Add crossbuild patch to 1.2 FIPS branch.

This commit was manufactured by cvs2svn to create branch 'OpenSSL-fips-
1_2-stable'.
2011-09-25 15:51:57 +00:00 · 2007-10-05 17:35:29 +00:00 · 2007-10-05 17:35:26 +00:00 · 2007-10-05 13:14:55 +00:00 · 2007-09-22 12:43:13 +00:00 · 2007-09-21 18:05:25 +00:00
210 changed files with 13776 additions and 19027 deletions
--- a/31
+++ b/31
@@ -4,6 +4,37 @@
 Changes between 0.9.8e and 0.9.8f-fips  [xx XXX xxxx]
  *) Add option --with-fipslibdir to specify location of fipscanister.lib
     and friends. When combined with fips build option fipscanister.lib is
     not built but linked from the supplied directory. Always link fips
     utilities against fiscanister.lib only except in fipsdso builds.
     [Steve Henson]
  *) Add SSE2 instruction support to WIN32 build. These will be compiled
     by default and used if an appopriate CPU is detected. Some older versions
     of NASM or MASM which don't support SSE2 will need to be updated. 
     [Steve Henson]
  *) Tolerate DigestInfo structure with absent parameters in FIPS mode
     (as required by several standards).
     [Steve Henson]
  *) Enhance mkfipsscr.pl to cope with different directory layouts. It now
     relies on the filename and makes no assumptions about the pathname.
     In the case of PSS it scans the file to determine the salt length.
     Paths can be filtered. Also reports duplicate and missing files.
     [Steve Henson]
  *) Updates to WIN32 build system. Make use of AES assembly language routines.
     Use assembly language routines in FIPS compilation.
     [Steve Henson]
  *) Use standard implementations of SHAx, DES, AES under crypto/ in FIPS
     mode to avoid having to maintain two versions. This will also make use
     of appropriate assembly language optimizations.
     [Steve Henson]
  *) Check for selftest status in all crypto operations and exit with a
     fatal error if selftest failed.
     [Steve Henson]
--- a/246
+++ b/246
@@ -116,15 +116,17 @@ my $tlib="-lnsl -lsocket";
 my $bits1="THIRTY_TWO_BIT ";
 my $bits2="SIXTY_FOUR_BIT ";
-my $x86_elf_asm="x86cpuid-elf.o:bn86-elf.o co86-elf.o:dx86-elf.o yx86-elf.o:ax86-elf.o:bx86-elf.o:mx86-elf.o:sx86-elf.o s512sse2-elf.o:cx86-elf.o:rx86-elf.o:rm86-elf.o:r586-elf.o";
+my $x86_elf_asm="x86cpuid-elf.o:bn86-elf.o co86-elf.o mo86-elf.o:dx86-elf.o yx86-elf.o:ax86-elf.o:bx86-elf.o:mx86-elf.o:sx86-elf.o s512sse2-elf.o:cx86-elf.o:rx86-elf.o:rm86-elf.o:r586-elf.o";
-my $x86_coff_asm="x86cpuid-cof.o:bn86-cof.o co86-cof.o:dx86-cof.o yx86-cof.o:ax86-cof.o:bx86-cof.o:mx86-cof.o:sx86-cof.o s512sse2-cof.o:cx86-cof.o:rx86-cof.o:rm86-cof.o:r586-cof.o";
+my $x86_coff_asm="x86cpuid-cof.o:bn86-cof.o co86-cof.o mo86-cof.o:dx86-cof.o yx86-cof.o:ax86-cof.o:bx86-cof.o:mx86-cof.o:sx86-cof.o s512sse2-cof.o:cx86-cof.o:rx86-cof.o:rm86-cof.o:r586-cof.o";
-my $x86_out_asm="x86cpuid-out.o:bn86-out.o co86-out.o:dx86-out.o yx86-out.o:ax86-out.o:bx86-out.o:mx86-out.o:sx86-out.o s512sse2-out.o:cx86-out.o:rx86-out.o:rm86-out.o:r586-out.o";
+my $x86_out_asm="x86cpuid-out.o:bn86-out.o co86-out.o mo86-out.o:dx86-out.o yx86-out.o:ax86-out.o:bx86-out.o:mx86-out.o:sx86-out.o s512sse2-out.o:cx86-out.o:rx86-out.o:rm86-out.o:r586-out.o";
-my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o::::md5-x86_64.o:::rc4-x86_64.o::";
+my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o::aes-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o::";
 my $ia64_asm=":bn-ia64.o::aes_core.o aes_cbc.o aes-ia64.o:::sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o::";
 my $no_asm="::::::::::";
 my $ia64_asm=$no_asm;
 my $s390x_asm=$no_asm;
 # As for $BSDthreads. Idea is to maintain "collective" set of flags,
 # which would cover all BSD flavors. -pthread applies to them all, 
 # but is treated differently. OpenBSD expands is as -D_POSIX_THREAD
@@ -201,25 +203,25 @@ my %table=(
 #### SPARC Solaris with GNU C setups
 "solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # -m32 should be safe to add as long as driver recognizes -mcpu=ultrasparc
-"solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:::des_enc-sparc.o fcrypt_b.o:::md5-sparcv9.o::::::dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 ####
-"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8.o::::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 #### SPARC Solaris with Sun C setups
 # SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2.
 # SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8
 # SC5.0 note: Compiler common patch 107357-01 or later is required!
 "solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:::des_enc-sparc.o fcrypt_b.o:::md5-sparcv9.o::::::dlfcn:solaris-shared:-KPIC:-xarch=v9 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs",
+"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-xarch=v9 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs",
 ####
-"debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8.o::::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8plus.o::::md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 
+"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 
 #### SunOS configs, assuming sparc for the gcc one.
 #"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:${no_asm}::",
@@ -232,11 +234,11 @@ my %table=(
 #### IRIX 6.x configs
 # Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke
 # './Configure irix-cc -o32' manually.
-"irix-mips3-gcc","gcc:-mabi=n32 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT::bn-mips3.o::::::::::dlfcn:irix-shared::-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix-mips3-gcc","gcc:-mabi=n32 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${no_asm}:dlfcn:irix-shared::-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT::bn-mips3.o::::::::::dlfcn:irix-shared::-n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${no_asm}:dlfcn:irix-shared::-n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # N64 ABI builds.
-"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG::bn-mips3.o::::::::::dlfcn:irix-shared::-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${no_asm}:dlfcn:irix-shared::-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG::bn-mips3.o::::::::::dlfcn:irix-shared::-64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${no_asm}:dlfcn:irix-shared::-64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 #### Unified HP-UX ANSI C configs.
 # Special notes:
@@ -269,8 +271,8 @@ my %table=(
 # Since there is mention of this in shlib/hpux10-cc.sh
 "hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux-parisc2-gcc","gcc:-march=2.0 -O3 -DB_ENDIAN -D_REENTRANT::::-Wl,+s -ldld:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL DES_RISC1::pa-risc2.o::::::::::dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-parisc2-gcc","gcc:-march=2.0 -O3 -DB_ENDIAN -D_REENTRANT::::-Wl,+s -ldld:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux64-parisc2-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::pa-risc2W.o::::::::::dlfcn:hpux-shared:-fpic:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux64-parisc2-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${no_asm}:dlfcn:hpux-shared:-fpic:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # More attempts at unified 10.X and 11.X targets for HP C compiler.
 #
@@ -278,8 +280,8 @@ my %table=(
 # Kevin Steves <ks@hp.se>
 "hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "hpux-parisc1_0-cc","cc:+DAportable +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT::::-Wl,+s -ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::pa-risc2.o::::::::::dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT::::-Wl,+s -ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::pa-risc2W.o::::::::::dlfcn:hpux-shared:+Z:+DD64 -b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${no_asm}:dlfcn:hpux-shared:+Z:+DD64 -b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # HP/UX IA-64 targets
 "hpux-ia64-cc","cc:-Ae +DD32 +O2 +Olit=all -z -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:+Z:+DD32 -b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -316,27 +318,28 @@ my %table=(
 # *-generic* is endian-neutral target, but ./config is free to
 # throw in -D[BL]_ENDIAN, whichever appropriate...
 "linux-generic32","gcc:-DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ppc",	"gcc:-DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc32.o::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ppc",	"gcc:-DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 #### IA-32 targets...
 "linux-ia32-icc",	"icc:-DL_ENDIAN -DTERMIO -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-elf",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
 ####
 "linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ppc64",	"gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc64.o::::::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ppc64",	"gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-ia64",	"gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-x86_64",	"gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-s390x",  "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 #### SPARC Linux setups
 # Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
 # assisted with debugging of following two configs.
-"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # it's a real mess with -mcpu=ultrasparc option under Linux, but
 # -Wa,-Av8plus should do the trick no matter what.
-"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::md5-sparcv8plus.o::::::dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # GCC 3.1 is a requirement
-"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::des_enc-sparc.o fcrypt_b.o:::md5-sparcv9.o::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 #### Alpha Linux with GNU C and Compaq C setups
 # Special notes:
 # - linux-alpha+bwx-gcc is ment to be used from ./config only. If you
@@ -360,13 +363,13 @@ my %table=(
 "BSD-x86",	"gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "BSD-x86-elf",	"gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-BSD-x86-elf",	"gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall -g::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"BSD-sparcv8",	"gcc:-DB_ENDIAN -DTERMIOS -O3 -mv8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-sparcv8",	"gcc:-DB_ENDIAN -DTERMIOS -O3 -mv8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "BSD-generic64","gcc:-DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # -DMD32_REG_T=int doesn't actually belong in sparc64 target, it
 # simply *happens* to work around a compiler bug in gcc 3.3.3,
 # triggered by RIPEMD160 code.
-"BSD-sparc64",	"gcc:-DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:::des_enc-sparc.o fcrypt_b.o:::md5-sparcv9.o::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-sparc64",	"gcc:-DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "BSD-ia64",	"gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "BSD-x86_64",	"gcc:-DL_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -404,12 +407,12 @@ my %table=(
 #### IBM's AIX.
 "aix3-cc",  "cc:-O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::BN_LLONG RC4_CHAR:::",
-"aix-gcc",  "gcc:-O -DB_ENDIAN::-D_THREAD_SAFE:AIX::BN_LLONG RC4_CHAR::aix_ppc32.o::::::::::dlfcn:aix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32",
+"aix-gcc",  "gcc:-O -DB_ENDIAN::-D_THREAD_SAFE:AIX::BN_LLONG RC4_CHAR:${no_asm}:dlfcn:aix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32",
-"aix64-gcc","gcc:-maix64 -O -DB_ENDIAN::-D_THREAD_SAFE:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn:aix-shared::-maix64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X64",
+"aix64-gcc","gcc:-maix64 -O -DB_ENDIAN::-D_THREAD_SAFE:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR:${no_asm}:dlfcn:aix-shared::-maix64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X64",
 # Below targets assume AIX 5. Idea is to effectively disregard $OBJECT_MODE
 # at build time. $OBJECT_MODE is respected at ./config stage!
-"aix-cc",   "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded:AIX::BN_LLONG RC4_CHAR::aix_ppc32.o::::::::::dlfcn:aix-shared::-q32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32",
+"aix-cc",   "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded:AIX::BN_LLONG RC4_CHAR:${no_asm}:dlfcn:aix-shared::-q32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32",
-"aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn:aix-shared::-q64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64",
+"aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR:${no_asm}:dlfcn:aix-shared::-q64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64",
 #
 # Cray T90 and similar (SDSC)
@@ -501,9 +504,9 @@ my %table=(
 ##### MacOS X (a.k.a. Rhapsody or Darwin) setup
 "rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown):MACOSX_RHAPSODY::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}::",
-"darwin-ppc-cc","cc:-O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::osx_ppc32.o::::::::::dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"darwin-ppc-cc","cc:-O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
-"darwin-i386-cc","cc:-O3 -fomit-frame-pointer -fno-common::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"darwin-i386-cc","cc:-O3 -fomit-frame-pointer -fno-common::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
-"debug-darwin-ppc-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DB_ENDIAN -g -Wall -O::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::osx_ppc32.o::::::::::dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"debug-darwin-ppc-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DB_ENDIAN -g -Wall -O::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
 ##### A/UX
 "aux3-gcc","gcc:-O2 -DTERMIO::(unknown):AUX:-lbsd:RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
@@ -563,8 +566,9 @@ my $idx_arflags = $idx++;
 my $prefix="";
 my $openssldir="";
 my $exe_ext="";
-my $install_prefix="";
+my $install_prefix="$ENV{'INSTALL_PREFIX'}";
-my $fipslibdir="/usr/local/ssl/lib/";
+my $cross_compile_prefix="$ENV{'CROSS_COMPILE'}";
 my $fipslibdir="/usr/local/ssl/lib/fips-1.0/";
 my $nofipscanistercheck=0;
 my $fipsdso=0;
 my $fipscanisterinternal="n";
@@ -792,6 +796,14 @@ PROCESS_ARGS:
 				{
 				$withargs{"zlib-include"}="-I$1";
 				}
 			elsif (/^--with-fipslibdir=(.*)$/)
 				{
 				$fipslibdir="$1/";
 				}
 			elsif (/^--with-baseaddr=(.*)$/)
 				{
 				$baseaddr="$1";
 				}
 			else
 				{
 				print STDERR $usage;
@@ -895,6 +907,41 @@ print "Configuring for $target\n";
 &usage if (!defined($table{$target}));
 my @fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
 my $cc = $fields[$idx_cc];
 my $cflags = $fields[$idx_cflags];
 my $unistd = $fields[$idx_unistd];
 my $thread_cflag = $fields[$idx_thread_cflag];
 my $sys_id = $fields[$idx_sys_id];
 my $lflags = $fields[$idx_lflags];
 my $bn_ops = $fields[$idx_bn_ops];
 my $cpuid_obj = $fields[$idx_cpuid_obj];
 my $bn_obj = $fields[$idx_bn_obj];
 my $des_obj = $fields[$idx_des_obj];
 my $aes_obj = $fields[$idx_aes_obj];
 my $bf_obj = $fields[$idx_bf_obj];
 my $md5_obj = $fields[$idx_md5_obj];
 my $sha1_obj = $fields[$idx_sha1_obj];
 my $cast_obj = $fields[$idx_cast_obj];
 my $rc4_obj = $fields[$idx_rc4_obj];
 my $rmd160_obj = $fields[$idx_rmd160_obj];
 my $rc5_obj = $fields[$idx_rc5_obj];
 my $dso_scheme = $fields[$idx_dso_scheme];
 my $shared_target = $fields[$idx_shared_target];
 my $shared_cflag = $fields[$idx_shared_cflag];
 my $shared_ldflag = $fields[$idx_shared_ldflag];
 my $shared_extension = $fields[$idx_shared_extension];
 my $ranlib = $fields[$idx_ranlib];
 my $arflags = $fields[$idx_arflags];
 if ($fips)
 	{
 	delete $disabled{"shared"} if ($disabled{"shared"} eq "default");
 	$disabled{"asm"}="forced"
 		if ($target !~ "VC\-.*" &&
 		    "$cpuid_obj:$bn_obj:$aes_obj:$des_obj:$sha1_obj" eq "::::");
 	}
 foreach (sort (keys %disabled))
 	{
@@ -960,7 +1007,17 @@ $no_shared = 0 if ($fipsdso && !$IsMK1MF);
 $exe_ext=".exe" if ($target eq "Cygwin" || $target eq "DJGPP" || $target eq "mingw");
 $exe_ext=".pm"  if ($target =~ /vos/);
-$openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq "");
+if ($openssldir eq "" and $prefix eq "")
 	{
 	if ($fips)
 		{
 		$openssldir="/usr/local/ssl/fips-1.0";
 		}
 	else
 		{
 		$openssldir="/usr/local/ssl";
 		}
 	}
 $prefix=$openssldir if $prefix eq "";
 $default_ranlib= &which("ranlib") or $default_ranlib="true";
@@ -976,32 +1033,10 @@ $openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/]
 print "IsMK1MF=$IsMK1MF\n";
-my @fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
+# '%' in $lflags is used to split flags to "pre-" and post-flags
-my $cc = $fields[$idx_cc];
+my ($prelflags,$postlflags)=split('%',$lflags);
-my $cflags = $fields[$idx_cflags];
+if (defined($postlflags))	{ $lflags=$postlflags;  }
-my $unistd = $fields[$idx_unistd];
+else				{ $lflags=$prelflags; undef $prelflags; }
 my $thread_cflag = $fields[$idx_thread_cflag];
 my $sys_id = $fields[$idx_sys_id];
 my $lflags = $fields[$idx_lflags];
 my $bn_ops = $fields[$idx_bn_ops];
 my $cpuid_obj = $fields[$idx_cpuid_obj];
 my $bn_obj = $fields[$idx_bn_obj];
 my $des_obj = $fields[$idx_des_obj];
 my $aes_obj = $fields[$idx_aes_obj];
 my $bf_obj = $fields[$idx_bf_obj];
 my $md5_obj = $fields[$idx_md5_obj];
 my $sha1_obj = $fields[$idx_sha1_obj];
 my $cast_obj = $fields[$idx_cast_obj];
 my $rc4_obj = $fields[$idx_rc4_obj];
 my $rmd160_obj = $fields[$idx_rmd160_obj];
 my $rc5_obj = $fields[$idx_rc5_obj];
 my $dso_scheme = $fields[$idx_dso_scheme];
 my $shared_target = $fields[$idx_shared_target];
 my $shared_cflag = $fields[$idx_shared_cflag];
 my $shared_ldflag = $fields[$idx_shared_ldflag];
 my $shared_extension = $fields[$idx_shared_extension];
 my $ranlib = $fields[$idx_ranlib];
 my $arflags = $fields[$idx_arflags];
 my $no_shared_warn=0;
 my $no_user_cflags=0;
@@ -1131,6 +1166,8 @@ if ($no_asm)
 	{
 	$cpuid_obj=$bn_obj=$des_obj=$aes_obj=$bf_obj=$cast_obj=$rc4_obj=$rc5_obj="";
 	$sha1_obj=$md5_obj=$rmd160_obj="";
 	$cflags=~s/\-D[BL]_ENDIAN//		if ($fips);
 	$thread_cflags=~s/\-D[BL]_ENDIAN//	if ($fips);
 	}
 if (!$no_shared)
@@ -1161,7 +1198,7 @@ if ($zlib)
 my $shared_mark = "";
 if ($shared_target eq "")
 	{
-	$no_shared_warn = 1 if !$no_shared;
+	$no_shared_warn = 1 if !$no_shared && !$fips;
 	$no_shared = 1;
 	}
 if (!$no_shared)
@@ -1185,12 +1222,19 @@ if (!$IsMK1MF)
 	}
 $cpuid_obj.=" uplink.o uplink-cof.o" if ($cflags =~ /\-DOPENSSL_USE_APPLINK/);
-# Compiler fix-ups
+
-if ($target =~ /icc$/)
+#
 # Platform fix-ups
 #
 if ($target =~ /\-icc$/)	# Intel C compiler
 	{
-	my($iccver)=`$cc -V 2>&1`;
+	my $iccver=0;
-	if ($iccver =~ /Version ([0-9]+)\./)	{ $iccver=$1; }
+	if (open(FD,"$cc -V 2>&1 |"))
-	else					{ $iccver=0;  }
+		{
 		while(<FD>) { $iccver=$1 if (/Version ([0-9]+)\./); }
 		close(FD);
 		}
 	if ($iccver>=8)
 		{
 		# Eliminate unnecessary dependency from libirc.a. This is
@@ -1198,6 +1242,28 @@ if ($target =~ /icc$/)
 		# apps/openssl can end up in endless loop upon startup...
 		$cflags.=" -Dmemcpy=__builtin_memcpy -Dmemset=__builtin_memset";
 		}
 	if ($iccver>=9)
 		{
 		$cflags.=" -i-static";
 		$cflags=~s/\-no_cpprt/-no-cpprt/;
 		}
 	if ($iccver>=10)
 		{
 		$cflags=~s/\-i\-static/-static-intel/;
 		}
 	}
 # Unlike other OSes (like Solaris, Linux, Tru64, IRIX) BSD run-time
 # linkers (tested OpenBSD, NetBSD and FreeBSD) "demand" RPATH set on
 # .so objects. Apparently application RPATH is not global and does
 # not apply to .so linked with other .so. Problem manifests itself
 # when libssl.so fails to load libcrypto.so. One can argue that we
 # should engrave this into Makefile.shared rules or into BSD-* config
 # lines above. Meanwhile let's try to be cautious and pass -rpath to
 # linker only when --prefix is not /usr.
 if ($target =~ /^BSD\-/)
 	{
 	$shared_ldflag.=" -Wl,-rpath,\$(LIBRPATH)" if ($prefix !~ m|^/usr[/]*$|);
 	}
 if ($sys_id ne "")
@@ -1223,24 +1289,10 @@ $bn_obj = $bn_asm unless $bn_obj ne "";
 $cflags.=" -DOPENSSL_BN_ASM_PART_WORDS" if ($bn_obj =~ /bn86/);
 $cflags.=" -DOPENSSL_IA32_SSE2" if (!$no_sse2 && $bn_obj =~ /bn86/);
-my $fips_des_obj;
+$cflags.=" -DOPENSSL_BN_ASM_MONT" if ($bn_obj =~ /\-mont|mo86\-/);
-my $fips_aes_obj;
+
 my $fips_sha1_obj;
 if ($fips)
 	{
 	if ($des_obj =~ /\-elf\.o$/)
 		{
 		$fips_des_obj='asm/fips-dx86-elf.o';
 		$openssl_other_defines.="#define OPENSSL_FIPS_DES_ASM\n";
 		$fips_aes_obj='asm/fips-ax86-elf.o';
 		$openssl_other_defines.="#define OPENSSL_FIPS_AES_ASM\n";
 		}
 	else	{
 		$fips_des_obj=$fips_des_enc;
 		$fips_aes_obj='fips_aes_core.o';
 		}
 	$fips_sha1_obj='asm/fips-sx86-elf.o' if ($sha1_obj =~ /\-elf\.o$/);
 	$des_obj=$sha1_obj=$aes_obj="";
 	$openssl_other_defines.="#define OPENSSL_FIPS\n";
 	}
@@ -1255,7 +1307,7 @@ if ($sha1_obj =~ /\.o$/)
 	$cflags.=" -DSHA1_ASM"   if ($sha1_obj =~ /sx86/ || $sha1_obj =~ /sha1/);
 	$cflags.=" -DSHA256_ASM" if ($sha1_obj =~ /sha256/);
 	$cflags.=" -DSHA512_ASM" if ($sha1_obj =~ /sha512/);
-	if ($sha1_obj =~ /x86/)
+	if ($sha1_obj =~ /sse2/)
 	    {	if ($no_sse2)
 		{   $sha1_obj =~ s/\S*sse2\S+//;        }
 		elsif ($cflags !~ /OPENSSL_IA32_SSE2/)
@@ -1346,16 +1398,24 @@ while (<IN>)
 	s/^PLATFORM=.*$/PLATFORM=$target/;
 	s/^OPTIONS=.*$/OPTIONS=$options/;
 	s/^CONFIGURE_ARGS=.*$/CONFIGURE_ARGS=$argvstring/;
 	if ($cross_compile_prefix)
 		{
 		s/^CC=.*$/CROSS_COMPILE= $cross_compile_prefix\nCC= \$\(CROSS_COMPILE\)$cc/;
 		s/^AR=\s*/AR= \$\(CROSS_COMPILE\)/;
 		s/^RANLIB=\s*/RANLIB= \$\(CROSS_COMPILE\)/;
 		}
 	else	{
 		s/^CC=.*$/CC= $cc/;
 		s/^RANLIB=.*/RANLIB= $ranlib/;
 		}
 	s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc";
 	s/^CFLAG=.*$/CFLAG= $cflags/;
 	s/^DEPFLAG=.*$/DEPFLAG= $depflags/;
 	s/^PEX_LIBS=.*$/PEX_LIBS= $prelflags/;
 	s/^EX_LIBS=.*$/EX_LIBS= $lflags/;
 	s/^EXE_EXT=.*$/EXE_EXT= $exe_ext/;
 	s/^CPUID_OBJ=.*$/CPUID_OBJ= $cpuid_obj/;
 	s/^BN_ASM=.*$/BN_ASM= $bn_obj/;
 	s/^FIPS_DES_ENC=.*$/FIPS_DES_ENC= $fips_des_obj/;
 	s/^FIPS_AES_ENC=.*$/FIPS_AES_ENC= $fips_aes_obj/;
 	s/^DES_ENC=.*$/DES_ENC= $des_obj/;
 	s/^AES_ASM_OBJ=.*$/AES_ASM_OBJ= $aes_obj/;
 	s/^BF_ENC=.*$/BF_ENC= $bf_obj/;
@@ -1364,10 +1424,8 @@ while (<IN>)
 	s/^RC5_ENC=.*$/RC5_ENC= $rc5_obj/;
 	s/^MD5_ASM_OBJ=.*$/MD5_ASM_OBJ= $md5_obj/;
 	s/^SHA1_ASM_OBJ=.*$/SHA1_ASM_OBJ= $sha1_obj/;
 	s/^FIPS_SHA1_ASM_OBJ=.*$/FIPS_SHA1_ASM_OBJ= $fips_sha1_obj/;
 	s/^RMD160_ASM_OBJ=.*$/RMD160_ASM_OBJ= $rmd160_obj/;
 	s/^PROCESSOR=.*/PROCESSOR= $processor/;
 	s/^RANLIB=.*/RANLIB= $ranlib/;
 	s/^ARFLAGS=.*/ARFLAGS= $arflags/;
 	s/^PERL=.*/PERL= $perl/;
 	s/^KRB5_INCLUDES=.*/KRB5_INCLUDES=$withargs{"krb5-include"}/;
@@ -1391,7 +1449,7 @@ while (<IN>)
 	s/^BASEADDR=.*/BASEADDR=$baseaddr/;
 	s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
 	s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/;
-	s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL) \$(SHARED_FIPS)/ if (!$no_shared);
+	s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_FIPS) \$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared);
 	if ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*$/)
 		{
 		my $sotmp = $1;
--- a/Makefile.org
+++ b/Makefile.org
@@ -87,8 +87,6 @@ PROCESSOR=
 # CPUID module collects small commonly used assembler snippets
 CPUID_OBJ= 
 BN_ASM= bn_asm.o
 FIPS_DES_ENC= des_enc.o fcrypt_b.o
 FIPS_AES_ENC= fips_aes_core.o
 DES_ENC= des_enc.o fcrypt_b.o
 AES_ASM_OBJ=aes_core.o aes_cbc.o
 BF_ENC= bf_enc.o
@@ -96,7 +94,6 @@ CAST_ENC= c_enc.o
 RC4_ENC= rc4_enc.o
 RC5_ENC= rc5_enc.o
 MD5_ASM_OBJ= 
 FIPS_SHA1_ASM_OBJ= 
 SHA1_ASM_OBJ= 
 RMD160_ASM_OBJ= 
@@ -134,7 +131,7 @@ FIPSCANLIB=
 BASEADDR=
-DIRS=   crypto fips-1.0 ssl engines apps test tools
+DIRS=   crypto fips ssl engines apps test tools
 SHLIBDIRS= crypto ssl fips
 # dirs in crypto to build
@@ -222,9 +219,6 @@ BUILDENV=	PLATFORM='${PLATFORM}' PROCESSOR='${PROCESSOR}' \
 		SHA1_ASM_OBJ='${SHA1_ASM_OBJ}'			\
 		MD5_ASM_OBJ='${MD5_ASM_OBJ}'			\
 		RMD160_ASM_OBJ='${RMD160_ASM_OBJ}'		\
 		FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}'	\
 		FIPS_DES_ENC='${FIPS_DES_ENC}'		 	\
 		FIPS_AES_ENC='${FIPS_AES_ENC}'		 	\
 		FIPSLIBDIR='${FIPSLIBDIR}' FIPSCANLIB='${FIPSCANLIB}' \
 		FIPSCANISTERINTERNAL='${FIPSCANISTERINTERNAL}'	\
 		FIPS_EX_OBJ='${FIPS_EX_OBJ}'	\
@@ -259,8 +253,7 @@ BUILD_ONE_CMD=\
 reflect:
 	@[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)
-FIPS_EX_OBJ= ../crypto/aes/aes_cbc.o \
+FIPS_EX_OBJ= ../crypto/aes/aes_cfb.o \
 	../crypto/aes/aes_cfb.o \
 	../crypto/aes/aes_ecb.o \
 	../crypto/aes/aes_ofb.o \
 	../crypto/bn/bn_add.o \
@@ -286,13 +279,12 @@ FIPS_EX_OBJ= ../crypto/aes/aes_cbc.o \
 	../crypto/des/cfb64ede.o \
 	../crypto/des/cfb64enc.o \
 	../crypto/des/cfb_enc.o \
 	../crypto/des/des_enc.o \
 	../crypto/des/ecb3_enc.o \
 	../crypto/des/ecb_enc.o \
 	../crypto/des/ofb64ede.o \
 	../crypto/des/ofb64enc.o \
 	../crypto/des/fcrypt_b.o \
 	../crypto/des/fcrypt.o \
 	../crypto/des/set_key.o \
 	../crypto/dsa/dsa_utl.o \
 	../crypto/dsa/dsa_sign.o \
 	../crypto/dsa/dsa_vrf.o \
@@ -319,23 +311,26 @@ FIPS_EX_OBJ= ../crypto/aes/aes_cbc.o \
 	../crypto/rsa/rsa_pss.o \
 	../crypto/rsa/rsa_ssl.o \
 	../crypto/rsa/rsa_x931.o \
 	../crypto/sha/sha1dgst.o \
 	../crypto/sha/sha256.o \
 	../crypto/sha/sha512.o \
 	../crypto/uid.o
 sub_all: build_all
 build_all: build_libs build_apps build_tests build_tools
-build_libs: build_crypto build_fips build_ssl build_engines
+build_libs: build_crypto build_fips build_ssl build_shared build_engines
 build_crypto:
 	if [ -n "$(FIPSCANLIB)" ]; then \
-		EXCL_OBJ='$(BN_ASM) $(CPUID_OBJ) $(FIPS_EX_OBJ)' ; export EXCL_OBJ ; \
+		EXCL_OBJ='$(AES_ASM_OBJ) $(BN_ASM) $(DES_ENC) $(CPUID_OBJ) $(SHA1_ASM_OBJ) $(FIPS_EX_OBJ)' ; export EXCL_OBJ ; \
 		ARX='$(PERL) $${TOP}/util/arx.pl $(AR)' ; \
 	else \
 		ARX='${AR}' ; \
 	fi ; export ARX ; \
 		dir=crypto; target=all; $(BUILD_ONE_CMD)
 build_fips:
-	@dir=fips-1.0; target=all; $(BUILD_ONE_CMD)
+	@dir=fips; target=all; [ -z "$(FIPSCANLIB)" ] || $(BUILD_ONE_CMD)
 build_ssl:
 	@dir=ssl; target=all; $(BUILD_ONE_CMD)
 build_engines:
@@ -351,42 +346,52 @@ all_testapps: build_libs build_testapps
 build_testapps:
 	@dir=crypto; target=testapps; $(BUILD_ONE_CMD)
 build_shared:	$(SHARED_LIBS)
 libcrypto$(SHLIB_EXT): libcrypto.a $(SHARED_FIPS)
 	@if [ "$(SHLIB_TARGET)" != "" ]; then \
 		if [ "$(FIPSCANLIB)" = "libfips" ]; then \
 			( dir=fips-1.0; target=all; $(BUILD_ONE_CMD) ) ; \
 			$(ARD) libcrypto.a fipscanister.o ; \
 			$(MAKE) SHLIBDIRS='crypto' SHLIBDEPS='-lfips' build-shared; \
-			$(AR) libcrypto.a fips-1.0/fipscanister.o ; \
+			$(AR) libcrypto.a fips/fipscanister.o ; \
 		else \
-			$(MAKE) SHLIBDIRS='crypto' build-shared; \
+			if [ "$(FIPSCANLIB)" = "libcrypto" ]; then \
 				FIPSLD_CC=$(CC); CC=fips/fipsld; \
 				export CC FIPSLD_CC; \
 			fi; \
 			$(MAKE) -e SHLIBDIRS='crypto' build-shared; \
 		fi \
 	else \
 		echo "There's no support for shared libraries on this platform" >&2; \
 		exit 1; \
 	fi
 libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
 	@if [ "$(SHLIB_TARGET)" != "" ]; then \
-		$(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
+		shlibdeps=-lcrypto; \
 		[ "$(FIPSCANLIB)" = "libfips" ] && shlibdeps="$$shlibdeps -lfips"; \
 		$(MAKE) SHLIBDIRS=ssl SHLIBDEPS="$$shlibdeps" build-shared; \
 	else \
 		echo "There's no support for shared libraries on this platform" >&2 ; \
 		exit 1; \
 	fi
-libfips$(SHLIB_EXT): libfips.a
+fips/fipscanister.o:	build_fips
 libfips$(SHLIB_EXT):		fips/fipscanister.o
 	@if [ "$(SHLIB_TARGET)" != "" ]; then \
-		if [ "$(FIPSCANLIB)" = "libfips" ]; then \
+		FIPSLD_CC=$(CC); CC=fips/fipsld; export CC FIPSLD_CC; \
-			FIPSLD_CC=$(CC); CC=fips-1.0/fipsld; FIPSLD_NPT="y"; \
+		$(MAKE) -f Makefile.shared -e $(BUILDENV) \
-			FIPSLD_LIBFIPS=y; \
+			CC=$${CC} LIBNAME=fips THIS=$@ \
-			export CC FIPSLD_CC FIPSLD_NPT FIPSLD_LIBFIPS; \
+			LIBEXTRAS=fips/fipscanister.o \
-		fi; \
+			LIBDEPS="$(EX_LIBS)" \
-		$(MAKE) -e SHLIBDIRS=fips build-shared; \
+			LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
 			link_o.$(SHLIB_TARGET) || { rm -f $@; exit 1; } \
 	else \
 		echo "There's no support for shared libraries on this platform" >&2; \
 		exit 1; \
 	fi
 libfips.a:
-	dir=fips-1.0; target=all; $(BUILD_ONE_CMD)
+	dir=fips; target=all; $(BUILD_ONE_CMD)
 clean-shared:
 	@set -e; for i in $(SHLIBDIRS); do \
@@ -507,12 +512,14 @@ dclean:
 	@set -e; target=dclean; $(RECURSIVE_BUILD_CMD)
 rehash: rehash.time
-rehash.time: certs
+rehash.time: certs apps
-	@(OPENSSL="`pwd`/util/opensslwrap.sh"; \
+	@if [ -z "$(CROSS_COMPILE)" ]; then \
 		(OPENSSL="`pwd`/util/opensslwrap.sh"; \
 		OPENSSL_DEBUG_MEMORY=on; \
 		export OPENSSL OPENSSL_DEBUG_MEMORY; \
-	  $(PERL) tools/c_rehash certs)
+		$(PERL) tools/c_rehash certs) && \
-	touch rehash.time
+		touch rehash.time; \
 	else :; fi
 test:   tests
@@ -601,7 +608,7 @@ dist:
 dist_pem_h:
 	(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
-install: all install_docs install_sw
+install: all install_sw
 install_sw:
 	@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
--- a/Makefile.shared
+++ b/Makefile.shared
@@ -101,15 +101,13 @@ LINK_SO=	\
    LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
    SHAREDCMD="$${SHAREDCMD:-$(CC)}"; \
    SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
    nm -Pg $$SHOBJECTS | grep ' [BDT] ' | cut -f1 -d' ' > lib$(LIBNAME).exp; \
    LIBPATH=`for x in $$LIBDEPS; do if echo $$x | grep '^ *-L' > /dev/null 2>&1; then echo $$x | sed -e 's/^ *-L//'; fi; done | uniq`; \
    LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
    LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
    $${SHAREDCMD} $${SHAREDFLAGS} \
 	-o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
 	$$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS \
-  ) && $(SYMLINK_SO); \
+  ) && $(SYMLINK_SO)
  ( $(SET_X); rm -f lib$(LIBNAME).exp )
 SYMLINK_SO=	\
 	if [ -n "$$INHIBIT_SYMLINKS" ]; then :; else \
@@ -202,8 +200,10 @@ link_app.bsd:
 # to use native NSModule(3) API and refers to dlfcn as termporary hack.
 link_o.darwin:
 	@ $(CALC_VERSIONS); \
-	SHLIB=lib$(LIBNAME); \
+	SHLIB=`expr "$$THIS" : '.*/\([^/\.]*\)\.'`; \
-	SHLIB_SUFFIX=.so; \
+	SHLIB=$${SHLIB:-lib$(LIBNAME)}; \
 	SHLIB_SUFFIX=`expr "$$THIS" : '.*\(\.[^\.]*\)$$'`; \
 	SHLIB_SUFFIX=$${SHLIB_SUFFIX:-.so}; \
 	ALLSYMSFLAGS='-all_load'; \
 	NOALLSYMSFLAGS=''; \
 	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS)"; \
@@ -284,7 +284,7 @@ link_o.alpha-osf1:
 		SHLIB_SOVER=; \
 		ALLSYMSFLAGS='-all'; \
 		NOALLSYMSFLAGS='-none'; \
-		SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared"; \
+		SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-B,symbolic"; \
 		if [ -n "$$SHLIB_HIST" ]; then \
 			SHAREDFLAGS="$$SHAREDFLAGS -set_version $$SHLIB_HIST"; \
 		fi; \
@@ -305,7 +305,7 @@ link_a.alpha-osf1:
 		SHLIB_SOVER=; \
 		ALLSYMSFLAGS='-all'; \
 		NOALLSYMSFLAGS='-none'; \
-		SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared"; \
+		SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-B,symbolic"; \
 		if [ -n "$$SHLIB_HIST" ]; then \
 			SHAREDFLAGS="$$SHAREDFLAGS -set_version $$SHLIB_HIST"; \
 		fi; \
@@ -428,7 +428,7 @@ link_o.irix:
 		($(CC) -v 2>&1 | grep gcc) > /dev/null && MINUSWL="-Wl,"; \
 		ALLSYMSFLAGS="$${MINUSWL}-all"; \
 		NOALLSYMSFLAGS="$${MINUSWL}-none"; \
-		SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
+		SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX,-B,symbolic"; \
 	fi; \
 	$(LINK_SO_O)
 link_a.irix:
@@ -442,7 +442,7 @@ link_a.irix:
 		($(CC) -v 2>&1 | grep gcc) > /dev/null && MINUSWL="-Wl,"; \
 		ALLSYMSFLAGS="$${MINUSWL}-all"; \
 		NOALLSYMSFLAGS="$${MINUSWL}-none"; \
-		SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
+		SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX,-B,symbolic"; \
 	fi; \
 	$(LINK_SO_A)
 link_app.irix:
@@ -466,7 +466,7 @@ link_o.hpux:
 	ALLSYMSFLAGS='-Wl,-Fl'; \
 	NOALLSYMSFLAGS=''; \
 	expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \
-	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
+	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX,+cdp,../:,+cdp,./:"; \
 	fi; \
 	rm -f $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX || :; \
 	$(LINK_SO_O) && chmod a=rx $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX
@@ -479,7 +479,7 @@ link_a.hpux:
 	ALLSYMSFLAGS='-Wl,-Fl'; \
 	NOALLSYMSFLAGS=''; \
 	expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \
-	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
+	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX,+cdp,../:,+cdp,./:"; \
 	fi; \
 	rm -f $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX || :; \
 	$(LINK_SO_A) && chmod a=rx $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX
--- a/273
+++ b/273
@@ -117,14 +117,14 @@ $sys_id       =
 $lflags       = 
 $bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK
 $cpuid_obj    = 
-$bn_obj       = bn-ia64.o
+$bn_obj       = 
 $des_obj      = 
-$aes_obj      = aes_core.o aes_cbc.o aes-ia64.o
+$aes_obj      = 
 $bf_obj       = 
 $md5_obj      = 
-$sha1_obj     = sha1-ia64.o sha256-ia64.o sha512-ia64.o
+$sha1_obj     = 
 $cast_obj     = 
-$rc4_obj      = rc4-ia64.o
+$rc4_obj      = 
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = dlfcn
@@ -145,10 +145,10 @@ $lflags       =
 $bn_ops       = SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR
 $cpuid_obj    = 
 $bn_obj       = 
-$des_obj      = des_enc-sparc.o fcrypt_b.o
+$des_obj      = 
 $aes_obj      = 
 $bf_obj       = 
-$md5_obj      = md5-sparcv9.o
+$md5_obj      = 
 $sha1_obj     = 
 $cast_obj     = 
 $rc4_obj      = 
@@ -171,8 +171,8 @@ $sys_id       =
 $lflags       = 
 $bn_ops       = BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL
 $cpuid_obj    = 
-$bn_obj       = sparcv8.o
+$bn_obj       = 
-$des_obj      = des_enc-sparc.o fcrypt_b.o
+$des_obj      = 
 $aes_obj      = 
 $bf_obj       = 
 $md5_obj      = 
@@ -198,7 +198,7 @@ $sys_id       =
 $lflags       = 
 $bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
 $cpuid_obj    = x86cpuid-out.o
-$bn_obj       = bn86-out.o co86-out.o
+$bn_obj       = bn86-out.o co86-out.o mo86-out.o
 $des_obj      = dx86-out.o yx86-out.o
 $aes_obj      = ax86-out.o
 $bf_obj       = bx86-out.o
@@ -225,7 +225,7 @@ $sys_id       =
 $lflags       = 
 $bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
 $cpuid_obj    = x86cpuid-elf.o
-$bn_obj       = bn86-elf.o co86-elf.o
+$bn_obj       = bn86-elf.o co86-elf.o mo86-elf.o
 $des_obj      = dx86-elf.o yx86-elf.o
 $aes_obj      = ax86-elf.o
 $bf_obj       = bx86-elf.o
@@ -252,12 +252,12 @@ $sys_id       =
 $lflags       = 
 $bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL
 $cpuid_obj    = x86_64cpuid.o
-$bn_obj       = x86_64-gcc.o
+$bn_obj       = x86_64-gcc.o x86_64-mont.o
 $des_obj      = 
-$aes_obj      = 
+$aes_obj      = aes-x86_64.o
 $bf_obj       = 
 $md5_obj      = md5-x86_64.o
-$sha1_obj     = 
+$sha1_obj     = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o
 $cast_obj     = 
 $rc4_obj      = rc4-x86_64.o
 $rmd160_obj   = 
@@ -279,7 +279,7 @@ $sys_id       = CYGWIN32
 $lflags       = 
 $bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
 $cpuid_obj    = x86cpuid-cof.o
-$bn_obj       = bn86-cof.o co86-cof.o
+$bn_obj       = bn86-cof.o co86-cof.o mo86-cof.o
 $des_obj      = dx86-cof.o yx86-cof.o
 $aes_obj      = ax86-cof.o
 $bf_obj       = bx86-cof.o
@@ -333,7 +333,7 @@ $sys_id       = MSDOS
 $lflags       = -L/dev/env/WATT_ROOT/lib -lwatt
 $bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
 $cpuid_obj    = x86cpuid-out.o
-$bn_obj       = bn86-out.o co86-out.o
+$bn_obj       = bn86-out.o co86-out.o mo86-out.o
 $des_obj      = dx86-out.o yx86-out.o
 $aes_obj      = ax86-out.o
 $bf_obj       = bx86-out.o
@@ -684,7 +684,7 @@ $sys_id       = AIX
 $lflags       = 
 $bn_ops       = BN_LLONG RC4_CHAR
 $cpuid_obj    = 
-$bn_obj       = aix_ppc32.o
+$bn_obj       = 
 $des_obj      = 
 $aes_obj      = 
 $bf_obj       = 
@@ -711,7 +711,7 @@ $sys_id       = AIX
 $lflags       = 
 $bn_ops       = BN_LLONG RC4_CHAR
 $cpuid_obj    = 
-$bn_obj       = aix_ppc32.o
+$bn_obj       = 
 $des_obj      = 
 $aes_obj      = 
 $bf_obj       = 
@@ -765,7 +765,7 @@ $sys_id       = AIX
 $lflags       = 
 $bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHAR
 $cpuid_obj    = 
-$bn_obj       = aix_ppc64.o
+$bn_obj       = 
 $des_obj      = 
 $aes_obj      = 
 $bf_obj       = 
@@ -792,7 +792,7 @@ $sys_id       = AIX
 $lflags       = 
 $bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHAR
 $cpuid_obj    = 
-$bn_obj       = aix_ppc64.o
+$bn_obj       = 
 $des_obj      = 
 $aes_obj      = 
 $bf_obj       = 
@@ -846,7 +846,7 @@ $sys_id       =
 $lflags       = -ldl
 $bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
 $cpuid_obj    = x86cpuid-elf.o
-$bn_obj       = bn86-elf.o co86-elf.o
+$bn_obj       = bn86-elf.o co86-elf.o mo86-elf.o
 $des_obj      = dx86-elf.o yx86-elf.o
 $aes_obj      = ax86-elf.o
 $bf_obj       = bx86-elf.o
@@ -951,7 +951,7 @@ $cflags       = -O3 -fomit-frame-pointer -fno-common
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = MACOSX
-$lflags       = 
+$lflags       = -Wl,-search_paths_first%
 $bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
 $cpuid_obj    = 
 $bn_obj       = 
@@ -978,10 +978,10 @@ $cflags       = -O3 -DB_ENDIAN
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = MACOSX
-$lflags       = -Wl,-search_paths_first
+$lflags       = -Wl,-search_paths_first%
 $bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
 $cpuid_obj    = 
-$bn_obj       = osx_ppc32.o
+$bn_obj       = 
 $des_obj      = 
 $aes_obj      = 
 $bf_obj       = 
@@ -1035,7 +1035,7 @@ $sys_id       =
 $lflags       = 
 $bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
 $cpuid_obj    = x86cpuid-elf.o
-$bn_obj       = bn86-elf.o co86-elf.o
+$bn_obj       = bn86-elf.o co86-elf.o mo86-elf.o
 $des_obj      = dx86-elf.o yx86-elf.o
 $aes_obj      = ax86-elf.o
 $bf_obj       = bx86-elf.o
@@ -1224,7 +1224,7 @@ $sys_id       =
 $lflags       = 
 $bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
 $cpuid_obj    = x86cpuid-elf.o
-$bn_obj       = bn86-elf.o co86-elf.o
+$bn_obj       = bn86-elf.o co86-elf.o mo86-elf.o
 $des_obj      = dx86-elf.o yx86-elf.o
 $aes_obj      = ax86-elf.o
 $bf_obj       = bx86-elf.o
@@ -1251,7 +1251,7 @@ $sys_id       = MACOSX
 $lflags       = 
 $bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
 $cpuid_obj    = 
-$bn_obj       = osx_ppc32.o
+$bn_obj       = 
 $des_obj      = 
 $aes_obj      = 
 $bf_obj       = 
@@ -1305,7 +1305,7 @@ $sys_id       =
 $lflags       = -ldl
 $bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
 $cpuid_obj    = x86cpuid-elf.o
-$bn_obj       = bn86-elf.o co86-elf.o
+$bn_obj       = bn86-elf.o co86-elf.o mo86-elf.o
 $des_obj      = dx86-elf.o yx86-elf.o
 $aes_obj      = ax86-elf.o
 $bf_obj       = bx86-elf.o
@@ -1332,7 +1332,7 @@ $sys_id       =
 $lflags       = -ldl
 $bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
 $cpuid_obj    = x86cpuid-elf.o
-$bn_obj       = bn86-elf.o co86-elf.o
+$bn_obj       = bn86-elf.o co86-elf.o mo86-elf.o
 $des_obj      = dx86-elf.o yx86-elf.o
 $aes_obj      = ax86-elf.o
 $bf_obj       = bx86-elf.o
@@ -1413,7 +1413,7 @@ $sys_id       =
 $lflags       = -lefence -ldl
 $bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
 $cpuid_obj    = x86cpuid-elf.o
-$bn_obj       = bn86-elf.o co86-elf.o
+$bn_obj       = bn86-elf.o co86-elf.o mo86-elf.o
 $des_obj      = dx86-elf.o yx86-elf.o
 $aes_obj      = ax86-elf.o
 $bf_obj       = bx86-elf.o
@@ -1440,7 +1440,7 @@ $sys_id       =
 $lflags       = -ldl
 $bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
 $cpuid_obj    = x86cpuid-elf.o
-$bn_obj       = bn86-elf.o co86-elf.o
+$bn_obj       = bn86-elf.o co86-elf.o mo86-elf.o
 $des_obj      = dx86-elf.o yx86-elf.o
 $aes_obj      = ax86-elf.o
 $bf_obj       = bx86-elf.o
@@ -1467,7 +1467,7 @@ $sys_id       =
 $lflags       = -ldl
 $bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
 $cpuid_obj    = x86cpuid-elf.o
-$bn_obj       = bn86-elf.o co86-elf.o
+$bn_obj       = bn86-elf.o co86-elf.o mo86-elf.o
 $des_obj      = dx86-elf.o yx86-elf.o
 $aes_obj      = ax86-elf.o
 $bf_obj       = bx86-elf.o
@@ -1494,7 +1494,7 @@ $sys_id       =
 $lflags       = -ldl
 $bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
 $cpuid_obj    = x86cpuid-elf.o
-$bn_obj       = bn86-elf.o co86-elf.o
+$bn_obj       = bn86-elf.o co86-elf.o mo86-elf.o
 $des_obj      = dx86-elf.o yx86-elf.o
 $aes_obj      = ax86-elf.o
 $bf_obj       = bx86-elf.o
@@ -1521,7 +1521,7 @@ $sys_id       =
 $lflags       = 
 $bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
 $cpuid_obj    = x86cpuid-elf.o
-$bn_obj       = bn86-elf.o co86-elf.o
+$bn_obj       = bn86-elf.o co86-elf.o mo86-elf.o
 $des_obj      = dx86-elf.o yx86-elf.o
 $aes_obj      = ax86-elf.o
 $bf_obj       = bx86-elf.o
@@ -1548,7 +1548,7 @@ $sys_id       =
 $lflags       = -lsocket -lnsl -ldl
 $bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR
 $cpuid_obj    = 
-$bn_obj       = sparcv8.o
+$bn_obj       = 
 $des_obj      = 
 $aes_obj      = 
 $bf_obj       = 
@@ -1575,7 +1575,7 @@ $sys_id       =
 $lflags       = -lsocket -lnsl -ldl
 $bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
 $cpuid_obj    = 
-$bn_obj       = sparcv8.o
+$bn_obj       = 
 $des_obj      = 
 $aes_obj      = 
 $bf_obj       = 
@@ -1602,11 +1602,11 @@ $sys_id       = ULTRASPARC
 $lflags       = -lsocket -lnsl -ldl
 $bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR
 $cpuid_obj    = 
-$bn_obj       = sparcv8plus.o
+$bn_obj       = 
 $des_obj      = 
 $aes_obj      = 
 $bf_obj       = 
-$md5_obj      = md5-sparcv8plus.o
+$md5_obj      = 
 $sha1_obj     = 
 $cast_obj     = 
 $rc4_obj      = 
@@ -1629,11 +1629,11 @@ $sys_id       = ULTRASPARC
 $lflags       = -lsocket -lnsl -ldl
 $bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
 $cpuid_obj    = 
-$bn_obj       = sparcv8plus.o
+$bn_obj       = 
-$des_obj      = des_enc-sparc.o fcrypt_b.o
+$des_obj      = 
 $aes_obj      = 
 $bf_obj       = 
-$md5_obj      = md5-sparcv8plus.o
+$md5_obj      = 
 $sha1_obj     = 
 $cast_obj     = 
 $rc4_obj      = 
@@ -1649,14 +1649,14 @@ $arflags      =
 *** debug-steve
 $cc           = gcc
-$cflags       = -DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -march=i486 -pedantic -Wno-long-long -Wall -Werror -Wshadow -pipe
+$cflags       = -DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -m32 -pedantic -Wno-long-long -Wall -Werror -Wshadow -pipe
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
 $lflags       = -rdynamic -ldl
 $bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
 $cpuid_obj    = x86cpuid-elf.o
-$bn_obj       = bn86-elf.o co86-elf.o
+$bn_obj       = bn86-elf.o co86-elf.o mo86-elf.o
 $des_obj      = dx86-elf.o yx86-elf.o
 $aes_obj      = ax86-elf.o
 $bf_obj       = bx86-elf.o
@@ -1818,7 +1818,7 @@ $sys_id       =
 $lflags       = -lnsl -lsocket
 $bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
 $cpuid_obj    = x86cpuid-elf.o
-$bn_obj       = bn86-elf.o co86-elf.o
+$bn_obj       = bn86-elf.o co86-elf.o mo86-elf.o
 $des_obj      = dx86-elf.o yx86-elf.o
 $aes_obj      = ax86-elf.o
 $bf_obj       = bx86-elf.o
@@ -1953,14 +1953,14 @@ $sys_id       =
 $lflags       = -ldl
 $bn_ops       = SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT
 $cpuid_obj    = 
-$bn_obj       = bn-ia64.o
+$bn_obj       = 
 $des_obj      = 
-$aes_obj      = aes_core.o aes_cbc.o aes-ia64.o
+$aes_obj      = 
 $bf_obj       = 
 $md5_obj      = 
-$sha1_obj     = sha1-ia64.o sha256-ia64.o sha512-ia64.o
+$sha1_obj     = 
 $cast_obj     = 
-$rc4_obj      = rc4-ia64.o
+$rc4_obj      = 
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = dlfcn
@@ -1980,14 +1980,14 @@ $sys_id       =
 $lflags       = -ldl
 $bn_ops       = SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT
 $cpuid_obj    = 
-$bn_obj       = bn-ia64.o
+$bn_obj       = 
 $des_obj      = 
-$aes_obj      = aes_core.o aes_cbc.o aes-ia64.o
+$aes_obj      = 
 $bf_obj       = 
 $md5_obj      = 
-$sha1_obj     = sha1-ia64.o sha256-ia64.o sha512-ia64.o
+$sha1_obj     = 
 $cast_obj     = 
-$rc4_obj      = rc4-ia64.o
+$rc4_obj      = 
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = dlfcn
@@ -2115,7 +2115,7 @@ $sys_id       =
 $lflags       = -Wl,+s -ldld
 $bn_ops       = SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT
 $cpuid_obj    = 
-$bn_obj       = pa-risc2.o
+$bn_obj       = 
 $des_obj      = 
 $aes_obj      = 
 $bf_obj       = 
@@ -2142,7 +2142,7 @@ $sys_id       =
 $lflags       = -Wl,+s -ldld
 $bn_ops       = SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL DES_RISC1
 $cpuid_obj    = 
-$bn_obj       = pa-risc2.o
+$bn_obj       = 
 $des_obj      = 
 $aes_obj      = 
 $bf_obj       = 
@@ -2169,14 +2169,14 @@ $sys_id       =
 $lflags       = -ldl
 $bn_ops       = SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT
 $cpuid_obj    = 
-$bn_obj       = bn-ia64.o
+$bn_obj       = 
 $des_obj      = 
-$aes_obj      = aes_core.o aes_cbc.o aes-ia64.o
+$aes_obj      = 
 $bf_obj       = 
 $md5_obj      = 
-$sha1_obj     = sha1-ia64.o sha256-ia64.o sha512-ia64.o
+$sha1_obj     = 
 $cast_obj     = 
-$rc4_obj      = rc4-ia64.o
+$rc4_obj      = 
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = dlfcn
@@ -2196,14 +2196,14 @@ $sys_id       =
 $lflags       = -ldl
 $bn_ops       = SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT
 $cpuid_obj    = 
-$bn_obj       = bn-ia64.o
+$bn_obj       = 
 $des_obj      = 
-$aes_obj      = aes_core.o aes_cbc.o aes-ia64.o
+$aes_obj      = 
 $bf_obj       = 
 $md5_obj      = 
-$sha1_obj     = sha1-ia64.o sha256-ia64.o sha512-ia64.o
+$sha1_obj     = 
 $cast_obj     = 
-$rc4_obj      = rc4-ia64.o
+$rc4_obj      = 
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = dlfcn
@@ -2223,7 +2223,7 @@ $sys_id       =
 $lflags       = -ldl
 $bn_ops       = SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT
 $cpuid_obj    = 
-$bn_obj       = pa-risc2W.o
+$bn_obj       = 
 $des_obj      = 
 $aes_obj      = 
 $bf_obj       = 
@@ -2250,7 +2250,7 @@ $sys_id       =
 $lflags       = -ldl
 $bn_ops       = SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT
 $cpuid_obj    = 
-$bn_obj       = pa-risc2W.o
+$bn_obj       = 
 $des_obj      = 
 $aes_obj      = 
 $bf_obj       = 
@@ -2277,7 +2277,7 @@ $sys_id       =
 $lflags       = -ldl
 $bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
 $cpuid_obj    = x86cpuid-elf.o
-$bn_obj       = bn86-elf.o co86-elf.o
+$bn_obj       = bn86-elf.o co86-elf.o mo86-elf.o
 $des_obj      = dx86-elf.o yx86-elf.o
 $aes_obj      = ax86-elf.o
 $bf_obj       = bx86-elf.o
@@ -2351,14 +2351,14 @@ $arflags      =
 *** irix-mips3-cc
 $cc           = cc
-$cflags       = -n32 -mips3 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W
+$cflags       = -n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DTERMIOS -DB_ENDIAN -DBN_DIV3W
 $unistd       = 
 $thread_cflag = -D_SGI_MP_SOURCE
 $sys_id       = 
 $lflags       = 
 $bn_ops       = DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT
 $cpuid_obj    = 
-$bn_obj       = bn-mips3.o
+$bn_obj       = 
 $des_obj      = 
 $aes_obj      = 
 $bf_obj       = 
@@ -2385,7 +2385,7 @@ $sys_id       =
 $lflags       = 
 $bn_ops       = MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT
 $cpuid_obj    = 
-$bn_obj       = bn-mips3.o
+$bn_obj       = 
 $des_obj      = 
 $aes_obj      = 
 $bf_obj       = 
@@ -2405,14 +2405,14 @@ $arflags      =
 *** irix64-mips4-cc
 $cc           = cc
-$cflags       = -64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W
+$cflags       = -64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DTERMIOS -DB_ENDIAN -DBN_DIV3W
 $unistd       = 
 $thread_cflag = -D_SGI_MP_SOURCE
 $sys_id       = 
 $lflags       = 
 $bn_ops       = RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG
 $cpuid_obj    = 
-$bn_obj       = bn-mips3.o
+$bn_obj       = 
 $des_obj      = 
 $aes_obj      = 
 $bf_obj       = 
@@ -2439,7 +2439,7 @@ $sys_id       =
 $lflags       = 
 $bn_ops       = RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG
 $cpuid_obj    = 
-$bn_obj       = bn-mips3.o
+$bn_obj       = 
 $des_obj      = 
 $aes_obj      = 
 $bf_obj       = 
@@ -2574,7 +2574,7 @@ $sys_id       =
 $lflags       = 
 $bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
 $cpuid_obj    = x86cpuid-out.o
-$bn_obj       = bn86-out.o co86-out.o
+$bn_obj       = bn86-out.o co86-out.o mo86-out.o
 $des_obj      = dx86-out.o yx86-out.o
 $aes_obj      = ax86-out.o
 $bf_obj       = bx86-out.o
@@ -2601,7 +2601,7 @@ $sys_id       =
 $lflags       = -ldl
 $bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
 $cpuid_obj    = x86cpuid-elf.o
-$bn_obj       = bn86-elf.o co86-elf.o
+$bn_obj       = bn86-elf.o co86-elf.o mo86-elf.o
 $des_obj      = dx86-elf.o yx86-elf.o
 $aes_obj      = ax86-elf.o
 $bf_obj       = bx86-elf.o
@@ -2682,7 +2682,7 @@ $sys_id       =
 $lflags       = -ldl
 $bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
 $cpuid_obj    = x86cpuid-elf.o
-$bn_obj       = bn86-elf.o co86-elf.o
+$bn_obj       = bn86-elf.o co86-elf.o mo86-elf.o
 $des_obj      = dx86-elf.o yx86-elf.o
 $aes_obj      = ax86-elf.o
 $bf_obj       = bx86-elf.o
@@ -2709,14 +2709,14 @@ $sys_id       =
 $lflags       = -ldl
 $bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK
 $cpuid_obj    = 
-$bn_obj       = bn-ia64.o
+$bn_obj       = 
 $des_obj      = 
-$aes_obj      = aes_core.o aes_cbc.o aes-ia64.o
+$aes_obj      = 
 $bf_obj       = 
 $md5_obj      = 
-$sha1_obj     = sha1-ia64.o sha256-ia64.o sha512-ia64.o
+$sha1_obj     = 
 $cast_obj     = 
-$rc4_obj      = rc4-ia64.o
+$rc4_obj      = 
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = dlfcn
@@ -2736,14 +2736,14 @@ $sys_id       =
 $lflags       = -ldl
 $bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK
 $cpuid_obj    = 
-$bn_obj       = bn-ia64.o
+$bn_obj       = 
 $des_obj      = 
-$aes_obj      = aes_core.o aes_cbc.o aes-ia64.o
+$aes_obj      = 
 $bf_obj       = 
 $md5_obj      = 
-$sha1_obj     = sha1-ia64.o sha256-ia64.o sha512-ia64.o
+$sha1_obj     = 
 $cast_obj     = 
-$rc4_obj      = rc4-ia64.o
+$rc4_obj      = 
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = dlfcn
@@ -2763,14 +2763,14 @@ $sys_id       =
 $lflags       = -ldl
 $bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK
 $cpuid_obj    = 
-$bn_obj       = bn-ia64.o
+$bn_obj       = 
 $des_obj      = 
-$aes_obj      = aes_core.o aes_cbc.o aes-ia64.o
+$aes_obj      = 
 $bf_obj       = 
 $md5_obj      = 
-$sha1_obj     = sha1-ia64.o sha256-ia64.o sha512-ia64.o
+$sha1_obj     = 
 $cast_obj     = 
-$rc4_obj      = rc4-ia64.o
+$rc4_obj      = 
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = dlfcn
@@ -2790,7 +2790,7 @@ $sys_id       =
 $lflags       = -ldl
 $bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL
 $cpuid_obj    = 
-$bn_obj       = linux_ppc32.o
+$bn_obj       = 
 $des_obj      = 
 $aes_obj      = 
 $bf_obj       = 
@@ -2817,7 +2817,34 @@ $sys_id       =
 $lflags       = -ldl
 $bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL
 $cpuid_obj    = 
-$bn_obj       = linux_ppc64.o
+$bn_obj       = 
 $des_obj      = 
 $aes_obj      = 
 $bf_obj       = 
 $md5_obj      = 
 $sha1_obj     = 
 $cast_obj     = 
 $rc4_obj      = 
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = dlfcn
 $shared_target= linux-shared
 $shared_cflag = -fPIC
 $shared_ldflag = -m64
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 $arflags      = 
 *** linux-s390x
 $cc           = gcc
 $cflags       = -m64 -DB_ENDIAN -DTERMIO -O3 -Wall
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
 $lflags       = -ldl
 $bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL
 $cpuid_obj    = 
 $bn_obj       = 
 $des_obj      = 
 $aes_obj      = 
 $bf_obj       = 
@@ -2844,8 +2871,8 @@ $sys_id       =
 $lflags       = -ldl
 $bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
 $cpuid_obj    = 
-$bn_obj       = sparcv8.o
+$bn_obj       = 
-$des_obj      = des_enc-sparc.o fcrypt_b.o
+$des_obj      = 
 $aes_obj      = 
 $bf_obj       = 
 $md5_obj      = 
@@ -2871,11 +2898,11 @@ $sys_id       = ULTRASPARC
 $lflags       = -ldl
 $bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
 $cpuid_obj    = 
-$bn_obj       = sparcv8plus.o
+$bn_obj       = 
-$des_obj      = des_enc-sparc.o fcrypt_b.o
+$des_obj      = 
 $aes_obj      = 
 $bf_obj       = 
-$md5_obj      = md5-sparcv8plus.o
+$md5_obj      = 
 $sha1_obj     = 
 $cast_obj     = 
 $rc4_obj      = 
@@ -2898,12 +2925,12 @@ $sys_id       =
 $lflags       = -ldl
 $bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL
 $cpuid_obj    = x86_64cpuid.o
-$bn_obj       = x86_64-gcc.o
+$bn_obj       = x86_64-gcc.o x86_64-mont.o
 $des_obj      = 
-$aes_obj      = 
+$aes_obj      = aes-x86_64.o
 $bf_obj       = 
 $md5_obj      = md5-x86_64.o
-$sha1_obj     = 
+$sha1_obj     = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o
 $cast_obj     = 
 $rc4_obj      = rc4-x86_64.o
 $rmd160_obj   = 
@@ -2926,10 +2953,10 @@ $lflags       = -ldl
 $bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
 $cpuid_obj    = 
 $bn_obj       = 
-$des_obj      = des_enc-sparc.o fcrypt_b.o
+$des_obj      = 
 $aes_obj      = 
 $bf_obj       = 
-$md5_obj      = md5-sparcv9.o
+$md5_obj      = 
 $sha1_obj     = 
 $cast_obj     = 
 $rc4_obj      = 
@@ -2952,7 +2979,7 @@ $sys_id       = MINGW32
 $lflags       = -lwsock32 -lgdi32
 $bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT EXPORT_VAR_AS_FN
 $cpuid_obj    = x86cpuid-cof.o
-$bn_obj       = bn86-cof.o co86-cof.o
+$bn_obj       = bn86-cof.o co86-cof.o mo86-cof.o
 $des_obj      = dx86-cof.o yx86-cof.o
 $aes_obj      = ax86-cof.o
 $bf_obj       = bx86-cof.o
@@ -3357,7 +3384,7 @@ $sys_id       =
 $lflags       = -lsocket -lnsl
 $bn_ops       = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
 $cpuid_obj    = x86cpuid-elf.o
-$bn_obj       = bn86-elf.o co86-elf.o
+$bn_obj       = bn86-elf.o co86-elf.o mo86-elf.o
 $des_obj      = dx86-elf.o yx86-elf.o
 $aes_obj      = ax86-elf.o
 $bf_obj       = bx86-elf.o
@@ -3384,7 +3411,7 @@ $sys_id       =
 $lflags       = -lsocket -lnsl
 $bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
 $cpuid_obj    = x86cpuid-elf.o
-$bn_obj       = bn86-elf.o co86-elf.o
+$bn_obj       = bn86-elf.o co86-elf.o mo86-elf.o
 $des_obj      = dx86-elf.o yx86-elf.o
 $aes_obj      = ax86-elf.o
 $bf_obj       = bx86-elf.o
@@ -3465,8 +3492,8 @@ $sys_id       =
 $lflags       = -lsocket -lnsl -ldl
 $bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR
 $cpuid_obj    = 
-$bn_obj       = sparcv8.o
+$bn_obj       = 
-$des_obj      = des_enc-sparc.o fcrypt_b.o
+$des_obj      = 
 $aes_obj      = 
 $bf_obj       = 
 $md5_obj      = 
@@ -3492,8 +3519,8 @@ $sys_id       =
 $lflags       = -lsocket -lnsl -ldl
 $bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
 $cpuid_obj    = 
-$bn_obj       = sparcv8.o
+$bn_obj       = 
-$des_obj      = des_enc-sparc.o fcrypt_b.o
+$des_obj      = 
 $aes_obj      = 
 $bf_obj       = 
 $md5_obj      = 
@@ -3519,11 +3546,11 @@ $sys_id       = ULTRASPARC
 $lflags       = -lsocket -lnsl -ldl
 $bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR
 $cpuid_obj    = 
-$bn_obj       = sparcv8plus.o
+$bn_obj       = 
-$des_obj      = des_enc-sparc.o fcrypt_b.o
+$des_obj      = 
 $aes_obj      = 
 $bf_obj       = 
-$md5_obj      = md5-sparcv8plus.o
+$md5_obj      = 
 $sha1_obj     = 
 $cast_obj     = 
 $rc4_obj      = 
@@ -3546,11 +3573,11 @@ $sys_id       = ULTRASPARC
 $lflags       = -lsocket -lnsl -ldl
 $bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
 $cpuid_obj    = 
-$bn_obj       = sparcv8plus.o
+$bn_obj       = 
-$des_obj      = des_enc-sparc.o fcrypt_b.o
+$des_obj      = 
 $aes_obj      = 
 $bf_obj       = 
-$md5_obj      = md5-sparcv8plus.o
+$md5_obj      = 
 $sha1_obj     = 
 $cast_obj     = 
 $rc4_obj      = 
@@ -3600,7 +3627,7 @@ $sys_id       =
 $lflags       = -lsocket -lnsl -ldl
 $bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
 $cpuid_obj    = x86cpuid-elf.o
-$bn_obj       = bn86-elf.o co86-elf.o
+$bn_obj       = bn86-elf.o co86-elf.o mo86-elf.o
 $des_obj      = dx86-elf.o yx86-elf.o
 $aes_obj      = ax86-elf.o
 $bf_obj       = bx86-elf.o
@@ -3628,10 +3655,10 @@ $lflags       = -lsocket -lnsl -ldl
 $bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR
 $cpuid_obj    = 
 $bn_obj       = 
-$des_obj      = des_enc-sparc.o fcrypt_b.o
+$des_obj      = 
 $aes_obj      = 
 $bf_obj       = 
-$md5_obj      = md5-sparcv9.o
+$md5_obj      = 
 $sha1_obj     = 
 $cast_obj     = 
 $rc4_obj      = 
@@ -3655,10 +3682,10 @@ $lflags       = -lsocket -lnsl -ldl
 $bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR
 $cpuid_obj    = 
 $bn_obj       = 
-$des_obj      = des_enc-sparc.o fcrypt_b.o
+$des_obj      = 
 $aes_obj      = 
 $bf_obj       = 
-$md5_obj      = md5-sparcv9.o
+$md5_obj      = 
 $sha1_obj     = 
 $cast_obj     = 
 $rc4_obj      = 
@@ -3681,12 +3708,12 @@ $sys_id       =
 $lflags       = -lsocket -lnsl -ldl
 $bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL
 $cpuid_obj    = x86_64cpuid.o
-$bn_obj       = x86_64-gcc.o
+$bn_obj       = x86_64-gcc.o x86_64-mont.o
 $des_obj      = 
-$aes_obj      = 
+$aes_obj      = aes-x86_64.o
 $bf_obj       = 
 $md5_obj      = md5-x86_64.o
-$sha1_obj     = 
+$sha1_obj     = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o
 $cast_obj     = 
 $rc4_obj      = rc4-x86_64.o
 $rmd160_obj   = 
@@ -3708,12 +3735,12 @@ $sys_id       =
 $lflags       = -lsocket -lnsl -ldl
 $bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL
 $cpuid_obj    = x86_64cpuid.o
-$bn_obj       = x86_64-gcc.o
+$bn_obj       = x86_64-gcc.o x86_64-mont.o
 $des_obj      = 
-$aes_obj      = 
+$aes_obj      = aes-x86_64.o
 $bf_obj       = 
 $md5_obj      = md5-x86_64.o
-$sha1_obj     = 
+$sha1_obj     = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o
 $cast_obj     = 
 $rc4_obj      = rc4-x86_64.o
 $rmd160_obj   = 
@@ -3924,7 +3951,7 @@ $sys_id       =
 $lflags       = -lsocket -lnsl
 $bn_ops       = BN_LLONG MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
 $cpuid_obj    = x86cpuid-elf.o
-$bn_obj       = bn86-elf.o co86-elf.o
+$bn_obj       = bn86-elf.o co86-elf.o mo86-elf.o
 $des_obj      = dx86-elf.o yx86-elf.o
 $aes_obj      = ax86-elf.o
 $bf_obj       = bx86-elf.o
@@ -3951,7 +3978,7 @@ $sys_id       =
 $lflags       = -lsocket -lnsl
 $bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
 $cpuid_obj    = x86cpuid-elf.o
-$bn_obj       = bn86-elf.o co86-elf.o
+$bn_obj       = bn86-elf.o co86-elf.o mo86-elf.o
 $des_obj      = dx86-elf.o yx86-elf.o
 $aes_obj      = ax86-elf.o
 $bf_obj       = bx86-elf.o
--- a/apps/Makefile
+++ b/apps/Makefile
@@ -153,20 +153,14 @@ $(EXE): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
 	shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
 		shlib_target="$(SHLIB_TARGET)"; \
 	elif [ -n "$(FIPSCANLIB)" ]; then \
-	  FIPSLD_CC=$(CC); CC=$(TOP)/fips-1.0/fipsld; export CC FIPSLD_CC; \
+	  FIPSLD_CC="$(CC)"; CC=$(TOP)/fips/fipsld; export CC FIPSLD_CC; \
 	fi; \
 	if [ "$${shlib_target}" = "darwin-shared" ] ; then \
 	  LIBRARIES="$(DLIBSSL) $(LIBKRB5) $(DLIBCRYPTO)" ; \
 	else \
 	LIBRARIES="$(LIBSSL) $(LIBKRB5) $(LIBCRYPTO)" ; \
-	fi; \
+	[ "x$(FIPSCANLIB)" = "xlibfips" ] && LIBRARIES="$$LIBRARIES -lfips"; \
 	$(MAKE) -f $(TOP)/Makefile.shared -e \
-		CC=$${CC} APPNAME=$(EXE) OBJECTS="$(PROGRAM).o $(E_OBJ)" \
+		CC="$${CC}" APPNAME=$(EXE) OBJECTS="$(PROGRAM).o $(E_OBJ)" \
 		LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \
 		link_app.$${shlib_target}
 	-(cd ..; \
 	  OPENSSL="`pwd`/util/opensslwrap.sh"; export OPENSSL; \
 	  $(PERL) tools/c_rehash certs)
 progs.h: progs.pl
 	$(PERL) progs.pl $(E_EXE) >progs.h
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -256,29 +256,33 @@ ERR_load_crypto_strings();
 		BIO_printf(bio_err,"-engine e       use engine e, possibly a hardware device.\n");
 #endif
-		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm (default)\n",
+		BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm (default)\n",
 			LN_md5,LN_md5);
-		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
+		BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
 			LN_md4,LN_md4);
-		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
+		BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
 			LN_md2,LN_md2);
 #ifndef OPENSSL_NO_SHA
-		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
+		BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
 			LN_sha1,LN_sha1);
-		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
+		BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
 			LN_sha,LN_sha);
 #ifndef OPENSSL_NO_SHA256
-		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
+		BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
 			LN_sha224,LN_sha224);
 		BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
 			LN_sha256,LN_sha256);
 #endif
 #ifndef OPENSSL_NO_SHA512
-		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
+		BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
 			LN_sha384,LN_sha384);
 		BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
 			LN_sha512,LN_sha512);
 #endif
 #endif
-		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
+		BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
 			LN_mdc2,LN_mdc2);
-		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
+		BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
 			LN_ripemd160,LN_ripemd160);
 		err=1;
 		goto end;
--- a/apps/openssl-vms.cnf
+++ b/apps/openssl-vms.cnf
@@ -8,9 +8,8 @@
 HOME			= .
 RANDFILE		= $ENV::HOME/.rnd
-# Extra OBJECT IDENTIFIER info:
+# Uncomment out to enable OpenSSL configuration see config(3)
-#oid_file		= $ENV::HOME/.oid
+# openssl_conf = openssl_init
 oid_section		= new_oids
 # To use this configuration file with the "-extfile" option of the
 # "openssl x509" utility, name here the section containing the
@@ -19,13 +18,22 @@ oid_section		= new_oids
 # (Alternatively, use a configuration file that has only
 # X.509v3 extensions in its main [= default] section.)
 [openssl_init]
 # Extra OBJECT IDENTIFIER info:
 oid_section = new_oids
 alg_section = algs
 [ new_oids ]
-# We can add new OIDs in here for use by 'ca' and 'req'.
+# We can add new OIDs in here for use by any config aware application
 # Add a simple OID like this:
-# testoid1=1.2.3.4
+# shortname=Long Object Identifier Name, 1.2.3.4
 # Or use config file substitution like this:
-# testoid2=${testoid1}.5.6
+# testoid2=OID2 LONG NAME, ${testoid1}.5.6, OTHER OID
 [ algs ]
 # Algorithm configuration options. Currently just fips_mode
 fips_mode = no
 ####################################################################
 [ ca ]
--- a/88
+++ b/88
@@ -48,10 +48,10 @@ done
 # First get uname entries that we use below
-MACHINE=`(uname -m) 2>/dev/null` || MACHINE="unknown"
+[ "$MACHINE" ] || MACHINE=`(uname -m) 2>/dev/null` || MACHINE="unknown"
-RELEASE=`(uname -r) 2>/dev/null` || RELEASE="unknown"
+[ "$RELEASE" ] || RELEASE=`(uname -r) 2>/dev/null` || RELEASE="unknown"
-SYSTEM=`(uname -s) 2>/dev/null`  || SYSTEM="unknown"
+[ "$SYSTEM" ] || SYSTEM=`(uname -s) 2>/dev/null`  || SYSTEM="unknown"
-VERSION=`(uname -v) 2>/dev/null` || VERSION="unknown"
+[ "$BUILD" ] || VERSION=`(uname -v) 2>/dev/null` || VERSION="unknown"
 # Now test for ISC and SCO, since it is has a braindamaged uname.
@@ -501,20 +501,7 @@ case "$GUESSOS" in
 	OUT="irix-mips3-$CC"
 	;;
  mips4-sgi-irix64)
-	echo "WARNING! If you wish to build 64-bit library, then you have to"
+	OUT="irix64-mips4-$CC"
 	echo "         invoke './Configure irix64-mips4-$CC' *manually*."
 	if [ "$TEST" = "false" -a -t 1 ]; then
 	  echo "         You have about 5 seconds to press Ctrl-C to abort."
 	  (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
 	fi
        #CPU=`(hinv -t cpu) 2>/dev/null | head -1 | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
        #CPU=${CPU:-0}
        #if [ $CPU -ge 5000 ]; then
        #        options="$options -mips4"
        #else
        #        options="$options -mips3"
        #fi
 	OUT="irix-mips3-$CC"
 	;;
  ppc-apple-rhapsody) OUT="rhapsody-ppc-cc" ;;
  ppc-apple-darwin*) OUT="darwin-ppc-cc" ;;
@@ -534,25 +521,12 @@ case "$GUESSOS" in
 	fi
 	;;
  ppc64-*-linux2)
-	echo "WARNING! If you wish to build 64-bit library, then you have to"
+	OUT="linux-ppc64"
 	echo "         invoke './Configure linux-ppc64' *manually*."
 	if [ "$TEST" = "false" -a -t 1 ]; then
 	    echo "         You have about 5 seconds to press Ctrl-C to abort."
 	    (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
 	fi
 	OUT="linux-ppc"
 	;;
  ppc-*-linux2) OUT="linux-ppc" ;;
  ia64-*-linux?) OUT="linux-ia64" ;;
  sparc64-*-linux2)
-	echo "WARNING! If you *know* that your GNU C supports 64-bit/V9 ABI"
+	OUT="linux64-sparcv9" ;;
 	echo "         and wish to build 64-bit library, then you have to"
 	echo "         invoke './Configure linux64-sparcv9' *manually*."
 	if [ "$TEST" = "false" -a -t 1 ]; then
 	  echo "          You have about 5 seconds to press Ctrl-C to abort."
 	  (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
 	fi
 	OUT="linux-sparcv9" ;;
  sparc-*-linux2)
 	KARCH=`awk '/^type/{print$3;exit(0);}' /proc/cpuinfo`
 	case ${KARCH:-sun4} in
@@ -589,7 +563,7 @@ case "$GUESSOS" in
  sh*-*-linux2)  OUT="linux-generic32"; options="$options -DL_ENDIAN" ;;
  m68k*-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN" ;;
  s390-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN -DNO_ASM" ;;
-  s390x-*-linux2) OUT="linux-generic64"; options="$options -DB_ENDIAN" ;;
+  s390x-*-linux2) OUT="linux-s390x" ;;
  x86_64-*-linux?) OUT="linux-x86_64" ;;
  *86-*-linux2) OUT="linux-elf"
 	if [ "$GCCVER" -gt 28 ]; then
@@ -610,32 +584,13 @@ case "$GUESSOS" in
 	ISA64=`(isalist) 2>/dev/null | grep sparcv9`
 	if [ "$ISA64" != "" ]; then
 	    if [ "$CC" = "cc" -a $CCVER -ge 50 ]; then
-		echo "WARNING! If you wish to build 64-bit library, then you have to"
+		OUT="solaris64-sparcv9-cc"
 		echo "         invoke './Configure solaris64-sparcv9-cc' *manually*."
 		if [ "$TEST" = "false" -a -t 1 ]; then
 		  echo "         You have about 5 seconds to press Ctrl-C to abort."
 		  (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
 		fi
 	    elif [ "$CC" = "gcc" -a "$GCC_ARCH" = "-m64" ]; then
 		# $GCC_ARCH denotes default ABI chosen by compiler driver
 		# (first one found on the $PATH). I assume that user
 		# expects certain consistency with the rest of his builds
 		# and therefore switch over to 64-bit. <appro>
 		OUT="solaris64-sparcv9-gcc"
 		echo "WARNING! If you wish to build 32-bit library, then you have to"
 		echo "         invoke './Configure solaris-sparcv9-gcc' *manually*."
 		if [ "$TEST" = "false" -a -t 1 ]; then
 		  echo "         You have about 5 seconds to press Ctrl-C to abort."
 		  (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
 		fi
 	    elif [ "$GCC_ARCH" = "-m32" ]; then
 		echo "NOTICE! If you *know* that your GNU C supports 64-bit/V9 ABI"
 		echo "        and wish to build 64-bit library, then you have to"
 		echo "        invoke './Configure solaris64-sparcv9-gcc' *manually*."
 		if [ "$TEST" = "false" -a -t 1 ]; then
 		  echo "         You have about 5 seconds to press Ctrl-C to abort."
 		  (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
 		fi
 	    fi
 	fi
 	;;
@@ -656,8 +611,8 @@ case "$GUESSOS" in
  *-*-sunos4)		OUT="sunos-$CC" ;;
  *86*-*-bsdi4)		OUT="BSD-x86-elf"; options="$options no-sse2 -ldl" ;;
-  alpha*-*-*bsd*)	OUT="BSD-generic64; options="$options -DL_ENDIAN" ;;
+  alpha*-*-*bsd*)	OUT="BSD-generic64"; options="$options -DL_ENDIAN" ;;
-  powerpc64-*-*bsd*)	OUT="BSD-generic64; options="$options -DB_ENDIAN" ;;
+  powerpc64-*-*bsd*)	OUT="BSD-generic64"; options="$options -DB_ENDIAN" ;;
  sparc64-*-*bsd*)	OUT="BSD-sparc64" ;;
  ia64-*-*bsd*)		OUT="BSD-ia64" ;;
  amd64-*-*bsd*)	OUT="BSD-x86_64" ;;
@@ -702,23 +657,11 @@ case "$GUESSOS" in
 	CPU_VERSION=${CPU_VERSION:-0}
 	# See <sys/unistd.h> for further info on CPU_VERSION.
 	if   [ $CPU_VERSION -ge 768 ]; then	# IA-64 CPU
 	     echo "WARNING! 64-bit ABI is the default configured ABI on HP-UXi."
 	     echo "         If you wish to build 32-bit library, the you have to"
 	     echo "         invoke './Configure hpux-ia64-cc' *manually*."
 	     if [ "$TEST" = "false" -a -t 1 ]; then
 		echo "         You have about 5 seconds to press Ctrl-C to abort."
 		(trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
 	     fi
 	     OUT="hpux64-ia64-cc"
 	elif [ $CPU_VERSION -ge 532 ]; then	# PA-RISC 2.x CPU
 	     OUT=${OUT:-"hpux-parisc2-${CC}"}
 	     if [ $KERNEL_BITS -eq 64 -a "$CC" = "cc" ]; then
-		echo "WARNING! If you wish to build 64-bit library then you have to"
+		OUT="hpux64-parisc2-${CC}"
 		echo "         invoke './Configure hpux64-parisc2-cc' *manually*."
 		if [ "$TEST" = "false" -a -t 1 ]; then
 		  echo "         You have about 5 seconds to press Ctrl-C to abort."
 		  (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
 		fi
 	     fi
 	elif [ $CPU_VERSION -ge 528 ]; then	# PA-RISC 1.1+ CPU
 	     OUT="hpux-parisc-${CC}"
@@ -741,12 +684,7 @@ case "$GUESSOS" in
 	else
 	    OUT="aix-cc"
 	    if [ $KERNEL_BITS -eq 64 ]; then
-		echo "WARNING! If you wish to build 64-bit kit, then you have to"
+		OUT="aix64-cc"
 		echo "         invoke './Configure aix64-cc' *manually*."
 		if [ "$TEST" = "false" -a -t 1 ]; then
 		    echo "         You have ~5 seconds to press Ctrl-C to abort."
 		    (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
 		fi
 	    fi
 	fi
 	if (lsattr -E -O -l `lsdev -c processor|awk '{print$1;exit}'` | grep -i powerpc) >/dev/null 2>&1; then
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -47,7 +47,7 @@ ALL=    $(GENERAL) $(SRC) $(HEADER)
 top:
 	@(cd ..; $(MAKE) DIRS=$(DIR) all)
-all: shared
+all: lib
 buildinf.h: ../Makefile
 	( echo "#ifndef MK1MF_BUILD"; \
@@ -95,7 +95,7 @@ links:
 	@target=links; $(RECURSIVE_MAKE)
 # lib: and $(LIB): are splitted to avoid end-less loop
-lib:	$(LIB)
+lib:	buildinf.h $(LIB) subdirs
 	@touch lib
 $(LIB):	$(LIBOBJ)
 	$(ARX) $(LIB) $(LIBOBJ)
--- a/crypto/aes/Makefile
+++ b/crypto/aes/Makefile
@@ -57,6 +57,11 @@ ax86-cof.s: asm/aes-586.pl ../perlasm/x86asm.pl
 ax86-out.s: asm/aes-586.pl ../perlasm/x86asm.pl
 	(cd asm; $(PERL) aes-586.pl a.out $(CFLAGS) $(PROCESSOR) > ../$@)
 aes-x86_64.s: asm/aes-x86_64.pl
 	$(PERL) asm/aes-x86_64.pl $@
 # GNU make "catch all"
 aes-%.s:	asm/aes-%.pl;	$(PERL) $< $(CFLAGS) > $@
 files:
 	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
--- a/crypto/aes/aes_core.c
+++ b/crypto/aes/aes_core.c
@@ -37,10 +37,9 @@
 #include <stdlib.h>
 #include <openssl/aes.h>
 #include <openssl/fips.h>
 #include "aes_locl.h"
 #ifndef OPENSSL_FIPS
 /*
 Te0[x] = S [x].[02, 01, 01, 03];
 Te1[x] = S [x].[03, 02, 01, 01];
@@ -633,6 +632,10 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
   	int i = 0;
 	u32 temp;
 #ifdef OPENSSL_FIPS
 	FIPS_selftest_check();
 #endif
 	if (!userKey || !key)
 		return -1;
 	if (bits != 128 && bits != 192 && bits != 256)
@@ -1159,5 +1162,3 @@ void AES_decrypt(const unsigned char *in, unsigned char *out,
 }
 #endif /* AES_ASM */
 #endif
--- a/crypto/aes/aes_ige.c
+++ b/crypto/aes/aes_ige.c
@@ -62,9 +62,11 @@ typedef struct {
 /* XXX: probably some better way to do this */
 #if defined(__i386__) || defined(__x86_64__)
 #define UNALIGNED_MEMOPS_ARE_FAST 1
 #else
 #define UNALIGNED_MEMOPS_ARE_FAST 0
 #endif
-#ifdef UNALIGNED_MEMOPS_ARE_FAST
+#if UNALIGNED_MEMOPS_ARE_FAST
 #define load_block(d, s)        (d) = *(const aes_block_t *)(s)
 #define store_block(d, s)       *(aes_block_t *)(d) = (s)
 #else
@@ -89,7 +91,8 @@ void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
 	if (AES_ENCRYPT == enc)
 		{
-		if (in != out)
+		if (in != out &&
 		    (UNALIGNED_MEMOPS_ARE_FAST || ((size_t)in|(size_t)out|(size_t)ivec)%sizeof(long)==0))
 			{
 			aes_block_t *ivp = (aes_block_t *)ivec;
 			aes_block_t *iv2p = (aes_block_t *)(ivec + AES_BLOCK_SIZE);
@@ -143,7 +146,8 @@ void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
 		}
 	else
 		{
-		if(in != out)
+		if (in != out &&
 		    (UNALIGNED_MEMOPS_ARE_FAST || ((size_t)in|(size_t)out|(size_t)ivec)%sizeof(long)==0))
 			{
 			aes_block_t *ivp = (aes_block_t *)ivec;
 			aes_block_t *iv2p = (aes_block_t *)(ivec + AES_BLOCK_SIZE);
--- a/crypto/aes/asm/aes-586.pl
+++ b/crypto/aes/asm/aes-586.pl
--- a/crypto/aes/asm/aes-ia64.S
+++ b/crypto/aes/asm/aes-ia64.S
--- a/crypto/aes/asm/aes-s390x.pl
+++ b/crypto/aes/asm/aes-s390x.pl
--- a/crypto/aes/asm/aes-x86_64.pl
+++ b/crypto/aes/asm/aes-x86_64.pl
--- a/crypto/asn1/x_name.c
+++ b/crypto/asn1/x_name.c
@@ -160,40 +160,40 @@ static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long len
 					int tag, int aclass, char opt, ASN1_TLC *ctx)
 {
 	const unsigned char *p = *in, *q;
-	STACK *intname = NULL, **intname_pp = &intname;
+	union { STACK *s; ASN1_VALUE *a; } intname = {NULL};
 	union { X509_NAME *x; ASN1_VALUE *a; } nm = {NULL};
 	int i, j, ret;
 	X509_NAME *nm = NULL, **nm_pp = &nm;
 	STACK_OF(X509_NAME_ENTRY) *entries;
 	X509_NAME_ENTRY *entry;
 	q = p;
 	/* Get internal representation of Name */
-	ret = ASN1_item_ex_d2i((ASN1_VALUE **)intname_pp,
+	ret = ASN1_item_ex_d2i(&intname.a,
 			       &p, len, ASN1_ITEM_rptr(X509_NAME_INTERNAL),
 			       tag, aclass, opt, ctx);
 	if(ret <= 0) return ret;
 	if(*val) x509_name_ex_free(val, NULL);
-	if(!x509_name_ex_new((ASN1_VALUE **)nm_pp, NULL)) goto err;
+	if(!x509_name_ex_new(&nm.a, NULL)) goto err;
 	/* We've decoded it: now cache encoding */
-	if(!BUF_MEM_grow(nm->bytes, p - q)) goto err;
+	if(!BUF_MEM_grow(nm.x->bytes, p - q)) goto err;
-	memcpy(nm->bytes->data, q, p - q);
+	memcpy(nm.x->bytes->data, q, p - q);
 	/* Convert internal representation to X509_NAME structure */
-	for(i = 0; i < sk_num(intname); i++) {
+	for(i = 0; i < sk_num(intname.s); i++) {
-		entries = (STACK_OF(X509_NAME_ENTRY) *)sk_value(intname, i);
+		entries = (STACK_OF(X509_NAME_ENTRY) *)sk_value(intname.s, i);
 		for(j = 0; j < sk_X509_NAME_ENTRY_num(entries); j++) {
 			entry = sk_X509_NAME_ENTRY_value(entries, j);
 			entry->set = i;
-			if(!sk_X509_NAME_ENTRY_push(nm->entries, entry))
+			if(!sk_X509_NAME_ENTRY_push(nm.x->entries, entry))
 				goto err;
 		}
 		sk_X509_NAME_ENTRY_free(entries);
 	}
-	sk_free(intname);
+	sk_free(intname.s);
-	nm->modified = 0;
+	nm.x->modified = 0;
-	*val = (ASN1_VALUE *)nm;
+	*val = nm.a;
 	*in = p;
 	return ret;
 	err:
@@ -219,35 +219,35 @@ static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_IT
 static int x509_name_encode(X509_NAME *a)
 {
-	STACK *intname = NULL, **intname_pp = &intname;
+	union { STACK *s; ASN1_VALUE *a; } intname = {NULL};
 	int len;
 	unsigned char *p;
 	STACK_OF(X509_NAME_ENTRY) *entries = NULL;
 	X509_NAME_ENTRY *entry;
 	int i, set = -1;
-	intname = sk_new_null();
+	intname.s = sk_new_null();
-	if(!intname) goto memerr;
+	if(!intname.s) goto memerr;
 	for(i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
 		entry = sk_X509_NAME_ENTRY_value(a->entries, i);
 		if(entry->set != set) {
 			entries = sk_X509_NAME_ENTRY_new_null();
 			if(!entries) goto memerr;
-			if(!sk_push(intname, (char *)entries)) goto memerr;
+			if(!sk_push(intname.s, (char *)entries)) goto memerr;
 			set = entry->set;
 		}
 		if(!sk_X509_NAME_ENTRY_push(entries, entry)) goto memerr;
 	}
-	len = ASN1_item_ex_i2d((ASN1_VALUE **)intname_pp, NULL,
+	len = ASN1_item_ex_i2d(&intname.a, NULL,
 			       ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
 	if (!BUF_MEM_grow(a->bytes,len)) goto memerr;
 	p=(unsigned char *)a->bytes->data;
-	ASN1_item_ex_i2d((ASN1_VALUE **)intname_pp,
+	ASN1_item_ex_i2d(&intname.a,
 			 &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
-	sk_pop_free(intname, sk_internal_free);
+	sk_pop_free(intname.s, sk_internal_free);
 	a->modified = 0;
 	return len;
 	memerr:
-	sk_pop_free(intname, sk_internal_free);
+	sk_pop_free(intname.s, sk_internal_free);
 	ASN1err(ASN1_F_X509_NAME_ENCODE, ERR_R_MALLOC_FAILURE);
 	return -1;
 }
--- a/crypto/bio/b_print.c
+++ b/crypto/bio/b_print.c
@@ -79,7 +79,7 @@
 #include <openssl/bn.h>         /* To get BN_LLONG properly defined */
 #include <openssl/bio.h>
-#ifdef BN_LLONG
+#if defined(BN_LLONG) || defined(SIXTY_FOUR_BIT)
 # ifndef HAVE_LONG_LONG
 #  define HAVE_LONG_LONG 1
 # endif
@@ -117,7 +117,7 @@
 #if HAVE_LONG_LONG
 # if defined(OPENSSL_SYS_WIN32) && !defined(__GNUC__)
-# define LLONG _int64
+# define LLONG __int64
 # else
 # define LLONG long long
 # endif
--- a/crypto/bio/b_sock.c
+++ b/crypto/bio/b_sock.c
@@ -456,9 +456,6 @@ int BIO_sock_init(void)
 		{
 		int err;
 #ifdef SIGINT
 		signal(SIGINT,(void (*)(int))BIO_sock_cleanup);
 #endif
 		wsa_init_done=1;
 		memset(&wsa_state,0,sizeof(wsa_state));
 		if (WSAStartup(0x0101,&wsa_state)!=0)
@@ -484,11 +481,6 @@ int BIO_sock_init(void)
    if (!wsa_init_done)
    {
 # ifdef SIGINT
        signal(SIGINT,(void (*)(int))BIO_sock_cleanup);
 # endif
        wsa_init_done=1;
        wVerReq = MAKEWORD( 2, 0 );
        err = WSAStartup(wVerReq,&wsaData);
@@ -511,7 +503,7 @@ void BIO_sock_cleanup(void)
 		{
 		wsa_init_done=0;
 #ifndef OPENSSL_SYS_WINCE
-		WSACancelBlockingCall();
+		WSACancelBlockingCall();	/* Winsock 1.1 specific */
 #endif
 		WSACleanup();
 		}
--- a/crypto/bn/Makefile
+++ b/crypto/bn/Makefile
@@ -67,16 +67,22 @@ bn86-elf.s:	asm/bn-586.pl ../perlasm/x86asm.pl
 	(cd asm; $(PERL) bn-586.pl elf $(CFLAGS) > ../$@)
 co86-elf.s:	asm/co-586.pl ../perlasm/x86asm.pl
 	(cd asm; $(PERL) co-586.pl elf $(CFLAGS) > ../$@)
 mo86-elf.s:	asm/x86-mont.pl ../perlasm/x86asm.pl
 	(cd asm; $(PERL) x86-mont.pl elf $(CFLAGS) > ../$@)
 # COFF
 bn86-cof.s: asm/bn-586.pl ../perlasm/x86asm.pl
 	(cd asm; $(PERL) bn-586.pl coff $(CFLAGS) > ../$@)
 co86-cof.s: asm/co-586.pl ../perlasm/x86asm.pl
 	(cd asm; $(PERL) co-586.pl coff $(CFLAGS) > ../$@)
 mo86-cof.s: asm/x86-mont.pl ../perlasm/x86asm.pl
 	(cd asm; $(PERL) x86-mont.pl coff $(CFLAGS) > ../$@)
 # a.out
 bn86-out.s: asm/bn-586.pl ../perlasm/x86asm.pl
 	(cd asm; $(PERL) bn-586.pl a.out $(CFLAGS) > ../$@)
 co86-out.s: asm/co-586.pl ../perlasm/x86asm.pl
 	(cd asm; $(PERL) co-586.pl a.out $(CFLAGS) > ../$@)
 mo86-out.s: asm/x86-mont.pl ../perlasm/x86asm.pl
 	(cd asm; $(PERL) x86-mont.pl a.out $(CFLAGS) > ../$@)
 sparcv8.o:	asm/sparcv8.S
 	$(CC) $(CFLAGS) -c asm/sparcv8.S
@@ -91,10 +97,15 @@ bn-mips3.o:	asm/mips3.s
 x86_64-gcc.o:	asm/x86_64-gcc.c
 	$(CC) $(CFLAGS) -c -o $@ asm/x86_64-gcc.c
 x86_64-mont.s:	asm/x86_64-mont.pl
 	$(PERL) asm/x86_64-mont.pl $@
 bn-ia64.s:	asm/ia64.S
 	$(CC) $(CFLAGS) -E asm/ia64.S > $@
 bn-s390x.s:	asm/s390x.S
 	$(CC) $(CFLAGS) -E asm/s390x.S > $@
 # GNU assembler fails to compile PA-RISC2 modules, insist on calling
 # vendor assembler...
 pa-risc2W.o: asm/pa-risc2W.s
@@ -109,6 +120,9 @@ aix_ppc32.s: asm/ppc.pl;	$(PERL) asm/ppc.pl $@
 aix_ppc64.s: asm/ppc.pl;	$(PERL) asm/ppc.pl $@
 osx_ppc32.s: asm/ppc.pl;	$(PERL) $< $@
 # GNU make "catch all"
 %-mont.s:	asm/%-mont.pl;  $(PERL) $< $(CFLAGS) > $@
 files:
 	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
--- a/crypto/bn/asm/s390x.S
+++ b/crypto/bn/asm/s390x.S
@@ -0,0 +1,678 @@
 .ident "s390x.S, version 1.0"
 // ====================================================================
 // Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
 // project.
 //
 // Rights for redistribution and usage in source and binary forms are
 // granted according to the OpenSSL license. Warranty of any kind is
 // disclaimed.
 // ====================================================================
 .text
 #define zero	%r0
 // BN_ULONG bn_mul_add_words(BN_ULONG *r2,BN_ULONG *r3,int r4,BN_ULONG r5);
 .globl	bn_mul_add_words
 .type	bn_mul_add_words,@function
 .align	4
 bn_mul_add_words:
 	lghi	zero,0		// zero = 0
 	la	%r1,0(%r2)	// put rp aside
 	lghi	%r2,0		// i=0;
 	ltgfr	%r4,%r4
 	bler	%r14		// if (len<=0) return 0;
 	stmg	%r6,%r10,48(%r15)
 	lghi	%r8,0		// carry = 0
 	srag	%r10,%r4,2	// cnt=len/4
 	jz	.Loop1_madd
 .Loop4_madd:
 	lg	%r7,0(%r2,%r3)	// ap[i]
 	mlgr	%r6,%r5		// *=w
 	algr	%r7,%r8		// +=carry
 	alcgr	%r6,zero
 	alg	%r7,0(%r2,%r1)	// +=rp[i]
 	alcgr	%r6,zero
 	stg	%r7,0(%r2,%r1)	// rp[i]=
 	lg	%r9,8(%r2,%r3)
 	mlgr	%r8,%r5
 	algr	%r9,%r6
 	alcgr	%r8,zero
 	alg	%r9,8(%r2,%r1)
 	alcgr	%r8,zero
 	stg	%r9,8(%r2,%r1)
 	lg	%r7,16(%r2,%r3)
 	mlgr	%r6,%r5
 	algr	%r7,%r8
 	alcgr	%r6,zero
 	alg	%r7,16(%r2,%r1)
 	alcgr	%r6,zero
 	stg	%r7,16(%r2,%r1)
 	lg	%r9,24(%r2,%r3)
 	mlgr	%r8,%r5
 	algr	%r9,%r6
 	alcgr	%r8,zero
 	alg	%r9,24(%r2,%r1)
 	alcgr	%r8,zero
 	stg	%r9,24(%r2,%r1)
 	la	%r2,32(%r2)	// i+=4
 	brct	%r10,.Loop4_madd
 	lghi	%r10,3
 	nr	%r4,%r10	// cnt=len%4
 	jz	.Lend_madd
 .Loop1_madd:
 	lg	%r7,0(%r2,%r3)	// ap[i]
 	mlgr	%r6,%r5		// *=w
 	algr	%r7,%r8		// +=carry
 	alcgr	%r6,zero
 	alg	%r7,0(%r2,%r1)	// +=rp[i]
 	alcgr	%r6,zero
 	stg	%r7,0(%r2,%r1)	// rp[i]=
 	lgr	%r8,%r6
 	la	%r2,8(%r2)	// i++
 	brct	%r4,.Loop1_madd
 .Lend_madd:
 	lgr	%r2,%r8
 	lmg	%r6,%r10,48(%r15)
 	br	%r14
 .size	bn_mul_add_words,.-bn_mul_add_words
 // BN_ULONG bn_mul_words(BN_ULONG *r2,BN_ULONG *r3,int r4,BN_ULONG r5);
 .globl	bn_mul_words
 .type	bn_mul_words,@function
 .align	4
 bn_mul_words:
 	lghi	zero,0		// zero = 0
 	la	%r1,0(%r2)	// put rp aside
 	lghi	%r2,0		// i=0;
 	ltgfr	%r4,%r4
 	bler	%r14		// if (len<=0) return 0;
 	stmg	%r6,%r10,48(%r15)
 	lghi	%r8,0		// carry = 0
 	srag	%r10,%r4,2	// cnt=len/4
 	jz	.Loop1_mul
 .Loop4_mul:
 	lg	%r7,0(%r2,%r3)	// ap[i]
 	mlgr	%r6,%r5		// *=w
 	algr	%r7,%r8		// +=carry
 	alcgr	%r6,zero
 	stg	%r7,0(%r2,%r1)	// rp[i]=
 	lg	%r9,8(%r2,%r3)
 	mlgr	%r8,%r5
 	algr	%r9,%r6
 	alcgr	%r8,zero
 	stg	%r9,8(%r2,%r1)
 	lg	%r7,16(%r2,%r3)
 	mlgr	%r6,%r5
 	algr	%r7,%r8
 	alcgr	%r6,zero
 	stg	%r7,16(%r2,%r1)
 	lg	%r9,24(%r2,%r3)
 	mlgr	%r8,%r5
 	algr	%r9,%r6
 	alcgr	%r8,zero
 	stg	%r9,24(%r2,%r1)
 	la	%r2,32(%r2)	// i+=4
 	brct	%r10,.Loop4_mul
 	lghi	%r10,3
 	nr	%r4,%r10	// cnt=len%4
 	jz	.Lend_mul
 .Loop1_mul:
 	lg	%r7,0(%r2,%r3)	// ap[i]
 	mlgr	%r6,%r5		// *=w
 	algr	%r7,%r8		// +=carry
 	alcgr	%r6,zero
 	stg	%r7,0(%r2,%r1)	// rp[i]=
 	lgr	%r8,%r6
 	la	%r2,8(%r2)	// i++
 	brct	%r4,.Loop1_mul
 .Lend_mul:
 	lgr	%r2,%r8
 	lmg	%r6,%r10,48(%r15)
 	br	%r14
 .size	bn_mul_words,.-bn_mul_words
 // void bn_sqr_words(BN_ULONG *r2,BN_ULONG *r2,int r4)
 .globl	bn_sqr_words
 .type	bn_sqr_words,@function
 .align	4
 bn_sqr_words:
 	ltgfr	%r4,%r4
 	bler	%r14
 	stmg	%r6,%r7,48(%r15)
 	srag	%r1,%r4,2	// cnt=len/4
 	jz	.Loop1_sqr
 .Loop4_sqr:
 	lg	%r7,0(%r3)
 	mlgr	%r6,%r7
 	stg	%r7,0(%r2)
 	stg	%r6,8(%r2)
 	lg	%r7,8(%r3)
 	mlgr	%r6,%r7
 	stg	%r7,16(%r2)
 	stg	%r6,24(%r2)
 	lg	%r7,16(%r3)
 	mlgr	%r6,%r7
 	stg	%r7,32(%r2)
 	stg	%r6,40(%r2)
 	lg	%r7,24(%r3)
 	mlgr	%r6,%r7
 	stg	%r7,48(%r2)
 	stg	%r6,56(%r2)
 	la	%r3,32(%r3)
 	la	%r2,64(%r2)
 	brct	%r1,.Loop4_sqr
 	lghi	%r1,3
 	nr	%r4,%r1		// cnt=len%4
 	jz	.Lend_sqr
 .Loop1_sqr:
 	lg	%r7,0(%r3)
 	mlgr	%r6,%r7
 	stg	%r7,0(%r2)
 	stg	%r6,8(%r2)
 	la	%r3,8(%r3)
 	la	%r2,16(%r2)
 	brct	%r4,.Loop1_sqr
 .Lend_sqr:
 	lmg	%r6,%r7,48(%r15)
 	br	%r14
 .size	bn_sqr_words,.-bn_sqr_words
 // BN_ULONG bn_div_words(BN_ULONG h,BN_ULONG l,BN_ULONG d);
 .globl	bn_div_words
 .type	bn_div_words,@function
 .align	4
 bn_div_words:
 	dlgr	%r2,%r4
 	lgr	%r2,%r3
 	br	%r14
 .size	bn_div_words,.-bn_div_words
 // BN_ULONG bn_add_words(BN_ULONG *r2,BN_ULONG *r3,BN_ULONG *r4,int r5);
 .globl	bn_add_words
 .type	bn_add_words,@function
 .align	4
 bn_add_words:
 	la	%r1,0(%r2)	// put rp aside
 	lghi	%r2,0		// i=0
 	ltgfr	%r5,%r5
 	bler	%r14		// if (len<=0) return 0;
 	stg	%r6,48(%r15)
 	lghi	%r6,3
 	nr	%r6,%r5		// len%4
 	sra	%r5,2		// len/4, use sra because it sets condition code
 	jz	.Loop1_add	// carry is incidentally cleared if branch taken
 	algr	%r2,%r2		// clear carry
 .Loop4_add:
 	lg	%r0,0(%r2,%r3)
 	alcg	%r0,0(%r2,%r4)
 	stg	%r0,0(%r2,%r1)
 	lg	%r0,8(%r2,%r3)
 	alcg	%r0,8(%r2,%r4)
 	stg	%r0,8(%r2,%r1)
 	lg	%r0,16(%r2,%r3)
 	alcg	%r0,16(%r2,%r4)
 	stg	%r0,16(%r2,%r1)
 	lg	%r0,24(%r2,%r3)
 	alcg	%r0,24(%r2,%r4)
 	stg	%r0,24(%r2,%r1)
 	la	%r2,32(%r2)	// i+=4
 	brct	%r5,.Loop4_add
 	la	%r6,1(%r6)	// see if len%4 is zero ...
 	brct	%r6,.Loop1_add	// without touching condition code:-)
 .Lexit_add:
 	lghi	%r2,0
 	alcgr	%r2,%r2
 	lg	%r6,48(%r15)
 	br	%r14
 .Loop1_add:
 	lg	%r0,0(%r2,%r3)
 	alcg	%r0,0(%r2,%r4)
 	stg	%r0,0(%r2,%r1)
 	la	%r2,8(%r2)	// i++
 	brct	%r6,.Loop1_add
 	j	.Lexit_add
 .size	bn_add_words,.-bn_add_words
 // BN_ULONG bn_sub_words(BN_ULONG *r2,BN_ULONG *r3,BN_ULONG *r4,int r5);
 .globl	bn_sub_words
 .type	bn_sub_words,@function
 .align	4
 bn_sub_words:
 	la	%r1,0(%r2)	// put rp aside
 	lghi	%r2,0		// i=0
 	ltgfr	%r5,%r5
 	bler	%r14		// if (len<=0) return 0;
 	stg	%r6,48(%r15)
 	lghi	%r6,3
 	nr	%r6,%r5		// len%4
 	sra	%r5,2		// len/4, use sra because it sets condition code
 	jnz	.Loop4_sub	// borrow is incidentally cleared if branch taken
 	slgr	%r2,%r2		// clear borrow
 .Loop1_sub:
 	lg	%r0,0(%r2,%r3)
 	slbg	%r0,0(%r2,%r4)
 	stg	%r0,0(%r2,%r1)
 	la	%r2,8(%r2)	// i++
 	brct	%r6,.Loop1_sub
 	j	.Lexit_sub
 .Loop4_sub:
 	lg	%r0,0(%r2,%r3)
 	slbg	%r0,0(%r2,%r4)
 	stg	%r0,0(%r2,%r1)
 	lg	%r0,8(%r2,%r3)
 	slbg	%r0,8(%r2,%r4)
 	stg	%r0,8(%r2,%r1)
 	lg	%r0,16(%r2,%r3)
 	slbg	%r0,16(%r2,%r4)
 	stg	%r0,16(%r2,%r1)
 	lg	%r0,24(%r2,%r3)
 	slbg	%r0,24(%r2,%r4)
 	stg	%r0,24(%r2,%r1)
 	la	%r2,32(%r2)	// i+=4
 	brct	%r5,.Loop4_sub
 	la	%r6,1(%r6)	// see if len%4 is zero ...
 	brct	%r6,.Loop1_sub	// without touching condition code:-)
 .Lexit_sub:
 	lghi	%r2,0
 	slbgr	%r2,%r2
 	lcgr	%r2,%r2
 	lg	%r6,48(%r15)
 	br	%r14
 .size	bn_sub_words,.-bn_sub_words
 #define c1	%r1
 #define c2	%r5
 #define c3	%r8
 #define mul_add_c(ai,bi,c1,c2,c3)	\
 	lg	%r7,ai*8(%r3);		\
 	mlg	%r6,bi*8(%r4);		\
 	algr	c1,%r7;			\
 	alcgr	c2,%r6;			\
 	alcgr	c3,zero
 // void bn_mul_comba8(BN_ULONG *r2,BN_ULONG *r3,BN_ULONG *r4);
 .globl	bn_mul_comba8
 .type	bn_mul_comba8,@function
 .align	4
 bn_mul_comba8:
 	stmg	%r6,%r8,48(%r15)
 	lghi	c1,0
 	lghi	c2,0
 	lghi	c3,0
 	lghi	zero,0
 	mul_add_c(0,0,c1,c2,c3);
 	stg	c1,0*8(%r2)
 	lghi	c1,0
 	mul_add_c(0,1,c2,c3,c1);
 	mul_add_c(1,0,c2,c3,c1);
 	stg	c2,1*8(%r2)
 	lghi	c2,0
 	mul_add_c(2,0,c3,c1,c2);
 	mul_add_c(1,1,c3,c1,c2);
 	mul_add_c(0,2,c3,c1,c2);
 	stg	c3,2*8(%r2)
 	lghi	c3,0
 	mul_add_c(0,3,c1,c2,c3);
 	mul_add_c(1,2,c1,c2,c3);
 	mul_add_c(2,1,c1,c2,c3);
 	mul_add_c(3,0,c1,c2,c3);
 	stg	c1,3*8(%r2)
 	lghi	c1,0
 	mul_add_c(4,0,c2,c3,c1);
 	mul_add_c(3,1,c2,c3,c1);
 	mul_add_c(2,2,c2,c3,c1);
 	mul_add_c(1,3,c2,c3,c1);
 	mul_add_c(0,4,c2,c3,c1);
 	stg	c2,4*8(%r2)
 	lghi	c2,0
 	mul_add_c(0,5,c3,c1,c2);
 	mul_add_c(1,4,c3,c1,c2);
 	mul_add_c(2,3,c3,c1,c2);
 	mul_add_c(3,2,c3,c1,c2);
 	mul_add_c(4,1,c3,c1,c2);
 	mul_add_c(5,0,c3,c1,c2);
 	stg	c3,5*8(%r2)
 	lghi	c3,0
 	mul_add_c(6,0,c1,c2,c3);
 	mul_add_c(5,1,c1,c2,c3);
 	mul_add_c(4,2,c1,c2,c3);
 	mul_add_c(3,3,c1,c2,c3);
 	mul_add_c(2,4,c1,c2,c3);
 	mul_add_c(1,5,c1,c2,c3);
 	mul_add_c(0,6,c1,c2,c3);
 	stg	c1,6*8(%r2)
 	lghi	c1,0
 	mul_add_c(0,7,c2,c3,c1);
 	mul_add_c(1,6,c2,c3,c1);
 	mul_add_c(2,5,c2,c3,c1);
 	mul_add_c(3,4,c2,c3,c1);
 	mul_add_c(4,3,c2,c3,c1);
 	mul_add_c(5,2,c2,c3,c1);
 	mul_add_c(6,1,c2,c3,c1);
 	mul_add_c(7,0,c2,c3,c1);
 	stg	c2,7*8(%r2)
 	lghi	c2,0
 	mul_add_c(7,1,c3,c1,c2);
 	mul_add_c(6,2,c3,c1,c2);
 	mul_add_c(5,3,c3,c1,c2);
 	mul_add_c(4,4,c3,c1,c2);
 	mul_add_c(3,5,c3,c1,c2);
 	mul_add_c(2,6,c3,c1,c2);
 	mul_add_c(1,7,c3,c1,c2);
 	stg	c3,8*8(%r2)
 	lghi	c3,0
 	mul_add_c(2,7,c1,c2,c3);
 	mul_add_c(3,6,c1,c2,c3);
 	mul_add_c(4,5,c1,c2,c3);
 	mul_add_c(5,4,c1,c2,c3);
 	mul_add_c(6,3,c1,c2,c3);
 	mul_add_c(7,2,c1,c2,c3);
 	stg	c1,9*8(%r2)
 	lghi	c1,0
 	mul_add_c(7,3,c2,c3,c1);
 	mul_add_c(6,4,c2,c3,c1);
 	mul_add_c(5,5,c2,c3,c1);
 	mul_add_c(4,6,c2,c3,c1);
 	mul_add_c(3,7,c2,c3,c1);
 	stg	c2,10*8(%r2)
 	lghi	c2,0
 	mul_add_c(4,7,c3,c1,c2);
 	mul_add_c(5,6,c3,c1,c2);
 	mul_add_c(6,5,c3,c1,c2);
 	mul_add_c(7,4,c3,c1,c2);
 	stg	c3,11*8(%r2)
 	lghi	c3,0
 	mul_add_c(7,5,c1,c2,c3);
 	mul_add_c(6,6,c1,c2,c3);
 	mul_add_c(5,7,c1,c2,c3);
 	stg	c1,12*8(%r2)
 	lghi	c1,0
 	mul_add_c(6,7,c2,c3,c1);
 	mul_add_c(7,6,c2,c3,c1);
 	stg	c2,13*8(%r2)
 	lghi	c2,0
 	mul_add_c(7,7,c3,c1,c2);
 	stg	c3,14*8(%r2)
 	stg	c1,15*8(%r2)
 	lmg	%r6,%r8,48(%r15)
 	br	%r14
 .size	bn_mul_comba8,.-bn_mul_comba8
 // void bn_mul_comba4(BN_ULONG *r2,BN_ULONG *r3,BN_ULONG *r4);
 .globl	bn_mul_comba4
 .type	bn_mul_comba4,@function
 .align	4
 bn_mul_comba4:
 	stmg	%r6,%r8,48(%r15)
 	lghi	c1,0
 	lghi	c2,0
 	lghi	c3,0
 	lghi	zero,0
 	mul_add_c(0,0,c1,c2,c3);
 	stg	c1,0*8(%r3)
 	lghi	c1,0
 	mul_add_c(0,1,c2,c3,c1);
 	mul_add_c(1,0,c2,c3,c1);
 	stg	c2,1*8(%r2)
 	lghi	c2,0
 	mul_add_c(2,0,c3,c1,c2);
 	mul_add_c(1,1,c3,c1,c2);
 	mul_add_c(0,2,c3,c1,c2);
 	stg	c3,2*8(%r2)
 	lghi	c3,0
 	mul_add_c(0,3,c1,c2,c3);
 	mul_add_c(1,2,c1,c2,c3);
 	mul_add_c(2,1,c1,c2,c3);
 	mul_add_c(3,0,c1,c2,c3);
 	stg	c1,3*8(%r2)
 	lghi	c1,0
 	mul_add_c(3,1,c2,c3,c1);
 	mul_add_c(2,2,c2,c3,c1);
 	mul_add_c(1,3,c2,c3,c1);
 	stg	c2,4*8(%r2)
 	lghi	c2,0
 	mul_add_c(2,3,c3,c1,c2);
 	mul_add_c(3,2,c3,c1,c2);
 	stg	c3,5*8(%r2)
 	lghi	c3,0
 	mul_add_c(3,3,c1,c2,c3);
 	stg	c1,6*8(%r2)
 	stg	c2,7*8(%r2)
 	stmg	%r6,%r8,48(%r15)
 	br	%r14
 .size	bn_mul_comba4,.-bn_mul_comba4
 #define sqr_add_c(ai,c1,c2,c3)		\
 	lg	%r7,ai*8(%r3);		\
 	mlgr	%r6,%r7;		\
 	algr	c1,%r7;			\
 	alcgr	c2,%r6;			\
 	alcgr	c3,zero
 #define sqr_add_c2(ai,aj,c1,c2,c3)	\
 	lg	%r7,ai*8(%r3);		\
 	mlg	%r6,aj*8(%r3);		\
 	algr	c1,%r7;			\
 	alcgr	c2,%r6;			\
 	alcgr	c3,zero;		\
 	algr	c1,%r7;			\
 	alcgr	c2,%r6;			\
 	alcgr	c3,zero
 // void bn_sqr_comba8(BN_ULONG *r2,BN_ULONG *r3);
 .globl	bn_sqr_comba8
 .type	bn_sqr_comba8,@function
 .align	4
 bn_sqr_comba8:
 	stmg	%r6,%r8,48(%r15)
 	lghi	c1,0
 	lghi	c2,0
 	lghi	c3,0
 	lghi	zero,0
 	sqr_add_c(0,c1,c2,c3);
 	stg	c1,0*8(%r2)
 	lghi	c1,0
 	sqr_add_c2(1,0,c2,c3,c1);
 	stg	c2,1*8(%r2)
 	lghi	c2,0
 	sqr_add_c(1,c3,c1,c2);
 	sqr_add_c2(2,0,c3,c1,c2);
 	stg	c3,2*8(%r2)
 	lghi	c3,0
 	sqr_add_c2(3,0,c1,c2,c3);
 	sqr_add_c2(2,1,c1,c2,c3);
 	stg	c1,3*8(%r2)
 	lghi	c1,0
 	sqr_add_c(2,c2,c3,c1);
 	sqr_add_c2(3,1,c2,c3,c1);
 	sqr_add_c2(4,0,c2,c3,c1);
 	stg	c2,4*8(%r2)
 	lghi	c2,0
 	sqr_add_c2(5,0,c3,c1,c2);
 	sqr_add_c2(4,1,c3,c1,c2);
 	sqr_add_c2(3,2,c3,c1,c2);
 	stg	c3,5*8(%r2)
 	lghi	c3,0
 	sqr_add_c(3,c1,c2,c3);
 	sqr_add_c2(4,2,c1,c2,c3);
 	sqr_add_c2(5,1,c1,c2,c3);
 	sqr_add_c2(6,0,c1,c2,c3);
 	stg	c1,6*8(%r2)
 	lghi	c1,0
 	sqr_add_c2(7,0,c2,c3,c1);
 	sqr_add_c2(6,1,c2,c3,c1);
 	sqr_add_c2(5,2,c2,c3,c1);
 	sqr_add_c2(4,3,c2,c3,c1);
 	stg	c2,7*8(%r2)
 	lghi	c2,0
 	sqr_add_c(4,c3,c1,c2);
 	sqr_add_c2(5,3,c3,c1,c2);
 	sqr_add_c2(6,2,c3,c1,c2);
 	sqr_add_c2(7,1,c3,c1,c2);
 	stg	c3,8*8(%r2)
 	lghi	c3,0
 	sqr_add_c2(7,2,c1,c2,c3);
 	sqr_add_c2(6,3,c1,c2,c3);
 	sqr_add_c2(5,4,c1,c2,c3);
 	stg	c1,9*8(%r2)
 	lghi	c1,0
 	sqr_add_c(5,c2,c3,c1);
 	sqr_add_c2(6,4,c2,c3,c1);
 	sqr_add_c2(7,3,c2,c3,c1);
 	stg	c2,10*8(%r2)
 	lghi	c2,0
 	sqr_add_c2(7,4,c3,c1,c2);
 	sqr_add_c2(6,5,c3,c1,c2);
 	stg	c3,11*8(%r2)
 	lghi	c3,0
 	sqr_add_c(6,c1,c2,c3);
 	sqr_add_c2(7,5,c1,c2,c3);
 	stg	c1,12*8(%r2)
 	lghi	c1,0
 	sqr_add_c2(7,6,c2,c3,c1);
 	stg	c2,13*8(%r2)
 	lghi	c2,0
 	sqr_add_c(7,c3,c1,c2);
 	stg	c3,14*8(%r2)
 	stg	c1,15*8(%r2)
 	lmg	%r6,%r8,48(%r15)
 	br	%r14
 .size	bn_sqr_comba8,.-bn_sqr_comba8
 // void bn_sqr_comba4(BN_ULONG *r2,BN_ULONG *r3);
 .globl bn_sqr_comba4
 .type	bn_sqr_comba4,@function
 .align	4
 bn_sqr_comba4:
 	stmg	%r6,%r8,48(%r15)
 	lghi	c1,0
 	lghi	c2,0
 	lghi	c3,0
 	lghi	zero,0
 	sqr_add_c(0,c1,c2,c3);
 	stg	c1,0*8(%r2)
 	lghi	c1,0
 	sqr_add_c2(1,0,c2,c3,c1);
 	stg	c2,1*8(%r2)
 	lghi	c2,0
 	sqr_add_c(1,c3,c1,c2);
 	sqr_add_c2(2,0,c3,c1,c2);
 	stg	c3,2*8(%r2)
 	lghi	c3,0
 	sqr_add_c2(3,0,c1,c2,c3);
 	sqr_add_c2(2,1,c1,c2,c3);
 	stg	c1,3*8(%r2)
 	lghi	c1,0
 	sqr_add_c(2,c2,c3,c1);
 	sqr_add_c2(3,1,c2,c3,c1);
 	stg	c2,4*8(%r2)
 	lghi	c2,0
 	sqr_add_c2(3,2,c3,c1,c2);
 	stg	c3,5*8(%r2)
 	lghi	c3,0
 	sqr_add_c(3,c1,c2,c3);
 	stg	c1,6*8(%r2)
 	stg	c2,7*8(%r2)
 	lmg	%r6,%r8,48(%r15)
 	br	%r14
 .size	bn_sqr_comba4,.-bn_sqr_comba4
--- a/crypto/bn/asm/x86-mont.pl
+++ b/crypto/bn/asm/x86-mont.pl
@@ -0,0 +1,591 @@
 #!/usr/bin/env perl
 # ====================================================================
 # Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
 # project. The module is, however, dual licensed under OpenSSL and
 # CRYPTOGAMS licenses depending on where you obtain it. For further
 # details see http://www.openssl.org/~appro/cryptogams/.
 # ====================================================================
 # October 2005
 #
 # This is a "teaser" code, as it can be improved in several ways...
 # First of all non-SSE2 path should be implemented (yes, for now it
 # performs Montgomery multiplication/convolution only on SSE2-capable
 # CPUs such as P4, others fall down to original code). Then inner loop
 # can be unrolled and modulo-scheduled to improve ILP and possibly
 # moved to 128-bit XMM register bank (though it would require input
 # rearrangement and/or increase bus bandwidth utilization). Dedicated
 # squaring procedure should give further performance improvement...
 # Yet, for being draft, the code improves rsa512 *sign* benchmark by
 # 110%(!), rsa1024 one - by 70% and rsa4096 - by 20%:-)
 # December 2006
 #
 # Modulo-scheduling SSE2 loops results in further 15-20% improvement.
 # Integer-only code [being equipped with dedicated squaring procedure]
 # gives ~40% on rsa512 sign benchmark...
 $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
 push(@INC,"${dir}","${dir}../../perlasm");
 require "x86asm.pl";
 &asm_init($ARGV[0],$0);
 $sse2=0;
 for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
 &external_label("OPENSSL_ia32cap_P") if ($sse2);
 &function_begin("bn_mul_mont");
 $i="edx";
 $j="ecx";
 $ap="esi";	$tp="esi";		# overlapping variables!!!
 $rp="edi";	$bp="edi";		# overlapping variables!!!
 $np="ebp";
 $num="ebx";
 $_num=&DWP(4*0,"esp");			# stack top layout
 $_rp=&DWP(4*1,"esp");
 $_ap=&DWP(4*2,"esp");
 $_bp=&DWP(4*3,"esp");
 $_np=&DWP(4*4,"esp");
 $_n0=&DWP(4*5,"esp");	$_n0q=&QWP(4*5,"esp");
 $_sp=&DWP(4*6,"esp");
 $_bpend=&DWP(4*7,"esp");
 $frame=32;				# size of above frame rounded up to 16n
 	&xor	("eax","eax");
 	&mov	("edi",&wparam(5));	# int num
 	&cmp	("edi",4);
 	&jl	(&label("just_leave"));
 	&lea	("esi",&wparam(0));	# put aside pointer to argument block
 	&lea	("edx",&wparam(1));	# load ap
 	&mov	("ebp","esp");		# saved stack pointer!
 	&add	("edi",2);		# extra two words on top of tp
 	&neg	("edi");
 	&lea	("esp",&DWP(-$frame,"esp","edi",4));	# alloca($frame+4*(num+2))
 	&neg	("edi");
 	# minimize cache contention by arraning 2K window between stack
 	# pointer and ap argument [np is also position sensitive vector,
 	# but it's assumed to be near ap, as it's allocated at ~same
 	# time].
 	&mov	("eax","esp");
 	&sub	("eax","edx");
 	&and	("eax",2047);
 	&sub	("esp","eax");		# this aligns sp and ap modulo 2048
 	&xor	("edx","esp");
 	&and	("edx",2048);
 	&xor	("edx",2048);
 	&sub	("esp","edx");		# this splits them apart modulo 4096
 	&and	("esp",-64);		# align to cache line
 	################################# load argument block...
 	&mov	("eax",&DWP(0*4,"esi"));# BN_ULONG *rp
 	&mov	("ebx",&DWP(1*4,"esi"));# const BN_ULONG *ap
 	&mov	("ecx",&DWP(2*4,"esi"));# const BN_ULONG *bp
 	&mov	("edx",&DWP(3*4,"esi"));# const BN_ULONG *np
 	&mov	("esi",&DWP(4*4,"esi"));# const BN_ULONG *n0
 	#&mov	("edi",&DWP(5*4,"esi"));# int num
 	&mov	("esi",&DWP(0,"esi"));	# pull n0[0]
 	&mov	($_rp,"eax");		# ... save a copy of argument block
 	&mov	($_ap,"ebx");
 	&mov	($_bp,"ecx");
 	&mov	($_np,"edx");
 	&mov	($_n0,"esi");
 	&lea	($num,&DWP(-3,"edi"));	# num=num-1 to assist modulo-scheduling
 	#&mov	($_num,$num);		# redundant as $num is not reused
 	&mov	($_sp,"ebp");		# saved stack pointer!
 if($sse2) {
 $acc0="mm0";	# mmx register bank layout
 $acc1="mm1";
 $car0="mm2";
 $car1="mm3";
 $mul0="mm4";
 $mul1="mm5";
 $temp="mm6";
 $mask="mm7";
 	&picmeup("eax","OPENSSL_ia32cap_P");
 	&bt	(&DWP(0,"eax"),26);
 	&jnc	(&label("non_sse2"));
 	&mov	("eax",-1);
 	&movd	($mask,"eax");		# mask 32 lower bits
 	&mov	($ap,$_ap);		# load input pointers
 	&mov	($bp,$_bp);
 	&mov	($np,$_np);
 	&xor	($i,$i);		# i=0
 	&xor	($j,$j);		# j=0
 	&movd	($mul0,&DWP(0,$bp));		# bp[0]
 	&movd	($mul1,&DWP(0,$ap));		# ap[0]
 	&movd	($car1,&DWP(0,$np));		# np[0]
 	&pmuludq($mul1,$mul0);			# ap[0]*bp[0]
 	&movq	($car0,$mul1);
 	&movq	($acc0,$mul1);			# I wish movd worked for
 	&pand	($acc0,$mask);			# inter-register transfers
 	&pmuludq($mul1,$_n0q);			# *=n0
 	&pmuludq($car1,$mul1);			# "t[0]"*np[0]*n0
 	&paddq	($car1,$acc0);
 	&movd	($acc1,&DWP(4,$np));		# np[1]
 	&movd	($acc0,&DWP(4,$ap));		# ap[1]
 	&psrlq	($car0,32);
 	&psrlq	($car1,32);
 	&inc	($j);				# j++
 &set_label("1st",16);
 	&pmuludq($acc0,$mul0);			# ap[j]*bp[0]
 	&pmuludq($acc1,$mul1);			# np[j]*m1
 	&paddq	($car0,$acc0);			# +=c0
 	&paddq	($car1,$acc1);			# +=c1
 	&movq	($acc0,$car0);
 	&pand	($acc0,$mask);
 	&movd	($acc1,&DWP(4,$np,$j,4));	# np[j+1]
 	&paddq	($car1,$acc0);			# +=ap[j]*bp[0];
 	&movd	($acc0,&DWP(4,$ap,$j,4));	# ap[j+1]
 	&psrlq	($car0,32);
 	&movd	(&DWP($frame-4,"esp",$j,4),$car1);	# tp[j-1]=
 	&psrlq	($car1,32);
 	&lea	($j,&DWP(1,$j));
 	&cmp	($j,$num);
 	&jl	(&label("1st"));
 	&pmuludq($acc0,$mul0);			# ap[num-1]*bp[0]
 	&pmuludq($acc1,$mul1);			# np[num-1]*m1
 	&paddq	($car0,$acc0);			# +=c0
 	&paddq	($car1,$acc1);			# +=c1
 	&movq	($acc0,$car0);
 	&pand	($acc0,$mask);
 	&paddq	($car1,$acc0);			# +=ap[num-1]*bp[0];
 	&movd	(&DWP($frame-4,"esp",$j,4),$car1);	# tp[num-2]=
 	&psrlq	($car0,32);
 	&psrlq	($car1,32);
 	&paddq	($car1,$car0);
 	&movq	(&QWP($frame,"esp",$num,4),$car1);	# tp[num].tp[num-1]
 	&inc	($i);				# i++
 &set_label("outer");
 	&xor	($j,$j);			# j=0
 	&movd	($mul0,&DWP(0,$bp,$i,4));	# bp[i]
 	&movd	($mul1,&DWP(0,$ap));		# ap[0]
 	&movd	($temp,&DWP($frame,"esp"));	# tp[0]
 	&movd	($car1,&DWP(0,$np));		# np[0]
 	&pmuludq($mul1,$mul0);			# ap[0]*bp[i]
 	&paddq	($mul1,$temp);			# +=tp[0]
 	&movq	($acc0,$mul1);
 	&movq	($car0,$mul1);
 	&pand	($acc0,$mask);
 	&pmuludq($mul1,$_n0q);			# *=n0
 	&pmuludq($car1,$mul1);
 	&paddq	($car1,$acc0);
 	&movd	($temp,&DWP($frame+4,"esp"));	# tp[1]
 	&movd	($acc1,&DWP(4,$np));		# np[1]
 	&movd	($acc0,&DWP(4,$ap));		# ap[1]
 	&psrlq	($car0,32);
 	&psrlq	($car1,32);
 	&paddq	($car0,$temp);			# +=tp[1]
 	&inc	($j);				# j++
 	&dec	($num);
 &set_label("inner");
 	&pmuludq($acc0,$mul0);			# ap[j]*bp[i]
 	&pmuludq($acc1,$mul1);			# np[j]*m1
 	&paddq	($car0,$acc0);			# +=c0
 	&paddq	($car1,$acc1);			# +=c1
 	&movq	($acc0,$car0);
 	&movd	($temp,&DWP($frame+4,"esp",$j,4));# tp[j+1]
 	&pand	($acc0,$mask);
 	&movd	($acc1,&DWP(4,$np,$j,4));	# np[j+1]
 	&paddq	($car1,$acc0);			# +=ap[j]*bp[i]+tp[j]
 	&movd	($acc0,&DWP(4,$ap,$j,4));	# ap[j+1]
 	&psrlq	($car0,32);
 	&movd	(&DWP($frame-4,"esp",$j,4),$car1);# tp[j-1]=
 	&psrlq	($car1,32);
 	&paddq	($car0,$temp);			# +=tp[j+1]
 	&dec	($num);
 	&lea	($j,&DWP(1,$j));		# j++
 	&jnz	(&label("inner"));
 	&mov	($num,$j);
 	&pmuludq($acc0,$mul0);			# ap[num-1]*bp[i]
 	&pmuludq($acc1,$mul1);			# np[num-1]*m1
 	&paddq	($car0,$acc0);			# +=c0
 	&paddq	($car1,$acc1);			# +=c1
 	&movq	($acc0,$car0);
 	&pand	($acc0,$mask);
 	&paddq	($car1,$acc0);			# +=ap[num-1]*bp[i]+tp[num-1]
 	&movd	(&DWP($frame-4,"esp",$j,4),$car1);	# tp[num-2]=
 	&psrlq	($car0,32);
 	&psrlq	($car1,32);
 	&movd	($temp,&DWP($frame+4,"esp",$num,4));	# += tp[num]
 	&paddq	($car1,$car0);
 	&paddq	($car1,$temp);
 	&movq	(&QWP($frame,"esp",$num,4),$car1);	# tp[num].tp[num-1]
 	&lea	($i,&DWP(1,$i));		# i++
 	&cmp	($i,$num);
 	&jle	(&label("outer"));
 	&emms	();				# done with mmx bank
 	&jmp	(&label("common_tail"));
 &set_label("non_sse2",16);
 }
 if (0) {
 	&mov	("esp",$_sp);
 	&xor	("eax","eax");	# signal "not fast enough [yet]"
 	&jmp	(&label("just_leave"));
 	# While the below code provides competitive performance for
 	# all key lengthes on modern Intel cores, it's still more
 	# than 10% slower for 4096-bit key elsewhere:-( "Competitive"
 	# means compared to the original integer-only assembler.
 	# 512-bit RSA sign is better by ~40%, but that's about all
 	# one can say about all CPUs...
 } else {
 $inp="esi";	# integer path uses these registers differently
 $word="edi";
 $carry="ebp";
 	&mov	($inp,$_ap);
 	&lea	($carry,&DWP(1,$num));
 	&mov	($word,$_bp);
 	&xor	($j,$j);				# j=0
 	&mov	("edx",$inp);
 	&and	($carry,1);				# see if num is even
 	&sub	("edx",$word);				# see if ap==bp
 	&lea	("eax",&DWP(4,$word,$num,4));		# &bp[num]
 	&or	($carry,"edx");
 	&mov	($word,&DWP(0,$word));			# bp[0]
 	&jz	(&label("bn_sqr_mont"));
 	&mov	($_bpend,"eax");
 	&mov	("eax",&DWP(0,$inp));
 	&xor	("edx","edx");
 &set_label("mull",16);
 	&mov	($carry,"edx");
 	&mul	($word);				# ap[j]*bp[0]
 	&add	($carry,"eax");
 	&lea	($j,&DWP(1,$j));
 	&adc	("edx",0);
 	&mov	("eax",&DWP(0,$inp,$j,4));		# ap[j+1]
 	&cmp	($j,$num);
 	&mov	(&DWP($frame-4,"esp",$j,4),$carry);	# tp[j]=
 	&jl	(&label("mull"));
 	&mov	($carry,"edx");
 	&mul	($word);				# ap[num-1]*bp[0]
 	 &mov	($word,$_n0);
 	&add	("eax",$carry);
 	 &mov	($inp,$_np);
 	&adc	("edx",0);
 	 &imul	($word,&DWP($frame,"esp"));		# n0*tp[0]
 	&mov	(&DWP($frame,"esp",$num,4),"eax");	# tp[num-1]=
 	&xor	($j,$j);
 	&mov	(&DWP($frame+4,"esp",$num,4),"edx");	# tp[num]=
 	&mov	(&DWP($frame+8,"esp",$num,4),$j);	# tp[num+1]=
 	&mov	("eax",&DWP(0,$inp));			# np[0]
 	&mul	($word);				# np[0]*m
 	&add	("eax",&DWP($frame,"esp"));		# +=tp[0]
 	&mov	("eax",&DWP(4,$inp));			# np[1]
 	&adc	("edx",0);
 	&inc	($j);
 	&jmp	(&label("2ndmadd"));
 &set_label("1stmadd",16);
 	&mov	($carry,"edx");
 	&mul	($word);				# ap[j]*bp[i]
 	&add	($carry,&DWP($frame,"esp",$j,4));	# +=tp[j]
 	&lea	($j,&DWP(1,$j));
 	&adc	("edx",0);
 	&add	($carry,"eax");
 	&mov	("eax",&DWP(0,$inp,$j,4));		# ap[j+1]
 	&adc	("edx",0);
 	&cmp	($j,$num);
 	&mov	(&DWP($frame-4,"esp",$j,4),$carry);	# tp[j]=
 	&jl	(&label("1stmadd"));
 	&mov	($carry,"edx");
 	&mul	($word);				# ap[num-1]*bp[i]
 	&add	("eax",&DWP($frame,"esp",$num,4));	# +=tp[num-1]
 	 &mov	($word,$_n0);
 	&adc	("edx",0);
 	 &mov	($inp,$_np);
 	&add	($carry,"eax");
 	&adc	("edx",0);
 	 &imul	($word,&DWP($frame,"esp"));		# n0*tp[0]
 	&xor	($j,$j);
 	&add	("edx",&DWP($frame+4,"esp",$num,4));	# carry+=tp[num]
 	&mov	(&DWP($frame,"esp",$num,4),$carry);	# tp[num-1]=
 	&adc	($j,0);
 	 &mov	("eax",&DWP(0,$inp));			# np[0]
 	&mov	(&DWP($frame+4,"esp",$num,4),"edx");	# tp[num]=
 	&mov	(&DWP($frame+8,"esp",$num,4),$j);	# tp[num+1]=
 	&mul	($word);				# np[0]*m
 	&add	("eax",&DWP($frame,"esp"));		# +=tp[0]
 	&mov	("eax",&DWP(4,$inp));			# np[1]
 	&adc	("edx",0);
 	&mov	($j,1);
 &set_label("2ndmadd",16);
 	&mov	($carry,"edx");
 	&mul	($word);				# np[j]*m
 	&add	($carry,&DWP($frame,"esp",$j,4));	# +=tp[j]
 	&lea	($j,&DWP(1,$j));
 	&adc	("edx",0);
 	&add	($carry,"eax");
 	&mov	("eax",&DWP(0,$inp,$j,4));		# np[j+1]
 	&adc	("edx",0);
 	&cmp	($j,$num);
 	&mov	(&DWP($frame-8,"esp",$j,4),$carry);	# tp[j-1]=
 	&jl	(&label("2ndmadd"));
 	&mov	($carry,"edx");
 	&mul	($word);				# np[j]*m
 	&add	($carry,&DWP($frame,"esp",$num,4));	# +=tp[num-1]
 	&adc	("edx",0);
 	&add	($carry,"eax");
 	&adc	("edx",0);
 	&mov	(&DWP($frame-4,"esp",$num,4),$carry);	# tp[num-2]=
 	&xor	("eax","eax");
 	 &mov	($j,$_bp);				# &bp[i]
 	&add	("edx",&DWP($frame+4,"esp",$num,4));	# carry+=tp[num]
 	&adc	("eax",&DWP($frame+8,"esp",$num,4));	# +=tp[num+1]
 	 &lea	($j,&DWP(4,$j));
 	&mov	(&DWP($frame,"esp",$num,4),"edx");	# tp[num-1]=
 	 &cmp	($j,$_bpend);
 	&mov	(&DWP($frame+4,"esp",$num,4),"eax");	# tp[num]=
 	&je	(&label("common_tail"));
 	&mov	($word,&DWP(0,$j));			# bp[i+1]
 	&mov	($inp,$_ap);
 	&mov	($_bp,$j);				# &bp[++i]
 	&xor	($j,$j);
 	&xor	("edx","edx");
 	&mov	("eax",&DWP(0,$inp));
 	&jmp	(&label("1stmadd"));
 &set_label("bn_sqr_mont",16);
 $sbit=$num;
 	&mov	($_num,$num);
 	&mov	($_bp,$j);				# i=0
 	&mov	("eax",$word);				# ap[0]
 	&mul	($word);				# ap[0]*ap[0]
 	&mov	(&DWP($frame,"esp"),"eax");		# tp[0]=
 	&mov	($sbit,"edx");
 	&shr	("edx",1);
 	&and	($sbit,1);
 	&inc	($j);
 &set_label("sqr",16);
 	&mov	("eax",&DWP(0,$inp,$j,4));		# ap[j]
 	&mov	($carry,"edx");
 	&mul	($word);				# ap[j]*ap[0]
 	&add	("eax",$carry);
 	&lea	($j,&DWP(1,$j));
 	&adc	("edx",0);
 	&lea	($carry,&DWP(0,$sbit,"eax",2));
 	&shr	("eax",31);
 	&cmp	($j,$_num);
 	&mov	($sbit,"eax");
 	&mov	(&DWP($frame-4,"esp",$j,4),$carry);	# tp[j]=
 	&jl	(&label("sqr"));
 	&mov	("eax",&DWP(0,$inp,$j,4));		# ap[num-1]
 	&mov	($carry,"edx");
 	&mul	($word);				# ap[num-1]*ap[0]
 	&add	("eax",$carry);
 	 &mov	($word,$_n0);
 	&adc	("edx",0);
 	 &mov	($inp,$_np);
 	&lea	($carry,&DWP(0,$sbit,"eax",2));
 	 &imul	($word,&DWP($frame,"esp"));		# n0*tp[0]
 	&shr	("eax",31);
 	&mov	(&DWP($frame,"esp",$j,4),$carry);	# tp[num-1]=
 	&lea	($carry,&DWP(0,"eax","edx",2));
 	 &mov	("eax",&DWP(0,$inp));			# np[0]
 	&shr	("edx",31);
 	&mov	(&DWP($frame+4,"esp",$j,4),$carry);	# tp[num]=
 	&mov	(&DWP($frame+8,"esp",$j,4),"edx");	# tp[num+1]=
 	&mul	($word);				# np[0]*m
 	&add	("eax",&DWP($frame,"esp"));		# +=tp[0]
 	&mov	($num,$j);
 	&adc	("edx",0);
 	&mov	("eax",&DWP(4,$inp));			# np[1]
 	&mov	($j,1);
 &set_label("3rdmadd",16);
 	&mov	($carry,"edx");
 	&mul	($word);				# np[j]*m
 	&add	($carry,&DWP($frame,"esp",$j,4));	# +=tp[j]
 	&adc	("edx",0);
 	&add	($carry,"eax");
 	&mov	("eax",&DWP(4,$inp,$j,4));		# np[j+1]
 	&adc	("edx",0);
 	&mov	(&DWP($frame-4,"esp",$j,4),$carry);	# tp[j-1]=
 	&mov	($carry,"edx");
 	&mul	($word);				# np[j+1]*m
 	&add	($carry,&DWP($frame+4,"esp",$j,4));	# +=tp[j+1]
 	&lea	($j,&DWP(2,$j));
 	&adc	("edx",0);
 	&add	($carry,"eax");
 	&mov	("eax",&DWP(0,$inp,$j,4));		# np[j+2]
 	&adc	("edx",0);
 	&cmp	($j,$num);
 	&mov	(&DWP($frame-8,"esp",$j,4),$carry);	# tp[j]=
 	&jl	(&label("3rdmadd"));
 	&mov	($carry,"edx");
 	&mul	($word);				# np[j]*m
 	&add	($carry,&DWP($frame,"esp",$num,4));	# +=tp[num-1]
 	&adc	("edx",0);
 	&add	($carry,"eax");
 	&adc	("edx",0);
 	&mov	(&DWP($frame-4,"esp",$num,4),$carry);	# tp[num-2]=
 	&mov	($j,$_bp);				# i
 	&xor	("eax","eax");
 	&mov	($inp,$_ap);
 	&add	("edx",&DWP($frame+4,"esp",$num,4));	# carry+=tp[num]
 	&adc	("eax",&DWP($frame+8,"esp",$num,4));	# +=tp[num+1]
 	&mov	(&DWP($frame,"esp",$num,4),"edx");	# tp[num-1]=
 	&cmp	($j,$num);
 	&mov	(&DWP($frame+4,"esp",$num,4),"eax");	# tp[num]=
 	&je	(&label("common_tail"));
 	&mov	($word,&DWP(4,$inp,$j,4));		# ap[i]
 	&lea	($j,&DWP(1,$j));
 	&mov	("eax",$word);
 	&mov	($_bp,$j);				# ++i
 	&mul	($word);				# ap[i]*ap[i]
 	&add	("eax",&DWP($frame,"esp",$j,4));	# +=tp[i]
 	&adc	("edx",0);
 	&mov	(&DWP($frame,"esp",$j,4),"eax");	# tp[i]=
 	&xor	($carry,$carry);
 	&cmp	($j,$num);
 	&lea	($j,&DWP(1,$j));
 	&je	(&label("sqrlast"));
 	&mov	($sbit,"edx");				# zaps $num
 	&shr	("edx",1);
 	&and	($sbit,1);
 &set_label("sqradd",16);
 	&mov	("eax",&DWP(0,$inp,$j,4));		# ap[j]
 	&mov	($carry,"edx");
 	&mul	($word);				# ap[j]*ap[i]
 	&add	("eax",$carry);
 	&lea	($carry,&DWP(0,"eax","eax"));
 	&adc	("edx",0);
 	&shr	("eax",31);
 	&add	($carry,&DWP($frame,"esp",$j,4));	# +=tp[j]
 	&lea	($j,&DWP(1,$j));
 	&adc	("eax",0);
 	&add	($carry,$sbit);
 	&adc	("eax",0);
 	&cmp	($j,$_num);
 	&mov	(&DWP($frame-4,"esp",$j,4),$carry);	# tp[j]=
 	&mov	($sbit,"eax");
 	&jle	(&label("sqradd"));
 	&mov	($carry,"edx");
 	&lea	("edx",&DWP(0,$sbit,"edx",2));
 	&shr	($carry,31);
 &set_label("sqrlast");
 	&mov	($word,$_n0);
 	&mov	($inp,$_np);
 	&imul	($word,&DWP($frame,"esp"));		# n0*tp[0]
 	&add	("edx",&DWP($frame,"esp",$j,4));	# +=tp[num]
 	&mov	("eax",&DWP(0,$inp));			# np[0]
 	&adc	($carry,0);
 	&mov	(&DWP($frame,"esp",$j,4),"edx");	# tp[num]=
 	&mov	(&DWP($frame+4,"esp",$j,4),$carry);	# tp[num+1]=
 	&mul	($word);				# np[0]*m
 	&add	("eax",&DWP($frame,"esp"));		# +=tp[0]
 	&lea	($num,&DWP(-1,$j));
 	&adc	("edx",0);
 	&mov	($j,1);
 	&mov	("eax",&DWP(4,$inp));			# np[1]
 	&jmp	(&label("3rdmadd"));
 }
 &set_label("common_tail",16);
 	&mov	($np,$_np);			# load modulus pointer
 	&mov	($rp,$_rp);			# load result pointer
 	&lea	($tp,&DWP($frame,"esp"));	# [$ap and $bp are zapped]
 	&mov	("eax",&DWP(0,$tp));		# tp[0]
 	&mov	($j,$num);			# j=num-1
 	&xor	($i,$i);			# i=0 and clear CF!
 &set_label("sub",16);
 	&sbb	("eax",&DWP(0,$np,$i,4));
 	&mov	(&DWP(0,$rp,$i,4),"eax");	# rp[i]=tp[i]-np[i]
 	&dec	($j);				# doesn't affect CF!
 	&mov	("eax",&DWP(4,$tp,$i,4));	# tp[i+1]
 	&lea	($i,&DWP(1,$i));		# i++
 	&jge	(&label("sub"));
 	&sbb	("eax",0);			# handle upmost overflow bit
 	&and	($tp,"eax");
 	&not	("eax");
 	&mov	($np,$rp);
 	&and	($np,"eax");
 	&or	($tp,$np);			# tp=carry?tp:rp
 &set_label("copy",16);				# copy or in-place refresh
 	&mov	("eax",&DWP(0,$tp,$num,4));
 	&mov	(&DWP(0,$rp,$num,4),"eax");	# rp[i]=tp[i]
 	&mov	(&DWP($frame,"esp",$num,4),$j);	# zap temporary vector
 	&dec	($num);
 	&jge	(&label("copy"));
 	&mov	("esp",$_sp);		# pull saved stack pointer
 	&mov	("eax",1);
 &set_label("just_leave");
 &function_end("bn_mul_mont");
 &asciz("Montgomery Multiplication for x86, CRYPTOGAMS by <appro\@openssl.org>");
 &asm_finish();
--- a/crypto/bn/asm/x86_64-mont.pl
+++ b/crypto/bn/asm/x86_64-mont.pl
@@ -0,0 +1,213 @@
 #!/usr/bin/env perl
 # ====================================================================
 # Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
 # project. The module is, however, dual licensed under OpenSSL and
 # CRYPTOGAMS licenses depending on where you obtain it. For further
 # details see http://www.openssl.org/~appro/cryptogams/.
 # ====================================================================
 # October 2005.
 #
 # Montgomery multiplication routine for x86_64. While it gives modest
 # 9% improvement of rsa4096 sign on Opteron, rsa512 sign runs more
 # than twice, >2x, as fast. Most common rsa1024 sign is improved by
 # respectful 50%. It remains to be seen if loop unrolling and
 # dedicated squaring routine can provide further improvement...
 $output=shift;
 $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
 ( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
 ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
 die "can't locate x86_64-xlate.pl";
 open STDOUT,"| $^X $xlate $output";
 # int bn_mul_mont(
 $rp="%rdi";	# BN_ULONG *rp,
 $ap="%rsi";	# const BN_ULONG *ap,
 $bp="%rdx";	# const BN_ULONG *bp,
 $np="%rcx";	# const BN_ULONG *np,
 $n0="%r8";	# const BN_ULONG *n0,
 $num="%r9";	# int num);
 $lo0="%r10";
 $hi0="%r11";
 $bp="%r12";	# reassign $bp
 $hi1="%r13";
 $i="%r14";
 $j="%r15";
 $m0="%rbx";
 $m1="%rbp";
 $code=<<___;
 .text
 .globl	bn_mul_mont
 .type	bn_mul_mont,\@function,6
 .align	16
 bn_mul_mont:
 	push	%rbx
 	push	%rbp
 	push	%r12
 	push	%r13
 	push	%r14
 	push	%r15
 	lea	2($num),%rax
 	mov	%rsp,%rbp
 	neg	%rax
 	lea	(%rsp,%rax,8),%rsp	# tp=alloca(8*(num+2))
 	and	\$-1024,%rsp		# minimize TLB usage
 	mov	%rbp,8(%rsp,$num,8)	# tp[num+1]=%rsp
 	mov	%rdx,$bp		# $bp reassigned, remember?
 	mov	($n0),$n0		# pull n0[0] value
 	xor	$i,$i			# i=0
 	xor	$j,$j			# j=0
 	mov	($bp),$m0		# m0=bp[0]
 	mov	($ap),%rax
 	mulq	$m0			# ap[0]*bp[0]
 	mov	%rax,$lo0
 	mov	%rdx,$hi0
 	imulq	$n0,%rax		# "tp[0]"*n0
 	mov	%rax,$m1
 	mulq	($np)			# np[0]*m1
 	add	$lo0,%rax		# discarded
 	adc	\$0,%rdx
 	mov	%rdx,$hi1
 	lea	1($j),$j		# j++
 .L1st:
 	mov	($ap,$j,8),%rax
 	mulq	$m0			# ap[j]*bp[0]
 	add	$hi0,%rax
 	adc	\$0,%rdx
 	mov	%rax,$lo0
 	mov	($np,$j,8),%rax
 	mov	%rdx,$hi0
 	mulq	$m1			# np[j]*m1
 	add	$hi1,%rax
 	lea	1($j),$j		# j++
 	adc	\$0,%rdx
 	add	$lo0,%rax		# np[j]*m1+ap[j]*bp[0]
 	adc	\$0,%rdx
 	mov	%rax,-16(%rsp,$j,8)	# tp[j-1]
 	cmp	$num,$j
 	mov	%rdx,$hi1
 	jl	.L1st
 	xor	%rdx,%rdx
 	add	$hi0,$hi1
 	adc	\$0,%rdx
 	mov	$hi1,-8(%rsp,$num,8)
 	mov	%rdx,(%rsp,$num,8)	# store upmost overflow bit
 	lea	1($i),$i		# i++
 .align	4
 .Louter:
 	xor	$j,$j			# j=0
 	mov	($bp,$i,8),$m0		# m0=bp[i]
 	mov	($ap),%rax		# ap[0]
 	mulq	$m0			# ap[0]*bp[i]
 	add	(%rsp),%rax		# ap[0]*bp[i]+tp[0]
 	adc	\$0,%rdx
 	mov	%rax,$lo0
 	mov	%rdx,$hi0
 	imulq	$n0,%rax		# tp[0]*n0
 	mov	%rax,$m1
 	mulq	($np,$j,8)		# np[0]*m1
 	add	$lo0,%rax		# discarded
 	mov	8(%rsp),$lo0		# tp[1]
 	adc	\$0,%rdx
 	mov	%rdx,$hi1
 	lea	1($j),$j		# j++
 .align	4
 .Linner:
 	mov	($ap,$j,8),%rax
 	mulq	$m0			# ap[j]*bp[i]
 	add	$hi0,%rax
 	adc	\$0,%rdx
 	add	%rax,$lo0		# ap[j]*bp[i]+tp[j]
 	mov	($np,$j,8),%rax
 	adc	\$0,%rdx
 	mov	%rdx,$hi0
 	mulq	$m1			# np[j]*m1
 	add	$hi1,%rax
 	lea	1($j),$j		# j++
 	adc	\$0,%rdx
 	add	$lo0,%rax		# np[j]*m1+ap[j]*bp[i]+tp[j]
 	adc	\$0,%rdx
 	mov	(%rsp,$j,8),$lo0
 	cmp	$num,$j
 	mov	%rax,-16(%rsp,$j,8)	# tp[j-1]
 	mov	%rdx,$hi1
 	jl	.Linner
 	xor	%rdx,%rdx
 	add	$hi0,$hi1
 	adc	\$0,%rdx
 	add	$lo0,$hi1		# pull upmost overflow bit
 	adc	\$0,%rdx
 	mov	$hi1,-8(%rsp,$num,8)
 	mov	%rdx,(%rsp,$num,8)	# store upmost overflow bit
 	lea	1($i),$i		# i++
 	cmp	$num,$i
 	jl	.Louter
 	lea	(%rsp),$ap		# borrow ap for tp
 	lea	-1($num),$j		# j=num-1
 	mov	($ap),%rax		# tp[0]
 	xor	$i,$i			# i=0 and clear CF!
 	jmp	.Lsub
 .align	16
 .Lsub:	sbb	($np,$i,8),%rax
 	mov	%rax,($rp,$i,8)		# rp[i]=tp[i]-np[i]
 	dec	$j			# doesn't affect CF!
 	mov	8($ap,$i,8),%rax	# tp[i+1]
 	lea	1($i),$i		# i++
 	jge	.Lsub
 	sbb	\$0,%rax		# handle upmost overflow bit
 	and	%rax,$ap
 	not	%rax
 	mov	$rp,$np
 	and	%rax,$np
 	lea	-1($num),$j
 	or	$np,$ap			# ap=borrow?tp:rp
 .align	16
 .Lcopy:					# copy or in-place refresh
 	mov	($ap,$j,8),%rax
 	mov	%rax,($rp,$j,8)		# rp[i]=tp[i]
 	mov	$i,(%rsp,$j,8)		# zap temporary vector
 	dec	$j
 	jge	.Lcopy
 	mov	8(%rsp,$num,8),%rsp	# restore %rsp
 	mov	\$1,%rax
 	pop	%r15
 	pop	%r14
 	pop	%r13
 	pop	%r12
 	pop	%rbp
 	pop	%rbx
 	ret
 .size	bn_mul_mont,.-bn_mul_mont
 .asciz	"Montgomery Multiplication for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
 ___
 print $code;
 close STDOUT;
--- a/crypto/bn/bn_lcl.h
+++ b/crypto/bn/bn_lcl.h
@@ -481,6 +481,7 @@ BN_ULONG bn_add_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
 	int cl, int dl);
 BN_ULONG bn_sub_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
 	int cl, int dl);
 int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0, int num);
 #ifdef  __cplusplus
 }
--- a/crypto/bn/bn_mont.c
+++ b/crypto/bn/bn_mont.c
@@ -127,6 +127,21 @@ int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
 	{
 	BIGNUM *tmp;
 	int ret=0;
 #if defined(OPENSSL_BN_ASM_MONT) && defined(MONT_WORD)
 	int num = mont->N.top;
 	if (num>1 && a->top==num && b->top==num)
 		{
 		if (bn_wexpand(r,num) == NULL) return(0);
 		if (bn_mul_mont(r->d,a->d,b->d,mont->N.d,&mont->n0,num))
 			{
 			r->neg = a->neg^b->neg;
 			r->top = num;
 			bn_correct_top(r);
 			return(1);
 			}
 		}
 #endif
 	BN_CTX_start(ctx);
 	tmp = BN_CTX_get(ctx);
@@ -284,6 +299,8 @@ int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
 		}
 	for (ri+=4; i<ri; i++)
 		rp[i]=nrp[i], ap[i]=0;
 	bn_correct_top(r);
 	bn_correct_top(ret);
 # else
 	if (bn_wexpand(ret,al) == NULL) goto err;
 	ret->top=al;
--- a/crypto/bn/bn_mul.c
+++ b/crypto/bn/bn_mul.c
@@ -655,16 +655,16 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
 				for (;;)
 					{
 					i/=2;
-					if (i < tna && i < tnb)
+					if (i <= tna && tna == tnb)
 						{
-						bn_mul_part_recursive(&(r[n2]),
+						bn_mul_recursive(&(r[n2]),
 							&(a[n]),&(b[n]),
 							i,tna-i,tnb-i,p);
 						break;
 						}
-					else if (i <= tna && i <= tnb)
+					else if (i < tna || i < tnb)
 						{
-						bn_mul_recursive(&(r[n2]),
+						bn_mul_part_recursive(&(r[n2]),
 							&(a[n]),&(b[n]),
 							i,tna-i,tnb-i,p);
 						break;
--- a/crypto/bn/bn_prime.c
+++ b/crypto/bn/bn_prime.c
@@ -377,14 +377,14 @@ static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,
 static int probable_prime(BIGNUM *rnd, int bits)
 	{
 	int i;
-	BN_ULONG mods[NUMPRIMES];
+	prime_t mods[NUMPRIMES];
 	BN_ULONG delta,maxdelta;
 again:
 	if (!BN_rand(rnd,bits,1,1)) return(0);
 	/* we now have a random number 'rand' to test. */
 	for (i=1; i<NUMPRIMES; i++)
-		mods[i]=BN_mod_word(rnd,(BN_ULONG)primes[i]);
+		mods[i]=(prime_t)BN_mod_word(rnd,(BN_ULONG)primes[i]);
 	maxdelta=BN_MASK2 - primes[NUMPRIMES-1];
 	delta=0;
 	loop: for (i=1; i<NUMPRIMES; i++)
--- a/crypto/bn/bn_prime.h
+++ b/crypto/bn/bn_prime.h
@@ -58,10 +58,12 @@
 #ifndef EIGHT_BIT
 #define NUMPRIMES 2048
 typedef unsigned short prime_t;
 #else
 #define NUMPRIMES 54
 typedef unsigned char prime_t;
 #endif
-static const unsigned int primes[NUMPRIMES]=
+static const prime_t primes[NUMPRIMES]=
 	{
 	   2,   3,   5,   7,  11,  13,  17,  19,
 	  23,  29,  31,  37,  41,  43,  47,  53,
--- a/crypto/bn/bn_prime.pl
+++ b/crypto/bn/bn_prime.pl
@@ -101,10 +101,12 @@ for ($i=0; $i <= $#primes; $i++)
 printf "#ifndef EIGHT_BIT\n";
 printf "#define NUMPRIMES %d\n",$num;
 printf "typedef unsigned short prime_t;\n";
 printf "#else\n";
 printf "#define NUMPRIMES %d\n",$eight;
 printf "typedef unsigned char prime_t;\n";
 printf "#endif\n";
-print "static const unsigned int primes[NUMPRIMES]=\n\t{\n\t";
+print "static const prime_t primes[NUMPRIMES]=\n\t{\n\t";
 $init=0;
 for ($i=0; $i <= $#primes; $i++)
 	{
--- a/crypto/cryptlib.c
+++ b/crypto/cryptlib.c
@@ -270,7 +270,7 @@ int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file,
 #if	defined(__i386)   || defined(__i386__)   || defined(_M_IX86) || \
 	defined(__INTEL__) || \
-	defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64)
+	defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64)
 unsigned long  OPENSSL_ia32cap_P=0;
 unsigned long *OPENSSL_ia32cap_loc(void) { return &OPENSSL_ia32cap_P; }
@@ -306,6 +306,62 @@ void OPENSSL_cpuid_setup(void) {}
 #endif
 #if (defined(_WIN32) || defined(__CYGWIN__)) && defined(_WINDLL)
 #ifdef OPENSSL_FIPS
 #include <tlhelp32.h>
 #if defined(__GNUC__) && __GNUC__>=2
 static int DllInit(void) __attribute__((constructor));
 #elif defined(_MSC_VER)
 static int DllInit(void);
 # ifdef _WIN64
 # pragma section(".CRT$XCU",read)
  __declspec(allocate(".CRT$XCU"))
 # else
 # pragma data_seg(".CRT$XCU")
 # endif
  static int (*p)(void) = DllInit;
 # pragma data_seg()
 #endif
 static int DllInit(void)
 {
 #if defined(_WIN32_WINNT)
 	union	{ int(*f)(void); BYTE *p; } t = { DllInit };
        HANDLE	hModuleSnap = INVALID_HANDLE_VALUE;
 	IMAGE_DOS_HEADER *dos_header;
 	IMAGE_NT_HEADERS *nt_headers;
 	MODULEENTRY32 me32 = {sizeof(me32)};
 	hModuleSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,0);
 	if (hModuleSnap != INVALID_HANDLE_VALUE &&
 	    Module32First(hModuleSnap,&me32)) do
 		{
 		if (t.p >= me32.modBaseAddr &&
 		    t.p <  me32.modBaseAddr+me32.modBaseSize)
 			{
 			dos_header=(IMAGE_DOS_HEADER *)me32.modBaseAddr;
 			if (dos_header->e_magic==IMAGE_DOS_SIGNATURE)
 				{
 				nt_headers=(IMAGE_NT_HEADERS *)
 					((BYTE *)dos_header+dos_header->e_lfanew);
 				if (nt_headers->Signature==IMAGE_NT_SIGNATURE &&
 				    me32.modBaseAddr!=(BYTE*)nt_headers->OptionalHeader.ImageBase)
 					OPENSSL_NONPIC_relocated=1;
 				}
 			break;
 			}
 		} while (Module32Next(hModuleSnap,&me32));
 	if (hModuleSnap != INVALID_HANDLE_VALUE)
 		CloseHandle(hModuleSnap);
 #endif
 	OPENSSL_cpuid_setup();
 	return 0;
 }
 #else
 #ifdef __CYGWIN__
 /* pick DLL_[PROCESS|THREAD]_[ATTACH|DETACH] definitions */
 #include <windows.h>
@@ -349,6 +405,8 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason,
 	}
 #endif
 #endif
 #if defined(_WIN32) && !defined(__CYGWIN__)
 #include <tchar.h>
--- a/crypto/des/Makefile
+++ b/crypto/des/Makefile
@@ -156,7 +156,7 @@ des_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
 des_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 des_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 des_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
-des_enc.o: des_enc.c des_locl.h
+des_enc.o: des_enc.c des_locl.h ncbc_enc.c
 des_lib.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
 des_lib.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 des_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
--- a/crypto/des/des_enc.c
+++ b/crypto/des/des_enc.c
@@ -58,8 +58,6 @@
 #include "des_locl.h"
 #ifndef OPENSSL_FIPS
 void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc)
 	{
 	register DES_LONG l,r,t,u;
@@ -289,8 +287,6 @@ void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1,
 	data[1]=r;
 	}
 #endif
 #ifndef DES_DEFAULT_OPTIONS
 #if !defined(OPENSSL_FIPS_DES_ASM)
--- a/crypto/des/set_key.c
+++ b/crypto/des/set_key.c
@@ -63,10 +63,9 @@
 * 1.1 added norm_expand_bits
 * 1.0 First working version
 */
 #include <openssl/fips.h>
 #include "des_locl.h"
 #ifndef OPENSSL_FIPS
 OPENSSL_IMPLEMENT_GLOBAL(int,DES_check_key);	/* defaults to false */
 static const unsigned char odd_parity[256]={
@@ -117,7 +116,7 @@ int DES_check_key_parity(const_DES_cblock *key)
 * (and actual cblock values).
 */
 #define NUM_WEAK_KEY	16
-static DES_cblock weak_keys[NUM_WEAK_KEY]={
+static const DES_cblock weak_keys[NUM_WEAK_KEY]={
 	/* weak keys */
 	{0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01},
 	{0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE},
@@ -351,6 +350,10 @@ void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule)
 	k = &schedule->ks->deslong[0];
 	in = &(*key)[0];
 #ifdef OPENSSL_FIPS
 	FIPS_selftest_check();
 #endif
 	c2l(in,c);
 	c2l(in,d);
@@ -408,4 +411,3 @@ void des_fixup_key_parity(des_cblock *key)
 	}
 */
 #endif
--- a/crypto/dh/dh.h
+++ b/crypto/dh/dh.h
@@ -77,6 +77,8 @@
 # define OPENSSL_DH_MAX_MODULUS_BITS	10000
 #endif
 #define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024
 #define DH_FLAG_CACHE_MONT_P     0x01
 #define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH
                                       * implementation now uses constant time
@@ -233,6 +235,7 @@ void ERR_load_DH_strings(void);
 /* Reason codes. */
 #define DH_R_BAD_GENERATOR				 101
 #define DH_R_INVALID_PUBKEY				 102
 #define DH_R_KEY_SIZE_TOO_SMALL				 104
 #define DH_R_MODULUS_TOO_LARGE				 103
 #define DH_R_NO_PRIVATE_VALUE				 100
--- a/crypto/dh/dh_err.c
+++ b/crypto/dh/dh_err.c
@@ -1,6 +1,6 @@
 /* crypto/dh/dh_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -87,6 +87,7 @@ static ERR_STRING_DATA DH_str_reasons[]=
 	{
 {ERR_REASON(DH_R_BAD_GENERATOR)          ,"bad generator"},
 {ERR_REASON(DH_R_INVALID_PUBKEY)         ,"invalid public key"},
 {ERR_REASON(DH_R_KEY_SIZE_TOO_SMALL)     ,"key size too small"},
 {ERR_REASON(DH_R_MODULUS_TOO_LARGE)      ,"modulus too large"},
 {ERR_REASON(DH_R_NO_PRIVATE_VALUE)       ,"no private value"},
 {0,NULL}
--- a/crypto/dsa/Makefile
+++ b/crypto/dsa/Makefile
@@ -80,8 +80,8 @@ dsa_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
 dsa_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 dsa_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 dsa_asn1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-dsa_asn1.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dsa_asn1.o: ../../include/openssl/err.h ../../include/openssl/fips.h
-dsa_asn1.o: ../../include/openssl/opensslconf.h
+dsa_asn1.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 dsa_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 dsa_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 dsa_asn1.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_asn1.c
--- a/crypto/dsa/dsa.h
+++ b/crypto/dsa/dsa.h
@@ -88,6 +88,8 @@
 # define OPENSSL_DSA_MAX_MODULUS_BITS	10000
 #endif
 #define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024
 #define DSA_FLAG_CACHE_MONT_P	0x01
 #define DSA_FLAG_NO_EXP_CONSTTIME       0x02 /* new with 0.9.7h; the built-in DSA
                                              * implementation now uses constant time
@@ -290,8 +292,11 @@ void ERR_load_DSA_strings(void);
 #define DSA_F_D2I_DSA_SIG				 110
 #define DSA_F_DSAPARAMS_PRINT				 100
 #define DSA_F_DSAPARAMS_PRINT_FP			 101
 #define DSA_F_DSA_BUILTIN_KEYGEN			 119
 #define DSA_F_DSA_BUILTIN_PARAMGEN			 118
 #define DSA_F_DSA_DO_SIGN				 112
 #define DSA_F_DSA_DO_VERIFY				 113
 #define DSA_F_DSA_GENERATE_PARAMETERS			 117
 #define DSA_F_DSA_NEW_METHOD				 103
 #define DSA_F_DSA_PRINT					 104
 #define DSA_F_DSA_PRINT_FP				 105
@@ -307,6 +312,7 @@ void ERR_load_DSA_strings(void);
 /* Reason codes. */
 #define DSA_R_BAD_Q_VALUE				 102
 #define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE		 100
 #define DSA_R_KEY_SIZE_TOO_SMALL			 106
 #define DSA_R_MISSING_PARAMETERS			 101
 #define DSA_R_MODULUS_TOO_LARGE				 103
 #define DSA_R_NON_FIPS_METHOD				 104
--- a/crypto/dsa/dsa_err.c
+++ b/crypto/dsa/dsa_err.c
@@ -73,8 +73,11 @@ static ERR_STRING_DATA DSA_str_functs[]=
 {ERR_FUNC(DSA_F_D2I_DSA_SIG),	"d2i_DSA_SIG"},
 {ERR_FUNC(DSA_F_DSAPARAMS_PRINT),	"DSAparams_print"},
 {ERR_FUNC(DSA_F_DSAPARAMS_PRINT_FP),	"DSAparams_print_fp"},
 {ERR_FUNC(DSA_F_DSA_BUILTIN_KEYGEN),	"DSA_BUILTIN_KEYGEN"},
 {ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN),	"DSA_BUILTIN_PARAMGEN"},
 {ERR_FUNC(DSA_F_DSA_DO_SIGN),	"DSA_do_sign"},
 {ERR_FUNC(DSA_F_DSA_DO_VERIFY),	"DSA_do_verify"},
 {ERR_FUNC(DSA_F_DSA_GENERATE_PARAMETERS),	"DSA_generate_parameters"},
 {ERR_FUNC(DSA_F_DSA_NEW_METHOD),	"DSA_new_method"},
 {ERR_FUNC(DSA_F_DSA_PRINT),	"DSA_print"},
 {ERR_FUNC(DSA_F_DSA_PRINT_FP),	"DSA_print_fp"},
@@ -93,6 +96,7 @@ static ERR_STRING_DATA DSA_str_reasons[]=
 	{
 {ERR_REASON(DSA_R_BAD_Q_VALUE)           ,"bad q value"},
 {ERR_REASON(DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"},
 {ERR_REASON(DSA_R_KEY_SIZE_TOO_SMALL)    ,"key size too small"},
 {ERR_REASON(DSA_R_MISSING_PARAMETERS)    ,"missing parameters"},
 {ERR_REASON(DSA_R_MODULUS_TOO_LARGE)     ,"modulus too large"},
 {ERR_REASON(DSA_R_NON_FIPS_METHOD)       ,"non fips method"},
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -119,13 +119,20 @@ static int dsa_builtin_paramgen(DSA *ret, int bits,
 	if (bits < 512) bits=512;
 	bits=(bits+63)/64*64;
-	if (seed_len < 20)
+	/* NB: seed_len == 0 is special case: copy generated seed to
 	 * seed_in if it is not NULL.
 	 */
 	if (seed_len && (seed_len < 20))
 		seed_in = NULL; /* seed buffer too small -- ignore */
 	if (seed_len > 20) 
 		seed_len = 20; /* App. 2.2 of FIPS PUB 186 allows larger SEED,
 		                * but our internal buffers are restricted to 160 bits*/
 	if ((seed_in != NULL) && (seed_len == 20))
 		{
 		memcpy(seed,seed_in,seed_len);
 		/* set seed_in to NULL to avoid it being copied back */
 		seed_in = NULL;
 		}
 	if ((ctx=BN_CTX_new()) == NULL) goto err;
@@ -302,7 +309,7 @@ err:
 			ok=0;
 			goto err;
 			}
-		if ((m > 1) && (seed_in != NULL)) memcpy(seed_in,seed,20);
+		if (seed_in != NULL) memcpy(seed_in,seed,20);
 		if (counter_ret != NULL) *counter_ret=counter;
 		if (h_ret != NULL) *h_ret=h;
 		}
--- a/crypto/err/err_str.c
+++ b/crypto/err/err_str.c
@@ -223,7 +223,7 @@ static ERR_STRING_DATA SYS_str_reasons[NUM_SYS_STR_REASONS + 1];
 * others will be displayed numerically by ERR_error_string.
 * It is crucial that we have something for each reason code
 * that occurs in ERR_str_reasons, or bogus reason strings
- * will be returned for SYSerr(), which always gets an errno
+ * will be returned for SYSerr, which always gets an errno
 * value and never one of those 'standard' reason codes. */
 static void build_SYS_str_reasons(void)
--- a/crypto/err/openssl.ec
+++ b/crypto/err/openssl.ec
@@ -31,7 +31,7 @@ L COMP		crypto/comp/comp.h		crypto/comp/comp_err.c
 L ECDSA		crypto/ecdsa/ecdsa.h		crypto/ecdsa/ecs_err.c
 L ECDH		crypto/ecdh/ecdh.h		crypto/ecdh/ech_err.c
 L STORE		crypto/store/store.h		crypto/store/str_err.c
-L FIPS		fips-1.0/fips.h			crypto/fips_err.h
+L FIPS		fips/fips.h			crypto/fips_err.h
 # additional header files to be scanned for function names
 L NONE		crypto/x509/x509_vfy.h		NONE
--- a/crypto/evp/Makefile
+++ b/crypto/evp/Makefile
@@ -293,7 +293,15 @@ e_rc5.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 e_rc5.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 e_rc5.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 e_rc5.o: ../../include/openssl/symhacks.h ../cryptlib.h e_rc5.c
-e_seed.o: ../../include/openssl/opensslconf.h e_seed.c
+e_seed.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 e_seed.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 e_seed.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 e_seed.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
 e_seed.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 e_seed.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 e_seed.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 e_seed.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 e_seed.o: e_seed.c
 e_xcbc_d.o: ../../e_os.h ../../include/openssl/asn1.h
 e_xcbc_d.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 e_xcbc_d.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
@@ -306,6 +314,17 @@ e_xcbc_d.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 e_xcbc_d.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 e_xcbc_d.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
 e_xcbc_d.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_xcbc_d.c
 enc_min.o: ../../e_os.h ../../include/openssl/asn1.h
 enc_min.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 enc_min.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 enc_min.o: ../../include/openssl/engine.h ../../include/openssl/err.h
 enc_min.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
 enc_min.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 enc_min.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 enc_min.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 enc_min.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
 enc_min.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 enc_min.o: ../cryptlib.h enc_min.c evp_locl.h
 encode.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 encode.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 encode.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
@@ -325,6 +344,21 @@ evp_acnf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 evp_acnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 evp_acnf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 evp_acnf.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_acnf.c
 evp_cnf.o: ../../e_os.h ../../include/openssl/asn1.h
 evp_cnf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 evp_cnf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 evp_cnf.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
 evp_cnf.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 evp_cnf.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
 evp_cnf.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
 evp_cnf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 evp_cnf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 evp_cnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 evp_cnf.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 evp_cnf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 evp_cnf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 evp_cnf.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
 evp_cnf.o: ../cryptlib.h evp_cnf.c
 evp_enc.o: ../../e_os.h ../../include/openssl/asn1.h
 evp_enc.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 evp_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
--- a/crypto/evp/dig_eng.c
+++ b/crypto/evp/dig_eng.c
@@ -135,7 +135,7 @@ static int do_evp_md_engine_full(EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *
 			{
 			if (!ENGINE_init(impl))
 				{
-				EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_INITIALIZATION_ERROR);
+				EVPerr(EVP_F_DO_EVP_MD_ENGINE_FULL,EVP_R_INITIALIZATION_ERROR);
 				return 0;
 				}
 			}
@@ -149,7 +149,7 @@ static int do_evp_md_engine_full(EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *
 			if(!d)
 				{
 				/* Same comment from evp_enc.c */
-				EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_INITIALIZATION_ERROR);
+				EVPerr(EVP_F_DO_EVP_MD_ENGINE_FULL,EVP_R_INITIALIZATION_ERROR);
 				return 0;
 				}
 			/* We'll use the ENGINE's private digest definition */
@@ -165,7 +165,7 @@ static int do_evp_md_engine_full(EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *
 	else
 	if(!ctx->digest)
 		{
-		EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_NO_DIGEST_SET);
+		EVPerr(EVP_F_DO_EVP_MD_ENGINE_FULL,EVP_R_NO_DIGEST_SET);
 		return 0;
 		}
 	return 1;
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -120,9 +120,6 @@
 void EVP_MD_CTX_init(EVP_MD_CTX *ctx)
 	{
 #ifdef OPENSSL_FIPS
 	FIPS_selftest_check();
 #endif
 	memset(ctx,'\0',sizeof *ctx);
 	}
@@ -222,7 +219,7 @@ static int do_evp_md_engine(EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl)
 			{
 			if (!ENGINE_init(impl))
 				{
-				EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_INITIALIZATION_ERROR);
+				EVPerr(EVP_F_DO_EVP_MD_ENGINE,EVP_R_INITIALIZATION_ERROR);
 				return 0;
 				}
 			}
@@ -236,7 +233,7 @@ static int do_evp_md_engine(EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl)
 			if(!d)
 				{
 				/* Same comment from evp_enc.c */
-				EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_INITIALIZATION_ERROR);
+				EVPerr(EVP_F_DO_EVP_MD_ENGINE,EVP_R_INITIALIZATION_ERROR);
 				return 0;
 				}
 			/* We'll use the ENGINE's private digest definition */
@@ -252,7 +249,7 @@ static int do_evp_md_engine(EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl)
 	else
 	if(!ctx->digest)
 		{
-		EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_NO_DIGEST_SET);
+		EVPerr(EVP_F_DO_EVP_MD_ENGINE,EVP_R_NO_DIGEST_SET);
 		return 0;
 		}
 	return 1;
@@ -265,6 +262,14 @@ static int do_evp_md_engine(EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl)
 int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
 	{
 	M_EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
 #ifdef OPENSSL_FIPS
 	if(FIPS_selftest_failed())
 		{
 		FIPSerr(FIPS_F_EVP_DIGESTINIT_EX,FIPS_R_FIPS_SELFTEST_FAILED);
 		ctx->digest = &bad_md;
 		return 0;
 		}
 #endif
 #ifndef OPENSSL_NO_ENGINE
 	/* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
 	 * so this context may already have an ENGINE! Try to avoid releasing
@@ -284,7 +289,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
 			if (!(type->flags & EVP_MD_FLAG_FIPS) 
 			 && !(ctx->flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW))
 				{
-				EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_DISABLED_FOR_FIPS);
+				EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_DISABLED_FOR_FIPS);
 				ctx->digest = &bad_md;
 				return 0;
 				}
@@ -305,6 +310,9 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
 int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data,
 	     size_t count)
 	{
 #ifdef OPENSSL_FIPS
 	FIPS_selftest_check();
 #endif
 	return ctx->digest->update(ctx,data,count);
 	}
@@ -321,6 +329,9 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
 int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
 	{
 	int ret;
 #ifdef OPENSSL_FIPS
 	FIPS_selftest_check();
 #endif
 	OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
 	ret=ctx->digest->final(ctx,md);
--- a/crypto/evp/enc_min.c
+++ b/crypto/evp/enc_min.c
@@ -152,7 +152,7 @@ static int do_evp_enc_engine(EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pcipher, EN
 		{
 		if (!ENGINE_init(impl))
 			{
-			EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
+			EVPerr(EVP_F_DO_EVP_ENC_ENGINE, EVP_R_INITIALIZATION_ERROR);
 			return 0;
 			}
 		}
@@ -169,7 +169,7 @@ static int do_evp_enc_engine(EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pcipher, EN
 			 * control history, is that we should at least
 			 * be able to avoid using US mispellings of
 			 * "initialisation"? */
-			EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
+			EVPerr(EVP_F_DO_EVP_ENC_ENGINE, EVP_R_INITIALIZATION_ERROR);
 			return 0;
 			}
 		/* We'll use the ENGINE's private cipher definition */
@@ -199,6 +199,14 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
 			enc = 1;
 		ctx->encrypt = enc;
 		}
 #ifdef OPENSSL_NO_FIPS
 	if(FIPS_selftest_failed())
 		{
 		FIPSerr(FIPS_F_EVP_CIPHERINIT_EX,FIPS_R_FIPS_SELFTEST_FAILED);
 		ctx->cipher = &bad_cipher;
 		return 0;
 		}
 #endif
 #ifndef OPENSSL_NO_ENGINE
 	/* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
 	 * so this context may already have an ENGINE! Try to avoid releasing
@@ -295,7 +303,7 @@ skip_to_init:
 		if (!(ctx->cipher->flags & EVP_CIPH_FLAG_FIPS)
 			& !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW))
 			{
-			EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_DISABLED_FOR_FIPS);
+			EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_DISABLED_FOR_FIPS);
 #if 0
 			ERR_add_error_data(2, "cipher=",
 						EVP_CIPHER_name(ctx->cipher));
@@ -339,6 +347,9 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
 int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl)
 	{
 #ifdef OPENSSL_FIPS
 	FIPS_selftest_check();
 #endif
 	return ctx->cipher->do_cipher(ctx,out,in,inl);
 	}
--- a/crypto/evp/evp.h
+++ b/crypto/evp/evp.h
@@ -956,6 +956,10 @@ void ERR_load_EVP_strings(void);
 #define EVP_F_ALG_MODULE_INIT				 138
 #define EVP_F_CAMELLIA_INIT_KEY				 159
 #define EVP_F_D2I_PKEY					 100
 #define EVP_F_DO_EVP_ENC_ENGINE				 140
 #define EVP_F_DO_EVP_ENC_ENGINE_FULL			 141
 #define EVP_F_DO_EVP_MD_ENGINE				 139
 #define EVP_F_DO_EVP_MD_ENGINE_FULL			 142
 #define EVP_F_DSAPKEY2PKCS8				 134
 #define EVP_F_DSA_PKEY2PKCS8				 135
 #define EVP_F_ECDSA_PKEY2PKCS8				 129
@@ -1032,6 +1036,7 @@ void ERR_load_EVP_strings(void);
 #define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED		 105
 #define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE			 117
 #define EVP_R_PUBLIC_KEY_NOT_RSA			 106
 #define EVP_R_SEED_KEY_SETUP_FAILED			 162
 #define EVP_R_UNKNOWN_OPTION				 149
 #define EVP_R_UNKNOWN_PBE_ALGORITHM			 121
 #define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS		 135
@@ -1044,7 +1049,6 @@ void ERR_load_EVP_strings(void);
 #define EVP_R_UNSUPPORTED_SALT_TYPE			 126
 #define EVP_R_WRONG_FINAL_BLOCK_LENGTH			 109
 #define EVP_R_WRONG_PUBLIC_KEY_TYPE			 110
 #define EVP_R_SEED_KEY_SETUP_FAILED			 162
 #ifdef  __cplusplus
 }
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -66,6 +66,14 @@
 #endif
 #include "evp_locl.h"
 #ifdef OPENSSL_FIPS
 	#define M_do_cipher(ctx, out, in, inl) \
 		EVP_Cipher(ctx,out,in,inl)
 #else
 	#define M_do_cipher(ctx, out, in, inl) \
 		ctx->cipher->do_cipher(ctx,out,in,inl)
 #endif
 const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT;
 EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void)
@@ -138,7 +146,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
 	OPENSSL_assert(inl > 0);
 	if(ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0)
 		{
-		if(ctx->cipher->do_cipher(ctx,out,in,inl))
+		if(M_do_cipher(ctx,out,in,inl))
 			{
 			*outl=inl;
 			return 1;
@@ -165,7 +173,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
 			{
 			j=bl-i;
 			memcpy(&(ctx->buf[i]),in,j);
-			if(!ctx->cipher->do_cipher(ctx,out,ctx->buf,bl)) return 0;
+			if(!M_do_cipher(ctx,out,ctx->buf,bl)) return 0;
 			inl-=j;
 			in+=j;
 			out+=bl;
@@ -178,7 +186,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
 	inl-=i;
 	if (inl > 0)
 		{
-		if(!ctx->cipher->do_cipher(ctx,out,in,inl)) return 0;
+		if(!M_do_cipher(ctx,out,in,inl)) return 0;
 		*outl+=inl;
 		}
@@ -222,7 +230,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 	n=b-bl;
 	for (i=bl; i<b; i++)
 		ctx->buf[i]=n;
-	ret=ctx->cipher->do_cipher(ctx,out,ctx->buf,b);
+	ret=M_do_cipher(ctx,out,ctx->buf,b);
 	if(ret)
@@ -384,7 +392,7 @@ static int do_evp_enc_engine_full(EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pciphe
 		{
 		if (!ENGINE_init(impl))
 			{
-			EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
+			EVPerr(EVP_F_DO_EVP_ENC_ENGINE_FULL, EVP_R_INITIALIZATION_ERROR);
 			return 0;
 			}
 		}
@@ -401,7 +409,7 @@ static int do_evp_enc_engine_full(EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pciphe
 			 * control history, is that we should at least
 			 * be able to avoid using US mispellings of
 			 * "initialisation"? */
-			EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
+			EVPerr(EVP_F_DO_EVP_ENC_ENGINE_FULL, EVP_R_INITIALIZATION_ERROR);
 			return 0;
 			}
 		/* We'll use the ENGINE's private cipher definition */
--- a/crypto/evp/evp_err.c
+++ b/crypto/evp/evp_err.c
@@ -74,6 +74,10 @@ static ERR_STRING_DATA EVP_str_functs[]=
 {ERR_FUNC(EVP_F_ALG_MODULE_INIT),	"ALG_MODULE_INIT"},
 {ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY),	"CAMELLIA_INIT_KEY"},
 {ERR_FUNC(EVP_F_D2I_PKEY),	"D2I_PKEY"},
 {ERR_FUNC(EVP_F_DO_EVP_ENC_ENGINE),	"DO_EVP_ENC_ENGINE"},
 {ERR_FUNC(EVP_F_DO_EVP_ENC_ENGINE_FULL),	"DO_EVP_ENC_ENGINE_FULL"},
 {ERR_FUNC(EVP_F_DO_EVP_MD_ENGINE),	"DO_EVP_MD_ENGINE"},
 {ERR_FUNC(EVP_F_DO_EVP_MD_ENGINE_FULL),	"DO_EVP_MD_ENGINE_FULL"},
 {ERR_FUNC(EVP_F_DSAPKEY2PKCS8),	"DSAPKEY2PKCS8"},
 {ERR_FUNC(EVP_F_DSA_PKEY2PKCS8),	"DSA_PKEY2PKCS8"},
 {ERR_FUNC(EVP_F_ECDSA_PKEY2PKCS8),	"ECDSA_PKEY2PKCS8"},
@@ -153,6 +157,7 @@ static ERR_STRING_DATA EVP_str_reasons[]=
 {ERR_REASON(EVP_R_NO_VERIFY_FUNCTION_CONFIGURED),"no verify function configured"},
 {ERR_REASON(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE),"pkcs8 unknown broken type"},
 {ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA)    ,"public key not rsa"},
 {ERR_REASON(EVP_R_SEED_KEY_SETUP_FAILED) ,"seed key setup failed"},
 {ERR_REASON(EVP_R_UNKNOWN_OPTION)        ,"unknown option"},
 {ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM) ,"unknown pbe algorithm"},
 {ERR_REASON(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS),"unsuported number of rounds"},
--- a/crypto/evp/evp_locl.h
+++ b/crypto/evp/evp_locl.h
@@ -92,7 +92,7 @@ static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const uns
 #define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \
 static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \
 {\
-	cprefix##_cfb##cbits##_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\
+	cprefix##_cfb##cbits##_encrypt(in, out, (long)(cbits==1?inl*8:inl), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\
 	return 1;\
 }
--- a/crypto/fips_err.h
+++ b/crypto/fips_err.h
@@ -70,29 +70,31 @@
 static ERR_STRING_DATA FIPS_str_functs[]=
 	{
-{ERR_FUNC(FIPS_F_DH_GENERATE_PARAMETERS),	"DH_generate_parameters"},
+{ERR_FUNC(FIPS_F_DH_BUILTIN_GENPARAMS),	"DH_BUILTIN_GENPARAMS"},
 {ERR_FUNC(FIPS_F_DSA_BUILTIN_PARAMGEN),	"DSA_BUILTIN_PARAMGEN"},
 {ERR_FUNC(FIPS_F_DSA_DO_SIGN),	"DSA_do_sign"},
 {ERR_FUNC(FIPS_F_DSA_DO_VERIFY),	"DSA_do_verify"},
-{ERR_FUNC(FIPS_F_DSA_GENERATE_PARAMETERS),	"DSA_generate_parameters"},
+{ERR_FUNC(FIPS_F_EVP_CIPHERINIT_EX),	"EVP_CipherInit_ex"},
 {ERR_FUNC(FIPS_F_EVP_DIGESTINIT_EX),	"EVP_DigestInit_ex"},
 {ERR_FUNC(FIPS_F_FIPS_CHECK_DSA),	"FIPS_CHECK_DSA"},
-{ERR_FUNC(FIPS_F_FIPS_CHECK_DSO),	"FIPS_CHECK_DSO"},
+{ERR_FUNC(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT),	"FIPS_CHECK_INCORE_FINGERPRINT"},
 {ERR_FUNC(FIPS_F_FIPS_CHECK_EXE),	"FIPS_CHECK_EXE"},
 {ERR_FUNC(FIPS_F_FIPS_CHECK_FINGERPRINT),	"FIPS_CHECK_FINGERPRINT"},
 {ERR_FUNC(FIPS_F_FIPS_CHECK_PK_SIG),	"FIPS_CHECK_PK_SIG"},
 {ERR_FUNC(FIPS_F_FIPS_CHECK_RSA),	"FIPS_CHECK_RSA"},
-{ERR_FUNC(FIPS_F_FIPS_DSA_CHECK),	"FIPS_dsa_check"},
+{ERR_FUNC(FIPS_F_FIPS_DSA_CHECK),	"FIPS_DSA_CHECK"},
 {ERR_FUNC(FIPS_F_FIPS_MODE_SET),	"FIPS_mode_set"},
 {ERR_FUNC(FIPS_F_FIPS_PKEY_SIGNATURE_TEST),	"fips_pkey_signature_test"},
 {ERR_FUNC(FIPS_F_FIPS_SELFTEST_AES),	"FIPS_selftest_aes"},
 {ERR_FUNC(FIPS_F_FIPS_SELFTEST_DES),	"FIPS_selftest_des"},
 {ERR_FUNC(FIPS_F_FIPS_SELFTEST_DSA),	"FIPS_selftest_dsa"},
 {ERR_FUNC(FIPS_F_FIPS_SELFTEST_HMAC),	"FIPS_selftest_hmac"},
 {ERR_FUNC(FIPS_F_FIPS_SELFTEST_RNG),	"FIPS_selftest_rng"},
-{ERR_FUNC(FIPS_F_FIPS_SELFTEST_RSA),	"FIPS_selftest_rsa"},
+{ERR_FUNC(FIPS_F_FIPS_SELFTEST_SHA1),	"FIPS_selftest_sha1"},
 {ERR_FUNC(FIPS_F_FIPS_SELFTEST_SHA),	"FIPS_SELFTEST_SHA"},
 {ERR_FUNC(FIPS_F_HASH_FINAL),	"HASH_FINAL"},
 {ERR_FUNC(FIPS_F_RSA_BUILTIN_KEYGEN),	"RSA_BUILTIN_KEYGEN"},
 {ERR_FUNC(FIPS_F_RSA_EAY_PRIVATE_DECRYPT),	"RSA_EAY_PRIVATE_DECRYPT"},
 {ERR_FUNC(FIPS_F_RSA_EAY_PRIVATE_ENCRYPT),	"RSA_EAY_PRIVATE_ENCRYPT"},
 {ERR_FUNC(FIPS_F_RSA_EAY_PUBLIC_DECRYPT),	"RSA_EAY_PUBLIC_DECRYPT"},
 {ERR_FUNC(FIPS_F_RSA_EAY_PUBLIC_ENCRYPT),	"RSA_EAY_PUBLIC_ENCRYPT"},
-{ERR_FUNC(FIPS_F_RSA_GENERATE_KEY),	"RSA_generate_key"},
+{ERR_FUNC(FIPS_F_RSA_X931_GENERATE_KEY_EX),	"RSA_X931_generate_key_ex"},
 {ERR_FUNC(FIPS_F_RSA_X931_GENERATE_KEY),	"RSA_X931_generate_key"},
 {ERR_FUNC(FIPS_F_SSLEAY_RAND_BYTES),	"SSLEAY_RAND_BYTES"},
 {0,NULL}
 	};
--- a/crypto/md32_common.h
+++ b/crypto/md32_common.h
@@ -1,6 +1,6 @@
 /* crypto/md32_common.h */
 /* ====================================================================
- * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -47,10 +47,6 @@
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
 /*
@@ -76,40 +72,27 @@
 *		typedef struct {
 *			...
 *			HASH_LONG	Nl,Nh;
 *			either {
 *			HASH_LONG	data[HASH_LBLOCK];
 *			unsigned char	data[HASH_CBLOCK];
 *			};
 *			unsigned int	num;
 *			...
 *			} HASH_CTX;
 *	data[] vector is expected to be zeroed upon first call to
 *	HASH_UPDATE.
 * HASH_UPDATE
 *	name of "Update" function, implemented here.
 * HASH_TRANSFORM
 *	name of "Transform" function, implemented here.
 * HASH_FINAL
 *	name of "Final" function, implemented here.
 * HASH_BLOCK_HOST_ORDER
 *	name of "block" function treating *aligned* input message
 *	in host byte order, implemented externally.
 * HASH_BLOCK_DATA_ORDER
- *	name of "block" function treating *unaligned* input message
+ *	name of "block" function capable of treating *unaligned* input
- *	in original (data) byte order, implemented externally (it
+ *	message in original (data) byte order, implemented externally.
 *	actually is optional if data and host are of the same
 *	"endianess").
 * HASH_MAKE_STRING
 *	macro convering context variables to an ASCII hash string.
 *
 * Optional macros:
 *
 * B_ENDIAN or L_ENDIAN
 *	defines host byte-order.
 * HASH_LONG_LOG2
 *	defaults to 2 if not states otherwise.
 * HASH_LBLOCK
 *	assumed to be HASH_CBLOCK/4 if not stated otherwise.
 * HASH_BLOCK_DATA_ORDER_ALIGNED
 *	alternative "block" function capable of treating
 *	aligned input message in original (data) order,
 *	implemented externally.
 *
 * MD5 example:
 *
 *	#define DATA_ORDER_IS_LITTLE_ENDIAN
@@ -118,11 +101,9 @@
 *	#define HASH_LONG_LOG2		MD5_LONG_LOG2
 *	#define HASH_CTX		MD5_CTX
 *	#define HASH_CBLOCK		MD5_CBLOCK
 *	#define HASH_LBLOCK		MD5_LBLOCK
 *	#define HASH_UPDATE		MD5_Update
 *	#define HASH_TRANSFORM		MD5_Transform
 *	#define HASH_FINAL		MD5_Final
 *	#define HASH_BLOCK_HOST_ORDER	md5_block_host_order
 *	#define HASH_BLOCK_DATA_ORDER	md5_block_data_order
 *
 *					<appro@fy.chalmers.se>
@@ -152,27 +133,9 @@
 #error "HASH_FINAL must be defined!"
 #endif
 #ifndef HASH_BLOCK_HOST_ORDER
 #error "HASH_BLOCK_HOST_ORDER must be defined!"
 #endif
 #if 0
 /*
 * Moved below as it's required only if HASH_BLOCK_DATA_ORDER_ALIGNED
 * isn't defined.
 */
 #ifndef HASH_BLOCK_DATA_ORDER
 #error "HASH_BLOCK_DATA_ORDER must be defined!"
 #endif
 #endif
 #ifndef HASH_LBLOCK
 #define HASH_LBLOCK	(HASH_CBLOCK/4)
 #endif
 #ifndef HASH_LONG_LOG2
 #define HASH_LONG_LOG2	2
 #endif
 /*
 * Engage compiler specific rotate intrinsic function if available.
@@ -206,7 +169,8 @@
 				: "cc");		\
 			   ret;				\
 			})
-#  elif defined(__powerpc) || defined(__ppc__) || defined(__powerpc64__)
+#  elif defined(_ARCH_PPC) || defined(_ARCH_PPC64) || \
 	defined(__powerpc) || defined(__ppc__) || defined(__powerpc64__)
 #   define ROTATE(a,n)	({ register unsigned int ret;	\
 				asm (			\
 				"rlwinm %0,%1,%2,0,31"	\
@@ -214,80 +178,28 @@
 				: "r"(a), "I"(n));	\
 			   ret;				\
 			})
 #  elif defined(__s390x__)
 #   define ROTATE(a,n) ({ register unsigned int ret;	\
 				asm ("rll %0,%1,%2"	\
 				: "=r"(ret)		\
 				: "r"(a), "I"(n));	\
 			  ret;				\
 			})
 #  endif
 # endif
 #endif /* PEDANTIC */
 #if HASH_LONG_LOG2==2	/* Engage only if sizeof(HASH_LONG)== 4 */
 /* A nice byte order reversal from Wei Dai <weidai@eskimo.com> */
 #ifdef ROTATE
 /* 5 instructions with rotate instruction, else 9 */
 #define REVERSE_FETCH32(a,l)	(					\
 		l=*(const HASH_LONG *)(a),				\
 		((ROTATE(l,8)&0x00FF00FF)|(ROTATE((l&0x00FF00FF),24)))	\
 				)
 #else
 /* 6 instructions with rotate instruction, else 8 */
 #define REVERSE_FETCH32(a,l)	(				\
 		l=*(const HASH_LONG *)(a),			\
 		l=(((l>>8)&0x00FF00FF)|((l&0x00FF00FF)<<8)),	\
 		ROTATE(l,16)					\
 				)
 /*
 * Originally the middle line started with l=(((l&0xFF00FF00)>>8)|...
 * It's rewritten as above for two reasons:
 *	- RISCs aren't good at long constants and have to explicitely
 *	  compose 'em with several (well, usually 2) instructions in a
 *	  register before performing the actual operation and (as you
 *	  already realized:-) having same constant should inspire the
 *	  compiler to permanently allocate the only register for it;
 *	- most modern CPUs have two ALUs, but usually only one has
 *	  circuitry for shifts:-( this minor tweak inspires compiler
 *	  to schedule shift instructions in a better way...
 *
 *				<appro@fy.chalmers.se>
 */
 #endif
 #endif
 #ifndef ROTATE
 #define ROTATE(a,n)     (((a)<<(n))|(((a)&0xffffffff)>>(32-(n))))
 #endif
 /*
 * Make some obvious choices. E.g., HASH_BLOCK_DATA_ORDER_ALIGNED
 * and HASH_BLOCK_HOST_ORDER ought to be the same if input data
 * and host are of the same "endianess". It's possible to mask
 * this with blank #define HASH_BLOCK_DATA_ORDER though...
 *
 *				<appro@fy.chalmers.se>
 */
 #if defined(B_ENDIAN)
 #  if defined(DATA_ORDER_IS_BIG_ENDIAN)
 #    if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED) && HASH_LONG_LOG2==2
 #      define HASH_BLOCK_DATA_ORDER_ALIGNED	HASH_BLOCK_HOST_ORDER
 #    endif
 #  endif
 #elif defined(L_ENDIAN)
 #  if defined(DATA_ORDER_IS_LITTLE_ENDIAN)
 #    if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED) && HASH_LONG_LOG2==2
 #      define HASH_BLOCK_DATA_ORDER_ALIGNED	HASH_BLOCK_HOST_ORDER
 #    endif
 #  endif
 #endif
 #if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED)
 #ifndef HASH_BLOCK_DATA_ORDER
 #error "HASH_BLOCK_DATA_ORDER must be defined!"
 #endif
 #endif
 #if defined(DATA_ORDER_IS_BIG_ENDIAN)
 #ifndef PEDANTIC
 # if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
 #  if ((defined(__i386) || defined(__i386__)) && !defined(I386_ONLY)) || \
      (defined(__x86_64) || defined(__x86_64__))
 #   if !defined(B_ENDIAN)
    /*
     * This gives ~30-40% performance improvement in SHA-256 compiled
     * with gcc [on P4]. Well, first macro to be frank. We can pull
@@ -302,6 +214,11 @@
 				   *((unsigned int *)(c))=r; (c)+=4; r;	})
 #   endif
 #  endif
 # endif
 #endif
 #if defined(__s390__) || defined(__s390x__)
 # define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, (l))
 # define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, (l))
 #endif
 #ifndef HOST_c2l
@@ -311,29 +228,6 @@
 			 l|=(((unsigned long)(*((c)++)))    ),		\
 			 l)
 #endif
 #define HOST_p_c2l(c,l,n)	{					\
 			switch (n) {					\
 			case 0: l =((unsigned long)(*((c)++)))<<24;	\
 			case 1: l|=((unsigned long)(*((c)++)))<<16;	\
 			case 2: l|=((unsigned long)(*((c)++)))<< 8;	\
 			case 3: l|=((unsigned long)(*((c)++)));		\
 				} }
 #define HOST_p_c2l_p(c,l,sc,len) {					\
 			switch (sc) {					\
 			case 0: l =((unsigned long)(*((c)++)))<<24;	\
 				if (--len == 0) break;			\
 			case 1: l|=((unsigned long)(*((c)++)))<<16;	\
 				if (--len == 0) break;			\
 			case 2: l|=((unsigned long)(*((c)++)))<< 8;	\
 				} }
 /* NOTE the pointer is not incremented at the end of this */
 #define HOST_c2l_p(c,l,n)	{					\
 			l=0; (c)+=n;					\
 			switch (n) {					\
 			case 3: l =((unsigned long)(*(--(c))))<< 8;	\
 			case 2: l|=((unsigned long)(*(--(c))))<<16;	\
 			case 1: l|=((unsigned long)(*(--(c))))<<24;	\
 				} }
 #ifndef HOST_l2c
 #define HOST_l2c(l,c)	(*((c)++)=(unsigned char)(((l)>>24)&0xff),	\
 			 *((c)++)=(unsigned char)(((l)>>16)&0xff),	\
@@ -344,6 +238,18 @@
 #elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
 #ifndef PEDANTIC
 # if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
 #  if defined(__s390x__)
 #   define HOST_c2l(c,l)	({ asm ("lrv	%0,0(%1)"		\
 					:"=r"(l) : "r"(c));		\
 				   (c)+=4; (l);				})
 #   define HOST_l2c(l,c)	({ asm ("strv	%0,0(%1)"		\
 					: : "r"(l),"r"(c) : "memory");	\
 				   (c)+=4; (l);				})
 #  endif
 # endif
 #endif
 #if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
 # ifndef B_ENDIAN
   /* See comment in DATA_ORDER_IS_BIG_ENDIAN section. */
@@ -359,29 +265,6 @@
 			 l|=(((unsigned long)(*((c)++)))<<24),		\
 			 l)
 #endif
 #define HOST_p_c2l(c,l,n)	{					\
 			switch (n) {					\
 			case 0: l =((unsigned long)(*((c)++)));		\
 			case 1: l|=((unsigned long)(*((c)++)))<< 8;	\
 			case 2: l|=((unsigned long)(*((c)++)))<<16;	\
 			case 3: l|=((unsigned long)(*((c)++)))<<24;	\
 				} }
 #define HOST_p_c2l_p(c,l,sc,len) {					\
 			switch (sc) {					\
 			case 0: l =((unsigned long)(*((c)++)));		\
 				if (--len == 0) break;			\
 			case 1: l|=((unsigned long)(*((c)++)))<< 8;	\
 				if (--len == 0) break;			\
 			case 2: l|=((unsigned long)(*((c)++)))<<16;	\
 				} }
 /* NOTE the pointer is not incremented at the end of this */
 #define HOST_c2l_p(c,l,n)	{					\
 			l=0; (c)+=n;					\
 			switch (n) {					\
 			case 3: l =((unsigned long)(*(--(c))))<<16;	\
 			case 2: l|=((unsigned long)(*(--(c))))<< 8;	\
 			case 1: l|=((unsigned long)(*(--(c))));		\
 				} }
 #ifndef HOST_l2c
 #define HOST_l2c(l,c)	(*((c)++)=(unsigned char)(((l)    )&0xff),	\
 			 *((c)++)=(unsigned char)(((l)>> 8)&0xff),	\
@@ -399,9 +282,9 @@
 int HASH_UPDATE (HASH_CTX *c, const void *data_, size_t len)
 	{
 	const unsigned char *data=data_;
-	register HASH_LONG * p;
+	unsigned char *p;
-	register HASH_LONG l;
+	HASH_LONG l;
-	size_t sw,sc,ew,ec;
+	size_t n;
 	if (len==0) return 1;
@@ -413,101 +296,43 @@ int HASH_UPDATE (HASH_CTX *c, const void *data_, size_t len)
 	c->Nh+=(len>>29);	/* might cause compiler warning on 16-bit */
 	c->Nl=l;
-	if (c->num != 0)
+	n = c->num;
 	if (n != 0)
 		{
-		p=c->data;
+		p=(unsigned char *)c->data;
 		sw=c->num>>2;
 		sc=c->num&0x03;
-		if ((c->num+len) >= HASH_CBLOCK)
+		if ((n+len) >= HASH_CBLOCK)
 			{
-			l=p[sw]; HOST_p_c2l(data,l,sc); p[sw++]=l;
+			memcpy (p+n,data,HASH_CBLOCK-n);
-			for (; sw<HASH_LBLOCK; sw++)
+			HASH_BLOCK_DATA_ORDER (c,p,1);
-				{
+			n      = HASH_CBLOCK-n;
-				HOST_c2l(data,l); p[sw]=l;
+			data  += n;
-				}
+			len   -= n;
-			HASH_BLOCK_HOST_ORDER (c,p,1);
+			c->num = 0;
-			len-=(HASH_CBLOCK-c->num);
+			memset (p,0,HASH_CBLOCK);	/* keep it zeroed */
 			c->num=0;
 			/* drop through and do the rest */
 			}
 		else
 			{
-			c->num+=(unsigned int)len;
+			memcpy (p+n,data,len);
-			if ((sc+len) < 4) /* ugly, add char's to a word */
+			c->num += (unsigned int)len;
 				{
 				l=p[sw]; HOST_p_c2l_p(data,l,sc,len); p[sw]=l;
 				}
 			else
 				{
 				ew=(c->num>>2);
 				ec=(c->num&0x03);
 				if (sc)
 					l=p[sw];
 				HOST_p_c2l(data,l,sc);
 				p[sw++]=l;
 				for (; sw < ew; sw++)
 					{
 					HOST_c2l(data,l); p[sw]=l;
 					}
 				if (ec)
 					{
 					HOST_c2l_p(data,l,ec); p[sw]=l;
 					}
 				}
 			return 1;
 			}
 		}
-	sw=len/HASH_CBLOCK;
+	n = len/HASH_CBLOCK;
-	if (sw > 0)
+	if (n > 0)
 		{
-#if defined(HASH_BLOCK_DATA_ORDER_ALIGNED)
+		HASH_BLOCK_DATA_ORDER (c,data,n);
-		/*
+		n    *= HASH_CBLOCK;
-		 * Note that HASH_BLOCK_DATA_ORDER_ALIGNED gets defined
+		data += n;
-		 * only if sizeof(HASH_LONG)==4.
+		len  -= n;
 		 */
 		if ((((size_t)data)%4) == 0)
 			{
 			/* data is properly aligned so that we can cast it: */
 			HASH_BLOCK_DATA_ORDER_ALIGNED (c,(const HASH_LONG *)data,sw);
 			sw*=HASH_CBLOCK;
 			data+=sw;
 			len-=sw;
 			}
 		else
 #if !defined(HASH_BLOCK_DATA_ORDER)
 			while (sw--)
 				{
 				memcpy (p=c->data,data,HASH_CBLOCK);
 				HASH_BLOCK_DATA_ORDER_ALIGNED(c,p,1);
 				data+=HASH_CBLOCK;
 				len-=HASH_CBLOCK;
 				}
 #endif
 #endif
 #if defined(HASH_BLOCK_DATA_ORDER)
 			{
 			HASH_BLOCK_DATA_ORDER(c,data,sw);
 			sw*=HASH_CBLOCK;
 			data+=sw;
 			len-=sw;
 			}
 #endif
 		}
-	if (len!=0)
+	if (len != 0)
 		{
-		p = c->data;
+		p = (unsigned char *)c->data;
 		c->num = len;
-		ew=len>>2;	/* words to copy */
+		memcpy (p,data,len);
 		ec=len&0x03;
 		for (; ew; ew--,p++)
 			{
 			HOST_c2l(data,l); *p=l;
 			}
 		HOST_c2l_p(data,l,ec);
 		*p=l;
 		}
 	return 1;
 	}
@@ -515,73 +340,38 @@ int HASH_UPDATE (HASH_CTX *c, const void *data_, size_t len)
 void HASH_TRANSFORM (HASH_CTX *c, const unsigned char *data)
 	{
 #if defined(HASH_BLOCK_DATA_ORDER_ALIGNED)
 	if ((((size_t)data)%4) == 0)
 		/* data is properly aligned so that we can cast it: */
 		HASH_BLOCK_DATA_ORDER_ALIGNED (c,(const HASH_LONG *)data,1);
 	else
 #if !defined(HASH_BLOCK_DATA_ORDER)
 		{
 		memcpy (c->data,data,HASH_CBLOCK);
 		HASH_BLOCK_DATA_ORDER_ALIGNED (c,c->data,1);
 		}
 #endif
 #endif
 #if defined(HASH_BLOCK_DATA_ORDER)
 	HASH_BLOCK_DATA_ORDER (c,data,1);
 #endif
 	}
 int HASH_FINAL (unsigned char *md, HASH_CTX *c)
 	{
-	register HASH_LONG *p;
+	unsigned char *p = (unsigned char *)c->data;
-	register unsigned long l;
+	size_t n = c->num;
 	register int i,j;
 	static const unsigned char end[4]={0x80,0x00,0x00,0x00};
 	const unsigned char *cp=end;
-	/* c->num should definitly have room for at least one more byte. */
+	p[n] = 0x80; /* there is always room for one */
-	p=c->data;
+	n++;
 	i=c->num>>2;
 	j=c->num&0x03;
-#if 0
+	if (n > (HASH_CBLOCK-8))
 	/* purify often complains about the following line as an
 	 * Uninitialized Memory Read.  While this can be true, the
 	 * following p_c2l macro will reset l when that case is true.
 	 * This is because j&0x03 contains the number of 'valid' bytes
 	 * already in p[i].  If and only if j&0x03 == 0, the UMR will
 	 * occur but this is also the only time p_c2l will do
 	 * l= *(cp++) instead of l|= *(cp++)
 	 * Many thanks to Alex Tang <altitude@cic.net> for pickup this
 	 * 'potential bug' */
 #ifdef PURIFY
 	if (j==0) p[i]=0; /* Yeah, but that's not the way to fix it:-) */
 #endif
 	l=p[i];
 #else
 	l = (j==0) ? 0 : p[i];
 #endif
 	HOST_p_c2l(cp,l,j); p[i++]=l; /* i is the next 'undefined word' */
 	if (i>(HASH_LBLOCK-2)) /* save room for Nl and Nh */
 		{
-		if (i<HASH_LBLOCK) p[i]=0;
+		memset (p+n,0,HASH_CBLOCK-n);
-		HASH_BLOCK_HOST_ORDER (c,p,1);
+		n=0;
-		i=0;
+		HASH_BLOCK_DATA_ORDER (c,p,1);
 		}
-	for (; i<(HASH_LBLOCK-2); i++)
+	memset (p+n,0,HASH_CBLOCK-8-n);
 		p[i]=0;
 	p += HASH_CBLOCK-8;
 #if   defined(DATA_ORDER_IS_BIG_ENDIAN)
-	p[HASH_LBLOCK-2]=c->Nh;
+	(void)HOST_l2c(c->Nh,p);
-	p[HASH_LBLOCK-1]=c->Nl;
+	(void)HOST_l2c(c->Nl,p);
 #elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
-	p[HASH_LBLOCK-2]=c->Nl;
+	(void)HOST_l2c(c->Nl,p);
-	p[HASH_LBLOCK-1]=c->Nh;
+	(void)HOST_l2c(c->Nh,p);
 #endif
-	HASH_BLOCK_HOST_ORDER (c,p,1);
+	p -= HASH_CBLOCK;
 	HASH_BLOCK_DATA_ORDER (c,p,1);
 	c->num=0;
 	memset (p,0,HASH_CBLOCK);
 #ifndef HASH_MAKE_STRING
 #error "HASH_MAKE_STRING must be defined!"
@@ -589,11 +379,6 @@ int HASH_FINAL (unsigned char *md, HASH_CTX *c)
 	HASH_MAKE_STRING(c,md);
 #endif
 	c->num=0;
 	/* clear stuff, HASH_BLOCK may be leaving some stuff on the stack
 	 * but I'm not worried :-)
 	OPENSSL_cleanse((void *)c,sizeof(HASH_CTX));
 	 */
 	return 1;
 	}
--- a/crypto/md4/md4_dgst.c
+++ b/crypto/md4/md4_dgst.c
@@ -84,79 +84,6 @@ FIPS_NON_FIPS_MD_Init(MD4)
 	return 1;
 	}
 #ifndef md4_block_host_order
 void md4_block_host_order (MD4_CTX *c, const void *data, size_t num)
 	{
 	const MD4_LONG *X=data;
 	register unsigned MD32_REG_T A,B,C,D;
 	A=c->A;
 	B=c->B;
 	C=c->C;
 	D=c->D;
 	for (;num--;X+=HASH_LBLOCK)
 		{
 	/* Round 0 */
 	R0(A,B,C,D,X[ 0], 3,0);
 	R0(D,A,B,C,X[ 1], 7,0);
 	R0(C,D,A,B,X[ 2],11,0);
 	R0(B,C,D,A,X[ 3],19,0);
 	R0(A,B,C,D,X[ 4], 3,0);
 	R0(D,A,B,C,X[ 5], 7,0);
 	R0(C,D,A,B,X[ 6],11,0);
 	R0(B,C,D,A,X[ 7],19,0);
 	R0(A,B,C,D,X[ 8], 3,0);
 	R0(D,A,B,C,X[ 9], 7,0);
 	R0(C,D,A,B,X[10],11,0);
 	R0(B,C,D,A,X[11],19,0);
 	R0(A,B,C,D,X[12], 3,0);
 	R0(D,A,B,C,X[13], 7,0);
 	R0(C,D,A,B,X[14],11,0);
 	R0(B,C,D,A,X[15],19,0);
 	/* Round 1 */
 	R1(A,B,C,D,X[ 0], 3,0x5A827999L);
 	R1(D,A,B,C,X[ 4], 5,0x5A827999L);
 	R1(C,D,A,B,X[ 8], 9,0x5A827999L);
 	R1(B,C,D,A,X[12],13,0x5A827999L);
 	R1(A,B,C,D,X[ 1], 3,0x5A827999L);
 	R1(D,A,B,C,X[ 5], 5,0x5A827999L);
 	R1(C,D,A,B,X[ 9], 9,0x5A827999L);
 	R1(B,C,D,A,X[13],13,0x5A827999L);
 	R1(A,B,C,D,X[ 2], 3,0x5A827999L);
 	R1(D,A,B,C,X[ 6], 5,0x5A827999L);
 	R1(C,D,A,B,X[10], 9,0x5A827999L);
 	R1(B,C,D,A,X[14],13,0x5A827999L);
 	R1(A,B,C,D,X[ 3], 3,0x5A827999L);
 	R1(D,A,B,C,X[ 7], 5,0x5A827999L);
 	R1(C,D,A,B,X[11], 9,0x5A827999L);
 	R1(B,C,D,A,X[15],13,0x5A827999L);
 	/* Round 2 */
 	R2(A,B,C,D,X[ 0], 3,0x6ED9EBA1);
 	R2(D,A,B,C,X[ 8], 9,0x6ED9EBA1);
 	R2(C,D,A,B,X[ 4],11,0x6ED9EBA1);
 	R2(B,C,D,A,X[12],15,0x6ED9EBA1);
 	R2(A,B,C,D,X[ 2], 3,0x6ED9EBA1);
 	R2(D,A,B,C,X[10], 9,0x6ED9EBA1);
 	R2(C,D,A,B,X[ 6],11,0x6ED9EBA1);
 	R2(B,C,D,A,X[14],15,0x6ED9EBA1);
 	R2(A,B,C,D,X[ 1], 3,0x6ED9EBA1);
 	R2(D,A,B,C,X[ 9], 9,0x6ED9EBA1);
 	R2(C,D,A,B,X[ 5],11,0x6ED9EBA1);
 	R2(B,C,D,A,X[13],15,0x6ED9EBA1);
 	R2(A,B,C,D,X[ 3], 3,0x6ED9EBA1);
 	R2(D,A,B,C,X[11], 9,0x6ED9EBA1);
 	R2(C,D,A,B,X[ 7],11,0x6ED9EBA1);
 	R2(B,C,D,A,X[15],15,0x6ED9EBA1);
 	A = c->A += A;
 	B = c->B += B;
 	C = c->C += C;
 	D = c->D += D;
 		}
 	}
 #endif
 #ifndef md4_block_data_order
 #ifdef X
 #undef X
@@ -242,19 +169,3 @@ void md4_block_data_order (MD4_CTX *c, const void *data_, size_t num)
 		}
 	}
 #endif
 #ifdef undef
 int printit(unsigned long *l)
 	{
 	int i,ii;
 	for (i=0; i<2; i++)
 		{
 		for (ii=0; ii<8; ii++)
 			{
 			fprintf(stderr,"%08lx ",l[i*8+ii]);
 			}
 		fprintf(stderr,"\n");
 		}
 	}
 #endif
--- a/crypto/md4/md4_locl.h
+++ b/crypto/md4/md4_locl.h
@@ -65,43 +65,13 @@
 #define MD4_LONG_LOG2 2 /* default to 32 bits */
 #endif
 void md4_block_host_order (MD4_CTX *c, const void *p,size_t num);
 void md4_block_data_order (MD4_CTX *c, const void *p,size_t num);
 #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
 # if !defined(B_ENDIAN)
 /*
 * *_block_host_order is expected to handle aligned data while
 * *_block_data_order - unaligned. As algorithm and host (x86)
 * are in this case of the same "endianness" these two are
 * otherwise indistinguishable. But normally you don't want to
 * call the same function because unaligned access in places
 * where alignment is expected is usually a "Bad Thing". Indeed,
 * on RISCs you get punished with BUS ERROR signal or *severe*
 * performance degradation. Intel CPUs are in turn perfectly
 * capable of loading unaligned data without such drastic side
 * effect. Yes, they say it's slower than aligned load, but no
 * exception is generated and therefore performance degradation
 * is *incomparable* with RISCs. What we should weight here is
 * costs of unaligned access against costs of aligning data.
 * According to my measurements allowing unaligned access results
 * in ~9% performance improvement on Pentium II operating at
 * 266MHz. I won't be surprised if the difference will be higher
 * on faster systems:-)
 *
 *				<appro@fy.chalmers.se>
 */
 # define md4_block_data_order md4_block_host_order
 # endif
 #endif
 #define DATA_ORDER_IS_LITTLE_ENDIAN
 #define HASH_LONG		MD4_LONG
 #define HASH_LONG_LOG2		MD4_LONG_LOG2
 #define HASH_CTX		MD4_CTX
 #define HASH_CBLOCK		MD4_CBLOCK
 #define HASH_LBLOCK		MD4_LBLOCK
 #define HASH_UPDATE		MD4_Update
 #define HASH_TRANSFORM		MD4_Transform
 #define HASH_FINAL		MD4_Final
@@ -112,21 +82,7 @@ void md4_block_data_order (MD4_CTX *c, const void *p,size_t num);
 	ll=(c)->C; HOST_l2c(ll,(s));	\
 	ll=(c)->D; HOST_l2c(ll,(s));	\
 	} while (0)
 #define HASH_BLOCK_HOST_ORDER	md4_block_host_order
 #if !defined(L_ENDIAN) || defined(md4_block_data_order)
 #define	HASH_BLOCK_DATA_ORDER	md4_block_data_order
 /*
 * Little-endians (Intel and Alpha) feel better without this.
 * It looks like memcpy does better job than generic
 * md4_block_data_order on copying-n-aligning input data.
 * But frankly speaking I didn't expect such result on Alpha.
 * On the other hand I've got this with egcs-1.0.2 and if
 * program is compiled with another (better?) compiler it
 * might turn out other way around.
 *
 *				<appro@fy.chalmers.se>
 */
 #endif
 #include "md32_common.h"
--- a/crypto/md5/Makefile
+++ b/crypto/md5/Makefile
@@ -52,24 +52,6 @@ mx86-cof.s: asm/md5-586.pl ../perlasm/x86asm.pl
 mx86-out.s: asm/md5-586.pl ../perlasm/x86asm.pl
 	(cd asm; $(PERL) md5-586.pl a.out $(CFLAGS) > ../$@)
 md5-sparcv8plus.o: asm/md5-sparcv9.S
 	$(CC) $(ASFLAGS) -DMD5_BLOCK_DATA_ORDER -c \
 		-o md5-sparcv8plus.o asm/md5-sparcv9.S
 # Old GNU assembler doesn't understand V9 instructions, so we
 # hire /usr/ccs/bin/as to do the job. Note that option is called
 # *-gcc27, but even gcc 2>=8 users may experience similar problem
 # if they didn't bother to upgrade GNU assembler. Such users should
 # not choose this option, but be adviced to *remove* GNU assembler
 # or upgrade it.
 md5-sparcv8plus-gcc27.o: asm/md5-sparcv9.S
 	$(CC) $(ASFLAGS) -DMD5_BLOCK_DATA_ORDER -E asm/md5-sparcv9.S | \
 		/usr/ccs/bin/as -xarch=v8plus - -o md5-sparcv8plus-gcc27.o
 md5-sparcv9.o: asm/md5-sparcv9.S
 	$(CC) $(ASFLAGS) -DMD5_BLOCK_DATA_ORDER -c \
 		-o md5-sparcv9.o asm/md5-sparcv9.S
 md5-x86_64.s:	asm/md5-x86_64.pl;	$(PERL) asm/md5-x86_64.pl $@
 files:
--- a/crypto/md5/asm/md5-586.pl
+++ b/crypto/md5/asm/md5-586.pl
@@ -29,7 +29,7 @@ $X="esi";
 0, 7, 14, 5, 12, 3, 10, 1, 8, 15, 6, 13, 4, 11, 2, 9,	# R3
 );
-&md5_block("md5_block_asm_host_order");
+&md5_block("md5_block_asm_data_order");
 &asm_finish();
 sub Np
--- a/crypto/md5/asm/md5-sparcv9.S
+++ b/crypto/md5/asm/md5-sparcv9.S
--- a/crypto/md5/asm/md5-x86_64.pl
+++ b/crypto/md5/asm/md5-x86_64.pl
@@ -111,9 +111,9 @@ $code .= <<EOF;
 .text
 .align 16
-.globl md5_block_asm_host_order
+.globl md5_block_asm_data_order
-.type md5_block_asm_host_order,\@function,3
+.type md5_block_asm_data_order,\@function,3
-md5_block_asm_host_order:
+md5_block_asm_data_order:
 	push	%rbp
 	push	%rbx
 	push	%r14
@@ -237,7 +237,7 @@ $code .= <<EOF;
 	pop	%rbx
 	pop	%rbp
 	ret
-.size md5_block_asm_host_order,.-md5_block_asm_host_order
+.size md5_block_asm_data_order,.-md5_block_asm_data_order
 EOF
 print $code;
--- a/crypto/md5/md5_dgst.c
+++ b/crypto/md5/md5_dgst.c
@@ -84,96 +84,6 @@ FIPS_NON_FIPS_MD_Init(MD5)
 	return 1;
 	}
 #ifndef md5_block_host_order
 void md5_block_host_order (MD5_CTX *c, const void *data, size_t num)
 	{
 	const MD5_LONG *X=data;
 	register unsigned MD32_REG_T A,B,C,D;
 	A=c->A;
 	B=c->B;
 	C=c->C;
 	D=c->D;
 	for (;num--;X+=HASH_LBLOCK)
 		{
 	/* Round 0 */
 	R0(A,B,C,D,X[ 0], 7,0xd76aa478L);
 	R0(D,A,B,C,X[ 1],12,0xe8c7b756L);
 	R0(C,D,A,B,X[ 2],17,0x242070dbL);
 	R0(B,C,D,A,X[ 3],22,0xc1bdceeeL);
 	R0(A,B,C,D,X[ 4], 7,0xf57c0fafL);
 	R0(D,A,B,C,X[ 5],12,0x4787c62aL);
 	R0(C,D,A,B,X[ 6],17,0xa8304613L);
 	R0(B,C,D,A,X[ 7],22,0xfd469501L);
 	R0(A,B,C,D,X[ 8], 7,0x698098d8L);
 	R0(D,A,B,C,X[ 9],12,0x8b44f7afL);
 	R0(C,D,A,B,X[10],17,0xffff5bb1L);
 	R0(B,C,D,A,X[11],22,0x895cd7beL);
 	R0(A,B,C,D,X[12], 7,0x6b901122L);
 	R0(D,A,B,C,X[13],12,0xfd987193L);
 	R0(C,D,A,B,X[14],17,0xa679438eL);
 	R0(B,C,D,A,X[15],22,0x49b40821L);
 	/* Round 1 */
 	R1(A,B,C,D,X[ 1], 5,0xf61e2562L);
 	R1(D,A,B,C,X[ 6], 9,0xc040b340L);
 	R1(C,D,A,B,X[11],14,0x265e5a51L);
 	R1(B,C,D,A,X[ 0],20,0xe9b6c7aaL);
 	R1(A,B,C,D,X[ 5], 5,0xd62f105dL);
 	R1(D,A,B,C,X[10], 9,0x02441453L);
 	R1(C,D,A,B,X[15],14,0xd8a1e681L);
 	R1(B,C,D,A,X[ 4],20,0xe7d3fbc8L);
 	R1(A,B,C,D,X[ 9], 5,0x21e1cde6L);
 	R1(D,A,B,C,X[14], 9,0xc33707d6L);
 	R1(C,D,A,B,X[ 3],14,0xf4d50d87L);
 	R1(B,C,D,A,X[ 8],20,0x455a14edL);
 	R1(A,B,C,D,X[13], 5,0xa9e3e905L);
 	R1(D,A,B,C,X[ 2], 9,0xfcefa3f8L);
 	R1(C,D,A,B,X[ 7],14,0x676f02d9L);
 	R1(B,C,D,A,X[12],20,0x8d2a4c8aL);
 	/* Round 2 */
 	R2(A,B,C,D,X[ 5], 4,0xfffa3942L);
 	R2(D,A,B,C,X[ 8],11,0x8771f681L);
 	R2(C,D,A,B,X[11],16,0x6d9d6122L);
 	R2(B,C,D,A,X[14],23,0xfde5380cL);
 	R2(A,B,C,D,X[ 1], 4,0xa4beea44L);
 	R2(D,A,B,C,X[ 4],11,0x4bdecfa9L);
 	R2(C,D,A,B,X[ 7],16,0xf6bb4b60L);
 	R2(B,C,D,A,X[10],23,0xbebfbc70L);
 	R2(A,B,C,D,X[13], 4,0x289b7ec6L);
 	R2(D,A,B,C,X[ 0],11,0xeaa127faL);
 	R2(C,D,A,B,X[ 3],16,0xd4ef3085L);
 	R2(B,C,D,A,X[ 6],23,0x04881d05L);
 	R2(A,B,C,D,X[ 9], 4,0xd9d4d039L);
 	R2(D,A,B,C,X[12],11,0xe6db99e5L);
 	R2(C,D,A,B,X[15],16,0x1fa27cf8L);
 	R2(B,C,D,A,X[ 2],23,0xc4ac5665L);
 	/* Round 3 */
 	R3(A,B,C,D,X[ 0], 6,0xf4292244L);
 	R3(D,A,B,C,X[ 7],10,0x432aff97L);
 	R3(C,D,A,B,X[14],15,0xab9423a7L);
 	R3(B,C,D,A,X[ 5],21,0xfc93a039L);
 	R3(A,B,C,D,X[12], 6,0x655b59c3L);
 	R3(D,A,B,C,X[ 3],10,0x8f0ccc92L);
 	R3(C,D,A,B,X[10],15,0xffeff47dL);
 	R3(B,C,D,A,X[ 1],21,0x85845dd1L);
 	R3(A,B,C,D,X[ 8], 6,0x6fa87e4fL);
 	R3(D,A,B,C,X[15],10,0xfe2ce6e0L);
 	R3(C,D,A,B,X[ 6],15,0xa3014314L);
 	R3(B,C,D,A,X[13],21,0x4e0811a1L);
 	R3(A,B,C,D,X[ 4], 6,0xf7537e82L);
 	R3(D,A,B,C,X[11],10,0xbd3af235L);
 	R3(C,D,A,B,X[ 2],15,0x2ad7d2bbL);
 	R3(B,C,D,A,X[ 9],21,0xeb86d391L);
 	A = c->A += A;
 	B = c->B += B;
 	C = c->C += C;
 	D = c->D += D;
 		}
 	}
 #endif
 #ifndef md5_block_data_order
 #ifdef X
 #undef X
@@ -276,19 +186,3 @@ void md5_block_data_order (MD5_CTX *c, const void *data_, size_t num)
 		}
 	}
 #endif
 #ifdef undef
 int printit(unsigned long *l)
 	{
 	int i,ii;
 	for (i=0; i<2; i++)
 		{
 		for (ii=0; ii<8; ii++)
 			{
 			fprintf(stderr,"%08lx ",l[i*8+ii]);
 			}
 		fprintf(stderr,"\n");
 		}
 	}
 #endif
--- a/crypto/md5/md5_locl.h
+++ b/crypto/md5/md5_locl.h
@@ -66,53 +66,19 @@
 #endif
 #ifdef MD5_ASM
-# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) || defined(__x86_64) || defined(__x86_64__)
+# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) || \
-#  if !defined(B_ENDIAN)
+     defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64)
-#   define md5_block_host_order md5_block_asm_host_order
+#  define md5_block_data_order md5_block_asm_data_order
 #  endif
 # elif defined(__sparc) && defined(OPENSSL_SYS_ULTRASPARC)
   void md5_block_asm_data_order_aligned (MD5_CTX *c, const MD5_LONG *p,size_t num);
 #  define HASH_BLOCK_DATA_ORDER_ALIGNED md5_block_asm_data_order_aligned
 # endif
 #endif
 void md5_block_host_order (MD5_CTX *c, const void *p,size_t num);
 void md5_block_data_order (MD5_CTX *c, const void *p,size_t num);
 #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) || defined(__x86_64) || defined(__x86_64__)
 # if !defined(B_ENDIAN)
 /*
 * *_block_host_order is expected to handle aligned data while
 * *_block_data_order - unaligned. As algorithm and host (x86)
 * are in this case of the same "endianness" these two are
 * otherwise indistinguishable. But normally you don't want to
 * call the same function because unaligned access in places
 * where alignment is expected is usually a "Bad Thing". Indeed,
 * on RISCs you get punished with BUS ERROR signal or *severe*
 * performance degradation. Intel CPUs are in turn perfectly
 * capable of loading unaligned data without such drastic side
 * effect. Yes, they say it's slower than aligned load, but no
 * exception is generated and therefore performance degradation
 * is *incomparable* with RISCs. What we should weight here is
 * costs of unaligned access against costs of aligning data.
 * According to my measurements allowing unaligned access results
 * in ~9% performance improvement on Pentium II operating at
 * 266MHz. I won't be surprised if the difference will be higher
 * on faster systems:-)
 *
 *				<appro@fy.chalmers.se>
 */
 # define md5_block_data_order md5_block_host_order
 # endif
 #endif
 #define DATA_ORDER_IS_LITTLE_ENDIAN
 #define HASH_LONG		MD5_LONG
 #define HASH_LONG_LOG2		MD5_LONG_LOG2
 #define HASH_CTX		MD5_CTX
 #define HASH_CBLOCK		MD5_CBLOCK
 #define HASH_LBLOCK		MD5_LBLOCK
 #define HASH_UPDATE		MD5_Update
 #define HASH_TRANSFORM		MD5_Transform
 #define HASH_FINAL		MD5_Final
@@ -123,21 +89,7 @@ void md5_block_data_order (MD5_CTX *c, const void *p,size_t num);
 	ll=(c)->C; HOST_l2c(ll,(s));	\
 	ll=(c)->D; HOST_l2c(ll,(s));	\
 	} while (0)
 #define HASH_BLOCK_HOST_ORDER	md5_block_host_order
 #if !defined(L_ENDIAN) || defined(md5_block_data_order)
 #define	HASH_BLOCK_DATA_ORDER	md5_block_data_order
 /*
 * Little-endians (Intel and Alpha) feel better without this.
 * It looks like memcpy does better job than generic
 * md5_block_data_order on copying-n-aligning input data.
 * But frankly speaking I didn't expect such result on Alpha.
 * On the other hand I've got this with egcs-1.0.2 and if
 * program is compiled with another (better?) compiler it
 * might turn out other way around.
 *
 *				<appro@fy.chalmers.se>
 */
 #endif
 #include "md32_common.h"
--- a/crypto/mem_clr.c
+++ b/crypto/mem_clr.c
@@ -64,12 +64,14 @@ unsigned char cleanse_ctr = 0;
 void OPENSSL_cleanse(void *ptr, size_t len)
 	{
 	unsigned char *p = ptr;
-	size_t loop = len;
+	size_t loop = len, ctr = cleanse_ctr;
 	while(loop--)
 		{
-		*(p++) = cleanse_ctr;
+		*(p++) = (unsigned char)ctr;
-		cleanse_ctr += (17 + (unsigned char)((unsigned long)p & 0xF));
+		ctr += (17 + ((size_t)p & 0xF));
 		}
-	if(memchr(ptr, cleanse_ctr, len))
+	p=memchr(ptr, (unsigned char)ctr, len);
-		cleanse_ctr += 63;
+	if(p)
 		ctr += (63 + (size_t)p);
 	cleanse_ctr = (unsigned char)ctr;
 	}
--- a/crypto/perlasm/x86_64-xlate.pl
+++ b/crypto/perlasm/x86_64-xlate.pl
@@ -57,7 +57,13 @@
 #		lea		.Label-.Lpic_point(%rcx),%rbp
 my $output = shift;
-open STDOUT,">$output" || die "can't open $output: $!";
+
 { my ($stddev,$stdino,@junk)=stat(STDOUT);
  my ($outdev,$outino,@junk)=stat($output);
    open STDOUT,">$output" || die "can't open $output: $!"
 	if ($stddev!=$outdev || $stdino!=$outino);
 }
 my $masm=1 if ($output =~ /\.asm/);
@@ -70,7 +76,7 @@ my $current_function;
 	local	*line = shift;
 	undef	$ret;
-	if ($line =~ /^([a-z]+)/i) {
+	if ($line =~ /^([a-z][a-z0-9]*)/i) {
 	    $self->{op} = $1;
 	    $ret = $self;
 	    $line = substr($line,@+[0]); $line =~ s/^\s+//;
@@ -79,6 +85,8 @@ my $current_function;
 	    if ($self->{op} =~ /(movz)b.*/) {	# movz is pain...
 		$self->{op} = $1;
 		$self->{sz} = "b";
 	    } elsif ($self->{op} =~ /call/) {
 		$self->{sz} = ""
 	    } elsif ($self->{op} =~ /([a-z]{3,})([qlwb])/) {
 		$self->{op} = $1;
 		$self->{sz} = $2;
@@ -95,8 +103,10 @@ my $current_function;
    sub out {
 	my $self = shift;
 	if (!$masm) {
-	    if ($self->{op} eq "movz") {	# movz in pain...
+	    if ($self->{op} eq "movz") {	# movz is pain...
 		sprintf "%s%s%s",$self->{op},$self->{sz},shift;
 	    } elsif ($self->{op} =~ /^set/) { 
 		"$self->{op}";
 	    } elsif ($self->{op} eq "ret") {
 	    	".byte	0xf3,0xc3";
 	    } else {
@@ -133,6 +143,10 @@ my $current_function;
    	my $self = shift;
 	if (!$masm) {
 	    # Solaris /usr/ccs/bin/as can't handle multiplications
 	    # in $self->{value}
 	    $self->{value} =~ s/(?<![0-9a-f])(0[x0-9a-f]+)/oct($1)/egi;
 	    $self->{value} =~ s/([0-9]+\s*[\*\/\%]\s*[0-9]+)/eval($1)/eg;
 	    sprintf "\$%s",$self->{value};
 	} else {
 	    $self->{value} =~ s/0x([0-9a-f]+)/0$1h/ig;
@@ -163,14 +177,16 @@ my $current_function;
    	my $self = shift;
 	my $sz = shift;
 	# Silently convert all EAs to 64-bit. This is required for
 	# elder GNU assembler and results in more compact code,
 	# *but* most importantly AES module depends on this feature!
 	$self->{index} =~ s/^[er](.?[0-9xpi])[d]?$/r\1/;
 	$self->{base}  =~ s/^[er](.?[0-9xpi])[d]?$/r\1/;
 	if (!$masm) {
 	    # elder GNU assembler insists on 64-bit EAs:-(
 	    # on pros side, this results in more compact code:-)
 	    $self->{index} =~ s/^[er](.?[0-9xp])[d]?$/r\1/;
 	    $self->{base}  =~ s/^[er](.?[0-9xp])[d]?$/r\1/;
 	    # Solaris /usr/ccs/bin/as can't handle multiplications
 	    # in $self->{label}
-	    $self->{label} =~ s/(?<![0-9a-f])(0[x0-9a-f]+)/oct($1)/eg;
+	    $self->{label} =~ s/(?<![0-9a-f])(0[x0-9a-f]+)/oct($1)/egi;
 	    $self->{label} =~ s/([0-9]+\s*[\*\/\%]\s*[0-9]+)/eval($1)/eg;
 	    if (defined($self->{index})) {
@@ -192,6 +208,8 @@ my $current_function;
 					$self->{label},
 					$self->{index},$self->{scale},
 					$self->{base};
 	    } elsif ($self->{base} eq "rip") {
 		sprintf "%s PTR %s",$szmap{$sz},$self->{label};
 	    } else {
 		sprintf "%s PTR %s[%s]",$szmap{$sz},
 					$self->{label},$self->{base};
@@ -317,6 +335,10 @@ my $current_function;
 		$line =~ s/\@function.*/\@function/;
 		if ($line =~ /\.picmeup\s+(%r[\w]+)/i) {
 		    $self->{value} = sprintf "\t.long\t0x%x,0x90000000",$opcode{$1};
 		} elsif ($line =~ /\.asciz\s+"(.*)"$/) {
 		    $self->{value} = ".byte\t".join(",",unpack("C*",$1),0);
 		} elsif ($line =~ /\.extern/) {
 		    $self->{value} = ""; # swallow extern
 		} else {
 		    $self->{value} = $line;
 		}
@@ -338,6 +360,7 @@ my $current_function;
 				    $self->{value} = $v;
 				    last;
 				  };
 		/\.extern/  && do { $self->{value} = "EXTRN\t".$line.":BYTE"; last;  };
 		/\.globl/   && do { $self->{value} = "PUBLIC\t".$line; last; };
 		/\.type/    && do { ($sym,$type,$narg) = split(',',$line);
 				    if ($type eq "\@function") {
@@ -372,6 +395,19 @@ my $current_function;
 		/\.picmeup/ && do { $self->{value} = sprintf"\tDD\t 0%Xh,090000000h",$opcode{$line};
 				    last;
 				  };
 		/\.asciz/   && do { if ($line =~ /^"(.*)"$/) {
 					my @str=unpack("C*",$1);
 					push @str,0;
 					while ($#str>15) {
 					    $self->{value}.="DB\t"
 						.join(",",@str[0..15])."\n";
 					    foreach (0..15) { shift @str; }
 					}
 					$self->{value}.="DB\t"
 						.join(",",@str) if (@str);
 				    }
 				    last;
 				  };
 	    }
 	    $line = "";
 	}
@@ -480,7 +516,10 @@ close STDOUT;
 # arguments passed to callee, *but* not less than 4! This means that
 # upon function entry point 5th argument resides at 40(%rsp), as well
 # as that 32 bytes from 8(%rsp) can always be used as temporal
-# storage [without allocating a frame].
+# storage [without allocating a frame]. One can actually argue that
 # one can assume a "red zone" above stack pointer under Win64 as well.
 # Point is that at apparently no occasion Windows kernel would alter
 # the area above user stack pointer in true asynchronous manner...
 #
 # All the above means that if assembler programmer adheres to Unix
 # register and stack layout, but disregards the "red zone" existense,
--- a/crypto/perlasm/x86asm.pl
+++ b/crypto/perlasm/x86asm.pl
@@ -1,48 +1,131 @@
-#!/usr/local/bin/perl
+#!/usr/bin/env perl
 # require 'x86asm.pl';
-# &asm_init("cpp","des-586.pl");
+# &asm_init(<flavor>,"des-586.pl"[,$i386only]);
-# XXX
+# &function_begin("foo");
-# XXX
+# ...
-# main'asm_finish
+# &function_end("foo");
 # &asm_finish
-sub main'asm_finish
+# AUTOLOAD is this context has quite unpleasant side effect, namely
-	{
+# that typos in function calls effectively go to assembler output,
-	&file_end();
+# but on the pros side we don't have to implement one subroutine per
-	&asm_finish_cpp() if $cpp;
+# each opcode...
-	print &asm_get_output();
+sub ::AUTOLOAD
 { my $opcode = $AUTOLOAD;
    die "more than 2 arguments passed to $opcode" if ($#_>1);
    $opcode =~ s/.*:://;
    if    ($opcode =~ /^push/) { $stack+=4; }
    elsif ($opcode =~ /^pop/)  { $stack-=4; }
    &generic($opcode,@_) or die "undefined subroutine \&$AUTOLOAD";
 }
 $out=();
 $i386=0;
 sub ::emit
 { my $opcode=shift;
    if ($#_==-1)    { push(@out,"\t$opcode\n");				}
    else            { push(@out,"\t$opcode\t".join(',',@_)."\n");	}
 }
 sub ::LB
 {   $_[0] =~ m/^e?([a-d])x$/o or die "$_[0] does not have a 'low byte'";
  $1."l";
 }
 sub ::HB
 {   $_[0] =~ m/^e?([a-d])x$/o or die "$_[0] does not have a 'high byte'";
  $1."h";
 }
 sub ::stack_push{ my $num=$_[0]*4; $stack+=$num; &sub("esp",$num);	}
 sub ::stack_pop	{ my $num=$_[0]*4; $stack-=$num; &add("esp",$num);	}
 sub ::blindpop	{ &pop($_[0]); $stack+=4;				}
 sub ::wparam	{ &DWP($stack+4*$_[0],"esp");				}
 sub ::swtmp	{ &DWP(4*$_[0],"esp");					}
 sub ::bswap
 {   if ($i386)	# emulate bswap for i386
    {	&comment("bswap @_");
 	&xchg(&HB(@_),&LB(@_));
 	&ror (@_,16);
 	&xchg(&HB(@_),&LB(@_));
    }
    else
    {	&generic("bswap",@_);	}
 }
 # These are made-up opcodes introduced over the years essentially
 # by ignorance, just alias them to real ones...
 sub ::movb	{ &mov(@_);	}
 sub ::xorb	{ &xor(@_);	}
 sub ::rotl	{ &rol(@_);	}
 sub ::rotr	{ &ror(@_);	}
 sub ::exch	{ &xchg(@_);	}
 sub ::halt	{ &hlt;		}
 sub ::function_begin
 {   &function_begin_B(@_);
    $stack=4;
    &push("ebp");
    &push("ebx");
    &push("esi");
    &push("edi");
 }
 sub ::function_end
 {   &pop("edi");
    &pop("esi");
    &pop("ebx");
    &pop("ebp");
    &ret();
    $stack=0;
    &function_end_B(@_);
 }
 sub ::function_end_A
 {   &pop("edi");
    &pop("esi");
    &pop("ebx");
    &pop("ebp");
    &ret();
    $stack+=16;	# readjust esp as if we didn't pop anything
 }
 sub ::asciz {   foreach (@_) { &data_byte(unpack("C*",$_),0); }   }
 sub ::asm_finish
 {   &file_end();
    print @out;
 }
 sub ::asm_init
 { my ($type,$fn,$cpu)=@_;
 sub main'asm_init
 	{
 	($type,$fn,$i386)=@_;
    $filename=$fn;
    $i386=$cpu;
    $elf=$cpp=$coff=$aout=$win32=$netware=$mwerks=0;
-	if (	($type eq "elf"))
+    if    (($type eq "elf"))
    {	$elf=1;			require "x86unix.pl";	}
-	elsif (	($type eq "a.out"))
+    elsif (($type eq "a\.out"))
    {	$aout=1;		require "x86unix.pl";	}
-	elsif (	($type eq "coff" or $type eq "gaswin"))
+    elsif (($type eq "coff" or $type eq "gaswin"))
    {	$coff=1;		require "x86unix.pl";	}
-	elsif (	($type eq "cpp"))
+    elsif (($type eq "win32n"))
 		{ $cpp=1; require "x86unix.pl"; }
 	elsif (	($type eq "win32"))
 		{ $win32=1; require "x86ms.pl"; }
 	elsif (	($type eq "win32n"))
    {	$win32=1;		require "x86nasm.pl";	}
-	elsif (	($type eq "nw-nasm"))
+    elsif (($type eq "nw-nasm"))
    {	$netware=1;		require "x86nasm.pl";	}
-	elsif (	($type eq "nw-mwasm"))
+    elsif (($type eq "nw-mwasm"))
    {	$netware=1; $mwerks=1;	require "x86nasm.pl";	}
    else
-		{
+    {	print STDERR <<"EOF";
 		print STDERR <<"EOF";
 Pick one target type from
 	elf	- Linux, FreeBSD, Solaris x86, etc.
-	a.out	- OpenBSD, DJGPP, etc.
+	a.out	- DJGPP, elder OpenBSD, etc.
 	coff	- GAS/COFF such as Win32 targets
 	win32	- Windows 95/Windows NT
 	win32n	- Windows 95/Windows NT NASM format
 	nw-nasm - NetWare NASM format
 	nw-mwasm- NetWare Metrowerks Assembler
@@ -53,78 +136,8 @@ EOF
    $pic=0;
    for (@ARGV) { $pic=1 if (/\-[fK]PIC/i); }
 	&asm_init_output();
 &comment("Don't even think of reading this code");
 &comment("It was automatically generated by $filename");
 &comment("Which is a perl program used to generate the x86 assember for");
 &comment("any of ELF, a.out, COFF, Win32, ...");
 &comment("eric <eay\@cryptsoft.com>");
 &comment("");
    $filename =~ s/\.pl$//;
    &file($filename);
-	}
+}
 sub asm_finish_cpp
 	{
 	return unless $cpp;
 	local($tmp,$i);
 	foreach $i (&get_labels())
 		{
 		$tmp.="#define $i _$i\n";
 		}
 	print <<"EOF";
 /* Run the C pre-processor over this file with one of the following defined
 * ELF - elf object files,
 * OUT - a.out object files,
 * BSDI - BSDI style a.out object files
 * SOL - Solaris style elf
 */
 #define TYPE(a,b)       .type   a,b
 #define SIZE(a,b)       .size   a,b
 #if defined(OUT) || (defined(BSDI) && !defined(ELF))
 $tmp
 #endif
 #ifdef OUT
 #define OK	1
 #define ALIGN	4
 #if defined(__CYGWIN__) || defined(__DJGPP__) || (__MINGW32__)
 #undef SIZE
 #undef TYPE
 #define SIZE(a,b)
 #define TYPE(a,b)	.def a; .scl 2; .type 32; .endef
 #endif /* __CYGWIN || __DJGPP */
 #endif
 #if defined(BSDI) && !defined(ELF)
 #define OK              1
 #define ALIGN           4
 #undef SIZE
 #undef TYPE
 #define SIZE(a,b)
 #define TYPE(a,b)
 #endif
 #if defined(ELF) || defined(SOL)
 #define OK              1
 #define ALIGN           16
 #endif
 #ifndef OK
 You need to define one of
 ELF - elf systems - linux-elf, NetBSD and DG-UX
 OUT - a.out systems - linux-a.out and FreeBSD
 SOL - solaris systems, which are elf with strange comment lines
 BSDI - a.out with a very primative version of as.
 #endif
 /* Let the Assembler begin :-) */
 EOF
 	}
 1;
--- a/crypto/perlasm/x86ms.pl
+++ b/crypto/perlasm/x86ms.pl
@@ -1,464 +0,0 @@
 #!/usr/local/bin/perl
 package x86ms;
 $label="L000";
 %lb=(	'eax',	'al',
 	'ebx',	'bl',
 	'ecx',	'cl',
 	'edx',	'dl',
 	'ax',	'al',
 	'bx',	'bl',
 	'cx',	'cl',
 	'dx',	'dl',
 	);
 %hb=(	'eax',	'ah',
 	'ebx',	'bh',
 	'ecx',	'ch',
 	'edx',	'dh',
 	'ax',	'ah',
 	'bx',	'bh',
 	'cx',	'ch',
 	'dx',	'dh',
 	);
 sub main'asm_init_output { @out=(); }
 sub main'asm_get_output { return(@out); }
 sub main'get_labels { return(@labels); }
 sub main'external_label
 {
 	push(@labels,@_);
 	foreach (@_) {
 		push(@out, "EXTRN\t_$_:DWORD\n");
 	}
 }
 sub main'LB
 	{
 	(defined($lb{$_[0]})) || die "$_[0] does not have a 'low byte'\n";
 	return($lb{$_[0]});
 	}
 sub main'HB
 	{
 	(defined($hb{$_[0]})) || die "$_[0] does not have a 'high byte'\n";
 	return($hb{$_[0]});
 	}
 sub main'BP
 	{
 	&get_mem("BYTE",@_);
 	}
 sub main'DWP
 	{
 	&get_mem("DWORD",@_);
 	}
 sub main'QWP
 	{
 	&get_mem("QWORD",@_);
 	}
 sub main'BC
 	{
 	return @_;
 	}
 sub main'DWC
 	{
 	return @_;
 	}
 sub main'stack_push
 	{
 	local($num)=@_;
 	$stack+=$num*4;
 	&main'sub("esp",$num*4);
 	}
 sub main'stack_pop
 	{
 	local($num)=@_;
 	$stack-=$num*4;
 	&main'add("esp",$num*4);
 	}
 sub get_mem
 	{
 	local($size,$addr,$reg1,$reg2,$idx)=@_;
 	local($t,$post);
 	local($ret)="$size PTR ";
 	$addr =~ s/^\s+//;
 	if ($addr =~ /^(.+)\+(.+)$/)
 		{
 		$reg2=&conv($1);
 		$addr="_$2";
 		}
 	elsif ($addr =~ /^[_a-z][_a-z0-9]*$/i)
 		{
 		$addr="_$addr";
 		}
 	if ($addr =~ /^.+\-.+$/) { $addr="($addr)"; }
 	$reg1="$regs{$reg1}" if defined($regs{$reg1});
 	$reg2="$regs{$reg2}" if defined($regs{$reg2});
 	if (($addr ne "") && ($addr ne 0))
 		{
 		if ($addr !~ /^-/)
 			{ $ret.=$addr; }
 		else	{ $post=$addr; }
 		}
 	if ($reg2 ne "")
 		{
 		$t="";
 		$t="*$idx" if ($idx != 0);
 		$reg1="+".$reg1 if ("$reg1$post" ne "");
 		$ret.="[$reg2$t$reg1$post]";
 		}
 	else
 		{
 		$ret.="[$reg1$post]"
 		}
 	$ret =~ s/\[\]//;	# in case $addr was the only argument
 	return($ret);
 	}
 sub main'mov	{ &out2("mov",@_); }
 sub main'movb	{ &out2("mov",@_); }
 sub main'and	{ &out2("and",@_); }
 sub main'or	{ &out2("or",@_); }
 sub main'shl	{ &out2("shl",@_); }
 sub main'shr	{ &out2("shr",@_); }
 sub main'xor	{ &out2("xor",@_); }
 sub main'xorb	{ &out2("xor",@_); }
 sub main'add	{ &out2("add",@_); }
 sub main'adc	{ &out2("adc",@_); }
 sub main'sub	{ &out2("sub",@_); }
 sub main'sbb	{ &out2("sbb",@_); }
 sub main'rotl	{ &out2("rol",@_); }
 sub main'rotr	{ &out2("ror",@_); }
 sub main'exch	{ &out2("xchg",@_); }
 sub main'cmp	{ &out2("cmp",@_); }
 sub main'lea	{ &out2("lea",@_); }
 sub main'mul	{ &out1("mul",@_); }
 sub main'div	{ &out1("div",@_); }
 sub main'dec	{ &out1("dec",@_); }
 sub main'inc	{ &out1("inc",@_); }
 sub main'jmp	{ &out1("jmp",@_); }
 sub main'jmp_ptr { &out1p("jmp",@_); }
 sub main'je	{ &out1("je",@_); }
 sub main'jle	{ &out1("jle",@_); }
 sub main'jz	{ &out1("jz",@_); }
 sub main'jge	{ &out1("jge",@_); }
 sub main'jl	{ &out1("jl",@_); }
 sub main'ja	{ &out1("ja",@_); }
 sub main'jae	{ &out1("jae",@_); }
 sub main'jb	{ &out1("jb",@_); }
 sub main'jbe	{ &out1("jbe",@_); }
 sub main'jc	{ &out1("jc",@_); }
 sub main'jnc	{ &out1("jnc",@_); }
 sub main'jnz	{ &out1("jnz",@_); }
 sub main'jne	{ &out1("jne",@_); }
 sub main'jno	{ &out1("jno",@_); }
 sub main'push	{ &out1("push",@_); $stack+=4; }
 sub main'pop	{ &out1("pop",@_); $stack-=4; }
 sub main'pushf	{ &out0("pushfd"); $stack+=4; }
 sub main'popf	{ &out0("popfd"); $stack-=4; }
 sub main'bswap	{ &out1("bswap",@_); &using486(); }
 sub main'not	{ &out1("not",@_); }
 sub main'call	{ &out1("call",($_[0]=~/^\$L/?'':'_').$_[0]); }
 sub main'call_ptr { &out1p("call",@_); }
 sub main'ret	{ &out0("ret"); }
 sub main'nop	{ &out0("nop"); }
 sub main'test	{ &out2("test",@_); }
 sub main'bt	{ &out2("bt",@_); }
 sub main'leave	{ &out0("leave"); }
 sub main'cpuid  { &out0("DW\t0A20Fh"); }
 sub main'rdtsc  { &out0("DW\t0310Fh"); }
 sub main'halt	{ &out0("hlt"); }
 sub main'movz	{ &out2("movzx",@_); }
 sub main'neg	{ &out1("neg",@_); }
 sub main'cld	{ &out0("cld"); }
 # SSE2
 sub main'emms	{ &out0("emms"); }
 sub main'movd	{ &out2("movd",@_); }
 sub main'movq	{ &out2("movq",@_); }
 sub main'movdqu	{ &out2("movdqu",@_); }
 sub main'movdqa	{ &out2("movdqa",@_); }
 sub main'movdq2q{ &out2("movdq2q",@_); }
 sub main'movq2dq{ &out2("movq2dq",@_); }
 sub main'paddq	{ &out2("paddq",@_); }
 sub main'pmuludq{ &out2("pmuludq",@_); }
 sub main'psrlq	{ &out2("psrlq",@_); }
 sub main'psllq	{ &out2("psllq",@_); }
 sub main'pxor	{ &out2("pxor",@_); }
 sub main'por	{ &out2("por",@_); }
 sub main'pand	{ &out2("pand",@_); }
 sub out2
 	{
 	local($name,$p1,$p2)=@_;
 	local($l,$t);
 	push(@out,"\t$name\t");
 	$t=&conv($p1).",";
 	$l=length($t);
 	push(@out,$t);
 	$l=4-($l+9)/8;
 	push(@out,"\t" x $l);
 	push(@out,&conv($p2));
 	push(@out,"\n");
 	}
 sub out0
 	{
 	local($name)=@_;
 	push(@out,"\t$name\n");
 	}
 sub out1
 	{
 	local($name,$p1)=@_;
 	local($l,$t);
 	push(@out,"\t$name\t".&conv($p1)."\n");
 	}
 sub conv
 	{
 	local($p)=@_;
 	$p =~ s/0x([0-9A-Fa-f]+)/0$1h/;
 	return $p;
 	}
 sub using486
 	{
 	return if $using486;
 	$using486++;
 	grep(s/\.386/\.486/,@out);
 	}
 sub main'file
 	{
 	local($file)=@_;
 	local($tmp)=<<"EOF";
 	TITLE	$file.asm
        .386
 .model	FLAT
 _TEXT\$	SEGMENT PAGE 'CODE'
 EOF
 	push(@out,$tmp);
 	}
 sub main'function_begin
 	{
 	local($func,$extra)=@_;
 	push(@labels,$func);
 	local($tmp)=<<"EOF";
 PUBLIC	_$func
 $extra
 _$func PROC NEAR
 	push	ebp
 	push	ebx
 	push	esi
 	push	edi
 EOF
 	push(@out,$tmp);
 	$stack=20;
 	}
 sub main'function_begin_B
 	{
 	local($func,$extra)=@_;
 	local($tmp)=<<"EOF";
 PUBLIC	_$func
 $extra
 _$func PROC NEAR
 EOF
 	push(@out,$tmp);
 	$stack=4;
 	}
 sub main'function_end
 	{
 	local($func)=@_;
 	local($tmp)=<<"EOF";
 	pop	edi
 	pop	esi
 	pop	ebx
 	pop	ebp
 	ret
 _$func ENDP
 EOF
 	push(@out,$tmp);
 	$stack=0;
 	%label=();
 	}
 sub main'function_end_B
 	{
 	local($func)=@_;
 	local($tmp)=<<"EOF";
 _$func ENDP
 EOF
 	push(@out,$tmp);
 	$stack=0;
 	%label=();
 	}
 sub main'function_end_A
 	{
 	local($func)=@_;
 	local($tmp)=<<"EOF";
 	pop	edi
 	pop	esi
 	pop	ebx
 	pop	ebp
 	ret
 EOF
 	push(@out,$tmp);
 	}
 sub main'file_end
 	{
 	# try to detect if SSE2 or MMX extensions were used...
 	if (grep {/xmm[0-7]\s*,/i} @out) {
 		grep {s/\.[3-7]86/\.686\n\t\.XMM/} @out;
 		}
 	elsif (grep {/mm[0-7]\s*,/i} @out) {
 		grep {s/\.[3-7]86/\.686\n\t\.MMX/} @out;
 		}
 	push(@out,"_TEXT\$	ENDS\n");
 	push(@out,"END\n");
 	}
 sub main'wparam
 	{
 	local($num)=@_;
 	return(&main'DWP($stack+$num*4,"esp","",0));
 	}
 sub main'swtmp
 	{
 	return(&main'DWP($_[0]*4,"esp","",0));
 	}
 # Should use swtmp, which is above esp.  Linix can trash the stack above esp
 #sub main'wtmp
 #	{
 #	local($num)=@_;
 #
 #	return(&main'DWP(-(($num+1)*4),"esp","",0));
 #	}
 sub main'comment
 	{
 	foreach (@_)
 		{
 		push(@out,"\t; $_\n");
 		}
 	}
 sub main'public_label
 	{
 	$label{$_[0]}="_$_[0]"	if (!defined($label{$_[0]}));
 	push(@out,"PUBLIC\t$label{$_[0]}\n");
 	}
 sub main'label
 	{
 	if (!defined($label{$_[0]}))
 		{
 		$label{$_[0]}="\$${label}${_[0]}";
 		$label++;
 		}
 	return($label{$_[0]});
 	}
 sub main'set_label
 	{
 	if (!defined($label{$_[0]}))
 		{
 		$label{$_[0]}="\$${label}${_[0]}";
 		$label++;
 		}
 	if ($_[1]!=0 && $_[1]>1)
 		{
 		main'align($_[1]);
 		}
 	if((defined $_[2]) && ($_[2] == 1))
 		{
 		push(@out,"$label{$_[0]}::\n");
 		}
 	elsif ($label{$_[0]} !~ /^\$/)
 		{
 		push(@out,"$label{$_[0]}\tLABEL PTR\n");
 		}
 	else
 		{
 		push(@out,"$label{$_[0]}:\n");
 		}
 	}
 sub main'data_byte
 	{
 	push(@out,"\tDB\t".join(',',@_)."\n");
 	}
 sub main'data_word
 	{
 	push(@out,"\tDD\t".join(',',@_)."\n");
 	}
 sub main'align
 	{
 	push(@out,"\tALIGN\t$_[0]\n");
 	}
 sub out1p
 	{
 	local($name,$p1)=@_;
 	local($l,$t);
 	push(@out,"\t$name\t".&conv($p1)."\n");
 	}
 sub main'picmeup
 	{
 	local($dst,$sym)=@_;
 	&main'lea($dst,&main'DWP($sym));
 	}
 sub main'blindpop { &out1("pop",@_); }
 sub main'initseg 
 	{
 	local($f)=@_;
 	local($tmp)=<<___;
 OPTION	DOTNAME
 .CRT\$XCU	SEGMENT DWORD PUBLIC 'DATA'
 EXTRN	_$f:NEAR
 DD	_$f
 .CRT\$XCU	ENDS
 ___
 	push(@out,$tmp);
 	}
 1;
--- a/crypto/perlasm/x86nasm.pl
+++ b/crypto/perlasm/x86nasm.pl
@@ -1,451 +1,256 @@
-#!/usr/local/bin/perl
+#!/usr/bin/env perl
 package x86nasm;
-$label="L000";
+*out=\@::out;
 $under=($main'netware)?'':'_';
-%lb=(	'eax',	'al',
+$lprfx="\@L";
-	'ebx',	'bl',
+$label="000";
-	'ecx',	'cl',
+$under=($::netware)?'':'_';
-	'edx',	'dl',
+$initseg="";
 	'ax',	'al',
 	'bx',	'bl',
 	'cx',	'cl',
 	'dx',	'dl',
 	);
-%hb=(	'eax',	'ah',
+sub ::generic
-	'ebx',	'bh',
+{ my $opcode=shift;
-	'ecx',	'ch',
+  my $tmp;
 	'edx',	'dh',
 	'ax',	'ah',
 	'bx',	'bh',
 	'cx',	'ch',
 	'dx',	'dh',
 	);
-sub main'asm_init_output { @out=(); }
+    if (!$::mwerks)
-sub main'asm_get_output { return(@out); }
+    {   if    ($opcode =~ m/^j/o && $#_==0) # optimize jumps
-sub main'get_labels { return(@labels); }
+	{   $_[0] = "NEAR $_[0]";   	}
-
+	elsif ($opcode eq "lea" && $#_==1)# wipe storage qualifier from lea
-sub main'external_label
+	{   $_[1] =~ s/^[^\[]*\[/\[/o;	}
 {
 	push(@labels,@_);
 	foreach (@_) {
 		push(@out,".") if ($main'mwerks);
 		push(@out, "extern\t${under}$_\n");
    }
    &::emit($opcode,@_);
  1;
 }
 #
 # opcodes not covered by ::generic above, mostly inconsistent namings...
 #
 sub ::movz	{ &::movzx(@_);		}
 sub ::pushf	{ &::pushfd;		}
 sub ::popf	{ &::popfd;		}
-sub main'LB
+sub ::call	{ &::emit("call",(&islabel($_[0]) or "$under$_[0]")); }
-	{
+sub ::call_ptr	{ &::emit("call",@_);	}
-	(defined($lb{$_[0]})) || die "$_[0] does not have a 'low byte'\n";
+sub ::jmp_ptr	{ &::emit("jmp",@_);	}
 	return($lb{$_[0]});
 	}
-sub main'HB
+# chosen SSE instructions
-	{
+sub ::movq
-	(defined($hb{$_[0]})) || die "$_[0] does not have a 'high byte'\n";
+{ my($p1,$p2,$optimize)=@_;
 	return($hb{$_[0]});
 	}
-sub main'BP
+    if ($optimize && $p1=~/^mm[0-7]$/ && $p2=~/^mm[0-7]$/)
-	{
+    # movq between mmx registers can sink Intel CPUs
-	&get_mem("BYTE",@_);
+    {	&::pshufw($p1,$p2,0xe4);		}
-	}
+    else
-
+    {	&::emit("movq",@_);			}
-sub main'DWP
+}
-	{
+sub ::pshufw { &::emit("pshufw",@_); }
 	&get_mem("DWORD",@_);
 	}
 sub main'QWP
 	{
 	&get_mem("",@_);
 	}
 sub main'BC
 	{
 	return (($main'mwerks)?"":"BYTE ")."@_";
 	}
 sub main'DWC
 	{
 	return (($main'mwerks)?"":"DWORD ")."@_";
 	}
 sub main'stack_push
 	{
 	my($num)=@_;
 	$stack+=$num*4;
 	&main'sub("esp",$num*4);
 	}
 sub main'stack_pop
 	{
 	my($num)=@_;
 	$stack-=$num*4;
 	&main'add("esp",$num*4);
 	}
 sub get_mem
-	{
+{ my($size,$addr,$reg1,$reg2,$idx)=@_;
-	my($size,$addr,$reg1,$reg2,$idx)=@_;
+  my($post,$ret);
-	my($t,$post);
+
-	my($ret)=$size;
+    if ($size ne "")
-	if ($ret ne "")
+    {	$ret .= "$size";
-		{
+	$ret .= " PTR" if ($::mwerks);
 		$ret .= " PTR" if ($main'mwerks);
 	$ret .= " ";
    }
    $ret .= "[";
    $addr =~ s/^\s+//;
-	if ($addr =~ /^(.+)\+(.+)$/)
+    # prepend global references with optional underscore
-		{
+    $addr =~ s/^([^\+\-0-9][^\+\-]*)/islabel($1) or "$under$1"/ige;
-		$reg2=&conv($1);
+    # put address arithmetic expression in parenthesis
-		$addr="$under$2";
+    $addr="($addr)" if ($addr =~ /^.+[\-\+].+$/);
 		}
 	elsif ($addr =~ /^[_a-z][_a-z0-9]*$/i)
 		{
 		$addr="$under$addr";
 		}
 	if ($addr =~ /^.+\-.+$/) { $addr="($addr)"; }
 	$reg1="$regs{$reg1}" if defined($regs{$reg1});
 	$reg2="$regs{$reg2}" if defined($regs{$reg2});
    if (($addr ne "") && ($addr ne 0))
-		{
+    {	if ($addr !~ /^-/)	{ $ret .= "$addr+"; }
 		if ($addr !~ /^-/)
 			{ $ret.="${addr}+"; }
 	else			{ $post=$addr;      }
    }
    if ($reg2 ne "")
-		{
+    {	$idx!=0 or $idx=1;
-		$t="";
+	$ret .= "$reg2*$idx";
-		$t="*$idx" if ($idx != 0);
+	$ret .= "+$reg1" if ($reg1 ne "");
 		$reg1="+".$reg1 if ("$reg1$post" ne "");
 		$ret.="$reg2$t$reg1$post]";
    }
    else
-		{
+    {	$ret .= "$reg1";   }
-		$ret.="$reg1$post]"
+
-		}
+    $ret .= "$post]";
    $ret =~ s/\+\]/]/; # in case $addr was the only argument
 	return($ret);
 	}
-sub main'mov	{ &out2("mov",@_); }
+  $ret;
-sub main'movb	{ &out2("mov",@_); }
+}
-sub main'and	{ &out2("and",@_); }
+sub ::BP	{ &get_mem("BYTE",@_);  }
-sub main'or	{ &out2("or",@_); }
+sub ::DWP	{ &get_mem("DWORD",@_); }
-sub main'shl	{ &out2("shl",@_); }
+sub ::QWP	{ &get_mem("",@_);      }
-sub main'shr	{ &out2("shr",@_); }
+sub ::BC	{ (($::mwerks)?"":"BYTE ")."@_";  }
-sub main'xor	{ &out2("xor",@_); }
+sub ::DWC	{ (($::mwerks)?"":"DWORD ")."@_"; }
 sub main'xorb	{ &out2("xor",@_); }
 sub main'add	{ &out2("add",@_); }
 sub main'adc	{ &out2("adc",@_); }
 sub main'sub	{ &out2("sub",@_); }
 sub main'sbb	{ &out2("sbb",@_); }
 sub main'rotl	{ &out2("rol",@_); }
 sub main'rotr	{ &out2("ror",@_); }
 sub main'exch	{ &out2("xchg",@_); }
 sub main'cmp	{ &out2("cmp",@_); }
 sub main'lea	{ &out2("lea",@_); }
 sub main'mul	{ &out1("mul",@_); }
 sub main'div	{ &out1("div",@_); }
 sub main'dec	{ &out1("dec",@_); }
 sub main'inc	{ &out1("inc",@_); }
 sub main'jmp	{ &out1("jmp",@_); }
 sub main'jmp_ptr { &out1p("jmp",@_); }
-# This is a bit of a kludge: declare all branches as NEAR.
+sub ::file
-$near=($main'mwerks)?'':'NEAR';
+{   if ($::mwerks)	{ push(@out,".section\t.text\n"); }
-sub main'je	{ &out1("je $near",@_); }
+    else
-sub main'jle	{ &out1("jle $near",@_); }
+    { my $tmp=<<___;
 sub main'jz	{ &out1("jz $near",@_); }
 sub main'jge	{ &out1("jge $near",@_); }
 sub main'jl	{ &out1("jl $near",@_); }
 sub main'ja	{ &out1("ja $near",@_); }
 sub main'jae	{ &out1("jae $near",@_); }
 sub main'jb	{ &out1("jb $near",@_); }
 sub main'jbe	{ &out1("jbe $near",@_); }
 sub main'jc	{ &out1("jc $near",@_); }
 sub main'jnc	{ &out1("jnc $near",@_); }
 sub main'jnz	{ &out1("jnz $near",@_); }
 sub main'jne	{ &out1("jne $near",@_); }
 sub main'jno	{ &out1("jno $near",@_); }
 sub main'push	{ &out1("push",@_); $stack+=4; }
 sub main'pop	{ &out1("pop",@_); $stack-=4; }
 sub main'pushf	{ &out0("pushfd"); $stack+=4; }
 sub main'popf	{ &out0("popfd"); $stack-=4; }
 sub main'bswap	{ &out1("bswap",@_); &using486(); }
 sub main'not	{ &out1("not",@_); }
 sub main'call	{ &out1("call",($_[0]=~/^\@L/?'':$under).$_[0]); }
 sub main'call_ptr { &out1p("call",@_); }
 sub main'ret	{ &out0("ret"); }
 sub main'nop	{ &out0("nop"); }
 sub main'test	{ &out2("test",@_); }
 sub main'bt	{ &out2("bt",@_); }
 sub main'leave	{ &out0("leave"); }
 sub main'cpuid	{ &out0("cpuid"); }
 sub main'rdtsc	{ &out0("rdtsc"); }
 sub main'halt	{ &out0("hlt"); }
 sub main'movz	{ &out2("movzx",@_); }
 sub main'neg	{ &out1("neg",@_); }
 sub main'cld	{ &out0("cld"); }
 # SSE2
 sub main'emms	{ &out0("emms"); }
 sub main'movd	{ &out2("movd",@_); }
 sub main'movq	{ &out2("movq",@_); }
 sub main'movdqu	{ &out2("movdqu",@_); }
 sub main'movdqa	{ &out2("movdqa",@_); }
 sub main'movdq2q{ &out2("movdq2q",@_); }
 sub main'movq2dq{ &out2("movq2dq",@_); }
 sub main'paddq	{ &out2("paddq",@_); }
 sub main'pmuludq{ &out2("pmuludq",@_); }
 sub main'psrlq	{ &out2("psrlq",@_); }
 sub main'psllq	{ &out2("psllq",@_); }
 sub main'pxor	{ &out2("pxor",@_); }
 sub main'por	{ &out2("por",@_); }
 sub main'pand	{ &out2("pand",@_); }
 sub out2
 	{
 	my($name,$p1,$p2)=@_;
 	my($l,$t);
 	push(@out,"\t$name\t");
 	if (!$main'mwerks and $name eq "lea")
 		{
 		$p1 =~ s/^[^\[]*\[/\[/;
 		$p2 =~ s/^[^\[]*\[/\[/;
 		}
 	$t=&conv($p1).",";
 	$l=length($t);
 	push(@out,$t);
 	$l=4-($l+9)/8;
 	push(@out,"\t" x $l);
 	push(@out,&conv($p2));
 	push(@out,"\n");
 	}
 sub out0
 	{
 	my($name)=@_;
 	push(@out,"\t$name\n");
 	}
 sub out1
 	{
 	my($name,$p1)=@_;
 	my($l,$t);
 	push(@out,"\t$name\t".&conv($p1)."\n");
 	}
 sub conv
 	{
 	my($p)=@_;
 	$p =~ s/0x([0-9A-Fa-f]+)/0$1h/;
 	return $p;
 	}
 sub using486
 	{
 	return if $using486;
 	$using486++;
 	grep(s/\.386/\.486/,@out);
 	}
 sub main'file
 	{
 	if ($main'mwerks)	{ push(@out,".section\t.text\n"); }
 	else	{
 		local $tmp=<<___;
 %ifdef __omf__
-section	code	use32 class=code
+section	code	use32 class=code align=64
 %else
-section	.text
+section	.text	code align=64
 %endif
 ___
 	push(@out,$tmp);
    }
-	}
+}
-sub main'function_begin
+sub ::function_begin_B
-	{
+{ my $func=$under.shift;
-	my($func,$extra)=@_;
+  my $tmp=<<___;
-
+global	$func
-	push(@labels,$func);
+align	16
-	my($tmp)=<<"EOF";
+$func:
 global	$under$func
 $under$func:
 	push	ebp
 	push	ebx
 	push	esi
 	push	edi
 EOF
 	push(@out,$tmp);
 	$stack=20;
 	}
 sub main'function_begin_B
 	{
 	my($func,$extra)=@_;
 	my($tmp)=<<"EOF";
 global	$under$func
 $under$func:
 EOF
 	push(@out,$tmp);
 	$stack=4;
 	}
 sub main'function_end
 	{
 	my($func)=@_;
 	my($tmp)=<<"EOF";
 	pop	edi
 	pop	esi
 	pop	ebx
 	pop	ebp
 	ret
 EOF
 	push(@out,$tmp);
 	$stack=0;
 	%label=();
 	}
 sub main'function_end_B
 	{
 	$stack=0;
 	%label=();
 	}
 sub main'function_end_A
 	{
 	my($func)=@_;
 	my($tmp)=<<"EOF";
 	pop	edi
 	pop	esi
 	pop	ebx
 	pop	ebp
 	ret
 EOF
 	push(@out,$tmp);
 	}
 sub main'file_end
 	{
 	}
 sub main'wparam
 	{
 	my($num)=@_;
 	return(&main'DWP($stack+$num*4,"esp","",0));
 	}
 sub main'swtmp
 	{
 	return(&main'DWP($_[0]*4,"esp","",0));
 	}
 # Should use swtmp, which is above esp.  Linix can trash the stack above esp
 #sub main'wtmp
 #	{
 #	my($num)=@_;
 #
 #	return(&main'DWP(-(($num+1)*4),"esp","",0));
 #	}
 sub main'comment
 	{
 	foreach (@_)
 		{
 		push(@out,"\t; $_\n");
 		}
 	}
 sub main'public_label
 	{
 	$label{$_[0]}="${under}${_[0]}"	if (!defined($label{$_[0]}));
 	push(@out,"global\t$label{$_[0]}\n");
 	}
 sub main'label
 	{
 	if (!defined($label{$_[0]}))
 		{
 		$label{$_[0]}="\@${label}${_[0]}";
 		$label++;
 		}
 	return($label{$_[0]});
 	}
 sub main'set_label
 	{
 	if (!defined($label{$_[0]}))
 		{
 		$label{$_[0]}="\@${label}${_[0]}";
 		$label++;
 		}
 	if ($_[1]!=0 && $_[1]>1)
 		{
 		main'align($_[1]);
 		}
 	push(@out,"$label{$_[0]}:\n");
 	}
 sub main'data_byte
 	{
 	push(@out,(($main'mwerks)?".byte\t":"DB\t").join(',',@_)."\n");
 	}
 sub main'data_word
 	{
 	push(@out,(($main'mwerks)?".long\t":"DD\t").join(',',@_)."\n");
 	}
 sub main'align
 	{
 	push(@out,".") if ($main'mwerks);
 	push(@out,"align\t$_[0]\n");
 	}
 sub out1p
 	{
 	my($name,$p1)=@_;
 	my($l,$t);
 	push(@out,"\t$name\t".&conv($p1)."\n");
 	}
 sub main'picmeup
 	{
 	local($dst,$sym)=@_;
 	&main'lea($dst,&main'DWP($sym));
 	}
 sub main'blindpop { &out1("pop",@_); }
 sub main'initseg
 	{
 	local($f)=@_;
 	if ($main'win32)
 		{
 		local($tmp)=<<___;
 segment	.CRT\$XCU data
 extern	$under$f
 DD	$under$f
 ___
    push(@out,$tmp);
    $::stack=4;
 }
 sub ::function_end_B
 { my $i;
    foreach $i (%label) { undef $label{$i} if ($label{$i} =~ /^$prfx/);  }
    $::stack=0;
 }
 sub ::file_end
 {   # try to detect if SSE2 or MMX extensions were used on Win32...
    if ($::win32 && grep {/\b[x]?mm[0-7]\b|OPENSSL_ia32cap_P\b/i} @out)
    {	# $1<<10 sets a reserved bit to signal that variable
 	# was initialized already...
 	my $code=<<___;
 align	16
 ${lprfx}OPENSSL_ia32cap_init:
 	lea	edx,[${under}OPENSSL_ia32cap_P]
 	cmp	DWORD [edx],0
 	jne	NEAR ${lprfx}nocpuid
 	mov	DWORD [edx],1<<10
 	pushfd
 	pop	eax
 	mov	ecx,eax
 	xor	eax,1<<21
 	push	eax
 	popfd
 	pushfd
 	pop	eax
 	xor	eax,ecx
 	bt	eax,21
 	jnc	NEAR ${lprfx}nocpuid
 	push	ebp
 	push	edi
 	push	ebx
 	mov	edi,edx
 	xor	eax,eax
 	cpuid
 	xor	eax,eax
 	cmp	ebx,'Genu'
 	setne	al
 	mov	ebp,eax
 	cmp	edx,'ineI'
 	setne	al
 	or	ebp,eax
 	cmp	eax,'ntel'
 	setne	al
 	or	ebp,eax
 	mov	eax,1
 	cpuid
 	cmp	ebp,0
 	jne	${lprfx}notP4
 	and	ah,15
 	cmp	ah,15
 	jne	${lprfx}notP4
 	or	edx,1<<20
 ${lprfx}notP4:
 	bt	edx,28
 	jnc	${lprfx}done
 	shr	ebx,16
 	cmp	bl,1
 	ja	${lprfx}done
 	and	edx,0xefffffff
 ${lprfx}done:
 	or	edx,1<<10
 	mov	DWORD [edi],edx
 	pop	ebx
 	pop	edi
 	pop	ebp
 ${lprfx}nocpuid:
 	ret
 segment	.CRT\$XCU data align=4
 dd	${lprfx}OPENSSL_ia32cap_init
 ___
 	my $data=<<___;
 segment	.bss
 common	${under}OPENSSL_ia32cap_P 4
 ___
 	#<not needed in OpenSSL context>#push (@out,$code);
 	# comment out OPENSSL_ia32cap_P declarations
 	grep {s/(^extern\s+${under}OPENSSL_ia32cap_P)/\;$1/} @out;
 	push (@out,$data)
    }
    push (@out,$initseg) if ($initseg);		
 }
 sub ::comment {   foreach (@_) { push(@out,"\t; $_\n"); }   }
 sub islabel	# see is argument is known label
 { my $i;
    foreach $i (%label) { return $label{$i} if ($label{$i} eq $_[0]); }
  undef;
 }
 sub ::external_label
 {   push(@labels,@_);
    foreach (@_)
    {	push(@out,".") if ($::mwerks);
 	push(@out, "extern\t${under}$_\n");
    }
 }
 sub ::public_label
 {   $label{$_[0]}="${under}${_[0]}" if (!defined($label{$_[0]}));
    push(@out,"global\t$label{$_[0]}\n");
 }
 sub ::label
 {   if (!defined($label{$_[0]}))
    {	$label{$_[0]}="${lprfx}${label}${_[0]}"; $label++;   }
  $label{$_[0]};
 }
 sub ::set_label
 { my $label=&::label($_[0]);
    &::align($_[1]) if ($_[1]>1);
    push(@out,"$label{$_[0]}:\n");
 }
 sub ::data_byte
 {   push(@out,(($::mwerks)?".byte\t":"db\t").join(',',@_)."\n");	}
 sub ::data_word
 {   push(@out,(($::mwerks)?".long\t":"dd\t").join(',',@_)."\n");	}
 sub ::align
 {   push(@out,".") if ($::mwerks); push(@out,"align\t$_[0]\n");	}
 sub ::picmeup
 { my($dst,$sym)=@_;
    &::lea($dst,&::DWP($sym));
 }
 sub ::initseg
 { my($f)=$under.shift;
    if ($::win32)
    {	$initseg=<<___;
 segment	.CRT\$XCU data align=4
 extern	$f
 dd	$f
 ___
    }
 }
 1;
--- a/crypto/perlasm/x86unix.pl
+++ b/crypto/perlasm/x86unix.pl
@@ -1,499 +1,152 @@
-#!/usr/local/bin/perl
+#!/usr/bin/env perl
 package x86unix;	# GAS actually...
 *out=\@::out;
 $label="L000";
 $const="";
 $constl=0;
-$align=($main'aout)?"4":"16";
+$align=($::aout)?"4":"16";
-$under=($main'aout or $main'coff)?"_":"";
+$under=($::aout or $::coff)?"_":"";
-$dot=($main'aout)?"":".";
+$dot=($::aout)?"":".";
-$com_start="#" if ($main'aout or $main'coff);
+$com_start="#" if ($::aout or $::coff);
-sub main'asm_init_output { @out=(); }
+sub opsize()
-sub main'asm_get_output { return(@out); }
+{ my $reg=shift;
-sub main'get_labels { return(@labels); }
+    if    ($reg =~ m/^%e/o)		{ "l"; }
-sub main'external_label { push(@labels,@_); }
+    elsif ($reg =~ m/^%[a-d][hl]$/o)	{ "b"; }
    elsif ($reg =~ m/^%[xm]/o)		{ undef; }
    else				{ "w"; }
 }
-if ($main'cpp)
+# swap arguments;
-	{
+# expand opcode with size suffix;
-	$align="ALIGN";
+# prefix numeric constants with $;
-	$under="";
+sub ::generic
-	$com_start='/*';
+{ my($opcode,$dst,$src)=@_;
-	$com_end='*/';
+  my($tmp,$suffix,@arg);
    if (defined($src))
    {	$src =~ s/^(e?[a-dsixphl]{2})$/%$1/o;
 	$src =~ s/^(x?mm[0-7])$/%$1/o;
 	$src =~ s/^(\-?[0-9]+)$/\$$1/o;
 	$src =~ s/^(\-?0x[0-9a-f]+)$/\$$1/o;
 	push(@arg,$src);
    }
    if (defined($dst))
    {	$dst =~ s/^(\*?)(e?[a-dsixphl]{2})$/$1%$2/o;
 	$dst =~ s/^(x?mm[0-7])$/%$1/o;
 	$dst =~ s/^(\-?[0-9]+)$/\$$1/o		if(!defined($src));
 	$dst =~ s/^(\-?0x[0-9a-f]+)$/\$$1/o	if(!defined($src));
 	push(@arg,$dst);
    }
-%lb=(	'eax',	'%al',
+    if    ($dst =~ m/^%/o)	{ $suffix=&opsize($dst); }
-	'ebx',	'%bl',
+    elsif ($src =~ m/^%/o)	{ $suffix=&opsize($src); }
-	'ecx',	'%cl',
+    else			{ $suffix="l";           }
-	'edx',	'%dl',
+    undef $suffix if ($dst =~ m/^%[xm]/o || $src =~ m/^%[xm]/o);
 	'ax',	'%al',
 	'bx',	'%bl',
 	'cx',	'%cl',
 	'dx',	'%dl',
 	);
-%hb=(	'eax',	'%ah',
+    if ($#_==0)				{ &::emit($opcode);		}
-	'ebx',	'%bh',
+    elsif ($opcode =~ m/^j/o && $#_==1)	{ &::emit($opcode,@arg);	}
-	'ecx',	'%ch',
+    elsif ($opcode eq "call" && $#_==1)	{ &::emit($opcode,@arg);	}
-	'edx',	'%dh',
+    elsif ($opcode =~ m/^set/&& $#_==1)	{ &::emit($opcode,@arg);	}
-	'ax',	'%ah',
+    else				{ &::emit($opcode.$suffix,@arg);}
 	'bx',	'%bh',
 	'cx',	'%ch',
 	'dx',	'%dh',
 	);
-%regs=(	'eax',	'%eax',
+  1;
-	'ebx',	'%ebx',
+}
 	'ecx',	'%ecx',
 	'edx',	'%edx',
 	'esi',	'%esi',
 	'edi',	'%edi',
 	'ebp',	'%ebp',
 	'esp',	'%esp',
 	'mm0',	'%mm0',
 	'mm1',	'%mm1',
 	'mm2',	'%mm2',
 	'mm3',	'%mm3',
 	'mm4',	'%mm4',
 	'mm5',	'%mm5',
 	'mm6',	'%mm6',
 	'mm7',	'%mm7',
 	'xmm0',	'%xmm0',
 	'xmm1',	'%xmm1',
 	'xmm2',	'%xmm2',
 	'xmm3',	'%xmm3',
 	'xmm4',	'%xmm4',
 	'xmm5',	'%xmm5',
 	'xmm6',	'%xmm6',
 	'xmm7',	'%xmm7',
 	);
 %reg_val=(
 	'eax',	0x00,
 	'ebx',	0x03,
 	'ecx',	0x01,
 	'edx',	0x02,
 	'esi',	0x06,
 	'edi',	0x07,
 	'ebp',	0x05,
 	'esp',	0x04,
 	);
 sub main'LB
 	{
 	(defined($lb{$_[0]})) || die "$_[0] does not have a 'low byte'\n";
 	return($lb{$_[0]});
 	}
 sub main'HB
 	{
 	(defined($hb{$_[0]})) || die "$_[0] does not have a 'high byte'\n";
 	return($hb{$_[0]});
 	}
 sub main'DWP
 	{
 	local($addr,$reg1,$reg2,$idx)=@_;
 	$ret="";
 	$addr =~ s/(^|[+ \t])([A-Za-z_]+[A-Za-z0-9_]+)($|[+ \t])/$1$under$2$3/;
 	$reg1="$regs{$reg1}" if defined($regs{$reg1});
 	$reg2="$regs{$reg2}" if defined($regs{$reg2});
 	$ret.=$addr if ($addr ne "") && ($addr ne 0);
 	if ($reg2 ne "")
 		{
 		if($idx ne "" && $idx != 0)
 		    { $ret.="($reg1,$reg2,$idx)"; }
 		else
 		    { $ret.="($reg1,$reg2)"; }
 	        }
 	elsif ($reg1 ne "")
 		{ $ret.="($reg1)" }
 	return($ret);
 	}
 sub main'QWP
 	{
 	return(&main'DWP(@_));
 	}
 sub main'BP
 	{
 	return(&main'DWP(@_));
 	}
 sub main'BC
 	{
 	return @_;
 	}
 sub main'DWC
 	{
 	return @_;
 	}
 #sub main'BP
 #	{
 #	local($addr,$reg1,$reg2,$idx)=@_;
 #
-#	$ret="";
+# opcodes not covered by ::generic above, mostly inconsistent namings...
 #
-#	$addr =~ s/(^|[+ \t])([A-Za-z_]+)($|[+ \t])/$1$under$2$3/;
+sub ::movz	{ &::movzb(@_);			}
-#	$reg1="$regs{$reg1}" if defined($regs{$reg1});
+sub ::pushf	{ &::pushfl;			}
-#	$reg2="$regs{$reg2}" if defined($regs{$reg2});
+sub ::popf	{ &::popfl;			}
-#	$ret.=$addr if ($addr ne "") && ($addr ne 0);
+sub ::cpuid	{ &::emit(".byte\t0x0f,0xa2");	}
-#	if ($reg2 ne "")
+sub ::rdtsc	{ &::emit(".byte\t0x0f,0x31");	}
 #		{ $ret.="($reg1,$reg2,$idx)"; }
 #	else
 #		{ $ret.="($reg1)" }
 #	return($ret);
 #	}
-sub main'mov	{ &out2("movl",@_); }
+sub ::call	{ &::emit("call",(&islabel($_[0]) or "$under$_[0]")); }
-sub main'movb	{ &out2("movb",@_); }
+sub ::call_ptr	{ &::generic("call","*$_[0]");	}
-sub main'and	{ &out2("andl",@_); }
+sub ::jmp_ptr	{ &::generic("jmp","*$_[0]");	}
 sub main'or	{ &out2("orl",@_); }
 sub main'shl	{ &out2("sall",@_); }
 sub main'shr	{ &out2("shrl",@_); }
 sub main'xor	{ &out2("xorl",@_); }
 sub main'xorb	{ &out2("xorb",@_); }
 sub main'add	{ &out2($_[0]=~/%[a-d][lh]/?"addb":"addl",@_); }
 sub main'adc	{ &out2("adcl",@_); }
 sub main'sub	{ &out2("subl",@_); }
 sub main'sbb	{ &out2("sbbl",@_); }
 sub main'rotl	{ &out2("roll",@_); }
 sub main'rotr	{ &out2("rorl",@_); }
 sub main'exch	{ &out2($_[0]=~/%[a-d][lh]/?"xchgb":"xchgl",@_); }
 sub main'cmp	{ &out2("cmpl",@_); }
 sub main'lea	{ &out2("leal",@_); }
 sub main'mul	{ &out1("mull",@_); }
 sub main'div	{ &out1("divl",@_); }
 sub main'jmp	{ &out1("jmp",@_); }
 sub main'jmp_ptr { &out1p("jmp",@_); }
 sub main'je	{ &out1("je",@_); }
 sub main'jle	{ &out1("jle",@_); }
 sub main'jne	{ &out1("jne",@_); }
 sub main'jnz	{ &out1("jnz",@_); }
 sub main'jz	{ &out1("jz",@_); }
 sub main'jge	{ &out1("jge",@_); }
 sub main'jl	{ &out1("jl",@_); }
 sub main'ja	{ &out1("ja",@_); }
 sub main'jae	{ &out1("jae",@_); }
 sub main'jb	{ &out1("jb",@_); }
 sub main'jbe	{ &out1("jbe",@_); }
 sub main'jc	{ &out1("jc",@_); }
 sub main'jnc	{ &out1("jnc",@_); }
 sub main'jno	{ &out1("jno",@_); }
 sub main'dec	{ &out1("decl",@_); }
 sub main'inc	{ &out1($_[0]=~/%[a-d][hl]/?"incb":"incl",@_); }
 sub main'push	{ &out1("pushl",@_); $stack+=4; }
 sub main'pop	{ &out1("popl",@_); $stack-=4; }
 sub main'pushf	{ &out0("pushfl"); $stack+=4; }
 sub main'popf	{ &out0("popfl"); $stack-=4; }
 sub main'not	{ &out1("notl",@_); }
 sub main'call	{	my $pre=$under;
 			foreach $i (%label)
 			{ if ($label{$i} eq $_[0]) { $pre=''; last; } }
 			&out1("call",$pre.$_[0]);
 		}
 sub main'call_ptr { &out1p("call",@_); }
 sub main'ret	{ &out0("ret"); }
 sub main'nop	{ &out0("nop"); }
 sub main'test	{ &out2("testl",@_); }
 sub main'bt	{ &out2("btl",@_); }
 sub main'leave	{ &out0("leave"); }
 sub main'cpuid	{ &out0(".byte\t0x0f,0xa2"); }
 sub main'rdtsc	{ &out0(".byte\t0x0f,0x31"); }
 sub main'halt	{ &out0("hlt"); }
 sub main'movz	{ &out2("movzbl",@_); }
 sub main'neg	{ &out1("negl",@_); }
 sub main'cld	{ &out0("cld"); }
-# SSE2
+*::bswap = sub	{ &::emit("bswap","%$_[0]");	} if (!$::i386);
-sub main'emms	{ &out0("emms"); }
+
-sub main'movd	{ &out2("movd",@_); }
+# chosen SSE instructions
-sub main'movdqu	{ &out2("movdqu",@_); }
+sub ::movq
-sub main'movdqa	{ &out2("movdqa",@_); }
+{ my($p1,$p2,$optimize)=@_;
 sub main'movdq2q{ &out2("movdq2q",@_); }
 sub main'movq2dq{ &out2("movq2dq",@_); }
 sub main'paddq	{ &out2("paddq",@_); }
 sub main'pmuludq{ &out2("pmuludq",@_); }
 sub main'psrlq	{ &out2("psrlq",@_); }
 sub main'psllq	{ &out2("psllq",@_); }
 sub main'pxor	{ &out2("pxor",@_); }
 sub main'por	{ &out2("por",@_); }
 sub main'pand	{ &out2("pand",@_); }
 sub main'movq	{
 	local($p1,$p2,$optimize)=@_;
    if ($optimize && $p1=~/^mm[0-7]$/ && $p2=~/^mm[0-7]$/)
    # movq between mmx registers can sink Intel CPUs
-		{	push(@out,"\tpshufw\t\$0xe4,%$p2,%$p1\n");	}
+    {	&::pshufw($p1,$p2,0xe4);	}
 	else	{	&out2("movq",@_);				}
 	}
 # The bswapl instruction is new for the 486. Emulate if i386.
 sub main'bswap
 	{
 	if ($main'i386)
 		{
 		&main'comment("bswapl @_");
 		&main'exch(main'HB(@_),main'LB(@_));
 		&main'rotr(@_,16);
 		&main'exch(main'HB(@_),main'LB(@_));
 		}
    else
-		{
+    {	&::generic("movq",@_);	}
-		&out1("bswapl",@_);
+}
-		}
+sub ::pshufw
 { my($dst,$src,$magic)=@_;
    &::emit("pshufw","\$$magic","%$src","%$dst");
 }
 sub ::DWP
 { my($addr,$reg1,$reg2,$idx)=@_;
  my $ret="";
    $addr =~ s/^\s+//;
    # prepend global references with optional underscore
    $addr =~ s/^([^\+\-0-9][^\+\-]*)/islabel($1) or "$under$1"/ige;
    $reg1 = "%$reg1" if ($reg1);
    $reg2 = "%$reg2" if ($reg2);
    $ret .= $addr if (($addr ne "") && ($addr ne 0));
    if ($reg2)
    {	$idx!= 0 or $idx=1;
 	$ret .= "($reg1,$reg2,$idx)";
    }
    elsif ($reg1)
    {	$ret .= "($reg1)";	}
-sub out2
+  $ret;
-	{
+}
-	local($name,$p1,$p2)=@_;
+sub ::QWP	{ &::DWP(@_);	}
-	local($l,$ll,$t);
+sub ::BP	{ &::DWP(@_);	}
-	local(%special)=(	"roll",0xD1C0,"rorl",0xD1C8,
+sub ::BC	{ @_;		}
-				"rcll",0xD1D0,"rcrl",0xD1D8,
+sub ::DWC	{ @_;		}
 				"shll",0xD1E0,"shrl",0xD1E8,
 				"sarl",0xD1F8);
-	if ((defined($special{$name})) && defined($regs{$p1}) && ($p2 == 1))
+sub ::file
-		{
+{   push(@out,".file\t\"$_[0].s\"\n");	}
 		$op=$special{$name}|$reg_val{$p1};
 		$tmp1=sprintf(".byte %d\n",($op>>8)&0xff);
 		$tmp2=sprintf(".byte %d\t",$op     &0xff);
 		push(@out,$tmp1);
 		push(@out,$tmp2);
-		$p2=&conv($p2);
+sub ::function_begin_B
-		$p1=&conv($p1);
+{ my($func,$extra)=@_;
-		&main'comment("$name $p2 $p1");
+  my $tmp;
 		return;
 		}
-	push(@out,"\t$name\t");
+    &::external_label($func);
 	$t=&conv($p2).",";
 	$l=length($t);
 	push(@out,$t);
 	$ll=4-($l+9)/8;
 	$tmp1=sprintf("\t" x $ll);
 	push(@out,$tmp1);
 	push(@out,&conv($p1)."\n");
 	}
 sub out1
 	{
 	local($name,$p1)=@_;
 	local($l,$t);
 	local(%special)=("bswapl",0x0FC8);
 	if ((defined($special{$name})) && defined($regs{$p1}))
 		{
 		$op=$special{$name}|$reg_val{$p1};
 		$tmp1=sprintf(".byte %d\n",($op>>8)&0xff);
 		$tmp2=sprintf(".byte %d\t",$op     &0xff);
 		push(@out,$tmp1);
 		push(@out,$tmp2);
 		$p2=&conv($p2);
 		$p1=&conv($p1);
 		&main'comment("$name $p2 $p1");
 		return;
 		}
 	push(@out,"\t$name\t".&conv($p1)."\n");
 	}
 sub out1p
 	{
 	local($name,$p1)=@_;
 	local($l,$t);
 	push(@out,"\t$name\t*".&conv($p1)."\n");
 	}
 sub out0
 	{
 	push(@out,"\t$_[0]\n");
 	}
 sub conv
 	{
 	local($p)=@_;
 #	$p =~ s/0x([0-9A-Fa-f]+)/0$1h/;
 	$p=$regs{$p} if (defined($regs{$p}));
 	$p =~ s/^(-{0,1}[0-9A-Fa-f]+)$/\$$1/;
 	$p =~ s/^(0x[0-9A-Fa-f]+)$/\$$1/;
 	return $p;
 	}
 sub main'file
 	{
 	local($file)=@_;
 	local($tmp)=<<"EOF";
 	.file	"$file.s"
 EOF
 	push(@out,$tmp);
 	}
 sub main'function_begin
 	{
 	local($func)=@_;
 	&main'external_label($func);
    $func=$under.$func;
-	local($tmp)=<<"EOF";
+    push(@out,".text\n.globl\t$func\n");
-.text
+    if ($::coff)
-.globl	$func
+    {	push(@out,".def\t$func;\t.scl\t2;\t.type\t32;\t.endef\n"); }
-EOF
+    elsif ($::aout and !$::pic)
 	push(@out,$tmp);
 	if ($main'cpp)
 		{ $tmp=push(@out,"TYPE($func,\@function)\n"); }
 	elsif ($main'coff)
 		{ $tmp=push(@out,".def\t$func;\t.scl\t2;\t.type\t32;\t.endef\n"); }
 	elsif ($main'aout and !$main'pic)
    { }
-	else	{ $tmp=push(@out,".type\t$func,\@function\n"); }
+    else
    {	push(@out,".type	$func,\@function\n"); }
    push(@out,".align\t$align\n");
    push(@out,"$func:\n");
-	$tmp=<<"EOF";
+    $::stack=4;
-	pushl	%ebp
+}
 	pushl	%ebx
 	pushl	%esi
 	pushl	%edi
-EOF
+sub ::function_end_B
-	push(@out,$tmp);
+{ my($func)=@_;
 	$stack=20;
 	}
 sub main'function_begin_B
 	{
 	local($func,$extra)=@_;
 	&main'external_label($func);
 	$func=$under.$func;
 	local($tmp)=<<"EOF";
 .text
 .globl	$func
 EOF
 	push(@out,$tmp);
 	if ($main'cpp)
 		{ push(@out,"TYPE($func,\@function)\n"); }
 	elsif ($main'coff)
 		{ $tmp=push(@out,".def\t$func;\t.scl\t2;\t.type\t32;\t.endef\n"); }
 	elsif ($main'aout and !$main'pic)
 		{ }
 	else	{ push(@out,".type	$func,\@function\n"); }
 	push(@out,".align\t$align\n");
 	push(@out,"$func:\n");
 	$stack=4;
 	}
 sub main'function_end
 	{
 	local($func)=@_;
    $func=$under.$func;
 	local($tmp)=<<"EOF";
 	popl	%edi
 	popl	%esi
 	popl	%ebx
 	popl	%ebp
 	ret
 ${dot}L_${func}_end:
 EOF
 	push(@out,$tmp);
 	if ($main'cpp)
 		{ push(@out,"SIZE($func,${dot}L_${func}_end-$func)\n"); }
 	elsif ($main'coff or $main'aout)
                { }
 	else	{ push(@out,".size\t$func,${dot}L_${func}_end-$func\n"); }
 	push(@out,".ident	\"$func\"\n");
 	$stack=0;
 	%label=();
 	}
 sub main'function_end_A
 	{
 	local($func)=@_;
 	local($tmp)=<<"EOF";
 	popl	%edi
 	popl	%esi
 	popl	%ebx
 	popl	%ebp
 	ret
 EOF
 	push(@out,$tmp);
 	}
 sub main'function_end_B
 	{
 	local($func)=@_;
 	$func=$under.$func;
    push(@out,"${dot}L_${func}_end:\n");
-	if ($main'cpp)
+    if ($::elf)
-		{ push(@out,"SIZE($func,${dot}L_${func}_end-$func)\n"); }
+    {	push(@out,".size\t$func,${dot}L_${func}_end-$func\n"); }
-        elsif ($main'coff or $main'aout)
+    $::stack=0;
                { }
 	else	{ push(@out,".size\t$func,${dot}L_${func}_end-$func\n"); }
 	push(@out,".ident	\"$func\"\n");
 	$stack=0;
    %label=();
-	}
+}
-sub main'wparam
+sub ::comment
 	{
-	local($num)=@_;
+	if (!defined($com_start) or $::elf)
-
+		{	# Regarding $::elf above...
 	return(&main'DWP($stack+$num*4,"esp","",0));
 	}
 sub main'stack_push
 	{
 	local($num)=@_;
 	$stack+=$num*4;
 	&main'sub("esp",$num*4);
 	}
 sub main'stack_pop
 	{
 	local($num)=@_;
 	$stack-=$num*4;
 	&main'add("esp",$num*4);
 	}
 sub main'swtmp
 	{
 	return(&main'DWP($_[0]*4,"esp","",0));
 	}
 # Should use swtmp, which is above esp.  Linix can trash the stack above esp
 #sub main'wtmp
 #	{
 #	local($num)=@_;
 #
 #	return(&main'DWP(-($num+1)*4,"esp","",0));
 #	}
 sub main'comment
 	{
 	if (!defined($com_start) or $main'elf)
 		{	# Regarding $main'elf above...
 			# GNU and SVR4 as'es use different comment delimiters,
 		push(@out,"\n");	# so we just skip ELF comments...
 		return;
@@ -507,58 +160,47 @@ sub main'comment
 		}
 	}
-sub main'public_label
+sub islabel	# see is argument is a known label
-	{
+{ my $i;
-	$label{$_[0]}="${under}${_[0]}"	if (!defined($label{$_[0]}));
+    foreach $i (%label) { return $label{$i} if ($label{$i} eq $_[0]); }
  undef;
 }
 sub ::external_label { push(@labels,@_); }
 sub ::public_label
 {   $label{$_[0]}="${under}${_[0]}"	if (!defined($label{$_[0]}));
    push(@out,".globl\t$label{$_[0]}\n");
-	}
+}
-sub main'label
+sub ::label
-	{
+{   if (!defined($label{$_[0]}))
-	if (!defined($label{$_[0]}))
+    {	$label{$_[0]}="${dot}${label}${_[0]}"; $label++;   }
-		{
+  $label{$_[0]};
-		$label{$_[0]}="${dot}${label}${_[0]}";
+}
 		$label++;
 		}
 	return($label{$_[0]});
 	}
-sub main'set_label
+sub ::set_label
-	{
+{ my $label=&::label($_[0]);
-	if (!defined($label{$_[0]}))
+    &::align($_[1]) if ($_[1]>1);
-		{
+    push(@out,"$label:\n");
-		$label{$_[0]}="${dot}${label}${_[0]}";
+}
 		$label++;
 		}
 	if ($_[1]!=0)
 		{
 		if ($_[1]>1)	{ main'align($_[1]);		}
 		else		{ push(@out,".align $align\n");	}
 		}
 	push(@out,"$label{$_[0]}:\n");
 	}
-sub main'file_end
+sub ::file_end
-	{
+{   # try to detect if SSE2 or MMX extensions were used on ELF platform...
-	# try to detect if SSE2 or MMX extensions were used on ELF platform...
+    if ($::elf && grep {/\b%[x]?mm[0-7]\b|OPENSSL_ia32cap_P\b/i} @out) {
 	if ($main'elf && grep {/%[x]*mm[0-7]/i} @out) {
 		local($tmp);
 	push (@out,"\n.section\t.bss\n");
 	push (@out,".comm\t${under}OPENSSL_ia32cap_P,4,4\n");
 	return;	# below is not needed in OpenSSL context
 	push (@out,".section\t.init\n");
-		# One can argue that it's wasteful to craft every
+	&::picmeup("edx","OPENSSL_ia32cap_P");
 		# SSE/MMX module with this snippet... Well, it's 72
 		# bytes long and for the moment we have two modules.
 		# Let's argue when we have 7 modules or so...
 		#
 	# $1<<10 sets a reserved bit to signal that variable
 	# was initialized already...
-		&main'picmeup("edx","OPENSSL_ia32cap_P");
+	my $code=<<___;
 		$tmp=<<___;
 	cmpl	\$0,(%edx)
-		jne	1f
+	jne	3f
 	movl	\$1<<10,(%edx)
 	pushf
 	popl	%eax
@@ -570,165 +212,90 @@ sub main'file_end
 	popl	%eax
 	xorl	%ecx,%eax
 	btl	\$21,%eax
-		jnc	1f
+	jnc	3f
 	pushl	%ebp
 	pushl	%edi
 	pushl	%ebx
 	movl	%edx,%edi
-		movl	\$1,%eax
+	xor	%eax,%eax
 	.byte	0x0f,0xa2
-		orl	\$1<<10,%edx
+	xorl	%eax,%eax
 	cmpl	$1970169159,%ebx
 	setne	%al
 	movl	%eax,%ebp
 	cmpl	$1231384169,%edx
 	setne	%al
 	orl	%eax,%ebp
 	cmpl	$1818588270,%ecx
 	setne	%al
 	orl	%eax,%ebp
 	movl	$1,%eax
 	.byte	0x0f,0xa2
 	cmpl	$0,%ebp
 	jne	1f
 	andb	$15,%ah
 	cmpb	$15,%ah
 	jne	1f
 	orl	$1048576,%edx
 1:	btl	$28,%edx
 	jnc	2f
 	shrl	$16,%ebx
 	cmpb	$1,%bl
 	ja	2f
 	andl	$4026531839,%edx
 2:	orl	\$1<<10,%edx
 	movl	%edx,0(%edi)
 	popl	%ebx
 	popl	%edi
-		jmp	1f
+	popl	%ebp
 	jmp	3f
 	.align	$align
-	1:
+	3:
 ___
-		push (@out,$tmp);
+	push (@out,$code);
    }
 }
-	if ($const ne "")
+sub ::data_byte	{   push(@out,".byte\t".join(',',@_)."\n");   }
-		{
+sub ::data_word {   push(@out,".long\t".join(',',@_)."\n");   }
 		push(@out,".section .rodata\n");
 		push(@out,$const);
 		$const="";
 		}
 	}
-sub main'data_byte
+sub ::align
-	{
+{ my $val=$_[0],$p2,$i;
-	push(@out,"\t.byte\t".join(',',@_)."\n");
+    if ($::aout)
-	}
+    {	for ($p2=0;$val!=0;$val>>=1) { $p2++; }
 sub main'data_word
 	{
 	push(@out,"\t.long\t".join(',',@_)."\n");
 	}
 sub main'align
 	{
 	my $val=$_[0],$p2,$i;
 	if ($main'aout) {
 		for ($p2=0;$val!=0;$val>>=1) { $p2++; }
 	$val=$p2-1;
 	$val.=",0x90";
    }
    push(@out,".align\t$val\n");
-	}
+}
-# debug output functions: puts, putx, printf
+sub ::picmeup
 { my($dst,$sym,$base,$reflabel)=@_;
-sub main'puts
+    if ($::pic && ($::elf || $::aout))
-	{
+    {	if (!defined($base))
-	&pushvars();
+	{   &::call(&::label("PIC_me_up"));
-	&main'push('$Lstring' . ++$constl);
+	    &::set_label("PIC_me_up");
-	&main'call('puts');
+	    &::blindpop($dst);
-	$stack-=4;
+	    &::add($dst,"\$${under}_GLOBAL_OFFSET_TABLE_+[.-".
-	&main'add("esp",4);
+			    &::label("PIC_me_up") . "]");
 	&popvars();
 	$const .= "Lstring$constl:\n\t.string \"@_[0]\"\n";
 	}
 sub main'putx
 	{
 	&pushvars();
 	&main'push($_[0]);
 	&main'push('$Lstring' . ++$constl);
 	&main'call('printf');
 	&main'add("esp",8);
 	$stack-=8;
 	&popvars();
 	$const .= "Lstring$constl:\n\t.string \"\%X\"\n";
 	}
 sub main'printf
 	{
 	$ostack = $stack;
 	&pushvars();
 	for ($i = @_ - 1; $i >= 0; $i--)
 		{
 		if ($i == 0) # change this to support %s format strings
 			{
 			&main'push('$Lstring' . ++$constl);
 			$const .= "Lstring$constl:\n\t.string \"@_[$i]\"\n";
 	}
 	else
-			{
+	{   &::lea($dst,&::DWP("${under}_GLOBAL_OFFSET_TABLE_+[.-$reflabel]",
-			if ($_[$i] =~ /([0-9]*)\(%esp\)/)
+			    $base));
-				{
+	}
-				&main'push(($1 + $stack - $ostack) . '(%esp)');
+	&::mov($dst,&::DWP($under.$sym."\@GOT",$dst));
    }
    else
-				{
+    {	&::lea($dst,&::DWP($sym));	}
-				&main'push($_[$i]);
+}
 				}
 			}
 		}
 	&main'call('printf');
 	$stack-=4*@_;
 	&main'add("esp",4*@_);
 	&popvars();
 	}
-sub pushvars
+sub ::initseg
-	{
+{ my($f)=@_;
-	&main'pushf();
+  my($tmp,$ctor);
 	&main'push("edx");
 	&main'push("ecx");
 	&main'push("eax");
 	}
-sub popvars
+    if ($::elf)
-	{
+    {	$tmp=<<___;
 	&main'pop("eax");
 	&main'pop("ecx");
 	&main'pop("edx");
 	&main'popf();
 	}
 sub main'picmeup
 	{
 	local($dst,$sym)=@_;
 	if ($main'cpp)
 		{
 		local($tmp)=<<___;
 #if (defined(ELF) || defined(SOL)) && defined(PIC)
 	call	1f
 1:	popl	$regs{$dst}
 	addl	\$_GLOBAL_OFFSET_TABLE_+[.-1b],$regs{$dst}
 	movl	$sym\@GOT($regs{$dst}),$regs{$dst}
 #else
 	leal	$sym,$regs{$dst}
 #endif
 ___
 		push(@out,$tmp);
 		}
 	elsif ($main'pic && ($main'elf || $main'aout))
 		{
 		&main'call(&main'label("PIC_me_up"));
 		&main'set_label("PIC_me_up");
 		&main'blindpop($dst);
 		&main'add($dst,"\$${under}_GLOBAL_OFFSET_TABLE_+[.-".
 				&main'label("PIC_me_up") . "]");
 		&main'mov($dst,&main'DWP($under.$sym."\@GOT",$dst));
 		}
 	else
 		{
 		&main'lea($dst,&main'DWP($sym));
 		}
 	}
 sub main'blindpop { &out1("popl",@_); }
 sub main'initseg
 	{
 	local($f)=@_;
 	local($tmp);
 	if ($main'elf)
 		{
 		$tmp=<<___;
 .section	.init
 	call	$under$f
 	jmp	.Linitalign
@@ -736,18 +303,16 @@ sub main'initseg
 .Linitalign:
 ___
    }
-	elsif ($main'coff)
+    elsif ($::coff)
-		{
+    {   $tmp=<<___;	# applies to both Cygwin and Mingw
 		$tmp=<<___;	# applies to both Cygwin and Mingw
 .section	.ctors
 .long	$under$f
 ___
    }
-	elsif ($main'aout)
+    elsif ($::aout)
-		{
+    {	$ctor="${under}_GLOBAL_\$I\$$f";
 		local($ctor)="${under}_GLOBAL_\$I\$$f";
 	$tmp=".text\n";
-		$tmp.=".type	$ctor,\@function\n" if ($main'pic);
+	$tmp.=".type	$ctor,\@function\n" if ($::pic);
 	$tmp.=<<___;	# OpenBSD way...
 .globl	$ctor
 .align	2
@@ -756,6 +321,6 @@ $ctor:
 ___
    }
    push(@out,$tmp) if ($tmp);
-	}
+}
 1;
--- a/crypto/pqueue/pq_compat.h
+++ b/crypto/pqueue/pq_compat.h
@@ -57,7 +57,7 @@
 *
 */
-#include "opensslconf.h"
+#include <openssl/opensslconf.h>
 #include <openssl/bn.h>
 /* 
--- a/crypto/rand/rand.h
+++ b/crypto/rand/rand.h
@@ -137,9 +137,13 @@ void ERR_load_RAND_strings(void);
 /* Error codes for the RAND functions. */
 /* Function codes. */
 #define RAND_F_ENG_RAND_GET_RAND_METHOD			 108
 #define RAND_F_FIPS_RAND				 103
 #define RAND_F_FIPS_RAND_BYTES				 102
 #define RAND_F_FIPS_RAND_GET_RAND_METHOD		 109
 #define RAND_F_FIPS_RAND_SET_DT				 106
 #define RAND_F_FIPS_SET_DT				 104
 #define RAND_F_FIPS_SET_PRNG_SEED			 107
 #define RAND_F_FIPS_SET_TEST_MODE			 105
 #define RAND_F_RAND_GET_RAND_METHOD			 101
 #define RAND_F_SSLEAY_RAND_BYTES			 100
@@ -154,6 +158,7 @@ void ERR_load_RAND_strings(void);
 #define RAND_R_PRNG_NOT_REKEYED				 102
 #define RAND_R_PRNG_NOT_RESEEDED			 103
 #define RAND_R_PRNG_NOT_SEEDED				 100
 #define RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY		 110
 #define RAND_R_PRNG_STUCK				 104
 #ifdef  __cplusplus
--- a/crypto/rand/rand_eng.c
+++ b/crypto/rand/rand_eng.c
@@ -109,7 +109,7 @@ const RAND_METHOD *eng_RAND_get_rand_method(const RAND_METHOD **pmeth)
 	if(FIPS_mode()
 		&& *pmeth != FIPS_rand_check())
 	    {
-	    RANDerr(RAND_F_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD);
+	    RANDerr(RAND_F_ENG_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD);
 	    return 0;
 	    }
--- a/crypto/rand/rand_err.c
+++ b/crypto/rand/rand_err.c
@@ -1,6 +1,6 @@
 /* crypto/rand/rand_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -70,9 +70,13 @@
 static ERR_STRING_DATA RAND_str_functs[]=
 	{
 {ERR_FUNC(RAND_F_ENG_RAND_GET_RAND_METHOD),	"ENG_RAND_GET_RAND_METHOD"},
 {ERR_FUNC(RAND_F_FIPS_RAND),	"FIPS_RAND"},
 {ERR_FUNC(RAND_F_FIPS_RAND_BYTES),	"FIPS_RAND_BYTES"},
 {ERR_FUNC(RAND_F_FIPS_RAND_GET_RAND_METHOD),	"FIPS_RAND_GET_RAND_METHOD"},
 {ERR_FUNC(RAND_F_FIPS_RAND_SET_DT),	"FIPS_RAND_SET_DT"},
 {ERR_FUNC(RAND_F_FIPS_SET_DT),	"FIPS_SET_DT"},
 {ERR_FUNC(RAND_F_FIPS_SET_PRNG_SEED),	"FIPS_SET_PRNG_SEED"},
 {ERR_FUNC(RAND_F_FIPS_SET_TEST_MODE),	"FIPS_SET_TEST_MODE"},
 {ERR_FUNC(RAND_F_RAND_GET_RAND_METHOD),	"RAND_get_rand_method"},
 {ERR_FUNC(RAND_F_SSLEAY_RAND_BYTES),	"SSLEAY_RAND_BYTES"},
@@ -90,6 +94,7 @@ static ERR_STRING_DATA RAND_str_reasons[]=
 {ERR_REASON(RAND_R_PRNG_NOT_REKEYED)     ,"prng not rekeyed"},
 {ERR_REASON(RAND_R_PRNG_NOT_RESEEDED)    ,"prng not reseeded"},
 {ERR_REASON(RAND_R_PRNG_NOT_SEEDED)      ,"PRNG not seeded"},
 {ERR_REASON(RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY),"prng seed must not match key"},
 {ERR_REASON(RAND_R_PRNG_STUCK)           ,"prng stuck"},
 {0,NULL}
 	};
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -91,7 +91,7 @@ static const RAND_METHOD *fips_RAND_get_rand_method(const RAND_METHOD **pmeth)
 	if(FIPS_mode()
 		&& *pmeth != FIPS_rand_check())
 	    {
-	    RANDerr(RAND_F_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD);
+	    RANDerr(RAND_F_FIPS_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD);
 	    return 0;
 	    }
--- a/crypto/rc4/rc4_skey.c
+++ b/crypto/rc4/rc4_skey.c
@@ -128,7 +128,12 @@ FIPS_NON_FIPS_VCIPHER_Init(RC4)
 		 * module...
 		 *				<appro@fy.chalmers.se>
 		 */
 #ifdef OPENSSL_FIPS
 		unsigned long *ia32cap_ptr = OPENSSL_ia32cap_loc();
 		if (ia32cap_ptr && (*ia32cap_ptr & (1<<28))) {
 #else
 		if (OPENSSL_ia32cap_P & (1<<28)) {
 #endif
 			unsigned char *cp=(unsigned char *)d;
 			for (i=0;i<256;i++) cp[i]=i;
--- a/crypto/ripemd/asm/rmd-586.pl
+++ b/crypto/ripemd/asm/rmd-586.pl
@@ -1,7 +1,7 @@
 #!/usr/local/bin/perl
 # Normal is the
-# ripemd160_block_asm_host_order(RIPEMD160_CTX *c, ULONG *X,int blocks);
+# ripemd160_block_asm_data_order(RIPEMD160_CTX *c, ULONG *X,int blocks);
 $normal=0;
@@ -56,7 +56,7 @@ $KR3=0x7A6D76E9;
 	 8, 5,12, 9,12, 5,14, 6, 8,13, 6, 5,15,13,11,11,
 	);
-&ripemd160_block("ripemd160_block_asm_host_order");
+&ripemd160_block("ripemd160_block_asm_data_order");
 &asm_finish();
 sub Xv
--- a/crypto/ripemd/rmd_dgst.c
+++ b/crypto/ripemd/rmd_dgst.c
@@ -84,207 +84,6 @@ FIPS_NON_FIPS_MD_Init(RIPEMD160)
 	return 1;
 	}
 #ifndef ripemd160_block_host_order
 #ifdef X
 #undef X
 #endif
 #define X(i)	XX[i]
 void ripemd160_block_host_order (RIPEMD160_CTX *ctx, const void *p, size_t num)
 	{
 	const RIPEMD160_LONG *XX=p;
 	register unsigned MD32_REG_T A,B,C,D,E;
 	register unsigned MD32_REG_T a,b,c,d,e;
 	for (;num--;XX+=HASH_LBLOCK)
 		{
 	A=ctx->A; B=ctx->B; C=ctx->C; D=ctx->D; E=ctx->E;
 	RIP1(A,B,C,D,E,WL00,SL00);
 	RIP1(E,A,B,C,D,WL01,SL01);
 	RIP1(D,E,A,B,C,WL02,SL02);
 	RIP1(C,D,E,A,B,WL03,SL03);
 	RIP1(B,C,D,E,A,WL04,SL04);
 	RIP1(A,B,C,D,E,WL05,SL05);
 	RIP1(E,A,B,C,D,WL06,SL06);
 	RIP1(D,E,A,B,C,WL07,SL07);
 	RIP1(C,D,E,A,B,WL08,SL08);
 	RIP1(B,C,D,E,A,WL09,SL09);
 	RIP1(A,B,C,D,E,WL10,SL10);
 	RIP1(E,A,B,C,D,WL11,SL11);
 	RIP1(D,E,A,B,C,WL12,SL12);
 	RIP1(C,D,E,A,B,WL13,SL13);
 	RIP1(B,C,D,E,A,WL14,SL14);
 	RIP1(A,B,C,D,E,WL15,SL15);
 	RIP2(E,A,B,C,D,WL16,SL16,KL1);
 	RIP2(D,E,A,B,C,WL17,SL17,KL1);
 	RIP2(C,D,E,A,B,WL18,SL18,KL1);
 	RIP2(B,C,D,E,A,WL19,SL19,KL1);
 	RIP2(A,B,C,D,E,WL20,SL20,KL1);
 	RIP2(E,A,B,C,D,WL21,SL21,KL1);
 	RIP2(D,E,A,B,C,WL22,SL22,KL1);
 	RIP2(C,D,E,A,B,WL23,SL23,KL1);
 	RIP2(B,C,D,E,A,WL24,SL24,KL1);
 	RIP2(A,B,C,D,E,WL25,SL25,KL1);
 	RIP2(E,A,B,C,D,WL26,SL26,KL1);
 	RIP2(D,E,A,B,C,WL27,SL27,KL1);
 	RIP2(C,D,E,A,B,WL28,SL28,KL1);
 	RIP2(B,C,D,E,A,WL29,SL29,KL1);
 	RIP2(A,B,C,D,E,WL30,SL30,KL1);
 	RIP2(E,A,B,C,D,WL31,SL31,KL1);
 	RIP3(D,E,A,B,C,WL32,SL32,KL2);
 	RIP3(C,D,E,A,B,WL33,SL33,KL2);
 	RIP3(B,C,D,E,A,WL34,SL34,KL2);
 	RIP3(A,B,C,D,E,WL35,SL35,KL2);
 	RIP3(E,A,B,C,D,WL36,SL36,KL2);
 	RIP3(D,E,A,B,C,WL37,SL37,KL2);
 	RIP3(C,D,E,A,B,WL38,SL38,KL2);
 	RIP3(B,C,D,E,A,WL39,SL39,KL2);
 	RIP3(A,B,C,D,E,WL40,SL40,KL2);
 	RIP3(E,A,B,C,D,WL41,SL41,KL2);
 	RIP3(D,E,A,B,C,WL42,SL42,KL2);
 	RIP3(C,D,E,A,B,WL43,SL43,KL2);
 	RIP3(B,C,D,E,A,WL44,SL44,KL2);
 	RIP3(A,B,C,D,E,WL45,SL45,KL2);
 	RIP3(E,A,B,C,D,WL46,SL46,KL2);
 	RIP3(D,E,A,B,C,WL47,SL47,KL2);
 	RIP4(C,D,E,A,B,WL48,SL48,KL3);
 	RIP4(B,C,D,E,A,WL49,SL49,KL3);
 	RIP4(A,B,C,D,E,WL50,SL50,KL3);
 	RIP4(E,A,B,C,D,WL51,SL51,KL3);
 	RIP4(D,E,A,B,C,WL52,SL52,KL3);
 	RIP4(C,D,E,A,B,WL53,SL53,KL3);
 	RIP4(B,C,D,E,A,WL54,SL54,KL3);
 	RIP4(A,B,C,D,E,WL55,SL55,KL3);
 	RIP4(E,A,B,C,D,WL56,SL56,KL3);
 	RIP4(D,E,A,B,C,WL57,SL57,KL3);
 	RIP4(C,D,E,A,B,WL58,SL58,KL3);
 	RIP4(B,C,D,E,A,WL59,SL59,KL3);
 	RIP4(A,B,C,D,E,WL60,SL60,KL3);
 	RIP4(E,A,B,C,D,WL61,SL61,KL3);
 	RIP4(D,E,A,B,C,WL62,SL62,KL3);
 	RIP4(C,D,E,A,B,WL63,SL63,KL3);
 	RIP5(B,C,D,E,A,WL64,SL64,KL4);
 	RIP5(A,B,C,D,E,WL65,SL65,KL4);
 	RIP5(E,A,B,C,D,WL66,SL66,KL4);
 	RIP5(D,E,A,B,C,WL67,SL67,KL4);
 	RIP5(C,D,E,A,B,WL68,SL68,KL4);
 	RIP5(B,C,D,E,A,WL69,SL69,KL4);
 	RIP5(A,B,C,D,E,WL70,SL70,KL4);
 	RIP5(E,A,B,C,D,WL71,SL71,KL4);
 	RIP5(D,E,A,B,C,WL72,SL72,KL4);
 	RIP5(C,D,E,A,B,WL73,SL73,KL4);
 	RIP5(B,C,D,E,A,WL74,SL74,KL4);
 	RIP5(A,B,C,D,E,WL75,SL75,KL4);
 	RIP5(E,A,B,C,D,WL76,SL76,KL4);
 	RIP5(D,E,A,B,C,WL77,SL77,KL4);
 	RIP5(C,D,E,A,B,WL78,SL78,KL4);
 	RIP5(B,C,D,E,A,WL79,SL79,KL4);
 	a=A; b=B; c=C; d=D; e=E;
 	/* Do other half */
 	A=ctx->A; B=ctx->B; C=ctx->C; D=ctx->D; E=ctx->E;
 	RIP5(A,B,C,D,E,WR00,SR00,KR0);
 	RIP5(E,A,B,C,D,WR01,SR01,KR0);
 	RIP5(D,E,A,B,C,WR02,SR02,KR0);
 	RIP5(C,D,E,A,B,WR03,SR03,KR0);
 	RIP5(B,C,D,E,A,WR04,SR04,KR0);
 	RIP5(A,B,C,D,E,WR05,SR05,KR0);
 	RIP5(E,A,B,C,D,WR06,SR06,KR0);
 	RIP5(D,E,A,B,C,WR07,SR07,KR0);
 	RIP5(C,D,E,A,B,WR08,SR08,KR0);
 	RIP5(B,C,D,E,A,WR09,SR09,KR0);
 	RIP5(A,B,C,D,E,WR10,SR10,KR0);
 	RIP5(E,A,B,C,D,WR11,SR11,KR0);
 	RIP5(D,E,A,B,C,WR12,SR12,KR0);
 	RIP5(C,D,E,A,B,WR13,SR13,KR0);
 	RIP5(B,C,D,E,A,WR14,SR14,KR0);
 	RIP5(A,B,C,D,E,WR15,SR15,KR0);
 	RIP4(E,A,B,C,D,WR16,SR16,KR1);
 	RIP4(D,E,A,B,C,WR17,SR17,KR1);
 	RIP4(C,D,E,A,B,WR18,SR18,KR1);
 	RIP4(B,C,D,E,A,WR19,SR19,KR1);
 	RIP4(A,B,C,D,E,WR20,SR20,KR1);
 	RIP4(E,A,B,C,D,WR21,SR21,KR1);
 	RIP4(D,E,A,B,C,WR22,SR22,KR1);
 	RIP4(C,D,E,A,B,WR23,SR23,KR1);
 	RIP4(B,C,D,E,A,WR24,SR24,KR1);
 	RIP4(A,B,C,D,E,WR25,SR25,KR1);
 	RIP4(E,A,B,C,D,WR26,SR26,KR1);
 	RIP4(D,E,A,B,C,WR27,SR27,KR1);
 	RIP4(C,D,E,A,B,WR28,SR28,KR1);
 	RIP4(B,C,D,E,A,WR29,SR29,KR1);
 	RIP4(A,B,C,D,E,WR30,SR30,KR1);
 	RIP4(E,A,B,C,D,WR31,SR31,KR1);
 	RIP3(D,E,A,B,C,WR32,SR32,KR2);
 	RIP3(C,D,E,A,B,WR33,SR33,KR2);
 	RIP3(B,C,D,E,A,WR34,SR34,KR2);
 	RIP3(A,B,C,D,E,WR35,SR35,KR2);
 	RIP3(E,A,B,C,D,WR36,SR36,KR2);
 	RIP3(D,E,A,B,C,WR37,SR37,KR2);
 	RIP3(C,D,E,A,B,WR38,SR38,KR2);
 	RIP3(B,C,D,E,A,WR39,SR39,KR2);
 	RIP3(A,B,C,D,E,WR40,SR40,KR2);
 	RIP3(E,A,B,C,D,WR41,SR41,KR2);
 	RIP3(D,E,A,B,C,WR42,SR42,KR2);
 	RIP3(C,D,E,A,B,WR43,SR43,KR2);
 	RIP3(B,C,D,E,A,WR44,SR44,KR2);
 	RIP3(A,B,C,D,E,WR45,SR45,KR2);
 	RIP3(E,A,B,C,D,WR46,SR46,KR2);
 	RIP3(D,E,A,B,C,WR47,SR47,KR2);
 	RIP2(C,D,E,A,B,WR48,SR48,KR3);
 	RIP2(B,C,D,E,A,WR49,SR49,KR3);
 	RIP2(A,B,C,D,E,WR50,SR50,KR3);
 	RIP2(E,A,B,C,D,WR51,SR51,KR3);
 	RIP2(D,E,A,B,C,WR52,SR52,KR3);
 	RIP2(C,D,E,A,B,WR53,SR53,KR3);
 	RIP2(B,C,D,E,A,WR54,SR54,KR3);
 	RIP2(A,B,C,D,E,WR55,SR55,KR3);
 	RIP2(E,A,B,C,D,WR56,SR56,KR3);
 	RIP2(D,E,A,B,C,WR57,SR57,KR3);
 	RIP2(C,D,E,A,B,WR58,SR58,KR3);
 	RIP2(B,C,D,E,A,WR59,SR59,KR3);
 	RIP2(A,B,C,D,E,WR60,SR60,KR3);
 	RIP2(E,A,B,C,D,WR61,SR61,KR3);
 	RIP2(D,E,A,B,C,WR62,SR62,KR3);
 	RIP2(C,D,E,A,B,WR63,SR63,KR3);
 	RIP1(B,C,D,E,A,WR64,SR64);
 	RIP1(A,B,C,D,E,WR65,SR65);
 	RIP1(E,A,B,C,D,WR66,SR66);
 	RIP1(D,E,A,B,C,WR67,SR67);
 	RIP1(C,D,E,A,B,WR68,SR68);
 	RIP1(B,C,D,E,A,WR69,SR69);
 	RIP1(A,B,C,D,E,WR70,SR70);
 	RIP1(E,A,B,C,D,WR71,SR71);
 	RIP1(D,E,A,B,C,WR72,SR72);
 	RIP1(C,D,E,A,B,WR73,SR73);
 	RIP1(B,C,D,E,A,WR74,SR74);
 	RIP1(A,B,C,D,E,WR75,SR75);
 	RIP1(E,A,B,C,D,WR76,SR76);
 	RIP1(D,E,A,B,C,WR77,SR77);
 	RIP1(C,D,E,A,B,WR78,SR78);
 	RIP1(B,C,D,E,A,WR79,SR79);
 	D     =ctx->B+c+D;
 	ctx->B=ctx->C+d+E;
 	ctx->C=ctx->D+e+A;
 	ctx->D=ctx->E+a+B;
 	ctx->E=ctx->A+b+C;
 	ctx->A=D;
 		}
 	}
 #endif
 #ifndef ripemd160_block_data_order
 #ifdef X
 #undef X
--- a/crypto/ripemd/rmd_locl.h
+++ b/crypto/ripemd/rmd_locl.h
@@ -72,32 +72,20 @@
 */
 #ifdef RMD160_ASM
 # if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
-#  if !defined(B_ENDIAN)
+#  define ripemd160_block_host_order ripemd160_block_asm_data_order
 #   define ripemd160_block_host_order ripemd160_block_asm_host_order
 #  endif
 # endif
 #endif
 void ripemd160_block_host_order (RIPEMD160_CTX *c, const void *p,size_t num);
 void ripemd160_block_data_order (RIPEMD160_CTX *c, const void *p,size_t num);
 #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
 # if !defined(B_ENDIAN)
 #  define ripemd160_block_data_order ripemd160_block_host_order
 # endif
 #endif
 #define DATA_ORDER_IS_LITTLE_ENDIAN
 #define HASH_LONG               RIPEMD160_LONG
 #define HASH_LONG_LOG2          RIPEMD160_LONG_LOG2
 #define HASH_CTX                RIPEMD160_CTX
 #define HASH_CBLOCK             RIPEMD160_CBLOCK
 #define HASH_LBLOCK             RIPEMD160_LBLOCK
 #define HASH_UPDATE             RIPEMD160_Update
 #define HASH_TRANSFORM          RIPEMD160_Transform
 #define HASH_FINAL              RIPEMD160_Final
 #define HASH_BLOCK_HOST_ORDER   ripemd160_block_host_order
 #define	HASH_MAKE_STRING(c,s)	do {	\
 	unsigned long ll;		\
 	ll=(c)->A; HOST_l2c(ll,(s));	\
@@ -106,9 +94,7 @@ void ripemd160_block_data_order (RIPEMD160_CTX *c, const void *p,size_t num);
 	ll=(c)->D; HOST_l2c(ll,(s));	\
 	ll=(c)->E; HOST_l2c(ll,(s));	\
 	} while (0)
 #if !defined(L_ENDIAN) || defined(ripemd160_block_data_order)
 #define HASH_BLOCK_DATA_ORDER   ripemd160_block_data_order
 #endif
 #include "md32_common.h"
--- a/crypto/rsa/rsa.h
+++ b/crypto/rsa/rsa.h
@@ -182,6 +182,8 @@ struct rsa_st
 # define OPENSSL_RSA_MAX_MODULUS_BITS	16384
 #endif
 #define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 1024
 #ifndef OPENSSL_RSA_SMALL_MODULUS_BITS
 # define OPENSSL_RSA_SMALL_MODULUS_BITS	3072
 #endif
@@ -404,6 +406,8 @@ void ERR_load_RSA_strings(void);
 /* Error codes for the RSA functions. */
 /* Function codes. */
 #define RSA_F_FIPS_RSA_SIGN				 140
 #define RSA_F_FIPS_RSA_VERIFY				 141
 #define RSA_F_MEMORY_LOCK				 100
 #define RSA_F_RSA_BUILTIN_KEYGEN			 129
 #define RSA_F_RSA_CHECK_KEY				 123
@@ -439,6 +443,7 @@ void ERR_load_RSA_strings(void);
 #define RSA_F_RSA_PUBLIC_DECRYPT			 138
 #define RSA_F_RSA_SETUP_BLINDING			 136
 #define RSA_F_RSA_SET_DEFAULT_METHOD			 139
 #define RSA_F_RSA_SET_METHOD				 142
 #define RSA_F_RSA_SIGN					 117
 #define RSA_F_RSA_SIGN_ASN1_OCTET_STRING		 118
 #define RSA_F_RSA_VERIFY				 119
--- a/crypto/rsa/rsa_eng.c
+++ b/crypto/rsa/rsa_eng.c
@@ -121,7 +121,7 @@ int RSA_set_method(RSA *rsa, const RSA_METHOD *meth)
 #ifdef OPENSSL_FIPS
 	if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD))
 		{
-		RSAerr(RSA_F_RSA_SET_DEFAULT_METHOD, RSA_R_NON_FIPS_METHOD);
+		RSAerr(RSA_F_RSA_SET_METHOD, RSA_R_NON_FIPS_METHOD);
 		return 0;
 		}
 #endif
@@ -180,7 +180,7 @@ RSA *RSA_new_method(ENGINE *engine)
 #ifdef OPENSSL_FIPS
 	if (FIPS_mode() && !(ret->meth->flags & RSA_FLAG_FIPS_METHOD))
 		{
-		RSAerr(RSA_F_RSA_SET_DEFAULT_METHOD, RSA_R_NON_FIPS_METHOD);
+		RSAerr(RSA_F_RSA_NEW_METHOD, RSA_R_NON_FIPS_METHOD);
 #ifndef OPENSSL_NO_ENGINE
 		if (ret->engine)
 			ENGINE_finish(ret->engine);
--- a/crypto/rsa/rsa_err.c
+++ b/crypto/rsa/rsa_err.c
@@ -70,6 +70,8 @@
 static ERR_STRING_DATA RSA_str_functs[]=
 	{
 {ERR_FUNC(RSA_F_FIPS_RSA_SIGN),	"FIPS_RSA_SIGN"},
 {ERR_FUNC(RSA_F_FIPS_RSA_VERIFY),	"FIPS_RSA_VERIFY"},
 {ERR_FUNC(RSA_F_MEMORY_LOCK),	"MEMORY_LOCK"},
 {ERR_FUNC(RSA_F_RSA_BUILTIN_KEYGEN),	"RSA_BUILTIN_KEYGEN"},
 {ERR_FUNC(RSA_F_RSA_CHECK_KEY),	"RSA_check_key"},
@@ -105,6 +107,7 @@ static ERR_STRING_DATA RSA_str_functs[]=
 {ERR_FUNC(RSA_F_RSA_PUBLIC_DECRYPT),	"RSA_public_decrypt"},
 {ERR_FUNC(RSA_F_RSA_SETUP_BLINDING),	"RSA_setup_blinding"},
 {ERR_FUNC(RSA_F_RSA_SET_DEFAULT_METHOD),	"RSA_set_default_method"},
 {ERR_FUNC(RSA_F_RSA_SET_METHOD),	"RSA_set_method"},
 {ERR_FUNC(RSA_F_RSA_SIGN),	"RSA_sign"},
 {ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING),	"RSA_sign_ASN1_OCTET_STRING"},
 {ERR_FUNC(RSA_F_RSA_VERIFY),	"RSA_verify"},
--- a/crypto/sha/Makefile
+++ b/crypto/sha/Makefile
@@ -65,6 +65,15 @@ sha256-ia64.s: asm/sha512-ia64.pl
 sha512-ia64.s: asm/sha512-ia64.pl
 	(cd asm; $(PERL) sha512-ia64.pl ../$@ $(CFLAGS))
 # Solaris make has to be explicitly told
 sha1-x86_64.s:	asm/sha1-x86_64.pl;	$(PERL) asm/sha1-x86_64.pl $@
 sha256-x86_64.s:asm/sha512-x86_64.pl;	$(PERL) asm/sha512-x86_64.pl $@
 sha512-x86_64.s:asm/sha512-x86_64.pl;	$(PERL) asm/sha512-x86_64.pl $@
 # GNU make "catch all"
 sha1-%.s:	asm/sha1-%.pl;		$(PERL) $< $@
 sha256-%.s:	asm/sha512-%.pl;	$(PERL) $< $@
 sha512-%.s:	asm/sha512-%.pl;	$(PERL) $< $@
 files:
 	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
@@ -108,16 +117,23 @@ sha1_one.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 sha1_one.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 sha1_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 sha1_one.o: sha1_one.c
-sha1dgst.o: ../../include/openssl/opensslconf.h
+sha1dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-sha1dgst.o: ../../include/openssl/opensslv.h sha1dgst.c
+sha1dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h
 sha1dgst.o: ../md32_common.h sha1dgst.c sha_locl.h
 sha256.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 sha256.o: ../../include/openssl/fips.h ../../include/openssl/opensslconf.h
 sha256.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 sha256.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 sha256.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-sha256.o: sha256.c
+sha256.o: ../md32_common.h sha256.c
-sha512.o: ../../include/openssl/fips.h ../../include/openssl/opensslconf.h
+sha512.o: ../../e_os.h ../../include/openssl/bio.h
-sha512.o: sha512.c
+sha512.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 sha512.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 sha512.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
 sha512.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 sha512.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 sha512.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 sha512.o: ../../include/openssl/symhacks.h ../cryptlib.h sha512.c
 sha_dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
 sha_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 sha_dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
--- a/crypto/sha/asm/sha1-586.pl
+++ b/crypto/sha/asm/sha1-586.pl
@@ -1,4 +1,16 @@
-#!/usr/local/bin/perl
+#!/usr/bin/env perl
 # ====================================================================
 # [Re]written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
 # project. The module is, however, dual licensed under OpenSSL and
 # CRYPTOGAMS licenses depending on where you obtain it. For further
 # details see http://www.openssl.org/~appro/cryptogams/.
 # ====================================================================
 # "[Re]written" was achieved in two major overhauls. In 2004 BODY_*
 # functions were re-implemented to address P4 performance issue [see
 # commentary below], and in 2006 the rest was rewritten in order to
 # gain freedom to liberate licensing terms.
 # It was noted that Intel IA-32 C compiler generates code which
 # performs ~30% *faster* on P4 CPU than original *hand-coded*
@@ -17,90 +29,27 @@
 # improvement on P4 outweights the loss and incorporate this
 # re-tuned code to 0.9.7 and later.
 # ----------------------------------------------------------------
 # Those who for any particular reason absolutely must score on
 # Pentium can replace this module with one from 0.9.6 distribution.
 # This "offer" shall be revoked the moment programming interface to
 # this module is changed, in which case this paragraph should be
 # removed.
 # ----------------------------------------------------------------
 #					<appro@fy.chalmers.se>
-$normal=0;
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-
+push(@INC,"${dir}","${dir}../../perlasm");
 push(@INC,"perlasm","../../perlasm");
 require "x86asm.pl";
 &asm_init($ARGV[0],"sha1-586.pl",$ARGV[$#ARGV] eq "386");
 $A="eax";
-$B="ecx";
+$B="ebx";
-$C="ebx";
+$C="ecx";
 $D="edx";
 $E="edi";
 $T="esi";
 $tmp1="ebp";
-$off=9*4;
+@V=($A,$B,$C,$D,$E,$T);
@K=(0x5a827999,0x6ed9eba1,0x8f1bbcdc,0xca62c1d6);
 &sha1_block_data("sha1_block_asm_data_order");
 &asm_finish();
 sub Nn
 	{
 	local($p)=@_;
 	local(%n)=($A,$T,$B,$A,$C,$B,$D,$C,$E,$D,$T,$E);
 	return($n{$p});
 	}
 sub Np
 	{
 	local($p)=@_;
 	local(%n)=($A,$T,$B,$A,$C,$B,$D,$C,$E,$D,$T,$E);
 	local(%n)=($A,$B,$B,$C,$C,$D,$D,$E,$E,$T,$T,$A);
 	return($n{$p});
 	}
 sub Na
 	{
 	local($n)=@_;
 	return( (($n   )&0x0f),
 		(($n+ 2)&0x0f),
 		(($n+ 8)&0x0f),
 		(($n+13)&0x0f),
 		(($n+ 1)&0x0f));
 	}
 sub X_expand
 	{
 	local($in)=@_;
 	&comment("First, load the words onto the stack in network byte order");
 	for ($i=0; $i<16; $i+=2)
 		{
 		&mov($A,&DWP(($i+0)*4,$in,"",0));# unless $i == 0;
 		 &mov($B,&DWP(($i+1)*4,$in,"",0));
 		&bswap($A);
 		 &bswap($B);
 		&mov(&swtmp($i+0),$A);
 		 &mov(&swtmp($i+1),$B);
 		}
 	&comment("We now have the X array on the stack");
 	&comment("starting at sp-4");
 	}
 # Rules of engagement
 # F is always trashable at the start, the running total.
 # E becomes the next F so it can be trashed after it has been 'accumulated'
 # F becomes A in the next round.  We don't need to access it much.
 # During the X update part, the result ends up in $X[$n0].
 sub BODY_00_15
 	{
-	local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_;
+	local($n,$a,$b,$c,$d,$e,$f)=@_;
 	&comment("00_15 $n");
@@ -109,37 +58,37 @@ sub BODY_00_15
 	 else        { &mov($a,$tmp1); }
 	&rotl($tmp1,5);			# tmp1=ROTATE(a,5)
 	 &xor($f,$d);
 	&and($f,$b);
 	&add($tmp1,$e);			# tmp1+=e;
-	&mov($e,&swtmp($n));		# e becomes volatile and
+	 &and($f,$b);
-	 				# is loaded with xi
+	&mov($e,&swtmp($n%16));		# e becomes volatile and is loaded
 	 				# with xi, also note that e becomes
 					# f in next round...
 	 &xor($f,$d);			# f holds F_00_19(b,c,d)
 	&rotr($b,2);			# b=ROTATE(b,30)
-	 &lea($tmp1,&DWP($K,$tmp1,$e,1));# tmp1+=K_00_19+xi
+	 &lea($tmp1,&DWP(0x5a827999,$tmp1,$e));	# tmp1+=K_00_19+xi
 	if ($n==15) { &add($f,$tmp1); }	# f+=tmp1
-	else        { &add($tmp1,$f); }
+	else        { &add($tmp1,$f); }	# f becomes a in next round
 	}
 sub BODY_16_19
 	{
-	local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_;
+	local($n,$a,$b,$c,$d,$e,$f)=@_;
 	local($n0,$n1,$n2,$n3,$np)=&Na($n);
 	&comment("16_19 $n");
-	&mov($f,&swtmp($n1));		# f to hold Xupdate(xi,xa,xb,xc,xd)
+	&mov($f,&swtmp($n%16));		# f to hold Xupdate(xi,xa,xb,xc,xd)
 	 &mov($tmp1,$c);		# tmp1 to hold F_00_19(b,c,d)
-	&xor($f,&swtmp($n0));
+	&xor($f,&swtmp(($n+2)%16));
 	 &xor($tmp1,$d);
-	&xor($f,&swtmp($n2));
+	&xor($f,&swtmp(($n+8)%16));
 	 &and($tmp1,$b);		# tmp1 holds F_00_19(b,c,d)
 	&rotr($b,2);			# b=ROTATE(b,30)
-	 &xor($f,&swtmp($n3));		# f holds xa^xb^xc^xd
+	 &xor($f,&swtmp(($n+13)%16));	# f holds xa^xb^xc^xd
-	&rotl($f,1);			# f=ROATE(f,1)
+	&rotl($f,1);			# f=ROTATE(f,1)
 	 &xor($tmp1,$d);		# tmp1=F_00_19(b,c,d)
-	&mov(&swtmp($n0),$f);		# xi=f
+	&mov(&swtmp($n%16),$f);		# xi=f
-	&lea($f,&DWP($K,$f,$e,1));	# f+=K_00_19+e
+	&lea($f,&DWP(0x5a827999,$f,$e));# f+=K_00_19+e
 	 &mov($e,$a);			# e becomes volatile
 	&rotl($e,5);			# e=ROTATE(a,5)
 	 &add($f,$tmp1);		# f+=F_00_19(b,c,d)
@@ -148,48 +97,47 @@ sub BODY_16_19
 sub BODY_20_39
 	{
-	local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_;
+	local($n,$a,$b,$c,$d,$e,$f)=@_;
 	local $K=($n<40)?0x6ed9eba1:0xca62c1d6;
 	&comment("20_39 $n");
 	local($n0,$n1,$n2,$n3,$np)=&Na($n);
 	&mov($tmp1,$b);			# tmp1 to hold F_20_39(b,c,d)
-	 &mov($f,&swtmp($n0));		# f to hold Xupdate(xi,xa,xb,xc,xd)
+	 &mov($f,&swtmp($n%16));	# f to hold Xupdate(xi,xa,xb,xc,xd)
 	&rotr($b,2);			# b=ROTATE(b,30)
-	 &xor($f,&swtmp($n1));
+	 &xor($f,&swtmp(($n+2)%16));
 	&xor($tmp1,$c);
-	 &xor($f,&swtmp($n2));
+	 &xor($f,&swtmp(($n+8)%16));
 	&xor($tmp1,$d);			# tmp1 holds F_20_39(b,c,d)
-	 &xor($f,&swtmp($n3));		# f holds xa^xb^xc^xd
+	 &xor($f,&swtmp(($n+13)%16));	# f holds xa^xb^xc^xd
 	&rotl($f,1);			# f=ROTATE(f,1)
 	 &add($tmp1,$e);
-	&mov(&swtmp($n0),$f);		# xi=f
+	&mov(&swtmp($n%16),$f);		# xi=f
 	 &mov($e,$a);			# e becomes volatile
 	&rotl($e,5);			# e=ROTATE(a,5)
-	 &lea($f,&DWP($K,$f,$tmp1,1));	# f+=K_20_39+e
+	 &lea($f,&DWP($K,$f,$tmp1));	# f+=K_20_39+e
 	&add($f,$e);			# f+=ROTATE(a,5)
 	}
 sub BODY_40_59
 	{
-	local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_;
+	local($n,$a,$b,$c,$d,$e,$f)=@_;
 	&comment("40_59 $n");
 	local($n0,$n1,$n2,$n3,$np)=&Na($n);
-	&mov($f,&swtmp($n0));		# f to hold Xupdate(xi,xa,xb,xc,xd)
+	&mov($f,&swtmp($n%16));		# f to hold Xupdate(xi,xa,xb,xc,xd)
-	 &mov($tmp1,&swtmp($n1));
+	 &mov($tmp1,&swtmp(($n+2)%16));
 	&xor($f,$tmp1);
-	 &mov($tmp1,&swtmp($n2));
+	 &mov($tmp1,&swtmp(($n+8)%16));
 	&xor($f,$tmp1);
-	 &mov($tmp1,&swtmp($n3));
+	 &mov($tmp1,&swtmp(($n+13)%16));
 	&xor($f,$tmp1);			# f holds xa^xb^xc^xd
 	 &mov($tmp1,$b);		# tmp1 to hold F_40_59(b,c,d)
 	&rotl($f,1);			# f=ROTATE(f,1)
 	 &or($tmp1,$c);
-	&mov(&swtmp($n0),$f);		# xi=f
+	&mov(&swtmp($n%16),$f);		# xi=f
 	 &and($tmp1,$d);
-	&lea($f,&DWP($K,$f,$e,1));	# f+=K_40_59+e
+	&lea($f,&DWP(0x8f1bbcdc,$f,$e));# f+=K_40_59+e
 	 &mov($e,$b);			# e becomes volatile and is used
 					# to calculate F_40_59(b,c,d)
 	&rotr($b,2);			# b=ROTATE(b,30)
@@ -201,230 +149,71 @@ sub BODY_40_59
 	&add($f,$e);			# f+=ROTATE(a,5)
 	}
-sub BODY_60_79
+&function_begin("sha1_block_data_order",16);
 	&mov($tmp1,&wparam(0));	# SHA_CTX *c
 	&mov($T,&wparam(1));	# const void *input
 	&mov($A,&wparam(2));	# size_t num
 	&stack_push(16);	# allocate X[16]
 	&shl($A,6);
 	&add($A,$T);
 	&mov(&wparam(2),$A);	# pointer beyond the end of input
 	&mov($E,&DWP(16,$tmp1));# pre-load E
 	&set_label("loop",16);
 	# copy input chunk to X, but reversing byte order!
 	for ($i=0; $i<16; $i+=4)
 		{
-	&BODY_20_39(@_);
+		&mov($A,&DWP(4*($i+0),$T));
-	}
+		&mov($B,&DWP(4*($i+1),$T));
-
+		&mov($C,&DWP(4*($i+2),$T));
-sub sha1_block_host
+		&mov($D,&DWP(4*($i+3),$T));
-	{
+		&bswap($A);
-	local($name, $sclabel)=@_;
+		&bswap($B);
-
+		&bswap($C);
-	&function_begin_B($name,"");
+		&bswap($D);
 	# parameter 1 is the MD5_CTX structure.
 	# A	0
 	# B	4
 	# C	8
 	# D 	12
 	# E 	16
 	&mov("ecx",	&wparam(2));
 	 &push("esi");
 	&shl("ecx",6);
 	 &mov("esi",	&wparam(1));
 	&push("ebp");
 	 &add("ecx","esi");	# offset to leave on
 	&push("ebx");
 	 &mov("ebp",	&wparam(0));
 	&push("edi");
 	 &mov($D,	&DWP(12,"ebp","",0));
 	&stack_push(18+9);
 	 &mov($E,	&DWP(16,"ebp","",0));
 	&mov($C,	&DWP( 8,"ebp","",0));
 	 &mov(&swtmp(17),"ecx");
 	&comment("First we need to setup the X array");
 	for ($i=0; $i<16; $i+=2)
 		{
 		&mov($A,&DWP(($i+0)*4,"esi","",0));# unless $i == 0;
 		 &mov($B,&DWP(($i+1)*4,"esi","",0));
 		&mov(&swtmp($i+0),$A);
 		&mov(&swtmp($i+1),$B);
 		&mov(&swtmp($i+2),$C);
 		&mov(&swtmp($i+3),$D);
 		}
-	&jmp($sclabel);
+	&mov(&wparam(1),$T);	# redundant in 1st spin
 	&function_end_B($name);
 	}
 	&mov($A,&DWP(0,$tmp1));	# load SHA_CTX
 	&mov($B,&DWP(4,$tmp1));
 	&mov($C,&DWP(8,$tmp1));
 	&mov($D,&DWP(12,$tmp1));
 	# E is pre-loaded
-sub sha1_block_data
+	for($i=0;$i<16;$i++)	{ &BODY_00_15($i,@V); unshift(@V,pop(@V)); }
-	{
+	for(;$i<20;$i++)	{ &BODY_16_19($i,@V); unshift(@V,pop(@V)); }
-	local($name)=@_;
+	for(;$i<40;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
 	for(;$i<60;$i++)	{ &BODY_40_59($i,@V); unshift(@V,pop(@V)); }
 	for(;$i<80;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
-	&function_begin_B($name,"");
+	(($V[5] eq $D) and ($V[0] eq $E)) or die;	# double-check
-	# parameter 1 is the MD5_CTX structure.
+	&mov($tmp1,&wparam(0));	# re-load SHA_CTX*
-	# A	0
+	&mov($D,&wparam(1));	# D is last "T" and is discarded
 	# B	4
 	# C	8
 	# D 	12
 	# E 	16
-	&mov("ecx",	&wparam(2));
+	&add($E,&DWP(0,$tmp1));	# E is last "A"...
-	 &push("esi");
+	&add($T,&DWP(4,$tmp1));
-	&shl("ecx",6);
+	&add($A,&DWP(8,$tmp1));
-	 &mov("esi",	&wparam(1));
+	&add($B,&DWP(12,$tmp1));
-	&push("ebp");
+	&add($C,&DWP(16,$tmp1));
 	 &add("ecx","esi");	# offset to leave on
 	&push("ebx");
 	 &mov("ebp",	&wparam(0));
 	&push("edi");
 	 &mov($D,	&DWP(12,"ebp","",0));
 	&stack_push(18+9);
 	 &mov($E,	&DWP(16,"ebp","",0));
 	&mov($C,	&DWP( 8,"ebp","",0));
 	 &mov(&swtmp(17),"ecx");
-	&comment("First we need to setup the X array");
+	&mov(&DWP(0,$tmp1),$E);	# update SHA_CTX
 	 &add($D,64);		# advance input pointer
 	&mov(&DWP(4,$tmp1),$T);
 	 &cmp($D,&wparam(2));	# have we reached the end yet?
 	&mov(&DWP(8,$tmp1),$A);
 	 &mov($E,$C);		# C is last "E" which needs to be "pre-loaded"
 	&mov(&DWP(12,$tmp1),$B);
 	 &mov($T,$D);		# input pointer
 	&mov(&DWP(16,$tmp1),$C);
 	&jb(&label("loop"));
-	&set_label("start") unless $normal;
+	&stack_pop(16);
-
+&function_end("sha1_block_data_order");
 	&X_expand("esi");
 	 &mov(&wparam(1),"esi");
 	&set_label("shortcut", 0, 1);
 	&comment("");
 	&comment("Start processing");
 	# odd start
 	&mov($A,	&DWP( 0,"ebp","",0));
 	 &mov($B,	&DWP( 4,"ebp","",0));
 	$X="esp";
 	&BODY_00_15(-2,$K[0],$X, 0,$A,$B,$C,$D,$E,$T);
 	&BODY_00_15( 0,$K[0],$X, 1,$T,$A,$B,$C,$D,$E);
 	&BODY_00_15( 0,$K[0],$X, 2,$E,$T,$A,$B,$C,$D);
 	&BODY_00_15( 0,$K[0],$X, 3,$D,$E,$T,$A,$B,$C);
 	&BODY_00_15( 0,$K[0],$X, 4,$C,$D,$E,$T,$A,$B);
 	&BODY_00_15( 0,$K[0],$X, 5,$B,$C,$D,$E,$T,$A);
 	&BODY_00_15( 0,$K[0],$X, 6,$A,$B,$C,$D,$E,$T);
 	&BODY_00_15( 0,$K[0],$X, 7,$T,$A,$B,$C,$D,$E);
 	&BODY_00_15( 0,$K[0],$X, 8,$E,$T,$A,$B,$C,$D);
 	&BODY_00_15( 0,$K[0],$X, 9,$D,$E,$T,$A,$B,$C);
 	&BODY_00_15( 0,$K[0],$X,10,$C,$D,$E,$T,$A,$B);
 	&BODY_00_15( 0,$K[0],$X,11,$B,$C,$D,$E,$T,$A);
 	&BODY_00_15( 0,$K[0],$X,12,$A,$B,$C,$D,$E,$T);
 	&BODY_00_15( 0,$K[0],$X,13,$T,$A,$B,$C,$D,$E);
 	&BODY_00_15( 0,$K[0],$X,14,$E,$T,$A,$B,$C,$D);
 	&BODY_00_15( 1,$K[0],$X,15,$D,$E,$T,$A,$B,$C);
 	&BODY_16_19(-1,$K[0],$X,16,$C,$D,$E,$T,$A,$B);
 	&BODY_16_19( 0,$K[0],$X,17,$B,$C,$D,$E,$T,$A);
 	&BODY_16_19( 0,$K[0],$X,18,$A,$B,$C,$D,$E,$T);
 	&BODY_16_19( 1,$K[0],$X,19,$T,$A,$B,$C,$D,$E);
 	&BODY_20_39(-1,$K[1],$X,20,$E,$T,$A,$B,$C,$D);
 	&BODY_20_39( 0,$K[1],$X,21,$D,$E,$T,$A,$B,$C);
 	&BODY_20_39( 0,$K[1],$X,22,$C,$D,$E,$T,$A,$B);
 	&BODY_20_39( 0,$K[1],$X,23,$B,$C,$D,$E,$T,$A);
 	&BODY_20_39( 0,$K[1],$X,24,$A,$B,$C,$D,$E,$T);
 	&BODY_20_39( 0,$K[1],$X,25,$T,$A,$B,$C,$D,$E);
 	&BODY_20_39( 0,$K[1],$X,26,$E,$T,$A,$B,$C,$D);
 	&BODY_20_39( 0,$K[1],$X,27,$D,$E,$T,$A,$B,$C);
 	&BODY_20_39( 0,$K[1],$X,28,$C,$D,$E,$T,$A,$B);
 	&BODY_20_39( 0,$K[1],$X,29,$B,$C,$D,$E,$T,$A);
 	&BODY_20_39( 0,$K[1],$X,30,$A,$B,$C,$D,$E,$T);
 	&BODY_20_39( 0,$K[1],$X,31,$T,$A,$B,$C,$D,$E);
 	&BODY_20_39( 0,$K[1],$X,32,$E,$T,$A,$B,$C,$D);
 	&BODY_20_39( 0,$K[1],$X,33,$D,$E,$T,$A,$B,$C);
 	&BODY_20_39( 0,$K[1],$X,34,$C,$D,$E,$T,$A,$B);
 	&BODY_20_39( 0,$K[1],$X,35,$B,$C,$D,$E,$T,$A);
 	&BODY_20_39( 0,$K[1],$X,36,$A,$B,$C,$D,$E,$T);
 	&BODY_20_39( 0,$K[1],$X,37,$T,$A,$B,$C,$D,$E);
 	&BODY_20_39( 0,$K[1],$X,38,$E,$T,$A,$B,$C,$D);
 	&BODY_20_39( 1,$K[1],$X,39,$D,$E,$T,$A,$B,$C);
 	&BODY_40_59(-1,$K[2],$X,40,$C,$D,$E,$T,$A,$B);
 	&BODY_40_59( 0,$K[2],$X,41,$B,$C,$D,$E,$T,$A);
 	&BODY_40_59( 0,$K[2],$X,42,$A,$B,$C,$D,$E,$T);
 	&BODY_40_59( 0,$K[2],$X,43,$T,$A,$B,$C,$D,$E);
 	&BODY_40_59( 0,$K[2],$X,44,$E,$T,$A,$B,$C,$D);
 	&BODY_40_59( 0,$K[2],$X,45,$D,$E,$T,$A,$B,$C);
 	&BODY_40_59( 0,$K[2],$X,46,$C,$D,$E,$T,$A,$B);
 	&BODY_40_59( 0,$K[2],$X,47,$B,$C,$D,$E,$T,$A);
 	&BODY_40_59( 0,$K[2],$X,48,$A,$B,$C,$D,$E,$T);
 	&BODY_40_59( 0,$K[2],$X,49,$T,$A,$B,$C,$D,$E);
 	&BODY_40_59( 0,$K[2],$X,50,$E,$T,$A,$B,$C,$D);
 	&BODY_40_59( 0,$K[2],$X,51,$D,$E,$T,$A,$B,$C);
 	&BODY_40_59( 0,$K[2],$X,52,$C,$D,$E,$T,$A,$B);
 	&BODY_40_59( 0,$K[2],$X,53,$B,$C,$D,$E,$T,$A);
 	&BODY_40_59( 0,$K[2],$X,54,$A,$B,$C,$D,$E,$T);
 	&BODY_40_59( 0,$K[2],$X,55,$T,$A,$B,$C,$D,$E);
 	&BODY_40_59( 0,$K[2],$X,56,$E,$T,$A,$B,$C,$D);
 	&BODY_40_59( 0,$K[2],$X,57,$D,$E,$T,$A,$B,$C);
 	&BODY_40_59( 0,$K[2],$X,58,$C,$D,$E,$T,$A,$B);
 	&BODY_40_59( 1,$K[2],$X,59,$B,$C,$D,$E,$T,$A);
 	&BODY_60_79(-1,$K[3],$X,60,$A,$B,$C,$D,$E,$T);
 	&BODY_60_79( 0,$K[3],$X,61,$T,$A,$B,$C,$D,$E);
 	&BODY_60_79( 0,$K[3],$X,62,$E,$T,$A,$B,$C,$D);
 	&BODY_60_79( 0,$K[3],$X,63,$D,$E,$T,$A,$B,$C);
 	&BODY_60_79( 0,$K[3],$X,64,$C,$D,$E,$T,$A,$B);
 	&BODY_60_79( 0,$K[3],$X,65,$B,$C,$D,$E,$T,$A);
 	&BODY_60_79( 0,$K[3],$X,66,$A,$B,$C,$D,$E,$T);
 	&BODY_60_79( 0,$K[3],$X,67,$T,$A,$B,$C,$D,$E);
 	&BODY_60_79( 0,$K[3],$X,68,$E,$T,$A,$B,$C,$D);
 	&BODY_60_79( 0,$K[3],$X,69,$D,$E,$T,$A,$B,$C);
 	&BODY_60_79( 0,$K[3],$X,70,$C,$D,$E,$T,$A,$B);
 	&BODY_60_79( 0,$K[3],$X,71,$B,$C,$D,$E,$T,$A);
 	&BODY_60_79( 0,$K[3],$X,72,$A,$B,$C,$D,$E,$T);
 	&BODY_60_79( 0,$K[3],$X,73,$T,$A,$B,$C,$D,$E);
 	&BODY_60_79( 0,$K[3],$X,74,$E,$T,$A,$B,$C,$D);
 	&BODY_60_79( 0,$K[3],$X,75,$D,$E,$T,$A,$B,$C);
 	&BODY_60_79( 0,$K[3],$X,76,$C,$D,$E,$T,$A,$B);
 	&BODY_60_79( 0,$K[3],$X,77,$B,$C,$D,$E,$T,$A);
 	&BODY_60_79( 0,$K[3],$X,78,$A,$B,$C,$D,$E,$T);
 	&BODY_60_79( 2,$K[3],$X,79,$T,$A,$B,$C,$D,$E);
 	&comment("End processing");
 	&comment("");
 	# D is the tmp value
 	# E -> A
 	# T -> B
 	# A -> C
 	# B -> D
 	# C -> E
 	# D -> T
 	&mov($tmp1,&wparam(0));
 	 &mov($D,	&DWP(12,$tmp1,"",0));
 	&add($D,$B);
 	 &mov($B,	&DWP( 4,$tmp1,"",0));
 	&add($B,$T);
 	 &mov($T,	$A);
 	&mov($A,	&DWP( 0,$tmp1,"",0));
 	 &mov(&DWP(12,$tmp1,"",0),$D);
 	&add($A,$E);
 	 &mov($E,	&DWP(16,$tmp1,"",0));
 	&add($E,$C);
 	 &mov($C,	&DWP( 8,$tmp1,"",0));
 	&add($C,$T);
 	 &mov(&DWP( 0,$tmp1,"",0),$A);
 	&mov("esi",&wparam(1));
 	 &mov(&DWP( 8,$tmp1,"",0),$C);
 	&add("esi",64);
 	 &mov("eax",&swtmp(17));
 	&mov(&DWP(16,$tmp1,"",0),$E);
 	 &cmp("esi","eax");
 	&mov(&DWP( 4,$tmp1,"",0),$B);
 	 &jb(&label("start"));
 	&stack_pop(18+9);
 	 &pop("edi");
 	&pop("ebx");
 	 &pop("ebp");
 	&pop("esi");
 	 &ret();
 	# keep a note of shortcut label so it can be used outside
 	# block.
 	my $sclabel = &label("shortcut");
 	&function_end_B($name);
 	# Putting this here avoids problems with MASM in debugging mode
 	&sha1_block_host("sha1_block_asm_host_order", $sclabel);
 	}
 &asm_finish();
--- a/crypto/sha/asm/sha1-ia64.pl
+++ b/crypto/sha/asm/sha1-ia64.pl
@@ -2,8 +2,9 @@
 #
 # ====================================================================
 # Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. Rights for redistribution and usage in source and binary
+# project. The module is, however, dual licensed under OpenSSL and
-# forms are granted according to the OpenSSL license.
+# CRYPTOGAMS licenses depending on where you obtain it. For further
 # details see http://www.openssl.org/~appro/cryptogams/.
 # ====================================================================
 #
 # Eternal question is what's wrong with compiler generated code? The
@@ -11,15 +12,10 @@
 # to perform rotations by maintaining copy of 32-bit value in upper
 # bits of 64-bit register. Just follow mux2 and shrp instructions...
 # Performance under big-endian OS such as HP-UX is 179MBps*1GHz, which
-# is >50% better than HP C and >2x better than gcc. As of this moment
+# is >50% better than HP C and >2x better than gcc.
 # performance under little-endian OS such as Linux and Windows will be
 # a bit lower, because data has to be picked in reverse byte-order.
 # It's possible to resolve this issue by implementing third function,
 # sha1_block_asm_data_order_aligned, which would temporarily flip
 # BE field in User Mask register...
 $code=<<___;
-.ident  \"sha1-ia64.s, version 1.0\"
+.ident  \"sha1-ia64.s, version 1.2\"
 .ident  \"IA-64 ISA artwork by Andy Polyakov <appro\@fy.chalmers.se>\"
 .explicit
@@ -55,63 +51,55 @@ else {
 sub BODY_00_15 {
 local	*code=shift;
-local	($i,$a,$b,$c,$d,$e,$f,$unaligned)=@_;
+local	($i,$a,$b,$c,$d,$e,$f)=@_;
-if ($unaligned) {
+$code.=<<___ if ($i==0);
-	$code.=<<___;
+{ .mmi;	ld1	$X[$i&0xf]=[inp],2	    // MSB
-{ .mmi;	ld1	tmp0=[inp],2		    // MSB
+	ld1	tmp2=[tmp3],2		};;
-	ld1	tmp1=[tmp3],2		};;
+{ .mmi;	ld1	tmp0=[inp],2
-{ .mmi;	ld1	tmp2=[inp],2
+	ld1	tmp4=[tmp3],2		    // LSB
-	ld1	$X[$i&0xf]=[tmp3],2	    // LSB
+	dep	$X[$i&0xf]=$X[$i&0xf],tmp2,8,8	};;
 	dep	tmp1=tmp0,tmp1,8,8	};;
 { .mii;	cmp.ne	p16,p0=r0,r0		    // no misaligned prefetch
 	dep	$X[$i&0xf]=tmp2,$X[$i&0xf],8,8;;
 	dep	$X[$i&0xf]=tmp1,$X[$i&0xf],16,16	};;
 { .mmi;	nop.m	0
 ___
 	}
 elsif ($i<15) {
 	$code.=<<___;
 { .mmi;	ld4	$X[($i+1)&0xf]=[inp],4	// prefetch
 ___
 	}
 else	{
 	$code.=<<___;
 { .mmi;	nop.m	0
 ___
 	}
 if ($i<15) {
 	$code.=<<___;
-	and	tmp0=$c,$b
+{ .mmi;	ld1	$X[($i+1)&0xf]=[inp],2	    // +1
-	dep.z	tmp5=$a,5,27		}   // a<<5
+	dep	tmp1=tmp0,tmp4,8,8	};;
 { .mmi;	ld1	tmp2=[tmp3],2		    // +1
 	and	tmp4=$c,$b
 	dep	$X[$i&0xf]=$X[$i&0xf],tmp1,16,16	} //;;
 { .mmi;	andcm	tmp1=$d,$b
-	add	tmp4=$e,$K_00_19	};;
+	add	tmp0=$e,$K_00_19
-{ .mmi;	or	tmp0=tmp0,tmp1		    // F_00_19(b,c,d)=(b&c)|(~b&d)
+	dep.z	tmp5=$a,5,27		};; // a<<5
-	add	$f=tmp4,$X[$i&0xf]	    // f=xi+e+K_00_19
+{ .mmi;	or	tmp4=tmp4,tmp1		    // F_00_19(b,c,d)=(b&c)|(~b&d)
 	add	$f=tmp0,$X[$i&0xf]	    // f=xi+e+K_00_19
 	extr.u	tmp1=$a,27,5		};; // a>>27
-{ .mib;	add	$f=$f,tmp0		    // f+=F_00_19(b,c,d)
+{ .mmi;	ld1	tmp0=[inp],2		    // +1
 	add	$f=$f,tmp4		    // f+=F_00_19(b,c,d)
 	shrp	$b=tmp6,tmp6,2		}   // b=ROTATE(b,30)
-{ .mib;	or	tmp1=tmp1,tmp5		    // ROTATE(a,5)
+{ .mmi;	ld1	tmp4=[tmp3],2		    // +1
 	or	tmp5=tmp1,tmp5		    // ROTATE(a,5)
 	mux2	tmp6=$a,0x44		};; // see b in next iteration
-{ .mii;	add	$f=$f,tmp1		    // f+=ROTATE(a,5)
+{ .mii;	add	$f=$f,tmp5		    // f+=ROTATE(a,5)
-	mux2	$X[$i&0xf]=$X[$i&0xf],0x44
+	dep	$X[($i+1)&0xf]=$X[($i+1)&0xf],tmp2,8,8	// +1
-	nop.i	0			};;
+	mux2	$X[$i&0xf]=$X[$i&0xf],0x44	} //;;
 ___
 	}
 else	{
 	$code.=<<___;
-	and	tmp0=$c,$b
+{ .mii;	and	tmp3=$c,$b
-	dep.z	tmp5=$a,5,27		}   // a<<5 ;;?
+	dep	tmp1=tmp0,tmp4,8,8;;
 	dep	$X[$i&0xf]=$X[$i&0xf],tmp1,16,16	} //;;
 { .mmi;	andcm	tmp1=$d,$b
-	add	tmp4=$e,$K_00_19	};;
+	add	tmp0=$e,$K_00_19
-{ .mmi;	or	tmp0=tmp0,tmp1		    // F_00_19(b,c,d)=(b&c)|(~b&d)
+	dep.z	tmp5=$a,5,27		};; // a<<5
-	add	$f=tmp4,$X[$i&0xf]	    // f=xi+e+K_00_19
+{ .mmi;	or	tmp4=tmp3,tmp1		    // F_00_19(b,c,d)=(b&c)|(~b&d)
 	add	$f=tmp0,$X[$i&0xf]	    // f=xi+e+K_00_19
 	extr.u	tmp1=$a,27,5		}   // a>>27
 { .mmi;	xor	tmp2=$X[($i+0+1)&0xf],$X[($i+2+1)&0xf]	// +1
 	xor	tmp3=$X[($i+8+1)&0xf],$X[($i+13+1)&0xf] // +1
 	nop.i	0			};;
-{ .mmi;	add	$f=$f,tmp0		    // f+=F_00_19(b,c,d)
+{ .mmi;	add	$f=$f,tmp4		    // f+=F_00_19(b,c,d)
 	xor	tmp2=tmp2,tmp3		    // +1
 	shrp	$b=tmp6,tmp6,2		}   // b=ROTATE(b,30)
 { .mmi; or	tmp1=tmp1,tmp5		    // ROTATE(a,5)
@@ -190,9 +178,7 @@ $code.=<<___;
 	extr.u	tmp1=$a,27,5		}   // a>>27
 { .mib;	add	$f=$f,tmp4		    // f+=e+K_20_39
 	add	$h1=$h1,$a		};; // wrap up
-{ .mmi;
+{ .mmi;	add	$f=$f,tmp0		    // f+=F_20_39(b,c,d)
 (p16)	ld4.s	$X[0]=[inp],4		    // non-faulting prefetch
 	add	$f=$f,tmp0		    // f+=F_20_39(b,c,d)
 	shrp	$b=tmp6,tmp6,2		}   // b=ROTATE(b,30) ;;?
 { .mmi;	or	tmp1=tmp1,tmp5		    // ROTATE(a,5)
 	add	$h3=$h3,$c		};; // wrap up
@@ -245,172 +231,15 @@ tmp3=r11;
 ctx=r32;	// in0
 inp=r33;	// in1
-// void sha1_block_asm_host_order(SHA_CTX *c,const void *p,size_t num);
+// void sha1_block_data_order(SHA_CTX *c,const void *p,size_t num);
-.global	sha1_block_asm_host_order#
+.global	sha1_block_data_order#
-.proc	sha1_block_asm_host_order#
+.proc	sha1_block_data_order#
 .align	32
-sha1_block_asm_host_order:
+sha1_block_data_order:
 	.prologue
 	.fframe	0
 	.save	ar.pfs,r0
 	.save	ar.lc,r3
 { .mmi;	alloc	tmp1=ar.pfs,3,15,0,0
 	$ADDP	tmp0=4,ctx
 	mov	r3=ar.lc		}
 { .mmi;	$ADDP	ctx=0,ctx
 	$ADDP	inp=0,inp
 	mov	r2=pr			};;
 tmp4=in2;
 tmp5=loc13;
 tmp6=loc14;
 	.body
 { .mlx;	ld4	$h0=[ctx],8
 	movl	$K_00_19=0x5a827999	}
 { .mlx;	ld4	$h1=[tmp0],8
 	movl	$K_20_39=0x6ed9eba1	};;
 { .mlx;	ld4	$h2=[ctx],8
 	movl	$K_40_59=0x8f1bbcdc	}
 { .mlx;	ld4	$h3=[tmp0]
 	movl	$K_60_79=0xca62c1d6	};;
 { .mmi;	ld4	$h4=[ctx],-16
 	add	in2=-1,in2		    // adjust num for ar.lc
 	mov	ar.ec=1			};;
 { .mmi;	ld4	$X[0]=[inp],4		    // prefetch
 	cmp.ne	p16,p0=r0,in2		    // prefecth at loop end
 	mov	ar.lc=in2		};; // brp.loop.imp: too far
 .Lhtop:
 { .mmi;	mov	$A=$h0
 	mov	$B=$h1
 	mux2	tmp6=$h1,0x44		}
 { .mmi;	mov	$C=$h2
 	mov	$D=$h3
 	mov	$E=$h4			};;
 ___
 	&BODY_00_15(\$code, 0,$A,$B,$C,$D,$E,$T);
 	&BODY_00_15(\$code, 1,$T,$A,$B,$C,$D,$E);
 	&BODY_00_15(\$code, 2,$E,$T,$A,$B,$C,$D);
 	&BODY_00_15(\$code, 3,$D,$E,$T,$A,$B,$C);
 	&BODY_00_15(\$code, 4,$C,$D,$E,$T,$A,$B);
 	&BODY_00_15(\$code, 5,$B,$C,$D,$E,$T,$A);
 	&BODY_00_15(\$code, 6,$A,$B,$C,$D,$E,$T);
 	&BODY_00_15(\$code, 7,$T,$A,$B,$C,$D,$E);
 	&BODY_00_15(\$code, 8,$E,$T,$A,$B,$C,$D);
 	&BODY_00_15(\$code, 9,$D,$E,$T,$A,$B,$C);
 	&BODY_00_15(\$code,10,$C,$D,$E,$T,$A,$B);
 	&BODY_00_15(\$code,11,$B,$C,$D,$E,$T,$A);
 	&BODY_00_15(\$code,12,$A,$B,$C,$D,$E,$T);
 	&BODY_00_15(\$code,13,$T,$A,$B,$C,$D,$E);
 	&BODY_00_15(\$code,14,$E,$T,$A,$B,$C,$D);
 	&BODY_00_15(\$code,15,$D,$E,$T,$A,$B,$C);
 	&BODY_16_19(\$code,16,$C,$D,$E,$T,$A,$B);
 	&BODY_16_19(\$code,17,$B,$C,$D,$E,$T,$A);
 	&BODY_16_19(\$code,18,$A,$B,$C,$D,$E,$T);
 	&BODY_16_19(\$code,19,$T,$A,$B,$C,$D,$E);
 	&BODY_20_39(\$code,20,$E,$T,$A,$B,$C,$D);
 	&BODY_20_39(\$code,21,$D,$E,$T,$A,$B,$C);
 	&BODY_20_39(\$code,22,$C,$D,$E,$T,$A,$B);
 	&BODY_20_39(\$code,23,$B,$C,$D,$E,$T,$A);
 	&BODY_20_39(\$code,24,$A,$B,$C,$D,$E,$T);
 	&BODY_20_39(\$code,25,$T,$A,$B,$C,$D,$E);
 	&BODY_20_39(\$code,26,$E,$T,$A,$B,$C,$D);
 	&BODY_20_39(\$code,27,$D,$E,$T,$A,$B,$C);
 	&BODY_20_39(\$code,28,$C,$D,$E,$T,$A,$B);
 	&BODY_20_39(\$code,29,$B,$C,$D,$E,$T,$A);
 	&BODY_20_39(\$code,30,$A,$B,$C,$D,$E,$T);
 	&BODY_20_39(\$code,31,$T,$A,$B,$C,$D,$E);
 	&BODY_20_39(\$code,32,$E,$T,$A,$B,$C,$D);
 	&BODY_20_39(\$code,33,$D,$E,$T,$A,$B,$C);
 	&BODY_20_39(\$code,34,$C,$D,$E,$T,$A,$B);
 	&BODY_20_39(\$code,35,$B,$C,$D,$E,$T,$A);
 	&BODY_20_39(\$code,36,$A,$B,$C,$D,$E,$T);
 	&BODY_20_39(\$code,37,$T,$A,$B,$C,$D,$E);
 	&BODY_20_39(\$code,38,$E,$T,$A,$B,$C,$D);
 	&BODY_20_39(\$code,39,$D,$E,$T,$A,$B,$C);
 	&BODY_40_59(\$code,40,$C,$D,$E,$T,$A,$B);
 	&BODY_40_59(\$code,41,$B,$C,$D,$E,$T,$A);
 	&BODY_40_59(\$code,42,$A,$B,$C,$D,$E,$T);
 	&BODY_40_59(\$code,43,$T,$A,$B,$C,$D,$E);
 	&BODY_40_59(\$code,44,$E,$T,$A,$B,$C,$D);
 	&BODY_40_59(\$code,45,$D,$E,$T,$A,$B,$C);
 	&BODY_40_59(\$code,46,$C,$D,$E,$T,$A,$B);
 	&BODY_40_59(\$code,47,$B,$C,$D,$E,$T,$A);
 	&BODY_40_59(\$code,48,$A,$B,$C,$D,$E,$T);
 	&BODY_40_59(\$code,49,$T,$A,$B,$C,$D,$E);
 	&BODY_40_59(\$code,50,$E,$T,$A,$B,$C,$D);
 	&BODY_40_59(\$code,51,$D,$E,$T,$A,$B,$C);
 	&BODY_40_59(\$code,52,$C,$D,$E,$T,$A,$B);
 	&BODY_40_59(\$code,53,$B,$C,$D,$E,$T,$A);
 	&BODY_40_59(\$code,54,$A,$B,$C,$D,$E,$T);
 	&BODY_40_59(\$code,55,$T,$A,$B,$C,$D,$E);
 	&BODY_40_59(\$code,56,$E,$T,$A,$B,$C,$D);
 	&BODY_40_59(\$code,57,$D,$E,$T,$A,$B,$C);
 	&BODY_40_59(\$code,58,$C,$D,$E,$T,$A,$B);
 	&BODY_40_59(\$code,59,$B,$C,$D,$E,$T,$A);
 	&BODY_60_79(\$code,60,$A,$B,$C,$D,$E,$T);
 	&BODY_60_79(\$code,61,$T,$A,$B,$C,$D,$E);
 	&BODY_60_79(\$code,62,$E,$T,$A,$B,$C,$D);
 	&BODY_60_79(\$code,63,$D,$E,$T,$A,$B,$C);
 	&BODY_60_79(\$code,64,$C,$D,$E,$T,$A,$B);
 	&BODY_60_79(\$code,65,$B,$C,$D,$E,$T,$A);
 	&BODY_60_79(\$code,66,$A,$B,$C,$D,$E,$T);
 	&BODY_60_79(\$code,67,$T,$A,$B,$C,$D,$E);
 	&BODY_60_79(\$code,68,$E,$T,$A,$B,$C,$D);
 	&BODY_60_79(\$code,69,$D,$E,$T,$A,$B,$C);
 	&BODY_60_79(\$code,70,$C,$D,$E,$T,$A,$B);
 	&BODY_60_79(\$code,71,$B,$C,$D,$E,$T,$A);
 	&BODY_60_79(\$code,72,$A,$B,$C,$D,$E,$T);
 	&BODY_60_79(\$code,73,$T,$A,$B,$C,$D,$E);
 	&BODY_60_79(\$code,74,$E,$T,$A,$B,$C,$D);
 	&BODY_60_79(\$code,75,$D,$E,$T,$A,$B,$C);
 	&BODY_60_79(\$code,76,$C,$D,$E,$T,$A,$B);
 	&BODY_60_79(\$code,77,$B,$C,$D,$E,$T,$A);
 	&BODY_60_79(\$code,78,$A,$B,$C,$D,$E,$T);
 	&BODY_60_79(\$code,79,$T,$A,$B,$C,$D,$E);
 $code.=<<___;
 { .mmb;	add	$h0=$h0,$E
 	nop.m	0
 	br.ctop.dptk.many	.Lhtop	};;
 .Lhend:
 { .mmi;	add	tmp0=4,ctx
 	mov	ar.lc=r3		};;
 { .mmi;	st4	[ctx]=$h0,8
 	st4	[tmp0]=$h1,8		};;
 { .mmi;	st4	[ctx]=$h2,8
 	st4	[tmp0]=$h3		};;
 { .mib;	st4	[ctx]=$h4,-16
 	mov	pr=r2,0x1ffff
 	br.ret.sptk.many	b0	};;
 .endp	sha1_block_asm_host_order#
 ___
 $code.=<<___;
 // void sha1_block_asm_data_order(SHA_CTX *c,const void *p,size_t num);
 .global	sha1_block_asm_data_order#
 .proc	sha1_block_asm_data_order#
 .align	32
 sha1_block_asm_data_order:
 ___
 $code.=<<___ if ($big_endian);
 { .mmi;	and	r2=3,inp				};;
 { .mib;	cmp.eq	p6,p0=r0,r2
 (p6)	br.dptk.many	sha1_block_asm_host_order	};;
 ___
 $code.=<<___;
 	.prologue
 	.fframe	0
 	.save	ar.pfs,r0
 	.save	ar.lc,r3
 { .mmi;	alloc	tmp1=ar.pfs,3,15,0,0
 	$ADDP	tmp0=4,ctx
 	mov	r3=ar.lc		}
 { .mmi;	$ADDP	ctx=0,ctx
 	$ADDP	inp=0,inp
@@ -444,90 +273,16 @@ tmp6=loc14;
 ___
-	&BODY_00_15(\$code, 0,$A,$B,$C,$D,$E,$T,1);
+{ my $i,@V=($A,$B,$C,$D,$E,$T);
 	&BODY_00_15(\$code, 1,$T,$A,$B,$C,$D,$E,1);
 	&BODY_00_15(\$code, 2,$E,$T,$A,$B,$C,$D,1);
 	&BODY_00_15(\$code, 3,$D,$E,$T,$A,$B,$C,1);
 	&BODY_00_15(\$code, 4,$C,$D,$E,$T,$A,$B,1);
 	&BODY_00_15(\$code, 5,$B,$C,$D,$E,$T,$A,1);
 	&BODY_00_15(\$code, 6,$A,$B,$C,$D,$E,$T,1);
 	&BODY_00_15(\$code, 7,$T,$A,$B,$C,$D,$E,1);
 	&BODY_00_15(\$code, 8,$E,$T,$A,$B,$C,$D,1);
 	&BODY_00_15(\$code, 9,$D,$E,$T,$A,$B,$C,1);
 	&BODY_00_15(\$code,10,$C,$D,$E,$T,$A,$B,1);
 	&BODY_00_15(\$code,11,$B,$C,$D,$E,$T,$A,1);
 	&BODY_00_15(\$code,12,$A,$B,$C,$D,$E,$T,1);
 	&BODY_00_15(\$code,13,$T,$A,$B,$C,$D,$E,1);
 	&BODY_00_15(\$code,14,$E,$T,$A,$B,$C,$D,1);
 	&BODY_00_15(\$code,15,$D,$E,$T,$A,$B,$C,1);
-	&BODY_16_19(\$code,16,$C,$D,$E,$T,$A,$B);
+	for($i=0;$i<16;$i++)	{ &BODY_00_15(\$code,$i,@V); unshift(@V,pop(@V)); }
-	&BODY_16_19(\$code,17,$B,$C,$D,$E,$T,$A);
+	for(;$i<20;$i++)	{ &BODY_16_19(\$code,$i,@V); unshift(@V,pop(@V)); }
-	&BODY_16_19(\$code,18,$A,$B,$C,$D,$E,$T);
+	for(;$i<40;$i++)	{ &BODY_20_39(\$code,$i,@V); unshift(@V,pop(@V)); }
-	&BODY_16_19(\$code,19,$T,$A,$B,$C,$D,$E);
+	for(;$i<60;$i++)	{ &BODY_40_59(\$code,$i,@V); unshift(@V,pop(@V)); }
 	for(;$i<80;$i++)	{ &BODY_60_79(\$code,$i,@V); unshift(@V,pop(@V)); }
-	&BODY_20_39(\$code,20,$E,$T,$A,$B,$C,$D);
+	(($V[5] eq $D) and ($V[0] eq $E)) or die;	# double-check
-	&BODY_20_39(\$code,21,$D,$E,$T,$A,$B,$C);
+}
 	&BODY_20_39(\$code,22,$C,$D,$E,$T,$A,$B);
 	&BODY_20_39(\$code,23,$B,$C,$D,$E,$T,$A);
 	&BODY_20_39(\$code,24,$A,$B,$C,$D,$E,$T);
 	&BODY_20_39(\$code,25,$T,$A,$B,$C,$D,$E);
 	&BODY_20_39(\$code,26,$E,$T,$A,$B,$C,$D);
 	&BODY_20_39(\$code,27,$D,$E,$T,$A,$B,$C);
 	&BODY_20_39(\$code,28,$C,$D,$E,$T,$A,$B);
 	&BODY_20_39(\$code,29,$B,$C,$D,$E,$T,$A);
 	&BODY_20_39(\$code,30,$A,$B,$C,$D,$E,$T);
 	&BODY_20_39(\$code,31,$T,$A,$B,$C,$D,$E);
 	&BODY_20_39(\$code,32,$E,$T,$A,$B,$C,$D);
 	&BODY_20_39(\$code,33,$D,$E,$T,$A,$B,$C);
 	&BODY_20_39(\$code,34,$C,$D,$E,$T,$A,$B);
 	&BODY_20_39(\$code,35,$B,$C,$D,$E,$T,$A);
 	&BODY_20_39(\$code,36,$A,$B,$C,$D,$E,$T);
 	&BODY_20_39(\$code,37,$T,$A,$B,$C,$D,$E);
 	&BODY_20_39(\$code,38,$E,$T,$A,$B,$C,$D);
 	&BODY_20_39(\$code,39,$D,$E,$T,$A,$B,$C);
 	&BODY_40_59(\$code,40,$C,$D,$E,$T,$A,$B);
 	&BODY_40_59(\$code,41,$B,$C,$D,$E,$T,$A);
 	&BODY_40_59(\$code,42,$A,$B,$C,$D,$E,$T);
 	&BODY_40_59(\$code,43,$T,$A,$B,$C,$D,$E);
 	&BODY_40_59(\$code,44,$E,$T,$A,$B,$C,$D);
 	&BODY_40_59(\$code,45,$D,$E,$T,$A,$B,$C);
 	&BODY_40_59(\$code,46,$C,$D,$E,$T,$A,$B);
 	&BODY_40_59(\$code,47,$B,$C,$D,$E,$T,$A);
 	&BODY_40_59(\$code,48,$A,$B,$C,$D,$E,$T);
 	&BODY_40_59(\$code,49,$T,$A,$B,$C,$D,$E);
 	&BODY_40_59(\$code,50,$E,$T,$A,$B,$C,$D);
 	&BODY_40_59(\$code,51,$D,$E,$T,$A,$B,$C);
 	&BODY_40_59(\$code,52,$C,$D,$E,$T,$A,$B);
 	&BODY_40_59(\$code,53,$B,$C,$D,$E,$T,$A);
 	&BODY_40_59(\$code,54,$A,$B,$C,$D,$E,$T);
 	&BODY_40_59(\$code,55,$T,$A,$B,$C,$D,$E);
 	&BODY_40_59(\$code,56,$E,$T,$A,$B,$C,$D);
 	&BODY_40_59(\$code,57,$D,$E,$T,$A,$B,$C);
 	&BODY_40_59(\$code,58,$C,$D,$E,$T,$A,$B);
 	&BODY_40_59(\$code,59,$B,$C,$D,$E,$T,$A);
 	&BODY_60_79(\$code,60,$A,$B,$C,$D,$E,$T);
 	&BODY_60_79(\$code,61,$T,$A,$B,$C,$D,$E);
 	&BODY_60_79(\$code,62,$E,$T,$A,$B,$C,$D);
 	&BODY_60_79(\$code,63,$D,$E,$T,$A,$B,$C);
 	&BODY_60_79(\$code,64,$C,$D,$E,$T,$A,$B);
 	&BODY_60_79(\$code,65,$B,$C,$D,$E,$T,$A);
 	&BODY_60_79(\$code,66,$A,$B,$C,$D,$E,$T);
 	&BODY_60_79(\$code,67,$T,$A,$B,$C,$D,$E);
 	&BODY_60_79(\$code,68,$E,$T,$A,$B,$C,$D);
 	&BODY_60_79(\$code,69,$D,$E,$T,$A,$B,$C);
 	&BODY_60_79(\$code,70,$C,$D,$E,$T,$A,$B);
 	&BODY_60_79(\$code,71,$B,$C,$D,$E,$T,$A);
 	&BODY_60_79(\$code,72,$A,$B,$C,$D,$E,$T);
 	&BODY_60_79(\$code,73,$T,$A,$B,$C,$D,$E);
 	&BODY_60_79(\$code,74,$E,$T,$A,$B,$C,$D);
 	&BODY_60_79(\$code,75,$D,$E,$T,$A,$B,$C);
 	&BODY_60_79(\$code,76,$C,$D,$E,$T,$A,$B);
 	&BODY_60_79(\$code,77,$B,$C,$D,$E,$T,$A);
 	&BODY_60_79(\$code,78,$A,$B,$C,$D,$E,$T);
 	&BODY_60_79(\$code,79,$T,$A,$B,$C,$D,$E);
 $code.=<<___;
 { .mmb;	add	$h0=$h0,$E
@@ -543,7 +298,8 @@ $code.=<<___;
 { .mib;	st4	[ctx]=$h4,-16
 	mov	pr=r2,0x1ffff
 	br.ret.sptk.many	b0	};;
-.endp	sha1_block_asm_data_order#
+.endp	sha1_block_data_order#
 stringz	"SHA1 block transform for IA64, CRYPTOGAMS by <appro\@openssl.org>"
 ___
 print $code;
--- a/crypto/sha/asm/sha1-s390x.pl
+++ b/crypto/sha/asm/sha1-s390x.pl
@@ -0,0 +1,223 @@
 #!/usr/bin/env perl
 # ====================================================================
 # Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
 # project. The module is, however, dual licensed under OpenSSL and
 # CRYPTOGAMS licenses depending on where you obtain it. For further
 # details see http://www.openssl.org/~appro/cryptogams/.
 # ====================================================================
 # SHA1 block procedure for s390x.
 # April 2007.
 #
 # Performance is >30% better than gcc 3.3 generated code. But the real
 # twist is that SHA1 hardware support is detected and utilized. In
 # which case performance can reach further >4.5x for larger chunks.
 $kimdfunc=0;	# magic function code for kimd instruction,
 		# 0 disables hardware support
 $output=shift;
 open STDOUT,">$output";
 $t0="%r0";
 $t1="%r1";
 $ctx="%r2";
 $inp="%r3";
 $len="%r4";
 $A="%r5";
 $B="%r6";
 $C="%r7";
 $D="%r8";
 $E="%r9";	@V=($A,$B,$C,$D,$E);
 $K_00_19="%r10";
 $K_20_39="%r11";
 $K_40_59="%r12";
 $K_60_79="%r13";
 $Xi="%r14";
 $sp="%r15";
 $frame=160+16*4;
 sub BODY_00_15 {
 my ($i,$a,$b,$c,$d,$e)=@_;
 my $xi=($i&1)?$Xi:$t1;
 $code.=<<___ if ($i<16 && !($i&1));
 	lg	$Xi,`$i*4`($inp)
 ___
 $code.=<<___;
 	alr	$e,$K_00_19	### $i
 	rll	$t0,$a,5
 	alr	$e,$t0
 	lr	$t0,$d
 	xr	$t0,$c
 	nr	$t0,$b
 	xr	$t0,$d
 	alr	$e,$t0
 	rll	$b,$b,30
 ___
 $code.=<<___ if ($i<16 && !($i&1));
 	srlg	$xi,$Xi,32
 	stg	$Xi,`160+$i*4`($sp)
 ___
 $code.=<<___;
 	alr	$e,$xi
 ___
 }
 sub Xupdate {
 my $i=shift;
 return if ($i&1);	# Xupdate is vectorized and executed every 2nd cycle
 $code.=<<___;
 	lg	$Xi,`160+4*($i%16)`($sp)	### Xupdate($i)
 	xg	$Xi,`160+4*(($i+2)%16)`($sp)
 	xg	$Xi,`160+4*(($i+8)%16)`($sp)
 ___
 if ((($i+13)%16)==15) {
 $code.=<<___;
 	llgf	$t0,`160+4*15`($sp)
 	x	$Xi,`160+0`($sp)
 	sllg	$t0,$t0,32
 	xgr	$Xi,$t0
 ___
 } else {
 $code.=<<___;
 	xg	$Xi,`160+4*(($i+13)%16)`($sp)
 ___
 }
 $code.=<<___;
 	rll	$Xi,$Xi,1
 	rllg	$t1,$Xi,32
 	rll	$t1,$t1,1
 	rllg	$Xi,$t1,32
 	stg	$Xi,`160+4*($i%16)`($sp)
 ___
 }
 sub BODY_16_19 {
 	&Xupdate(@_[0]);
 	&BODY_00_15(@_);
 }
 sub BODY_20_39 {
 my ($i,$a,$b,$c,$d,$e)=@_;
 my $xi=($i&1)?$Xi:$t1;
 my $K_XX_XX=($i<40)?$K_20_39:$K_60_79;
 	&Xupdate($i);
 $code.=<<___;
 	alr	$e,$K_XX_XX	### $i
 	rll	$t0,$a,5
 	alr	$e,$t0
 	lr	$t0,$b
 	xr	$t0,$c
 	xr	$t0,$d
 	alr	$e,$t0
 	rll	$b,$b,30
 	alr	$e,$xi
 ___
 }
 sub BODY_40_59 {
 my ($i,$a,$b,$c,$d,$e)=@_;
 my $xi=($i&1)?$Xi:$t1;
 	&Xupdate($i);
 $code.=<<___;
 	alr	$e,$K_40_59	### $i
 	rll	$t0,$a,5
 	alr	$e,$t0
 	lr	$t0,$b
 	or	$t0,$c
 	nr	$t0,$d
 	alr	$e,$xi
 	lr	$t1,$b
 	nr	$t1,$c
 	or	$t0,$t1
 	alr	$e,$t0
 	rll	$b,$b,30
 ___
 }
 $code.=<<___;
 .text
 .globl	sha1_block_data_order
 .type	sha1_block_data_order,\@function
 sha1_block_data_order:
 ___
 $code.=<<___ if ($kimdfunc);
 	lghi	%r0,0
 	la	%r1,16($sp)
 	.long	0xb93e0002	# kimd %r0,%r2
 	lg	%r0,16($sp)
 	tmhh	%r0,`0x8000>>$kimdfunc`
 	jz	.Lsoftware
 	lghi	%r0,$kimdfunc
 	lgr	%r1,$ctx
 	lgr	%r2,$inp
 	sllg	%r3,$len,6
 	.long	0xb93e0002	# kimd %r0,%r2
 	brc	1,.-4		# pay attention to "partial completion"
 	br	%r14
 .Lsoftware:
 ___
 $code.=<<___;
 	stmg	%r6,%r15,48($sp)
 	lgr	%r0,$sp
 	aghi	$sp,-$frame
 	stg	%r0,0($sp)
 	sllg	$len,$len,6
 	la	$len,0($inp,$len)
 	llgf	$A,0($ctx)
 	llgf	$B,4($ctx)
 	llgf	$C,8($ctx)
 	llgf	$D,12($ctx)
 	llgf	$E,16($ctx)
 	llilh	$K_00_19,0x5a82
 	oill	$K_00_19,0x7999
 	llilh	$K_20_39,0x6ed9
 	oill	$K_20_39,0xeba1
 	llilh	$K_40_59,0x8f1b
 	oill	$K_40_59,0xbcdc
 	llilh	$K_60_79,0xca62
 	oill	$K_60_79,0xc1d6
 .Lloop:
 ___
 for ($i=0;$i<16;$i++)	{ &BODY_00_15($i,@V); unshift(@V,pop(@V)); }
 for (;$i<20;$i++)	{ &BODY_16_19($i,@V); unshift(@V,pop(@V)); }
 for (;$i<40;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
 for (;$i<60;$i++)	{ &BODY_40_59($i,@V); unshift(@V,pop(@V)); }
 for (;$i<80;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
 $code.=<<___;
 	al	$A,0($ctx)
 	al	$B,4($ctx)
 	al	$C,8($ctx)
 	al	$D,12($ctx)
 	al	$E,16($ctx)
 	st	$A,0($ctx)
 	st	$B,4($ctx)
 	st	$C,8($ctx)
 	st	$D,12($ctx)
 	st	$E,16($ctx)
 	la	$inp,64($inp)
 	clgr	$inp,$len
 	jne	.Lloop
 	lmg	%r6,%r15,`$frame+48`($sp)
 	br	%r14
 .size	sha1_block_data_order,.-sha1_block_data_order
 .string	"SHA1 block transform for s390x, CRYPTOGAMS by <appro\@openssl.org>"
 ___
 $code =~ s/\`([^\`]*)\`/eval $1/gem;
 print $code;
 close STDOUT;
--- a/crypto/sha/asm/sha1-x86_64.pl
+++ b/crypto/sha/asm/sha1-x86_64.pl
@@ -0,0 +1,242 @@
 #!/usr/bin/env perl
 #
 # ====================================================================
 # Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
 # project. The module is, however, dual licensed under OpenSSL and
 # CRYPTOGAMS licenses depending on where you obtain it. For further
 # details see http://www.openssl.org/~appro/cryptogams/.
 # ====================================================================
 #
 # sha1_block procedure for x86_64.
 #
 # It was brought to my attention that on EM64T compiler-generated code
 # was far behind 32-bit assembler implementation. This is unlike on
 # Opteron where compiler-generated code was only 15% behind 32-bit
 # assembler, which originally made it hard to motivate the effort.
 # There was suggestion to mechanically translate 32-bit code, but I
 # dismissed it, reasoning that x86_64 offers enough register bank
 # capacity to fully utilize SHA-1 parallelism. Therefore this fresh
 # implementation:-) However! While 64-bit code does performs better
 # on Opteron, I failed to beat 32-bit assembler on EM64T core. Well,
 # x86_64 does offer larger *addressable* bank, but out-of-order core
 # reaches for even more registers through dynamic aliasing, and EM64T
 # core must have managed to run-time optimize even 32-bit code just as
 # good as 64-bit one. Performance improvement is summarized in the
 # following table:
 #
 #		gcc 3.4		32-bit asm	cycles/byte
 # Opteron	+45%		+20%		6.8
 # Xeon P4	+65%		+0%		9.9
 # Core2		+60%		+10%		8.8
 $output=shift;
 $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
 ( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
 ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
 die "can't locate x86_64-xlate.pl";
 open STDOUT,"| $^X $xlate $output";
 $ctx="%rdi";	# 1st arg
 $inp="%rsi";	# 2nd arg
 $num="%rdx";	# 3rd arg
 # reassign arguments in order to produce more compact code
 $ctx="%r8";
 $inp="%r9";
 $num="%r10";
 $xi="%eax";
 $t0="%ebx";
 $t1="%ecx";
 $A="%edx";
 $B="%esi";
 $C="%edi";
 $D="%ebp";
 $E="%r11d";
 $T="%r12d";
@V=($A,$B,$C,$D,$E,$T);
 sub PROLOGUE {
 my $func=shift;
 $code.=<<___;
 .globl	$func
 .type	$func,\@function,3
 .align	16
 $func:
 	push	%rbx
 	push	%rbp
 	push	%r12
 	mov	%rsp,%rax
 	mov	%rdi,$ctx	# reassigned argument
 	sub	\$`8+16*4`,%rsp
 	mov	%rsi,$inp	# reassigned argument
 	and	\$-64,%rsp
 	mov	%rdx,$num	# reassigned argument
 	mov	%rax,`16*4`(%rsp)
 	mov	0($ctx),$A
 	mov	4($ctx),$B
 	mov	8($ctx),$C
 	mov	12($ctx),$D
 	mov	16($ctx),$E
 ___
 }
 sub EPILOGUE {
 my $func=shift;
 $code.=<<___;
 	mov	`16*4`(%rsp),%rsp
 	pop	%r12
 	pop	%rbp
 	pop	%rbx
 	ret
 .size	$func,.-$func
 ___
 }
 sub BODY_00_19 {
 my ($i,$a,$b,$c,$d,$e,$f,$host)=@_;
 my $j=$i+1;
 $code.=<<___ if ($i==0);
 	mov	`4*$i`($inp),$xi	
 	`"bswap	$xi"	if(!defined($host))`
 	mov	$xi,`4*$i`(%rsp)
 ___
 $code.=<<___ if ($i<15);
 	lea	0x5a827999($xi,$e),$f
 	mov	$c,$t0
 	mov	`4*$j`($inp),$xi
 	mov	$a,$e
 	xor	$d,$t0
 	`"bswap	$xi"	if(!defined($host))`	
 	rol	\$5,$e
 	and	$b,$t0
 	mov	$xi,`4*$j`(%rsp)
 	add	$e,$f
 	xor	$d,$t0
 	rol	\$30,$b
 	add	$t0,$f
 ___
 $code.=<<___ if ($i>=15);
 	lea	0x5a827999($xi,$e),$f
 	mov	`4*($j%16)`(%rsp),$xi
 	mov	$c,$t0
 	mov	$a,$e
 	xor	`4*(($j+2)%16)`(%rsp),$xi
 	xor	$d,$t0
 	rol	\$5,$e
 	xor	`4*(($j+8)%16)`(%rsp),$xi
 	and	$b,$t0
 	add	$e,$f
 	xor	`4*(($j+13)%16)`(%rsp),$xi
 	xor	$d,$t0
 	rol	\$30,$b
 	add	$t0,$f
 	rol	\$1,$xi
 	mov	$xi,`4*($j%16)`(%rsp)
 ___
 }
 sub BODY_20_39 {
 my ($i,$a,$b,$c,$d,$e,$f)=@_;
 my $j=$i+1;
 my $K=($i<40)?0x6ed9eba1:0xca62c1d6;
 $code.=<<___ if ($i<79);
 	lea	$K($xi,$e),$f
 	mov	`4*($j%16)`(%rsp),$xi
 	mov	$c,$t0
 	mov	$a,$e
 	xor	`4*(($j+2)%16)`(%rsp),$xi
 	xor	$b,$t0
 	rol	\$5,$e
 	xor	`4*(($j+8)%16)`(%rsp),$xi
 	xor	$d,$t0
 	add	$e,$f
 	xor	`4*(($j+13)%16)`(%rsp),$xi
 	rol	\$30,$b
 	add	$t0,$f
 	rol	\$1,$xi
 ___
 $code.=<<___ if ($i<76);
 	mov	$xi,`4*($j%16)`(%rsp)
 ___
 $code.=<<___ if ($i==79);
 	lea	$K($xi,$e),$f
 	mov	$c,$t0
 	mov	$a,$e
 	xor	$b,$t0
 	rol	\$5,$e
 	xor	$d,$t0
 	add	$e,$f
 	rol	\$30,$b
 	add	$t0,$f
 ___
 }
 sub BODY_40_59 {
 my ($i,$a,$b,$c,$d,$e,$f)=@_;
 my $j=$i+1;
 $code.=<<___;
 	lea	0x8f1bbcdc($xi,$e),$f
 	mov	`4*($j%16)`(%rsp),$xi
 	mov	$b,$t0
 	mov	$b,$t1
 	xor	`4*(($j+2)%16)`(%rsp),$xi
 	mov	$a,$e
 	and	$c,$t0
 	xor	`4*(($j+8)%16)`(%rsp),$xi
 	or	$c,$t1
 	rol	\$5,$e
 	xor	`4*(($j+13)%16)`(%rsp),$xi
 	and	$d,$t1
 	add	$e,$f
 	rol	\$1,$xi
 	or	$t1,$t0
 	rol	\$30,$b
 	mov	$xi,`4*($j%16)`(%rsp)
 	add	$t0,$f
 ___
 }
 $code=".text\n";
 &PROLOGUE("sha1_block_data_order");
 $code.=".align	4\n.Lloop:\n";
 for($i=0;$i<20;$i++)	{ &BODY_00_19($i,@V); unshift(@V,pop(@V)); }
 for(;$i<40;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
 for(;$i<60;$i++)	{ &BODY_40_59($i,@V); unshift(@V,pop(@V)); }
 for(;$i<80;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
 $code.=<<___;
 	add	0($ctx),$E
 	add	4($ctx),$T
 	add	8($ctx),$A
 	add	12($ctx),$B
 	add	16($ctx),$C
 	mov	$E,0($ctx)
 	mov	$T,4($ctx)
 	mov	$A,8($ctx)
 	mov	$B,12($ctx)
 	mov	$C,16($ctx)
 	xchg	$E,$A	# mov	$E,$A
 	xchg	$T,$B	# mov	$T,$B
 	xchg	$E,$C	# mov	$A,$C
 	xchg	$T,$D	# mov	$B,$D
 			# mov	$C,$E
 	lea	`16*4`($inp),$inp
 	sub	\$1,$num
 	jnz	.Lloop
 ___
 &EPILOGUE("sha1_block_data_order");
 $code.=<<___;
 .asciz	"SHA1 block transform for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
 ___
 ####################################################################
 $code =~ s/\`([^\`]*)\`/eval $1/gem;
 print $code;
 close STDOUT;
--- a/crypto/sha/asm/sha512-ia64.pl
+++ b/crypto/sha/asm/sha512-ia64.pl
@@ -2,8 +2,9 @@
 #
 # ====================================================================
 # Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. Rights for redistribution and usage in source and binary
+# project. The module is, however, dual licensed under OpenSSL and
-# forms are granted according to the OpenSSL license.
+# CRYPTOGAMS licenses depending on where you obtain it. For further
 # details see http://www.openssl.org/~appro/cryptogams/.
 # ====================================================================
 #
 # SHA256/512_Transform for Itanium.
@@ -71,7 +72,7 @@ if ($output =~ /512.*\.[s|asm]/) {
 	$ADD="add";
 	$SHRU="shr.u";
 	$TABLE="K512";
-	$func="sha512_block";
+	$func="sha512_block_data_order";
 	@Sigma0=(28,34,39);
 	@Sigma1=(14,18,41);
 	@sigma0=(1,  8, 7);
@@ -85,7 +86,7 @@ if ($output =~ /512.*\.[s|asm]/) {
 	$ADD="padd4";
 	$SHRU="pshr4.u";
 	$TABLE="K256";
-	$func="sha256_block";
+	$func="sha256_block_data_order";
 	@Sigma0=( 2,13,22);
 	@Sigma1=( 6,11,25);
 	@sigma0=( 7,18, 3);
@@ -105,11 +106,13 @@ if (!defined($big_endian))
             {	$big_endian=(unpack('L',pack('N',1))==1);  }
 $code=<<___;
-.ident  \"$output, version 1.0\"
+.ident  \"$output, version 1.1\"
 .ident  \"IA-64 ISA artwork by Andy Polyakov <appro\@fy.chalmers.se>\"
 .explicit
 .text
 pfssave=r2;
 lcsave=r3;
 prsave=r14;
 K=r15;
 A=r16;	B=r17;	C=r18;	D=r19;
@@ -121,6 +124,8 @@ ctx=r31;	// 1st arg
 input=r48;	// 2nd arg
 num=r49;	// 3rd arg
 sgm0=r50;	sgm1=r51;	// small constants
 A_=r54;	B_=r55;	C_=r56;	D_=r57;
 E_=r58;	F_=r59;	G_=r60;	H_=r61;
 // void $func (SHA_CTX *ctx, const void *in,size_t num[,int host])
 .global	$func#
@@ -128,82 +133,319 @@ sgm0=r50;	sgm1=r51;	// small constants
 .align	32
 $func:
 	.prologue
-	.fframe	0
+	.save	ar.pfs,pfssave
-	.save	ar.pfs,r2
+{ .mmi;	alloc	pfssave=ar.pfs,3,27,0,16
 	.save	ar.lc,r3
 	.save	pr,prsave
 { .mmi;	alloc	r2=ar.pfs,3,17,0,16
 	$ADDP	ctx=0,r32		// 1st arg
-	mov	r3=ar.lc	}
+	.save	ar.lc,lcsave
 	mov	lcsave=ar.lc	}
 { .mmi;	$ADDP	input=0,r33		// 2nd arg
-	addl	Ktbl=\@ltoff($TABLE#),gp
+	mov	num=r34			// 3rd arg
 	.save	pr,prsave
 	mov	prsave=pr	};;
 	.body
 { .mii;	ld8	Ktbl=[Ktbl]
 	mov	num=r34		};;	// 3rd arg
 { .mib;	add	r8=0*$SZ,ctx
 	add	r9=1*$SZ,ctx
-	brp.loop.imp	.L_first16,.L_first16_ctop
+	brp.loop.imp	.L_first16,.L_first16_end-16	}
 				}
 { .mib;	add	r10=2*$SZ,ctx
 	add	r11=3*$SZ,ctx
-	brp.loop.imp	.L_rest,.L_rest_ctop
+	brp.loop.imp	.L_rest,.L_rest_end-16		};;
 				};;
 // load A-H
 { .mmi;	$LDW	A=[r8],4*$SZ
 	$LDW	B=[r9],4*$SZ
 	mov	sgm0=$sigma0[2]	}
 { .mmi;	$LDW	C=[r10],4*$SZ
 	$LDW	D=[r11],4*$SZ
 	mov	sgm1=$sigma1[2]	};;
 { .mmi;	$LDW	E=[r8]
 	$LDW	F=[r9]		}
 { .mmi;	$LDW	G=[r10]
 	$LDW	H=[r11]
 	cmp.ne	p15,p14=0,r35	};;	// used in sha256_block
 // load A-H
 .Lpic_point:
 { .mmi;	$LDW	A_=[r8],4*$SZ
 	$LDW	B_=[r9],4*$SZ
 	mov	Ktbl=ip		}
 { .mmi;	$LDW	C_=[r10],4*$SZ
 	$LDW	D_=[r11],4*$SZ
 	mov	sgm0=$sigma0[2]	};;
 { .mmi;	$LDW	E_=[r8]
 	$LDW	F_=[r9]
 	add	Ktbl=($TABLE#-.Lpic_point),Ktbl		}
 { .mmi;	$LDW	G_=[r10]
 	$LDW	H_=[r11]
 	cmp.ne	p0,p16=0,r0	};;	// used in sha256_block
 ___
 $code.=<<___ if ($BITS==64);
 { .mii;	and	r8=7,input
 	and	input=~7,input;;
 	cmp.eq	p9,p0=1,r8	}
 { .mmi;	cmp.eq	p10,p0=2,r8
 	cmp.eq	p11,p0=3,r8
 	cmp.eq	p12,p0=4,r8	}
 { .mmi;	cmp.eq	p13,p0=5,r8
 	cmp.eq	p14,p0=6,r8
 	cmp.eq	p15,p0=7,r8	};;
 ___
 $code.=<<___;
 .L_outer:
 { .mii;	mov	ar.lc=15
 	mov	ar.ec=1		};;
 .align	32
 .L_first16:
 .rotr	X[16]
 { .mmi;	mov	A=A_
 	mov	B=B_
 	mov	ar.lc=14	}
 { .mmi;	mov	C=C_
 	mov	D=D_
 	mov	E=E_		}
 { .mmi;	mov	F=F_
 	mov	G=G_
 	mov	ar.ec=2		}
 { .mmi;	ld1	X[15]=[input],$SZ		// eliminated in 64-bit
 	mov	H=H_
 	mov	sgm1=$sigma1[2]	};;
 ___
 $t0="t0", $t1="t1", $code.=<<___ if ($BITS==32);
-{ .mib;	(p14)	add	r9=1,input
+.align	32
-	(p14)	add	r10=2,input	}
+.L_first16:
-{ .mib;	(p14)	add	r11=3,input
+{ .mmi;		add	r9=1-$SZ,input
-	(p15)	br.dptk.few	.L_host	};;
+		add	r10=2-$SZ,input
-{ .mmi;	(p14)	ld1	r8=[input],$SZ
+		add	r11=3-$SZ,input	};;
-	(p14)	ld1	r9=[r9]		}
+{ .mmi;		ld1	r9=[r9]
-{ .mmi;	(p14)	ld1	r10=[r10]
+		ld1	r10=[r10]
 	(p14)	ld1	r11=[r11]	};;
 { .mii;	(p14)	dep	r9=r8,r9,8,8
 	(p14)	dep	r11=r10,r11,8,8	};;
 { .mib;	(p14)	dep	X[15]=r9,r11,16,16 };;
 .L_host:
 { .mib;	(p15)	$LDW	X[15]=[input],$SZ	// X[i]=*input++
 		dep.z	$t1=E,32,32	}
-{ .mib;		$LDW	K=[Ktbl],$SZ
+{ .mmi;		$LDW	K=[Ktbl],$SZ
 		ld1	r11=[r11]
 		zxt4	E=E		};;
-{ .mmi;		or	$t1=$t1,E
+{ .mii;		or	$t1=$t1,E
-		and	T1=F,E
+		dep	X[15]=X[15],r9,8,8
-		and	T2=A,B		}
+		dep	r11=r10,r11,8,8	};;
 { .mmi;		and	T1=F,E
 		and	T2=A,B
 		dep	X[15]=X[15],r11,16,16	}
 { .mmi;		andcm	r8=G,E
 		and	r9=A,C
 		mux2	$t0=A,0x44	};;	// copy lower half to upper
-{ .mib;		xor	T1=T1,r8		// T1=((e & f) ^ (~e & g))
+{ .mmi;	(p16)	ld1	X[15-1]=[input],$SZ	// prefetch
 		xor	T1=T1,r8		// T1=((e & f) ^ (~e & g))
 		_rotr	r11=$t1,$Sigma1[0] }	// ROTR(e,14)
 { .mib;		and	r10=B,C
 		xor	T2=T2,r9	};;
 ___
 $t0="A", $t1="E", $code.=<<___ if ($BITS==64);
-{ .mmi;		$LDW	X[15]=[input],$SZ	// X[i]=*input++
+// in 64-bit mode I load whole X[16] at once and take care of alignment...
 { .mmi;	add	r8=1*$SZ,input
 	add	r9=2*$SZ,input
 	add	r10=3*$SZ,input		};;
 { .mmb;	$LDW	X[15]=[input],4*$SZ
 	$LDW	X[14]=[r8],4*$SZ
 (p9)	br.cond.dpnt.many	.L1byte	};;
 { .mmb;	$LDW	X[13]=[r9],4*$SZ
 	$LDW	X[12]=[r10],4*$SZ
 (p10)	br.cond.dpnt.many	.L2byte	};;
 { .mmb;	$LDW	X[11]=[input],4*$SZ
 	$LDW	X[10]=[r8],4*$SZ
 (p11)	br.cond.dpnt.many	.L3byte	};;
 { .mmb;	$LDW	X[ 9]=[r9],4*$SZ
 	$LDW	X[ 8]=[r10],4*$SZ
 (p12)	br.cond.dpnt.many	.L4byte	};;
 { .mmb;	$LDW	X[ 7]=[input],4*$SZ
 	$LDW	X[ 6]=[r8],4*$SZ
 (p13)	br.cond.dpnt.many	.L5byte	};;
 { .mmb;	$LDW	X[ 5]=[r9],4*$SZ
 	$LDW	X[ 4]=[r10],4*$SZ
 (p14)	br.cond.dpnt.many	.L6byte	};;
 { .mmb;	$LDW	X[ 3]=[input],4*$SZ
 	$LDW	X[ 2]=[r8],4*$SZ
 (p15)	br.cond.dpnt.many	.L7byte	};;
 { .mmb;	$LDW	X[ 1]=[r9],4*$SZ
 	$LDW	X[ 0]=[r10],4*$SZ
 	br.many	.L_first16		};;
 .L1byte:
 { .mmi;	$LDW	X[13]=[r9],4*$SZ
 	$LDW	X[12]=[r10],4*$SZ
 	shrp	X[15]=X[15],X[14],56	};;
 { .mmi;	$LDW	X[11]=[input],4*$SZ
 	$LDW	X[10]=[r8],4*$SZ
 	shrp	X[14]=X[14],X[13],56	}
 { .mmi;	$LDW	X[ 9]=[r9],4*$SZ
 	$LDW	X[ 8]=[r10],4*$SZ
 	shrp	X[13]=X[13],X[12],56	};;
 { .mmi;	$LDW	X[ 7]=[input],4*$SZ
 	$LDW	X[ 6]=[r8],4*$SZ
 	shrp	X[12]=X[12],X[11],56	}
 { .mmi;	$LDW	X[ 5]=[r9],4*$SZ
 	$LDW	X[ 4]=[r10],4*$SZ
 	shrp	X[11]=X[11],X[10],56	};;
 { .mmi;	$LDW	X[ 3]=[input],4*$SZ
 	$LDW	X[ 2]=[r8],4*$SZ
 	shrp	X[10]=X[10],X[ 9],56	}
 { .mmi;	$LDW	X[ 1]=[r9],4*$SZ
 	$LDW	X[ 0]=[r10],4*$SZ
 	shrp	X[ 9]=X[ 9],X[ 8],56	};;
 { .mii;	$LDW	T1=[input]
 	shrp	X[ 8]=X[ 8],X[ 7],56
 	shrp	X[ 7]=X[ 7],X[ 6],56	}
 { .mii;	shrp	X[ 6]=X[ 6],X[ 5],56
 	shrp	X[ 5]=X[ 5],X[ 4],56	};;
 { .mii;	shrp	X[ 4]=X[ 4],X[ 3],56
 	shrp	X[ 3]=X[ 3],X[ 2],56	}
 { .mii;	shrp	X[ 2]=X[ 2],X[ 1],56
 	shrp	X[ 1]=X[ 1],X[ 0],56	}
 { .mib;	shrp	X[ 0]=X[ 0],T1,56
 	br.many	.L_first16		};;
 .L2byte:
 { .mmi;	$LDW	X[11]=[input],4*$SZ
 	$LDW	X[10]=[r8],4*$SZ
 	shrp	X[15]=X[15],X[14],48	}
 { .mmi;	$LDW	X[ 9]=[r9],4*$SZ
 	$LDW	X[ 8]=[r10],4*$SZ
 	shrp	X[14]=X[14],X[13],48	};;
 { .mmi;	$LDW	X[ 7]=[input],4*$SZ
 	$LDW	X[ 6]=[r8],4*$SZ
 	shrp	X[13]=X[13],X[12],48	}
 { .mmi;	$LDW	X[ 5]=[r9],4*$SZ
 	$LDW	X[ 4]=[r10],4*$SZ
 	shrp	X[12]=X[12],X[11],48	};;
 { .mmi;	$LDW	X[ 3]=[input],4*$SZ
 	$LDW	X[ 2]=[r8],4*$SZ
 	shrp	X[11]=X[11],X[10],48	}
 { .mmi;	$LDW	X[ 1]=[r9],4*$SZ
 	$LDW	X[ 0]=[r10],4*$SZ
 	shrp	X[10]=X[10],X[ 9],48	};;
 { .mii;	$LDW	T1=[input]
 	shrp	X[ 9]=X[ 9],X[ 8],48
 	shrp	X[ 8]=X[ 8],X[ 7],48	}
 { .mii;	shrp	X[ 7]=X[ 7],X[ 6],48
 	shrp	X[ 6]=X[ 6],X[ 5],48	};;
 { .mii;	shrp	X[ 5]=X[ 5],X[ 4],48
 	shrp	X[ 4]=X[ 4],X[ 3],48	}
 { .mii;	shrp	X[ 3]=X[ 3],X[ 2],48
 	shrp	X[ 2]=X[ 2],X[ 1],48	}
 { .mii;	shrp	X[ 1]=X[ 1],X[ 0],48
 	shrp	X[ 0]=X[ 0],T1,48	}
 { .mfb;	br.many	.L_first16		};;
 .L3byte:
 { .mmi;	$LDW	X[ 9]=[r9],4*$SZ
 	$LDW	X[ 8]=[r10],4*$SZ
 	shrp	X[15]=X[15],X[14],40	};;
 { .mmi;	$LDW	X[ 7]=[input],4*$SZ
 	$LDW	X[ 6]=[r8],4*$SZ
 	shrp	X[14]=X[14],X[13],40	}
 { .mmi;	$LDW	X[ 5]=[r9],4*$SZ
 	$LDW	X[ 4]=[r10],4*$SZ
 	shrp	X[13]=X[13],X[12],40	};;
 { .mmi;	$LDW	X[ 3]=[input],4*$SZ
 	$LDW	X[ 2]=[r8],4*$SZ
 	shrp	X[12]=X[12],X[11],40	}
 { .mmi;	$LDW	X[ 1]=[r9],4*$SZ
 	$LDW	X[ 0]=[r10],4*$SZ
 	shrp	X[11]=X[11],X[10],40	};;
 { .mii;	$LDW	T1=[input]
 	shrp	X[10]=X[10],X[ 9],40
 	shrp	X[ 9]=X[ 9],X[ 8],40	}
 { .mii;	shrp	X[ 8]=X[ 8],X[ 7],40
 	shrp	X[ 7]=X[ 7],X[ 6],40	};;
 { .mii;	shrp	X[ 6]=X[ 6],X[ 5],40
 	shrp	X[ 5]=X[ 5],X[ 4],40	}
 { .mii;	shrp	X[ 4]=X[ 4],X[ 3],40
 	shrp	X[ 3]=X[ 3],X[ 2],40	}
 { .mii;	shrp	X[ 2]=X[ 2],X[ 1],40
 	shrp	X[ 1]=X[ 1],X[ 0],40	}
 { .mib;	shrp	X[ 0]=X[ 0],T1,40
 	br.many	.L_first16		};;
 .L4byte:
 { .mmi;	$LDW	X[ 7]=[input],4*$SZ
 	$LDW	X[ 6]=[r8],4*$SZ
 	shrp	X[15]=X[15],X[14],32	}
 { .mmi;	$LDW	X[ 5]=[r9],4*$SZ
 	$LDW	X[ 4]=[r10],4*$SZ
 	shrp	X[14]=X[14],X[13],32	};;
 { .mmi;	$LDW	X[ 3]=[input],4*$SZ
 	$LDW	X[ 2]=[r8],4*$SZ
 	shrp	X[13]=X[13],X[12],32	}
 { .mmi;	$LDW	X[ 1]=[r9],4*$SZ
 	$LDW	X[ 0]=[r10],4*$SZ
 	shrp	X[12]=X[12],X[11],32	};;
 { .mii;	$LDW	T1=[input]
 	shrp	X[11]=X[11],X[10],32
 	shrp	X[10]=X[10],X[ 9],32	}
 { .mii;	shrp	X[ 9]=X[ 9],X[ 8],32
 	shrp	X[ 8]=X[ 8],X[ 7],32	};;
 { .mii;	shrp	X[ 7]=X[ 7],X[ 6],32
 	shrp	X[ 6]=X[ 6],X[ 5],32	}
 { .mii;	shrp	X[ 5]=X[ 5],X[ 4],32
 	shrp	X[ 4]=X[ 4],X[ 3],32	}
 { .mii;	shrp	X[ 3]=X[ 3],X[ 2],32
 	shrp	X[ 2]=X[ 2],X[ 1],32	}
 { .mii;	shrp	X[ 1]=X[ 1],X[ 0],32
 	shrp	X[ 0]=X[ 0],T1,32	}
 { .mfb;	br.many	.L_first16		};;
 .L5byte:
 { .mmi;	$LDW	X[ 5]=[r9],4*$SZ
 	$LDW	X[ 4]=[r10],4*$SZ
 	shrp	X[15]=X[15],X[14],24	};;
 { .mmi;	$LDW	X[ 3]=[input],4*$SZ
 	$LDW	X[ 2]=[r8],4*$SZ
 	shrp	X[14]=X[14],X[13],24	}
 { .mmi;	$LDW	X[ 1]=[r9],4*$SZ
 	$LDW	X[ 0]=[r10],4*$SZ
 	shrp	X[13]=X[13],X[12],24	};;
 { .mii;	$LDW	T1=[input]
 	shrp	X[12]=X[12],X[11],24
 	shrp	X[11]=X[11],X[10],24	}
 { .mii;	shrp	X[10]=X[10],X[ 9],24
 	shrp	X[ 9]=X[ 9],X[ 8],24	};;
 { .mii;	shrp	X[ 8]=X[ 8],X[ 7],24
 	shrp	X[ 7]=X[ 7],X[ 6],24	}
 { .mii;	shrp	X[ 6]=X[ 6],X[ 5],24
 	shrp	X[ 5]=X[ 5],X[ 4],24	}
 { .mii;	shrp	X[ 4]=X[ 4],X[ 3],24
 	shrp	X[ 3]=X[ 3],X[ 2],24	}
 { .mii;	shrp	X[ 2]=X[ 2],X[ 1],24
 	shrp	X[ 1]=X[ 1],X[ 0],24	}
 { .mib;	shrp	X[ 0]=X[ 0],T1,24
 	br.many	.L_first16		};;
 .L6byte:
 { .mmi;	$LDW	X[ 3]=[input],4*$SZ
 	$LDW	X[ 2]=[r8],4*$SZ
 	shrp	X[15]=X[15],X[14],16	}
 { .mmi;	$LDW	X[ 1]=[r9],4*$SZ
 	$LDW	X[ 0]=[r10],4*$SZ
 	shrp	X[14]=X[14],X[13],16	};;
 { .mii;	$LDW	T1=[input]
 	shrp	X[13]=X[13],X[12],16
 	shrp	X[12]=X[12],X[11],16	}
 { .mii;	shrp	X[11]=X[11],X[10],16
 	shrp	X[10]=X[10],X[ 9],16	};;
 { .mii;	shrp	X[ 9]=X[ 9],X[ 8],16
 	shrp	X[ 8]=X[ 8],X[ 7],16	}
 { .mii;	shrp	X[ 7]=X[ 7],X[ 6],16
 	shrp	X[ 6]=X[ 6],X[ 5],16	}
 { .mii;	shrp	X[ 5]=X[ 5],X[ 4],16
 	shrp	X[ 4]=X[ 4],X[ 3],16	}
 { .mii;	shrp	X[ 3]=X[ 3],X[ 2],16
 	shrp	X[ 2]=X[ 2],X[ 1],16	}
 { .mii;	shrp	X[ 1]=X[ 1],X[ 0],16
 	shrp	X[ 0]=X[ 0],T1,16	}
 { .mfb;	br.many	.L_first16		};;
 .L7byte:
 { .mmi;	$LDW	X[ 1]=[r9],4*$SZ
 	$LDW	X[ 0]=[r10],4*$SZ
 	shrp	X[15]=X[15],X[14],8	};;
 { .mii;	$LDW	T1=[input]
 	shrp	X[14]=X[14],X[13],8
 	shrp	X[13]=X[13],X[12],8	}
 { .mii;	shrp	X[12]=X[12],X[11],8
 	shrp	X[11]=X[11],X[10],8	};;
 { .mii;	shrp	X[10]=X[10],X[ 9],8
 	shrp	X[ 9]=X[ 9],X[ 8],8	}
 { .mii;	shrp	X[ 8]=X[ 8],X[ 7],8
 	shrp	X[ 7]=X[ 7],X[ 6],8	}
 { .mii;	shrp	X[ 6]=X[ 6],X[ 5],8
 	shrp	X[ 5]=X[ 5],X[ 4],8	}
 { .mii;	shrp	X[ 4]=X[ 4],X[ 3],8
 	shrp	X[ 3]=X[ 3],X[ 2],8	}
 { .mii;	shrp	X[ 2]=X[ 2],X[ 1],8
 	shrp	X[ 1]=X[ 1],X[ 0],8	}
 { .mib;	shrp	X[ 0]=X[ 0],T1,8
 	br.many	.L_first16		};;
 .align	32
 .L_first16:
 { .mmi;		$LDW	K=[Ktbl],$SZ
 		and	T1=F,E
 		and	T2=A,B		}
-{ .mmi;		$LDW	K=[Ktbl],$SZ
+{ .mmi;		//$LDW	X[15]=[input],$SZ	// X[i]=*input++
 		andcm	r8=G,E
 		and	r9=A,C		};;
 { .mmi;		xor	T1=T1,r8		//T1=((e & f) ^ (~e & g))
@@ -236,13 +478,14 @@ $code.=<<___;
 { .mmi;		xor	r10=r8,r10		// r10=Sigma0(a)
 		mov	B=A
 		add	A=T1,T2		};;
 .L_first16_ctop:
 { .mib;		add	E=E,T1
 		add	A=A,r10			// T2=Maj(a,b,c)+Sigma0(a)
 	br.ctop.sptk	.L_first16	};;
 .L_first16_end:
 { .mii;	mov	ar.lc=$rounds-17
 	mov	ar.ec=1			};;
 { .mib;	mov	ar.lc=$rounds-17	}
 { .mib;	mov	ar.ec=1			};;
 .align	32
 .L_rest:
 .rotr	X[16]
@@ -311,46 +554,38 @@ $code.=<<___;
 { .mmi;		xor	r10=r8,r10		// r10=Sigma0(a)
 		mov	B=A
 		add	A=T1,T2		};;
 .L_rest_ctop:
 { .mib;		add	E=E,T1
 		add	A=A,r10			// T2=Maj(a,b,c)+Sigma0(a)
 	br.ctop.sptk	.L_rest	};;
 .L_rest_end:
 { .mmi;	add	A_=A_,A
 	add	B_=B_,B
 	add	C_=C_,C			}
 { .mmi;	add	D_=D_,D
 	add	E_=E_,E
 	cmp.ltu	p16,p0=1,num		};;
 { .mmi;	add	F_=F_,F
 	add	G_=G_,G
 	add	H_=H_,H			}
 { .mmb;	add	Ktbl=-$SZ*$rounds,Ktbl
 (p16)	add	num=-1,num
 (p16)	br.dptk.many	.L_outer	};;
 { .mib;	add	r8=0*$SZ,ctx
 	add	r9=1*$SZ,ctx		}
 { .mib;	add	r10=2*$SZ,ctx
 	add	r11=3*$SZ,ctx		};;
-{ .mmi;	$LDW	r32=[r8],4*$SZ
+{ .mmi;	$STW	[r8]=A_,4*$SZ
-	$LDW	r33=[r9],4*$SZ		}
+	$STW	[r9]=B_,4*$SZ
-{ .mmi;	$LDW	r34=[r10],4*$SZ
+	mov	ar.lc=lcsave		}
-	$LDW	r35=[r11],4*$SZ
+{ .mmi;	$STW	[r10]=C_,4*$SZ
-	cmp.ltu	p6,p7=1,num		};;
+	$STW	[r11]=D_,4*$SZ
-{ .mmi;	$LDW	r36=[r8],-4*$SZ
+	mov	pr=prsave,0x1ffff	};;
-	$LDW	r37=[r9],-4*$SZ
+{ .mmb;	$STW	[r8]=E_
-(p6)	add	Ktbl=-$SZ*$rounds,Ktbl	}
+	$STW	[r9]=F_			}
-{ .mmi;	$LDW	r38=[r10],-4*$SZ
+{ .mmb;	$STW	[r10]=G_
-	$LDW	r39=[r11],-4*$SZ
+	$STW	[r11]=H_
 (p7)	mov	ar.lc=r3		};;
 { .mmi;	add	A=A,r32
 	add	B=B,r33
 	add	C=C,r34			}
 { .mmi;	add	D=D,r35
 	add	E=E,r36
 	add	F=F,r37			};;
 { .mmi;	$STW	[r8]=A,4*$SZ
 	$STW	[r9]=B,4*$SZ
 	add	G=G,r38			}
 { .mmi;	$STW	[r10]=C,4*$SZ
 	$STW	[r11]=D,4*$SZ
 	add	H=H,r39			};;
 { .mmi;	$STW	[r8]=E
 	$STW	[r9]=F
 (p6)	add	num=-1,num		}
 { .mmb;	$STW	[r10]=G
 	$STW	[r11]=H
 (p6)	br.dptk.many	.L_outer	};;
 { .mib;	mov	pr=prsave,0x1ffff
 	br.ret.sptk.many	b0	};;
 .endp	$func#
 ___
@@ -360,6 +595,9 @@ $code =~ s/_rotr(\s+)([^=]+)=([^,]+),([0-9]+)/shrp$1$2=$3,$3,$4/gm;
 if ($BITS==64) {
    $code =~ s/mux2(\s+)\S+/nop.i$1 0x0/gm;
    $code =~ s/mux1(\s+)\S+/nop.i$1 0x0/gm	if ($big_endian);
    $code =~ s/(shrp\s+X\[[^=]+)=([^,]+),([^,]+),([1-9]+)/$1=$3,$2,64-$4/gm
    						if (!$big_endian);
    $code =~ s/ld1(\s+)X\[\S+/nop.m$1 0x0/gm;
 }
 print $code;
@@ -384,6 +622,7 @@ K256:	data4	0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
 	data4	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
 	data4	0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
 .size	K256#,$SZ*$rounds
 stringz	"SHA256 block transform for IA64, CRYPTOGAMS by <appro\@openssl.org>"
 ___
 print<<___ if ($BITS==64);
 .align	64
@@ -429,4 +668,5 @@ K512:	data8	0x428a2f98d728ae22,0x7137449123ef65cd
 	data8	0x4cc5d4becb3e42b6,0x597f299cfc657e2a
 	data8	0x5fcb6fab3ad6faec,0x6c44198c4a475817
 .size	K512#,$SZ*$rounds
 stringz	"SHA512 block transform for IA64, CRYPTOGAMS by <appro\@openssl.org>"
 ___
--- a/crypto/sha/asm/sha512-s390x.pl
+++ b/crypto/sha/asm/sha512-s390x.pl
@@ -0,0 +1,290 @@
 #!/usr/bin/env perl
 # ====================================================================
 # Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
 # project. The module is, however, dual licensed under OpenSSL and
 # CRYPTOGAMS licenses depending on where you obtain it. For further
 # details see http://www.openssl.org/~appro/cryptogams/.
 # ====================================================================
 # SHA256/512 block procedures for s390x.
 # April 2007.
 #
 # sha256_block_data_order is reportedly >3 times faster than gcc 3.3
 # generated code (must be a bug in compiler, as improvement is
 # "pathologically" high, in particular in comparison to other SHA
 # modules). But the real twist is that it detects if hardware support
 # for SHA256 is available and in such case utilizes it. Then the
 # performance can reach >6.5x of assembler one for larger chunks.
 #
 # sha512_block_data_order is ~70% faster than gcc 3.3 generated code.
 $t0="%r0";
 $t1="%r1";
 $ctx="%r2";
 $inp="%r3";
 $len="%r4";	# used as index in inner loop
 $A="%r5";
 $B="%r6";
 $C="%r7";
 $D="%r8";
 $E="%r9";
 $F="%r10";
 $G="%r11";
 $H="%r12";	@V=($A,$B,$C,$D,$E,$F,$G,$H);
 $tbl="%r13";
 $T1="%r14";
 $sp="%r15";
 $output=shift;
 open STDOUT,">$output";
 if ($output =~ /512/) {
 	$label="512";
 	$SZ=8;
 	$LD="lg";	# load from memory
 	$ST="stg";	# store to memory
 	$ADD="alg";	# add with memory operand
 	$ROT="rllg";	# rotate left
 	$SHR="srlg";	# logical right shift [see even at the end]
 	@Sigma0=(25,30,36);
 	@Sigma1=(23,46,50);
 	@sigma0=(56,63, 7);
 	@sigma1=( 3,45, 6);
 	$rounds=80;
 	$kimdfunc=0;	# 0 means unknown/unsupported/unimplemented
 } else {
 	$label="256";
 	$SZ=4;
 	$LD="llgf";	# load from memory
 	$ST="st";	# store to memory
 	$ADD="al";	# add with memory operand
 	$ROT="rll";	# rotate left
 	$SHR="srl";	# logical right shift
 	@Sigma0=(10,19,30);
 	@Sigma1=( 7,21,26);
 	@sigma0=(14,25, 3);
 	@sigma1=(13,15,10);
 	$rounds=64;
 	$kimdfunc=0;	# magic function code for kimd instruction,
 			# 0 disables hardware support
 }
 $Func="sha${label}_block_data_order";
 $Table="K${label}";
 $frame=160+16*$SZ;
 sub BODY_00_15 {
 my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_;
 $code.=<<___ if ($i<16);
 	$LD	$T1,`$i*$SZ`($inp)	### $i
 ___
 $code.=<<___;
 	$ROT	$t0,$e,$Sigma1[0]
 	$ROT	$t1,$e,$Sigma1[1]
 	xgr	$t0,$t1
 	$ROT	$t1,$t1,`$Sigma1[2]-$Sigma1[1]`
 	xgr	$t0,$t1			# Sigma1(e)
 	$ST	$T1,`160+$SZ*($i%16)`($sp)
 	algr	$T1,$t0			# T1+=Sigma1(e)
 	algr	$T1,$h			# T1+=h
 	$ADD	$T1,`$i*$SZ`($len,$tbl)	# T1+=K[i]
 	lgr	$t0,$f
 	xgr	$t0,$g
 	ngr	$t0,$e
 	xgr	$t0,$g			# Ch(e,f,g)
 	algr	$T1,$t0			# T1+=Ch(e,f,g)
 	$ROT	$h,$a,$Sigma0[0]
 	$ROT	$t0,$a,$Sigma0[1]
 	xgr	$h,$t0
 	$ROT	$t0,$t0,`$Sigma0[2]-$Sigma0[1]`
 	xgr	$h,$t0			# h=Sigma0(a)
 	lgr	$t0,$a
 	ogr	$t0,$b
 	ngr	$t0,$c
 	lgr	$t1,$a
 	ngr	$t1,$b
 	ogr	$t0,$t1			# Maj(a,b,c)
 	algr	$h,$t0			# h+=Maj(a,b,c)
 	algr	$d,$T1			# d+=T1
 	algr	$h,$T1			# h+=T1
 ___
 }
 sub BODY_16_XX {
 my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_;
 $code.=<<___;
 	$LD	$T1,`160+$SZ*(($i+1)%16)`($sp)	### $i
 	$LD	$t1,`160+$SZ*(($i+14)%16)`($sp)
 	$ROT	$t0,$T1,$sigma0[0]
 	$SHR	$T1,$sigma0[2]
 	xgr	$T1,$t0
 	$ROT	$t0,$t0,`$sigma0[1]-$sigma0[0]`
 	xgr	$T1,$t0				# sigma0(X[i+1])
 	$ROT	$t0,$t1,$sigma1[0]
 	$ADD	$T1,`160+$SZ*($i%16)`($sp)	# +=X[i]
 	$SHR	$t1,$sigma1[2]
 	xgr	$t1,$t0
 	$ADD	$T1,`160+$SZ*(($i+9)%16)`($sp)	# +=X[i+9]
 	$ROT	$t0,$t0,`$sigma1[1]-$sigma1[0]`
 	xgr	$t1,$t0				# sigma1(X[i+14])
 	algr	$T1,$t1				# +=sigma1(X[i+14])
 ___
 	&BODY_00_15(@_);
 }
 $code.=<<___;
 .text
 .align	64
 .type	$Table,\@object
 $Table:
 ___
 $code.=<<___ if ($SZ==4);
 	.long	0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
 	.long	0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
 	.long	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
 	.long	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
 	.long	0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
 	.long	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
 	.long	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
 	.long	0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
 	.long	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
 	.long	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
 	.long	0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
 	.long	0xd192e819,0xd6990624,0xf40e3585,0x106aa070
 	.long	0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
 	.long	0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
 	.long	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
 	.long	0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
 ___
 $code.=<<___ if ($SZ==8);
 	.quad	0x428a2f98d728ae22,0x7137449123ef65cd
 	.quad	0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc
 	.quad	0x3956c25bf348b538,0x59f111f1b605d019
 	.quad	0x923f82a4af194f9b,0xab1c5ed5da6d8118
 	.quad	0xd807aa98a3030242,0x12835b0145706fbe
 	.quad	0x243185be4ee4b28c,0x550c7dc3d5ffb4e2
 	.quad	0x72be5d74f27b896f,0x80deb1fe3b1696b1
 	.quad	0x9bdc06a725c71235,0xc19bf174cf692694
 	.quad	0xe49b69c19ef14ad2,0xefbe4786384f25e3
 	.quad	0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65
 	.quad	0x2de92c6f592b0275,0x4a7484aa6ea6e483
 	.quad	0x5cb0a9dcbd41fbd4,0x76f988da831153b5
 	.quad	0x983e5152ee66dfab,0xa831c66d2db43210
 	.quad	0xb00327c898fb213f,0xbf597fc7beef0ee4
 	.quad	0xc6e00bf33da88fc2,0xd5a79147930aa725
 	.quad	0x06ca6351e003826f,0x142929670a0e6e70
 	.quad	0x27b70a8546d22ffc,0x2e1b21385c26c926
 	.quad	0x4d2c6dfc5ac42aed,0x53380d139d95b3df
 	.quad	0x650a73548baf63de,0x766a0abb3c77b2a8
 	.quad	0x81c2c92e47edaee6,0x92722c851482353b
 	.quad	0xa2bfe8a14cf10364,0xa81a664bbc423001
 	.quad	0xc24b8b70d0f89791,0xc76c51a30654be30
 	.quad	0xd192e819d6ef5218,0xd69906245565a910
 	.quad	0xf40e35855771202a,0x106aa07032bbd1b8
 	.quad	0x19a4c116b8d2d0c8,0x1e376c085141ab53
 	.quad	0x2748774cdf8eeb99,0x34b0bcb5e19b48a8
 	.quad	0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb
 	.quad	0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3
 	.quad	0x748f82ee5defb2fc,0x78a5636f43172f60
 	.quad	0x84c87814a1f0ab72,0x8cc702081a6439ec
 	.quad	0x90befffa23631e28,0xa4506cebde82bde9
 	.quad	0xbef9a3f7b2c67915,0xc67178f2e372532b
 	.quad	0xca273eceea26619c,0xd186b8c721c0c207
 	.quad	0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178
 	.quad	0x06f067aa72176fba,0x0a637dc5a2c898a6
 	.quad	0x113f9804bef90dae,0x1b710b35131c471b
 	.quad	0x28db77f523047d84,0x32caab7b40c72493
 	.quad	0x3c9ebe0a15c9bebc,0x431d67c49c100d4c
 	.quad	0x4cc5d4becb3e42b6,0x597f299cfc657e2a
 	.quad	0x5fcb6fab3ad6faec,0x6c44198c4a475817
 ___
 $code.=<<___;
 .size	$Table,.-$Table
 .globl	$Func
 .type	$Func,\@function
 $Func:
 ___
 $code.=<<___ if ($kimdfunc);
 	lghi	%r0,0
 	la	%r1,16($sp)
 	.long	0xb93e0002	# kimd %r0,%r2
 	lg	%r0,16($sp)
 	tmhh	%r0,`0x8000>>$kimdfunc`
 	jz	.Lsoftware
 	lghi	%r0,$kimdfunc
 	lgr	%r1,$ctx
 	lgr	%r2,$inp
 	sllg	%r3,$len,`log(16*$SZ)/log(2)`
 	.long	0xb93e0002	# kimd %r0,%r2
 	brc	1,.-4		# pay attention to "partial completion"
 	br	%r14
 .Lsoftware:
 ___
 $code.=<<___;
 	sllg	$len,$len,`log(16*$SZ)/log(2)`
 	la	$len,0($inp,$len)
 	stmg	$len,%r15,32($sp)
 	lgr	%r0,$sp
 	aghi	$sp,-$frame
 	stg	%r0,0($sp)
 	bras	$tbl,.Lpic
 .Lpic:	aghi	$tbl,$Table-.Lpic
 	$LD	$A,`0*$SZ`($ctx)
 	$LD	$B,`1*$SZ`($ctx)
 	$LD	$C,`2*$SZ`($ctx)
 	$LD	$D,`3*$SZ`($ctx)
 	$LD	$E,`4*$SZ`($ctx)
 	$LD	$F,`5*$SZ`($ctx)
 	$LD	$G,`6*$SZ`($ctx)
 	$LD	$H,`7*$SZ`($ctx)
 .Lloop:
 	lghi	$len,0
 ___
 for ($i=0;$i<16;$i++)	{ &BODY_00_15($i,@V); unshift(@V,pop(@V)); }
 $code.=".Lrounds_16_xx:\n";
 for (;$i<32;$i++)	{ &BODY_16_XX($i,@V); unshift(@V,pop(@V)); }
 $code.=<<___;
 	aghi	$len,`16*$SZ`
 	lghi	$t0,`($rounds-16)*$SZ`
 	clgr	$len,$t0
 	jne	.Lrounds_16_xx
 	$ADD	$A,`0*$SZ`($ctx)
 	$ADD	$B,`1*$SZ`($ctx)
 	$ADD	$C,`2*$SZ`($ctx)
 	$ADD	$D,`3*$SZ`($ctx)
 	$ADD	$E,`4*$SZ`($ctx)
 	$ADD	$F,`5*$SZ`($ctx)
 	$ADD	$G,`6*$SZ`($ctx)
 	$ADD	$H,`7*$SZ`($ctx)
 	$ST	$A,`0*$SZ`($ctx)
 	$ST	$B,`1*$SZ`($ctx)
 	$ST	$C,`2*$SZ`($ctx)
 	$ST	$D,`3*$SZ`($ctx)
 	$ST	$E,`4*$SZ`($ctx)
 	$ST	$F,`5*$SZ`($ctx)
 	$ST	$G,`6*$SZ`($ctx)
 	$ST	$H,`7*$SZ`($ctx)
 	la	$inp,`16*$SZ`($inp)
 	clg	$inp,`$frame+32`($sp)
 	jne	.Lloop
 	lmg	%r6,%r15,`$frame+48`($sp)	
 	br	%r14
 .size	$Func,.-$Func
 .string	"SHA${label} block transform for s390x, CRYPTOGAMS by <appro\@openssl.org>"
 ___
 $code =~ s/\`([^\`]*)\`/eval $1/gem;
 # unlike 32-bit shift 64-bit one takes three arguments
 $code =~ s/(srlg\s+)(%r[0-9]+),/$1$2,$2,/gm;
 print $code;
 close STDOUT;
--- a/crypto/sha/asm/sha512-x86_64.pl
+++ b/crypto/sha/asm/sha512-x86_64.pl
@@ -0,0 +1,344 @@
 #!/usr/bin/env perl
 #
 # ====================================================================
 # Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
 # project. Rights for redistribution and usage in source and binary
 # forms are granted according to the OpenSSL license.
 # ====================================================================
 #
 # sha256/512_block procedure for x86_64.
 #
 # 40% improvement over compiler-generated code on Opteron. On EM64T
 # sha256 was observed to run >80% faster and sha512 - >40%. No magical
 # tricks, just straight implementation... I really wonder why gcc
 # [being armed with inline assembler] fails to generate as fast code.
 # The only thing which is cool about this module is that it's very
 # same instruction sequence used for both SHA-256 and SHA-512. In
 # former case the instructions operate on 32-bit operands, while in
 # latter - on 64-bit ones. All I had to do is to get one flavor right,
 # the other one passed the test right away:-)
 #
 # sha256_block runs in ~1005 cycles on Opteron, which gives you
 # asymptotic performance of 64*1000/1005=63.7MBps times CPU clock
 # frequency in GHz. sha512_block runs in ~1275 cycles, which results
 # in 128*1000/1275=100MBps per GHz. Is there room for improvement?
 # Well, if you compare it to IA-64 implementation, which maintains
 # X[16] in register bank[!], tends to 4 instructions per CPU clock
 # cycle and runs in 1003 cycles, 1275 is very good result for 3-way
 # issue Opteron pipeline and X[16] maintained in memory. So that *if*
 # there is a way to improve it, *then* the only way would be to try to
 # offload X[16] updates to SSE unit, but that would require "deeper"
 # loop unroll, which in turn would naturally cause size blow-up, not
 # to mention increased complexity! And once again, only *if* it's
 # actually possible to noticeably improve overall ILP, instruction
 # level parallelism, on a given CPU implementation in this case.
 #
 # Special note on Intel EM64T. While Opteron CPU exhibits perfect
 # perfromance ratio of 1.5 between 64- and 32-bit flavors [see above],
 # [currently available] EM64T CPUs apparently are far from it. On the
 # contrary, 64-bit version, sha512_block, is ~30% *slower* than 32-bit
 # sha256_block:-( This is presumably because 64-bit shifts/rotates
 # apparently are not atomic instructions, but implemented in microcode.
 $output=shift;
 $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
 ( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
 ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
 die "can't locate x86_64-xlate.pl";
 open STDOUT,"| $^X $xlate $output";
 if ($output =~ /512/) {
 	$func="sha512_block_data_order";
 	$TABLE="K512";
 	$SZ=8;
 	@ROT=($A,$B,$C,$D,$E,$F,$G,$H)=("%rax","%rbx","%rcx","%rdx",
 					"%r8", "%r9", "%r10","%r11");
 	($T1,$a0,$a1,$a2)=("%r12","%r13","%r14","%r15");
 	@Sigma0=(28,34,39);
 	@Sigma1=(14,18,41);
 	@sigma0=(1,  8, 7);
 	@sigma1=(19,61, 6);
 	$rounds=80;
 } else {
 	$func="sha256_block_data_order";
 	$TABLE="K256";
 	$SZ=4;
 	@ROT=($A,$B,$C,$D,$E,$F,$G,$H)=("%eax","%ebx","%ecx","%edx",
 					"%r8d","%r9d","%r10d","%r11d");
 	($T1,$a0,$a1,$a2)=("%r12d","%r13d","%r14d","%r15d");
 	@Sigma0=( 2,13,22);
 	@Sigma1=( 6,11,25);
 	@sigma0=( 7,18, 3);
 	@sigma1=(17,19,10);
 	$rounds=64;
 }
 $ctx="%rdi";	# 1st arg
 $round="%rdi";	# zaps $ctx
 $inp="%rsi";	# 2nd arg
 $Tbl="%rbp";
 $_ctx="16*$SZ+0*8(%rsp)";
 $_inp="16*$SZ+1*8(%rsp)";
 $_end="16*$SZ+2*8(%rsp)";
 $_rsp="16*$SZ+3*8(%rsp)";
 $framesz="16*$SZ+4*8";
 sub ROUND_00_15()
 { my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_;
 $code.=<<___;
 	mov	$e,$a0
 	mov	$e,$a1
 	mov	$f,$a2
 	ror	\$$Sigma1[0],$a0
 	ror	\$$Sigma1[1],$a1
 	xor	$g,$a2			# f^g
 	xor	$a1,$a0
 	ror	\$`$Sigma1[2]-$Sigma1[1]`,$a1
 	and	$e,$a2			# (f^g)&e
 	mov	$T1,`$SZ*($i&0xf)`(%rsp)
 	xor	$a1,$a0			# Sigma1(e)
 	xor	$g,$a2			# Ch(e,f,g)=((f^g)&e)^g
 	add	$h,$T1			# T1+=h
 	mov	$a,$h
 	add	$a0,$T1			# T1+=Sigma1(e)
 	add	$a2,$T1			# T1+=Ch(e,f,g)
 	mov	$a,$a0
 	mov	$a,$a1
 	ror	\$$Sigma0[0],$h
 	ror	\$$Sigma0[1],$a0
 	mov	$a,$a2
 	add	($Tbl,$round,$SZ),$T1	# T1+=K[round]
 	xor	$a0,$h
 	ror	\$`$Sigma0[2]-$Sigma0[1]`,$a0
 	or	$c,$a1			# a|c
 	xor	$a0,$h			# h=Sigma0(a)
 	and	$c,$a2			# a&c
 	add	$T1,$d			# d+=T1
 	and	$b,$a1			# (a|c)&b
 	add	$T1,$h			# h+=T1
 	or	$a2,$a1			# Maj(a,b,c)=((a|c)&b)|(a&c)
 	lea	1($round),$round	# round++
 	add	$a1,$h			# h+=Maj(a,b,c)
 ___
 }
 sub ROUND_16_XX()
 { my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_;
 $code.=<<___;
 	mov	`$SZ*(($i+1)&0xf)`(%rsp),$a0
 	mov	`$SZ*(($i+14)&0xf)`(%rsp),$T1
 	mov	$a0,$a2
 	shr	\$$sigma0[2],$a0
 	ror	\$$sigma0[0],$a2
 	xor	$a2,$a0
 	ror	\$`$sigma0[1]-$sigma0[0]`,$a2
 	xor	$a2,$a0			# sigma0(X[(i+1)&0xf])
 	mov	$T1,$a1
 	shr	\$$sigma1[2],$T1
 	ror	\$$sigma1[0],$a1
 	xor	$a1,$T1
 	ror	\$`$sigma1[1]-$sigma1[0]`,$a1
 	xor	$a1,$T1			# sigma1(X[(i+14)&0xf])
 	add	$a0,$T1
 	add	`$SZ*(($i+9)&0xf)`(%rsp),$T1
 	add	`$SZ*($i&0xf)`(%rsp),$T1
 ___
 	&ROUND_00_15(@_);
 }
 $code=<<___;
 .text
 .globl	$func
 .type	$func,\@function,4
 .align	16
 $func:
 	push	%rbx
 	push	%rbp
 	push	%r12
 	push	%r13
 	push	%r14
 	push	%r15
 	mov	%rsp,%rbp		# copy %rsp
 	shl	\$4,%rdx		# num*16
 	sub	\$$framesz,%rsp
 	lea	($inp,%rdx,$SZ),%rdx	# inp+num*16*$SZ
 	and	\$-64,%rsp		# align stack frame
 	mov	$ctx,$_ctx		# save ctx, 1st arg
 	mov	$inp,$_inp		# save inp, 2nd arh
 	mov	%rdx,$_end		# save end pointer, "3rd" arg
 	mov	%rbp,$_rsp		# save copy of %rsp
 	.picmeup $Tbl
 	lea	$TABLE-.($Tbl),$Tbl
 	mov	$SZ*0($ctx),$A
 	mov	$SZ*1($ctx),$B
 	mov	$SZ*2($ctx),$C
 	mov	$SZ*3($ctx),$D
 	mov	$SZ*4($ctx),$E
 	mov	$SZ*5($ctx),$F
 	mov	$SZ*6($ctx),$G
 	mov	$SZ*7($ctx),$H
 	jmp	.Lloop
 .align	16
 .Lloop:
 	xor	$round,$round
 ___
 	for($i=0;$i<16;$i++) {
 		$code.="	mov	$SZ*$i($inp),$T1\n";
 		$code.="	bswap	$T1\n";
 		&ROUND_00_15($i,@ROT);
 		unshift(@ROT,pop(@ROT));
 	}
 $code.=<<___;
 	jmp	.Lrounds_16_xx
 .align	16
 .Lrounds_16_xx:
 ___
 	for(;$i<32;$i++) {
 		&ROUND_16_XX($i,@ROT);
 		unshift(@ROT,pop(@ROT));
 	}
 $code.=<<___;
 	cmp	\$$rounds,$round
 	jb	.Lrounds_16_xx
 	mov	$_ctx,$ctx
 	lea	16*$SZ($inp),$inp
 	add	$SZ*0($ctx),$A
 	add	$SZ*1($ctx),$B
 	add	$SZ*2($ctx),$C
 	add	$SZ*3($ctx),$D
 	add	$SZ*4($ctx),$E
 	add	$SZ*5($ctx),$F
 	add	$SZ*6($ctx),$G
 	add	$SZ*7($ctx),$H
 	cmp	$_end,$inp
 	mov	$A,$SZ*0($ctx)
 	mov	$B,$SZ*1($ctx)
 	mov	$C,$SZ*2($ctx)
 	mov	$D,$SZ*3($ctx)
 	mov	$E,$SZ*4($ctx)
 	mov	$F,$SZ*5($ctx)
 	mov	$G,$SZ*6($ctx)
 	mov	$H,$SZ*7($ctx)
 	jb	.Lloop
 	mov	$_rsp,%rsp
 	pop	%r15
 	pop	%r14
 	pop	%r13
 	pop	%r12
 	pop	%rbp
 	pop	%rbx
 	ret
 .size	$func,.-$func
 ___
 if ($SZ==4) {
 $code.=<<___;
 .align	64
 .type	$TABLE,\@object
 $TABLE:
 	.long	0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
 	.long	0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
 	.long	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
 	.long	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
 	.long	0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
 	.long	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
 	.long	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
 	.long	0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
 	.long	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
 	.long	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
 	.long	0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
 	.long	0xd192e819,0xd6990624,0xf40e3585,0x106aa070
 	.long	0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
 	.long	0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
 	.long	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
 	.long	0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
 ___
 } else {
 $code.=<<___;
 .align	64
 .type	$TABLE,\@object
 $TABLE:
 	.quad	0x428a2f98d728ae22,0x7137449123ef65cd
 	.quad	0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc
 	.quad	0x3956c25bf348b538,0x59f111f1b605d019
 	.quad	0x923f82a4af194f9b,0xab1c5ed5da6d8118
 	.quad	0xd807aa98a3030242,0x12835b0145706fbe
 	.quad	0x243185be4ee4b28c,0x550c7dc3d5ffb4e2
 	.quad	0x72be5d74f27b896f,0x80deb1fe3b1696b1
 	.quad	0x9bdc06a725c71235,0xc19bf174cf692694
 	.quad	0xe49b69c19ef14ad2,0xefbe4786384f25e3
 	.quad	0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65
 	.quad	0x2de92c6f592b0275,0x4a7484aa6ea6e483
 	.quad	0x5cb0a9dcbd41fbd4,0x76f988da831153b5
 	.quad	0x983e5152ee66dfab,0xa831c66d2db43210
 	.quad	0xb00327c898fb213f,0xbf597fc7beef0ee4
 	.quad	0xc6e00bf33da88fc2,0xd5a79147930aa725
 	.quad	0x06ca6351e003826f,0x142929670a0e6e70
 	.quad	0x27b70a8546d22ffc,0x2e1b21385c26c926
 	.quad	0x4d2c6dfc5ac42aed,0x53380d139d95b3df
 	.quad	0x650a73548baf63de,0x766a0abb3c77b2a8
 	.quad	0x81c2c92e47edaee6,0x92722c851482353b
 	.quad	0xa2bfe8a14cf10364,0xa81a664bbc423001
 	.quad	0xc24b8b70d0f89791,0xc76c51a30654be30
 	.quad	0xd192e819d6ef5218,0xd69906245565a910
 	.quad	0xf40e35855771202a,0x106aa07032bbd1b8
 	.quad	0x19a4c116b8d2d0c8,0x1e376c085141ab53
 	.quad	0x2748774cdf8eeb99,0x34b0bcb5e19b48a8
 	.quad	0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb
 	.quad	0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3
 	.quad	0x748f82ee5defb2fc,0x78a5636f43172f60
 	.quad	0x84c87814a1f0ab72,0x8cc702081a6439ec
 	.quad	0x90befffa23631e28,0xa4506cebde82bde9
 	.quad	0xbef9a3f7b2c67915,0xc67178f2e372532b
 	.quad	0xca273eceea26619c,0xd186b8c721c0c207
 	.quad	0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178
 	.quad	0x06f067aa72176fba,0x0a637dc5a2c898a6
 	.quad	0x113f9804bef90dae,0x1b710b35131c471b
 	.quad	0x28db77f523047d84,0x32caab7b40c72493
 	.quad	0x3c9ebe0a15c9bebc,0x431d67c49c100d4c
 	.quad	0x4cc5d4becb3e42b6,0x597f299cfc657e2a
 	.quad	0x5fcb6fab3ad6faec,0x6c44198c4a475817
 ___
 }
 $code =~ s/\`([^\`]*)\`/eval $1/gem;
 print $code;
 close STDOUT;
--- a/crypto/sha/sha1_one.c
+++ b/crypto/sha/sha1_one.c
@@ -61,7 +61,7 @@
 #include <openssl/sha.h>
 #include <openssl/crypto.h>
-#if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_FIPS)
+#if !defined(OPENSSL_NO_SHA1)
 unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md)
 	{
 	SHA_CTX c;
--- a/crypto/sha/sha1dgst.c
+++ b/crypto/sha/sha1dgst.c
@@ -63,19 +63,13 @@
 #define SHA_1
 #include <openssl/opensslv.h>
 #include <openssl/fips.h>
 #ifndef OPENSSL_FIPS
 const char SHA1_version[]="SHA1" OPENSSL_VERSION_PTEXT;
 /* The implementation is in ../md32_common.h */
 #include "sha_locl.h"
 #else
 static void *dummy=&dummy;
 #endif
 #endif
--- a/crypto/sha/sha256.c
+++ b/crypto/sha/sha256.c
@@ -15,12 +15,13 @@
 #include <openssl/fips.h>
 #include <openssl/opensslv.h>
 #ifndef OPENSSL_FIPS
 const char SHA256_version[]="SHA-256" OPENSSL_VERSION_PTEXT;
 int SHA224_Init (SHA256_CTX *c)
 	{
 #ifdef OPENSSL_FIPS
 	FIPS_selftest_check();
 #endif
 	c->h[0]=0xc1059ed8UL;	c->h[1]=0x367cd507UL;
 	c->h[2]=0x3070dd17UL;	c->h[3]=0xf70e5939UL;
 	c->h[4]=0xffc00b31UL;	c->h[5]=0x68581511UL;
@@ -32,6 +33,9 @@ int SHA224_Init (SHA256_CTX *c)
 int SHA256_Init (SHA256_CTX *c)
 	{
 #ifdef OPENSSL_FIPS
 	FIPS_selftest_check();
 #endif
 	c->h[0]=0x6a09e667UL;	c->h[1]=0xbb67ae85UL;
 	c->h[2]=0x3c6ef372UL;	c->h[3]=0xa54ff53aUL;
 	c->h[4]=0x510e527fUL;	c->h[5]=0x9b05688cUL;
@@ -72,17 +76,11 @@ int SHA224_Update(SHA256_CTX *c, const void *data, size_t len)
 int SHA224_Final (unsigned char *md, SHA256_CTX *c)
 {   return SHA256_Final (md,c);   }
 #ifndef	SHA_LONG_LOG2
 #define	SHA_LONG_LOG2	2	/* default to 32 bits */
 #endif
 #define	DATA_ORDER_IS_BIG_ENDIAN
 #define	HASH_LONG		SHA_LONG
 #define	HASH_LONG_LOG2		SHA_LONG_LOG2
 #define	HASH_CTX		SHA256_CTX
 #define	HASH_CBLOCK		SHA_CBLOCK
 #define	HASH_LBLOCK		SHA_LBLOCK
 /*
 * Note that FIPS180-2 discusses "Truncation of the Hash Function Output."
 * default: case below covers for it. It's not clear however if it's
@@ -115,16 +113,15 @@ int SHA224_Final (unsigned char *md, SHA256_CTX *c)
 #define	HASH_UPDATE		SHA256_Update
 #define	HASH_TRANSFORM		SHA256_Transform
 #define	HASH_FINAL		SHA256_Final
 #define	HASH_BLOCK_HOST_ORDER	sha256_block_host_order
 #define	HASH_BLOCK_DATA_ORDER	sha256_block_data_order
-void sha256_block_host_order (SHA256_CTX *ctx, const void *in, size_t num);
+#ifndef SHA256_ASM
 static
 #endif
 void sha256_block_data_order (SHA256_CTX *ctx, const void *in, size_t num);
 #include "md32_common.h"
-#ifdef SHA256_ASM
+#ifndef SHA256_ASM
 void sha256_block (SHA256_CTX *ctx, const void *in, size_t num, int host);
 #else
 static const SHA_LONG K256[64] = {
 	0x428a2f98UL,0x71374491UL,0xb5c0fbcfUL,0xe9b5dba5UL,
 	0x3956c25bUL,0x59f111f1UL,0x923f82a4UL,0xab1c5ed5UL,
@@ -158,10 +155,10 @@ static const SHA_LONG K256[64] = {
 #ifdef OPENSSL_SMALL_FOOTPRINT
-static void sha256_block (SHA256_CTX *ctx, const void *in, size_t num, int host)
+static void sha256_block_data_order (SHA256_CTX *ctx, const void *in, size_t num)
 	{
 	unsigned MD32_REG_T a,b,c,d,e,f,g,h,s0,s1,T1,T2;
-	SHA_LONG	X[16];
+	SHA_LONG	X[16],l;
 	int i;
 	const unsigned char *data=in;
@@ -170,25 +167,6 @@ static void sha256_block (SHA256_CTX *ctx, const void *in, size_t num, int host)
 	a = ctx->h[0];	b = ctx->h[1];	c = ctx->h[2];	d = ctx->h[3];
 	e = ctx->h[4];	f = ctx->h[5];	g = ctx->h[6];	h = ctx->h[7];
 	if (host)
 		{
 		const SHA_LONG *W=(const SHA_LONG *)data;
 		for (i=0;i<16;i++)
 			{
 			T1 = X[i] = W[i];
 			T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i];
 			T2 = Sigma0(a) + Maj(a,b,c);
 			h = g;	g = f;	f = e;	e = d + T1;
 			d = c;	c = b;	b = a;	a = T1 + T2;
 			}
 		data += SHA256_CBLOCK;
 		}
 	else
 		{
 		SHA_LONG l;
 	for (i=0;i<16;i++)
 		{
 		HOST_c2l(data,l); T1 = X[i] = l;
@@ -197,7 +175,6 @@ static void sha256_block (SHA256_CTX *ctx, const void *in, size_t num, int host)
 		h = g;	g = f;	f = e;	e = d + T1;
 		d = c;	c = b;	b = a;	a = T1 + T2;
 		}
 		}
 	for (;i<64;i++)
 		{
@@ -230,19 +207,20 @@ static void sha256_block (SHA256_CTX *ctx, const void *in, size_t num, int host)
 	T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f];	\
 	ROUND_00_15(i,a,b,c,d,e,f,g,h);		} while (0)
-static void sha256_block (SHA256_CTX *ctx, const void *in, size_t num, int host)
+static void sha256_block_data_order (SHA256_CTX *ctx, const void *in, size_t num)
 	{
 	unsigned MD32_REG_T a,b,c,d,e,f,g,h,s0,s1,T1;
 	SHA_LONG	X[16];
 	int i;
 	const unsigned char *data=in;
 	const union { long one; char little; } is_endian = {1};
 			while (num--) {
 	a = ctx->h[0];	b = ctx->h[1];	c = ctx->h[2];	d = ctx->h[3];
 	e = ctx->h[4];	f = ctx->h[5];	g = ctx->h[6];	h = ctx->h[7];
-	if (host)
+	if (!is_endian.little && sizeof(SHA_LONG)==4 && ((size_t)in%4)==0)
 		{
 		const SHA_LONG *W=(const SHA_LONG *)data;
@@ -308,17 +286,4 @@ static void sha256_block (SHA256_CTX *ctx, const void *in, size_t num, int host)
 #endif
 #endif /* SHA256_ASM */
 /*
 * Idea is to trade couple of cycles for some space. On IA-32 we save
 * about 4K in "big footprint" case. In "small footprint" case any gain
 * is appreciated:-)
 */
 void HASH_BLOCK_HOST_ORDER (SHA256_CTX *ctx, const void *in, size_t num)
 {   sha256_block (ctx,in,num,1);   }
 void HASH_BLOCK_DATA_ORDER (SHA256_CTX *ctx, const void *in, size_t num)
 {   sha256_block (ctx,in,num,0);   }
 #endif /* OPENSSL_NO_SHA256 */
 #endif
--- a/crypto/sha/sha512.c
+++ b/crypto/sha/sha512.c
@@ -6,7 +6,7 @@
 */
 #include <openssl/opensslconf.h>
 #include <openssl/fips.h>
-#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512) && !defined(OPENSSL_FIPS)
+#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512)
 /*
 * IMPLEMENTATION NOTES.
 *
@@ -53,12 +53,18 @@
 const char SHA512_version[]="SHA-512" OPENSSL_VERSION_PTEXT;
-#if defined(_M_IX86) || defined(_M_AMD64) || defined(__i386) || defined(__x86_64)
+#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
    defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || \
    defined(__s390__) || defined(__s390x__) || \
    defined(SHA512_ASM)
 #define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
 #endif
 int SHA384_Init (SHA512_CTX *c)
 	{
 #ifdef OPENSSL_FIPS
 	FIPS_selftest_check();
 #endif
 	c->h[0]=U64(0xcbbb9d5dc1059ed8);
 	c->h[1]=U64(0x629a292a367cd507);
 	c->h[2]=U64(0x9159015a3070dd17);
@@ -74,6 +80,9 @@ int SHA384_Init (SHA512_CTX *c)
 int SHA512_Init (SHA512_CTX *c)
 	{
 #ifdef OPENSSL_FIPS
 	FIPS_selftest_check();
 #endif
 	c->h[0]=U64(0x6a09e667f3bcc908);
 	c->h[1]=U64(0xbb67ae8584caa73b);
 	c->h[2]=U64(0x3c6ef372fe94f82b);
@@ -90,7 +99,7 @@ int SHA512_Init (SHA512_CTX *c)
 #ifndef SHA512_ASM
 static
 #endif
-void sha512_block (SHA512_CTX *ctx, const void *in, size_t num);
+void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num);
 int SHA512_Final (unsigned char *md, SHA512_CTX *c)
 	{
@@ -101,7 +110,7 @@ int SHA512_Final (unsigned char *md, SHA512_CTX *c)
 	n++;
 	if (n > (sizeof(c->u)-16))
 		memset (p+n,0,sizeof(c->u)-n), n=0,
-		sha512_block (c,p,1);
+		sha512_block_data_order (c,p,1);
 	memset (p+n,0,sizeof(c->u)-16-n);
 #ifdef	B_ENDIAN
@@ -126,7 +135,7 @@ int SHA512_Final (unsigned char *md, SHA512_CTX *c)
 	p[sizeof(c->u)-16] = (unsigned char)(c->Nh>>56);
 #endif
-	sha512_block (c,p,1);
+	sha512_block_data_order (c,p,1);
 	if (md==0) return 0;
@@ -198,7 +207,7 @@ int SHA512_Update (SHA512_CTX *c, const void *_data, size_t len)
 		else	{
 			memcpy (p+c->num,data,n), c->num = 0;
 			len-=n, data+=n;
-			sha512_block (c,p,1);
+			sha512_block_data_order (c,p,1);
 			}
 		}
@@ -208,12 +217,12 @@ int SHA512_Update (SHA512_CTX *c, const void *_data, size_t len)
 		if ((size_t)data%sizeof(c->u.d[0]) != 0)
 			while (len >= sizeof(c->u))
 				memcpy (p,data,sizeof(c->u)),
-				sha512_block (c,p,1),
+				sha512_block_data_order (c,p,1),
 				len  -= sizeof(c->u),
 				data += sizeof(c->u);
 		else
 #endif
-			sha512_block (c,data,len/sizeof(c->u)),
+			sha512_block_data_order (c,data,len/sizeof(c->u)),
 			data += len,
 			len  %= sizeof(c->u),
 			data -= len;
@@ -228,7 +237,7 @@ int SHA384_Update (SHA512_CTX *c, const void *data, size_t len)
 {   return SHA512_Update (c,data,len);   }
 void SHA512_Transform (SHA512_CTX *c, const unsigned char *data)
-{   sha512_block (c,data,1);  }
+{   sha512_block_data_order (c,data,1);  }
 unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md)
 	{
@@ -302,11 +311,70 @@ static const SHA_LONG64 K512[80] = {
 #ifndef PEDANTIC
 # if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
 #  if defined(__x86_64) || defined(__x86_64__)
 #   define ROTR(a,n)	({ unsigned long ret;		\
 				asm ("rorq %1,%0"	\
 				: "=r"(ret)		\
 				: "J"(n),"0"(a)		\
 				: "cc"); ret;		})
 #   if !defined(B_ENDIAN)
 #    define PULL64(x) ({ SHA_LONG64 ret=*((const SHA_LONG64 *)(&(x)));	\
 				asm ("bswapq	%0"		\
 				: "=r"(ret)			\
 				: "0"(ret)); ret;		})
 #   endif
 #  elif (defined(__i386) || defined(__i386__)) && !defined(B_ENDIAN)
 #   if defined(I386_ONLY)
 #    define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\
 			unsigned int hi,lo;			\
 				asm("xchgb %%ah,%%al;xchgb %%dh,%%dl;"\
 				    "roll $16,%%eax; roll $16,%%edx; "\
 				    "xchgb %%ah,%%al;xchgb %%dh,%%dl;" \
 				: "=a"(lo),"=d"(hi)		\
 				: "0"(p[1]),"1"(p[0]) : "cc");	\
 				((SHA_LONG64)hi)<<32|lo;	})
 #   else
 #    define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\
 			unsigned int hi,lo;			\
 				asm ("bswapl %0; bswapl %1;"	\
 				: "=r"(lo),"=r"(hi)		\
 				: "0"(p[1]),"1"(p[0]));		\
 				((SHA_LONG64)hi)<<32|lo;	})
 #   endif
 #  elif (defined(_ARCH_PPC) && defined(__64BIT__)) || defined(_ARCH_PPC64)
 #   define ROTR(a,n)	({ unsigned long ret;		\
 				asm ("rotrdi %0,%1,%2"	\
 				: "=r"(ret)		\
 				: "r"(a),"K"(n)); ret;	})
 #  endif
 # elif defined(_MSC_VER)
 #  if defined(_WIN64)	/* applies to both IA-64 and AMD64 */
 #   define ROTR(a,n)	_rotr64((a),n)
 #  endif
 #  if defined(_M_IX86) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
 #   if defined(I386_ONLY)
    static SHA_LONG64 __fastcall __pull64be(const void *x)
    {	_asm	mov	edx, [ecx + 0]
 	_asm	mov	eax, [ecx + 4]
 	_asm	xchg	dh,dl
 	_asm	xchg	ah,al
 	_asm	rol	edx,16
 	_asm	rol	eax,16
 	_asm	xchg	dh,dl
 	_asm	xchg	ah,al
    }
 #   else
    static SHA_LONG64 __fastcall __pull64be(const void *x)
    {	_asm	mov	edx, [ecx + 0]
 	_asm	mov	eax, [ecx + 4]
 	_asm	bswap	edx
 	_asm	bswap	eax
    }
 #   endif
 #   define PULL64(x) __pull64be(&(x))
 #   if _MSC_VER<=1200
 #    pragma inline_depth(0)
 #   endif
 #  endif
 # endif
 #endif
@@ -315,27 +383,6 @@ static const SHA_LONG64 K512[80] = {
 #define PULL64(x) (B(x,0)|B(x,1)|B(x,2)|B(x,3)|B(x,4)|B(x,5)|B(x,6)|B(x,7))
 #endif
 #ifndef PEDANTIC
 # if defined(_MSC_VER)
 #  if defined(_WIN64)	/* applies to both IA-64 and AMD64 */
 #   define ROTR(a,n)	_rotr64((a),n)
 #  endif
 # elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
 #  if defined(__x86_64) || defined(__x86_64__)
 #   define ROTR(a,n)	({ unsigned long ret;		\
 				asm ("rorq %1,%0"	\
 				: "=r"(ret)		\
 				: "J"(n),"0"(a)		\
 				: "cc"); ret;		})
 #  elif defined(_ARCH_PPC) && defined(__64BIT__)
 #   define ROTR(a,n)	({ unsigned long ret;		\
 				asm ("rotrdi %0,%1,%2"	\
 				: "=r"(ret)		\
 				: "r"(a),"K"(n)); ret;	})
 #  endif
 # endif
 #endif
 #ifndef ROTR
 #define ROTR(x,s)	(((x)>>s) | (x)<<(64-s))
 #endif
@@ -358,7 +405,7 @@ static const SHA_LONG64 K512[80] = {
 #ifdef OPENSSL_SMALL_FOOTPRINT
-static void sha512_block (SHA512_CTX *ctx, const void *in, size_t num)
+static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num)
 	{
 	const SHA_LONG64 *W=in;
 	SHA_LONG64	a,b,c,d,e,f,g,h,s0,s1,T1,T2;
@@ -419,7 +466,7 @@ static void sha512_block (SHA512_CTX *ctx, const void *in, size_t num)
 	T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f];	\
 	ROUND_00_15(i,a,b,c,d,e,f,g,h);		} while (0)
-static void sha512_block (SHA512_CTX *ctx, const void *in, size_t num)
+static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num)
 	{
 	const SHA_LONG64 *W=in;
 	SHA_LONG64	a,b,c,d,e,f,g,h,s0,s1,T1;
--- a/crypto/sha/sha_locl.h
+++ b/crypto/sha/sha_locl.h
@@ -62,17 +62,11 @@
 #include <openssl/opensslconf.h>
 #include <openssl/sha.h>
 #ifndef SHA_LONG_LOG2
 #define SHA_LONG_LOG2	2	/* default to 32 bits */
 #endif
 #define DATA_ORDER_IS_BIG_ENDIAN
 #define HASH_LONG               SHA_LONG
 #define HASH_LONG_LOG2          SHA_LONG_LOG2
 #define HASH_CTX                SHA_CTX
 #define HASH_CBLOCK             SHA_CBLOCK
 #define HASH_LBLOCK             SHA_LBLOCK
 #define HASH_MAKE_STRING(c,s)   do {	\
 	unsigned long ll;		\
 	ll=(c)->h0; HOST_l2c(ll,(s));	\
@@ -88,12 +82,10 @@
 # define HASH_TRANSFORM          	SHA_Transform
 # define HASH_FINAL              	SHA_Final
 # define HASH_INIT			SHA_Init
 # define HASH_BLOCK_HOST_ORDER   	sha_block_host_order
 # define HASH_BLOCK_DATA_ORDER   	sha_block_data_order
 # define Xupdate(a,ix,ia,ib,ic,id)	(ix=(a)=(ia^ib^ic^id))
-  void sha_block_host_order (SHA_CTX *c, const void *p,size_t num);
+static void sha_block_data_order (SHA_CTX *c, const void *p,size_t num);
  void sha_block_data_order (SHA_CTX *c, const void *p,size_t num);
 #elif defined(SHA_1)
@@ -101,7 +93,6 @@
 # define HASH_TRANSFORM          	SHA1_Transform
 # define HASH_FINAL              	SHA1_Final
 # define HASH_INIT			SHA1_Init
 # define HASH_BLOCK_HOST_ORDER   	sha1_block_host_order
 # define HASH_BLOCK_DATA_ORDER   	sha1_block_data_order
 # if defined(__MWERKS__) && defined(__MC68K__)
   /* Metrowerks for Motorola fails otherwise:-( <appro@fy.chalmers.se> */
@@ -114,24 +105,10 @@
 					)
 # endif
-# ifdef SHA1_ASM
+#ifndef SHA1_ASM
-#  if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
+static
-#   if !defined(B_ENDIAN)
+#endif
-#    define sha1_block_host_order		sha1_block_asm_host_order
+void sha1_block_data_order (SHA_CTX *c, const void *p,size_t num);
 #    define DONT_IMPLEMENT_BLOCK_HOST_ORDER
 #    define sha1_block_data_order		sha1_block_asm_data_order
 #    define DONT_IMPLEMENT_BLOCK_DATA_ORDER
 #    define HASH_BLOCK_DATA_ORDER_ALIGNED	sha1_block_asm_data_order
 #   endif
 #  elif defined(__ia64) || defined(__ia64__) || defined(_M_IA64)
 #   define sha1_block_host_order		sha1_block_asm_host_order
 #   define DONT_IMPLEMENT_BLOCK_HOST_ORDER
 #   define sha1_block_data_order		sha1_block_asm_data_order
 #   define DONT_IMPLEMENT_BLOCK_DATA_ORDER
 #  endif
 # endif
  void sha1_block_host_order (SHA_CTX *c, const void *p,size_t num);
  void sha1_block_data_order (SHA_CTX *c, const void *p,size_t num);
 #else
 # error "Either SHA_0 or SHA_1 must be defined."
@@ -151,6 +128,9 @@ FIPS_NON_FIPS_MD_Init(SHA)
 int HASH_INIT (SHA_CTX *c)
 #endif
 	{
 #if defined(SHA_1) && defined(OPENSSL_FIPS)
 	FIPS_selftest_check();
 #endif
 	c->h0=INIT_DATA_h0;
 	c->h1=INIT_DATA_h1;
 	c->h2=INIT_DATA_h2;
@@ -233,133 +213,8 @@ int HASH_INIT (SHA_CTX *c)
 # define X(i)	XX[i]
 #endif
-#ifndef DONT_IMPLEMENT_BLOCK_HOST_ORDER
+#if !defined(SHA_1) || !defined(SHA1_ASM)
-void HASH_BLOCK_HOST_ORDER (SHA_CTX *c, const void *d, size_t num)
+static void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, size_t num)
 	{
 	const SHA_LONG *W=d;
 	register unsigned MD32_REG_T A,B,C,D,E,T;
 #ifndef MD32_XARRAY
 	unsigned MD32_REG_T	XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
 				XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15;
 #else
 	SHA_LONG	XX[16];
 #endif
 	A=c->h0;
 	B=c->h1;
 	C=c->h2;
 	D=c->h3;
 	E=c->h4;
 	for (;;)
 		{
 	BODY_00_15( 0,A,B,C,D,E,T,W[ 0]);
 	BODY_00_15( 1,T,A,B,C,D,E,W[ 1]);
 	BODY_00_15( 2,E,T,A,B,C,D,W[ 2]);
 	BODY_00_15( 3,D,E,T,A,B,C,W[ 3]);
 	BODY_00_15( 4,C,D,E,T,A,B,W[ 4]);
 	BODY_00_15( 5,B,C,D,E,T,A,W[ 5]);
 	BODY_00_15( 6,A,B,C,D,E,T,W[ 6]);
 	BODY_00_15( 7,T,A,B,C,D,E,W[ 7]);
 	BODY_00_15( 8,E,T,A,B,C,D,W[ 8]);
 	BODY_00_15( 9,D,E,T,A,B,C,W[ 9]);
 	BODY_00_15(10,C,D,E,T,A,B,W[10]);
 	BODY_00_15(11,B,C,D,E,T,A,W[11]);
 	BODY_00_15(12,A,B,C,D,E,T,W[12]);
 	BODY_00_15(13,T,A,B,C,D,E,W[13]);
 	BODY_00_15(14,E,T,A,B,C,D,W[14]);
 	BODY_00_15(15,D,E,T,A,B,C,W[15]);
 	BODY_16_19(16,C,D,E,T,A,B,X( 0),W[ 0],W[ 2],W[ 8],W[13]);
 	BODY_16_19(17,B,C,D,E,T,A,X( 1),W[ 1],W[ 3],W[ 9],W[14]);
 	BODY_16_19(18,A,B,C,D,E,T,X( 2),W[ 2],W[ 4],W[10],W[15]);
 	BODY_16_19(19,T,A,B,C,D,E,X( 3),W[ 3],W[ 5],W[11],X( 0));
 	BODY_20_31(20,E,T,A,B,C,D,X( 4),W[ 4],W[ 6],W[12],X( 1));
 	BODY_20_31(21,D,E,T,A,B,C,X( 5),W[ 5],W[ 7],W[13],X( 2));
 	BODY_20_31(22,C,D,E,T,A,B,X( 6),W[ 6],W[ 8],W[14],X( 3));
 	BODY_20_31(23,B,C,D,E,T,A,X( 7),W[ 7],W[ 9],W[15],X( 4));
 	BODY_20_31(24,A,B,C,D,E,T,X( 8),W[ 8],W[10],X( 0),X( 5));
 	BODY_20_31(25,T,A,B,C,D,E,X( 9),W[ 9],W[11],X( 1),X( 6));
 	BODY_20_31(26,E,T,A,B,C,D,X(10),W[10],W[12],X( 2),X( 7));
 	BODY_20_31(27,D,E,T,A,B,C,X(11),W[11],W[13],X( 3),X( 8));
 	BODY_20_31(28,C,D,E,T,A,B,X(12),W[12],W[14],X( 4),X( 9));
 	BODY_20_31(29,B,C,D,E,T,A,X(13),W[13],W[15],X( 5),X(10));
 	BODY_20_31(30,A,B,C,D,E,T,X(14),W[14],X( 0),X( 6),X(11));
 	BODY_20_31(31,T,A,B,C,D,E,X(15),W[15],X( 1),X( 7),X(12));
 	BODY_32_39(32,E,T,A,B,C,D,X( 0),X( 2),X( 8),X(13));
 	BODY_32_39(33,D,E,T,A,B,C,X( 1),X( 3),X( 9),X(14));
 	BODY_32_39(34,C,D,E,T,A,B,X( 2),X( 4),X(10),X(15));
 	BODY_32_39(35,B,C,D,E,T,A,X( 3),X( 5),X(11),X( 0));
 	BODY_32_39(36,A,B,C,D,E,T,X( 4),X( 6),X(12),X( 1));
 	BODY_32_39(37,T,A,B,C,D,E,X( 5),X( 7),X(13),X( 2));
 	BODY_32_39(38,E,T,A,B,C,D,X( 6),X( 8),X(14),X( 3));
 	BODY_32_39(39,D,E,T,A,B,C,X( 7),X( 9),X(15),X( 4));
 	BODY_40_59(40,C,D,E,T,A,B,X( 8),X(10),X( 0),X( 5));
 	BODY_40_59(41,B,C,D,E,T,A,X( 9),X(11),X( 1),X( 6));
 	BODY_40_59(42,A,B,C,D,E,T,X(10),X(12),X( 2),X( 7));
 	BODY_40_59(43,T,A,B,C,D,E,X(11),X(13),X( 3),X( 8));
 	BODY_40_59(44,E,T,A,B,C,D,X(12),X(14),X( 4),X( 9));
 	BODY_40_59(45,D,E,T,A,B,C,X(13),X(15),X( 5),X(10));
 	BODY_40_59(46,C,D,E,T,A,B,X(14),X( 0),X( 6),X(11));
 	BODY_40_59(47,B,C,D,E,T,A,X(15),X( 1),X( 7),X(12));
 	BODY_40_59(48,A,B,C,D,E,T,X( 0),X( 2),X( 8),X(13));
 	BODY_40_59(49,T,A,B,C,D,E,X( 1),X( 3),X( 9),X(14));
 	BODY_40_59(50,E,T,A,B,C,D,X( 2),X( 4),X(10),X(15));
 	BODY_40_59(51,D,E,T,A,B,C,X( 3),X( 5),X(11),X( 0));
 	BODY_40_59(52,C,D,E,T,A,B,X( 4),X( 6),X(12),X( 1));
 	BODY_40_59(53,B,C,D,E,T,A,X( 5),X( 7),X(13),X( 2));
 	BODY_40_59(54,A,B,C,D,E,T,X( 6),X( 8),X(14),X( 3));
 	BODY_40_59(55,T,A,B,C,D,E,X( 7),X( 9),X(15),X( 4));
 	BODY_40_59(56,E,T,A,B,C,D,X( 8),X(10),X( 0),X( 5));
 	BODY_40_59(57,D,E,T,A,B,C,X( 9),X(11),X( 1),X( 6));
 	BODY_40_59(58,C,D,E,T,A,B,X(10),X(12),X( 2),X( 7));
 	BODY_40_59(59,B,C,D,E,T,A,X(11),X(13),X( 3),X( 8));
 	BODY_60_79(60,A,B,C,D,E,T,X(12),X(14),X( 4),X( 9));
 	BODY_60_79(61,T,A,B,C,D,E,X(13),X(15),X( 5),X(10));
 	BODY_60_79(62,E,T,A,B,C,D,X(14),X( 0),X( 6),X(11));
 	BODY_60_79(63,D,E,T,A,B,C,X(15),X( 1),X( 7),X(12));
 	BODY_60_79(64,C,D,E,T,A,B,X( 0),X( 2),X( 8),X(13));
 	BODY_60_79(65,B,C,D,E,T,A,X( 1),X( 3),X( 9),X(14));
 	BODY_60_79(66,A,B,C,D,E,T,X( 2),X( 4),X(10),X(15));
 	BODY_60_79(67,T,A,B,C,D,E,X( 3),X( 5),X(11),X( 0));
 	BODY_60_79(68,E,T,A,B,C,D,X( 4),X( 6),X(12),X( 1));
 	BODY_60_79(69,D,E,T,A,B,C,X( 5),X( 7),X(13),X( 2));
 	BODY_60_79(70,C,D,E,T,A,B,X( 6),X( 8),X(14),X( 3));
 	BODY_60_79(71,B,C,D,E,T,A,X( 7),X( 9),X(15),X( 4));
 	BODY_60_79(72,A,B,C,D,E,T,X( 8),X(10),X( 0),X( 5));
 	BODY_60_79(73,T,A,B,C,D,E,X( 9),X(11),X( 1),X( 6));
 	BODY_60_79(74,E,T,A,B,C,D,X(10),X(12),X( 2),X( 7));
 	BODY_60_79(75,D,E,T,A,B,C,X(11),X(13),X( 3),X( 8));
 	BODY_60_79(76,C,D,E,T,A,B,X(12),X(14),X( 4),X( 9));
 	BODY_60_79(77,B,C,D,E,T,A,X(13),X(15),X( 5),X(10));
 	BODY_60_79(78,A,B,C,D,E,T,X(14),X( 0),X( 6),X(11));
 	BODY_60_79(79,T,A,B,C,D,E,X(15),X( 1),X( 7),X(12));
 	c->h0=(c->h0+E)&0xffffffffL; 
 	c->h1=(c->h1+T)&0xffffffffL;
 	c->h2=(c->h2+A)&0xffffffffL;
 	c->h3=(c->h3+B)&0xffffffffL;
 	c->h4=(c->h4+C)&0xffffffffL;
 	if (--num == 0) break;
 	A=c->h0;
 	B=c->h1;
 	C=c->h2;
 	D=c->h3;
 	E=c->h4;
 	W+=SHA_LBLOCK;
 		}
 	}
 #endif
 #ifndef DONT_IMPLEMENT_BLOCK_DATA_ORDER
 void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, size_t num)
 	{
 	const unsigned char *data=p;
 	register unsigned MD32_REG_T A,B,C,D,E,T,l;
@@ -378,7 +233,34 @@ void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, size_t num)
 	for (;;)
 			{
 	const union { long one; char little; } is_endian = {1};
 	if (!is_endian.little && sizeof(SHA_LONG)==4 && ((size_t)p%4)==0)
 		{
 		const SHA_LONG *W=(const SHA_LONG *)data;
 		X( 0) = W[0];				X( 1) = W[ 1];
 		BODY_00_15( 0,A,B,C,D,E,T,X( 0));	X( 2) = W[ 2];
 		BODY_00_15( 1,T,A,B,C,D,E,X( 1));	X( 3) = W[ 3];
 		BODY_00_15( 2,E,T,A,B,C,D,X( 2));	X( 4) = W[ 4];
 		BODY_00_15( 3,D,E,T,A,B,C,X( 3));	X( 5) = W[ 5];
 		BODY_00_15( 4,C,D,E,T,A,B,X( 4));	X( 6) = W[ 6];
 		BODY_00_15( 5,B,C,D,E,T,A,X( 5));	X( 7) = W[ 7];
 		BODY_00_15( 6,A,B,C,D,E,T,X( 6));	X( 8) = W[ 8];
 		BODY_00_15( 7,T,A,B,C,D,E,X( 7));	X( 9) = W[ 9];
 		BODY_00_15( 8,E,T,A,B,C,D,X( 8));	X(10) = W[10];
 		BODY_00_15( 9,D,E,T,A,B,C,X( 9));	X(11) = W[11];
 		BODY_00_15(10,C,D,E,T,A,B,X(10));	X(12) = W[12];
 		BODY_00_15(11,B,C,D,E,T,A,X(11));	X(13) = W[13];
 		BODY_00_15(12,A,B,C,D,E,T,X(12));	X(14) = W[14];
 		BODY_00_15(13,T,A,B,C,D,E,X(13));	X(15) = W[15];
 		BODY_00_15(14,E,T,A,B,C,D,X(14));
 		BODY_00_15(15,D,E,T,A,B,C,X(15));
 		data += SHA_CBLOCK;
 		}
 	else
 		{
 		HOST_c2l(data,l); X( 0)=l;		HOST_c2l(data,l); X( 1)=l;
 		BODY_00_15( 0,A,B,C,D,E,T,X( 0));	HOST_c2l(data,l); X( 2)=l;
 		BODY_00_15( 1,T,A,B,C,D,E,X( 1));	HOST_c2l(data,l); X( 3)=l;
@@ -396,6 +278,7 @@ void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, size_t num)
 		BODY_00_15(13,T,A,B,C,D,E,X(13));	HOST_c2l(data,l); X(15)=l;
 		BODY_00_15(14,E,T,A,B,C,D,X(14));
 		BODY_00_15(15,D,E,T,A,B,C,X(15));
 		}
 	BODY_16_19(16,C,D,E,T,A,B,X( 0),X( 0),X( 2),X( 8),X(13));
 	BODY_16_19(17,B,C,D,E,T,A,X( 1),X( 1),X( 3),X( 9),X(14));
@@ -515,54 +398,8 @@ void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, size_t num)
 	E=D, D=C, C=ROTATE(B,30), B=A;	\
 	A=ROTATE(A,5)+T+xa;	    } while(0)
-#ifndef DONT_IMPLEMENT_BLOCK_HOST_ORDER
+#if !defined(SHA_1) || !defined(SHA1_ASM)
-void HASH_BLOCK_HOST_ORDER (SHA_CTX *c, const void *d, size_t num)
+static void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, size_t num)
 	{
 	const SHA_LONG *W=d;
 	register unsigned MD32_REG_T A,B,C,D,E,T;
 	int i;
 	SHA_LONG	X[16];
 	A=c->h0;
 	B=c->h1;
 	C=c->h2;
 	D=c->h3;
 	E=c->h4;
 	for (;;)
 		{
 	for (i=0;i<16;i++)
 	{ X[i]=W[i]; BODY_00_15(X[i]); }
 	for (i=0;i<4;i++)
 	{ BODY_16_19(X[i],       X[i+2],      X[i+8],     X[(i+13)&15]); }
 	for (;i<24;i++)
 	{ BODY_20_39(X[i&15],    X[(i+2)&15], X[(i+8)&15],X[(i+13)&15]); }
 	for (i=0;i<20;i++)
 	{ BODY_40_59(X[(i+8)&15],X[(i+10)&15],X[i&15],    X[(i+5)&15]);  }
 	for (i=4;i<24;i++)
 	{ BODY_60_79(X[(i+8)&15],X[(i+10)&15],X[i&15],    X[(i+5)&15]);  }
 	c->h0=(c->h0+A)&0xffffffffL; 
 	c->h1=(c->h1+B)&0xffffffffL;
 	c->h2=(c->h2+C)&0xffffffffL;
 	c->h3=(c->h3+D)&0xffffffffL;
 	c->h4=(c->h4+E)&0xffffffffL;
 	if (--num == 0) break;
 	A=c->h0;
 	B=c->h1;
 	C=c->h2;
 	D=c->h3;
 	E=c->h4;
 	W+=SHA_LBLOCK;
 		}
 	}
 #endif
 #ifndef DONT_IMPLEMENT_BLOCK_DATA_ORDER
 void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, size_t num)
 	{
 	const unsigned char *data=p;
 	register unsigned MD32_REG_T A,B,C,D,E,T,l;
--- a/crypto/stack/safestack.h
+++ b/crypto/stack/safestack.h
@@ -520,28 +520,6 @@ STACK_OF(type) \
 #define sk_CRYPTO_dynlock_sort(st) SKM_sk_sort(CRYPTO_dynlock, (st))
 #define sk_CRYPTO_dynlock_is_sorted(st) SKM_sk_is_sorted(CRYPTO_dynlock, (st))
 #define sk_CRYPTO_dynlock_new(st) SKM_sk_new(CRYPTO_dynlock, (st))
 #define sk_CRYPTO_dynlock_new_null() SKM_sk_new_null(CRYPTO_dynlock)
 #define sk_CRYPTO_dynlock_free(st) SKM_sk_free(CRYPTO_dynlock, (st))
 #define sk_CRYPTO_dynlock_num(st) SKM_sk_num(CRYPTO_dynlock, (st))
 #define sk_CRYPTO_dynlock_value(st, i) SKM_sk_value(CRYPTO_dynlock, (st), (i))
 #define sk_CRYPTO_dynlock_set(st, i, val) SKM_sk_set(CRYPTO_dynlock, (st), (i), (val))
 #define sk_CRYPTO_dynlock_zero(st) SKM_sk_zero(CRYPTO_dynlock, (st))
 #define sk_CRYPTO_dynlock_push(st, val) SKM_sk_push(CRYPTO_dynlock, (st), (val))
 #define sk_CRYPTO_dynlock_unshift(st, val) SKM_sk_unshift(CRYPTO_dynlock, (st), (val))
 #define sk_CRYPTO_dynlock_find(st, val) SKM_sk_find(CRYPTO_dynlock, (st), (val))
 #define sk_CRYPTO_dynlock_find_ex(st, val) SKM_sk_find_ex(CRYPTO_dynlock, (st), (val))
 #define sk_CRYPTO_dynlock_delete(st, i) SKM_sk_delete(CRYPTO_dynlock, (st), (i))
 #define sk_CRYPTO_dynlock_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_dynlock, (st), (ptr))
 #define sk_CRYPTO_dynlock_insert(st, val, i) SKM_sk_insert(CRYPTO_dynlock, (st), (val), (i))
 #define sk_CRYPTO_dynlock_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CRYPTO_dynlock, (st), (cmp))
 #define sk_CRYPTO_dynlock_dup(st) SKM_sk_dup(CRYPTO_dynlock, st)
 #define sk_CRYPTO_dynlock_pop_free(st, free_func) SKM_sk_pop_free(CRYPTO_dynlock, (st), (free_func))
 #define sk_CRYPTO_dynlock_shift(st) SKM_sk_shift(CRYPTO_dynlock, (st))
 #define sk_CRYPTO_dynlock_pop(st) SKM_sk_pop(CRYPTO_dynlock, (st))
 #define sk_CRYPTO_dynlock_sort(st) SKM_sk_sort(CRYPTO_dynlock, (st))
 #define sk_CRYPTO_dynlock_is_sorted(st) SKM_sk_is_sorted(CRYPTO_dynlock, (st))
 #define sk_DIST_POINT_new(st) SKM_sk_new(DIST_POINT, (st))
 #define sk_DIST_POINT_new_null() SKM_sk_new_null(DIST_POINT)
 #define sk_DIST_POINT_free(st) SKM_sk_free(DIST_POINT, (st))
--- a/crypto/store/str_lib.c
+++ b/crypto/store/str_lib.c
@@ -236,7 +236,7 @@ const STORE_METHOD *STORE_set_method(STORE *store, const STORE_METHOD *meth)
 #define check_store(s,fncode,fnname,fnerrcode) \
 	do \
 		{ \
-		if ((s) == NULL || (s)->meth) \
+		if ((s) == NULL || (s)->meth == NULL) \
 			{ \
 			STOREerr((fncode), ERR_R_PASSED_NULL_PARAMETER); \
 			return 0; \
--- a/crypto/x86_64cpuid.pl
+++ b/crypto/x86_64cpuid.pl
@@ -1,19 +1,12 @@
 #!/usr/bin/env perl
 $output=shift;
-$win64a=1 if ($output =~ /win64a\.[s|asm]/);
+$masm=1 if ($output =~ /\.asm/);
 open STDOUT,">$output" || die "can't open $output: $!";
-print<<___ if(defined($win64a));
+print<<___ if(defined($masm));
 _TEXT	SEGMENT
 PUBLIC	OPENSSL_rdtsc
 ALIGN	16
 OPENSSL_rdtsc	PROC
 	rdtsc
 	shl	rdx,32
 	or	rax,rdx
 	ret
 OPENSSL_rdtsc	ENDP
 PUBLIC	OPENSSL_atomic_add
 ALIGN	16
@@ -45,35 +38,16 @@ OPENSSL_wipe_cpu	PROC
 	lea	rax,QWORD PTR[rsp+8]
 	ret
 OPENSSL_wipe_cpu	ENDP
 OPENSSL_ia32_cpuid	PROC
 	mov	r8,rbx
 	mov	eax,1
 	cpuid
 	shl	rcx,32
 	mov	eax,edx
 	mov	rbx,r8
 	or	rax,rcx
 	ret
 OPENSSL_ia32_cpuid	ENDP
 _TEXT	ENDS
 CRT\$XIU	SEGMENT
 EXTRN	OPENSSL_cpuid_setup:PROC
 DQ	OPENSSL_cpuid_setup
 CRT\$XIU	ENDS
-END
+
 ___
-print<<___ if(!defined($win64a));
+print<<___ if(!defined($masm));
 .text
 .globl	OPENSSL_rdtsc
 .align	16
 OPENSSL_rdtsc:
 	rdtsc
 	shlq	\$32,%rdx
 	orq	%rdx,%rax
 	ret
 .size	OPENSSL_rdtsc,.-OPENSSL_rdtsc
 .globl	OPENSSL_atomic_add
 .type	OPENSSL_atomic_add,\@function
@@ -120,19 +94,66 @@ OPENSSL_wipe_cpu:
 	ret
 .size	OPENSSL_wipe_cpu,.-OPENSSL_wipe_cpu
 .globl	OPENSSL_ia32_cpuid
 .align	16
 OPENSSL_ia32_cpuid:
 	movq	%rbx,%r8
 	movl	\$1,%eax
 	cpuid
 	shlq	\$32,%rcx
 	movl	%edx,%eax
 	movq	%r8,%rbx
 	orq	%rcx,%rax
 	ret
 .size	OPENSSL_ia32_cpuid,.-OPENSSL_ia32_cpuid
 .section	.init
 	call	OPENSSL_cpuid_setup
 ___
 open STDOUT,"| $^X perlasm/x86_64-xlate.pl $output";
 print<<___;
 .text
 .globl	OPENSSL_rdtsc
 .type	OPENSSL_rdtsc,\@abi-omnipotent
 .align	16
 OPENSSL_rdtsc:
 	rdtsc
 	shl	\$32,%rdx
 	or	%rdx,%rax
 	ret
 .size	OPENSSL_rdtsc,.-OPENSSL_rdtsc
 .globl	OPENSSL_ia32_cpuid
 .type	OPENSSL_ia32_cpuid,\@abi-omnipotent
 .align	16
 OPENSSL_ia32_cpuid:
 	mov	%rbx,%r8
 	xor	%eax,%eax
 	cpuid
 	xor	%eax,%eax
 	cmp	\$0x756e6547,%ebx	# "Genu"
 	setne	%al
 	mov	%eax,%r9d
 	cmp	\$0x49656e69,%edx	# "ineI"
 	setne	%al
 	or	%eax,%r9d
 	cmp	\$0x6c65746e,%ecx	# "ntel"
 	setne	%al
 	or	%eax,%r9d
 	mov	\$1,%eax
 	cpuid
 	cmp	\$0,%r9d
 	jne	.Lnotintel
 	or	\$0x00100000,%edx	# use reserved 20th bit to engage RC4_CHAR
 	and	\$15,%ah
 	cmp	\$15,%ah		# examine Family ID
 	je	.Lnotintel
 	or	\$0x40000000,%edx	# use reserved 30th bit to skip unrolled loop
 .Lnotintel:
 	bt	\$28,%edx		# test hyper-threading bit
 	jnc	.Ldone
 	shr	\$16,%ebx
 	cmp	\$1,%bl			# see if cache is shared
 	ja	.Ldone
 	and	\$0xefffffff,%edx	# ~(1<<28)
 .Ldone:
 	shl	\$32,%rcx
 	mov	%edx,%eax
 	mov	%r8,%rbx
 	or	%rcx,%rax
 	ret
 .size	OPENSSL_ia32_cpuid,.-OPENSSL_ia32_cpuid
 ___
 close STDOUT;	# flush
--- a/crypto/x86cpuid.pl
+++ b/crypto/x86cpuid.pl
@@ -19,13 +19,40 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
 	&pop	("eax");
 	&xor	("ecx","eax");
 	&bt	("ecx",21);
-	&jnc	(&label("nocpuid"));
+	&jnc	(&label("done"));
 	&xor	("eax","eax");
 	&cpuid	();
 	&xor	("eax","eax");
 	&cmp	("ebx",0x756e6547);	# "Genu"
 	&setne	(&LB("eax"));
 	&mov	("ebp","eax");
 	&cmp	("edx",0x49656e69);	# "ineI"
 	&setne	(&LB("eax"));
 	&or	("ebp","eax");
 	&cmp	("ecx",0x6c65746e);	# "ntel"
 	&setne	(&LB("eax"));
 	&or	("ebp","eax");
 	&mov	("eax",1);
 	&cpuid	();
-&set_label("nocpuid");
+	&cmp	("ebp",0);
 	&jne	(&label("notP4"));
 	&and	(&HB("eax"),15);	# familiy ID
 	&cmp	(&HB("eax"),15);	# P4?
 	&jne	(&label("notP4"));
 	&or	("edx",1<<20);		# use reserved bit to engage RC4_CHAR
 &set_label("notP4");
 	&bt	("edx",28);		# test hyper-threading bit
 	&jnc	(&label("done"));
 	&shr	("ebx",16);
 	&cmp	(&LB("ebx"),1);		# see if cache is shared(*)
 	&ja	(&label("done"));
 	&and	("edx",0xefffffff);	# clear hyper-threading bit if not
 &set_label("done");
 	&mov	("eax","edx");
 	&mov	("edx","ecx");
 &function_end("OPENSSL_ia32_cpuid");
 # (*)	on Core2 this value is set to 2 denoting the fact that L2
 #	cache is shared between cores.
 &external_label("OPENSSL_ia32cap_P");
--- a/doc/apps/enc.pod
+++ b/doc/apps/enc.pod
@@ -227,6 +227,14 @@ Blowfish and RC5 algorithms use a 128 bit key.
 rc5-ecb            RC5 cipher in ECB mode
 rc5-ofb            RC5 cipher in OFB mode
 aes-[128|192|256]-cbc	128/192/256 bit AES in CBC mode
 aes-[128|192|256]	Alias for aes-[128|192|256]-cbc
 aes-[128|192|256]-cfb	128/192/256 bit AES in 128 bit CFB mode
 aes-[128|192|256]-cfb1	128/192/256 bit AES in 1 bit CFB mode
 aes-[128|192|256]-cfb8	128/192/256 bit AES in 8 bit CFB mode
 aes-[128|192|256]-ecb	128/192/256 bit AES in ECB mode
 aes-[128|192|256]-ofb	128/192/256 bit AES in OFB mode
 =head1 EXAMPLES
 Just base64 encode a binary file:
--- a/doc/apps/openssl.pod
+++ b/doc/apps/openssl.pod
@@ -227,6 +227,22 @@ SHA Digest
 SHA-1 Digest
 =item B<sha224>
 SHA-224 Digest
 =item B<sha256>
 SHA-256 Digest
 =item B<sha384>
 SHA-384 Digest
 =item B<sha512>
 SHA-512 Digest
 =back
 =head2 ENCODING AND CIPHER COMMANDS
--- a/doc/apps/rsautl.pod
+++ b/doc/apps/rsautl.pod
@@ -152,7 +152,7 @@ The final BIT STRING contains the actual signature. It can be extracted with:
 The certificate public key can be extracted with:
- openssl x509 -in test/testx509.pem -pubout -noout >pubkey.pem
+ openssl x509 -in test/testx509.pem -pubkey -noout >pubkey.pem
 The signature can be analysed with:
--- a/fips-1.0/aes/asm/fips-ax86-elf.s
+++ b/fips-1.0/aes/asm/fips-ax86-elf.s
--- a/fips-1.0/aes/fips_aes_core.c
+++ b/fips-1.0/aes/fips_aes_core.c
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Dr. Stephen Henson	d1321464f6	Add crossbuild patch to 1.2 FIPS branch.	2011-09-25 15:51:57 +00:00
cvs2svn	a0055fbef4	This commit was manufactured by cvs2svn to create branch 'OpenSSL-fips- 1_2-stable'.	2007-10-05 17:35:29 +00:00
Dr. Stephen Henson	2f9048b8a1	Disable CFB1 tests.	2007-10-05 17:35:26 +00:00
Dr. Stephen Henson	d73ed541db	Fix bug in DSA parameter generation code which stopped it copying a generated random seed to the supplied seed parameter.	2007-10-05 13:14:55 +00:00
Dr. Stephen Henson	e6e5592a50	Make mkfipsscr.pl options consistent across platforms.	2007-09-22 12:43:13 +00:00
Dr. Stephen Henson	663bbb6367	Change rsp filename to WIN32 format if needed.	2007-09-21 18:05:25 +00:00
Dr. Stephen Henson	98ced05c56	New --rspdir option to mkfipsscr.pl to specify alternate output directory. Modify fips_aesavs and fips_desmovs to support an optional output filename with -f option.	2007-09-21 18:00:24 +00:00
Dr. Stephen Henson	5b75e1cff4	Update TABLE	2007-09-19 00:10:03 +00:00
Dr. Stephen Henson	f36a8c2060	Include some fixes from 0.9.8-stable branch.	2007-09-19 00:02:49 +00:00
Andy Polyakov	90ac9ec264	BSD run-time linkers apparently demand RPATH on .so objects [from HEAD]. PR: 1381	2007-09-16 18:44:35 +00:00
Dr. Stephen Henson	fe5c4c885b	Exit dsa test program if key gen error.	2007-09-12 21:35:39 +00:00
Dr. Stephen Henson	1950e8acea	Add more failure testing FIPS functions, for continuous RNG, pairwise RSA/DSA. Update fips_test_suite to use them and convert AES, DES3 and SHAx to use EVP.	2007-09-12 17:46:08 +00:00
Dr. Stephen Henson	437bafa5cc	Update mkfipsscr.pl to handle CFB1 mode.	2007-09-07 11:24:25 +00:00
Andy Polyakov	7c78f06301	Remove [BL]_ENDIAN from no-asm builds.	2007-08-29 18:51:14 +00:00
Andy Polyakov	b27278d0cf	Last change inadvertently disabled x86[_64] assembler in Windows build.	2007-08-27 20:02:23 +00:00
Andy Polyakov	24a69a8196	Disable non-x86[_64] assembler modules.	2007-08-27 16:26:37 +00:00
Andy Polyakov	b3049d696b	shlib_wrap update [from HEAD].	2007-08-27 08:57:59 +00:00
Andy Polyakov	77b265f48c	Framework update.	2007-08-26 14:57:42 +00:00
Andy Polyakov	735b9eeed5	IRIX and Tru64 platform updates [from HEAD].	2007-08-26 14:57:10 +00:00
Andy Polyakov	67c31c4b61	Short circuit ranlib in trap handler.	2007-08-26 08:51:23 +00:00
Andy Polyakov	0406ce2646	Engage x86_64 assembler in Win64 build.	2007-08-23 12:13:55 +00:00
Andy Polyakov	76108ba7eb	Updates from HEAD.	2007-08-23 12:04:42 +00:00
Andy Polyakov	4d27e3d339	Make tesfipsssl pass.	2007-08-21 15:26:51 +00:00
Andy Polyakov	7d59e441ca	Avoid BN_CTX_free(uninitialized pointer).	2007-08-21 14:44:13 +00:00
Dr. Stephen Henson	3e3c47d5d5	Update fips_dsatest to use 1024 bit key.	2007-08-21 12:57:06 +00:00
Dr. Stephen Henson	03b7b4690c	Cleaner check of self test status.	2007-08-19 12:49:07 +00:00
Dr. Stephen Henson	0fd9322af1	Block DH key gen for small key sizes too.	2007-08-18 02:46:11 +00:00
Dr. Stephen Henson	7016b1952e	Don't generate DSA keys with key size too small.	2007-08-18 02:36:23 +00:00
Dr. Stephen Henson	ff3e014820	Remove single DES self test vectors.	2007-08-15 16:22:34 +00:00
Dr. Stephen Henson	50cd0f0eb3	Delete old files.	2007-08-15 15:29:43 +00:00
Dr. Stephen Henson	32098b7565	Move fips-1.0/ files to fips/	2007-08-15 13:35:51 +00:00
Dr. Stephen Henson	bf4131fbf9	Update to include fips_locl.h so WIN32 build can pick it up.	2007-08-15 12:37:34 +00:00
Dr. Stephen Henson	2ac869590f	Indicate failure if any selftest fails. Increase keysizes in fips_test_suite	2007-08-15 00:36:05 +00:00
Dr. Stephen Henson	4742bc0f6f	Fix remaining error code discrepancies.	2007-08-14 16:00:52 +00:00
Dr. Stephen Henson	02e483d236	Fix more error codes.	2007-08-14 13:33:33 +00:00
Dr. Stephen Henson	1a58139aaa	More function code correction.	2007-08-14 13:20:42 +00:00
Dr. Stephen Henson	a32f4770e9	Ensure seed does not match key and fixup error codes.	2007-08-14 13:17:28 +00:00
Dr. Stephen Henson	086d475ffb	Make FIPS cipher alias work again.	2007-08-13 18:35:04 +00:00
Dr. Stephen Henson	7f1288da93	Enforce minimum key sizes in FIPS mode.	2007-08-13 18:02:52 +00:00
Dr. Stephen Henson	0a6e92a88f	Include modulus sanity checks.	2007-08-13 13:28:31 +00:00
Dr. Stephen Henson	36eaa70621	Update DSA selftest with data from NIST test vectors.	2007-08-13 13:21:08 +00:00
Andy Polyakov	d7dc9a7ce3	Platform check in FIPS_mode_set.	2007-08-02 20:42:33 +00:00
Andy Polyakov	319e19db9c	Remove options in ./config.	2007-08-02 20:41:13 +00:00
Andy Polyakov	ef85b85b12	Erroneously omitted code from "jumbo framework update."	2007-08-01 14:22:36 +00:00
Andy Polyakov	4d4d27a2a0	Typo in fipsld.	2007-08-01 11:49:16 +00:00
Andy Polyakov	8f0d89092e	Jumbo framework update.	2007-08-01 11:33:17 +00:00
Andy Polyakov	c4a2cab0bb	Typos in ./config [from HEAD]. PR: 1563	2007-08-01 11:22:23 +00:00
Andy Polyakov	6d73d35f4f	aes-x86_64 update [from HEAD].	2007-07-30 16:44:12 +00:00
Andy Polyakov	f53e66af67	Respect ISO aliasing rules. PR: 1296	2007-07-27 20:36:09 +00:00
Andy Polyakov	5cbe626d26	AES for IA64 update [from HEAD].	2007-07-27 18:22:40 +00:00
Andy Polyakov	fe93a60b00	Allow for extrnal DllMain.	2007-07-26 16:46:54 +00:00
Dr. Stephen Henson	5e10ca5618	Extend do_fips to detect processor from %PROCESSOR_ARCHITECTURE% environment variable and support no-asm command line option for WIN32.	2007-07-25 23:38:11 +00:00
Andy Polyakov	4e8da09800	x86 perlasm updates [from HEAD].	2007-07-25 12:38:35 +00:00
Dr. Stephen Henson	203ae57fe0	Generate and use assembly language files in WIN32 build.	2007-07-24 18:27:35 +00:00
Andy Polyakov	529c33f1e8	Throw in bn_mul_mont for x86_64.	2007-07-24 15:42:13 +00:00
Andy Polyakov	af18a34478	Throw in bn_mul_mont for x86.	2007-07-24 15:29:21 +00:00
Andy Polyakov	da5c0127ac	Allow for bn_mul_mont assembler.	2007-07-24 15:07:51 +00:00
Andy Polyakov	ce0e12d29a	Configure update from 098.	2007-07-24 14:41:03 +00:00
Andy Polyakov	87339c6290	s390x assembler pack.	2007-07-23 20:42:50 +00:00
Andy Polyakov	0a22e7446b	Typo in EXCL_OBJ list	2007-07-23 16:35:30 +00:00
Andy Polyakov	b56cb7c6ea	x86*cpuid update [from HEAD].	2007-07-23 16:18:36 +00:00
Andy Polyakov	cd5ab329f2	Optimized OPENSSL_cleanse [from HEAD].	2007-07-23 16:10:06 +00:00
Andy Polyakov	80106dc5fb	aes-586.pl from HEAD.	2007-07-23 15:13:51 +00:00
Andy Polyakov	0fa79cbe17	Synchronize x86 perlasm with HEAD.	2007-07-23 15:12:20 +00:00
Andy Polyakov	be22102d82	Add AES x86_64 assembler module.	2007-07-23 14:56:01 +00:00
Andy Polyakov	1ad95f8217	Add SHA x86_64 assembler.	2007-07-23 14:42:12 +00:00
Andy Polyakov	5f1211834f	x86_64-xlate.pl from HEAD.	2007-07-23 14:21:42 +00:00
Andy Polyakov	28feb1f8da	md32_common.h update from HEAD.	2007-07-23 14:15:36 +00:00
Andy Polyakov	9596d1e63b	Decommission md5-sparcv9 module.	2007-07-23 14:13:14 +00:00
Dr. Stephen Henson	626bebeede	Delete obsolete files.	2007-07-23 11:54:47 +00:00
Andy Polyakov	dfe42a131f	Framework updates.	2007-07-22 20:53:17 +00:00
Dr. Stephen Henson	1970bc2703	For Unix fips builds... 1. Make shared library build default. 2. Fix libcrypto build to work with shared builds. 3. Link fips utilities to fipscanister.o except for fipsdso builds.	2007-07-21 20:18:47 +00:00
Dr. Stephen Henson	08debe11f8	Install fipscanister.o and friends. Disable warning halt in VC++ build.	2007-07-21 12:07:09 +00:00
Dr. Stephen Henson	9c7e058216	Don't install docs by default.	2007-07-21 00:15:15 +00:00
Dr. Stephen Henson	b01e8b2063	Change fips build default install location so it doesn't overwrite any existing OpenSSL installation.	2007-07-21 00:14:02 +00:00
Dr. Stephen Henson	100868d1cf	Link fips utils against fipscanister.lib only except for dso builds. Add --with-fipslibdir option to Configure.	2007-07-20 22:23:11 +00:00
Dr. Stephen Henson	0712210f03	Typo.	2007-07-19 21:44:25 +00:00
Dr. Stephen Henson	8431a6aaf5	Add error checking to script.	2007-07-19 16:45:31 +00:00
Dr. Stephen Henson	2b4a783f66	Initial fips WIN32 compilation batch file.	2007-07-19 16:11:21 +00:00
Dr. Stephen Henson	25df4a81cc	Use X9.31 keygen for signature test.	2007-07-19 12:24:01 +00:00
Dr. Stephen Henson	23830280e4	Add SSE2 support to VC++ build. Update MASM script.	2007-07-19 12:17:56 +00:00
Andy Polyakov	bfdfc67b01	shlib_wrap.sh update [from HEAD].	2007-07-16 14:02:52 +00:00
Andy Polyakov	4764a0543d	Bourne shell portability fix.	2007-07-16 12:23:55 +00:00
Andy Polyakov	d92b0efbb8	Framework updates.	2007-07-16 10:00:36 +00:00
Dr. Stephen Henson	b329cc2410	Check return code properly in fputs (< 0 is error).	2007-07-16 00:09:44 +00:00
Dr. Stephen Henson	ed31fe68ff	Update test script generator for Win32.	2007-07-15 21:27:34 +00:00
Dr. Stephen Henson	8fa41c6696	include openssl/fips.h in sha1dgst.c	2007-07-15 16:50:34 +00:00
Dr. Stephen Henson	707a028c8b	Update .cvsignore	2007-07-15 16:12:29 +00:00
Dr. Stephen Henson	9593bc46bf	Tolerate DigestInfo with absent parameters in FIPS mode.	2007-07-15 16:10:46 +00:00
Dr. Stephen Henson	5c65d38219	Add selftest check to SHA1 routine.	2007-07-15 12:06:23 +00:00
Dr. Stephen Henson	1b8b2d9300	Enhance mkfipsscr.pl to handle different testvector paths and perform sanity checks. Make AES/TDES algorithm test programs quiet if VERBOSE is zero.	2007-07-15 12:01:54 +00:00
Dr. Stephen Henson	4e1778b0d8	Update Windows build system to use AES assembler and standard assembly language routines in FIPS mode compiles.	2007-07-12 08:20:21 +00:00
Dr. Stephen Henson	982c67fbaa	Updates to WIN32 build system to make FIPS build work again.	2007-07-11 11:53:20 +00:00
Dr. Stephen Henson	2ef2463643	Typo.	2007-07-11 00:11:09 +00:00
Dr. Stephen Henson	585eb117d4	Delete old duplicate files.	2007-07-10 22:02:02 +00:00
Dr. Stephen Henson	7c27ac1030	Update dependencies.	2007-07-10 21:37:24 +00:00
Dr. Stephen Henson	475631c31a	Use common source files for FIPS mode and utilize same optimizations.	2007-07-10 21:24:32 +00:00
Andy Polyakov	218ba8cb9d	Shut up memory debuggers complaining about AES x86 assembler module [from stable]. PR: 1508,1320	2007-07-08 19:41:38 +00:00
Andy Polyakov	e881c00515	EVP_*_cfb1 was broken [from HEAD]. PR: 1318	2007-07-08 19:20:48 +00:00
Andy Polyakov	6c3fca2b10	bn_mul_recursive doesn't handle all cases correctly, which results in BN_mul failures at certain key-length mixes [from HEAD]. PR: 1427	2007-07-08 18:55:51 +00:00
Andy Polyakov	0225c7a41e	Typo in str_lib.c [from HEAD]. PR: 1177	2007-07-07 20:12:12 +00:00