER_unshift(st, val) SKM_sk_unshift(MIME_HEADER, (st), (val))
-#define sk_MIME_HEADER_find(st, val) SKM_sk_find(MIME_HEADER, (st), (val))
-#define sk_MIME_HEADER_find_ex(st, val) SKM_sk_find_ex(MIME_HEADER, (st), (val))
-#define sk_MIME_HEADER_delete(st, i) SKM_sk_delete(MIME_HEADER, (st), (i))
-#define sk_MIME_HEADER_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_HEADER, (st), (ptr))
-#define sk_MIME_HEADER_insert(st, val, i) SKM_sk_insert(MIME_HEADER, (st), (val), (i))
-#define sk_MIME_HEADER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_HEADER, (st), (cmp))
-#define sk_MIME_HEADER_dup(st) SKM_sk_dup(MIME_HEADER, st)
-#define sk_MIME_HEADER_pop_free(st, free_func) SKM_sk_pop_free(MIME_HEADER, (st), (free_func))
-#define sk_MIME_HEADER_shift(st) SKM_sk_shift(MIME_HEADER, (st))
-#define sk_MIME_HEADER_pop(st) SKM_sk_pop(MIME_HEADER, (st))
-#define sk_MIME_HEADER_sort(st) SKM_sk_sort(MIME_HEADER, (st))
-#define sk_MIME_HEADER_is_sorted(st) SKM_sk_is_sorted(MIME_HEADER, (st))
-#define sk_MIME_PARAM_new(st) SKM_sk_new(MIME_PARAM, (st))
-#define sk_MIME_PARAM_new_null() SKM_sk_new_null(MIME_PARAM)
-#define sk_MIME_PARAM_free(st) SKM_sk_free(MIME_PARAM, (st))
-#define sk_MIME_PARAM_num(st) SKM_sk_num(MIME_PARAM, (st))
-#define sk_MIME_PARAM_value(st, i) SKM_sk_value(MIME_PARAM, (st), (i))
-#define sk_MIME_PARAM_set(st, i, val) SKM_sk_set(MIME_PARAM, (st), (i), (val))
-#define sk_MIME_PARAM_zero(st) SKM_sk_zero(MIME_PARAM, (st))
-#define sk_MIME_PARAM_push(st, val) SKM_sk_push(MIME_PARAM, (st), (val))
-#define sk_MIME_PARAM_unshift(st, val) SKM_sk_unshift(MIME_PARAM, (st), (val))
-#define sk_MIME_PARAM_find(st, val) SKM_sk_find(MIME_PARAM, (st), (val))
-#define sk_MIME_PARAM_find_ex(st, val) SKM_sk_find_ex(MIME_PARAM, (st), (val))
-#define sk_MIME_PARAM_delete(st, i) SKM_sk_delete(MIME_PARAM, (st), (i))
-#define sk_MIME_PARAM_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_PARAM, (st), (ptr))
-#define sk_MIME_PARAM_insert(st, val, i) SKM_sk_insert(MIME_PARAM, (st), (val), (i))
-#define sk_MIME_PARAM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_PARAM, (st), (cmp))
-#define sk_MIME_PARAM_dup(st) SKM_sk_dup(MIME_PARAM, st)
-#define sk_MIME_PARAM_pop_free(st, free_func) SKM_sk_pop_free(MIME_PARAM, (st), (free_func))
-#define sk_MIME_PARAM_shift(st) SKM_sk_shift(MIME_PARAM, (st))
-#define sk_MIME_PARAM_pop(st) SKM_sk_pop(MIME_PARAM, (st))
-#define sk_MIME_PARAM_sort(st) SKM_sk_sort(MIME_PARAM, (st))
-#define sk_MIME_PARAM_is_sorted(st) SKM_sk_is_sorted(MIME_PARAM, (st))
-#define sk_MIME_PARAM_new(st) SKM_sk_new(MIME_PARAM, (st))
 #define sk_MIME_PARAM_new_null() SKM_sk_new_null(MIME_PARAM)
 #define sk_MIME_PARAM_free(st) SKM_sk_free(MIME_PARAM, (st))
 #define sk_MIME_PARAM_num(st) SKM_sk_num(MIME_PARAM, (st))
@@ -1052,7 +1194,7 @@ STACK_OF(type) \
 #define sk_MIME_PARAM_sort(st) SKM_sk_sort(MIME_PARAM, (st))
 #define sk_MIME_PARAM_is_sorted(st) SKM_sk_is_sorted(MIME_PARAM, (st))
-#define sk_NAME_FUNCS_new(st) SKM_sk_new(NAME_FUNCS, (st))
+#define sk_NAME_FUNCS_new(cmp) SKM_sk_new(NAME_FUNCS, (cmp))
 #define sk_NAME_FUNCS_new_null() SKM_sk_new_null(NAME_FUNCS)
 #define sk_NAME_FUNCS_free(st) SKM_sk_free(NAME_FUNCS, (st))
 #define sk_NAME_FUNCS_num(st) SKM_sk_num(NAME_FUNCS, (st))
@@ -1074,7 +1216,7 @@ STACK_OF(type) \
 #define sk_NAME_FUNCS_sort(st) SKM_sk_sort(NAME_FUNCS, (st))
 #define sk_NAME_FUNCS_is_sorted(st) SKM_sk_is_sorted(NAME_FUNCS, (st))
-#define sk_OCSP_CERTID_new(st) SKM_sk_new(OCSP_CERTID, (st))
+#define sk_OCSP_CERTID_new(cmp) SKM_sk_new(OCSP_CERTID, (cmp))
 #define sk_OCSP_CERTID_new_null() SKM_sk_new_null(OCSP_CERTID)
 #define sk_OCSP_CERTID_free(st) SKM_sk_free(OCSP_CERTID, (st))
 #define sk_OCSP_CERTID_num(st) SKM_sk_num(OCSP_CERTID, (st))
@@ -1096,7 +1238,7 @@ STACK_OF(type) \
 #define sk_OCSP_CERTID_sort(st) SKM_sk_sort(OCSP_CERTID, (st))
 #define sk_OCSP_CERTID_is_sorted(st) SKM_sk_is_sorted(OCSP_CERTID, (st))
-#define sk_OCSP_ONEREQ_new(st) SKM_sk_new(OCSP_ONEREQ, (st))
+#define sk_OCSP_ONEREQ_new(cmp) SKM_sk_new(OCSP_ONEREQ, (cmp))
 #define sk_OCSP_ONEREQ_new_null() SKM_sk_new_null(OCSP_ONEREQ)
 #define sk_OCSP_ONEREQ_free(st) SKM_sk_free(OCSP_ONEREQ, (st))
 #define sk_OCSP_ONEREQ_num(st) SKM_sk_num(OCSP_ONEREQ, (st))
@@ -1118,7 +1260,7 @@ STACK_OF(type) \
 #define sk_OCSP_ONEREQ_sort(st) SKM_sk_sort(OCSP_ONEREQ, (st))
 #define sk_OCSP_ONEREQ_is_sorted(st) SKM_sk_is_sorted(OCSP_ONEREQ, (st))
-#define sk_OCSP_RESPID_new(st) SKM_sk_new(OCSP_RESPID, (st))
+#define sk_OCSP_RESPID_new(cmp) SKM_sk_new(OCSP_RESPID, (cmp))
 #define sk_OCSP_RESPID_new_null() SKM_sk_new_null(OCSP_RESPID)
 #define sk_OCSP_RESPID_free(st) SKM_sk_free(OCSP_RESPID, (st))
 #define sk_OCSP_RESPID_num(st) SKM_sk_num(OCSP_RESPID, (st))
@@ -1140,7 +1282,7 @@ STACK_OF(type) \
 #define sk_OCSP_RESPID_sort(st) SKM_sk_sort(OCSP_RESPID, (st))
 #define sk_OCSP_RESPID_is_sorted(st) SKM_sk_is_sorted(OCSP_RESPID, (st))
-#define sk_OCSP_SINGLERESP_new(st) SKM_sk_new(OCSP_SINGLERESP, (st))
+#define sk_OCSP_SINGLERESP_new(cmp) SKM_sk_new(OCSP_SINGLERESP, (cmp))
 #define sk_OCSP_SINGLERESP_new_null() SKM_sk_new_null(OCSP_SINGLERESP)
 #define sk_OCSP_SINGLERESP_free(st) SKM_sk_free(OCSP_SINGLERESP, (st))
 #define sk_OCSP_SINGLERESP_num(st) SKM_sk_num(OCSP_SINGLERESP, (st))
@@ -1162,7 +1304,7 @@ STACK_OF(type) \
 #define sk_OCSP_SINGLERESP_sort(st) SKM_sk_sort(OCSP_SINGLERESP, (st))
 #define sk_OCSP_SINGLERESP_is_sorted(st) SKM_sk_is_sorted(OCSP_SINGLERESP, (st))
-#define sk_PKCS12_SAFEBAG_new(st) SKM_sk_new(PKCS12_SAFEBAG, (st))
+#define sk_PKCS12_SAFEBAG_new(cmp) SKM_sk_new(PKCS12_SAFEBAG, (cmp))
 #define sk_PKCS12_SAFEBAG_new_null() SKM_sk_new_null(PKCS12_SAFEBAG)
 #define sk_PKCS12_SAFEBAG_free(st) SKM_sk_free(PKCS12_SAFEBAG, (st))
 #define sk_PKCS12_SAFEBAG_num(st) SKM_sk_num(PKCS12_SAFEBAG, (st))
@@ -1184,7 +1326,7 @@ STACK_OF(type) \
 #define sk_PKCS12_SAFEBAG_sort(st) SKM_sk_sort(PKCS12_SAFEBAG, (st))
 #define sk_PKCS12_SAFEBAG_is_sorted(st) SKM_sk_is_sorted(PKCS12_SAFEBAG, (st))
-#define sk_PKCS7_new(st) SKM_sk_new(PKCS7, (st))
+#define sk_PKCS7_new(cmp) SKM_sk_new(PKCS7, (cmp))
 #define sk_PKCS7_new_null() SKM_sk_new_null(PKCS7)
 #define sk_PKCS7_free(st) SKM_sk_free(PKCS7, (st))
 #define sk_PKCS7_num(st) SKM_sk_num(PKCS7, (st))
@@ -1206,7 +1348,7 @@ STACK_OF(type) \
 #define sk_PKCS7_sort(st) SKM_sk_sort(PKCS7, (st))
 #define sk_PKCS7_is_sorted(st) SKM_sk_is_sorted(PKCS7, (st))
-#define sk_PKCS7_RECIP_INFO_new(st) SKM_sk_new(PKCS7_RECIP_INFO, (st))
+#define sk_PKCS7_RECIP_INFO_new(cmp) SKM_sk_new(PKCS7_RECIP_INFO, (cmp))
 #define sk_PKCS7_RECIP_INFO_new_null() SKM_sk_new_null(PKCS7_RECIP_INFO)
 #define sk_PKCS7_RECIP_INFO_free(st) SKM_sk_free(PKCS7_RECIP_INFO, (st))
 #define sk_PKCS7_RECIP_INFO_num(st) SKM_sk_num(PKCS7_RECIP_INFO, (st))
@@ -1228,7 +1370,7 @@ STACK_OF(type) \
 #define sk_PKCS7_RECIP_INFO_sort(st) SKM_sk_sort(PKCS7_RECIP_INFO, (st))
 #define sk_PKCS7_RECIP_INFO_is_sorted(st) SKM_sk_is_sorted(PKCS7_RECIP_INFO, (st))
-#define sk_PKCS7_SIGNER_INFO_new(st) SKM_sk_new(PKCS7_SIGNER_INFO, (st))
+#define sk_PKCS7_SIGNER_INFO_new(cmp) SKM_sk_new(PKCS7_SIGNER_INFO, (cmp))
 #define sk_PKCS7_SIGNER_INFO_new_null() SKM_sk_new_null(PKCS7_SIGNER_INFO)
 #define sk_PKCS7_SIGNER_INFO_free(st) SKM_sk_free(PKCS7_SIGNER_INFO, (st))
 #define sk_PKCS7_SIGNER_INFO_num(st) SKM_sk_num(PKCS7_SIGNER_INFO, (st))
@@ -1250,7 +1392,7 @@ STACK_OF(type) \
 #define sk_PKCS7_SIGNER_INFO_sort(st) SKM_sk_sort(PKCS7_SIGNER_INFO, (st))
 #define sk_PKCS7_SIGNER_INFO_is_sorted(st) SKM_sk_is_sorted(PKCS7_SIGNER_INFO, (st))
-#define sk_POLICYINFO_new(st) SKM_sk_new(POLICYINFO, (st))
+#define sk_POLICYINFO_new(cmp) SKM_sk_new(POLICYINFO, (cmp))
 #define sk_POLICYINFO_new_null() SKM_sk_new_null(POLICYINFO)
 #define sk_POLICYINFO_free(st) SKM_sk_free(POLICYINFO, (st))
 #define sk_POLICYINFO_num(st) SKM_sk_num(POLICYINFO, (st))
@@ -1272,7 +1414,7 @@ STACK_OF(type) \
 #define sk_POLICYINFO_sort(st) SKM_sk_sort(POLICYINFO, (st))
 #define sk_POLICYINFO_is_sorted(st) SKM_sk_is_sorted(POLICYINFO, (st))
-#define sk_POLICYQUALINFO_new(st) SKM_sk_new(POLICYQUALINFO, (st))
+#define sk_POLICYQUALINFO_new(cmp) SKM_sk_new(POLICYQUALINFO, (cmp))
 #define sk_POLICYQUALINFO_new_null() SKM_sk_new_null(POLICYQUALINFO)
 #define sk_POLICYQUALINFO_free(st) SKM_sk_free(POLICYQUALINFO, (st))
 #define sk_POLICYQUALINFO_num(st) SKM_sk_num(POLICYQUALINFO, (st))
@@ -1294,7 +1436,7 @@ STACK_OF(type) \
 #define sk_POLICYQUALINFO_sort(st) SKM_sk_sort(POLICYQUALINFO, (st))
 #define sk_POLICYQUALINFO_is_sorted(st) SKM_sk_is_sorted(POLICYQUALINFO, (st))
-#define sk_POLICY_MAPPING_new(st) SKM_sk_new(POLICY_MAPPING, (st))
+#define sk_POLICY_MAPPING_new(cmp) SKM_sk_new(POLICY_MAPPING, (cmp))
 #define sk_POLICY_MAPPING_new_null() SKM_sk_new_null(POLICY_MAPPING)
 #define sk_POLICY_MAPPING_free(st) SKM_sk_free(POLICY_MAPPING, (st))
 #define sk_POLICY_MAPPING_num(st) SKM_sk_num(POLICY_MAPPING, (st))
@@ -1316,7 +1458,7 @@ STACK_OF(type) \
 #define sk_POLICY_MAPPING_sort(st) SKM_sk_sort(POLICY_MAPPING, (st))
 #define sk_POLICY_MAPPING_is_sorted(st) SKM_sk_is_sorted(POLICY_MAPPING, (st))
-#define sk_SSL_CIPHER_new(st) SKM_sk_new(SSL_CIPHER, (st))
+#define sk_SSL_CIPHER_new(cmp) SKM_sk_new(SSL_CIPHER, (cmp))
 #define sk_SSL_CIPHER_new_null() SKM_sk_new_null(SSL_CIPHER)
 #define sk_SSL_CIPHER_free(st) SKM_sk_free(SSL_CIPHER, (st))
 #define sk_SSL_CIPHER_num(st) SKM_sk_num(SSL_CIPHER, (st))
@@ -1338,7 +1480,7 @@ STACK_OF(type) \
 #define sk_SSL_CIPHER_sort(st) SKM_sk_sort(SSL_CIPHER, (st))
 #define sk_SSL_CIPHER_is_sorted(st) SKM_sk_is_sorted(SSL_CIPHER, (st))
-#define sk_SSL_COMP_new(st) SKM_sk_new(SSL_COMP, (st))
+#define sk_SSL_COMP_new(cmp) SKM_sk_new(SSL_COMP, (cmp))
 #define sk_SSL_COMP_new_null() SKM_sk_new_null(SSL_COMP)
 #define sk_SSL_COMP_free(st) SKM_sk_free(SSL_COMP, (st))
 #define sk_SSL_COMP_num(st) SKM_sk_num(SSL_COMP, (st))
@@ -1360,7 +1502,51 @@ STACK_OF(type) \
 #define sk_SSL_COMP_sort(st) SKM_sk_sort(SSL_COMP, (st))
 #define sk_SSL_COMP_is_sorted(st) SKM_sk_is_sorted(SSL_COMP, (st))
-#define sk_STORE_OBJECT_new(st) SKM_sk_new(STORE_OBJECT, (st))
+#define sk_STACK_OF_X509_NAME_ENTRY_new(cmp) SKM_sk_new(STACK_OF_X509_NAME_ENTRY, (cmp))
+#define sk_STACK_OF_X509_NAME_ENTRY_new_null() SKM_sk_new_null(STACK_OF_X509_NAME_ENTRY)
+#define sk_STACK_OF_X509_NAME_ENTRY_free(st) SKM_sk_free(STACK_OF_X509_NAME_ENTRY, (st))
+#define sk_STACK_OF_X509_NAME_ENTRY_num(st) SKM_sk_num(STACK_OF_X509_NAME_ENTRY, (st))
+#define sk_STACK_OF_X509_NAME_ENTRY_value(st, i) SKM_sk_value(STACK_OF_X509_NAME_ENTRY, (st), (i))
+#define sk_STACK_OF_X509_NAME_ENTRY_set(st, i, val) SKM_sk_set(STACK_OF_X509_NAME_ENTRY, (st), (i), (val))
+#define sk_STACK_OF_X509_NAME_ENTRY_zero(st) SKM_sk_zero(STACK_OF_X509_NAME_ENTRY, (st))
+#define sk_STACK_OF_X509_NAME_ENTRY_push(st, val) SKM_sk_push(STACK_OF_X509_NAME_ENTRY, (st), (val))
+#define sk_STACK_OF_X509_NAME_ENTRY_unshift(st, val) SKM_sk_unshift(STACK_OF_X509_NAME_ENTRY, (st), (val))
+#define sk_STACK_OF_X509_NAME_ENTRY_find(st, val) SKM_sk_find(STACK_OF_X509_NAME_ENTRY, (st), (val))
+#define sk_STACK_OF_X509_NAME_ENTRY_find_ex(st, val) SKM_sk_find_ex(STACK_OF_X509_NAME_ENTRY, (st), (val))
+#define sk_STACK_OF_X509_NAME_ENTRY_delete(st, i) SKM_sk_delete(STACK_OF_X509_NAME_ENTRY, (st), (i))
+#define sk_STACK_OF_X509_NAME_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(STACK_OF_X509_NAME_ENTRY, (st), (ptr))
+#define sk_STACK_OF_X509_NAME_ENTRY_insert(st, val, i) SKM_sk_insert(STACK_OF_X509_NAME_ENTRY, (st), (val), (i))
+#define sk_STACK_OF_X509_NAME_ENTRY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(STACK_OF_X509_NAME_ENTRY, (st), (cmp))
+#define sk_STACK_OF_X509_NAME_ENTRY_dup(st) SKM_sk_dup(STACK_OF_X509_NAME_ENTRY, st)
+#define sk_STACK_OF_X509_NAME_ENTRY_pop_free(st, free_func) SKM_sk_pop_free(STACK_OF_X509_NAME_ENTRY, (st), (free_func))
+#define sk_STACK_OF_X509_NAME_ENTRY_shift(st) SKM_sk_shift(STACK_OF_X509_NAME_ENTRY, (st))
+#define sk_STACK_OF_X509_NAME_ENTRY_pop(st) SKM_sk_pop(STACK_OF_X509_NAME_ENTRY, (st))
+#define sk_STACK_OF_X509_NAME_ENTRY_sort(st) SKM_sk_sort(STACK_OF_X509_NAME_ENTRY, (st))
+#define sk_STACK_OF_X509_NAME_ENTRY_is_sorted(st) SKM_sk_is_sorted(STACK_OF_X509_NAME_ENTRY, (st))
+#define sk_STORE_ATTR_INFO_new(cmp) SKM_sk_new(STORE_ATTR_INFO, (cmp))
+#define sk_STORE_ATTR_INFO_new_null() SKM_sk_new_null(STORE_ATTR_INFO)
+#define sk_STORE_ATTR_INFO_free(st) SKM_sk_free(STORE_ATTR_INFO, (st))
+#define sk_STORE_ATTR_INFO_num(st) SKM_sk_num(STORE_ATTR_INFO, (st))
+#define sk_STORE_ATTR_INFO_value(st, i) SKM_sk_value(STORE_ATTR_INFO, (st), (i))
+#define sk_STORE_ATTR_INFO_set(st, i, val) SKM_sk_set(STORE_ATTR_INFO, (st), (i), (val))
+#define sk_STORE_ATTR_INFO_zero(st) SKM_sk_zero(STORE_ATTR_INFO, (st))
+#define sk_STORE_ATTR_INFO_push(st, val) SKM_sk_push(STORE_ATTR_INFO, (st), (val))
+#define sk_STORE_ATTR_INFO_unshift(st, val) SKM_sk_unshift(STORE_ATTR_INFO, (st), (val))
+#define sk_STORE_ATTR_INFO_find(st, val) SKM_sk_find(STORE_ATTR_INFO, (st), (val))
+#define sk_STORE_ATTR_INFO_find_ex(st, val) SKM_sk_find_ex(STORE_ATTR_INFO, (st), (val))
+#define sk_STORE_ATTR_INFO_delete(st, i) SKM_sk_delete(STORE_ATTR_INFO, (st), (i))
+#define sk_STORE_ATTR_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(STORE_ATTR_INFO, (st), (ptr))
+#define sk_STORE_ATTR_INFO_insert(st, val, i) SKM_sk_insert(STORE_ATTR_INFO, (st), (val), (i))
+#define sk_STORE_ATTR_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(STORE_ATTR_INFO, (st), (cmp))
+#define sk_STORE_ATTR_INFO_dup(st) SKM_sk_dup(STORE_ATTR_INFO, st)
+#define sk_STORE_ATTR_INFO_pop_free(st, free_func) SKM_sk_pop_free(STORE_ATTR_INFO, (st), (free_func))
+#define sk_STORE_ATTR_INFO_shift(st) SKM_sk_shift(STORE_ATTR_INFO, (st))
+#define sk_STORE_ATTR_INFO_pop(st) SKM_sk_pop(STORE_ATTR_INFO, (st))
+#define sk_STORE_ATTR_INFO_sort(st) SKM_sk_sort(STORE_ATTR_INFO, (st))
+#define sk_STORE_ATTR_INFO_is_sorted(st) SKM_sk_is_sorted(STORE_ATTR_INFO, (st))
+#define sk_STORE_OBJECT_new(cmp) SKM_sk_new(STORE_OBJECT, (cmp))
 #define sk_STORE_OBJECT_new_null() SKM_sk_new_null(STORE_OBJECT)
 #define sk_STORE_OBJECT_free(st) SKM_sk_free(STORE_OBJECT, (st))
 #define sk_STORE_OBJECT_num(st) SKM_sk_num(STORE_OBJECT, (st))
@@ -1382,7 +1568,7 @@ STACK_OF(type) \
 #define sk_STORE_OBJECT_sort(st) SKM_sk_sort(STORE_OBJECT, (st))
 #define sk_STORE_OBJECT_is_sorted(st) SKM_sk_is_sorted(STORE_OBJECT, (st))
-#define sk_SXNETID_new(st) SKM_sk_new(SXNETID, (st))
+#define sk_SXNETID_new(cmp) SKM_sk_new(SXNETID, (cmp))
 #define sk_SXNETID_new_null() SKM_sk_new_null(SXNETID)
 #define sk_SXNETID_free(st) SKM_sk_free(SXNETID, (st))
 #define sk_SXNETID_num(st) SKM_sk_num(SXNETID, (st))
@@ -1404,7 +1590,7 @@ STACK_OF(type) \
 #define sk_SXNETID_sort(st) SKM_sk_sort(SXNETID, (st))
 #define sk_SXNETID_is_sorted(st) SKM_sk_is_sorted(SXNETID, (st))
-#define sk_UI_STRING_new(st) SKM_sk_new(UI_STRING, (st))
+#define sk_UI_STRING_new(cmp) SKM_sk_new(UI_STRING, (cmp))
 #define sk_UI_STRING_new_null() SKM_sk_new_null(UI_STRING)
 #define sk_UI_STRING_free(st) SKM_sk_free(UI_STRING, (st))
 #define sk_UI_STRING_num(st) SKM_sk_num(UI_STRING, (st))
@@ -1426,7 +1612,7 @@ STACK_OF(type) \
 #define sk_UI_STRING_sort(st) SKM_sk_sort(UI_STRING, (st))
 #define sk_UI_STRING_is_sorted(st) SKM_sk_is_sorted(UI_STRING, (st))
-#define sk_X509_new(st) SKM_sk_new(X509, (st))
+#define sk_X509_new(cmp) SKM_sk_new(X509, (cmp))
 #define sk_X509_new_null() SKM_sk_new_null(X509)
 #define sk_X509_free(st) SKM_sk_free(X509, (st))
 #define sk_X509_num(st) SKM_sk_num(X509, (st))
@@ -1448,7 +1634,7 @@ STACK_OF(type) \
 #define sk_X509_sort(st) SKM_sk_sort(X509, (st))
 #define sk_X509_is_sorted(st) SKM_sk_is_sorted(X509, (st))
-#define sk_X509V3_EXT_METHOD_new(st) SKM_sk_new(X509V3_EXT_METHOD, (st))
+#define sk_X509V3_EXT_METHOD_new(cmp) SKM_sk_new(X509V3_EXT_METHOD, (cmp))
 #define sk_X509V3_EXT_METHOD_new_null() SKM_sk_new_null(X509V3_EXT_METHOD)
 #define sk_X509V3_EXT_METHOD_free(st) SKM_sk_free(X509V3_EXT_METHOD, (st))
 #define sk_X509V3_EXT_METHOD_num(st) SKM_sk_num(X509V3_EXT_METHOD, (st))
@@ -1470,7 +1656,7 @@ STACK_OF(type) \
 #define sk_X509V3_EXT_METHOD_sort(st) SKM_sk_sort(X509V3_EXT_METHOD, (st))
 #define sk_X509V3_EXT_METHOD_is_sorted(st) SKM_sk_is_sorted(X509V3_EXT_METHOD, (st))
-#define sk_X509_ALGOR_new(st) SKM_sk_new(X509_ALGOR, (st))
+#define sk_X509_ALGOR_new(cmp) SKM_sk_new(X509_ALGOR, (cmp))
 #define sk_X509_ALGOR_new_null() SKM_sk_new_null(X509_ALGOR)
 #define sk_X509_ALGOR_free(st) SKM_sk_free(X509_ALGOR, (st))
 #define sk_X509_ALGOR_num(st) SKM_sk_num(X509_ALGOR, (st))
@@ -1492,7 +1678,7 @@ STACK_OF(type) \
 #define sk_X509_ALGOR_sort(st) SKM_sk_sort(X509_ALGOR, (st))
 #define sk_X509_ALGOR_is_sorted(st) SKM_sk_is_sorted(X509_ALGOR, (st))
-#define sk_X509_ATTRIBUTE_new(st) SKM_sk_new(X509_ATTRIBUTE, (st))
+#define sk_X509_ATTRIBUTE_new(cmp) SKM_sk_new(X509_ATTRIBUTE, (cmp))
 #define sk_X509_ATTRIBUTE_new_null() SKM_sk_new_null(X509_ATTRIBUTE)
 #define sk_X509_ATTRIBUTE_free(st) SKM_sk_free(X509_ATTRIBUTE, (st))
 #define sk_X509_ATTRIBUTE_num(st) SKM_sk_num(X509_ATTRIBUTE, (st))
@@ -1514,7 +1700,7 @@ STACK_OF(type) \
 #define sk_X509_ATTRIBUTE_sort(st) SKM_sk_sort(X509_ATTRIBUTE, (st))
 #define sk_X509_ATTRIBUTE_is_sorted(st) SKM_sk_is_sorted(X509_ATTRIBUTE, (st))
-#define sk_X509_CRL_new(st) SKM_sk_new(X509_CRL, (st))
+#define sk_X509_CRL_new(cmp) SKM_sk_new(X509_CRL, (cmp))
 #define sk_X509_CRL_new_null() SKM_sk_new_null(X509_CRL)
 #define sk_X509_CRL_free(st) SKM_sk_free(X509_CRL, (st))
 #define sk_X509_CRL_num(st) SKM_sk_num(X509_CRL, (st))
@@ -1536,7 +1722,7 @@ STACK_OF(type) \
 #define sk_X509_CRL_sort(st) SKM_sk_sort(X509_CRL, (st))
 #define sk_X509_CRL_is_sorted(st) SKM_sk_is_sorted(X509_CRL, (st))
-#define sk_X509_EXTENSION_new(st) SKM_sk_new(X509_EXTENSION, (st))
+#define sk_X509_EXTENSION_new(cmp) SKM_sk_new(X509_EXTENSION, (cmp))
 #define sk_X509_EXTENSION_new_null() SKM_sk_new_null(X509_EXTENSION)
 #define sk_X509_EXTENSION_free(st) SKM_sk_free(X509_EXTENSION, (st))
 #define sk_X509_EXTENSION_num(st) SKM_sk_num(X509_EXTENSION, (st))
@@ -1558,7 +1744,7 @@ STACK_OF(type) \
 #define sk_X509_EXTENSION_sort(st) SKM_sk_sort(X509_EXTENSION, (st))
 #define sk_X509_EXTENSION_is_sorted(st) SKM_sk_is_sorted(X509_EXTENSION, (st))
-#define sk_X509_INFO_new(st) SKM_sk_new(X509_INFO, (st))
+#define sk_X509_INFO_new(cmp) SKM_sk_new(X509_INFO, (cmp))
 #define sk_X509_INFO_new_null() SKM_sk_new_null(X509_INFO)
 #define sk_X509_INFO_free(st) SKM_sk_free(X509_INFO, (st))
 #define sk_X509_INFO_num(st) SKM_sk_num(X509_INFO, (st))
@@ -1580,7 +1766,7 @@ STACK_OF(type) \
 #define sk_X509_INFO_sort(st) SKM_sk_sort(X509_INFO, (st))
 #define sk_X509_INFO_is_sorted(st) SKM_sk_is_sorted(X509_INFO, (st))
-#define sk_X509_LOOKUP_new(st) SKM_sk_new(X509_LOOKUP, (st))
+#define sk_X509_LOOKUP_new(cmp) SKM_sk_new(X509_LOOKUP, (cmp))
 #define sk_X509_LOOKUP_new_null() SKM_sk_new_null(X509_LOOKUP)
 #define sk_X509_LOOKUP_free(st) SKM_sk_free(X509_LOOKUP, (st))
 #define sk_X509_LOOKUP_num(st) SKM_sk_num(X509_LOOKUP, (st))
@@ -1602,7 +1788,7 @@ STACK_OF(type) \
 #define sk_X509_LOOKUP_sort(st) SKM_sk_sort(X509_LOOKUP, (st))
 #define sk_X509_LOOKUP_is_sorted(st) SKM_sk_is_sorted(X509_LOOKUP, (st))
-#define sk_X509_NAME_new(st) SKM_sk_new(X509_NAME, (st))
+#define sk_X509_NAME_new(cmp) SKM_sk_new(X509_NAME, (cmp))
 #define sk_X509_NAME_new_null() SKM_sk_new_null(X509_NAME)
 #define sk_X509_NAME_free(st) SKM_sk_free(X509_NAME, (st))
 #define sk_X509_NAME_num(st) SKM_sk_num(X509_NAME, (st))
@@ -1624,7 +1810,7 @@ STACK_OF(type) \
 #define sk_X509_NAME_sort(st) SKM_sk_sort(X509_NAME, (st))
 #define sk_X509_NAME_is_sorted(st) SKM_sk_is_sorted(X509_NAME, (st))
-#define sk_X509_NAME_ENTRY_new(st) SKM_sk_new(X509_NAME_ENTRY, (st))
+#define sk_X509_NAME_ENTRY_new(cmp) SKM_sk_new(X509_NAME_ENTRY, (cmp))
 #define sk_X509_NAME_ENTRY_new_null() SKM_sk_new_null(X509_NAME_ENTRY)
 #define sk_X509_NAME_ENTRY_free(st) SKM_sk_free(X509_NAME_ENTRY, (st))
 #define sk_X509_NAME_ENTRY_num(st) SKM_sk_num(X509_NAME_ENTRY, (st))
@@ -1646,7 +1832,7 @@ STACK_OF(type) \
 #define sk_X509_NAME_ENTRY_sort(st) SKM_sk_sort(X509_NAME_ENTRY, (st))
 #define sk_X509_NAME_ENTRY_is_sorted(st) SKM_sk_is_sorted(X509_NAME_ENTRY, (st))
-#define sk_X509_OBJECT_new(st) SKM_sk_new(X509_OBJECT, (st))
+#define sk_X509_OBJECT_new(cmp) SKM_sk_new(X509_OBJECT, (cmp))
 #define sk_X509_OBJECT_new_null() SKM_sk_new_null(X509_OBJECT)
 #define sk_X509_OBJECT_free(st) SKM_sk_free(X509_OBJECT, (st))
 #define sk_X509_OBJECT_num(st) SKM_sk_num(X509_OBJECT, (st))
@@ -1668,7 +1854,7 @@ STACK_OF(type) \
 #define sk_X509_OBJECT_sort(st) SKM_sk_sort(X509_OBJECT, (st))
 #define sk_X509_OBJECT_is_sorted(st) SKM_sk_is_sorted(X509_OBJECT, (st))
-#define sk_X509_POLICY_DATA_new(st) SKM_sk_new(X509_POLICY_DATA, (st))
+#define sk_X509_POLICY_DATA_new(cmp) SKM_sk_new(X509_POLICY_DATA, (cmp))
 #define sk_X509_POLICY_DATA_new_null() SKM_sk_new_null(X509_POLICY_DATA)
 #define sk_X509_POLICY_DATA_free(st) SKM_sk_free(X509_POLICY_DATA, (st))
 #define sk_X509_POLICY_DATA_num(st) SKM_sk_num(X509_POLICY_DATA, (st))
@@ -1690,7 +1876,7 @@ STACK_OF(type) \
 #define sk_X509_POLICY_DATA_sort(st) SKM_sk_sort(X509_POLICY_DATA, (st))
 #define sk_X509_POLICY_DATA_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_DATA, (st))
-#define sk_X509_POLICY_NODE_new(st) SKM_sk_new(X509_POLICY_NODE, (st))
+#define sk_X509_POLICY_NODE_new(cmp) SKM_sk_new(X509_POLICY_NODE, (cmp))
 #define sk_X509_POLICY_NODE_new_null() SKM_sk_new_null(X509_POLICY_NODE)
 #define sk_X509_POLICY_NODE_free(st) SKM_sk_free(X509_POLICY_NODE, (st))
 #define sk_X509_POLICY_NODE_num(st) SKM_sk_num(X509_POLICY_NODE, (st))
@@ -1712,29 +1898,7 @@ STACK_OF(type) \
 #define sk_X509_POLICY_NODE_sort(st) SKM_sk_sort(X509_POLICY_NODE, (st))
 #define sk_X509_POLICY_NODE_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_NODE, (st))
-#define sk_X509_POLICY_REF_new(st) SKM_sk_new(X509_POLICY_REF, (st))
+#define sk_X509_PURPOSE_new(cmp) SKM_sk_new(X509_PURPOSE, (cmp))
-#define sk_X509_POLICY_REF_new_null() SKM_sk_new_null(X509_POLICY_REF)
-#define sk_X509_POLICY_REF_free(st) SKM_sk_free(X509_POLICY_REF, (st))
-#define sk_X509_POLICY_REF_num(st) SKM_sk_num(X509_POLICY_REF, (st))
-#define sk_X509_POLICY_REF_value(st, i) SKM_sk_value(X509_POLICY_REF, (st), (i))
-#define sk_X509_POLICY_REF_set(st, i, val) SKM_sk_set(X509_POLICY_REF, (st), (i), (val))
-#define sk_X509_POLICY_REF_zero(st) SKM_sk_zero(X509_POLICY_REF, (st))
-#define sk_X509_POLICY_REF_push(st, val) SKM_sk_push(X509_POLICY_REF, (st), (val))
-#define sk_X509_POLICY_REF_unshift(st, val) SKM_sk_unshift(X509_POLICY_REF, (st), (val))
-#define sk_X509_POLICY_REF_find(st, val) SKM_sk_find(X509_POLICY_REF, (st), (val))
-#define sk_X509_POLICY_REF_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_REF, (st), (val))
-#define sk_X509_POLICY_REF_delete(st, i) SKM_sk_delete(X509_POLICY_REF, (st), (i))
-#define sk_X509_POLICY_REF_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_REF, (st), (ptr))
-#define sk_X509_POLICY_REF_insert(st, val, i) SKM_sk_insert(X509_POLICY_REF, (st), (val), (i))
-#define sk_X509_POLICY_REF_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_REF, (st), (cmp))
-#define sk_X509_POLICY_REF_dup(st) SKM_sk_dup(X509_POLICY_REF, st)
-#define sk_X509_POLICY_REF_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_REF, (st), (free_func))
-#define sk_X509_POLICY_REF_shift(st) SKM_sk_shift(X509_POLICY_REF, (st))
-#define sk_X509_POLICY_REF_pop(st) SKM_sk_pop(X509_POLICY_REF, (st))
-#define sk_X509_POLICY_REF_sort(st) SKM_sk_sort(X509_POLICY_REF, (st))
-#define sk_X509_POLICY_REF_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_REF, (st))
-#define sk_X509_PURPOSE_new(st) SKM_sk_new(X509_PURPOSE, (st))
 #define sk_X509_PURPOSE_new_null() SKM_sk_new_null(X509_PURPOSE)
 #define sk_X509_PURPOSE_free(st) SKM_sk_free(X509_PURPOSE, (st))
 #define sk_X509_PURPOSE_num(st) SKM_sk_num(X509_PURPOSE, (st))
@@ -1756,7 +1920,7 @@ STACK_OF(type) \
 #define sk_X509_PURPOSE_sort(st) SKM_sk_sort(X509_PURPOSE, (st))
 #define sk_X509_PURPOSE_is_sorted(st) SKM_sk_is_sorted(X509_PURPOSE, (st))
-#define sk_X509_REVOKED_new(st) SKM_sk_new(X509_REVOKED, (st))
+#define sk_X509_REVOKED_new(cmp) SKM_sk_new(X509_REVOKED, (cmp))
 #define sk_X509_REVOKED_new_null() SKM_sk_new_null(X509_REVOKED)
 #define sk_X509_REVOKED_free(st) SKM_sk_free(X509_REVOKED, (st))
 #define sk_X509_REVOKED_num(st) SKM_sk_num(X509_REVOKED, (st))
@@ -1778,7 +1942,7 @@ STACK_OF(type) \
 #define sk_X509_REVOKED_sort(st) SKM_sk_sort(X509_REVOKED, (st))
 #define sk_X509_REVOKED_is_sorted(st) SKM_sk_is_sorted(X509_REVOKED, (st))
-#define sk_X509_TRUST_new(st) SKM_sk_new(X509_TRUST, (st))
+#define sk_X509_TRUST_new(cmp) SKM_sk_new(X509_TRUST, (cmp))
 #define sk_X509_TRUST_new_null() SKM_sk_new_null(X509_TRUST)
 #define sk_X509_TRUST_free(st) SKM_sk_free(X509_TRUST, (st))
 #define sk_X509_TRUST_num(st) SKM_sk_num(X509_TRUST, (st))
@@ -1800,7 +1964,7 @@ STACK_OF(type) \
 #define sk_X509_TRUST_sort(st) SKM_sk_sort(X509_TRUST, (st))
 #define sk_X509_TRUST_is_sorted(st) SKM_sk_is_sorted(X509_TRUST, (st))
-#define sk_X509_VERIFY_PARAM_new(st) SKM_sk_new(X509_VERIFY_PARAM, (st))
+#define sk_X509_VERIFY_PARAM_new(cmp) SKM_sk_new(X509_VERIFY_PARAM, (cmp))
 #define sk_X509_VERIFY_PARAM_new_null() SKM_sk_new_null(X509_VERIFY_PARAM)
 #define sk_X509_VERIFY_PARAM_free(st) SKM_sk_free(X509_VERIFY_PARAM, (st))
 #define sk_X509_VERIFY_PARAM_num(st) SKM_sk_num(X509_VERIFY_PARAM, (st))
@@ -1822,6 +1986,125 @@ STACK_OF(type) \
 #define sk_X509_VERIFY_PARAM_sort(st) SKM_sk_sort(X509_VERIFY_PARAM, (st))
 #define sk_X509_VERIFY_PARAM_is_sorted(st) SKM_sk_is_sorted(X509_VERIFY_PARAM, (st))
+#define sk_nid_triple_new(cmp) SKM_sk_new(nid_triple, (cmp))
+#define sk_nid_triple_new_null() SKM_sk_new_null(nid_triple)
+#define sk_nid_triple_free(st) SKM_sk_free(nid_triple, (st))
+#define sk_nid_triple_num(st) SKM_sk_num(nid_triple, (st))
+#define sk_nid_triple_value(st, i) SKM_sk_value(nid_triple, (st), (i))
+#define sk_nid_triple_set(st, i, val) SKM_sk_set(nid_triple, (st), (i), (val))
+#define sk_nid_triple_zero(st) SKM_sk_zero(nid_triple, (st))
+#define sk_nid_triple_push(st, val) SKM_sk_push(nid_triple, (st), (val))
+#define sk_nid_triple_unshift(st, val) SKM_sk_unshift(nid_triple, (st), (val))
+#define sk_nid_triple_find(st, val) SKM_sk_find(nid_triple, (st), (val))
+#define sk_nid_triple_find_ex(st, val) SKM_sk_find_ex(nid_triple, (st), (val))
+#define sk_nid_triple_delete(st, i) SKM_sk_delete(nid_triple, (st), (i))
+#define sk_nid_triple_delete_ptr(st, ptr) SKM_sk_delete_ptr(nid_triple, (st), (ptr))
+#define sk_nid_triple_insert(st, val, i) SKM_sk_insert(nid_triple, (st), (val), (i))
+#define sk_nid_triple_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(nid_triple, (st), (cmp))
+#define sk_nid_triple_dup(st) SKM_sk_dup(nid_triple, st)
+#define sk_nid_triple_pop_free(st, free_func) SKM_sk_pop_free(nid_triple, (st), (free_func))
+#define sk_nid_triple_shift(st) SKM_sk_shift(nid_triple, (st))
+#define sk_nid_triple_pop(st) SKM_sk_pop(nid_triple, (st))
+#define sk_nid_triple_sort(st) SKM_sk_sort(nid_triple, (st))
+#define sk_nid_triple_is_sorted(st) SKM_sk_is_sorted(nid_triple, (st))
+#define sk_void_new(cmp) SKM_sk_new(void, (cmp))
+#define sk_void_new_null() SKM_sk_new_null(void)
+#define sk_void_free(st) SKM_sk_free(void, (st))
+#define sk_void_num(st) SKM_sk_num(void, (st))
+#define sk_void_value(st, i) SKM_sk_value(void, (st), (i))
+#define sk_void_set(st, i, val) SKM_sk_set(void, (st), (i), (val))
+#define sk_void_zero(st) SKM_sk_zero(void, (st))
+#define sk_void_push(st, val) SKM_sk_push(void, (st), (val))
+#define sk_void_unshift(st, val) SKM_sk_unshift(void, (st), (val))
+#define sk_void_find(st, val) SKM_sk_find(void, (st), (val))
+#define sk_void_find_ex(st, val) SKM_sk_find_ex(void, (st), (val))
+#define sk_void_delete(st, i) SKM_sk_delete(void, (st), (i))
+#define sk_void_delete_ptr(st, ptr) SKM_sk_delete_ptr(void, (st), (ptr))
+#define sk_void_insert(st, val, i) SKM_sk_insert(void, (st), (val), (i))
+#define sk_void_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(void, (st), (cmp))
+#define sk_void_dup(st) SKM_sk_dup(void, st)
+#define sk_void_pop_free(st, free_func) SKM_sk_pop_free(void, (st), (free_func))
+#define sk_void_shift(st) SKM_sk_shift(void, (st))
+#define sk_void_pop(st) SKM_sk_pop(void, (st))
+#define sk_void_sort(st) SKM_sk_sort(void, (st))
+#define sk_void_is_sorted(st) SKM_sk_is_sorted(void, (st))
+#define sk_OPENSSL_BLOCK_new(cmp) ((STACK_OF(OPENSSL_BLOCK) *)sk_new(CHECKED_SK_CMP_FUNC(void, cmp)))
+#define sk_OPENSSL_BLOCK_new_null() ((STACK_OF(OPENSSL_BLOCK) *)sk_new_null())
+#define sk_OPENSSL_BLOCK_push(st, val) sk_push(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, val))
+#define sk_OPENSSL_BLOCK_find(st, val) sk_find(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, val))
+#define sk_OPENSSL_BLOCK_value(st, i) ((OPENSSL_BLOCK)sk_value(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), i))
+#define sk_OPENSSL_BLOCK_num(st) SKM_sk_num(OPENSSL_BLOCK, st)
+#define sk_OPENSSL_BLOCK_pop_free(st, free_func) sk_pop_free(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_SK_FREE_FUNC2(OPENSSL_BLOCK, free_func))
+#define sk_OPENSSL_BLOCK_insert(st, val, i) sk_insert(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, val), i)
+#define sk_OPENSSL_BLOCK_free(st) SKM_sk_free(OPENSSL_BLOCK, st)
+#define sk_OPENSSL_BLOCK_set(st, i, val) sk_set((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), i, CHECKED_PTR_OF(void, val))
+#define sk_OPENSSL_BLOCK_zero(st) SKM_sk_zero(OPENSSL_BLOCK, (st))
+#define sk_OPENSSL_BLOCK_unshift(st, val) sk_unshift((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, val))
+#define sk_OPENSSL_BLOCK_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_CONST_PTR_OF(void, val))
+#define sk_OPENSSL_BLOCK_delete(st, i) SKM_sk_delete(OPENSSL_BLOCK, (st), (i))
+#define sk_OPENSSL_BLOCK_delete_ptr(st, ptr) (OPENSSL_BLOCK *)sk_delete_ptr((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, ptr))
+#define sk_OPENSSL_BLOCK_set_cmp_func(st, cmp)  \
+        ((int (*)(const void * const *,const void * const *)) \
+        sk_set_cmp_func((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_SK_CMP_FUNC(void, cmp)))
+#define sk_OPENSSL_BLOCK_dup(st) SKM_sk_dup(OPENSSL_BLOCK, st)
+#define sk_OPENSSL_BLOCK_shift(st) SKM_sk_shift(OPENSSL_BLOCK, (st))
+#define sk_OPENSSL_BLOCK_pop(st) (void *)sk_pop((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st))
+#define sk_OPENSSL_BLOCK_sort(st) SKM_sk_sort(OPENSSL_BLOCK, (st))
+#define sk_OPENSSL_BLOCK_is_sorted(st) SKM_sk_is_sorted(OPENSSL_BLOCK, (st))
+#define sk_OPENSSL_PSTRING_new(cmp) ((STACK_OF(OPENSSL_PSTRING) *)sk_new(CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp)))
+#define sk_OPENSSL_PSTRING_new_null() ((STACK_OF(OPENSSL_PSTRING) *)sk_new_null())
+#define sk_OPENSSL_PSTRING_push(st, val) sk_push(CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_PTR_OF(OPENSSL_STRING, val))
+#define sk_OPENSSL_PSTRING_find(st, val) sk_find(CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_PTR_OF(OPENSSL_STRING, val))
+#define sk_OPENSSL_PSTRING_value(st, i) ((OPENSSL_PSTRING)sk_value(CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), i))
+#define sk_OPENSSL_PSTRING_num(st) SKM_sk_num(OPENSSL_PSTRING, st)
+#define sk_OPENSSL_PSTRING_pop_free(st, free_func) sk_pop_free(CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_SK_FREE_FUNC2(OPENSSL_PSTRING, free_func))
+#define sk_OPENSSL_PSTRING_insert(st, val, i) sk_insert(CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_PTR_OF(OPENSSL_STRING, val), i)
+#define sk_OPENSSL_PSTRING_free(st) SKM_sk_free(OPENSSL_PSTRING, st)
+#define sk_OPENSSL_PSTRING_set(st, i, val) sk_set((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), i, CHECKED_PTR_OF(OPENSSL_STRING, val))
+#define sk_OPENSSL_PSTRING_zero(st) SKM_sk_zero(OPENSSL_PSTRING, (st))
+#define sk_OPENSSL_PSTRING_unshift(st, val) sk_unshift((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_PTR_OF(OPENSSL_STRING, val))
+#define sk_OPENSSL_PSTRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_CONST_PTR_OF(OPENSSL_STRING, val))
+#define sk_OPENSSL_PSTRING_delete(st, i) SKM_sk_delete(OPENSSL_PSTRING, (st), (i))
+#define sk_OPENSSL_PSTRING_delete_ptr(st, ptr) (OPENSSL_PSTRING *)sk_delete_ptr((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_PTR_OF(OPENSSL_STRING, ptr))
+#define sk_OPENSSL_PSTRING_set_cmp_func(st, cmp)  \
+        ((int (*)(const OPENSSL_STRING * const *,const OPENSSL_STRING * const *)) \
+        sk_set_cmp_func((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp)))
+#define sk_OPENSSL_PSTRING_dup(st) SKM_sk_dup(OPENSSL_PSTRING, st)
+#define sk_OPENSSL_PSTRING_shift(st) SKM_sk_shift(OPENSSL_PSTRING, (st))
+#define sk_OPENSSL_PSTRING_pop(st) (OPENSSL_STRING *)sk_pop((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st))
+#define sk_OPENSSL_PSTRING_sort(st) SKM_sk_sort(OPENSSL_PSTRING, (st))
+#define sk_OPENSSL_PSTRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_PSTRING, (st))
+#define sk_OPENSSL_STRING_new(cmp) ((STACK_OF(OPENSSL_STRING) *)sk_new(CHECKED_SK_CMP_FUNC(char, cmp)))
+#define sk_OPENSSL_STRING_new_null() ((STACK_OF(OPENSSL_STRING) *)sk_new_null())
+#define sk_OPENSSL_STRING_push(st, val) sk_push(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val))
+#define sk_OPENSSL_STRING_find(st, val) sk_find(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val))
+#define sk_OPENSSL_STRING_value(st, i) ((OPENSSL_STRING)sk_value(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), i))
+#define sk_OPENSSL_STRING_num(st) SKM_sk_num(OPENSSL_STRING, st)
+#define sk_OPENSSL_STRING_pop_free(st, free_func) sk_pop_free(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_SK_FREE_FUNC2(OPENSSL_STRING, free_func))
+#define sk_OPENSSL_STRING_insert(st, val, i) sk_insert(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val), i)
+#define sk_OPENSSL_STRING_free(st) SKM_sk_free(OPENSSL_STRING, st)
+#define sk_OPENSSL_STRING_set(st, i, val) sk_set((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), i, CHECKED_PTR_OF(char, val))
+#define sk_OPENSSL_STRING_zero(st) SKM_sk_zero(OPENSSL_STRING, (st))
+#define sk_OPENSSL_STRING_unshift(st, val) sk_unshift((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val))
+#define sk_OPENSSL_STRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_CONST_PTR_OF(char, val))
+#define sk_OPENSSL_STRING_delete(st, i) SKM_sk_delete(OPENSSL_STRING, (st), (i))
+#define sk_OPENSSL_STRING_delete_ptr(st, ptr) (OPENSSL_STRING *)sk_delete_ptr((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, ptr))
+#define sk_OPENSSL_STRING_set_cmp_func(st, cmp)  \
+        ((int (*)(const char * const *,const char * const *)) \
+        sk_set_cmp_func((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_SK_CMP_FUNC(char, cmp)))
+#define sk_OPENSSL_STRING_dup(st) SKM_sk_dup(OPENSSL_STRING, st)
+#define sk_OPENSSL_STRING_shift(st) SKM_sk_shift(OPENSSL_STRING, (st))
+#define sk_OPENSSL_STRING_pop(st) (char *)sk_pop((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st))
+#define sk_OPENSSL_STRING_sort(st) SKM_sk_sort(OPENSSL_STRING, (st))
+#define sk_OPENSSL_STRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_STRING, (st))
 #define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
        SKM_ASN1_SET_OF_d2i(ACCESS_DESCRIPTION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
 #define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, i2d_func, ex_tag, ex_class, is_set) \
@@ -1858,6 +2141,15 @@ STACK_OF(type) \
 #define ASN1_seq_unpack_ASN1_TYPE(buf, len, d2i_func, free_func) \
        SKM_ASN1_seq_unpack(ASN1_TYPE, (buf), (len), (d2i_func), (free_func))
+#define d2i_ASN1_SET_OF_ASN1_UTF8STRING(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+        SKM_ASN1_SET_OF_d2i(ASN1_UTF8STRING, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_ASN1_UTF8STRING(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+        SKM_ASN1_SET_OF_i2d(ASN1_UTF8STRING, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_ASN1_UTF8STRING(st, i2d_func, buf, len) \
+        SKM_ASN1_seq_pack(ASN1_UTF8STRING, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_ASN1_UTF8STRING(buf, len, d2i_func, free_func) \
+        SKM_ASN1_seq_unpack(ASN1_UTF8STRING, (buf), (len), (d2i_func), (free_func))
 #define d2i_ASN1_SET_OF_DIST_POINT(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
        SKM_ASN1_SET_OF_d2i(DIST_POINT, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
 #define i2d_ASN1_SET_OF_DIST_POINT(st, pp, i2d_func, ex_tag, ex_class, is_set) \
@@ -1867,6 +2159,24 @@ STACK_OF(type) \
 #define ASN1_seq_unpack_DIST_POINT(buf, len, d2i_func, free_func) \
        SKM_ASN1_seq_unpack(DIST_POINT, (buf), (len), (d2i_func), (free_func))
+#define d2i_ASN1_SET_OF_ESS_CERT_ID(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+        SKM_ASN1_SET_OF_d2i(ESS_CERT_ID, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_ESS_CERT_ID(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+        SKM_ASN1_SET_OF_i2d(ESS_CERT_ID, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_ESS_CERT_ID(st, i2d_func, buf, len) \
+        SKM_ASN1_seq_pack(ESS_CERT_ID, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_ESS_CERT_ID(buf, len, d2i_func, free_func) \
+        SKM_ASN1_seq_unpack(ESS_CERT_ID, (buf), (len), (d2i_func), (free_func))
+#define d2i_ASN1_SET_OF_EVP_MD(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+        SKM_ASN1_SET_OF_d2i(EVP_MD, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_EVP_MD(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+        SKM_ASN1_SET_OF_i2d(EVP_MD, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_EVP_MD(st, i2d_func, buf, len) \
+        SKM_ASN1_seq_pack(EVP_MD, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_EVP_MD(buf, len, d2i_func, free_func) \
+        SKM_ASN1_seq_unpack(EVP_MD, (buf), (len), (d2i_func), (free_func))
 #define d2i_ASN1_SET_OF_GENERAL_NAME(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
        SKM_ASN1_SET_OF_d2i(GENERAL_NAME, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
 #define i2d_ASN1_SET_OF_GENERAL_NAME(st, pp, i2d_func, ex_tag, ex_class, is_set) \
@@ -2025,6 +2335,240 @@ STACK_OF(type) \
 #define PKCS12_decrypt_d2i_PKCS7(algor, d2i_func, free_func, pass, passlen, oct, seq) \
        SKM_PKCS12_decrypt_d2i(PKCS7, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq))
+#define lh_ADDED_OBJ_new() LHM_lh_new(ADDED_OBJ,added_obj)
+#define lh_ADDED_OBJ_insert(lh,inst) LHM_lh_insert(ADDED_OBJ,lh,inst)
+#define lh_ADDED_OBJ_retrieve(lh,inst) LHM_lh_retrieve(ADDED_OBJ,lh,inst)
+#define lh_ADDED_OBJ_delete(lh,inst) LHM_lh_delete(ADDED_OBJ,lh,inst)
+#define lh_ADDED_OBJ_doall(lh,fn) LHM_lh_doall(ADDED_OBJ,lh,fn)
+#define lh_ADDED_OBJ_doall_arg(lh,fn,arg_type,arg) \
+  LHM_lh_doall_arg(ADDED_OBJ,lh,fn,arg_type,arg)
+#define lh_ADDED_OBJ_error(lh) LHM_lh_error(ADDED_OBJ,lh)
+#define lh_ADDED_OBJ_num_items(lh) LHM_lh_num_items(ADDED_OBJ,lh)
+#define lh_ADDED_OBJ_down_load(lh) LHM_lh_down_load(ADDED_OBJ,lh)
+#define lh_ADDED_OBJ_node_stats_bio(lh,out) \
+  LHM_lh_node_stats_bio(ADDED_OBJ,lh,out)
+#define lh_ADDED_OBJ_node_usage_stats_bio(lh,out) \
+  LHM_lh_node_usage_stats_bio(ADDED_OBJ,lh,out)
+#define lh_ADDED_OBJ_stats_bio(lh,out) \
+  LHM_lh_stats_bio(ADDED_OBJ,lh,out)
+#define lh_ADDED_OBJ_free(lh) LHM_lh_free(ADDED_OBJ,lh)
+#define lh_APP_INFO_new() LHM_lh_new(APP_INFO,app_info)
+#define lh_APP_INFO_insert(lh,inst) LHM_lh_insert(APP_INFO,lh,inst)
+#define lh_APP_INFO_retrieve(lh,inst) LHM_lh_retrieve(APP_INFO,lh,inst)
+#define lh_APP_INFO_delete(lh,inst) LHM_lh_delete(APP_INFO,lh,inst)
+#define lh_APP_INFO_doall(lh,fn) LHM_lh_doall(APP_INFO,lh,fn)
+#define lh_APP_INFO_doall_arg(lh,fn,arg_type,arg) \
+  LHM_lh_doall_arg(APP_INFO,lh,fn,arg_type,arg)
+#define lh_APP_INFO_error(lh) LHM_lh_error(APP_INFO,lh)
+#define lh_APP_INFO_num_items(lh) LHM_lh_num_items(APP_INFO,lh)
+#define lh_APP_INFO_down_load(lh) LHM_lh_down_load(APP_INFO,lh)
+#define lh_APP_INFO_node_stats_bio(lh,out) \
+  LHM_lh_node_stats_bio(APP_INFO,lh,out)
+#define lh_APP_INFO_node_usage_stats_bio(lh,out) \
+  LHM_lh_node_usage_stats_bio(APP_INFO,lh,out)
+#define lh_APP_INFO_stats_bio(lh,out) \
+  LHM_lh_stats_bio(APP_INFO,lh,out)
+#define lh_APP_INFO_free(lh) LHM_lh_free(APP_INFO,lh)
+#define lh_CONF_VALUE_new() LHM_lh_new(CONF_VALUE,conf_value)
+#define lh_CONF_VALUE_insert(lh,inst) LHM_lh_insert(CONF_VALUE,lh,inst)
+#define lh_CONF_VALUE_retrieve(lh,inst) LHM_lh_retrieve(CONF_VALUE,lh,inst)
+#define lh_CONF_VALUE_delete(lh,inst) LHM_lh_delete(CONF_VALUE,lh,inst)
+#define lh_CONF_VALUE_doall(lh,fn) LHM_lh_doall(CONF_VALUE,lh,fn)
+#define lh_CONF_VALUE_doall_arg(lh,fn,arg_type,arg) \
+  LHM_lh_doall_arg(CONF_VALUE,lh,fn,arg_type,arg)
+#define lh_CONF_VALUE_error(lh) LHM_lh_error(CONF_VALUE,lh)
+#define lh_CONF_VALUE_num_items(lh) LHM_lh_num_items(CONF_VALUE,lh)
+#define lh_CONF_VALUE_down_load(lh) LHM_lh_down_load(CONF_VALUE,lh)
+#define lh_CONF_VALUE_node_stats_bio(lh,out) \
+  LHM_lh_node_stats_bio(CONF_VALUE,lh,out)
+#define lh_CONF_VALUE_node_usage_stats_bio(lh,out) \
+  LHM_lh_node_usage_stats_bio(CONF_VALUE,lh,out)
+#define lh_CONF_VALUE_stats_bio(lh,out) \
+  LHM_lh_stats_bio(CONF_VALUE,lh,out)
+#define lh_CONF_VALUE_free(lh) LHM_lh_free(CONF_VALUE,lh)
+#define lh_ENGINE_PILE_new() LHM_lh_new(ENGINE_PILE,engine_pile)
+#define lh_ENGINE_PILE_insert(lh,inst) LHM_lh_insert(ENGINE_PILE,lh,inst)
+#define lh_ENGINE_PILE_retrieve(lh,inst) LHM_lh_retrieve(ENGINE_PILE,lh,inst)
+#define lh_ENGINE_PILE_delete(lh,inst) LHM_lh_delete(ENGINE_PILE,lh,inst)
+#define lh_ENGINE_PILE_doall(lh,fn) LHM_lh_doall(ENGINE_PILE,lh,fn)
+#define lh_ENGINE_PILE_doall_arg(lh,fn,arg_type,arg) \
+  LHM_lh_doall_arg(ENGINE_PILE,lh,fn,arg_type,arg)
+#define lh_ENGINE_PILE_error(lh) LHM_lh_error(ENGINE_PILE,lh)
+#define lh_ENGINE_PILE_num_items(lh) LHM_lh_num_items(ENGINE_PILE,lh)
+#define lh_ENGINE_PILE_down_load(lh) LHM_lh_down_load(ENGINE_PILE,lh)
+#define lh_ENGINE_PILE_node_stats_bio(lh,out) \
+  LHM_lh_node_stats_bio(ENGINE_PILE,lh,out)
+#define lh_ENGINE_PILE_node_usage_stats_bio(lh,out) \
+  LHM_lh_node_usage_stats_bio(ENGINE_PILE,lh,out)
+#define lh_ENGINE_PILE_stats_bio(lh,out) \
+  LHM_lh_stats_bio(ENGINE_PILE,lh,out)
+#define lh_ENGINE_PILE_free(lh) LHM_lh_free(ENGINE_PILE,lh)
+#define lh_ERR_STATE_new() LHM_lh_new(ERR_STATE,err_state)
+#define lh_ERR_STATE_insert(lh,inst) LHM_lh_insert(ERR_STATE,lh,inst)
+#define lh_ERR_STATE_retrieve(lh,inst) LHM_lh_retrieve(ERR_STATE,lh,inst)
+#define lh_ERR_STATE_delete(lh,inst) LHM_lh_delete(ERR_STATE,lh,inst)
+#define lh_ERR_STATE_doall(lh,fn) LHM_lh_doall(ERR_STATE,lh,fn)
+#define lh_ERR_STATE_doall_arg(lh,fn,arg_type,arg) \
+  LHM_lh_doall_arg(ERR_STATE,lh,fn,arg_type,arg)
+#define lh_ERR_STATE_error(lh) LHM_lh_error(ERR_STATE,lh)
+#define lh_ERR_STATE_num_items(lh) LHM_lh_num_items(ERR_STATE,lh)
+#define lh_ERR_STATE_down_load(lh) LHM_lh_down_load(ERR_STATE,lh)
+#define lh_ERR_STATE_node_stats_bio(lh,out) \
+  LHM_lh_node_stats_bio(ERR_STATE,lh,out)
+#define lh_ERR_STATE_node_usage_stats_bio(lh,out) \
+  LHM_lh_node_usage_stats_bio(ERR_STATE,lh,out)
+#define lh_ERR_STATE_stats_bio(lh,out) \
+  LHM_lh_stats_bio(ERR_STATE,lh,out)
+#define lh_ERR_STATE_free(lh) LHM_lh_free(ERR_STATE,lh)
+#define lh_ERR_STRING_DATA_new() LHM_lh_new(ERR_STRING_DATA,err_string_data)
+#define lh_ERR_STRING_DATA_insert(lh,inst) LHM_lh_insert(ERR_STRING_DATA,lh,inst)
+#define lh_ERR_STRING_DATA_retrieve(lh,inst) LHM_lh_retrieve(ERR_STRING_DATA,lh,inst)
+#define lh_ERR_STRING_DATA_delete(lh,inst) LHM_lh_delete(ERR_STRING_DATA,lh,inst)
+#define lh_ERR_STRING_DATA_doall(lh,fn) LHM_lh_doall(ERR_STRING_DATA,lh,fn)
+#define lh_ERR_STRING_DATA_doall_arg(lh,fn,arg_type,arg) \
+  LHM_lh_doall_arg(ERR_STRING_DATA,lh,fn,arg_type,arg)
+#define lh_ERR_STRING_DATA_error(lh) LHM_lh_error(ERR_STRING_DATA,lh)
+#define lh_ERR_STRING_DATA_num_items(lh) LHM_lh_num_items(ERR_STRING_DATA,lh)
+#define lh_ERR_STRING_DATA_down_load(lh) LHM_lh_down_load(ERR_STRING_DATA,lh)
+#define lh_ERR_STRING_DATA_node_stats_bio(lh,out) \
+  LHM_lh_node_stats_bio(ERR_STRING_DATA,lh,out)
+#define lh_ERR_STRING_DATA_node_usage_stats_bio(lh,out) \
+  LHM_lh_node_usage_stats_bio(ERR_STRING_DATA,lh,out)
+#define lh_ERR_STRING_DATA_stats_bio(lh,out) \
+  LHM_lh_stats_bio(ERR_STRING_DATA,lh,out)
+#define lh_ERR_STRING_DATA_free(lh) LHM_lh_free(ERR_STRING_DATA,lh)
+#define lh_EX_CLASS_ITEM_new() LHM_lh_new(EX_CLASS_ITEM,ex_class_item)
+#define lh_EX_CLASS_ITEM_insert(lh,inst) LHM_lh_insert(EX_CLASS_ITEM,lh,inst)
+#define lh_EX_CLASS_ITEM_retrieve(lh,inst) LHM_lh_retrieve(EX_CLASS_ITEM,lh,inst)
+#define lh_EX_CLASS_ITEM_delete(lh,inst) LHM_lh_delete(EX_CLASS_ITEM,lh,inst)
+#define lh_EX_CLASS_ITEM_doall(lh,fn) LHM_lh_doall(EX_CLASS_ITEM,lh,fn)
+#define lh_EX_CLASS_ITEM_doall_arg(lh,fn,arg_type,arg) \
+  LHM_lh_doall_arg(EX_CLASS_ITEM,lh,fn,arg_type,arg)
+#define lh_EX_CLASS_ITEM_error(lh) LHM_lh_error(EX_CLASS_ITEM,lh)
+#define lh_EX_CLASS_ITEM_num_items(lh) LHM_lh_num_items(EX_CLASS_ITEM,lh)
+#define lh_EX_CLASS_ITEM_down_load(lh) LHM_lh_down_load(EX_CLASS_ITEM,lh)
+#define lh_EX_CLASS_ITEM_node_stats_bio(lh,out) \
+  LHM_lh_node_stats_bio(EX_CLASS_ITEM,lh,out)
+#define lh_EX_CLASS_ITEM_node_usage_stats_bio(lh,out) \
+  LHM_lh_node_usage_stats_bio(EX_CLASS_ITEM,lh,out)
+#define lh_EX_CLASS_ITEM_stats_bio(lh,out) \
+  LHM_lh_stats_bio(EX_CLASS_ITEM,lh,out)
+#define lh_EX_CLASS_ITEM_free(lh) LHM_lh_free(EX_CLASS_ITEM,lh)
+#define lh_FUNCTION_new() LHM_lh_new(FUNCTION,function)
+#define lh_FUNCTION_insert(lh,inst) LHM_lh_insert(FUNCTION,lh,inst)
+#define lh_FUNCTION_retrieve(lh,inst) LHM_lh_retrieve(FUNCTION,lh,inst)
+#define lh_FUNCTION_delete(lh,inst) LHM_lh_delete(FUNCTION,lh,inst)
+#define lh_FUNCTION_doall(lh,fn) LHM_lh_doall(FUNCTION,lh,fn)
+#define lh_FUNCTION_doall_arg(lh,fn,arg_type,arg) \
+  LHM_lh_doall_arg(FUNCTION,lh,fn,arg_type,arg)
+#define lh_FUNCTION_error(lh) LHM_lh_error(FUNCTION,lh)
+#define lh_FUNCTION_num_items(lh) LHM_lh_num_items(FUNCTION,lh)
+#define lh_FUNCTION_down_load(lh) LHM_lh_down_load(FUNCTION,lh)
+#define lh_FUNCTION_node_stats_bio(lh,out) \
+  LHM_lh_node_stats_bio(FUNCTION,lh,out)
+#define lh_FUNCTION_node_usage_stats_bio(lh,out) \
+  LHM_lh_node_usage_stats_bio(FUNCTION,lh,out)
+#define lh_FUNCTION_stats_bio(lh,out) \
+  LHM_lh_stats_bio(FUNCTION,lh,out)
+#define lh_FUNCTION_free(lh) LHM_lh_free(FUNCTION,lh)
+#define lh_MEM_new() LHM_lh_new(MEM,mem)
+#define lh_MEM_insert(lh,inst) LHM_lh_insert(MEM,lh,inst)
+#define lh_MEM_retrieve(lh,inst) LHM_lh_retrieve(MEM,lh,inst)
+#define lh_MEM_delete(lh,inst) LHM_lh_delete(MEM,lh,inst)
+#define lh_MEM_doall(lh,fn) LHM_lh_doall(MEM,lh,fn)
+#define lh_MEM_doall_arg(lh,fn,arg_type,arg) \
+  LHM_lh_doall_arg(MEM,lh,fn,arg_type,arg)
+#define lh_MEM_error(lh) LHM_lh_error(MEM,lh)
+#define lh_MEM_num_items(lh) LHM_lh_num_items(MEM,lh)
+#define lh_MEM_down_load(lh) LHM_lh_down_load(MEM,lh)
+#define lh_MEM_node_stats_bio(lh,out) \
+  LHM_lh_node_stats_bio(MEM,lh,out)
+#define lh_MEM_node_usage_stats_bio(lh,out) \
+  LHM_lh_node_usage_stats_bio(MEM,lh,out)
+#define lh_MEM_stats_bio(lh,out) \
+  LHM_lh_stats_bio(MEM,lh,out)
+#define lh_MEM_free(lh) LHM_lh_free(MEM,lh)
+#define lh_OBJ_NAME_new() LHM_lh_new(OBJ_NAME,obj_name)
+#define lh_OBJ_NAME_insert(lh,inst) LHM_lh_insert(OBJ_NAME,lh,inst)
+#define lh_OBJ_NAME_retrieve(lh,inst) LHM_lh_retrieve(OBJ_NAME,lh,inst)
+#define lh_OBJ_NAME_delete(lh,inst) LHM_lh_delete(OBJ_NAME,lh,inst)
+#define lh_OBJ_NAME_doall(lh,fn) LHM_lh_doall(OBJ_NAME,lh,fn)
+#define lh_OBJ_NAME_doall_arg(lh,fn,arg_type,arg) \
+  LHM_lh_doall_arg(OBJ_NAME,lh,fn,arg_type,arg)
+#define lh_OBJ_NAME_error(lh) LHM_lh_error(OBJ_NAME,lh)
+#define lh_OBJ_NAME_num_items(lh) LHM_lh_num_items(OBJ_NAME,lh)
+#define lh_OBJ_NAME_down_load(lh) LHM_lh_down_load(OBJ_NAME,lh)
+#define lh_OBJ_NAME_node_stats_bio(lh,out) \
+  LHM_lh_node_stats_bio(OBJ_NAME,lh,out)
+#define lh_OBJ_NAME_node_usage_stats_bio(lh,out) \
+  LHM_lh_node_usage_stats_bio(OBJ_NAME,lh,out)
+#define lh_OBJ_NAME_stats_bio(lh,out) \
+  LHM_lh_stats_bio(OBJ_NAME,lh,out)
+#define lh_OBJ_NAME_free(lh) LHM_lh_free(OBJ_NAME,lh)
+#define lh_OPENSSL_CSTRING_new() LHM_lh_new(OPENSSL_CSTRING,openssl_cstring)
+#define lh_OPENSSL_CSTRING_insert(lh,inst) LHM_lh_insert(OPENSSL_CSTRING,lh,inst)
+#define lh_OPENSSL_CSTRING_retrieve(lh,inst) LHM_lh_retrieve(OPENSSL_CSTRING,lh,inst)
+#define lh_OPENSSL_CSTRING_delete(lh,inst) LHM_lh_delete(OPENSSL_CSTRING,lh,inst)
+#define lh_OPENSSL_CSTRING_doall(lh,fn) LHM_lh_doall(OPENSSL_CSTRING,lh,fn)
+#define lh_OPENSSL_CSTRING_doall_arg(lh,fn,arg_type,arg) \
+  LHM_lh_doall_arg(OPENSSL_CSTRING,lh,fn,arg_type,arg)
+#define lh_OPENSSL_CSTRING_error(lh) LHM_lh_error(OPENSSL_CSTRING,lh)
+#define lh_OPENSSL_CSTRING_num_items(lh) LHM_lh_num_items(OPENSSL_CSTRING,lh)
+#define lh_OPENSSL_CSTRING_down_load(lh) LHM_lh_down_load(OPENSSL_CSTRING,lh)
+#define lh_OPENSSL_CSTRING_node_stats_bio(lh,out) \
+  LHM_lh_node_stats_bio(OPENSSL_CSTRING,lh,out)
+#define lh_OPENSSL_CSTRING_node_usage_stats_bio(lh,out) \
+  LHM_lh_node_usage_stats_bio(OPENSSL_CSTRING,lh,out)
+#define lh_OPENSSL_CSTRING_stats_bio(lh,out) \
+  LHM_lh_stats_bio(OPENSSL_CSTRING,lh,out)
+#define lh_OPENSSL_CSTRING_free(lh) LHM_lh_free(OPENSSL_CSTRING,lh)
+#define lh_OPENSSL_STRING_new() LHM_lh_new(OPENSSL_STRING,openssl_string)
+#define lh_OPENSSL_STRING_insert(lh,inst) LHM_lh_insert(OPENSSL_STRING,lh,inst)
+#define lh_OPENSSL_STRING_retrieve(lh,inst) LHM_lh_retrieve(OPENSSL_STRING,lh,inst)
+#define lh_OPENSSL_STRING_delete(lh,inst) LHM_lh_delete(OPENSSL_STRING,lh,inst)
+#define lh_OPENSSL_STRING_doall(lh,fn) LHM_lh_doall(OPENSSL_STRING,lh,fn)
+#define lh_OPENSSL_STRING_doall_arg(lh,fn,arg_type,arg) \
+  LHM_lh_doall_arg(OPENSSL_STRING,lh,fn,arg_type,arg)
+#define lh_OPENSSL_STRING_error(lh) LHM_lh_error(OPENSSL_STRING,lh)
+#define lh_OPENSSL_STRING_num_items(lh) LHM_lh_num_items(OPENSSL_STRING,lh)
+#define lh_OPENSSL_STRING_down_load(lh) LHM_lh_down_load(OPENSSL_STRING,lh)
+#define lh_OPENSSL_STRING_node_stats_bio(lh,out) \
+  LHM_lh_node_stats_bio(OPENSSL_STRING,lh,out)
+#define lh_OPENSSL_STRING_node_usage_stats_bio(lh,out) \
+  LHM_lh_node_usage_stats_bio(OPENSSL_STRING,lh,out)
+#define lh_OPENSSL_STRING_stats_bio(lh,out) \
+  LHM_lh_stats_bio(OPENSSL_STRING,lh,out)
+#define lh_OPENSSL_STRING_free(lh) LHM_lh_free(OPENSSL_STRING,lh)
+#define lh_SSL_SESSION_new() LHM_lh_new(SSL_SESSION,ssl_session)
+#define lh_SSL_SESSION_insert(lh,inst) LHM_lh_insert(SSL_SESSION,lh,inst)
+#define lh_SSL_SESSION_retrieve(lh,inst) LHM_lh_retrieve(SSL_SESSION,lh,inst)
+#define lh_SSL_SESSION_delete(lh,inst) LHM_lh_delete(SSL_SESSION,lh,inst)
+#define lh_SSL_SESSION_doall(lh,fn) LHM_lh_doall(SSL_SESSION,lh,fn)
+#define lh_SSL_SESSION_doall_arg(lh,fn,arg_type,arg) \
+  LHM_lh_doall_arg(SSL_SESSION,lh,fn,arg_type,arg)
+#define lh_SSL_SESSION_error(lh) LHM_lh_error(SSL_SESSION,lh)
+#define lh_SSL_SESSION_num_items(lh) LHM_lh_num_items(SSL_SESSION,lh)
+#define lh_SSL_SESSION_down_load(lh) LHM_lh_down_load(SSL_SESSION,lh)
+#define lh_SSL_SESSION_node_stats_bio(lh,out) \
+  LHM_lh_node_stats_bio(SSL_SESSION,lh,out)
+#define lh_SSL_SESSION_node_usage_stats_bio(lh,out) \
+  LHM_lh_node_usage_stats_bio(SSL_SESSION,lh,out)
+#define lh_SSL_SESSION_stats_bio(lh,out) \
+  LHM_lh_stats_bio(SSL_SESSION,lh,out)
+#define lh_SSL_SESSION_free(lh) LHM_lh_free(SSL_SESSION,lh)
 /* End of util/mkstack.pl block, you may now edit :-) */
 #endif /* !defined HEADER_SAFESTACK_H */
diff --git a/src/lib/libcrypto/stack/stack.c b/src/lib/libcrypto/stack/stack.c
index 378bd7c796..76cf1a1168 100644
--- a/src/lib/libcrypto/stack/stack.c
+++ b/src/lib/libcrypto/stack/stack.c
@@ -77,10 +77,10 @@ const char STACK_version[]="Stack" OPENSSL_VERSION_PTEXT;
 #include <errno.h>
-int (*sk_set_cmp_func(STACK *sk, int (*c)(const char * const *,const char * const *)))
+int (*sk_set_cmp_func(_STACK *sk, int (*c)(const void *, const void *)))
-                (const char * const *, const char * const *)
+                (const void *, const void *)
        {
-        int (*old)(const char * const *,const char * const *)=sk->comp;
+        int (*old)(const void *,const void *)=sk->comp;
        if (sk->comp != c)
                sk->sorted=0;
@@ -89,9 +89,9 @@ int (*sk_set_cmp_func(STACK *sk, int (*c)(const char * const *,const char * cons
        return old;
        }
-STACK *sk_dup(STACK *sk)
+_STACK *sk_dup(_STACK *sk)
        {
-        STACK *ret;
+        _STACK *ret;
        char **s;
        if ((ret=sk_new(sk->comp)) == NULL) goto err;
@@ -112,19 +112,19 @@ err:
        return(NULL);
        }
-STACK *sk_new_null(void)
+_STACK *sk_new_null(void)
        {
-        return sk_new((int (*)(const char * const *, const char * const *))0);
+        return sk_new((int (*)(const void *, const void *))0);
        }
-STACK *sk_new(int (*c)(const char * const *, const char * const *))
+_STACK *sk_new(int (*c)(const void *, const void *))
        {
-        STACK *ret;
+        _STACK *ret;
        int i;
-        if ((ret=(STACK *)OPENSSL_malloc(sizeof(STACK))) == NULL)
+        if ((ret=OPENSSL_malloc(sizeof(_STACK))) == NULL)
                goto err;
-        if ((ret->data=(char **)OPENSSL_malloc(sizeof(char *)*MIN_NODES)) == NULL)
+        if ((ret->data=OPENSSL_malloc(sizeof(char *)*MIN_NODES)) == NULL)
                goto err;
        for (i=0; i<MIN_NODES; i++)
                ret->data[i]=NULL;
@@ -139,14 +139,14 @@ err:
        return(NULL);
        }
-int sk_insert(STACK *st, char *data, int loc)
+int sk_insert(_STACK *st, void *data, int loc)
        {
        char **s;
        if(st == NULL) return 0;
        if (st->num_alloc <= st->num+1)
                {
-                s=(char **)OPENSSL_realloc((char *)st->data,
+                s=OPENSSL_realloc((char *)st->data,
                        (unsigned int)sizeof(char *)*st->num_alloc*2);
                if (s == NULL)
                        return(0);
@@ -160,14 +160,14 @@ int sk_insert(STACK *st, char *data, int loc)
                int i;
                char **f,**t;
-                f=(char **)st->data;
+                f=st->data;
-                t=(char **)&(st->data[1]);
+                t=&(st->data[1]);
                for (i=st->num; i>=loc; i--)
                        t[i]=f[i];
                        
 #ifdef undef /* no memmove on sunos :-( */
-                memmove( (char *)&(st->data[loc+1]),
+                memmove(&(st->data[loc+1]),
-                        (char *)&(st->data[loc]),
+                        &(st->data[loc]),
                        sizeof(char *)*(st->num-loc));
 #endif
                st->data[loc]=data;
@@ -177,7 +177,7 @@ int sk_insert(STACK *st, char *data, int loc)
        return(st->num);
        }
-char *sk_delete_ptr(STACK *st, char *p)
+void *sk_delete_ptr(_STACK *st, void *p)
        {
        int i;
@@ -187,7 +187,7 @@ char *sk_delete_ptr(STACK *st, char *p)
        return(NULL);
        }
-char *sk_delete(STACK *st, int loc)
+void *sk_delete(_STACK *st, int loc)
        {
        char *ret;
        int i,j;
@@ -210,11 +210,11 @@ char *sk_delete(STACK *st, int loc)
        return(ret);
        }
-static int internal_find(STACK *st, char *data, int ret_val_options)
+static int internal_find(_STACK *st, void *data, int ret_val_options)
        {
-        char **r;
+        const void * const *r;
        int i;
-        int (*comp_func)(const void *,const void *);
        if(st == NULL) return -1;
        if (st->comp == NULL)
@@ -226,53 +226,46 @@ static int internal_find(STACK *st, char *data, int ret_val_options)
                }
        sk_sort(st);
        if (data == NULL) return(-1);
-        /* This (and the "qsort" below) are the two places in OpenSSL
+        r=OBJ_bsearch_ex_(&data,st->data,st->num,sizeof(void *),st->comp,
-         * where we need to convert from our standard (type **,type **)
+                          ret_val_options);
-         * compare callback type to the (void *,void *) type required by
-         * bsearch. However, the "data" it is being called(back) with are
-         * not (type *) pointers, but the *pointers* to (type *) pointers,
-         * so we get our extra level of pointer dereferencing that way. */
-        comp_func=(int (*)(const void *,const void *))(st->comp);
-        r=(char **)OBJ_bsearch_ex((char *)&data,(char *)st->data,
-                st->num,sizeof(char *),comp_func,ret_val_options);
        if (r == NULL) return(-1);
-        return((int)(r-st->data));
+        return (int)((char **)r-st->data);
        }
-int sk_find(STACK *st, char *data)
+int sk_find(_STACK *st, void *data)
        {
        return internal_find(st, data, OBJ_BSEARCH_FIRST_VALUE_ON_MATCH);
        }
-int sk_find_ex(STACK *st, char *data)
+int sk_find_ex(_STACK *st, void *data)
        {
        return internal_find(st, data, OBJ_BSEARCH_VALUE_ON_NOMATCH);
        }
-int sk_push(STACK *st, char *data)
+int sk_push(_STACK *st, void *data)
        {
        return(sk_insert(st,data,st->num));
        }
-int sk_unshift(STACK *st, char *data)
+int sk_unshift(_STACK *st, void *data)
        {
        return(sk_insert(st,data,0));
        }
-char *sk_shift(STACK *st)
+void *sk_shift(_STACK *st)
        {
        if (st == NULL) return(NULL);
        if (st->num <= 0) return(NULL);
        return(sk_delete(st,0));
        }
-char *sk_pop(STACK *st)
+void *sk_pop(_STACK *st)
        {
        if (st == NULL) return(NULL);
        if (st->num <= 0) return(NULL);
        return(sk_delete(st,st->num-1));
        }
-void sk_zero(STACK *st)
+void sk_zero(_STACK *st)
        {
        if (st == NULL) return;
        if (st->num <= 0) return;
@@ -280,7 +273,7 @@ void sk_zero(STACK *st)
        st->num=0;
        }
-void sk_pop_free(STACK *st, void (*func)(void *))
+void sk_pop_free(_STACK *st, void (*func)(void *))
        {
        int i;
@@ -291,32 +284,32 @@ void sk_pop_free(STACK *st, void (*func)(void *))
        sk_free(st);
        }
-void sk_free(STACK *st)
+void sk_free(_STACK *st)
        {
        if (st == NULL) return;
        if (st->data != NULL) OPENSSL_free(st->data);
        OPENSSL_free(st);
        }
-int sk_num(const STACK *st)
+int sk_num(const _STACK *st)
 {
        if(st == NULL) return -1;
        return st->num;
 }
-char *sk_value(const STACK *st, int i)
+void *sk_value(const _STACK *st, int i)
 {
        if(!st || (i < 0) || (i >= st->num)) return NULL;
        return st->data[i];
 }
-char *sk_set(STACK *st, int i, char *value)
+void *sk_set(_STACK *st, int i, void *value)
 {
        if(!st || (i < 0) || (i >= st->num)) return NULL;
        return (st->data[i] = value);
 }
-void sk_sort(STACK *st)
+void sk_sort(_STACK *st)
        {
        if (st && !st->sorted)
                {
@@ -333,7 +326,7 @@ void sk_sort(STACK *st)
                }
        }
-int sk_is_sorted(const STACK *st)
+int sk_is_sorted(const _STACK *st)
        {
        if (!st)
                return 1;
diff --git a/src/lib/libcrypto/stack/stack.h b/src/lib/libcrypto/stack/stack.h
index 5cbb116a8b..ce35e554eb 100644
--- a/src/lib/libcrypto/stack/stack.h
+++ b/src/lib/libcrypto/stack/stack.h
@@ -70,37 +70,36 @@ typedef struct stack_st
        int sorted;
        int num_alloc;
-        int (*comp)(const char * const *, const char * const *);
+        int (*comp)(const void *, const void *);
-        } STACK;
+        } _STACK;  /* Use STACK_OF(...) instead */
 #define M_sk_num(sk)            ((sk) ? (sk)->num:-1)
 #define M_sk_value(sk,n)        ((sk) ? (sk)->data[n] : NULL)
-int sk_num(const STACK *);
+int sk_num(const _STACK *);
-char *sk_value(const STACK *, int);
+void *sk_value(const _STACK *, int);
-char *sk_set(STACK *, int, char *);
+void *sk_set(_STACK *, int, void *);
-STACK *sk_new(int (*cmp)(const char * const *, const char * const *));
+_STACK *sk_new(int (*cmp)(const void *, const void *));
-STACK *sk_new_null(void);
+_STACK *sk_new_null(void);
-void sk_free(STACK *);
+void sk_free(_STACK *);
-void sk_pop_free(STACK *st, void (*func)(void *));
+void sk_pop_free(_STACK *st, void (*func)(void *));
-int sk_insert(STACK *sk,char *data,int where);
+int sk_insert(_STACK *sk, void *data, int where);
-char *sk_delete(STACK *st,int loc);
+void *sk_delete(_STACK *st, int loc);
-char *sk_delete_ptr(STACK *st, char *p);
+void *sk_delete_ptr(_STACK *st, void *p);
-int sk_find(STACK *st,char *data);
+int sk_find(_STACK *st, void *data);
-int sk_find_ex(STACK *st,char *data);
+int sk_find_ex(_STACK *st, void *data);
-int sk_push(STACK *st,char *data);
+int sk_push(_STACK *st, void *data);
-int sk_unshift(STACK *st,char *data);
+int sk_unshift(_STACK *st, void *data);
-char *sk_shift(STACK *st);
+void *sk_shift(_STACK *st);
-char *sk_pop(STACK *st);
+void *sk_pop(_STACK *st);
-void sk_zero(STACK *st);
+void sk_zero(_STACK *st);
-int (*sk_set_cmp_func(STACK *sk, int (*c)(const char * const *,
+int (*sk_set_cmp_func(_STACK *sk, int (*c)(const void *, const void *)))
-                        const char * const *)))
+        (const void *, const void *);
-                        (const char * const *, const char * const *);
+_STACK *sk_dup(_STACK *st);
-STACK *sk_dup(STACK *st);
+void sk_sort(_STACK *st);
-void sk_sort(STACK *st);
+int sk_is_sorted(const _STACK *st);
-int sk_is_sorted(const STACK *st);
 #ifdef  __cplusplus
 }
diff --git a/src/lib/libcrypto/ts/ts.h b/src/lib/libcrypto/ts/ts.h
new file mode 100644
index 0000000000..190e8a1bf2
--- /dev/null
+++ b/src/lib/libcrypto/ts/ts.h
@@ -0,0 +1,861 @@
+/* crypto/ts/ts.h */
+/* Written by Zoltan Glozik (zglozik@opentsa.org) for the OpenSSL
+ * project 2002, 2003, 2004.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#ifndef HEADER_TS_H
+#define HEADER_TS_H
+#include <openssl/opensslconf.h>
+#include <openssl/symhacks.h>
+#ifndef OPENSSL_NO_BUFFER
+#include <openssl/buffer.h>
+#endif
+#ifndef OPENSSL_NO_EVP
+#include <openssl/evp.h>
+#endif
+#ifndef OPENSSL_NO_BIO
+#include <openssl/bio.h>
+#endif
+#include <openssl/stack.h>
+#include <openssl/asn1.h>
+#include <openssl/safestack.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_DH
+#include <openssl/dh.h>
+#endif
+#include <openssl/evp.h>
+#ifdef  __cplusplus
+extern "C" {
+#endif
+#ifdef WIN32
+/* Under Win32 this is defined in wincrypt.h */
+#undef X509_NAME
+#endif
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+/*
+MessageImprint ::= SEQUENCE  {
+     hashAlgorithm                AlgorithmIdentifier,
+     hashedMessage                OCTET STRING  }
+*/
+typedef struct TS_msg_imprint_st
+        {
+        X509_ALGOR *hash_algo;
+        ASN1_OCTET_STRING *hashed_msg;
+        } TS_MSG_IMPRINT;
+/*
+TimeStampReq ::= SEQUENCE  {
+   version                  INTEGER  { v1(1) },
+   messageImprint           MessageImprint,
+     --a hash algorithm OID and the hash value of the data to be
+     --time-stamped
+   reqPolicy                TSAPolicyId                OPTIONAL,
+   nonce                    INTEGER                    OPTIONAL,
+   certReq                  BOOLEAN                    DEFAULT FALSE,
+   extensions               [0] IMPLICIT Extensions    OPTIONAL  }
+*/
+typedef struct TS_req_st
+        {
+        ASN1_INTEGER *version;
+        TS_MSG_IMPRINT *msg_imprint;
+        ASN1_OBJECT *policy_id;         /* OPTIONAL */
+        ASN1_INTEGER *nonce;            /* OPTIONAL */
+        ASN1_BOOLEAN cert_req;          /* DEFAULT FALSE */
+        STACK_OF(X509_EXTENSION) *extensions;   /* [0] OPTIONAL */
+        } TS_REQ;
+/*
+Accuracy ::= SEQUENCE {
+                seconds        INTEGER           OPTIONAL,
+                millis     [0] INTEGER  (1..999) OPTIONAL,
+                micros     [1] INTEGER  (1..999) OPTIONAL  }
+*/
+typedef struct TS_accuracy_st
+        {
+        ASN1_INTEGER *seconds;
+        ASN1_INTEGER *millis;
+        ASN1_INTEGER *micros;
+        } TS_ACCURACY;
+/*
+TSTInfo ::= SEQUENCE  {
+    version                      INTEGER  { v1(1) },
+    policy                       TSAPolicyId,
+    messageImprint               MessageImprint,
+      -- MUST have the same value as the similar field in
+      -- TimeStampReq
+    serialNumber                 INTEGER,
+     -- Time-Stamping users MUST be ready to accommodate integers
+     -- up to 160 bits.
+    genTime                      GeneralizedTime,
+    accuracy                     Accuracy                 OPTIONAL,
+    ordering                     BOOLEAN             DEFAULT FALSE,
+    nonce                        INTEGER                  OPTIONAL,
+      -- MUST be present if the similar field was present
+      -- in TimeStampReq.  In that case it MUST have the same value.
+    tsa                          [0] GeneralName          OPTIONAL,
+    extensions                   [1] IMPLICIT Extensions  OPTIONAL   }
+*/
+typedef struct TS_tst_info_st
+        {
+        ASN1_INTEGER *version;
+        ASN1_OBJECT *policy_id;
+        TS_MSG_IMPRINT *msg_imprint;
+        ASN1_INTEGER *serial;
+        ASN1_GENERALIZEDTIME *time;
+        TS_ACCURACY *accuracy;
+        ASN1_BOOLEAN ordering;
+        ASN1_INTEGER *nonce;
+        GENERAL_NAME *tsa;
+        STACK_OF(X509_EXTENSION) *extensions;
+        } TS_TST_INFO;  
+/*
+PKIStatusInfo ::= SEQUENCE {
+    status        PKIStatus,
+    statusString  PKIFreeText     OPTIONAL,
+    failInfo      PKIFailureInfo  OPTIONAL  }
+From RFC 1510 - section 3.1.1:
+PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String
+        -- text encoded as UTF-8 String (note:  each UTF8String SHOULD
+        -- include an RFC 1766 language tag to indicate the language
+        -- of the contained text)
+*/
+/* Possible values for status. See ts_resp_print.c && ts_resp_verify.c. */
+#define TS_STATUS_GRANTED                       0
+#define TS_STATUS_GRANTED_WITH_MODS             1
+#define TS_STATUS_REJECTION                     2
+#define TS_STATUS_WAITING                       3
+#define TS_STATUS_REVOCATION_WARNING            4
+#define TS_STATUS_REVOCATION_NOTIFICATION       5
+/* Possible values for failure_info. See ts_resp_print.c && ts_resp_verify.c */
+#define TS_INFO_BAD_ALG                 0
+#define TS_INFO_BAD_REQUEST             2
+#define TS_INFO_BAD_DATA_FORMAT         5
+#define TS_INFO_TIME_NOT_AVAILABLE      14
+#define TS_INFO_UNACCEPTED_POLICY       15
+#define TS_INFO_UNACCEPTED_EXTENSION    16
+#define TS_INFO_ADD_INFO_NOT_AVAILABLE  17
+#define TS_INFO_SYSTEM_FAILURE          25
+typedef struct TS_status_info_st
+        {
+        ASN1_INTEGER *status;
+        STACK_OF(ASN1_UTF8STRING) *text;
+        ASN1_BIT_STRING *failure_info;
+        } TS_STATUS_INFO;
+DECLARE_STACK_OF(ASN1_UTF8STRING)
+DECLARE_ASN1_SET_OF(ASN1_UTF8STRING)
+/*
+TimeStampResp ::= SEQUENCE  {
+     status                  PKIStatusInfo,
+     timeStampToken          TimeStampToken     OPTIONAL }
+*/
+typedef struct TS_resp_st
+        {
+        TS_STATUS_INFO *status_info;
+        PKCS7 *token;
+        TS_TST_INFO *tst_info;
+        } TS_RESP;
+/* The structure below would belong to the ESS component. */
+/*
+IssuerSerial ::= SEQUENCE {
+        issuer                   GeneralNames,
+        serialNumber             CertificateSerialNumber
+        }
+*/
+typedef struct ESS_issuer_serial
+        {
+        STACK_OF(GENERAL_NAME)  *issuer;
+        ASN1_INTEGER            *serial;
+        } ESS_ISSUER_SERIAL;
+/*
+ESSCertID ::=  SEQUENCE {
+        certHash                 Hash,
+        issuerSerial             IssuerSerial OPTIONAL
+}
+*/
+typedef struct ESS_cert_id
+        {
+        ASN1_OCTET_STRING *hash;        /* Always SHA-1 digest. */
+        ESS_ISSUER_SERIAL *issuer_serial;
+        } ESS_CERT_ID;
+DECLARE_STACK_OF(ESS_CERT_ID)
+DECLARE_ASN1_SET_OF(ESS_CERT_ID)
+/*
+SigningCertificate ::=  SEQUENCE {
+       certs        SEQUENCE OF ESSCertID,
+       policies     SEQUENCE OF PolicyInformation OPTIONAL
+}
+*/
+typedef struct ESS_signing_cert
+        {
+        STACK_OF(ESS_CERT_ID) *cert_ids;
+        STACK_OF(POLICYINFO) *policy_info;
+        } ESS_SIGNING_CERT;
+TS_REQ  *TS_REQ_new(void);
+void    TS_REQ_free(TS_REQ *a);
+int     i2d_TS_REQ(const TS_REQ *a, unsigned char **pp);
+TS_REQ  *d2i_TS_REQ(TS_REQ **a, const unsigned char **pp, long length);
+TS_REQ  *TS_REQ_dup(TS_REQ *a);
+TS_REQ  *d2i_TS_REQ_fp(FILE *fp, TS_REQ **a);
+int     i2d_TS_REQ_fp(FILE *fp, TS_REQ *a);
+TS_REQ  *d2i_TS_REQ_bio(BIO *fp, TS_REQ **a);
+int     i2d_TS_REQ_bio(BIO *fp, TS_REQ *a);
+TS_MSG_IMPRINT  *TS_MSG_IMPRINT_new(void);
+void            TS_MSG_IMPRINT_free(TS_MSG_IMPRINT *a);
+int             i2d_TS_MSG_IMPRINT(const TS_MSG_IMPRINT *a, unsigned char **pp);
+TS_MSG_IMPRINT  *d2i_TS_MSG_IMPRINT(TS_MSG_IMPRINT **a,
+                                    const unsigned char **pp, long length);
+TS_MSG_IMPRINT  *TS_MSG_IMPRINT_dup(TS_MSG_IMPRINT *a);
+TS_MSG_IMPRINT  *d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a);
+int             i2d_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT *a);
+TS_MSG_IMPRINT  *d2i_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT **a);
+int             i2d_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT *a);
+TS_RESP *TS_RESP_new(void);
+void    TS_RESP_free(TS_RESP *a);
+int     i2d_TS_RESP(const TS_RESP *a, unsigned char **pp);
+TS_RESP *d2i_TS_RESP(TS_RESP **a, const unsigned char **pp, long length);
+TS_TST_INFO *PKCS7_to_TS_TST_INFO(PKCS7 *token);
+TS_RESP *TS_RESP_dup(TS_RESP *a);
+TS_RESP *d2i_TS_RESP_fp(FILE *fp, TS_RESP **a);
+int     i2d_TS_RESP_fp(FILE *fp, TS_RESP *a);
+TS_RESP *d2i_TS_RESP_bio(BIO *fp, TS_RESP **a);
+int     i2d_TS_RESP_bio(BIO *fp, TS_RESP *a);
+TS_STATUS_INFO  *TS_STATUS_INFO_new(void);
+void            TS_STATUS_INFO_free(TS_STATUS_INFO *a);
+int             i2d_TS_STATUS_INFO(const TS_STATUS_INFO *a, unsigned char **pp);
+TS_STATUS_INFO  *d2i_TS_STATUS_INFO(TS_STATUS_INFO **a, 
+                                    const unsigned char **pp, long length);
+TS_STATUS_INFO  *TS_STATUS_INFO_dup(TS_STATUS_INFO *a);
+TS_TST_INFO     *TS_TST_INFO_new(void);
+void            TS_TST_INFO_free(TS_TST_INFO *a);
+int             i2d_TS_TST_INFO(const TS_TST_INFO *a, unsigned char **pp);
+TS_TST_INFO     *d2i_TS_TST_INFO(TS_TST_INFO **a, const unsigned char **pp,
+                                    long length);
+TS_TST_INFO     *TS_TST_INFO_dup(TS_TST_INFO *a);
+TS_TST_INFO     *d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a);
+int             i2d_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO *a);
+TS_TST_INFO     *d2i_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO **a);
+int             i2d_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO *a);
+TS_ACCURACY     *TS_ACCURACY_new(void);
+void            TS_ACCURACY_free(TS_ACCURACY *a);
+int             i2d_TS_ACCURACY(const TS_ACCURACY *a, unsigned char **pp);
+TS_ACCURACY     *d2i_TS_ACCURACY(TS_ACCURACY **a, const unsigned char **pp,
+                                    long length);
+TS_ACCURACY     *TS_ACCURACY_dup(TS_ACCURACY *a);
+ESS_ISSUER_SERIAL *ESS_ISSUER_SERIAL_new(void);
+void              ESS_ISSUER_SERIAL_free(ESS_ISSUER_SERIAL *a);
+int               i2d_ESS_ISSUER_SERIAL(const ESS_ISSUER_SERIAL *a,
+                                        unsigned char **pp);
+ESS_ISSUER_SERIAL *d2i_ESS_ISSUER_SERIAL(ESS_ISSUER_SERIAL **a,
+                                         const unsigned char **pp, long length);
+ESS_ISSUER_SERIAL *ESS_ISSUER_SERIAL_dup(ESS_ISSUER_SERIAL *a);
+ESS_CERT_ID     *ESS_CERT_ID_new(void);
+void            ESS_CERT_ID_free(ESS_CERT_ID *a);
+int             i2d_ESS_CERT_ID(const ESS_CERT_ID *a, unsigned char **pp);
+ESS_CERT_ID     *d2i_ESS_CERT_ID(ESS_CERT_ID **a, const unsigned char **pp,
+                                 long length);
+ESS_CERT_ID     *ESS_CERT_ID_dup(ESS_CERT_ID *a);
+ESS_SIGNING_CERT *ESS_SIGNING_CERT_new(void);
+void             ESS_SIGNING_CERT_free(ESS_SIGNING_CERT *a);
+int              i2d_ESS_SIGNING_CERT(const ESS_SIGNING_CERT *a, 
+                                      unsigned char **pp);
+ESS_SIGNING_CERT *d2i_ESS_SIGNING_CERT(ESS_SIGNING_CERT **a,
+                                       const unsigned char **pp, long length);
+ESS_SIGNING_CERT *ESS_SIGNING_CERT_dup(ESS_SIGNING_CERT *a);
+void ERR_load_TS_strings(void);
+int TS_REQ_set_version(TS_REQ *a, long version);
+long TS_REQ_get_version(const TS_REQ *a);
+int TS_REQ_set_msg_imprint(TS_REQ *a, TS_MSG_IMPRINT *msg_imprint);
+TS_MSG_IMPRINT *TS_REQ_get_msg_imprint(TS_REQ *a);
+int TS_MSG_IMPRINT_set_algo(TS_MSG_IMPRINT *a, X509_ALGOR *alg);
+X509_ALGOR *TS_MSG_IMPRINT_get_algo(TS_MSG_IMPRINT *a);
+int TS_MSG_IMPRINT_set_msg(TS_MSG_IMPRINT *a, unsigned char *d, int len);
+ASN1_OCTET_STRING *TS_MSG_IMPRINT_get_msg(TS_MSG_IMPRINT *a);
+int TS_REQ_set_policy_id(TS_REQ *a, ASN1_OBJECT *policy);
+ASN1_OBJECT *TS_REQ_get_policy_id(TS_REQ *a);
+int TS_REQ_set_nonce(TS_REQ *a, const ASN1_INTEGER *nonce);
+const ASN1_INTEGER *TS_REQ_get_nonce(const TS_REQ *a);
+int TS_REQ_set_cert_req(TS_REQ *a, int cert_req);
+int TS_REQ_get_cert_req(const TS_REQ *a);
+STACK_OF(X509_EXTENSION) *TS_REQ_get_exts(TS_REQ *a);
+void TS_REQ_ext_free(TS_REQ *a);
+int TS_REQ_get_ext_count(TS_REQ *a);
+int TS_REQ_get_ext_by_NID(TS_REQ *a, int nid, int lastpos);
+int TS_REQ_get_ext_by_OBJ(TS_REQ *a, ASN1_OBJECT *obj, int lastpos);
+int TS_REQ_get_ext_by_critical(TS_REQ *a, int crit, int lastpos);
+X509_EXTENSION *TS_REQ_get_ext(TS_REQ *a, int loc);
+X509_EXTENSION *TS_REQ_delete_ext(TS_REQ *a, int loc);
+int TS_REQ_add_ext(TS_REQ *a, X509_EXTENSION *ex, int loc);
+void *TS_REQ_get_ext_d2i(TS_REQ *a, int nid, int *crit, int *idx);
+/* Function declarations for TS_REQ defined in ts/ts_req_print.c */
+int TS_REQ_print_bio(BIO *bio, TS_REQ *a);
+/* Function declarations for TS_RESP defined in ts/ts_resp_utils.c */
+int TS_RESP_set_status_info(TS_RESP *a, TS_STATUS_INFO *info);
+TS_STATUS_INFO *TS_RESP_get_status_info(TS_RESP *a);
+/* Caller loses ownership of PKCS7 and TS_TST_INFO objects. */
+void TS_RESP_set_tst_info(TS_RESP *a, PKCS7 *p7, TS_TST_INFO *tst_info);
+PKCS7 *TS_RESP_get_token(TS_RESP *a);
+TS_TST_INFO *TS_RESP_get_tst_info(TS_RESP *a);
+int TS_TST_INFO_set_version(TS_TST_INFO *a, long version);
+long TS_TST_INFO_get_version(const TS_TST_INFO *a);
+int TS_TST_INFO_set_policy_id(TS_TST_INFO *a, ASN1_OBJECT *policy_id);
+ASN1_OBJECT *TS_TST_INFO_get_policy_id(TS_TST_INFO *a);
+int TS_TST_INFO_set_msg_imprint(TS_TST_INFO *a, TS_MSG_IMPRINT *msg_imprint);
+TS_MSG_IMPRINT *TS_TST_INFO_get_msg_imprint(TS_TST_INFO *a);
+int TS_TST_INFO_set_serial(TS_TST_INFO *a, const ASN1_INTEGER *serial);
+const ASN1_INTEGER *TS_TST_INFO_get_serial(const TS_TST_INFO *a);
+int TS_TST_INFO_set_time(TS_TST_INFO *a, const ASN1_GENERALIZEDTIME *gtime);
+const ASN1_GENERALIZEDTIME *TS_TST_INFO_get_time(const TS_TST_INFO *a);
+int TS_TST_INFO_set_accuracy(TS_TST_INFO *a, TS_ACCURACY *accuracy);
+TS_ACCURACY *TS_TST_INFO_get_accuracy(TS_TST_INFO *a);
+int TS_ACCURACY_set_seconds(TS_ACCURACY *a, const ASN1_INTEGER *seconds);
+const ASN1_INTEGER *TS_ACCURACY_get_seconds(const TS_ACCURACY *a);
+int TS_ACCURACY_set_millis(TS_ACCURACY *a, const ASN1_INTEGER *millis);
+const ASN1_INTEGER *TS_ACCURACY_get_millis(const TS_ACCURACY *a);
+int TS_ACCURACY_set_micros(TS_ACCURACY *a, const ASN1_INTEGER *micros);
+const ASN1_INTEGER *TS_ACCURACY_get_micros(const TS_ACCURACY *a);
+int TS_TST_INFO_set_ordering(TS_TST_INFO *a, int ordering);
+int TS_TST_INFO_get_ordering(const TS_TST_INFO *a);
+int TS_TST_INFO_set_nonce(TS_TST_INFO *a, const ASN1_INTEGER *nonce);
+const ASN1_INTEGER *TS_TST_INFO_get_nonce(const TS_TST_INFO *a);
+int TS_TST_INFO_set_tsa(TS_TST_INFO *a, GENERAL_NAME *tsa);
+GENERAL_NAME *TS_TST_INFO_get_tsa(TS_TST_INFO *a);
+STACK_OF(X509_EXTENSION) *TS_TST_INFO_get_exts(TS_TST_INFO *a);
+void TS_TST_INFO_ext_free(TS_TST_INFO *a);
+int TS_TST_INFO_get_ext_count(TS_TST_INFO *a);
+int TS_TST_INFO_get_ext_by_NID(TS_TST_INFO *a, int nid, int lastpos);
+int TS_TST_INFO_get_ext_by_OBJ(TS_TST_INFO *a, ASN1_OBJECT *obj, int lastpos);
+int TS_TST_INFO_get_ext_by_critical(TS_TST_INFO *a, int crit, int lastpos);
+X509_EXTENSION *TS_TST_INFO_get_ext(TS_TST_INFO *a, int loc);
+X509_EXTENSION *TS_TST_INFO_delete_ext(TS_TST_INFO *a, int loc);
+int TS_TST_INFO_add_ext(TS_TST_INFO *a, X509_EXTENSION *ex, int loc);
+void *TS_TST_INFO_get_ext_d2i(TS_TST_INFO *a, int nid, int *crit, int *idx);
+/* Declarations related to response generation, defined in ts/ts_resp_sign.c. */
+/* Optional flags for response generation. */
+/* Don't include the TSA name in response. */
+#define TS_TSA_NAME             0x01
+/* Set ordering to true in response. */
+#define TS_ORDERING             0x02
+/*
+ * Include the signer certificate and the other specified certificates in
+ * the ESS signing certificate attribute beside the PKCS7 signed data.
+ * Only the signer certificates is included by default.
+ */
+#define TS_ESS_CERT_ID_CHAIN    0x04
+/* Forward declaration. */
+struct TS_resp_ctx;
+/* This must return a unique number less than 160 bits long. */
+typedef ASN1_INTEGER *(*TS_serial_cb)(struct TS_resp_ctx *, void *);
+/* This must return the seconds and microseconds since Jan 1, 1970 in
+   the sec and usec variables allocated by the caller. 
+   Return non-zero for success and zero for failure. */
+typedef int (*TS_time_cb)(struct TS_resp_ctx *, void *, long *sec, long *usec);
+/* This must process the given extension.
+ * It can modify the TS_TST_INFO object of the context.
+ * Return values: !0 (processed), 0 (error, it must set the 
+ * status info/failure info of the response).
+ */
+typedef int (*TS_extension_cb)(struct TS_resp_ctx *, X509_EXTENSION *, void *);
+typedef struct TS_resp_ctx
+        {
+        X509            *signer_cert;
+        EVP_PKEY        *signer_key;
+        STACK_OF(X509)  *certs; /* Certs to include in signed data. */
+        STACK_OF(ASN1_OBJECT)   *policies;      /* Acceptable policies. */
+        ASN1_OBJECT     *default_policy; /* It may appear in policies, too. */
+        STACK_OF(EVP_MD)        *mds;   /* Acceptable message digests. */
+        ASN1_INTEGER    *seconds;       /* accuracy, 0 means not specified. */
+        ASN1_INTEGER    *millis;        /* accuracy, 0 means not specified. */
+        ASN1_INTEGER    *micros;        /* accuracy, 0 means not specified. */
+        unsigned        clock_precision_digits; /* fraction of seconds in
+                                                   time stamp token. */
+        unsigned        flags;          /* Optional info, see values above. */
+        /* Callback functions. */
+        TS_serial_cb serial_cb;
+        void *serial_cb_data;   /* User data for serial_cb. */
+        
+        TS_time_cb time_cb;
+        void *time_cb_data;     /* User data for time_cb. */
+        
+        TS_extension_cb extension_cb;
+        void *extension_cb_data;        /* User data for extension_cb. */
+        /* These members are used only while creating the response. */
+        TS_REQ          *request;
+        TS_RESP         *response;
+        TS_TST_INFO     *tst_info;
+        } TS_RESP_CTX;
+DECLARE_STACK_OF(EVP_MD)
+DECLARE_ASN1_SET_OF(EVP_MD)
+/* Creates a response context that can be used for generating responses. */
+TS_RESP_CTX *TS_RESP_CTX_new(void);
+void TS_RESP_CTX_free(TS_RESP_CTX *ctx);
+/* This parameter must be set. */
+int TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer);
+/* This parameter must be set. */
+int TS_RESP_CTX_set_signer_key(TS_RESP_CTX *ctx, EVP_PKEY *key);
+/* This parameter must be set. */
+int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *def_policy);
+/* No additional certs are included in the response by default. */
+int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs);
+/* Adds a new acceptable policy, only the default policy 
+   is accepted by default. */
+int TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *policy);
+/* Adds a new acceptable message digest. Note that no message digests 
+   are accepted by default. The md argument is shared with the caller. */
+int TS_RESP_CTX_add_md(TS_RESP_CTX *ctx, const EVP_MD *md);
+/* Accuracy is not included by default. */
+int TS_RESP_CTX_set_accuracy(TS_RESP_CTX *ctx,
+                             int secs, int millis, int micros);
+/* Clock precision digits, i.e. the number of decimal digits: 
+   '0' means sec, '3' msec, '6' usec, and so on. Default is 0. */ 
+int TS_RESP_CTX_set_clock_precision_digits(TS_RESP_CTX *ctx,
+                                           unsigned clock_precision_digits);
+/* At most we accept usec precision. */ 
+#define TS_MAX_CLOCK_PRECISION_DIGITS   6
+/* No flags are set by default. */
+void TS_RESP_CTX_add_flags(TS_RESP_CTX *ctx, int flags);
+/* Default callback always returns a constant. */
+void TS_RESP_CTX_set_serial_cb(TS_RESP_CTX *ctx, TS_serial_cb cb, void *data);
+/* Default callback uses the gettimeofday() and gmtime() system calls. */
+void TS_RESP_CTX_set_time_cb(TS_RESP_CTX *ctx, TS_time_cb cb, void *data);
+/* Default callback rejects all extensions. The extension callback is called 
+ * when the TS_TST_INFO object is already set up and not signed yet. */
+/* FIXME: extension handling is not tested yet. */
+void TS_RESP_CTX_set_extension_cb(TS_RESP_CTX *ctx, 
+                                  TS_extension_cb cb, void *data);
+/* The following methods can be used in the callbacks. */
+int TS_RESP_CTX_set_status_info(TS_RESP_CTX *ctx, 
+                                int status, const char *text);
+/* Sets the status info only if it is still TS_STATUS_GRANTED. */
+int TS_RESP_CTX_set_status_info_cond(TS_RESP_CTX *ctx, 
+                                     int status, const char *text);
+int TS_RESP_CTX_add_failure_info(TS_RESP_CTX *ctx, int failure);
+/* The get methods below can be used in the extension callback. */
+TS_REQ *TS_RESP_CTX_get_request(TS_RESP_CTX *ctx);
+TS_TST_INFO *TS_RESP_CTX_get_tst_info(TS_RESP_CTX *ctx);
+/* 
+ * Creates the signed TS_TST_INFO and puts it in TS_RESP.
+ * In case of errors it sets the status info properly.
+ * Returns NULL only in case of memory allocation/fatal error.
+ */
+TS_RESP *TS_RESP_create_response(TS_RESP_CTX *ctx, BIO *req_bio);
+/*
+ * Declarations related to response verification,
+ * they are defined in ts/ts_resp_verify.c.
+ */
+int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs,
+                             X509_STORE *store, X509 **signer_out);
+/* Context structure for the generic verify method. */
+/* Verify the signer's certificate and the signature of the response. */
+#define TS_VFY_SIGNATURE        (1u << 0)
+/* Verify the version number of the response. */
+#define TS_VFY_VERSION          (1u << 1)
+/* Verify if the policy supplied by the user matches the policy of the TSA. */
+#define TS_VFY_POLICY           (1u << 2)
+/* Verify the message imprint provided by the user. This flag should not be
+   specified with TS_VFY_DATA. */
+#define TS_VFY_IMPRINT          (1u << 3)
+/* Verify the message imprint computed by the verify method from the user
+   provided data and the MD algorithm of the response. This flag should not be
+   specified with TS_VFY_IMPRINT. */
+#define TS_VFY_DATA             (1u << 4)
+/* Verify the nonce value. */
+#define TS_VFY_NONCE            (1u << 5)
+/* Verify if the TSA name field matches the signer certificate. */
+#define TS_VFY_SIGNER           (1u << 6)
+/* Verify if the TSA name field equals to the user provided name. */
+#define TS_VFY_TSA_NAME         (1u << 7)
+/* You can use the following convenience constants. */
+#define TS_VFY_ALL_IMPRINT      (TS_VFY_SIGNATURE       \
+                                 | TS_VFY_VERSION       \
+                                 | TS_VFY_POLICY        \
+                                 | TS_VFY_IMPRINT       \
+                                 | TS_VFY_NONCE         \
+                                 | TS_VFY_SIGNER        \
+                                 | TS_VFY_TSA_NAME)
+#define TS_VFY_ALL_DATA         (TS_VFY_SIGNATURE       \
+                                 | TS_VFY_VERSION       \
+                                 | TS_VFY_POLICY        \
+                                 | TS_VFY_DATA          \
+                                 | TS_VFY_NONCE         \
+                                 | TS_VFY_SIGNER        \
+                                 | TS_VFY_TSA_NAME)
+typedef struct TS_verify_ctx
+        {
+        /* Set this to the union of TS_VFY_... flags you want to carry out. */
+        unsigned        flags;
+        /* Must be set only with TS_VFY_SIGNATURE. certs is optional. */
+        X509_STORE      *store;
+        STACK_OF(X509)  *certs;
+        /* Must be set only with TS_VFY_POLICY. */
+        ASN1_OBJECT     *policy;
+        /* Must be set only with TS_VFY_IMPRINT. If md_alg is NULL, 
+           the algorithm from the response is used. */
+        X509_ALGOR      *md_alg;
+        unsigned char   *imprint;
+        unsigned        imprint_len;
+        /* Must be set only with TS_VFY_DATA. */
+        BIO             *data;
+        /* Must be set only with TS_VFY_TSA_NAME. */
+        ASN1_INTEGER    *nonce;
+        /* Must be set only with TS_VFY_TSA_NAME. */
+        GENERAL_NAME    *tsa_name;
+        } TS_VERIFY_CTX;
+int TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response);
+int TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token);
+/*
+ * Declarations related to response verification context,
+ * they are defined in ts/ts_verify_ctx.c.
+ */
+/* Set all fields to zero. */
+TS_VERIFY_CTX *TS_VERIFY_CTX_new(void);
+void TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx);
+void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx);
+void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx);
+/* 
+ * If ctx is NULL, it allocates and returns a new object, otherwise
+ * it returns ctx. It initialises all the members as follows:
+ * flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE)
+ * certs = NULL
+ * store = NULL
+ * policy = policy from the request or NULL if absent (in this case
+ *      TS_VFY_POLICY is cleared from flags as well)
+ * md_alg = MD algorithm from request
+ * imprint, imprint_len = imprint from request
+ * data = NULL
+ * nonce, nonce_len = nonce from the request or NULL if absent (in this case
+ *      TS_VFY_NONCE is cleared from flags as well)
+ * tsa_name = NULL
+ * Important: after calling this method TS_VFY_SIGNATURE should be added!
+ */
+TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx);
+/* Function declarations for TS_RESP defined in ts/ts_resp_print.c */
+int TS_RESP_print_bio(BIO *bio, TS_RESP *a);
+int TS_STATUS_INFO_print_bio(BIO *bio, TS_STATUS_INFO *a);
+int TS_TST_INFO_print_bio(BIO *bio, TS_TST_INFO *a);
+/* Common utility functions defined in ts/ts_lib.c */
+int TS_ASN1_INTEGER_print_bio(BIO *bio, const ASN1_INTEGER *num);
+int TS_OBJ_print_bio(BIO *bio, const ASN1_OBJECT *obj);
+int TS_ext_print_bio(BIO *bio, const STACK_OF(X509_EXTENSION) *extensions);
+int TS_X509_ALGOR_print_bio(BIO *bio, const X509_ALGOR *alg);
+int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *msg);
+/* Function declarations for handling configuration options,
+   defined in ts/ts_conf.c */
+X509 *TS_CONF_load_cert(const char *file);
+STACK_OF(X509) *TS_CONF_load_certs(const char *file);
+EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass);
+const char *TS_CONF_get_tsa_section(CONF *conf, const char *section);
+int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb,
+                       TS_RESP_CTX *ctx);
+int TS_CONF_set_crypto_device(CONF *conf, const char *section,
+                              const char *device);
+int TS_CONF_set_default_engine(const char *name);
+int TS_CONF_set_signer_cert(CONF *conf, const char *section,
+                            const char *cert, TS_RESP_CTX *ctx);
+int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs,
+                      TS_RESP_CTX *ctx);
+int TS_CONF_set_signer_key(CONF *conf, const char *section,
+                           const char *key, const char *pass, TS_RESP_CTX *ctx);
+int TS_CONF_set_def_policy(CONF *conf, const char *section,
+                           const char *policy, TS_RESP_CTX *ctx);
+int TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx);
+int TS_CONF_set_digests(CONF *conf, const char *section, TS_RESP_CTX *ctx);
+int TS_CONF_set_accuracy(CONF *conf, const char *section, TS_RESP_CTX *ctx);
+int TS_CONF_set_clock_precision_digits(CONF *conf, const char *section,
+                                       TS_RESP_CTX *ctx);
+int TS_CONF_set_ordering(CONF *conf, const char *section, TS_RESP_CTX *ctx);
+int TS_CONF_set_tsa_name(CONF *conf, const char *section, TS_RESP_CTX *ctx);
+int TS_CONF_set_ess_cert_id_chain(CONF *conf, const char *section,
+                                  TS_RESP_CTX *ctx);
+/* -------------------------------------------------- */
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_TS_strings(void);
+/* Error codes for the TS functions. */
+/* Function codes. */
+#define TS_F_D2I_TS_RESP                                 147
+#define TS_F_DEF_SERIAL_CB                               110
+#define TS_F_DEF_TIME_CB                                 111
+#define TS_F_ESS_ADD_SIGNING_CERT                        112
+#define TS_F_ESS_CERT_ID_NEW_INIT                        113
+#define TS_F_ESS_SIGNING_CERT_NEW_INIT                   114
+#define TS_F_INT_TS_RESP_VERIFY_TOKEN                    149
+#define TS_F_PKCS7_TO_TS_TST_INFO                        148
+#define TS_F_TS_ACCURACY_SET_MICROS                      115
+#define TS_F_TS_ACCURACY_SET_MILLIS                      116
+#define TS_F_TS_ACCURACY_SET_SECONDS                     117
+#define TS_F_TS_CHECK_IMPRINTS                           100
+#define TS_F_TS_CHECK_NONCES                             101
+#define TS_F_TS_CHECK_POLICY                             102
+#define TS_F_TS_CHECK_SIGNING_CERTS                      103
+#define TS_F_TS_CHECK_STATUS_INFO                        104
+#define TS_F_TS_COMPUTE_IMPRINT                          145
+#define TS_F_TS_CONF_SET_DEFAULT_ENGINE                  146
+#define TS_F_TS_GET_STATUS_TEXT                          105
+#define TS_F_TS_MSG_IMPRINT_SET_ALGO                     118
+#define TS_F_TS_REQ_SET_MSG_IMPRINT                      119
+#define TS_F_TS_REQ_SET_NONCE                            120
+#define TS_F_TS_REQ_SET_POLICY_ID                        121
+#define TS_F_TS_RESP_CREATE_RESPONSE                     122
+#define TS_F_TS_RESP_CREATE_TST_INFO                     123
+#define TS_F_TS_RESP_CTX_ADD_FAILURE_INFO                124
+#define TS_F_TS_RESP_CTX_ADD_MD                          125
+#define TS_F_TS_RESP_CTX_ADD_POLICY                      126
+#define TS_F_TS_RESP_CTX_NEW                             127
+#define TS_F_TS_RESP_CTX_SET_ACCURACY                    128
+#define TS_F_TS_RESP_CTX_SET_CERTS                       129
+#define TS_F_TS_RESP_CTX_SET_DEF_POLICY                  130
+#define TS_F_TS_RESP_CTX_SET_SIGNER_CERT                 131
+#define TS_F_TS_RESP_CTX_SET_STATUS_INFO                 132
+#define TS_F_TS_RESP_GET_POLICY                          133
+#define TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION          134
+#define TS_F_TS_RESP_SET_STATUS_INFO                     135
+#define TS_F_TS_RESP_SET_TST_INFO                        150
+#define TS_F_TS_RESP_SIGN                                136
+#define TS_F_TS_RESP_VERIFY_SIGNATURE                    106
+#define TS_F_TS_RESP_VERIFY_TOKEN                        107
+#define TS_F_TS_TST_INFO_SET_ACCURACY                    137
+#define TS_F_TS_TST_INFO_SET_MSG_IMPRINT                 138
+#define TS_F_TS_TST_INFO_SET_NONCE                       139
+#define TS_F_TS_TST_INFO_SET_POLICY_ID                   140
+#define TS_F_TS_TST_INFO_SET_SERIAL                      141
+#define TS_F_TS_TST_INFO_SET_TIME                        142
+#define TS_F_TS_TST_INFO_SET_TSA                         143
+#define TS_F_TS_VERIFY                                   108
+#define TS_F_TS_VERIFY_CERT                              109
+#define TS_F_TS_VERIFY_CTX_NEW                           144
+/* Reason codes. */
+#define TS_R_BAD_PKCS7_TYPE                              132
+#define TS_R_BAD_TYPE                                    133
+#define TS_R_CERTIFICATE_VERIFY_ERROR                    100
+#define TS_R_COULD_NOT_SET_ENGINE                        127
+#define TS_R_COULD_NOT_SET_TIME                          115
+#define TS_R_D2I_TS_RESP_INT_FAILED                      128
+#define TS_R_DETACHED_CONTENT                            134
+#define TS_R_ESS_ADD_SIGNING_CERT_ERROR                  116
+#define TS_R_ESS_SIGNING_CERTIFICATE_ERROR               101
+#define TS_R_INVALID_NULL_POINTER                        102
+#define TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE          117
+#define TS_R_MESSAGE_IMPRINT_MISMATCH                    103
+#define TS_R_NONCE_MISMATCH                              104
+#define TS_R_NONCE_NOT_RETURNED                          105
+#define TS_R_NO_CONTENT                                  106
+#define TS_R_NO_TIME_STAMP_TOKEN                         107
+#define TS_R_PKCS7_ADD_SIGNATURE_ERROR                   118
+#define TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR                 119
+#define TS_R_PKCS7_TO_TS_TST_INFO_FAILED                 129
+#define TS_R_POLICY_MISMATCH                             108
+#define TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE      120
+#define TS_R_RESPONSE_SETUP_ERROR                        121
+#define TS_R_SIGNATURE_FAILURE                           109
+#define TS_R_THERE_MUST_BE_ONE_SIGNER                    110
+#define TS_R_TIME_SYSCALL_ERROR                          122
+#define TS_R_TOKEN_NOT_PRESENT                           130
+#define TS_R_TOKEN_PRESENT                               131
+#define TS_R_TSA_NAME_MISMATCH                           111
+#define TS_R_TSA_UNTRUSTED                               112
+#define TS_R_TST_INFO_SETUP_ERROR                        123
+#define TS_R_TS_DATASIGN                                 124
+#define TS_R_UNACCEPTABLE_POLICY                         125
+#define TS_R_UNSUPPORTED_MD_ALGORITHM                    126
+#define TS_R_UNSUPPORTED_VERSION                         113
+#define TS_R_WRONG_CONTENT_TYPE                          114
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libcrypto/ts/ts_asn1.c b/src/lib/libcrypto/ts/ts_asn1.c
new file mode 100644
index 0000000000..40b730c5e2
--- /dev/null
+++ b/src/lib/libcrypto/ts/ts_asn1.c
@@ -0,0 +1,322 @@
+/* crypto/ts/ts_asn1.c */
+/* Written by Nils Larsch for the OpenSSL project 2004.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <openssl/ts.h>
+#include <openssl/err.h>
+#include <openssl/asn1t.h>
+ASN1_SEQUENCE(TS_MSG_IMPRINT) = {
+        ASN1_SIMPLE(TS_MSG_IMPRINT, hash_algo, X509_ALGOR),
+        ASN1_SIMPLE(TS_MSG_IMPRINT, hashed_msg, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(TS_MSG_IMPRINT)
+IMPLEMENT_ASN1_FUNCTIONS_const(TS_MSG_IMPRINT)
+IMPLEMENT_ASN1_DUP_FUNCTION(TS_MSG_IMPRINT)
+#ifndef OPENSSL_NO_BIO
+TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *bp, TS_MSG_IMPRINT **a)
+        {
+        return ASN1_d2i_bio_of(TS_MSG_IMPRINT, TS_MSG_IMPRINT_new, d2i_TS_MSG_IMPRINT, bp, a);
+        }
+int i2d_TS_MSG_IMPRINT_bio(BIO *bp, TS_MSG_IMPRINT *a)
+{
+        return ASN1_i2d_bio_of_const(TS_MSG_IMPRINT, i2d_TS_MSG_IMPRINT, bp, a);
+}
+#endif
+#ifndef OPENSSL_NO_FP_API
+TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a)
+        {
+        return ASN1_d2i_fp_of(TS_MSG_IMPRINT, TS_MSG_IMPRINT_new, d2i_TS_MSG_IMPRINT, fp, a);
+        }
+int i2d_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT *a)
+        {
+        return ASN1_i2d_fp_of_const(TS_MSG_IMPRINT, i2d_TS_MSG_IMPRINT, fp, a);
+        }
+#endif
+ASN1_SEQUENCE(TS_REQ) = {
+        ASN1_SIMPLE(TS_REQ, version, ASN1_INTEGER),
+        ASN1_SIMPLE(TS_REQ, msg_imprint, TS_MSG_IMPRINT),
+        ASN1_OPT(TS_REQ, policy_id, ASN1_OBJECT),
+        ASN1_OPT(TS_REQ, nonce, ASN1_INTEGER),
+        ASN1_OPT(TS_REQ, cert_req, ASN1_FBOOLEAN),
+        ASN1_IMP_SEQUENCE_OF_OPT(TS_REQ, extensions, X509_EXTENSION, 0)
+} ASN1_SEQUENCE_END(TS_REQ)
+IMPLEMENT_ASN1_FUNCTIONS_const(TS_REQ)
+IMPLEMENT_ASN1_DUP_FUNCTION(TS_REQ)
+#ifndef OPENSSL_NO_BIO
+TS_REQ *d2i_TS_REQ_bio(BIO *bp, TS_REQ **a)
+        {
+        return ASN1_d2i_bio_of(TS_REQ, TS_REQ_new, d2i_TS_REQ, bp, a);
+        }
+int i2d_TS_REQ_bio(BIO *bp, TS_REQ *a)
+        {
+        return ASN1_i2d_bio_of_const(TS_REQ, i2d_TS_REQ, bp, a);
+        }
+#endif
+#ifndef OPENSSL_NO_FP_API
+TS_REQ *d2i_TS_REQ_fp(FILE *fp, TS_REQ **a)
+        {
+        return ASN1_d2i_fp_of(TS_REQ, TS_REQ_new, d2i_TS_REQ, fp, a);
+        }
+int i2d_TS_REQ_fp(FILE *fp, TS_REQ *a)
+        {
+        return ASN1_i2d_fp_of_const(TS_REQ, i2d_TS_REQ, fp, a);
+        }
+#endif
+ASN1_SEQUENCE(TS_ACCURACY) = {
+        ASN1_OPT(TS_ACCURACY, seconds, ASN1_INTEGER),
+        ASN1_IMP_OPT(TS_ACCURACY, millis, ASN1_INTEGER, 0),
+        ASN1_IMP_OPT(TS_ACCURACY, micros, ASN1_INTEGER, 1)
+} ASN1_SEQUENCE_END(TS_ACCURACY)
+IMPLEMENT_ASN1_FUNCTIONS_const(TS_ACCURACY)
+IMPLEMENT_ASN1_DUP_FUNCTION(TS_ACCURACY)
+ASN1_SEQUENCE(TS_TST_INFO) = {
+        ASN1_SIMPLE(TS_TST_INFO, version, ASN1_INTEGER),
+        ASN1_SIMPLE(TS_TST_INFO, policy_id, ASN1_OBJECT),
+        ASN1_SIMPLE(TS_TST_INFO, msg_imprint, TS_MSG_IMPRINT),
+        ASN1_SIMPLE(TS_TST_INFO, serial, ASN1_INTEGER),
+        ASN1_SIMPLE(TS_TST_INFO, time, ASN1_GENERALIZEDTIME),
+        ASN1_OPT(TS_TST_INFO, accuracy, TS_ACCURACY),
+        ASN1_OPT(TS_TST_INFO, ordering, ASN1_FBOOLEAN),
+        ASN1_OPT(TS_TST_INFO, nonce, ASN1_INTEGER),
+        ASN1_EXP_OPT(TS_TST_INFO, tsa, GENERAL_NAME, 0),
+        ASN1_IMP_SEQUENCE_OF_OPT(TS_TST_INFO, extensions, X509_EXTENSION, 1)
+} ASN1_SEQUENCE_END(TS_TST_INFO)
+IMPLEMENT_ASN1_FUNCTIONS_const(TS_TST_INFO)
+IMPLEMENT_ASN1_DUP_FUNCTION(TS_TST_INFO)
+#ifndef OPENSSL_NO_BIO
+TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *bp, TS_TST_INFO **a)
+        {
+        return ASN1_d2i_bio_of(TS_TST_INFO, TS_TST_INFO_new, d2i_TS_TST_INFO, bp, a);
+        }
+int i2d_TS_TST_INFO_bio(BIO *bp, TS_TST_INFO *a)
+        {
+        return ASN1_i2d_bio_of_const(TS_TST_INFO, i2d_TS_TST_INFO, bp, a);
+        }
+#endif
+#ifndef OPENSSL_NO_FP_API
+TS_TST_INFO *d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a)
+        {
+        return ASN1_d2i_fp_of(TS_TST_INFO, TS_TST_INFO_new, d2i_TS_TST_INFO, fp, a);
+        }
+int i2d_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO *a)
+        {
+        return ASN1_i2d_fp_of_const(TS_TST_INFO, i2d_TS_TST_INFO, fp, a);
+        }
+#endif
+ASN1_SEQUENCE(TS_STATUS_INFO) = {
+        ASN1_SIMPLE(TS_STATUS_INFO, status, ASN1_INTEGER),
+        ASN1_SEQUENCE_OF_OPT(TS_STATUS_INFO, text, ASN1_UTF8STRING),
+        ASN1_OPT(TS_STATUS_INFO, failure_info, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END(TS_STATUS_INFO)
+IMPLEMENT_ASN1_FUNCTIONS_const(TS_STATUS_INFO)
+IMPLEMENT_ASN1_DUP_FUNCTION(TS_STATUS_INFO)
+static int ts_resp_set_tst_info(TS_RESP *a)
+{
+        long    status;
+        status = ASN1_INTEGER_get(a->status_info->status);
+        if (a->token) {
+                if (status != 0 && status != 1) {
+                        TSerr(TS_F_TS_RESP_SET_TST_INFO, TS_R_TOKEN_PRESENT);
+                        return 0;
+                }
+                if (a->tst_info != NULL)
+                        TS_TST_INFO_free(a->tst_info);
+                a->tst_info = PKCS7_to_TS_TST_INFO(a->token);
+                if (!a->tst_info) {
+                        TSerr(TS_F_TS_RESP_SET_TST_INFO, TS_R_PKCS7_TO_TS_TST_INFO_FAILED);
+                        return 0;
+                }
+        } else if (status == 0 || status == 1) {
+                TSerr(TS_F_TS_RESP_SET_TST_INFO, TS_R_TOKEN_NOT_PRESENT);
+                return 0;
+        }
+        return 1;
+}
+static int ts_resp_cb(int op, ASN1_VALUE **pval, const ASN1_ITEM *it,
+        void *exarg)
+{
+        TS_RESP *ts_resp = (TS_RESP *)*pval;
+        if (op == ASN1_OP_NEW_POST) {
+                ts_resp->tst_info = NULL;
+        } else if (op == ASN1_OP_FREE_POST) {
+                if (ts_resp->tst_info != NULL)
+                        TS_TST_INFO_free(ts_resp->tst_info);
+        } else if (op == ASN1_OP_D2I_POST) {
+                if (ts_resp_set_tst_info(ts_resp) == 0)
+                        return 0;
+        }
+        return 1;
+}
+ASN1_SEQUENCE_cb(TS_RESP, ts_resp_cb) = {
+        ASN1_SIMPLE(TS_RESP, status_info, TS_STATUS_INFO),
+        ASN1_OPT(TS_RESP, token, PKCS7),
+} ASN1_SEQUENCE_END_cb(TS_RESP, TS_RESP)
+IMPLEMENT_ASN1_FUNCTIONS_const(TS_RESP)
+IMPLEMENT_ASN1_DUP_FUNCTION(TS_RESP)
+#ifndef OPENSSL_NO_BIO
+TS_RESP *d2i_TS_RESP_bio(BIO *bp, TS_RESP **a)
+        {
+        return ASN1_d2i_bio_of(TS_RESP, TS_RESP_new, d2i_TS_RESP, bp, a);
+        }
+int i2d_TS_RESP_bio(BIO *bp, TS_RESP *a)
+        {
+        return ASN1_i2d_bio_of_const(TS_RESP, i2d_TS_RESP, bp, a);
+        }
+#endif
+#ifndef OPENSSL_NO_FP_API
+TS_RESP *d2i_TS_RESP_fp(FILE *fp, TS_RESP **a)
+        {
+        return ASN1_d2i_fp_of(TS_RESP, TS_RESP_new, d2i_TS_RESP, fp, a);
+        }
+int i2d_TS_RESP_fp(FILE *fp, TS_RESP *a)
+        {
+        return ASN1_i2d_fp_of_const(TS_RESP, i2d_TS_RESP, fp, a);
+        }
+#endif
+ASN1_SEQUENCE(ESS_ISSUER_SERIAL) = {
+        ASN1_SEQUENCE_OF(ESS_ISSUER_SERIAL, issuer, GENERAL_NAME),
+        ASN1_SIMPLE(ESS_ISSUER_SERIAL, serial, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(ESS_ISSUER_SERIAL)
+IMPLEMENT_ASN1_FUNCTIONS_const(ESS_ISSUER_SERIAL)
+IMPLEMENT_ASN1_DUP_FUNCTION(ESS_ISSUER_SERIAL)
+ASN1_SEQUENCE(ESS_CERT_ID) = {
+        ASN1_SIMPLE(ESS_CERT_ID, hash, ASN1_OCTET_STRING),
+        ASN1_OPT(ESS_CERT_ID, issuer_serial, ESS_ISSUER_SERIAL)
+} ASN1_SEQUENCE_END(ESS_CERT_ID)
+IMPLEMENT_ASN1_FUNCTIONS_const(ESS_CERT_ID)
+IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID)
+ASN1_SEQUENCE(ESS_SIGNING_CERT) = {
+        ASN1_SEQUENCE_OF(ESS_SIGNING_CERT, cert_ids, ESS_CERT_ID),
+        ASN1_SEQUENCE_OF_OPT(ESS_SIGNING_CERT, policy_info, POLICYINFO)
+} ASN1_SEQUENCE_END(ESS_SIGNING_CERT)
+IMPLEMENT_ASN1_FUNCTIONS_const(ESS_SIGNING_CERT)
+IMPLEMENT_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT)
+/* Getting encapsulated TS_TST_INFO object from PKCS7. */
+TS_TST_INFO *PKCS7_to_TS_TST_INFO(PKCS7 *token)
+{
+        PKCS7_SIGNED *pkcs7_signed;
+        PKCS7 *enveloped;
+        ASN1_TYPE *tst_info_wrapper;
+        ASN1_OCTET_STRING *tst_info_der;
+        const unsigned char *p;
+        if (!PKCS7_type_is_signed(token))
+                {
+                TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_BAD_PKCS7_TYPE);
+                return NULL;
+                }
+        /* Content must be present. */
+        if (PKCS7_get_detached(token))
+                {
+                TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_DETACHED_CONTENT);
+                return NULL;
+                }
+        /* We have a signed data with content. */
+        pkcs7_signed = token->d.sign;
+        enveloped = pkcs7_signed->contents;
+        if (OBJ_obj2nid(enveloped->type) != NID_id_smime_ct_TSTInfo)
+                {
+                TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_BAD_PKCS7_TYPE);
+                return NULL;
+                }
+        /* We have a DER encoded TST_INFO as the signed data. */
+        tst_info_wrapper = enveloped->d.other;
+        if (tst_info_wrapper->type != V_ASN1_OCTET_STRING)
+                {
+                TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_BAD_TYPE);
+                return NULL;
+                }
+        /* We have the correct ASN1_OCTET_STRING type. */
+        tst_info_der = tst_info_wrapper->value.octet_string;
+        /* At last, decode the TST_INFO. */
+        p = tst_info_der->data;
+        return d2i_TS_TST_INFO(NULL, &p, tst_info_der->length);
+}
diff --git a/src/lib/libcrypto/ts/ts_conf.c b/src/lib/libcrypto/ts/ts_conf.c
new file mode 100644
index 0000000000..c39be76f28
--- /dev/null
+++ b/src/lib/libcrypto/ts/ts_conf.c
@@ -0,0 +1,507 @@
+/* crypto/ts/ts_conf.c */
+/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
+ * project 2002.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <string.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/pem.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+#include <openssl/ts.h>
+/* Macro definitions for the configuration file. */
+#define BASE_SECTION                    "tsa"
+#define ENV_DEFAULT_TSA                 "default_tsa"
+#define ENV_SERIAL                      "serial"
+#define ENV_CRYPTO_DEVICE               "crypto_device"
+#define ENV_SIGNER_CERT                 "signer_cert"
+#define ENV_CERTS                       "certs"
+#define ENV_SIGNER_KEY                  "signer_key"
+#define ENV_DEFAULT_POLICY              "default_policy"
+#define ENV_OTHER_POLICIES              "other_policies"
+#define ENV_DIGESTS                     "digests"
+#define ENV_ACCURACY                    "accuracy"
+#define ENV_ORDERING                    "ordering"
+#define ENV_TSA_NAME                    "tsa_name"
+#define ENV_ESS_CERT_ID_CHAIN           "ess_cert_id_chain"
+#define ENV_VALUE_SECS                  "secs"
+#define ENV_VALUE_MILLISECS             "millisecs"
+#define ENV_VALUE_MICROSECS             "microsecs"
+#define ENV_CLOCK_PRECISION_DIGITS      "clock_precision_digits" 
+#define ENV_VALUE_YES                   "yes"
+#define ENV_VALUE_NO                    "no"
+/* Function definitions for certificate and key loading. */
+X509 *TS_CONF_load_cert(const char *file)
+        {
+        BIO *cert = NULL;
+        X509 *x = NULL;
+        if ((cert = BIO_new_file(file, "r")) == NULL) goto end;
+        x = PEM_read_bio_X509_AUX(cert, NULL, NULL, NULL);
+end:
+        if (x == NULL)
+                fprintf(stderr, "unable to load certificate: %s\n", file);
+        BIO_free(cert);
+        return x;
+        }
+STACK_OF(X509) *TS_CONF_load_certs(const char *file)
+        {
+        BIO *certs = NULL;
+        STACK_OF(X509) *othercerts = NULL;
+        STACK_OF(X509_INFO) *allcerts = NULL;
+        int i;
+        if (!(certs = BIO_new_file(file, "r"))) goto end;
+        if (!(othercerts = sk_X509_new_null())) goto end;
+        allcerts = PEM_X509_INFO_read_bio(certs, NULL, NULL, NULL);
+        for(i = 0; i < sk_X509_INFO_num(allcerts); i++)
+                {
+                X509_INFO *xi = sk_X509_INFO_value(allcerts, i);
+                if (xi->x509)
+                        {
+                        sk_X509_push(othercerts, xi->x509);
+                        xi->x509 = NULL;
+                        }
+                }
+end:
+        if (othercerts == NULL)
+                fprintf(stderr, "unable to load certificates: %s\n", file);
+        sk_X509_INFO_pop_free(allcerts, X509_INFO_free);
+        BIO_free(certs);
+        return othercerts;
+        }
+EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass)
+        {
+        BIO *key = NULL;
+        EVP_PKEY *pkey = NULL;
+        if (!(key = BIO_new_file(file, "r"))) goto end;
+        pkey = PEM_read_bio_PrivateKey(key, NULL, NULL, (char *) pass);
+ end:
+        if (pkey == NULL)
+                fprintf(stderr, "unable to load private key: %s\n", file);
+        BIO_free(key);
+        return pkey;
+        }
+/* Function definitions for handling configuration options. */
+static void TS_CONF_lookup_fail(const char *name, const char *tag)
+        {
+        fprintf(stderr, "variable lookup failed for %s::%s\n", name, tag);
+        }
+static void TS_CONF_invalid(const char *name, const char *tag)
+        {
+        fprintf(stderr, "invalid variable value for %s::%s\n", name, tag);
+        }
+const char *TS_CONF_get_tsa_section(CONF *conf, const char *section)
+        {
+        if (!section)
+                {
+                section = NCONF_get_string(conf, BASE_SECTION, ENV_DEFAULT_TSA);
+                if (!section)
+                        TS_CONF_lookup_fail(BASE_SECTION, ENV_DEFAULT_TSA);
+                }
+        return section;
+        }
+int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb,
+                       TS_RESP_CTX *ctx)
+        {
+        int ret = 0;
+        char *serial = NCONF_get_string(conf, section, ENV_SERIAL);
+        if (!serial)
+                {
+                TS_CONF_lookup_fail(section, ENV_SERIAL);
+                goto err;
+                }
+        TS_RESP_CTX_set_serial_cb(ctx, cb, serial);
+        ret = 1;
+ err:
+        return ret;
+        }
+#ifndef OPENSSL_NO_ENGINE
+int TS_CONF_set_crypto_device(CONF *conf, const char *section,
+                              const char *device)
+        {
+        int ret = 0;
+        
+        if (!device)
+                device = NCONF_get_string(conf, section,
+                                          ENV_CRYPTO_DEVICE);
+        if (device && !TS_CONF_set_default_engine(device))
+                {
+                TS_CONF_invalid(section, ENV_CRYPTO_DEVICE);
+                goto err;
+                }
+        ret = 1;
+ err:
+        return ret;
+        }
+int TS_CONF_set_default_engine(const char *name)
+        {
+        ENGINE *e = NULL;
+        int ret = 0;
+        /* Leave the default if builtin specified. */
+        if (strcmp(name, "builtin") == 0) return 1;
+        if (!(e = ENGINE_by_id(name))) goto err;
+        /* Enable the use of the NCipher HSM for forked children. */
+        if (strcmp(name, "chil") == 0) 
+                ENGINE_ctrl(e, ENGINE_CTRL_CHIL_SET_FORKCHECK, 1, 0, 0);
+        /* All the operations are going to be carried out by the engine. */
+        if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) goto err;
+        ret = 1;
+ err:
+        if (!ret)
+                {
+                TSerr(TS_F_TS_CONF_SET_DEFAULT_ENGINE, 
+                      TS_R_COULD_NOT_SET_ENGINE);
+                ERR_add_error_data(2, "engine:", name);
+                }
+        if (e) ENGINE_free(e);
+        return ret;
+        }
+#endif
+int TS_CONF_set_signer_cert(CONF *conf, const char *section,
+                            const char *cert, TS_RESP_CTX *ctx)
+        {
+        int ret = 0;
+        X509 *cert_obj = NULL;
+        if (!cert) 
+                cert = NCONF_get_string(conf, section, ENV_SIGNER_CERT);
+        if (!cert)
+                {
+                TS_CONF_lookup_fail(section, ENV_SIGNER_CERT);
+                goto err;
+                }
+        if (!(cert_obj = TS_CONF_load_cert(cert)))
+                goto err;
+        if (!TS_RESP_CTX_set_signer_cert(ctx, cert_obj))
+                goto err;
+        ret = 1;
+ err:
+        X509_free(cert_obj);
+        return ret;
+        }
+int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs,
+                      TS_RESP_CTX *ctx)
+        {
+        int ret = 0;
+        STACK_OF(X509) *certs_obj = NULL;
+        if (!certs) 
+                certs = NCONF_get_string(conf, section, ENV_CERTS);
+        /* Certificate chain is optional. */
+        if (!certs) goto end;
+        if (!(certs_obj = TS_CONF_load_certs(certs))) goto err;
+        if (!TS_RESP_CTX_set_certs(ctx, certs_obj)) goto err;
+ end:
+        ret = 1;
+ err:
+        sk_X509_pop_free(certs_obj, X509_free);
+        return ret;
+        }
+int TS_CONF_set_signer_key(CONF *conf, const char *section,
+                           const char *key, const char *pass,
+                           TS_RESP_CTX *ctx)
+        {
+        int ret = 0;
+        EVP_PKEY *key_obj = NULL;
+        if (!key) 
+                key = NCONF_get_string(conf, section, ENV_SIGNER_KEY);
+        if (!key)
+                {
+                TS_CONF_lookup_fail(section, ENV_SIGNER_KEY);
+                goto err;
+                }
+        if (!(key_obj = TS_CONF_load_key(key, pass))) goto err;
+        if (!TS_RESP_CTX_set_signer_key(ctx, key_obj)) goto err;
+        ret = 1;
+ err:
+        EVP_PKEY_free(key_obj);
+        return ret;
+        }
+int TS_CONF_set_def_policy(CONF *conf, const char *section,
+                           const char *policy, TS_RESP_CTX *ctx)
+        {
+        int ret = 0;
+        ASN1_OBJECT *policy_obj = NULL;
+        if (!policy) 
+                policy = NCONF_get_string(conf, section, 
+                                          ENV_DEFAULT_POLICY);
+        if (!policy)
+                {
+                TS_CONF_lookup_fail(section, ENV_DEFAULT_POLICY);
+                goto err;
+                }
+        if (!(policy_obj = OBJ_txt2obj(policy, 0)))
+                {
+                TS_CONF_invalid(section, ENV_DEFAULT_POLICY);
+                goto err;
+                }
+        if (!TS_RESP_CTX_set_def_policy(ctx, policy_obj))
+                goto err;
+        ret = 1;
+ err:
+        ASN1_OBJECT_free(policy_obj);
+        return ret;
+        }
+int TS_CONF_set_policies(CONF *conf, const char *section,
+                         TS_RESP_CTX *ctx)
+        {
+        int ret = 0;
+        int i;
+        STACK_OF(CONF_VALUE) *list = NULL;
+        char *policies = NCONF_get_string(conf, section, 
+                                          ENV_OTHER_POLICIES);
+        /* If no other policy is specified, that's fine. */
+        if (policies && !(list = X509V3_parse_list(policies)))
+                {
+                TS_CONF_invalid(section, ENV_OTHER_POLICIES);
+                goto err;
+                }
+        for (i = 0; i < sk_CONF_VALUE_num(list); ++i)
+                {
+                CONF_VALUE *val = sk_CONF_VALUE_value(list, i);
+                const char *extval = val->value ? val->value : val->name;
+                ASN1_OBJECT *objtmp;
+                if (!(objtmp = OBJ_txt2obj(extval, 0)))
+                        {
+                        TS_CONF_invalid(section, ENV_OTHER_POLICIES);
+                        goto err;
+                        }
+                if (!TS_RESP_CTX_add_policy(ctx, objtmp))
+                        goto err;
+                ASN1_OBJECT_free(objtmp);
+                }
+        ret = 1;
+ err:
+        sk_CONF_VALUE_pop_free(list, X509V3_conf_free);
+        return ret;
+        }
+int TS_CONF_set_digests(CONF *conf, const char *section,
+                        TS_RESP_CTX *ctx)
+        {
+        int ret = 0;
+        int i;
+        STACK_OF(CONF_VALUE) *list = NULL;
+        char *digests = NCONF_get_string(conf, section, ENV_DIGESTS);
+        if (!digests)
+                {
+                TS_CONF_lookup_fail(section, ENV_DIGESTS);
+                goto err;
+                }
+        if (!(list = X509V3_parse_list(digests)))
+                {
+                TS_CONF_invalid(section, ENV_DIGESTS);
+                goto err;
+                }
+        if (sk_CONF_VALUE_num(list) == 0)
+                {
+                TS_CONF_invalid(section, ENV_DIGESTS);
+                goto err;
+                }
+        for (i = 0; i < sk_CONF_VALUE_num(list); ++i)
+                {
+                CONF_VALUE *val = sk_CONF_VALUE_value(list, i);
+                const char *extval = val->value ? val->value : val->name;
+                const EVP_MD *md;
+                if (!(md = EVP_get_digestbyname(extval)))
+                        {
+                        TS_CONF_invalid(section, ENV_DIGESTS);
+                        goto err;
+                        }
+                if (!TS_RESP_CTX_add_md(ctx, md))
+                        goto err;
+                }
+        ret = 1;
+ err:
+        sk_CONF_VALUE_pop_free(list, X509V3_conf_free);
+        return ret;
+        }
+int TS_CONF_set_accuracy(CONF *conf, const char *section, TS_RESP_CTX *ctx)
+        {
+        int ret = 0;
+        int i;
+        int secs = 0, millis = 0, micros = 0;
+        STACK_OF(CONF_VALUE) *list = NULL;
+        char *accuracy = NCONF_get_string(conf, section, ENV_ACCURACY);
+        if (accuracy && !(list = X509V3_parse_list(accuracy)))
+                {
+                TS_CONF_invalid(section, ENV_ACCURACY);
+                goto err;
+                }
+        for (i = 0; i < sk_CONF_VALUE_num(list); ++i)
+                {
+                CONF_VALUE *val = sk_CONF_VALUE_value(list, i);
+                if (strcmp(val->name, ENV_VALUE_SECS) == 0) 
+                        {
+                        if (val->value) secs = atoi(val->value);
+                        }
+                else if (strcmp(val->name, ENV_VALUE_MILLISECS) == 0)
+                        {
+                        if (val->value) millis = atoi(val->value);
+                        }
+                else if (strcmp(val->name, ENV_VALUE_MICROSECS) == 0)
+                        {
+                        if (val->value) micros = atoi(val->value);
+                        }
+                else
+                        {
+                        TS_CONF_invalid(section, ENV_ACCURACY);
+                        goto err;
+                        }
+                }
+        if (!TS_RESP_CTX_set_accuracy(ctx, secs, millis, micros))
+                goto err;
+        ret = 1;
+ err:
+        sk_CONF_VALUE_pop_free(list, X509V3_conf_free);
+        return ret;
+        }
+int TS_CONF_set_clock_precision_digits(CONF *conf, const char *section,
+                                       TS_RESP_CTX *ctx)
+        {
+        int ret = 0;
+        long digits = 0;
+        
+        /* If not specified, set the default value to 0, i.e. sec  precision */
+        if (!NCONF_get_number_e(conf, section, ENV_CLOCK_PRECISION_DIGITS,
+                                &digits))
+                digits = 0;
+        if (digits < 0 || digits > TS_MAX_CLOCK_PRECISION_DIGITS)
+                {
+                TS_CONF_invalid(section, ENV_CLOCK_PRECISION_DIGITS);
+                goto err;
+                }
+        if (!TS_RESP_CTX_set_clock_precision_digits(ctx, digits))
+                goto err;
+        return 1;
+ err:
+        return ret;
+        }
+static int TS_CONF_add_flag(CONF *conf, const char *section, const char *field,
+                            int flag, TS_RESP_CTX *ctx)
+        {
+        /* Default is false. */
+        const char *value = NCONF_get_string(conf, section, field);
+        if (value)
+                {
+                if (strcmp(value, ENV_VALUE_YES) == 0)
+                        TS_RESP_CTX_add_flags(ctx, flag);
+                else if (strcmp(value, ENV_VALUE_NO) != 0)
+                        {
+                        TS_CONF_invalid(section, field);
+                        return 0;
+                        }
+                }
+        return 1;
+        }
+int TS_CONF_set_ordering(CONF *conf, const char *section, TS_RESP_CTX *ctx)
+        {
+        return TS_CONF_add_flag(conf, section, ENV_ORDERING, TS_ORDERING, ctx);
+        }
+int TS_CONF_set_tsa_name(CONF *conf, const char *section, TS_RESP_CTX *ctx)
+        {
+        return TS_CONF_add_flag(conf, section, ENV_TSA_NAME, TS_TSA_NAME, ctx);
+        }
+int TS_CONF_set_ess_cert_id_chain(CONF *conf, const char *section,
+                                  TS_RESP_CTX *ctx)
+        {
+        return TS_CONF_add_flag(conf, section, ENV_ESS_CERT_ID_CHAIN, 
+                                TS_ESS_CERT_ID_CHAIN, ctx);
+        }
diff --git a/src/lib/libcrypto/ts/ts_err.c b/src/lib/libcrypto/ts/ts_err.c
new file mode 100644
index 0000000000..a08b0ffa23
--- /dev/null
+++ b/src/lib/libcrypto/ts/ts_err.c
@@ -0,0 +1,179 @@
+/* crypto/ts/ts_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/ts.h>
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_TS,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_TS,0,reason)
+static ERR_STRING_DATA TS_str_functs[]=
+        {
+{ERR_FUNC(TS_F_D2I_TS_RESP),    "d2i_TS_RESP"},
+{ERR_FUNC(TS_F_DEF_SERIAL_CB),  "DEF_SERIAL_CB"},
+{ERR_FUNC(TS_F_DEF_TIME_CB),    "DEF_TIME_CB"},
+{ERR_FUNC(TS_F_ESS_ADD_SIGNING_CERT),   "ESS_ADD_SIGNING_CERT"},
+{ERR_FUNC(TS_F_ESS_CERT_ID_NEW_INIT),   "ESS_CERT_ID_NEW_INIT"},
+{ERR_FUNC(TS_F_ESS_SIGNING_CERT_NEW_INIT),      "ESS_SIGNING_CERT_NEW_INIT"},
+{ERR_FUNC(TS_F_INT_TS_RESP_VERIFY_TOKEN),       "INT_TS_RESP_VERIFY_TOKEN"},
+{ERR_FUNC(TS_F_PKCS7_TO_TS_TST_INFO),   "PKCS7_to_TS_TST_INFO"},
+{ERR_FUNC(TS_F_TS_ACCURACY_SET_MICROS), "TS_ACCURACY_set_micros"},
+{ERR_FUNC(TS_F_TS_ACCURACY_SET_MILLIS), "TS_ACCURACY_set_millis"},
+{ERR_FUNC(TS_F_TS_ACCURACY_SET_SECONDS),        "TS_ACCURACY_set_seconds"},
+{ERR_FUNC(TS_F_TS_CHECK_IMPRINTS),      "TS_CHECK_IMPRINTS"},
+{ERR_FUNC(TS_F_TS_CHECK_NONCES),        "TS_CHECK_NONCES"},
+{ERR_FUNC(TS_F_TS_CHECK_POLICY),        "TS_CHECK_POLICY"},
+{ERR_FUNC(TS_F_TS_CHECK_SIGNING_CERTS), "TS_CHECK_SIGNING_CERTS"},
+{ERR_FUNC(TS_F_TS_CHECK_STATUS_INFO),   "TS_CHECK_STATUS_INFO"},
+{ERR_FUNC(TS_F_TS_COMPUTE_IMPRINT),     "TS_COMPUTE_IMPRINT"},
+{ERR_FUNC(TS_F_TS_CONF_SET_DEFAULT_ENGINE),     "TS_CONF_set_default_engine"},
+{ERR_FUNC(TS_F_TS_GET_STATUS_TEXT),     "TS_GET_STATUS_TEXT"},
+{ERR_FUNC(TS_F_TS_MSG_IMPRINT_SET_ALGO),        "TS_MSG_IMPRINT_set_algo"},
+{ERR_FUNC(TS_F_TS_REQ_SET_MSG_IMPRINT), "TS_REQ_set_msg_imprint"},
+{ERR_FUNC(TS_F_TS_REQ_SET_NONCE),       "TS_REQ_set_nonce"},
+{ERR_FUNC(TS_F_TS_REQ_SET_POLICY_ID),   "TS_REQ_set_policy_id"},
+{ERR_FUNC(TS_F_TS_RESP_CREATE_RESPONSE),        "TS_RESP_create_response"},
+{ERR_FUNC(TS_F_TS_RESP_CREATE_TST_INFO),        "TS_RESP_CREATE_TST_INFO"},
+{ERR_FUNC(TS_F_TS_RESP_CTX_ADD_FAILURE_INFO),   "TS_RESP_CTX_add_failure_info"},
+{ERR_FUNC(TS_F_TS_RESP_CTX_ADD_MD),     "TS_RESP_CTX_add_md"},
+{ERR_FUNC(TS_F_TS_RESP_CTX_ADD_POLICY), "TS_RESP_CTX_add_policy"},
+{ERR_FUNC(TS_F_TS_RESP_CTX_NEW),        "TS_RESP_CTX_new"},
+{ERR_FUNC(TS_F_TS_RESP_CTX_SET_ACCURACY),       "TS_RESP_CTX_set_accuracy"},
+{ERR_FUNC(TS_F_TS_RESP_CTX_SET_CERTS),  "TS_RESP_CTX_set_certs"},
+{ERR_FUNC(TS_F_TS_RESP_CTX_SET_DEF_POLICY),     "TS_RESP_CTX_set_def_policy"},
+{ERR_FUNC(TS_F_TS_RESP_CTX_SET_SIGNER_CERT),    "TS_RESP_CTX_set_signer_cert"},
+{ERR_FUNC(TS_F_TS_RESP_CTX_SET_STATUS_INFO),    "TS_RESP_CTX_set_status_info"},
+{ERR_FUNC(TS_F_TS_RESP_GET_POLICY),     "TS_RESP_GET_POLICY"},
+{ERR_FUNC(TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION),     "TS_RESP_SET_GENTIME_WITH_PRECISION"},
+{ERR_FUNC(TS_F_TS_RESP_SET_STATUS_INFO),        "TS_RESP_set_status_info"},
+{ERR_FUNC(TS_F_TS_RESP_SET_TST_INFO),   "TS_RESP_set_tst_info"},
+{ERR_FUNC(TS_F_TS_RESP_SIGN),   "TS_RESP_SIGN"},
+{ERR_FUNC(TS_F_TS_RESP_VERIFY_SIGNATURE),       "TS_RESP_verify_signature"},
+{ERR_FUNC(TS_F_TS_RESP_VERIFY_TOKEN),   "TS_RESP_verify_token"},
+{ERR_FUNC(TS_F_TS_TST_INFO_SET_ACCURACY),       "TS_TST_INFO_set_accuracy"},
+{ERR_FUNC(TS_F_TS_TST_INFO_SET_MSG_IMPRINT),    "TS_TST_INFO_set_msg_imprint"},
+{ERR_FUNC(TS_F_TS_TST_INFO_SET_NONCE),  "TS_TST_INFO_set_nonce"},
+{ERR_FUNC(TS_F_TS_TST_INFO_SET_POLICY_ID),      "TS_TST_INFO_set_policy_id"},
+{ERR_FUNC(TS_F_TS_TST_INFO_SET_SERIAL), "TS_TST_INFO_set_serial"},
+{ERR_FUNC(TS_F_TS_TST_INFO_SET_TIME),   "TS_TST_INFO_set_time"},
+{ERR_FUNC(TS_F_TS_TST_INFO_SET_TSA),    "TS_TST_INFO_set_tsa"},
+{ERR_FUNC(TS_F_TS_VERIFY),      "TS_VERIFY"},
+{ERR_FUNC(TS_F_TS_VERIFY_CERT), "TS_VERIFY_CERT"},
+{ERR_FUNC(TS_F_TS_VERIFY_CTX_NEW),      "TS_VERIFY_CTX_new"},
+{0,NULL}
+        };
+static ERR_STRING_DATA TS_str_reasons[]=
+        {
+{ERR_REASON(TS_R_BAD_PKCS7_TYPE)         ,"bad pkcs7 type"},
+{ERR_REASON(TS_R_BAD_TYPE)               ,"bad type"},
+{ERR_REASON(TS_R_CERTIFICATE_VERIFY_ERROR),"certificate verify error"},
+{ERR_REASON(TS_R_COULD_NOT_SET_ENGINE)   ,"could not set engine"},
+{ERR_REASON(TS_R_COULD_NOT_SET_TIME)     ,"could not set time"},
+{ERR_REASON(TS_R_D2I_TS_RESP_INT_FAILED) ,"d2i ts resp int failed"},
+{ERR_REASON(TS_R_DETACHED_CONTENT)       ,"detached content"},
+{ERR_REASON(TS_R_ESS_ADD_SIGNING_CERT_ERROR),"ess add signing cert error"},
+{ERR_REASON(TS_R_ESS_SIGNING_CERTIFICATE_ERROR),"ess signing certificate error"},
+{ERR_REASON(TS_R_INVALID_NULL_POINTER)   ,"invalid null pointer"},
+{ERR_REASON(TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE),"invalid signer certificate purpose"},
+{ERR_REASON(TS_R_MESSAGE_IMPRINT_MISMATCH),"message imprint mismatch"},
+{ERR_REASON(TS_R_NONCE_MISMATCH)         ,"nonce mismatch"},
+{ERR_REASON(TS_R_NONCE_NOT_RETURNED)     ,"nonce not returned"},
+{ERR_REASON(TS_R_NO_CONTENT)             ,"no content"},
+{ERR_REASON(TS_R_NO_TIME_STAMP_TOKEN)    ,"no time stamp token"},
+{ERR_REASON(TS_R_PKCS7_ADD_SIGNATURE_ERROR),"pkcs7 add signature error"},
+{ERR_REASON(TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR),"pkcs7 add signed attr error"},
+{ERR_REASON(TS_R_PKCS7_TO_TS_TST_INFO_FAILED),"pkcs7 to ts tst info failed"},
+{ERR_REASON(TS_R_POLICY_MISMATCH)        ,"policy mismatch"},
+{ERR_REASON(TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),"private key does not match certificate"},
+{ERR_REASON(TS_R_RESPONSE_SETUP_ERROR)   ,"response setup error"},
+{ERR_REASON(TS_R_SIGNATURE_FAILURE)      ,"signature failure"},
+{ERR_REASON(TS_R_THERE_MUST_BE_ONE_SIGNER),"there must be one signer"},
+{ERR_REASON(TS_R_TIME_SYSCALL_ERROR)     ,"time syscall error"},
+{ERR_REASON(TS_R_TOKEN_NOT_PRESENT)      ,"token not present"},
+{ERR_REASON(TS_R_TOKEN_PRESENT)          ,"token present"},
+{ERR_REASON(TS_R_TSA_NAME_MISMATCH)      ,"tsa name mismatch"},
+{ERR_REASON(TS_R_TSA_UNTRUSTED)          ,"tsa untrusted"},
+{ERR_REASON(TS_R_TST_INFO_SETUP_ERROR)   ,"tst info setup error"},
+{ERR_REASON(TS_R_TS_DATASIGN)            ,"ts datasign"},
+{ERR_REASON(TS_R_UNACCEPTABLE_POLICY)    ,"unacceptable policy"},
+{ERR_REASON(TS_R_UNSUPPORTED_MD_ALGORITHM),"unsupported md algorithm"},
+{ERR_REASON(TS_R_UNSUPPORTED_VERSION)    ,"unsupported version"},
+{ERR_REASON(TS_R_WRONG_CONTENT_TYPE)     ,"wrong content type"},
+{0,NULL}
+        };
+#endif
+void ERR_load_TS_strings(void)
+        {
+#ifndef OPENSSL_NO_ERR
+        if (ERR_func_error_string(TS_str_functs[0].error) == NULL)
+                {
+                ERR_load_strings(0,TS_str_functs);
+                ERR_load_strings(0,TS_str_reasons);
+                }
+#endif
+        }
diff --git a/src/lib/libcrypto/ts/ts_lib.c b/src/lib/libcrypto/ts/ts_lib.c
new file mode 100644
index 0000000000..e8608dbf71
--- /dev/null
+++ b/src/lib/libcrypto/ts/ts_lib.c
@@ -0,0 +1,145 @@
+/* crypto/ts/ts_lib.c */
+/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
+ * project 2002.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/bn.h>
+#include <openssl/x509v3.h>
+#include "ts.h"
+/* Local function declarations. */
+/* Function definitions. */
+int TS_ASN1_INTEGER_print_bio(BIO *bio, const ASN1_INTEGER *num)
+        {
+        BIGNUM num_bn;
+        int result = 0;
+        char *hex;
+        BN_init(&num_bn);
+        ASN1_INTEGER_to_BN(num, &num_bn);
+        if ((hex = BN_bn2hex(&num_bn))) 
+                {
+                result = BIO_write(bio, "0x", 2) > 0;
+                result = result && BIO_write(bio, hex, strlen(hex)) > 0;
+                OPENSSL_free(hex);
+                }
+        BN_free(&num_bn);
+        return result;
+        }
+int TS_OBJ_print_bio(BIO *bio, const ASN1_OBJECT *obj)
+        {
+        char obj_txt[128];
+        int len = OBJ_obj2txt(obj_txt, sizeof(obj_txt), obj, 0);
+        BIO_write(bio, obj_txt, len);
+        BIO_write(bio, "\n", 1);
+        return 1;
+        }
+int TS_ext_print_bio(BIO *bio, const STACK_OF(X509_EXTENSION) *extensions)
+        {
+        int i, critical, n;
+        X509_EXTENSION *ex;
+        ASN1_OBJECT *obj;
+        BIO_printf(bio, "Extensions:\n");
+        n = X509v3_get_ext_count(extensions);
+        for (i = 0; i < n; i++)
+                {
+                ex = X509v3_get_ext(extensions, i);
+                obj = X509_EXTENSION_get_object(ex);
+                i2a_ASN1_OBJECT(bio, obj);
+                critical = X509_EXTENSION_get_critical(ex);
+                BIO_printf(bio, ": %s\n", critical ? "critical" : "");
+                if (!X509V3_EXT_print(bio, ex, 0, 4))
+                        {
+                        BIO_printf(bio, "%4s", "");
+                        M_ASN1_OCTET_STRING_print(bio, ex->value);
+                        }
+                BIO_write(bio, "\n", 1);
+                }
+        return 1;
+        }
+int TS_X509_ALGOR_print_bio(BIO *bio, const X509_ALGOR *alg)
+        {
+        int i = OBJ_obj2nid(alg->algorithm);
+        return BIO_printf(bio, "Hash Algorithm: %s\n",
+                (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i));
+        }
+int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *a)
+        {
+        const ASN1_OCTET_STRING *msg;
+        TS_X509_ALGOR_print_bio(bio, TS_MSG_IMPRINT_get_algo(a));
+        BIO_printf(bio, "Message data:\n");
+        msg = TS_MSG_IMPRINT_get_msg(a);
+        BIO_dump_indent(bio, (const char *)M_ASN1_STRING_data(msg), 
+                        M_ASN1_STRING_length(msg), 4);
+        return 1;
+        }
diff --git a/src/lib/libcrypto/ts/ts_req_print.c b/src/lib/libcrypto/ts/ts_req_print.c
new file mode 100644
index 0000000000..eba12c3824
--- /dev/null
+++ b/src/lib/libcrypto/ts/ts_req_print.c
@@ -0,0 +1,102 @@
+/* crypto/ts/ts_req_print.c */
+/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
+ * project 2002.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/bn.h>
+#include <openssl/x509v3.h>
+#include <openssl/ts.h>
+/* Function definitions. */
+int TS_REQ_print_bio(BIO *bio, TS_REQ *a)
+        {
+        int v;
+        ASN1_OBJECT *policy_id;
+        const ASN1_INTEGER *nonce;
+        if (a == NULL) return 0;
+        v = TS_REQ_get_version(a);
+        BIO_printf(bio, "Version: %d\n", v);
+        TS_MSG_IMPRINT_print_bio(bio, TS_REQ_get_msg_imprint(a));
+        BIO_printf(bio, "Policy OID: ");
+        policy_id = TS_REQ_get_policy_id(a);
+        if (policy_id == NULL)
+                BIO_printf(bio, "unspecified\n");
+        else    
+                TS_OBJ_print_bio(bio, policy_id);
+        BIO_printf(bio, "Nonce: ");
+        nonce = TS_REQ_get_nonce(a);
+        if (nonce == NULL)
+                BIO_printf(bio, "unspecified");
+        else
+                TS_ASN1_INTEGER_print_bio(bio, nonce);
+        BIO_write(bio, "\n", 1);
+        BIO_printf(bio, "Certificate required: %s\n", 
+                   TS_REQ_get_cert_req(a) ? "yes" : "no");
+        TS_ext_print_bio(bio, TS_REQ_get_exts(a));
+        return 1;
+        }
diff --git a/src/lib/libcrypto/ts/ts_req_utils.c b/src/lib/libcrypto/ts/ts_req_utils.c
new file mode 100644
index 0000000000..43280c1587
--- /dev/null
+++ b/src/lib/libcrypto/ts/ts_req_utils.c
@@ -0,0 +1,234 @@
+/* crypto/ts/ts_req_utils.c */
+/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
+ * project 2002.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/x509v3.h>
+#include <openssl/ts.h>
+int TS_REQ_set_version(TS_REQ *a, long version)
+        {
+        return ASN1_INTEGER_set(a->version, version);
+        }
+long TS_REQ_get_version(const TS_REQ *a)
+        {
+        return ASN1_INTEGER_get(a->version);
+        }
+int TS_REQ_set_msg_imprint(TS_REQ *a, TS_MSG_IMPRINT *msg_imprint)
+        {
+        TS_MSG_IMPRINT *new_msg_imprint;
+        if (a->msg_imprint == msg_imprint)
+                return 1;
+        new_msg_imprint = TS_MSG_IMPRINT_dup(msg_imprint);
+        if (new_msg_imprint == NULL)
+                {
+                TSerr(TS_F_TS_REQ_SET_MSG_IMPRINT, ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        TS_MSG_IMPRINT_free(a->msg_imprint);
+        a->msg_imprint = new_msg_imprint;
+        return 1;
+        }
+TS_MSG_IMPRINT *TS_REQ_get_msg_imprint(TS_REQ *a)
+        {
+        return a->msg_imprint;
+        }
+int TS_MSG_IMPRINT_set_algo(TS_MSG_IMPRINT *a, X509_ALGOR *alg)
+        {
+        X509_ALGOR *new_alg;
+        if (a->hash_algo == alg)
+                return 1;
+        new_alg = X509_ALGOR_dup(alg);
+        if (new_alg == NULL)
+                {
+                TSerr(TS_F_TS_MSG_IMPRINT_SET_ALGO, ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        X509_ALGOR_free(a->hash_algo);
+        a->hash_algo = new_alg;
+        return 1;
+        }
+X509_ALGOR *TS_MSG_IMPRINT_get_algo(TS_MSG_IMPRINT *a)
+        {
+        return a->hash_algo;
+        }
+int TS_MSG_IMPRINT_set_msg(TS_MSG_IMPRINT *a, unsigned char *d, int len)
+        {
+        return ASN1_OCTET_STRING_set(a->hashed_msg, d, len);
+        }
+ASN1_OCTET_STRING *TS_MSG_IMPRINT_get_msg(TS_MSG_IMPRINT *a)
+        {
+        return a->hashed_msg;
+        }
+int TS_REQ_set_policy_id(TS_REQ *a, ASN1_OBJECT *policy)
+        {
+        ASN1_OBJECT *new_policy;
+        if (a->policy_id == policy)
+                return 1;
+        new_policy = OBJ_dup(policy);
+        if (new_policy == NULL)
+                {
+                TSerr(TS_F_TS_REQ_SET_POLICY_ID, ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        ASN1_OBJECT_free(a->policy_id);
+        a->policy_id = new_policy;
+        return 1;
+        }
+ASN1_OBJECT *TS_REQ_get_policy_id(TS_REQ *a)
+        {
+        return a->policy_id;
+        }
+int TS_REQ_set_nonce(TS_REQ *a, const ASN1_INTEGER *nonce)
+        {
+        ASN1_INTEGER *new_nonce;
+        if (a->nonce == nonce)
+                return 1;
+        new_nonce = ASN1_INTEGER_dup(nonce);
+        if (new_nonce == NULL)
+                {
+                TSerr(TS_F_TS_REQ_SET_NONCE, ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        ASN1_INTEGER_free(a->nonce);
+        a->nonce = new_nonce;
+        return 1;
+        }
+const ASN1_INTEGER *TS_REQ_get_nonce(const TS_REQ *a)
+        {
+        return a->nonce;
+        }
+int TS_REQ_set_cert_req(TS_REQ *a, int cert_req)
+        {
+        a->cert_req = cert_req ? 0xFF : 0x00;
+        return 1;
+        }
+int TS_REQ_get_cert_req(const TS_REQ *a)
+        {
+        return a->cert_req ? 1 : 0;
+        }
+STACK_OF(X509_EXTENSION) *TS_REQ_get_exts(TS_REQ *a)
+        {
+        return a->extensions;
+        }
+void TS_REQ_ext_free(TS_REQ *a)
+        {
+        if (!a) return;
+        sk_X509_EXTENSION_pop_free(a->extensions, X509_EXTENSION_free);
+        a->extensions = NULL;
+        }
+int TS_REQ_get_ext_count(TS_REQ *a)
+        {
+        return X509v3_get_ext_count(a->extensions);
+        }
+int TS_REQ_get_ext_by_NID(TS_REQ *a, int nid, int lastpos)
+        {
+        return X509v3_get_ext_by_NID(a->extensions, nid, lastpos);
+        }
+int TS_REQ_get_ext_by_OBJ(TS_REQ *a, ASN1_OBJECT *obj, int lastpos)
+        {
+        return X509v3_get_ext_by_OBJ(a->extensions, obj, lastpos);
+        }
+int TS_REQ_get_ext_by_critical(TS_REQ *a, int crit, int lastpos)
+        {
+        return X509v3_get_ext_by_critical(a->extensions, crit, lastpos);
+        }
+X509_EXTENSION *TS_REQ_get_ext(TS_REQ *a, int loc)
+        {
+        return X509v3_get_ext(a->extensions,loc);
+        }
+X509_EXTENSION *TS_REQ_delete_ext(TS_REQ *a, int loc)
+        {
+        return X509v3_delete_ext(a->extensions,loc);
+        }
+int TS_REQ_add_ext(TS_REQ *a, X509_EXTENSION *ex, int loc)
+        {
+        return X509v3_add_ext(&a->extensions,ex,loc) != NULL;
+        }
+void *TS_REQ_get_ext_d2i(TS_REQ *a, int nid, int *crit, int *idx)
+        {
+        return X509V3_get_d2i(a->extensions, nid, crit, idx);
+        }
diff --git a/src/lib/libcrypto/ts/ts_rsp_print.c b/src/lib/libcrypto/ts/ts_rsp_print.c
new file mode 100644
index 0000000000..21062517ba
--- /dev/null
+++ b/src/lib/libcrypto/ts/ts_rsp_print.c
@@ -0,0 +1,287 @@
+/* crypto/ts/ts_resp_print.c */
+/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
+ * project 2002.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/bn.h>
+#include <openssl/x509v3.h>
+#include "ts.h"
+struct status_map_st
+        {
+        int bit;
+        const char *text;
+        };
+/* Local function declarations. */
+static int TS_status_map_print(BIO *bio, struct status_map_st *a,
+                               ASN1_BIT_STRING *v);
+static int TS_ACCURACY_print_bio(BIO *bio, const TS_ACCURACY *accuracy);
+/* Function definitions. */
+int TS_RESP_print_bio(BIO *bio, TS_RESP *a)
+        {
+        TS_TST_INFO *tst_info;
+        BIO_printf(bio, "Status info:\n");
+        TS_STATUS_INFO_print_bio(bio, TS_RESP_get_status_info(a));
+        BIO_printf(bio, "\nTST info:\n");
+        tst_info = TS_RESP_get_tst_info(a);
+        if (tst_info != NULL)
+                TS_TST_INFO_print_bio(bio, TS_RESP_get_tst_info(a));
+        else
+                BIO_printf(bio, "Not included.\n");
+                
+        return 1;
+        }
+int TS_STATUS_INFO_print_bio(BIO *bio, TS_STATUS_INFO *a)
+        {
+        static const char *status_map[] =
+                {
+                "Granted.",
+                "Granted with modifications.",
+                "Rejected.",
+                "Waiting.",
+                "Revocation warning.",
+                "Revoked."
+                };
+        static struct status_map_st failure_map[] =
+                {
+                { TS_INFO_BAD_ALG,
+                "unrecognized or unsupported algorithm identifier" },
+                { TS_INFO_BAD_REQUEST,
+                "transaction not permitted or supported" },
+                { TS_INFO_BAD_DATA_FORMAT,
+                "the data submitted has the wrong format" },
+                { TS_INFO_TIME_NOT_AVAILABLE,
+                "the TSA's time source is not available" },
+                { TS_INFO_UNACCEPTED_POLICY,
+                "the requested TSA policy is not supported by the TSA" },
+                { TS_INFO_UNACCEPTED_EXTENSION,
+                "the requested extension is not supported by the TSA" },
+                { TS_INFO_ADD_INFO_NOT_AVAILABLE,
+                "the additional information requested could not be understood "
+                "or is not available" },
+                { TS_INFO_SYSTEM_FAILURE,
+                "the request cannot be handled due to system failure" },
+                { -1, NULL }
+                };
+        long status;
+        int i, lines = 0;
+        /* Printing status code. */
+        BIO_printf(bio, "Status: ");
+        status = ASN1_INTEGER_get(a->status);
+        if (0 <= status && status < (long)(sizeof(status_map)/sizeof(status_map[0])))
+                BIO_printf(bio, "%s\n", status_map[status]);
+        else
+                BIO_printf(bio, "out of bounds\n");
+        
+        /* Printing status description. */
+        BIO_printf(bio, "Status description: ");
+        for (i = 0; i < sk_ASN1_UTF8STRING_num(a->text); ++i)
+                {
+                if (i > 0)
+                        BIO_puts(bio, "\t");
+                ASN1_STRING_print_ex(bio, sk_ASN1_UTF8STRING_value(a->text, i),
+                                     0);
+                BIO_puts(bio, "\n");
+                }
+        if (i == 0)
+                BIO_printf(bio, "unspecified\n");
+        /* Printing failure information. */
+        BIO_printf(bio, "Failure info: ");
+        if (a->failure_info != NULL)
+                lines = TS_status_map_print(bio, failure_map,
+                                            a->failure_info);
+        if (lines == 0)
+                BIO_printf(bio, "unspecified");
+        BIO_printf(bio, "\n");
+        return 1;
+        }
+static int TS_status_map_print(BIO *bio, struct status_map_st *a,
+                               ASN1_BIT_STRING *v)
+        {
+        int lines = 0;
+        for (; a->bit >= 0; ++a)
+                {
+                if (ASN1_BIT_STRING_get_bit(v, a->bit))
+                        {
+                        if (++lines > 1)
+                                BIO_printf(bio, ", ");
+                        BIO_printf(bio, "%s", a->text);
+                        }
+                }
+        return lines;
+        }
+int TS_TST_INFO_print_bio(BIO *bio, TS_TST_INFO *a)
+        {
+        int v;
+        ASN1_OBJECT *policy_id;
+        const ASN1_INTEGER *serial;
+        const ASN1_GENERALIZEDTIME *gtime;
+        TS_ACCURACY *accuracy;
+        const ASN1_INTEGER *nonce;
+        GENERAL_NAME *tsa_name;
+        if (a == NULL) return 0;
+        /* Print version. */
+        v = TS_TST_INFO_get_version(a);
+        BIO_printf(bio, "Version: %d\n", v);
+        /* Print policy id. */
+        BIO_printf(bio, "Policy OID: ");
+        policy_id = TS_TST_INFO_get_policy_id(a);
+        TS_OBJ_print_bio(bio, policy_id);
+        /* Print message imprint. */
+        TS_MSG_IMPRINT_print_bio(bio, TS_TST_INFO_get_msg_imprint(a));
+        /* Print serial number. */
+        BIO_printf(bio, "Serial number: ");
+        serial = TS_TST_INFO_get_serial(a);
+        if (serial == NULL)
+                BIO_printf(bio, "unspecified");
+        else
+                TS_ASN1_INTEGER_print_bio(bio, serial);
+        BIO_write(bio, "\n", 1);
+        /* Print time stamp. */
+        BIO_printf(bio, "Time stamp: ");
+        gtime = TS_TST_INFO_get_time(a);
+        ASN1_GENERALIZEDTIME_print(bio, gtime);
+        BIO_write(bio, "\n", 1);
+        /* Print accuracy. */
+        BIO_printf(bio, "Accuracy: ");
+        accuracy = TS_TST_INFO_get_accuracy(a);
+        if (accuracy == NULL)
+                BIO_printf(bio, "unspecified");
+        else
+                TS_ACCURACY_print_bio(bio, accuracy);
+        BIO_write(bio, "\n", 1);
+        /* Print ordering. */
+        BIO_printf(bio, "Ordering: %s\n", 
+                   TS_TST_INFO_get_ordering(a) ? "yes" : "no");
+        /* Print nonce. */
+        BIO_printf(bio, "Nonce: ");
+        nonce = TS_TST_INFO_get_nonce(a);
+        if (nonce == NULL)
+                BIO_printf(bio, "unspecified");
+        else
+                TS_ASN1_INTEGER_print_bio(bio, nonce);
+        BIO_write(bio, "\n", 1);
+        /* Print TSA name. */
+        BIO_printf(bio, "TSA: ");
+        tsa_name = TS_TST_INFO_get_tsa(a);
+        if (tsa_name == NULL)
+                BIO_printf(bio, "unspecified");
+        else
+                {
+                STACK_OF(CONF_VALUE) *nval;
+                if ((nval = i2v_GENERAL_NAME(NULL, tsa_name, NULL)))
+                        X509V3_EXT_val_prn(bio, nval, 0, 0);
+                sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
+                }
+        BIO_write(bio, "\n", 1);
+        /* Print extensions. */
+        TS_ext_print_bio(bio, TS_TST_INFO_get_exts(a));
+        return 1;
+        }
+static int TS_ACCURACY_print_bio(BIO *bio, const TS_ACCURACY *accuracy)
+        {
+        const ASN1_INTEGER *seconds = TS_ACCURACY_get_seconds(accuracy);
+        const ASN1_INTEGER *millis = TS_ACCURACY_get_millis(accuracy);
+        const ASN1_INTEGER *micros = TS_ACCURACY_get_micros(accuracy);
+        if (seconds != NULL)
+                TS_ASN1_INTEGER_print_bio(bio, seconds);
+        else
+                BIO_printf(bio, "unspecified");
+        BIO_printf(bio, " seconds, ");
+        if (millis != NULL)
+                TS_ASN1_INTEGER_print_bio(bio, millis);
+        else
+                BIO_printf(bio, "unspecified");
+        BIO_printf(bio, " millis, ");
+        if (micros != NULL)
+                TS_ASN1_INTEGER_print_bio(bio, micros);
+        else
+                BIO_printf(bio, "unspecified");
+        BIO_printf(bio, " micros");
+        return 1;
+        }
diff --git a/src/lib/libcrypto/ts/ts_rsp_sign.c b/src/lib/libcrypto/ts/ts_rsp_sign.c
new file mode 100644
index 0000000000..b0f023c9d2
--- /dev/null
+++ b/src/lib/libcrypto/ts/ts_rsp_sign.c
@@ -0,0 +1,1020 @@
+/* crypto/ts/ts_resp_sign.c */
+/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
+ * project 2002.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include "cryptlib.h"
+#if defined(OPENSSL_SYS_UNIX)
+#include <sys/time.h>
+#endif
+#include <openssl/objects.h>
+#include <openssl/ts.h>
+#include <openssl/pkcs7.h>
+/* Private function declarations. */
+static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *, void *);
+static int def_time_cb(struct TS_resp_ctx *, void *, long *sec, long *usec);
+static int def_extension_cb(struct TS_resp_ctx *, X509_EXTENSION *, void *);
+static void TS_RESP_CTX_init(TS_RESP_CTX *ctx);
+static void TS_RESP_CTX_cleanup(TS_RESP_CTX *ctx);
+static int TS_RESP_check_request(TS_RESP_CTX *ctx);
+static ASN1_OBJECT *TS_RESP_get_policy(TS_RESP_CTX *ctx);
+static TS_TST_INFO *TS_RESP_create_tst_info(TS_RESP_CTX *ctx, 
+                                            ASN1_OBJECT *policy);
+static int TS_RESP_process_extensions(TS_RESP_CTX *ctx);
+static int TS_RESP_sign(TS_RESP_CTX *ctx);
+static ESS_SIGNING_CERT *ESS_SIGNING_CERT_new_init(X509 *signcert, 
+                                                   STACK_OF(X509) *certs);
+static ESS_CERT_ID *ESS_CERT_ID_new_init(X509 *cert, int issuer_needed);
+static int TS_TST_INFO_content_new(PKCS7 *p7);
+static int ESS_add_signing_cert(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc);
+static ASN1_GENERALIZEDTIME *TS_RESP_set_genTime_with_precision(
+        ASN1_GENERALIZEDTIME *, long, long, unsigned);
+/* Default callbacks for response generation. */
+static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *ctx, void *data)
+        {
+        ASN1_INTEGER *serial = ASN1_INTEGER_new();
+        if (!serial) goto err;
+        if (!ASN1_INTEGER_set(serial, 1)) goto err;
+        return serial;
+ err:
+        TSerr(TS_F_DEF_SERIAL_CB, ERR_R_MALLOC_FAILURE);
+        TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
+                                    "Error during serial number generation.");
+        return NULL;
+        }
+#if defined(OPENSSL_SYS_UNIX)
+/* Use the gettimeofday function call. */
+static int def_time_cb(struct TS_resp_ctx *ctx, void *data, 
+                       long *sec, long *usec)
+        {
+        struct timeval tv;
+        if (gettimeofday(&tv, NULL) != 0) 
+                {
+                TSerr(TS_F_DEF_TIME_CB, TS_R_TIME_SYSCALL_ERROR);
+                TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
+                                            "Time is not available.");
+                TS_RESP_CTX_add_failure_info(ctx, TS_INFO_TIME_NOT_AVAILABLE);
+                return 0;
+                }
+        /* Return time to caller. */
+        *sec = tv.tv_sec;
+        *usec = tv.tv_usec;
+        return 1;
+        }
+#else
+/* Use the time function call that provides only seconds precision. */
+static int def_time_cb(struct TS_resp_ctx *ctx, void *data, 
+                       long *sec, long *usec)
+        {
+        time_t t;
+        if (time(&t) == (time_t) -1)
+                {
+                TSerr(TS_F_DEF_TIME_CB, TS_R_TIME_SYSCALL_ERROR);
+                TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
+                                            "Time is not available.");
+                TS_RESP_CTX_add_failure_info(ctx, TS_INFO_TIME_NOT_AVAILABLE);
+                return 0;
+                }
+        /* Return time to caller, only second precision. */
+        *sec = (long) t;
+        *usec = 0;
+        return 1;
+        }
+#endif
+static int def_extension_cb(struct TS_resp_ctx *ctx, X509_EXTENSION *ext,
+                            void *data)
+        {
+        /* No extensions are processed here. */
+        TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
+                                    "Unsupported extension.");
+        TS_RESP_CTX_add_failure_info(ctx, TS_INFO_UNACCEPTED_EXTENSION);
+        return 0;
+        }
+/* TS_RESP_CTX management functions. */
+TS_RESP_CTX *TS_RESP_CTX_new()
+        {
+        TS_RESP_CTX *ctx;
+        if (!(ctx = (TS_RESP_CTX *) OPENSSL_malloc(sizeof(TS_RESP_CTX))))
+                {
+                TSerr(TS_F_TS_RESP_CTX_NEW, ERR_R_MALLOC_FAILURE);
+                return NULL;
+                }
+        memset(ctx, 0, sizeof(TS_RESP_CTX));
+        /* Setting default callbacks. */
+        ctx->serial_cb = def_serial_cb;
+        ctx->time_cb = def_time_cb;
+        ctx->extension_cb = def_extension_cb;
+        return ctx;
+        }
+void TS_RESP_CTX_free(TS_RESP_CTX *ctx)
+        {
+        if (!ctx) return;
+        X509_free(ctx->signer_cert);
+        EVP_PKEY_free(ctx->signer_key);
+        sk_X509_pop_free(ctx->certs, X509_free);
+        sk_ASN1_OBJECT_pop_free(ctx->policies, ASN1_OBJECT_free);
+        ASN1_OBJECT_free(ctx->default_policy);
+        sk_EVP_MD_free(ctx->mds);       /* No EVP_MD_free method exists. */
+        ASN1_INTEGER_free(ctx->seconds);
+        ASN1_INTEGER_free(ctx->millis);
+        ASN1_INTEGER_free(ctx->micros);
+        OPENSSL_free(ctx);
+        }
+int TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer)
+        {
+        if (X509_check_purpose(signer, X509_PURPOSE_TIMESTAMP_SIGN, 0) != 1)
+                {
+                TSerr(TS_F_TS_RESP_CTX_SET_SIGNER_CERT, 
+                      TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE);
+                return 0;
+                }
+        if (ctx->signer_cert) X509_free(ctx->signer_cert);
+        ctx->signer_cert = signer;
+        CRYPTO_add(&ctx->signer_cert->references, +1, CRYPTO_LOCK_X509);
+        return 1;
+        }
+int TS_RESP_CTX_set_signer_key(TS_RESP_CTX *ctx, EVP_PKEY *key)
+        {
+        if (ctx->signer_key) EVP_PKEY_free(ctx->signer_key);
+        ctx->signer_key = key;
+        CRYPTO_add(&ctx->signer_key->references, +1, CRYPTO_LOCK_EVP_PKEY);
+        return 1;
+        }
+int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *def_policy)
+        {
+        if (ctx->default_policy) ASN1_OBJECT_free(ctx->default_policy);
+        if (!(ctx->default_policy = OBJ_dup(def_policy))) goto err;
+        return 1;
+ err:
+        TSerr(TS_F_TS_RESP_CTX_SET_DEF_POLICY, ERR_R_MALLOC_FAILURE);
+        return 0;
+        }
+int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs)
+        {
+        int i;
+        if (ctx->certs)
+                {
+                sk_X509_pop_free(ctx->certs, X509_free);
+                ctx->certs = NULL;
+                }
+        if (!certs) return 1;
+        if (!(ctx->certs = sk_X509_dup(certs))) 
+                {
+                TSerr(TS_F_TS_RESP_CTX_SET_CERTS, ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        for (i = 0; i < sk_X509_num(ctx->certs); ++i)
+                {
+                X509 *cert = sk_X509_value(ctx->certs, i);
+                CRYPTO_add(&cert->references, +1, CRYPTO_LOCK_X509);
+                }
+        return 1;
+        }
+int TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *policy)
+        {
+        ASN1_OBJECT *copy = NULL;
+        /* Create new policy stack if necessary. */
+        if (!ctx->policies && !(ctx->policies = sk_ASN1_OBJECT_new_null())) 
+                goto err;
+        if (!(copy = OBJ_dup(policy))) goto err;
+        if (!sk_ASN1_OBJECT_push(ctx->policies, copy)) goto err;
+        return 1;
+ err:
+        TSerr(TS_F_TS_RESP_CTX_ADD_POLICY, ERR_R_MALLOC_FAILURE);
+        ASN1_OBJECT_free(copy);
+        return 0;
+        }
+int TS_RESP_CTX_add_md(TS_RESP_CTX *ctx, const EVP_MD *md)
+        {
+        /* Create new md stack if necessary. */
+        if (!ctx->mds && !(ctx->mds = sk_EVP_MD_new_null())) 
+                goto err;
+        /* Add the shared md, no copy needed. */
+        if (!sk_EVP_MD_push(ctx->mds, (EVP_MD *)md)) goto err;
+        return 1;
+ err:
+        TSerr(TS_F_TS_RESP_CTX_ADD_MD, ERR_R_MALLOC_FAILURE);
+        return 0;
+        }
+#define TS_RESP_CTX_accuracy_free(ctx)          \
+        ASN1_INTEGER_free(ctx->seconds);        \
+        ctx->seconds = NULL;                    \
+        ASN1_INTEGER_free(ctx->millis);         \
+        ctx->millis = NULL;                     \
+        ASN1_INTEGER_free(ctx->micros);         \
+        ctx->micros = NULL;
+int TS_RESP_CTX_set_accuracy(TS_RESP_CTX *ctx, 
+                             int secs, int millis, int micros)
+        {
+        TS_RESP_CTX_accuracy_free(ctx);
+        if (secs && (!(ctx->seconds = ASN1_INTEGER_new())
+                     || !ASN1_INTEGER_set(ctx->seconds, secs)))
+                goto err;
+        if (millis && (!(ctx->millis = ASN1_INTEGER_new())
+                       || !ASN1_INTEGER_set(ctx->millis, millis)))
+                goto err;
+        if (micros && (!(ctx->micros = ASN1_INTEGER_new())
+                       || !ASN1_INTEGER_set(ctx->micros, micros)))
+                goto err;
+        return 1;
+ err:
+        TS_RESP_CTX_accuracy_free(ctx);
+        TSerr(TS_F_TS_RESP_CTX_SET_ACCURACY, ERR_R_MALLOC_FAILURE);
+        return 0;
+        }
+void TS_RESP_CTX_add_flags(TS_RESP_CTX *ctx, int flags)
+        {
+        ctx->flags |= flags;
+        }
+void TS_RESP_CTX_set_serial_cb(TS_RESP_CTX *ctx, TS_serial_cb cb, void *data)
+        {
+        ctx->serial_cb = cb;
+        ctx->serial_cb_data = data;
+        }
+void TS_RESP_CTX_set_time_cb(TS_RESP_CTX *ctx, TS_time_cb cb, void *data)
+        {
+        ctx->time_cb = cb;
+        ctx->time_cb_data = data;
+        }
+void TS_RESP_CTX_set_extension_cb(TS_RESP_CTX *ctx, 
+                                  TS_extension_cb cb, void *data)
+        {
+        ctx->extension_cb = cb;
+        ctx->extension_cb_data = data;
+        }
+int TS_RESP_CTX_set_status_info(TS_RESP_CTX *ctx, 
+                                int status, const char *text)
+        {
+        TS_STATUS_INFO *si = NULL;
+        ASN1_UTF8STRING *utf8_text = NULL;
+        int ret = 0;
+        if (!(si = TS_STATUS_INFO_new())) goto err;
+        if (!ASN1_INTEGER_set(si->status, status)) goto err;
+        if (text)
+                {
+                if (!(utf8_text = ASN1_UTF8STRING_new())
+                    || !ASN1_STRING_set(utf8_text, text, strlen(text)))
+                        goto err;
+                if (!si->text && !(si->text = sk_ASN1_UTF8STRING_new_null()))
+                        goto err;
+                if (!sk_ASN1_UTF8STRING_push(si->text, utf8_text)) goto err;
+                utf8_text = NULL;       /* Ownership is lost. */
+                }
+        if (!TS_RESP_set_status_info(ctx->response, si)) goto err;
+        ret = 1;
+ err:
+        if (!ret)
+                TSerr(TS_F_TS_RESP_CTX_SET_STATUS_INFO, ERR_R_MALLOC_FAILURE);
+        TS_STATUS_INFO_free(si);
+        ASN1_UTF8STRING_free(utf8_text);
+        return ret;
+        }
+int TS_RESP_CTX_set_status_info_cond(TS_RESP_CTX *ctx, 
+                                     int status, const char *text)
+        {
+        int ret = 1;
+        TS_STATUS_INFO *si = TS_RESP_get_status_info(ctx->response);
+        if (ASN1_INTEGER_get(si->status) == TS_STATUS_GRANTED)
+                {
+                /* Status has not been set, set it now. */
+                ret = TS_RESP_CTX_set_status_info(ctx, status, text);
+                }
+        return ret;
+        }
+int TS_RESP_CTX_add_failure_info(TS_RESP_CTX *ctx, int failure)
+        {
+        TS_STATUS_INFO *si = TS_RESP_get_status_info(ctx->response);
+        if (!si->failure_info && !(si->failure_info = ASN1_BIT_STRING_new()))
+                goto err;
+        if (!ASN1_BIT_STRING_set_bit(si->failure_info, failure, 1))
+                goto err;
+        return 1;
+ err:
+        TSerr(TS_F_TS_RESP_CTX_ADD_FAILURE_INFO, ERR_R_MALLOC_FAILURE);
+        return 0;
+        }
+TS_REQ *TS_RESP_CTX_get_request(TS_RESP_CTX *ctx)
+        {
+        return ctx->request;
+        }
+TS_TST_INFO *TS_RESP_CTX_get_tst_info(TS_RESP_CTX *ctx)
+        {
+        return ctx->tst_info;
+        }
+int TS_RESP_CTX_set_clock_precision_digits(TS_RESP_CTX *ctx, unsigned precision)
+       {
+       if (precision > TS_MAX_CLOCK_PRECISION_DIGITS)
+               return 0;
+       ctx->clock_precision_digits = precision;
+       return 1;
+       }
+/* Main entry method of the response generation. */
+TS_RESP *TS_RESP_create_response(TS_RESP_CTX *ctx, BIO *req_bio)
+        {
+        ASN1_OBJECT *policy;
+        TS_RESP *response;
+        int result = 0;
+        TS_RESP_CTX_init(ctx);
+        /* Creating the response object. */
+        if (!(ctx->response = TS_RESP_new())) 
+                {
+                TSerr(TS_F_TS_RESP_CREATE_RESPONSE, ERR_R_MALLOC_FAILURE);
+                goto end;
+                }
+        /* Parsing DER request. */
+        if (!(ctx->request = d2i_TS_REQ_bio(req_bio, NULL)))
+                {
+                TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
+                                            "Bad request format or "
+                                            "system error.");
+                TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_DATA_FORMAT);
+                goto end;
+                }
+        /* Setting default status info. */
+        if (!TS_RESP_CTX_set_status_info(ctx, TS_STATUS_GRANTED, NULL))
+                goto end;
+        /* Checking the request format. */
+        if (!TS_RESP_check_request(ctx)) goto end;
+        /* Checking acceptable policies. */
+        if (!(policy = TS_RESP_get_policy(ctx))) goto end;
+        /* Creating the TS_TST_INFO object. */
+        if (!(ctx->tst_info = TS_RESP_create_tst_info(ctx, policy)))
+                goto end;
+        /* Processing extensions. */
+        if (!TS_RESP_process_extensions(ctx)) goto end;
+        /* Generating the signature. */
+        if (!TS_RESP_sign(ctx)) goto end;
+        /* Everything was successful. */
+        result = 1;
+ end:
+        if (!result)
+                {
+                TSerr(TS_F_TS_RESP_CREATE_RESPONSE, TS_R_RESPONSE_SETUP_ERROR);
+                if (ctx->response != NULL)
+                        {
+                        if (TS_RESP_CTX_set_status_info_cond(ctx,
+                                TS_STATUS_REJECTION, "Error during response "
+                                "generation.") == 0)
+                                {
+                                TS_RESP_free(ctx->response);
+                                ctx->response = NULL;
+                                }
+                        }
+                }
+        response = ctx->response;
+        ctx->response = NULL;   /* Ownership will be returned to caller. */
+        TS_RESP_CTX_cleanup(ctx);
+        return response;
+        }
+/* Initializes the variable part of the context. */
+static void TS_RESP_CTX_init(TS_RESP_CTX *ctx)
+        {
+        ctx->request = NULL;
+        ctx->response = NULL;
+        ctx->tst_info = NULL;
+        }
+/* Cleans up the variable part of the context. */
+static void TS_RESP_CTX_cleanup(TS_RESP_CTX *ctx)
+        {
+        TS_REQ_free(ctx->request);
+        ctx->request = NULL;
+        TS_RESP_free(ctx->response);
+        ctx->response = NULL;
+        TS_TST_INFO_free(ctx->tst_info);
+        ctx->tst_info = NULL;
+        }
+/* Checks the format and content of the request. */
+static int TS_RESP_check_request(TS_RESP_CTX *ctx)
+        {
+        TS_REQ *request = ctx->request;
+        TS_MSG_IMPRINT *msg_imprint;
+        X509_ALGOR *md_alg;
+        int md_alg_id;
+        const ASN1_OCTET_STRING *digest;
+        EVP_MD *md = NULL;
+        int i;
+        /* Checking request version. */
+        if (TS_REQ_get_version(request) != 1)
+                {
+                TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
+                                            "Bad request version.");
+                TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_REQUEST);
+                return 0;
+                }
+        /* Checking message digest algorithm. */
+        msg_imprint = TS_REQ_get_msg_imprint(request);
+        md_alg = TS_MSG_IMPRINT_get_algo(msg_imprint);
+        md_alg_id = OBJ_obj2nid(md_alg->algorithm);
+        for (i = 0; !md && i < sk_EVP_MD_num(ctx->mds); ++i)
+                {
+                EVP_MD *current_md = sk_EVP_MD_value(ctx->mds, i);
+                if (md_alg_id == EVP_MD_type(current_md))
+                        md = current_md;
+                }
+        if (!md)
+                {
+                TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
+                                            "Message digest algorithm is "
+                                            "not supported.");
+                TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_ALG);
+                return 0;
+                }
+        /* No message digest takes parameter. */
+        if (md_alg->parameter 
+            && ASN1_TYPE_get(md_alg->parameter) != V_ASN1_NULL)
+                {
+                TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
+                                            "Superfluous message digest "
+                                            "parameter.");
+                TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_ALG);
+                return 0;
+                }
+        /* Checking message digest size. */
+        digest = TS_MSG_IMPRINT_get_msg(msg_imprint);
+        if (digest->length != EVP_MD_size(md))
+                {
+                TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
+                                            "Bad message digest.");
+                TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_DATA_FORMAT);
+                return 0;
+                }
+        return 1;
+        }
+/* Returns the TSA policy based on the requested and acceptable policies. */
+static ASN1_OBJECT *TS_RESP_get_policy(TS_RESP_CTX *ctx)
+        {
+        ASN1_OBJECT *requested = TS_REQ_get_policy_id(ctx->request);
+        ASN1_OBJECT *policy = NULL;
+        int i;
+        if (ctx->default_policy == NULL)
+                {
+                TSerr(TS_F_TS_RESP_GET_POLICY, TS_R_INVALID_NULL_POINTER);
+                return NULL;
+                }
+        /* Return the default policy if none is requested or the default is
+           requested. */
+        if (!requested || !OBJ_cmp(requested, ctx->default_policy))
+                policy = ctx->default_policy;
+        /* Check if the policy is acceptable. */
+        for (i = 0; !policy && i < sk_ASN1_OBJECT_num(ctx->policies); ++i)
+                {
+                ASN1_OBJECT *current = sk_ASN1_OBJECT_value(ctx->policies, i);
+                if (!OBJ_cmp(requested, current))
+                        policy = current;
+                }
+        if (!policy)
+                {
+                TSerr(TS_F_TS_RESP_GET_POLICY, TS_R_UNACCEPTABLE_POLICY);
+                TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
+                                            "Requested policy is not "
+                                            "supported.");
+                TS_RESP_CTX_add_failure_info(ctx, TS_INFO_UNACCEPTED_POLICY);
+                }
+        return policy;
+        }
+/* Creates the TS_TST_INFO object based on the settings of the context. */
+static TS_TST_INFO *TS_RESP_create_tst_info(TS_RESP_CTX *ctx,
+                                            ASN1_OBJECT *policy)
+        {
+        int result = 0;
+        TS_TST_INFO *tst_info = NULL;
+        ASN1_INTEGER *serial = NULL;
+        ASN1_GENERALIZEDTIME *asn1_time = NULL;
+        long sec, usec;
+        TS_ACCURACY *accuracy = NULL;
+        const ASN1_INTEGER *nonce;
+        GENERAL_NAME *tsa_name = NULL;
+        if (!(tst_info = TS_TST_INFO_new())) goto end;
+        if (!TS_TST_INFO_set_version(tst_info, 1)) goto end;
+        if (!TS_TST_INFO_set_policy_id(tst_info, policy)) goto end;
+        if (!TS_TST_INFO_set_msg_imprint(tst_info, ctx->request->msg_imprint))
+                goto end;
+        if (!(serial = (*ctx->serial_cb)(ctx, ctx->serial_cb_data))
+            || !TS_TST_INFO_set_serial(tst_info, serial))
+                goto end;
+        if (!(*ctx->time_cb)(ctx, ctx->time_cb_data, &sec, &usec)
+            || !(asn1_time = TS_RESP_set_genTime_with_precision(NULL, 
+                                        sec, usec, 
+                                        ctx->clock_precision_digits))
+            || !TS_TST_INFO_set_time(tst_info, asn1_time))
+                goto end;
+        /* Setting accuracy if needed. */
+        if ((ctx->seconds || ctx->millis || ctx->micros) 
+            && !(accuracy = TS_ACCURACY_new()))
+                goto end;
+        if (ctx->seconds && !TS_ACCURACY_set_seconds(accuracy, ctx->seconds))
+                goto end;
+        if (ctx->millis && !TS_ACCURACY_set_millis(accuracy, ctx->millis))
+                goto end;
+        if (ctx->micros && !TS_ACCURACY_set_micros(accuracy, ctx->micros))
+                goto end;
+        if (accuracy && !TS_TST_INFO_set_accuracy(tst_info, accuracy)) 
+                goto end;
+        /* Setting ordering. */
+        if ((ctx->flags & TS_ORDERING) 
+            && !TS_TST_INFO_set_ordering(tst_info, 1))
+                goto end;
+        
+        /* Setting nonce if needed. */
+        if ((nonce = TS_REQ_get_nonce(ctx->request)) != NULL
+            && !TS_TST_INFO_set_nonce(tst_info, nonce))
+                goto end;
+        /* Setting TSA name to subject of signer certificate. */
+        if (ctx->flags & TS_TSA_NAME)
+                {
+                if (!(tsa_name = GENERAL_NAME_new())) goto end;
+                tsa_name->type = GEN_DIRNAME;
+                tsa_name->d.dirn = 
+                        X509_NAME_dup(ctx->signer_cert->cert_info->subject);
+                if (!tsa_name->d.dirn) goto end;
+                if (!TS_TST_INFO_set_tsa(tst_info, tsa_name)) goto end;
+                }
+        result = 1;
+ end:
+        if (!result)
+                {
+                TS_TST_INFO_free(tst_info);
+                tst_info = NULL;
+                TSerr(TS_F_TS_RESP_CREATE_TST_INFO, TS_R_TST_INFO_SETUP_ERROR);
+                TS_RESP_CTX_set_status_info_cond(ctx, TS_STATUS_REJECTION,
+                                                 "Error during TSTInfo "
+                                                 "generation.");
+                }
+        GENERAL_NAME_free(tsa_name);
+        TS_ACCURACY_free(accuracy);
+        ASN1_GENERALIZEDTIME_free(asn1_time);
+        ASN1_INTEGER_free(serial);
+        
+        return tst_info;
+        }
+/* Processing the extensions of the request. */
+static int TS_RESP_process_extensions(TS_RESP_CTX *ctx)
+        {
+        STACK_OF(X509_EXTENSION) *exts = TS_REQ_get_exts(ctx->request);
+        int i;
+        int ok = 1;
+        for (i = 0; ok && i < sk_X509_EXTENSION_num(exts); ++i)
+                {
+                X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i);
+                /* XXXXX The last argument was previously
+                   (void *)ctx->extension_cb, but ISO C doesn't permit
+                   converting a function pointer to void *.  For lack of
+                   better information, I'm placing a NULL there instead.
+                   The callback can pick its own address out from the ctx
+                   anyway...
+                */
+                ok = (*ctx->extension_cb)(ctx, ext, NULL);
+                }
+        return ok;
+        }
+/* Functions for signing the TS_TST_INFO structure of the context. */
+static int TS_RESP_sign(TS_RESP_CTX *ctx)
+        {
+        int ret = 0;
+        PKCS7 *p7 = NULL;
+        PKCS7_SIGNER_INFO *si;
+        STACK_OF(X509) *certs;  /* Certificates to include in sc. */
+        ESS_SIGNING_CERT *sc = NULL;
+        ASN1_OBJECT *oid;
+        BIO *p7bio = NULL;
+        int i;
+        /* Check if signcert and pkey match. */
+        if (!X509_check_private_key(ctx->signer_cert, ctx->signer_key)) {
+                TSerr(TS_F_TS_RESP_SIGN, 
+                      TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+                goto err;
+        }
+        /* Create a new PKCS7 signed object. */
+        if (!(p7 = PKCS7_new())) {
+                TSerr(TS_F_TS_RESP_SIGN, ERR_R_MALLOC_FAILURE);
+                goto err;
+        }
+        if (!PKCS7_set_type(p7, NID_pkcs7_signed)) goto err;
+        /* Force SignedData version to be 3 instead of the default 1. */
+        if (!ASN1_INTEGER_set(p7->d.sign->version, 3)) goto err;
+        /* Add signer certificate and optional certificate chain. */
+        if (TS_REQ_get_cert_req(ctx->request))
+                {
+                PKCS7_add_certificate(p7, ctx->signer_cert);
+                if (ctx->certs)
+                        {
+                        for(i = 0; i < sk_X509_num(ctx->certs); ++i) 
+                                {
+                                X509 *cert = sk_X509_value(ctx->certs, i);
+                                PKCS7_add_certificate(p7, cert);
+                                }
+                        }
+                }
+        /* Add a new signer info. */
+        if (!(si = PKCS7_add_signature(p7, ctx->signer_cert, 
+                                       ctx->signer_key, EVP_sha1())))
+                {
+                TSerr(TS_F_TS_RESP_SIGN, TS_R_PKCS7_ADD_SIGNATURE_ERROR);
+                goto err;
+                }
+        /* Add content type signed attribute to the signer info. */
+        oid = OBJ_nid2obj(NID_id_smime_ct_TSTInfo);
+        if (!PKCS7_add_signed_attribute(si, NID_pkcs9_contentType,
+                                        V_ASN1_OBJECT, oid))
+                {
+                TSerr(TS_F_TS_RESP_SIGN, TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR);
+                goto err;
+                }
+        /* Create the ESS SigningCertificate attribute which contains 
+           the signer certificate id and optionally the certificate chain. */
+        certs = ctx->flags & TS_ESS_CERT_ID_CHAIN ? ctx->certs : NULL;
+        if (!(sc = ESS_SIGNING_CERT_new_init(ctx->signer_cert, certs)))
+                goto err;
+        /* Add SigningCertificate signed attribute to the signer info. */
+        if (!ESS_add_signing_cert(si, sc))
+                {
+                TSerr(TS_F_TS_RESP_SIGN, TS_R_ESS_ADD_SIGNING_CERT_ERROR);
+                goto err;
+                }       
+        /* Add a new empty NID_id_smime_ct_TSTInfo encapsulated content. */
+        if (!TS_TST_INFO_content_new(p7)) goto err;
+        /* Add the DER encoded tst_info to the PKCS7 structure. */
+        if (!(p7bio = PKCS7_dataInit(p7, NULL))) {
+                TSerr(TS_F_TS_RESP_SIGN, ERR_R_MALLOC_FAILURE);
+                goto err;
+        }
+        /* Convert tst_info to DER. */
+        if (!i2d_TS_TST_INFO_bio(p7bio, ctx->tst_info))
+                {
+                TSerr(TS_F_TS_RESP_SIGN, TS_R_TS_DATASIGN);
+                goto err;
+                }
+        /* Create the signature and add it to the signer info. */
+        if (!PKCS7_dataFinal(p7, p7bio))
+                {
+                TSerr(TS_F_TS_RESP_SIGN, TS_R_TS_DATASIGN);
+                goto err;
+                }
+        /* Set new PKCS7 and TST_INFO objects. */
+        TS_RESP_set_tst_info(ctx->response, p7, ctx->tst_info);
+        p7 = NULL;              /* Ownership is lost. */
+        ctx->tst_info = NULL;   /* Ownership is lost. */
+        ret = 1;
+ err:
+        if (!ret)
+                TS_RESP_CTX_set_status_info_cond(ctx, TS_STATUS_REJECTION,
+                                                 "Error during signature "
+                                                 "generation.");
+        BIO_free_all(p7bio);
+        ESS_SIGNING_CERT_free(sc);
+        PKCS7_free(p7);
+        return ret;
+        }
+static ESS_SIGNING_CERT *ESS_SIGNING_CERT_new_init(X509 *signcert, 
+                                                   STACK_OF(X509) *certs)
+        {
+        ESS_CERT_ID *cid;
+        ESS_SIGNING_CERT *sc = NULL;
+        int i;
+        /* Creating the ESS_CERT_ID stack. */
+        if (!(sc = ESS_SIGNING_CERT_new())) goto err;
+        if (!sc->cert_ids && !(sc->cert_ids = sk_ESS_CERT_ID_new_null()))
+                goto err;
+        /* Adding the signing certificate id. */
+        if (!(cid = ESS_CERT_ID_new_init(signcert, 0))
+            || !sk_ESS_CERT_ID_push(sc->cert_ids, cid))
+                goto err;
+        /* Adding the certificate chain ids. */
+        for (i = 0; i < sk_X509_num(certs); ++i)
+                {
+                X509 *cert = sk_X509_value(certs, i);
+                if (!(cid = ESS_CERT_ID_new_init(cert, 1))
+                    || !sk_ESS_CERT_ID_push(sc->cert_ids, cid))
+                        goto err;
+                }
+        return sc;
+err:
+        ESS_SIGNING_CERT_free(sc);
+        TSerr(TS_F_ESS_SIGNING_CERT_NEW_INIT, ERR_R_MALLOC_FAILURE);
+        return NULL;
+        }
+static ESS_CERT_ID *ESS_CERT_ID_new_init(X509 *cert, int issuer_needed)
+        {
+        ESS_CERT_ID *cid = NULL;
+        GENERAL_NAME *name = NULL;
+        
+        /* Recompute SHA1 hash of certificate if necessary (side effect). */
+        X509_check_purpose(cert, -1, 0);
+        if (!(cid = ESS_CERT_ID_new())) goto err;
+        if (!ASN1_OCTET_STRING_set(cid->hash, cert->sha1_hash,
+                                   sizeof(cert->sha1_hash)))
+                goto err;
+        /* Setting the issuer/serial if requested. */
+        if (issuer_needed)
+                {
+                /* Creating issuer/serial structure. */
+                if (!cid->issuer_serial
+                    && !(cid->issuer_serial = ESS_ISSUER_SERIAL_new()))
+                        goto err;
+                /* Creating general name from the certificate issuer. */
+                if (!(name = GENERAL_NAME_new())) goto err;
+                name->type = GEN_DIRNAME;
+                if (!(name->d.dirn = X509_NAME_dup(cert->cert_info->issuer))) 
+                        goto err;
+                if (!sk_GENERAL_NAME_push(cid->issuer_serial->issuer, name)) 
+                        goto err;
+                name = NULL;    /* Ownership is lost. */
+                /* Setting the serial number. */
+                ASN1_INTEGER_free(cid->issuer_serial->serial);
+                if (!(cid->issuer_serial->serial = 
+                      ASN1_INTEGER_dup(cert->cert_info->serialNumber)))
+                        goto err;
+                }
+        return cid;
+err:
+        GENERAL_NAME_free(name);
+        ESS_CERT_ID_free(cid);
+        TSerr(TS_F_ESS_CERT_ID_NEW_INIT, ERR_R_MALLOC_FAILURE);
+        return NULL;
+        }
+static int TS_TST_INFO_content_new(PKCS7 *p7)
+        {
+        PKCS7 *ret = NULL;
+        ASN1_OCTET_STRING *octet_string = NULL;
+        /* Create new encapsulated NID_id_smime_ct_TSTInfo content. */
+        if (!(ret = PKCS7_new())) goto err;
+        if (!(ret->d.other = ASN1_TYPE_new())) goto err;
+        ret->type = OBJ_nid2obj(NID_id_smime_ct_TSTInfo);
+        if (!(octet_string = ASN1_OCTET_STRING_new())) goto err;
+        ASN1_TYPE_set(ret->d.other, V_ASN1_OCTET_STRING, octet_string);
+        octet_string = NULL;
+        /* Add encapsulated content to signed PKCS7 structure. */
+        if (!PKCS7_set_content(p7, ret)) goto err;
+        return 1;
+ err:
+        ASN1_OCTET_STRING_free(octet_string);
+        PKCS7_free(ret);
+        return 0;
+        }
+static int ESS_add_signing_cert(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc)
+        {
+        ASN1_STRING *seq = NULL;
+        unsigned char *p, *pp = NULL;
+        int len;
+        len = i2d_ESS_SIGNING_CERT(sc, NULL);
+        if (!(pp = (unsigned char *) OPENSSL_malloc(len)))
+                {
+                TSerr(TS_F_ESS_ADD_SIGNING_CERT, ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        p = pp;
+        i2d_ESS_SIGNING_CERT(sc, &p);
+        if (!(seq = ASN1_STRING_new()) || !ASN1_STRING_set(seq, pp, len))
+                {
+                TSerr(TS_F_ESS_ADD_SIGNING_CERT, ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        OPENSSL_free(pp); pp = NULL;
+        return PKCS7_add_signed_attribute(si, 
+                                          NID_id_smime_aa_signingCertificate,
+                                          V_ASN1_SEQUENCE, seq);
+ err:
+        ASN1_STRING_free(seq);
+        OPENSSL_free(pp);
+        return 0;
+        }
+static ASN1_GENERALIZEDTIME *
+TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time, 
+                                   long sec, long usec, unsigned precision)
+        {
+        time_t time_sec = (time_t) sec;
+        struct tm *tm = NULL;   
+        char genTime_str[17 + TS_MAX_CLOCK_PRECISION_DIGITS];
+        char *p = genTime_str;
+        char *p_end = genTime_str + sizeof(genTime_str);
+        if (precision > TS_MAX_CLOCK_PRECISION_DIGITS)
+                goto err;
+        
+        if (!(tm = gmtime(&time_sec)))
+                goto err;
+        /* 
+         * Put "genTime_str" in GeneralizedTime format.  We work around the 
+         * restrictions imposed by rfc3280 (i.e. "GeneralizedTime values MUST 
+         * NOT include fractional seconds") and OpenSSL related functions to 
+         * meet the rfc3161 requirement: "GeneralizedTime syntax can include 
+         * fraction-of-second details". 
+         */                   
+        p += BIO_snprintf(p, p_end - p,
+                          "%04d%02d%02d%02d%02d%02d",
+                          tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday, 
+                          tm->tm_hour, tm->tm_min, tm->tm_sec);
+        if (precision > 0)
+        {
+                /* Add fraction of seconds (leave space for dot and null). */
+                BIO_snprintf(p, 2 + precision, ".%ld", usec);
+                /* We cannot use the snprintf return value, 
+                   because it might have been truncated. */
+                p += strlen(p);
+                /* To make things a bit harder, X.690 | ISO/IEC 8825-1 provides
+                   the following restrictions for a DER-encoding, which OpenSSL
+                   (specifically ASN1_GENERALIZEDTIME_check() function) doesn't 
+                   support:
+                   "The encoding MUST terminate with a "Z" (which means "Zulu" 
+                   time). The decimal point element, if present, MUST be the 
+                   point option ".". The fractional-seconds elements, 
+                   if present, MUST omit all trailing 0's; 
+                   if the elements correspond to 0, they MUST be wholly
+                   omitted, and the decimal point element also MUST be
+                   omitted." */
+                /* Remove trailing zeros. The dot guarantees the exit
+                   condition of this loop even if all the digits are zero. */
+                while (*--p == '0')
+                        /* empty */;
+                /* p points to either the dot or the last non-zero digit. */
+                if (*p != '.') ++p;
+                }
+        /* Add the trailing Z and the terminating null. */
+        *p++ = 'Z';
+        *p++ = '\0';
+        /* Now call OpenSSL to check and set our genTime value */
+        if (!asn1_time && !(asn1_time = M_ASN1_GENERALIZEDTIME_new()))
+                goto err;
+        if (!ASN1_GENERALIZEDTIME_set_string(asn1_time, genTime_str))
+                {
+                ASN1_GENERALIZEDTIME_free(asn1_time);
+                goto err;
+                }
+        return asn1_time;
+ err:
+        TSerr(TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION, TS_R_COULD_NOT_SET_TIME);
+        return NULL;
+        }
diff --git a/src/lib/libcrypto/ts/ts_rsp_utils.c b/src/lib/libcrypto/ts/ts_rsp_utils.c
new file mode 100644
index 0000000000..401c1fdc51
--- /dev/null
+++ b/src/lib/libcrypto/ts/ts_rsp_utils.c
@@ -0,0 +1,409 @@
+/* crypto/ts/ts_resp_utils.c */
+/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
+ * project 2002.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/ts.h>
+#include <openssl/pkcs7.h>
+/* Function definitions. */
+int TS_RESP_set_status_info(TS_RESP *a, TS_STATUS_INFO *status_info)
+        {
+        TS_STATUS_INFO *new_status_info;
+        if (a->status_info == status_info)
+                return 1;
+        new_status_info = TS_STATUS_INFO_dup(status_info);
+        if (new_status_info == NULL)
+                {
+                TSerr(TS_F_TS_RESP_SET_STATUS_INFO, ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        TS_STATUS_INFO_free(a->status_info);
+        a->status_info = new_status_info;
+        return 1;
+        }
+TS_STATUS_INFO *TS_RESP_get_status_info(TS_RESP *a)
+        {
+        return a->status_info;
+        }
+/* Caller loses ownership of PKCS7 and TS_TST_INFO objects. */
+void TS_RESP_set_tst_info(TS_RESP *a, PKCS7 *p7, TS_TST_INFO *tst_info)
+        {
+        /* Set new PKCS7 and TST_INFO objects. */
+        PKCS7_free(a->token);
+        a->token = p7;
+        TS_TST_INFO_free(a->tst_info);
+        a->tst_info = tst_info;
+        }
+PKCS7 *TS_RESP_get_token(TS_RESP *a)
+        {
+        return a->token;
+        }
+TS_TST_INFO *TS_RESP_get_tst_info(TS_RESP *a)
+        {
+        return a->tst_info;
+        }
+int TS_TST_INFO_set_version(TS_TST_INFO *a, long version)
+        {
+        return ASN1_INTEGER_set(a->version, version);
+        }
+long TS_TST_INFO_get_version(const TS_TST_INFO *a)
+        {
+        return ASN1_INTEGER_get(a->version);
+        }
+int TS_TST_INFO_set_policy_id(TS_TST_INFO *a, ASN1_OBJECT *policy)
+        {
+        ASN1_OBJECT *new_policy;
+        if (a->policy_id == policy)
+                return 1;
+        new_policy = OBJ_dup(policy);
+        if (new_policy == NULL)
+                {
+                TSerr(TS_F_TS_TST_INFO_SET_POLICY_ID, ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        ASN1_OBJECT_free(a->policy_id);
+        a->policy_id = new_policy;
+        return 1;
+        }
+ASN1_OBJECT *TS_TST_INFO_get_policy_id(TS_TST_INFO *a)
+        {
+        return a->policy_id;
+        }
+int TS_TST_INFO_set_msg_imprint(TS_TST_INFO *a, TS_MSG_IMPRINT *msg_imprint)
+        {
+        TS_MSG_IMPRINT *new_msg_imprint;
+        if (a->msg_imprint == msg_imprint)
+                return 1;
+        new_msg_imprint = TS_MSG_IMPRINT_dup(msg_imprint);
+        if (new_msg_imprint == NULL)
+                {
+                TSerr(TS_F_TS_TST_INFO_SET_MSG_IMPRINT, ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        TS_MSG_IMPRINT_free(a->msg_imprint);
+        a->msg_imprint = new_msg_imprint;
+        return 1;
+        }
+TS_MSG_IMPRINT *TS_TST_INFO_get_msg_imprint(TS_TST_INFO *a)
+        {
+        return a->msg_imprint;
+        }
+int TS_TST_INFO_set_serial(TS_TST_INFO *a, const ASN1_INTEGER *serial)
+        {
+        ASN1_INTEGER *new_serial;
+        if (a->serial == serial)
+                return 1;
+        new_serial = ASN1_INTEGER_dup(serial);
+        if (new_serial == NULL)
+                {
+                TSerr(TS_F_TS_TST_INFO_SET_SERIAL, ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        ASN1_INTEGER_free(a->serial);
+        a->serial = new_serial;
+        return 1;
+        }
+const ASN1_INTEGER *TS_TST_INFO_get_serial(const TS_TST_INFO *a)
+        {
+        return a->serial;
+        }
+int TS_TST_INFO_set_time(TS_TST_INFO *a, const ASN1_GENERALIZEDTIME *gtime)
+        {
+        ASN1_GENERALIZEDTIME *new_time;
+        if (a->time == gtime)
+                return 1;
+        new_time = M_ASN1_GENERALIZEDTIME_dup(gtime);
+        if (new_time == NULL)
+                {
+                TSerr(TS_F_TS_TST_INFO_SET_TIME, ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        ASN1_GENERALIZEDTIME_free(a->time);
+        a->time = new_time;
+        return 1;
+        }
+const ASN1_GENERALIZEDTIME *TS_TST_INFO_get_time(const TS_TST_INFO *a)
+        {
+        return a->time;
+        }
+int TS_TST_INFO_set_accuracy(TS_TST_INFO *a, TS_ACCURACY *accuracy)
+        {
+        TS_ACCURACY *new_accuracy;
+        if (a->accuracy == accuracy)
+                return 1;
+        new_accuracy = TS_ACCURACY_dup(accuracy);
+        if (new_accuracy == NULL)
+                {
+                TSerr(TS_F_TS_TST_INFO_SET_ACCURACY, ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        TS_ACCURACY_free(a->accuracy);
+        a->accuracy = new_accuracy;
+        return 1;
+        }
+TS_ACCURACY *TS_TST_INFO_get_accuracy(TS_TST_INFO *a)
+        {
+        return a->accuracy;
+        }
+int TS_ACCURACY_set_seconds(TS_ACCURACY *a, const ASN1_INTEGER *seconds)
+        {
+        ASN1_INTEGER *new_seconds;
+        if (a->seconds == seconds)
+                return 1;
+        new_seconds = ASN1_INTEGER_dup(seconds);
+        if (new_seconds == NULL)
+                {
+                TSerr(TS_F_TS_ACCURACY_SET_SECONDS, ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        ASN1_INTEGER_free(a->seconds);
+        a->seconds = new_seconds;
+        return 1;
+        }
+const ASN1_INTEGER *TS_ACCURACY_get_seconds(const TS_ACCURACY *a)
+        {
+        return a->seconds;
+        }
+int TS_ACCURACY_set_millis(TS_ACCURACY *a, const ASN1_INTEGER *millis)
+        {
+        ASN1_INTEGER *new_millis = NULL;
+        if (a->millis == millis)
+                return 1;
+        if (millis != NULL)
+                {
+                new_millis = ASN1_INTEGER_dup(millis);
+                if (new_millis == NULL)
+                        {
+                        TSerr(TS_F_TS_ACCURACY_SET_MILLIS, 
+                              ERR_R_MALLOC_FAILURE);
+                        return 0;
+                        }
+                }
+        ASN1_INTEGER_free(a->millis);
+        a->millis = new_millis;
+        return 1;
+        }
+const ASN1_INTEGER *TS_ACCURACY_get_millis(const TS_ACCURACY *a)
+        {
+        return a->millis;
+        }
+int TS_ACCURACY_set_micros(TS_ACCURACY *a, const ASN1_INTEGER *micros)
+        {
+        ASN1_INTEGER *new_micros = NULL;
+        if (a->micros == micros)
+                return 1;
+        if (micros != NULL)
+                {
+                new_micros = ASN1_INTEGER_dup(micros);
+                if (new_micros == NULL)
+                        {
+                        TSerr(TS_F_TS_ACCURACY_SET_MICROS, 
+                              ERR_R_MALLOC_FAILURE);
+                        return 0;
+                        }
+                }
+        ASN1_INTEGER_free(a->micros);
+        a->micros = new_micros;
+        return 1;
+        }
+const ASN1_INTEGER *TS_ACCURACY_get_micros(const TS_ACCURACY *a)
+        {
+        return a->micros;
+        }
+int TS_TST_INFO_set_ordering(TS_TST_INFO *a, int ordering)
+        {
+        a->ordering = ordering ? 0xFF : 0x00;
+        return 1;
+        }
+int TS_TST_INFO_get_ordering(const TS_TST_INFO *a)
+        {
+        return a->ordering ? 1 : 0;
+        }
+int TS_TST_INFO_set_nonce(TS_TST_INFO *a, const ASN1_INTEGER *nonce)
+        {
+        ASN1_INTEGER *new_nonce;
+        if (a->nonce == nonce)
+                return 1;
+        new_nonce = ASN1_INTEGER_dup(nonce);
+        if (new_nonce == NULL)
+                {
+                TSerr(TS_F_TS_TST_INFO_SET_NONCE, ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        ASN1_INTEGER_free(a->nonce);
+        a->nonce = new_nonce;
+        return 1;
+        }
+const ASN1_INTEGER *TS_TST_INFO_get_nonce(const TS_TST_INFO *a)
+        {
+        return a->nonce;
+        }
+int TS_TST_INFO_set_tsa(TS_TST_INFO *a, GENERAL_NAME *tsa)
+        {
+        GENERAL_NAME *new_tsa;
+        if (a->tsa == tsa)
+                return 1;
+        new_tsa = GENERAL_NAME_dup(tsa);
+        if (new_tsa == NULL)
+                {
+                TSerr(TS_F_TS_TST_INFO_SET_TSA, ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        GENERAL_NAME_free(a->tsa);
+        a->tsa = new_tsa;
+        return 1;
+        }
+GENERAL_NAME *TS_TST_INFO_get_tsa(TS_TST_INFO *a)
+        {
+        return a->tsa;
+        }
+STACK_OF(X509_EXTENSION) *TS_TST_INFO_get_exts(TS_TST_INFO *a)
+        {
+        return a->extensions;
+        }
+void TS_TST_INFO_ext_free(TS_TST_INFO *a)
+        {
+        if (!a) return;
+        sk_X509_EXTENSION_pop_free(a->extensions, X509_EXTENSION_free);
+        a->extensions = NULL;
+        }
+int TS_TST_INFO_get_ext_count(TS_TST_INFO *a)
+        {
+        return X509v3_get_ext_count(a->extensions);
+        }
+int TS_TST_INFO_get_ext_by_NID(TS_TST_INFO *a, int nid, int lastpos)
+        {
+        return X509v3_get_ext_by_NID(a->extensions, nid, lastpos);
+        }
+int TS_TST_INFO_get_ext_by_OBJ(TS_TST_INFO *a, ASN1_OBJECT *obj, int lastpos)
+        {
+        return X509v3_get_ext_by_OBJ(a->extensions, obj, lastpos);
+        }
+int TS_TST_INFO_get_ext_by_critical(TS_TST_INFO *a, int crit, int lastpos)
+        {
+        return X509v3_get_ext_by_critical(a->extensions, crit, lastpos);
+        }
+X509_EXTENSION *TS_TST_INFO_get_ext(TS_TST_INFO *a, int loc)
+        {
+        return X509v3_get_ext(a->extensions,loc);
+        }
+X509_EXTENSION *TS_TST_INFO_delete_ext(TS_TST_INFO *a, int loc)
+        {
+        return X509v3_delete_ext(a->extensions,loc);
+        }
+int TS_TST_INFO_add_ext(TS_TST_INFO *a, X509_EXTENSION *ex, int loc)
+        {
+        return X509v3_add_ext(&a->extensions,ex,loc) != NULL;
+        }
+void *TS_TST_INFO_get_ext_d2i(TS_TST_INFO *a, int nid, int *crit, int *idx)
+        {
+        return X509V3_get_d2i(a->extensions, nid, crit, idx);
+        }
diff --git a/src/lib/libcrypto/ts/ts_rsp_verify.c b/src/lib/libcrypto/ts/ts_rsp_verify.c
new file mode 100644
index 0000000000..e1f3b534af
--- /dev/null
+++ b/src/lib/libcrypto/ts/ts_rsp_verify.c
@@ -0,0 +1,725 @@
+/* crypto/ts/ts_resp_verify.c */
+/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
+ * project 2002.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/ts.h>
+#include <openssl/pkcs7.h>
+/* Private function declarations. */
+static int TS_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted,
+                          X509 *signer, STACK_OF(X509) **chain);
+static int TS_check_signing_certs(PKCS7_SIGNER_INFO *si, STACK_OF(X509) *chain);
+static ESS_SIGNING_CERT *ESS_get_signing_cert(PKCS7_SIGNER_INFO *si);
+static int TS_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert);
+static int TS_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509_CINF *cinfo);
+static int int_TS_RESP_verify_token(TS_VERIFY_CTX *ctx, 
+                                 PKCS7 *token, TS_TST_INFO *tst_info);
+static int TS_check_status_info(TS_RESP *response);
+static char *TS_get_status_text(STACK_OF(ASN1_UTF8STRING) *text);
+static int TS_check_policy(ASN1_OBJECT *req_oid, TS_TST_INFO *tst_info);
+static int TS_compute_imprint(BIO *data, TS_TST_INFO *tst_info,
+                              X509_ALGOR **md_alg, 
+                              unsigned char **imprint, unsigned *imprint_len);
+static int TS_check_imprints(X509_ALGOR *algor_a, 
+                             unsigned char *imprint_a, unsigned len_a,
+                             TS_TST_INFO *tst_info);
+static int TS_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info);
+static int TS_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer);
+static int TS_find_name(STACK_OF(GENERAL_NAME) *gen_names, GENERAL_NAME *name);
+/*
+ * Local mapping between response codes and descriptions.
+ * Don't forget to change TS_STATUS_BUF_SIZE when modifying 
+ * the elements of this array.
+ */
+static const char *TS_status_text[] =
+        { "granted",
+          "grantedWithMods",
+          "rejection",
+          "waiting",
+          "revocationWarning",
+          "revocationNotification" };
+#define TS_STATUS_TEXT_SIZE     (sizeof(TS_status_text)/sizeof(*TS_status_text))
+/*
+ * This must be greater or equal to the sum of the strings in TS_status_text
+ * plus the number of its elements.
+ */
+#define TS_STATUS_BUF_SIZE      256
+static struct
+        {
+        int code;
+        const char *text;
+        } TS_failure_info[] =
+                { { TS_INFO_BAD_ALG, "badAlg" },
+                  { TS_INFO_BAD_REQUEST, "badRequest" },
+                  { TS_INFO_BAD_DATA_FORMAT, "badDataFormat" },
+                  { TS_INFO_TIME_NOT_AVAILABLE, "timeNotAvailable" },
+                  { TS_INFO_UNACCEPTED_POLICY, "unacceptedPolicy" },
+                  { TS_INFO_UNACCEPTED_EXTENSION, "unacceptedExtension" },
+                  { TS_INFO_ADD_INFO_NOT_AVAILABLE, "addInfoNotAvailable" },
+                  { TS_INFO_SYSTEM_FAILURE, "systemFailure" } };
+#define TS_FAILURE_INFO_SIZE    (sizeof(TS_failure_info) / \
+                                sizeof(*TS_failure_info))
+/* Functions for verifying a signed TS_TST_INFO structure. */
+/*
+ * This function carries out the following tasks:
+ *      - Checks if there is one and only one signer.
+ *      - Search for the signing certificate in 'certs' and in the response.
+ *      - Check the extended key usage and key usage fields of the signer
+ *      certificate (done by the path validation).
+ *      - Build and validate the certificate path.
+ *      - Check if the certificate path meets the requirements of the
+ *      SigningCertificate ESS signed attribute.
+ *      - Verify the signature value.
+ *      - Returns the signer certificate in 'signer', if 'signer' is not NULL.
+ */
+int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs,
+                             X509_STORE *store, X509 **signer_out)
+        {
+        STACK_OF(PKCS7_SIGNER_INFO) *sinfos = NULL;
+        PKCS7_SIGNER_INFO *si;
+        STACK_OF(X509) *signers = NULL;
+        X509    *signer;
+        STACK_OF(X509) *chain = NULL;
+        char    buf[4096];
+        int     i, j = 0, ret = 0;
+        BIO     *p7bio = NULL;
+        /* Some sanity checks first. */
+        if (!token)
+                {
+                TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_INVALID_NULL_POINTER);
+                goto err;
+                }
+        /* Check for the correct content type */
+        if(!PKCS7_type_is_signed(token))
+                {
+                TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_WRONG_CONTENT_TYPE);
+                goto err;
+                }
+        /* Check if there is one and only one signer. */
+        sinfos = PKCS7_get_signer_info(token);
+        if (!sinfos || sk_PKCS7_SIGNER_INFO_num(sinfos) != 1)
+                {
+                TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE,
+                      TS_R_THERE_MUST_BE_ONE_SIGNER);
+                goto err;
+                }
+        si = sk_PKCS7_SIGNER_INFO_value(sinfos, 0);
+        /* Check for no content: no data to verify signature. */
+        if (PKCS7_get_detached(token))
+                {
+                TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_NO_CONTENT);
+                goto err;
+                }
+        
+        /* Get hold of the signer certificate, search only internal
+           certificates if it was requested. */
+        signers = PKCS7_get0_signers(token, certs, 0);
+        if (!signers || sk_X509_num(signers) != 1) goto err;
+        signer = sk_X509_value(signers, 0);
+        /* Now verify the certificate. */
+        if (!TS_verify_cert(store, certs, signer, &chain)) goto err;
+        /* Check if the signer certificate is consistent with the
+           ESS extension. */
+        if (!TS_check_signing_certs(si, chain)) goto err;
+        /* Creating the message digest. */
+        p7bio = PKCS7_dataInit(token, NULL);
+        /* We now have to 'read' from p7bio to calculate digests etc. */
+        while ((i = BIO_read(p7bio,buf,sizeof(buf))) > 0);
+        /* Verifying the signature. */
+        j = PKCS7_signatureVerify(p7bio, token, si, signer);
+        if (j <= 0)
+                {
+                TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_SIGNATURE_FAILURE);
+                goto err;
+                }
+        /* Return the signer certificate if needed. */
+        if (signer_out)
+                {
+                *signer_out = signer;
+                CRYPTO_add(&signer->references, 1, CRYPTO_LOCK_X509);
+                }
+        ret = 1;
+ err:
+        BIO_free_all(p7bio);
+        sk_X509_pop_free(chain, X509_free);
+        sk_X509_free(signers);
+        return ret;
+        }
+/*
+ * The certificate chain is returned in chain. Caller is responsible for
+ * freeing the vector.
+ */
+static int TS_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted,
+                          X509 *signer, STACK_OF(X509) **chain)
+        {
+        X509_STORE_CTX  cert_ctx;
+        int i;
+        int ret = 1;
+        /* chain is an out argument. */
+        *chain = NULL;
+        X509_STORE_CTX_init(&cert_ctx, store, signer, untrusted);
+        X509_STORE_CTX_set_purpose(&cert_ctx, X509_PURPOSE_TIMESTAMP_SIGN);
+        i = X509_verify_cert(&cert_ctx);
+        if (i <= 0)
+                {
+                int j = X509_STORE_CTX_get_error(&cert_ctx);
+                TSerr(TS_F_TS_VERIFY_CERT, TS_R_CERTIFICATE_VERIFY_ERROR);
+                ERR_add_error_data(2, "Verify error:",
+                                   X509_verify_cert_error_string(j));
+                ret = 0;
+                }
+        else
+                {
+                /* Get a copy of the certificate chain. */
+                *chain = X509_STORE_CTX_get1_chain(&cert_ctx);
+                }
+        X509_STORE_CTX_cleanup(&cert_ctx);
+        return ret;
+        }
+static int TS_check_signing_certs(PKCS7_SIGNER_INFO *si, STACK_OF(X509) *chain)
+        {
+        ESS_SIGNING_CERT *ss = ESS_get_signing_cert(si);
+        STACK_OF(ESS_CERT_ID) *cert_ids = NULL;
+        X509 *cert;
+        int i = 0;
+        int ret = 0;
+        if (!ss) goto err;
+        cert_ids = ss->cert_ids;
+        /* The signer certificate must be the first in cert_ids. */
+        cert = sk_X509_value(chain, 0);
+        if (TS_find_cert(cert_ids, cert) != 0) goto err;
+        
+        /* Check the other certificates of the chain if there are more
+           than one certificate ids in cert_ids. */
+        if (sk_ESS_CERT_ID_num(cert_ids) > 1)
+                {
+                /* All the certificates of the chain must be in cert_ids. */
+                for (i = 1; i < sk_X509_num(chain); ++i)
+                        {
+                        cert = sk_X509_value(chain, i);
+                        if (TS_find_cert(cert_ids, cert) < 0) goto err;
+                        }
+                }
+        ret = 1;
+ err:
+        if (!ret)
+                TSerr(TS_F_TS_CHECK_SIGNING_CERTS, 
+                      TS_R_ESS_SIGNING_CERTIFICATE_ERROR);
+        ESS_SIGNING_CERT_free(ss);
+        return ret;
+        }
+static ESS_SIGNING_CERT *ESS_get_signing_cert(PKCS7_SIGNER_INFO *si)
+        {
+        ASN1_TYPE *attr;
+        const unsigned char *p;
+        attr = PKCS7_get_signed_attribute(si, 
+                                          NID_id_smime_aa_signingCertificate);
+        if (!attr) return NULL;
+        p = attr->value.sequence->data;
+        return d2i_ESS_SIGNING_CERT(NULL, &p, attr->value.sequence->length);
+        }
+/* Returns < 0 if certificate is not found, certificate index otherwise. */
+static int TS_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert)
+        {
+        int i;
+        if (!cert_ids || !cert) return -1;
+        /* Recompute SHA1 hash of certificate if necessary (side effect). */
+        X509_check_purpose(cert, -1, 0);
+        /* Look for cert in the cert_ids vector. */
+        for (i = 0; i < sk_ESS_CERT_ID_num(cert_ids); ++i)
+                {
+                ESS_CERT_ID *cid = sk_ESS_CERT_ID_value(cert_ids, i);
+                /* Check the SHA-1 hash first. */
+                if (cid->hash->length == sizeof(cert->sha1_hash)
+                    && !memcmp(cid->hash->data, cert->sha1_hash,
+                               sizeof(cert->sha1_hash)))
+                        {
+                        /* Check the issuer/serial as well if specified. */
+                        ESS_ISSUER_SERIAL *is = cid->issuer_serial;
+                        if (!is || !TS_issuer_serial_cmp(is, cert->cert_info))
+                                return i;
+                        }
+                }
+        
+        return -1;
+        }
+static int TS_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509_CINF *cinfo)
+        {
+        GENERAL_NAME *issuer;
+        if (!is || !cinfo || sk_GENERAL_NAME_num(is->issuer) != 1) return -1;
+        /* Check the issuer first. It must be a directory name. */
+        issuer = sk_GENERAL_NAME_value(is->issuer, 0);
+        if (issuer->type != GEN_DIRNAME 
+            || X509_NAME_cmp(issuer->d.dirn, cinfo->issuer))
+                return -1;
+        /* Check the serial number, too. */
+        if (ASN1_INTEGER_cmp(is->serial, cinfo->serialNumber))
+                return -1;
+        return 0;
+        }
+/*
+ * Verifies whether 'response' contains a valid response with regards 
+ * to the settings of the context:
+ *      - Gives an error message if the TS_TST_INFO is not present.
+ *      - Calls _TS_RESP_verify_token to verify the token content.
+ */
+int TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response)
+        {
+        PKCS7 *token = TS_RESP_get_token(response);
+        TS_TST_INFO *tst_info = TS_RESP_get_tst_info(response);
+        int ret = 0;
+        /* Check if we have a successful TS_TST_INFO object in place. */
+        if (!TS_check_status_info(response)) goto err;
+        /* Check the contents of the time stamp token. */
+        if (!int_TS_RESP_verify_token(ctx, token, tst_info))
+                goto err;
+        ret = 1;
+ err:
+        return ret;
+        }
+/*
+ * Tries to extract a TS_TST_INFO structure from the PKCS7 token and
+ * calls the internal int_TS_RESP_verify_token function for verifying it.
+ */
+int TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token)
+        {
+        TS_TST_INFO *tst_info = PKCS7_to_TS_TST_INFO(token);
+        int ret = 0;
+        if (tst_info)
+                {
+                ret = int_TS_RESP_verify_token(ctx, token, tst_info);
+                TS_TST_INFO_free(tst_info);
+                }
+        return ret;
+        }
+/*
+ * Verifies whether the 'token' contains a valid time stamp token 
+ * with regards to the settings of the context. Only those checks are
+ * carried out that are specified in the context:
+ *      - Verifies the signature of the TS_TST_INFO.
+ *      - Checks the version number of the response.
+ *      - Check if the requested and returned policies math.
+ *      - Check if the message imprints are the same.
+ *      - Check if the nonces are the same.
+ *      - Check if the TSA name matches the signer.
+ *      - Check if the TSA name is the expected TSA.
+ */
+static int int_TS_RESP_verify_token(TS_VERIFY_CTX *ctx, 
+                                 PKCS7 *token, TS_TST_INFO *tst_info)
+        {
+        X509 *signer = NULL;
+        GENERAL_NAME *tsa_name = TS_TST_INFO_get_tsa(tst_info);
+        X509_ALGOR *md_alg = NULL;
+        unsigned char *imprint = NULL;
+        unsigned imprint_len = 0;
+        int ret = 0;
+        /* Verify the signature. */
+        if ((ctx->flags & TS_VFY_SIGNATURE)
+            && !TS_RESP_verify_signature(token, ctx->certs, ctx->store,
+                                         &signer))
+                goto err;
+        
+        /* Check version number of response. */
+        if ((ctx->flags & TS_VFY_VERSION)
+            && TS_TST_INFO_get_version(tst_info) != 1)
+                {
+                TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_UNSUPPORTED_VERSION);
+                goto err;
+                }
+        /* Check policies. */
+        if ((ctx->flags & TS_VFY_POLICY)
+            && !TS_check_policy(ctx->policy, tst_info))
+                goto err;
+        
+        /* Check message imprints. */
+        if ((ctx->flags & TS_VFY_IMPRINT)
+            && !TS_check_imprints(ctx->md_alg, ctx->imprint, ctx->imprint_len,
+                                  tst_info)) 
+                goto err;
+        /* Compute and check message imprints. */
+        if ((ctx->flags & TS_VFY_DATA)
+            && (!TS_compute_imprint(ctx->data, tst_info,
+                                    &md_alg, &imprint, &imprint_len)
+            || !TS_check_imprints(md_alg, imprint, imprint_len, tst_info)))
+                goto err;
+        /* Check nonces. */
+        if ((ctx->flags & TS_VFY_NONCE)
+            && !TS_check_nonces(ctx->nonce, tst_info))
+                goto err;
+        /* Check whether TSA name and signer certificate match. */
+        if ((ctx->flags & TS_VFY_SIGNER)
+            && tsa_name && !TS_check_signer_name(tsa_name, signer))
+                {
+                TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_TSA_NAME_MISMATCH);
+                goto err;
+                }
+        /* Check whether the TSA is the expected one. */
+        if ((ctx->flags & TS_VFY_TSA_NAME)
+            && !TS_check_signer_name(ctx->tsa_name, signer))
+                {
+                TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_TSA_UNTRUSTED);
+                goto err;
+                }
+        ret = 1;
+ err:
+        X509_free(signer);
+        X509_ALGOR_free(md_alg);
+        OPENSSL_free(imprint);
+        return ret;
+        }
+static int TS_check_status_info(TS_RESP *response)
+        {
+        TS_STATUS_INFO *info = TS_RESP_get_status_info(response);
+        long status = ASN1_INTEGER_get(info->status);
+        const char *status_text = NULL;
+        char *embedded_status_text = NULL;
+        char failure_text[TS_STATUS_BUF_SIZE] = "";
+        /* Check if everything went fine. */
+        if (status == 0 || status == 1) return 1;
+        /* There was an error, get the description in status_text. */
+        if (0 <= status && status < (long)TS_STATUS_TEXT_SIZE)
+                status_text = TS_status_text[status];
+        else
+                status_text = "unknown code";
+        /* Set the embedded_status_text to the returned description. */
+        if (sk_ASN1_UTF8STRING_num(info->text) > 0
+            && !(embedded_status_text = TS_get_status_text(info->text)))
+                return 0;
+        
+        /* Filling in failure_text with the failure information. */
+        if (info->failure_info)
+                {
+                int i;
+                int first = 1;
+                for (i = 0; i < (int)TS_FAILURE_INFO_SIZE; ++i)
+                        {
+                        if (ASN1_BIT_STRING_get_bit(info->failure_info,
+                                                    TS_failure_info[i].code))
+                                {
+                                if (!first)
+                                        strcpy(failure_text, ",");
+                                else
+                                        first = 0;
+                                strcat(failure_text, TS_failure_info[i].text);
+                                }
+                        }
+                }
+        if (failure_text[0] == '\0')
+                strcpy(failure_text, "unspecified");
+        /* Making up the error string. */
+        TSerr(TS_F_TS_CHECK_STATUS_INFO, TS_R_NO_TIME_STAMP_TOKEN);
+        ERR_add_error_data(6,
+                           "status code: ", status_text,
+                           ", status text: ", embedded_status_text ? 
+                           embedded_status_text : "unspecified",
+                           ", failure codes: ", failure_text);
+        OPENSSL_free(embedded_status_text);
+        return 0;
+        }
+static char *TS_get_status_text(STACK_OF(ASN1_UTF8STRING) *text)
+        {
+        int i;
+        unsigned int length = 0;
+        char *result = NULL;
+        char *p;
+        /* Determine length first. */
+        for (i = 0; i < sk_ASN1_UTF8STRING_num(text); ++i)
+                {
+                ASN1_UTF8STRING *current = sk_ASN1_UTF8STRING_value(text, i);
+                length += ASN1_STRING_length(current);
+                length += 1;    /* separator character */
+                }
+        /* Allocate memory (closing '\0' included). */
+        if (!(result = OPENSSL_malloc(length)))
+                {
+                TSerr(TS_F_TS_GET_STATUS_TEXT, ERR_R_MALLOC_FAILURE);
+                return NULL;
+                }
+        /* Concatenate the descriptions. */
+        for (i = 0, p = result; i < sk_ASN1_UTF8STRING_num(text); ++i)
+                {
+                ASN1_UTF8STRING *current = sk_ASN1_UTF8STRING_value(text, i);
+                length = ASN1_STRING_length(current);
+                if (i > 0) *p++ = '/';
+                strncpy(p, (const char *)ASN1_STRING_data(current), length);
+                p += length;
+                }
+        /* We do have space for this, too. */
+        *p = '\0';
+        
+        return result;
+        }
+static int TS_check_policy(ASN1_OBJECT *req_oid, TS_TST_INFO *tst_info)
+        {
+        ASN1_OBJECT *resp_oid = TS_TST_INFO_get_policy_id(tst_info);
+        if (OBJ_cmp(req_oid, resp_oid) != 0)
+                {
+                TSerr(TS_F_TS_CHECK_POLICY, TS_R_POLICY_MISMATCH);
+                return 0;
+                }
+        return 1;
+        }
+static int TS_compute_imprint(BIO *data, TS_TST_INFO *tst_info,
+                              X509_ALGOR **md_alg, 
+                              unsigned char **imprint, unsigned *imprint_len)
+        {
+        TS_MSG_IMPRINT *msg_imprint = TS_TST_INFO_get_msg_imprint(tst_info);
+        X509_ALGOR *md_alg_resp = TS_MSG_IMPRINT_get_algo(msg_imprint);
+        const EVP_MD *md;
+        EVP_MD_CTX md_ctx;
+        unsigned char buffer[4096];
+        int length;
+        *md_alg = NULL;
+        *imprint = NULL;
+        /* Return the MD algorithm of the response. */
+        if (!(*md_alg = X509_ALGOR_dup(md_alg_resp))) goto err;
+        /* Getting the MD object. */
+        if (!(md = EVP_get_digestbyobj((*md_alg)->algorithm)))
+                {
+                TSerr(TS_F_TS_COMPUTE_IMPRINT, TS_R_UNSUPPORTED_MD_ALGORITHM);
+                goto err;
+                }
+        /* Compute message digest. */
+        length = EVP_MD_size(md);
+        if (length < 0)
+            goto err;
+        *imprint_len = length;
+        if (!(*imprint = OPENSSL_malloc(*imprint_len))) 
+                {
+                TSerr(TS_F_TS_COMPUTE_IMPRINT, ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        EVP_DigestInit(&md_ctx, md);
+        while ((length = BIO_read(data, buffer, sizeof(buffer))) > 0)
+                {
+                EVP_DigestUpdate(&md_ctx, buffer, length);
+                }
+        EVP_DigestFinal(&md_ctx, *imprint, NULL);
+        return 1;
+ err:
+        X509_ALGOR_free(*md_alg);
+        OPENSSL_free(*imprint);
+        *imprint_len = 0;
+        return 0;
+        }
+static int TS_check_imprints(X509_ALGOR *algor_a, 
+                             unsigned char *imprint_a, unsigned len_a,
+                             TS_TST_INFO *tst_info)
+        {
+        TS_MSG_IMPRINT *b = TS_TST_INFO_get_msg_imprint(tst_info);
+        X509_ALGOR *algor_b = TS_MSG_IMPRINT_get_algo(b);
+        int ret = 0;
+        /* algor_a is optional. */
+        if (algor_a)
+                {
+                /* Compare algorithm OIDs. */
+                if (OBJ_cmp(algor_a->algorithm, algor_b->algorithm)) goto err;
+                /* The parameter must be NULL in both. */
+                if ((algor_a->parameter 
+                     && ASN1_TYPE_get(algor_a->parameter) != V_ASN1_NULL)
+                    || (algor_b->parameter
+                        && ASN1_TYPE_get(algor_b->parameter) != V_ASN1_NULL))
+                        goto err;
+                }
+        /* Compare octet strings. */
+        ret = len_a == (unsigned) ASN1_STRING_length(b->hashed_msg) &&
+                memcmp(imprint_a, ASN1_STRING_data(b->hashed_msg), len_a) == 0;
+ err:
+        if (!ret)
+                TSerr(TS_F_TS_CHECK_IMPRINTS, TS_R_MESSAGE_IMPRINT_MISMATCH);
+        return ret;
+        }
+static int TS_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info)
+        {
+        const ASN1_INTEGER *b = TS_TST_INFO_get_nonce(tst_info);
+        /* Error if nonce is missing. */
+        if (!b)
+                {
+                TSerr(TS_F_TS_CHECK_NONCES, TS_R_NONCE_NOT_RETURNED);
+                return 0;
+                }
+        /* No error if a nonce is returned without being requested. */
+        if (ASN1_INTEGER_cmp(a, b) != 0)
+                {
+                TSerr(TS_F_TS_CHECK_NONCES, TS_R_NONCE_MISMATCH);
+                return 0;
+                }
+        return 1;
+        }
+/* Check if the specified TSA name matches either the subject
+   or one of the subject alternative names of the TSA certificate. */
+static int TS_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer)
+        {
+        STACK_OF(GENERAL_NAME) *gen_names = NULL;
+        int idx = -1;
+        int found = 0;
+        /* Check the subject name first. */
+        if (tsa_name->type == GEN_DIRNAME 
+            && X509_name_cmp(tsa_name->d.dirn, signer->cert_info->subject) == 0)
+                return 1;
+        /* Check all the alternative names. */
+        gen_names = X509_get_ext_d2i(signer, NID_subject_alt_name,
+                                     NULL, &idx);
+        while (gen_names != NULL
+               && !(found = TS_find_name(gen_names, tsa_name) >= 0))
+                {
+                /* Get the next subject alternative name,
+                   although there should be no more than one. */
+                GENERAL_NAMES_free(gen_names);
+                gen_names = X509_get_ext_d2i(signer, NID_subject_alt_name,
+                                             NULL, &idx);
+                }
+        if (gen_names) GENERAL_NAMES_free(gen_names);
+        
+        return found;
+        }
+/* Returns 1 if name is in gen_names, 0 otherwise. */
+static int TS_find_name(STACK_OF(GENERAL_NAME) *gen_names, GENERAL_NAME *name)
+        {
+        int i, found;
+        for (i = 0, found = 0; !found && i < sk_GENERAL_NAME_num(gen_names);
+             ++i)
+                {
+                GENERAL_NAME *current = sk_GENERAL_NAME_value(gen_names, i);
+                found = GENERAL_NAME_cmp(current, name) == 0;
+                }
+        return found ? i - 1 : -1;
+        }
diff --git a/src/lib/libcrypto/ts/ts_verify_ctx.c b/src/lib/libcrypto/ts/ts_verify_ctx.c
new file mode 100644
index 0000000000..b079b50fc3
--- /dev/null
+++ b/src/lib/libcrypto/ts/ts_verify_ctx.c
@@ -0,0 +1,160 @@
+/* crypto/ts/ts_verify_ctx.c */
+/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
+ * project 2003.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <assert.h>
+#include "cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/ts.h>
+TS_VERIFY_CTX *TS_VERIFY_CTX_new(void)
+        {
+        TS_VERIFY_CTX *ctx = 
+                (TS_VERIFY_CTX *) OPENSSL_malloc(sizeof(TS_VERIFY_CTX));
+        if (ctx)
+                memset(ctx, 0, sizeof(TS_VERIFY_CTX));
+        else
+                TSerr(TS_F_TS_VERIFY_CTX_NEW, ERR_R_MALLOC_FAILURE);
+        return ctx;
+        }
+void TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx)
+        {
+        assert(ctx != NULL);
+        memset(ctx, 0, sizeof(TS_VERIFY_CTX));
+        }
+void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx)
+        {
+        if (!ctx) return;
+        TS_VERIFY_CTX_cleanup(ctx);
+        OPENSSL_free(ctx);
+        }
+void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx)
+        {
+        if (!ctx) return;
+        X509_STORE_free(ctx->store);
+        sk_X509_pop_free(ctx->certs, X509_free);
+        ASN1_OBJECT_free(ctx->policy);
+        X509_ALGOR_free(ctx->md_alg);
+        OPENSSL_free(ctx->imprint);
+        
+        BIO_free_all(ctx->data);
+        ASN1_INTEGER_free(ctx->nonce);
+        GENERAL_NAME_free(ctx->tsa_name);
+        TS_VERIFY_CTX_init(ctx);
+        }
+TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx)
+        {
+        TS_VERIFY_CTX *ret = ctx;
+        ASN1_OBJECT *policy;
+        TS_MSG_IMPRINT *imprint;
+        X509_ALGOR *md_alg;
+        ASN1_OCTET_STRING *msg;
+        const ASN1_INTEGER *nonce;
+        assert(req != NULL);
+        if (ret)
+                TS_VERIFY_CTX_cleanup(ret);
+        else
+                if (!(ret = TS_VERIFY_CTX_new())) return NULL;
+        /* Setting flags. */
+        ret->flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE);
+        /* Setting policy. */
+        if ((policy = TS_REQ_get_policy_id(req)) != NULL)
+                {
+                if (!(ret->policy = OBJ_dup(policy))) goto err;
+                }
+        else
+                ret->flags &= ~TS_VFY_POLICY;
+        /* Setting md_alg, imprint and imprint_len. */
+        imprint = TS_REQ_get_msg_imprint(req);
+        md_alg = TS_MSG_IMPRINT_get_algo(imprint);
+        if (!(ret->md_alg = X509_ALGOR_dup(md_alg))) goto err;
+        msg = TS_MSG_IMPRINT_get_msg(imprint);
+        ret->imprint_len = ASN1_STRING_length(msg);
+        if (!(ret->imprint = OPENSSL_malloc(ret->imprint_len))) goto err;
+        memcpy(ret->imprint, ASN1_STRING_data(msg), ret->imprint_len);
+        /* Setting nonce. */
+        if ((nonce = TS_REQ_get_nonce(req)) != NULL)
+                {
+                if (!(ret->nonce = ASN1_INTEGER_dup(nonce))) goto err;
+                }
+        else
+                ret->flags &= ~TS_VFY_NONCE;
+        return ret;
+ err:
+        if (ctx)
+                TS_VERIFY_CTX_cleanup(ctx);
+        else
+                TS_VERIFY_CTX_free(ret);
+        return NULL;
+        }
diff --git a/src/lib/libcrypto/txt_db/txt_db.c b/src/lib/libcrypto/txt_db/txt_db.c
index 3ed5f72ee9..6f2ce3b5a4 100644
--- a/src/lib/libcrypto/txt_db/txt_db.c
+++ b/src/lib/libcrypto/txt_db/txt_db.c
@@ -77,22 +77,23 @@ TXT_DB *TXT_DB_read(BIO *in, int num)
        int i,add,n;
        int size=BUFSIZE;
        int offset=0;
-        char *p,**pp,*f;
+        char *p,*f;
+        OPENSSL_STRING *pp;
        BUF_MEM *buf=NULL;
        if ((buf=BUF_MEM_new()) == NULL) goto err;
        if (!BUF_MEM_grow(buf,size)) goto err;
-        if ((ret=(TXT_DB *)OPENSSL_malloc(sizeof(TXT_DB))) == NULL)
+        if ((ret=OPENSSL_malloc(sizeof(TXT_DB))) == NULL)
                goto err;
        ret->num_fields=num;
        ret->index=NULL;
        ret->qual=NULL;
-        if ((ret->data=sk_new_null()) == NULL)
+        if ((ret->data=sk_OPENSSL_PSTRING_new_null()) == NULL)
                goto err;
-        if ((ret->index=(LHASH **)OPENSSL_malloc(sizeof(LHASH *)*num)) == NULL)
+        if ((ret->index=OPENSSL_malloc(sizeof(*ret->index)*num)) == NULL)
                goto err;
-        if ((ret->qual=(int (**)(char **))OPENSSL_malloc(sizeof(int (**)(char **))*num)) == NULL)
+        if ((ret->qual=OPENSSL_malloc(sizeof(*(ret->qual))*num)) == NULL)
                goto err;
        for (i=0; i<num; i++)
                {
@@ -122,7 +123,7 @@ TXT_DB *TXT_DB_read(BIO *in, int num)
                else
                        {
                        buf->data[offset-1]='\0'; /* blat the '\n' */
-                        if (!(p=(char *)OPENSSL_malloc(add+offset))) goto err;
+                        if (!(p=OPENSSL_malloc(add+offset))) goto err;
                        offset=0;
                        }
                pp=(char **)p;
@@ -155,16 +156,16 @@ TXT_DB *TXT_DB_read(BIO *in, int num)
                *(p++)='\0';
                if ((n != num) || (*f != '\0'))
                        {
-#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)   /* temporaty fix :-( */
+#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)   /* temporary fix :-( */
                        fprintf(stderr,"wrong number of fields on line %ld (looking for field %d, got %d, '%s' left)\n",ln,num,n,f);
 #endif
                        er=2;
                        goto err;
                        }
                pp[n]=p;
-                if (!sk_push(ret->data,(char *)pp))
+                if (!sk_OPENSSL_PSTRING_push(ret->data,pp))
                        {
-#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)   /* temporaty fix :-( */
+#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)   /* temporary fix :-( */
                        fprintf(stderr,"failure in sk_push\n");
 #endif
                        er=2;
@@ -181,7 +182,7 @@ err:
 #endif
                if (ret != NULL)
                        {
-                        if (ret->data != NULL) sk_free(ret->data);
+                        if (ret->data != NULL) sk_OPENSSL_PSTRING_free(ret->data);
                        if (ret->index != NULL) OPENSSL_free(ret->index);
                        if (ret->qual != NULL) OPENSSL_free(ret->qual);
                        if (ret != NULL) OPENSSL_free(ret);
@@ -192,10 +193,10 @@ err:
                return(ret);
        }
-char **TXT_DB_get_by_index(TXT_DB *db, int idx, char **value)
+OPENSSL_STRING *TXT_DB_get_by_index(TXT_DB *db, int idx, OPENSSL_STRING *value)
        {
-        char **ret;
+        OPENSSL_STRING *ret;
-        LHASH *lh;
+        LHASH_OF(OPENSSL_STRING) *lh;
        if (idx >= db->num_fields)
                {
@@ -208,16 +209,16 @@ char **TXT_DB_get_by_index(TXT_DB *db, int idx, char **value)
                db->error=DB_ERROR_NO_INDEX;
                return(NULL);
                }
-        ret=(char **)lh_retrieve(lh,value);
+        ret=lh_OPENSSL_STRING_retrieve(lh,value);
        db->error=DB_ERROR_OK;
        return(ret);
        }
-int TXT_DB_create_index(TXT_DB *db, int field, int (*qual)(char **),
+int TXT_DB_create_index(TXT_DB *db, int field, int (*qual)(OPENSSL_STRING *),
-                LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp)
+                        LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp)
        {
-        LHASH *idx;
+        LHASH_OF(OPENSSL_STRING) *idx;
-        char **r;
+        OPENSSL_STRING *r;
        int i,n;
        if (field >= db->num_fields)
@@ -225,26 +226,27 @@ int TXT_DB_create_index(TXT_DB *db, int field, int (*qual)(char **),
                db->error=DB_ERROR_INDEX_OUT_OF_RANGE;
                return(0);
                }
-        if ((idx=lh_new(hash,cmp)) == NULL)
+        /* FIXME: we lose type checking at this point */
+        if ((idx=(LHASH_OF(OPENSSL_STRING) *)lh_new(hash,cmp)) == NULL)
                {
                db->error=DB_ERROR_MALLOC;
                return(0);
                }
-        n=sk_num(db->data);
+        n=sk_OPENSSL_PSTRING_num(db->data);
        for (i=0; i<n; i++)
                {
-                r=(char **)sk_value(db->data,i);
+                r=sk_OPENSSL_PSTRING_value(db->data,i);
                if ((qual != NULL) && (qual(r) == 0)) continue;
-                if ((r=lh_insert(idx,r)) != NULL)
+                if ((r=lh_OPENSSL_STRING_insert(idx,r)) != NULL)
                        {
                        db->error=DB_ERROR_INDEX_CLASH;
-                        db->arg1=sk_find(db->data,(char *)r);
+                        db->arg1=sk_OPENSSL_PSTRING_find(db->data,r);
                        db->arg2=i;
-                        lh_free(idx);
+                        lh_OPENSSL_STRING_free(idx);
                        return(0);
                        }
                }
-        if (db->index[field] != NULL) lh_free(db->index[field]);
+        if (db->index[field] != NULL) lh_OPENSSL_STRING_free(db->index[field]);
        db->index[field]=idx;
        db->qual[field]=qual;
        return(1);
@@ -259,11 +261,11 @@ long TXT_DB_write(BIO *out, TXT_DB *db)
        if ((buf=BUF_MEM_new()) == NULL)
                goto err;
-        n=sk_num(db->data);
+        n=sk_OPENSSL_PSTRING_num(db->data);
        nn=db->num_fields;
        for (i=0; i<n; i++)
                {
-                pp=(char **)sk_value(db->data,i);
+                pp=sk_OPENSSL_PSTRING_value(db->data,i);
                l=0;
                for (j=0; j<nn; j++)
@@ -298,10 +300,10 @@ err:
        return(ret);
        }
-int TXT_DB_insert(TXT_DB *db, char **row)
+int TXT_DB_insert(TXT_DB *db, OPENSSL_STRING *row)
        {
        int i;
-        char **r;
+        OPENSSL_STRING *r;
        for (i=0; i<db->num_fields; i++)
                {
@@ -309,7 +311,7 @@ int TXT_DB_insert(TXT_DB *db, char **row)
                        {
                        if ((db->qual[i] != NULL) &&
                                (db->qual[i](row) == 0)) continue;
-                        r=(char **)lh_retrieve(db->index[i],row);
+                        r=lh_OPENSSL_STRING_retrieve(db->index[i],row);
                        if (r != NULL)
                                {
                                db->error=DB_ERROR_INDEX_CLASH;
@@ -320,7 +322,7 @@ int TXT_DB_insert(TXT_DB *db, char **row)
                        }
                }
        /* We have passed the index checks, now just append and insert */
-        if (!sk_push(db->data,(char *)row))
+        if (!sk_OPENSSL_PSTRING_push(db->data,row))
                {
                db->error=DB_ERROR_MALLOC;
                goto err;
@@ -332,7 +334,7 @@ int TXT_DB_insert(TXT_DB *db, char **row)
                        {
                        if ((db->qual[i] != NULL) &&
                                (db->qual[i](row) == 0)) continue;
-                        lh_insert(db->index[i],row);
+                        (void)lh_OPENSSL_STRING_insert(db->index[i],row);
                        }
                }
        return(1);
@@ -351,18 +353,18 @@ void TXT_DB_free(TXT_DB *db)
        if (db->index != NULL)
                {
                for (i=db->num_fields-1; i>=0; i--)
-                        if (db->index[i] != NULL) lh_free(db->index[i]);
+                        if (db->index[i] != NULL) lh_OPENSSL_STRING_free(db->index[i]);
                OPENSSL_free(db->index);
                }
        if (db->qual != NULL)
                OPENSSL_free(db->qual);
        if (db->data != NULL)
                {
-                for (i=sk_num(db->data)-1; i>=0; i--)
+                for (i=sk_OPENSSL_PSTRING_num(db->data)-1; i>=0; i--)
                        {
                        /* check if any 'fields' have been allocated
                         * from outside of the initial block */
-                        p=(char **)sk_value(db->data,i);
+                        p=sk_OPENSSL_PSTRING_value(db->data,i);
                        max=p[db->num_fields]; /* last address */
                        if (max == NULL) /* new row */
                                {
@@ -378,9 +380,9 @@ void TXT_DB_free(TXT_DB *db)
                                                OPENSSL_free(p[n]);
                                        }
                                }
-                        OPENSSL_free(sk_value(db->data,i));
+                        OPENSSL_free(sk_OPENSSL_PSTRING_value(db->data,i));
                        }
-                sk_free(db->data);
+                sk_OPENSSL_PSTRING_free(db->data);
                }
        OPENSSL_free(db);
        }
diff --git a/src/lib/libcrypto/txt_db/txt_db.h b/src/lib/libcrypto/txt_db/txt_db.h
index 307e1ba23f..6abe435bc8 100644
--- a/src/lib/libcrypto/txt_db/txt_db.h
+++ b/src/lib/libcrypto/txt_db/txt_db.h
@@ -77,16 +77,19 @@
 extern "C" {
 #endif
+typedef OPENSSL_STRING *OPENSSL_PSTRING;
+DECLARE_SPECIAL_STACK_OF(OPENSSL_PSTRING, OPENSSL_STRING)
 typedef struct txt_db_st
        {
        int num_fields;
-        STACK /* char ** */ *data;
+        STACK_OF(OPENSSL_PSTRING) *data;
-        LHASH **index;
+        LHASH_OF(OPENSSL_STRING) **index;
-        int (**qual)(char **);
+        int (**qual)(OPENSSL_STRING *);
        long error;
        long arg1;
        long arg2;
-        char **arg_row;
+        OPENSSL_STRING *arg_row;
        } TXT_DB;
 #ifndef OPENSSL_NO_BIO
@@ -96,11 +99,11 @@ long TXT_DB_write(BIO *out, TXT_DB *db);
 TXT_DB *TXT_DB_read(char *in, int num);
 long TXT_DB_write(char *out, TXT_DB *db);
 #endif
-int TXT_DB_create_index(TXT_DB *db,int field,int (*qual)(char **),
+int TXT_DB_create_index(TXT_DB *db,int field,int (*qual)(OPENSSL_STRING *),
-                LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp);
+                        LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp);
 void TXT_DB_free(TXT_DB *db);
-char **TXT_DB_get_by_index(TXT_DB *db, int idx, char **value);
+OPENSSL_STRING *TXT_DB_get_by_index(TXT_DB *db, int idx, OPENSSL_STRING *value);
-int TXT_DB_insert(TXT_DB *db,char **value);
+int TXT_DB_insert(TXT_DB *db, OPENSSL_STRING *value);
 #ifdef  __cplusplus
 }
diff --git a/src/lib/libcrypto/ui/ui.h b/src/lib/libcrypto/ui/ui.h
index 018296412b..2b1cfa2289 100644
--- a/src/lib/libcrypto/ui/ui.h
+++ b/src/lib/libcrypto/ui/ui.h
@@ -287,8 +287,8 @@ UI_METHOD *UI_OpenSSL(void);
 /* The UI_STRING type is the data structure that contains all the needed info
   about a string or a prompt, including test data for a verification prompt.
 */
-DECLARE_STACK_OF(UI_STRING)
 typedef struct ui_string_st UI_STRING;
+DECLARE_STACK_OF(UI_STRING)
 /* The different types of strings that are currently supported.
   This is only needed by method authors. */
@@ -310,11 +310,13 @@ int UI_method_set_writer(UI_METHOD *method, int (*writer)(UI *ui, UI_STRING *uis
 int UI_method_set_flusher(UI_METHOD *method, int (*flusher)(UI *ui));
 int UI_method_set_reader(UI_METHOD *method, int (*reader)(UI *ui, UI_STRING *uis));
 int UI_method_set_closer(UI_METHOD *method, int (*closer)(UI *ui));
+int UI_method_set_prompt_constructor(UI_METHOD *method, char *(*prompt_constructor)(UI* ui, const char* object_desc, const char* object_name));
 int (*UI_method_get_opener(UI_METHOD *method))(UI*);
 int (*UI_method_get_writer(UI_METHOD *method))(UI*,UI_STRING*);
 int (*UI_method_get_flusher(UI_METHOD *method))(UI*);
 int (*UI_method_get_reader(UI_METHOD *method))(UI*,UI_STRING*);
 int (*UI_method_get_closer(UI_METHOD *method))(UI*);
+char* (*UI_method_get_prompt_constructor(UI_METHOD *method))(UI*, const char*, const char*);
 /* The following functions are helpers for method writers to access relevant
   data from a UI_STRING. */
diff --git a/src/lib/libcrypto/ui/ui_err.c b/src/lib/libcrypto/ui/ui_err.c
index 786bd0dbc3..a6b96299a0 100644
--- a/src/lib/libcrypto/ui/ui_err.c
+++ b/src/lib/libcrypto/ui/ui_err.c
@@ -1,6 +1,6 @@
 /* crypto/ui/ui_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
diff --git a/src/lib/libcrypto/ui/ui_lib.c b/src/lib/libcrypto/ui/ui_lib.c
index ac0100808f..a8abc27064 100644
--- a/src/lib/libcrypto/ui/ui_lib.c
+++ b/src/lib/libcrypto/ui/ui_lib.c
@@ -693,6 +693,17 @@ int UI_method_set_closer(UI_METHOD *method, int (*closer)(UI *ui))
                return -1;
        }
+int UI_method_set_prompt_constructor(UI_METHOD *method, char *(*prompt_constructor)(UI* ui, const char* object_desc, const char* object_name))
+        {
+        if (method)
+                {
+                method->ui_construct_prompt = prompt_constructor;
+                return 0;
+                }
+        else
+                return -1;
+        }
 int (*UI_method_get_opener(UI_METHOD *method))(UI*)
        {
        if (method)
@@ -733,6 +744,14 @@ int (*UI_method_get_closer(UI_METHOD *method))(UI*)
                return NULL;
        }
+char* (*UI_method_get_prompt_constructor(UI_METHOD *method))(UI*, const char*, const char*)
+        {
+        if (method)
+                return method->ui_construct_prompt;
+        else
+                return NULL;
+        }
 enum UI_string_types UI_get_string_type(UI_STRING *uis)
        {
        if (!uis)
diff --git a/src/lib/libcrypto/ui/ui_openssl.c b/src/lib/libcrypto/ui/ui_openssl.c
index ef930bf247..1bc25f48d5 100644
--- a/src/lib/libcrypto/ui/ui_openssl.c
+++ b/src/lib/libcrypto/ui/ui_openssl.c
@@ -122,7 +122,9 @@
 * sigaction and fileno included. -pedantic would be more appropriate for
 * the intended purposes, but we can't prevent users from adding -ansi.
 */
-#define _POSIX_C_SOURCE 1
+#ifndef _POSIX_C_SOURCE
+#define _POSIX_C_SOURCE 2
+#endif
 #include <signal.h>
 #include <stdio.h>
 #include <string.h>
@@ -297,7 +299,7 @@ static int is_a_tty;
 /* Declare static functions */
 #if !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE)
-static void read_till_nl(FILE *);
+static int read_till_nl(FILE *);
 static void recsig(int);
 static void pushsig(void);
 static void popsig(void);
@@ -390,14 +392,16 @@ static int read_string(UI *ui, UI_STRING *uis)
 #if !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE)
 /* Internal functions to read a string without echoing */
-static void read_till_nl(FILE *in)
+static int read_till_nl(FILE *in)
        {
 #define SIZE 4
        char buf[SIZE+1];
        do      {
-                fgets(buf,SIZE,in);
+                if (!fgets(buf,SIZE,in))
+                        return 0;
                } while (strchr(buf,'\n') == NULL);
+        return 1;
        }
 static volatile sig_atomic_t intr_signal;
@@ -445,7 +449,8 @@ static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl)
                        *p='\0';
                }
        else
-                read_till_nl(tty_in);
+                if (!read_till_nl(tty_in))
+                        goto error;
        if (UI_set_result(ui, uis, result) >= 0)
                ok=1;
@@ -473,7 +478,7 @@ static int open_console(UI *ui)
        CRYPTO_w_lock(CRYPTO_LOCK_UI);
        is_a_tty = 1;
-#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)
+#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS)
        tty_in=stdin;
        tty_out=stderr;
 #else
diff --git a/src/lib/libcrypto/util/mkerr.pl b/src/lib/libcrypto/util/mkerr.pl
index 554bebb159..15b774f277 100644
--- a/src/lib/libcrypto/util/mkerr.pl
+++ b/src/lib/libcrypto/util/mkerr.pl
@@ -1,6 +1,7 @@
 #!/usr/local/bin/perl -w
 my $config = "crypto/err/openssl.ec";
+my $hprefix = "openssl/";
 my $debug = 0;
 my $rebuild = 0;
 my $static = 1;
@@ -12,11 +13,16 @@ my $staticloader = "";
 my $pack_errcode;
 my $load_errcode;
+my $errcount;
 while (@ARGV) {
        my $arg = $ARGV[0];
        if($arg eq "-conf") {
                shift @ARGV;
                $config = shift @ARGV;
+        } elsif($arg eq "-hprefix") {
+                shift @ARGV;
+                $hprefix = shift @ARGV;
        } elsif($arg eq "-debug") {
                $debug = 1;
                shift @ARGV;
@@ -38,14 +44,78 @@ while (@ARGV) {
        } elsif($arg eq "-write") {
                $dowrite = 1;
                shift @ARGV;
+        } elsif($arg eq "-help" || $arg eq "-h" || $arg eq "-?" || $arg eq "--help") {
+                print STDERR <<"EOF";
+mkerr.pl [options] ...
+Options:
+  -conf F       Use the config file F instead of the default one:
+                  crypto/err/openssl.ec
+  -hprefix P    Prepend the filenames in generated #include <header>
+                statements with prefix P. Default: 'openssl/' (without
+                the quotes, naturally)
+  -debug        Turn on debugging verbose output on stderr.
+  -rebuild      Rebuild all header and C source files, irrespective of the
+                fact if any error or function codes have been added/removed.
+                Default: only update files for libraries which saw change
+                         (of course, this requires '-write' as well, or no
+                          files will be touched!)
+  -recurse      scan a preconfigured set of directories / files for error and
+                function codes:
+                  (<crypto/*.c>, <crypto/*/*.c>, <ssl/*.c>, <apps/*.c>)
+                When this option is NOT specified, the filelist is taken from
+                the commandline instead. Here, wildcards may be embedded. (Be
+                sure to escape those to prevent the shell from expanding them
+                for you when you wish mkerr.pl to do so instead.)
+                Default: take file list to scan from the command line.
+  -reindex      Discard the numeric values previously assigned to the error
+                and function codes as extracted from the scanned header files;
+                instead renumber all of them starting from 100. (Note that
+                the numbers assigned through 'R' records in the config file
+                remain intact.)
+                Default: keep previously assigned numbers. (You are warned
+                         when collisions are detected.)
+  -nostatic     Generates a different source code, where these additional 
+                functions are generated for each library specified in the
+                config file:
+                  void ERR_load_<LIB>_strings(void);
+                  void ERR_unload_<LIB>_strings(void);
+                  void ERR_<LIB>_error(int f, int r, char *fn, int ln);
+                  #define <LIB>err(f,r) ERR_<LIB>_error(f,r,__FILE__,__LINE__)
+                while the code facilitates the use of these in an environment
+                where the error support routines are dynamically loaded at 
+                runtime.
+                Default: 'static' code generation.
+  -staticloader Prefix generated functions with the 'static' scope modifier.
+                Default: don't write any scope modifier prefix.
+  -write        Actually (over)write the generated code to the header and C 
+                source files as assigned to each library through the config 
+                file.
+                Default: don't write.
+  -help / -h / -? / --help            Show this help text.
+  ...           Additional arguments are added to the file list to scan,
+                assuming '-recurse' was NOT specified on the command line.
+EOF
+                exit 1;
        } else {
                last;
        }
 }
 if($recurse) {
-        @source = ( <crypto/*.c>, <crypto/*/*.c>, <ssl/*.c>,
+        @source = (<crypto/*.c>, <crypto/*/*.c>, <ssl/*.c>);
-                        <fips/*.c>, <fips/*/*.c>);
 } else {
        @source = @ARGV;
 }
@@ -64,8 +134,8 @@ while(<IN>)
                $cskip{$3} = $1;
                if($3 ne "NONE") {
                        $csrc{$1} = $3;
-                        $fmax{$1} = 99;
+                        $fmax{$1} = 100;
-                        $rmax{$1} = 99;
+                        $rmax{$1} = 100;
                        $fassigned{$1} = ":";
                        $rassigned{$1} = ":";
                        $fnew{$1} = 0;
@@ -191,7 +261,8 @@ while (($hdr, $lib) = each %libinc)
                        if($1 eq "R") {
                                $rcodes{$name} = $code;
                                if ($rassigned{$lib} =~ /:$code:/) {
-                                        print STDERR "!! ERROR: $lib reason code $code assigned twice\n";
+                                        print STDERR "!! ERROR: $lib reason code $code assigned twice (collision at $name)\n";
+                                        ++$errcount;
                                }
                                $rassigned{$lib} .= "$code:";
                                if(!(exists $rextra{$name}) &&
@@ -200,7 +271,8 @@ while (($hdr, $lib) = each %libinc)
                                }
                        } else {
                                if ($fassigned{$lib} =~ /:$code:/) {
-                                        print STDERR "!! ERROR: $lib function code $code assigned twice\n";
+                                        print STDERR "!! ERROR: $lib function code $code assigned twice (collision at $name)\n";
+                                        ++$errcount;
                                }
                                $fassigned{$lib} .= "$code:";
                                if($code > $fmax{$lib}) {
@@ -231,6 +303,7 @@ while (($hdr, $lib) = each %libinc)
                if ($rmax{$lib} >= 1000) {
                        print STDERR "!! ERROR: SSL error codes 1000+ are reserved for alerts.\n";
                        print STDERR "!!        Any new alerts must be added to $config.\n";
+                        ++$errcount;
                        print STDERR "\n";
                }
        }
@@ -255,6 +328,9 @@ foreach $file (@source) {
        print STDERR "File loaded: ".$file."\r" if $debug;
        open(IN, "<$file") || die "Can't open source file $file\n";
        while(<IN>) {
+                # skip obsoleted source files entirely!
+                last if(/^#error\s+obsolete/);
                if(/(([A-Z0-9]+)_F_([A-Z0-9_]+))/) {
                        next unless exists $csrc{$2};
                        next if($1 eq "BIO_F_BUFFER_CTX");
@@ -264,6 +340,7 @@ foreach $file (@source) {
                                $fnew{$2}++;
                        }
                        $notrans{$1} = 1 unless exists $ftrans{$3};
+                        print STDERR "Function: $1\t= $fcodes{$1} (lib: $2, name: $3)\n" if $debug; 
                }
                if(/(([A-Z0-9]+)_R_[A-Z0-9_]+)/) {
                        next unless exists $csrc{$2};
@@ -272,6 +349,7 @@ foreach $file (@source) {
                                $rcodes{$1} = "X";
                                $rnew{$2}++;
                        }
+                        print STDERR "Reason: $1\t= $rcodes{$1} (lib: $2)\n" if $debug; 
                } 
        }
        close IN;
@@ -313,7 +391,7 @@ foreach $lib (keys %csrc)
        } else {
            push @out,
 "/* ====================================================================\n",
-" * Copyright (c) 2001-2008 The OpenSSL Project.  All rights reserved.\n",
+" * Copyright (c) 2001-2010 The OpenSSL Project.  All rights reserved.\n",
 " *\n",
 " * Redistribution and use in source and binary forms, with or without\n",
 " * modification, are permitted provided that the following conditions\n",
@@ -369,6 +447,10 @@ foreach $lib (keys %csrc)
 "#ifndef HEADER_${lib}_ERR_H\n",
 "#define HEADER_${lib}_ERR_H\n",
 "\n",
+"#ifdef  __cplusplus\n",
+"extern \"C\" {\n",
+"#endif\n",
+"\n",
 "/* BEGIN ERROR CODES */\n";
        }
        open (OUT, ">$hfile") || die "Can't Open File $hfile for writing\n";
@@ -455,14 +537,21 @@ EOF
                        if (/\b(${lib}_R_\w*)\b.*\"(.*)\"/) {
                                $err_reason_strings{$1} = $2;
                        }
+                        if (/\b${lib}_F_(\w*)\b.*\"(.*)\"/) {
+                                if (!exists $ftrans{$1} && ($1 ne $2)) {
+                                        print STDERR "WARNING: Mismatched function string $2\n";
+                                        $ftrans{$1} = $2;
+                                }
+                        }
                }
                close(IN);
        }
        my $hincf;
        if($static) {
                $hfile =~ /([^\/]+)$/;
-                $hincf = "<openssl/$1>";
+                $hincf = "<${hprefix}$1>";
        } else {
                $hincf = "\"$hfile\"";
        }
@@ -487,7 +576,7 @@ EOF
        print OUT <<"EOF";
 /* $cfile */
 /* ====================================================================
- * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2010 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -713,3 +802,9 @@ if($debug && defined(@runref) ) {
                print STDERR "$_\n";
        }
 }
+if($errcount) {
+        print STDERR "There were errors, failing...\n\n";
+        exit $errcount;
+}
diff --git a/src/lib/libcrypto/util/mkstack.pl b/src/lib/libcrypto/util/mkstack.pl
index 2a968f395f..6a43757c95 100644
--- a/src/lib/libcrypto/util/mkstack.pl
+++ b/src/lib/libcrypto/util/mkstack.pl
@@ -21,7 +21,7 @@ while (@ARGV) {
 }
-@source = (<crypto/*.[ch]>, <crypto/*/*.[ch]>, <ssl/*.[ch]>);
+@source = (<crypto/*.[ch]>, <crypto/*/*.[ch]>, <ssl/*.[ch]>, <apps/*.[ch]>);
 foreach $file (@source) {
        next if -l $file;
@@ -31,11 +31,19 @@ foreach $file (@source) {
        while(<IN>) {
                if (/^DECLARE_STACK_OF\(([^)]+)\)/) {
                        push @stacklst, $1;
-                } if (/^DECLARE_ASN1_SET_OF\(([^)]+)\)/) {
+                }
+                if (/^DECLARE_SPECIAL_STACK_OF\(([^,\s]+)\s*,\s*([^>\s]+)\)/) {
+                        push @sstacklst, [$1, $2];
+                }
+                if (/^DECLARE_ASN1_SET_OF\(([^)]+)\)/) {
                        push @asn1setlst, $1;
-                } if (/^DECLARE_PKCS12_STACK_OF\(([^)]+)\)/) {
+                }
+                if (/^DECLARE_PKCS12_STACK_OF\(([^)]+)\)/) {
                        push @p12stklst, $1;
                }
+                if (/^DECLARE_LHASH_OF\(([^)]+)\)/) {
+                        push @lhashlst, $1;
+                }
        }
        close(IN);
 }
@@ -65,7 +73,7 @@ while(<IN>) {
        foreach $type_thing (sort @stacklst) {
                $new_stackfile .= <<EOF;
-#define sk_${type_thing}_new(st) SKM_sk_new($type_thing, (st))
+#define sk_${type_thing}_new(cmp) SKM_sk_new($type_thing, (cmp))
 #define sk_${type_thing}_new_null() SKM_sk_new_null($type_thing)
 #define sk_${type_thing}_free(st) SKM_sk_free($type_thing, (st))
 #define sk_${type_thing}_num(st) SKM_sk_num($type_thing, (st))
@@ -88,6 +96,39 @@ while(<IN>) {
 #define sk_${type_thing}_is_sorted(st) SKM_sk_is_sorted($type_thing, (st))
 EOF
        }
+        foreach $type_thing (sort @sstacklst) {
+            my $t1 = $type_thing->[0];
+            my $t2 = $type_thing->[1];
+            $new_stackfile .= <<EOF;
+#define sk_${t1}_new(cmp) ((STACK_OF($t1) *)sk_new(CHECKED_SK_CMP_FUNC($t2, cmp)))
+#define sk_${t1}_new_null() ((STACK_OF($t1) *)sk_new_null())
+#define sk_${t1}_push(st, val) sk_push(CHECKED_PTR_OF(STACK_OF($t1), st), CHECKED_PTR_OF($t2, val))
+#define sk_${t1}_find(st, val) sk_find(CHECKED_PTR_OF(STACK_OF($t1), st), CHECKED_PTR_OF($t2, val))
+#define sk_${t1}_value(st, i) (($t1)sk_value(CHECKED_PTR_OF(STACK_OF($t1), st), i))
+#define sk_${t1}_num(st) SKM_sk_num($t1, st)
+#define sk_${t1}_pop_free(st, free_func) sk_pop_free(CHECKED_PTR_OF(STACK_OF($t1), st), CHECKED_SK_FREE_FUNC2($t1, free_func))
+#define sk_${t1}_insert(st, val, i) sk_insert(CHECKED_PTR_OF(STACK_OF($t1), st), CHECKED_PTR_OF($t2, val), i)
+#define sk_${t1}_free(st) SKM_sk_free(${t1}, st)
+#define sk_${t1}_set(st, i, val) sk_set((_STACK *)CHECKED_PTR_OF(STACK_OF($t1), st), i, CHECKED_PTR_OF($t2, val))
+#define sk_${t1}_zero(st) SKM_sk_zero($t1, (st))
+#define sk_${t1}_unshift(st, val) sk_unshift((_STACK *)CHECKED_PTR_OF(STACK_OF($t1), st), CHECKED_PTR_OF($t2, val))
+#define sk_${t1}_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF($t1), st), CHECKED_CONST_PTR_OF($t2, val))
+#define sk_${t1}_delete(st, i) SKM_sk_delete($t1, (st), (i))
+#define sk_${t1}_delete_ptr(st, ptr) ($t1 *)sk_delete_ptr((_STACK *)CHECKED_PTR_OF(STACK_OF($t1), st), CHECKED_PTR_OF($t2, ptr))
+#define sk_${t1}_set_cmp_func(st, cmp)  \\
+        ((int (*)(const $t2 * const *,const $t2 * const *)) \\
+        sk_set_cmp_func((_STACK *)CHECKED_PTR_OF(STACK_OF($t1), st), CHECKED_SK_CMP_FUNC($t2, cmp)))
+#define sk_${t1}_dup(st) SKM_sk_dup($t1, st)
+#define sk_${t1}_shift(st) SKM_sk_shift($t1, (st))
+#define sk_${t1}_pop(st) ($t2 *)sk_pop((_STACK *)CHECKED_PTR_OF(STACK_OF($t1), st))
+#define sk_${t1}_sort(st) SKM_sk_sort($t1, (st))
+#define sk_${t1}_is_sorted(st) SKM_sk_is_sorted($t1, (st))
+EOF
+        }
        foreach $type_thing (sort @asn1setlst) {
                $new_stackfile .= <<EOF;
@@ -108,6 +149,31 @@ EOF
        SKM_PKCS12_decrypt_d2i($type_thing, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq))
 EOF
        }
+        foreach $type_thing (sort @lhashlst) {
+                my $lc_tt = lc $type_thing;
+                $new_stackfile .= <<EOF;
+#define lh_${type_thing}_new() LHM_lh_new(${type_thing},${lc_tt})
+#define lh_${type_thing}_insert(lh,inst) LHM_lh_insert(${type_thing},lh,inst)
+#define lh_${type_thing}_retrieve(lh,inst) LHM_lh_retrieve(${type_thing},lh,inst)
+#define lh_${type_thing}_delete(lh,inst) LHM_lh_delete(${type_thing},lh,inst)
+#define lh_${type_thing}_doall(lh,fn) LHM_lh_doall(${type_thing},lh,fn)
+#define lh_${type_thing}_doall_arg(lh,fn,arg_type,arg) \\
+  LHM_lh_doall_arg(${type_thing},lh,fn,arg_type,arg)
+#define lh_${type_thing}_error(lh) LHM_lh_error(${type_thing},lh)
+#define lh_${type_thing}_num_items(lh) LHM_lh_num_items(${type_thing},lh)
+#define lh_${type_thing}_down_load(lh) LHM_lh_down_load(${type_thing},lh)
+#define lh_${type_thing}_node_stats_bio(lh,out) \\
+  LHM_lh_node_stats_bio(${type_thing},lh,out)
+#define lh_${type_thing}_node_usage_stats_bio(lh,out) \\
+  LHM_lh_node_usage_stats_bio(${type_thing},lh,out)
+#define lh_${type_thing}_stats_bio(lh,out) \\
+  LHM_lh_stats_bio(${type_thing},lh,out)
+#define lh_${type_thing}_free(lh) LHM_lh_free(${type_thing},lh)
+EOF
+        }
        $new_stackfile .= "/* End of util/mkstack.pl block, you may now edit :-) */\n";
        $inside_block = 2;
 }
diff --git a/src/lib/libcrypto/whrlpool/asm/wp-mmx.pl b/src/lib/libcrypto/whrlpool/asm/wp-mmx.pl
new file mode 100644
index 0000000000..32cf16380b
--- /dev/null
+++ b/src/lib/libcrypto/whrlpool/asm/wp-mmx.pl
@@ -0,0 +1,493 @@
+#!/usr/bin/env perl
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. Rights for redistribution and usage in source and binary
+# forms are granted according to the OpenSSL license.
+# ====================================================================
+#
+# whirlpool_block_mmx implementation.
+#
+*SCALE=\(2); # 2 or 8, that is the question:-) Value of 8 results
+# in 16KB large table, which is tough on L1 cache, but eliminates
+# unaligned references to it. Value of 2 results in 4KB table, but
+# 7/8 of references to it are unaligned. AMD cores seem to be
+# allergic to the latter, while Intel ones - to former [see the
+# table]. I stick to value of 2 for two reasons: 1. smaller table
+# minimizes cache trashing and thus mitigates the hazard of side-
+# channel leakage similar to AES cache-timing one; 2. performance
+# gap among different �-archs is smaller.
+#
+# Performance table lists rounded amounts of CPU cycles spent by
+# whirlpool_block_mmx routine on single 64 byte input block, i.e.
+# smaller is better and asymptotic throughput can be estimated by
+# multiplying 64 by CPU clock frequency and dividing by relevant
+# value from the given table:
+#
+#               $SCALE=2/8      icc8    gcc3    
+# Intel P4      3200/4600       4600(*) 6400
+# Intel PIII    2900/3000       4900    5400
+# AMD K[78]     2500/1800       9900    8200(**)
+#
+# (*)   I've sketched even non-MMX assembler, but for the record
+#       I've failed to beat the Intel compiler on P4, without using
+#       MMX that is...
+# (**)  ... on AMD on the other hand non-MMX assembler was observed
+#       to perform significantly better, but I figured this MMX
+#       implementation is even faster anyway, so why bother? As for
+#       pre-MMX AMD core[s], the improvement coefficient is more
+#       than likely to vary anyway and I don't know how. But the
+#       least I know is that gcc-generated code compiled with
+#       -DL_ENDIAN and -DOPENSSL_SMALL_FOOTPRINT [see C module for
+#       details] and optimized for Pentium was observed to perform
+#       *better* on Pentium 100 than unrolled non-MMX assembler
+#       loop... So we just say that I don't know if maintaining
+#       non-MMX implementation would actually pay off, but till
+#       opposite is proved "unlikely" is assumed.
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "x86asm.pl";
+&asm_init($ARGV[0],"wp-mmx.pl");
+sub L()  { &data_byte(@_); }
+sub LL()
+{       if      ($SCALE==2)     { &data_byte(@_); &data_byte(@_); }
+        elsif   ($SCALE==8)     { for ($i=0;$i<8;$i++) {
+                                        &data_byte(@_);
+                                        unshift(@_,pop(@_));
+                                  }
+                                }
+        else                    { die "unvalid SCALE value"; }
+}
+sub scale()
+{       if      ($SCALE==2)     { &lea(@_[0],&DWP(0,@_[1],@_[1])); }
+        elsif   ($SCALE==8)     { &lea(@_[0],&DWP(0,"",@_[1],8));  }
+        else                    { die "unvalid SCALE value";       }
+}
+sub row()
+{       if      ($SCALE==2)     { ((8-shift)&7); }
+        elsif   ($SCALE==8)     { (8*shift);     }
+        else                    { die "unvalid SCALE value"; }
+}
+$tbl="ebp";
+@mm=("mm0","mm1","mm2","mm3","mm4","mm5","mm6","mm7");
+&function_begin_B("whirlpool_block_mmx");
+        &push   ("ebp");
+        &push   ("ebx");
+        &push   ("esi");
+        &push   ("edi");
+        &mov    ("esi",&wparam(0));             # hash value
+        &mov    ("edi",&wparam(1));             # input data stream
+        &mov    ("ebp",&wparam(2));             # number of chunks in input
+        &mov    ("eax","esp");                  # copy stack pointer
+        &sub    ("esp",128+20);                 # allocate frame
+        &and    ("esp",-64);                    # align for cache-line
+        &lea    ("ebx",&DWP(128,"esp"));
+        &mov    (&DWP(0,"ebx"),"esi");          # save parameter block
+        &mov    (&DWP(4,"ebx"),"edi");
+        &mov    (&DWP(8,"ebx"),"ebp");
+        &mov    (&DWP(16,"ebx"),"eax");         # saved stack pointer
+        &call   (&label("pic_point"));
+&set_label("pic_point");
+        &blindpop($tbl);
+        &lea    ($tbl,&DWP(&label("table")."-".&label("pic_point"),$tbl));
+        &xor    ("ecx","ecx");
+        &xor    ("edx","edx");
+        for($i=0;$i<8;$i++) { &movq(@mm[$i],&QWP($i*8,"esi")); }    # L=H
+&set_label("outerloop");
+        for($i=0;$i<8;$i++) { &movq(&QWP($i*8,"esp"),@mm[$i]); }    # K=L
+        for($i=0;$i<8;$i++) { &pxor(@mm[$i],&QWP($i*8,"edi")); }    # L^=inp
+        for($i=0;$i<8;$i++) { &movq(&QWP(64+$i*8,"esp"),@mm[$i]); } # S=L
+        &xor    ("esi","esi");
+        &mov    (&DWP(12,"ebx"),"esi");         # zero round counter
+&set_label("round",16);
+        &movq   (@mm[0],&QWP(2048*$SCALE,$tbl,"esi",8));        # rc[r]
+        &mov    ("eax",&DWP(0,"esp"));
+        &mov    ("ebx",&DWP(4,"esp"));
+for($i=0;$i<8;$i++) {
+    my $func = ($i==0)? movq : pxor;
+        &movb   (&LB("ecx"),&LB("eax"));
+        &movb   (&LB("edx"),&HB("eax"));
+        &scale  ("esi","ecx");
+        &scale  ("edi","edx");
+        &shr    ("eax",16);
+        &pxor   (@mm[0],&QWP(&row(0),$tbl,"esi",8));
+        &$func  (@mm[1],&QWP(&row(1),$tbl,"edi",8));
+        &movb   (&LB("ecx"),&LB("eax"));
+        &movb   (&LB("edx"),&HB("eax"));
+        &mov    ("eax",&DWP(($i+1)*8,"esp"));
+        &scale  ("esi","ecx");
+        &scale  ("edi","edx");
+        &$func  (@mm[2],&QWP(&row(2),$tbl,"esi",8));
+        &$func  (@mm[3],&QWP(&row(3),$tbl,"edi",8));
+        &movb   (&LB("ecx"),&LB("ebx"));
+        &movb   (&LB("edx"),&HB("ebx"));
+        &scale  ("esi","ecx");
+        &scale  ("edi","edx");
+        &shr    ("ebx",16);
+        &$func  (@mm[4],&QWP(&row(4),$tbl,"esi",8));
+        &$func  (@mm[5],&QWP(&row(5),$tbl,"edi",8));
+        &movb   (&LB("ecx"),&LB("ebx"));
+        &movb   (&LB("edx"),&HB("ebx"));
+        &mov    ("ebx",&DWP(($i+1)*8+4,"esp"));
+        &scale  ("esi","ecx");
+        &scale  ("edi","edx");
+        &$func  (@mm[6],&QWP(&row(6),$tbl,"esi",8));
+        &$func  (@mm[7],&QWP(&row(7),$tbl,"edi",8));
+    push(@mm,shift(@mm));
+}
+        for($i=0;$i<8;$i++) { &movq(&QWP($i*8,"esp"),@mm[$i]); }    # K=L
+for($i=0;$i<8;$i++) {
+        &movb   (&LB("ecx"),&LB("eax"));
+        &movb   (&LB("edx"),&HB("eax"));
+        &scale  ("esi","ecx");
+        &scale  ("edi","edx");
+        &shr    ("eax",16);
+        &pxor   (@mm[0],&QWP(&row(0),$tbl,"esi",8));
+        &pxor   (@mm[1],&QWP(&row(1),$tbl,"edi",8));
+        &movb   (&LB("ecx"),&LB("eax"));
+        &movb   (&LB("edx"),&HB("eax"));
+        &mov    ("eax",&DWP(64+($i+1)*8,"esp"))         if ($i<7);
+        &scale  ("esi","ecx");
+        &scale  ("edi","edx");
+        &pxor   (@mm[2],&QWP(&row(2),$tbl,"esi",8));
+        &pxor   (@mm[3],&QWP(&row(3),$tbl,"edi",8));
+        &movb   (&LB("ecx"),&LB("ebx"));
+        &movb   (&LB("edx"),&HB("ebx"));
+        &scale  ("esi","ecx");
+        &scale  ("edi","edx");
+        &shr    ("ebx",16);
+        &pxor   (@mm[4],&QWP(&row(4),$tbl,"esi",8));
+        &pxor   (@mm[5],&QWP(&row(5),$tbl,"edi",8));
+        &movb   (&LB("ecx"),&LB("ebx"));
+        &movb   (&LB("edx"),&HB("ebx"));
+        &mov    ("ebx",&DWP(64+($i+1)*8+4,"esp"))       if ($i<7);
+        &scale  ("esi","ecx");
+        &scale  ("edi","edx");
+        &pxor   (@mm[6],&QWP(&row(6),$tbl,"esi",8));
+        &pxor   (@mm[7],&QWP(&row(7),$tbl,"edi",8));
+    push(@mm,shift(@mm));
+}
+        &lea    ("ebx",&DWP(128,"esp"));
+        &mov    ("esi",&DWP(12,"ebx"));         # pull round counter
+        &add    ("esi",1);
+        &cmp    ("esi",10);
+        &je     (&label("roundsdone"));
+        &mov    (&DWP(12,"ebx"),"esi");         # update round counter
+        for($i=0;$i<8;$i++) { &movq(&QWP(64+$i*8,"esp"),@mm[$i]); } # S=L
+        &jmp    (&label("round"));
+&set_label("roundsdone",16);
+        &mov    ("esi",&DWP(0,"ebx"));          # reload argument block
+        &mov    ("edi",&DWP(4,"ebx"));
+        &mov    ("eax",&DWP(8,"ebx"));
+        for($i=0;$i<8;$i++) { &pxor(@mm[$i],&QWP($i*8,"edi")); }    # L^=inp
+        for($i=0;$i<8;$i++) { &pxor(@mm[$i],&QWP($i*8,"esi")); }    # L^=H
+        for($i=0;$i<8;$i++) { &movq(&QWP($i*8,"esi"),@mm[$i]); }    # H=L
+        &lea    ("edi",&DWP(64,"edi"));         # inp+=64
+        &sub    ("eax",1);                      # num--
+        &jz     (&label("alldone"));
+        &mov    (&DWP(4,"ebx"),"edi");          # update argument block
+        &mov    (&DWP(8,"ebx"),"eax");
+        &jmp    (&label("outerloop"));
+&set_label("alldone");
+        &emms   ();
+        &mov    ("esp",&DWP(16,"ebx"));         # restore saved stack pointer
+        &pop    ("edi");
+        &pop    ("esi");
+        &pop    ("ebx");
+        &pop    ("ebp");
+        &ret    ();
+&align(64);
+&set_label("table");
+        &LL(0x18,0x18,0x60,0x18,0xc0,0x78,0x30,0xd8);
+        &LL(0x23,0x23,0x8c,0x23,0x05,0xaf,0x46,0x26);
+        &LL(0xc6,0xc6,0x3f,0xc6,0x7e,0xf9,0x91,0xb8);
+        &LL(0xe8,0xe8,0x87,0xe8,0x13,0x6f,0xcd,0xfb);
+        &LL(0x87,0x87,0x26,0x87,0x4c,0xa1,0x13,0xcb);
+        &LL(0xb8,0xb8,0xda,0xb8,0xa9,0x62,0x6d,0x11);
+        &LL(0x01,0x01,0x04,0x01,0x08,0x05,0x02,0x09);
+        &LL(0x4f,0x4f,0x21,0x4f,0x42,0x6e,0x9e,0x0d);
+        &LL(0x36,0x36,0xd8,0x36,0xad,0xee,0x6c,0x9b);
+        &LL(0xa6,0xa6,0xa2,0xa6,0x59,0x04,0x51,0xff);
+        &LL(0xd2,0xd2,0x6f,0xd2,0xde,0xbd,0xb9,0x0c);
+        &LL(0xf5,0xf5,0xf3,0xf5,0xfb,0x06,0xf7,0x0e);
+        &LL(0x79,0x79,0xf9,0x79,0xef,0x80,0xf2,0x96);
+        &LL(0x6f,0x6f,0xa1,0x6f,0x5f,0xce,0xde,0x30);
+        &LL(0x91,0x91,0x7e,0x91,0xfc,0xef,0x3f,0x6d);
+        &LL(0x52,0x52,0x55,0x52,0xaa,0x07,0xa4,0xf8);
+        &LL(0x60,0x60,0x9d,0x60,0x27,0xfd,0xc0,0x47);
+        &LL(0xbc,0xbc,0xca,0xbc,0x89,0x76,0x65,0x35);
+        &LL(0x9b,0x9b,0x56,0x9b,0xac,0xcd,0x2b,0x37);
+        &LL(0x8e,0x8e,0x02,0x8e,0x04,0x8c,0x01,0x8a);
+        &LL(0xa3,0xa3,0xb6,0xa3,0x71,0x15,0x5b,0xd2);
+        &LL(0x0c,0x0c,0x30,0x0c,0x60,0x3c,0x18,0x6c);
+        &LL(0x7b,0x7b,0xf1,0x7b,0xff,0x8a,0xf6,0x84);
+        &LL(0x35,0x35,0xd4,0x35,0xb5,0xe1,0x6a,0x80);
+        &LL(0x1d,0x1d,0x74,0x1d,0xe8,0x69,0x3a,0xf5);
+        &LL(0xe0,0xe0,0xa7,0xe0,0x53,0x47,0xdd,0xb3);
+        &LL(0xd7,0xd7,0x7b,0xd7,0xf6,0xac,0xb3,0x21);
+        &LL(0xc2,0xc2,0x2f,0xc2,0x5e,0xed,0x99,0x9c);
+        &LL(0x2e,0x2e,0xb8,0x2e,0x6d,0x96,0x5c,0x43);
+        &LL(0x4b,0x4b,0x31,0x4b,0x62,0x7a,0x96,0x29);
+        &LL(0xfe,0xfe,0xdf,0xfe,0xa3,0x21,0xe1,0x5d);
+        &LL(0x57,0x57,0x41,0x57,0x82,0x16,0xae,0xd5);
+        &LL(0x15,0x15,0x54,0x15,0xa8,0x41,0x2a,0xbd);
+        &LL(0x77,0x77,0xc1,0x77,0x9f,0xb6,0xee,0xe8);
+        &LL(0x37,0x37,0xdc,0x37,0xa5,0xeb,0x6e,0x92);
+        &LL(0xe5,0xe5,0xb3,0xe5,0x7b,0x56,0xd7,0x9e);
+        &LL(0x9f,0x9f,0x46,0x9f,0x8c,0xd9,0x23,0x13);
+        &LL(0xf0,0xf0,0xe7,0xf0,0xd3,0x17,0xfd,0x23);
+        &LL(0x4a,0x4a,0x35,0x4a,0x6a,0x7f,0x94,0x20);
+        &LL(0xda,0xda,0x4f,0xda,0x9e,0x95,0xa9,0x44);
+        &LL(0x58,0x58,0x7d,0x58,0xfa,0x25,0xb0,0xa2);
+        &LL(0xc9,0xc9,0x03,0xc9,0x06,0xca,0x8f,0xcf);
+        &LL(0x29,0x29,0xa4,0x29,0x55,0x8d,0x52,0x7c);
+        &LL(0x0a,0x0a,0x28,0x0a,0x50,0x22,0x14,0x5a);
+        &LL(0xb1,0xb1,0xfe,0xb1,0xe1,0x4f,0x7f,0x50);
+        &LL(0xa0,0xa0,0xba,0xa0,0x69,0x1a,0x5d,0xc9);
+        &LL(0x6b,0x6b,0xb1,0x6b,0x7f,0xda,0xd6,0x14);
+        &LL(0x85,0x85,0x2e,0x85,0x5c,0xab,0x17,0xd9);
+        &LL(0xbd,0xbd,0xce,0xbd,0x81,0x73,0x67,0x3c);
+        &LL(0x5d,0x5d,0x69,0x5d,0xd2,0x34,0xba,0x8f);
+        &LL(0x10,0x10,0x40,0x10,0x80,0x50,0x20,0x90);
+        &LL(0xf4,0xf4,0xf7,0xf4,0xf3,0x03,0xf5,0x07);
+        &LL(0xcb,0xcb,0x0b,0xcb,0x16,0xc0,0x8b,0xdd);
+        &LL(0x3e,0x3e,0xf8,0x3e,0xed,0xc6,0x7c,0xd3);
+        &LL(0x05,0x05,0x14,0x05,0x28,0x11,0x0a,0x2d);
+        &LL(0x67,0x67,0x81,0x67,0x1f,0xe6,0xce,0x78);
+        &LL(0xe4,0xe4,0xb7,0xe4,0x73,0x53,0xd5,0x97);
+        &LL(0x27,0x27,0x9c,0x27,0x25,0xbb,0x4e,0x02);
+        &LL(0x41,0x41,0x19,0x41,0x32,0x58,0x82,0x73);
+        &LL(0x8b,0x8b,0x16,0x8b,0x2c,0x9d,0x0b,0xa7);
+        &LL(0xa7,0xa7,0xa6,0xa7,0x51,0x01,0x53,0xf6);
+        &LL(0x7d,0x7d,0xe9,0x7d,0xcf,0x94,0xfa,0xb2);
+        &LL(0x95,0x95,0x6e,0x95,0xdc,0xfb,0x37,0x49);
+        &LL(0xd8,0xd8,0x47,0xd8,0x8e,0x9f,0xad,0x56);
+        &LL(0xfb,0xfb,0xcb,0xfb,0x8b,0x30,0xeb,0x70);
+        &LL(0xee,0xee,0x9f,0xee,0x23,0x71,0xc1,0xcd);
+        &LL(0x7c,0x7c,0xed,0x7c,0xc7,0x91,0xf8,0xbb);
+        &LL(0x66,0x66,0x85,0x66,0x17,0xe3,0xcc,0x71);
+        &LL(0xdd,0xdd,0x53,0xdd,0xa6,0x8e,0xa7,0x7b);
+        &LL(0x17,0x17,0x5c,0x17,0xb8,0x4b,0x2e,0xaf);
+        &LL(0x47,0x47,0x01,0x47,0x02,0x46,0x8e,0x45);
+        &LL(0x9e,0x9e,0x42,0x9e,0x84,0xdc,0x21,0x1a);
+        &LL(0xca,0xca,0x0f,0xca,0x1e,0xc5,0x89,0xd4);
+        &LL(0x2d,0x2d,0xb4,0x2d,0x75,0x99,0x5a,0x58);
+        &LL(0xbf,0xbf,0xc6,0xbf,0x91,0x79,0x63,0x2e);
+        &LL(0x07,0x07,0x1c,0x07,0x38,0x1b,0x0e,0x3f);
+        &LL(0xad,0xad,0x8e,0xad,0x01,0x23,0x47,0xac);
+        &LL(0x5a,0x5a,0x75,0x5a,0xea,0x2f,0xb4,0xb0);
+        &LL(0x83,0x83,0x36,0x83,0x6c,0xb5,0x1b,0xef);
+        &LL(0x33,0x33,0xcc,0x33,0x85,0xff,0x66,0xb6);
+        &LL(0x63,0x63,0x91,0x63,0x3f,0xf2,0xc6,0x5c);
+        &LL(0x02,0x02,0x08,0x02,0x10,0x0a,0x04,0x12);
+        &LL(0xaa,0xaa,0x92,0xaa,0x39,0x38,0x49,0x93);
+        &LL(0x71,0x71,0xd9,0x71,0xaf,0xa8,0xe2,0xde);
+        &LL(0xc8,0xc8,0x07,0xc8,0x0e,0xcf,0x8d,0xc6);
+        &LL(0x19,0x19,0x64,0x19,0xc8,0x7d,0x32,0xd1);
+        &LL(0x49,0x49,0x39,0x49,0x72,0x70,0x92,0x3b);
+        &LL(0xd9,0xd9,0x43,0xd9,0x86,0x9a,0xaf,0x5f);
+        &LL(0xf2,0xf2,0xef,0xf2,0xc3,0x1d,0xf9,0x31);
+        &LL(0xe3,0xe3,0xab,0xe3,0x4b,0x48,0xdb,0xa8);
+        &LL(0x5b,0x5b,0x71,0x5b,0xe2,0x2a,0xb6,0xb9);
+        &LL(0x88,0x88,0x1a,0x88,0x34,0x92,0x0d,0xbc);
+        &LL(0x9a,0x9a,0x52,0x9a,0xa4,0xc8,0x29,0x3e);
+        &LL(0x26,0x26,0x98,0x26,0x2d,0xbe,0x4c,0x0b);
+        &LL(0x32,0x32,0xc8,0x32,0x8d,0xfa,0x64,0xbf);
+        &LL(0xb0,0xb0,0xfa,0xb0,0xe9,0x4a,0x7d,0x59);
+        &LL(0xe9,0xe9,0x83,0xe9,0x1b,0x6a,0xcf,0xf2);
+        &LL(0x0f,0x0f,0x3c,0x0f,0x78,0x33,0x1e,0x77);
+        &LL(0xd5,0xd5,0x73,0xd5,0xe6,0xa6,0xb7,0x33);
+        &LL(0x80,0x80,0x3a,0x80,0x74,0xba,0x1d,0xf4);
+        &LL(0xbe,0xbe,0xc2,0xbe,0x99,0x7c,0x61,0x27);
+        &LL(0xcd,0xcd,0x13,0xcd,0x26,0xde,0x87,0xeb);
+        &LL(0x34,0x34,0xd0,0x34,0xbd,0xe4,0x68,0x89);
+        &LL(0x48,0x48,0x3d,0x48,0x7a,0x75,0x90,0x32);
+        &LL(0xff,0xff,0xdb,0xff,0xab,0x24,0xe3,0x54);
+        &LL(0x7a,0x7a,0xf5,0x7a,0xf7,0x8f,0xf4,0x8d);
+        &LL(0x90,0x90,0x7a,0x90,0xf4,0xea,0x3d,0x64);
+        &LL(0x5f,0x5f,0x61,0x5f,0xc2,0x3e,0xbe,0x9d);
+        &LL(0x20,0x20,0x80,0x20,0x1d,0xa0,0x40,0x3d);
+        &LL(0x68,0x68,0xbd,0x68,0x67,0xd5,0xd0,0x0f);
+        &LL(0x1a,0x1a,0x68,0x1a,0xd0,0x72,0x34,0xca);
+        &LL(0xae,0xae,0x82,0xae,0x19,0x2c,0x41,0xb7);
+        &LL(0xb4,0xb4,0xea,0xb4,0xc9,0x5e,0x75,0x7d);
+        &LL(0x54,0x54,0x4d,0x54,0x9a,0x19,0xa8,0xce);
+        &LL(0x93,0x93,0x76,0x93,0xec,0xe5,0x3b,0x7f);
+        &LL(0x22,0x22,0x88,0x22,0x0d,0xaa,0x44,0x2f);
+        &LL(0x64,0x64,0x8d,0x64,0x07,0xe9,0xc8,0x63);
+        &LL(0xf1,0xf1,0xe3,0xf1,0xdb,0x12,0xff,0x2a);
+        &LL(0x73,0x73,0xd1,0x73,0xbf,0xa2,0xe6,0xcc);
+        &LL(0x12,0x12,0x48,0x12,0x90,0x5a,0x24,0x82);
+        &LL(0x40,0x40,0x1d,0x40,0x3a,0x5d,0x80,0x7a);
+        &LL(0x08,0x08,0x20,0x08,0x40,0x28,0x10,0x48);
+        &LL(0xc3,0xc3,0x2b,0xc3,0x56,0xe8,0x9b,0x95);
+        &LL(0xec,0xec,0x97,0xec,0x33,0x7b,0xc5,0xdf);
+        &LL(0xdb,0xdb,0x4b,0xdb,0x96,0x90,0xab,0x4d);
+        &LL(0xa1,0xa1,0xbe,0xa1,0x61,0x1f,0x5f,0xc0);
+        &LL(0x8d,0x8d,0x0e,0x8d,0x1c,0x83,0x07,0x91);
+        &LL(0x3d,0x3d,0xf4,0x3d,0xf5,0xc9,0x7a,0xc8);
+        &LL(0x97,0x97,0x66,0x97,0xcc,0xf1,0x33,0x5b);
+        &LL(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00);
+        &LL(0xcf,0xcf,0x1b,0xcf,0x36,0xd4,0x83,0xf9);
+        &LL(0x2b,0x2b,0xac,0x2b,0x45,0x87,0x56,0x6e);
+        &LL(0x76,0x76,0xc5,0x76,0x97,0xb3,0xec,0xe1);
+        &LL(0x82,0x82,0x32,0x82,0x64,0xb0,0x19,0xe6);
+        &LL(0xd6,0xd6,0x7f,0xd6,0xfe,0xa9,0xb1,0x28);
+        &LL(0x1b,0x1b,0x6c,0x1b,0xd8,0x77,0x36,0xc3);
+        &LL(0xb5,0xb5,0xee,0xb5,0xc1,0x5b,0x77,0x74);
+        &LL(0xaf,0xaf,0x86,0xaf,0x11,0x29,0x43,0xbe);
+        &LL(0x6a,0x6a,0xb5,0x6a,0x77,0xdf,0xd4,0x1d);
+        &LL(0x50,0x50,0x5d,0x50,0xba,0x0d,0xa0,0xea);
+        &LL(0x45,0x45,0x09,0x45,0x12,0x4c,0x8a,0x57);
+        &LL(0xf3,0xf3,0xeb,0xf3,0xcb,0x18,0xfb,0x38);
+        &LL(0x30,0x30,0xc0,0x30,0x9d,0xf0,0x60,0xad);
+        &LL(0xef,0xef,0x9b,0xef,0x2b,0x74,0xc3,0xc4);
+        &LL(0x3f,0x3f,0xfc,0x3f,0xe5,0xc3,0x7e,0xda);
+        &LL(0x55,0x55,0x49,0x55,0x92,0x1c,0xaa,0xc7);
+        &LL(0xa2,0xa2,0xb2,0xa2,0x79,0x10,0x59,0xdb);
+        &LL(0xea,0xea,0x8f,0xea,0x03,0x65,0xc9,0xe9);
+        &LL(0x65,0x65,0x89,0x65,0x0f,0xec,0xca,0x6a);
+        &LL(0xba,0xba,0xd2,0xba,0xb9,0x68,0x69,0x03);
+        &LL(0x2f,0x2f,0xbc,0x2f,0x65,0x93,0x5e,0x4a);
+        &LL(0xc0,0xc0,0x27,0xc0,0x4e,0xe7,0x9d,0x8e);
+        &LL(0xde,0xde,0x5f,0xde,0xbe,0x81,0xa1,0x60);
+        &LL(0x1c,0x1c,0x70,0x1c,0xe0,0x6c,0x38,0xfc);
+        &LL(0xfd,0xfd,0xd3,0xfd,0xbb,0x2e,0xe7,0x46);
+        &LL(0x4d,0x4d,0x29,0x4d,0x52,0x64,0x9a,0x1f);
+        &LL(0x92,0x92,0x72,0x92,0xe4,0xe0,0x39,0x76);
+        &LL(0x75,0x75,0xc9,0x75,0x8f,0xbc,0xea,0xfa);
+        &LL(0x06,0x06,0x18,0x06,0x30,0x1e,0x0c,0x36);
+        &LL(0x8a,0x8a,0x12,0x8a,0x24,0x98,0x09,0xae);
+        &LL(0xb2,0xb2,0xf2,0xb2,0xf9,0x40,0x79,0x4b);
+        &LL(0xe6,0xe6,0xbf,0xe6,0x63,0x59,0xd1,0x85);
+        &LL(0x0e,0x0e,0x38,0x0e,0x70,0x36,0x1c,0x7e);
+        &LL(0x1f,0x1f,0x7c,0x1f,0xf8,0x63,0x3e,0xe7);
+        &LL(0x62,0x62,0x95,0x62,0x37,0xf7,0xc4,0x55);
+        &LL(0xd4,0xd4,0x77,0xd4,0xee,0xa3,0xb5,0x3a);
+        &LL(0xa8,0xa8,0x9a,0xa8,0x29,0x32,0x4d,0x81);
+        &LL(0x96,0x96,0x62,0x96,0xc4,0xf4,0x31,0x52);
+        &LL(0xf9,0xf9,0xc3,0xf9,0x9b,0x3a,0xef,0x62);
+        &LL(0xc5,0xc5,0x33,0xc5,0x66,0xf6,0x97,0xa3);
+        &LL(0x25,0x25,0x94,0x25,0x35,0xb1,0x4a,0x10);
+        &LL(0x59,0x59,0x79,0x59,0xf2,0x20,0xb2,0xab);
+        &LL(0x84,0x84,0x2a,0x84,0x54,0xae,0x15,0xd0);
+        &LL(0x72,0x72,0xd5,0x72,0xb7,0xa7,0xe4,0xc5);
+        &LL(0x39,0x39,0xe4,0x39,0xd5,0xdd,0x72,0xec);
+        &LL(0x4c,0x4c,0x2d,0x4c,0x5a,0x61,0x98,0x16);
+        &LL(0x5e,0x5e,0x65,0x5e,0xca,0x3b,0xbc,0x94);
+        &LL(0x78,0x78,0xfd,0x78,0xe7,0x85,0xf0,0x9f);
+        &LL(0x38,0x38,0xe0,0x38,0xdd,0xd8,0x70,0xe5);
+        &LL(0x8c,0x8c,0x0a,0x8c,0x14,0x86,0x05,0x98);
+        &LL(0xd1,0xd1,0x63,0xd1,0xc6,0xb2,0xbf,0x17);
+        &LL(0xa5,0xa5,0xae,0xa5,0x41,0x0b,0x57,0xe4);
+        &LL(0xe2,0xe2,0xaf,0xe2,0x43,0x4d,0xd9,0xa1);
+        &LL(0x61,0x61,0x99,0x61,0x2f,0xf8,0xc2,0x4e);
+        &LL(0xb3,0xb3,0xf6,0xb3,0xf1,0x45,0x7b,0x42);
+        &LL(0x21,0x21,0x84,0x21,0x15,0xa5,0x42,0x34);
+        &LL(0x9c,0x9c,0x4a,0x9c,0x94,0xd6,0x25,0x08);
+        &LL(0x1e,0x1e,0x78,0x1e,0xf0,0x66,0x3c,0xee);
+        &LL(0x43,0x43,0x11,0x43,0x22,0x52,0x86,0x61);
+        &LL(0xc7,0xc7,0x3b,0xc7,0x76,0xfc,0x93,0xb1);
+        &LL(0xfc,0xfc,0xd7,0xfc,0xb3,0x2b,0xe5,0x4f);
+        &LL(0x04,0x04,0x10,0x04,0x20,0x14,0x08,0x24);
+        &LL(0x51,0x51,0x59,0x51,0xb2,0x08,0xa2,0xe3);
+        &LL(0x99,0x99,0x5e,0x99,0xbc,0xc7,0x2f,0x25);
+        &LL(0x6d,0x6d,0xa9,0x6d,0x4f,0xc4,0xda,0x22);
+        &LL(0x0d,0x0d,0x34,0x0d,0x68,0x39,0x1a,0x65);
+        &LL(0xfa,0xfa,0xcf,0xfa,0x83,0x35,0xe9,0x79);
+        &LL(0xdf,0xdf,0x5b,0xdf,0xb6,0x84,0xa3,0x69);
+        &LL(0x7e,0x7e,0xe5,0x7e,0xd7,0x9b,0xfc,0xa9);
+        &LL(0x24,0x24,0x90,0x24,0x3d,0xb4,0x48,0x19);
+        &LL(0x3b,0x3b,0xec,0x3b,0xc5,0xd7,0x76,0xfe);
+        &LL(0xab,0xab,0x96,0xab,0x31,0x3d,0x4b,0x9a);
+        &LL(0xce,0xce,0x1f,0xce,0x3e,0xd1,0x81,0xf0);
+        &LL(0x11,0x11,0x44,0x11,0x88,0x55,0x22,0x99);
+        &LL(0x8f,0x8f,0x06,0x8f,0x0c,0x89,0x03,0x83);
+        &LL(0x4e,0x4e,0x25,0x4e,0x4a,0x6b,0x9c,0x04);
+        &LL(0xb7,0xb7,0xe6,0xb7,0xd1,0x51,0x73,0x66);
+        &LL(0xeb,0xeb,0x8b,0xeb,0x0b,0x60,0xcb,0xe0);
+        &LL(0x3c,0x3c,0xf0,0x3c,0xfd,0xcc,0x78,0xc1);
+        &LL(0x81,0x81,0x3e,0x81,0x7c,0xbf,0x1f,0xfd);
+        &LL(0x94,0x94,0x6a,0x94,0xd4,0xfe,0x35,0x40);
+        &LL(0xf7,0xf7,0xfb,0xf7,0xeb,0x0c,0xf3,0x1c);
+        &LL(0xb9,0xb9,0xde,0xb9,0xa1,0x67,0x6f,0x18);
+        &LL(0x13,0x13,0x4c,0x13,0x98,0x5f,0x26,0x8b);
+        &LL(0x2c,0x2c,0xb0,0x2c,0x7d,0x9c,0x58,0x51);
+        &LL(0xd3,0xd3,0x6b,0xd3,0xd6,0xb8,0xbb,0x05);
+        &LL(0xe7,0xe7,0xbb,0xe7,0x6b,0x5c,0xd3,0x8c);
+        &LL(0x6e,0x6e,0xa5,0x6e,0x57,0xcb,0xdc,0x39);
+        &LL(0xc4,0xc4,0x37,0xc4,0x6e,0xf3,0x95,0xaa);
+        &LL(0x03,0x03,0x0c,0x03,0x18,0x0f,0x06,0x1b);
+        &LL(0x56,0x56,0x45,0x56,0x8a,0x13,0xac,0xdc);
+        &LL(0x44,0x44,0x0d,0x44,0x1a,0x49,0x88,0x5e);
+        &LL(0x7f,0x7f,0xe1,0x7f,0xdf,0x9e,0xfe,0xa0);
+        &LL(0xa9,0xa9,0x9e,0xa9,0x21,0x37,0x4f,0x88);
+        &LL(0x2a,0x2a,0xa8,0x2a,0x4d,0x82,0x54,0x67);
+        &LL(0xbb,0xbb,0xd6,0xbb,0xb1,0x6d,0x6b,0x0a);
+        &LL(0xc1,0xc1,0x23,0xc1,0x46,0xe2,0x9f,0x87);
+        &LL(0x53,0x53,0x51,0x53,0xa2,0x02,0xa6,0xf1);
+        &LL(0xdc,0xdc,0x57,0xdc,0xae,0x8b,0xa5,0x72);
+        &LL(0x0b,0x0b,0x2c,0x0b,0x58,0x27,0x16,0x53);
+        &LL(0x9d,0x9d,0x4e,0x9d,0x9c,0xd3,0x27,0x01);
+        &LL(0x6c,0x6c,0xad,0x6c,0x47,0xc1,0xd8,0x2b);
+        &LL(0x31,0x31,0xc4,0x31,0x95,0xf5,0x62,0xa4);
+        &LL(0x74,0x74,0xcd,0x74,0x87,0xb9,0xe8,0xf3);
+        &LL(0xf6,0xf6,0xff,0xf6,0xe3,0x09,0xf1,0x15);
+        &LL(0x46,0x46,0x05,0x46,0x0a,0x43,0x8c,0x4c);
+        &LL(0xac,0xac,0x8a,0xac,0x09,0x26,0x45,0xa5);
+        &LL(0x89,0x89,0x1e,0x89,0x3c,0x97,0x0f,0xb5);
+        &LL(0x14,0x14,0x50,0x14,0xa0,0x44,0x28,0xb4);
+        &LL(0xe1,0xe1,0xa3,0xe1,0x5b,0x42,0xdf,0xba);
+        &LL(0x16,0x16,0x58,0x16,0xb0,0x4e,0x2c,0xa6);
+        &LL(0x3a,0x3a,0xe8,0x3a,0xcd,0xd2,0x74,0xf7);
+        &LL(0x69,0x69,0xb9,0x69,0x6f,0xd0,0xd2,0x06);
+        &LL(0x09,0x09,0x24,0x09,0x48,0x2d,0x12,0x41);
+        &LL(0x70,0x70,0xdd,0x70,0xa7,0xad,0xe0,0xd7);
+        &LL(0xb6,0xb6,0xe2,0xb6,0xd9,0x54,0x71,0x6f);
+        &LL(0xd0,0xd0,0x67,0xd0,0xce,0xb7,0xbd,0x1e);
+        &LL(0xed,0xed,0x93,0xed,0x3b,0x7e,0xc7,0xd6);
+        &LL(0xcc,0xcc,0x17,0xcc,0x2e,0xdb,0x85,0xe2);
+        &LL(0x42,0x42,0x15,0x42,0x2a,0x57,0x84,0x68);
+        &LL(0x98,0x98,0x5a,0x98,0xb4,0xc2,0x2d,0x2c);
+        &LL(0xa4,0xa4,0xaa,0xa4,0x49,0x0e,0x55,0xed);
+        &LL(0x28,0x28,0xa0,0x28,0x5d,0x88,0x50,0x75);
+        &LL(0x5c,0x5c,0x6d,0x5c,0xda,0x31,0xb8,0x86);
+        &LL(0xf8,0xf8,0xc7,0xf8,0x93,0x3f,0xed,0x6b);
+        &LL(0x86,0x86,0x22,0x86,0x44,0xa4,0x11,0xc2);
+        &L(0x18,0x23,0xc6,0xe8,0x87,0xb8,0x01,0x4f);    # rc[ROUNDS]
+        &L(0x36,0xa6,0xd2,0xf5,0x79,0x6f,0x91,0x52);
+        &L(0x60,0xbc,0x9b,0x8e,0xa3,0x0c,0x7b,0x35);
+        &L(0x1d,0xe0,0xd7,0xc2,0x2e,0x4b,0xfe,0x57);
+        &L(0x15,0x77,0x37,0xe5,0x9f,0xf0,0x4a,0xda);
+        &L(0x58,0xc9,0x29,0x0a,0xb1,0xa0,0x6b,0x85);
+        &L(0xbd,0x5d,0x10,0xf4,0xcb,0x3e,0x05,0x67);
+        &L(0xe4,0x27,0x41,0x8b,0xa7,0x7d,0x95,0xd8);
+        &L(0xfb,0xee,0x7c,0x66,0xdd,0x17,0x47,0x9e);
+        &L(0xca,0x2d,0xbf,0x07,0xad,0x5a,0x83,0x33);
+&function_end_B("whirlpool_block_mmx");
+&asm_finish(); 
diff --git a/src/lib/libcrypto/whrlpool/asm/wp-x86_64.pl b/src/lib/libcrypto/whrlpool/asm/wp-x86_64.pl
new file mode 100644
index 0000000000..87c0843dc1
--- /dev/null
+++ b/src/lib/libcrypto/whrlpool/asm/wp-x86_64.pl
@@ -0,0 +1,589 @@
+#!/usr/bin/env perl
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. Rights for redistribution and usage in source and binary
+# forms are granted according to the OpenSSL license.
+# ====================================================================
+#
+# whirlpool_block for x86_64.
+#
+# 2500 cycles per 64-byte input block on AMD64, which is *identical*
+# to 32-bit MMX version executed on same CPU. So why did I bother?
+# Well, it's faster than gcc 3.3.2 generated code by over 50%, and
+# over 80% faster than PathScale 1.4, an "ambitious" commercial
+# compiler. Furthermore it surpasses gcc 3.4.3 by 170% and Sun Studio
+# 10 - by 360%[!]... What is it with x86_64 compilers? It's not the
+# first example when they fail to generate more optimal code, when
+# I believe they had *all* chances to...
+#
+# Note that register and stack frame layout are virtually identical
+# to 32-bit MMX version, except that %r8-15 are used instead of
+# %mm0-8. You can even notice that K[i] and S[i] are loaded to
+# %eax:%ebx as pair of 32-bit values and not as single 64-bit one.
+# This is done in order to avoid 64-bit shift penalties on Intel
+# EM64T core. Speaking of which! I bet it's possible to improve
+# Opteron performance by compressing the table to 2KB and replacing
+# unaligned references with complementary rotations [which would
+# incidentally replace lea instructions], but it would definitely
+# just "kill" EM64T, because it has only 1 shifter/rotator [against
+# 3 on Opteron] and which is *unacceptably* slow with 64-bit
+# operand.
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; my $dir=$1; my $xlate;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+open STDOUT,"| $^X $xlate $flavour $output";
+sub L() { $code.=".byte ".join(',',@_)."\n"; }
+sub LL(){ $code.=".byte ".join(',',@_).",".join(',',@_)."\n"; }
+@mm=("%r8","%r9","%r10","%r11","%r12","%r13","%r14","%r15");
+$func="whirlpool_block";
+$table=".Ltable";
+$code=<<___;
+.text
+.globl  $func
+.type   $func,\@function,3
+.align  16
+$func:
+        push    %rbx
+        push    %rbp
+        push    %r12
+        push    %r13
+        push    %r14
+        push    %r15
+        mov     %rsp,%r11
+        sub     \$128+40,%rsp
+        and     \$-64,%rsp
+        lea     128(%rsp),%r10
+        mov     %rdi,0(%r10)            # save parameter block
+        mov     %rsi,8(%r10)
+        mov     %rdx,16(%r10)
+        mov     %r11,32(%r10)           # saved stack pointer
+.Lprologue:
+        mov     %r10,%rbx
+        lea     $table(%rip),%rbp
+        xor     %rcx,%rcx
+        xor     %rdx,%rdx
+___
+for($i=0;$i<8;$i++) { $code.="mov $i*8(%rdi),@mm[$i]\n"; }      # L=H
+$code.=".Louterloop:\n";
+for($i=0;$i<8;$i++) { $code.="mov @mm[$i],$i*8(%rsp)\n"; }      # K=L
+for($i=0;$i<8;$i++) { $code.="xor $i*8(%rsi),@mm[$i]\n"; }      # L^=inp
+for($i=0;$i<8;$i++) { $code.="mov @mm[$i],64+$i*8(%rsp)\n"; }   # S=L
+$code.=<<___;
+        xor     %rsi,%rsi
+        mov     %rsi,24(%rbx)           # zero round counter
+.align  16
+.Lround:
+        mov     4096(%rbp,%rsi,8),@mm[0]        # rc[r]
+        mov     0(%rsp),%eax
+        mov     4(%rsp),%ebx
+___
+for($i=0;$i<8;$i++) {
+    my $func = ($i==0)? "mov" : "xor";
+    $code.=<<___;
+        mov     %al,%cl
+        mov     %ah,%dl
+        lea     (%rcx,%rcx),%rsi
+        lea     (%rdx,%rdx),%rdi
+        shr     \$16,%eax
+        xor     0(%rbp,%rsi,8),@mm[0]
+        $func   7(%rbp,%rdi,8),@mm[1]
+        mov     %al,%cl
+        mov     %ah,%dl
+        mov     $i*8+8(%rsp),%eax               # ($i+1)*8
+        lea     (%rcx,%rcx),%rsi
+        lea     (%rdx,%rdx),%rdi
+        $func   6(%rbp,%rsi,8),@mm[2]
+        $func   5(%rbp,%rdi,8),@mm[3]
+        mov     %bl,%cl
+        mov     %bh,%dl
+        lea     (%rcx,%rcx),%rsi
+        lea     (%rdx,%rdx),%rdi
+        shr     \$16,%ebx
+        $func   4(%rbp,%rsi,8),@mm[4]
+        $func   3(%rbp,%rdi,8),@mm[5]
+        mov     %bl,%cl
+        mov     %bh,%dl
+        mov     $i*8+8+4(%rsp),%ebx             # ($i+1)*8+4
+        lea     (%rcx,%rcx),%rsi
+        lea     (%rdx,%rdx),%rdi
+        $func   2(%rbp,%rsi,8),@mm[6]
+        $func   1(%rbp,%rdi,8),@mm[7]
+___
+    push(@mm,shift(@mm));
+}
+for($i=0;$i<8;$i++) { $code.="mov @mm[$i],$i*8(%rsp)\n"; }      # K=L
+for($i=0;$i<8;$i++) {
+    $code.=<<___;
+        mov     %al,%cl
+        mov     %ah,%dl
+        lea     (%rcx,%rcx),%rsi
+        lea     (%rdx,%rdx),%rdi
+        shr     \$16,%eax
+        xor     0(%rbp,%rsi,8),@mm[0]
+        xor     7(%rbp,%rdi,8),@mm[1]
+        mov     %al,%cl
+        mov     %ah,%dl
+        `"mov   64+$i*8+8(%rsp),%eax"   if($i<7);`      # 64+($i+1)*8
+        lea     (%rcx,%rcx),%rsi
+        lea     (%rdx,%rdx),%rdi
+        xor     6(%rbp,%rsi,8),@mm[2]
+        xor     5(%rbp,%rdi,8),@mm[3]
+        mov     %bl,%cl
+        mov     %bh,%dl
+        lea     (%rcx,%rcx),%rsi
+        lea     (%rdx,%rdx),%rdi
+        shr     \$16,%ebx
+        xor     4(%rbp,%rsi,8),@mm[4]
+        xor     3(%rbp,%rdi,8),@mm[5]
+        mov     %bl,%cl
+        mov     %bh,%dl
+        `"mov   64+$i*8+8+4(%rsp),%ebx" if($i<7);`      # 64+($i+1)*8+4
+        lea     (%rcx,%rcx),%rsi
+        lea     (%rdx,%rdx),%rdi
+        xor     2(%rbp,%rsi,8),@mm[6]
+        xor     1(%rbp,%rdi,8),@mm[7]
+___
+    push(@mm,shift(@mm));
+}
+$code.=<<___;
+        lea     128(%rsp),%rbx
+        mov     24(%rbx),%rsi           # pull round counter
+        add     \$1,%rsi
+        cmp     \$10,%rsi
+        je      .Lroundsdone
+        mov     %rsi,24(%rbx)           # update round counter
+___
+for($i=0;$i<8;$i++) { $code.="mov @mm[$i],64+$i*8(%rsp)\n"; }   # S=L
+$code.=<<___;
+        jmp     .Lround
+.align  16
+.Lroundsdone:
+        mov     0(%rbx),%rdi            # reload argument block
+        mov     8(%rbx),%rsi
+        mov     16(%rbx),%rax
+___
+for($i=0;$i<8;$i++) { $code.="xor $i*8(%rsi),@mm[$i]\n"; }      # L^=inp
+for($i=0;$i<8;$i++) { $code.="xor $i*8(%rdi),@mm[$i]\n"; }      # L^=H
+for($i=0;$i<8;$i++) { $code.="mov @mm[$i],$i*8(%rdi)\n"; }      # H=L
+$code.=<<___;
+        lea     64(%rsi),%rsi           # inp+=64
+        sub     \$1,%rax                # num--
+        jz      .Lalldone
+        mov     %rsi,8(%rbx)            # update parameter block
+        mov     %rax,16(%rbx)
+        jmp     .Louterloop
+.Lalldone:
+        mov     32(%rbx),%rsi           # restore saved pointer
+        mov     (%rsi),%r15
+        mov     8(%rsi),%r14
+        mov     16(%rsi),%r13
+        mov     24(%rsi),%r12
+        mov     32(%rsi),%rbp
+        mov     40(%rsi),%rbx
+        lea     48(%rsi),%rsp
+.Lepilogue:
+        ret
+.size   $func,.-$func
+.align  64
+.type   $table,\@object
+$table:
+___
+        &LL(0x18,0x18,0x60,0x18,0xc0,0x78,0x30,0xd8);
+        &LL(0x23,0x23,0x8c,0x23,0x05,0xaf,0x46,0x26);
+        &LL(0xc6,0xc6,0x3f,0xc6,0x7e,0xf9,0x91,0xb8);
+        &LL(0xe8,0xe8,0x87,0xe8,0x13,0x6f,0xcd,0xfb);
+        &LL(0x87,0x87,0x26,0x87,0x4c,0xa1,0x13,0xcb);
+        &LL(0xb8,0xb8,0xda,0xb8,0xa9,0x62,0x6d,0x11);
+        &LL(0x01,0x01,0x04,0x01,0x08,0x05,0x02,0x09);
+        &LL(0x4f,0x4f,0x21,0x4f,0x42,0x6e,0x9e,0x0d);
+        &LL(0x36,0x36,0xd8,0x36,0xad,0xee,0x6c,0x9b);
+        &LL(0xa6,0xa6,0xa2,0xa6,0x59,0x04,0x51,0xff);
+        &LL(0xd2,0xd2,0x6f,0xd2,0xde,0xbd,0xb9,0x0c);
+        &LL(0xf5,0xf5,0xf3,0xf5,0xfb,0x06,0xf7,0x0e);
+        &LL(0x79,0x79,0xf9,0x79,0xef,0x80,0xf2,0x96);
+        &LL(0x6f,0x6f,0xa1,0x6f,0x5f,0xce,0xde,0x30);
+        &LL(0x91,0x91,0x7e,0x91,0xfc,0xef,0x3f,0x6d);
+        &LL(0x52,0x52,0x55,0x52,0xaa,0x07,0xa4,0xf8);
+        &LL(0x60,0x60,0x9d,0x60,0x27,0xfd,0xc0,0x47);
+        &LL(0xbc,0xbc,0xca,0xbc,0x89,0x76,0x65,0x35);
+        &LL(0x9b,0x9b,0x56,0x9b,0xac,0xcd,0x2b,0x37);
+        &LL(0x8e,0x8e,0x02,0x8e,0x04,0x8c,0x01,0x8a);
+        &LL(0xa3,0xa3,0xb6,0xa3,0x71,0x15,0x5b,0xd2);
+        &LL(0x0c,0x0c,0x30,0x0c,0x60,0x3c,0x18,0x6c);
+        &LL(0x7b,0x7b,0xf1,0x7b,0xff,0x8a,0xf6,0x84);
+        &LL(0x35,0x35,0xd4,0x35,0xb5,0xe1,0x6a,0x80);
+        &LL(0x1d,0x1d,0x74,0x1d,0xe8,0x69,0x3a,0xf5);
+        &LL(0xe0,0xe0,0xa7,0xe0,0x53,0x47,0xdd,0xb3);
+        &LL(0xd7,0xd7,0x7b,0xd7,0xf6,0xac,0xb3,0x21);
+        &LL(0xc2,0xc2,0x2f,0xc2,0x5e,0xed,0x99,0x9c);
+        &LL(0x2e,0x2e,0xb8,0x2e,0x6d,0x96,0x5c,0x43);
+        &LL(0x4b,0x4b,0x31,0x4b,0x62,0x7a,0x96,0x29);
+        &LL(0xfe,0xfe,0xdf,0xfe,0xa3,0x21,0xe1,0x5d);
+        &LL(0x57,0x57,0x41,0x57,0x82,0x16,0xae,0xd5);
+        &LL(0x15,0x15,0x54,0x15,0xa8,0x41,0x2a,0xbd);
+        &LL(0x77,0x77,0xc1,0x77,0x9f,0xb6,0xee,0xe8);
+        &LL(0x37,0x37,0xdc,0x37,0xa5,0xeb,0x6e,0x92);
+        &LL(0xe5,0xe5,0xb3,0xe5,0x7b,0x56,0xd7,0x9e);
+        &LL(0x9f,0x9f,0x46,0x9f,0x8c,0xd9,0x23,0x13);
+        &LL(0xf0,0xf0,0xe7,0xf0,0xd3,0x17,0xfd,0x23);
+        &LL(0x4a,0x4a,0x35,0x4a,0x6a,0x7f,0x94,0x20);
+        &LL(0xda,0xda,0x4f,0xda,0x9e,0x95,0xa9,0x44);
+        &LL(0x58,0x58,0x7d,0x58,0xfa,0x25,0xb0,0xa2);
+        &LL(0xc9,0xc9,0x03,0xc9,0x06,0xca,0x8f,0xcf);
+        &LL(0x29,0x29,0xa4,0x29,0x55,0x8d,0x52,0x7c);
+        &LL(0x0a,0x0a,0x28,0x0a,0x50,0x22,0x14,0x5a);
+        &LL(0xb1,0xb1,0xfe,0xb1,0xe1,0x4f,0x7f,0x50);
+        &LL(0xa0,0xa0,0xba,0xa0,0x69,0x1a,0x5d,0xc9);
+        &LL(0x6b,0x6b,0xb1,0x6b,0x7f,0xda,0xd6,0x14);
+        &LL(0x85,0x85,0x2e,0x85,0x5c,0xab,0x17,0xd9);
+        &LL(0xbd,0xbd,0xce,0xbd,0x81,0x73,0x67,0x3c);
+        &LL(0x5d,0x5d,0x69,0x5d,0xd2,0x34,0xba,0x8f);
+        &LL(0x10,0x10,0x40,0x10,0x80,0x50,0x20,0x90);
+        &LL(0xf4,0xf4,0xf7,0xf4,0xf3,0x03,0xf5,0x07);
+        &LL(0xcb,0xcb,0x0b,0xcb,0x16,0xc0,0x8b,0xdd);
+        &LL(0x3e,0x3e,0xf8,0x3e,0xed,0xc6,0x7c,0xd3);
+        &LL(0x05,0x05,0x14,0x05,0x28,0x11,0x0a,0x2d);
+        &LL(0x67,0x67,0x81,0x67,0x1f,0xe6,0xce,0x78);
+        &LL(0xe4,0xe4,0xb7,0xe4,0x73,0x53,0xd5,0x97);
+        &LL(0x27,0x27,0x9c,0x27,0x25,0xbb,0x4e,0x02);
+        &LL(0x41,0x41,0x19,0x41,0x32,0x58,0x82,0x73);
+        &LL(0x8b,0x8b,0x16,0x8b,0x2c,0x9d,0x0b,0xa7);
+        &LL(0xa7,0xa7,0xa6,0xa7,0x51,0x01,0x53,0xf6);
+        &LL(0x7d,0x7d,0xe9,0x7d,0xcf,0x94,0xfa,0xb2);
+        &LL(0x95,0x95,0x6e,0x95,0xdc,0xfb,0x37,0x49);
+        &LL(0xd8,0xd8,0x47,0xd8,0x8e,0x9f,0xad,0x56);
+        &LL(0xfb,0xfb,0xcb,0xfb,0x8b,0x30,0xeb,0x70);
+        &LL(0xee,0xee,0x9f,0xee,0x23,0x71,0xc1,0xcd);
+        &LL(0x7c,0x7c,0xed,0x7c,0xc7,0x91,0xf8,0xbb);
+        &LL(0x66,0x66,0x85,0x66,0x17,0xe3,0xcc,0x71);
+        &LL(0xdd,0xdd,0x53,0xdd,0xa6,0x8e,0xa7,0x7b);
+        &LL(0x17,0x17,0x5c,0x17,0xb8,0x4b,0x2e,0xaf);
+        &LL(0x47,0x47,0x01,0x47,0x02,0x46,0x8e,0x45);
+        &LL(0x9e,0x9e,0x42,0x9e,0x84,0xdc,0x21,0x1a);
+        &LL(0xca,0xca,0x0f,0xca,0x1e,0xc5,0x89,0xd4);
+        &LL(0x2d,0x2d,0xb4,0x2d,0x75,0x99,0x5a,0x58);
+        &LL(0xbf,0xbf,0xc6,0xbf,0x91,0x79,0x63,0x2e);
+        &LL(0x07,0x07,0x1c,0x07,0x38,0x1b,0x0e,0x3f);
+        &LL(0xad,0xad,0x8e,0xad,0x01,0x23,0x47,0xac);
+        &LL(0x5a,0x5a,0x75,0x5a,0xea,0x2f,0xb4,0xb0);
+        &LL(0x83,0x83,0x36,0x83,0x6c,0xb5,0x1b,0xef);
+        &LL(0x33,0x33,0xcc,0x33,0x85,0xff,0x66,0xb6);
+        &LL(0x63,0x63,0x91,0x63,0x3f,0xf2,0xc6,0x5c);
+        &LL(0x02,0x02,0x08,0x02,0x10,0x0a,0x04,0x12);
+        &LL(0xaa,0xaa,0x92,0xaa,0x39,0x38,0x49,0x93);
+        &LL(0x71,0x71,0xd9,0x71,0xaf,0xa8,0xe2,0xde);
+        &LL(0xc8,0xc8,0x07,0xc8,0x0e,0xcf,0x8d,0xc6);
+        &LL(0x19,0x19,0x64,0x19,0xc8,0x7d,0x32,0xd1);
+        &LL(0x49,0x49,0x39,0x49,0x72,0x70,0x92,0x3b);
+        &LL(0xd9,0xd9,0x43,0xd9,0x86,0x9a,0xaf,0x5f);
+        &LL(0xf2,0xf2,0xef,0xf2,0xc3,0x1d,0xf9,0x31);
+        &LL(0xe3,0xe3,0xab,0xe3,0x4b,0x48,0xdb,0xa8);
+        &LL(0x5b,0x5b,0x71,0x5b,0xe2,0x2a,0xb6,0xb9);
+        &LL(0x88,0x88,0x1a,0x88,0x34,0x92,0x0d,0xbc);
+        &LL(0x9a,0x9a,0x52,0x9a,0xa4,0xc8,0x29,0x3e);
+        &LL(0x26,0x26,0x98,0x26,0x2d,0xbe,0x4c,0x0b);
+        &LL(0x32,0x32,0xc8,0x32,0x8d,0xfa,0x64,0xbf);
+        &LL(0xb0,0xb0,0xfa,0xb0,0xe9,0x4a,0x7d,0x59);
+        &LL(0xe9,0xe9,0x83,0xe9,0x1b,0x6a,0xcf,0xf2);
+        &LL(0x0f,0x0f,0x3c,0x0f,0x78,0x33,0x1e,0x77);
+        &LL(0xd5,0xd5,0x73,0xd5,0xe6,0xa6,0xb7,0x33);
+        &LL(0x80,0x80,0x3a,0x80,0x74,0xba,0x1d,0xf4);
+        &LL(0xbe,0xbe,0xc2,0xbe,0x99,0x7c,0x61,0x27);
+        &LL(0xcd,0xcd,0x13,0xcd,0x26,0xde,0x87,0xeb);
+        &LL(0x34,0x34,0xd0,0x34,0xbd,0xe4,0x68,0x89);
+        &LL(0x48,0x48,0x3d,0x48,0x7a,0x75,0x90,0x32);
+        &LL(0xff,0xff,0xdb,0xff,0xab,0x24,0xe3,0x54);
+        &LL(0x7a,0x7a,0xf5,0x7a,0xf7,0x8f,0xf4,0x8d);
+        &LL(0x90,0x90,0x7a,0x90,0xf4,0xea,0x3d,0x64);
+        &LL(0x5f,0x5f,0x61,0x5f,0xc2,0x3e,0xbe,0x9d);
+        &LL(0x20,0x20,0x80,0x20,0x1d,0xa0,0x40,0x3d);
+        &LL(0x68,0x68,0xbd,0x68,0x67,0xd5,0xd0,0x0f);
+        &LL(0x1a,0x1a,0x68,0x1a,0xd0,0x72,0x34,0xca);
+        &LL(0xae,0xae,0x82,0xae,0x19,0x2c,0x41,0xb7);
+        &LL(0xb4,0xb4,0xea,0xb4,0xc9,0x5e,0x75,0x7d);
+        &LL(0x54,0x54,0x4d,0x54,0x9a,0x19,0xa8,0xce);
+        &LL(0x93,0x93,0x76,0x93,0xec,0xe5,0x3b,0x7f);
+        &LL(0x22,0x22,0x88,0x22,0x0d,0xaa,0x44,0x2f);
+        &LL(0x64,0x64,0x8d,0x64,0x07,0xe9,0xc8,0x63);
+        &LL(0xf1,0xf1,0xe3,0xf1,0xdb,0x12,0xff,0x2a);
+        &LL(0x73,0x73,0xd1,0x73,0xbf,0xa2,0xe6,0xcc);
+        &LL(0x12,0x12,0x48,0x12,0x90,0x5a,0x24,0x82);
+        &LL(0x40,0x40,0x1d,0x40,0x3a,0x5d,0x80,0x7a);
+        &LL(0x08,0x08,0x20,0x08,0x40,0x28,0x10,0x48);
+        &LL(0xc3,0xc3,0x2b,0xc3,0x56,0xe8,0x9b,0x95);
+        &LL(0xec,0xec,0x97,0xec,0x33,0x7b,0xc5,0xdf);
+        &LL(0xdb,0xdb,0x4b,0xdb,0x96,0x90,0xab,0x4d);
+        &LL(0xa1,0xa1,0xbe,0xa1,0x61,0x1f,0x5f,0xc0);
+        &LL(0x8d,0x8d,0x0e,0x8d,0x1c,0x83,0x07,0x91);
+        &LL(0x3d,0x3d,0xf4,0x3d,0xf5,0xc9,0x7a,0xc8);
+        &LL(0x97,0x97,0x66,0x97,0xcc,0xf1,0x33,0x5b);
+        &LL(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00);
+        &LL(0xcf,0xcf,0x1b,0xcf,0x36,0xd4,0x83,0xf9);
+        &LL(0x2b,0x2b,0xac,0x2b,0x45,0x87,0x56,0x6e);
+        &LL(0x76,0x76,0xc5,0x76,0x97,0xb3,0xec,0xe1);
+        &LL(0x82,0x82,0x32,0x82,0x64,0xb0,0x19,0xe6);
+        &LL(0xd6,0xd6,0x7f,0xd6,0xfe,0xa9,0xb1,0x28);
+        &LL(0x1b,0x1b,0x6c,0x1b,0xd8,0x77,0x36,0xc3);
+        &LL(0xb5,0xb5,0xee,0xb5,0xc1,0x5b,0x77,0x74);
+        &LL(0xaf,0xaf,0x86,0xaf,0x11,0x29,0x43,0xbe);
+        &LL(0x6a,0x6a,0xb5,0x6a,0x77,0xdf,0xd4,0x1d);
+        &LL(0x50,0x50,0x5d,0x50,0xba,0x0d,0xa0,0xea);
+        &LL(0x45,0x45,0x09,0x45,0x12,0x4c,0x8a,0x57);
+        &LL(0xf3,0xf3,0xeb,0xf3,0xcb,0x18,0xfb,0x38);
+        &LL(0x30,0x30,0xc0,0x30,0x9d,0xf0,0x60,0xad);
+        &LL(0xef,0xef,0x9b,0xef,0x2b,0x74,0xc3,0xc4);
+        &LL(0x3f,0x3f,0xfc,0x3f,0xe5,0xc3,0x7e,0xda);
+        &LL(0x55,0x55,0x49,0x55,0x92,0x1c,0xaa,0xc7);
+        &LL(0xa2,0xa2,0xb2,0xa2,0x79,0x10,0x59,0xdb);
+        &LL(0xea,0xea,0x8f,0xea,0x03,0x65,0xc9,0xe9);
+        &LL(0x65,0x65,0x89,0x65,0x0f,0xec,0xca,0x6a);
+        &LL(0xba,0xba,0xd2,0xba,0xb9,0x68,0x69,0x03);
+        &LL(0x2f,0x2f,0xbc,0x2f,0x65,0x93,0x5e,0x4a);
+        &LL(0xc0,0xc0,0x27,0xc0,0x4e,0xe7,0x9d,0x8e);
+        &LL(0xde,0xde,0x5f,0xde,0xbe,0x81,0xa1,0x60);
+        &LL(0x1c,0x1c,0x70,0x1c,0xe0,0x6c,0x38,0xfc);
+        &LL(0xfd,0xfd,0xd3,0xfd,0xbb,0x2e,0xe7,0x46);
+        &LL(0x4d,0x4d,0x29,0x4d,0x52,0x64,0x9a,0x1f);
+        &LL(0x92,0x92,0x72,0x92,0xe4,0xe0,0x39,0x76);
+        &LL(0x75,0x75,0xc9,0x75,0x8f,0xbc,0xea,0xfa);
+        &LL(0x06,0x06,0x18,0x06,0x30,0x1e,0x0c,0x36);
+        &LL(0x8a,0x8a,0x12,0x8a,0x24,0x98,0x09,0xae);
+        &LL(0xb2,0xb2,0xf2,0xb2,0xf9,0x40,0x79,0x4b);
+        &LL(0xe6,0xe6,0xbf,0xe6,0x63,0x59,0xd1,0x85);
+        &LL(0x0e,0x0e,0x38,0x0e,0x70,0x36,0x1c,0x7e);
+        &LL(0x1f,0x1f,0x7c,0x1f,0xf8,0x63,0x3e,0xe7);
+        &LL(0x62,0x62,0x95,0x62,0x37,0xf7,0xc4,0x55);
+        &LL(0xd4,0xd4,0x77,0xd4,0xee,0xa3,0xb5,0x3a);
+        &LL(0xa8,0xa8,0x9a,0xa8,0x29,0x32,0x4d,0x81);
+        &LL(0x96,0x96,0x62,0x96,0xc4,0xf4,0x31,0x52);
+        &LL(0xf9,0xf9,0xc3,0xf9,0x9b,0x3a,0xef,0x62);
+        &LL(0xc5,0xc5,0x33,0xc5,0x66,0xf6,0x97,0xa3);
+        &LL(0x25,0x25,0x94,0x25,0x35,0xb1,0x4a,0x10);
+        &LL(0x59,0x59,0x79,0x59,0xf2,0x20,0xb2,0xab);
+        &LL(0x84,0x84,0x2a,0x84,0x54,0xae,0x15,0xd0);
+        &LL(0x72,0x72,0xd5,0x72,0xb7,0xa7,0xe4,0xc5);
+        &LL(0x39,0x39,0xe4,0x39,0xd5,0xdd,0x72,0xec);
+        &LL(0x4c,0x4c,0x2d,0x4c,0x5a,0x61,0x98,0x16);
+        &LL(0x5e,0x5e,0x65,0x5e,0xca,0x3b,0xbc,0x94);
+        &LL(0x78,0x78,0xfd,0x78,0xe7,0x85,0xf0,0x9f);
+        &LL(0x38,0x38,0xe0,0x38,0xdd,0xd8,0x70,0xe5);
+        &LL(0x8c,0x8c,0x0a,0x8c,0x14,0x86,0x05,0x98);
+        &LL(0xd1,0xd1,0x63,0xd1,0xc6,0xb2,0xbf,0x17);
+        &LL(0xa5,0xa5,0xae,0xa5,0x41,0x0b,0x57,0xe4);
+        &LL(0xe2,0xe2,0xaf,0xe2,0x43,0x4d,0xd9,0xa1);
+        &LL(0x61,0x61,0x99,0x61,0x2f,0xf8,0xc2,0x4e);
+        &LL(0xb3,0xb3,0xf6,0xb3,0xf1,0x45,0x7b,0x42);
+        &LL(0x21,0x21,0x84,0x21,0x15,0xa5,0x42,0x34);
+        &LL(0x9c,0x9c,0x4a,0x9c,0x94,0xd6,0x25,0x08);
+        &LL(0x1e,0x1e,0x78,0x1e,0xf0,0x66,0x3c,0xee);
+        &LL(0x43,0x43,0x11,0x43,0x22,0x52,0x86,0x61);
+        &LL(0xc7,0xc7,0x3b,0xc7,0x76,0xfc,0x93,0xb1);
+        &LL(0xfc,0xfc,0xd7,0xfc,0xb3,0x2b,0xe5,0x4f);
+        &LL(0x04,0x04,0x10,0x04,0x20,0x14,0x08,0x24);
+        &LL(0x51,0x51,0x59,0x51,0xb2,0x08,0xa2,0xe3);
+        &LL(0x99,0x99,0x5e,0x99,0xbc,0xc7,0x2f,0x25);
+        &LL(0x6d,0x6d,0xa9,0x6d,0x4f,0xc4,0xda,0x22);
+        &LL(0x0d,0x0d,0x34,0x0d,0x68,0x39,0x1a,0x65);
+        &LL(0xfa,0xfa,0xcf,0xfa,0x83,0x35,0xe9,0x79);
+        &LL(0xdf,0xdf,0x5b,0xdf,0xb6,0x84,0xa3,0x69);
+        &LL(0x7e,0x7e,0xe5,0x7e,0xd7,0x9b,0xfc,0xa9);
+        &LL(0x24,0x24,0x90,0x24,0x3d,0xb4,0x48,0x19);
+        &LL(0x3b,0x3b,0xec,0x3b,0xc5,0xd7,0x76,0xfe);
+        &LL(0xab,0xab,0x96,0xab,0x31,0x3d,0x4b,0x9a);
+        &LL(0xce,0xce,0x1f,0xce,0x3e,0xd1,0x81,0xf0);
+        &LL(0x11,0x11,0x44,0x11,0x88,0x55,0x22,0x99);
+        &LL(0x8f,0x8f,0x06,0x8f,0x0c,0x89,0x03,0x83);
+        &LL(0x4e,0x4e,0x25,0x4e,0x4a,0x6b,0x9c,0x04);
+        &LL(0xb7,0xb7,0xe6,0xb7,0xd1,0x51,0x73,0x66);
+        &LL(0xeb,0xeb,0x8b,0xeb,0x0b,0x60,0xcb,0xe0);
+        &LL(0x3c,0x3c,0xf0,0x3c,0xfd,0xcc,0x78,0xc1);
+        &LL(0x81,0x81,0x3e,0x81,0x7c,0xbf,0x1f,0xfd);
+        &LL(0x94,0x94,0x6a,0x94,0xd4,0xfe,0x35,0x40);
+        &LL(0xf7,0xf7,0xfb,0xf7,0xeb,0x0c,0xf3,0x1c);
+        &LL(0xb9,0xb9,0xde,0xb9,0xa1,0x67,0x6f,0x18);
+        &LL(0x13,0x13,0x4c,0x13,0x98,0x5f,0x26,0x8b);
+        &LL(0x2c,0x2c,0xb0,0x2c,0x7d,0x9c,0x58,0x51);
+        &LL(0xd3,0xd3,0x6b,0xd3,0xd6,0xb8,0xbb,0x05);
+        &LL(0xe7,0xe7,0xbb,0xe7,0x6b,0x5c,0xd3,0x8c);
+        &LL(0x6e,0x6e,0xa5,0x6e,0x57,0xcb,0xdc,0x39);
+        &LL(0xc4,0xc4,0x37,0xc4,0x6e,0xf3,0x95,0xaa);
+        &LL(0x03,0x03,0x0c,0x03,0x18,0x0f,0x06,0x1b);
+        &LL(0x56,0x56,0x45,0x56,0x8a,0x13,0xac,0xdc);
+        &LL(0x44,0x44,0x0d,0x44,0x1a,0x49,0x88,0x5e);
+        &LL(0x7f,0x7f,0xe1,0x7f,0xdf,0x9e,0xfe,0xa0);
+        &LL(0xa9,0xa9,0x9e,0xa9,0x21,0x37,0x4f,0x88);
+        &LL(0x2a,0x2a,0xa8,0x2a,0x4d,0x82,0x54,0x67);
+        &LL(0xbb,0xbb,0xd6,0xbb,0xb1,0x6d,0x6b,0x0a);
+        &LL(0xc1,0xc1,0x23,0xc1,0x46,0xe2,0x9f,0x87);
+        &LL(0x53,0x53,0x51,0x53,0xa2,0x02,0xa6,0xf1);
+        &LL(0xdc,0xdc,0x57,0xdc,0xae,0x8b,0xa5,0x72);
+        &LL(0x0b,0x0b,0x2c,0x0b,0x58,0x27,0x16,0x53);
+        &LL(0x9d,0x9d,0x4e,0x9d,0x9c,0xd3,0x27,0x01);
+        &LL(0x6c,0x6c,0xad,0x6c,0x47,0xc1,0xd8,0x2b);
+        &LL(0x31,0x31,0xc4,0x31,0x95,0xf5,0x62,0xa4);
+        &LL(0x74,0x74,0xcd,0x74,0x87,0xb9,0xe8,0xf3);
+        &LL(0xf6,0xf6,0xff,0xf6,0xe3,0x09,0xf1,0x15);
+        &LL(0x46,0x46,0x05,0x46,0x0a,0x43,0x8c,0x4c);
+        &LL(0xac,0xac,0x8a,0xac,0x09,0x26,0x45,0xa5);
+        &LL(0x89,0x89,0x1e,0x89,0x3c,0x97,0x0f,0xb5);
+        &LL(0x14,0x14,0x50,0x14,0xa0,0x44,0x28,0xb4);
+        &LL(0xe1,0xe1,0xa3,0xe1,0x5b,0x42,0xdf,0xba);
+        &LL(0x16,0x16,0x58,0x16,0xb0,0x4e,0x2c,0xa6);
+        &LL(0x3a,0x3a,0xe8,0x3a,0xcd,0xd2,0x74,0xf7);
+        &LL(0x69,0x69,0xb9,0x69,0x6f,0xd0,0xd2,0x06);
+        &LL(0x09,0x09,0x24,0x09,0x48,0x2d,0x12,0x41);
+        &LL(0x70,0x70,0xdd,0x70,0xa7,0xad,0xe0,0xd7);
+        &LL(0xb6,0xb6,0xe2,0xb6,0xd9,0x54,0x71,0x6f);
+        &LL(0xd0,0xd0,0x67,0xd0,0xce,0xb7,0xbd,0x1e);
+        &LL(0xed,0xed,0x93,0xed,0x3b,0x7e,0xc7,0xd6);
+        &LL(0xcc,0xcc,0x17,0xcc,0x2e,0xdb,0x85,0xe2);
+        &LL(0x42,0x42,0x15,0x42,0x2a,0x57,0x84,0x68);
+        &LL(0x98,0x98,0x5a,0x98,0xb4,0xc2,0x2d,0x2c);
+        &LL(0xa4,0xa4,0xaa,0xa4,0x49,0x0e,0x55,0xed);
+        &LL(0x28,0x28,0xa0,0x28,0x5d,0x88,0x50,0x75);
+        &LL(0x5c,0x5c,0x6d,0x5c,0xda,0x31,0xb8,0x86);
+        &LL(0xf8,0xf8,0xc7,0xf8,0x93,0x3f,0xed,0x6b);
+        &LL(0x86,0x86,0x22,0x86,0x44,0xa4,0x11,0xc2);
+        &L(0x18,0x23,0xc6,0xe8,0x87,0xb8,0x01,0x4f);    # rc[ROUNDS]
+        &L(0x36,0xa6,0xd2,0xf5,0x79,0x6f,0x91,0x52);
+        &L(0x60,0xbc,0x9b,0x8e,0xa3,0x0c,0x7b,0x35);
+        &L(0x1d,0xe0,0xd7,0xc2,0x2e,0x4b,0xfe,0x57);
+        &L(0x15,0x77,0x37,0xe5,0x9f,0xf0,0x4a,0xda);
+        &L(0x58,0xc9,0x29,0x0a,0xb1,0xa0,0x6b,0x85);
+        &L(0xbd,0x5d,0x10,0xf4,0xcb,0x3e,0x05,0x67);
+        &L(0xe4,0x27,0x41,0x8b,0xa7,0x7d,0x95,0xd8);
+        &L(0xfb,0xee,0x7c,0x66,0xdd,0x17,0x47,0x9e);
+        &L(0xca,0x2d,0xbf,0x07,0xad,0x5a,0x83,0x33);
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#               CONTEXT *context,DISPATCHER_CONTEXT *disp)
+if ($win64) {
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+$code.=<<___;
+.extern __imp_RtlVirtualUnwind
+.type   se_handler,\@abi-omnipotent
+.align  16
+se_handler:
+        push    %rsi
+        push    %rdi
+        push    %rbx
+        push    %rbp
+        push    %r12
+        push    %r13
+        push    %r14
+        push    %r15
+        pushfq
+        sub     \$64,%rsp
+        mov     120($context),%rax      # pull context->Rax
+        mov     248($context),%rbx      # pull context->Rip
+        lea     .Lprologue(%rip),%r10
+        cmp     %r10,%rbx               # context->Rip<.Lprologue
+        jb      .Lin_prologue
+        mov     152($context),%rax      # pull context->Rsp
+        lea     .Lepilogue(%rip),%r10
+        cmp     %r10,%rbx               # context->Rip>=.Lepilogue
+        jae     .Lin_prologue
+        mov     128+32(%rax),%rax       # pull saved stack pointer
+        lea     48(%rax),%rax
+        mov     -8(%rax),%rbx
+        mov     -16(%rax),%rbp
+        mov     -24(%rax),%r12
+        mov     -32(%rax),%r13
+        mov     -40(%rax),%r14
+        mov     -48(%rax),%r15
+        mov     %rbx,144($context)      # restore context->Rbx
+        mov     %rbp,160($context)      # restore context->Rbp
+        mov     %r12,216($context)      # restore context->R12
+        mov     %r13,224($context)      # restore context->R13
+        mov     %r14,232($context)      # restore context->R14
+        mov     %r15,240($context)      # restore context->R15
+.Lin_prologue:
+        mov     8(%rax),%rdi
+        mov     16(%rax),%rsi
+        mov     %rax,152($context)      # restore context->Rsp
+        mov     %rsi,168($context)      # restore context->Rsi
+        mov     %rdi,176($context)      # restore context->Rdi
+        mov     40($disp),%rdi          # disp->ContextRecord
+        mov     $context,%rsi           # context
+        mov     \$154,%ecx              # sizeof(CONTEXT)
+        .long   0xa548f3fc              # cld; rep movsq
+        mov     $disp,%rsi
+        xor     %rcx,%rcx               # arg1, UNW_FLAG_NHANDLER
+        mov     8(%rsi),%rdx            # arg2, disp->ImageBase
+        mov     0(%rsi),%r8             # arg3, disp->ControlPc
+        mov     16(%rsi),%r9            # arg4, disp->FunctionEntry
+        mov     40(%rsi),%r10           # disp->ContextRecord
+        lea     56(%rsi),%r11           # &disp->HandlerData
+        lea     24(%rsi),%r12           # &disp->EstablisherFrame
+        mov     %r10,32(%rsp)           # arg5
+        mov     %r11,40(%rsp)           # arg6
+        mov     %r12,48(%rsp)           # arg7
+        mov     %rcx,56(%rsp)           # arg8, (NULL)
+        call    *__imp_RtlVirtualUnwind(%rip)
+        mov     \$1,%eax                # ExceptionContinueSearch
+        add     \$64,%rsp
+        popfq
+        pop     %r15
+        pop     %r14
+        pop     %r13
+        pop     %r12
+        pop     %rbp
+        pop     %rbx
+        pop     %rdi
+        pop     %rsi
+        ret
+.size   se_handler,.-se_handler
+.section        .pdata
+.align  4
+        .rva    .LSEH_begin_$func
+        .rva    .LSEH_end_$func
+        .rva    .LSEH_info_$func
+.section        .xdata
+.align  8
+.LSEH_info_$func:
+        .byte   9,0,0,0
+        .rva    se_handler
+___
+}
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+print $code;
+close STDOUT;
diff --git a/src/lib/libcrypto/whrlpool/whrlpool.h b/src/lib/libcrypto/whrlpool/whrlpool.h
new file mode 100644
index 0000000000..03c91da115
--- /dev/null
+++ b/src/lib/libcrypto/whrlpool/whrlpool.h
@@ -0,0 +1,38 @@
+#ifndef HEADER_WHRLPOOL_H
+#define HEADER_WHRLPOOL_H
+#include <openssl/e_os2.h>
+#include <stddef.h>
+#ifdef __cplusplus
+extern "C" {
+#endif
+#define WHIRLPOOL_DIGEST_LENGTH (512/8)
+#define WHIRLPOOL_BBLOCK        512
+#define WHIRLPOOL_COUNTER       (256/8)
+typedef struct  {
+        union   {
+                unsigned char   c[WHIRLPOOL_DIGEST_LENGTH];
+                /* double q is here to ensure 64-bit alignment */
+                double          q[WHIRLPOOL_DIGEST_LENGTH/sizeof(double)];
+                }       H;
+        unsigned char   data[WHIRLPOOL_BBLOCK/8];
+        unsigned int    bitoff;
+        size_t          bitlen[WHIRLPOOL_COUNTER/sizeof(size_t)];
+        } WHIRLPOOL_CTX;
+#ifndef OPENSSL_NO_WHIRLPOOL
+int WHIRLPOOL_Init      (WHIRLPOOL_CTX *c);
+int WHIRLPOOL_Update    (WHIRLPOOL_CTX *c,const void *inp,size_t bytes);
+void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c,const void *inp,size_t bits);
+int WHIRLPOOL_Final     (unsigned char *md,WHIRLPOOL_CTX *c);
+unsigned char *WHIRLPOOL(const void *inp,size_t bytes,unsigned char *md);
+#endif
+#ifdef __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libcrypto/whrlpool/wp_block.c b/src/lib/libcrypto/whrlpool/wp_block.c
new file mode 100644
index 0000000000..221f6cc59f
--- /dev/null
+++ b/src/lib/libcrypto/whrlpool/wp_block.c
@@ -0,0 +1,655 @@
+/**
+ * The Whirlpool hashing function.
+ *
+ * <P>
+ * <b>References</b>
+ *
+ * <P>
+ * The Whirlpool algorithm was developed by
+ * <a href="mailto:pbarreto@scopus.com.br">Paulo S. L. M. Barreto</a> and
+ * <a href="mailto:vincent.rijmen@cryptomathic.com">Vincent Rijmen</a>.
+ *
+ * See
+ *      P.S.L.M. Barreto, V. Rijmen,
+ *      ``The Whirlpool hashing function,''
+ *      NESSIE submission, 2000 (tweaked version, 2001),
+ *      <https://www.cosic.esat.kuleuven.ac.be/nessie/workshop/submissions/whirlpool.zip>
+ *
+ * Based on "@version 3.0 (2003.03.12)" by Paulo S.L.M. Barreto and
+ * Vincent Rijmen. Lookup "reference implementations" on
+ * <http://planeta.terra.com.br/informatica/paulobarreto/>
+ *
+ * =============================================================================
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
+ * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+ * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+ * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+#include "wp_locl.h"
+#include <string.h>
+typedef unsigned char           u8;
+#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32)
+typedef unsigned __int64        u64;
+#elif defined(__arch64__)
+typedef unsigned long           u64;
+#else
+typedef unsigned long long      u64;
+#endif
+#define ROUNDS  10
+#define STRICT_ALIGNMENT
+#if defined(__i386) || defined(__i386__) || \
+    defined(__x86_64) || defined(__x86_64__) || \
+    defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64)
+/* Well, formally there're couple of other architectures, which permit
+ * unaligned loads, specifically those not crossing cache lines, IA-64
+ * and PowerPC... */
+#  undef STRICT_ALIGNMENT
+#endif
+#undef SMALL_REGISTER_BANK
+#if defined(__i386) || defined(__i386__) || defined(_M_IX86)
+#  define SMALL_REGISTER_BANK
+#  if defined(WHIRLPOOL_ASM)
+#    ifndef OPENSSL_SMALL_FOOTPRINT
+#      define OPENSSL_SMALL_FOOTPRINT   /* it appears that for elder non-MMX
+                                           CPUs this is actually faster! */
+#    endif
+#    define GO_FOR_MMX(ctx,inp,num)     do {                    \
+        extern unsigned long OPENSSL_ia32cap_P;                 \
+        void whirlpool_block_mmx(void *,const void *,size_t);   \
+        if (!(OPENSSL_ia32cap_P & (1<<23)))     break;          \
+        whirlpool_block_mmx(ctx->H.c,inp,num);  return;         \
+                                        } while (0)
+#  endif
+#endif
+#undef ROTATE
+#if defined(_MSC_VER)
+#  if defined(_WIN64)   /* applies to both IA-64 and AMD64 */
+#    pragma intrinsic(_rotl64)
+#    define ROTATE(a,n) _rotl64((a),n)
+#  endif
+#elif defined(__GNUC__) && __GNUC__>=2
+#  if defined(__x86_64) || defined(__x86_64__)
+#    if defined(L_ENDIAN)
+#      define ROTATE(a,n)       ({ u64 ret; asm ("rolq %1,%0"   \
+                                   : "=r"(ret) : "J"(n),"0"(a) : "cc"); ret; })
+#    elif defined(B_ENDIAN)
+       /* Most will argue that x86_64 is always little-endian. Well,
+        * yes, but then we have stratus.com who has modified gcc to
+        * "emulate" big-endian on x86. Is there evidence that they
+        * [or somebody else] won't do same for x86_64? Naturally no.
+        * And this line is waiting ready for that brave soul:-) */
+#      define ROTATE(a,n)       ({ u64 ret; asm ("rorq %1,%0"   \
+                                   : "=r"(ret) : "J"(n),"0"(a) : "cc"); ret; })
+#    endif
+#  elif defined(__ia64) || defined(__ia64__)
+#    if defined(L_ENDIAN)
+#      define ROTATE(a,n)       ({ u64 ret; asm ("shrp %0=%1,%1,%2"     \
+                                   : "=r"(ret) : "r"(a),"M"(64-(n))); ret; })
+#    elif defined(B_ENDIAN)
+#      define ROTATE(a,n)       ({ u64 ret; asm ("shrp %0=%1,%1,%2"     \
+                                   : "=r"(ret) : "r"(a),"M"(n)); ret; })
+#    endif
+#  endif
+#endif
+#if defined(OPENSSL_SMALL_FOOTPRINT)
+#  if !defined(ROTATE)
+#    if defined(L_ENDIAN)       /* little-endians have to rotate left */
+#      define ROTATE(i,n)       ((i)<<(n) ^ (i)>>(64-n))
+#    elif defined(B_ENDIAN)     /* big-endians have to rotate right */
+#      define ROTATE(i,n)       ((i)>>(n) ^ (i)<<(64-n))
+#    endif
+#  endif
+#  if defined(ROTATE) && !defined(STRICT_ALIGNMENT)
+#    define STRICT_ALIGNMENT    /* ensure smallest table size */
+#  endif
+#endif
+/*
+ * Table size depends on STRICT_ALIGNMENT and whether or not endian-
+ * specific ROTATE macro is defined. If STRICT_ALIGNMENT is not
+ * defined, which is normally the case on x86[_64] CPUs, the table is
+ * 4KB large unconditionally. Otherwise if ROTATE is defined, the
+ * table is 2KB large, and otherwise - 16KB. 2KB table requires a
+ * whole bunch of additional rotations, but I'm willing to "trade,"
+ * because 16KB table certainly trashes L1 cache. I wish all CPUs
+ * could handle unaligned load as 4KB table doesn't trash the cache,
+ * nor does it require additional rotations.
+ */
+/*
+ * Note that every Cn macro expands as two loads: one byte load and
+ * one quadword load. One can argue that that many single-byte loads
+ * is too excessive, as one could load a quadword and "milk" it for
+ * eight 8-bit values instead. Well, yes, but in order to do so *and*
+ * avoid excessive loads you have to accomodate a handful of 64-bit
+ * values in the register bank and issue a bunch of shifts and mask.
+ * It's a tradeoff: loads vs. shift and mask in big register bank[!].
+ * On most CPUs eight single-byte loads are faster and I let other
+ * ones to depend on smart compiler to fold byte loads if beneficial.
+ * Hand-coded assembler would be another alternative:-)
+ */
+#ifdef STRICT_ALIGNMENT
+#  if defined(ROTATE)
+#    define N   1
+#    define LL(c0,c1,c2,c3,c4,c5,c6,c7) c0,c1,c2,c3,c4,c5,c6,c7
+#    define C0(K,i)     (Cx.q[K.c[(i)*8+0]])
+#    define C1(K,i)     ROTATE(Cx.q[K.c[(i)*8+1]],8)
+#    define C2(K,i)     ROTATE(Cx.q[K.c[(i)*8+2]],16)
+#    define C3(K,i)     ROTATE(Cx.q[K.c[(i)*8+3]],24)
+#    define C4(K,i)     ROTATE(Cx.q[K.c[(i)*8+4]],32)
+#    define C5(K,i)     ROTATE(Cx.q[K.c[(i)*8+5]],40)
+#    define C6(K,i)     ROTATE(Cx.q[K.c[(i)*8+6]],48)
+#    define C7(K,i)     ROTATE(Cx.q[K.c[(i)*8+7]],56)
+#  else
+#    define N   8
+#    define LL(c0,c1,c2,c3,c4,c5,c6,c7) c0,c1,c2,c3,c4,c5,c6,c7, \
+                                        c7,c0,c1,c2,c3,c4,c5,c6, \
+                                        c6,c7,c0,c1,c2,c3,c4,c5, \
+                                        c5,c6,c7,c0,c1,c2,c3,c4, \
+                                        c4,c5,c6,c7,c0,c1,c2,c3, \
+                                        c3,c4,c5,c6,c7,c0,c1,c2, \
+                                        c2,c3,c4,c5,c6,c7,c0,c1, \
+                                        c1,c2,c3,c4,c5,c6,c7,c0
+#    define C0(K,i)     (Cx.q[0+8*K.c[(i)*8+0]])
+#    define C1(K,i)     (Cx.q[1+8*K.c[(i)*8+1]])
+#    define C2(K,i)     (Cx.q[2+8*K.c[(i)*8+2]])
+#    define C3(K,i)     (Cx.q[3+8*K.c[(i)*8+3]])
+#    define C4(K,i)     (Cx.q[4+8*K.c[(i)*8+4]])
+#    define C5(K,i)     (Cx.q[5+8*K.c[(i)*8+5]])
+#    define C6(K,i)     (Cx.q[6+8*K.c[(i)*8+6]])
+#    define C7(K,i)     (Cx.q[7+8*K.c[(i)*8+7]])
+#  endif
+#else
+#  define N     2
+#  define LL(c0,c1,c2,c3,c4,c5,c6,c7)   c0,c1,c2,c3,c4,c5,c6,c7, \
+                                        c0,c1,c2,c3,c4,c5,c6,c7
+#  define C0(K,i)       (((u64*)(Cx.c+0))[2*K.c[(i)*8+0]])
+#  define C1(K,i)       (((u64*)(Cx.c+7))[2*K.c[(i)*8+1]])
+#  define C2(K,i)       (((u64*)(Cx.c+6))[2*K.c[(i)*8+2]])
+#  define C3(K,i)       (((u64*)(Cx.c+5))[2*K.c[(i)*8+3]])
+#  define C4(K,i)       (((u64*)(Cx.c+4))[2*K.c[(i)*8+4]])
+#  define C5(K,i)       (((u64*)(Cx.c+3))[2*K.c[(i)*8+5]])
+#  define C6(K,i)       (((u64*)(Cx.c+2))[2*K.c[(i)*8+6]])
+#  define C7(K,i)       (((u64*)(Cx.c+1))[2*K.c[(i)*8+7]])
+#endif
+static const
+union   {
+        u8      c[(256*N+ROUNDS)*sizeof(u64)];
+        u64     q[(256*N+ROUNDS)];
+        } Cx = { {
+        /* Note endian-neutral representation:-) */
+        LL(0x18,0x18,0x60,0x18,0xc0,0x78,0x30,0xd8),
+        LL(0x23,0x23,0x8c,0x23,0x05,0xaf,0x46,0x26),
+        LL(0xc6,0xc6,0x3f,0xc6,0x7e,0xf9,0x91,0xb8),
+        LL(0xe8,0xe8,0x87,0xe8,0x13,0x6f,0xcd,0xfb),
+        LL(0x87,0x87,0x26,0x87,0x4c,0xa1,0x13,0xcb),
+        LL(0xb8,0xb8,0xda,0xb8,0xa9,0x62,0x6d,0x11),
+        LL(0x01,0x01,0x04,0x01,0x08,0x05,0x02,0x09),
+        LL(0x4f,0x4f,0x21,0x4f,0x42,0x6e,0x9e,0x0d),
+        LL(0x36,0x36,0xd8,0x36,0xad,0xee,0x6c,0x9b),
+        LL(0xa6,0xa6,0xa2,0xa6,0x59,0x04,0x51,0xff),
+        LL(0xd2,0xd2,0x6f,0xd2,0xde,0xbd,0xb9,0x0c),
+        LL(0xf5,0xf5,0xf3,0xf5,0xfb,0x06,0xf7,0x0e),
+        LL(0x79,0x79,0xf9,0x79,0xef,0x80,0xf2,0x96),
+        LL(0x6f,0x6f,0xa1,0x6f,0x5f,0xce,0xde,0x30),
+        LL(0x91,0x91,0x7e,0x91,0xfc,0xef,0x3f,0x6d),
+        LL(0x52,0x52,0x55,0x52,0xaa,0x07,0xa4,0xf8),
+        LL(0x60,0x60,0x9d,0x60,0x27,0xfd,0xc0,0x47),
+        LL(0xbc,0xbc,0xca,0xbc,0x89,0x76,0x65,0x35),
+        LL(0x9b,0x9b,0x56,0x9b,0xac,0xcd,0x2b,0x37),
+        LL(0x8e,0x8e,0x02,0x8e,0x04,0x8c,0x01,0x8a),
+        LL(0xa3,0xa3,0xb6,0xa3,0x71,0x15,0x5b,0xd2),
+        LL(0x0c,0x0c,0x30,0x0c,0x60,0x3c,0x18,0x6c),
+        LL(0x7b,0x7b,0xf1,0x7b,0xff,0x8a,0xf6,0x84),
+        LL(0x35,0x35,0xd4,0x35,0xb5,0xe1,0x6a,0x80),
+        LL(0x1d,0x1d,0x74,0x1d,0xe8,0x69,0x3a,0xf5),
+        LL(0xe0,0xe0,0xa7,0xe0,0x53,0x47,0xdd,0xb3),
+        LL(0xd7,0xd7,0x7b,0xd7,0xf6,0xac,0xb3,0x21),
+        LL(0xc2,0xc2,0x2f,0xc2,0x5e,0xed,0x99,0x9c),
+        LL(0x2e,0x2e,0xb8,0x2e,0x6d,0x96,0x5c,0x43),
+        LL(0x4b,0x4b,0x31,0x4b,0x62,0x7a,0x96,0x29),
+        LL(0xfe,0xfe,0xdf,0xfe,0xa3,0x21,0xe1,0x5d),
+        LL(0x57,0x57,0x41,0x57,0x82,0x16,0xae,0xd5),
+        LL(0x15,0x15,0x54,0x15,0xa8,0x41,0x2a,0xbd),
+        LL(0x77,0x77,0xc1,0x77,0x9f,0xb6,0xee,0xe8),
+        LL(0x37,0x37,0xdc,0x37,0xa5,0xeb,0x6e,0x92),
+        LL(0xe5,0xe5,0xb3,0xe5,0x7b,0x56,0xd7,0x9e),
+        LL(0x9f,0x9f,0x46,0x9f,0x8c,0xd9,0x23,0x13),
+        LL(0xf0,0xf0,0xe7,0xf0,0xd3,0x17,0xfd,0x23),
+        LL(0x4a,0x4a,0x35,0x4a,0x6a,0x7f,0x94,0x20),
+        LL(0xda,0xda,0x4f,0xda,0x9e,0x95,0xa9,0x44),
+        LL(0x58,0x58,0x7d,0x58,0xfa,0x25,0xb0,0xa2),
+        LL(0xc9,0xc9,0x03,0xc9,0x06,0xca,0x8f,0xcf),
+        LL(0x29,0x29,0xa4,0x29,0x55,0x8d,0x52,0x7c),
+        LL(0x0a,0x0a,0x28,0x0a,0x50,0x22,0x14,0x5a),
+        LL(0xb1,0xb1,0xfe,0xb1,0xe1,0x4f,0x7f,0x50),
+        LL(0xa0,0xa0,0xba,0xa0,0x69,0x1a,0x5d,0xc9),
+        LL(0x6b,0x6b,0xb1,0x6b,0x7f,0xda,0xd6,0x14),
+        LL(0x85,0x85,0x2e,0x85,0x5c,0xab,0x17,0xd9),
+        LL(0xbd,0xbd,0xce,0xbd,0x81,0x73,0x67,0x3c),
+        LL(0x5d,0x5d,0x69,0x5d,0xd2,0x34,0xba,0x8f),
+        LL(0x10,0x10,0x40,0x10,0x80,0x50,0x20,0x90),
+        LL(0xf4,0xf4,0xf7,0xf4,0xf3,0x03,0xf5,0x07),
+        LL(0xcb,0xcb,0x0b,0xcb,0x16,0xc0,0x8b,0xdd),
+        LL(0x3e,0x3e,0xf8,0x3e,0xed,0xc6,0x7c,0xd3),
+        LL(0x05,0x05,0x14,0x05,0x28,0x11,0x0a,0x2d),
+        LL(0x67,0x67,0x81,0x67,0x1f,0xe6,0xce,0x78),
+        LL(0xe4,0xe4,0xb7,0xe4,0x73,0x53,0xd5,0x97),
+        LL(0x27,0x27,0x9c,0x27,0x25,0xbb,0x4e,0x02),
+        LL(0x41,0x41,0x19,0x41,0x32,0x58,0x82,0x73),
+        LL(0x8b,0x8b,0x16,0x8b,0x2c,0x9d,0x0b,0xa7),
+        LL(0xa7,0xa7,0xa6,0xa7,0x51,0x01,0x53,0xf6),
+        LL(0x7d,0x7d,0xe9,0x7d,0xcf,0x94,0xfa,0xb2),
+        LL(0x95,0x95,0x6e,0x95,0xdc,0xfb,0x37,0x49),
+        LL(0xd8,0xd8,0x47,0xd8,0x8e,0x9f,0xad,0x56),
+        LL(0xfb,0xfb,0xcb,0xfb,0x8b,0x30,0xeb,0x70),
+        LL(0xee,0xee,0x9f,0xee,0x23,0x71,0xc1,0xcd),
+        LL(0x7c,0x7c,0xed,0x7c,0xc7,0x91,0xf8,0xbb),
+        LL(0x66,0x66,0x85,0x66,0x17,0xe3,0xcc,0x71),
+        LL(0xdd,0xdd,0x53,0xdd,0xa6,0x8e,0xa7,0x7b),
+        LL(0x17,0x17,0x5c,0x17,0xb8,0x4b,0x2e,0xaf),
+        LL(0x47,0x47,0x01,0x47,0x02,0x46,0x8e,0x45),
+        LL(0x9e,0x9e,0x42,0x9e,0x84,0xdc,0x21,0x1a),
+        LL(0xca,0xca,0x0f,0xca,0x1e,0xc5,0x89,0xd4),
+        LL(0x2d,0x2d,0xb4,0x2d,0x75,0x99,0x5a,0x58),
+        LL(0xbf,0xbf,0xc6,0xbf,0x91,0x79,0x63,0x2e),
+        LL(0x07,0x07,0x1c,0x07,0x38,0x1b,0x0e,0x3f),
+        LL(0xad,0xad,0x8e,0xad,0x01,0x23,0x47,0xac),
+        LL(0x5a,0x5a,0x75,0x5a,0xea,0x2f,0xb4,0xb0),
+        LL(0x83,0x83,0x36,0x83,0x6c,0xb5,0x1b,0xef),
+        LL(0x33,0x33,0xcc,0x33,0x85,0xff,0x66,0xb6),
+        LL(0x63,0x63,0x91,0x63,0x3f,0xf2,0xc6,0x5c),
+        LL(0x02,0x02,0x08,0x02,0x10,0x0a,0x04,0x12),
+        LL(0xaa,0xaa,0x92,0xaa,0x39,0x38,0x49,0x93),
+        LL(0x71,0x71,0xd9,0x71,0xaf,0xa8,0xe2,0xde),
+        LL(0xc8,0xc8,0x07,0xc8,0x0e,0xcf,0x8d,0xc6),
+        LL(0x19,0x19,0x64,0x19,0xc8,0x7d,0x32,0xd1),
+        LL(0x49,0x49,0x39,0x49,0x72,0x70,0x92,0x3b),
+        LL(0xd9,0xd9,0x43,0xd9,0x86,0x9a,0xaf,0x5f),
+        LL(0xf2,0xf2,0xef,0xf2,0xc3,0x1d,0xf9,0x31),
+        LL(0xe3,0xe3,0xab,0xe3,0x4b,0x48,0xdb,0xa8),
+        LL(0x5b,0x5b,0x71,0x5b,0xe2,0x2a,0xb6,0xb9),
+        LL(0x88,0x88,0x1a,0x88,0x34,0x92,0x0d,0xbc),
+        LL(0x9a,0x9a,0x52,0x9a,0xa4,0xc8,0x29,0x3e),
+        LL(0x26,0x26,0x98,0x26,0x2d,0xbe,0x4c,0x0b),
+        LL(0x32,0x32,0xc8,0x32,0x8d,0xfa,0x64,0xbf),
+        LL(0xb0,0xb0,0xfa,0xb0,0xe9,0x4a,0x7d,0x59),
+        LL(0xe9,0xe9,0x83,0xe9,0x1b,0x6a,0xcf,0xf2),
+        LL(0x0f,0x0f,0x3c,0x0f,0x78,0x33,0x1e,0x77),
+        LL(0xd5,0xd5,0x73,0xd5,0xe6,0xa6,0xb7,0x33),
+        LL(0x80,0x80,0x3a,0x80,0x74,0xba,0x1d,0xf4),
+        LL(0xbe,0xbe,0xc2,0xbe,0x99,0x7c,0x61,0x27),
+        LL(0xcd,0xcd,0x13,0xcd,0x26,0xde,0x87,0xeb),
+        LL(0x34,0x34,0xd0,0x34,0xbd,0xe4,0x68,0x89),
+        LL(0x48,0x48,0x3d,0x48,0x7a,0x75,0x90,0x32),
+        LL(0xff,0xff,0xdb,0xff,0xab,0x24,0xe3,0x54),
+        LL(0x7a,0x7a,0xf5,0x7a,0xf7,0x8f,0xf4,0x8d),
+        LL(0x90,0x90,0x7a,0x90,0xf4,0xea,0x3d,0x64),
+        LL(0x5f,0x5f,0x61,0x5f,0xc2,0x3e,0xbe,0x9d),
+        LL(0x20,0x20,0x80,0x20,0x1d,0xa0,0x40,0x3d),
+        LL(0x68,0x68,0xbd,0x68,0x67,0xd5,0xd0,0x0f),
+        LL(0x1a,0x1a,0x68,0x1a,0xd0,0x72,0x34,0xca),
+        LL(0xae,0xae,0x82,0xae,0x19,0x2c,0x41,0xb7),
+        LL(0xb4,0xb4,0xea,0xb4,0xc9,0x5e,0x75,0x7d),
+        LL(0x54,0x54,0x4d,0x54,0x9a,0x19,0xa8,0xce),
+        LL(0x93,0x93,0x76,0x93,0xec,0xe5,0x3b,0x7f),
+        LL(0x22,0x22,0x88,0x22,0x0d,0xaa,0x44,0x2f),
+        LL(0x64,0x64,0x8d,0x64,0x07,0xe9,0xc8,0x63),
+        LL(0xf1,0xf1,0xe3,0xf1,0xdb,0x12,0xff,0x2a),
+        LL(0x73,0x73,0xd1,0x73,0xbf,0xa2,0xe6,0xcc),
+        LL(0x12,0x12,0x48,0x12,0x90,0x5a,0x24,0x82),
+        LL(0x40,0x40,0x1d,0x40,0x3a,0x5d,0x80,0x7a),
+        LL(0x08,0x08,0x20,0x08,0x40,0x28,0x10,0x48),
+        LL(0xc3,0xc3,0x2b,0xc3,0x56,0xe8,0x9b,0x95),
+        LL(0xec,0xec,0x97,0xec,0x33,0x7b,0xc5,0xdf),
+        LL(0xdb,0xdb,0x4b,0xdb,0x96,0x90,0xab,0x4d),
+        LL(0xa1,0xa1,0xbe,0xa1,0x61,0x1f,0x5f,0xc0),
+        LL(0x8d,0x8d,0x0e,0x8d,0x1c,0x83,0x07,0x91),
+        LL(0x3d,0x3d,0xf4,0x3d,0xf5,0xc9,0x7a,0xc8),
+        LL(0x97,0x97,0x66,0x97,0xcc,0xf1,0x33,0x5b),
+        LL(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00),
+        LL(0xcf,0xcf,0x1b,0xcf,0x36,0xd4,0x83,0xf9),
+        LL(0x2b,0x2b,0xac,0x2b,0x45,0x87,0x56,0x6e),
+        LL(0x76,0x76,0xc5,0x76,0x97,0xb3,0xec,0xe1),
+        LL(0x82,0x82,0x32,0x82,0x64,0xb0,0x19,0xe6),
+        LL(0xd6,0xd6,0x7f,0xd6,0xfe,0xa9,0xb1,0x28),
+        LL(0x1b,0x1b,0x6c,0x1b,0xd8,0x77,0x36,0xc3),
+        LL(0xb5,0xb5,0xee,0xb5,0xc1,0x5b,0x77,0x74),
+        LL(0xaf,0xaf,0x86,0xaf,0x11,0x29,0x43,0xbe),
+        LL(0x6a,0x6a,0xb5,0x6a,0x77,0xdf,0xd4,0x1d),
+        LL(0x50,0x50,0x5d,0x50,0xba,0x0d,0xa0,0xea),
+        LL(0x45,0x45,0x09,0x45,0x12,0x4c,0x8a,0x57),
+        LL(0xf3,0xf3,0xeb,0xf3,0xcb,0x18,0xfb,0x38),
+        LL(0x30,0x30,0xc0,0x30,0x9d,0xf0,0x60,0xad),
+        LL(0xef,0xef,0x9b,0xef,0x2b,0x74,0xc3,0xc4),
+        LL(0x3f,0x3f,0xfc,0x3f,0xe5,0xc3,0x7e,0xda),
+        LL(0x55,0x55,0x49,0x55,0x92,0x1c,0xaa,0xc7),
+        LL(0xa2,0xa2,0xb2,0xa2,0x79,0x10,0x59,0xdb),
+        LL(0xea,0xea,0x8f,0xea,0x03,0x65,0xc9,0xe9),
+        LL(0x65,0x65,0x89,0x65,0x0f,0xec,0xca,0x6a),
+        LL(0xba,0xba,0xd2,0xba,0xb9,0x68,0x69,0x03),
+        LL(0x2f,0x2f,0xbc,0x2f,0x65,0x93,0x5e,0x4a),
+        LL(0xc0,0xc0,0x27,0xc0,0x4e,0xe7,0x9d,0x8e),
+        LL(0xde,0xde,0x5f,0xde,0xbe,0x81,0xa1,0x60),
+        LL(0x1c,0x1c,0x70,0x1c,0xe0,0x6c,0x38,0xfc),
+        LL(0xfd,0xfd,0xd3,0xfd,0xbb,0x2e,0xe7,0x46),
+        LL(0x4d,0x4d,0x29,0x4d,0x52,0x64,0x9a,0x1f),
+        LL(0x92,0x92,0x72,0x92,0xe4,0xe0,0x39,0x76),
+        LL(0x75,0x75,0xc9,0x75,0x8f,0xbc,0xea,0xfa),
+        LL(0x06,0x06,0x18,0x06,0x30,0x1e,0x0c,0x36),
+        LL(0x8a,0x8a,0x12,0x8a,0x24,0x98,0x09,0xae),
+        LL(0xb2,0xb2,0xf2,0xb2,0xf9,0x40,0x79,0x4b),
+        LL(0xe6,0xe6,0xbf,0xe6,0x63,0x59,0xd1,0x85),
+        LL(0x0e,0x0e,0x38,0x0e,0x70,0x36,0x1c,0x7e),
+        LL(0x1f,0x1f,0x7c,0x1f,0xf8,0x63,0x3e,0xe7),
+        LL(0x62,0x62,0x95,0x62,0x37,0xf7,0xc4,0x55),
+        LL(0xd4,0xd4,0x77,0xd4,0xee,0xa3,0xb5,0x3a),
+        LL(0xa8,0xa8,0x9a,0xa8,0x29,0x32,0x4d,0x81),
+        LL(0x96,0x96,0x62,0x96,0xc4,0xf4,0x31,0x52),
+        LL(0xf9,0xf9,0xc3,0xf9,0x9b,0x3a,0xef,0x62),
+        LL(0xc5,0xc5,0x33,0xc5,0x66,0xf6,0x97,0xa3),
+        LL(0x25,0x25,0x94,0x25,0x35,0xb1,0x4a,0x10),
+        LL(0x59,0x59,0x79,0x59,0xf2,0x20,0xb2,0xab),
+        LL(0x84,0x84,0x2a,0x84,0x54,0xae,0x15,0xd0),
+        LL(0x72,0x72,0xd5,0x72,0xb7,0xa7,0xe4,0xc5),
+        LL(0x39,0x39,0xe4,0x39,0xd5,0xdd,0x72,0xec),
+        LL(0x4c,0x4c,0x2d,0x4c,0x5a,0x61,0x98,0x16),
+        LL(0x5e,0x5e,0x65,0x5e,0xca,0x3b,0xbc,0x94),
+        LL(0x78,0x78,0xfd,0x78,0xe7,0x85,0xf0,0x9f),
+        LL(0x38,0x38,0xe0,0x38,0xdd,0xd8,0x70,0xe5),
+        LL(0x8c,0x8c,0x0a,0x8c,0x14,0x86,0x05,0x98),
+        LL(0xd1,0xd1,0x63,0xd1,0xc6,0xb2,0xbf,0x17),
+        LL(0xa5,0xa5,0xae,0xa5,0x41,0x0b,0x57,0xe4),
+        LL(0xe2,0xe2,0xaf,0xe2,0x43,0x4d,0xd9,0xa1),
+        LL(0x61,0x61,0x99,0x61,0x2f,0xf8,0xc2,0x4e),
+        LL(0xb3,0xb3,0xf6,0xb3,0xf1,0x45,0x7b,0x42),
+        LL(0x21,0x21,0x84,0x21,0x15,0xa5,0x42,0x34),
+        LL(0x9c,0x9c,0x4a,0x9c,0x94,0xd6,0x25,0x08),
+        LL(0x1e,0x1e,0x78,0x1e,0xf0,0x66,0x3c,0xee),
+        LL(0x43,0x43,0x11,0x43,0x22,0x52,0x86,0x61),
+        LL(0xc7,0xc7,0x3b,0xc7,0x76,0xfc,0x93,0xb1),
+        LL(0xfc,0xfc,0xd7,0xfc,0xb3,0x2b,0xe5,0x4f),
+        LL(0x04,0x04,0x10,0x04,0x20,0x14,0x08,0x24),
+        LL(0x51,0x51,0x59,0x51,0xb2,0x08,0xa2,0xe3),
+        LL(0x99,0x99,0x5e,0x99,0xbc,0xc7,0x2f,0x25),
+        LL(0x6d,0x6d,0xa9,0x6d,0x4f,0xc4,0xda,0x22),
+        LL(0x0d,0x0d,0x34,0x0d,0x68,0x39,0x1a,0x65),
+        LL(0xfa,0xfa,0xcf,0xfa,0x83,0x35,0xe9,0x79),
+        LL(0xdf,0xdf,0x5b,0xdf,0xb6,0x84,0xa3,0x69),
+        LL(0x7e,0x7e,0xe5,0x7e,0xd7,0x9b,0xfc,0xa9),
+        LL(0x24,0x24,0x90,0x24,0x3d,0xb4,0x48,0x19),
+        LL(0x3b,0x3b,0xec,0x3b,0xc5,0xd7,0x76,0xfe),
+        LL(0xab,0xab,0x96,0xab,0x31,0x3d,0x4b,0x9a),
+        LL(0xce,0xce,0x1f,0xce,0x3e,0xd1,0x81,0xf0),
+        LL(0x11,0x11,0x44,0x11,0x88,0x55,0x22,0x99),
+        LL(0x8f,0x8f,0x06,0x8f,0x0c,0x89,0x03,0x83),
+        LL(0x4e,0x4e,0x25,0x4e,0x4a,0x6b,0x9c,0x04),
+        LL(0xb7,0xb7,0xe6,0xb7,0xd1,0x51,0x73,0x66),
+        LL(0xeb,0xeb,0x8b,0xeb,0x0b,0x60,0xcb,0xe0),
+        LL(0x3c,0x3c,0xf0,0x3c,0xfd,0xcc,0x78,0xc1),
+        LL(0x81,0x81,0x3e,0x81,0x7c,0xbf,0x1f,0xfd),
+        LL(0x94,0x94,0x6a,0x94,0xd4,0xfe,0x35,0x40),
+        LL(0xf7,0xf7,0xfb,0xf7,0xeb,0x0c,0xf3,0x1c),
+        LL(0xb9,0xb9,0xde,0xb9,0xa1,0x67,0x6f,0x18),
+        LL(0x13,0x13,0x4c,0x13,0x98,0x5f,0x26,0x8b),
+        LL(0x2c,0x2c,0xb0,0x2c,0x7d,0x9c,0x58,0x51),
+        LL(0xd3,0xd3,0x6b,0xd3,0xd6,0xb8,0xbb,0x05),
+        LL(0xe7,0xe7,0xbb,0xe7,0x6b,0x5c,0xd3,0x8c),
+        LL(0x6e,0x6e,0xa5,0x6e,0x57,0xcb,0xdc,0x39),
+        LL(0xc4,0xc4,0x37,0xc4,0x6e,0xf3,0x95,0xaa),
+        LL(0x03,0x03,0x0c,0x03,0x18,0x0f,0x06,0x1b),
+        LL(0x56,0x56,0x45,0x56,0x8a,0x13,0xac,0xdc),
+        LL(0x44,0x44,0x0d,0x44,0x1a,0x49,0x88,0x5e),
+        LL(0x7f,0x7f,0xe1,0x7f,0xdf,0x9e,0xfe,0xa0),
+        LL(0xa9,0xa9,0x9e,0xa9,0x21,0x37,0x4f,0x88),
+        LL(0x2a,0x2a,0xa8,0x2a,0x4d,0x82,0x54,0x67),
+        LL(0xbb,0xbb,0xd6,0xbb,0xb1,0x6d,0x6b,0x0a),
+        LL(0xc1,0xc1,0x23,0xc1,0x46,0xe2,0x9f,0x87),
+        LL(0x53,0x53,0x51,0x53,0xa2,0x02,0xa6,0xf1),
+        LL(0xdc,0xdc,0x57,0xdc,0xae,0x8b,0xa5,0x72),
+        LL(0x0b,0x0b,0x2c,0x0b,0x58,0x27,0x16,0x53),
+        LL(0x9d,0x9d,0x4e,0x9d,0x9c,0xd3,0x27,0x01),
+        LL(0x6c,0x6c,0xad,0x6c,0x47,0xc1,0xd8,0x2b),
+        LL(0x31,0x31,0xc4,0x31,0x95,0xf5,0x62,0xa4),
+        LL(0x74,0x74,0xcd,0x74,0x87,0xb9,0xe8,0xf3),
+        LL(0xf6,0xf6,0xff,0xf6,0xe3,0x09,0xf1,0x15),
+        LL(0x46,0x46,0x05,0x46,0x0a,0x43,0x8c,0x4c),
+        LL(0xac,0xac,0x8a,0xac,0x09,0x26,0x45,0xa5),
+        LL(0x89,0x89,0x1e,0x89,0x3c,0x97,0x0f,0xb5),
+        LL(0x14,0x14,0x50,0x14,0xa0,0x44,0x28,0xb4),
+        LL(0xe1,0xe1,0xa3,0xe1,0x5b,0x42,0xdf,0xba),
+        LL(0x16,0x16,0x58,0x16,0xb0,0x4e,0x2c,0xa6),
+        LL(0x3a,0x3a,0xe8,0x3a,0xcd,0xd2,0x74,0xf7),
+        LL(0x69,0x69,0xb9,0x69,0x6f,0xd0,0xd2,0x06),
+        LL(0x09,0x09,0x24,0x09,0x48,0x2d,0x12,0x41),
+        LL(0x70,0x70,0xdd,0x70,0xa7,0xad,0xe0,0xd7),
+        LL(0xb6,0xb6,0xe2,0xb6,0xd9,0x54,0x71,0x6f),
+        LL(0xd0,0xd0,0x67,0xd0,0xce,0xb7,0xbd,0x1e),
+        LL(0xed,0xed,0x93,0xed,0x3b,0x7e,0xc7,0xd6),
+        LL(0xcc,0xcc,0x17,0xcc,0x2e,0xdb,0x85,0xe2),
+        LL(0x42,0x42,0x15,0x42,0x2a,0x57,0x84,0x68),
+        LL(0x98,0x98,0x5a,0x98,0xb4,0xc2,0x2d,0x2c),
+        LL(0xa4,0xa4,0xaa,0xa4,0x49,0x0e,0x55,0xed),
+        LL(0x28,0x28,0xa0,0x28,0x5d,0x88,0x50,0x75),
+        LL(0x5c,0x5c,0x6d,0x5c,0xda,0x31,0xb8,0x86),
+        LL(0xf8,0xf8,0xc7,0xf8,0x93,0x3f,0xed,0x6b),
+        LL(0x86,0x86,0x22,0x86,0x44,0xa4,0x11,0xc2),
+#define RC      (&(Cx.q[256*N]))
+        0x18,0x23,0xc6,0xe8,0x87,0xb8,0x01,0x4f,        /* rc[ROUNDS] */
+        0x36,0xa6,0xd2,0xf5,0x79,0x6f,0x91,0x52,
+        0x60,0xbc,0x9b,0x8e,0xa3,0x0c,0x7b,0x35,
+        0x1d,0xe0,0xd7,0xc2,0x2e,0x4b,0xfe,0x57,
+        0x15,0x77,0x37,0xe5,0x9f,0xf0,0x4a,0xda,
+        0x58,0xc9,0x29,0x0a,0xb1,0xa0,0x6b,0x85,
+        0xbd,0x5d,0x10,0xf4,0xcb,0x3e,0x05,0x67,
+        0xe4,0x27,0x41,0x8b,0xa7,0x7d,0x95,0xd8,
+        0xfb,0xee,0x7c,0x66,0xdd,0x17,0x47,0x9e,
+        0xca,0x2d,0xbf,0x07,0xad,0x5a,0x83,0x33
+        }
+};
+void whirlpool_block(WHIRLPOOL_CTX *ctx,const void *inp,size_t n)
+        {
+        int     r;
+        const u8 *p=inp;
+        union   { u64 q[8]; u8 c[64]; } S,K,*H=(void *)ctx->H.q;
+#ifdef GO_FOR_MMX
+        GO_FOR_MMX(ctx,inp,n);
+#endif
+                                                        do {
+#ifdef OPENSSL_SMALL_FOOTPRINT
+        u64     L[8];
+        int     i;
+        for (i=0;i<64;i++)      S.c[i] = (K.c[i] = H->c[i]) ^ p[i];
+        for (r=0;r<ROUNDS;r++)
+                {
+                for (i=0;i<8;i++)
+                        {
+                        L[i]  = i ? 0 : RC[r];
+                        L[i] ^= C0(K,i)       ^ C1(K,(i-1)&7) ^
+                                C2(K,(i-2)&7) ^ C3(K,(i-3)&7) ^
+                                C4(K,(i-4)&7) ^ C5(K,(i-5)&7) ^
+                                C6(K,(i-6)&7) ^ C7(K,(i-7)&7);
+                        }
+                memcpy (K.q,L,64);
+                for (i=0;i<8;i++)
+                        {
+                        L[i] ^= C0(S,i)       ^ C1(S,(i-1)&7) ^
+                                C2(S,(i-2)&7) ^ C3(S,(i-3)&7) ^
+                                C4(S,(i-4)&7) ^ C5(S,(i-5)&7) ^
+                                C6(S,(i-6)&7) ^ C7(S,(i-7)&7);
+                        }
+                memcpy (S.q,L,64);
+                }
+        for (i=0;i<64;i++)      H->c[i] ^= S.c[i] ^ p[i];
+#else
+        u64     L0,L1,L2,L3,L4,L5,L6,L7;
+#ifdef STRICT_ALIGNMENT
+        if ((size_t)p & 7)
+                {
+                memcpy (S.c,p,64);
+                S.q[0] ^= (K.q[0] = H->q[0]);
+                S.q[1] ^= (K.q[1] = H->q[1]);
+                S.q[2] ^= (K.q[2] = H->q[2]);
+                S.q[3] ^= (K.q[3] = H->q[3]);
+                S.q[4] ^= (K.q[4] = H->q[4]);
+                S.q[5] ^= (K.q[5] = H->q[5]);
+                S.q[6] ^= (K.q[6] = H->q[6]);
+                S.q[7] ^= (K.q[7] = H->q[7]);
+                }
+        else
+#endif
+                {
+                const u64 *pa = (const u64*)p;
+                S.q[0] = (K.q[0] = H->q[0]) ^ pa[0];
+                S.q[1] = (K.q[1] = H->q[1]) ^ pa[1];
+                S.q[2] = (K.q[2] = H->q[2]) ^ pa[2];
+                S.q[3] = (K.q[3] = H->q[3]) ^ pa[3];
+                S.q[4] = (K.q[4] = H->q[4]) ^ pa[4];
+                S.q[5] = (K.q[5] = H->q[5]) ^ pa[5];
+                S.q[6] = (K.q[6] = H->q[6]) ^ pa[6];
+                S.q[7] = (K.q[7] = H->q[7]) ^ pa[7];
+                }
+        for(r=0;r<ROUNDS;r++)
+                {
+#ifdef SMALL_REGISTER_BANK
+                L0 =    C0(K,0) ^ C1(K,7) ^ C2(K,6) ^ C3(K,5) ^
+                        C4(K,4) ^ C5(K,3) ^ C6(K,2) ^ C7(K,1) ^ RC[r];
+                L1 =    C0(K,1) ^ C1(K,0) ^ C2(K,7) ^ C3(K,6) ^
+                        C4(K,5) ^ C5(K,4) ^ C6(K,3) ^ C7(K,2);
+                L2 =    C0(K,2) ^ C1(K,1) ^ C2(K,0) ^ C3(K,7) ^
+                        C4(K,6) ^ C5(K,5) ^ C6(K,4) ^ C7(K,3);
+                L3 =    C0(K,3) ^ C1(K,2) ^ C2(K,1) ^ C3(K,0) ^
+                        C4(K,7) ^ C5(K,6) ^ C6(K,5) ^ C7(K,4);
+                L4 =    C0(K,4) ^ C1(K,3) ^ C2(K,2) ^ C3(K,1) ^
+                        C4(K,0) ^ C5(K,7) ^ C6(K,6) ^ C7(K,5);
+                L5 =    C0(K,5) ^ C1(K,4) ^ C2(K,3) ^ C3(K,2) ^
+                        C4(K,1) ^ C5(K,0) ^ C6(K,7) ^ C7(K,6);
+                L6 =    C0(K,6) ^ C1(K,5) ^ C2(K,4) ^ C3(K,3) ^
+                        C4(K,2) ^ C5(K,1) ^ C6(K,0) ^ C7(K,7);
+                L7 =    C0(K,7) ^ C1(K,6) ^ C2(K,5) ^ C3(K,4) ^
+                        C4(K,3) ^ C5(K,2) ^ C6(K,1) ^ C7(K,0);
+                K.q[0] = L0; K.q[1] = L1; K.q[2] = L2; K.q[3] = L3;
+                K.q[4] = L4; K.q[5] = L5; K.q[6] = L6; K.q[7] = L7;
+                L0 ^=   C0(S,0) ^ C1(S,7) ^ C2(S,6) ^ C3(S,5) ^
+                        C4(S,4) ^ C5(S,3) ^ C6(S,2) ^ C7(S,1);
+                L1 ^=   C0(S,1) ^ C1(S,0) ^ C2(S,7) ^ C3(S,6) ^
+                        C4(S,5) ^ C5(S,4) ^ C6(S,3) ^ C7(S,2);
+                L2 ^=   C0(S,2) ^ C1(S,1) ^ C2(S,0) ^ C3(S,7) ^
+                        C4(S,6) ^ C5(S,5) ^ C6(S,4) ^ C7(S,3);
+                L3 ^=   C0(S,3) ^ C1(S,2) ^ C2(S,1) ^ C3(S,0) ^
+                        C4(S,7) ^ C5(S,6) ^ C6(S,5) ^ C7(S,4);
+                L4 ^=   C0(S,4) ^ C1(S,3) ^ C2(S,2) ^ C3(S,1) ^
+                        C4(S,0) ^ C5(S,7) ^ C6(S,6) ^ C7(S,5);
+                L5 ^=   C0(S,5) ^ C1(S,4) ^ C2(S,3) ^ C3(S,2) ^
+                        C4(S,1) ^ C5(S,0) ^ C6(S,7) ^ C7(S,6);
+                L6 ^=   C0(S,6) ^ C1(S,5) ^ C2(S,4) ^ C3(S,3) ^
+                        C4(S,2) ^ C5(S,1) ^ C6(S,0) ^ C7(S,7);
+                L7 ^=   C0(S,7) ^ C1(S,6) ^ C2(S,5) ^ C3(S,4) ^
+                        C4(S,3) ^ C5(S,2) ^ C6(S,1) ^ C7(S,0);
+                S.q[0] = L0; S.q[1] = L1; S.q[2] = L2; S.q[3] = L3;
+                S.q[4] = L4; S.q[5] = L5; S.q[6] = L6; S.q[7] = L7;
+#else
+                L0  = C0(K,0); L1  = C1(K,0); L2  = C2(K,0); L3  = C3(K,0);
+                L4  = C4(K,0); L5  = C5(K,0); L6  = C6(K,0); L7  = C7(K,0);
+                L0 ^= RC[r];
+                L1 ^= C0(K,1); L2 ^= C1(K,1); L3 ^= C2(K,1); L4 ^= C3(K,1);
+                L5 ^= C4(K,1); L6 ^= C5(K,1); L7 ^= C6(K,1); L0 ^= C7(K,1);
+                L2 ^= C0(K,2); L3 ^= C1(K,2); L4 ^= C2(K,2); L5 ^= C3(K,2);
+                L6 ^= C4(K,2); L7 ^= C5(K,2); L0 ^= C6(K,2); L1 ^= C7(K,2);
+                L3 ^= C0(K,3); L4 ^= C1(K,3); L5 ^= C2(K,3); L6 ^= C3(K,3);
+                L7 ^= C4(K,3); L0 ^= C5(K,3); L1 ^= C6(K,3); L2 ^= C7(K,3);
+                L4 ^= C0(K,4); L5 ^= C1(K,4); L6 ^= C2(K,4); L7 ^= C3(K,4);
+                L0 ^= C4(K,4); L1 ^= C5(K,4); L2 ^= C6(K,4); L3 ^= C7(K,4);
+                L5 ^= C0(K,5); L6 ^= C1(K,5); L7 ^= C2(K,5); L0 ^= C3(K,5);
+                L1 ^= C4(K,5); L2 ^= C5(K,5); L3 ^= C6(K,5); L4 ^= C7(K,5);
+                L6 ^= C0(K,6); L7 ^= C1(K,6); L0 ^= C2(K,6); L1 ^= C3(K,6);
+                L2 ^= C4(K,6); L3 ^= C5(K,6); L4 ^= C6(K,6); L5 ^= C7(K,6);
+                L7 ^= C0(K,7); L0 ^= C1(K,7); L1 ^= C2(K,7); L2 ^= C3(K,7);
+                L3 ^= C4(K,7); L4 ^= C5(K,7); L5 ^= C6(K,7); L6 ^= C7(K,7);
+                K.q[0] = L0; K.q[1] = L1; K.q[2] = L2; K.q[3] = L3;
+                K.q[4] = L4; K.q[5] = L5; K.q[6] = L6; K.q[7] = L7;
+                L0 ^= C0(S,0); L1 ^= C1(S,0); L2 ^= C2(S,0); L3 ^= C3(S,0);
+                L4 ^= C4(S,0); L5 ^= C5(S,0); L6 ^= C6(S,0); L7 ^= C7(S,0);
+                L1 ^= C0(S,1); L2 ^= C1(S,1); L3 ^= C2(S,1); L4 ^= C3(S,1);
+                L5 ^= C4(S,1); L6 ^= C5(S,1); L7 ^= C6(S,1); L0 ^= C7(S,1);
+                L2 ^= C0(S,2); L3 ^= C1(S,2); L4 ^= C2(S,2); L5 ^= C3(S,2);
+                L6 ^= C4(S,2); L7 ^= C5(S,2); L0 ^= C6(S,2); L1 ^= C7(S,2);
+                L3 ^= C0(S,3); L4 ^= C1(S,3); L5 ^= C2(S,3); L6 ^= C3(S,3);
+                L7 ^= C4(S,3); L0 ^= C5(S,3); L1 ^= C6(S,3); L2 ^= C7(S,3);
+                L4 ^= C0(S,4); L5 ^= C1(S,4); L6 ^= C2(S,4); L7 ^= C3(S,4);
+                L0 ^= C4(S,4); L1 ^= C5(S,4); L2 ^= C6(S,4); L3 ^= C7(S,4);
+                L5 ^= C0(S,5); L6 ^= C1(S,5); L7 ^= C2(S,5); L0 ^= C3(S,5);
+                L1 ^= C4(S,5); L2 ^= C5(S,5); L3 ^= C6(S,5); L4 ^= C7(S,5);
+                L6 ^= C0(S,6); L7 ^= C1(S,6); L0 ^= C2(S,6); L1 ^= C3(S,6);
+                L2 ^= C4(S,6); L3 ^= C5(S,6); L4 ^= C6(S,6); L5 ^= C7(S,6);
+                L7 ^= C0(S,7); L0 ^= C1(S,7); L1 ^= C2(S,7); L2 ^= C3(S,7);
+                L3 ^= C4(S,7); L4 ^= C5(S,7); L5 ^= C6(S,7); L6 ^= C7(S,7);
+                S.q[0] = L0; S.q[1] = L1; S.q[2] = L2; S.q[3] = L3;
+                S.q[4] = L4; S.q[5] = L5; S.q[6] = L6; S.q[7] = L7;
+#endif
+                }
+#ifdef STRICT_ALIGNMENT
+        if ((size_t)p & 7)
+                {
+                int i;
+                for(i=0;i<64;i++)       H->c[i] ^= S.c[i] ^ p[i];
+                }
+        else
+#endif
+                {
+                const u64 *pa=(const u64 *)p;
+                H->q[0] ^= S.q[0] ^ pa[0];
+                H->q[1] ^= S.q[1] ^ pa[1];
+                H->q[2] ^= S.q[2] ^ pa[2];
+                H->q[3] ^= S.q[3] ^ pa[3];
+                H->q[4] ^= S.q[4] ^ pa[4];
+                H->q[5] ^= S.q[5] ^ pa[5];
+                H->q[6] ^= S.q[6] ^ pa[6];
+                H->q[7] ^= S.q[7] ^ pa[7];
+                }
+#endif
+                                                        p += 64;
+                                                        } while(--n);
+        }
diff --git a/src/lib/libcrypto/whrlpool/wp_dgst.c b/src/lib/libcrypto/whrlpool/wp_dgst.c
new file mode 100644
index 0000000000..ee5c5c1bf3
--- /dev/null
+++ b/src/lib/libcrypto/whrlpool/wp_dgst.c
@@ -0,0 +1,264 @@
+/**
+ * The Whirlpool hashing function.
+ *
+ * <P>
+ * <b>References</b>
+ *
+ * <P>
+ * The Whirlpool algorithm was developed by
+ * <a href="mailto:pbarreto@scopus.com.br">Paulo S. L. M. Barreto</a> and
+ * <a href="mailto:vincent.rijmen@cryptomathic.com">Vincent Rijmen</a>.
+ *
+ * See
+ *      P.S.L.M. Barreto, V. Rijmen,
+ *      ``The Whirlpool hashing function,''
+ *      NESSIE submission, 2000 (tweaked version, 2001),
+ *      <https://www.cosic.esat.kuleuven.ac.be/nessie/workshop/submissions/whirlpool.zip>
+ *
+ * Based on "@version 3.0 (2003.03.12)" by Paulo S.L.M. Barreto and
+ * Vincent Rijmen. Lookup "reference implementations" on
+ * <http://planeta.terra.com.br/informatica/paulobarreto/>
+ *
+ * =============================================================================
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
+ * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+ * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+ * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+/*
+ * OpenSSL-specific implementation notes.
+ *
+ * WHIRLPOOL_Update as well as one-stroke WHIRLPOOL both expect
+ * number of *bytes* as input length argument. Bit-oriented routine
+ * as specified by authors is called WHIRLPOOL_BitUpdate[!] and
+ * does not have one-stroke counterpart.
+ *
+ * WHIRLPOOL_BitUpdate implements byte-oriented loop, essentially
+ * to serve WHIRLPOOL_Update. This is done for performance.
+ *
+ * Unlike authors' reference implementation, block processing
+ * routine whirlpool_block is designed to operate on multi-block
+ * input. This is done for perfomance.
+ */
+#include "wp_locl.h"
+#include <string.h>
+int WHIRLPOOL_Init      (WHIRLPOOL_CTX *c)
+        {
+        memset (c,0,sizeof(*c));
+        return(1);
+        }
+int WHIRLPOOL_Update    (WHIRLPOOL_CTX *c,const void *_inp,size_t bytes)
+        {
+        /* Well, largest suitable chunk size actually is
+         * (1<<(sizeof(size_t)*8-3))-64, but below number
+         * is large enough for not to care about excessive
+         * calls to WHIRLPOOL_BitUpdate... */
+        size_t chunk = ((size_t)1)<<(sizeof(size_t)*8-4);
+        const unsigned char *inp = _inp;
+        while (bytes>=chunk)
+                {
+                WHIRLPOOL_BitUpdate(c,inp,chunk*8);
+                bytes -= chunk;
+                inp   += chunk;
+                }
+        if (bytes)
+                WHIRLPOOL_BitUpdate(c,inp,bytes*8);
+        return(1);
+        }
+void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c,const void *_inp,size_t bits)
+        {
+        size_t          n;
+        unsigned int    bitoff = c->bitoff,
+                        bitrem = bitoff%8,
+                        inpgap = (8-(unsigned int)bits%8)&7;
+        const unsigned char *inp=_inp;
+        /* This 256-bit increment procedure relies on the size_t
+         * being natural size of CPU register, so that we don't
+         * have to mask the value in order to detect overflows. */
+        c->bitlen[0] += bits;
+        if (c->bitlen[0] < bits)        /* overflow */
+                {
+                n = 1;
+                do  {   c->bitlen[n]++;
+                    } while(c->bitlen[n]==0
+                            && ++n<(WHIRLPOOL_COUNTER/sizeof(size_t)));
+                }
+#ifndef OPENSSL_SMALL_FOOTPRINT
+        reconsider:
+        if (inpgap==0 && bitrem==0)     /* byte-oriented loop */
+                {
+                while (bits)
+                        {
+                        if (bitoff==0 && (n=bits/WHIRLPOOL_BBLOCK))
+                                {
+                                whirlpool_block(c,inp,n);
+                                inp  += n*WHIRLPOOL_BBLOCK/8;
+                                bits %= WHIRLPOOL_BBLOCK;
+                                }
+                        else
+                                {
+                                unsigned int byteoff = bitoff/8;
+                                bitrem = WHIRLPOOL_BBLOCK - bitoff;/* re-use bitrem */
+                                if (bits >= bitrem)
+                                        {
+                                        bits -= bitrem;
+                                        bitrem /= 8;
+                                        memcpy(c->data+byteoff,inp,bitrem);
+                                        inp  += bitrem;
+                                        whirlpool_block(c,c->data,1);
+                                        bitoff = 0;
+                                        }
+                                else
+                                        {
+                                        memcpy(c->data+byteoff,inp,bits/8);
+                                        bitoff += (unsigned int)bits;
+                                        bits = 0;
+                                        }
+                                c->bitoff = bitoff;
+                                }
+                        }
+                }
+        else                            /* bit-oriented loop */
+#endif
+                {
+                /*
+                           inp
+                           |
+                           +-------+-------+-------
+                              |||||||||||||||||||||
+                           +-------+-------+-------
+                +-------+-------+-------+-------+-------
+                ||||||||||||||                          c->data
+                +-------+-------+-------+-------+-------
+                        |
+                        c->bitoff/8
+                */
+                while (bits)
+                        {
+                        unsigned int    byteoff = bitoff/8;
+                        unsigned char   b;
+#ifndef OPENSSL_SMALL_FOOTPRINT
+                        if (bitrem==inpgap)
+                                {
+                                c->data[byteoff++] |= inp[0] & (0xff>>inpgap);
+                                inpgap = 8-inpgap;
+                                bitoff += inpgap;  bitrem = 0;  /* bitoff%8 */
+                                bits   -= inpgap;  inpgap = 0;  /* bits%8   */
+                                inp++;
+                                if (bitoff==WHIRLPOOL_BBLOCK)
+                                        {
+                                        whirlpool_block(c,c->data,1);
+                                        bitoff = 0;
+                                        }
+                                c->bitoff = bitoff;
+                                goto reconsider;
+                                }
+                        else
+#endif
+                        if (bits>=8)
+                                {
+                                b  = ((inp[0]<<inpgap) | (inp[1]>>(8-inpgap)));
+                                b &= 0xff;
+                                if (bitrem)     c->data[byteoff++] |= b>>bitrem;
+                                else            c->data[byteoff++]  = b;
+                                bitoff += 8;
+                                bits   -= 8;
+                                inp++;
+                                if (bitoff>=WHIRLPOOL_BBLOCK)
+                                        {
+                                        whirlpool_block(c,c->data,1);
+                                        byteoff  = 0;
+                                        bitoff  %= WHIRLPOOL_BBLOCK;
+                                        }
+                                if (bitrem)     c->data[byteoff] = b<<(8-bitrem);
+                                }
+                        else    /* remaining less than 8 bits */
+                                {
+                                b = (inp[0]<<inpgap)&0xff;
+                                if (bitrem)     c->data[byteoff++] |= b>>bitrem;
+                                else            c->data[byteoff++]  = b;
+                                bitoff += (unsigned int)bits;
+                                if (bitoff==WHIRLPOOL_BBLOCK)
+                                        {
+                                        whirlpool_block(c,c->data,1);
+                                        byteoff  = 0;
+                                        bitoff  %= WHIRLPOOL_BBLOCK;
+                                        }
+                                if (bitrem)     c->data[byteoff] = b<<(8-bitrem);
+                                bits = 0;
+                                }
+                        c->bitoff = bitoff;
+                        }
+                }
+        }
+int WHIRLPOOL_Final     (unsigned char *md,WHIRLPOOL_CTX *c)
+        {
+        unsigned int    bitoff  = c->bitoff,
+                        byteoff = bitoff/8;
+        size_t          i,j,v;
+        unsigned char  *p;
+        bitoff %= 8;
+        if (bitoff)     c->data[byteoff] |= 0x80>>bitoff;
+        else            c->data[byteoff]  = 0x80;
+        byteoff++;
+        /* pad with zeros */
+        if (byteoff > (WHIRLPOOL_BBLOCK/8-WHIRLPOOL_COUNTER))
+                {
+                if (byteoff<WHIRLPOOL_BBLOCK/8)
+                        memset(&c->data[byteoff],0,WHIRLPOOL_BBLOCK/8-byteoff);
+                whirlpool_block(c,c->data,1);
+                byteoff = 0;
+                }
+        if (byteoff < (WHIRLPOOL_BBLOCK/8-WHIRLPOOL_COUNTER))
+                memset(&c->data[byteoff],0,
+                        (WHIRLPOOL_BBLOCK/8-WHIRLPOOL_COUNTER)-byteoff);
+        /* smash 256-bit c->bitlen in big-endian order */
+        p = &c->data[WHIRLPOOL_BBLOCK/8-1];     /* last byte in c->data */
+        for(i=0;i<WHIRLPOOL_COUNTER/sizeof(size_t);i++)
+                for(v=c->bitlen[i],j=0;j<sizeof(size_t);j++,v>>=8)
+                        *p-- = (unsigned char)(v&0xff);
+        whirlpool_block(c,c->data,1);
+        if (md) {
+                memcpy(md,c->H.c,WHIRLPOOL_DIGEST_LENGTH);
+                memset(c,0,sizeof(*c));
+                return(1);
+                }
+        return(0);
+        }
+unsigned char *WHIRLPOOL(const void *inp, size_t bytes,unsigned char *md)
+        {
+        WHIRLPOOL_CTX ctx;
+        static unsigned char m[WHIRLPOOL_DIGEST_LENGTH];
+        if (md == NULL) md=m;
+        WHIRLPOOL_Init(&ctx);
+        WHIRLPOOL_Update(&ctx,inp,bytes);
+        WHIRLPOOL_Final(md,&ctx);
+        return(md);
+        }
diff --git a/src/lib/libcrypto/whrlpool/wp_locl.h b/src/lib/libcrypto/whrlpool/wp_locl.h
new file mode 100644
index 0000000000..94e56a39f1
--- /dev/null
+++ b/src/lib/libcrypto/whrlpool/wp_locl.h
@@ -0,0 +1,3 @@
+#include <openssl/whrlpool.h>
+void whirlpool_block(WHIRLPOOL_CTX *,const void *,size_t);
diff --git a/src/lib/libcrypto/x509/by_dir.c b/src/lib/libcrypto/x509/by_dir.c
index 341e0ba6a4..27ca5150c1 100644
--- a/src/lib/libcrypto/x509/by_dir.c
+++ b/src/lib/libcrypto/x509/by_dir.c
@@ -65,28 +65,36 @@
 #ifndef NO_SYS_TYPES_H
 # include <sys/types.h>
 #endif
-#ifdef MAC_OS_pre_X
+#ifndef OPENSSL_NO_POSIX_IO
-# include <stat.h>
-#else
 # include <sys/stat.h>
 #endif
 #include <openssl/lhash.h>
 #include <openssl/x509.h>
-#ifdef _WIN32
-#define stat    _stat
+typedef struct lookup_dir_hashes_st
-#endif
+        {
+        unsigned long hash;
+        int suffix;
+        } BY_DIR_HASH;
+typedef struct lookup_dir_entry_st
+        {
+        char *dir;
+        int dir_type;
+        STACK_OF(BY_DIR_HASH) *hashes;
+        } BY_DIR_ENTRY;
 typedef struct lookup_dir_st
        {
        BUF_MEM *buffer;
-        int num_dirs;
+        STACK_OF(BY_DIR_ENTRY) *dirs;
-        char **dirs;
-        int *dirs_type;
-        int num_dirs_alloced;
        } BY_DIR;
+DECLARE_STACK_OF(BY_DIR_HASH)
+DECLARE_STACK_OF(BY_DIR_ENTRY)
 static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
        char **ret);
 static int new_dir(X509_LOOKUP *lu);
@@ -127,7 +135,7 @@ static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
        case X509_L_ADD_DIR:
                if (argl == X509_FILETYPE_DEFAULT)
                        {
-                        dir=(char *)Getenv(X509_get_default_cert_dir_env());
+                        dir=(char *)getenv(X509_get_default_cert_dir_env());
                        if (dir)
                                ret=add_cert_dir(ld,dir,X509_FILETYPE_PEM);
                        else
@@ -156,34 +164,51 @@ static int new_dir(X509_LOOKUP *lu)
                OPENSSL_free(a);
                return(0);
                }
-        a->num_dirs=0;
        a->dirs=NULL;
-        a->dirs_type=NULL;
-        a->num_dirs_alloced=0;
        lu->method_data=(char *)a;
        return(1);
        }
+static void by_dir_hash_free(BY_DIR_HASH *hash)
+        {
+        OPENSSL_free(hash);
+        }
+static int by_dir_hash_cmp(const BY_DIR_HASH * const *a,
+                        const BY_DIR_HASH * const *b)
+        {
+        if ((*a)->hash > (*b)->hash)
+                return 1;
+        if ((*a)->hash < (*b)->hash)
+                return -1;
+        return 0;
+        }
+static void by_dir_entry_free(BY_DIR_ENTRY *ent)
+        {
+        if (ent->dir)
+                OPENSSL_free(ent->dir);
+        if (ent->hashes)
+                sk_BY_DIR_HASH_pop_free(ent->hashes, by_dir_hash_free);
+        OPENSSL_free(ent);
+        }
 static void free_dir(X509_LOOKUP *lu)
        {
        BY_DIR *a;
-        int i;
        a=(BY_DIR *)lu->method_data;
-        for (i=0; i<a->num_dirs; i++)
+        if (a->dirs != NULL)
-                if (a->dirs[i] != NULL) OPENSSL_free(a->dirs[i]);
+                sk_BY_DIR_ENTRY_pop_free(a->dirs, by_dir_entry_free);
-        if (a->dirs != NULL) OPENSSL_free(a->dirs);
+        if (a->buffer != NULL)
-        if (a->dirs_type != NULL) OPENSSL_free(a->dirs_type);
+                BUF_MEM_free(a->buffer);
-        if (a->buffer != NULL) BUF_MEM_free(a->buffer);
        OPENSSL_free(a);
        }
 static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
        {
        int j,len;
-        int *ip;
        const char *s,*ss,*p;
-        char **pp;
        if (dir == NULL || !*dir)
            {
@@ -197,49 +222,52 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
                {
                if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0'))
                        {
+                        BY_DIR_ENTRY *ent;
                        ss=s;
                        s=p+1;
                        len=(int)(p-ss);
                        if (len == 0) continue;
-                        for (j=0; j<ctx->num_dirs; j++)
+                        for (j=0; j < sk_BY_DIR_ENTRY_num(ctx->dirs); j++)
-                                if (strlen(ctx->dirs[j]) == (size_t)len &&
+                                {
-                                    strncmp(ctx->dirs[j],ss,(unsigned int)len) == 0)
+                                ent = sk_BY_DIR_ENTRY_value(ctx->dirs, j);
+                                if (strlen(ent->dir) == (size_t)len &&
+                                    strncmp(ent->dir,ss,(unsigned int)len) == 0)
                                        break;
-                        if (j<ctx->num_dirs)
+                                }
+                        if (j < sk_BY_DIR_ENTRY_num(ctx->dirs))
                                continue;
-                        if (ctx->num_dirs_alloced < (ctx->num_dirs+1))
+                        if (ctx->dirs == NULL)
                                {
-                                ctx->num_dirs_alloced+=10;
+                                ctx->dirs = sk_BY_DIR_ENTRY_new_null();
-                                pp=(char **)OPENSSL_malloc(ctx->num_dirs_alloced*
+                                if (!ctx->dirs)
-                                        sizeof(char *));
-                                ip=(int *)OPENSSL_malloc(ctx->num_dirs_alloced*
-                                        sizeof(int));
-                                if ((pp == NULL) || (ip == NULL))
                                        {
                                        X509err(X509_F_ADD_CERT_DIR,ERR_R_MALLOC_FAILURE);
-                                        return(0);
+                                        return 0;
                                        }
-                                memcpy(pp,ctx->dirs,(ctx->num_dirs_alloced-10)*
-                                        sizeof(char *));
-                                memcpy(ip,ctx->dirs_type,(ctx->num_dirs_alloced-10)*
-                                        sizeof(int));
-                                if (ctx->dirs != NULL)
-                                        OPENSSL_free(ctx->dirs);
-                                if (ctx->dirs_type != NULL)
-                                        OPENSSL_free(ctx->dirs_type);
-                                ctx->dirs=pp;
-                                ctx->dirs_type=ip;
                                }
-                        ctx->dirs_type[ctx->num_dirs]=type;
+                        ent = OPENSSL_malloc(sizeof(BY_DIR_ENTRY));
-                        ctx->dirs[ctx->num_dirs]=(char *)OPENSSL_malloc((unsigned int)len+1);
+                        if (!ent)
-                        if (ctx->dirs[ctx->num_dirs] == NULL) return(0);
+                                return 0;
-                        strncpy(ctx->dirs[ctx->num_dirs],ss,(unsigned int)len);
+                        ent->dir_type = type;
-                        ctx->dirs[ctx->num_dirs][len]='\0';
+                        ent->hashes = sk_BY_DIR_HASH_new(by_dir_hash_cmp);
-                        ctx->num_dirs++;
+                        ent->dir = OPENSSL_malloc((unsigned int)len+1);
+                        if (!ent->dir || !ent->hashes)
+                                {
+                                by_dir_entry_free(ent);
+                                return 0;
+                                }
+                        strncpy(ent->dir,ss,(unsigned int)len);
+                        ent->dir[len] = '\0';
+                        if (!sk_BY_DIR_ENTRY_push(ctx->dirs, ent))
+                                {
+                                by_dir_entry_free(ent);
+                                return 0;
+                                }
                        }
-                if (*p == '\0') break;
+                if (*p == '\0')
+                        break;
                }
-        return(1);
+        return 1;
        }
 static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
@@ -260,7 +288,6 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
        int i,j,k;
        unsigned long h;
        BUF_MEM *b=NULL;
-        struct stat st;
        X509_OBJECT stmp,*tmp;
        const char *postfix="";
@@ -296,20 +323,45 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
        ctx=(BY_DIR *)xl->method_data;
        h=X509_NAME_hash(name);
-        for (i=0; i<ctx->num_dirs; i++)
+        for (i=0; i < sk_BY_DIR_ENTRY_num(ctx->dirs); i++)
                {
-                j=strlen(ctx->dirs[i])+1+8+6+1+1;
+                BY_DIR_ENTRY *ent;
+                int idx;
+                BY_DIR_HASH htmp, *hent;
+                ent = sk_BY_DIR_ENTRY_value(ctx->dirs, i);
+                j=strlen(ent->dir)+1+8+6+1+1;
                if (!BUF_MEM_grow(b,j))
                        {
                        X509err(X509_F_GET_CERT_BY_SUBJECT,ERR_R_MALLOC_FAILURE);
                        goto finish;
                        }
-                k=0;
+                if (type == X509_LU_CRL && ent->hashes)
+                        {
+                        htmp.hash = h;
+                        CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE);
+                        idx = sk_BY_DIR_HASH_find(ent->hashes, &htmp);
+                        if (idx >= 0)
+                                {
+                                hent = sk_BY_DIR_HASH_value(ent->hashes, idx);
+                                k = hent->suffix;
+                                }
+                        else
+                                {
+                                hent = NULL;
+                                k=0;
+                                }
+                        CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE);
+                        }
+                else
+                        {
+                        k = 0;
+                        hent = NULL;
+                        }
                for (;;)
                        {
                        char c = '/';
 #ifdef OPENSSL_SYS_VMS
-                        c = ctx->dirs[i][strlen(ctx->dirs[i])-1];
+                        c = ent->dir[strlen(ent->dir)-1];
                        if (c != ':' && c != '>' && c != ']')
                                {
                                /* If no separator is present, we assume the
@@ -330,41 +382,86 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
                                /* This is special.  When c == '\0', no
                                   directory separator should be added. */
                                BIO_snprintf(b->data,b->max,
-                                        "%s%08lx.%s%d",ctx->dirs[i],h,
+                                        "%s%08lx.%s%d",ent->dir,h,
                                        postfix,k);
                                }
                        else
                                {
                                BIO_snprintf(b->data,b->max,
-                                        "%s%c%08lx.%s%d",ctx->dirs[i],c,h,
+                                        "%s%c%08lx.%s%d",ent->dir,c,h,
                                        postfix,k);
                                }
-                        k++;
+#ifndef OPENSSL_NO_POSIX_IO
+#ifdef _WIN32
+#define stat _stat
+#endif
+                        {
+                        struct stat st;
                        if (stat(b->data,&st) < 0)
                                break;
+                        }
+#endif
                        /* found one. */
                        if (type == X509_LU_X509)
                                {
                                if ((X509_load_cert_file(xl,b->data,
-                                        ctx->dirs_type[i])) == 0)
+                                        ent->dir_type)) == 0)
                                        break;
                                }
                        else if (type == X509_LU_CRL)
                                {
                                if ((X509_load_crl_file(xl,b->data,
-                                        ctx->dirs_type[i])) == 0)
+                                        ent->dir_type)) == 0)
                                        break;
                                }
                        /* else case will caught higher up */
+                        k++;
                        }
                /* we have added it to the cache so now pull
                 * it out again */
-                CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE);
+                CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
                j = sk_X509_OBJECT_find(xl->store_ctx->objs,&stmp);
                if(j != -1) tmp=sk_X509_OBJECT_value(xl->store_ctx->objs,j);
                else tmp = NULL;
-                CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE);
+                CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+                /* If a CRL, update the last file suffix added for this */
+                if (type == X509_LU_CRL)
+                        {
+                        CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+                        /* Look for entry again in case another thread added
+                         * an entry first.
+                         */
+                        if (!hent)
+                                {
+                                htmp.hash = h;
+                                idx = sk_BY_DIR_HASH_find(ent->hashes, &htmp);
+                                if (idx >= 0)
+                                        hent =
+                                         sk_BY_DIR_HASH_value(ent->hashes, idx);
+                                }
+                        if (!hent)
+                                {
+                                hent = OPENSSL_malloc(sizeof(BY_DIR_HASH));
+                                hent->hash = h;
+                                hent->suffix = k;
+                                if (!sk_BY_DIR_HASH_push(ent->hashes, hent))
+                                        {
+                                        CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+                                        OPENSSL_free(hent);
+                                        ok = 0;
+                                        goto finish;
+                                        }
+                                }
+                        else if (hent->suffix < k)
+                                hent->suffix = k;
+                        CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+                        }
                if (tmp != NULL)
                        {
@@ -383,4 +480,3 @@ finish:
        if (b != NULL) BUF_MEM_free(b);
        return(ok);
        }
diff --git a/src/lib/libcrypto/x509/by_file.c b/src/lib/libcrypto/x509/by_file.c
index a5e0d4aefa..57b08ee094 100644
--- a/src/lib/libcrypto/x509/by_file.c
+++ b/src/lib/libcrypto/x509/by_file.c
@@ -100,7 +100,7 @@ static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
        case X509_L_FILE_LOAD:
                if (argl == X509_FILETYPE_DEFAULT)
                        {
-                        file = (char *)Getenv(X509_get_default_cert_file_env());
+                        file = (char *)getenv(X509_get_default_cert_file_env());
                        if (file)
                                ok = (X509_load_cert_crl_file(ctx,file,
                                              X509_FILETYPE_PEM) != 0);
diff --git a/src/lib/libcrypto/x509/x509.h b/src/lib/libcrypto/x509/x509.h
index e71b5257e5..604f4fb27f 100644
--- a/src/lib/libcrypto/x509/x509.h
+++ b/src/lib/libcrypto/x509/x509.h
@@ -116,6 +116,7 @@ extern "C" {
 /* Under Win32 these are defined in wincrypt.h */
 #undef X509_NAME
 #undef X509_CERT_PAIR
+#undef X509_EXTENSIONS
 #endif
 #define X509_FILETYPE_PEM       1
@@ -156,12 +157,12 @@ typedef struct X509_val_st
        ASN1_TIME *notAfter;
        } X509_VAL;
-typedef struct X509_pubkey_st
+struct X509_pubkey_st
        {
        X509_ALGOR *algor;
        ASN1_BIT_STRING *public_key;
        EVP_PKEY *pkey;
-        } X509_PUBKEY;
+        };
 typedef struct X509_sig_st
        {
@@ -190,7 +191,9 @@ struct X509_name_st
 #else
        char *bytes;
 #endif
-        unsigned long hash; /* Keep the hash around for lookups */
+/*      unsigned long hash; Keep the hash around for lookups */
+        unsigned char *canon_enc;
+        int canon_enclen;
        } /* X509_NAME */;
 DECLARE_STACK_OF(X509_NAME)
@@ -289,8 +292,11 @@ struct x509_st
        unsigned long ex_xkusage;
        unsigned long ex_nscert;
        ASN1_OCTET_STRING *skid;
-        struct AUTHORITY_KEYID_st *akid;
+        AUTHORITY_KEYID *akid;
        X509_POLICY_CACHE *policy_cache;
+        STACK_OF(DIST_POINT) *crldp;
+        STACK_OF(GENERAL_NAME) *altname;
+        NAME_CONSTRAINTS *nc;
 #ifndef OPENSSL_NO_RFC3779
        STACK_OF(IPAddressFamily) *rfc3779_addr;
        struct ASIdentifiers_st *rfc3779_asid;
@@ -333,10 +339,11 @@ typedef struct x509_cert_pair_st {
 #define X509_TRUST_OBJECT_SIGN  5
 #define X509_TRUST_OCSP_SIGN    6
 #define X509_TRUST_OCSP_REQUEST 7
+#define X509_TRUST_TSA          8
 /* Keep these up to date! */
 #define X509_TRUST_MIN          1
-#define X509_TRUST_MAX          7
+#define X509_TRUST_MAX          8
 /* trust_flags values */
@@ -423,13 +430,17 @@ typedef struct x509_cert_pair_st {
                        XN_FLAG_FN_LN | \
                        XN_FLAG_FN_ALIGN)
-typedef struct X509_revoked_st
+struct x509_revoked_st
        {
        ASN1_INTEGER *serialNumber;
        ASN1_TIME *revocationDate;
        STACK_OF(X509_EXTENSION) /* optional */ *extensions;
+        /* Set up if indirect CRL */
+        STACK_OF(GENERAL_NAME) *issuer;
+        /* Revocation reason */
+        int reason;
        int sequence; /* load sequence */
-        } X509_REVOKED;
+        };
 DECLARE_STACK_OF(X509_REVOKED)
 DECLARE_ASN1_SET_OF(X509_REVOKED)
@@ -453,6 +464,22 @@ struct X509_crl_st
        X509_ALGOR *sig_alg;
        ASN1_BIT_STRING *signature;
        int references;
+        int flags;
+        /* Copies of various extensions */
+        AUTHORITY_KEYID *akid;
+        ISSUING_DIST_POINT *idp;
+        /* Convenient breakdown of IDP */
+        int idp_flags;
+        int idp_reasons;
+        /* CRL and base CRL numbers for delta processing */
+        ASN1_INTEGER *crl_number;
+        ASN1_INTEGER *base_crl_number;
+#ifndef OPENSSL_NO_SHA
+        unsigned char sha1_hash[SHA_DIGEST_LENGTH];
+#endif
+        STACK_OF(GENERAL_NAMES) *issuers;
+        const X509_CRL_METHOD *meth;
+        void *meth_data;
        } /* X509_CRL */;
 DECLARE_STACK_OF(X509_CRL)
@@ -551,18 +578,19 @@ X509_ALGOR *prf;
 /* PKCS#8 private key info structure */
-typedef struct pkcs8_priv_key_info_st
+struct pkcs8_priv_key_info_st
        {
        int broken;     /* Flag for various broken formats */
 #define PKCS8_OK                0
 #define PKCS8_NO_OCTET          1
 #define PKCS8_EMBEDDED_PARAM    2
 #define PKCS8_NS_DB             3
+#define PKCS8_NEG_PRIVKEY       4
        ASN1_INTEGER *version;
        X509_ALGOR *pkeyalg;
        ASN1_TYPE *pkey; /* Should be OCTET STRING but some are broken */
        STACK_OF(X509_ATTRIBUTE) *attributes;
-        } PKCS8_PRIV_KEY_INFO;
+        };
 #ifdef  __cplusplus
 }
@@ -575,151 +603,6 @@ typedef struct pkcs8_priv_key_info_st
 extern "C" {
 #endif
-#ifdef SSLEAY_MACROS
-#define X509_verify(a,r) ASN1_verify((int (*)())i2d_X509_CINF,a->sig_alg,\
-        a->signature,(char *)a->cert_info,r)
-#define X509_REQ_verify(a,r) ASN1_verify((int (*)())i2d_X509_REQ_INFO, \
-        a->sig_alg,a->signature,(char *)a->req_info,r)
-#define X509_CRL_verify(a,r) ASN1_verify((int (*)())i2d_X509_CRL_INFO, \
-        a->sig_alg, a->signature,(char *)a->crl,r)
-#define X509_sign(x,pkey,md) \
-        ASN1_sign((int (*)())i2d_X509_CINF, x->cert_info->signature, \
-                x->sig_alg, x->signature, (char *)x->cert_info,pkey,md)
-#define X509_REQ_sign(x,pkey,md) \
-        ASN1_sign((int (*)())i2d_X509_REQ_INFO,x->sig_alg, NULL, \
-                x->signature, (char *)x->req_info,pkey,md)
-#define X509_CRL_sign(x,pkey,md) \
-        ASN1_sign((int (*)())i2d_X509_CRL_INFO,x->crl->sig_alg,x->sig_alg, \
-                x->signature, (char *)x->crl,pkey,md)
-#define NETSCAPE_SPKI_sign(x,pkey,md) \
-        ASN1_sign((int (*)())i2d_NETSCAPE_SPKAC, x->sig_algor,NULL, \
-                x->signature, (char *)x->spkac,pkey,md)
-#define X509_dup(x509) (X509 *)ASN1_dup((int (*)())i2d_X509, \
-                (char *(*)())d2i_X509,(char *)x509)
-#define X509_ATTRIBUTE_dup(xa) (X509_ATTRIBUTE *)ASN1_dup(\
-                (int (*)())i2d_X509_ATTRIBUTE, \
-                (char *(*)())d2i_X509_ATTRIBUTE,(char *)xa)
-#define X509_EXTENSION_dup(ex) (X509_EXTENSION *)ASN1_dup( \
-                (int (*)())i2d_X509_EXTENSION, \
-                (char *(*)())d2i_X509_EXTENSION,(char *)ex)
-#define d2i_X509_fp(fp,x509) (X509 *)ASN1_d2i_fp((char *(*)())X509_new, \
-                (char *(*)())d2i_X509, (fp),(unsigned char **)(x509))
-#define i2d_X509_fp(fp,x509) ASN1_i2d_fp(i2d_X509,fp,(unsigned char *)x509)
-#define d2i_X509_bio(bp,x509) (X509 *)ASN1_d2i_bio((char *(*)())X509_new, \
-                (char *(*)())d2i_X509, (bp),(unsigned char **)(x509))
-#define i2d_X509_bio(bp,x509) ASN1_i2d_bio(i2d_X509,bp,(unsigned char *)x509)
-#define X509_CRL_dup(crl) (X509_CRL *)ASN1_dup((int (*)())i2d_X509_CRL, \
-                (char *(*)())d2i_X509_CRL,(char *)crl)
-#define d2i_X509_CRL_fp(fp,crl) (X509_CRL *)ASN1_d2i_fp((char *(*)()) \
-                X509_CRL_new,(char *(*)())d2i_X509_CRL, (fp),\
-                (unsigned char **)(crl))
-#define i2d_X509_CRL_fp(fp,crl) ASN1_i2d_fp(i2d_X509_CRL,fp,\
-                (unsigned char *)crl)
-#define d2i_X509_CRL_bio(bp,crl) (X509_CRL *)ASN1_d2i_bio((char *(*)()) \
-                X509_CRL_new,(char *(*)())d2i_X509_CRL, (bp),\
-                (unsigned char **)(crl))
-#define i2d_X509_CRL_bio(bp,crl) ASN1_i2d_bio(i2d_X509_CRL,bp,\
-                (unsigned char *)crl)
-#define PKCS7_dup(p7) (PKCS7 *)ASN1_dup((int (*)())i2d_PKCS7, \
-                (char *(*)())d2i_PKCS7,(char *)p7)
-#define d2i_PKCS7_fp(fp,p7) (PKCS7 *)ASN1_d2i_fp((char *(*)()) \
-                PKCS7_new,(char *(*)())d2i_PKCS7, (fp),\
-                (unsigned char **)(p7))
-#define i2d_PKCS7_fp(fp,p7) ASN1_i2d_fp(i2d_PKCS7,fp,\
-                (unsigned char *)p7)
-#define d2i_PKCS7_bio(bp,p7) (PKCS7 *)ASN1_d2i_bio((char *(*)()) \
-                PKCS7_new,(char *(*)())d2i_PKCS7, (bp),\
-                (unsigned char **)(p7))
-#define i2d_PKCS7_bio(bp,p7) ASN1_i2d_bio(i2d_PKCS7,bp,\
-                (unsigned char *)p7)
-#define X509_REQ_dup(req) (X509_REQ *)ASN1_dup((int (*)())i2d_X509_REQ, \
-                (char *(*)())d2i_X509_REQ,(char *)req)
-#define d2i_X509_REQ_fp(fp,req) (X509_REQ *)ASN1_d2i_fp((char *(*)())\
-                X509_REQ_new, (char *(*)())d2i_X509_REQ, (fp),\
-                (unsigned char **)(req))
-#define i2d_X509_REQ_fp(fp,req) ASN1_i2d_fp(i2d_X509_REQ,fp,\
-                (unsigned char *)req)
-#define d2i_X509_REQ_bio(bp,req) (X509_REQ *)ASN1_d2i_bio((char *(*)())\
-                X509_REQ_new, (char *(*)())d2i_X509_REQ, (bp),\
-                (unsigned char **)(req))
-#define i2d_X509_REQ_bio(bp,req) ASN1_i2d_bio(i2d_X509_REQ,bp,\
-                (unsigned char *)req)
-#define RSAPublicKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPublicKey, \
-                (char *(*)())d2i_RSAPublicKey,(char *)rsa)
-#define RSAPrivateKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPrivateKey, \
-                (char *(*)())d2i_RSAPrivateKey,(char *)rsa)
-#define d2i_RSAPrivateKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\
-                RSA_new,(char *(*)())d2i_RSAPrivateKey, (fp), \
-                (unsigned char **)(rsa))
-#define i2d_RSAPrivateKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPrivateKey,fp, \
-                (unsigned char *)rsa)
-#define d2i_RSAPrivateKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\
-                RSA_new,(char *(*)())d2i_RSAPrivateKey, (bp), \
-                (unsigned char **)(rsa))
-#define i2d_RSAPrivateKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPrivateKey,bp, \
-                (unsigned char *)rsa)
-#define d2i_RSAPublicKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\
-                RSA_new,(char *(*)())d2i_RSAPublicKey, (fp), \
-                (unsigned char **)(rsa))
-#define i2d_RSAPublicKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPublicKey,fp, \
-                (unsigned char *)rsa)
-#define d2i_RSAPublicKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\
-                RSA_new,(char *(*)())d2i_RSAPublicKey, (bp), \
-                (unsigned char **)(rsa))
-#define i2d_RSAPublicKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPublicKey,bp, \
-                (unsigned char *)rsa)
-#define d2i_DSAPrivateKey_fp(fp,dsa) (DSA *)ASN1_d2i_fp((char *(*)())\
-                DSA_new,(char *(*)())d2i_DSAPrivateKey, (fp), \
-                (unsigned char **)(dsa))
-#define i2d_DSAPrivateKey_fp(fp,dsa) ASN1_i2d_fp(i2d_DSAPrivateKey,fp, \
-                (unsigned char *)dsa)
-#define d2i_DSAPrivateKey_bio(bp,dsa) (DSA *)ASN1_d2i_bio((char *(*)())\
-                DSA_new,(char *(*)())d2i_DSAPrivateKey, (bp), \
-                (unsigned char **)(dsa))
-#define i2d_DSAPrivateKey_bio(bp,dsa) ASN1_i2d_bio(i2d_DSAPrivateKey,bp, \
-                (unsigned char *)dsa)
-#define d2i_ECPrivateKey_fp(fp,ecdsa) (EC_KEY *)ASN1_d2i_fp((char *(*)())\
-                EC_KEY_new,(char *(*)())d2i_ECPrivateKey, (fp), \
-                (unsigned char **)(ecdsa))
-#define i2d_ECPrivateKey_fp(fp,ecdsa) ASN1_i2d_fp(i2d_ECPrivateKey,fp, \
-                (unsigned char *)ecdsa)
-#define d2i_ECPrivateKey_bio(bp,ecdsa) (EC_KEY *)ASN1_d2i_bio((char *(*)())\
-                EC_KEY_new,(char *(*)())d2i_ECPrivateKey, (bp), \
-                (unsigned char **)(ecdsa))
-#define i2d_ECPrivateKey_bio(bp,ecdsa) ASN1_i2d_bio(i2d_ECPrivateKey,bp, \
-                (unsigned char *)ecdsa)
-#define X509_ALGOR_dup(xn) (X509_ALGOR *)ASN1_dup((int (*)())i2d_X509_ALGOR,\
-                (char *(*)())d2i_X509_ALGOR,(char *)xn)
-#define X509_NAME_dup(xn) (X509_NAME *)ASN1_dup((int (*)())i2d_X509_NAME, \
-                (char *(*)())d2i_X509_NAME,(char *)xn)
-#define X509_NAME_ENTRY_dup(ne) (X509_NAME_ENTRY *)ASN1_dup( \
-                (int (*)())i2d_X509_NAME_ENTRY, \
-                (char *(*)())d2i_X509_NAME_ENTRY,\
-                (char *)ne)
-#define X509_digest(data,type,md,len) \
-        ASN1_digest((int (*)())i2d_X509,type,(char *)data,md,len)
-#define X509_NAME_digest(data,type,md,len) \
-        ASN1_digest((int (*)())i2d_X509_NAME,type,(char *)data,md,len)
-#ifndef PKCS7_ISSUER_AND_SERIAL_digest
-#define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \
-        ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\
-                (char *)data,md,len)
-#endif
-#endif
 #define X509_EXT_PACK_UNKNOWN   1
 #define X509_EXT_PACK_STRING    2
@@ -740,6 +623,18 @@ extern "C" {
 #define         X509_CRL_get_issuer(x) ((x)->crl->issuer)
 #define         X509_CRL_get_REVOKED(x) ((x)->crl->revoked)
+void X509_CRL_set_default_method(const X509_CRL_METHOD *meth);
+X509_CRL_METHOD *X509_CRL_METHOD_new(
+        int (*crl_init)(X509_CRL *crl),
+        int (*crl_free)(X509_CRL *crl),
+        int (*crl_lookup)(X509_CRL *crl, X509_REVOKED **ret,
+                                ASN1_INTEGER *ser, X509_NAME *issuer),
+        int (*crl_verify)(X509_CRL *crl, EVP_PKEY *pk));
+void X509_CRL_METHOD_free(X509_CRL_METHOD *m);
+void X509_CRL_set_meth_data(X509_CRL *crl, void *dat);
+void *X509_CRL_get_meth_data(X509_CRL *crl);
 /* This one is only used so that a binary form can output, as in
 * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf) */
 #define         X509_get_X509_PUBKEY(x) ((x)->cert_info->key)
@@ -747,7 +642,6 @@ extern "C" {
 const char *X509_verify_cert_error_string(long n);
-#ifndef SSLEAY_MACROS
 #ifndef OPENSSL_NO_EVP
 int X509_verify(X509 *a, EVP_PKEY *r);
@@ -872,11 +766,11 @@ void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval,
 X509_NAME *X509_NAME_dup(X509_NAME *xn);
 X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne);
-#endif /* !SSLEAY_MACROS */
+int             X509_cmp_time(const ASN1_TIME *s, time_t *t);
+int             X509_cmp_current_time(const ASN1_TIME *s);
-int             X509_cmp_time(ASN1_TIME *s, time_t *t);
-int             X509_cmp_current_time(ASN1_TIME *s);
 ASN1_TIME *     X509_time_adj(ASN1_TIME *s, long adj, time_t *t);
+ASN1_TIME *     X509_time_adj_ex(ASN1_TIME *s,
+                                int offset_day, long offset_sec, time_t *t);
 ASN1_TIME *     X509_gmtime_adj(ASN1_TIME *s, long adj);
 const char *    X509_get_default_cert_area(void );
@@ -964,6 +858,9 @@ DECLARE_ASN1_FUNCTIONS(X509_CRL_INFO)
 DECLARE_ASN1_FUNCTIONS(X509_CRL)
 int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);
+int X509_CRL_get0_by_serial(X509_CRL *crl,
+                X509_REVOKED **ret, ASN1_INTEGER *serial);
+int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x);
 X509_PKEY *     X509_PKEY_new(void );
 void            X509_PKEY_free(X509_PKEY *a);
@@ -1007,8 +904,8 @@ int 		X509_set_issuer_name(X509 *x, X509_NAME *name);
 X509_NAME *     X509_get_issuer_name(X509 *a);
 int             X509_set_subject_name(X509 *x, X509_NAME *name);
 X509_NAME *     X509_get_subject_name(X509 *a);
-int             X509_set_notBefore(X509 *x, ASN1_TIME *tm);
+int             X509_set_notBefore(X509 *x, const ASN1_TIME *tm);
-int             X509_set_notAfter(X509 *x, ASN1_TIME *tm);
+int             X509_set_notAfter(X509 *x, const ASN1_TIME *tm);
 int             X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
 EVP_PKEY *      X509_get_pubkey(X509 *x);
 ASN1_BIT_STRING * X509_get0_pubkey_bitstr(const X509 *x);
@@ -1045,8 +942,8 @@ int X509_REQ_add1_attr_by_txt(X509_REQ *req,
 int X509_CRL_set_version(X509_CRL *x, long version);
 int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name);
-int X509_CRL_set_lastUpdate(X509_CRL *x, ASN1_TIME *tm);
+int X509_CRL_set_lastUpdate(X509_CRL *x, const ASN1_TIME *tm);
-int X509_CRL_set_nextUpdate(X509_CRL *x, ASN1_TIME *tm);
+int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm);
 int X509_CRL_sort(X509_CRL *crl);
 int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial);
@@ -1065,11 +962,18 @@ unsigned long	X509_issuer_name_hash(X509 *a);
 int             X509_subject_name_cmp(const X509 *a, const X509 *b);
 unsigned long   X509_subject_name_hash(X509 *x);
+#ifndef OPENSSL_NO_MD5
+unsigned long   X509_issuer_name_hash_old(X509 *a);
+unsigned long   X509_subject_name_hash_old(X509 *x);
+#endif
 int             X509_cmp(const X509 *a, const X509 *b);
 int             X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b);
 unsigned long   X509_NAME_hash(X509_NAME *x);
+unsigned long   X509_NAME_hash_old(X509_NAME *x);
 int             X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b);
+int             X509_CRL_match(const X509_CRL *a, const X509_CRL *b);
 #ifndef OPENSSL_NO_FP_API
 int             X509_print_ex_fp(FILE *bp,X509 *x, unsigned long nmflag, unsigned long cflag);
 int             X509_print_fp(FILE *bp,X509 *x);
@@ -1245,9 +1149,16 @@ DECLARE_ASN1_FUNCTIONS(PBEPARAM)
 DECLARE_ASN1_FUNCTIONS(PBE2PARAM)
 DECLARE_ASN1_FUNCTIONS(PBKDF2PARAM)
-X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt, int saltlen);
+int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
+                                const unsigned char *salt, int saltlen);
+X509_ALGOR *PKCS5_pbe_set(int alg, int iter,
+                                const unsigned char *salt, int saltlen);
 X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
                                         unsigned char *salt, int saltlen);
+X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
+                                 unsigned char *salt, int saltlen,
+                                 unsigned char *aiv, int prf_nid);
 /* PKCS#8 utilities */
@@ -1258,6 +1169,22 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey);
 PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken);
 PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken);
+int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj,
+                        int version, int ptype, void *pval,
+                                unsigned char *penc, int penclen);
+int PKCS8_pkey_get0(ASN1_OBJECT **ppkalg,
+                const unsigned char **pk, int *ppklen,
+                X509_ALGOR **pa,
+                PKCS8_PRIV_KEY_INFO *p8);
+int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
+                                        int ptype, void *pval,
+                                        unsigned char *penc, int penclen);
+int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg,
+                const unsigned char **pk, int *ppklen,
+                X509_ALGOR **pa,
+                X509_PUBKEY *pub);
 int X509_check_trust(X509 *x, int id, int flags);
 int X509_TRUST_get_count(void);
 X509_TRUST * X509_TRUST_get0(int idx);
@@ -1337,7 +1264,10 @@ void ERR_load_X509_strings(void);
 #define X509_R_KEY_VALUES_MISMATCH                       116
 #define X509_R_LOADING_CERT_DIR                          103
 #define X509_R_LOADING_DEFAULTS                          104
+#define X509_R_METHOD_NOT_SUPPORTED                      124
 #define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY              105
+#define X509_R_PUBLIC_KEY_DECODE_ERROR                   125
+#define X509_R_PUBLIC_KEY_ENCODE_ERROR                   126
 #define X509_R_SHOULD_RETRY                              106
 #define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN        107
 #define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY            108
diff --git a/src/lib/libcrypto/x509/x509_cmp.c b/src/lib/libcrypto/x509/x509_cmp.c
index 2faf92514a..4bc9da07e0 100644
--- a/src/lib/libcrypto/x509/x509_cmp.c
+++ b/src/lib/libcrypto/x509/x509_cmp.c
@@ -116,6 +116,13 @@ int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b)
        return(X509_NAME_cmp(a->crl->issuer,b->crl->issuer));
        }
+#ifndef OPENSSL_NO_SHA
+int X509_CRL_match(const X509_CRL *a, const X509_CRL *b)
+        {
+        return memcmp(a->sha1_hash, b->sha1_hash, 20);
+        }
+#endif
 X509_NAME *X509_get_issuer_name(X509 *a)
        {
        return(a->cert_info->issuer);
@@ -126,6 +133,13 @@ unsigned long X509_issuer_name_hash(X509 *x)
        return(X509_NAME_hash(x->cert_info->issuer));
        }
+#ifndef OPENSSL_NO_MD5
+unsigned long X509_issuer_name_hash_old(X509 *x)
+        {
+        return(X509_NAME_hash_old(x->cert_info->issuer));
+        }
+#endif
 X509_NAME *X509_get_subject_name(X509 *a)
        {
        return(a->cert_info->subject);
@@ -141,6 +155,13 @@ unsigned long X509_subject_name_hash(X509 *x)
        return(X509_NAME_hash(x->cert_info->subject));
        }
+#ifndef OPENSSL_NO_MD5
+unsigned long X509_subject_name_hash_old(X509 *x)
+        {
+        return(X509_NAME_hash_old(x->cert_info->subject));
+        }
+#endif
 #ifndef OPENSSL_NO_SHA
 /* Compare two certificates: they must be identical for
 * this to work. NB: Although "cmp" operations are generally
@@ -162,177 +183,63 @@ int X509_cmp(const X509 *a, const X509 *b)
 #endif
-/* Case insensitive string comparision */
+int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
-static int nocase_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
-{
-        int i;
-        if (a->length != b->length)
-                return (a->length - b->length);
-        for (i=0; i<a->length; i++)
-        {
-                int ca, cb;
-                ca = tolower(a->data[i]);
-                cb = tolower(b->data[i]);
-                if (ca != cb)
-                        return(ca-cb);
-        }
-        return 0;
-}
-/* Case insensitive string comparision with space normalization 
- * Space normalization - ignore leading, trailing spaces, 
- *       multiple spaces between characters are replaced by single space  
- */
-static int nocase_spacenorm_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
-{
-        unsigned char *pa = NULL, *pb = NULL;
-        int la, lb;
-        
-        la = a->length;
-        lb = b->length;
-        pa = a->data;
-        pb = b->data;
-        /* skip leading spaces */
-        while (la > 0 && isspace(*pa))
-        {
-                la--;
-                pa++;
-        }
-        while (lb > 0 && isspace(*pb))
-        {
-                lb--;
-                pb++;
-        }
-        /* skip trailing spaces */
-        while (la > 0 && isspace(pa[la-1]))
-                la--;
-        while (lb > 0 && isspace(pb[lb-1]))
-                lb--;
-        /* compare strings with space normalization */
-        while (la > 0 && lb > 0)
        {
-                int ca, cb;
+        int ret;
-                /* compare character */
-                ca = tolower(*pa);
-                cb = tolower(*pb);
-                if (ca != cb)
-                        return (ca - cb);
-                pa++; pb++;
+        /* Ensure canonical encoding is present and up to date */
-                la--; lb--;
-                if (la <= 0 || lb <= 0)
+        if (!a->canon_enc || a->modified)
-                        break;
+                {
+                ret = i2d_X509_NAME((X509_NAME *)a, NULL);
+                if (ret < 0)
+                        return -2;
+                }
-                /* is white space next character ? */
+        if (!b->canon_enc || b->modified)
-                if (isspace(*pa) && isspace(*pb))
                {
-                        /* skip remaining white spaces */
+                ret = i2d_X509_NAME((X509_NAME *)b, NULL);
-                        while (la > 0 && isspace(*pa))
+                if (ret < 0)
-                        {
+                        return -2;
-                                la--;
-                                pa++;
-                        }
-                        while (lb > 0 && isspace(*pb))
-                        {
-                                lb--;
-                                pb++;
-                        }
                }
-        }
-        if (la > 0 || lb > 0)
-                return la - lb;
-        return 0;
+        ret = a->canon_enclen - b->canon_enclen;
-}
-static int asn1_string_memcmp(ASN1_STRING *a, ASN1_STRING *b)
+        if (ret)
-        {
+                return ret;
-        int j;
-        j = a->length - b->length;
-        if (j)
-                return j;
-        return memcmp(a->data, b->data, a->length);
-        }
-#define STR_TYPE_CMP (B_ASN1_PRINTABLESTRING|B_ASN1_T61STRING|B_ASN1_UTF8STRING)
+        return memcmp(a->canon_enc, b->canon_enc, a->canon_enclen);
-int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
+        }
-        {
-        int i,j;
-        X509_NAME_ENTRY *na,*nb;
-        unsigned long nabit, nbbit;
+unsigned long X509_NAME_hash(X509_NAME *x)
+        {
+        unsigned long ret=0;
+        unsigned char md[SHA_DIGEST_LENGTH];
-        j = sk_X509_NAME_ENTRY_num(a->entries)
+        /* Make sure X509_NAME structure contains valid cached encoding */
-                  - sk_X509_NAME_ENTRY_num(b->entries);
+        i2d_X509_NAME(x,NULL);
-        if (j)
+        EVP_Digest(x->canon_enc, x->canon_enclen, md, NULL, EVP_sha1(), NULL);
-                return j;
-        for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--)
-                {
-                na=sk_X509_NAME_ENTRY_value(a->entries,i);
-                nb=sk_X509_NAME_ENTRY_value(b->entries,i);
-                j=na->value->type-nb->value->type;
-                if (j)
-                        {
-                        nabit = ASN1_tag2bit(na->value->type);
-                        nbbit = ASN1_tag2bit(nb->value->type);
-                        if (!(nabit & STR_TYPE_CMP) ||
-                                !(nbbit & STR_TYPE_CMP))
-                                return j;
-                        if (!asn1_string_memcmp(na->value, nb->value))
-                                j = 0;
-                        }
-                else if (na->value->type == V_ASN1_PRINTABLESTRING)
-                        j=nocase_spacenorm_cmp(na->value, nb->value);
-                else if (na->value->type == V_ASN1_IA5STRING
-                        && OBJ_obj2nid(na->object) == NID_pkcs9_emailAddress)
-                        j=nocase_cmp(na->value, nb->value);
-                else
-                        j = asn1_string_memcmp(na->value, nb->value);
-                if (j) return(j);
-                j=na->set-nb->set;
-                if (j) return(j);
-                }
-        /* We will check the object types after checking the values
+        ret=(   ((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
-         * since the values will more often be different than the object
+                ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
-         * types. */
+                )&0xffffffffL;
-        for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--)
+        return(ret);
-                {
-                na=sk_X509_NAME_ENTRY_value(a->entries,i);
-                nb=sk_X509_NAME_ENTRY_value(b->entries,i);
-                j=OBJ_cmp(na->object,nb->object);
-                if (j) return(j);
-                }
-        return(0);
        }
 #ifndef OPENSSL_NO_MD5
 /* I now DER encode the name and hash it.  Since I cache the DER encoding,
 * this is reasonably efficient. */
-unsigned long X509_NAME_hash(X509_NAME *x)
+unsigned long X509_NAME_hash_old(X509_NAME *x)
        {
        unsigned long ret=0;
        unsigned char md[16];
-        EVP_MD_CTX md_ctx;
        /* Make sure X509_NAME structure contains valid cached encoding */
        i2d_X509_NAME(x,NULL);
-        EVP_MD_CTX_init(&md_ctx);
+        EVP_Digest(x->bytes->data, x->bytes->length, md, NULL, EVP_md5(), NULL);
-        EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-        EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL);
-        EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length);
-        EVP_DigestFinal_ex(&md_ctx,md,NULL);
-        EVP_MD_CTX_cleanup(&md_ctx);
        ret=(   ((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
                ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
@@ -393,14 +300,19 @@ ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x)
 int X509_check_private_key(X509 *x, EVP_PKEY *k)
        {
-        EVP_PKEY *xk=NULL;
+        EVP_PKEY *xk;
-        int ok=0;
+        int ret;
        xk=X509_get_pubkey(x);
-        switch (EVP_PKEY_cmp(xk, k))
+        if (xk)
+                ret = EVP_PKEY_cmp(xk, k);
+        else
+                ret = -2;
+        switch (ret)
                {
        case 1:
-                ok=1;
                break;
        case 0:
                X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);
@@ -409,24 +321,11 @@ int X509_check_private_key(X509 *x, EVP_PKEY *k)
                X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH);
                break;
        case -2:
-#ifndef OPENSSL_NO_EC
-                if (k->type == EVP_PKEY_EC)
-                        {
-                        X509err(X509_F_X509_CHECK_PRIVATE_KEY, ERR_R_EC_LIB);
-                        break;
-                        }
-#endif
-#ifndef OPENSSL_NO_DH
-                if (k->type == EVP_PKEY_DH)
-                        {
-                        /* No idea */
-                        X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY);
-                        break;
-                        }
-#endif
                X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE);
                }
+        if (xk)
-        EVP_PKEY_free(xk);
+                EVP_PKEY_free(xk);
-        return(ok);
+        if (ret > 0)
+                return 1;
+        return 0;
        }
diff --git a/src/lib/libcrypto/x509/x509_err.c b/src/lib/libcrypto/x509/x509_err.c
index fb377292da..a01402f416 100644
--- a/src/lib/libcrypto/x509/x509_err.c
+++ b/src/lib/libcrypto/x509/x509_err.c
@@ -1,6 +1,6 @@
 /* crypto/x509/x509_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -132,7 +132,10 @@ static ERR_STRING_DATA X509_str_reasons[]=
 {ERR_REASON(X509_R_KEY_VALUES_MISMATCH)  ,"key values mismatch"},
 {ERR_REASON(X509_R_LOADING_CERT_DIR)     ,"loading cert dir"},
 {ERR_REASON(X509_R_LOADING_DEFAULTS)     ,"loading defaults"},
+{ERR_REASON(X509_R_METHOD_NOT_SUPPORTED) ,"method not supported"},
 {ERR_REASON(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY),"no cert set for us to verify"},
+{ERR_REASON(X509_R_PUBLIC_KEY_DECODE_ERROR),"public key decode error"},
+{ERR_REASON(X509_R_PUBLIC_KEY_ENCODE_ERROR),"public key encode error"},
 {ERR_REASON(X509_R_SHOULD_RETRY)         ,"should retry"},
 {ERR_REASON(X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN),"unable to find parameters in chain"},
 {ERR_REASON(X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY),"unable to get certs public key"},
diff --git a/src/lib/libcrypto/x509/x509_lu.c b/src/lib/libcrypto/x509/x509_lu.c
index cd2cfb6d85..3a6e04a1de 100644
--- a/src/lib/libcrypto/x509/x509_lu.c
+++ b/src/lib/libcrypto/x509/x509_lu.c
@@ -196,9 +196,17 @@ X509_STORE *X509_STORE_new(void)
        ret->get_crl = 0;
        ret->check_crl = 0;
        ret->cert_crl = 0;
+        ret->lookup_certs = 0;
+        ret->lookup_crls = 0;
        ret->cleanup = 0;
-        CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data);
+        if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data))
+                {
+                sk_X509_OBJECT_free(ret->objs);
+                OPENSSL_free(ret);
+                return NULL;
+                }
        ret->references=1;
        return ret;
        }
@@ -286,9 +294,11 @@ int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name,
        X509_OBJECT stmp,*tmp;
        int i,j;
+        CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
        tmp=X509_OBJECT_retrieve_by_subject(ctx->objs,type,name);
+        CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
-        if (tmp == NULL)
+        if (tmp == NULL || type == X509_LU_CRL)
                {
                for (i=vs->current_method; i<sk_X509_LOOKUP_num(ctx->get_cert_methods); i++)
                        {
@@ -340,7 +350,6 @@ int X509_STORE_add_cert(X509_STORE *ctx, X509 *x)
        X509_OBJECT_up_ref_count(obj);
        if (X509_OBJECT_retrieve_match(ctx->objs, obj))
                {
                X509_OBJECT_free_contents(obj);
@@ -414,14 +423,15 @@ void X509_OBJECT_free_contents(X509_OBJECT *a)
                }
        }
-int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
+static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, int type,
-             X509_NAME *name)
+             X509_NAME *name, int *pnmatch)
        {
        X509_OBJECT stmp;
        X509 x509_s;
        X509_CINF cinf_s;
        X509_CRL crl_s;
        X509_CRL_INFO crl_info_s;
+        int idx;
        stmp.type=type;
        switch (type)
@@ -441,41 +451,169 @@ int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
                return -1;
                }
-        return sk_X509_OBJECT_find(h,&stmp);
+        idx = sk_X509_OBJECT_find(h,&stmp);
+        if (idx >= 0 && pnmatch)
+                {
+                int tidx;
+                const X509_OBJECT *tobj, *pstmp;
+                *pnmatch = 1;
+                pstmp = &stmp;
+                for (tidx = idx + 1; tidx < sk_X509_OBJECT_num(h); tidx++)
+                        {
+                        tobj = sk_X509_OBJECT_value(h, tidx);
+                        if (x509_object_cmp(&tobj, &pstmp))
+                                break;
+                        (*pnmatch)++;
+                        }
+                }
+        return idx;
+        }
+int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
+             X509_NAME *name)
+        {
+        return x509_object_idx_cnt(h, type, name, NULL);
        }
 X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, int type,
             X509_NAME *name)
-{
+        {
        int idx;
        idx = X509_OBJECT_idx_by_subject(h, type, name);
        if (idx==-1) return NULL;
        return sk_X509_OBJECT_value(h, idx);
-}
+        }
+STACK_OF(X509)* X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm)
+        {
+        int i, idx, cnt;
+        STACK_OF(X509) *sk;
+        X509 *x;
+        X509_OBJECT *obj;
+        sk = sk_X509_new_null();
+        CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+        idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt);
+        if (idx < 0)
+                {
+                /* Nothing found in cache: do lookup to possibly add new
+                 * objects to cache
+                 */
+                X509_OBJECT xobj;
+                CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+                if (!X509_STORE_get_by_subject(ctx, X509_LU_X509, nm, &xobj))
+                        {
+                        sk_X509_free(sk);
+                        return NULL;
+                        }
+                X509_OBJECT_free_contents(&xobj);
+                CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+                idx = x509_object_idx_cnt(ctx->ctx->objs,X509_LU_X509,nm, &cnt);
+                if (idx < 0)
+                        {
+                        CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+                        sk_X509_free(sk);
+                        return NULL;
+                        }
+                }
+        for (i = 0; i < cnt; i++, idx++)
+                {
+                obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx);
+                x = obj->data.x509;
+                CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
+                if (!sk_X509_push(sk, x))
+                        {
+                        CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+                        X509_free(x);
+                        sk_X509_pop_free(sk, X509_free);
+                        return NULL;
+                        }
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+        return sk;
+        }
+STACK_OF(X509_CRL)* X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm)
+        {
+        int i, idx, cnt;
+        STACK_OF(X509_CRL) *sk;
+        X509_CRL *x;
+        X509_OBJECT *obj, xobj;
+        sk = sk_X509_CRL_new_null();
+        CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+        /* Check cache first */
+        idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_CRL, nm, &cnt);
+        /* Always do lookup to possibly add new CRLs to cache
+         */
+        CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+        if (!X509_STORE_get_by_subject(ctx, X509_LU_CRL, nm, &xobj))
+                {
+                sk_X509_CRL_free(sk);
+                return NULL;
+                }
+        X509_OBJECT_free_contents(&xobj);
+        CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+        idx = x509_object_idx_cnt(ctx->ctx->objs,X509_LU_CRL, nm, &cnt);
+        if (idx < 0)
+                {
+                CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+                sk_X509_CRL_free(sk);
+                return NULL;
+                }
+        for (i = 0; i < cnt; i++, idx++)
+                {
+                obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx);
+                x = obj->data.crl;
+                CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509_CRL);
+                if (!sk_X509_CRL_push(sk, x))
+                        {
+                        CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+                        X509_CRL_free(x);
+                        sk_X509_CRL_pop_free(sk, X509_CRL_free);
+                        return NULL;
+                        }
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+        return sk;
+        }
 X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x)
-{
+        {
        int idx, i;
        X509_OBJECT *obj;
        idx = sk_X509_OBJECT_find(h, x);
        if (idx == -1) return NULL;
-        if (x->type != X509_LU_X509) return sk_X509_OBJECT_value(h, idx);
+        if ((x->type != X509_LU_X509) && (x->type != X509_LU_CRL))
+                return sk_X509_OBJECT_value(h, idx);
        for (i = idx; i < sk_X509_OBJECT_num(h); i++)
                {
                obj = sk_X509_OBJECT_value(h, i);
                if (x509_object_cmp((const X509_OBJECT **)&obj, (const X509_OBJECT **)&x))
                        return NULL;
-                if ((x->type != X509_LU_X509) || !X509_cmp(obj->data.x509, x->data.x509))
+                if (x->type == X509_LU_X509)
+                        {
+                        if (!X509_cmp(obj->data.x509, x->data.x509))
+                                return obj;
+                        }
+                else if (x->type == X509_LU_CRL)
+                        {
+                        if (!X509_CRL_match(obj->data.crl, x->data.crl))
+                                return obj;
+                        }
+                else
                        return obj;
                }
        return NULL;
-}
+        }
 /* Try to get issuer certificate from store. Due to limitations
 * of the API this can only retrieve a single certificate matching
 * a given subject name. However it will fill the cache with all
- * matching certificates, so we can examine the cache for all 
+ * matching certificates, so we can examine the cache for all
 * matches.
 *
 * Return values are:
@@ -483,13 +621,11 @@ X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x
 *  0 certificate not found.
 * -1 some other error.
 */
 int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
-{
+        {
        X509_NAME *xn;
        X509_OBJECT obj, *pobj;
-        int i, ok, idx;
+        int i, ok, idx, ret;
        xn=X509_get_issuer_name(x);
        ok=X509_STORE_get_by_subject(ctx,X509_LU_X509,xn,&obj);
        if (ok != X509_LU_X509)
@@ -515,27 +651,34 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
                return 1;
                }
        X509_OBJECT_free_contents(&obj);
-        /* Else find index of first matching cert */
-        idx = X509_OBJECT_idx_by_subject(ctx->ctx->objs, X509_LU_X509, xn);
-        /* This shouldn't normally happen since we already have one match */
-        if (idx == -1) return 0;
-        /* Look through all matching certificates for a suitable issuer */
+        /* Else find index of first cert accepted by 'check_issued' */
-        for (i = idx; i < sk_X509_OBJECT_num(ctx->ctx->objs); i++)
+        ret = 0;
+        CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+        idx = X509_OBJECT_idx_by_subject(ctx->ctx->objs, X509_LU_X509, xn);
+        if (idx != -1) /* should be true as we've had at least one match */
                {
-                pobj = sk_X509_OBJECT_value(ctx->ctx->objs, i);
+                /* Look through all matching certs for suitable issuer */
-                /* See if we've ran out of matches */
+                for (i = idx; i < sk_X509_OBJECT_num(ctx->ctx->objs); i++)
-                if (pobj->type != X509_LU_X509) return 0;
-                if (X509_NAME_cmp(xn, X509_get_subject_name(pobj->data.x509))) return 0;
-                if (ctx->check_issued(ctx, x, pobj->data.x509))
                        {
-                        *issuer = pobj->data.x509;
+                        pobj = sk_X509_OBJECT_value(ctx->ctx->objs, i);
-                        X509_OBJECT_up_ref_count(pobj);
+                        /* See if we've run past the matches */
-                        return 1;
+                        if (pobj->type != X509_LU_X509)
+                                break;
+                        if (X509_NAME_cmp(xn, X509_get_subject_name(pobj->data.x509)))
+                                break;
+                        if (ctx->check_issued(ctx, x, pobj->data.x509))
+                                {
+                                *issuer = pobj->data.x509;
+                                X509_OBJECT_up_ref_count(pobj);
+                                ret = 1;
+                                break;
+                                }
                        }
                }
-        return 0;
+        CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
-}
+        return ret;
+        }
 int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags)
        {
@@ -563,5 +706,11 @@ int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *param)
        return X509_VERIFY_PARAM_set1(ctx->param, param);
        }
+void X509_STORE_set_verify_cb(X509_STORE *ctx,
+                                  int (*verify_cb)(int, X509_STORE_CTX *))
+        {
+        ctx->verify_cb = verify_cb;
+        }
 IMPLEMENT_STACK_OF(X509_LOOKUP)
 IMPLEMENT_STACK_OF(X509_OBJECT)
diff --git a/src/lib/libcrypto/x509/x509_obj.c b/src/lib/libcrypto/x509/x509_obj.c
index 1e718f76eb..21fed9f838 100644
--- a/src/lib/libcrypto/x509/x509_obj.c
+++ b/src/lib/libcrypto/x509/x509_obj.c
@@ -72,7 +72,7 @@ int i;
        char *p;
        unsigned char *q;
        BUF_MEM *b=NULL;
-        static char hex[17]="0123456789ABCDEF";
+        static const char hex[17]="0123456789ABCDEF";
        int gs_doit[4];
        char tmp_buf[80];
 #ifdef CHARSET_EBCDIC
diff --git a/src/lib/libcrypto/x509/x509_req.c b/src/lib/libcrypto/x509/x509_req.c
index 3872e1fb64..48183dc00c 100644
--- a/src/lib/libcrypto/x509/x509_req.c
+++ b/src/lib/libcrypto/x509/x509_req.c
@@ -61,6 +61,7 @@
 #include <openssl/bn.h>
 #include <openssl/evp.h>
 #include <openssl/asn1.h>
+#include <openssl/asn1t.h>
 #include <openssl/x509.h>
 #include <openssl/objects.h>
 #include <openssl/buffer.h>
@@ -205,10 +206,9 @@ STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req)
        if(!ext || (ext->type != V_ASN1_SEQUENCE))
                return NULL;
        p = ext->value.sequence->data;
-        return d2i_ASN1_SET_OF_X509_EXTENSION(NULL, &p,
+        return (STACK_OF(X509_EXTENSION) *)
-                        ext->value.sequence->length,
+                ASN1_item_d2i(NULL, &p, ext->value.sequence->length,
-                        d2i_X509_EXTENSION, X509_EXTENSION_free,
+                                ASN1_ITEM_rptr(X509_EXTENSIONS));
-                        V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
 }
 /* Add a STACK_OF extensions to a certificate request: allow alternative OIDs
@@ -218,8 +218,6 @@ STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req)
 int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
                                int nid)
 {
-        unsigned char *p = NULL, *q;
-        long len;
        ASN1_TYPE *at = NULL;
        X509_ATTRIBUTE *attr = NULL;
        if(!(at = ASN1_TYPE_new()) ||
@@ -227,15 +225,10 @@ int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
        at->type = V_ASN1_SEQUENCE;
        /* Generate encoding of extensions */
-        len = i2d_ASN1_SET_OF_X509_EXTENSION(exts, NULL, i2d_X509_EXTENSION,
+        at->value.sequence->length = 
-                        V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE);
+                        ASN1_item_i2d((ASN1_VALUE *)exts,
-        if(!(p = OPENSSL_malloc(len))) goto err;
+                                &at->value.sequence->data,
-        q = p;
+                                ASN1_ITEM_rptr(X509_EXTENSIONS));
-        i2d_ASN1_SET_OF_X509_EXTENSION(exts, &q, i2d_X509_EXTENSION,
-                        V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE);
-        at->value.sequence->data = p;
-        p = NULL;
-        at->value.sequence->length = len;
        if(!(attr = X509_ATTRIBUTE_new())) goto err;
        if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err;
        if(!sk_ASN1_TYPE_push(attr->value.set, at)) goto err;
@@ -250,7 +243,6 @@ int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
        if(!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) goto err;
        return 1;
        err:
-        if(p) OPENSSL_free(p);
        X509_ATTRIBUTE_free(attr);
        ASN1_TYPE_free(at);
        return 0;
diff --git a/src/lib/libcrypto/x509/x509_set.c b/src/lib/libcrypto/x509/x509_set.c
index aaf61ca062..4b94fc5847 100644
--- a/src/lib/libcrypto/x509/x509_set.c
+++ b/src/lib/libcrypto/x509/x509_set.c
@@ -104,7 +104,7 @@ int X509_set_subject_name(X509 *x, X509_NAME *name)
        return(X509_NAME_set(&x->cert_info->subject,name));
        }
-int X509_set_notBefore(X509 *x, ASN1_TIME *tm)
+int X509_set_notBefore(X509 *x, const ASN1_TIME *tm)
        {
        ASN1_TIME *in;
@@ -122,7 +122,7 @@ int X509_set_notBefore(X509 *x, ASN1_TIME *tm)
        return(in != NULL);
        }
-int X509_set_notAfter(X509 *x, ASN1_TIME *tm)
+int X509_set_notAfter(X509 *x, const ASN1_TIME *tm)
        {
        ASN1_TIME *in;
diff --git a/src/lib/libcrypto/x509/x509_trs.c b/src/lib/libcrypto/x509/x509_trs.c
index ed18700585..a6cb9c8b1b 100644
--- a/src/lib/libcrypto/x509/x509_trs.c
+++ b/src/lib/libcrypto/x509/x509_trs.c
@@ -84,7 +84,8 @@ static X509_TRUST trstandard[] = {
 {X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL},
 {X509_TRUST_OBJECT_SIGN, 0, trust_1oidany, "Object Signer", NID_code_sign, NULL},
 {X509_TRUST_OCSP_SIGN, 0, trust_1oid, "OCSP responder", NID_OCSP_sign, NULL},
-{X509_TRUST_OCSP_REQUEST, 0, trust_1oid, "OCSP request", NID_ad_OCSP, NULL}
+{X509_TRUST_OCSP_REQUEST, 0, trust_1oid, "OCSP request", NID_ad_OCSP, NULL},
+{X509_TRUST_TSA, 0, trust_1oidany, "TSA server", NID_time_stamp, NULL}
 };
 #define X509_TRUST_COUNT        (sizeof(trstandard)/sizeof(X509_TRUST))
diff --git a/src/lib/libcrypto/x509/x509_txt.c b/src/lib/libcrypto/x509/x509_txt.c
index 73a8ec726f..c44f753c46 100644
--- a/src/lib/libcrypto/x509/x509_txt.c
+++ b/src/lib/libcrypto/x509/x509_txt.c
@@ -162,8 +162,28 @@ const char *X509_verify_cert_error_string(long n)
                return("invalid or inconsistent certificate policy extension");
        case X509_V_ERR_NO_EXPLICIT_POLICY:
                return("no explicit policy");
-        case X509_V_ERR_UNNESTED_RESOURCE:
+        case X509_V_ERR_DIFFERENT_CRL_SCOPE:
-                return("RFC 3779 resource not subset of parent's resources");
+        return("Different CRL scope");
+        case X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE:
+        return("Unsupported extension feature");
+        case X509_V_ERR_UNNESTED_RESOURCE:
+                return("RFC 3779 resource not subset of parent's resources");
+        case X509_V_ERR_PERMITTED_VIOLATION:
+                return("permitted subtree violation");
+        case X509_V_ERR_EXCLUDED_VIOLATION:
+                return("excluded subtree violation");
+        case X509_V_ERR_SUBTREE_MINMAX:
+                return("name constraints minimum and maximum not supported");
+        case X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE:
+                return("unsupported name constraint type");
+        case X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX:
+                return("unsupported or invalid name constraint syntax");
+        case X509_V_ERR_UNSUPPORTED_NAME_SYNTAX:
+                return("unsupported or invalid name syntax");
+        case X509_V_ERR_CRL_PATH_VALIDATION_ERROR:
+                return("CRL path validation error");
        default:
                BIO_snprintf(buf,sizeof buf,"error number %ld",n);
                return(buf);
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c
index 336c40ddd7..87ebf62525 100644
--- a/src/lib/libcrypto/x509/x509_vfy.c
+++ b/src/lib/libcrypto/x509/x509_vfy.c
@@ -70,14 +70,70 @@
 #include <openssl/x509v3.h>
 #include <openssl/objects.h>
+/* CRL score values */
+/* No unhandled critical extensions */
+#define CRL_SCORE_NOCRITICAL    0x100
+/* certificate is within CRL scope */
+#define CRL_SCORE_SCOPE         0x080
+/* CRL times valid */
+#define CRL_SCORE_TIME          0x040
+/* Issuer name matches certificate */
+#define CRL_SCORE_ISSUER_NAME   0x020
+/* If this score or above CRL is probably valid */
+#define CRL_SCORE_VALID (CRL_SCORE_NOCRITICAL|CRL_SCORE_TIME|CRL_SCORE_SCOPE)
+/* CRL issuer is certificate issuer */
+#define CRL_SCORE_ISSUER_CERT   0x018
+/* CRL issuer is on certificate path */
+#define CRL_SCORE_SAME_PATH     0x008
+/* CRL issuer matches CRL AKID */
+#define CRL_SCORE_AKID          0x004
+/* Have a delta CRL with valid times */
+#define CRL_SCORE_TIME_DELTA    0x002
 static int null_callback(int ok,X509_STORE_CTX *e);
 static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
 static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x);
 static int check_chain_extensions(X509_STORE_CTX *ctx);
+static int check_name_constraints(X509_STORE_CTX *ctx);
 static int check_trust(X509_STORE_CTX *ctx);
 static int check_revocation(X509_STORE_CTX *ctx);
 static int check_cert(X509_STORE_CTX *ctx);
 static int check_policy(X509_STORE_CTX *ctx);
+static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
+                        unsigned int *preasons,
+                        X509_CRL *crl, X509 *x);
+static int get_crl_delta(X509_STORE_CTX *ctx,
+                                X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x);
+static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, int *pcrl_score,
+                        X509_CRL *base, STACK_OF(X509_CRL) *crls);
+static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl,
+                                X509 **pissuer, int *pcrl_score);
+static int crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score,
+                                unsigned int *preasons);
+static int check_crl_path(X509_STORE_CTX *ctx, X509 *x);
+static int check_crl_chain(X509_STORE_CTX *ctx,
+                        STACK_OF(X509) *cert_path,
+                        STACK_OF(X509) *crl_path);
 static int internal_verify(X509_STORE_CTX *ctx);
 const char X509_version[]="X.509" OPENSSL_VERSION_PTEXT;
@@ -289,6 +345,12 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
        if (!ok) goto end;
+        /* Check name constraints */
+        ok = check_name_constraints(ctx);
+        
+        if (!ok) goto end;
        /* The chain extensions are OK: check trust */
        if (param->trust > 0) ok = check_trust(ctx);
@@ -398,8 +460,8 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
        X509 *x;
        int (*cb)(int xok,X509_STORE_CTX *xctx);
        int proxy_path_length = 0;
-        int allow_proxy_certs =
+        int purpose;
-                !!(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS);
+        int allow_proxy_certs;
        cb=ctx->verify_cb;
        /* must_be_ca can have 1 of 3 values:
@@ -412,10 +474,22 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
        */
        must_be_ca = -1;
-        /* A hack to keep people who don't want to modify their software
+        /* CRL path validation */
-           happy */
+        if (ctx->parent)
-        if (getenv("OPENSSL_ALLOW_PROXY_CERTS"))
+                {
-                allow_proxy_certs = 1;
+                allow_proxy_certs = 0;
+                purpose = X509_PURPOSE_CRL_SIGN;
+                }
+        else
+                {
+                allow_proxy_certs =
+                        !!(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS);
+                /* A hack to keep people who don't want to modify their
+                   software happy */
+                if (getenv("OPENSSL_ALLOW_PROXY_CERTS"))
+                        allow_proxy_certs = 1;
+                purpose = ctx->param->purpose;
+                }
        /* Check all untrusted certificates */
        for (i = 0; i < ctx->last_untrusted; i++)
@@ -482,8 +556,7 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
                        }
                if (ctx->param->purpose > 0)
                        {
-                        ret = X509_check_purpose(x, ctx->param->purpose,
+                        ret = X509_check_purpose(x, purpose, must_be_ca > 0);
-                                must_be_ca > 0);
                        if ((ret == 0)
                                || ((ctx->param->flags & X509_V_FLAG_X509_STRICT)
                                        && (ret != 1)))
@@ -536,6 +609,42 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
 #endif
 }
+static int check_name_constraints(X509_STORE_CTX *ctx)
+        {
+        X509 *x;
+        int i, j, rv;
+        /* Check name constraints for all certificates */
+        for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--)
+                {
+                x = sk_X509_value(ctx->chain, i);
+                /* Ignore self issued certs unless last in chain */
+                if (i && (x->ex_flags & EXFLAG_SI))
+                        continue;
+                /* Check against constraints for all certificates higher in
+                 * chain including trust anchor. Trust anchor not strictly
+                 * speaking needed but if it includes constraints it is to be
+                 * assumed it expects them to be obeyed.
+                 */
+                for (j = sk_X509_num(ctx->chain) - 1; j > i; j--)
+                        {
+                        NAME_CONSTRAINTS *nc = sk_X509_value(ctx->chain, j)->nc;
+                        if (nc)
+                                {
+                                rv = NAME_CONSTRAINTS_check(x, nc);
+                                if (rv != X509_V_OK)
+                                        {
+                                        ctx->error = rv;
+                                        ctx->error_depth = i;
+                                        ctx->current_cert = x;
+                                        if (!ctx->verify_cb(0,ctx))
+                                                return 0;
+                                        }
+                                }
+                        }
+                }
+        return 1;
+        }
 static int check_trust(X509_STORE_CTX *ctx)
 {
 #ifdef OPENSSL_NO_CHAIN_VERIFY
@@ -570,7 +679,12 @@ static int check_revocation(X509_STORE_CTX *ctx)
        if (ctx->param->flags & X509_V_FLAG_CRL_CHECK_ALL)
                last = sk_X509_num(ctx->chain) - 1;
        else
+                {
+                /* If checking CRL paths this isn't the EE certificate */
+                if (ctx->parent)
+                        return 1;
                last = 0;
+                }
        for(i = 0; i <= last; i++)
                {
                ctx->error_depth = i;
@@ -582,30 +696,65 @@ static int check_revocation(X509_STORE_CTX *ctx)
 static int check_cert(X509_STORE_CTX *ctx)
        {
-        X509_CRL *crl = NULL;
+        X509_CRL *crl = NULL, *dcrl = NULL;
        X509 *x;
        int ok, cnum;
        cnum = ctx->error_depth;
        x = sk_X509_value(ctx->chain, cnum);
        ctx->current_cert = x;
-        /* Try to retrieve relevant CRL */
+        ctx->current_issuer = NULL;
-        ok = ctx->get_crl(ctx, &crl, x);
+        ctx->current_reasons = 0;
-        /* If error looking up CRL, nothing we can do except
+        while (ctx->current_reasons != CRLDP_ALL_REASONS)
-         * notify callback
-         */
-        if(!ok)
                {
-                ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
+                /* Try to retrieve relevant CRL */
-                ok = ctx->verify_cb(0, ctx);
+                if (ctx->get_crl)
-                goto err;
+                        ok = ctx->get_crl(ctx, &crl, x);
+                else
+                        ok = get_crl_delta(ctx, &crl, &dcrl, x);
+                /* If error looking up CRL, nothing we can do except
+                 * notify callback
+                 */
+                if(!ok)
+                        {
+                        ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
+                        ok = ctx->verify_cb(0, ctx);
+                        goto err;
+                        }
+                ctx->current_crl = crl;
+                ok = ctx->check_crl(ctx, crl);
+                if (!ok)
+                        goto err;
+                if (dcrl)
+                        {
+                        ok = ctx->check_crl(ctx, dcrl);
+                        if (!ok)
+                                goto err;
+                        ok = ctx->cert_crl(ctx, dcrl, x);
+                        if (!ok)
+                                goto err;
+                        }
+                else
+                        ok = 1;
+                /* Don't look in full CRL if delta reason is removefromCRL */
+                if (ok != 2)
+                        {
+                        ok = ctx->cert_crl(ctx, crl, x);
+                        if (!ok)
+                                goto err;
+                        }
+                X509_CRL_free(crl);
+                X509_CRL_free(dcrl);
+                crl = NULL;
+                dcrl = NULL;
                }
-        ctx->current_crl = crl;
-        ok = ctx->check_crl(ctx, crl);
-        if (!ok) goto err;
-        ok = ctx->cert_crl(ctx, crl, x);
        err:
-        ctx->current_crl = NULL;
        X509_CRL_free(crl);
+        X509_CRL_free(dcrl);
+        ctx->current_crl = NULL;
        return ok;
        }
@@ -616,7 +765,8 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify)
        {
        time_t *ptime;
        int i;
-        ctx->current_crl = crl;
+        if (notify)
+                ctx->current_crl = crl;
        if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
                ptime = &ctx->param->check_time;
        else
@@ -625,15 +775,19 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify)
        i=X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime);
        if (i == 0)
                {
+                if (!notify)
+                        return 0;
                ctx->error=X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD;
-                if (!notify || !ctx->verify_cb(0, ctx))
+                if (!ctx->verify_cb(0, ctx))
                        return 0;
                }
        if (i > 0)
                {
+                if (!notify)
+                        return 0;
                ctx->error=X509_V_ERR_CRL_NOT_YET_VALID;
-                if (!notify || !ctx->verify_cb(0, ctx))
+                if (!ctx->verify_cb(0, ctx))
                        return 0;
                }
@@ -643,92 +797,545 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify)
                if (i == 0)
                        {
+                        if (!notify)
+                                return 0;
                        ctx->error=X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD;
-                        if (!notify || !ctx->verify_cb(0, ctx))
+                        if (!ctx->verify_cb(0, ctx))
                                return 0;
                        }
+                /* Ignore expiry of base CRL is delta is valid */
-                if (i < 0)
+                if ((i < 0) && !(ctx->current_crl_score & CRL_SCORE_TIME_DELTA))
                        {
+                        if (!notify)
+                                return 0;
                        ctx->error=X509_V_ERR_CRL_HAS_EXPIRED;
-                        if (!notify || !ctx->verify_cb(0, ctx))
+                        if (!ctx->verify_cb(0, ctx))
                                return 0;
                        }
                }
-        ctx->current_crl = NULL;
+        if (notify)
+                ctx->current_crl = NULL;
        return 1;
        }
-/* Lookup CRLs from the supplied list. Look for matching isser name
+static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl,
- * and validity. If we can't find a valid CRL return the last one
+                        X509 **pissuer, int *pscore, unsigned int *preasons,
- * with matching name. This gives more meaningful error codes. Otherwise
+                        STACK_OF(X509_CRL) *crls)
- * we'd get a CRL not found error if a CRL existed with matching name but
- * was invalid.
- */
-static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl,
-                        X509_NAME *nm, STACK_OF(X509_CRL) *crls)
        {
-        int i;
+        int i, crl_score, best_score = *pscore;
+        unsigned int reasons, best_reasons = 0;
+        X509 *x = ctx->current_cert;
        X509_CRL *crl, *best_crl = NULL;
+        X509 *crl_issuer = NULL, *best_crl_issuer = NULL;
        for (i = 0; i < sk_X509_CRL_num(crls); i++)
                {
                crl = sk_X509_CRL_value(crls, i);
-                if (X509_NAME_cmp(nm, X509_CRL_get_issuer(crl)))
+                reasons = *preasons;
-                        continue;
+                crl_score = get_crl_score(ctx, &crl_issuer, &reasons, crl, x);
-                if (check_crl_time(ctx, crl, 0))
+                if (crl_score > best_score)
                        {
-                        *pcrl = crl;
+                        best_crl = crl;
-                        CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509);
+                        best_crl_issuer = crl_issuer;
-                        return 1;
+                        best_score = crl_score;
+                        best_reasons = reasons;
                        }
-                best_crl = crl;
                }
        if (best_crl)
                {
+                if (*pcrl)
+                        X509_CRL_free(*pcrl);
                *pcrl = best_crl;
-                CRYPTO_add(&best_crl->references, 1, CRYPTO_LOCK_X509);
+                *pissuer = best_crl_issuer;
+                *pscore = best_score;
+                *preasons = best_reasons;
+                CRYPTO_add(&best_crl->references, 1, CRYPTO_LOCK_X509_CRL);
+                if (*pdcrl)
+                        {
+                        X509_CRL_free(*pdcrl);
+                        *pdcrl = NULL;
+                        }
+                get_delta_sk(ctx, pdcrl, pscore, best_crl, crls);
                }
-                
+        if (best_score >= CRL_SCORE_VALID)
+                return 1;
        return 0;
        }
-/* Retrieve CRL corresponding to certificate: currently just a
+/* Compare two CRL extensions for delta checking purposes. They should be
- * subject lookup: maybe use AKID later...
+ * both present or both absent. If both present all fields must be identical.
 */
-static int get_crl(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509 *x)
+static int crl_extension_match(X509_CRL *a, X509_CRL *b, int nid)
        {
-        int ok;
+        ASN1_OCTET_STRING *exta, *extb;
-        X509_CRL *crl = NULL;
+        int i;
-        X509_OBJECT xobj;
+        i = X509_CRL_get_ext_by_NID(a, nid, 0);
-        X509_NAME *nm;
+        if (i >= 0)
-        nm = X509_get_issuer_name(x);
-        ok = get_crl_sk(ctx, &crl, nm, ctx->crls);
-        if (ok)
                {
-                *pcrl = crl;
+                /* Can't have multiple occurrences */
+                if (X509_CRL_get_ext_by_NID(a, nid, i) != -1)
+                        return 0;
+                exta = X509_EXTENSION_get_data(X509_CRL_get_ext(a, i));
+                }
+        else
+                exta = NULL;
+        i = X509_CRL_get_ext_by_NID(b, nid, 0);
+        if (i >= 0)
+                {
+                if (X509_CRL_get_ext_by_NID(b, nid, i) != -1)
+                        return 0;
+                extb = X509_EXTENSION_get_data(X509_CRL_get_ext(b, i));
+                }
+        else
+                extb = NULL;
+        if (!exta && !extb)
                return 1;
+        if (!exta || !extb)
+                return 0;
+        if (ASN1_OCTET_STRING_cmp(exta, extb))
+                return 0;
+        return 1;
+        }
+/* See if a base and delta are compatible */
+static int check_delta_base(X509_CRL *delta, X509_CRL *base)
+        {
+        /* Delta CRL must be a delta */
+        if (!delta->base_crl_number)
+                        return 0;
+        /* Base must have a CRL number */
+        if (!base->crl_number)
+                        return 0;
+        /* Issuer names must match */
+        if (X509_NAME_cmp(X509_CRL_get_issuer(base),
+                                X509_CRL_get_issuer(delta)))
+                return 0;
+        /* AKID and IDP must match */
+        if (!crl_extension_match(delta, base, NID_authority_key_identifier))
+                        return 0;
+        if (!crl_extension_match(delta, base, NID_issuing_distribution_point))
+                        return 0;
+        /* Delta CRL base number must not exceed Full CRL number. */
+        if (ASN1_INTEGER_cmp(delta->base_crl_number, base->crl_number) > 0)
+                        return 0;
+        /* Delta CRL number must exceed full CRL number */
+        if (ASN1_INTEGER_cmp(delta->crl_number, base->crl_number) > 0)
+                        return 1;
+        return 0;
+        }
+/* For a given base CRL find a delta... maybe extend to delta scoring
+ * or retrieve a chain of deltas...
+ */
+static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, int *pscore,
+                        X509_CRL *base, STACK_OF(X509_CRL) *crls)
+        {
+        X509_CRL *delta;
+        int i;
+        if (!(ctx->param->flags & X509_V_FLAG_USE_DELTAS))
+                return;
+        if (!((ctx->current_cert->ex_flags | base->flags) & EXFLAG_FRESHEST))
+                return;
+        for (i = 0; i < sk_X509_CRL_num(crls); i++)
+                {
+                delta = sk_X509_CRL_value(crls, i);
+                if (check_delta_base(delta, base))
+                        {
+                        if (check_crl_time(ctx, delta, 0))
+                                *pscore |= CRL_SCORE_TIME_DELTA;
+                        CRYPTO_add(&delta->references, 1, CRYPTO_LOCK_X509_CRL);
+                        *dcrl = delta;
+                        return;
+                        }
+                }
+        *dcrl = NULL;
+        }
+/* For a given CRL return how suitable it is for the supplied certificate 'x'.
+ * The return value is a mask of several criteria.
+ * If the issuer is not the certificate issuer this is returned in *pissuer.
+ * The reasons mask is also used to determine if the CRL is suitable: if
+ * no new reasons the CRL is rejected, otherwise reasons is updated.
+ */
+static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
+                        unsigned int *preasons,
+                        X509_CRL *crl, X509 *x)
+        {
+        int crl_score = 0;
+        unsigned int tmp_reasons = *preasons, crl_reasons;
+        /* First see if we can reject CRL straight away */
+        /* Invalid IDP cannot be processed */
+        if (crl->idp_flags & IDP_INVALID)
+                return 0;
+        /* Reason codes or indirect CRLs need extended CRL support */
+        if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT))
+                {
+                if (crl->idp_flags & (IDP_INDIRECT | IDP_REASONS))
+                        return 0;
+                }
+        else if (crl->idp_flags & IDP_REASONS)
+                {
+                /* If no new reasons reject */
+                if (!(crl->idp_reasons & ~tmp_reasons))
+                        return 0;
+                }
+        /* Don't process deltas at this stage */
+        else if (crl->base_crl_number)
+                return 0;
+        /* If issuer name doesn't match certificate need indirect CRL */
+        if (X509_NAME_cmp(X509_get_issuer_name(x), X509_CRL_get_issuer(crl)))
+                {
+                if (!(crl->idp_flags & IDP_INDIRECT))
+                        return 0;
+                }
+        else
+                crl_score |= CRL_SCORE_ISSUER_NAME;
+        if (!(crl->flags & EXFLAG_CRITICAL))
+                crl_score |= CRL_SCORE_NOCRITICAL;
+        /* Check expiry */
+        if (check_crl_time(ctx, crl, 0))
+                crl_score |= CRL_SCORE_TIME;
+        /* Check authority key ID and locate certificate issuer */
+        crl_akid_check(ctx, crl, pissuer, &crl_score);
+        /* If we can't locate certificate issuer at this point forget it */
+        if (!(crl_score & CRL_SCORE_AKID))
+                return 0;
+        /* Check cert for matching CRL distribution points */
+        if (crl_crldp_check(x, crl, crl_score, &crl_reasons))
+                {
+                /* If no new reasons reject */
+                if (!(crl_reasons & ~tmp_reasons))
+                        return 0;
+                tmp_reasons |= crl_reasons;
+                crl_score |= CRL_SCORE_SCOPE;
                }
-        ok = X509_STORE_get_by_subject(ctx, X509_LU_CRL, nm, &xobj);
+        *preasons = tmp_reasons;
+        return crl_score;
+        }
+static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl,
+                                X509 **pissuer, int *pcrl_score)
+        {
+        X509 *crl_issuer = NULL;
+        X509_NAME *cnm = X509_CRL_get_issuer(crl);
+        int cidx = ctx->error_depth;
+        int i;
-        if (!ok)
+        if (cidx != sk_X509_num(ctx->chain) - 1)
+                cidx++;
+        crl_issuer = sk_X509_value(ctx->chain, cidx);
+        if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK)
                {
-                /* If we got a near match from get_crl_sk use that */
+                if (*pcrl_score & CRL_SCORE_ISSUER_NAME)
-                if (crl)
                        {
-                        *pcrl = crl;
+                        *pcrl_score |= CRL_SCORE_AKID|CRL_SCORE_ISSUER_CERT;
-                        return 1;
+                        *pissuer = crl_issuer;
+                        return;
+                        }
+                }
+        for (cidx++; cidx < sk_X509_num(ctx->chain); cidx++)
+                {
+                crl_issuer = sk_X509_value(ctx->chain, cidx);
+                if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm))
+                        continue;
+                if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK)
+                        {
+                        *pcrl_score |= CRL_SCORE_AKID|CRL_SCORE_SAME_PATH;
+                        *pissuer = crl_issuer;
+                        return;
+                        }
+                }
+        /* Anything else needs extended CRL support */
+        if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT))
+                return;
+        /* Otherwise the CRL issuer is not on the path. Look for it in the
+         * set of untrusted certificates.
+         */
+        for (i = 0; i < sk_X509_num(ctx->untrusted); i++)
+                {
+                crl_issuer = sk_X509_value(ctx->untrusted, i);
+                if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm))
+                        continue;
+                if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK)
+                        {
+                        *pissuer = crl_issuer;
+                        *pcrl_score |= CRL_SCORE_AKID;
+                        return;
                        }
+                }
+        }
+/* Check the path of a CRL issuer certificate. This creates a new
+ * X509_STORE_CTX and populates it with most of the parameters from the
+ * parent. This could be optimised somewhat since a lot of path checking
+ * will be duplicated by the parent, but this will rarely be used in 
+ * practice.
+ */
+static int check_crl_path(X509_STORE_CTX *ctx, X509 *x)
+        {
+        X509_STORE_CTX crl_ctx;
+        int ret;
+        /* Don't allow recursive CRL path validation */
+        if (ctx->parent)
                return 0;
+        if (!X509_STORE_CTX_init(&crl_ctx, ctx->ctx, x, ctx->untrusted))
+                return -1;
+        crl_ctx.crls = ctx->crls;
+        /* Copy verify params across */
+        X509_STORE_CTX_set0_param(&crl_ctx, ctx->param);
+        crl_ctx.parent = ctx;
+        crl_ctx.verify_cb = ctx->verify_cb;
+        /* Verify CRL issuer */
+        ret = X509_verify_cert(&crl_ctx);
+        if (ret <= 0)
+                goto err;
+        /* Check chain is acceptable */
+        ret = check_crl_chain(ctx, ctx->chain, crl_ctx.chain);
+        err:
+        X509_STORE_CTX_cleanup(&crl_ctx);
+        return ret;
+        }
+/* RFC3280 says nothing about the relationship between CRL path
+ * and certificate path, which could lead to situations where a
+ * certificate could be revoked or validated by a CA not authorised
+ * to do so. RFC5280 is more strict and states that the two paths must
+ * end in the same trust anchor, though some discussions remain...
+ * until this is resolved we use the RFC5280 version
+ */
+static int check_crl_chain(X509_STORE_CTX *ctx,
+                        STACK_OF(X509) *cert_path,
+                        STACK_OF(X509) *crl_path)
+        {
+        X509 *cert_ta, *crl_ta;
+        cert_ta = sk_X509_value(cert_path, sk_X509_num(cert_path) - 1);
+        crl_ta = sk_X509_value(crl_path, sk_X509_num(crl_path) - 1);
+        if (!X509_cmp(cert_ta, crl_ta))
+                return 1;
+        return 0;
+        }
+/* Check for match between two dist point names: three separate cases.
+ * 1. Both are relative names and compare X509_NAME types.
+ * 2. One full, one relative. Compare X509_NAME to GENERAL_NAMES.
+ * 3. Both are full names and compare two GENERAL_NAMES.
+ * 4. One is NULL: automatic match.
+ */
+static int idp_check_dp(DIST_POINT_NAME *a, DIST_POINT_NAME *b)
+        {
+        X509_NAME *nm = NULL;
+        GENERAL_NAMES *gens = NULL;
+        GENERAL_NAME *gena, *genb;
+        int i, j;
+        if (!a || !b)
+                return 1;
+        if (a->type == 1)
+                {
+                if (!a->dpname)
+                        return 0;
+                /* Case 1: two X509_NAME */
+                if (b->type == 1)
+                        {
+                        if (!b->dpname)
+                                return 0;
+                        if (!X509_NAME_cmp(a->dpname, b->dpname))
+                                return 1;
+                        else
+                                return 0;
+                        }
+                /* Case 2: set name and GENERAL_NAMES appropriately */
+                nm = a->dpname;
+                gens = b->name.fullname;
+                }
+        else if (b->type == 1)
+                {
+                if (!b->dpname)
+                        return 0;
+                /* Case 2: set name and GENERAL_NAMES appropriately */
+                gens = a->name.fullname;
+                nm = b->dpname;
                }
-        *pcrl = xobj.data.crl;
+        /* Handle case 2 with one GENERAL_NAMES and one X509_NAME */
+        if (nm)
+                {
+                for (i = 0; i < sk_GENERAL_NAME_num(gens); i++)
+                        {
+                        gena = sk_GENERAL_NAME_value(gens, i);  
+                        if (gena->type != GEN_DIRNAME)
+                                continue;
+                        if (!X509_NAME_cmp(nm, gena->d.directoryName))
+                                return 1;
+                        }
+                return 0;
+                }
+        /* Else case 3: two GENERAL_NAMES */
+        for (i = 0; i < sk_GENERAL_NAME_num(a->name.fullname); i++)
+                {
+                gena = sk_GENERAL_NAME_value(a->name.fullname, i);
+                for (j = 0; j < sk_GENERAL_NAME_num(b->name.fullname); j++)
+                        {
+                        genb = sk_GENERAL_NAME_value(b->name.fullname, j);
+                        if (!GENERAL_NAME_cmp(gena, genb))
+                                return 1;
+                        }
+                }
+        return 0;
+        }
+static int crldp_check_crlissuer(DIST_POINT *dp, X509_CRL *crl, int crl_score)
+        {
+        int i;
+        X509_NAME *nm = X509_CRL_get_issuer(crl);
+        /* If no CRLissuer return is successful iff don't need a match */
+        if (!dp->CRLissuer)
+                return !!(crl_score & CRL_SCORE_ISSUER_NAME);
+        for (i = 0; i < sk_GENERAL_NAME_num(dp->CRLissuer); i++)
+                {
+                GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->CRLissuer, i);
+                if (gen->type != GEN_DIRNAME)
+                        continue;
+                if (!X509_NAME_cmp(gen->d.directoryName, nm))
+                        return 1;
+                }
+        return 0;
+        }
+/* Check CRLDP and IDP */
+static int crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score,
+                                unsigned int *preasons)
+        {
+        int i;
+        if (crl->idp_flags & IDP_ONLYATTR)
+                return 0;
+        if (x->ex_flags & EXFLAG_CA)
+                {
+                if (crl->idp_flags & IDP_ONLYUSER)
+                        return 0;
+                }
+        else
+                {
+                if (crl->idp_flags & IDP_ONLYCA)
+                        return 0;
+                }
+        *preasons = crl->idp_reasons;
+        for (i = 0; i < sk_DIST_POINT_num(x->crldp); i++)
+                {
+                DIST_POINT *dp = sk_DIST_POINT_value(x->crldp, i);
+                if (crldp_check_crlissuer(dp, crl, crl_score))
+                        {
+                        if (!crl->idp ||
+                             idp_check_dp(dp->distpoint, crl->idp->distpoint))
+                                {
+                                *preasons &= dp->dp_reasons;
+                                return 1;
+                                }
+                        }
+                }
+        if ((!crl->idp || !crl->idp->distpoint) && (crl_score & CRL_SCORE_ISSUER_NAME))
+                return 1;
+        return 0;
+        }
+/* Retrieve CRL corresponding to current certificate.
+ * If deltas enabled try to find a delta CRL too
+ */
+        
+static int get_crl_delta(X509_STORE_CTX *ctx,
+                                X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x)
+        {
+        int ok;
+        X509 *issuer = NULL;
+        int crl_score = 0;
+        unsigned int reasons;
+        X509_CRL *crl = NULL, *dcrl = NULL;
+        STACK_OF(X509_CRL) *skcrl;
+        X509_NAME *nm = X509_get_issuer_name(x);
+        reasons = ctx->current_reasons;
+        ok = get_crl_sk(ctx, &crl, &dcrl, 
+                                &issuer, &crl_score, &reasons, ctx->crls);
+        if (ok)
+                goto done;
+        /* Lookup CRLs from store */
+        skcrl = ctx->lookup_crls(ctx, nm);
+        /* If no CRLs found and a near match from get_crl_sk use that */
+        if (!skcrl && crl)
+                goto done;
+        get_crl_sk(ctx, &crl, &dcrl, &issuer, &crl_score, &reasons, skcrl);
+        sk_X509_CRL_pop_free(skcrl, X509_CRL_free);
+        done:
+        /* If we got any kind of CRL use it and return success */
        if (crl)
-                X509_CRL_free(crl);
+                {
-        return 1;
+                ctx->current_issuer = issuer;
+                ctx->current_crl_score = crl_score;
+                ctx->current_reasons = reasons;
+                *pcrl = crl;
+                *pdcrl = dcrl;
+                return 1;
+                }
+        return 0;
        }
 /* Check CRL validity */
@@ -739,10 +1346,14 @@ static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl)
        int ok = 0, chnum, cnum;
        cnum = ctx->error_depth;
        chnum = sk_X509_num(ctx->chain) - 1;
-        /* Find CRL issuer: if not last certificate then issuer
+        /* if we have an alternative CRL issuer cert use that */
+        if (ctx->current_issuer)
+                issuer = ctx->current_issuer;
+        /* Else find CRL issuer: if not last certificate then issuer
         * is next certificate in chain.
         */
-        if(cnum < chnum)
+        else if (cnum < chnum)
                issuer = sk_X509_value(ctx->chain, cnum + 1);
        else
                {
@@ -758,13 +1369,52 @@ static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl)
        if(issuer)
                {
-                /* Check for cRLSign bit if keyUsage present */
+                /* Skip most tests for deltas because they have already
-                if ((issuer->ex_flags & EXFLAG_KUSAGE) &&
+                 * been done
-                        !(issuer->ex_kusage & KU_CRL_SIGN))
+                 */
+                if (!crl->base_crl_number)
                        {
-                        ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN;
+                        /* Check for cRLSign bit if keyUsage present */
-                        ok = ctx->verify_cb(0, ctx);
+                        if ((issuer->ex_flags & EXFLAG_KUSAGE) &&
-                        if(!ok) goto err;
+                                !(issuer->ex_kusage & KU_CRL_SIGN))
+                                {
+                                ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN;
+                                ok = ctx->verify_cb(0, ctx);
+                                if(!ok) goto err;
+                                }
+                        if (!(ctx->current_crl_score & CRL_SCORE_SCOPE))
+                                {
+                                ctx->error = X509_V_ERR_DIFFERENT_CRL_SCOPE;
+                                ok = ctx->verify_cb(0, ctx);
+                                if(!ok) goto err;
+                                }
+                        if (!(ctx->current_crl_score & CRL_SCORE_SAME_PATH))
+                                {
+                                if (check_crl_path(ctx, ctx->current_issuer) <= 0)
+                                        {
+                                        ctx->error = X509_V_ERR_CRL_PATH_VALIDATION_ERROR;
+                                        ok = ctx->verify_cb(0, ctx);
+                                        if(!ok) goto err;
+                                        }
+                                }
+                        if (crl->idp_flags & IDP_INVALID)
+                                {
+                                ctx->error = X509_V_ERR_INVALID_EXTENSION;
+                                ok = ctx->verify_cb(0, ctx);
+                                if(!ok) goto err;
+                                }
+                        }
+                if (!(ctx->current_crl_score & CRL_SCORE_TIME))
+                        {
+                        ok = check_crl_time(ctx, crl, 1);
+                        if (!ok)
+                                goto err;
                        }
                /* Attempt to get issuer certificate public key */
@@ -788,10 +1438,6 @@ static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl)
                        }
                }
-        ok = check_crl_time(ctx, crl, 1);
-        if (!ok)
-                goto err;
        ok = 1;
        err:
@@ -802,62 +1448,43 @@ static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl)
 /* Check certificate against CRL */
 static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x)
        {
-        int idx, ok;
+        int ok;
-        X509_REVOKED rtmp;
+        X509_REVOKED *rev;
-        STACK_OF(X509_EXTENSION) *exts;
+        /* The rules changed for this... previously if a CRL contained
-        X509_EXTENSION *ext;
+         * unhandled critical extensions it could still be used to indicate
-        /* Look for serial number of certificate in CRL */
+         * a certificate was revoked. This has since been changed since 
-        rtmp.serialNumber = X509_get_serialNumber(x);
+         * critical extension can change the meaning of CRL entries.
-        /* Sort revoked into serial number order if not already sorted.
+         */
-         * Do this under a lock to avoid race condition.
+        if (crl->flags & EXFLAG_CRITICAL)
-         */
-        if (!sk_X509_REVOKED_is_sorted(crl->crl->revoked))
                {
-                CRYPTO_w_lock(CRYPTO_LOCK_X509_CRL);
+                if (ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
-                sk_X509_REVOKED_sort(crl->crl->revoked);
+                        return 1;
-                CRYPTO_w_unlock(CRYPTO_LOCK_X509_CRL);
+                ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION;
+                ok = ctx->verify_cb(0, ctx);
+                if(!ok)
+                        return 0;
                }
-        idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp);
+        /* Look for serial number of certificate in CRL
-        /* If found assume revoked: want something cleverer than
+         * If found make sure reason is not removeFromCRL.
-         * this to handle entry extensions in V2 CRLs.
         */
-        if(idx >= 0)
+        if (X509_CRL_get0_by_cert(crl, &rev, x))
                {
+                if (rev->reason == CRL_REASON_REMOVE_FROM_CRL)
+                        return 2;
                ctx->error = X509_V_ERR_CERT_REVOKED;
                ok = ctx->verify_cb(0, ctx);
-                if (!ok) return 0;
+                if (!ok)
+                        return 0;
                }
-        if (ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
-                return 1;
-        /* See if we have any critical CRL extensions: since we
-         * currently don't handle any CRL extensions the CRL must be
-         * rejected. 
-         * This code accesses the X509_CRL structure directly: applications
-         * shouldn't do this.
-         */
-        exts = crl->crl->extensions;
-        for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++)
-                {
-                ext = sk_X509_EXTENSION_value(exts, idx);
-                if (ext->critical > 0)
-                        {
-                        ctx->error =
-                                X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION;
-                        ok = ctx->verify_cb(0, ctx);
-                        if(!ok) return 0;
-                        break;
-                        }
-                }
        return 1;
        }
 static int check_policy(X509_STORE_CTX *ctx)
        {
        int ret;
+        if (ctx->parent)
+                return 1;
        ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain,
                                ctx->param->policies, ctx->param->flags);
        if (ret == 0)
@@ -880,7 +1507,8 @@ static int check_policy(X509_STORE_CTX *ctx)
                                continue;
                        ctx->current_cert = x;
                        ctx->error = X509_V_ERR_INVALID_POLICY_EXTENSION;
-                        ret = ctx->verify_cb(0, ctx);
+                        if(!ctx->verify_cb(0, ctx))
+                                return 0;
                        }
                return 1;
                }
@@ -986,7 +1614,12 @@ static int internal_verify(X509_STORE_CTX *ctx)
        while (n >= 0)
                {
                ctx->error_depth=n;
-                if (!xs->valid)
+                /* Skip signature check for self signed certificates unless
+                 * explicitly asked for. It doesn't add any security and
+                 * just wastes time.
+                 */
+                if (!xs->valid && (xs != xi || (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE)))
                        {
                        if ((pkey=X509_get_pubkey(xi)) == NULL)
                                {
@@ -996,13 +1629,6 @@ static int internal_verify(X509_STORE_CTX *ctx)
                                if (!ok) goto end;
                                }
                        else if (X509_verify(xs,pkey) <= 0)
-                                /* XXX  For the final trusted self-signed cert,
-                                 * this is a waste of time.  That check should
-                                 * optional so that e.g. 'openssl x509' can be
-                                 * used to detect invalid self-signatures, but
-                                 * we don't verify again and again in SSL
-                                 * handshakes and the like once the cert has
-                                 * been declared trusted. */
                                {
                                ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;
                                ctx->current_cert=xs;
@@ -1041,12 +1667,12 @@ end:
        return ok;
        }
-int X509_cmp_current_time(ASN1_TIME *ctm)
+int X509_cmp_current_time(const ASN1_TIME *ctm)
 {
        return X509_cmp_time(ctm, NULL);
 }
-int X509_cmp_time(ASN1_TIME *ctm, time_t *cmp_time)
+int X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time)
        {
        char *str;
        ASN1_TIME atm;
@@ -1101,6 +1727,7 @@ int X509_cmp_time(ASN1_TIME *ctm, time_t *cmp_time)
                        offset= -offset;
                }
        atm.type=ctm->type;
+        atm.flags = 0;
        atm.length=sizeof(buff2);
        atm.data=(unsigned char *)buff2;
@@ -1129,19 +1756,28 @@ ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj)
        return X509_time_adj(s, adj, NULL);
 }
-ASN1_TIME *X509_time_adj(ASN1_TIME *s, long adj, time_t *in_tm)
+ASN1_TIME *X509_time_adj(ASN1_TIME *s, long offset_sec, time_t *in_tm)
+        {
+        return X509_time_adj_ex(s, 0, offset_sec, in_tm);
+        }
+ASN1_TIME *X509_time_adj_ex(ASN1_TIME *s,
+                                int offset_day, long offset_sec, time_t *in_tm)
        {
        time_t t;
-        int type = -1;
        if (in_tm) t = *in_tm;
        else time(&t);
-        t+=adj;
+        if (s && !(s->flags & ASN1_STRING_FLAG_MSTRING))
-        if (s) type = s->type;
+                {
-        if (type == V_ASN1_UTCTIME) return ASN1_UTCTIME_set(s,t);
+                if (s->type == V_ASN1_UTCTIME)
-        if (type == V_ASN1_GENERALIZEDTIME) return ASN1_GENERALIZEDTIME_set(s, t);
+                        return ASN1_UTCTIME_adj(s,t, offset_day, offset_sec);
-        return ASN1_TIME_set(s, t);
+                if (s->type == V_ASN1_GENERALIZEDTIME)
+                        return ASN1_GENERALIZEDTIME_adj(s, t, offset_day,
+                                                                offset_sec);
+                }
+        return ASN1_TIME_adj(s, t, offset_day, offset_sec);
        }
 int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)
@@ -1244,6 +1880,21 @@ STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx)
        return chain;
        }
+X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx)
+        {
+        return ctx->current_issuer;
+        }
+X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx)
+        {
+        return ctx->current_crl;
+        }
+X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx)
+        {
+        return ctx->parent;
+        }
 void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x)
        {
        ctx->cert=x;
@@ -1365,6 +2016,7 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
        ctx->current_cert=NULL;
        ctx->current_issuer=NULL;
        ctx->tree = NULL;
+        ctx->parent = NULL;
        ctx->param = X509_VERIFY_PARAM_new();
@@ -1430,7 +2082,7 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
        if (store && store->get_crl)
                ctx->get_crl = store->get_crl;
        else
-                ctx->get_crl = get_crl;
+                ctx->get_crl = NULL;
        if (store && store->check_crl)
                ctx->check_crl = store->check_crl;
@@ -1442,6 +2094,16 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
        else
                ctx->cert_crl = cert_crl;
+        if (store && store->lookup_certs)
+                ctx->lookup_certs = store->lookup_certs;
+        else
+                ctx->lookup_certs = X509_STORE_get1_certs;
+        if (store && store->lookup_crls)
+                ctx->lookup_crls = store->lookup_crls;
+        else
+                ctx->lookup_crls = X509_STORE_get1_crls;
        ctx->check_policy = check_policy;
@@ -1474,7 +2136,8 @@ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
        if (ctx->cleanup) ctx->cleanup(ctx);
        if (ctx->param != NULL)
                {
-                X509_VERIFY_PARAM_free(ctx->param);
+                if (ctx->parent == NULL)
+                        X509_VERIFY_PARAM_free(ctx->param);
                ctx->param=NULL;
                }
        if (ctx->tree != NULL)
diff --git a/src/lib/libcrypto/x509/x509_vfy.h b/src/lib/libcrypto/x509/x509_vfy.h
index 76c76e1719..fe09b30aaa 100644
--- a/src/lib/libcrypto/x509/x509_vfy.h
+++ b/src/lib/libcrypto/x509/x509_vfy.h
@@ -77,6 +77,7 @@
 extern "C" {
 #endif
+#if 0
 /* Outer object */
 typedef struct x509_hash_dir_st
        {
@@ -85,6 +86,7 @@ typedef struct x509_hash_dir_st
        int *dirs_type;
        int num_dirs_alloced;
        } X509_HASH_DIR_CTX;
+#endif
 typedef struct x509_file_st
        {
@@ -198,6 +200,8 @@ struct x509_store_st
        int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */
        int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */
        int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */
+        STACK_OF(X509) * (*lookup_certs)(X509_STORE_CTX *ctx, X509_NAME *nm);
+        STACK_OF(X509_CRL) * (*lookup_crls)(X509_STORE_CTX *ctx, X509_NAME *nm);
        int (*cleanup)(X509_STORE_CTX *ctx);
        CRYPTO_EX_DATA ex_data;
@@ -246,6 +250,8 @@ struct x509_store_ctx_st      /* X509_STORE_CTX */
        int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */
        int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */
        int (*check_policy)(X509_STORE_CTX *ctx);
+        STACK_OF(X509) * (*lookup_certs)(X509_STORE_CTX *ctx, X509_NAME *nm);
+        STACK_OF(X509_CRL) * (*lookup_crls)(X509_STORE_CTX *ctx, X509_NAME *nm);
        int (*cleanup)(X509_STORE_CTX *ctx);
        /* The following is built up */
@@ -263,6 +269,11 @@ struct x509_store_ctx_st      /* X509_STORE_CTX */
        X509 *current_issuer;   /* cert currently being tested as valid issuer */
        X509_CRL *current_crl;  /* current CRL */
+        int current_crl_score;  /* score of current CRL */
+        unsigned int current_reasons;  /* Reason mask */
+        X509_STORE_CTX *parent; /* For CRL path validation: parent context */
        CRYPTO_EX_DATA ex_data;
        } /* X509_STORE_CTX */;
@@ -330,8 +341,18 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
 #define         X509_V_ERR_INVALID_EXTENSION                    41
 #define         X509_V_ERR_INVALID_POLICY_EXTENSION             42
 #define         X509_V_ERR_NO_EXPLICIT_POLICY                   43
+#define         X509_V_ERR_DIFFERENT_CRL_SCOPE                  44
+#define         X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE        45
+#define         X509_V_ERR_UNNESTED_RESOURCE                    46
-#define         X509_V_ERR_UNNESTED_RESOURCE                    44
+#define         X509_V_ERR_PERMITTED_VIOLATION                  47
+#define         X509_V_ERR_EXCLUDED_VIOLATION                   48
+#define         X509_V_ERR_SUBTREE_MINMAX                       49
+#define         X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE          51
+#define         X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX        52
+#define         X509_V_ERR_UNSUPPORTED_NAME_SYNTAX              53
+#define         X509_V_ERR_CRL_PATH_VALIDATION_ERROR            54
 /* The application is not happy */
 #define         X509_V_ERR_APPLICATION_VERIFICATION             50
@@ -362,6 +383,13 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
 #define X509_V_FLAG_INHIBIT_MAP                 0x400
 /* Notify callback that policy is OK */
 #define X509_V_FLAG_NOTIFY_POLICY               0x800
+/* Extended CRL features such as indirect CRLs, alternate CRL signing keys */
+#define X509_V_FLAG_EXTENDED_CRL_SUPPORT        0x1000
+/* Delta CRL support */
+#define X509_V_FLAG_USE_DELTAS                  0x2000
+/* Check selfsigned CA signature */
+#define X509_V_FLAG_CHECK_SS_SIGNATURE          0x4000
 #define X509_VP_FLAG_DEFAULT                    0x1
 #define X509_VP_FLAG_OVERWRITE                  0x2
@@ -384,11 +412,16 @@ void X509_OBJECT_free_contents(X509_OBJECT *a);
 X509_STORE *X509_STORE_new(void );
 void X509_STORE_free(X509_STORE *v);
+STACK_OF(X509)* X509_STORE_get1_certs(X509_STORE_CTX *st, X509_NAME *nm);
+STACK_OF(X509_CRL)* X509_STORE_get1_crls(X509_STORE_CTX *st, X509_NAME *nm);
 int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
 int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
 int X509_STORE_set_trust(X509_STORE *ctx, int trust);
 int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm);
+void X509_STORE_set_verify_cb(X509_STORE *ctx,
+                                  int (*verify_cb)(int, X509_STORE_CTX *));
 X509_STORE_CTX *X509_STORE_CTX_new(void);
 int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
@@ -447,6 +480,9 @@ int	X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
 void    X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s);
 int     X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
 X509 *  X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
+X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx);
+X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx);
+X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx);
 void    X509_STORE_CTX_set_cert(X509_STORE_CTX *c,X509 *x);
diff --git a/src/lib/libcrypto/x509/x509_vpm.c b/src/lib/libcrypto/x509/x509_vpm.c
index 2b06718aec..dfd89d89fa 100644
--- a/src/lib/libcrypto/x509/x509_vpm.c
+++ b/src/lib/libcrypto/x509/x509_vpm.c
@@ -74,6 +74,7 @@ static void x509_verify_param_zero(X509_VERIFY_PARAM *param)
        param->name = NULL;
        param->purpose = 0;
        param->trust = 0;
+        /*param->inh_flags = X509_VP_FLAG_DEFAULT;*/
        param->inh_flags = 0;
        param->flags = 0;
        param->depth = -1;
@@ -198,8 +199,12 @@ int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest,
 int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to,
                                                const X509_VERIFY_PARAM *from)
        {
+        unsigned long save_flags = to->inh_flags;
+        int ret;
        to->inh_flags |= X509_VP_FLAG_DEFAULT;
-        return X509_VERIFY_PARAM_inherit(to, from);
+        ret = X509_VERIFY_PARAM_inherit(to, from);
+        to->inh_flags = save_flags;
+        return ret;
        }
 int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name)
@@ -324,7 +329,7 @@ static const X509_VERIFY_PARAM default_table[] = {
        NULL            /* policies */
        },
        {
-        "pkcs7",                        /* S/MIME signing parameters */
+        "pkcs7",                        /* S/MIME sign parameters */
        0,                              /* Check time */
        0,                              /* internal flags */
        0,                              /* flags */
@@ -334,7 +339,7 @@ static const X509_VERIFY_PARAM default_table[] = {
        NULL                            /* policies */
        },
        {
-        "smime_sign",                   /* S/MIME signing parameters */
+        "smime_sign",                   /* S/MIME sign parameters */
        0,                              /* Check time */
        0,                              /* internal flags */
        0,                              /* flags */
@@ -366,12 +371,17 @@ static const X509_VERIFY_PARAM default_table[] = {
 static STACK_OF(X509_VERIFY_PARAM) *param_table = NULL;
-static int table_cmp(const void *pa, const void *pb)
+static int table_cmp(const X509_VERIFY_PARAM *a, const X509_VERIFY_PARAM *b)
        {
-        const X509_VERIFY_PARAM *a = pa, *b = pb;
        return strcmp(a->name, b->name);
        }
+DECLARE_OBJ_BSEARCH_CMP_FN(X509_VERIFY_PARAM, X509_VERIFY_PARAM,
+                           table);
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(X509_VERIFY_PARAM, X509_VERIFY_PARAM,
+                             table);
 static int param_cmp(const X509_VERIFY_PARAM * const *a,
                        const X509_VERIFY_PARAM * const *b)
        {
@@ -407,6 +417,7 @@ const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name)
        {
        int idx;
        X509_VERIFY_PARAM pm;
        pm.name = (char *)name;
        if (param_table)
                {
@@ -414,11 +425,8 @@ const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name)
                if (idx != -1)
                        return sk_X509_VERIFY_PARAM_value(param_table, idx);
                }
-        return (const X509_VERIFY_PARAM *) OBJ_bsearch((char *)&pm,
+        return OBJ_bsearch_table(&pm, default_table,
-                                (char *)&default_table,
+                           sizeof(default_table)/sizeof(X509_VERIFY_PARAM));
-                                sizeof(default_table)/sizeof(X509_VERIFY_PARAM),
-                                sizeof(X509_VERIFY_PARAM),
-                                table_cmp);
        }
 void X509_VERIFY_PARAM_table_cleanup(void)
diff --git a/src/lib/libcrypto/x509/x509cset.c b/src/lib/libcrypto/x509/x509cset.c
index 7f4004b291..3109defb0b 100644
--- a/src/lib/libcrypto/x509/x509cset.c
+++ b/src/lib/libcrypto/x509/x509cset.c
@@ -81,7 +81,7 @@ int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name)
        }
-int X509_CRL_set_lastUpdate(X509_CRL *x, ASN1_TIME *tm)
+int X509_CRL_set_lastUpdate(X509_CRL *x, const ASN1_TIME *tm)
        {
        ASN1_TIME *in;
@@ -99,7 +99,7 @@ int X509_CRL_set_lastUpdate(X509_CRL *x, ASN1_TIME *tm)
        return(in != NULL);
        }
-int X509_CRL_set_nextUpdate(X509_CRL *x, ASN1_TIME *tm)
+int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm)
        {
        ASN1_TIME *in;
diff --git a/src/lib/libcrypto/x509/x509name.c b/src/lib/libcrypto/x509/x509name.c
index 068abfe5f0..27bc4dc9a3 100644
--- a/src/lib/libcrypto/x509/x509name.c
+++ b/src/lib/libcrypto/x509/x509name.c
@@ -356,7 +356,7 @@ int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
                return ASN1_STRING_set_by_NID(&ne->value, bytes,
                                                len, type,
                                        OBJ_obj2nid(ne->object)) ? 1 : 0;
-        if (len < 0) len=strlen((char *)bytes);
+        if (len < 0) len=strlen((const char *)bytes);
        i=ASN1_STRING_set(ne->value,bytes,len);
        if (!i) return(0);
        if (type != V_ASN1_UNDEF)
diff --git a/src/lib/libcrypto/x509/x509type.c b/src/lib/libcrypto/x509/x509type.c
index 2cd994c5b0..3385ad3f67 100644
--- a/src/lib/libcrypto/x509/x509type.c
+++ b/src/lib/libcrypto/x509/x509type.c
@@ -91,6 +91,10 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey)
                break;
        case EVP_PKEY_DH:
                ret=EVP_PK_DH|EVP_PKT_EXCH;
+                break;  
+        case NID_id_GostR3410_94:
+        case NID_id_GostR3410_2001:
+                ret=EVP_PKT_EXCH|EVP_PKT_SIGN;
                break;
        default:
                break;
diff --git a/src/lib/libcrypto/x509/x_all.c b/src/lib/libcrypto/x509/x_all.c
index 9039caad60..ebae30b701 100644
--- a/src/lib/libcrypto/x509/x_all.c
+++ b/src/lib/libcrypto/x509/x_all.c
@@ -57,7 +57,6 @@
 */
 #include <stdio.h>
-#undef SSLEAY_MACROS
 #include <openssl/stack.h>
 #include "cryptlib.h"
 #include <openssl/buffer.h>
@@ -83,12 +82,6 @@ int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r)
                a->sig_alg,a->signature,a->req_info,r));
        }
-int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r)
-        {
-        return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CRL_INFO),
-                a->sig_alg, a->signature,a->crl,r));
-        }
 int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r)
        {
        return(ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC),
diff --git a/src/lib/libcrypto/x509v3/ext_dat.h b/src/lib/libcrypto/x509v3/ext_dat.h
index 3eaec46f8a..76daee6fcd 100644
--- a/src/lib/libcrypto/x509v3/ext_dat.h
+++ b/src/lib/libcrypto/x509v3/ext_dat.h
@@ -61,21 +61,19 @@ extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku;
 extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info, v3_sinfo;
 extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id;
 extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate;
-extern X509V3_EXT_METHOD v3_delta_crl, v3_cpols, v3_crld;
+extern X509V3_EXT_METHOD v3_delta_crl, v3_cpols, v3_crld, v3_freshest_crl;
 extern X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff;
 extern X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc;
 extern X509V3_EXT_METHOD v3_crl_hold, v3_pci;
 extern X509V3_EXT_METHOD v3_policy_mappings, v3_policy_constraints;
-extern X509V3_EXT_METHOD v3_name_constraints, v3_inhibit_anyp;
+extern X509V3_EXT_METHOD v3_name_constraints, v3_inhibit_anyp, v3_idp;
-#ifndef OPENSSL_NO_RFC3779
 extern X509V3_EXT_METHOD v3_addr, v3_asid;
-#endif
 /* This table will be searched using OBJ_bsearch so it *must* kept in
 * order of the ext_nid values.
 */
-static X509V3_EXT_METHOD *standard_exts[] = {
+static const X509V3_EXT_METHOD *standard_exts[] = {
 &v3_nscert,
 &v3_ns_ia5_list[0],
 &v3_ns_ia5_list[1],
@@ -122,7 +120,10 @@ static X509V3_EXT_METHOD *standard_exts[] = {
 &v3_pci,
 &v3_name_constraints,
 &v3_policy_mappings,
-&v3_inhibit_anyp
+&v3_inhibit_anyp,
+&v3_idp,
+&v3_alt[2],
+&v3_freshest_crl,
 };
 /* Number of standard extensions */
diff --git a/src/lib/libcrypto/x509v3/pcy_cache.c b/src/lib/libcrypto/x509v3/pcy_cache.c
index 1030931b71..172b7e7ee4 100644
--- a/src/lib/libcrypto/x509v3/pcy_cache.c
+++ b/src/lib/libcrypto/x509v3/pcy_cache.c
@@ -139,7 +139,6 @@ static int policy_cache_new(X509 *x)
                return 0;
        cache->anyPolicy = NULL;
        cache->data = NULL;
-        cache->maps = NULL;
        cache->any_skip = -1;
        cache->explicit_skip = -1;
        cache->map_skip = -1;
diff --git a/src/lib/libcrypto/x509v3/pcy_data.c b/src/lib/libcrypto/x509v3/pcy_data.c
index fb392b901f..3444b03195 100644
--- a/src/lib/libcrypto/x509v3/pcy_data.c
+++ b/src/lib/libcrypto/x509v3/pcy_data.c
@@ -82,17 +82,21 @@ void policy_data_free(X509_POLICY_DATA *data)
 * another source.
 */
-X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, ASN1_OBJECT *id, int crit)
+X509_POLICY_DATA *policy_data_new(POLICYINFO *policy,
+                                        const ASN1_OBJECT *cid, int crit)
        {
        X509_POLICY_DATA *ret;
-        if (!policy && !id)
+        ASN1_OBJECT *id;
+        if (!policy && !cid)
                return NULL;
-        if (id)
+        if (cid)
                {
-                id = OBJ_dup(id);
+                id = OBJ_dup(cid);
                if (!id)
                        return NULL;
                }
+        else
+                id = NULL;
        ret = OPENSSL_malloc(sizeof(X509_POLICY_DATA));
        if (!ret)
                return NULL;
diff --git a/src/lib/libcrypto/x509v3/pcy_int.h b/src/lib/libcrypto/x509v3/pcy_int.h
index 3780de4fcd..ccff92846e 100644
--- a/src/lib/libcrypto/x509v3/pcy_int.h
+++ b/src/lib/libcrypto/x509v3/pcy_int.h
@@ -56,12 +56,10 @@
 *
 */
-DECLARE_STACK_OF(X509_POLICY_DATA)
-DECLARE_STACK_OF(X509_POLICY_REF)
-DECLARE_STACK_OF(X509_POLICY_NODE)
 typedef struct X509_POLICY_DATA_st X509_POLICY_DATA;
-typedef struct X509_POLICY_REF_st X509_POLICY_REF;
+DECLARE_STACK_OF(X509_POLICY_DATA)
 /* Internal structures */
@@ -110,16 +108,6 @@ struct X509_POLICY_DATA_st
 #define POLICY_DATA_FLAG_CRITICAL               0x10
-/* This structure is an entry from a table of mapped policies which
- * cross reference the policy it refers to.
- */
-struct X509_POLICY_REF_st
-        {
-        ASN1_OBJECT *subjectDomainPolicy;
-        const X509_POLICY_DATA *data;
-        };
 /* This structure is cached with a certificate */
 struct X509_POLICY_CACHE_st {
@@ -127,8 +115,6 @@ struct X509_POLICY_CACHE_st {
        X509_POLICY_DATA *anyPolicy;
        /* other policy data */
        STACK_OF(X509_POLICY_DATA) *data;
-        /* If policyMappings extension present a table of mapped policies */
-        STACK_OF(X509_POLICY_REF) *maps;
        /* If InhibitAnyPolicy present this is its value or -1 if absent. */
        long any_skip;
        /* If policyConstraints and requireExplicitPolicy present this is its
@@ -193,7 +179,7 @@ struct X509_POLICY_TREE_st
 /* Internal functions */
-X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, ASN1_OBJECT *id,
+X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, const ASN1_OBJECT *id,
                                                                int crit);
 void policy_data_free(X509_POLICY_DATA *data);
@@ -209,15 +195,18 @@ void policy_cache_init(void);
 void policy_cache_free(X509_POLICY_CACHE *cache);
 X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level,
+                                        const X509_POLICY_NODE *parent, 
                                        const ASN1_OBJECT *id);
 X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk,
                                                const ASN1_OBJECT *id);
 X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
-                        X509_POLICY_DATA *data,
+                        const X509_POLICY_DATA *data,
                        X509_POLICY_NODE *parent,
                        X509_POLICY_TREE *tree);
 void policy_node_free(X509_POLICY_NODE *node);
+int policy_node_match(const X509_POLICY_LEVEL *lvl,
+                      const X509_POLICY_NODE *node, const ASN1_OBJECT *oid);
 const X509_POLICY_CACHE *policy_cache_set(X509 *x);
diff --git a/src/lib/libcrypto/x509v3/pcy_map.c b/src/lib/libcrypto/x509v3/pcy_map.c
index f28796e6d4..21163b529d 100644
--- a/src/lib/libcrypto/x509v3/pcy_map.c
+++ b/src/lib/libcrypto/x509v3/pcy_map.c
@@ -62,31 +62,6 @@
 #include "pcy_int.h"
-static int ref_cmp(const X509_POLICY_REF * const *a,
-                        const X509_POLICY_REF * const *b)
-        {
-        return OBJ_cmp((*a)->subjectDomainPolicy, (*b)->subjectDomainPolicy);
-        }
-static void policy_map_free(X509_POLICY_REF *map)
-        {
-        if (map->subjectDomainPolicy)
-                ASN1_OBJECT_free(map->subjectDomainPolicy);
-        OPENSSL_free(map);
-        }
-static X509_POLICY_REF *policy_map_find(X509_POLICY_CACHE *cache, ASN1_OBJECT *id)
-        {
-        X509_POLICY_REF tmp;
-        int idx;
-        tmp.subjectDomainPolicy = id;
-        idx = sk_X509_POLICY_REF_find(cache->maps, &tmp);
-        if (idx == -1)
-                return NULL;
-        return sk_X509_POLICY_REF_value(cache->maps, idx);
-        }
 /* Set policy mapping entries in cache.
 * Note: this modifies the passed POLICY_MAPPINGS structure
 */
@@ -94,7 +69,6 @@ static X509_POLICY_REF *policy_map_find(X509_POLICY_CACHE *cache, ASN1_OBJECT *i
 int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps)
        {
        POLICY_MAPPING *map;
-        X509_POLICY_REF *ref = NULL;
        X509_POLICY_DATA *data;
        X509_POLICY_CACHE *cache = x->policy_cache;
        int i;
@@ -104,7 +78,6 @@ int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps)
                ret = -1;
                goto bad_mapping;
                }
-        cache->maps = sk_X509_POLICY_REF_new(ref_cmp);
        for (i = 0; i < sk_POLICY_MAPPING_num(maps); i++)
                {
                map = sk_POLICY_MAPPING_value(maps, i);
@@ -116,13 +89,6 @@ int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps)
                        goto bad_mapping;
                        }
-                /* If we've already mapped from this OID bad mapping */
-                if (policy_map_find(cache, map->subjectDomainPolicy) != NULL)
-                        {
-                        ret = -1;
-                        goto bad_mapping;
-                        }
                /* Attempt to find matching policy data */
                data = policy_cache_find_data(cache, map->issuerDomainPolicy);
                /* If we don't have anyPolicy can't map */
@@ -138,7 +104,7 @@ int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps)
                        if (!data)
                                goto bad_mapping;
                        data->qualifier_set = cache->anyPolicy->qualifier_set;
-                        map->issuerDomainPolicy = NULL;
+                        /*map->issuerDomainPolicy = NULL;*/
                        data->flags |= POLICY_DATA_FLAG_MAPPED_ANY;
                        data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
                        if (!sk_X509_POLICY_DATA_push(cache->data, data))
@@ -149,23 +115,10 @@ int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps)
                        }
                else
                        data->flags |= POLICY_DATA_FLAG_MAPPED;
                if (!sk_ASN1_OBJECT_push(data->expected_policy_set, 
                                                map->subjectDomainPolicy))
                        goto bad_mapping;
-                
-                ref = OPENSSL_malloc(sizeof(X509_POLICY_REF));
-                if (!ref)
-                        goto bad_mapping;
-                ref->subjectDomainPolicy = map->subjectDomainPolicy;
                map->subjectDomainPolicy = NULL;
-                ref->data = data;
-                if (!sk_X509_POLICY_REF_push(cache->maps, ref))
-                        goto bad_mapping;
-                ref = NULL;
                }
@@ -173,13 +126,6 @@ int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps)
        bad_mapping:
        if (ret == -1)
                x->ex_flags |= EXFLAG_INVALID_POLICY;
-        if (ref)
-                policy_map_free(ref);
-        if (ret <= 0)
-                {
-                sk_X509_POLICY_REF_pop_free(cache->maps, policy_map_free);
-                cache->maps = NULL;
-                }
        sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free);
        return ret;
diff --git a/src/lib/libcrypto/x509v3/pcy_node.c b/src/lib/libcrypto/x509v3/pcy_node.c
index 6587cb05ab..bd1e7f1ae8 100644
--- a/src/lib/libcrypto/x509v3/pcy_node.c
+++ b/src/lib/libcrypto/x509v3/pcy_node.c
@@ -92,13 +92,25 @@ X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *nodes,
        }
 X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level,
+                                        const X509_POLICY_NODE *parent, 
                                        const ASN1_OBJECT *id)
        {
-        return tree_find_sk(level->nodes, id);
+        X509_POLICY_NODE *node;
+        int i;
+        for (i = 0; i < sk_X509_POLICY_NODE_num(level->nodes); i++)
+                {
+                node = sk_X509_POLICY_NODE_value(level->nodes, i);
+                if (node->parent == parent)
+                        {
+                        if (!OBJ_cmp(node->data->valid_policy, id))
+                                return node;
+                        }
+                }
+        return NULL;
        }
 X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
-                        X509_POLICY_DATA *data,
+                        const X509_POLICY_DATA *data,
                        X509_POLICY_NODE *parent,
                        X509_POLICY_TREE *tree)
        {
@@ -155,4 +167,31 @@ void policy_node_free(X509_POLICY_NODE *node)
        OPENSSL_free(node);
        }
+/* See if a policy node matches a policy OID. If mapping enabled look through
+ * expected policy set otherwise just valid policy.
+ */
+int policy_node_match(const X509_POLICY_LEVEL *lvl,
+                      const X509_POLICY_NODE *node, const ASN1_OBJECT *oid)
+        {
+        int i;
+        ASN1_OBJECT *policy_oid;
+        const X509_POLICY_DATA *x = node->data;
+        if (        (lvl->flags & X509_V_FLAG_INHIBIT_MAP)
+                || !(x->flags & POLICY_DATA_FLAG_MAP_MASK))
+                {
+                if (!OBJ_cmp(x->valid_policy, oid))
+                        return 1;
+                return 0;
+                }
+        for (i = 0; i < sk_ASN1_OBJECT_num(x->expected_policy_set); i++)
+                {
+                policy_oid = sk_ASN1_OBJECT_value(x->expected_policy_set, i);
+                if (!OBJ_cmp(policy_oid, oid))
+                        return 1;
+                }
+        return 0;
+        }
diff --git a/src/lib/libcrypto/x509v3/pcy_tree.c b/src/lib/libcrypto/x509v3/pcy_tree.c
index 6c87a7f506..92f6b24556 100644
--- a/src/lib/libcrypto/x509v3/pcy_tree.c
+++ b/src/lib/libcrypto/x509v3/pcy_tree.c
@@ -62,6 +62,75 @@
 #include "pcy_int.h"
+/* Enable this to print out the complete policy tree at various point during
+ * evaluation.
+ */
+/*#define OPENSSL_POLICY_DEBUG*/
+#ifdef OPENSSL_POLICY_DEBUG
+static void expected_print(BIO *err, X509_POLICY_LEVEL *lev,
+                                X509_POLICY_NODE *node, int indent)
+        {
+        if (        (lev->flags & X509_V_FLAG_INHIBIT_MAP)
+                || !(node->data->flags & POLICY_DATA_FLAG_MAP_MASK))
+                BIO_puts(err, "  Not Mapped\n");
+        else
+                {
+                int i;
+                STACK_OF(ASN1_OBJECT) *pset = node->data->expected_policy_set;
+                ASN1_OBJECT *oid;
+                BIO_puts(err, "  Expected: ");
+                for (i = 0; i < sk_ASN1_OBJECT_num(pset); i++)
+                        {
+                        oid = sk_ASN1_OBJECT_value(pset, i);
+                        if (i)
+                                BIO_puts(err, ", ");
+                        i2a_ASN1_OBJECT(err, oid);
+                        }
+                BIO_puts(err, "\n");
+                }
+        }
+static void tree_print(char *str, X509_POLICY_TREE *tree,
+                        X509_POLICY_LEVEL *curr)
+        {
+        X509_POLICY_LEVEL *plev;
+        X509_POLICY_NODE *node;
+        int i;
+        BIO *err;
+        err = BIO_new_fp(stderr, BIO_NOCLOSE);
+        if (!curr)
+                curr = tree->levels + tree->nlevel;
+        else
+                curr++;
+        BIO_printf(err, "Level print after %s\n", str);
+        BIO_printf(err, "Printing Up to Level %ld\n", curr - tree->levels);
+        for (plev = tree->levels; plev != curr; plev++)
+                {
+                BIO_printf(err, "Level %ld, flags = %x\n",
+                                plev - tree->levels, plev->flags);
+                for (i = 0; i < sk_X509_POLICY_NODE_num(plev->nodes); i++)
+                        {
+                        node = sk_X509_POLICY_NODE_value(plev->nodes, i);
+                        X509_POLICY_NODE_print(err, node, 2);
+                        expected_print(err, plev, node, 2);
+                        BIO_printf(err, "  Flags: %x\n", node->data->flags);
+                        }
+                if (plev->anyPolicy)
+                        X509_POLICY_NODE_print(err, plev->anyPolicy, 2);
+                }
+        BIO_free(err);
+        }
+#else
+#define tree_print(a,b,c) /* */
+#endif
 /* Initialize policy tree. Return values:
 *  0 Some internal error occured.
 * -1 Inconsistent or invalid extensions in certificates.
@@ -87,8 +156,10 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
        *ptree = NULL;
        n = sk_X509_num(certs);
+#if 0
        /* Disable policy mapping for now... */
        flags |= X509_V_FLAG_INHIBIT_MAP;
+#endif
        if (flags & X509_V_FLAG_EXPLICIT_POLICY)
                explicit_policy = 0;
@@ -160,7 +231,7 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
        tree->auth_policies = NULL;
        tree->user_policies = NULL;
-        if (!tree)
+        if (!tree->levels)
                {
                OPENSSL_free(tree);
                return 0;
@@ -184,7 +255,6 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
                level++;
                x = sk_X509_value(certs, i);
                cache = policy_cache_set(x);
                CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
                level->cert = x;
@@ -213,13 +283,13 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
                        level->flags |= X509_V_FLAG_INHIBIT_MAP;
                else
                        {
-                        map_skip--;
+                        if (!(x->ex_flags & EXFLAG_SI))
+                                map_skip--;
                        if ((cache->map_skip >= 0)
                                && (cache->map_skip < map_skip))
                                map_skip = cache->map_skip;
                        }
                }
        *ptree = tree;
@@ -237,7 +307,32 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
        }
-/* This corresponds to RFC3280 XXXX XXXXX:
+static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
+                                const X509_POLICY_DATA *data)
+        {
+        X509_POLICY_LEVEL *last = curr - 1;
+        X509_POLICY_NODE *node;
+        int i, matched = 0;
+        /* Iterate through all in nodes linking matches */
+        for (i = 0; i < sk_X509_POLICY_NODE_num(last->nodes); i++)
+                {
+                node = sk_X509_POLICY_NODE_value(last->nodes, i);
+                if (policy_node_match(last, node, data->valid_policy))
+                        {
+                        if (!level_add_node(curr, data, node, NULL))
+                                return 0;
+                        matched = 1;
+                        }
+                }
+        if (!matched && last->anyPolicy)
+                {
+                if (!level_add_node(curr, data, last->anyPolicy, NULL))
+                        return 0;
+                }
+        return 1;
+        }
+/* This corresponds to RFC3280 6.1.3(d)(1):
 * link any data from CertificatePolicies onto matching parent
 * or anyPolicy if no match.
 */
@@ -248,7 +343,6 @@ static int tree_link_nodes(X509_POLICY_LEVEL *curr,
        int i;
        X509_POLICY_LEVEL *last;
        X509_POLICY_DATA *data;
-        X509_POLICY_NODE *parent;
        last = curr - 1;
        for (i = 0; i < sk_X509_POLICY_DATA_num(cache->data); i++)
                {
@@ -261,40 +355,109 @@ static int tree_link_nodes(X509_POLICY_LEVEL *curr,
                 * link because then it will have the mapping flags
                 * right and we can prune it later.
                 */
+#if 0
                if ((data->flags & POLICY_DATA_FLAG_MAPPED_ANY)
                        && !(curr->flags & X509_V_FLAG_INHIBIT_ANY))
                        continue;
-                /* Look for matching node in parent */
+#endif
-                parent = level_find_node(last, data->valid_policy);
+                /* Look for matching nodes in previous level */
-                /* If no match link to anyPolicy */
+                if (!tree_link_matching_nodes(curr, data))
-                if (!parent)
-                        parent = last->anyPolicy;
-                if (parent && !level_add_node(curr, data, parent, NULL))
                                return 0;
                }
        return 1;
        }
-/* This corresponds to RFC3280 XXXX XXXXX:
+/* This corresponds to RFC3280 6.1.3(d)(2):
 * Create new data for any unmatched policies in the parent and link
 * to anyPolicy.
 */
+static int tree_add_unmatched(X509_POLICY_LEVEL *curr,
+                        const X509_POLICY_CACHE *cache,
+                        const ASN1_OBJECT *id,
+                        X509_POLICY_NODE *node,
+                        X509_POLICY_TREE *tree)
+        {
+        X509_POLICY_DATA *data;
+        if (id == NULL)
+                id = node->data->valid_policy;
+        /* Create a new node with qualifiers from anyPolicy and
+         * id from unmatched node.
+         */
+        data = policy_data_new(NULL, id, node_critical(node));
+        if (data == NULL)
+                return 0;
+        /* Curr may not have anyPolicy */
+        data->qualifier_set = cache->anyPolicy->qualifier_set;
+        data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
+        if (!level_add_node(curr, data, node, tree))
+                {
+                policy_data_free(data);
+                return 0;
+                }
+        return 1;
+        }
+static int tree_link_unmatched(X509_POLICY_LEVEL *curr,
+                        const X509_POLICY_CACHE *cache,
+                        X509_POLICY_NODE *node,
+                        X509_POLICY_TREE *tree)
+        {
+        const X509_POLICY_LEVEL *last = curr - 1;
+        int i;
+        if (        (last->flags & X509_V_FLAG_INHIBIT_MAP)
+                || !(node->data->flags & POLICY_DATA_FLAG_MAPPED))
+                {
+                /* If no policy mapping: matched if one child present */
+                if (node->nchild)
+                        return 1;
+                if (!tree_add_unmatched(curr, cache, NULL, node, tree))
+                        return 0;
+                /* Add it */
+                }
+        else
+                {
+                /* If mapping: matched if one child per expected policy set */
+                STACK_OF(ASN1_OBJECT) *expset = node->data->expected_policy_set;
+                if (node->nchild == sk_ASN1_OBJECT_num(expset))
+                        return 1;
+                /* Locate unmatched nodes */
+                for (i = 0; i < sk_ASN1_OBJECT_num(expset); i++)
+                        {
+                        ASN1_OBJECT *oid = sk_ASN1_OBJECT_value(expset, i);
+                        if (level_find_node(curr, node, oid))
+                                continue;
+                        if (!tree_add_unmatched(curr, cache, oid, node, tree))
+                                return 0;
+                        }
+                }
+        return 1;
+        }
 static int tree_link_any(X509_POLICY_LEVEL *curr,
                        const X509_POLICY_CACHE *cache,
                        X509_POLICY_TREE *tree)
        {
        int i;
-        X509_POLICY_DATA *data;
+        /*X509_POLICY_DATA *data;*/
        X509_POLICY_NODE *node;
-        X509_POLICY_LEVEL *last;
+        X509_POLICY_LEVEL *last = curr - 1;
-        last = curr - 1;
        for (i = 0; i < sk_X509_POLICY_NODE_num(last->nodes); i++)
                {
                node = sk_X509_POLICY_NODE_value(last->nodes, i);
+                if (!tree_link_unmatched(curr, cache, node, tree))
+                        return 0;
+#if 0
                /* Skip any node with any children: we only want unmathced
                 * nodes.
                 *
@@ -303,6 +466,7 @@ static int tree_link_any(X509_POLICY_LEVEL *curr,
                 */
                if (node->nchild)
                        continue;
                /* Create a new node with qualifiers from anyPolicy and
                 * id from unmatched node.
                 */
@@ -319,6 +483,9 @@ static int tree_link_any(X509_POLICY_LEVEL *curr,
                        policy_data_free(data);
                        return 0;
                        }
+#endif
                }
        /* Finally add link to anyPolicy */
        if (last->anyPolicy)
@@ -337,30 +504,36 @@ static int tree_link_any(X509_POLICY_LEVEL *curr,
 static int tree_prune(X509_POLICY_TREE *tree, X509_POLICY_LEVEL *curr)
        {
+        STACK_OF(X509_POLICY_NODE) *nodes;
        X509_POLICY_NODE *node;
        int i;
-        for (i = sk_X509_POLICY_NODE_num(curr->nodes) - 1; i >= 0; i--)
+        nodes = curr->nodes;
+        if (curr->flags & X509_V_FLAG_INHIBIT_MAP)
                {
-                node = sk_X509_POLICY_NODE_value(curr->nodes, i);
+                for (i = sk_X509_POLICY_NODE_num(nodes) - 1; i >= 0; i--)
-                /* Delete any mapped data: see RFC3280 XXXX */
-                if (node->data->flags & POLICY_DATA_FLAG_MAP_MASK)
                        {
-                        node->parent->nchild--;
+                        node = sk_X509_POLICY_NODE_value(nodes, i);
-                        OPENSSL_free(node);
+                        /* Delete any mapped data: see RFC3280 XXXX */
-                        (void)sk_X509_POLICY_NODE_delete(curr->nodes, i);
+                        if (node->data->flags & POLICY_DATA_FLAG_MAP_MASK)
+                                {
+                                node->parent->nchild--;
+                                OPENSSL_free(node);
+                                (void)sk_X509_POLICY_NODE_delete(nodes,i);
+                                }
                        }
                }
        for(;;) {
                --curr;
-                for (i = sk_X509_POLICY_NODE_num(curr->nodes) - 1; i >= 0; i--)
+                nodes = curr->nodes;
+                for (i = sk_X509_POLICY_NODE_num(nodes) - 1; i >= 0; i--)
                        {
-                        node = sk_X509_POLICY_NODE_value(curr->nodes, i);
+                        node = sk_X509_POLICY_NODE_value(nodes, i);
                        if (node->nchild == 0)
                                {
                                node->parent->nchild--;
                                OPENSSL_free(node);
-                                (void)sk_X509_POLICY_NODE_delete(curr->nodes, i);
+                                (void)sk_X509_POLICY_NODE_delete(nodes, i);
                                }
                        }
                if (curr->anyPolicy && !curr->anyPolicy->nchild)
@@ -536,6 +709,7 @@ static int tree_evaluate(X509_POLICY_TREE *tree)
                if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY)
                        && !tree_link_any(curr, cache, tree))
                        return 0;
+        tree_print("before tree_prune()", tree, curr);
                ret = tree_prune(tree, curr);
                if (ret != 1)
                        return ret;
@@ -604,7 +778,6 @@ int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
        *pexplicit_policy = 0;
        ret = tree_init(&tree, certs, flags);
        switch (ret)
                {
@@ -613,6 +786,10 @@ int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
                return 1;
                /* Some internal error */
+                case -1:
+                return -1;
+                /* Some internal error */
                case 0:
                return 0;
@@ -646,6 +823,8 @@ int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
        if (!tree) goto error;
        ret = tree_evaluate(tree);
+        tree_print("tree_evaluate()", tree, NULL);
        if (ret <= 0)
                goto error;
diff --git a/src/lib/libcrypto/x509v3/v3_alt.c b/src/lib/libcrypto/x509v3/v3_alt.c
index 58b2952478..d29d94338e 100644
--- a/src/lib/libcrypto/x509v3/v3_alt.c
+++ b/src/lib/libcrypto/x509v3/v3_alt.c
@@ -82,6 +82,12 @@ NULL, NULL, NULL},
 (X509V3_EXT_I2V)i2v_GENERAL_NAMES,
 (X509V3_EXT_V2I)v2i_issuer_alt,
 NULL, NULL, NULL},
+{ NID_certificate_issuer, 0, ASN1_ITEM_ref(GENERAL_NAMES),
+0,0,0,0,
+0,0,
+(X509V3_EXT_I2V)i2v_GENERAL_NAMES,
+NULL, NULL, NULL, NULL},
 };
 STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
@@ -360,6 +366,7 @@ static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p)
                if (move_p)
                        {
                        X509_NAME_delete_entry(nm, i);
+                        X509_NAME_ENTRY_free(ne);
                        i--;
                        }
                if(!email || !(gen = GENERAL_NAME_new())) {
@@ -386,8 +393,8 @@ static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p)
        
 }
-GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
+GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method,
-                                X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+                                 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
 {
        GENERAL_NAME *gen;
        GENERAL_NAMES *gens = NULL;
@@ -408,28 +415,22 @@ GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
        return NULL;
 }
-GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
-                                                         CONF_VALUE *cnf)
+                               CONF_VALUE *cnf)
        {
        return v2i_GENERAL_NAME_ex(NULL, method, ctx, cnf, 0);
        }
-GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
+GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
-                                X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+                               const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
-                                                 CONF_VALUE *cnf, int is_nc)
+                               int gen_type, char *value, int is_nc)
        {
        char is_string = 0;
-        int type;
        GENERAL_NAME *gen = NULL;
-        char *name, *value;
-        name = cnf->name;
-        value = cnf->value;
        if(!value)
                {
-                X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_MISSING_VALUE);
+                X509V3err(X509V3_F_A2I_GENERAL_NAME,X509V3_R_MISSING_VALUE);
                return NULL;
                }
@@ -440,74 +441,62 @@ GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
                gen = GENERAL_NAME_new();
                if(gen == NULL)
                        {
-                        X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,ERR_R_MALLOC_FAILURE);
+                        X509V3err(X509V3_F_A2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE);
                        return NULL;
                        }
                }
-        if(!name_cmp(name, "email"))
+        switch (gen_type)
-                {
-                is_string = 1;
-                type = GEN_EMAIL;
-                }
-        else if(!name_cmp(name, "URI"))
-                {
-                is_string = 1;
-                type = GEN_URI;
-                }
-        else if(!name_cmp(name, "DNS"))
                {
+                case GEN_URI:
+                case GEN_EMAIL:
+                case GEN_DNS:
                is_string = 1;
-                type = GEN_DNS;
+                break;
-                }
+                
-        else if(!name_cmp(name, "RID"))
+                case GEN_RID:
                {
                ASN1_OBJECT *obj;
                if(!(obj = OBJ_txt2obj(value,0)))
                        {
-                        X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_BAD_OBJECT);
+                        X509V3err(X509V3_F_A2I_GENERAL_NAME,X509V3_R_BAD_OBJECT);
                        ERR_add_error_data(2, "value=", value);
                        goto err;
                        }
                gen->d.rid = obj;
-                type = GEN_RID;
                }
-        else if(!name_cmp(name, "IP"))
+                break;
-                {
+                case GEN_IPADD:
                if (is_nc)
                        gen->d.ip = a2i_IPADDRESS_NC(value);
                else
                        gen->d.ip = a2i_IPADDRESS(value);
                if(gen->d.ip == NULL)
                        {
-                        X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_BAD_IP_ADDRESS);
+                        X509V3err(X509V3_F_A2I_GENERAL_NAME,X509V3_R_BAD_IP_ADDRESS);
                        ERR_add_error_data(2, "value=", value);
                        goto err;
                        }
-                type = GEN_IPADD;
+                break;
-                }
-        else if(!name_cmp(name, "dirName"))
+                case GEN_DIRNAME:
-                {
-                type = GEN_DIRNAME;
                if (!do_dirname(gen, value, ctx))
                        {
-                        X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_DIRNAME_ERROR);
+                        X509V3err(X509V3_F_A2I_GENERAL_NAME,X509V3_R_DIRNAME_ERROR);
                        goto err;
                        }
-                }
+                break;
-        else if(!name_cmp(name, "otherName"))
-                {
+                case GEN_OTHERNAME:
                if (!do_othername(gen, value, ctx))
                        {
-                        X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_OTHERNAME_ERROR);
+                        X509V3err(X509V3_F_A2I_GENERAL_NAME,X509V3_R_OTHERNAME_ERROR);
                        goto err;
                        }
-                type = GEN_OTHERNAME;
+                break;
-                }
+                default:
-        else
+                X509V3err(X509V3_F_A2I_GENERAL_NAME,X509V3_R_UNSUPPORTED_TYPE);
-                {
-                X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_UNSUPPORTED_OPTION);
-                ERR_add_error_data(2, "name=", name);
                goto err;
                }
@@ -517,12 +506,12 @@ GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
                              !ASN1_STRING_set(gen->d.ia5, (unsigned char*)value,
                                               strlen(value)))
                        {
-                        X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,ERR_R_MALLOC_FAILURE);
+                        X509V3err(X509V3_F_A2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE);
                        goto err;
                        }
                }
-        gen->type = type;
+        gen->type = gen_type;
        return gen;
@@ -532,6 +521,48 @@ GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
        return NULL;
        }
+GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
+                                  const X509V3_EXT_METHOD *method,
+                                  X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc)
+        {
+        int type;
+        char *name, *value;
+        name = cnf->name;
+        value = cnf->value;
+        if(!value)
+                {
+                X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_MISSING_VALUE);
+                return NULL;
+                }
+        if(!name_cmp(name, "email"))
+                type = GEN_EMAIL;
+        else if(!name_cmp(name, "URI"))
+                type = GEN_URI;
+        else if(!name_cmp(name, "DNS"))
+                type = GEN_DNS;
+        else if(!name_cmp(name, "RID"))
+                type = GEN_RID;
+        else if(!name_cmp(name, "IP"))
+                type = GEN_IPADD;
+        else if(!name_cmp(name, "dirName"))
+                type = GEN_DIRNAME;
+        else if(!name_cmp(name, "otherName"))
+                type = GEN_OTHERNAME;
+        else
+                {
+                X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_UNSUPPORTED_OPTION);
+                ERR_add_error_data(2, "name=", name);
+                return NULL;
+                }
+        return a2i_GENERAL_NAME(out, method, ctx, type, value, is_nc);
+        }
 static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)
        {
        char *objtmp = NULL, *p;
@@ -577,6 +608,7 @@ static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)
        if (!ret)
                X509_NAME_free(nm);
        gen->d.dirn = nm;
+        X509V3_section_free(ctx, sk);
                
        return ret;
        }
diff --git a/src/lib/libcrypto/x509v3/v3_conf.c b/src/lib/libcrypto/x509v3/v3_conf.c
index 11eb6b7fd5..6730f9a6ee 100644
--- a/src/lib/libcrypto/x509v3/v3_conf.c
+++ b/src/lib/libcrypto/x509v3/v3_conf.c
@@ -72,14 +72,14 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, in
 static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type, X509V3_CTX *ctx);
 static char *conf_lhash_get_string(void *db, char *section, char *value);
 static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section);
-static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
+static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid,
-                                                 int crit, void *ext_struc);
+                                  int crit, void *ext_struc);
 static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len);
 /* CONF *conf:  Config file    */
 /* char *name:  Name    */
 /* char *value:  Value    */
 X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name,
-             char *value)
+                                 char *value)
        {
        int crit;
        int ext_type;
@@ -99,7 +99,7 @@ X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name,
 /* CONF *conf:  Config file    */
 /* char *value:  Value    */
 X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
-             char *value)
+                                     char *value)
        {
        int crit;
        int ext_type;
@@ -113,9 +113,9 @@ X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
 /* CONF *conf:  Config file    */
 /* char *value:  Value    */
 static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
-             int crit, char *value)
+                                    int crit, char *value)
        {
-        X509V3_EXT_METHOD *method;
+        const X509V3_EXT_METHOD *method;
        X509_EXTENSION *ext;
        STACK_OF(CONF_VALUE) *nval;
        void *ext_struc;
@@ -172,8 +172,8 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
        }
-static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
+static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid,
-                                                 int crit, void *ext_struc)
+                                  int crit, void *ext_struc)
        {
        unsigned char *ext_der;
        int ext_len;
@@ -214,7 +214,7 @@ static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
 X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc)
        {
-        X509V3_EXT_METHOD *method;
+        const X509V3_EXT_METHOD *method;
        if (!(method = X509V3_EXT_get_nid(ext_nid))) {
                X509V3err(X509V3_F_X509V3_EXT_I2D,X509V3_R_UNKNOWN_EXTENSION);
                return NULL;
@@ -258,7 +258,8 @@ static int v3_check_generic(char **value)
 /* Create a generic extension: for now just handle DER type */
 static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,
-             int crit, int gen_type, X509V3_CTX *ctx)
+                                            int crit, int gen_type,
+                                            X509V3_CTX *ctx)
        {
        unsigned char *ext_der=NULL;
        long ext_len;
@@ -322,7 +323,7 @@ static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len)
 int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section,
-             STACK_OF(X509_EXTENSION) **sk)
+                            STACK_OF(X509_EXTENSION) **sk)
        {
        X509_EXTENSION *ext;
        STACK_OF(CONF_VALUE) *nval;
@@ -343,7 +344,7 @@ int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section,
 /* Convenience functions to add extensions to a certificate, CRL and request */
 int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
-             X509 *cert)
+                         X509 *cert)
        {
        STACK_OF(X509_EXTENSION) **sk = NULL;
        if (cert)
@@ -354,7 +355,7 @@ int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
 /* Same as above but for a CRL */
 int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
-             X509_CRL *crl)
+                             X509_CRL *crl)
        {
        STACK_OF(X509_EXTENSION) **sk = NULL;
        if (crl)
@@ -443,7 +444,7 @@ void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf)
        }
 void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req,
-             X509_CRL *crl, int flags)
+                    X509_CRL *crl, int flags)
        {
        ctx->issuer_cert = issuer;
        ctx->subject_cert = subj;
@@ -454,8 +455,8 @@ void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req,
 /* Old conf compatibility functions */
-X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name,
+X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
-             char *value)
+                                char *name, char *value)
        {
        CONF ctmp;
        CONF_set_nconf(&ctmp, conf);
@@ -464,8 +465,8 @@ X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name,
 /* LHASH *conf:  Config file    */
 /* char *value:  Value    */
-X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid,
+X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
-             char *value)
+                                    int ext_nid, char *value)
        {
        CONF ctmp;
        CONF_set_nconf(&ctmp, conf);
@@ -489,14 +490,14 @@ NULL,
 NULL
 };
-void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash)
+void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash)
        {
        ctx->db_meth = &conf_lhash_method;
        ctx->db = lhash;
        }
-int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
+int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
-             X509 *cert)
+                        char *section, X509 *cert)
        {
        CONF ctmp;
        CONF_set_nconf(&ctmp, conf);
@@ -505,8 +506,8 @@ int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
 /* Same as above but for a CRL */
-int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
+int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
-             X509_CRL *crl)
+                            char *section, X509_CRL *crl)
        {
        CONF ctmp;
        CONF_set_nconf(&ctmp, conf);
@@ -515,8 +516,8 @@ int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
 /* Add extensions to certificate request */
-int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
+int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
-             X509_REQ *req)
+                            char *section, X509_REQ *req)
        {
        CONF ctmp;
        CONF_set_nconf(&ctmp, conf);
diff --git a/src/lib/libcrypto/x509v3/v3_cpols.c b/src/lib/libcrypto/x509v3/v3_cpols.c
index ad0506d75c..1f0798b946 100644
--- a/src/lib/libcrypto/x509v3/v3_cpols.c
+++ b/src/lib/libcrypto/x509v3/v3_cpols.c
@@ -450,5 +450,8 @@ void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent)
        else
                BIO_printf(out, "%*sNo Qualifiers\n", indent + 2, "");
        }
-        
 IMPLEMENT_STACK_OF(X509_POLICY_NODE)
+IMPLEMENT_STACK_OF(X509_POLICY_DATA)
diff --git a/src/lib/libcrypto/x509v3/v3_crld.c b/src/lib/libcrypto/x509v3/v3_crld.c
index 181a8977b1..790a6dd032 100644
--- a/src/lib/libcrypto/x509v3/v3_crld.c
+++ b/src/lib/libcrypto/x509v3/v3_crld.c
@@ -3,7 +3,7 @@
 * project 1999.
 */
 /* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -63,45 +63,254 @@
 #include <openssl/asn1t.h>
 #include <openssl/x509v3.h>
-static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method,
+static void *v2i_crld(const X509V3_EXT_METHOD *method,
-                STACK_OF(DIST_POINT) *crld, STACK_OF(CONF_VALUE) *extlist);
+                      X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method,
+static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out,
-                                X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+                     int indent);
-const X509V3_EXT_METHOD v3_crld = {
+const X509V3_EXT_METHOD v3_crld =
-NID_crl_distribution_points, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(CRL_DIST_POINTS),
+        {
-0,0,0,0,
+        NID_crl_distribution_points, 0, ASN1_ITEM_ref(CRL_DIST_POINTS),
-0,0,
+        0,0,0,0,
-(X509V3_EXT_I2V)i2v_crld,
+        0,0,
-(X509V3_EXT_V2I)v2i_crld,
+        0,
-0,0,
+        v2i_crld,
-NULL
+        i2r_crldp,0,
+        NULL
+        };
+const X509V3_EXT_METHOD v3_freshest_crl =
+        {
+        NID_freshest_crl, 0, ASN1_ITEM_ref(CRL_DIST_POINTS),
+        0,0,0,0,
+        0,0,
+        0,
+        v2i_crld,
+        i2r_crldp,0,
+        NULL
+        };
+static STACK_OF(GENERAL_NAME) *gnames_from_sectname(X509V3_CTX *ctx, char *sect)
+        {
+        STACK_OF(CONF_VALUE) *gnsect;
+        STACK_OF(GENERAL_NAME) *gens;
+        if (*sect == '@')
+                gnsect = X509V3_get_section(ctx, sect + 1);
+        else
+                gnsect = X509V3_parse_list(sect);
+        if (!gnsect)
+                {
+                X509V3err(X509V3_F_GNAMES_FROM_SECTNAME,
+                                                X509V3_R_SECTION_NOT_FOUND);
+                return NULL;
+                }
+        gens = v2i_GENERAL_NAMES(NULL, ctx, gnsect);
+        if (*sect == '@')
+                X509V3_section_free(ctx, gnsect);
+        else
+                sk_CONF_VALUE_pop_free(gnsect, X509V3_conf_free);
+        return gens;
+        }
+static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx,
+                                                        CONF_VALUE *cnf)
+        {
+        STACK_OF(GENERAL_NAME) *fnm = NULL;
+        STACK_OF(X509_NAME_ENTRY) *rnm = NULL;
+        if (!strncmp(cnf->name, "fullname", 9))
+                {
+                fnm = gnames_from_sectname(ctx, cnf->value);
+                if (!fnm)
+                        goto err;
+                }
+        else if (!strcmp(cnf->name, "relativename"))
+                {
+                int ret;
+                STACK_OF(CONF_VALUE) *dnsect;
+                X509_NAME *nm;
+                nm = X509_NAME_new();
+                if (!nm)
+                        return -1;
+                dnsect = X509V3_get_section(ctx, cnf->value);
+                if (!dnsect)
+                        {
+                        X509V3err(X509V3_F_SET_DIST_POINT_NAME,
+                                                X509V3_R_SECTION_NOT_FOUND);
+                        return -1;
+                        }
+                ret = X509V3_NAME_from_section(nm, dnsect, MBSTRING_ASC);
+                X509V3_section_free(ctx, dnsect);
+                rnm = nm->entries;
+                nm->entries = NULL;
+                X509_NAME_free(nm);
+                if (!ret || sk_X509_NAME_ENTRY_num(rnm) <= 0)
+                        goto err;
+                /* Since its a name fragment can't have more than one
+                 * RDNSequence
+                 */
+                if (sk_X509_NAME_ENTRY_value(rnm,
+                                sk_X509_NAME_ENTRY_num(rnm) - 1)->set)
+                        {
+                        X509V3err(X509V3_F_SET_DIST_POINT_NAME,
+                                                X509V3_R_INVALID_MULTIPLE_RDNS);
+                        goto err;
+                        }
+                }
+        else
+                return 0;
+        if (*pdp)
+                {
+                X509V3err(X509V3_F_SET_DIST_POINT_NAME,
+                                                X509V3_R_DISTPOINT_ALREADY_SET);
+                goto err;
+                }
+        *pdp = DIST_POINT_NAME_new();
+        if (!*pdp)
+                goto err;
+        if (fnm)
+                {
+                (*pdp)->type = 0;
+                (*pdp)->name.fullname = fnm;
+                }
+        else
+                {
+                (*pdp)->type = 1;
+                (*pdp)->name.relativename = rnm;
+                }
+        return 1;
+                
+        err:
+        if (fnm)
+                sk_GENERAL_NAME_pop_free(fnm, GENERAL_NAME_free);
+        if (rnm)
+                sk_X509_NAME_ENTRY_pop_free(rnm, X509_NAME_ENTRY_free);
+        return -1;
+        }
+static const BIT_STRING_BITNAME reason_flags[] = {
+{0, "Unused", "unused"},
+{1, "Key Compromise", "keyCompromise"},
+{2, "CA Compromise", "CACompromise"},
+{3, "Affiliation Changed", "affiliationChanged"},
+{4, "Superseded", "superseded"},
+{5, "Cessation Of Operation", "cessationOfOperation"},
+{6, "Certificate Hold", "certificateHold"},
+{7, "Privilege Withdrawn", "privilegeWithdrawn"},
+{8, "AA Compromise", "AACompromise"},
+{-1, NULL, NULL}
 };
-static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method,
+static int set_reasons(ASN1_BIT_STRING **preas, char *value)
-                        STACK_OF(DIST_POINT) *crld, STACK_OF(CONF_VALUE) *exts)
+        {
-{
+        STACK_OF(CONF_VALUE) *rsk = NULL;
-        DIST_POINT *point;
+        const BIT_STRING_BITNAME *pbn;
+        const char *bnam;
+        int i, ret = 0;
+        rsk = X509V3_parse_list(value);
+        if (!rsk)
+                return 0;
+        if (*preas)
+                return 0;
+        for (i = 0; i < sk_CONF_VALUE_num(rsk); i++)
+                {
+                bnam = sk_CONF_VALUE_value(rsk, i)->name;
+                if (!*preas)
+                        {
+                        *preas = ASN1_BIT_STRING_new();
+                        if (!*preas)
+                                goto err;
+                        }
+                for (pbn = reason_flags; pbn->lname; pbn++)
+                        {
+                        if (!strcmp(pbn->sname, bnam))
+                                {
+                                if (!ASN1_BIT_STRING_set_bit(*preas,
+                                                        pbn->bitnum, 1))
+                                        goto err;
+                                break;
+                                }
+                        }
+                if (!pbn->lname)
+                        goto err;
+                }
+        ret = 1;
+        err:
+        sk_CONF_VALUE_pop_free(rsk, X509V3_conf_free);
+        return ret;
+        }
+static int print_reasons(BIO *out, const char *rname,
+                        ASN1_BIT_STRING *rflags, int indent)
+        {
+        int first = 1;
+        const BIT_STRING_BITNAME *pbn;
+        BIO_printf(out, "%*s%s:\n%*s", indent, "", rname, indent + 2, "");
+        for (pbn = reason_flags; pbn->lname; pbn++)
+                {
+                if (ASN1_BIT_STRING_get_bit(rflags, pbn->bitnum))
+                        {
+                        if (first)
+                                first = 0;
+                        else
+                                BIO_puts(out, ", ");
+                        BIO_puts(out, pbn->lname);
+                        }
+                }
+        if (first)
+                BIO_puts(out, "<EMPTY>\n");
+        else
+                BIO_puts(out, "\n");
+        return 1;
+        }
+static DIST_POINT *crldp_from_section(X509V3_CTX *ctx,
+                                                STACK_OF(CONF_VALUE) *nval)
+        {
        int i;
-        for(i = 0; i < sk_DIST_POINT_num(crld); i++) {
+        CONF_VALUE *cnf;
-                point = sk_DIST_POINT_value(crld, i);
+        DIST_POINT *point = NULL;
-                if(point->distpoint) {
+        point = DIST_POINT_new();
-                        if(point->distpoint->type == 0)
+        if (!point)
-                                exts = i2v_GENERAL_NAMES(NULL,
+                goto err;
-                                         point->distpoint->name.fullname, exts);
+        for(i = 0; i < sk_CONF_VALUE_num(nval); i++)
-                        else X509V3_add_value("RelativeName","<UNSUPPORTED>", &exts);
+                {
+                int ret;
+                cnf = sk_CONF_VALUE_value(nval, i);
+                ret = set_dist_point_name(&point->distpoint, ctx, cnf);
+                if (ret > 0)
+                        continue;
+                if (ret < 0)
+                        goto err;
+                if (!strcmp(cnf->name, "reasons"))
+                        {
+                        if (!set_reasons(&point->reasons, cnf->value))
+                                goto err;
+                        }
+                else if (!strcmp(cnf->name, "CRLissuer"))
+                        {
+                        point->CRLissuer =
+                                gnames_from_sectname(ctx, cnf->value);
+                        if (!point->CRLissuer)
+                                goto err;
+                        }
                }
-                if(point->reasons) 
-                        X509V3_add_value("reasons","<UNSUPPORTED>", &exts);
+        return point;
-                if(point->CRLissuer)
+                        
-                        X509V3_add_value("CRLissuer","<UNSUPPORTED>", &exts);
+        err:
+        if (point)
+                DIST_POINT_free(point);
+        return NULL;
        }
-        return exts;
-}
-static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method,
+static void *v2i_crld(const X509V3_EXT_METHOD *method,
-                                X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+                      X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
-{
+        {
        STACK_OF(DIST_POINT) *crld = NULL;
        GENERAL_NAMES *gens = NULL;
        GENERAL_NAME *gen = NULL;
@@ -111,19 +320,44 @@ static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method,
        for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
                DIST_POINT *point;
                cnf = sk_CONF_VALUE_value(nval, i);
-                if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) goto err; 
+                if (!cnf->value)
-                if(!(gens = GENERAL_NAMES_new())) goto merr;
+                        {
-                if(!sk_GENERAL_NAME_push(gens, gen)) goto merr;
+                        STACK_OF(CONF_VALUE) *dpsect;
-                gen = NULL;
+                        dpsect = X509V3_get_section(ctx, cnf->name);
-                if(!(point = DIST_POINT_new())) goto merr;
+                        if (!dpsect)
-                if(!sk_DIST_POINT_push(crld, point)) {
+                                goto err;
-                        DIST_POINT_free(point);
+                        point = crldp_from_section(ctx, dpsect);
-                        goto merr;
+                        X509V3_section_free(ctx, dpsect);
-                }
+                        if (!point)
-                if(!(point->distpoint = DIST_POINT_NAME_new())) goto merr;
+                                goto err;
-                point->distpoint->name.fullname = gens;
+                        if(!sk_DIST_POINT_push(crld, point))
-                point->distpoint->type = 0;
+                                {
-                gens = NULL;
+                                DIST_POINT_free(point);
+                                goto merr;
+                                }
+                        }
+                else
+                        {
+                        if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
+                                goto err; 
+                        if(!(gens = GENERAL_NAMES_new()))
+                                goto merr;
+                        if(!sk_GENERAL_NAME_push(gens, gen))
+                                goto merr;
+                        gen = NULL;
+                        if(!(point = DIST_POINT_new()))
+                                goto merr;
+                        if(!sk_DIST_POINT_push(crld, point))
+                                {
+                                DIST_POINT_free(point);
+                                goto merr;
+                                }
+                        if(!(point->distpoint = DIST_POINT_NAME_new()))
+                                goto merr;
+                        point->distpoint->name.fullname = gens;
+                        point->distpoint->type = 0;
+                        gens = NULL;
+                        }
        }
        return crld;
@@ -139,11 +373,31 @@ static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method,
 IMPLEMENT_STACK_OF(DIST_POINT)
 IMPLEMENT_ASN1_SET_OF(DIST_POINT)
+static int dpn_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                                                                void *exarg)
+        {
+        DIST_POINT_NAME *dpn = (DIST_POINT_NAME *)*pval;
+        switch(operation)
+                {
+                case ASN1_OP_NEW_POST:
+                dpn->dpname = NULL;
+                break;
+                case ASN1_OP_FREE_POST:
+                if (dpn->dpname)
+                        X509_NAME_free(dpn->dpname);
+                break;
+                }
+        return 1;
+        }
-ASN1_CHOICE(DIST_POINT_NAME) = {
+ASN1_CHOICE_cb(DIST_POINT_NAME, dpn_cb) = {
        ASN1_IMP_SEQUENCE_OF(DIST_POINT_NAME, name.fullname, GENERAL_NAME, 0),
        ASN1_IMP_SET_OF(DIST_POINT_NAME, name.relativename, X509_NAME_ENTRY, 1)
-} ASN1_CHOICE_END(DIST_POINT_NAME)
+} ASN1_CHOICE_END_cb(DIST_POINT_NAME, DIST_POINT_NAME, type)
 IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT_NAME)
@@ -160,3 +414,203 @@ ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) =
 ASN1_ITEM_TEMPLATE_END(CRL_DIST_POINTS)
 IMPLEMENT_ASN1_FUNCTIONS(CRL_DIST_POINTS)
+ASN1_SEQUENCE(ISSUING_DIST_POINT) = {
+        ASN1_EXP_OPT(ISSUING_DIST_POINT, distpoint, DIST_POINT_NAME, 0),
+        ASN1_IMP_OPT(ISSUING_DIST_POINT, onlyuser, ASN1_FBOOLEAN, 1),
+        ASN1_IMP_OPT(ISSUING_DIST_POINT, onlyCA, ASN1_FBOOLEAN, 2),
+        ASN1_IMP_OPT(ISSUING_DIST_POINT, onlysomereasons, ASN1_BIT_STRING, 3),
+        ASN1_IMP_OPT(ISSUING_DIST_POINT, indirectCRL, ASN1_FBOOLEAN, 4),
+        ASN1_IMP_OPT(ISSUING_DIST_POINT, onlyattr, ASN1_FBOOLEAN, 5)
+} ASN1_SEQUENCE_END(ISSUING_DIST_POINT)
+IMPLEMENT_ASN1_FUNCTIONS(ISSUING_DIST_POINT)
+static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out,
+                   int indent);
+static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+                     STACK_OF(CONF_VALUE) *nval);
+const X509V3_EXT_METHOD v3_idp =
+        {
+        NID_issuing_distribution_point, X509V3_EXT_MULTILINE,
+        ASN1_ITEM_ref(ISSUING_DIST_POINT),
+        0,0,0,0,
+        0,0,
+        0,
+        v2i_idp,
+        i2r_idp,0,
+        NULL
+        };
+static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+                     STACK_OF(CONF_VALUE) *nval)
+        {
+        ISSUING_DIST_POINT *idp = NULL;
+        CONF_VALUE *cnf;
+        char *name, *val;
+        int i, ret;
+        idp = ISSUING_DIST_POINT_new();
+        if (!idp)
+                goto merr;
+        for(i = 0; i < sk_CONF_VALUE_num(nval); i++)
+                {
+                cnf = sk_CONF_VALUE_value(nval, i);
+                name = cnf->name;
+                val = cnf->value;
+                ret = set_dist_point_name(&idp->distpoint, ctx, cnf);
+                if (ret > 0)
+                        continue;
+                if (ret < 0)
+                        goto err;
+                if (!strcmp(name, "onlyuser"))
+                        {
+                        if (!X509V3_get_value_bool(cnf, &idp->onlyuser))
+                                goto err;
+                        }
+                else if (!strcmp(name, "onlyCA"))
+                        {
+                        if (!X509V3_get_value_bool(cnf, &idp->onlyCA))
+                                goto err;
+                        }
+                else if (!strcmp(name, "onlyAA"))
+                        {
+                        if (!X509V3_get_value_bool(cnf, &idp->onlyattr))
+                                goto err;
+                        }
+                else if (!strcmp(name, "indirectCRL"))
+                        {
+                        if (!X509V3_get_value_bool(cnf, &idp->indirectCRL))
+                                goto err;
+                        }
+                else if (!strcmp(name, "onlysomereasons"))
+                        {
+                        if (!set_reasons(&idp->onlysomereasons, val))
+                                goto err;
+                        }
+                else
+                        {
+                        X509V3err(X509V3_F_V2I_IDP, X509V3_R_INVALID_NAME);
+                        X509V3_conf_err(cnf);
+                        goto err;
+                        }
+                }
+        return idp;
+        merr:
+        X509V3err(X509V3_F_V2I_IDP,ERR_R_MALLOC_FAILURE);
+        err:
+        ISSUING_DIST_POINT_free(idp);
+        return NULL;
+        }
+static int print_gens(BIO *out, STACK_OF(GENERAL_NAME) *gens, int indent)
+        {
+        int i;
+        for (i = 0; i < sk_GENERAL_NAME_num(gens); i++)
+                {
+                BIO_printf(out, "%*s", indent + 2, "");
+                GENERAL_NAME_print(out, sk_GENERAL_NAME_value(gens, i));
+                BIO_puts(out, "\n");
+                }
+        return 1;
+        }
+static int print_distpoint(BIO *out, DIST_POINT_NAME *dpn, int indent)
+        {
+        if (dpn->type == 0)
+                {
+                BIO_printf(out, "%*sFull Name:\n", indent, "");
+                print_gens(out, dpn->name.fullname, indent);
+                }
+        else
+                {
+                X509_NAME ntmp;
+                ntmp.entries = dpn->name.relativename;
+                BIO_printf(out, "%*sRelative Name:\n%*s",
+                                                indent, "", indent + 2, "");
+                X509_NAME_print_ex(out, &ntmp, 0, XN_FLAG_ONELINE);
+                BIO_puts(out, "\n");
+                }
+        return 1;
+        }
+static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out,
+                   int indent)
+        {
+        ISSUING_DIST_POINT *idp = pidp;
+        if (idp->distpoint)
+                print_distpoint(out, idp->distpoint, indent);
+        if (idp->onlyuser > 0)
+                BIO_printf(out, "%*sOnly User Certificates\n", indent, "");
+        if (idp->onlyCA > 0)
+                BIO_printf(out, "%*sOnly CA Certificates\n", indent, "");
+        if (idp->indirectCRL > 0)
+                BIO_printf(out, "%*sIndirect CRL\n", indent, "");
+        if (idp->onlysomereasons)
+                print_reasons(out, "Only Some Reasons", 
+                                idp->onlysomereasons, indent);
+        if (idp->onlyattr > 0)
+                BIO_printf(out, "%*sOnly Attribute Certificates\n", indent, "");
+        if (!idp->distpoint && (idp->onlyuser <= 0) && (idp->onlyCA <= 0)
+                && (idp->indirectCRL <= 0) && !idp->onlysomereasons
+                && (idp->onlyattr <= 0))
+                BIO_printf(out, "%*s<EMPTY>\n", indent, "");
+                
+        return 1;
+        }
+static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out,
+                     int indent)
+        {
+        STACK_OF(DIST_POINT) *crld = pcrldp;
+        DIST_POINT *point;
+        int i;
+        for(i = 0; i < sk_DIST_POINT_num(crld); i++)
+                {
+                BIO_puts(out, "\n");
+                point = sk_DIST_POINT_value(crld, i);
+                if(point->distpoint)
+                        print_distpoint(out, point->distpoint, indent);
+                if(point->reasons) 
+                        print_reasons(out, "Reasons", point->reasons,
+                                                                indent);
+                if(point->CRLissuer)
+                        {
+                        BIO_printf(out, "%*sCRL Issuer:\n", indent, "");
+                        print_gens(out, point->CRLissuer, indent);
+                        }
+                }
+        return 1;
+        }
+int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname)
+        {
+        int i;
+        STACK_OF(X509_NAME_ENTRY) *frag;
+        X509_NAME_ENTRY *ne;
+        if (!dpn || (dpn->type != 1))
+                return 1;
+        frag = dpn->name.relativename;
+        dpn->dpname = X509_NAME_dup(iname);
+        if (!dpn->dpname)
+                return 0;
+        for (i = 0; i < sk_X509_NAME_ENTRY_num(frag); i++)
+                {
+                ne = sk_X509_NAME_ENTRY_value(frag, i);
+                if (!X509_NAME_add_entry(dpn->dpname, ne, -1, i ? 0 : 1))
+                        {
+                        X509_NAME_free(dpn->dpname);
+                        dpn->dpname = NULL;
+                        return 0;
+                        }
+                }
+        /* generate cached encoding of name */
+        if (i2d_X509_NAME(dpn->dpname, NULL) < 0)
+                {
+                X509_NAME_free(dpn->dpname);
+                dpn->dpname = NULL;
+                return 0;
+                }
+        return 1;
+        }
diff --git a/src/lib/libcrypto/x509v3/v3_enum.c b/src/lib/libcrypto/x509v3/v3_enum.c
index 36576eaa4d..c0575e368d 100644
--- a/src/lib/libcrypto/x509v3/v3_enum.c
+++ b/src/lib/libcrypto/x509v3/v3_enum.c
@@ -61,14 +61,17 @@
 #include <openssl/x509v3.h>
 static ENUMERATED_NAMES crl_reasons[] = {
-{0, "Unspecified", "unspecified"},
+{CRL_REASON_UNSPECIFIED,         "Unspecified", "unspecified"},
-{1, "Key Compromise", "keyCompromise"},
+{CRL_REASON_KEY_COMPROMISE,      "Key Compromise", "keyCompromise"},
-{2, "CA Compromise", "CACompromise"},
+{CRL_REASON_CA_COMPROMISE,       "CA Compromise", "CACompromise"},
-{3, "Affiliation Changed", "affiliationChanged"},
+{CRL_REASON_AFFILIATION_CHANGED, "Affiliation Changed", "affiliationChanged"},
-{4, "Superseded", "superseded"},
+{CRL_REASON_SUPERSEDED,          "Superseded", "superseded"},
-{5, "Cessation Of Operation", "cessationOfOperation"},
+{CRL_REASON_CESSATION_OF_OPERATION,
-{6, "Certificate Hold", "certificateHold"},
+                        "Cessation Of Operation", "cessationOfOperation"},
-{8, "Remove From CRL", "removeFromCRL"},
+{CRL_REASON_CERTIFICATE_HOLD,    "Certificate Hold", "certificateHold"},
+{CRL_REASON_REMOVE_FROM_CRL,     "Remove From CRL", "removeFromCRL"},
+{CRL_REASON_PRIVILEGE_WITHDRAWN, "Privilege Withdrawn", "privilegeWithdrawn"},
+{CRL_REASON_AA_COMPROMISE,       "AA Compromise", "AACompromise"},
 {-1, NULL, NULL}
 };
diff --git a/src/lib/libcrypto/x509v3/v3_extku.c b/src/lib/libcrypto/x509v3/v3_extku.c
index c0d14500ed..1c66532757 100644
--- a/src/lib/libcrypto/x509v3/v3_extku.c
+++ b/src/lib/libcrypto/x509v3/v3_extku.c
@@ -63,9 +63,10 @@
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>
-static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
+static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method,
-                                X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+                                    X509V3_CTX *ctx,
-static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
+                                    STACK_OF(CONF_VALUE) *nval);
+static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method,
                void *eku, STACK_OF(CONF_VALUE) *extlist);
 const X509V3_EXT_METHOD v3_ext_ku = {
@@ -97,8 +98,9 @@ ASN1_ITEM_TEMPLATE_END(EXTENDED_KEY_USAGE)
 IMPLEMENT_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE)
-static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
+static STACK_OF(CONF_VALUE) *
-                void *a, STACK_OF(CONF_VALUE) *ext_list)
+  i2v_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method, void *a,
+                         STACK_OF(CONF_VALUE) *ext_list)
 {
        EXTENDED_KEY_USAGE *eku = a;
        int i;
@@ -112,8 +114,8 @@ static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
        return ext_list;
 }
-static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
+static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method,
-                                X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+                                    X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
 {
        EXTENDED_KEY_USAGE *extku;
        char *extval;
diff --git a/src/lib/libcrypto/x509v3/v3_genn.c b/src/lib/libcrypto/x509v3/v3_genn.c
index 84b4b1c881..b628357301 100644
--- a/src/lib/libcrypto/x509v3/v3_genn.c
+++ b/src/lib/libcrypto/x509v3/v3_genn.c
@@ -3,7 +3,7 @@
 * project 1999.
 */
 /* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -99,3 +99,154 @@ ASN1_ITEM_TEMPLATE(GENERAL_NAMES) =
 ASN1_ITEM_TEMPLATE_END(GENERAL_NAMES)
 IMPLEMENT_ASN1_FUNCTIONS(GENERAL_NAMES)
+GENERAL_NAME *GENERAL_NAME_dup(GENERAL_NAME *a)
+        {
+        return (GENERAL_NAME *) ASN1_dup((i2d_of_void *) i2d_GENERAL_NAME,
+                                         (d2i_of_void *) d2i_GENERAL_NAME,
+                                         (char *) a);
+        }
+/* Returns 0 if they are equal, != 0 otherwise. */
+int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b)
+        {
+        int result = -1;
+        if (!a || !b || a->type != b->type) return -1;
+        switch(a->type)
+                {
+        case GEN_X400:
+        case GEN_EDIPARTY:
+                result = ASN1_TYPE_cmp(a->d.other, b->d.other);
+                break;
+        case GEN_OTHERNAME:
+                result = OTHERNAME_cmp(a->d.otherName, b->d.otherName);
+                break;
+        case GEN_EMAIL:
+        case GEN_DNS:
+        case GEN_URI:
+                result = ASN1_STRING_cmp(a->d.ia5, b->d.ia5);
+                break;
+        case GEN_DIRNAME:
+                result = X509_NAME_cmp(a->d.dirn, b->d.dirn);
+                break;
+        case GEN_IPADD:
+                result = ASN1_OCTET_STRING_cmp(a->d.ip, b->d.ip);
+                break;
+        
+        case GEN_RID:
+                result = OBJ_cmp(a->d.rid, b->d.rid);
+                break;
+                }
+        return result;
+        }
+/* Returns 0 if they are equal, != 0 otherwise. */
+int OTHERNAME_cmp(OTHERNAME *a, OTHERNAME *b)
+        {
+        int result = -1;
+        if (!a || !b) return -1;
+        /* Check their type first. */
+        if ((result = OBJ_cmp(a->type_id, b->type_id)) != 0)
+                return result;
+        /* Check the value. */
+        result = ASN1_TYPE_cmp(a->value, b->value);
+        return result;
+        }
+void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value)
+        {
+        switch(type)
+                {
+        case GEN_X400:
+        case GEN_EDIPARTY:
+                a->d.other = value;
+                break;
+        case GEN_OTHERNAME:
+                a->d.otherName = value;
+                break;
+        case GEN_EMAIL:
+        case GEN_DNS:
+        case GEN_URI:
+                a->d.ia5 = value;
+                break;
+        case GEN_DIRNAME:
+                a->d.dirn = value;
+                break;
+        case GEN_IPADD:
+                a->d.ip = value;
+                break;
+        
+        case GEN_RID:
+                a->d.rid = value;
+                break;
+                }
+        a->type = type;
+        }
+void *GENERAL_NAME_get0_value(GENERAL_NAME *a, int *ptype)
+        {
+        if (ptype)
+                *ptype = a->type;
+        switch(a->type)
+                {
+        case GEN_X400:
+        case GEN_EDIPARTY:
+                return a->d.other;
+        case GEN_OTHERNAME:
+                return a->d.otherName;
+        case GEN_EMAIL:
+        case GEN_DNS:
+        case GEN_URI:
+                return a->d.ia5;
+        case GEN_DIRNAME:
+                return a->d.dirn;
+        case GEN_IPADD:
+                return a->d.ip;
+        
+        case GEN_RID:
+                return a->d.rid;
+        default:
+                return NULL;
+                }
+        }
+int GENERAL_NAME_set0_othername(GENERAL_NAME *gen,
+                                ASN1_OBJECT *oid, ASN1_TYPE *value)
+        {
+        OTHERNAME *oth;
+        oth = OTHERNAME_new();
+        if (!oth)
+                return 0;
+        oth->type_id = oid;
+        oth->value = value;
+        GENERAL_NAME_set0_value(gen, GEN_OTHERNAME, oth);
+        return 1;
+        }
+int GENERAL_NAME_get0_otherName(GENERAL_NAME *gen, 
+                                ASN1_OBJECT **poid, ASN1_TYPE **pvalue)
+        {
+        if (gen->type != GEN_OTHERNAME)
+                return 0;
+        if (poid)
+                *poid = gen->d.otherName->type_id;
+        if (pvalue)
+                *pvalue = gen->d.otherName->value;
+        return 1;
+        }
diff --git a/src/lib/libcrypto/x509v3/v3_lib.c b/src/lib/libcrypto/x509v3/v3_lib.c
index df3a48f43e..0f1e1d4422 100644
--- a/src/lib/libcrypto/x509v3/v3_lib.c
+++ b/src/lib/libcrypto/x509v3/v3_lib.c
@@ -84,20 +84,24 @@ int X509V3_EXT_add(X509V3_EXT_METHOD *ext)
 }
 static int ext_cmp(const X509V3_EXT_METHOD * const *a,
-                const X509V3_EXT_METHOD * const *b)
+                   const X509V3_EXT_METHOD * const *b)
 {
        return ((*a)->ext_nid - (*b)->ext_nid);
 }
-X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid)
+DECLARE_OBJ_BSEARCH_CMP_FN(const X509V3_EXT_METHOD *, const X509V3_EXT_METHOD *,
+                           ext);
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(const X509V3_EXT_METHOD *,
+                             const X509V3_EXT_METHOD *, ext);
+const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid)
 {
-        X509V3_EXT_METHOD tmp, *t = &tmp, **ret;
+        X509V3_EXT_METHOD tmp;
+        const X509V3_EXT_METHOD *t = &tmp, * const *ret;
        int idx;
        if(nid < 0) return NULL;
        tmp.ext_nid = nid;
-        ret = (X509V3_EXT_METHOD **) OBJ_bsearch((char *)&t,
+        ret = OBJ_bsearch_ext(&t, standard_exts, STANDARD_EXTENSION_COUNT);
-                        (char *)standard_exts, STANDARD_EXTENSION_COUNT,
-                        sizeof(X509V3_EXT_METHOD *), (int (*)(const void *, const void *))ext_cmp);
        if(ret) return *ret;
        if(!ext_list) return NULL;
        idx = sk_X509V3_EXT_METHOD_find(ext_list, &tmp);
@@ -105,7 +109,7 @@ X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid)
        return sk_X509V3_EXT_METHOD_value(ext_list, idx);
 }
-X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext)
+const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext)
 {
        int nid;
        if((nid = OBJ_obj2nid(ext->object)) == NID_undef) return NULL;
@@ -122,7 +126,9 @@ int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist)
 int X509V3_EXT_add_alias(int nid_to, int nid_from)
 {
-        X509V3_EXT_METHOD *ext, *tmpext;
+        const X509V3_EXT_METHOD *ext;
+        X509V3_EXT_METHOD *tmpext;
        if(!(ext = X509V3_EXT_get_nid(nid_from))) {
                X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,X509V3_R_EXTENSION_NOT_FOUND);
                return 0;
@@ -161,7 +167,7 @@ int X509V3_add_standard_extensions(void)
 void *X509V3_EXT_d2i(X509_EXTENSION *ext)
 {
-        X509V3_EXT_METHOD *method;
+        const X509V3_EXT_METHOD *method;
        const unsigned char *p;
        if(!(method = X509V3_EXT_get(ext))) return NULL;
diff --git a/src/lib/libcrypto/x509v3/v3_ncons.c b/src/lib/libcrypto/x509v3/v3_ncons.c
index 4e706be3e1..689df46acd 100644
--- a/src/lib/libcrypto/x509v3/v3_ncons.c
+++ b/src/lib/libcrypto/x509v3/v3_ncons.c
@@ -63,15 +63,22 @@
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>
-static void *v2i_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method,
+static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
-                                X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+                                  X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-static int i2r_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method, 
+static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, 
                                void *a, BIO *bp, int ind);
-static int do_i2r_name_constraints(X509V3_EXT_METHOD *method,
+static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method,
-                                STACK_OF(GENERAL_SUBTREE) *trees,
+                                   STACK_OF(GENERAL_SUBTREE) *trees,
-                                        BIO *bp, int ind, char *name);
+                                   BIO *bp, int ind, char *name);
 static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip);
+static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc);
+static int nc_match_single(GENERAL_NAME *sub, GENERAL_NAME *gen);
+static int nc_dn(X509_NAME *sub, X509_NAME *nm);
+static int nc_dns(ASN1_IA5STRING *sub, ASN1_IA5STRING *dns);
+static int nc_email(ASN1_IA5STRING *sub, ASN1_IA5STRING *eml);
+static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base);
 const X509V3_EXT_METHOD v3_name_constraints = {
        NID_name_constraints, 0,
        ASN1_ITEM_ref(NAME_CONSTRAINTS),
@@ -99,8 +106,8 @@ ASN1_SEQUENCE(NAME_CONSTRAINTS) = {
 IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE)
 IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)
-static void *v2i_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method,
+static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
-                                X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+                                  X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
        {
        int i;
        CONF_VALUE tval, *val;
@@ -155,8 +162,8 @@ static void *v2i_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method,
        
-static int i2r_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method,
+static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a,
-                                void *a, BIO *bp, int ind)
+                                BIO *bp, int ind)
        {
        NAME_CONSTRAINTS *ncons = a;
        do_i2r_name_constraints(method, ncons->permittedSubtrees,
@@ -166,9 +173,9 @@ static int i2r_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method,
        return 1;
        }
-static int do_i2r_name_constraints(X509V3_EXT_METHOD *method,
+static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method,
-                                STACK_OF(GENERAL_SUBTREE) *trees,
+                                   STACK_OF(GENERAL_SUBTREE) *trees,
-                                        BIO *bp, int ind, char *name)
+                                   BIO *bp, int ind, char *name)
        {
        GENERAL_SUBTREE *tree;
        int i;
@@ -218,3 +225,282 @@ static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip)
        return 1;
        }
+/* Check a certificate conforms to a specified set of constraints.
+ * Return values:
+ *  X509_V_OK: All constraints obeyed.
+ *  X509_V_ERR_PERMITTED_VIOLATION: Permitted subtree violation.
+ *  X509_V_ERR_EXCLUDED_VIOLATION: Excluded subtree violation.
+ *  X509_V_ERR_SUBTREE_MINMAX: Min or max values present and matching type.
+ *  X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE:  Unsupported constraint type.
+ *  X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: bad unsupported constraint syntax.
+ *  X509_V_ERR_UNSUPPORTED_NAME_SYNTAX: bad or unsupported syntax of name
+ */
+int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc)
+        {
+        int r, i;
+        X509_NAME *nm;
+        nm = X509_get_subject_name(x);
+        if (X509_NAME_entry_count(nm) > 0)
+                {
+                GENERAL_NAME gntmp;
+                gntmp.type = GEN_DIRNAME;
+                gntmp.d.directoryName = nm;
+                r = nc_match(&gntmp, nc);
+                if (r != X509_V_OK)
+                        return r;
+                gntmp.type = GEN_EMAIL;
+                /* Process any email address attributes in subject name */
+                for (i = -1;;)
+                        {
+                        X509_NAME_ENTRY *ne;
+                        i = X509_NAME_get_index_by_NID(nm,
+                                                       NID_pkcs9_emailAddress,
+                                                       i);
+                        if (i == -1)
+                                break;
+                        ne = X509_NAME_get_entry(nm, i);
+                        gntmp.d.rfc822Name = X509_NAME_ENTRY_get_data(ne);
+                        if (gntmp.d.rfc822Name->type != V_ASN1_IA5STRING)
+                                return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
+                        r = nc_match(&gntmp, nc);
+                        if (r != X509_V_OK)
+                                return r;
+                        }
+                
+                }
+        for (i = 0; i < sk_GENERAL_NAME_num(x->altname); i++)
+                {
+                GENERAL_NAME *gen = sk_GENERAL_NAME_value(x->altname, i);
+                r = nc_match(gen, nc);
+                if (r != X509_V_OK)
+                        return r;
+                }
+        return X509_V_OK;
+        }
+static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc)
+        {
+        GENERAL_SUBTREE *sub;
+        int i, r, match = 0;
+        /* Permitted subtrees: if any subtrees exist of matching the type
+         * at least one subtree must match.
+         */
+        for (i = 0; i < sk_GENERAL_SUBTREE_num(nc->permittedSubtrees); i++)
+                {
+                sub = sk_GENERAL_SUBTREE_value(nc->permittedSubtrees, i);
+                if (gen->type != sub->base->type)
+                        continue;
+                if (sub->minimum || sub->maximum)
+                        return X509_V_ERR_SUBTREE_MINMAX;
+                /* If we already have a match don't bother trying any more */
+                if (match == 2)
+                        continue;
+                if (match == 0)
+                        match = 1;
+                r = nc_match_single(gen, sub->base);
+                if (r == X509_V_OK)
+                        match = 2;
+                else if (r != X509_V_ERR_PERMITTED_VIOLATION)
+                        return r;
+                }
+        if (match == 1)
+                return X509_V_ERR_PERMITTED_VIOLATION;
+        /* Excluded subtrees: must not match any of these */
+        for (i = 0; i < sk_GENERAL_SUBTREE_num(nc->excludedSubtrees); i++)
+                {
+                sub = sk_GENERAL_SUBTREE_value(nc->excludedSubtrees, i);
+                if (gen->type != sub->base->type)
+                        continue;
+                if (sub->minimum || sub->maximum)
+                        return X509_V_ERR_SUBTREE_MINMAX;
+                r = nc_match_single(gen, sub->base);
+                if (r == X509_V_OK)
+                        return X509_V_ERR_EXCLUDED_VIOLATION;
+                else if (r != X509_V_ERR_PERMITTED_VIOLATION)
+                        return r;
+                }
+        return X509_V_OK;
+        }
+static int nc_match_single(GENERAL_NAME *gen, GENERAL_NAME *base)
+        {
+        switch(base->type)
+                {
+                case GEN_DIRNAME:
+                return nc_dn(gen->d.directoryName, base->d.directoryName);
+                case GEN_DNS:
+                return nc_dns(gen->d.dNSName, base->d.dNSName);
+                case GEN_EMAIL:
+                return nc_email(gen->d.rfc822Name, base->d.rfc822Name);
+                case GEN_URI:
+                return nc_uri(gen->d.uniformResourceIdentifier,
+                                        base->d.uniformResourceIdentifier);
+                default:
+                return X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE;
+                }
+        }
+/* directoryName name constraint matching.
+ * The canonical encoding of X509_NAME makes this comparison easy. It is
+ * matched if the subtree is a subset of the name.
+ */
+static int nc_dn(X509_NAME *nm, X509_NAME *base)
+        {
+        /* Ensure canonical encodings are up to date.  */
+        if (nm->modified && i2d_X509_NAME(nm, NULL) < 0)
+                return X509_V_ERR_OUT_OF_MEM;
+        if (base->modified && i2d_X509_NAME(base, NULL) < 0)
+                return X509_V_ERR_OUT_OF_MEM;
+        if (base->canon_enclen > nm->canon_enclen)
+                return X509_V_ERR_PERMITTED_VIOLATION;
+        if (memcmp(base->canon_enc, nm->canon_enc, base->canon_enclen))
+                return X509_V_ERR_PERMITTED_VIOLATION;
+        return X509_V_OK;
+        }
+static int nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base)
+        {
+        char *baseptr = (char *)base->data;
+        char *dnsptr = (char *)dns->data;
+        /* Empty matches everything */
+        if (!*baseptr)
+                return X509_V_OK;
+        /* Otherwise can add zero or more components on the left so
+         * compare RHS and if dns is longer and expect '.' as preceding
+         * character.
+         */
+        if (dns->length > base->length)
+                {
+                dnsptr += dns->length - base->length;
+                if (dnsptr[-1] != '.')
+                        return X509_V_ERR_PERMITTED_VIOLATION;
+                }
+        if (strcasecmp(baseptr, dnsptr))
+                        return X509_V_ERR_PERMITTED_VIOLATION;
+        return X509_V_OK;
+        }
+static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base)
+        {
+        const char *baseptr = (char *)base->data;
+        const char *emlptr = (char *)eml->data;
+        const char *baseat = strchr(baseptr, '@');
+        const char *emlat = strchr(emlptr, '@');
+        if (!emlat)
+                return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
+        /* Special case: inital '.' is RHS match */
+        if (!baseat && (*baseptr == '.'))
+                {
+                if (eml->length > base->length)
+                        {
+                        emlptr += eml->length - base->length;
+                        if (!strcasecmp(baseptr, emlptr))
+                                return X509_V_OK;
+                        }
+                return X509_V_ERR_PERMITTED_VIOLATION;
+                }
+        /* If we have anything before '@' match local part */
+        if (baseat)
+                {
+                if (baseat != baseptr)
+                        {
+                        if ((baseat - baseptr) != (emlat - emlptr))
+                                return X509_V_ERR_PERMITTED_VIOLATION;
+                        /* Case sensitive match of local part */
+                        if (strncmp(baseptr, emlptr, emlat - emlptr))
+                                return X509_V_ERR_PERMITTED_VIOLATION;
+                        }
+                /* Position base after '@' */
+                baseptr = baseat + 1;
+                }
+        emlptr = emlat + 1;
+        /* Just have hostname left to match: case insensitive */
+        if (strcasecmp(baseptr, emlptr))
+                return X509_V_ERR_PERMITTED_VIOLATION;
+        return X509_V_OK;
+        }
+static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base)
+        {
+        const char *baseptr = (char *)base->data;
+        const char *hostptr = (char *)uri->data;
+        const char *p = strchr(hostptr, ':');
+        int hostlen;
+        /* Check for foo:// and skip past it */
+        if (!p || (p[1] != '/') || (p[2] != '/'))
+                return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
+        hostptr = p + 3;
+        /* Determine length of hostname part of URI */
+        /* Look for a port indicator as end of hostname first */
+        p = strchr(hostptr, ':');
+        /* Otherwise look for trailing slash */
+        if (!p)
+                p = strchr(hostptr, '/');
+        if (!p)
+                hostlen = strlen(hostptr);
+        else
+                hostlen = p - hostptr;
+        if (hostlen == 0)
+                return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
+        /* Special case: inital '.' is RHS match */
+        if (*baseptr == '.')
+                {
+                if (hostlen > base->length)
+                        {
+                        p = hostptr + hostlen - base->length;
+                        if (!strncasecmp(p, baseptr, base->length))
+                                return X509_V_OK;
+                        }
+                return X509_V_ERR_PERMITTED_VIOLATION;
+                }
+        if ((base->length != (int)hostlen) || strncasecmp(hostptr, baseptr, hostlen))
+                return X509_V_ERR_PERMITTED_VIOLATION;
+        return X509_V_OK;
+        }
diff --git a/src/lib/libcrypto/x509v3/v3_ocsp.c b/src/lib/libcrypto/x509v3/v3_ocsp.c
index e426ea930c..0c165af314 100644
--- a/src/lib/libcrypto/x509v3/v3_ocsp.c
+++ b/src/lib/libcrypto/x509v3/v3_ocsp.c
@@ -68,19 +68,26 @@
 /* OCSP extensions and a couple of CRL entry extensions
 */
-static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
+static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *nonce,
-static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
+                          BIO *out, int indent);
-static int i2r_object(X509V3_EXT_METHOD *method, void *obj, BIO *out, int indent);
+static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *nonce,
+                            BIO *out, int indent);
+static int i2r_object(const X509V3_EXT_METHOD *method, void *obj, BIO *out,
+                      int indent);
 static void *ocsp_nonce_new(void);
 static int i2d_ocsp_nonce(void *a, unsigned char **pp);
 static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length);
 static void ocsp_nonce_free(void *a);
-static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
+static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce,
+                          BIO *out, int indent);
-static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent);
+static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method,
-static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str);
+                            void *nocheck, BIO *out, int indent);
-static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind);
+static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+                              const char *str);
+static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in,
+                               BIO *bp, int ind);
 const X509V3_EXT_METHOD v3_ocsp_crlid = {
        NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID),
@@ -148,44 +155,47 @@ const X509V3_EXT_METHOD v3_ocsp_serviceloc = {
        NULL
 };
-static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind)
+static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *in, BIO *bp,
+                          int ind)
 {
        OCSP_CRLID *a = in;
        if (a->crlUrl)
                {
-                if (!BIO_printf(bp, "%*scrlUrl: ", ind, "")) goto err;
+                if (BIO_printf(bp, "%*scrlUrl: ", ind, "") <= 0) goto err;
                if (!ASN1_STRING_print(bp, (ASN1_STRING*)a->crlUrl)) goto err;
-                if (!BIO_write(bp, "\n", 1)) goto err;
+                if (BIO_write(bp, "\n", 1) <= 0) goto err;
                }
        if (a->crlNum)
                {
-                if (!BIO_printf(bp, "%*scrlNum: ", ind, "")) goto err;
+                if (BIO_printf(bp, "%*scrlNum: ", ind, "") <= 0) goto err;
-                if (!i2a_ASN1_INTEGER(bp, a->crlNum)) goto err;
+                if (i2a_ASN1_INTEGER(bp, a->crlNum) <= 0) goto err;
-                if (!BIO_write(bp, "\n", 1)) goto err;
+                if (BIO_write(bp, "\n", 1) <= 0) goto err;
                }
        if (a->crlTime)
                {
-                if (!BIO_printf(bp, "%*scrlTime: ", ind, "")) goto err;
+                if (BIO_printf(bp, "%*scrlTime: ", ind, "") <= 0) goto err;
                if (!ASN1_GENERALIZEDTIME_print(bp, a->crlTime)) goto err;
-                if (!BIO_write(bp, "\n", 1)) goto err;
+                if (BIO_write(bp, "\n", 1) <= 0) goto err;
                }
        return 1;
        err:
        return 0;
 }
-static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *cutoff, BIO *bp, int ind)
+static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *cutoff,
+                            BIO *bp, int ind)
 {
-        if (!BIO_printf(bp, "%*s", ind, "")) return 0;
+        if (BIO_printf(bp, "%*s", ind, "") <= 0) return 0;
        if(!ASN1_GENERALIZEDTIME_print(bp, cutoff)) return 0;
        return 1;
 }
-static int i2r_object(X509V3_EXT_METHOD *method, void *oid, BIO *bp, int ind)
+static int i2r_object(const X509V3_EXT_METHOD *method, void *oid, BIO *bp,
+                      int ind)
 {
-        if (!BIO_printf(bp, "%*s", ind, "")) return 0;
+        if (BIO_printf(bp, "%*s", ind, "") <= 0) return 0;
-        if(!i2a_ASN1_OBJECT(bp, oid)) return 0;
+        if(i2a_ASN1_OBJECT(bp, oid) <= 0) return 0;
        return 1;
 }
@@ -232,7 +242,8 @@ static void ocsp_nonce_free(void *a)
        M_ASN1_OCTET_STRING_free(a);
 }
-static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent)
+static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce,
+                          BIO *out, int indent)
 {
        if(BIO_printf(out, "%*s", indent, "") <= 0) return 0;
        if(i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0) return 0;
@@ -241,17 +252,20 @@ static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int
 /* Nocheck is just a single NULL. Don't print anything and always set it */
-static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent)
+static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method, void *nocheck,
+                            BIO *out, int indent)
 {
        return 1;
 }
-static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str)
+static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+                              const char *str)
 {
        return ASN1_NULL_new();
 }
-static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind)
+static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in,
+                               BIO *bp, int ind)
        {
        int i;
        OCSP_SERVICELOC *a = in;
diff --git a/src/lib/libcrypto/x509v3/v3_pci.c b/src/lib/libcrypto/x509v3/v3_pci.c
index 601211f416..0dcfa004fe 100644
--- a/src/lib/libcrypto/x509v3/v3_pci.c
+++ b/src/lib/libcrypto/x509v3/v3_pci.c
@@ -82,7 +82,7 @@ static int process_pci_value(CONF_VALUE *val,
                {
                if (*language)
                        {
-                        X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED);
+                        X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED);
                        X509V3_conf_err(val);
                        return 0;
                        }
@@ -97,7 +97,7 @@ static int process_pci_value(CONF_VALUE *val,
                {
                if (*pathlen)
                        {
-                        X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED);
+                        X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED);
                        X509V3_conf_err(val);
                        return 0;
                        }
@@ -128,7 +128,12 @@ static int process_pci_value(CONF_VALUE *val,
                        unsigned char *tmp_data2 =
                                string_to_hex(val->value + 4, &val_len);
-                        if (!tmp_data2) goto err;
+                        if (!tmp_data2) 
+                                {
+                                X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_ILLEGAL_HEX_DIGIT);
+                                X509V3_conf_err(val);
+                                goto err;
+                                }
                        tmp_data = OPENSSL_realloc((*policy)->data,
                                (*policy)->length + val_len + 1);
@@ -140,6 +145,17 @@ static int process_pci_value(CONF_VALUE *val,
                                (*policy)->length += val_len;
                                (*policy)->data[(*policy)->length] = '\0';
                                }
+                        else
+                                {
+                                OPENSSL_free(tmp_data2);
+                                /* realloc failure implies the original data space is b0rked too! */
+                                (*policy)->data = NULL;
+                                (*policy)->length = 0;
+                                X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE);
+                                X509V3_conf_err(val);
+                                goto err;
+                                }
+                        OPENSSL_free(tmp_data2);
                        }
                else if (strncmp(val->value, "file:", 5) == 0)
                        {
@@ -169,6 +185,7 @@ static int process_pci_value(CONF_VALUE *val,
                                (*policy)->length += n;
                                (*policy)->data[(*policy)->length] = '\0';
                                }
+                        BIO_free_all(b);
                        if (n < 0)
                                {
@@ -190,6 +207,15 @@ static int process_pci_value(CONF_VALUE *val,
                                (*policy)->length += val_len;
                                (*policy)->data[(*policy)->length] = '\0';
                                }
+                        else
+                                {
+                                /* realloc failure implies the original data space is b0rked too! */
+                                (*policy)->data = NULL;
+                                (*policy)->length = 0;
+                                X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE);
+                                X509V3_conf_err(val);
+                                goto err;
+                                }
                        }
                else
                        {
diff --git a/src/lib/libcrypto/x509v3/v3_pcons.c b/src/lib/libcrypto/x509v3/v3_pcons.c
index 86c0ff70e6..30ca652351 100644
--- a/src/lib/libcrypto/x509v3/v3_pcons.c
+++ b/src/lib/libcrypto/x509v3/v3_pcons.c
@@ -64,10 +64,12 @@
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>
-static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method,
+static STACK_OF(CONF_VALUE) *
-                                void *bcons, STACK_OF(CONF_VALUE) *extlist);
+i2v_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *bcons,
-static void *v2i_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method,
+                       STACK_OF(CONF_VALUE) *extlist);
-                                X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
+static void *v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method,
+                                    X509V3_CTX *ctx,
+                                    STACK_OF(CONF_VALUE) *values);
 const X509V3_EXT_METHOD v3_policy_constraints = {
 NID_policy_constraints, 0,
@@ -88,8 +90,9 @@ ASN1_SEQUENCE(POLICY_CONSTRAINTS) = {
 IMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS)
-static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method,
+static STACK_OF(CONF_VALUE) *
-             void *a, STACK_OF(CONF_VALUE) *extlist)
+i2v_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a,
+                       STACK_OF(CONF_VALUE) *extlist)
 {
        POLICY_CONSTRAINTS *pcons = a;
        X509V3_add_value_int("Require Explicit Policy",
@@ -99,8 +102,9 @@ static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method,
        return extlist;
 }
-static void *v2i_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method,
+static void *v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method,
-             X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values)
+                                    X509V3_CTX *ctx,
+                                    STACK_OF(CONF_VALUE) *values)
 {
        POLICY_CONSTRAINTS *pcons=NULL;
        CONF_VALUE *val;
diff --git a/src/lib/libcrypto/x509v3/v3_pmaps.c b/src/lib/libcrypto/x509v3/v3_pmaps.c
index da03bbc35d..865bcd3980 100644
--- a/src/lib/libcrypto/x509v3/v3_pmaps.c
+++ b/src/lib/libcrypto/x509v3/v3_pmaps.c
@@ -63,10 +63,11 @@
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>
-static void *v2i_POLICY_MAPPINGS(X509V3_EXT_METHOD *method,
+static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method,
-                                X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+                                 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(X509V3_EXT_METHOD *method,
+static STACK_OF(CONF_VALUE) *
-                                void *pmps, STACK_OF(CONF_VALUE) *extlist);
+i2v_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, void *pmps,
+                    STACK_OF(CONF_VALUE) *extlist);
 const X509V3_EXT_METHOD v3_policy_mappings = {
        NID_policy_mappings, 0,
@@ -92,8 +93,9 @@ ASN1_ITEM_TEMPLATE_END(POLICY_MAPPINGS)
 IMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING)
-static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(X509V3_EXT_METHOD *method,
+static STACK_OF(CONF_VALUE) *
-                void *a, STACK_OF(CONF_VALUE) *ext_list)
+i2v_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, void *a,
+                    STACK_OF(CONF_VALUE) *ext_list)
 {
        POLICY_MAPPINGS *pmaps = a;
        POLICY_MAPPING *pmap;
@@ -109,8 +111,8 @@ static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(X509V3_EXT_METHOD *method,
        return ext_list;
 }
-static void *v2i_POLICY_MAPPINGS(X509V3_EXT_METHOD *method,
+static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method,
-                                X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+                                 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
 {
        POLICY_MAPPINGS *pmaps;
        POLICY_MAPPING *pmap;
diff --git a/src/lib/libcrypto/x509v3/v3_prn.c b/src/lib/libcrypto/x509v3/v3_prn.c
index c1bb17f105..3146218708 100644
--- a/src/lib/libcrypto/x509v3/v3_prn.c
+++ b/src/lib/libcrypto/x509v3/v3_prn.c
@@ -110,7 +110,7 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int inde
        void *ext_str = NULL;
        char *value = NULL;
        const unsigned char *p;
-        X509V3_EXT_METHOD *method;      
+        const X509V3_EXT_METHOD *method;        
        STACK_OF(CONF_VALUE) *nval = NULL;
        int ok = 1;
diff --git a/src/lib/libcrypto/x509v3/v3_purp.c b/src/lib/libcrypto/x509v3/v3_purp.c
index e18751e01c..181bd34979 100644
--- a/src/lib/libcrypto/x509v3/v3_purp.c
+++ b/src/lib/libcrypto/x509v3/v3_purp.c
@@ -71,6 +71,7 @@ static int purpose_smime(const X509 *x, int ca);
 static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, int ca);
 static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, int ca);
 static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, int ca);
+static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x, int ca);
 static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca);
 static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca);
@@ -87,6 +88,7 @@ static X509_PURPOSE xstandard[] = {
        {X509_PURPOSE_CRL_SIGN, X509_TRUST_COMPAT, 0, check_purpose_crl_sign, "CRL signing", "crlsign", NULL},
        {X509_PURPOSE_ANY, X509_TRUST_DEFAULT, 0, no_check, "Any Purpose", "any", NULL},
        {X509_PURPOSE_OCSP_HELPER, X509_TRUST_COMPAT, 0, ocsp_helper, "OCSP helper", "ocsphelper", NULL},
+        {X509_PURPOSE_TIMESTAMP_SIGN, X509_TRUST_TSA, 0, check_purpose_timestamp_sign, "Time Stamp signing", "timestampsign", NULL},
 };
 #define X509_PURPOSE_COUNT (sizeof(xstandard)/sizeof(X509_PURPOSE))
@@ -265,11 +267,14 @@ int X509_PURPOSE_get_trust(X509_PURPOSE *xp)
        return xp->trust;
 }
-static int nid_cmp(int *a, int *b)
+static int nid_cmp(const int *a, const int *b)
        {
        return *a - *b;
        }
+DECLARE_OBJ_BSEARCH_CMP_FN(int, int, nid);
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(int, int, nid);
 int X509_supported_extension(X509_EXTENSION *ex)
        {
        /* This table is a list of the NIDs of supported extensions:
@@ -280,7 +285,7 @@ int X509_supported_extension(X509_EXTENSION *ex)
         * searched using bsearch.
         */
-        static int supported_nids[] = {
+        static const int supported_nids[] = {
                NID_netscape_cert_type, /* 71 */
                NID_key_usage,          /* 83 */
                NID_subject_alt_name,   /* 85 */
@@ -292,24 +297,62 @@ int X509_supported_extension(X509_EXTENSION *ex)
                NID_sbgp_autonomousSysNum, /* 291 */
 #endif
                NID_policy_constraints, /* 401 */
-                NID_proxyCertInfo,      /* 661 */
+                NID_proxyCertInfo,      /* 663 */
+                NID_name_constraints,   /* 666 */
+                NID_policy_mappings,    /* 747 */
                NID_inhibit_any_policy  /* 748 */
        };
-        int ex_nid;
+        int ex_nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex));
-        ex_nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex));
        if (ex_nid == NID_undef) 
                return 0;
-        if (OBJ_bsearch((char *)&ex_nid, (char *)supported_nids,
+        if (OBJ_bsearch_nid(&ex_nid, supported_nids,
-                sizeof(supported_nids)/sizeof(int), sizeof(int),
+                        sizeof(supported_nids)/sizeof(int)))
-                (int (*)(const void *, const void *))nid_cmp))
                return 1;
        return 0;
        }
- 
+static void setup_dp(X509 *x, DIST_POINT *dp)
+        {
+        X509_NAME *iname = NULL;
+        int i;
+        if (dp->reasons)
+                {
+                if (dp->reasons->length > 0)
+                        dp->dp_reasons = dp->reasons->data[0];
+                if (dp->reasons->length > 1)
+                        dp->dp_reasons |= (dp->reasons->data[1] << 8);
+                dp->dp_reasons &= CRLDP_ALL_REASONS;
+                }
+        else
+                dp->dp_reasons = CRLDP_ALL_REASONS;
+        if (!dp->distpoint || (dp->distpoint->type != 1))
+                return;
+        for (i = 0; i < sk_GENERAL_NAME_num(dp->CRLissuer); i++)
+                {
+                GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->CRLissuer, i);
+                if (gen->type == GEN_DIRNAME)
+                        {
+                        iname = gen->d.directoryName;
+                        break;
+                        }
+                }
+        if (!iname)
+                iname = X509_get_issuer_name(x);
+        DIST_POINT_set_dpname(dp->distpoint, iname);
+        }
+static void setup_crldp(X509 *x)
+        {
+        int i;
+        x->crldp = X509_get_ext_d2i(x, NID_crl_distribution_points, NULL, NULL);
+        for (i = 0; i < sk_DIST_POINT_num(x->crldp); i++)
+                setup_dp(x, sk_DIST_POINT_value(x->crldp, i));
+        }
 static void x509v3_cache_extensions(X509 *x)
 {
@@ -417,16 +460,25 @@ static void x509v3_cache_extensions(X509 *x)
        }
        x->skid =X509_get_ext_d2i(x, NID_subject_key_identifier, NULL, NULL);
        x->akid =X509_get_ext_d2i(x, NID_authority_key_identifier, NULL, NULL);
+        x->altname = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
+        x->nc = X509_get_ext_d2i(x, NID_name_constraints, &i, NULL);
+        if (!x->nc && (i != -1))
+                x->ex_flags |= EXFLAG_INVALID;
+        setup_crldp(x);
 #ifndef OPENSSL_NO_RFC3779
-        x->rfc3779_addr =X509_get_ext_d2i(x, NID_sbgp_ipAddrBlock, NULL, NULL);
+        x->rfc3779_addr =X509_get_ext_d2i(x, NID_sbgp_ipAddrBlock, NULL, NULL);
-        x->rfc3779_asid =X509_get_ext_d2i(x, NID_sbgp_autonomousSysNum,
+        x->rfc3779_asid =X509_get_ext_d2i(x, NID_sbgp_autonomousSysNum,
-                                          NULL, NULL);
+                                          NULL, NULL);
 #endif
        for (i = 0; i < X509_get_ext_count(x); i++)
                {
                ex = X509_get_ext(x, i);
                if (!X509_EXTENSION_get_critical(ex))
                        continue;
+                if (OBJ_obj2nid(X509_EXTENSION_get_object(ex))
+                                        == NID_freshest_crl)
+                        x->ex_flags |= EXFLAG_FRESHEST;
                if (!X509_supported_extension(ex))
                        {
                        x->ex_flags |= EXFLAG_CRITICAL;
@@ -594,6 +646,41 @@ static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca)
        return 1;
 }
+static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x,
+                                        int ca)
+{
+        int i_ext;
+        /* If ca is true we must return if this is a valid CA certificate. */
+        if (ca) return check_ca(x);
+        /* 
+         * Check the optional key usage field:
+         * if Key Usage is present, it must be one of digitalSignature 
+         * and/or nonRepudiation (other values are not consistent and shall
+         * be rejected).
+         */
+        if ((x->ex_flags & EXFLAG_KUSAGE)
+            && ((x->ex_kusage & ~(KU_NON_REPUDIATION | KU_DIGITAL_SIGNATURE)) ||
+                !(x->ex_kusage & (KU_NON_REPUDIATION | KU_DIGITAL_SIGNATURE))))
+                return 0;
+        /* Only time stamp key usage is permitted and it's required. */
+        if (!(x->ex_flags & EXFLAG_XKUSAGE) || x->ex_xkusage != XKU_TIMESTAMP)
+                return 0;
+        /* Extended Key Usage MUST be critical */
+        i_ext = X509_get_ext_by_NID((X509 *) x, NID_ext_key_usage, 0);
+        if (i_ext >= 0)
+                {
+                X509_EXTENSION *ext = X509_get_ext((X509 *) x, i_ext);
+                if (!X509_EXTENSION_get_critical(ext))
+                        return 0;
+                }
+        return 1;
+}
 static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca)
 {
        return 1;
@@ -618,39 +705,14 @@ int X509_check_issued(X509 *issuer, X509 *subject)
                                return X509_V_ERR_SUBJECT_ISSUER_MISMATCH;
        x509v3_cache_extensions(issuer);
        x509v3_cache_extensions(subject);
-        if(subject->akid) {
-                /* Check key ids (if present) */
+        if(subject->akid)
-                if(subject->akid->keyid && issuer->skid &&
+                {
-                 ASN1_OCTET_STRING_cmp(subject->akid->keyid, issuer->skid) )
+                int ret = X509_check_akid(issuer, subject->akid);
-                                return X509_V_ERR_AKID_SKID_MISMATCH;
+                if (ret != X509_V_OK)
-                /* Check serial number */
+                        return ret;
-                if(subject->akid->serial &&
-                        ASN1_INTEGER_cmp(X509_get_serialNumber(issuer),
-                                                subject->akid->serial))
-                                return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
-                /* Check issuer name */
-                if(subject->akid->issuer) {
-                        /* Ugh, for some peculiar reason AKID includes
-                         * SEQUENCE OF GeneralName. So look for a DirName.
-                         * There may be more than one but we only take any
-                         * notice of the first.
-                         */
-                        GENERAL_NAMES *gens;
-                        GENERAL_NAME *gen;
-                        X509_NAME *nm = NULL;
-                        int i;
-                        gens = subject->akid->issuer;
-                        for(i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
-                                gen = sk_GENERAL_NAME_value(gens, i);
-                                if(gen->type == GEN_DIRNAME) {
-                                        nm = gen->d.dirn;
-                                        break;
-                                }
-                        }
-                        if(nm && X509_NAME_cmp(nm, X509_get_issuer_name(issuer)))
-                                return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
                }
-        }
        if(subject->ex_flags & EXFLAG_PROXY)
                {
                if(ku_reject(issuer, KU_DIGITAL_SIGNATURE))
@@ -661,3 +723,45 @@ int X509_check_issued(X509 *issuer, X509 *subject)
        return X509_V_OK;
 }
+int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid)
+        {
+        if(!akid)
+                return X509_V_OK;
+        /* Check key ids (if present) */
+        if(akid->keyid && issuer->skid &&
+                 ASN1_OCTET_STRING_cmp(akid->keyid, issuer->skid) )
+                                return X509_V_ERR_AKID_SKID_MISMATCH;
+        /* Check serial number */
+        if(akid->serial &&
+                ASN1_INTEGER_cmp(X509_get_serialNumber(issuer), akid->serial))
+                                return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
+        /* Check issuer name */
+        if(akid->issuer)
+                {
+                /* Ugh, for some peculiar reason AKID includes
+                 * SEQUENCE OF GeneralName. So look for a DirName.
+                 * There may be more than one but we only take any
+                 * notice of the first.
+                 */
+                GENERAL_NAMES *gens;
+                GENERAL_NAME *gen;
+                X509_NAME *nm = NULL;
+                int i;
+                gens = akid->issuer;
+                for(i = 0; i < sk_GENERAL_NAME_num(gens); i++)
+                        {
+                        gen = sk_GENERAL_NAME_value(gens, i);
+                        if(gen->type == GEN_DIRNAME)
+                                {
+                                nm = gen->d.dirn;
+                                break;
+                                }
+                        }
+                if(nm && X509_NAME_cmp(nm, X509_get_issuer_name(issuer)))
+                        return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
+                }
+        return X509_V_OK;
+        }
diff --git a/src/lib/libcrypto/x509v3/v3_utl.c b/src/lib/libcrypto/x509v3/v3_utl.c
index 7a45216c00..e030234540 100644
--- a/src/lib/libcrypto/x509v3/v3_utl.c
+++ b/src/lib/libcrypto/x509v3/v3_utl.c
@@ -67,9 +67,9 @@
 static char *strip_spaces(char *name);
 static int sk_strcmp(const char * const *a, const char * const *b);
-static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens);
+static STACK_OF(OPENSSL_STRING) *get_email(X509_NAME *name, GENERAL_NAMES *gens);
-static void str_free(void *str);
+static void str_free(OPENSSL_STRING str);
-static int append_ia5(STACK **sk, ASN1_IA5STRING *email);
+static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, ASN1_IA5STRING *email);
 static int ipv4_from_asc(unsigned char *v4, const char *in);
 static int ipv6_from_asc(unsigned char *v6, const char *in);
@@ -360,10 +360,10 @@ static char *strip_spaces(char *name)
 * @@@ (Contents of buffer are always kept in ASCII, also on EBCDIC machines)
 */
-char *hex_to_string(unsigned char *buffer, long len)
+char *hex_to_string(const unsigned char *buffer, long len)
 {
        char *tmp, *q;
-        unsigned char *p;
+        const unsigned char *p;
        int i;
        const static char hexdig[] = "0123456789ABCDEF";
        if(!buffer || !len) return NULL;
@@ -389,7 +389,7 @@ char *hex_to_string(unsigned char *buffer, long len)
 * a buffer
 */
-unsigned char *string_to_hex(char *str, long *len)
+unsigned char *string_to_hex(const char *str, long *len)
 {
        unsigned char *hexbuf, *q;
        unsigned char ch, cl, *p;
@@ -463,21 +463,23 @@ static int sk_strcmp(const char * const *a, const char * const *b)
        return strcmp(*a, *b);
 }
-STACK *X509_get1_email(X509 *x)
+STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x)
 {
        GENERAL_NAMES *gens;
-        STACK *ret;
+        STACK_OF(OPENSSL_STRING) *ret;
        gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
        ret = get_email(X509_get_subject_name(x), gens);
        sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
        return ret;
 }
-STACK *X509_get1_ocsp(X509 *x)
+STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x)
 {
        AUTHORITY_INFO_ACCESS *info;
-        STACK *ret = NULL;
+        STACK_OF(OPENSSL_STRING) *ret = NULL;
        int i;
        info = X509_get_ext_d2i(x, NID_info_access, NULL, NULL);
        if (!info)
                return NULL;
@@ -497,11 +499,12 @@ STACK *X509_get1_ocsp(X509 *x)
        return ret;
 }
-STACK *X509_REQ_get1_email(X509_REQ *x)
+STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x)
 {
        GENERAL_NAMES *gens;
        STACK_OF(X509_EXTENSION) *exts;
-        STACK *ret;
+        STACK_OF(OPENSSL_STRING) *ret;
        exts = X509_REQ_get_extensions(x);
        gens = X509V3_get_d2i(exts, NID_subject_alt_name, NULL, NULL);
        ret = get_email(X509_REQ_get_subject_name(x), gens);
@@ -511,9 +514,9 @@ STACK *X509_REQ_get1_email(X509_REQ *x)
 }
-static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens)
+static STACK_OF(OPENSSL_STRING) *get_email(X509_NAME *name, GENERAL_NAMES *gens)
 {
-        STACK *ret = NULL;
+        STACK_OF(OPENSSL_STRING) *ret = NULL;
        X509_NAME_ENTRY *ne;
        ASN1_IA5STRING *email;
        GENERAL_NAME *gen;
@@ -536,23 +539,23 @@ static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens)
        return ret;
 }
-static void str_free(void *str)
+static void str_free(OPENSSL_STRING str)
 {
        OPENSSL_free(str);
 }
-static int append_ia5(STACK **sk, ASN1_IA5STRING *email)
+static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, ASN1_IA5STRING *email)
 {
        char *emtmp;
        /* First some sanity checks */
        if(email->type != V_ASN1_IA5STRING) return 1;
        if(!email->data || !email->length) return 1;
-        if(!*sk) *sk = sk_new(sk_strcmp);
+        if(!*sk) *sk = sk_OPENSSL_STRING_new(sk_strcmp);
        if(!*sk) return 0;
        /* Don't add duplicates */
-        if(sk_find(*sk, (char *)email->data) != -1) return 1;
+        if(sk_OPENSSL_STRING_find(*sk, (char *)email->data) != -1) return 1;
        emtmp = BUF_strdup((char *)email->data);
-        if(!emtmp || !sk_push(*sk, emtmp)) {
+        if(!emtmp || !sk_OPENSSL_STRING_push(*sk, emtmp)) {
                X509_email_free(*sk);
                *sk = NULL;
                return 0;
@@ -560,9 +563,9 @@ static int append_ia5(STACK **sk, ASN1_IA5STRING *email)
        return 1;
 }
-void X509_email_free(STACK *sk)
+void X509_email_free(STACK_OF(OPENSSL_STRING) *sk)
 {
-        sk_pop_free(sk, str_free);
+        sk_OPENSSL_STRING_pop_free(sk, str_free);
 }
 /* Convert IP addresses both IPv4 and IPv6 into an 
diff --git a/src/lib/libcrypto/x509v3/v3err.c b/src/lib/libcrypto/x509v3/v3err.c
index d538ad8b80..f9f6f1f91f 100644
--- a/src/lib/libcrypto/x509v3/v3err.c
+++ b/src/lib/libcrypto/x509v3/v3err.c
@@ -1,6 +1,6 @@
 /* crypto/x509v3/v3err.c */
 /* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -70,6 +70,7 @@
 static ERR_STRING_DATA X509V3_str_functs[]=
        {
+{ERR_FUNC(X509V3_F_A2I_GENERAL_NAME),   "A2I_GENERAL_NAME"},
 {ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE),        "ASIDENTIFIERCHOICE_CANONIZE"},
 {ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL),    "ASIDENTIFIERCHOICE_IS_CANONICAL"},
 {ERR_FUNC(X509V3_F_COPY_EMAIL), "COPY_EMAIL"},
@@ -79,6 +80,7 @@ static ERR_STRING_DATA X509V3_str_functs[]=
 {ERR_FUNC(X509V3_F_DO_EXT_I2D), "DO_EXT_I2D"},
 {ERR_FUNC(X509V3_F_DO_EXT_NCONF),       "DO_EXT_NCONF"},
 {ERR_FUNC(X509V3_F_DO_I2V_NAME_CONSTRAINTS),    "DO_I2V_NAME_CONSTRAINTS"},
+{ERR_FUNC(X509V3_F_GNAMES_FROM_SECTNAME),       "GNAMES_FROM_SECTNAME"},
 {ERR_FUNC(X509V3_F_HEX_TO_STRING),      "hex_to_string"},
 {ERR_FUNC(X509V3_F_I2S_ASN1_ENUMERATED),        "i2s_ASN1_ENUMERATED"},
 {ERR_FUNC(X509V3_F_I2S_ASN1_IA5STRING), "I2S_ASN1_IA5STRING"},
@@ -95,6 +97,7 @@ static ERR_STRING_DATA X509V3_str_functs[]=
 {ERR_FUNC(X509V3_F_S2I_ASN1_OCTET_STRING),      "s2i_ASN1_OCTET_STRING"},
 {ERR_FUNC(X509V3_F_S2I_ASN1_SKEY_ID),   "S2I_ASN1_SKEY_ID"},
 {ERR_FUNC(X509V3_F_S2I_SKEY_ID),        "S2I_SKEY_ID"},
+{ERR_FUNC(X509V3_F_SET_DIST_POINT_NAME),        "SET_DIST_POINT_NAME"},
 {ERR_FUNC(X509V3_F_STRING_TO_HEX),      "string_to_hex"},
 {ERR_FUNC(X509V3_F_SXNET_ADD_ID_ASC),   "SXNET_add_id_asc"},
 {ERR_FUNC(X509V3_F_SXNET_ADD_ID_INTEGER),       "SXNET_add_id_INTEGER"},
@@ -110,6 +113,7 @@ static ERR_STRING_DATA X509V3_str_functs[]=
 {ERR_FUNC(X509V3_F_V2I_EXTENDED_KEY_USAGE),     "V2I_EXTENDED_KEY_USAGE"},
 {ERR_FUNC(X509V3_F_V2I_GENERAL_NAMES),  "v2i_GENERAL_NAMES"},
 {ERR_FUNC(X509V3_F_V2I_GENERAL_NAME_EX),        "v2i_GENERAL_NAME_ex"},
+{ERR_FUNC(X509V3_F_V2I_IDP),    "V2I_IDP"},
 {ERR_FUNC(X509V3_F_V2I_IPADDRBLOCKS),   "V2I_IPADDRBLOCKS"},
 {ERR_FUNC(X509V3_F_V2I_ISSUER_ALT),     "V2I_ISSUER_ALT"},
 {ERR_FUNC(X509V3_F_V2I_NAME_CONSTRAINTS),       "V2I_NAME_CONSTRAINTS"},
@@ -141,6 +145,7 @@ static ERR_STRING_DATA X509V3_str_reasons[]=
 {ERR_REASON(X509V3_R_BN_DEC2BN_ERROR)    ,"bn dec2bn error"},
 {ERR_REASON(X509V3_R_BN_TO_ASN1_INTEGER_ERROR),"bn to asn1 integer error"},
 {ERR_REASON(X509V3_R_DIRNAME_ERROR)      ,"dirname error"},
+{ERR_REASON(X509V3_R_DISTPOINT_ALREADY_SET),"distpoint already set"},
 {ERR_REASON(X509V3_R_DUPLICATE_ZONE_ID)  ,"duplicate zone id"},
 {ERR_REASON(X509V3_R_ERROR_CONVERTING_ZONE),"error converting zone"},
 {ERR_REASON(X509V3_R_ERROR_CREATING_EXTENSION),"error creating extension"},
@@ -154,6 +159,7 @@ static ERR_STRING_DATA X509V3_str_reasons[]=
 {ERR_REASON(X509V3_R_ILLEGAL_EMPTY_EXTENSION),"illegal empty extension"},
 {ERR_REASON(X509V3_R_ILLEGAL_HEX_DIGIT)  ,"illegal hex digit"},
 {ERR_REASON(X509V3_R_INCORRECT_POLICY_SYNTAX_TAG),"incorrect policy syntax tag"},
+{ERR_REASON(X509V3_R_INVALID_MULTIPLE_RDNS),"invalid multiple rdns"},
 {ERR_REASON(X509V3_R_INVALID_ASNUMBER)   ,"invalid asnumber"},
 {ERR_REASON(X509V3_R_INVALID_ASRANGE)    ,"invalid asrange"},
 {ERR_REASON(X509V3_R_INVALID_BOOLEAN_STRING),"invalid boolean string"},
@@ -187,9 +193,9 @@ static ERR_STRING_DATA X509V3_str_reasons[]=
 {ERR_REASON(X509V3_R_ODD_NUMBER_OF_DIGITS),"odd number of digits"},
 {ERR_REASON(X509V3_R_OPERATION_NOT_DEFINED),"operation not defined"},
 {ERR_REASON(X509V3_R_OTHERNAME_ERROR)    ,"othername error"},
-{ERR_REASON(X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED),"policy language alreadty defined"},
+{ERR_REASON(X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED),"policy language already defined"},
 {ERR_REASON(X509V3_R_POLICY_PATH_LENGTH) ,"policy path length"},
-{ERR_REASON(X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED),"policy path length alreadty defined"},
+{ERR_REASON(X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED),"policy path length already defined"},
 {ERR_REASON(X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED),"policy syntax not currently supported"},
 {ERR_REASON(X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY),"policy when proxy language requires no policy"},
 {ERR_REASON(X509V3_R_SECTION_NOT_FOUND)  ,"section not found"},
@@ -200,6 +206,7 @@ static ERR_STRING_DATA X509V3_str_reasons[]=
 {ERR_REASON(X509V3_R_UNKNOWN_EXTENSION_NAME),"unknown extension name"},
 {ERR_REASON(X509V3_R_UNKNOWN_OPTION)     ,"unknown option"},
 {ERR_REASON(X509V3_R_UNSUPPORTED_OPTION) ,"unsupported option"},
+{ERR_REASON(X509V3_R_UNSUPPORTED_TYPE)   ,"unsupported type"},
 {ERR_REASON(X509V3_R_USER_TOO_LONG)      ,"user too long"},
 {0,NULL}
        };
diff --git a/src/lib/libcrypto/x509v3/x509v3.h b/src/lib/libcrypto/x509v3/x509v3.h
index 9ef83da755..b308abe7cd 100644
--- a/src/lib/libcrypto/x509v3/x509v3.h
+++ b/src/lib/libcrypto/x509v3/x509v3.h
@@ -76,12 +76,19 @@ typedef void * (*X509V3_EXT_NEW)(void);
 typedef void (*X509V3_EXT_FREE)(void *);
 typedef void * (*X509V3_EXT_D2I)(void *, const unsigned char ** , long);
 typedef int (*X509V3_EXT_I2D)(void *, unsigned char **);
-typedef STACK_OF(CONF_VALUE) * (*X509V3_EXT_I2V)(struct v3_ext_method *method, void *ext, STACK_OF(CONF_VALUE) *extlist);
+typedef STACK_OF(CONF_VALUE) *
-typedef void * (*X509V3_EXT_V2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, STACK_OF(CONF_VALUE) *values);
+  (*X509V3_EXT_I2V)(const struct v3_ext_method *method, void *ext,
-typedef char * (*X509V3_EXT_I2S)(struct v3_ext_method *method, void *ext);
+                    STACK_OF(CONF_VALUE) *extlist);
-typedef void * (*X509V3_EXT_S2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, const char *str);
+typedef void * (*X509V3_EXT_V2I)(const struct v3_ext_method *method,
-typedef int (*X509V3_EXT_I2R)(struct v3_ext_method *method, void *ext, BIO *out, int indent);
+                                 struct v3_ext_ctx *ctx,
-typedef void * (*X509V3_EXT_R2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, const char *str);
+                                 STACK_OF(CONF_VALUE) *values);
+typedef char * (*X509V3_EXT_I2S)(const struct v3_ext_method *method, void *ext);
+typedef void * (*X509V3_EXT_S2I)(const struct v3_ext_method *method,
+                                 struct v3_ext_ctx *ctx, const char *str);
+typedef int (*X509V3_EXT_I2R)(const struct v3_ext_method *method, void *ext,
+                              BIO *out, int indent);
+typedef void * (*X509V3_EXT_R2I)(const struct v3_ext_method *method,
+                                 struct v3_ext_ctx *ctx, const char *str);
 /* V3 extension structure */
@@ -220,24 +227,41 @@ union {
        GENERAL_NAMES *fullname;
        STACK_OF(X509_NAME_ENTRY) *relativename;
 } name;
+/* If relativename then this contains the full distribution point name */
+X509_NAME *dpname;
 } DIST_POINT_NAME;
+/* All existing reasons */
-typedef struct DIST_POINT_st {
+#define CRLDP_ALL_REASONS       0x807f
+#define CRL_REASON_NONE                         -1
+#define CRL_REASON_UNSPECIFIED                  0
+#define CRL_REASON_KEY_COMPROMISE               1
+#define CRL_REASON_CA_COMPROMISE                2
+#define CRL_REASON_AFFILIATION_CHANGED          3
+#define CRL_REASON_SUPERSEDED                   4
+#define CRL_REASON_CESSATION_OF_OPERATION       5
+#define CRL_REASON_CERTIFICATE_HOLD             6
+#define CRL_REASON_REMOVE_FROM_CRL              8
+#define CRL_REASON_PRIVILEGE_WITHDRAWN          9
+#define CRL_REASON_AA_COMPROMISE                10
+struct DIST_POINT_st {
 DIST_POINT_NAME *distpoint;
 ASN1_BIT_STRING *reasons;
 GENERAL_NAMES *CRLissuer;
-} DIST_POINT;
+int dp_reasons;
+};
 typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS;
 DECLARE_STACK_OF(DIST_POINT)
 DECLARE_ASN1_SET_OF(DIST_POINT)
-typedef struct AUTHORITY_KEYID_st {
+struct AUTHORITY_KEYID_st {
 ASN1_OCTET_STRING *keyid;
 GENERAL_NAMES *issuer;
 ASN1_INTEGER *serial;
-} AUTHORITY_KEYID;
+};
 /* Strong extranet structures */
@@ -303,10 +327,10 @@ typedef struct GENERAL_SUBTREE_st {
 DECLARE_STACK_OF(GENERAL_SUBTREE)
-typedef struct NAME_CONSTRAINTS_st {
+struct NAME_CONSTRAINTS_st {
        STACK_OF(GENERAL_SUBTREE) *permittedSubtrees;
        STACK_OF(GENERAL_SUBTREE) *excludedSubtrees;
-} NAME_CONSTRAINTS;
+};
 typedef struct POLICY_CONSTRAINTS_st {
        ASN1_INTEGER *requireExplicitPolicy;
@@ -329,6 +353,31 @@ typedef struct PROXY_CERT_INFO_EXTENSION_st
 DECLARE_ASN1_FUNCTIONS(PROXY_POLICY)
 DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION)
+struct ISSUING_DIST_POINT_st
+        {
+        DIST_POINT_NAME *distpoint;
+        int onlyuser;
+        int onlyCA;
+        ASN1_BIT_STRING *onlysomereasons;
+        int indirectCRL;
+        int onlyattr;
+        };
+/* Values in idp_flags field */
+/* IDP present */
+#define IDP_PRESENT     0x1
+/* IDP values inconsistent */
+#define IDP_INVALID     0x2
+/* onlyuser true */
+#define IDP_ONLYUSER    0x4
+/* onlyCA true */
+#define IDP_ONLYCA      0x8
+/* onlyattr true */
+#define IDP_ONLYATTR    0x10
+/* indirectCRL true */
+#define IDP_INDIRECT    0x20
+/* onlysomereasons present */
+#define IDP_REASONS     0x40
 #define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \
 ",name:", val->name, ",value:", val->value);
@@ -373,6 +422,7 @@ DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION)
 #define EXFLAG_PROXY            0x400
 #define EXFLAG_INVALID_POLICY   0x800
+#define EXFLAG_FRESHEST         0x1000
 #define KU_DIGITAL_SIGNATURE    0x0080
 #define KU_NON_REPUDIATION      0x0040
@@ -424,9 +474,10 @@ typedef struct x509_purpose_st {
 #define X509_PURPOSE_CRL_SIGN           6
 #define X509_PURPOSE_ANY                7
 #define X509_PURPOSE_OCSP_HELPER        8
+#define X509_PURPOSE_TIMESTAMP_SIGN     9
 #define X509_PURPOSE_MIN                1
-#define X509_PURPOSE_MAX                8
+#define X509_PURPOSE_MAX                9
 /* Flags for X509V3_EXT_print() */
@@ -471,6 +522,9 @@ DECLARE_ASN1_FUNCTIONS(AUTHORITY_KEYID)
 DECLARE_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD)
 DECLARE_ASN1_FUNCTIONS(GENERAL_NAME)
+GENERAL_NAME *GENERAL_NAME_dup(GENERAL_NAME *a);
+int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b);
 ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
@@ -486,11 +540,18 @@ DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES)
 STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
                GENERAL_NAMES *gen, STACK_OF(CONF_VALUE) *extlist);
-GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
+GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method,
-                                X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+                                 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
 DECLARE_ASN1_FUNCTIONS(OTHERNAME)
 DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME)
+int OTHERNAME_cmp(OTHERNAME *a, OTHERNAME *b);
+void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value);
+void *GENERAL_NAME_get0_value(GENERAL_NAME *a, int *ptype);
+int GENERAL_NAME_set0_othername(GENERAL_NAME *gen,
+                                ASN1_OBJECT *oid, ASN1_TYPE *value);
+int GENERAL_NAME_get0_otherName(GENERAL_NAME *gen, 
+                                ASN1_OBJECT **poid, ASN1_TYPE **pvalue);
 char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *ia5);
 ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
@@ -507,6 +568,11 @@ DECLARE_ASN1_FUNCTIONS(NOTICEREF)
 DECLARE_ASN1_FUNCTIONS(CRL_DIST_POINTS)
 DECLARE_ASN1_FUNCTIONS(DIST_POINT)
 DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME)
+DECLARE_ASN1_FUNCTIONS(ISSUING_DIST_POINT)
+int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname);
+int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc);
 DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION)
 DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)
@@ -524,11 +590,16 @@ DECLARE_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)
 DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS)
 DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS)
+GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
+                               const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+                               int gen_type, char *value, int is_nc);
 #ifdef HEADER_CONF_H
-GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
-                                                        CONF_VALUE *cnf);
+                               CONF_VALUE *cnf);
-GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, X509V3_EXT_METHOD *method,
+GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
-                                X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc);
+                                  const X509V3_EXT_METHOD *method,
+                                  X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc);
 void X509V3_conf_free(CONF_VALUE *val);
 X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value);
@@ -538,18 +609,23 @@ int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509 *cert)
 int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_REQ *req);
 int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);
-X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, char *value);
+X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
-X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, char *value);
+                                    int ext_nid, char *value);
-int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509 *cert);
+X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
-int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_REQ *req);
+                                char *name, char *value);
-int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);
+int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
+                        char *section, X509 *cert);
+int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
+                            char *section, X509_REQ *req);
+int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
+                            char *section, X509_CRL *crl);
 int X509V3_add_value_bool_nf(char *name, int asn1_bool,
-                                                STACK_OF(CONF_VALUE) **extlist);
+                             STACK_OF(CONF_VALUE) **extlist);
 int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);
 int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
 void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf);
-void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash);
+void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash);
 #endif
 char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section);
@@ -576,8 +652,8 @@ int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist);
 int X509V3_EXT_add_alias(int nid_to, int nid_from);
 void X509V3_EXT_cleanup(void);
-X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext);
+const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext);
-X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid);
+const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid);
 int X509V3_add_standard_extensions(void);
 STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line);
 void *X509V3_EXT_d2i(X509_EXTENSION *ext);
@@ -587,8 +663,8 @@ void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx);
 X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
 int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, int crit, unsigned long flags);
-char *hex_to_string(unsigned char *buffer, long len);
+char *hex_to_string(const unsigned char *buffer, long len);
-unsigned char *string_to_hex(char *str, long *len);
+unsigned char *string_to_hex(const char *str, long *len);
 int name_cmp(const char *name, const char *cmp);
 void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,
@@ -603,6 +679,7 @@ int X509_check_purpose(X509 *x, int id, int ca);
 int X509_supported_extension(X509_EXTENSION *ex);
 int X509_PURPOSE_set(int *p, int purpose);
 int X509_check_issued(X509 *issuer, X509 *subject);
+int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid);
 int X509_PURPOSE_get_count(void);
 X509_PURPOSE * X509_PURPOSE_get0(int idx);
 int X509_PURPOSE_get_by_sname(char *sname);
@@ -616,10 +693,10 @@ int X509_PURPOSE_get_trust(X509_PURPOSE *xp);
 void X509_PURPOSE_cleanup(void);
 int X509_PURPOSE_get_id(X509_PURPOSE *);
-STACK *X509_get1_email(X509 *x);
+STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x);
-STACK *X509_REQ_get1_email(X509_REQ *x);
+STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x);
-void X509_email_free(STACK *sk);
+void X509_email_free(STACK_OF(OPENSSL_STRING) *sk);
-STACK *X509_get1_ocsp(X509 *x);
+STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x);
 ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc);
 ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc);
@@ -628,6 +705,7 @@ int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk,
                                                unsigned long chtype);
 void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent);
+DECLARE_STACK_OF(X509_POLICY_NODE)
 #ifndef OPENSSL_NO_RFC3779
@@ -787,8 +865,9 @@ void ERR_load_X509V3_strings(void);
 /* Error codes for the X509V3 functions. */
 /* Function codes. */
-#define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE             156
+#define X509V3_F_A2I_GENERAL_NAME                        164
-#define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL         157
+#define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE             161
+#define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL         162
 #define X509V3_F_COPY_EMAIL                              122
 #define X509V3_F_COPY_ISSUER                             123
 #define X509V3_F_DO_DIRNAME                              144
@@ -796,6 +875,7 @@ void ERR_load_X509V3_strings(void);
 #define X509V3_F_DO_EXT_I2D                              135
 #define X509V3_F_DO_EXT_NCONF                            151
 #define X509V3_F_DO_I2V_NAME_CONSTRAINTS                 148
+#define X509V3_F_GNAMES_FROM_SECTNAME                    156
 #define X509V3_F_HEX_TO_STRING                           111
 #define X509V3_F_I2S_ASN1_ENUMERATED                     121
 #define X509V3_F_I2S_ASN1_IA5STRING                      149
@@ -812,13 +892,14 @@ void ERR_load_X509V3_strings(void);
 #define X509V3_F_S2I_ASN1_OCTET_STRING                   112
 #define X509V3_F_S2I_ASN1_SKEY_ID                        114
 #define X509V3_F_S2I_SKEY_ID                             115
+#define X509V3_F_SET_DIST_POINT_NAME                     158
 #define X509V3_F_STRING_TO_HEX                           113
 #define X509V3_F_SXNET_ADD_ID_ASC                        125
 #define X509V3_F_SXNET_ADD_ID_INTEGER                    126
 #define X509V3_F_SXNET_ADD_ID_ULONG                      127
 #define X509V3_F_SXNET_GET_ID_ASC                        128
 #define X509V3_F_SXNET_GET_ID_ULONG                      129
-#define X509V3_F_V2I_ASIDENTIFIERS                       158
+#define X509V3_F_V2I_ASIDENTIFIERS                       163
 #define X509V3_F_V2I_ASN1_BIT_STRING                     101
 #define X509V3_F_V2I_AUTHORITY_INFO_ACCESS               139
 #define X509V3_F_V2I_AUTHORITY_KEYID                     119
@@ -827,6 +908,7 @@ void ERR_load_X509V3_strings(void);
 #define X509V3_F_V2I_EXTENDED_KEY_USAGE                  103
 #define X509V3_F_V2I_GENERAL_NAMES                       118
 #define X509V3_F_V2I_GENERAL_NAME_EX                     117
+#define X509V3_F_V2I_IDP                                 157
 #define X509V3_F_V2I_IPADDRBLOCKS                        159
 #define X509V3_F_V2I_ISSUER_ALT                          153
 #define X509V3_F_V2I_NAME_CONSTRAINTS                    147
@@ -855,6 +937,7 @@ void ERR_load_X509V3_strings(void);
 #define X509V3_R_BN_DEC2BN_ERROR                         100
 #define X509V3_R_BN_TO_ASN1_INTEGER_ERROR                101
 #define X509V3_R_DIRNAME_ERROR                           149
+#define X509V3_R_DISTPOINT_ALREADY_SET                   160
 #define X509V3_R_DUPLICATE_ZONE_ID                       133
 #define X509V3_R_ERROR_CONVERTING_ZONE                   131
 #define X509V3_R_ERROR_CREATING_EXTENSION                144
@@ -868,12 +951,13 @@ void ERR_load_X509V3_strings(void);
 #define X509V3_R_ILLEGAL_EMPTY_EXTENSION                 151
 #define X509V3_R_ILLEGAL_HEX_DIGIT                       113
 #define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG             152
-#define X509V3_R_INVALID_ASNUMBER                        160
+#define X509V3_R_INVALID_MULTIPLE_RDNS                   161
-#define X509V3_R_INVALID_ASRANGE                         161
+#define X509V3_R_INVALID_ASNUMBER                        162
+#define X509V3_R_INVALID_ASRANGE                         163
 #define X509V3_R_INVALID_BOOLEAN_STRING                  104
 #define X509V3_R_INVALID_EXTENSION_STRING                105
-#define X509V3_R_INVALID_INHERITANCE                     162
+#define X509V3_R_INVALID_INHERITANCE                     165
-#define X509V3_R_INVALID_IPADDRESS                       163
+#define X509V3_R_INVALID_IPADDRESS                       166
 #define X509V3_R_INVALID_NAME                            106
 #define X509V3_R_INVALID_NULL_ARGUMENT                   107
 #define X509V3_R_INVALID_NULL_NAME                       108
@@ -901,9 +985,9 @@ void ERR_load_X509V3_strings(void);
 #define X509V3_R_ODD_NUMBER_OF_DIGITS                    112
 #define X509V3_R_OPERATION_NOT_DEFINED                   148
 #define X509V3_R_OTHERNAME_ERROR                         147
-#define X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED        155
+#define X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED         155
 #define X509V3_R_POLICY_PATH_LENGTH                      156
-#define X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED     157
+#define X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED      157
 #define X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED   158
 #define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 159
 #define X509V3_R_SECTION_NOT_FOUND                       150
@@ -914,6 +998,7 @@ void ERR_load_X509V3_strings(void);
 #define X509V3_R_UNKNOWN_EXTENSION_NAME                  130
 #define X509V3_R_UNKNOWN_OPTION                          120
 #define X509V3_R_UNSUPPORTED_OPTION                      117
+#define X509V3_R_UNSUPPORTED_TYPE                        167
 #define X509V3_R_USER_TOO_LONG                           132
 #ifdef  __cplusplus
diff --git a/src/lib/libcrypto/x86_64cpuid.pl b/src/lib/libcrypto/x86_64cpuid.pl
index 2616a03da6..c96821a3c8 100644
--- a/src/lib/libcrypto/x86_64cpuid.pl
+++ b/src/lib/libcrypto/x86_64cpuid.pl
@@ -1,108 +1,37 @@
 #!/usr/bin/env perl
-$output=shift;
+$flavour = shift;
-$masm=1 if ($output =~ /\.asm/);
+$output  = shift;
-open STDOUT,">$output" || die "can't open $output: $!";
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
-print<<___ if(defined($masm));
-_TEXT   SEGMENT
-PUBLIC  OPENSSL_rdtsc
-PUBLIC  OPENSSL_atomic_add
-ALIGN   16
-OPENSSL_atomic_add      PROC
-        mov     eax,DWORD PTR[rcx]
-\$Lspin:        lea     r8,DWORD PTR[rdx+rax]
-lock    cmpxchg DWORD PTR[rcx],r8d
-        jne     \$Lspin
-        mov     eax,r8d
-        cdqe    
-        ret
-OPENSSL_atomic_add      ENDP
-PUBLIC  OPENSSL_wipe_cpu
-ALIGN   16
-OPENSSL_wipe_cpu        PROC
-        pxor    xmm0,xmm0
-        pxor    xmm1,xmm1
-        pxor    xmm2,xmm2
-        pxor    xmm3,xmm3
-        pxor    xmm4,xmm4
-        pxor    xmm5,xmm5
-        xor     rcx,rcx
-        xor     rdx,rdx
-        xor     r8,r8
-        xor     r9,r9
-        xor     r10,r10
-        xor     r11,r11
-        lea     rax,QWORD PTR[rsp+8]
-        ret
-OPENSSL_wipe_cpu        ENDP
-_TEXT   ENDS
-CRT\$XIU        SEGMENT
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
-EXTRN   OPENSSL_cpuid_setup:PROC
-DQ      OPENSSL_cpuid_setup
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-CRT\$XIU        ENDS
+open STDOUT,"| $^X ${dir}perlasm/x86_64-xlate.pl $flavour $output";
+if ($win64)     { $arg1="%rcx"; $arg2="%rdx"; }
+else            { $arg1="%rdi"; $arg2="%rsi"; }
+print<<___;
+.extern         OPENSSL_cpuid_setup
+.section        .init
+        call    OPENSSL_cpuid_setup
-___
-print<<___ if(!defined($masm));
 .text
 .globl  OPENSSL_atomic_add
-.type   OPENSSL_atomic_add,\@function
+.type   OPENSSL_atomic_add,\@abi-omnipotent
 .align  16
 OPENSSL_atomic_add:
-        movl    (%rdi),%eax
+        movl    ($arg1),%eax
-.Lspin: leaq    (%rsi,%rax),%r8
+.Lspin: leaq    ($arg2,%rax),%r8
-lock;   cmpxchgl        %r8d,(%rdi)
+        .byte   0xf0            # lock
+        cmpxchgl        %r8d,($arg1)
        jne     .Lspin
        movl    %r8d,%eax
-        .byte   0x48,0x98
+        .byte   0x48,0x98       # cltq/cdqe
        ret
 .size   OPENSSL_atomic_add,.-OPENSSL_atomic_add
-.globl  OPENSSL_wipe_cpu
-.type   OPENSSL_wipe_cpu,\@function
-.align  16
-OPENSSL_wipe_cpu:
-        pxor    %xmm0,%xmm0
-        pxor    %xmm1,%xmm1
-        pxor    %xmm2,%xmm2
-        pxor    %xmm3,%xmm3
-        pxor    %xmm4,%xmm4
-        pxor    %xmm5,%xmm5
-        pxor    %xmm6,%xmm6
-        pxor    %xmm7,%xmm7
-        pxor    %xmm8,%xmm8
-        pxor    %xmm9,%xmm9
-        pxor    %xmm10,%xmm10
-        pxor    %xmm11,%xmm11
-        pxor    %xmm12,%xmm12
-        pxor    %xmm13,%xmm13
-        pxor    %xmm14,%xmm14
-        pxor    %xmm15,%xmm15
-        xorq    %rcx,%rcx
-        xorq    %rdx,%rdx
-        xorq    %rsi,%rsi
-        xorq    %rdi,%rdi
-        xorq    %r8,%r8
-        xorq    %r9,%r9
-        xorq    %r10,%r10
-        xorq    %r11,%r11
-        leaq    8(%rsp),%rax
-        ret
-.size   OPENSSL_wipe_cpu,.-OPENSSL_wipe_cpu
-.section        .init
-        call    OPENSSL_cpuid_setup
-___
-open STDOUT,"| $^X perlasm/x86_64-xlate.pl $output";
-print<<___;
-.text
 .globl  OPENSSL_rdtsc
 .type   OPENSSL_rdtsc,\@abi-omnipotent
 .align  16
@@ -121,6 +50,8 @@ OPENSSL_ia32_cpuid:
        xor     %eax,%eax
        cpuid
+        mov     %eax,%r11d              # max value for standard query level
        xor     %eax,%eax
        cmp     \$0x756e6547,%ebx       # "Genu"
        setne   %al
@@ -130,10 +61,56 @@ OPENSSL_ia32_cpuid:
        or      %eax,%r9d
        cmp     \$0x6c65746e,%ecx       # "ntel"
        setne   %al
-        or      %eax,%r9d
+        or      %eax,%r9d               # 0 indicates Intel CPU
+        jz      .Lintel
+        cmp     \$0x68747541,%ebx       # "Auth"
+        setne   %al
+        mov     %eax,%r10d
+        cmp     \$0x69746E65,%edx       # "enti"
+        setne   %al
+        or      %eax,%r10d
+        cmp     \$0x444D4163,%ecx       # "cAMD"
+        setne   %al
+        or      %eax,%r10d              # 0 indicates AMD CPU
+        jnz     .Lintel
+        # AMD specific
+        mov     \$0x80000000,%eax
+        cpuid
+        cmp     \$0x80000008,%eax
+        jb      .Lintel
+        mov     \$0x80000008,%eax
+        cpuid
+        movzb   %cl,%r10                # number of cores - 1
+        inc     %r10                    # number of cores
        mov     \$1,%eax
        cpuid
+        bt      \$28,%edx               # test hyper-threading bit
+        jnc     .Ldone
+        shr     \$16,%ebx               # number of logical processors
+        cmp     %r10b,%bl
+        ja      .Ldone
+        and     \$0xefffffff,%edx       # ~(1<<28)
+        jmp     .Ldone
+.Lintel:
+        cmp     \$4,%r11d
+        mov     \$-1,%r10d
+        jb      .Lnocacheinfo
+        mov     \$4,%eax
+        mov     \$0,%ecx                # query L1D
+        cpuid
+        mov     %eax,%r10d
+        shr     \$14,%r10d
+        and     \$0xfff,%r10d           # number of cores -1 per L1D
+.Lnocacheinfo:
+        mov     \$1,%eax
+        cpuid
        cmp     \$0,%r9d
        jne     .Lnotintel
        or      \$0x00100000,%edx       # use reserved 20th bit to engage RC4_CHAR
@@ -144,6 +121,11 @@ OPENSSL_ia32_cpuid:
 .Lnotintel:
        bt      \$28,%edx               # test hyper-threading bit
        jnc     .Ldone
+        and     \$0xefffffff,%edx       # ~(1<<28)
+        cmp     \$0,%r10d
+        je      .Ldone
+        or      \$0x10000000,%edx       # 1<<28
        shr     \$16,%ebx
        cmp     \$1,%bl                 # see if cache is shared
        ja      .Ldone
@@ -155,5 +137,96 @@ OPENSSL_ia32_cpuid:
        or      %rcx,%rax
        ret
 .size   OPENSSL_ia32_cpuid,.-OPENSSL_ia32_cpuid
+.globl  OPENSSL_cleanse
+.type   OPENSSL_cleanse,\@abi-omnipotent
+.align  16
+OPENSSL_cleanse:
+        xor     %rax,%rax
+        cmp     \$15,$arg2
+        jae     .Lot
+        cmp     \$0,$arg2
+        je      .Lret
+.Little:
+        mov     %al,($arg1)
+        sub     \$1,$arg2
+        lea     1($arg1),$arg1
+        jnz     .Little
+.Lret:
+        ret
+.align  16
+.Lot:
+        test    \$7,$arg1
+        jz      .Laligned
+        mov     %al,($arg1)
+        lea     -1($arg2),$arg2
+        lea     1($arg1),$arg1
+        jmp     .Lot
+.Laligned:
+        mov     %rax,($arg1)
+        lea     -8($arg2),$arg2
+        test    \$-8,$arg2
+        lea     8($arg1),$arg1
+        jnz     .Laligned
+        cmp     \$0,$arg2
+        jne     .Little
+        ret
+.size   OPENSSL_cleanse,.-OPENSSL_cleanse
+___
+print<<___ if (!$win64);
+.globl  OPENSSL_wipe_cpu
+.type   OPENSSL_wipe_cpu,\@abi-omnipotent
+.align  16
+OPENSSL_wipe_cpu:
+        pxor    %xmm0,%xmm0
+        pxor    %xmm1,%xmm1
+        pxor    %xmm2,%xmm2
+        pxor    %xmm3,%xmm3
+        pxor    %xmm4,%xmm4
+        pxor    %xmm5,%xmm5
+        pxor    %xmm6,%xmm6
+        pxor    %xmm7,%xmm7
+        pxor    %xmm8,%xmm8
+        pxor    %xmm9,%xmm9
+        pxor    %xmm10,%xmm10
+        pxor    %xmm11,%xmm11
+        pxor    %xmm12,%xmm12
+        pxor    %xmm13,%xmm13
+        pxor    %xmm14,%xmm14
+        pxor    %xmm15,%xmm15
+        xorq    %rcx,%rcx
+        xorq    %rdx,%rdx
+        xorq    %rsi,%rsi
+        xorq    %rdi,%rdi
+        xorq    %r8,%r8
+        xorq    %r9,%r9
+        xorq    %r10,%r10
+        xorq    %r11,%r11
+        leaq    8(%rsp),%rax
+        ret
+.size   OPENSSL_wipe_cpu,.-OPENSSL_wipe_cpu
 ___
+print<<___ if ($win64);
+.globl  OPENSSL_wipe_cpu
+.type   OPENSSL_wipe_cpu,\@abi-omnipotent
+.align  16
+OPENSSL_wipe_cpu:
+        pxor    %xmm0,%xmm0
+        pxor    %xmm1,%xmm1
+        pxor    %xmm2,%xmm2
+        pxor    %xmm3,%xmm3
+        pxor    %xmm4,%xmm4
+        pxor    %xmm5,%xmm5
+        xorq    %rcx,%rcx
+        xorq    %rdx,%rdx
+        xorq    %r8,%r8
+        xorq    %r9,%r9
+        xorq    %r10,%r10
+        xorq    %r11,%r11
+        leaq    8(%rsp),%rax
+        ret
+.size   OPENSSL_wipe_cpu,.-OPENSSL_wipe_cpu
+___
 close STDOUT;   # flush
diff --git a/src/lib/libcrypto/x86cpuid.pl b/src/lib/libcrypto/x86cpuid.pl
index 4408ef2936..a7464af19b 100644
--- a/src/lib/libcrypto/x86cpuid.pl
+++ b/src/lib/libcrypto/x86cpuid.pl
@@ -1,6 +1,7 @@
 #!/usr/bin/env perl
-push(@INC,"perlasm");
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC, "${dir}perlasm", "perlasm");
 require "x86asm.pl";
 &asm_init($ARGV[0],"x86cpuid");
@@ -22,38 +23,90 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
        &jnc    (&label("done"));
        &xor    ("eax","eax");
        &cpuid  ();
+        &mov    ("edi","eax");          # max value for standard query level
        &xor    ("eax","eax");
        &cmp    ("ebx",0x756e6547);     # "Genu"
-        &data_byte(0x0f,0x95,0xc0);     #&setne (&LB("eax"));
+        &setne  (&LB("eax"));
        &mov    ("ebp","eax");
        &cmp    ("edx",0x49656e69);     # "ineI"
-        &data_byte(0x0f,0x95,0xc0);     #&setne (&LB("eax"));
+        &setne  (&LB("eax"));
        &or     ("ebp","eax");
        &cmp    ("ecx",0x6c65746e);     # "ntel"
-        &data_byte(0x0f,0x95,0xc0);     #&setne (&LB("eax"));
+        &setne  (&LB("eax"));
-        &or     ("ebp","eax");
+        &or     ("ebp","eax");          # 0 indicates Intel CPU
+        &jz     (&label("intel"));
+        &cmp    ("ebx",0x68747541);     # "Auth"
+        &setne  (&LB("eax"));
+        &mov    ("esi","eax");
+        &cmp    ("edx",0x69746E65);     # "enti"
+        &setne  (&LB("eax"));
+        &or     ("esi","eax");
+        &cmp    ("ecx",0x444D4163);     # "cAMD"
+        &setne  (&LB("eax"));
+        &or     ("esi","eax");          # 0 indicates AMD CPU
+        &jnz    (&label("intel"));
+        # AMD specific
+        &mov    ("eax",0x80000000);
+        &cpuid  ();
+        &cmp    ("eax",0x80000008);
+        &jb     (&label("intel"));
+        &mov    ("eax",0x80000008);
+        &cpuid  ();
+        &movz   ("esi",&LB("ecx"));     # number of cores - 1
+        &inc    ("esi");                # number of cores
+        &mov    ("eax",1);
+        &cpuid  ();
+        &bt     ("edx",28);
+        &jnc    (&label("done"));
+        &shr    ("ebx",16);
+        &and    ("ebx",0xff);
+        &cmp    ("ebx","esi");
+        &ja     (&label("done"));
+        &and    ("edx",0xefffffff);     # clear hyper-threading bit
+        &jmp    (&label("done"));
+        
+&set_label("intel");
+        &cmp    ("edi",4);
+        &mov    ("edi",-1);
+        &jb     (&label("nocacheinfo"));
+        &mov    ("eax",4);
+        &mov    ("ecx",0);              # query L1D
+        &cpuid  ();
+        &mov    ("edi","eax");
+        &shr    ("edi",14);
+        &and    ("edi",0xfff);          # number of cores -1 per L1D
+&set_label("nocacheinfo");
        &mov    ("eax",1);
        &cpuid  ();
        &cmp    ("ebp",0);
        &jne    (&label("notP4"));
-        &and    ("eax",15<<8);          # familiy ID
+        &and    (&HB("eax"),15);        # familiy ID
-        &cmp    ("eax",15<<8);          # P4?
+        &cmp    (&HB("eax"),15);        # P4?
        &jne    (&label("notP4"));
        &or     ("edx",1<<20);          # use reserved bit to engage RC4_CHAR
 &set_label("notP4");
        &bt     ("edx",28);             # test hyper-threading bit
        &jnc    (&label("done"));
+        &and    ("edx",0xefffffff);
+        &cmp    ("edi",0);
+        &je     (&label("done"));
+        &or     ("edx",0x10000000);
        &shr    ("ebx",16);
-        &and    ("ebx",0xff);
+        &cmp    (&LB("ebx"),1);
-        &cmp    ("ebx",1);              # see if cache is shared(*)
        &ja     (&label("done"));
        &and    ("edx",0xefffffff);     # clear hyper-threading bit if not
 &set_label("done");
        &mov    ("eax","edx");
        &mov    ("edx","ecx");
 &function_end("OPENSSL_ia32_cpuid");
-# (*)   on Core2 this value is set to 2 denoting the fact that L2
-#       cache is shared between cores.
 &external_label("OPENSSL_ia32cap_P");
@@ -220,6 +273,40 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
        }
 &function_end_B("OPENSSL_indirect_call");
+&function_begin_B("OPENSSL_cleanse");
+        &mov    ("edx",&wparam(0));
+        &mov    ("ecx",&wparam(1));
+        &xor    ("eax","eax");
+        &cmp    ("ecx",7);
+        &jae    (&label("lot"));
+        &cmp    ("ecx",0);
+        &je     (&label("ret"));
+&set_label("little");
+        &mov    (&BP(0,"edx"),"al");
+        &sub    ("ecx",1);
+        &lea    ("edx",&DWP(1,"edx"));
+        &jnz    (&label("little"));
+&set_label("ret");
+        &ret    ();
+&set_label("lot",16);
+        &test   ("edx",3);
+        &jz     (&label("aligned"));
+        &mov    (&BP(0,"edx"),"al");
+        &lea    ("ecx",&DWP(-1,"ecx"));
+        &lea    ("edx",&DWP(1,"edx"));
+        &jmp    (&label("lot"));
+&set_label("aligned");
+        &mov    (&DWP(0,"edx"),"eax");
+        &lea    ("ecx",&DWP(-4,"ecx"));
+        &test   ("ecx",-4);
+        &lea    ("edx",&DWP(4,"edx"));
+        &jnz    (&label("aligned"));
+        &cmp    ("ecx",0);
+        &jne    (&label("little"));
+        &ret    ();
+&function_end_B("OPENSSL_cleanse");
 &initseg("OPENSSL_cpuid_setup");
 &asm_finish();