Yet more changes to comments

Reviewed-by: Tim Hudson <tjh@openssl.org>
More tweaks for comments due indent issues
2015-01-22 09:46:13 +00:00 · 2015-01-22 09:46:08 +00:00 · 2015-01-22 09:46:01 +00:00 · 2015-01-22 09:45:56 +00:00 · 2015-01-22 09:45:51 +00:00 · 2015-01-22 09:45:45 +00:00
298 changed files with 8022 additions and 4833 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,6 @@
 # Object files
 *.o
+*.obj

 # editor artefacts
 *.swp
@@ -47,6 +48,21 @@
 *.s
 !/crypto/bn/asm/pa-risc2.s
 !/crypto/bn/asm/pa-risc2W.s
+crypto/aes/asm/a_win32.asm
+crypto/bf/asm/b_win32.asm
+crypto/bn/asm/bn_win32.asm
+crypto/bn/asm/co_win32.asm
+crypto/bn/asm/mt_win32.asm
+crypto/cast/asm/c_win32.asm
+crypto/cpu_win32.asm
+crypto/des/asm/d_win32.asm
+crypto/des/asm/y_win32.asm
+crypto/md5/asm/m5_win32.asm
+crypto/rc4/asm/r4_win32.asm
+crypto/rc5/asm/r5_win32.asm
+crypto/ripemd/asm/rm_win32.asm
+crypto/sha/asm/s1_win32.asm
+crypto/sha/asm/sha512-sse2.asm

 # Executables
 /apps/openssl
@@ -77,3 +93,17 @@ Makefile.save
 *.bak
 tags
 TAGS
+
+# Windows
+/tmp32dll
+/tmp32dll.dbg
+/out32dll
+/out32dll.dbg
+/inc32
+/MINFO
+ms/bcb.mak
+ms/libeay32.def
+ms/nt.mak
+ms/ntdll.mak
+ms/ssleay32.def
+ms/version32.rc
--- a/110
+++ b/110
@@ -2,6 +2,116 @@
 OpenSSL CHANGES
 _______________

+ Changes between 1.0.0q and 1.0.0r [xx XXX xxxx]
+
+  *)
+
+ Changes between 1.0.0p and 1.0.0q [15 Jan 2015]
+
+  *) Build fixes for the Windows and OpenVMS platforms
+     [Matt Caswell and Richard Levitte]
+
+ Changes between 1.0.0o and 1.0.0p [8 Jan 2015]
+
+  *) Fix DTLS segmentation fault in dtls1_get_record. A carefully crafted DTLS
+     message can cause a segmentation fault in OpenSSL due to a NULL pointer
+     dereference. This could lead to a Denial Of Service attack. Thanks to
+     Markus Stenberg of Cisco Systems, Inc. for reporting this issue.
+     (CVE-2014-3571)
+     [Steve Henson]
+
+  *) Fix DTLS memory leak in dtls1_buffer_record. A memory leak can occur in the
+     dtls1_buffer_record function under certain conditions. In particular this
+     could occur if an attacker sent repeated DTLS records with the same
+     sequence number but for the next epoch. The memory leak could be exploited
+     by an attacker in a Denial of Service attack through memory exhaustion.
+     Thanks to Chris Mueller for reporting this issue.
+     (CVE-2015-0206)
+     [Matt Caswell]
+
+  *) Fix issue where no-ssl3 configuration sets method to NULL. When openssl is
+     built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl
+     method would be set to NULL which could later result in a NULL pointer
+     dereference. Thanks to Frank Schmirler for reporting this issue.
+     (CVE-2014-3569)
+     [Kurt Roeckx]
+     
+  *) Abort handshake if server key exchange message is omitted for ephemeral
+     ECDH ciphersuites.
+
+     Thanks to Karthikeyan Bhargavan of the PROSECCO team at INRIA for
+     reporting this issue.
+     (CVE-2014-3572)
+     [Steve Henson]
+
+  *) Remove non-export ephemeral RSA code on client and server. This code
+     violated the TLS standard by allowing the use of temporary RSA keys in
+     non-export ciphersuites and could be used by a server to effectively
+     downgrade the RSA key length used to a value smaller than the server
+     certificate. Thanks for Karthikeyan Bhargavan of the PROSECCO team at
+     INRIA or reporting this issue.
+     (CVE-2015-0204)
+     [Steve Henson]
+
+  *) Fixed issue where DH client certificates are accepted without verification.
+     An OpenSSL server will accept a DH certificate for client authentication
+     without the certificate verify message. This effectively allows a client to
+     authenticate without the use of a private key. This only affects servers
+     which trust a client certificate authority which issues certificates
+     containing DH keys: these are extremely rare and hardly ever encountered.
+     Thanks for Karthikeyan Bhargavan of the PROSECCO team at INRIA or reporting
+     this issue.
+     (CVE-2015-0205)
+     [Steve Henson]
+
+   *) Correct Bignum squaring. Bignum squaring (BN_sqr) may produce incorrect
+      results on some platforms, including x86_64. This bug occurs at random
+      with a very low probability, and is not known to be exploitable in any
+      way, though its exact impact is difficult to determine. Thanks to Pieter
+      Wuille (Blockstream) who reported this issue and also suggested an initial
+      fix. Further analysis was conducted by the OpenSSL development team and
+      Adam Langley of Google. The final fix was developed by Andy Polyakov of
+      the OpenSSL core team.
+      (CVE-2014-3570)
+      [Andy Polyakov]
+
+  *) Fix various certificate fingerprint issues.
+
+     By using non-DER or invalid encodings outside the signed portion of a
+     certificate the fingerprint can be changed without breaking the signature.
+     Although no details of the signed portion of the certificate can be changed
+     this can cause problems with some applications: e.g. those using the
+     certificate fingerprint for blacklists.
+
+     1. Reject signatures with non zero unused bits.
+
+     If the BIT STRING containing the signature has non zero unused bits reject
+     the signature. All current signature algorithms require zero unused bits.
+
+     2. Check certificate algorithm consistency.
+
+     Check the AlgorithmIdentifier inside TBS matches the one in the
+     certificate signature. NB: this will result in signature failure
+     errors for some broken certificates.
+
+     Thanks to Konrad Kraszewski from Google for reporting this issue.
+
+     3. Check DSA/ECDSA signatures use DER.
+
+     Reencode DSA/ECDSA signatures and compare with the original received
+     signature. Return an error if there is a mismatch.
+
+     This will reject various cases including garbage after signature
+     (thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS
+     program for discovering this case) and use of BER or invalid ASN.1 INTEGERs
+     (negative or with leading zeroes).
+
+     Further analysis was conducted and fixes were developed by Stephen Henson
+     of the OpenSSL core team.
+
+     (CVE-2014-8275)
+     [Steve Henson]
+
 Changes between 1.0.0n and 1.0.0o [15 Oct 2014]

  *) Session Ticket Memory Leak.
--- a/MacOS/opensslconf.h
+++ b/MacOS/opensslconf.h
@@ -23,7 +23,7 @@
 #if !defined(RC4_INT)
 /* using int types make the structure larger but make the code faster
 * on most boxes I have tested - up to %20 faster. */
-/*
+/*-
 * I don't know what does "most" mean, but declaring "int" is a must on:
 * - Intel P6 because partial register stalls are very expensive;
 * - elder Alpha because it lacks byte load/store instructions;
--- a/19
+++ b/19
@@ -5,6 +5,25 @@
  This file gives a brief overview of the major changes between each OpenSSL
  release. For more details please read the CHANGES file.

+  Major changes between OpenSSL 1.0.0q and OpenSSL 1.0.0r [under development]
+
+      o
+
+  Major changes between OpenSSL 1.0.0p and OpenSSL 1.0.0q [15 Jan 2015]
+
+      o Build fixes for the Windows and OpenVMS platforms
+
+  Major changes between OpenSSL 1.0.0o and OpenSSL 1.0.0p [8 Jan 2015]
+
+      o Fix for CVE-2014-3571
+      o Fix for CVE-2015-0206
+      o Fix for CVE-2014-3569
+      o Fix for CVE-2014-3572
+      o Fix for CVE-2015-0204
+      o Fix for CVE-2015-0205
+      o Fix for CVE-2014-8275
+      o Fix for CVE-2014-3570
+
  Major changes between OpenSSL 1.0.0n and OpenSSL 1.0.0o [15 Oct 2014]

      o Fix for CVE-2014-3513
--- a/2
+++ b/2
@@ -1,5 +1,5 @@

- OpenSSL 1.0.0o 15 Oct 2014
+ OpenSSL 1.0.0r-dev

 Copyright (c) 1998-2011 The OpenSSL Project
 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -110,10 +110,12 @@
 */

 #if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS)
-#define _POSIX_C_SOURCE 2	/* On VMS, you need to define this to get
-				   the declaration of fileno().  The value
-				   2 is to make sure no function defined
-				   in POSIX-2 is left undefined. */
+/* On VMS, you need to define this to get
+ * the declaration of fileno().  The value
+ * 2 is to make sure no function defined
+ * in POSIX-2 is left undefined.
+ */
+#define _POSIX_C_SOURCE 2
 #endif
 #include <stdio.h>
 #include <stdlib.h>
--- a/apps/asn1pars.c
+++ b/apps/asn1pars.c
@@ -69,7 +69,8 @@
 #include <openssl/x509.h>
 #include <openssl/pem.h>

-/* -inform arg	- input format - default PEM (DER or PEM)
+/*-
+ * -inform arg	- input format - default PEM (DER or PEM)
 * -in arg	- input file - default stdin
 * -i		- indent the details by depth
 * -offset	- where in the file to start
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -635,7 +635,7 @@ bad:
 			oid_bio=BIO_new_file(p,"r");
 			if (oid_bio == NULL) 
 				{
-				/*
+				/*-
 				BIO_printf(bio_err,"problems opening %s for extra oid's\n",p);
 				ERR_print_errors(bio_err);
 				*/
@@ -1474,7 +1474,8 @@ bad:
 			}

 		
-		if (crlnumberfile != NULL)	/* we have a CRL number that need updating */
+		/* we have a CRL number that need updating */
+		if (crlnumberfile != NULL)
 			if (!save_serial(crlnumberfile,"new",crlnumber,NULL)) goto err;

 		if (crlnumber)
@@ -2781,7 +2782,8 @@ char *make_revocation_str(int rev_type, char *rev_arg)
 	return str;
 	}

-/* Convert revocation field to X509_REVOKED entry 
+/*-
+ * Convert revocation field to X509_REVOKED entry 
 * return code:
 * 0 error
 * 1 OK
--- a/apps/ciphers.c
+++ b/apps/ciphers.c
@@ -197,11 +197,20 @@ int MAIN(int argc, char **argv)
 				int id3 = (int)(id & 0xffL);
 				
 				if ((id & 0xff000000L) == 0x02000000L)
-					BIO_printf(STDout, "     0x%02X,0x%02X,0x%02X - ", id1, id2, id3); /* SSL2 cipher */
+					{
+					/* SSL2 cipher */
+					BIO_printf(STDout, "     0x%02X,0x%02X,0x%02X - ", id1, id2, id3);
+					}
 				else if ((id & 0xff000000L) == 0x03000000L)
-					BIO_printf(STDout, "          0x%02X,0x%02X - ", id2, id3); /* SSL3 cipher */
+					{
+					/* SSL3 cipher */
+					BIO_printf(STDout, "          0x%02X,0x%02X - ", id2, id3);
+					}
 				else
-					BIO_printf(STDout, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); /* whatever */
+					{
+					/* whatever */
+					BIO_printf(STDout, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3);
+					}
 				}

 			BIO_puts(STDout,SSL_CIPHER_description(c,buf,sizeof buf));
--- a/apps/crl2p7.c
+++ b/apps/crl2p7.c
@@ -75,7 +75,8 @@ static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile);
 #undef PROG
 #define PROG	crl2pkcs7_main

-/* -inform arg	- input format - default PEM (DER or PEM)
+/*-
+ * -inform arg	- input format - default PEM (DER or PEM)
 * -outform arg - output format - default PEM
 * -in arg	- input file - default stdin
 * -out arg	- output file - default stdout
@@ -288,7 +289,7 @@ end:
 	OPENSSL_EXIT(ret);
 	}

-/*
+/*-
 *----------------------------------------------------------------------
 * int add_certs_from_file
 *
--- a/apps/dh.c
+++ b/apps/dh.c
@@ -74,7 +74,8 @@
 #undef PROG
 #define PROG	dh_main

-/* -inform arg	- input format - default PEM (DER or PEM)
+/*-
+ * -inform arg	- input format - default PEM (DER or PEM)
 * -outform arg - output format - default PEM
 * -in arg	- input file - default stdin
 * -out arg	- output file - default stdout
--- a/apps/dhparam.c
+++ b/apps/dhparam.c
@@ -132,7 +132,8 @@

 #define DEFBITS	512

-/* -inform arg	- input format - default PEM (DER or PEM)
+/*-
+ * -inform arg	- input format - default PEM (DER or PEM)
 * -outform arg - output format - default PEM
 * -in arg	- input file - default stdin
 * -out arg	- output file - default stdout
--- a/apps/dsa.c
+++ b/apps/dsa.c
@@ -74,7 +74,8 @@
 #undef PROG
 #define PROG	dsa_main

-/* -inform arg	- input format - default PEM (one of DER, NET or PEM)
+/*-
+ * -inform arg	- input format - default PEM (one of DER, NET or PEM)
 * -outform arg - output format - default PEM
 * -in arg	- input file - default stdin
 * -out arg	- output file - default stdout
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -80,7 +80,8 @@
 #undef PROG
 #define PROG	dsaparam_main

-/* -inform arg	- input format - default PEM (DER or PEM)
+/*-
+ * -inform arg	- input format - default PEM (DER or PEM)
 * -outform arg - output format - default PEM
 * -in arg	- input file - default stdin
 * -out arg	- output file - default stdout
--- a/apps/ec.c
+++ b/apps/ec.c
@@ -70,7 +70,8 @@
 #undef PROG
 #define PROG	ec_main

-/* -inform arg    - input format - default PEM (one of DER, NET or PEM)
+/*-
+ * -inform arg    - input format - default PEM (one of DER, NET or PEM)
 * -outform arg   - output format - default PEM
 * -in arg        - input file - default stdin
 * -out arg       - output file - default stdout
--- a/apps/ecparam.c
+++ b/apps/ecparam.c
@@ -87,7 +87,8 @@
 #undef PROG
 #define PROG	ecparam_main

-/* -inform arg      - input format - default PEM (DER or PEM)
+/*-
+ * -inform arg      - input format - default PEM (DER or PEM)
 * -outform arg     - output format - default PEM
 * -in  arg         - input file  - default stdin
 * -out arg         - output file - default stdout
--- a/apps/gendh.c
+++ b/apps/gendh.c
@@ -121,7 +121,7 @@ int MAIN(int argc, char **argv)
 			}
 		else if (strcmp(*argv,"-2") == 0)
 			g=2;
-	/*	else if (strcmp(*argv,"-3") == 0)
+	/*-	else if (strcmp(*argv,"-3") == 0)
 			g=3; */
 		else if (strcmp(*argv,"-5") == 0)
 			g=5;
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -583,51 +583,52 @@ int MAIN(int argc, char **argv)
 		BIO_printf (bio_err, "OCSP utility\n");
 		BIO_printf (bio_err, "Usage ocsp [options]\n");
 		BIO_printf (bio_err, "where options are\n");
-		BIO_printf (bio_err, "-out file          output filename\n");
-		BIO_printf (bio_err, "-issuer file       issuer certificate\n");
-		BIO_printf (bio_err, "-cert file         certificate to check\n");
-		BIO_printf (bio_err, "-serial n          serial number to check\n");
-		BIO_printf (bio_err, "-signer file       certificate to sign OCSP request with\n");
-		BIO_printf (bio_err, "-signkey file      private key to sign OCSP request with\n");
-		BIO_printf (bio_err, "-sign_other file   additional certificates to include in signed request\n");
-		BIO_printf (bio_err, "-no_certs          don't include any certificates in signed request\n");
-		BIO_printf (bio_err, "-req_text          print text form of request\n");
-		BIO_printf (bio_err, "-resp_text         print text form of response\n");
-		BIO_printf (bio_err, "-text              print text form of request and response\n");
-		BIO_printf (bio_err, "-reqout file       write DER encoded OCSP request to \"file\"\n");
-		BIO_printf (bio_err, "-respout file      write DER encoded OCSP reponse to \"file\"\n");
-		BIO_printf (bio_err, "-reqin file        read DER encoded OCSP request from \"file\"\n");
-		BIO_printf (bio_err, "-respin file       read DER encoded OCSP reponse from \"file\"\n");
-		BIO_printf (bio_err, "-nonce             add OCSP nonce to request\n");
-		BIO_printf (bio_err, "-no_nonce          don't add OCSP nonce to request\n");
-		BIO_printf (bio_err, "-url URL           OCSP responder URL\n");
-		BIO_printf (bio_err, "-host host:n       send OCSP request to host on port n\n");
-		BIO_printf (bio_err, "-path              path to use in OCSP request\n");
-		BIO_printf (bio_err, "-CApath dir        trusted certificates directory\n");
-		BIO_printf (bio_err, "-CAfile file       trusted certificates file\n");
-		BIO_printf (bio_err, "-VAfile file       validator certificates file\n");
-		BIO_printf (bio_err, "-validity_period n maximum validity discrepancy in seconds\n");
-		BIO_printf (bio_err, "-status_age n      maximum status age in seconds\n");
-		BIO_printf (bio_err, "-noverify          don't verify response at all\n");
-		BIO_printf (bio_err, "-verify_other file additional certificates to search for signer\n");
-		BIO_printf (bio_err, "-trust_other       don't verify additional certificates\n");
-		BIO_printf (bio_err, "-no_intern         don't search certificates contained in response for signer\n");
+		BIO_printf (bio_err, "-out file            output filename\n");
+		BIO_printf (bio_err, "-issuer file         issuer certificate\n");
+		BIO_printf (bio_err, "-cert file           certificate to check\n");
+		BIO_printf (bio_err, "-serial n            serial number to check\n");
+		BIO_printf (bio_err, "-signer file         certificate to sign OCSP request with\n");
+		BIO_printf (bio_err, "-signkey file        private key to sign OCSP request with\n");
+		BIO_printf (bio_err, "-sign_other file     additional certificates to include in signed request\n");
+		BIO_printf (bio_err, "-no_certs            don't include any certificates in signed request\n");
+		BIO_printf (bio_err, "-req_text            print text form of request\n");
+		BIO_printf (bio_err, "-resp_text           print text form of response\n");
+		BIO_printf (bio_err, "-text                print text form of request and response\n");
+		BIO_printf (bio_err, "-reqout file         write DER encoded OCSP request to \"file\"\n");
+		BIO_printf (bio_err, "-respout file        write DER encoded OCSP reponse to \"file\"\n");
+		BIO_printf (bio_err, "-reqin file          read DER encoded OCSP request from \"file\"\n");
+		BIO_printf (bio_err, "-respin file         read DER encoded OCSP reponse from \"file\"\n");
+		BIO_printf (bio_err, "-nonce               add OCSP nonce to request\n");
+		BIO_printf (bio_err, "-no_nonce            don't add OCSP nonce to request\n");
+		BIO_printf (bio_err, "-url URL             OCSP responder URL\n");
+		BIO_printf (bio_err, "-host host:n         send OCSP request to host on port n\n");
+		BIO_printf (bio_err, "-path                path to use in OCSP request\n");
+		BIO_printf (bio_err, "-CApath dir          trusted certificates directory\n");
+		BIO_printf (bio_err, "-CAfile file         trusted certificates file\n");
+		BIO_printf (bio_err, "-VAfile file         validator certificates file\n");
+		BIO_printf (bio_err, "-validity_period n   maximum validity discrepancy in seconds\n");
+		BIO_printf (bio_err, "-status_age n        maximum status age in seconds\n");
+		BIO_printf (bio_err, "-noverify            don't verify response at all\n");
+		BIO_printf (bio_err, "-verify_other file   additional certificates to search for signer\n");
+		BIO_printf (bio_err, "-trust_other         don't verify additional certificates\n");
+		BIO_printf (bio_err, "-no_intern           don't search certificates contained in response for signer\n");
 		BIO_printf (bio_err, "-no_signature_verify don't check signature on response\n");
-		BIO_printf (bio_err, "-no_cert_verify    don't check signing certificate\n");
-		BIO_printf (bio_err, "-no_chain          don't chain verify response\n");
-		BIO_printf (bio_err, "-no_cert_checks    don't do additional checks on signing certificate\n");
-		BIO_printf (bio_err, "-port num		 port to run responder on\n");
-		BIO_printf (bio_err, "-index file	 certificate status index file\n");
-		BIO_printf (bio_err, "-CA file		 CA certificate\n");
-		BIO_printf (bio_err, "-rsigner file	 responder certificate to sign responses with\n");
-		BIO_printf (bio_err, "-rkey file	 responder key to sign responses with\n");
-		BIO_printf (bio_err, "-rother file	 other certificates to include in response\n");
-		BIO_printf (bio_err, "-resp_no_certs     don't include any certificates in response\n");
-		BIO_printf (bio_err, "-nmin n	 	 number of minutes before next update\n");
-		BIO_printf (bio_err, "-ndays n	 	 number of days before next update\n");
-		BIO_printf (bio_err, "-resp_key_id       identify reponse by signing certificate key ID\n");
-		BIO_printf (bio_err, "-nrequest n        number of requests to accept (default unlimited)\n");
-		BIO_printf (bio_err, "-<dgst alg>     use specified digest in the request\n");
+		BIO_printf (bio_err, "-no_cert_verify      don't check signing certificate\n");
+		BIO_printf (bio_err, "-no_chain            don't chain verify response\n");
+		BIO_printf (bio_err, "-no_cert_checks      don't do additional checks on signing certificate\n");
+		BIO_printf (bio_err, "-port num            port to run responder on\n");
+		BIO_printf (bio_err, "-index file          certificate status index file\n");
+		BIO_printf (bio_err, "-CA file             CA certificate\n");
+		BIO_printf (bio_err, "-rsigner file        responder certificate to sign responses with\n");
+		BIO_printf (bio_err, "-rkey file           responder key to sign responses with\n");
+		BIO_printf (bio_err, "-rother file         other certificates to include in response\n");
+		BIO_printf (bio_err, "-resp_no_certs       don't include any certificates in response\n");
+		BIO_printf (bio_err, "-nmin n              number of minutes before next update\n");
+		BIO_printf (bio_err, "-ndays n             number of days before next update\n");
+		BIO_printf (bio_err, "-resp_key_id         identify reponse by signing certificate key ID\n");
+		BIO_printf (bio_err, "-nrequest n          number of requests to accept (default unlimited)\n");
+		BIO_printf (bio_err, "-<dgst alg>          use specified digest in the request\n");
+		BIO_printf (bio_err, "-timeout n           timeout connection to OCSP responder after n seconds\n");
 		goto end;
 		}

--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -234,7 +234,8 @@ int main(int Argc, char *ARGV[])
 	long errline;

 #if defined( OPENSSL_SYS_VMS) && (__INITIAL_POINTER_SIZE == 64)
-	/* 2011-03-22 SMS.
+	/*- 
+	 * 2011-03-22 SMS.
 	 * If we have 32-bit pointers everywhere, then we're safe, and
 	 * we bypass this mess, as on non-VMS systems.  (See ARGV,
 	 * above.)
--- a/apps/passwd.c
+++ b/apps/passwd.c
@@ -43,7 +43,8 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
 	char *passwd, BIO *out, int quiet, int table, int reverse,
 	size_t pw_maxlen, int usecrypt, int use1, int useapr1);

-/* -crypt        - standard Unix password algorithm (default)
+/*-
+ * -crypt        - standard Unix password algorithm (default)
 * -1            - MD5-based password algorithm
 * -apr1         - MD5-based password algorithm, Apache variant
 * -salt string  - salt
@@ -309,7 +310,8 @@ err:
 */
 static char *md5crypt(const char *passwd, const char *magic, const char *salt)
 	{
-	static char out_buf[6 + 9 + 24 + 2]; /* "$apr1$..salt..$.......md5hash..........\0" */
+	/* "$apr1$..salt..$.......md5hash..........\0" */
+	static char out_buf[6 + 9 + 24 + 2];
 	unsigned char buf[MD5_DIGEST_LENGTH];
 	char *salt_out;
 	int n;
--- a/apps/pkcs7.c
+++ b/apps/pkcs7.c
@@ -71,7 +71,8 @@
 #undef PROG
 #define PROG	pkcs7_main

-/* -inform arg	- input format - default PEM (DER or PEM)
+/*-
+ * -inform arg	- input format - default PEM (DER or PEM)
 * -outform arg - output format - default PEM
 * -in arg	- input file - default stdin
 * -out arg	- output file - default stdout
--- a/apps/rand.c
+++ b/apps/rand.c
@@ -66,7 +66,8 @@
 #undef PROG
 #define PROG rand_main

-/* -out file         - write to file
+/*-
+ * -out file         - write to file
 * -rand file:file   - PRNG seed files
 * -base64           - base64 encode output
 * -hex              - hex encode output
--- a/apps/req.c
+++ b/apps/req.c
@@ -105,7 +105,8 @@
 #undef PROG
 #define PROG	req_main

-/* -inform arg	- input format - default PEM (DER or PEM)
+/*-
+ * -inform arg	- input format - default PEM (DER or PEM)
 * -outform arg - output format - default PEM
 * -in arg	- input file - default stdin
 * -out arg	- output file - default stdout
@@ -502,7 +503,7 @@ bad:
 			oid_bio=BIO_new_file(p,"r");
 			if (oid_bio == NULL) 
 				{
-				/*
+				/*-
 				BIO_printf(bio_err,"problems opening %s for extra oid's\n",p);
 				ERR_print_errors(bio_err);
 				*/
--- a/apps/rsa.c
+++ b/apps/rsa.c
@@ -74,7 +74,8 @@
 #undef PROG
 #define PROG	rsa_main

-/* -inform arg	- input format - default PEM (one of DER, NET or PEM)
+/*-
+ * -inform arg	- input format - default PEM (one of DER, NET or PEM)
 * -outform arg - output format - default PEM
 * -in arg	- input file - default stdin
 * -out arg	- output file - default stdout
--- a/apps/s_apps.h
+++ b/apps/s_apps.h
@@ -108,7 +108,8 @@
 * Hudson (tjh@cryptsoft.com).
 *
 */
-#if !defined(OPENSSL_SYS_NETWARE)  /* conflicts with winsock2 stuff on netware */
+/* conflicts with winsock2 stuff on netware */
+#if !defined(OPENSSL_SYS_NETWARE)
 #include <sys/types.h>
 #endif
 #include <openssl/opensslconf.h>
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -199,7 +199,7 @@ int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file)
 	{
 	if (cert_file != NULL)
 		{
-		/*
+		/*-
 		SSL *ssl;
 		X509 *x509;
 		*/
@@ -220,7 +220,7 @@ int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file)
 			return(0);
 			}

-		/*
+		/*-
 		In theory this is no longer needed 
 		ssl=SSL_new(ctx);
 		x509=SSL_get_certificate(ssl);
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -182,7 +182,8 @@ typedef unsigned int u_int;
 /*#define SSL_HOST_NAME	"193.118.187.102" */
 #define SSL_HOST_NAME	"localhost"

-/*#define TEST_CERT "client.pem" */ /* no default cert. */
+/* no default cert. */
+/*#define TEST_CERT "client.pem" */

 #undef BUFSIZZ
 #define BUFSIZZ 1024*8
@@ -1018,10 +1019,22 @@ re_start:
 			BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
 			}

-		if (socket_mtu > 28)
+		if (socket_mtu)
 			{
+			if(socket_mtu < DTLS_get_link_min_mtu(con))
+				{
+				BIO_printf(bio_err,"MTU too small. Must be at least %ld\n",
+					DTLS_get_link_min_mtu(con));
+				BIO_free(sbio);
+				goto shut;
+				}
 			SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
-			SSL_set_mtu(con, socket_mtu - 28);
+			if(!DTLS_set_link_mtu(con, socket_mtu))
+				{
+				BIO_printf(bio_err, "Failed to set MTU\n");
+				BIO_free(sbio);
+				goto shut;
+				}
 			}
 		else
 			/* want to do MTU discovery */
@@ -1291,7 +1304,7 @@ SSL_set_tlsext_status_ids(con, ids);
 					openssl_fdset(SSL_get_fd(con),&writefds);
 			}
 #endif
-/*			printf("mode tty(%d %d%d) ssl(%d%d)\n",
+/*-			printf("mode tty(%d %d%d) ssl(%d%d)\n",
 				tty_on,read_tty,write_tty,read_ssl,write_ssl);*/

 			/* Note: under VMS with SOCKETSHR the second parameter
@@ -1666,7 +1679,9 @@ static void print_stuff(BIO *bio, SSL *s, int full)
 		if (peer != NULL)
 			{
 			BIO_printf(bio,"Server certificate\n");
-			if (!(c_showcerts && got_a_chain)) /* Redundant if we showed the whole chain */
+
+			/* Redundant if we showed the whole chain */
+			if (!(c_showcerts && got_a_chain))
 				PEM_write_bio_X509(bio,peer);
 			X509_NAME_oneline(X509_get_subject_name(peer),
 				buf,sizeof buf);
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -157,7 +157,8 @@
 #define APPS_WIN16
 #endif

-#if !defined(OPENSSL_SYS_NETWARE)  /* conflicts with winsock2 stuff on netware */
+/* conflicts with winsock2 stuff on netware */
+#if !defined(OPENSSL_SYS_NETWARE)
 #include <sys/types.h>
 #endif

@@ -1856,10 +1857,24 @@ static int sv_body(char *hostname, int s, unsigned char *context)
 			BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
 			}

-		if (socket_mtu > 28)
+		if (socket_mtu)
 			{
+			if(socket_mtu < DTLS_get_link_min_mtu(con))
+				{
+				BIO_printf(bio_err,"MTU too small. Must be at least %ld\n",
+					DTLS_get_link_min_mtu(con));
+				ret = -1;
+				BIO_free(sbio);
+				goto err;
+				}
 			SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
-			SSL_set_mtu(con, socket_mtu - 28);
+			if(!DTLS_set_link_mtu(con, socket_mtu))
+				{
+				BIO_printf(bio_err, "Failed to set MTU\n");
+				ret = -1;
+				BIO_free(sbio);
+				goto err;
+				}
 			}
 		else
 			/* want to do MTU discovery */
--- a/apps/s_socket.c
+++ b/apps/s_socket.c
@@ -421,7 +421,7 @@ redoit:
 		return(0);
 		}

-/*
+/*-
 	ling.l_onoff=1;
 	ling.l_linger=0;
 	i=setsockopt(ret,SOL_SOCKET,SO_LINGER,(char *)&ling,sizeof(ling));
--- a/apps/s_time.c
+++ b/apps/s_time.c
@@ -93,7 +93,8 @@

 #define SSL_CONNECT_NAME	"localhost:4433"

-/*#define TEST_CERT "client.pem" */ /* no default cert. */
+/* no default cert. */
+/*#define TEST_CERT "client.pem" */

 #undef BUFSIZZ
 #define BUFSIZZ 1024*10
@@ -556,7 +557,7 @@ end:
 	OPENSSL_EXIT(ret);
 	}

-/***********************************************************************
+/*-
 * doConnection - make a connection
 * Args:
 *		scon	= earlier ssl connection for session id, or NULL
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -394,27 +394,27 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_CAST
 	CAST_KEY cast_ks;
 #endif
-	static const unsigned char key16[16]=
-		{0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
+	static const unsigned char key16[16]= {
+		0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
 		 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
 #ifndef OPENSSL_NO_AES
-	static const unsigned char key24[24]=
-		{0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
+	static const unsigned char key24[24]= {
+		 0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
 		 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,
 		 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
-	static const unsigned char key32[32]=
-		{0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
+	static const unsigned char key32[32]= {
+		 0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
 		 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,
 		 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,
 		 0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,0x56};
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
-	static const unsigned char ckey24[24]=
-		{0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
+	static const unsigned char ckey24[24]= {
+		 0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
 		 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,
 		 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
-	static const unsigned char ckey32[32]=
-		{0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
+	static const unsigned char ckey32[32]= {
+		 0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
 		 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,
 		 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,
 		 0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,0x56};
@@ -427,9 +427,9 @@ int MAIN(int argc, char **argv)
 	unsigned char DES_iv[8];
 	unsigned char iv[2*MAX_BLOCK_SIZE/8];
 #ifndef OPENSSL_NO_DES
-	static DES_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
-	static DES_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
-	static DES_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
+	static DES_cblock key = { 0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0 };
+	static DES_cblock key2= { 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12 };
+	static DES_cblock key3= { 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34 };
 	DES_key_schedule sch;
 	DES_key_schedule sch2;
 	DES_key_schedule sch3;
@@ -499,9 +499,10 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_RSA
 	RSA *rsa_key[RSA_NUM];
 	long rsa_c[RSA_NUM][2];
-	static unsigned int rsa_bits[RSA_NUM]={512,1024,2048,4096};
-	static unsigned char *rsa_data[RSA_NUM]=
-		{test512,test1024,test2048,test4096};
+	static unsigned int rsa_bits[RSA_NUM]={
+		512,1024,2048,4096};
+	static unsigned char *rsa_data[RSA_NUM]={
+		test512,test1024,test2048,test4096};
 	static int rsa_data_length[RSA_NUM]={
 		sizeof(test512),sizeof(test1024),
 		sizeof(test2048),sizeof(test4096)};
@@ -1056,13 +1057,15 @@ int MAIN(int argc, char **argv)
 			BIO_printf(bio_err,"dsa512   dsa1024  dsa2048\n");
 #endif
 #ifndef OPENSSL_NO_ECDSA
-			BIO_printf(bio_err,"ecdsap160 ecdsap192 ecdsap224 ecdsap256 ecdsap384 ecdsap521\n");
+			BIO_printf(bio_err,"ecdsap160 ecdsap192 ecdsap224 "
+				"ecdsap256 ecdsap384 ecdsap521\n");
 			BIO_printf(bio_err,"ecdsak163 ecdsak233 ecdsak283 ecdsak409 ecdsak571\n");
 			BIO_printf(bio_err,"ecdsab163 ecdsab233 ecdsab283 ecdsab409 ecdsab571\n");
 			BIO_printf(bio_err,"ecdsa\n");
 #endif
 #ifndef OPENSSL_NO_ECDH
-			BIO_printf(bio_err,"ecdhp160  ecdhp192  ecdhp224  ecdhp256  ecdhp384  ecdhp521\n");
+			BIO_printf(bio_err,"ecdhp160  ecdhp192  ecdhp224 "
+				"ecdhp256  ecdhp384  ecdhp521\n");
 			BIO_printf(bio_err,"ecdhk163  ecdhk233  ecdhk283  ecdhk409  ecdhk571\n");
 			BIO_printf(bio_err,"ecdhb163  ecdhb233  ecdhb283  ecdhb409  ecdhb571\n");
 			BIO_printf(bio_err,"ecdh\n");
@@ -1102,16 +1105,27 @@ int MAIN(int argc, char **argv)
 			BIO_printf(bio_err,"\n");
 			BIO_printf(bio_err,"Available options:\n");
 #if defined(TIMES) || defined(USE_TOD)
-			BIO_printf(bio_err,"-elapsed        measure time in real time instead of CPU user time.\n");
+			BIO_printf(bio_err,"-elapsed        "
+				"measure time in real time instead of CPU user time.\n");
 #endif
 #ifndef OPENSSL_NO_ENGINE
-			BIO_printf(bio_err,"-engine e       use engine e, possibly a hardware device.\n");
+			BIO_printf(bio_err,
+				"-engine e       "
+				"use engine e, possibly a hardware device.\n");
 #endif
-			BIO_printf(bio_err,"-evp e          use EVP e.\n");
-			BIO_printf(bio_err,"-decrypt        time decryption instead of encryption (only EVP).\n");
-			BIO_printf(bio_err,"-mr             produce machine readable output.\n");
+			BIO_printf(bio_err,
+				"-evp e          "
+				"use EVP e.\n");
+			BIO_printf(bio_err,
+				"-decrypt        "
+				"time decryption instead of encryption (only EVP).\n");
+			BIO_printf(bio_err,
+				"-mr             "
+				"produce machine readable output.\n");
 #ifndef NO_FORK
-			BIO_printf(bio_err,"-multi n        run n benchmarks in parallel.\n");
+			BIO_printf(bio_err,
+				"-multi n        "
+				"run n benchmarks in parallel.\n");
 #endif
 			goto end;
 			}
@@ -1149,7 +1163,9 @@ int MAIN(int argc, char **argv)
 		if (doit[i]) pr_header++;

 	if (usertime == 0 && !mr)
-		BIO_printf(bio_err,"You have chosen to measure elapsed time instead of user CPU time.\n");
+		BIO_printf(bio_err,
+			"You have chosen to measure elapsed time "
+			"instead of user CPU time.\n");

 #ifndef OPENSSL_NO_RSA
 	for (i=0; i<RSA_NUM; i++)
@@ -1166,7 +1182,8 @@ int MAIN(int argc, char **argv)
 #if 0
 		else
 			{
-			BIO_printf(bio_err,mr ? "+RK:%d:"
+			BIO_printf(bio_err,
+				   mr ? "+RK:%d:"
 				   : "Loaded RSA key, %d bit modulus and e= 0x",
 				   BN_num_bits(rsa_key[i]->n));
 			BN_print(bio_err,rsa_key[i]->e);
@@ -1969,7 +1986,7 @@ int MAIN(int argc, char **argv)
 			pkey_print_message("private","rsa",
 				rsa_c[j][0],rsa_bits[j],
 				RSA_SECONDS);
-/*			RSA_blinding_on(rsa_key[j],NULL); */
+			/* RSA_blinding_on(rsa_key[j],NULL); */
 			Time_F(START);
 			for (count=0,run=1; COND(rsa_c[j][0]); count++)
 				{
@@ -1985,7 +2002,8 @@ int MAIN(int argc, char **argv)
 					}
 				}
 			d=Time_F(STOP);
-			BIO_printf(bio_err,mr ? "+R1:%ld:%d:%.2f\n"
+			BIO_printf(bio_err,
+				   mr ? "+R1:%ld:%d:%.2f\n"
 				   : "%ld %d bit private RSA's in %.2fs\n",
 				   count,rsa_bits[j],d);
 			rsa_results[j][0]=d/(double)count;
@@ -2020,7 +2038,8 @@ int MAIN(int argc, char **argv)
 					}
 				}
 			d=Time_F(STOP);
-			BIO_printf(bio_err,mr ? "+R2:%ld:%d:%.2f\n"
+			BIO_printf(bio_err,
+				   mr ? "+R2:%ld:%d:%.2f\n"
 				   : "%ld %d bit public RSA's in %.2fs\n",
 				   count,rsa_bits[j],d);
 			rsa_results[j][1]=d/(double)count;
@@ -2049,8 +2068,9 @@ int MAIN(int argc, char **argv)
 		int ret;

 		if (!dsa_doit[j]) continue;
-/*		DSA_generate_key(dsa_key[j]); */
-/*		DSA_sign_setup(dsa_key[j],NULL); */
+
+		/* DSA_generate_key(dsa_key[j]); */
+		/* DSA_sign_setup(dsa_key[j],NULL); */
 		ret=DSA_sign(EVP_PKEY_DSA,buf,20,buf2,
 			&kk,dsa_key[j]);
 		if (ret == 0)
@@ -2079,7 +2099,8 @@ int MAIN(int argc, char **argv)
 					}
 				}
 			d=Time_F(STOP);
-			BIO_printf(bio_err,mr ? "+R3:%ld:%d:%.2f\n"
+			BIO_printf(bio_err,
+				   mr ? "+R3:%ld:%d:%.2f\n"
 				   : "%ld %d bit DSA signs in %.2fs\n",
 				   count,dsa_bits[j],d);
 			dsa_results[j][0]=d/(double)count;
@@ -2114,7 +2135,8 @@ int MAIN(int argc, char **argv)
 					}
 				}
 			d=Time_F(STOP);
-			BIO_printf(bio_err,mr ? "+R4:%ld:%d:%.2f\n"
+			BIO_printf(bio_err,
+				   mr ? "+R4:%ld:%d:%.2f\n"
 				   : "%ld %d bit DSA verify in %.2fs\n",
 				   count,dsa_bits[j],d);
 			dsa_results[j][1]=d/(double)count;
@@ -2187,7 +2209,8 @@ int MAIN(int argc, char **argv)
 					}
 				d=Time_F(STOP);

-				BIO_printf(bio_err, mr ? "+R5:%ld:%d:%.2f\n" :
+				BIO_printf(bio_err,
+					mr ? "+R5:%ld:%d:%.2f\n" :
 					"%ld %d bit ECDSA signs in %.2fs \n", 
 					count, test_curves_bits[j], d);
 				ecdsa_results[j][0]=d/(double)count;
@@ -2222,7 +2245,8 @@ int MAIN(int argc, char **argv)
 						}
 					}
 				d=Time_F(STOP);
-				BIO_printf(bio_err, mr? "+R6:%ld:%d:%.2f\n"
+				BIO_printf(bio_err,
+						mr ? "+R6:%ld:%d:%.2f\n"
 						: "%ld %d bit ECDSA verify in %.2fs\n",
 				count, test_curves_bits[j], d);
 				ecdsa_results[j][1]=d/(double)count;
@@ -2268,8 +2292,10 @@ int MAIN(int argc, char **argv)
 				}
 			else
 				{
-				/* If field size is not more than 24 octets, then use SHA-1 hash of result;
-				 * otherwise, use result (see section 4.8 of draft-ietf-tls-ecc-03.txt).
+				/* If field size is not more than 24 octets,
+				 * then use SHA-1 hash of result; otherwise,
+				 * use result (see section 4.8 of
+				 * draft-ietf-tls-ecc-03.txt).
 				 */
 				int field_size, outlen;
 				void *(*kdf)(const void *in, size_t inlen, void *out, size_t *xoutlen);
@@ -2284,10 +2310,12 @@ int MAIN(int argc, char **argv)
 					outlen = (field_size+7)/8;
 					kdf = NULL;
 					}
-				secret_size_a = ECDH_compute_key(secret_a, outlen,
+				secret_size_a =
+					ECDH_compute_key(secret_a, outlen,
 					EC_KEY_get0_public_key(ecdh_b[j]),
 					ecdh_a[j], kdf);
-				secret_size_b = ECDH_compute_key(secret_b, outlen,
+				secret_size_b =
+					ECDH_compute_key(secret_b, outlen,
 					EC_KEY_get0_public_key(ecdh_a[j]),
 					ecdh_b[j], kdf);
 				if (secret_size_a != secret_size_b) 
@@ -2323,7 +2351,8 @@ int MAIN(int argc, char **argv)
 					ecdh_a[j], kdf);
 					}
 				d=Time_F(STOP);
-				BIO_printf(bio_err, mr ? "+R7:%ld:%d:%.2f\n" :"%ld %d-bit ECDH ops in %.2fs\n",
+				BIO_printf(bio_err,
+					mr ? "+R7:%ld:%d:%.2f\n" :"%ld %d-bit ECDH ops in %.2fs\n",
 				count, test_curves_bits[j], d);
 				ecdh_results[j][0]=d/(double)count;
 				rsa_count=count;
@@ -2527,12 +2556,14 @@ end:
 static void print_message(const char *s, long num, int length)
 	{
 #ifdef SIGALRM
-	BIO_printf(bio_err,mr ? "+DT:%s:%d:%d\n"
+	BIO_printf(bio_err,
+		   mr ? "+DT:%s:%d:%d\n"
 		   : "Doing %s for %ds on %d size blocks: ",s,SECONDS,length);
 	(void)BIO_flush(bio_err);
 	alarm(SECONDS);
 #else
-	BIO_printf(bio_err,mr ? "+DN:%s:%ld:%d\n"
+	BIO_printf(bio_err,
+		   mr ? "+DN:%s:%ld:%d\n"
 		   : "Doing %s %ld times on %d size blocks: ",s,num,length);
 	(void)BIO_flush(bio_err);
 #endif
@@ -2545,12 +2576,14 @@ static void pkey_print_message(const char *str, const char *str2, long num,
 	int bits, int tm)
 	{
 #ifdef SIGALRM
-	BIO_printf(bio_err,mr ? "+DTP:%d:%s:%s:%d\n"
+	BIO_printf(bio_err,
+			   mr ? "+DTP:%d:%s:%s:%d\n"
 			   : "Doing %d bit %s %s's for %ds: ",bits,str,str2,tm);
 	(void)BIO_flush(bio_err);
 	alarm(RSA_SECONDS);
 #else
-	BIO_printf(bio_err,mr ? "+DNP:%ld:%d:%s:%s\n"
+	BIO_printf(bio_err,
+			   mr ? "+DNP:%ld:%d:%s:%s\n"
 			   : "Doing %ld %d bit %s %s's: ",num,bits,str,str2);
 	(void)BIO_flush(bio_err);
 #endif
@@ -2561,7 +2594,8 @@ static void pkey_print_message(const char *str, const char *str2, long num,

 static void print_result(int alg,int run_no,int count,double time_used)
 	{
-	BIO_printf(bio_err,mr ? "+R:%d:%s:%f\n"
+	BIO_printf(bio_err,
+		   mr ? "+R:%d:%s:%f\n"
 		   : "%d %s's in %.2fs\n",count,names[alg],time_used);
 	results[alg][run_no]=((double)count)/time_used*lengths[run_no];
 	}
@@ -2678,27 +2712,6 @@ static int do_multi(int multi)
 				k=atoi(sstrsep(&p,sep));
 				sstrsep(&p,sep);

-				d=atof(sstrsep(&p,sep));
-				if(n)
-					rsa_results[k][0]=1/(1/rsa_results[k][0]+1/d);
-				else
-					rsa_results[k][0]=d;
-
-				d=atof(sstrsep(&p,sep));
-				if(n)
-					rsa_results[k][1]=1/(1/rsa_results[k][1]+1/d);
-				else
-					rsa_results[k][1]=d;
-				}
-			else if(!strncmp(buf,"+F2:",4))
-				{
-				int k;
-				double d;
-				
-				p=buf+4;
-				k=atoi(sstrsep(&p,sep));
-				sstrsep(&p,sep);
-
 				d=atof(sstrsep(&p,sep));
 				if(n)
 					rsa_results[k][0]=1/(1/rsa_results[k][0]+1/d);
--- a/apps/spkac.c
+++ b/apps/spkac.c
@@ -73,7 +73,8 @@
 #undef PROG
 #define PROG	spkac_main

-/* -in arg	- input file - default stdin
+/*-
+ * -in arg	- input file - default stdin
 * -out arg	- output file - default stdout
 */

--- a/apps/ts.c
+++ b/apps/ts.c
@@ -1129,7 +1129,7 @@ static X509_STORE *create_cert_store(char *ca_path, char *ca_file)

 static int MS_CALLBACK verify_cb(int ok, X509_STORE_CTX *ctx)
 	{
-	/*
+	/*-
 	char buf[256];

 	if (!ok)
--- a/apps/vms_decc_init.c
+++ b/apps/vms_decc_init.c
@@ -5,7 +5,7 @@

 #ifdef USE_DECC_INIT

-/*
+/*-
 * 2010-04-26 SMS.
 *
 *----------------------------------------------------------------------
--- a/apps/winrand.c
+++ b/apps/winrand.c
@@ -53,7 +53,8 @@
 *
 */

-/* Usage: winrand [filename]
+/*-
+ * Usage: winrand [filename]
 *
 * Collects entropy from mouse movements and other events and writes
 * random data to filename or .rnd
--- a/bugs/alpha.c
+++ b/bugs/alpha.c
@@ -60,7 +60,8 @@
 * something to watch out for.  This was fine on linux/NT/Solaris but not
 * Alpha */

-/* it is basically an example of
+/*-
+ * it is basically an example of
 * func(*(a++),*(a++))
 * which parameter is evaluated first?  It is not defined in ASN1 C.
 */
--- a/bugs/dggccbug.c
+++ b/bugs/dggccbug.c
@@ -14,7 +14,8 @@
 * copies of the valiable, one in a register and one being an address
 * that is passed. */

-/* compare the out put from
+/*-
+ * compare the out put from
 * gcc dggccbug.c; ./a.out
 * and
 * gcc -O dggccbug.c; ./a.out
--- a/bugs/sgiccbug.c
+++ b/bugs/sgiccbug.c
@@ -11,7 +11,8 @@
 * Gage <agage@forgetmenot.Mines.EDU>
 */
 
-/* Compare the output from
+/*-
+ * Compare the output from
 * cc sgiccbug.c; ./a.out
 * and
 * cc -O sgiccbug.c; ./a.out
--- a/bugs/ultrixcc.c
+++ b/bugs/ultrixcc.c
@@ -1,6 +1,7 @@
 #include <stdio.h>

-/* This is a cc optimiser bug for ultrix 4.3, mips CPU.
+/*-
+ * This is a cc optimiser bug for ultrix 4.3, mips CPU.
 * What happens is that the compiler, due to the (a)&7,
 * does
 * i=a&7;
--- a/crypto/LPdir_win.c
+++ b/crypto/LPdir_win.c
@@ -36,7 +36,7 @@
 #if defined(LP_SYS_WINCE) && !defined(FindFirstFile)
 # define FindFirstFile FindFirstFileW
 #endif
-#if defined(LP_SYS_WINCE) && !defined(FindFirstFile)
+#if defined(LP_SYS_WINCE) && !defined(FindNextFile)
 # define FindNextFile FindNextFileW
 #endif

--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -53,12 +53,7 @@ top:
 all: shared

 buildinf.h: ../Makefile
-	( echo "#ifndef MK1MF_BUILD"; \
-	echo '  /* auto-generated by crypto/Makefile for crypto/cversion.c */'; \
-	echo '  #define CFLAGS "$(CC) $(CFLAG)"'; \
-	echo '  #define PLATFORM "$(PLATFORM)"'; \
-	echo "  #define DATE \"`LC_ALL=C LC_TIME=C date`\""; \
-	echo '#endif' ) >buildinf.h
+	$(PERL) $(TOP)/util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)" >buildinf.h

 x86cpuid.s:	x86cpuid.pl perlasm/x86asm.pl
 	$(PERL) x86cpuid.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
--- a/crypto/aes/aes_core.c
+++ b/crypto/aes/aes_core.c
@@ -40,7 +40,7 @@
 #include "aes_locl.h"

 #ifndef AES_ASM
-/*
+/*-
 Te0[x] = S [x].[02, 01, 01, 03];
 Te1[x] = S [x].[03, 02, 01, 01];
 Te2[x] = S [x].[01, 03, 02, 01];
@@ -617,161 +617,163 @@ static const u8 Td4[256] = {
    0xe1U, 0x69U, 0x14U, 0x63U, 0x55U, 0x21U, 0x0cU, 0x7dU,
 };
 static const u32 rcon[] = {
-	0x01000000, 0x02000000, 0x04000000, 0x08000000,
-	0x10000000, 0x20000000, 0x40000000, 0x80000000,
-	0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
+    0x01000000, 0x02000000, 0x04000000, 0x08000000,
+    0x10000000, 0x20000000, 0x40000000, 0x80000000,
+    0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
 };

 /**
 * Expand the cipher key into the encryption key schedule.
 */
 int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
-			AES_KEY *key) {
+                        AES_KEY *key)
+{

-	u32 *rk;
-   	int i = 0;
-	u32 temp;
+    u32 *rk;
+    int i = 0;
+    u32 temp;

-	if (!userKey || !key)
-		return -1;
-	if (bits != 128 && bits != 192 && bits != 256)
-		return -2;
+    if (!userKey || !key)
+        return -1;
+    if (bits != 128 && bits != 192 && bits != 256)
+        return -2;

-	rk = key->rd_key;
+    rk = key->rd_key;

-	if (bits==128)
-		key->rounds = 10;
-	else if (bits==192)
-		key->rounds = 12;
-	else
-		key->rounds = 14;
+    if (bits==128)
+        key->rounds = 10;
+    else if (bits==192)
+        key->rounds = 12;
+    else
+        key->rounds = 14;

-	rk[0] = GETU32(userKey     );
-	rk[1] = GETU32(userKey +  4);
-	rk[2] = GETU32(userKey +  8);
-	rk[3] = GETU32(userKey + 12);
-	if (bits == 128) {
-		while (1) {
-			temp  = rk[3];
-			rk[4] = rk[0] ^
-				(Te2[(temp >> 16) & 0xff] & 0xff000000) ^
-				(Te3[(temp >>  8) & 0xff] & 0x00ff0000) ^
-				(Te0[(temp      ) & 0xff] & 0x0000ff00) ^
-				(Te1[(temp >> 24)       ] & 0x000000ff) ^
-				rcon[i];
-			rk[5] = rk[1] ^ rk[4];
-			rk[6] = rk[2] ^ rk[5];
-			rk[7] = rk[3] ^ rk[6];
-			if (++i == 10) {
-				return 0;
-			}
-			rk += 4;
-		}
-	}
-	rk[4] = GETU32(userKey + 16);
-	rk[5] = GETU32(userKey + 20);
-	if (bits == 192) {
-		while (1) {
-			temp = rk[ 5];
-			rk[ 6] = rk[ 0] ^
-				(Te2[(temp >> 16) & 0xff] & 0xff000000) ^
-				(Te3[(temp >>  8) & 0xff] & 0x00ff0000) ^
-				(Te0[(temp      ) & 0xff] & 0x0000ff00) ^
-				(Te1[(temp >> 24)       ] & 0x000000ff) ^
-				rcon[i];
-			rk[ 7] = rk[ 1] ^ rk[ 6];
-			rk[ 8] = rk[ 2] ^ rk[ 7];
-			rk[ 9] = rk[ 3] ^ rk[ 8];
-			if (++i == 8) {
-				return 0;
-			}
-			rk[10] = rk[ 4] ^ rk[ 9];
-			rk[11] = rk[ 5] ^ rk[10];
-			rk += 6;
-		}
-	}
-	rk[6] = GETU32(userKey + 24);
-	rk[7] = GETU32(userKey + 28);
-	if (bits == 256) {
-		while (1) {
-			temp = rk[ 7];
-			rk[ 8] = rk[ 0] ^
-				(Te2[(temp >> 16) & 0xff] & 0xff000000) ^
-				(Te3[(temp >>  8) & 0xff] & 0x00ff0000) ^
-				(Te0[(temp      ) & 0xff] & 0x0000ff00) ^
-				(Te1[(temp >> 24)       ] & 0x000000ff) ^
-				rcon[i];
-			rk[ 9] = rk[ 1] ^ rk[ 8];
-			rk[10] = rk[ 2] ^ rk[ 9];
-			rk[11] = rk[ 3] ^ rk[10];
-			if (++i == 7) {
-				return 0;
-			}
-			temp = rk[11];
-			rk[12] = rk[ 4] ^
-				(Te2[(temp >> 24)       ] & 0xff000000) ^
-				(Te3[(temp >> 16) & 0xff] & 0x00ff0000) ^
-				(Te0[(temp >>  8) & 0xff] & 0x0000ff00) ^
-				(Te1[(temp      ) & 0xff] & 0x000000ff);
-			rk[13] = rk[ 5] ^ rk[12];
-			rk[14] = rk[ 6] ^ rk[13];
-			rk[15] = rk[ 7] ^ rk[14];
+    rk[0] = GETU32(userKey     );
+    rk[1] = GETU32(userKey +  4);
+    rk[2] = GETU32(userKey +  8);
+    rk[3] = GETU32(userKey + 12);
+    if (bits == 128) {
+        while (1) {
+            temp  = rk[3];
+            rk[4] = rk[0] ^
+                (Te2[(temp >> 16) & 0xff] & 0xff000000) ^
+                (Te3[(temp >>  8) & 0xff] & 0x00ff0000) ^
+                (Te0[(temp      ) & 0xff] & 0x0000ff00) ^
+                (Te1[(temp >> 24)       ] & 0x000000ff) ^
+                rcon[i];
+            rk[5] = rk[1] ^ rk[4];
+            rk[6] = rk[2] ^ rk[5];
+            rk[7] = rk[3] ^ rk[6];
+            if (++i == 10) {
+                return 0;
+            }
+            rk += 4;
+        }
+    }
+    rk[4] = GETU32(userKey + 16);
+    rk[5] = GETU32(userKey + 20);
+    if (bits == 192) {
+        while (1) {
+            temp = rk[ 5];
+            rk[ 6] = rk[ 0] ^
+                (Te2[(temp >> 16) & 0xff] & 0xff000000) ^
+                (Te3[(temp >>  8) & 0xff] & 0x00ff0000) ^
+                (Te0[(temp      ) & 0xff] & 0x0000ff00) ^
+                (Te1[(temp >> 24)       ] & 0x000000ff) ^
+                rcon[i];
+            rk[ 7] = rk[ 1] ^ rk[ 6];
+            rk[ 8] = rk[ 2] ^ rk[ 7];
+            rk[ 9] = rk[ 3] ^ rk[ 8];
+            if (++i == 8) {
+                return 0;
+            }
+            rk[10] = rk[ 4] ^ rk[ 9];
+            rk[11] = rk[ 5] ^ rk[10];
+            rk += 6;
+        }
+    }
+    rk[6] = GETU32(userKey + 24);
+    rk[7] = GETU32(userKey + 28);
+    if (bits == 256) {
+        while (1) {
+            temp = rk[ 7];
+            rk[ 8] = rk[ 0] ^
+                (Te2[(temp >> 16) & 0xff] & 0xff000000) ^
+                (Te3[(temp >>  8) & 0xff] & 0x00ff0000) ^
+                (Te0[(temp      ) & 0xff] & 0x0000ff00) ^
+                (Te1[(temp >> 24)       ] & 0x000000ff) ^
+                rcon[i];
+            rk[ 9] = rk[ 1] ^ rk[ 8];
+            rk[10] = rk[ 2] ^ rk[ 9];
+            rk[11] = rk[ 3] ^ rk[10];
+            if (++i == 7) {
+                return 0;
+            }
+            temp = rk[11];
+            rk[12] = rk[ 4] ^
+                (Te2[(temp >> 24)       ] & 0xff000000) ^
+                (Te3[(temp >> 16) & 0xff] & 0x00ff0000) ^
+                (Te0[(temp >>  8) & 0xff] & 0x0000ff00) ^
+                (Te1[(temp      ) & 0xff] & 0x000000ff);
+            rk[13] = rk[ 5] ^ rk[12];
+            rk[14] = rk[ 6] ^ rk[13];
+            rk[15] = rk[ 7] ^ rk[14];

-			rk += 8;
-        	}
-	}
-	return 0;
+            rk += 8;
+            }
+    }
+    return 0;
 }

 /**
 * Expand the cipher key into the decryption key schedule.
 */
 int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
-			 AES_KEY *key) {
+                        AES_KEY *key)
+{

-        u32 *rk;
-	int i, j, status;
-	u32 temp;
+    u32 *rk;
+    int i, j, status;
+    u32 temp;

-	/* first, start with an encryption schedule */
-	status = AES_set_encrypt_key(userKey, bits, key);
-	if (status < 0)
-		return status;
+    /* first, start with an encryption schedule */
+    status = AES_set_encrypt_key(userKey, bits, key);
+    if (status < 0)
+        return status;

-	rk = key->rd_key;
+    rk = key->rd_key;

-	/* invert the order of the round keys: */
-	for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) {
-		temp = rk[i    ]; rk[i    ] = rk[j    ]; rk[j    ] = temp;
-		temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp;
-		temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp;
-		temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp;
-	}
-	/* apply the inverse MixColumn transform to all round keys but the first and the last: */
-	for (i = 1; i < (key->rounds); i++) {
-		rk += 4;
-		rk[0] =
-			Td0[Te1[(rk[0] >> 24)       ] & 0xff] ^
-			Td1[Te1[(rk[0] >> 16) & 0xff] & 0xff] ^
-			Td2[Te1[(rk[0] >>  8) & 0xff] & 0xff] ^
-			Td3[Te1[(rk[0]      ) & 0xff] & 0xff];
-		rk[1] =
-			Td0[Te1[(rk[1] >> 24)       ] & 0xff] ^
-			Td1[Te1[(rk[1] >> 16) & 0xff] & 0xff] ^
-			Td2[Te1[(rk[1] >>  8) & 0xff] & 0xff] ^
-			Td3[Te1[(rk[1]      ) & 0xff] & 0xff];
-		rk[2] =
-			Td0[Te1[(rk[2] >> 24)       ] & 0xff] ^
-			Td1[Te1[(rk[2] >> 16) & 0xff] & 0xff] ^
-			Td2[Te1[(rk[2] >>  8) & 0xff] & 0xff] ^
-			Td3[Te1[(rk[2]      ) & 0xff] & 0xff];
-		rk[3] =
-			Td0[Te1[(rk[3] >> 24)       ] & 0xff] ^
-			Td1[Te1[(rk[3] >> 16) & 0xff] & 0xff] ^
-			Td2[Te1[(rk[3] >>  8) & 0xff] & 0xff] ^
-			Td3[Te1[(rk[3]      ) & 0xff] & 0xff];
-	}
-	return 0;
+    /* invert the order of the round keys: */
+    for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) {
+        temp = rk[i    ]; rk[i    ] = rk[j    ]; rk[j    ] = temp;
+        temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp;
+        temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp;
+        temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp;
+    }
+    /* apply the inverse MixColumn transform to all round keys but the first and the last: */
+    for (i = 1; i < (key->rounds); i++) {
+        rk += 4;
+        rk[0] =
+            Td0[Te1[(rk[0] >> 24)       ] & 0xff] ^
+            Td1[Te1[(rk[0] >> 16) & 0xff] & 0xff] ^
+            Td2[Te1[(rk[0] >>  8) & 0xff] & 0xff] ^
+            Td3[Te1[(rk[0]      ) & 0xff] & 0xff];
+        rk[1] =
+            Td0[Te1[(rk[1] >> 24)       ] & 0xff] ^
+            Td1[Te1[(rk[1] >> 16) & 0xff] & 0xff] ^
+            Td2[Te1[(rk[1] >>  8) & 0xff] & 0xff] ^
+            Td3[Te1[(rk[1]      ) & 0xff] & 0xff];
+        rk[2] =
+            Td0[Te1[(rk[2] >> 24)       ] & 0xff] ^
+            Td1[Te1[(rk[2] >> 16) & 0xff] & 0xff] ^
+            Td2[Te1[(rk[2] >>  8) & 0xff] & 0xff] ^
+            Td3[Te1[(rk[2]      ) & 0xff] & 0xff];
+        rk[3] =
+            Td0[Te1[(rk[3] >> 24)       ] & 0xff] ^
+            Td1[Te1[(rk[3] >> 16) & 0xff] & 0xff] ^
+            Td2[Te1[(rk[3] >>  8) & 0xff] & 0xff] ^
+            Td3[Te1[(rk[3]      ) & 0xff] & 0xff];
+    }
+    return 0;
 }

 /*
@@ -779,71 +781,71 @@ int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
 * in and out can overlap
 */
 void AES_encrypt(const unsigned char *in, unsigned char *out,
-		 const AES_KEY *key) {
+                 const AES_KEY *key) {

-	const u32 *rk;
-	u32 s0, s1, s2, s3, t0, t1, t2, t3;
+    const u32 *rk;
+    u32 s0, s1, s2, s3, t0, t1, t2, t3;
 #ifndef FULL_UNROLL
-	int r;
+    int r;
 #endif /* ?FULL_UNROLL */

-	assert(in && out && key);
-	rk = key->rd_key;
+    assert(in && out && key);
+    rk = key->rd_key;

-	/*
-	 * map byte array block to cipher state
-	 * and add initial round key:
-	 */
-	s0 = GETU32(in     ) ^ rk[0];
-	s1 = GETU32(in +  4) ^ rk[1];
-	s2 = GETU32(in +  8) ^ rk[2];
-	s3 = GETU32(in + 12) ^ rk[3];
+    /*
+     * map byte array block to cipher state
+     * and add initial round key:
+     */
+    s0 = GETU32(in     ) ^ rk[0];
+    s1 = GETU32(in +  4) ^ rk[1];
+    s2 = GETU32(in +  8) ^ rk[2];
+    s3 = GETU32(in + 12) ^ rk[3];
 #ifdef FULL_UNROLL
-	/* round 1: */
-   	t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4];
-   	t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5];
-   	t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6];
-   	t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7];
-   	/* round 2: */
-   	s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[ 8];
-   	s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[ 9];
-   	s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[10];
-   	s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[11];
-	/* round 3: */
-   	t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[12];
-   	t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[13];
-   	t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[14];
-   	t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[15];
-   	/* round 4: */
-   	s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[16];
-   	s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[17];
-   	s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[18];
-   	s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[19];
-	/* round 5: */
-   	t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[20];
-   	t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[21];
-   	t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[22];
-   	t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[23];
-   	/* round 6: */
-   	s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[24];
-   	s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[25];
-   	s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[26];
-   	s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[27];
-	/* round 7: */
-   	t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[28];
-   	t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[29];
-   	t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[30];
-   	t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[31];
-   	/* round 8: */
-   	s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[32];
-   	s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[33];
-   	s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[34];
-   	s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[35];
-	/* round 9: */
-   	t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[36];
-   	t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[37];
-   	t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38];
-   	t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39];
+    /* round 1: */
+    t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4];
+    t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5];
+    t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6];
+    t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7];
+    /* round 2: */
+    s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[ 8];
+    s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[ 9];
+    s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[10];
+    s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[11];
+    /* round 3: */
+    t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[12];
+    t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[13];
+    t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[14];
+    t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[15];
+    /* round 4: */
+    s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[16];
+    s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[17];
+    s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[18];
+    s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[19];
+    /* round 5: */
+    t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[20];
+    t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[21];
+    t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[22];
+    t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[23];
+    /* round 6: */
+    s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[24];
+    s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[25];
+    s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[26];
+    s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[27];
+    /* round 7: */
+    t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[28];
+    t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[29];
+    t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[30];
+    t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[31];
+    /* round 8: */
+    s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[32];
+    s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[33];
+    s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[34];
+    s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[35];
+    /* round 9: */
+    t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[36];
+    t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[37];
+    t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38];
+    t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39];
    if (key->rounds > 10) {
        /* round 10: */
        s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40];
@@ -932,37 +934,37 @@ void AES_encrypt(const unsigned char *in, unsigned char *out,
    }
 #endif /* ?FULL_UNROLL */
    /*
-	 * apply last round and
-	 * map cipher state to byte array block:
-	 */
-	s0 =
-		(Te2[(t0 >> 24)       ] & 0xff000000) ^
-		(Te3[(t1 >> 16) & 0xff] & 0x00ff0000) ^
-		(Te0[(t2 >>  8) & 0xff] & 0x0000ff00) ^
-		(Te1[(t3      ) & 0xff] & 0x000000ff) ^
-		rk[0];
-	PUTU32(out     , s0);
-	s1 =
-		(Te2[(t1 >> 24)       ] & 0xff000000) ^
-		(Te3[(t2 >> 16) & 0xff] & 0x00ff0000) ^
-		(Te0[(t3 >>  8) & 0xff] & 0x0000ff00) ^
-		(Te1[(t0      ) & 0xff] & 0x000000ff) ^
-		rk[1];
-	PUTU32(out +  4, s1);
-	s2 =
-		(Te2[(t2 >> 24)       ] & 0xff000000) ^
-		(Te3[(t3 >> 16) & 0xff] & 0x00ff0000) ^
-		(Te0[(t0 >>  8) & 0xff] & 0x0000ff00) ^
-		(Te1[(t1      ) & 0xff] & 0x000000ff) ^
-		rk[2];
-	PUTU32(out +  8, s2);
-	s3 =
-		(Te2[(t3 >> 24)       ] & 0xff000000) ^
-		(Te3[(t0 >> 16) & 0xff] & 0x00ff0000) ^
-		(Te0[(t1 >>  8) & 0xff] & 0x0000ff00) ^
-		(Te1[(t2      ) & 0xff] & 0x000000ff) ^
-		rk[3];
-	PUTU32(out + 12, s3);
+     * apply last round and
+     * map cipher state to byte array block:
+     */
+    s0 =
+        (Te2[(t0 >> 24)       ] & 0xff000000) ^
+        (Te3[(t1 >> 16) & 0xff] & 0x00ff0000) ^
+        (Te0[(t2 >>  8) & 0xff] & 0x0000ff00) ^
+        (Te1[(t3      ) & 0xff] & 0x000000ff) ^
+        rk[0];
+    PUTU32(out     , s0);
+    s1 =
+        (Te2[(t1 >> 24)       ] & 0xff000000) ^
+        (Te3[(t2 >> 16) & 0xff] & 0x00ff0000) ^
+        (Te0[(t3 >>  8) & 0xff] & 0x0000ff00) ^
+        (Te1[(t0      ) & 0xff] & 0x000000ff) ^
+        rk[1];
+    PUTU32(out +  4, s1);
+    s2 =
+        (Te2[(t2 >> 24)       ] & 0xff000000) ^
+        (Te3[(t3 >> 16) & 0xff] & 0x00ff0000) ^
+        (Te0[(t0 >>  8) & 0xff] & 0x0000ff00) ^
+        (Te1[(t1      ) & 0xff] & 0x000000ff) ^
+        rk[2];
+    PUTU32(out +  8, s2);
+    s3 =
+        (Te2[(t3 >> 24)       ] & 0xff000000) ^
+        (Te3[(t0 >> 16) & 0xff] & 0x00ff0000) ^
+        (Te0[(t1 >>  8) & 0xff] & 0x0000ff00) ^
+        (Te1[(t2      ) & 0xff] & 0x000000ff) ^
+        rk[3];
+    PUTU32(out + 12, s3);
 }

 /*
@@ -970,21 +972,22 @@ void AES_encrypt(const unsigned char *in, unsigned char *out,
 * in and out can overlap
 */
 void AES_decrypt(const unsigned char *in, unsigned char *out,
-		 const AES_KEY *key) {
+                 const AES_KEY *key)
+{

-	const u32 *rk;
-	u32 s0, s1, s2, s3, t0, t1, t2, t3;
+    const u32 *rk;
+    u32 s0, s1, s2, s3, t0, t1, t2, t3;
 #ifndef FULL_UNROLL
-	int r;
+    int r;
 #endif /* ?FULL_UNROLL */

-	assert(in && out && key);
-	rk = key->rd_key;
+    assert(in && out && key);
+    rk = key->rd_key;

-	/*
-	 * map byte array block to cipher state
-	 * and add initial round key:
-	 */
+    /*
+     * map byte array block to cipher state
+     * and add initial round key:
+     */
    s0 = GETU32(in     ) ^ rk[0];
    s1 = GETU32(in +  4) ^ rk[1];
    s2 = GETU32(in +  8) ^ rk[2];
@@ -1059,7 +1062,7 @@ void AES_decrypt(const unsigned char *in, unsigned char *out,
            t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[55];
        }
    }
-	rk += key->rounds << 2;
+    rk += key->rounds << 2;
 #else  /* !FULL_UNROLL */
    /*
     * Nr - 1 full rounds:
@@ -1123,37 +1126,37 @@ void AES_decrypt(const unsigned char *in, unsigned char *out,
    }
 #endif /* ?FULL_UNROLL */
    /*
-	 * apply last round and
-	 * map cipher state to byte array block:
-	 */
-   	s0 =
-   		(Td4[(t0 >> 24)       ] << 24) ^
-   		(Td4[(t3 >> 16) & 0xff] << 16) ^
-   		(Td4[(t2 >>  8) & 0xff] <<  8) ^
-   		(Td4[(t1      ) & 0xff])       ^
-   		rk[0];
-	PUTU32(out     , s0);
-   	s1 =
-   		(Td4[(t1 >> 24)       ] << 24) ^
-   		(Td4[(t0 >> 16) & 0xff] << 16) ^
-   		(Td4[(t3 >>  8) & 0xff] <<  8) ^
-   		(Td4[(t2      ) & 0xff])       ^
-   		rk[1];
-	PUTU32(out +  4, s1);
-   	s2 =
-   		(Td4[(t2 >> 24)       ] << 24) ^
-   		(Td4[(t1 >> 16) & 0xff] << 16) ^
-   		(Td4[(t0 >>  8) & 0xff] <<  8) ^
-   		(Td4[(t3      ) & 0xff])       ^
-   		rk[2];
-	PUTU32(out +  8, s2);
-   	s3 =
-   		(Td4[(t3 >> 24)       ] << 24) ^
-   		(Td4[(t2 >> 16) & 0xff] << 16) ^
-   		(Td4[(t1 >>  8) & 0xff] <<  8) ^
-   		(Td4[(t0      ) & 0xff])       ^
-   		rk[3];
-	PUTU32(out + 12, s3);
+     * apply last round and
+     * map cipher state to byte array block:
+     */
+    s0 =
+        (Td4[(t0 >> 24)       ] << 24) ^
+        (Td4[(t3 >> 16) & 0xff] << 16) ^
+        (Td4[(t2 >>  8) & 0xff] <<  8) ^
+        (Td4[(t1      ) & 0xff])       ^
+        rk[0];
+    PUTU32(out     , s0);
+    s1 =
+        (Td4[(t1 >> 24)       ] << 24) ^
+        (Td4[(t0 >> 16) & 0xff] << 16) ^
+        (Td4[(t3 >>  8) & 0xff] <<  8) ^
+        (Td4[(t2      ) & 0xff])       ^
+        rk[1];
+    PUTU32(out +  4, s1);
+    s2 =
+        (Td4[(t2 >> 24)       ] << 24) ^
+        (Td4[(t1 >> 16) & 0xff] << 16) ^
+        (Td4[(t0 >>  8) & 0xff] <<  8) ^
+        (Td4[(t3      ) & 0xff])       ^
+        rk[2];
+    PUTU32(out +  8, s2);
+    s3 =
+        (Td4[(t3 >> 24)       ] << 24) ^
+        (Td4[(t2 >> 16) & 0xff] << 16) ^
+        (Td4[(t1 >>  8) & 0xff] <<  8) ^
+        (Td4[(t0      ) & 0xff])       ^
+        rk[3];
+    PUTU32(out + 12, s3);
 }

 #else /* AES_ASM */
@@ -1193,166 +1196,167 @@ static const u8 Te4[256] = {
    0x41U, 0x99U, 0x2dU, 0x0fU, 0xb0U, 0x54U, 0xbbU, 0x16U
 };
 static const u32 rcon[] = {
-	0x01000000, 0x02000000, 0x04000000, 0x08000000,
-	0x10000000, 0x20000000, 0x40000000, 0x80000000,
-	0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
+    0x01000000, 0x02000000, 0x04000000, 0x08000000,
+    0x10000000, 0x20000000, 0x40000000, 0x80000000,
+    0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
 };

 /**
 * Expand the cipher key into the encryption key schedule.
 */
 int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
-			AES_KEY *key) {
-	u32 *rk;
+                        AES_KEY *key)
+{
+    u32 *rk;
   	int i = 0;
-	u32 temp;
+    u32 temp;

-	if (!userKey || !key)
-		return -1;
-	if (bits != 128 && bits != 192 && bits != 256)
-		return -2;
+    if (!userKey || !key)
+        return -1;
+    if (bits != 128 && bits != 192 && bits != 256)
+        return -2;

-	rk = key->rd_key;
+    rk = key->rd_key;

-	if (bits==128)
-		key->rounds = 10;
-	else if (bits==192)
-		key->rounds = 12;
-	else
-		key->rounds = 14;
+    if (bits==128)
+        key->rounds = 10;
+    else if (bits==192)
+        key->rounds = 12;
+    else
+        key->rounds = 14;

-	rk[0] = GETU32(userKey     );
-	rk[1] = GETU32(userKey +  4);
-	rk[2] = GETU32(userKey +  8);
-	rk[3] = GETU32(userKey + 12);
-	if (bits == 128) {
-		while (1) {
-			temp  = rk[3];
-			rk[4] = rk[0] ^
-				(Te4[(temp >> 16) & 0xff] << 24) ^
-				(Te4[(temp >>  8) & 0xff] << 16) ^
-				(Te4[(temp      ) & 0xff] << 8) ^
-				(Te4[(temp >> 24)       ]) ^
-				rcon[i];
-			rk[5] = rk[1] ^ rk[4];
-			rk[6] = rk[2] ^ rk[5];
-			rk[7] = rk[3] ^ rk[6];
-			if (++i == 10) {
-				return 0;
-			}
-			rk += 4;
-		}
-	}
-	rk[4] = GETU32(userKey + 16);
-	rk[5] = GETU32(userKey + 20);
-	if (bits == 192) {
-		while (1) {
-			temp = rk[ 5];
-			rk[ 6] = rk[ 0] ^
-				(Te4[(temp >> 16) & 0xff] << 24) ^
-				(Te4[(temp >>  8) & 0xff] << 16) ^
-				(Te4[(temp      ) & 0xff] << 8) ^
-				(Te4[(temp >> 24)       ]) ^
-				rcon[i];
-			rk[ 7] = rk[ 1] ^ rk[ 6];
-			rk[ 8] = rk[ 2] ^ rk[ 7];
-			rk[ 9] = rk[ 3] ^ rk[ 8];
-			if (++i == 8) {
-				return 0;
-			}
-			rk[10] = rk[ 4] ^ rk[ 9];
-			rk[11] = rk[ 5] ^ rk[10];
-			rk += 6;
-		}
-	}
-	rk[6] = GETU32(userKey + 24);
-	rk[7] = GETU32(userKey + 28);
-	if (bits == 256) {
-		while (1) {
-			temp = rk[ 7];
-			rk[ 8] = rk[ 0] ^
-				(Te4[(temp >> 16) & 0xff] << 24) ^
-				(Te4[(temp >>  8) & 0xff] << 16) ^
-				(Te4[(temp      ) & 0xff] << 8) ^
-				(Te4[(temp >> 24)       ]) ^
-				rcon[i];
-			rk[ 9] = rk[ 1] ^ rk[ 8];
-			rk[10] = rk[ 2] ^ rk[ 9];
-			rk[11] = rk[ 3] ^ rk[10];
-			if (++i == 7) {
-				return 0;
-			}
-			temp = rk[11];
-			rk[12] = rk[ 4] ^
-				(Te4[(temp >> 24)       ] << 24) ^
-				(Te4[(temp >> 16) & 0xff] << 16) ^
-				(Te4[(temp >>  8) & 0xff] << 8) ^
-				(Te4[(temp      ) & 0xff]);
-			rk[13] = rk[ 5] ^ rk[12];
-			rk[14] = rk[ 6] ^ rk[13];
-			rk[15] = rk[ 7] ^ rk[14];
+    rk[0] = GETU32(userKey     );
+    rk[1] = GETU32(userKey +  4);
+    rk[2] = GETU32(userKey +  8);
+    rk[3] = GETU32(userKey + 12);
+    if (bits == 128) {
+        while (1) {
+            temp  = rk[3];
+            rk[4] = rk[0] ^
+                (Te4[(temp >> 16) & 0xff] << 24) ^
+                (Te4[(temp >>  8) & 0xff] << 16) ^
+                (Te4[(temp      ) & 0xff] << 8) ^
+                (Te4[(temp >> 24)       ]) ^
+                rcon[i];
+            rk[5] = rk[1] ^ rk[4];
+            rk[6] = rk[2] ^ rk[5];
+            rk[7] = rk[3] ^ rk[6];
+            if (++i == 10) {
+                return 0;
+            }
+            rk += 4;
+        }
+    }
+    rk[4] = GETU32(userKey + 16);
+    rk[5] = GETU32(userKey + 20);
+    if (bits == 192) {
+        while (1) {
+            temp = rk[ 5];
+            rk[ 6] = rk[ 0] ^
+                (Te4[(temp >> 16) & 0xff] << 24) ^
+                (Te4[(temp >>  8) & 0xff] << 16) ^
+                (Te4[(temp      ) & 0xff] << 8) ^
+                (Te4[(temp >> 24)       ]) ^
+                rcon[i];
+            rk[ 7] = rk[ 1] ^ rk[ 6];
+            rk[ 8] = rk[ 2] ^ rk[ 7];
+            rk[ 9] = rk[ 3] ^ rk[ 8];
+            if (++i == 8) {
+                return 0;
+            }
+            rk[10] = rk[ 4] ^ rk[ 9];
+            rk[11] = rk[ 5] ^ rk[10];
+            rk += 6;
+        }
+    }
+    rk[6] = GETU32(userKey + 24);
+    rk[7] = GETU32(userKey + 28);
+    if (bits == 256) {
+        while (1) {
+            temp = rk[ 7];
+            rk[ 8] = rk[ 0] ^
+                (Te4[(temp >> 16) & 0xff] << 24) ^
+                (Te4[(temp >>  8) & 0xff] << 16) ^
+                (Te4[(temp      ) & 0xff] << 8) ^
+                (Te4[(temp >> 24)       ]) ^
+                rcon[i];
+            rk[ 9] = rk[ 1] ^ rk[ 8];
+            rk[10] = rk[ 2] ^ rk[ 9];
+            rk[11] = rk[ 3] ^ rk[10];
+            if (++i == 7) {
+                return 0;
+            }
+            temp = rk[11];
+            rk[12] = rk[ 4] ^
+                (Te4[(temp >> 24)       ] << 24) ^
+                (Te4[(temp >> 16) & 0xff] << 16) ^
+                (Te4[(temp >>  8) & 0xff] << 8) ^
+                (Te4[(temp      ) & 0xff]);
+            rk[13] = rk[ 5] ^ rk[12];
+            rk[14] = rk[ 6] ^ rk[13];
+            rk[15] = rk[ 7] ^ rk[14];

-			rk += 8;
-        	}
-	}
-	return 0;
+            rk += 8;
+        }
+    }
+    return 0;
 }

 /**
 * Expand the cipher key into the decryption key schedule.
 */
 int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
-			 AES_KEY *key) {
+                        AES_KEY *key)
+{
+    u32 *rk;
+    int i, j, status;
+    u32 temp;

-        u32 *rk;
-	int i, j, status;
-	u32 temp;
+    /* first, start with an encryption schedule */
+    status = AES_set_encrypt_key(userKey, bits, key);
+    if (status < 0)
+        return status;

-	/* first, start with an encryption schedule */
-	status = AES_set_encrypt_key(userKey, bits, key);
-	if (status < 0)
-		return status;
+    rk = key->rd_key;

-	rk = key->rd_key;
+    /* invert the order of the round keys: */
+    for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) {
+        temp = rk[i    ]; rk[i    ] = rk[j    ]; rk[j    ] = temp;
+        temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp;
+        temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp;
+        temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp;
+    }
+    /* apply the inverse MixColumn transform to all round keys but the first and the last: */
+    for (i = 1; i < (key->rounds); i++) {
+        rk += 4;
+        for (j = 0; j < 4; j++) {
+            u32 tp1, tp2, tp4, tp8, tp9, tpb, tpd, tpe, m;

-	/* invert the order of the round keys: */
-	for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) {
-		temp = rk[i    ]; rk[i    ] = rk[j    ]; rk[j    ] = temp;
-		temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp;
-		temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp;
-		temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp;
-	}
-	/* apply the inverse MixColumn transform to all round keys but the first and the last: */
-	for (i = 1; i < (key->rounds); i++) {
-		rk += 4;
-		for (j = 0; j < 4; j++) {
-			u32 tp1, tp2, tp4, tp8, tp9, tpb, tpd, tpe, m;
-
-			tp1 = rk[j];
-			m = tp1 & 0x80808080;
-			tp2 = ((tp1 & 0x7f7f7f7f) << 1) ^
-				((m - (m >> 7)) & 0x1b1b1b1b);
-			m = tp2 & 0x80808080;
-			tp4 = ((tp2 & 0x7f7f7f7f) << 1) ^
-				((m - (m >> 7)) & 0x1b1b1b1b);
-			m = tp4 & 0x80808080;
-			tp8 = ((tp4 & 0x7f7f7f7f) << 1) ^
-				((m - (m >> 7)) & 0x1b1b1b1b);
-			tp9 = tp8 ^ tp1;
-			tpb = tp9 ^ tp2;
-			tpd = tp9 ^ tp4;
-			tpe = tp8 ^ tp4 ^ tp2;
+            tp1 = rk[j];
+            m = tp1 & 0x80808080;
+            tp2 = ((tp1 & 0x7f7f7f7f) << 1) ^
+                ((m - (m >> 7)) & 0x1b1b1b1b);
+            m = tp2 & 0x80808080;
+            tp4 = ((tp2 & 0x7f7f7f7f) << 1) ^
+                ((m - (m >> 7)) & 0x1b1b1b1b);
+            m = tp4 & 0x80808080;
+            tp8 = ((tp4 & 0x7f7f7f7f) << 1) ^
+                ((m - (m >> 7)) & 0x1b1b1b1b);
+            tp9 = tp8 ^ tp1;
+            tpb = tp9 ^ tp2;
+            tpd = tp9 ^ tp4;
+            tpe = tp8 ^ tp4 ^ tp2;
 #if defined(ROTATE)
-			rk[j] = tpe ^ ROTATE(tpd,16) ^
-				ROTATE(tp9,24) ^ ROTATE(tpb,8);
+            rk[j] = tpe ^ ROTATE(tpd,16) ^
+                ROTATE(tp9,24) ^ ROTATE(tpb,8);
 #else
-			rk[j] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^ 
-				(tp9 >> 8) ^ (tp9 << 24) ^
-				(tpb >> 24) ^ (tpb << 8);
+            rk[j] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^ 
+                (tp9 >> 8) ^ (tp9 << 24) ^
+                (tpb >> 24) ^ (tpb << 8);
 #endif
-		}
-	}
-	return 0;
+        }
+    }
+    return 0;
 }

 #endif /* AES_ASM */
--- a/crypto/aes/aes_x86core.c
+++ b/crypto/aes/aes_x86core.c
--- a/crypto/asn1/a_bitstr.c
+++ b/crypto/asn1/a_bitstr.c
@@ -136,11 +136,16 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,

 	p= *pp;
 	i= *(p++);
+	if (i > 7)
+		{
+		i=ASN1_R_INVALID_BIT_STRING_BITS_LEFT;
+		goto err;
+		}
 	/* We do this to preserve the settings.  If we modify
 	 * the settings, via the _set_bit function, we will recalculate
 	 * on output */
 	ret->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear */
-	ret->flags|=(ASN1_STRING_FLAG_BITS_LEFT|(i&0x07)); /* set */
+	ret->flags|=(ASN1_STRING_FLAG_BITS_LEFT|i); /* set */

 	if (len-- > 1) /* using one because of the bits left byte */
 		{
--- a/crypto/asn1/a_int.c
+++ b/crypto/asn1/a_int.c
@@ -86,7 +86,7 @@ int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y)
 	}
 	

-/* 
+/*- 
 * This converts an ASN1 INTEGER into its content encoding.
 * The internal representation is an ASN1_STRING whose data is a big endian
 * representation of the value, ignoring the sign. The sign is determined by
--- a/crypto/asn1/a_strnid.c
+++ b/crypto/asn1/a_strnid.c
@@ -86,7 +86,8 @@ unsigned long ASN1_STRING_get_default_mask(void)
 	return global_mask;
 }

-/* This function sets the default to various "flavours" of configuration.
+/*-
+ * This function sets the default to various "flavours" of configuration.
 * based on an ASCII string. Currently this is:
 * MASK:XXXX : a numerical mask value.
 * nobmp : Don't use BMPStrings (just Printable, T61).
--- a/crypto/asn1/a_time.c
+++ b/crypto/asn1/a_time.c
@@ -54,7 +54,8 @@
 */


-/* This is an implementation of the ASN1 Time structure which is:
+/*-
+ * This is an implementation of the ASN1 Time structure which is:
 *    Time ::= CHOICE {
 *      utcTime        UTCTime,
 *      generalTime    GeneralizedTime }
--- a/crypto/asn1/a_type.c
+++ b/crypto/asn1/a_type.c
@@ -113,7 +113,7 @@ IMPLEMENT_STACK_OF(ASN1_TYPE)
 IMPLEMENT_ASN1_SET_OF(ASN1_TYPE)

 /* Returns 0 if they are equal, != 0 otherwise. */
-int ASN1_TYPE_cmp(ASN1_TYPE *a, ASN1_TYPE *b)
+int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b)
 	{
 	int result = -1;

--- a/crypto/asn1/a_utctm.c
+++ b/crypto/asn1/a_utctm.c
@@ -315,13 +315,16 @@ time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s)
 		}
 #undef g2

-	return mktime(&tm)-offset*60; /* FIXME: mktime assumes the current timezone
-	                               * instead of UTC, and unless we rewrite OpenSSL
-				       * in Lisp we cannot locally change the timezone
-				       * without possibly interfering with other parts
-	                               * of the program. timegm, which uses UTC, is
-				       * non-standard.
-	                               * Also time_t is inappropriate for general
-	                               * UTC times because it may a 32 bit type. */
+	/*
+	 * FIXME: mktime assumes the current timezone
+	 * instead of UTC, and unless we rewrite OpenSSL
+	 * in Lisp we cannot locally change the timezone
+	 * without possibly interfering with other parts
+	 * of the program. timegm, which uses UTC, is
+	 * non-standard.
+	 * Also time_t is inappropriate for general
+	 * UTC times because it may a 32 bit type.
+	 */
+	return mktime(&tm)-offset*60; 
 	}
 #endif
--- a/crypto/asn1/a_utf8.c
+++ b/crypto/asn1/a_utf8.c
@@ -63,7 +63,8 @@

 /* UTF8 utilities */

-/* This parses a UTF8 string one character at a time. It is passed a pointer
+/*-
+ * This parses a UTF8 string one character at a time. It is passed a pointer
 * to the string and the length of the string. It sets 'value' to the value of
 * the current character. It returns the number of characters read or a
 * negative error code:
--- a/crypto/asn1/a_verify.c
+++ b/crypto/asn1/a_verify.c
@@ -90,6 +90,12 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
 		ASN1err(ASN1_F_ASN1_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
 		goto err;
 		}
+
+	if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7)
+		{
+		ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT);
+		goto err;
+		}
 	
 	inl=i2d(data,NULL);
 	buf_in=OPENSSL_malloc((unsigned int)inl);
@@ -142,6 +148,12 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat
 		return -1;
 		}

+	if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7)
+		{
+		ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT);
+		return -1;
+		}
+
 	EVP_MD_CTX_init(&ctx);

 	/* Convert signature OID into digest and public key OIDs */
--- a/crypto/asn1/asn1.h
+++ b/crypto/asn1/asn1.h
@@ -362,7 +362,8 @@ typedef struct ASN1_VALUE_st ASN1_VALUE;

 TYPEDEF_D2I2D_OF(void);

-/* The following macros and typedefs allow an ASN1_ITEM
+/*-
+ * The following macros and typedefs allow an ASN1_ITEM
 * to be embedded in a structure and referenced. Since
 * the ASN1_ITEM pointers need to be globally accessible
 * (possibly from shared libraries) they may exist in
@@ -777,7 +778,7 @@ DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE)
 int ASN1_TYPE_get(ASN1_TYPE *a);
 void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
 int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value);
-int            ASN1_TYPE_cmp(ASN1_TYPE *a, ASN1_TYPE *b);
+int            ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b);

 ASN1_OBJECT *	ASN1_OBJECT_new(void );
 void		ASN1_OBJECT_free(ASN1_OBJECT *a);
@@ -1327,6 +1328,7 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_R_ILLEGAL_TIME_VALUE			 184
 #define ASN1_R_INTEGER_NOT_ASCII_FORMAT			 185
 #define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG		 128
+#define ASN1_R_INVALID_BIT_STRING_BITS_LEFT		 220
 #define ASN1_R_INVALID_BMPSTRING_LENGTH			 129
 #define ASN1_R_INVALID_DIGIT				 130
 #define ASN1_R_INVALID_MIME_TYPE			 205
@@ -1376,6 +1378,7 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_R_TIME_NOT_ASCII_FORMAT			 193
 #define ASN1_R_TOO_LONG					 155
 #define ASN1_R_TYPE_NOT_CONSTRUCTED			 156
+#define ASN1_R_TYPE_NOT_PRIMITIVE			 218
 #define ASN1_R_UNABLE_TO_DECODE_RSA_KEY			 157
 #define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY		 158
 #define ASN1_R_UNEXPECTED_EOC				 159
--- a/crypto/asn1/asn1_err.c
+++ b/crypto/asn1/asn1_err.c
@@ -1,6 +1,6 @@
 /* crypto/asn1/asn1_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2009 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2014 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -243,6 +243,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ERR_REASON(ASN1_R_ILLEGAL_TIME_VALUE)   ,"illegal time value"},
 {ERR_REASON(ASN1_R_INTEGER_NOT_ASCII_FORMAT),"integer not ascii format"},
 {ERR_REASON(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG),"integer too large for long"},
+{ERR_REASON(ASN1_R_INVALID_BIT_STRING_BITS_LEFT),"invalid bit string bits left"},
 {ERR_REASON(ASN1_R_INVALID_BMPSTRING_LENGTH),"invalid bmpstring length"},
 {ERR_REASON(ASN1_R_INVALID_DIGIT)        ,"invalid digit"},
 {ERR_REASON(ASN1_R_INVALID_MIME_TYPE)    ,"invalid mime type"},
@@ -292,6 +293,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ERR_REASON(ASN1_R_TIME_NOT_ASCII_FORMAT),"time not ascii format"},
 {ERR_REASON(ASN1_R_TOO_LONG)             ,"too long"},
 {ERR_REASON(ASN1_R_TYPE_NOT_CONSTRUCTED) ,"type not constructed"},
+{ERR_REASON(ASN1_R_TYPE_NOT_PRIMITIVE)   ,"type not primitive"},
 {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY),"unable to decode rsa key"},
 {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY),"unable to decode rsa private key"},
 {ERR_REASON(ASN1_R_UNEXPECTED_EOC)       ,"unexpected eoc"},
--- a/crypto/asn1/asn1_mac.h
+++ b/crypto/asn1/asn1_mac.h
@@ -361,7 +361,7 @@ err:\
 	if (((arg)=func()) == NULL) return(NULL)

 #define M_ASN1_New_Error(a) \
-/*	err:	ASN1_MAC_H_err((a),ERR_R_NESTED_ASN1_ERROR,c.line); \
+/*-	err:	ASN1_MAC_H_err((a),ERR_R_NESTED_ASN1_ERROR,c.line); \
 		return(NULL);*/ \
 	err2:	ASN1_MAC_H_err((a),ERR_R_MALLOC_FAILURE,c.line); \
 		return(NULL)
--- a/crypto/asn1/asn1_par.c
+++ b/crypto/asn1/asn1_par.c
@@ -418,14 +418,22 @@ end:
 const char *ASN1_tag2str(int tag)
 {
 	static const char * const tag2str[] = {
-	 "EOC", "BOOLEAN", "INTEGER", "BIT STRING", "OCTET STRING", /* 0-4 */
-	 "NULL", "OBJECT", "OBJECT DESCRIPTOR", "EXTERNAL", "REAL", /* 5-9 */
-	 "ENUMERATED", "<ASN1 11>", "UTF8STRING", "<ASN1 13>", 	    /* 10-13 */
-	"<ASN1 14>", "<ASN1 15>", "SEQUENCE", "SET", 		    /* 15-17 */
-	"NUMERICSTRING", "PRINTABLESTRING", "T61STRING",	    /* 18-20 */
-	"VIDEOTEXSTRING", "IA5STRING", "UTCTIME","GENERALIZEDTIME", /* 21-24 */
-	"GRAPHICSTRING", "VISIBLESTRING", "GENERALSTRING",	    /* 25-27 */
-	"UNIVERSALSTRING", "<ASN1 29>", "BMPSTRING"		    /* 28-30 */
+        /* 0-4 */
+	 "EOC", "BOOLEAN", "INTEGER", "BIT STRING", "OCTET STRING",
+        /* 5-9 */ 
+	 "NULL", "OBJECT", "OBJECT DESCRIPTOR", "EXTERNAL", "REAL",
+        /* 10-13 */
+	 "ENUMERATED", "<ASN1 11>", "UTF8STRING", "<ASN1 13>",
+        /* 15-17 */ 
+	"<ASN1 14>", "<ASN1 15>", "SEQUENCE", "SET",
+        /* 18-20 */  
+	"NUMERICSTRING", "PRINTABLESTRING", "T61STRING",
+        /* 21-24 */
+	"VIDEOTEXSTRING", "IA5STRING", "UTCTIME","GENERALIZEDTIME",
+        /* 25-27 */
+	"GRAPHICSTRING", "VISIBLESTRING", "GENERALSTRING",
+        /* 28-30 */
+	"UNIVERSALSTRING", "<ASN1 29>", "BMPSTRING"
 	};

 	if((tag == V_ASN1_NEG_INTEGER) || (tag == V_ASN1_NEG_ENUMERATED))
--- a/crypto/asn1/asn1t.h
+++ b/crypto/asn1/asn1t.h
@@ -129,7 +129,8 @@ extern "C" {

 /* This is a ASN1 type which just embeds a template */
 
-/* This pair helps declare a SEQUENCE. We can do:
+/*- 
+ * This pair helps declare a SEQUENCE. We can do:
 *
 * 	ASN1_SEQUENCE(stname) = {
 * 		... SEQUENCE components ...
@@ -231,7 +232,8 @@ extern "C" {
 	ASN1_ITEM_end(tname)


-/* This pair helps declare a CHOICE type. We can do:
+/*-
+ * This pair helps declare a CHOICE type. We can do:
 *
 * 	ASN1_CHOICE(chname) = {
 * 		... CHOICE options ...
@@ -577,7 +579,8 @@ const char *sname;		/* Structure name */
 #endif
 };

-/* These are values for the itype field and
+/*-
+ * These are values for the itype field and
 * determine how the type is interpreted.
 *
 * For PRIMITIVE types the underlying type
--- a/crypto/asn1/asn_mime.c
+++ b/crypto/asn1/asn_mime.c
@@ -915,7 +915,8 @@ static void mime_param_free(MIME_PARAM *param)
 	OPENSSL_free(param);
 }

-/* Check for a multipart boundary. Returns:
+/*-
+ * Check for a multipart boundary. Returns:
 * 0 : no boundary
 * 1 : part boundary
 * 2 : final boundary
--- a/crypto/asn1/asn_moid.c
+++ b/crypto/asn1/asn_moid.c
@@ -102,7 +102,8 @@ void ASN1_add_oid_module(void)
 	CONF_module_add("oid_section", oid_module_init, oid_module_finish);
 	}

-/* Create an OID based on a name value pair. Accept two formats.
+/*-
+ * Create an OID based on a name value pair. Accept two formats.
 * shortname = 1.2.3.4
 * shortname = some long name, 1.2.3.4
 */
--- a/crypto/asn1/d2i_pu.c
+++ b/crypto/asn1/d2i_pu.c
@@ -97,8 +97,9 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp,
 		{
 #ifndef OPENSSL_NO_RSA
 	case EVP_PKEY_RSA:
+		/* TMP UGLY CAST */
 		if ((ret->pkey.rsa=d2i_RSAPublicKey(NULL,
-			(const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */
+			(const unsigned char **)pp,length)) == NULL)
 			{
 			ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_ASN1_LIB);
 			goto err;
@@ -107,8 +108,9 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp,
 #endif
 #ifndef OPENSSL_NO_DSA
 	case EVP_PKEY_DSA:
+		/* TMP UGLY CAST */
 		if (!d2i_DSAPublicKey(&(ret->pkey.dsa),
-			(const unsigned char **)pp,length)) /* TMP UGLY CAST */
+			(const unsigned char **)pp,length))
 			{
 			ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_ASN1_LIB);
 			goto err;
--- a/crypto/asn1/t_x509.c
+++ b/crypto/asn1/t_x509.c
@@ -364,7 +364,8 @@ int ASN1_GENERALIZEDTIME_print(BIO *bp, const ASN1_GENERALIZEDTIME *tm)
 	if (v[i-1] == 'Z') gmt=1;
 	for (i=0; i<12; i++)
 		if ((v[i] > '9') || (v[i] < '0')) goto err;
-	y= (v[0]-'0')*1000+(v[1]-'0')*100 + (v[2]-'0')*10+(v[3]-'0');
+	y= (v[0]-'0')*1000+(v[1]-'0')*100
+		+ (v[2]-'0')*10+(v[3]-'0');
 	M= (v[4]-'0')*10+(v[5]-'0');
 	if ((M > 12) || (M < 1)) goto err;
 	d= (v[6]-'0')*10+(v[7]-'0');
--- a/crypto/asn1/tasn_dec.c
+++ b/crypto/asn1/tasn_dec.c
@@ -94,15 +94,24 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,

 /* Table to convert tags to bit values, used for MSTRING type */
 static const unsigned long tag2bit[32] = {
-0,	0,	0,	B_ASN1_BIT_STRING,	/* tags  0 -  3 */
-B_ASN1_OCTET_STRING,	0,	0,		B_ASN1_UNKNOWN,/* tags  4- 7 */
-B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,/* tags  8-11 */
-B_ASN1_UTF8STRING,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,/* tags 12-15 */
-B_ASN1_SEQUENCE,0,B_ASN1_NUMERICSTRING,B_ASN1_PRINTABLESTRING, /* tags 16-19 */
-B_ASN1_T61STRING,B_ASN1_VIDEOTEXSTRING,B_ASN1_IA5STRING,       /* tags 20-22 */
-B_ASN1_UTCTIME, B_ASN1_GENERALIZEDTIME,			       /* tags 23-24 */	
-B_ASN1_GRAPHICSTRING,B_ASN1_ISO64STRING,B_ASN1_GENERALSTRING,  /* tags 25-27 */
-B_ASN1_UNIVERSALSTRING,B_ASN1_UNKNOWN,B_ASN1_BMPSTRING,B_ASN1_UNKNOWN, /* tags 28-31 */
+    /* tags  0 -  3 */
+0,	0,	0,	B_ASN1_BIT_STRING,	
+    /* tags  4- 7 */
+B_ASN1_OCTET_STRING,	0,	0,		B_ASN1_UNKNOWN,
+    /* tags  8-11 */
+B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,
+    /* tags 12-15 */
+B_ASN1_UTF8STRING,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,
+    /* tags 16-19 */
+B_ASN1_SEQUENCE,0,B_ASN1_NUMERICSTRING,B_ASN1_PRINTABLESTRING,
+    /* tags 20-22 */
+B_ASN1_T61STRING,B_ASN1_VIDEOTEXSTRING,B_ASN1_IA5STRING,
+    /* tags 23-24 */
+B_ASN1_UTCTIME, B_ASN1_GENERALIZEDTIME,
+    /* tags 25-27 */
+B_ASN1_GRAPHICSTRING,B_ASN1_ISO64STRING,B_ASN1_GENERALSTRING,  
+    /* tags 28-31 */
+B_ASN1_UNIVERSALSTRING,B_ASN1_UNKNOWN,B_ASN1_BMPSTRING,B_ASN1_UNKNOWN,
 	};

 unsigned long ASN1_tag2bit(int tag)
@@ -870,6 +879,14 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
 		}
 	else if (cst)
 		{
+		if (utype == V_ASN1_NULL || utype == V_ASN1_BOOLEAN
+			|| utype == V_ASN1_OBJECT || utype == V_ASN1_INTEGER
+			|| utype == V_ASN1_ENUMERATED)
+			{
+			ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
+				ASN1_R_TYPE_NOT_PRIMITIVE);
+			return 0;
+			}
 		buf.length = 0;
 		buf.max = 0;
 		buf.data = NULL;
--- a/crypto/asn1/x_algor.c
+++ b/crypto/asn1/x_algor.c
@@ -128,3 +128,13 @@ void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval,
 		}
 	}

+int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b)
+	{
+	int rv;
+	rv = OBJ_cmp(a->algorithm, b->algorithm);
+	if (rv)
+		return rv;
+	if (!a->parameter && !b->parameter)
+		return 0;
+	return ASN1_TYPE_cmp(a->parameter, b->parameter);
+	}
--- a/crypto/asn1/x_attrib.c
+++ b/crypto/asn1/x_attrib.c
@@ -62,7 +62,8 @@
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>

-/* X509_ATTRIBUTE: this has the following form:
+/*-
+ * X509_ATTRIBUTE: this has the following form:
 *
 * typedef struct x509_attributes_st
 *	{
--- a/crypto/asn1/x_req.c
+++ b/crypto/asn1/x_req.c
@@ -61,7 +61,8 @@
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>

-/* X509_REQ_INFO is handled in an unusual way to get round
+/*-
+ * X509_REQ_INFO is handled in an unusual way to get round
 * invalid encodings. Some broken certificate requests don't
 * encode the attributes field if it is empty. This is in
 * violation of PKCS#10 but we need to tolerate it. We do
--- a/crypto/bf/blowfish.h
+++ b/crypto/bf/blowfish.h
@@ -72,7 +72,7 @@ extern "C" {
 #define BF_ENCRYPT	1
 #define BF_DECRYPT	0

-/*
+/*-
 * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 * ! BF_LONG has to be at least 32 bits wide. If it's wider, then !
 * ! BF_LONG_LOG2 has to be defined along.                        !
--- a/crypto/bio/b_print.c
+++ b/crypto/bio/b_print.c
@@ -94,7 +94,7 @@
 * on all source code distributions.
 */

-/*
+/*-
 * This code contains numerious changes and enhancements which were
 * made by lots of contributors over the last years to Patrick Powell's
 * original code:
--- a/crypto/bio/b_sock.c
+++ b/crypto/bio/b_sock.c
@@ -552,7 +552,8 @@ int BIO_socket_ioctl(int fd, long type, void *arg)
 	i=ioctlsocket(fd,type,(char *)arg);
 #else
 # if defined(OPENSSL_SYS_VMS)
-	/* 2011-02-18 SMS.
+	/*-
+	 * 2011-02-18 SMS.
 	 * VMS ioctl() can't tolerate a 64-bit "void *arg", but we
 	 * observe that all the consumers pass in an "unsigned long *",
 	 * so we arrange a local copy with a short pointer, and use
--- a/crypto/bio/bf_null.c
+++ b/crypto/bio/bf_null.c
@@ -102,9 +102,11 @@ static int nullf_new(BIO *bi)
 static int nullf_free(BIO *a)
 	{
 	if (a == NULL) return(0);
-/*	a->ptr=NULL;
+	/*-
+  	a->ptr=NULL;
 	a->init=0;
-	a->flags=0;*/
+	a->flags=0;
+	*/
 	return(1);
 	}
 	
--- a/crypto/bio/bio.h
+++ b/crypto/bio/bio.h
@@ -162,7 +162,8 @@ extern "C" {
 #define BIO_CTRL_DGRAM_SET_PEER           44 /* Destination for the data */

 #define BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT   45 /* Next DTLS handshake timeout to
-											  * adjust socket timeouts */
+                                              * adjust socket timeouts */
+#define BIO_CTRL_DGRAM_GET_MTU_OVERHEAD   49

 /* modifiers */
 #define BIO_FP_READ		0x02
@@ -189,7 +190,8 @@ extern "C" {
 #define BIO_GHBN_CTRL_FLUSH		5

 /* Mostly used in the SSL BIO */
-/* Not used anymore
+/*-
+ * Not used anymore
 * #define BIO_FLAGS_PROTOCOL_DELAYED_READ 0x10
 * #define BIO_FLAGS_PROTOCOL_DELAYED_WRITE 0x20
 * #define BIO_FLAGS_PROTOCOL_STARTUP	0x40
@@ -307,7 +309,8 @@ DECLARE_STACK_OF(BIO)

 typedef struct bio_f_buffer_ctx_struct
 	{
-	/* Buffers are setup like this:
+	/*-
+	 * Buffers are setup like this:
 	 *
 	 * <---------------------- size ----------------------->
 	 * +---------------------------------------------------+
@@ -553,6 +556,8 @@ int BIO_ctrl_reset_read_request(BIO *b);
         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)peer)
 #define BIO_dgram_set_peer(b,peer) \
         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)peer)
+#define BIO_dgram_get_mtu_overhead(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL)

 /* These two aren't currently implemented */
 /* int BIO_get_ex_num(BIO *bio); */
@@ -650,7 +655,8 @@ int BIO_dump_fp(FILE *fp, const char *s, int len);
 int BIO_dump_indent_fp(FILE *fp, const char *s, int len, int indent);
 #endif
 struct hostent *BIO_gethostbyname(const char *name);
-/* We might want a thread-safe interface too:
+/*-
+ * We might want a thread-safe interface too:
 * struct hostent *BIO_gethostbyname_r(const char *name,
 *     struct hostent *result, void *buffer, size_t buflen);
 * or something similar (caller allocates a struct hostent,
--- a/crypto/bio/bss_acpt.c
+++ b/crypto/bio/bss_acpt.c
@@ -436,7 +436,7 @@ static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr)
 		ret=(long)data->bind_mode;
 		break;
 	case BIO_CTRL_DUP:
-/*		dbio=(BIO *)ptr;
+/*-		dbio=(BIO *)ptr;
 		if (data->param_port) EAY EAY
 			BIO_set_port(dbio,data->param_port);
 		if (data->param_hostname)
--- a/crypto/bio/bss_bio.c
+++ b/crypto/bio/bss_bio.c
@@ -151,7 +151,8 @@ static int bio_new(BIO *bio)
 		return 0;

 	b->peer = NULL;
-	b->size = 17*1024; /* enough for one TLS record (just a default) */
+	/* enough for one TLS record (just a default) */
+	b->size = 17*1024;
 	b->buf = NULL;

 	bio->ptr = b;
@@ -269,7 +270,8 @@ static int bio_read(BIO *bio, char *buf, int size_)
 	return size;
 	}

-/* non-copying interface: provide pointer to available data in buffer
+/*-
+ * non-copying interface: provide pointer to available data in buffer
 *    bio_nread0:  return number of available bytes
 *    bio_nread:   also advance index
 * (example usage:  bio_nread0(), read from buffer, bio_nread()
@@ -422,7 +424,8 @@ static int bio_write(BIO *bio, const char *buf, int num_)
 	return num;
 	}

-/* non-copying interface: provide pointer to region to write to
+/*-
+ * non-copying interface: provide pointer to region to write to
 *   bio_nwrite0:  check how much space is available
 *   bio_nwrite:   also increase length
 * (example usage:  bio_nwrite0(), write to buffer, bio_nwrite()
--- a/crypto/bio/bss_dgram.c
+++ b/crypto/bio/bss_dgram.c
@@ -375,6 +375,36 @@ static int dgram_write(BIO *b, const char *in, int inl)
 	return(ret);
 	}

+static long dgram_get_mtu_overhead(bio_dgram_data *data)
+	{
+	long ret;
+
+	switch (data->peer.sa.sa_family)
+		{
+		case AF_INET:
+			/* Assume this is UDP - 20 bytes for IP, 8 bytes for UDP */
+			ret = 28;
+			break;
+#if OPENSSL_USE_IPV6
+		case AF_INET6:
+#ifdef IN6_IS_ADDR_V4MAPPED
+			if (IN6_IS_ADDR_V4MAPPED(&data->peer.sa_in6.sin6_addr))
+				/* Assume this is UDP - 20 bytes for IP, 8 bytes for UDP */
+				ret = 28;
+			else
+#endif
+				/* Assume this is UDP - 40 bytes for IP, 8 bytes for UDP */
+				ret = 48;
+			break;
+#endif
+		default:
+			/* We don't know. Go with the historical default */
+			ret = 28;
+			break;
+		}
+	return ret;
+	}
+
 static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
 	{
 	long ret=1;
@@ -551,23 +581,24 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
 #endif
 		break;
 	case BIO_CTRL_DGRAM_GET_FALLBACK_MTU:
+		ret = -dgram_get_mtu_overhead(data);
 		switch (data->peer.sa.sa_family)
 			{
 			case AF_INET:
-				ret = 576 - 20 - 8;
+				ret += 576;
 				break;
 #if OPENSSL_USE_IPV6
 			case AF_INET6:
 #ifdef IN6_IS_ADDR_V4MAPPED
 				if (IN6_IS_ADDR_V4MAPPED(&data->peer.sa_in6.sin6_addr))
-					ret = 576 - 20 - 8;
+					ret += 576;
 				else
 #endif
-					ret = 1280 - 40 - 8;
+					ret += 1280;
 				break;
 #endif
 			default:
-				ret = 576 - 20 - 8;
+				ret += 576;
 				break;
 			}
 		break;
@@ -768,6 +799,9 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
 			ret = 0;
 		break;
 #endif
+	case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD:
+		ret = dgram_get_mtu_overhead(data);
+		break;
 	default:
 		ret=0;
 		break;
--- a/crypto/bio/bss_file.c
+++ b/crypto/bio/bss_file.c
@@ -56,7 +56,7 @@
 * [including the GNU Public Licence.]
 */

-/*
+/*-
 * 03-Dec-1997	rdenny@dc3.com  Fix bug preventing use of stdin/stdout
 *		with binary data (e.g. asn1parse -inform DER < xxx) under
 *		Windows
@@ -153,9 +153,14 @@ BIO *BIO_new_file(const char *filename, const char *mode)
 			    		wmode,sizeof(wmode)/sizeof(wmode[0])) &&
 		    (file=_wfopen(wfilename,wmode))==NULL &&
 		    (errno==ENOENT || errno==EBADF)
-		   )	/* UTF-8 decode succeeded, but no file, filename
-			 * could still have been locale-ized... */
+		   )
+			{
+			/*
+			 * UTF-8 decode succeeded, but no file, filename
+			 * could still have been locale-ized...
+			 */
 			file = fopen(filename,mode);
+			}
 		}
 	else if (GetLastError()==ERROR_NO_UNICODE_TRANSLATION)
 		{
--- a/crypto/bio/bss_log.c
+++ b/crypto/bio/bss_log.c
@@ -276,8 +276,11 @@ static void xsyslog(BIO *bp, int priority, const char *string)
 	case LOG_DEBUG:
 		evtype = EVENTLOG_INFORMATION_TYPE;
 		break;
-	default:		/* Should never happen, but set it
-				   as error anyway. */
+	default:
+		/*
+		 * Should never happen, but set it
+		 * as error anyway.
+		 */
 		evtype = EVENTLOG_ERROR_TYPE;
 		break;
 		}
--- a/crypto/bio/bss_rtcp.c
+++ b/crypto/bio/bss_rtcp.c
@@ -56,7 +56,8 @@
 * [including the GNU Public Licence.]
 */

-/* Written by David L. Jones <jonesd@kcgl1.eng.ohio-state.edu>
+/*-
+ * Written by David L. Jones <jonesd@kcgl1.eng.ohio-state.edu>
 * Date:   22-JUL-1996
 * Revised: 25-SEP-1997		Update for 0.8.1, BIO_CTRL_SET -> BIO_C_SET_FD
 */
@@ -75,11 +76,16 @@ typedef unsigned short io_channel;
 /*************************************************************************/
 struct io_status { short status, count; long flags; };

-struct rpc_msg {		/* Should have member alignment inhibited */
-   char channel;		/* 'A'-app data. 'R'-remote client 'G'-global */
-   char function;		/* 'G'-get, 'P'-put, 'C'-confirm, 'X'-close */
-   unsigned short int length;	/* Amount of data returned or max to return */
-   char data[4092];		/* variable data */
+/* Should have member alignment inhibited */
+struct rpc_msg {
+   /* 'A'-app data. 'R'-remote client 'G'-global */
+   char channel;
+   /* 'G'-get, 'P'-put, 'C'-confirm, 'X'-close */
+   char function;
+   /* Amount of data returned or max to return */
+   unsigned short int length;
+   /* variable data */
+   char data[4092];
 };
 #define RPC_HDR_SIZE (sizeof(struct rpc_msg) - 4092)

--- a/crypto/bn/asm/mips3.s
+++ b/crypto/bn/asm/mips3.s
@@ -1584,17 +1584,17 @@ LEAF(bn_sqr_comba8)
 	dmultu	a_2,a_0		/* mul_add_c2(a[2],b[0],c3,c1,c2); */
 	mflo	t_1
 	mfhi	t_2
-	slt	c_2,t_2,zero
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
 	daddu	c_3,t_1
 	sltu	AT,c_3,t_1
-	daddu	t_2,AT
+	daddu	c_3,t_1
+	daddu	AT,t_2
+	sltu	t_1,c_3,t_1
+	daddu	c_1,AT
+	daddu	t_2,t_1
+	sltu	c_2,c_1,AT
 	daddu	c_1,t_2
-	sltu	AT,c_1,t_2
-	daddu	c_2,AT
+	sltu	t_2,c_1,t_2
+	daddu	c_2,t_2
 	dmultu	a_1,a_1		/* mul_add_c(a[1],b[1],c3,c1,c2); */
 	mflo	t_1
 	mfhi	t_2
@@ -1609,63 +1609,63 @@ LEAF(bn_sqr_comba8)
 	dmultu	a_0,a_3		/* mul_add_c2(a[0],b[3],c1,c2,c3); */
 	mflo	t_1
 	mfhi	t_2
-	slt	c_3,t_2,zero
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
 	daddu	c_1,t_1
 	sltu	AT,c_1,t_1
-	daddu	t_2,AT
+	daddu	c_1,t_1
+	daddu	AT,t_2
+	sltu	t_1,c_1,t_1
+	daddu	c_2,AT
+	daddu	t_2,t_1
+	sltu	c_3,c_2,AT
 	daddu	c_2,t_2
-	sltu	AT,c_2,t_2
-	daddu	c_3,AT
+	sltu	t_2,c_2,t_2
+	daddu	c_3,t_2
 	dmultu	a_1,a_2		/* mul_add_c2(a[1],b[2],c1,c2,c3); */
 	mflo	t_1
 	mfhi	t_2
-	slt	AT,t_2,zero
-	daddu	c_3,AT
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
 	daddu	c_1,t_1
 	sltu	AT,c_1,t_1
-	daddu	t_2,AT
+	daddu	c_1,t_1
+	daddu	AT,t_2
+	sltu	t_1,c_1,t_1
+	daddu	c_2,AT
+	daddu	t_2,t_1
+	sltu	AT,c_2,AT
 	daddu	c_2,t_2
-	sltu	AT,c_2,t_2
 	daddu	c_3,AT
+	sltu	t_2,c_2,t_2
+	daddu	c_3,t_2
 	sd	c_1,24(a0)

 	dmultu	a_4,a_0		/* mul_add_c2(a[4],b[0],c2,c3,c1); */
 	mflo	t_1
 	mfhi	t_2
-	slt	c_1,t_2,zero
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
 	daddu	c_2,t_1
 	sltu	AT,c_2,t_1
-	daddu	t_2,AT
+	daddu	c_2,t_1
+	daddu	AT,t_2
+	sltu	t_1,c_2,t_1
+	daddu	c_3,AT
+	daddu	t_2,t_1
+	sltu	c_1,c_3,AT
 	daddu	c_3,t_2
-	sltu	AT,c_3,t_2
-	daddu	c_1,AT
+	sltu	t_2,c_3,t_2
+	daddu	c_1,t_2
 	dmultu	a_3,a_1		/* mul_add_c2(a[3],b[1],c2,c3,c1); */
 	mflo	t_1
 	mfhi	t_2
-	slt	AT,t_2,zero
-	daddu	c_1,AT
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
 	daddu	c_2,t_1
 	sltu	AT,c_2,t_1
-	daddu	t_2,AT
+	daddu	c_2,t_1
+	daddu	AT,t_2
+	sltu	t_1,c_2,t_1
+	daddu	c_3,AT
+	daddu	t_2,t_1
+	sltu	AT,c_3,AT
 	daddu	c_3,t_2
-	sltu	AT,c_3,t_2
 	daddu	c_1,AT
+	sltu	t_2,c_3,t_2
+	daddu	c_1,t_2
 	dmultu	a_2,a_2		/* mul_add_c(a[2],b[2],c2,c3,c1); */
 	mflo	t_1
 	mfhi	t_2
@@ -1680,93 +1680,93 @@ LEAF(bn_sqr_comba8)
 	dmultu	a_0,a_5		/* mul_add_c2(a[0],b[5],c3,c1,c2); */
 	mflo	t_1
 	mfhi	t_2
-	slt	c_2,t_2,zero
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
 	daddu	c_3,t_1
 	sltu	AT,c_3,t_1
-	daddu	t_2,AT
+	daddu	c_3,t_1
+	daddu	AT,t_2
+	sltu	t_1,c_3,t_1
+	daddu	c_1,AT
+	daddu	t_2,t_1
+	sltu	c_2,c_1,AT
 	daddu	c_1,t_2
-	sltu	AT,c_1,t_2
-	daddu	c_2,AT
+	sltu	t_2,c_1,t_2
+	daddu	c_2,t_2
 	dmultu	a_1,a_4		/* mul_add_c2(a[1],b[4],c3,c1,c2); */
 	mflo	t_1
 	mfhi	t_2
-	slt	AT,t_2,zero
-	daddu	c_2,AT
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
 	daddu	c_3,t_1
 	sltu	AT,c_3,t_1
-	daddu	t_2,AT
+	daddu	c_3,t_1
+	daddu	AT,t_2
+	sltu	t_1,c_3,t_1
+	daddu	c_1,AT
+	daddu	t_2,t_1
+	sltu	AT,c_1,AT
 	daddu	c_1,t_2
-	sltu	AT,c_1,t_2
 	daddu	c_2,AT
+	sltu	t_2,c_1,t_2
+	daddu	c_2,t_2
 	dmultu	a_2,a_3		/* mul_add_c2(a[2],b[3],c3,c1,c2); */
 	mflo	t_1
 	mfhi	t_2
-	slt	AT,t_2,zero
-	daddu	c_2,AT
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
 	daddu	c_3,t_1
 	sltu	AT,c_3,t_1
-	daddu	t_2,AT
+	daddu	c_3,t_1
+	daddu	AT,t_2
+	sltu	t_1,c_3,t_1
+	daddu	c_1,AT
+	daddu	t_2,t_1
+	sltu	AT,c_1,AT
 	daddu	c_1,t_2
-	sltu	AT,c_1,t_2
 	daddu	c_2,AT
+	sltu	t_2,c_1,t_2
+	daddu	c_2,t_2
 	sd	c_3,40(a0)

 	dmultu	a_6,a_0		/* mul_add_c2(a[6],b[0],c1,c2,c3); */
 	mflo	t_1
 	mfhi	t_2
-	slt	c_3,t_2,zero
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
 	daddu	c_1,t_1
 	sltu	AT,c_1,t_1
-	daddu	t_2,AT
+	daddu	c_1,t_1
+	daddu	AT,t_2
+	sltu	t_1,c_1,t_1
+	daddu	c_2,AT
+	daddu	t_2,t_1
+	sltu	c_3,c_2,AT
 	daddu	c_2,t_2
-	sltu	AT,c_2,t_2
-	daddu	c_3,AT
+	sltu	t_2,c_2,t_2
+	daddu	c_3,t_2
 	dmultu	a_5,a_1		/* mul_add_c2(a[5],b[1],c1,c2,c3); */
 	mflo	t_1
 	mfhi	t_2
-	slt	AT,t_2,zero
-	daddu	c_3,AT
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
 	daddu	c_1,t_1
 	sltu	AT,c_1,t_1
-	daddu	t_2,AT
+	daddu	c_1,t_1
+	daddu	AT,t_2
+	sltu	t_1,c_1,t_1
+	daddu	c_2,AT
+	daddu	t_2,t_1
+	sltu	AT,c_2,AT
 	daddu	c_2,t_2
-	sltu	AT,c_2,t_2
 	daddu	c_3,AT
+	sltu	t_2,c_2,t_2
+	daddu	c_3,t_2
 	dmultu	a_4,a_2		/* mul_add_c2(a[4],b[2],c1,c2,c3); */
 	mflo	t_1
 	mfhi	t_2
-	slt	AT,t_2,zero
-	daddu	c_3,AT
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
 	daddu	c_1,t_1
 	sltu	AT,c_1,t_1
-	daddu	t_2,AT
+	daddu	c_1,t_1
+	daddu	AT,t_2
+	sltu	t_1,c_1,t_1
+	daddu	c_2,AT
+	daddu	t_2,t_1
+	sltu	AT,c_2,AT
 	daddu	c_2,t_2
-	sltu	AT,c_2,t_2
 	daddu	c_3,AT
+	sltu	t_2,c_2,t_2
+	daddu	c_3,t_2
 	dmultu	a_3,a_3		/* mul_add_c(a[3],b[3],c1,c2,c3); */
 	mflo	t_1
 	mfhi	t_2
@@ -1781,108 +1781,108 @@ LEAF(bn_sqr_comba8)
 	dmultu	a_0,a_7		/* mul_add_c2(a[0],b[7],c2,c3,c1); */
 	mflo	t_1
 	mfhi	t_2
-	slt	c_1,t_2,zero
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
 	daddu	c_2,t_1
 	sltu	AT,c_2,t_1
-	daddu	t_2,AT
+	daddu	c_2,t_1
+	daddu	AT,t_2
+	sltu	t_1,c_2,t_1
+	daddu	c_3,AT
+	daddu	t_2,t_1
+	sltu	c_1,c_3,AT
 	daddu	c_3,t_2
-	sltu	AT,c_3,t_2
-	daddu	c_1,AT
+	sltu	t_2,c_3,t_2
+	daddu	c_1,t_2
 	dmultu	a_1,a_6		/* mul_add_c2(a[1],b[6],c2,c3,c1); */
 	mflo	t_1
 	mfhi	t_2
-	slt	AT,t_2,zero
-	daddu	c_1,AT
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
 	daddu	c_2,t_1
 	sltu	AT,c_2,t_1
-	daddu	t_2,AT
+	daddu	c_2,t_1
+	daddu	AT,t_2
+	sltu	t_1,c_2,t_1
+	daddu	c_3,AT
+	daddu	t_2,t_1
+	sltu	AT,c_3,AT
 	daddu	c_3,t_2
-	sltu	AT,c_3,t_2
 	daddu	c_1,AT
+	sltu	t_2,c_3,t_2
+	daddu	c_1,t_2
 	dmultu	a_2,a_5		/* mul_add_c2(a[2],b[5],c2,c3,c1); */
 	mflo	t_1
 	mfhi	t_2
-	slt	AT,t_2,zero
-	daddu	c_1,AT
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
 	daddu	c_2,t_1
 	sltu	AT,c_2,t_1
-	daddu	t_2,AT
+	daddu	c_2,t_1
+	daddu	AT,t_2
+	sltu	t_1,c_2,t_1
+	daddu	c_3,AT
+	daddu	t_2,t_1
+	sltu	AT,c_3,AT
 	daddu	c_3,t_2
-	sltu	AT,c_3,t_2
 	daddu	c_1,AT
+	sltu	t_2,c_3,t_2
+	daddu	c_1,t_2
 	dmultu	a_3,a_4		/* mul_add_c2(a[3],b[4],c2,c3,c1); */
 	mflo	t_1
 	mfhi	t_2
-	slt	AT,t_2,zero
-	daddu	c_1,AT
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
 	daddu	c_2,t_1
 	sltu	AT,c_2,t_1
-	daddu	t_2,AT
+	daddu	c_2,t_1
+	daddu	AT,t_2
+	sltu	t_1,c_2,t_1
+	daddu	c_3,AT
+	daddu	t_2,t_1
+	sltu	AT,c_3,AT
 	daddu	c_3,t_2
-	sltu	AT,c_3,t_2
 	daddu	c_1,AT
+	sltu	t_2,c_3,t_2
+	daddu	c_1,t_2
 	sd	c_2,56(a0)

 	dmultu	a_7,a_1		/* mul_add_c2(a[7],b[1],c3,c1,c2); */
 	mflo	t_1
 	mfhi	t_2
-	slt	c_2,t_2,zero
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
 	daddu	c_3,t_1
 	sltu	AT,c_3,t_1
-	daddu	t_2,AT
+	daddu	c_3,t_1
+	daddu	AT,t_2
+	sltu	t_1,c_3,t_1
+	daddu	c_1,AT
+	daddu	t_2,t_1
+	sltu	c_2,c_1,AT
 	daddu	c_1,t_2
-	sltu	AT,c_1,t_2
-	daddu	c_2,AT
+	sltu	t_2,c_1,t_2
+	daddu	c_2,t_2
 	dmultu	a_6,a_2		/* mul_add_c2(a[6],b[2],c3,c1,c2); */
 	mflo	t_1
 	mfhi	t_2
-	slt	AT,t_2,zero
-	daddu	c_2,AT
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
 	daddu	c_3,t_1
 	sltu	AT,c_3,t_1
-	daddu	t_2,AT
+	daddu	c_3,t_1
+	daddu	AT,t_2
+	sltu	t_1,c_3,t_1
+	daddu	c_1,AT
+	daddu	t_2,t_1
+	sltu	AT,c_1,AT
 	daddu	c_1,t_2
-	sltu	AT,c_1,t_2
 	daddu	c_2,AT
+	sltu	t_2,c_1,t_2
+	daddu	c_2,t_2
 	dmultu	a_5,a_3		/* mul_add_c2(a[5],b[3],c3,c1,c2); */
 	mflo	t_1
 	mfhi	t_2
-	slt	AT,t_2,zero
-	daddu	c_2,AT
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
 	daddu	c_3,t_1
 	sltu	AT,c_3,t_1
-	daddu	t_2,AT
+	daddu	c_3,t_1
+	daddu	AT,t_2
+	sltu	t_1,c_3,t_1
+	daddu	c_1,AT
+	daddu	t_2,t_1
+	sltu	AT,c_1,AT
 	daddu	c_1,t_2
-	sltu	AT,c_1,t_2
 	daddu	c_2,AT
+	sltu	t_2,c_1,t_2
+	daddu	c_2,t_2
 	dmultu	a_4,a_4		/* mul_add_c(a[4],b[4],c3,c1,c2); */
 	mflo	t_1
 	mfhi	t_2
@@ -1897,78 +1897,78 @@ LEAF(bn_sqr_comba8)
 	dmultu	a_2,a_7		/* mul_add_c2(a[2],b[7],c1,c2,c3); */
 	mflo	t_1
 	mfhi	t_2
-	slt	c_3,t_2,zero
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
 	daddu	c_1,t_1
 	sltu	AT,c_1,t_1
-	daddu	t_2,AT
+	daddu	c_1,t_1
+	daddu	AT,t_2
+	sltu	t_1,c_1,t_1
+	daddu	c_2,AT
+	daddu	t_2,t_1
+	sltu	c_3,c_2,AT
 	daddu	c_2,t_2
-	sltu	AT,c_2,t_2
-	daddu	c_3,AT
+	sltu	t_2,c_2,t_2
+	daddu	c_3,t_2
 	dmultu	a_3,a_6		/* mul_add_c2(a[3],b[6],c1,c2,c3); */
 	mflo	t_1
 	mfhi	t_2
-	slt	AT,t_2,zero
-	daddu	c_3,AT
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
 	daddu	c_1,t_1
 	sltu	AT,c_1,t_1
-	daddu	t_2,AT
+	daddu	c_1,t_1
+	daddu	AT,t_2
+	sltu	t_1,c_1,t_1
+	daddu	c_2,AT
+	daddu	t_2,t_1
+	sltu	AT,c_2,AT
 	daddu	c_2,t_2
-	sltu	AT,c_2,t_2
 	daddu	c_3,AT
+	sltu	t_2,c_2,t_2
+	daddu	c_3,t_2
 	dmultu	a_4,a_5		/* mul_add_c2(a[4],b[5],c1,c2,c3); */
 	mflo	t_1
 	mfhi	t_2
-	slt	AT,t_2,zero
-	daddu	c_3,AT
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
 	daddu	c_1,t_1
 	sltu	AT,c_1,t_1
-	daddu	t_2,AT
+	daddu	c_1,t_1
+	daddu	AT,t_2
+	sltu	t_1,c_1,t_1
+	daddu	c_2,AT
+	daddu	t_2,t_1
+	sltu	AT,c_2,AT
 	daddu	c_2,t_2
-	sltu	AT,c_2,t_2
 	daddu	c_3,AT
+	sltu	t_2,c_2,t_2
+	daddu	c_3,t_2
 	sd	c_1,72(a0)

 	dmultu	a_7,a_3		/* mul_add_c2(a[7],b[3],c2,c3,c1); */
 	mflo	t_1
 	mfhi	t_2
-	slt	c_1,t_2,zero
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
 	daddu	c_2,t_1
 	sltu	AT,c_2,t_1
-	daddu	t_2,AT
+	daddu	c_2,t_1
+	daddu	AT,t_2
+	sltu	t_1,c_2,t_1
+	daddu	c_3,AT
+	daddu	t_2,t_1
+	sltu	c_1,c_3,AT
 	daddu	c_3,t_2
-	sltu	AT,c_3,t_2
-	daddu	c_1,AT
+	sltu	t_2,c_3,t_2
+	daddu	c_1,t_2
 	dmultu	a_6,a_4		/* mul_add_c2(a[6],b[4],c2,c3,c1); */
 	mflo	t_1
 	mfhi	t_2
-	slt	AT,t_2,zero
-	daddu	c_1,AT
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
 	daddu	c_2,t_1
 	sltu	AT,c_2,t_1
-	daddu	t_2,AT
+	daddu	c_2,t_1
+	daddu	AT,t_2
+	sltu	t_1,c_2,t_1
+	daddu	c_3,AT
+	daddu	t_2,t_1
+	sltu	AT,c_3,AT
 	daddu	c_3,t_2
-	sltu	AT,c_3,t_2
 	daddu	c_1,AT
+	sltu	t_2,c_3,t_2
+	daddu	c_1,t_2
 	dmultu	a_5,a_5		/* mul_add_c(a[5],b[5],c2,c3,c1); */
 	mflo	t_1
 	mfhi	t_2
@@ -1983,48 +1983,48 @@ LEAF(bn_sqr_comba8)
 	dmultu	a_4,a_7		/* mul_add_c2(a[4],b[7],c3,c1,c2); */
 	mflo	t_1
 	mfhi	t_2
-	slt	c_2,t_2,zero
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
 	daddu	c_3,t_1
 	sltu	AT,c_3,t_1
-	daddu	t_2,AT
+	daddu	c_3,t_1
+	daddu	AT,t_2
+	sltu	t_1,c_3,t_1
+	daddu	c_1,AT
+	daddu	t_2,t_1
+	sltu	c_2,c_1,AT
 	daddu	c_1,t_2
-	sltu	AT,c_1,t_2
-	daddu	c_2,AT
+	sltu	t_2,c_1,t_2
+	daddu	c_2,t_2
 	dmultu	a_5,a_6		/* mul_add_c2(a[5],b[6],c3,c1,c2); */
 	mflo	t_1
 	mfhi	t_2
-	slt	AT,t_2,zero
-	daddu	c_2,AT
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
 	daddu	c_3,t_1
 	sltu	AT,c_3,t_1
-	daddu	t_2,AT
+	daddu	c_3,t_1
+	daddu	AT,t_2
+	sltu	t_1,c_3,t_1
+	daddu	c_1,AT
+	daddu	t_2,t_1
+	sltu	AT,c_1,AT
 	daddu	c_1,t_2
-	sltu	AT,c_1,t_2
 	daddu	c_2,AT
+	sltu	t_2,c_1,t_2
+	daddu	c_2,t_2
 	sd	c_3,88(a0)

 	dmultu	a_7,a_5		/* mul_add_c2(a[7],b[5],c1,c2,c3); */
 	mflo	t_1
 	mfhi	t_2
-	slt	c_3,t_2,zero
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
 	daddu	c_1,t_1
 	sltu	AT,c_1,t_1
-	daddu	t_2,AT
+	daddu	c_1,t_1
+	daddu	AT,t_2
+	sltu	t_1,c_1,t_1
+	daddu	c_2,AT
+	daddu	t_2,t_1
+	sltu	c_3,c_2,AT
 	daddu	c_2,t_2
-	sltu	AT,c_2,t_2
-	daddu	c_3,AT
+	sltu	t_2,c_2,t_2
+	daddu	c_3,t_2
 	dmultu	a_6,a_6		/* mul_add_c(a[6],b[6],c1,c2,c3); */
 	mflo	t_1
 	mfhi	t_2
@@ -2039,17 +2039,17 @@ LEAF(bn_sqr_comba8)
 	dmultu	a_6,a_7		/* mul_add_c2(a[6],b[7],c2,c3,c1); */
 	mflo	t_1
 	mfhi	t_2
-	slt	c_1,t_2,zero
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
 	daddu	c_2,t_1
 	sltu	AT,c_2,t_1
-	daddu	t_2,AT
+	daddu	c_2,t_1
+	daddu	AT,t_2
+	sltu	t_1,c_2,t_1
+	daddu	c_3,AT
+	daddu	t_2,t_1
+	sltu	c_1,c_3,AT
 	daddu	c_3,t_2
-	sltu	AT,c_3,t_2
-	daddu	c_1,AT
+	sltu	t_2,c_3,t_2
+	daddu	c_1,t_2
 	sd	c_2,104(a0)

 	dmultu	a_7,a_7		/* mul_add_c(a[7],b[7],c3,c1,c2); */
@@ -2070,9 +2070,9 @@ LEAF(bn_sqr_comba4)
 	.set	reorder
 	ld	a_0,0(a1)
 	ld	a_1,8(a1)
+	dmultu	a_0,a_0		/* mul_add_c(a[0],b[0],c1,c2,c3); */
 	ld	a_2,16(a1)
 	ld	a_3,24(a1)
-	dmultu	a_0,a_0		/* mul_add_c(a[0],b[0],c1,c2,c3); */
 	mflo	c_1
 	mfhi	c_2
 	sd	c_1,0(a0)
@@ -2093,17 +2093,17 @@ LEAF(bn_sqr_comba4)
 	dmultu	a_2,a_0		/* mul_add_c2(a[2],b[0],c3,c1,c2); */
 	mflo	t_1
 	mfhi	t_2
-	slt	c_2,t_2,zero
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
 	daddu	c_3,t_1
 	sltu	AT,c_3,t_1
-	daddu	t_2,AT
+	daddu	c_3,t_1
+	daddu	AT,t_2
+	sltu	t_1,c_3,t_1
+	daddu	c_1,AT
+	daddu	t_2,t_1
+	sltu	c_2,c_1,AT
 	daddu	c_1,t_2
-	sltu	AT,c_1,t_2
-	daddu	c_2,AT
+	sltu	t_2,c_1,t_2
+	daddu	c_2,t_2
 	dmultu	a_1,a_1		/* mul_add_c(a[1],b[1],c3,c1,c2); */
 	mflo	t_1
 	mfhi	t_2
@@ -2118,48 +2118,48 @@ LEAF(bn_sqr_comba4)
 	dmultu	a_0,a_3		/* mul_add_c2(a[0],b[3],c1,c2,c3); */
 	mflo	t_1
 	mfhi	t_2
-	slt	c_3,t_2,zero
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
 	daddu	c_1,t_1
 	sltu	AT,c_1,t_1
-	daddu	t_2,AT
+	daddu	c_1,t_1
+	daddu	AT,t_2
+	sltu	t_1,c_1,t_1
+	daddu	c_2,AT
+	daddu	t_2,t_1
+	sltu	c_3,c_2,AT
 	daddu	c_2,t_2
-	sltu	AT,c_2,t_2
-	daddu	c_3,AT
+	sltu	t_2,c_2,t_2
+	daddu	c_3,t_2
 	dmultu	a_1,a_2		/* mul_add_c(a2[1],b[2],c1,c2,c3); */
 	mflo	t_1
 	mfhi	t_2
-	slt	AT,t_2,zero
-	daddu	c_3,AT
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
 	daddu	c_1,t_1
 	sltu	AT,c_1,t_1
-	daddu	t_2,AT
+	daddu	c_1,t_1
+	daddu	AT,t_2
+	sltu	t_1,c_1,t_1
+	daddu	c_2,AT
+	daddu	t_2,t_1
+	sltu	AT,c_2,AT
 	daddu	c_2,t_2
-	sltu	AT,c_2,t_2
 	daddu	c_3,AT
+	sltu	t_2,c_2,t_2
+	daddu	c_3,t_2
 	sd	c_1,24(a0)

 	dmultu	a_3,a_1		/* mul_add_c2(a[3],b[1],c2,c3,c1); */
 	mflo	t_1
 	mfhi	t_2
-	slt	c_1,t_2,zero
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
 	daddu	c_2,t_1
 	sltu	AT,c_2,t_1
-	daddu	t_2,AT
+	daddu	c_2,t_1
+	daddu	AT,t_2
+	sltu	t_1,c_2,t_1
+	daddu	c_3,AT
+	daddu	t_2,t_1
+	sltu	c_1,c_3,AT
 	daddu	c_3,t_2
-	sltu	AT,c_3,t_2
-	daddu	c_1,AT
+	sltu	t_2,c_3,t_2
+	daddu	c_1,t_2
 	dmultu	a_2,a_2		/* mul_add_c(a[2],b[2],c2,c3,c1); */
 	mflo	t_1
 	mfhi	t_2
@@ -2174,17 +2174,17 @@ LEAF(bn_sqr_comba4)
 	dmultu	a_2,a_3		/* mul_add_c2(a[2],b[3],c3,c1,c2); */
 	mflo	t_1
 	mfhi	t_2
-	slt	c_2,t_2,zero
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
 	daddu	c_3,t_1
 	sltu	AT,c_3,t_1
-	daddu	t_2,AT
+	daddu	c_3,t_1
+	daddu	AT,t_2
+	sltu	t_1,c_3,t_1
+	daddu	c_1,AT
+	daddu	t_2,t_1
+	sltu	c_2,c_1,AT
 	daddu	c_1,t_2
-	sltu	AT,c_1,t_2
-	daddu	c_2,AT
+	sltu	t_2,c_1,t_2
+	daddu	c_2,t_2
 	sd	c_3,40(a0)

 	dmultu	a_3,a_3		/* mul_add_c(a[3],b[3],c1,c2,c3); */
--- a/crypto/bn/asm/x86_64-gcc.c
+++ b/crypto/bn/asm/x86_64-gcc.c
@@ -2,7 +2,7 @@
 #if !(defined(__GNUC__) && __GNUC__>=2)
 # include "../bn_asm.c"	/* kind of dirty hack for Sun Studio */
 #else
-/*
+/*-
 * x86_64 BIGNUM accelerator version 0.1, December 2002.
 *
 * Implemented by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
@@ -65,12 +65,12 @@
 #undef mul_add
 #undef sqr

-/*
+/*-
 * "m"(a), "+m"(r)	is the way to favor DirectPath <20>-code;
 * "g"(0)		let the compiler to decide where does it
 *			want to keep the value of zero;
 */
-#define mul_add(r,a,word,carry) do {	\
+# define mul_add(r,a,word,carry) do {	\
 	register BN_ULONG high,low;	\
 	asm ("mulq %3"			\
 		: "=a"(low),"=d"(high)	\
@@ -87,7 +87,7 @@
 	carry=high;			\
 	} while (0)

-#define mul(r,a,word,carry) do {	\
+# define mul(r,a,word,carry) do {	\
 	register BN_ULONG high,low;	\
 	asm ("mulq %3"			\
 		: "=a"(low),"=d"(high)	\
@@ -273,6 +273,10 @@ BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
 /* sqr_add_c(a,i,c0,c1,c2)  -- c+=a[i]^2 for three word number c=(c2,c1,c0) */
 /* sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number c=(c2,c1,c0) */

+/*
+ * Keep in mind that carrying into high part of multiplication result
+ * can not overflow, because it cannot be all-ones.
+ */
 #if 0
 /* original macros are kept for reference purposes */
 #define mul_add_c(a,b,c0,c1,c2) {	\
@@ -287,10 +291,10 @@ BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
 	BN_ULONG ta=(a),tb=(b),t0;	\
 	t1 = BN_UMULT_HIGH(ta,tb);	\
 	t0 = ta * tb;			\
-	t2 = t1+t1; c2 += (t2<t1)?1:0;	\
-	t1 = t0+t0; t2 += (t1<t0)?1:0;	\
-	c0 += t1; t2 += (c0<t1)?1:0;	\
+	c0 += t0; t2 = t1+((c0<t0)?1:0);\
 	c1 += t2; c2 += (c1<t2)?1:0;	\
+	c0 += t0; t1 += (c0<t0)?1:0;	\
+	c1 += t1; c2 += (c1<t1)?1:0;	\
 	}
 #else
 #define mul_add_c(a,b,c0,c1,c2)	do {	\
@@ -328,22 +332,14 @@ BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
 		: "=a"(t1),"=d"(t2)	\
 		: "a"(a),"m"(b)		\
 		: "cc");		\
-	asm ("addq %0,%0; adcq %2,%1"	\
-		: "+d"(t2),"+r"(c2)	\
-		: "g"(0)		\
-		: "cc");		\
-	asm ("addq %0,%0; adcq %2,%1"	\
-		: "+a"(t1),"+d"(t2)	\
-		: "g"(0)		\
-		: "cc");		\
-	asm ("addq %2,%0; adcq %3,%1"	\
-		: "+r"(c0),"+d"(t2)	\
-		: "a"(t1),"g"(0)	\
-		: "cc");		\
-	asm ("addq %2,%0; adcq %3,%1"	\
-		: "+r"(c1),"+r"(c2)	\
-		: "d"(t2),"g"(0)	\
-		: "cc");		\
+	asm ("addq %3,%0; adcq %4,%1; adcq %5,%2"	\
+		: "+r"(c0),"+r"(c1),"+r"(c2)		\
+		: "r"(t1),"r"(t2),"g"(0)		\
+		: "cc");				\
+	asm ("addq %3,%0; adcq %4,%1; adcq %5,%2"	\
+		: "+r"(c0),"+r"(c1),"+r"(c2)		\
+		: "r"(t1),"r"(t2),"g"(0)		\
+		: "cc");				\
 	} while (0)
 #endif

--- a/crypto/bn/bn.h
+++ b/crypto/bn/bn.h
@@ -275,16 +275,22 @@ extern "C" {

 #define BN_FLG_MALLOCED		0x01
 #define BN_FLG_STATIC_DATA	0x02
-#define BN_FLG_CONSTTIME	0x04 /* avoid leaking exponent information through timing,
-                                      * BN_mod_exp_mont() will call BN_mod_exp_mont_consttime,
-                                      * BN_div() will call BN_div_no_branch,
-                                      * BN_mod_inverse() will call BN_mod_inverse_no_branch.
-                                      */

-#ifndef OPENSSL_NO_DEPRECATED
-#define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME /* deprecated name for the flag */
-                                      /* avoid leaking exponent information through timings
-                                      * (BN_mod_exp_mont() will call BN_mod_exp_mont_consttime) */
+/*
+ * avoid leaking exponent information through timing,
+ * BN_mod_exp_mont() will call BN_mod_exp_mont_consttime,
+ * BN_div() will call BN_div_no_branch,
+ * BN_mod_inverse() will call BN_mod_inverse_no_branch.
+ */
+#define BN_FLG_CONSTTIME	0x04 
+
+#ifdef OPENSSL_NO_DEPRECATED
+/* deprecated name for the flag */
+#define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME 
+/*
+ * avoid leaking exponent information through timings
+ * (BN_mod_exp_mont() will call BN_mod_exp_mont_consttime)
+ */
 #endif

 #ifndef OPENSSL_NO_DEPRECATED
@@ -623,45 +629,62 @@ int	BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
 * be expanded to the appropriate size if needed.
 */

-int	BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); /*r = a + b*/
+/*r = a + b*/
+int	BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
 #define BN_GF2m_sub(r, a, b) BN_GF2m_add(r, a, b)
-int	BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p); /*r=a mod p*/
+/*r=a mod p*/
+int	BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p);
+/* r = (a * b) mod p */
 int	BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-	const BIGNUM *p, BN_CTX *ctx); /* r = (a * b) mod p */
+	const BIGNUM *p, BN_CTX *ctx);
+/* r = (a * a) mod p */
 int	BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-	BN_CTX *ctx); /* r = (a * a) mod p */
+	BN_CTX *ctx);
+/* r = (1 / b) mod p */
 int	BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *b, const BIGNUM *p,
-	BN_CTX *ctx); /* r = (1 / b) mod p */
+	BN_CTX *ctx);
+/* r = (a / b) mod p */
 int	BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-	const BIGNUM *p, BN_CTX *ctx); /* r = (a / b) mod p */
+	const BIGNUM *p, BN_CTX *ctx);
+/* r = (a ^ b) mod p */
 int	BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-	const BIGNUM *p, BN_CTX *ctx); /* r = (a ^ b) mod p */
+	const BIGNUM *p, BN_CTX *ctx); 
+/* r = sqrt(a) mod p */
 int	BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-	BN_CTX *ctx); /* r = sqrt(a) mod p */
+	BN_CTX *ctx);
+/* r^2 + r = a mod p */
 int	BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-	BN_CTX *ctx); /* r^2 + r = a mod p */
+	BN_CTX *ctx);
 #define BN_GF2m_cmp(a, b) BN_ucmp((a), (b))
-/* Some functions allow for representation of the irreducible polynomials
+/*-
+ * Some functions allow for representation of the irreducible polynomials
 * as an unsigned int[], say p.  The irreducible f(t) is then of the form:
 *     t^p[0] + t^p[1] + ... + t^p[k]
 * where m = p[0] > p[1] > ... > p[k] = 0.
 */
+/* r = a mod p */
 int	BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[]);
-	/* r = a mod p */
+/* r = (a * b) mod p */
 int	BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-	const int p[], BN_CTX *ctx); /* r = (a * b) mod p */
+	const int p[], BN_CTX *ctx);
+/* r = (a * a) mod p */
 int	BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[],
-	BN_CTX *ctx); /* r = (a * a) mod p */
+	BN_CTX *ctx);
+/* r = (1 / b) mod p */
 int	BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const int p[],
-	BN_CTX *ctx); /* r = (1 / b) mod p */
+	BN_CTX *ctx);
+/* r = (a / b) mod p */
 int	BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-	const int p[], BN_CTX *ctx); /* r = (a / b) mod p */
+	const int p[], BN_CTX *ctx);
+/* r = (a ^ b) mod p */
 int	BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-	const int p[], BN_CTX *ctx); /* r = (a ^ b) mod p */
+	const int p[], BN_CTX *ctx);
+/* r = sqrt(a) mod p */
 int	BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a,
-	const int p[], BN_CTX *ctx); /* r = sqrt(a) mod p */
+	const int p[], BN_CTX *ctx);
+/* r^2 + r = a mod p */
 int	BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a,
-	const int p[], BN_CTX *ctx); /* r^2 + r = a mod p */
+	const int p[], BN_CTX *ctx);
 int	BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max);
 int	BN_GF2m_arr2poly(const int p[], BIGNUM *a);

@@ -689,7 +712,8 @@ BIGNUM *bn_expand2(BIGNUM *a, int words);
 BIGNUM *bn_dup_expand(const BIGNUM *a, int words); /* unused */
 #endif

-/* Bignum consistency macros
+/*-
+ * Bignum consistency macros
 * There is one "API" macro, bn_fix_top(), for stripping leading zeroes from
 * bignum data after direct manipulations on the data. There is also an
 * "internal" macro, bn_check_top(), for verifying that there are no leading
--- a/crypto/bn/bn_add.c
+++ b/crypto/bn/bn_add.c
@@ -69,7 +69,8 @@ int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
 	bn_check_top(a);
 	bn_check_top(b);

-	/*  a +  b	a+b
+	/*-
+	 *  a +  b	a+b
 	 *  a + -b	a-b
 	 * -a +  b	b-a
 	 * -a + -b	-(a+b)
@@ -269,7 +270,8 @@ int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
 	bn_check_top(a);
 	bn_check_top(b);

-	/*  a -  b	a-b
+	/*-
+	 *  a -  b	a-b
 	 *  a - -b	a+b
 	 * -a -  b	-(a+b)
 	 * -a - -b	b-a
--- a/crypto/bn/bn_asm.c
+++ b/crypto/bn/bn_asm.c
@@ -438,6 +438,10 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
 /* sqr_add_c(a,i,c0,c1,c2)  -- c+=a[i]^2 for three word number c=(c2,c1,c0) */
 /* sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number c=(c2,c1,c0) */

+/*
+ * Keep in mind that carrying into high part of multiplication result
+ * can not overflow, because it cannot be all-ones.
+ */
 #ifdef BN_LLONG
 #define mul_add_c(a,b,c0,c1,c2) \
 	t=(BN_ULLONG)a*b; \
@@ -463,7 +467,7 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
 	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
 	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;

-#define sqr_add_c2(a,i,j,c0,c1,c2) \
+# define sqr_add_c2(a,i,j,c0,c1,c2) \
 	mul_add_c2((a)[i],(a)[j],c0,c1,c2)

 #elif defined(BN_UMULT_LOHI)
@@ -478,10 +482,10 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
 #define mul_add_c2(a,b,c0,c1,c2) {	\
 	BN_ULONG ta=(a),tb=(b),t0;	\
 	BN_UMULT_LOHI(t0,t1,ta,tb);	\
-	t2 = t1+t1; c2 += (t2<t1)?1:0;	\
-	t1 = t0+t0; t2 += (t1<t0)?1:0;	\
-	c0 += t1; t2 += (c0<t1)?1:0;	\
+	c0 += t0; t2 = t1+((c0<t0)?1:0);\
 	c1 += t2; c2 += (c1<t2)?1:0;	\
+	c0 += t0; t1 += (c0<t0)?1:0;	\
+	c1 += t1; c2 += (c1<t1)?1:0;	\
 	}

 #define sqr_add_c(a,i,c0,c1,c2)	{	\
@@ -491,7 +495,7 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
 	c1 += t2; c2 += (c1<t2)?1:0;	\
 	}

-#define sqr_add_c2(a,i,j,c0,c1,c2)	\
+#  define sqr_add_c2(a,i,j,c0,c1,c2)	\
 	mul_add_c2((a)[i],(a)[j],c0,c1,c2)

 #elif defined(BN_UMULT_HIGH)
@@ -508,10 +512,10 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
 	BN_ULONG ta=(a),tb=(b),t0;	\
 	t1 = BN_UMULT_HIGH(ta,tb);	\
 	t0 = ta * tb;			\
-	t2 = t1+t1; c2 += (t2<t1)?1:0;	\
-	t1 = t0+t0; t2 += (t1<t0)?1:0;	\
-	c0 += t1; t2 += (c0<t1)?1:0;	\
+	c0 += t0; t2 = t1+((c0<t0)?1:0);\
 	c1 += t2; c2 += (c1<t2)?1:0;	\
+	c0 += t0; t1 += (c0<t0)?1:0;	\
+	c1 += t1; c2 += (c1<t1)?1:0;	\
 	}

 #define sqr_add_c(a,i,c0,c1,c2)	{	\
@@ -550,7 +554,7 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
 	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
 	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;

-#define sqr_add_c2(a,i,j,c0,c1,c2) \
+#  define sqr_add_c2(a,i,j,c0,c1,c2) \
 	mul_add_c2((a)[i],(a)[j],c0,c1,c2)
 #endif /* !BN_LLONG */

--- a/crypto/bn/bn_const.c
+++ b/crypto/bn/bn_const.c
@@ -3,7 +3,8 @@

 #include "bn.h"

-/* "First Oakley Default Group" from RFC2409, section 6.1.
+/*-
+ * "First Oakley Default Group" from RFC2409, section 6.1.
 *
 * The prime is: 2^768 - 2 ^704 - 1 + 2^64 * { [2^638 pi] + 149686 }
 *
@@ -14,19 +15,24 @@
 BIGNUM *get_rfc2409_prime_768(BIGNUM *bn)
 	{
 	static const unsigned char RFC2409_PRIME_768[]={
-		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
-		0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
-		0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
-		0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
-		0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
-		0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
-		0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
-		0xA6,0x3A,0x36,0x20,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+		0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
+		0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
+		0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
+		0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,
+		0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
+		0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,
+		0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
+		0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
+		0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
+		0xF4,0x4C,0x42,0xE9,0xA6,0x3A,0x36,0x20,
+		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
 		};
 	return BN_bin2bn(RFC2409_PRIME_768,sizeof(RFC2409_PRIME_768),bn);
 	}

-/* "Second Oakley Default Group" from RFC2409, section 6.2.
+/*-
+ * "Second Oakley Default Group" from RFC2409, section 6.2.
 *
 * The prime is: 2^1024 - 2^960 - 1 + 2^64 * { [2^894 pi] + 129093 }.
 *
@@ -37,22 +43,28 @@ BIGNUM *get_rfc2409_prime_768(BIGNUM *bn)
 BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn)
 	{
 	static const unsigned char RFC2409_PRIME_1024[]={
-		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
-		0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
-		0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
-		0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
-		0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
-		0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
-		0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
-		0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
-		0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
-		0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE6,0x53,0x81,
+		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+		0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
+		0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
+		0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
+		0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,
+		0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
+		0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,
+		0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
+		0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
+		0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
+		0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,
+		0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
+		0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,
+		0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
+		0x49,0x28,0x66,0x51,0xEC,0xE6,0x53,0x81,
 		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
 		};
 	return BN_bin2bn(RFC2409_PRIME_1024,sizeof(RFC2409_PRIME_1024),bn);
 	}

-/* "1536-bit MODP Group" from RFC3526, Section 2.
+/*-
+ * "1536-bit MODP Group" from RFC3526, Section 2.
 *
 * The prime is: 2^1536 - 2^1472 - 1 + 2^64 * { [2^1406 pi] + 741804 }
 *
@@ -63,27 +75,36 @@ BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn)
 BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn)
 	{
 	static const unsigned char RFC3526_PRIME_1536[]={
-		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
-		0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
-		0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
-		0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
-		0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
-		0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
-		0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
-		0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
-		0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
-		0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
-		0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,
-		0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
-		0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,
-		0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
-		0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,
-		0xCA,0x23,0x73,0x27,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+		0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
+		0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
+		0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
+		0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,
+		0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
+		0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,
+		0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
+		0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
+		0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
+		0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,
+		0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
+		0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,
+		0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
+		0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
+		0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,
+		0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,
+		0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
+		0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,
+		0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
+		0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
+		0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
+		0xF1,0x74,0x6C,0x08,0xCA,0x23,0x73,0x27,
+		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
 		};
 	return BN_bin2bn(RFC3526_PRIME_1536,sizeof(RFC3526_PRIME_1536),bn);
 	}

-/* "2048-bit MODP Group" from RFC3526, Section 3.
+/*-
+ * "2048-bit MODP Group" from RFC3526, Section 3.
 *
 * The prime is: 2^2048 - 2^1984 - 1 + 2^64 * { [2^1918 pi] + 124476 }
 *
@@ -93,33 +114,44 @@ BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn)
 BIGNUM *get_rfc3526_prime_2048(BIGNUM *bn)
 	{
 	static const unsigned char RFC3526_PRIME_2048[]={
-		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
-		0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
-		0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
-		0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
-		0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
-		0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
-		0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
-		0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
-		0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
-		0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
-		0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,
-		0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
-		0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,
-		0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
-		0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,
-		0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
-		0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,
-		0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,
-		0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C,
-		0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
-		0x15,0x72,0x8E,0x5A,0x8A,0xAC,0xAA,0x68,0xFF,0xFF,0xFF,0xFF,
-		0xFF,0xFF,0xFF,0xFF,
+		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+		0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
+		0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
+		0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
+		0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,
+		0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
+		0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,
+		0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
+		0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
+		0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
+		0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,
+		0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
+		0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,
+		0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
+		0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
+		0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,
+		0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,
+		0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
+		0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,
+		0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
+		0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
+		0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
+		0xF1,0x74,0x6C,0x08,0xCA,0x18,0x21,0x7C,
+		0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
+		0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,
+		0x9B,0x27,0x83,0xA2,0xEC,0x07,0xA2,0x8F,
+		0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,
+		0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,
+		0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,
+		0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
+		0x15,0x72,0x8E,0x5A,0x8A,0xAC,0xAA,0x68,
+		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
 		};
 	return BN_bin2bn(RFC3526_PRIME_2048,sizeof(RFC3526_PRIME_2048),bn);
 	}

-/* "3072-bit MODP Group" from RFC3526, Section 4.
+/*-
+ * "3072-bit MODP Group" from RFC3526, Section 4.
 *
 * The prime is: 2^3072 - 2^3008 - 1 + 2^64 * { [2^2942 pi] + 1690314 }
 *
@@ -129,43 +161,60 @@ BIGNUM *get_rfc3526_prime_2048(BIGNUM *bn)
 BIGNUM *get_rfc3526_prime_3072(BIGNUM *bn)
 	{
 	static const unsigned char RFC3526_PRIME_3072[]={
-		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
-		0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
-		0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
-		0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
-		0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
-		0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
-		0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
-		0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
-		0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
-		0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
-		0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,
-		0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
-		0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,
-		0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
-		0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,
-		0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
-		0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,
-		0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,
-		0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C,
-		0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
-		0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,
-		0x04,0x50,0x7A,0x33,0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,
-		0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,0x8A,0xEA,0x71,0x57,
-		0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
-		0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,
-		0x4A,0x25,0x61,0x9D,0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,
-		0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,0xD8,0x76,0x02,0x73,
-		0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
-		0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,
-		0xBA,0xD9,0x46,0xE2,0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,
-		0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,0x4B,0x82,0xD1,0x20,
-		0xA9,0x3A,0xD2,0xCA,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+		0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
+		0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
+		0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
+		0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,
+		0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
+		0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,
+		0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
+		0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
+		0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
+		0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,
+		0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
+		0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,
+		0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
+		0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
+		0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,
+		0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,
+		0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
+		0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,
+		0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
+		0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
+		0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
+		0xF1,0x74,0x6C,0x08,0xCA,0x18,0x21,0x7C,
+		0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
+		0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,
+		0x9B,0x27,0x83,0xA2,0xEC,0x07,0xA2,0x8F,
+		0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,
+		0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,
+		0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,
+		0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
+		0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,
+		0xAD,0x33,0x17,0x0D,0x04,0x50,0x7A,0x33,
+		0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,
+		0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,
+		0x8A,0xEA,0x71,0x57,0x5D,0x06,0x0C,0x7D,
+		0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
+		0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,
+		0x1E,0x8C,0x94,0xE0,0x4A,0x25,0x61,0x9D,
+		0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,
+		0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,
+		0xD8,0x76,0x02,0x73,0x3E,0xC8,0x6A,0x64,
+		0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
+		0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,
+		0x77,0x09,0x88,0xC0,0xBA,0xD9,0x46,0xE2,
+		0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,
+		0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,
+		0x4B,0x82,0xD1,0x20,0xA9,0x3A,0xD2,0xCA,
+		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
 		};
 	return BN_bin2bn(RFC3526_PRIME_3072,sizeof(RFC3526_PRIME_3072),bn);
 	}

-/* "4096-bit MODP Group" from RFC3526, Section 5.
+/*-
+ * "4096-bit MODP Group" from RFC3526, Section 5.
 *
 * The prime is: 2^4096 - 2^4032 - 1 + 2^64 * { [2^3966 pi] + 240904 }
 *
@@ -175,54 +224,76 @@ BIGNUM *get_rfc3526_prime_3072(BIGNUM *bn)
 BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn)
 	{
 	static const unsigned char RFC3526_PRIME_4096[]={
-		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
-		0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
-		0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
-		0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
-		0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
-		0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
-		0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
-		0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
-		0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
-		0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
-		0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,
-		0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
-		0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,
-		0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
-		0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,
-		0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
-		0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,
-		0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,
-		0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C,
-		0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
-		0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,
-		0x04,0x50,0x7A,0x33,0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,
-		0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,0x8A,0xEA,0x71,0x57,
-		0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
-		0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,
-		0x4A,0x25,0x61,0x9D,0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,
-		0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,0xD8,0x76,0x02,0x73,
-		0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
-		0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,
-		0xBA,0xD9,0x46,0xE2,0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,
-		0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,0x4B,0x82,0xD1,0x20,
-		0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7,
-		0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,
-		0x6A,0xF4,0xE2,0x3C,0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,
-		0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,0xDB,0xBB,0xC2,0xDB,
-		0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6,
-		0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,
-		0xA0,0x90,0xC3,0xA2,0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,
-		0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,0xB8,0x1B,0xDD,0x76,
-		0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9,
-		0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,
-		0x90,0xA6,0xC0,0x8F,0x4D,0xF4,0x35,0xC9,0x34,0x06,0x31,0x99,
+		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+		0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
+		0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
+		0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
+		0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,
+		0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
+		0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,
+		0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
+		0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
+		0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
+		0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,
+		0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
+		0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,
+		0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
+		0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
+		0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,
+		0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,
+		0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
+		0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,
+		0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
+		0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
+		0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
+		0xF1,0x74,0x6C,0x08,0xCA,0x18,0x21,0x7C,
+		0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
+		0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,
+		0x9B,0x27,0x83,0xA2,0xEC,0x07,0xA2,0x8F,
+		0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,
+		0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,
+		0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,
+		0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
+		0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,
+		0xAD,0x33,0x17,0x0D,0x04,0x50,0x7A,0x33,
+		0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,
+		0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,
+		0x8A,0xEA,0x71,0x57,0x5D,0x06,0x0C,0x7D,
+		0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
+		0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,
+		0x1E,0x8C,0x94,0xE0,0x4A,0x25,0x61,0x9D,
+		0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,
+		0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,
+		0xD8,0x76,0x02,0x73,0x3E,0xC8,0x6A,0x64,
+		0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
+		0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,
+		0x77,0x09,0x88,0xC0,0xBA,0xD9,0x46,0xE2,
+		0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,
+		0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,
+		0x4B,0x82,0xD1,0x20,0xA9,0x21,0x08,0x01,
+		0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7,
+		0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,
+		0x99,0xC3,0x27,0x18,0x6A,0xF4,0xE2,0x3C,
+		0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,
+		0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,
+		0xDB,0xBB,0xC2,0xDB,0x04,0xDE,0x8E,0xF9,
+		0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6,
+		0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,
+		0x99,0xB2,0x96,0x4F,0xA0,0x90,0xC3,0xA2,
+		0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,
+		0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,
+		0xB8,0x1B,0xDD,0x76,0x21,0x70,0x48,0x1C,
+		0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9,
+		0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,
+		0x86,0xFF,0xB7,0xDC,0x90,0xA6,0xC0,0x8F,
+		0x4D,0xF4,0x35,0xC9,0x34,0x06,0x31,0x99,
 		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
 		};
 	return BN_bin2bn(RFC3526_PRIME_4096,sizeof(RFC3526_PRIME_4096),bn);
 	}

-/* "6144-bit MODP Group" from RFC3526, Section 6.
+/*-
+ * "6144-bit MODP Group" from RFC3526, Section 6.
 *
 * The prime is: 2^6144 - 2^6080 - 1 + 2^64 * { [2^6014 pi] + 929484 }
 *
@@ -232,75 +303,108 @@ BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn)
 BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn)
 	{
 	static const unsigned char RFC3526_PRIME_6144[]={
-		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
-		0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
-		0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
-		0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
-		0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
-		0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
-		0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
-		0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
-		0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
-		0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
-		0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,
-		0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
-		0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,
-		0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
-		0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,
-		0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
-		0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,
-		0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,
-		0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C,
-		0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
-		0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,
-		0x04,0x50,0x7A,0x33,0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,
-		0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,0x8A,0xEA,0x71,0x57,
-		0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
-		0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,
-		0x4A,0x25,0x61,0x9D,0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,
-		0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,0xD8,0x76,0x02,0x73,
-		0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
-		0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,
-		0xBA,0xD9,0x46,0xE2,0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,
-		0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,0x4B,0x82,0xD1,0x20,
-		0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7,
-		0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,
-		0x6A,0xF4,0xE2,0x3C,0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,
-		0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,0xDB,0xBB,0xC2,0xDB,
-		0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6,
-		0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,
-		0xA0,0x90,0xC3,0xA2,0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,
-		0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,0xB8,0x1B,0xDD,0x76,
-		0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9,
-		0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,
-		0x90,0xA6,0xC0,0x8F,0x4D,0xF4,0x35,0xC9,0x34,0x02,0x84,0x92,
-		0x36,0xC3,0xFA,0xB4,0xD2,0x7C,0x70,0x26,0xC1,0xD4,0xDC,0xB2,
-		0x60,0x26,0x46,0xDE,0xC9,0x75,0x1E,0x76,0x3D,0xBA,0x37,0xBD,
-		0xF8,0xFF,0x94,0x06,0xAD,0x9E,0x53,0x0E,0xE5,0xDB,0x38,0x2F,
-		0x41,0x30,0x01,0xAE,0xB0,0x6A,0x53,0xED,0x90,0x27,0xD8,0x31,
-		0x17,0x97,0x27,0xB0,0x86,0x5A,0x89,0x18,0xDA,0x3E,0xDB,0xEB,
-		0xCF,0x9B,0x14,0xED,0x44,0xCE,0x6C,0xBA,0xCE,0xD4,0xBB,0x1B,
-		0xDB,0x7F,0x14,0x47,0xE6,0xCC,0x25,0x4B,0x33,0x20,0x51,0x51,
-		0x2B,0xD7,0xAF,0x42,0x6F,0xB8,0xF4,0x01,0x37,0x8C,0xD2,0xBF,
-		0x59,0x83,0xCA,0x01,0xC6,0x4B,0x92,0xEC,0xF0,0x32,0xEA,0x15,
-		0xD1,0x72,0x1D,0x03,0xF4,0x82,0xD7,0xCE,0x6E,0x74,0xFE,0xF6,
-		0xD5,0x5E,0x70,0x2F,0x46,0x98,0x0C,0x82,0xB5,0xA8,0x40,0x31,
-		0x90,0x0B,0x1C,0x9E,0x59,0xE7,0xC9,0x7F,0xBE,0xC7,0xE8,0xF3,
-		0x23,0xA9,0x7A,0x7E,0x36,0xCC,0x88,0xBE,0x0F,0x1D,0x45,0xB7,
-		0xFF,0x58,0x5A,0xC5,0x4B,0xD4,0x07,0xB2,0x2B,0x41,0x54,0xAA,
-		0xCC,0x8F,0x6D,0x7E,0xBF,0x48,0xE1,0xD8,0x14,0xCC,0x5E,0xD2,
-		0x0F,0x80,0x37,0xE0,0xA7,0x97,0x15,0xEE,0xF2,0x9B,0xE3,0x28,
-		0x06,0xA1,0xD5,0x8B,0xB7,0xC5,0xDA,0x76,0xF5,0x50,0xAA,0x3D,
-		0x8A,0x1F,0xBF,0xF0,0xEB,0x19,0xCC,0xB1,0xA3,0x13,0xD5,0x5C,
-		0xDA,0x56,0xC9,0xEC,0x2E,0xF2,0x96,0x32,0x38,0x7F,0xE8,0xD7,
-		0x6E,0x3C,0x04,0x68,0x04,0x3E,0x8F,0x66,0x3F,0x48,0x60,0xEE,
-		0x12,0xBF,0x2D,0x5B,0x0B,0x74,0x74,0xD6,0xE6,0x94,0xF9,0x1E,
-		0x6D,0xCC,0x40,0x24,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+		0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
+		0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
+		0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
+		0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,
+		0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
+		0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,
+		0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
+		0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
+		0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
+		0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,
+		0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
+		0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,
+		0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
+		0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
+		0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,
+		0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,
+		0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
+		0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,
+		0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
+		0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
+		0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
+		0xF1,0x74,0x6C,0x08,0xCA,0x18,0x21,0x7C,
+		0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
+		0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,
+		0x9B,0x27,0x83,0xA2,0xEC,0x07,0xA2,0x8F,
+		0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,
+		0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,
+		0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,
+		0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
+		0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,
+		0xAD,0x33,0x17,0x0D,0x04,0x50,0x7A,0x33,
+		0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,
+		0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,
+		0x8A,0xEA,0x71,0x57,0x5D,0x06,0x0C,0x7D,
+		0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
+		0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,
+		0x1E,0x8C,0x94,0xE0,0x4A,0x25,0x61,0x9D,
+		0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,
+		0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,
+		0xD8,0x76,0x02,0x73,0x3E,0xC8,0x6A,0x64,
+		0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
+		0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,
+		0x77,0x09,0x88,0xC0,0xBA,0xD9,0x46,0xE2,
+		0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,
+		0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,
+		0x4B,0x82,0xD1,0x20,0xA9,0x21,0x08,0x01,
+		0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7,
+		0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,
+		0x99,0xC3,0x27,0x18,0x6A,0xF4,0xE2,0x3C,
+		0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,
+		0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,
+		0xDB,0xBB,0xC2,0xDB,0x04,0xDE,0x8E,0xF9,
+		0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6,
+		0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,
+		0x99,0xB2,0x96,0x4F,0xA0,0x90,0xC3,0xA2,
+		0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,
+		0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,
+		0xB8,0x1B,0xDD,0x76,0x21,0x70,0x48,0x1C,
+		0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9,
+		0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,
+		0x86,0xFF,0xB7,0xDC,0x90,0xA6,0xC0,0x8F,
+		0x4D,0xF4,0x35,0xC9,0x34,0x02,0x84,0x92,
+		0x36,0xC3,0xFA,0xB4,0xD2,0x7C,0x70,0x26,
+		0xC1,0xD4,0xDC,0xB2,0x60,0x26,0x46,0xDE,
+		0xC9,0x75,0x1E,0x76,0x3D,0xBA,0x37,0xBD,
+		0xF8,0xFF,0x94,0x06,0xAD,0x9E,0x53,0x0E,
+		0xE5,0xDB,0x38,0x2F,0x41,0x30,0x01,0xAE,
+		0xB0,0x6A,0x53,0xED,0x90,0x27,0xD8,0x31,
+		0x17,0x97,0x27,0xB0,0x86,0x5A,0x89,0x18,
+		0xDA,0x3E,0xDB,0xEB,0xCF,0x9B,0x14,0xED,
+		0x44,0xCE,0x6C,0xBA,0xCE,0xD4,0xBB,0x1B,
+		0xDB,0x7F,0x14,0x47,0xE6,0xCC,0x25,0x4B,
+		0x33,0x20,0x51,0x51,0x2B,0xD7,0xAF,0x42,
+		0x6F,0xB8,0xF4,0x01,0x37,0x8C,0xD2,0xBF,
+		0x59,0x83,0xCA,0x01,0xC6,0x4B,0x92,0xEC,
+		0xF0,0x32,0xEA,0x15,0xD1,0x72,0x1D,0x03,
+		0xF4,0x82,0xD7,0xCE,0x6E,0x74,0xFE,0xF6,
+		0xD5,0x5E,0x70,0x2F,0x46,0x98,0x0C,0x82,
+		0xB5,0xA8,0x40,0x31,0x90,0x0B,0x1C,0x9E,
+		0x59,0xE7,0xC9,0x7F,0xBE,0xC7,0xE8,0xF3,
+		0x23,0xA9,0x7A,0x7E,0x36,0xCC,0x88,0xBE,
+		0x0F,0x1D,0x45,0xB7,0xFF,0x58,0x5A,0xC5,
+		0x4B,0xD4,0x07,0xB2,0x2B,0x41,0x54,0xAA,
+		0xCC,0x8F,0x6D,0x7E,0xBF,0x48,0xE1,0xD8,
+		0x14,0xCC,0x5E,0xD2,0x0F,0x80,0x37,0xE0,
+		0xA7,0x97,0x15,0xEE,0xF2,0x9B,0xE3,0x28,
+		0x06,0xA1,0xD5,0x8B,0xB7,0xC5,0xDA,0x76,
+		0xF5,0x50,0xAA,0x3D,0x8A,0x1F,0xBF,0xF0,
+		0xEB,0x19,0xCC,0xB1,0xA3,0x13,0xD5,0x5C,
+		0xDA,0x56,0xC9,0xEC,0x2E,0xF2,0x96,0x32,
+		0x38,0x7F,0xE8,0xD7,0x6E,0x3C,0x04,0x68,
+		0x04,0x3E,0x8F,0x66,0x3F,0x48,0x60,0xEE,
+		0x12,0xBF,0x2D,0x5B,0x0B,0x74,0x74,0xD6,
+		0xE6,0x94,0xF9,0x1E,0x6D,0xCC,0x40,0x24,
+		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
 		};
 	return BN_bin2bn(RFC3526_PRIME_6144,sizeof(RFC3526_PRIME_6144),bn);
 	}

-/* "8192-bit MODP Group" from RFC3526, Section 7.
+/*-
+ * "8192-bit MODP Group" from RFC3526, Section 7.
 *
 * The prime is: 2^8192 - 2^8128 - 1 + 2^64 * { [2^8062 pi] + 4743158 }
 *
@@ -310,92 +414,134 @@ BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn)
 BIGNUM *get_rfc3526_prime_8192(BIGNUM *bn)
 	{
 	static const unsigned char RFC3526_PRIME_8192[]={
-		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
-		0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
-		0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
-		0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
-		0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
-		0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
-		0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
-		0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
-		0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
-		0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
-		0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,
-		0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
-		0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,
-		0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
-		0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,
-		0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
-		0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,
-		0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,
-		0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C,
-		0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
-		0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,
-		0x04,0x50,0x7A,0x33,0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,
-		0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,0x8A,0xEA,0x71,0x57,
-		0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
-		0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,
-		0x4A,0x25,0x61,0x9D,0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,
-		0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,0xD8,0x76,0x02,0x73,
-		0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
-		0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,
-		0xBA,0xD9,0x46,0xE2,0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,
-		0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,0x4B,0x82,0xD1,0x20,
-		0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7,
-		0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,
-		0x6A,0xF4,0xE2,0x3C,0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,
-		0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,0xDB,0xBB,0xC2,0xDB,
-		0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6,
-		0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,
-		0xA0,0x90,0xC3,0xA2,0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,
-		0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,0xB8,0x1B,0xDD,0x76,
-		0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9,
-		0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,
-		0x90,0xA6,0xC0,0x8F,0x4D,0xF4,0x35,0xC9,0x34,0x02,0x84,0x92,
-		0x36,0xC3,0xFA,0xB4,0xD2,0x7C,0x70,0x26,0xC1,0xD4,0xDC,0xB2,
-		0x60,0x26,0x46,0xDE,0xC9,0x75,0x1E,0x76,0x3D,0xBA,0x37,0xBD,
-		0xF8,0xFF,0x94,0x06,0xAD,0x9E,0x53,0x0E,0xE5,0xDB,0x38,0x2F,
-		0x41,0x30,0x01,0xAE,0xB0,0x6A,0x53,0xED,0x90,0x27,0xD8,0x31,
-		0x17,0x97,0x27,0xB0,0x86,0x5A,0x89,0x18,0xDA,0x3E,0xDB,0xEB,
-		0xCF,0x9B,0x14,0xED,0x44,0xCE,0x6C,0xBA,0xCE,0xD4,0xBB,0x1B,
-		0xDB,0x7F,0x14,0x47,0xE6,0xCC,0x25,0x4B,0x33,0x20,0x51,0x51,
-		0x2B,0xD7,0xAF,0x42,0x6F,0xB8,0xF4,0x01,0x37,0x8C,0xD2,0xBF,
-		0x59,0x83,0xCA,0x01,0xC6,0x4B,0x92,0xEC,0xF0,0x32,0xEA,0x15,
-		0xD1,0x72,0x1D,0x03,0xF4,0x82,0xD7,0xCE,0x6E,0x74,0xFE,0xF6,
-		0xD5,0x5E,0x70,0x2F,0x46,0x98,0x0C,0x82,0xB5,0xA8,0x40,0x31,
-		0x90,0x0B,0x1C,0x9E,0x59,0xE7,0xC9,0x7F,0xBE,0xC7,0xE8,0xF3,
-		0x23,0xA9,0x7A,0x7E,0x36,0xCC,0x88,0xBE,0x0F,0x1D,0x45,0xB7,
-		0xFF,0x58,0x5A,0xC5,0x4B,0xD4,0x07,0xB2,0x2B,0x41,0x54,0xAA,
-		0xCC,0x8F,0x6D,0x7E,0xBF,0x48,0xE1,0xD8,0x14,0xCC,0x5E,0xD2,
-		0x0F,0x80,0x37,0xE0,0xA7,0x97,0x15,0xEE,0xF2,0x9B,0xE3,0x28,
-		0x06,0xA1,0xD5,0x8B,0xB7,0xC5,0xDA,0x76,0xF5,0x50,0xAA,0x3D,
-		0x8A,0x1F,0xBF,0xF0,0xEB,0x19,0xCC,0xB1,0xA3,0x13,0xD5,0x5C,
-		0xDA,0x56,0xC9,0xEC,0x2E,0xF2,0x96,0x32,0x38,0x7F,0xE8,0xD7,
-		0x6E,0x3C,0x04,0x68,0x04,0x3E,0x8F,0x66,0x3F,0x48,0x60,0xEE,
-		0x12,0xBF,0x2D,0x5B,0x0B,0x74,0x74,0xD6,0xE6,0x94,0xF9,0x1E,
-		0x6D,0xBE,0x11,0x59,0x74,0xA3,0x92,0x6F,0x12,0xFE,0xE5,0xE4,
-		0x38,0x77,0x7C,0xB6,0xA9,0x32,0xDF,0x8C,0xD8,0xBE,0xC4,0xD0,
-		0x73,0xB9,0x31,0xBA,0x3B,0xC8,0x32,0xB6,0x8D,0x9D,0xD3,0x00,
-		0x74,0x1F,0xA7,0xBF,0x8A,0xFC,0x47,0xED,0x25,0x76,0xF6,0x93,
-		0x6B,0xA4,0x24,0x66,0x3A,0xAB,0x63,0x9C,0x5A,0xE4,0xF5,0x68,
-		0x34,0x23,0xB4,0x74,0x2B,0xF1,0xC9,0x78,0x23,0x8F,0x16,0xCB,
-		0xE3,0x9D,0x65,0x2D,0xE3,0xFD,0xB8,0xBE,0xFC,0x84,0x8A,0xD9,
-		0x22,0x22,0x2E,0x04,0xA4,0x03,0x7C,0x07,0x13,0xEB,0x57,0xA8,
-		0x1A,0x23,0xF0,0xC7,0x34,0x73,0xFC,0x64,0x6C,0xEA,0x30,0x6B,
-		0x4B,0xCB,0xC8,0x86,0x2F,0x83,0x85,0xDD,0xFA,0x9D,0x4B,0x7F,
-		0xA2,0xC0,0x87,0xE8,0x79,0x68,0x33,0x03,0xED,0x5B,0xDD,0x3A,
-		0x06,0x2B,0x3C,0xF5,0xB3,0xA2,0x78,0xA6,0x6D,0x2A,0x13,0xF8,
-		0x3F,0x44,0xF8,0x2D,0xDF,0x31,0x0E,0xE0,0x74,0xAB,0x6A,0x36,
-		0x45,0x97,0xE8,0x99,0xA0,0x25,0x5D,0xC1,0x64,0xF3,0x1C,0xC5,
-		0x08,0x46,0x85,0x1D,0xF9,0xAB,0x48,0x19,0x5D,0xED,0x7E,0xA1,
-		0xB1,0xD5,0x10,0xBD,0x7E,0xE7,0x4D,0x73,0xFA,0xF3,0x6B,0xC3,
-		0x1E,0xCF,0xA2,0x68,0x35,0x90,0x46,0xF4,0xEB,0x87,0x9F,0x92,
-		0x40,0x09,0x43,0x8B,0x48,0x1C,0x6C,0xD7,0x88,0x9A,0x00,0x2E,
-		0xD5,0xEE,0x38,0x2B,0xC9,0x19,0x0D,0xA6,0xFC,0x02,0x6E,0x47,
-		0x95,0x58,0xE4,0x47,0x56,0x77,0xE9,0xAA,0x9E,0x30,0x50,0xE2,
-		0x76,0x56,0x94,0xDF,0xC8,0x1F,0x56,0xE8,0x80,0xB9,0x6E,0x71,
-		0x60,0xC9,0x80,0xDD,0x98,0xED,0xD3,0xDF,0xFF,0xFF,0xFF,0xFF,
-		0xFF,0xFF,0xFF,0xFF,
+		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+		0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
+		0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
+		0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
+		0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,
+		0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
+		0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,
+		0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
+		0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
+		0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
+		0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,
+		0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
+		0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,
+		0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
+		0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
+		0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,
+		0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,
+		0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
+		0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,
+		0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
+		0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
+		0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
+		0xF1,0x74,0x6C,0x08,0xCA,0x18,0x21,0x7C,
+		0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
+		0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,
+		0x9B,0x27,0x83,0xA2,0xEC,0x07,0xA2,0x8F,
+		0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,
+		0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,
+		0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,
+		0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
+		0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,
+		0xAD,0x33,0x17,0x0D,0x04,0x50,0x7A,0x33,
+		0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,
+		0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,
+		0x8A,0xEA,0x71,0x57,0x5D,0x06,0x0C,0x7D,
+		0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
+		0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,
+		0x1E,0x8C,0x94,0xE0,0x4A,0x25,0x61,0x9D,
+		0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,
+		0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,
+		0xD8,0x76,0x02,0x73,0x3E,0xC8,0x6A,0x64,
+		0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
+		0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,
+		0x77,0x09,0x88,0xC0,0xBA,0xD9,0x46,0xE2,
+		0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,
+		0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,
+		0x4B,0x82,0xD1,0x20,0xA9,0x21,0x08,0x01,
+		0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7,
+		0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,
+		0x99,0xC3,0x27,0x18,0x6A,0xF4,0xE2,0x3C,
+		0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,
+		0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,
+		0xDB,0xBB,0xC2,0xDB,0x04,0xDE,0x8E,0xF9,
+		0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6,
+		0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,
+		0x99,0xB2,0x96,0x4F,0xA0,0x90,0xC3,0xA2,
+		0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,
+		0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,
+		0xB8,0x1B,0xDD,0x76,0x21,0x70,0x48,0x1C,
+		0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9,
+		0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,
+		0x86,0xFF,0xB7,0xDC,0x90,0xA6,0xC0,0x8F,
+		0x4D,0xF4,0x35,0xC9,0x34,0x02,0x84,0x92,
+		0x36,0xC3,0xFA,0xB4,0xD2,0x7C,0x70,0x26,
+		0xC1,0xD4,0xDC,0xB2,0x60,0x26,0x46,0xDE,
+		0xC9,0x75,0x1E,0x76,0x3D,0xBA,0x37,0xBD,
+		0xF8,0xFF,0x94,0x06,0xAD,0x9E,0x53,0x0E,
+		0xE5,0xDB,0x38,0x2F,0x41,0x30,0x01,0xAE,
+		0xB0,0x6A,0x53,0xED,0x90,0x27,0xD8,0x31,
+		0x17,0x97,0x27,0xB0,0x86,0x5A,0x89,0x18,
+		0xDA,0x3E,0xDB,0xEB,0xCF,0x9B,0x14,0xED,
+		0x44,0xCE,0x6C,0xBA,0xCE,0xD4,0xBB,0x1B,
+		0xDB,0x7F,0x14,0x47,0xE6,0xCC,0x25,0x4B,
+		0x33,0x20,0x51,0x51,0x2B,0xD7,0xAF,0x42,
+		0x6F,0xB8,0xF4,0x01,0x37,0x8C,0xD2,0xBF,
+		0x59,0x83,0xCA,0x01,0xC6,0x4B,0x92,0xEC,
+		0xF0,0x32,0xEA,0x15,0xD1,0x72,0x1D,0x03,
+		0xF4,0x82,0xD7,0xCE,0x6E,0x74,0xFE,0xF6,
+		0xD5,0x5E,0x70,0x2F,0x46,0x98,0x0C,0x82,
+		0xB5,0xA8,0x40,0x31,0x90,0x0B,0x1C,0x9E,
+		0x59,0xE7,0xC9,0x7F,0xBE,0xC7,0xE8,0xF3,
+		0x23,0xA9,0x7A,0x7E,0x36,0xCC,0x88,0xBE,
+		0x0F,0x1D,0x45,0xB7,0xFF,0x58,0x5A,0xC5,
+		0x4B,0xD4,0x07,0xB2,0x2B,0x41,0x54,0xAA,
+		0xCC,0x8F,0x6D,0x7E,0xBF,0x48,0xE1,0xD8,
+		0x14,0xCC,0x5E,0xD2,0x0F,0x80,0x37,0xE0,
+		0xA7,0x97,0x15,0xEE,0xF2,0x9B,0xE3,0x28,
+		0x06,0xA1,0xD5,0x8B,0xB7,0xC5,0xDA,0x76,
+		0xF5,0x50,0xAA,0x3D,0x8A,0x1F,0xBF,0xF0,
+		0xEB,0x19,0xCC,0xB1,0xA3,0x13,0xD5,0x5C,
+		0xDA,0x56,0xC9,0xEC,0x2E,0xF2,0x96,0x32,
+		0x38,0x7F,0xE8,0xD7,0x6E,0x3C,0x04,0x68,
+		0x04,0x3E,0x8F,0x66,0x3F,0x48,0x60,0xEE,
+		0x12,0xBF,0x2D,0x5B,0x0B,0x74,0x74,0xD6,
+		0xE6,0x94,0xF9,0x1E,0x6D,0xBE,0x11,0x59,
+		0x74,0xA3,0x92,0x6F,0x12,0xFE,0xE5,0xE4,
+		0x38,0x77,0x7C,0xB6,0xA9,0x32,0xDF,0x8C,
+		0xD8,0xBE,0xC4,0xD0,0x73,0xB9,0x31,0xBA,
+		0x3B,0xC8,0x32,0xB6,0x8D,0x9D,0xD3,0x00,
+		0x74,0x1F,0xA7,0xBF,0x8A,0xFC,0x47,0xED,
+		0x25,0x76,0xF6,0x93,0x6B,0xA4,0x24,0x66,
+		0x3A,0xAB,0x63,0x9C,0x5A,0xE4,0xF5,0x68,
+		0x34,0x23,0xB4,0x74,0x2B,0xF1,0xC9,0x78,
+		0x23,0x8F,0x16,0xCB,0xE3,0x9D,0x65,0x2D,
+		0xE3,0xFD,0xB8,0xBE,0xFC,0x84,0x8A,0xD9,
+		0x22,0x22,0x2E,0x04,0xA4,0x03,0x7C,0x07,
+		0x13,0xEB,0x57,0xA8,0x1A,0x23,0xF0,0xC7,
+		0x34,0x73,0xFC,0x64,0x6C,0xEA,0x30,0x6B,
+		0x4B,0xCB,0xC8,0x86,0x2F,0x83,0x85,0xDD,
+		0xFA,0x9D,0x4B,0x7F,0xA2,0xC0,0x87,0xE8,
+		0x79,0x68,0x33,0x03,0xED,0x5B,0xDD,0x3A,
+		0x06,0x2B,0x3C,0xF5,0xB3,0xA2,0x78,0xA6,
+		0x6D,0x2A,0x13,0xF8,0x3F,0x44,0xF8,0x2D,
+		0xDF,0x31,0x0E,0xE0,0x74,0xAB,0x6A,0x36,
+		0x45,0x97,0xE8,0x99,0xA0,0x25,0x5D,0xC1,
+		0x64,0xF3,0x1C,0xC5,0x08,0x46,0x85,0x1D,
+		0xF9,0xAB,0x48,0x19,0x5D,0xED,0x7E,0xA1,
+		0xB1,0xD5,0x10,0xBD,0x7E,0xE7,0x4D,0x73,
+		0xFA,0xF3,0x6B,0xC3,0x1E,0xCF,0xA2,0x68,
+		0x35,0x90,0x46,0xF4,0xEB,0x87,0x9F,0x92,
+		0x40,0x09,0x43,0x8B,0x48,0x1C,0x6C,0xD7,
+		0x88,0x9A,0x00,0x2E,0xD5,0xEE,0x38,0x2B,
+		0xC9,0x19,0x0D,0xA6,0xFC,0x02,0x6E,0x47,
+		0x95,0x58,0xE4,0x47,0x56,0x77,0xE9,0xAA,
+		0x9E,0x30,0x50,0xE2,0x76,0x56,0x94,0xDF,
+		0xC8,0x1F,0x56,0xE8,0x80,0xB9,0x6E,0x71,
+		0x60,0xC9,0x80,0xDD,0x98,0xED,0xD3,0xDF,
+		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
 		};
 	return BN_bin2bn(RFC3526_PRIME_8192,sizeof(RFC3526_PRIME_8192),bn);
 	}
--- a/crypto/bn/bn_ctx.c
+++ b/crypto/bn/bn_ctx.c
@@ -66,7 +66,8 @@
 #include "cryptlib.h"
 #include "bn_lcl.h"

-/* TODO list
+/*-
+ * TODO list
 *
 * 1. Check a bunch of "(words+1)" type hacks in various bignum functions and
 * check they can be safely removed.
--- a/crypto/bn/bn_div.c
+++ b/crypto/bn/bn_div.c
@@ -131,7 +131,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
    && !defined(PEDANTIC) && !defined(BN_DIV3W)
 # if defined(__GNUC__) && __GNUC__>=2
 #  if defined(__i386) || defined (__i386__)
-   /*
+   /*-
    * There were two reasons for implementing this template:
    * - GNU C generates a call to a function (__udivdi3 to be exact)
    *   in reply to ((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0 (I fail to
@@ -169,7 +169,8 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
 #endif /* OPENSSL_NO_ASM */


-/* BN_div[_no_branch] computes  dv := num / divisor,  rounding towards
+/*-
+ * BN_div[_no_branch] computes  dv := num / divisor,  rounding towards
 * zero, and sets up rm  such that  dv*divisor + rm = num  holds.
 * Thus:
 *     dv->neg == num->neg ^ divisor->neg  (unless the result is zero)
--- a/crypto/bn/bn_exp.c
+++ b/crypto/bn/bn_exp.c
@@ -170,7 +170,8 @@ int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
 	bn_check_top(p);
 	bn_check_top(m);

-	/* For even modulus  m = 2^k*m_odd,  it might make sense to compute
+	/*-
+	 * For even modulus  m = 2^k*m_odd,  it might make sense to compute
 	 * a^p mod m_odd  and  a^p mod 2^k  separately (with Montgomery
 	 * exponentiation for the odd part), using appropriate exponent
 	 * reductions, and combine the results using the CRT.
@@ -209,7 +210,7 @@ int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
 	 * the top bit being set.  It was caused by an error in BN_div
 	 * with negatives.  There was also another problem when for a^b%m
 	 * a >= m.  eay 07-May-97 */
-/*	if ((m->d[m->top-1]&BN_TBIT) && BN_is_odd(m)) */
+	/* if ((m->d[m->top-1]&BN_TBIT) && BN_is_odd(m)) */

 	if (BN_is_odd(m))
 		{
--- a/crypto/bn/bn_gcd.c
+++ b/crypto/bn/bn_gcd.c
@@ -246,7 +246,8 @@ BIGNUM *BN_mod_inverse(BIGNUM *in,
 		if (!BN_nnmod(B, B, A, ctx)) goto err;
 		}
 	sign = -1;
-	/* From  B = a mod |n|,  A = |n|  it follows that
+	/*-
+	 * From  B = a mod |n|,  A = |n|  it follows that
 	 *
 	 *      0 <= B < A,
 	 *     -sign*X*a  ==  B   (mod |n|),
@@ -263,7 +264,7 @@ BIGNUM *BN_mod_inverse(BIGNUM *in,
 		
 		while (!BN_is_zero(B))
 			{
-			/*
+			/*-
 			 *      0 < B < |n|,
 			 *      0 < A <= |n|,
 			 * (1) -sign*X*a  ==  B   (mod |n|),
@@ -310,7 +311,8 @@ BIGNUM *BN_mod_inverse(BIGNUM *in,
 				}

 			
-			/* We still have (1) and (2).
+			/*-
+			 * We still have (1) and (2).
 			 * Both  A  and  B  are odd.
 			 * The following computations ensure that
 			 *
@@ -346,7 +348,7 @@ BIGNUM *BN_mod_inverse(BIGNUM *in,
 			{
 			BIGNUM *tmp;
 			
-			/*
+			/*-
 			 *      0 < B < A,
 			 * (*) -sign*X*a  ==  B   (mod |n|),
 			 *      sign*Y*a  ==  A   (mod |n|)
@@ -393,7 +395,8 @@ BIGNUM *BN_mod_inverse(BIGNUM *in,
 				if (!BN_div(D,M,A,B,ctx)) goto err;
 				}
 			
-			/* Now
+			/*-
+			 * Now
 			 *      A = D*B + M;
 			 * thus we have
 			 * (**)  sign*Y*a  ==  D*B + M   (mod |n|).
@@ -406,7 +409,8 @@ BIGNUM *BN_mod_inverse(BIGNUM *in,
 			B=M;
 			/* ... so we have  0 <= B < A  again */
 			
-			/* Since the former  M  is now  B  and the former  B  is now  A,
+			/*-
+			 * Since the former  M  is now  B  and the former  B  is now  A,
 			 * (**) translates into
 			 *       sign*Y*a  ==  D*A + B    (mod |n|),
 			 * i.e.
@@ -459,7 +463,7 @@ BIGNUM *BN_mod_inverse(BIGNUM *in,
 			}
 		}
 		
-	/*
+	/*-
 	 * The while loop (Euclid's algorithm) ends when
 	 *      A == gcd(a,n);
 	 * we have
@@ -547,7 +551,8 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
 		if (!BN_nnmod(B, pB, A, ctx)) goto err;
 		}
 	sign = -1;
-	/* From  B = a mod |n|,  A = |n|  it follows that
+	/*-
+	 * From  B = a mod |n|,  A = |n|  it follows that
 	 *
 	 *      0 <= B < A,
 	 *     -sign*X*a  ==  B   (mod |n|),
@@ -558,7 +563,7 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
 		{
 		BIGNUM *tmp;
 		
-		/*
+		/*-
 		 *      0 < B < A,
 		 * (*) -sign*X*a  ==  B   (mod |n|),
 		 *      sign*Y*a  ==  A   (mod |n|)
@@ -573,7 +578,8 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
 		/* (D, M) := (A/B, A%B) ... */		
 		if (!BN_div(D,M,pA,B,ctx)) goto err;
 		
-		/* Now
+		/*-
+		 * Now
 		 *      A = D*B + M;
 		 * thus we have
 		 * (**)  sign*Y*a  ==  D*B + M   (mod |n|).
@@ -586,7 +592,8 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
 		B=M;
 		/* ... so we have  0 <= B < A  again */
 		
-		/* Since the former  M  is now  B  and the former  B  is now  A,
+		/*-
+		 * Since the former  M  is now  B  and the former  B  is now  A,
 		 * (**) translates into
 		 *       sign*Y*a  ==  D*A + B    (mod |n|),
 		 * i.e.
@@ -614,7 +621,7 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
 		sign = -sign;
 		}
 		
-	/*
+	/*-
 	 * The while loop (Euclid's algorithm) ends when
 	 *      A == gcd(a,n);
 	 * we have
--- a/crypto/bn/bn_gf2m.c
+++ b/crypto/bn/bn_gf2m.c
@@ -251,7 +251,8 @@ int	BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
 	}


-/* Some functions allow for representation of the irreducible polynomials
+/*-
+ * Some functions allow for representation of the irreducible polynomials
 * as an int[], say p.  The irreducible f(t) is then of the form:
 *     t^p[0] + t^p[1] + ... + t^p[k]
 * where m = p[0] > p[1] > ... > p[k] = 0.
--- a/crypto/bn/bn_kron.c
+++ b/crypto/bn/bn_kron.c
@@ -66,7 +66,8 @@ int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
 	int ret = -2; /* avoid 'uninitialized' warning */
 	int err = 0;
 	BIGNUM *A, *B, *tmp;
-	/* In 'tab', only odd-indexed entries are relevant:
+	/*-
+	 * In 'tab', only odd-indexed entries are relevant:
 	 * For any odd BIGNUM n,
 	 *     tab[BN_lsw(n) & 7]
 	 * is $(-1)^{(n^2-1)/8}$ (using TeX notation).
--- a/crypto/bn/bn_lcl.h
+++ b/crypto/bn/bn_lcl.h
@@ -119,7 +119,7 @@ extern "C" {
 #endif


-/*
+/*-
 * BN_window_bits_for_exponent_size -- macro for sliding window mod_exp functions
 *
 *
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@@ -71,7 +71,8 @@ const char BN_version[]="Big Number" OPENSSL_VERSION_PTEXT;

 /* This stuff appears to be completely unused, so is deprecated */
 #ifndef OPENSSL_NO_DEPRECATED
-/* For a 32 bit machine
+/*-
+ * For a 32 bit machine
 * 2 -   4 ==  128
 * 3 -   8 ==  256
 * 4 -  16 ==  512
@@ -368,14 +369,17 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
 			a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];
 			A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;
 			}
+		/*
+		 * workaround for ultrix cc: without 'case 0', the optimizer does
+		 * the switch table by doing a=top&3; a--; goto jump_table[a];
+		 * which fails for top== 0
+		 */
 		switch (b->top&3)
 			{
 		case 3:	A[2]=B[2];
 		case 2:	A[1]=B[1];
 		case 1:	A[0]=B[0];
-		case 0: /* workaround for ultrix cc: without 'case 0', the optimizer does
-		         * the switch table by doing a=top&3; a--; goto jump_table[a];
-		         * which fails for top== 0 */
+		case 0:
 			;
 			}
 		}
@@ -523,12 +527,13 @@ BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
 		a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];
 		A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;
 		}
+	/* ultrix cc workaround, see comments in bn_expand_internal */
 	switch (b->top&3)
 		{
 		case 3: A[2]=B[2];
 		case 2: A[1]=B[1];
 		case 1: A[0]=B[0];
-		case 0: ; /* ultrix cc workaround, see comments in bn_expand_internal */
+		case 0: ;
 		}
 #else
 	memcpy(a->d,b->d,sizeof(b->d[0])*b->top);
--- a/crypto/bn/bn_mul.c
+++ b/crypto/bn/bn_mul.c
@@ -379,7 +379,8 @@ BN_ULONG bn_add_part_words(BN_ULONG *r,
 /* Karatsuba recursive multiplication algorithm
 * (cf. Knuth, The Art of Computer Programming, Vol. 2) */

-/* r is 2*n2 words in size,
+/*-
+ * r is 2*n2 words in size,
 * a and b are both n2 words in size.
 * n2 must be a power of 2.
 * We multiply and return the result.
@@ -500,7 +501,8 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
 		bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),n,dna,dnb,p);
 		}

-	/* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign
+	/*-
+	 * t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign
 	 * r[10] holds (a[0]*b[0])
 	 * r[32] holds (b[1]*b[1])
 	 */
@@ -517,7 +519,8 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
 		c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),t,n2));
 		}

-	/* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])
+	/*-
+	 * t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])
 	 * r[10] holds (a[0]*b[0])
 	 * r[32] holds (b[1]*b[1])
 	 * c1 holds the carry bits
@@ -676,7 +679,8 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
 			}
 		}

-	/* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign
+	/*-
+	 * t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign
 	 * r[10] holds (a[0]*b[0])
 	 * r[32] holds (b[1]*b[1])
 	 */
@@ -693,7 +697,8 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
 		c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),t,n2));
 		}

-	/* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])
+	/*-
+	 * t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])
 	 * r[10] holds (a[0]*b[0])
 	 * r[32] holds (b[1]*b[1])
 	 * c1 holds the carry bits
@@ -720,7 +725,8 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
 		}
 	}

-/* a and b must be the same size, which is n2.
+/*-
+ * a and b must be the same size, which is n2.
 * r needs to be n2 words and t needs to be n2*2
 */
 void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
@@ -749,7 +755,8 @@ void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
 		}
 	}

-/* a and b must be the same size, which is n2.
+/*-
+ * a and b must be the same size, which is n2.
 * r needs to be n2 words and t needs to be n2*2
 * l is the low words of the output.
 * t needs to be n2*3
@@ -820,7 +827,8 @@ void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2,
 		bn_mul_recursive(r,&(a[n]),&(b[n]),n,0,0,&(t[n2]));
 		}

-	/* s0 == low(al*bl)
+	/*-
+	 * s0 == low(al*bl)
 	 * s1 == low(ah*bh)+low((al-ah)*(bh-bl))+low(al*bl)+high(al*bl)
 	 * We know s0 and s1 so the only unknown is high(al*bl)
 	 * high(al*bl) == s1 - low(ah*bh+s0+(al-ah)*(bh-bl))
@@ -857,16 +865,19 @@ void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2,
 			lp[i]=((~mp[i])+1)&BN_MASK2;
 		}

-	/* s[0] = low(al*bl)
+	/*-
+	 * s[0] = low(al*bl)
 	 * t[3] = high(al*bl)
 	 * t[10] = (a[0]-a[1])*(b[1]-b[0]) neg is the sign
 	 * r[10] = (a[1]*b[1])
 	 */
-	/* R[10] = al*bl
+	/*-
+	 * R[10] = al*bl
 	 * R[21] = al*bl + ah*bh + (a[0]-a[1])*(b[1]-b[0])
 	 * R[32] = ah*bh
 	 */
-	/* R[1]=t[3]+l[0]+r[0](+-)t[0] (have carry/borrow)
+	/*-
+	 * R[1]=t[3]+l[0]+r[0](+-)t[0] (have carry/borrow)
 	 * R[2]=r[0]+t[3]+r[1](+-)t[1] (have carry/borrow)
 	 * R[3]=r[1]+(carry/borrow)
 	 */
--- a/crypto/bn/bn_print.c
+++ b/crypto/bn/bn_print.c
@@ -108,7 +108,8 @@ char *BN_bn2dec(const BIGNUM *a)
 	BIGNUM *t=NULL;
 	BN_ULONG *bn_data=NULL,*lp;

-	/* get an upper bound for the length of the decimal integer
+	/*-
+	 * get an upper bound for the length of the decimal integer
 	 * num <= (BN_num_bits(a) + 1) * log(2)
 	 *     <= 3 * BN_num_bits(a) * 0.1001 + log(2) + 1     (rounding error)
 	 *     <= BN_num_bits(a)/10 + BN_num_bits/1000 + 1 + 1 
--- a/crypto/bn/bn_recp.c
+++ b/crypto/bn/bn_recp.c
@@ -167,15 +167,16 @@ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,

 	/* Nr := round(2^i / N) */
 	if (i != recp->shift)
-		recp->shift=BN_reciprocal(&(recp->Nr),&(recp->N),
-			i,ctx); /* BN_reciprocal returns i, or -1 for an error */
+		recp->shift=BN_reciprocal(&(recp->Nr),&(recp->N),i,ctx);
+	/* BN_reciprocal could have returned -1 for an error */
 	if (recp->shift == -1) goto err;

-	/* d := |round(round(m / 2^BN_num_bits(N)) * recp->Nr / 2^(i - BN_num_bits(N)))|
-	 *    = |round(round(m / 2^BN_num_bits(N)) * round(2^i / N) / 2^(i - BN_num_bits(N)))|
-	 *   <= |(m / 2^BN_num_bits(N)) * (2^i / N) * (2^BN_num_bits(N) / 2^i)|
-	 *    = |m/N|
-	 */
+    /*-
+     * d := |round(round(m / 2^BN_num_bits(N)) * recp->Nr / 2^(i - BN_num_bits(N)))|
+     *    = |round(round(m / 2^BN_num_bits(N)) * round(2^i / N) / 2^(i - BN_num_bits(N)))|
+     *   <= |(m / 2^BN_num_bits(N)) * (2^i / N) * (2^BN_num_bits(N) / 2^i)|
+     *    = |m/N|
+     */
 	if (!BN_rshift(a,m,recp->num_bits)) goto err;
 	if (!BN_mul(b,a,&(recp->Nr),ctx)) goto err;
 	if (!BN_rshift(d,b,i-recp->num_bits)) goto err;
--- a/crypto/bn/bn_sqr.c
+++ b/crypto/bn/bn_sqr.c
@@ -194,7 +194,8 @@ void bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp)
 	}

 #ifdef BN_RECURSION
-/* r is 2*n words in size,
+/*-
+ * r is 2*n words in size,
 * a and b are both n words in size.    (There's not actually a 'b' here ...)
 * n must be a power of 2.
 * We multiply and return the result.
@@ -256,7 +257,8 @@ void bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t)
 	bn_sqr_recursive(r,a,n,p);
 	bn_sqr_recursive(&(r[n2]),&(a[n]),n,p);

-	/* t[32] holds (a[0]-a[1])*(a[1]-a[0]), it is negative or zero
+	/*-
+	 * t[32] holds (a[0]-a[1])*(a[1]-a[0]), it is negative or zero
 	 * r[10] holds (a[0]*b[0])
 	 * r[32] holds (b[1]*b[1])
 	 */
@@ -266,7 +268,8 @@ void bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t)
 	/* t[32] is negative */
 	c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2));

-	/* t[32] holds (a[0]-a[1])*(a[1]-a[0])+(a[0]*a[0])+(a[1]*a[1])
+	/*-
+	 * t[32] holds (a[0]-a[1])*(a[1]-a[0])+(a[0]*a[0])+(a[1]*a[1])
 	 * r[10] holds (a[0]*a[0])
 	 * r[32] holds (a[1]*a[1])
 	 * c1 holds the carry bits
--- a/crypto/bn/bn_sqrt.c
+++ b/crypto/bn/bn_sqrt.c
@@ -135,7 +135,8 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)

 	if (e == 1)
 		{
-		/* The easy case:  (|p|-1)/2  is odd, so 2 has an inverse
+		/*-
+		 * The easy case:  (|p|-1)/2  is odd, so 2 has an inverse
 		 * modulo  (|p|-1)/2,  and square roots can be computed
 		 * directly by modular exponentiation.
 		 * We have
@@ -152,7 +153,8 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
 	
 	if (e == 2)
 		{
-		/* |p| == 5  (mod 8)
+		/*-
+		 * |p| == 5  (mod 8)
 		 *
 		 * In this case  2  is always a non-square since
 		 * Legendre(2,p) = (-1)^((p^2-1)/8)  for any odd prime.
@@ -262,7 +264,8 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
 		goto end;
 		}

-	/* Now we know that (if  p  is indeed prime) there is an integer
+	/*-
+	 * Now we know that (if  p  is indeed prime) there is an integer
 	 * k,  0 <= k < 2^e,  such that
 	 *
 	 *      a^q * y^k == 1   (mod p).
@@ -318,7 +321,8 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)

 	while (1)
 		{
-		/* Now  b  is  a^q * y^k  for some even  k  (0 <= k < 2^E
+		/*- 
+		 * Now  b  is  a^q * y^k  for some even  k  (0 <= k < 2^E
 		 * where  E  refers to the original value of  e,  which we
 		 * don't keep in a variable),  and  x  is  a^((q+1)/2) * y^(k/2).
 		 *
--- a/crypto/bn/bntest.c
+++ b/crypto/bn/bntest.c
@@ -302,11 +302,11 @@ int main(int argc, char *argv[])
 	BN_CTX_free(ctx);
 	BIO_free(out);

-/**/
 	EXIT(0);
 err:
 	BIO_puts(out,"1\n"); /* make sure the Perl script fed by bc notices
-	                      * the failure, see test_bn in test/Makefile.ssl*/
+	                      * the failure, see test_bn in test/Makefile.ssl
+			      */
 	(void)BIO_flush(out);
 	ERR_load_crypto_strings();
 	ERR_print_errors_fp(stderr);
@@ -676,44 +676,100 @@ int test_mul(BIO *bp)

 int test_sqr(BIO *bp, BN_CTX *ctx)
 	{
-	BIGNUM a,c,d,e;
-	int i;
+	BIGNUM *a,*c,*d,*e;
+	int i, ret = 0;

-	BN_init(&a);
-	BN_init(&c);
-	BN_init(&d);
-	BN_init(&e);
+	a = BN_new();
+	c = BN_new();
+	d = BN_new();
+	e = BN_new();
+	if (a == NULL || c == NULL || d == NULL || e == NULL)
+		{
+		goto err;
+		}

 	for (i=0; i<num0; i++)
 		{
-		BN_bntest_rand(&a,40+i*10,0,0);
-		a.neg=rand_neg();
-		BN_sqr(&c,&a,ctx);
+		BN_bntest_rand(a,40+i*10,0,0);
+		a->neg=rand_neg();
+		BN_sqr(c,a,ctx);
 		if (bp != NULL)
 			{
 			if (!results)
 				{
-				BN_print(bp,&a);
+				BN_print(bp,a);
 				BIO_puts(bp," * ");
-				BN_print(bp,&a);
+				BN_print(bp,a);
 				BIO_puts(bp," - ");
 				}
-			BN_print(bp,&c);
+			BN_print(bp,c);
 			BIO_puts(bp,"\n");
 			}
-		BN_div(&d,&e,&c,&a,ctx);
-		BN_sub(&d,&d,&a);
-		if(!BN_is_zero(&d) || !BN_is_zero(&e))
-		    {
-		    fprintf(stderr,"Square test failed!\n");
-		    return 0;
-		    }
+		BN_div(d,e,c,a,ctx);
+		BN_sub(d,d,a);
+		if(!BN_is_zero(d) || !BN_is_zero(e))
+			{
+			fprintf(stderr,"Square test failed!\n");
+			goto err;
+			}
 		}
-	BN_free(&a);
-	BN_free(&c);
-	BN_free(&d);
-	BN_free(&e);
-	return(1);
+
+	/* Regression test for a BN_sqr overflow bug. */
+	BN_hex2bn(&a,
+		"80000000000000008000000000000001"
+		"FFFFFFFFFFFFFFFE0000000000000000");
+	BN_sqr(c, a, ctx);
+	if (bp != NULL)
+		{
+		if (!results)
+			{
+			BN_print(bp,a);
+			BIO_puts(bp," * ");
+			BN_print(bp,a);
+			BIO_puts(bp," - ");
+			}
+		BN_print(bp,c);
+		BIO_puts(bp,"\n");
+		}
+	BN_mul(d, a, a, ctx);
+	if (BN_cmp(c, d))
+		{
+		fprintf(stderr, "Square test failed: BN_sqr and BN_mul produce "
+			"different results!\n");
+		goto err;
+		}
+
+	/* Regression test for a BN_sqr overflow bug. */
+	BN_hex2bn(&a,
+		"80000000000000000000000080000001"
+		"FFFFFFFE000000000000000000000000");
+	BN_sqr(c, a, ctx);
+	if (bp != NULL)
+		{
+		if (!results)
+			{
+			BN_print(bp,a);
+			BIO_puts(bp," * ");
+			BN_print(bp,a);
+			BIO_puts(bp," - ");
+			}
+		BN_print(bp,c);
+		BIO_puts(bp,"\n");
+		}
+	BN_mul(d, a, a, ctx);
+	if (BN_cmp(c, d))
+		{
+		fprintf(stderr, "Square test failed: BN_sqr and BN_mul produce "
+			"different results!\n");
+		goto err;
+		}
+	ret = 1;
+err:
+	if (a != NULL) BN_free(a);
+	if (c != NULL) BN_free(c);
+	if (d != NULL) BN_free(d);
+	if (e != NULL) BN_free(e);
+	return ret;
 	}

 int test_mont(BIO *bp, BN_CTX *ctx)
@@ -735,8 +791,8 @@ int test_mont(BIO *bp, BN_CTX *ctx)
 	if (mont == NULL)
 		return 0;

-	BN_bntest_rand(&a,100,0,0); /**/
-	BN_bntest_rand(&b,100,0,0); /**/
+	BN_bntest_rand(&a,100,0,0);
+	BN_bntest_rand(&b,100,0,0);
 	for (i=0; i<num2; i++)
 		{
 		int bits = (200*(i+1))/num2;
@@ -752,8 +808,8 @@ int test_mont(BIO *bp, BN_CTX *ctx)
 		BN_to_montgomery(&A,&a,mont,ctx);
 		BN_to_montgomery(&B,&b,mont,ctx);

-		BN_mod_mul_montgomery(&c,&A,&B,mont,ctx);/**/
-		BN_from_montgomery(&A,&c,mont,ctx);/**/
+		BN_mod_mul_montgomery(&c,&A,&B,mont,ctx);
+		BN_from_montgomery(&A,&c,mont,ctx);
 		if (bp != NULL)
 			{
 			if (!results)
@@ -804,13 +860,13 @@ int test_mod(BIO *bp, BN_CTX *ctx)
 	d=BN_new();
 	e=BN_new();

-	BN_bntest_rand(a,1024,0,0); /**/
+	BN_bntest_rand(a,1024,0,0);
 	for (i=0; i<num0; i++)
 		{
-		BN_bntest_rand(b,450+i*10,0,0); /**/
+		BN_bntest_rand(b,450+i*10,0,0);
 		a->neg=rand_neg();
 		b->neg=rand_neg();
-		BN_mod(c,a,b,ctx);/**/
+		BN_mod(c,a,b,ctx);
 		if (bp != NULL)
 			{
 			if (!results)
@@ -851,11 +907,11 @@ int test_mod_mul(BIO *bp, BN_CTX *ctx)
 	e=BN_new();

 	for (j=0; j<3; j++) {
-	BN_bntest_rand(c,1024,0,0); /**/
+	BN_bntest_rand(c,1024,0,0);
 	for (i=0; i<num0; i++)
 		{
-		BN_bntest_rand(a,475+i*10,0,0); /**/
-		BN_bntest_rand(b,425+i*11,0,0); /**/
+		BN_bntest_rand(a,475+i*10,0,0);
+		BN_bntest_rand(b,425+i*11,0,0);
 		a->neg=rand_neg();
 		b->neg=rand_neg();
 		if (!BN_mod_mul(e,a,b,c,ctx))
@@ -924,8 +980,8 @@ int test_mod_exp(BIO *bp, BN_CTX *ctx)
 	BN_bntest_rand(c,30,0,1); /* must be odd for montgomery */
 	for (i=0; i<num2; i++)
 		{
-		BN_bntest_rand(a,20+i*5,0,0); /**/
-		BN_bntest_rand(b,2+i,0,0); /**/
+		BN_bntest_rand(a,20+i*5,0,0);
+		BN_bntest_rand(b,2+i,0,0);

 		if (!BN_mod_exp(d,a,b,c,ctx))
 			return(0);
@@ -975,8 +1031,8 @@ int test_mod_exp_mont_consttime(BIO *bp, BN_CTX *ctx)
 	BN_bntest_rand(c,30,0,1); /* must be odd for montgomery */
 	for (i=0; i<num2; i++)
 		{
-		BN_bntest_rand(a,20+i*5,0,0); /**/
-		BN_bntest_rand(b,2+i,0,0); /**/
+		BN_bntest_rand(a,20+i*5,0,0);
+		BN_bntest_rand(b,2+i,0,0);

 		if (!BN_mod_exp_mont_consttime(d,a,b,c,ctx,NULL))
 			return(00);
@@ -1026,8 +1082,8 @@ int test_exp(BIO *bp, BN_CTX *ctx)

 	for (i=0; i<num2; i++)
 		{
-		BN_bntest_rand(a,20+i*5,0,0); /**/
-		BN_bntest_rand(b,2+i,0,0); /**/
+		BN_bntest_rand(a,20+i*5,0,0);
+		BN_bntest_rand(b,2+i,0,0);

 		if (BN_exp(d,a,b,ctx) <= 0)
 			return(0);
@@ -1834,7 +1890,7 @@ int test_lshift(BIO *bp,BN_CTX *ctx,BIGNUM *a_)
 	else
 	    {
 	    a=BN_new();
-	    BN_bntest_rand(a,200,0,0); /**/
+	    BN_bntest_rand(a,200,0,0);
 	    a->neg=rand_neg();
 	    }
 	for (i=0; i<num0; i++)
@@ -1886,7 +1942,7 @@ int test_lshift1(BIO *bp)
 	b=BN_new();
 	c=BN_new();

-	BN_bntest_rand(a,200,0,0); /**/
+	BN_bntest_rand(a,200,0,0);
 	a->neg=rand_neg();
 	for (i=0; i<num0; i++)
 		{
@@ -1930,7 +1986,7 @@ int test_rshift(BIO *bp,BN_CTX *ctx)
 	e=BN_new();
 	BN_one(c);

-	BN_bntest_rand(a,200,0,0); /**/
+	BN_bntest_rand(a,200,0,0);
 	a->neg=rand_neg();
 	for (i=0; i<num0; i++)
 		{
@@ -1973,7 +2029,7 @@ int test_rshift1(BIO *bp)
 	b=BN_new();
 	c=BN_new();

-	BN_bntest_rand(a,200,0,0); /**/
+	BN_bntest_rand(a,200,0,0);
 	a->neg=rand_neg();
 	for (i=0; i<num0; i++)
 		{
--- a/crypto/cast/casttest.c
+++ b/crypto/cast/casttest.c
@@ -125,7 +125,7 @@ static unsigned char cfb_cipher64[CFB_TEST_SIZE]={
 	0x2C,0x17,0x25,0xD0,0x1A,0x38,0xB7,0x2A,
 	0x39,0x61,0x37,0xDC,0x79,0xFB,0x9F,0x45

-/*	0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,
+/*-	0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,
 	0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9,
 	0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/
 	}; 
--- a/crypto/conf/conf_def.c
+++ b/crypto/conf/conf_def.c
@@ -601,7 +601,8 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from)
 					}
 				e++;
 				}
-			/* So at this point we have
+			/*-
+			 * So at this point we have
 			 * np which is the start of the name string which is
 			 *   '\0' terminated. 
 			 * cp which is the start of the section string which is
--- a/crypto/constant_time_locl.h
+++ b/crypto/constant_time_locl.h
@@ -1,5 +1,5 @@
 /* crypto/constant_time_locl.h */
-/*
+/*-
 * Utilities for constant-time cryptography.
 *
 * Author: Emilia Kasper (emilia@openssl.org)
@@ -53,7 +53,7 @@
 extern "C" {
 #endif

-/*
+/*-
 * The boolean methods return a bitmask of all ones (0xff...f) for true
 * and 0 for false. This is useful for choosing a value based on the result
 * of a conditional in constant time. For example,
@@ -112,7 +112,7 @@ static inline unsigned int constant_time_eq_int(int a, int b);
 static inline unsigned char constant_time_eq_int_8(int a, int b);


-/*
+/*-
 * Returns (mask & a) | (~mask & b).
 *
 * When |mask| is all 1s or all 0s (as returned by the methods above),
@@ -129,17 +129,12 @@ static inline int constant_time_select_int(unsigned int mask, int a, int b);

 static inline unsigned int constant_time_msb(unsigned int a)
 	{
-	return (unsigned int)((int)(a) >> (sizeof(int) * 8 - 1));
+	return 0-(a >> (sizeof(a) * 8 - 1));
 	}

 static inline unsigned int constant_time_lt(unsigned int a, unsigned int b)
 	{
-	unsigned int lt;
-	/* Case 1: msb(a) == msb(b). a < b iff the MSB of a - b is set.*/
-	lt = ~(a ^ b) & (a - b);
-	/* Case 2: msb(a) != msb(b). a < b iff the MSB of b is set. */
-	lt |= ~a & b;
-	return constant_time_msb(lt);
+	return constant_time_msb(a^((a^b)|((a-b)^b)));
 	}

 static inline unsigned char constant_time_lt_8(unsigned int a, unsigned int b)
@@ -149,12 +144,7 @@ static inline unsigned char constant_time_lt_8(unsigned int a, unsigned int b)

 static inline unsigned int constant_time_ge(unsigned int a, unsigned int b)
 	{
-	unsigned int ge;
-	/* Case 1: msb(a) == msb(b). a >= b iff the MSB of a - b is not set.*/
-	ge = ~((a ^ b) | (a - b));
-	/* Case 2: msb(a) != msb(b). a >= b iff the MSB of a is set. */
-	ge |= a & ~b;
-	return constant_time_msb(ge);
+	return ~constant_time_lt(a, b);
 	}

 static inline unsigned char constant_time_ge_8(unsigned int a, unsigned int b)
@@ -204,7 +194,7 @@ static inline unsigned char constant_time_select_8(unsigned char mask,
 	return (unsigned char)(constant_time_select(mask, a, b));
 	}

-inline int constant_time_select_int(unsigned int mask, int a, int b)
+static inline int constant_time_select_int(unsigned int mask, int a, int b)
 	{
 	return (int)(constant_time_select(mask, (unsigned)(a), (unsigned)(b)));
 	}
--- a/crypto/constant_time_test.c
+++ b/crypto/constant_time_test.c
@@ -1,5 +1,5 @@
 /* crypto/constant_time_test.c */
-/*
+/*-
 * Utilities for constant-time cryptography.
 *
 * Author: Emilia Kasper (emilia@openssl.org)
--- a/crypto/cryptlib.c
+++ b/crypto/cryptlib.c
@@ -659,7 +659,8 @@ const char *CRYPTO_get_lock_name(int type)

 #if	defined(__i386)   || defined(__i386__)   || defined(_M_IX86) || \
 	defined(__INTEL__) || \
-	defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64)
+	defined(__x86_64) || defined(__x86_64__) || \
+	defined(_M_AMD64) || defined(_M_X64)

 unsigned long  OPENSSL_ia32cap_P=0;
 unsigned long *OPENSSL_ia32cap_loc(void) { return &OPENSSL_ia32cap_P; }
@@ -812,7 +813,8 @@ void OPENSSL_showfatal (const char *fmta,...)

    if ((h=GetStdHandle(STD_ERROR_HANDLE)) != NULL &&
 	GetFileType(h)!=FILE_TYPE_UNKNOWN)
-    {	/* must be console application */
+    {
+	/* must be console application */
 	va_start (ap,fmta);
 	vfprintf (stderr,fmta,ap);
 	va_end (ap);
--- a/Show More
+++ b/Show More