From 8c0439e7d6d41b9bb3de6a20ad67a84b9305ec4f Mon Sep 17 00:00:00 2001
From: Zhi Guan <guan@pku.edu.cn>
Date: Mon, 9 May 2016 09:20:02 +0200
Subject: [PATCH] fast SMS4 with Intel AVX2/KNC-NI

---
 Makefile                                      |    2 +-
 Makefile.bak                                  |    4 +-
 Makefile.org                                  |    2 +-
 apps/cpk.c                                    |  411 ++-
 apps/cpkparam.c                               |  594 +++++
 apps/enc.c                                    |    4 +
 apps/openssl                                  |    1 +
 apps/pkey.c                                   |    2 +
 apps/pkeyutl.c                                |   24 +-
 apps/progs.pl                                 |    0
 .../CFCA_CS_CA/CFCA_ACS_SM2_OCA31.cer         |    0
 .../CFCA_CS_CA/CFCA_ACS_SM2_OCA32.cer         |    0
 .../{cfca => }/CFCA_CS_CA/CFCA_CS_SM2_CA.cer  |    0
 .../CFCA_CS_CA/CFCA_CS_SM2_OCA11.cer          |    0
 .../{cfca => }/CFCA_CS_CA/CFCA_SM2_OCA1.cer   |    0
 .../CFCA_EV_CA/CFCA_EV_SM2_CodeSign_OCA.cer   |    0
 .../{cfca => }/CFCA_EV_CA/CFCA_EV_SM2_OCA.cer |    0
 .../CFCA_EV_CA/CFCA_EV_SM2_ROOT.cer           |    0
 .../CFCA_EV_CA/CFCA_OV_SM2_CodeSign_OCA.cer   |    0
 .../{cfca => }/CFCA_EV_CA/CFCA_OV_SM2_OCA.cer |    0
 .../{cfca => }/CFCA_GT_CA/CFCA_GT_SM2_CA.cer  |    0
 .../CFCA_GT_CA/CFCA_GT_SM2_OCA21.cer          |    0
 .../{cfca => }/CFCA_GT_CA/CFCA_SM2_OCA2.cer   |    0
 .../CFCA_IDENTITY_CA/CFCA_Identity_SM2_CA.cer |    0
 .../CFCA_Identity_SM2_OCA.cer                 |    0
 crypto/asn1/ameth_lib.c                       |   37 +-
 crypto/asn1/d2i_pr.c                          |   18 +-
 crypto/bn/Makefile                            |    2 +-
 crypto/bn/asm/mips3.s                         | 2201 -----------------
 crypto/bn/asm/pa-risc2.s                      | 1618 ------------
 crypto/bn/asm/pa-risc2W.s                     | 1605 ------------
 crypto/ec/Makefile                            |    2 +-
 crypto/ec/ec_ameth.c                          |  206 +-
 crypto/ec/ec_asn1.c                           |    7 +-
 crypto/ec/ec_pmeth.c                          |   68 +-
 crypto/evp/e_sms4.c                           |    6 +
 crypto/evp/evp.h                              |    8 +
 crypto/evp/evp_pkey.c                         |   12 +
 crypto/evp/m_sigver.c                         |   11 +-
 crypto/evp/m_sm3.c                            |    2 +-
 crypto/evp/p_dec.c                            |    4 +-
 crypto/evp/p_lib.c                            |    7 +-
 crypto/opensslv.h                             |    2 +-
 crypto/pem/Makefile                           |    4 +-
 crypto/pem/pem.h                              |    4 +
 crypto/pem/pem_lib.c                          |    5 +
 crypto/pem/pem_pkey.c                         |   13 +
 crypto/pem/pem_sm2.c                          |  270 ++
 crypto/sm2/sm2.h                              |   14 +-
 crypto/sm2/sm2_asn1.c                         |   32 +-
 crypto/sm2/sm2_enc.c                          |   27 +-
 crypto/sm2/sm2_kap.c                          |   96 +
 crypto/sm2/sm2_lib.c                          |   10 +
 crypto/sm2/sm2test.c                          |    2 +-
 crypto/sms4/sms4_common.c                     |  105 +
 crypto/sms4/sms4_ede.c                        |   67 +
 crypto/sms4/sms4_ede.h                        |   30 +
 crypto/sms4/sms4_enc.c                        |   87 +
 crypto/sms4/sms4_enc_avx2.c                   |  150 ++
 crypto/sms4/sms4_enc_knc.c                    |  160 ++
 crypto/sms4/sms4_enc_nblks.c                  |   75 +
 crypto/sms4/sms4_lcl.h                        |  125 +
 .../sms4enc.c => crypto/sms4/sms4speed.c      |   78 +-
 crypto/sms4/sms4test.c                        |   79 +
 demos/ameth.c                                 |   36 +
 demos/gmssl/ec_key.pem                        |    8 +
 demos/gmssl/eckey.pem                         |   10 +
 demos/gmssl/ecparam.pem                       |    7 +
 demos/gmssl/ecpubkey.pem                      |    9 +
 apps/sm2-gencert.sh => demos/gmssl/gencert.sh |    0
 demos/gmssl/gmssl.sh                          |   24 +-
 apps/sm2-initca.sh => demos/gmssl/initca.sh   |    0
 demos/gmssl/pem.c                             |   32 +
 demos/gmssl/seal.c                            |  111 +
 demos/gmssl/sm2-gencert.sh                    |   11 +
 demos/gmssl/sm2-initca.sh                     |   19 +
 demos/gmssl/sm2.c                             |  289 ++-
 engines/e_skf.c                               |  178 +-
 engines/skf/a.out                             |  Bin 0 -> 17224 bytes
 engines/skf/skf.h                             |   39 +-
 engines/skf/{skf_impl.c => skf_softtoken.c}   |  152 +-
 engines/skf/skftest.c                         |  200 +-
 engines/skf/skftest.o                         |  Bin 0 -> 4980 bytes
 83 files changed, 3536 insertions(+), 5882 deletions(-)
 create mode 100644 apps/cpkparam.c
 create mode 120000 apps/openssl
 mode change 100644 => 100755 apps/progs.pl
 rename certs/sm2/{cfca => }/CFCA_CS_CA/CFCA_ACS_SM2_OCA31.cer (100%)
 rename certs/sm2/{cfca => }/CFCA_CS_CA/CFCA_ACS_SM2_OCA32.cer (100%)
 rename certs/sm2/{cfca => }/CFCA_CS_CA/CFCA_CS_SM2_CA.cer (100%)
 rename certs/sm2/{cfca => }/CFCA_CS_CA/CFCA_CS_SM2_OCA11.cer (100%)
 rename certs/sm2/{cfca => }/CFCA_CS_CA/CFCA_SM2_OCA1.cer (100%)
 rename certs/sm2/{cfca => }/CFCA_EV_CA/CFCA_EV_SM2_CodeSign_OCA.cer (100%)
 rename certs/sm2/{cfca => }/CFCA_EV_CA/CFCA_EV_SM2_OCA.cer (100%)
 rename certs/sm2/{cfca => }/CFCA_EV_CA/CFCA_EV_SM2_ROOT.cer (100%)
 rename certs/sm2/{cfca => }/CFCA_EV_CA/CFCA_OV_SM2_CodeSign_OCA.cer (100%)
 rename certs/sm2/{cfca => }/CFCA_EV_CA/CFCA_OV_SM2_OCA.cer (100%)
 rename certs/sm2/{cfca => }/CFCA_GT_CA/CFCA_GT_SM2_CA.cer (100%)
 rename certs/sm2/{cfca => }/CFCA_GT_CA/CFCA_GT_SM2_OCA21.cer (100%)
 rename certs/sm2/{cfca => }/CFCA_GT_CA/CFCA_SM2_OCA2.cer (100%)
 rename certs/sm2/{cfca => }/CFCA_IDENTITY_CA/CFCA_Identity_SM2_CA.cer (100%)
 rename certs/sm2/{cfca => }/CFCA_IDENTITY_CA/CFCA_Identity_SM2_OCA.cer (100%)
 delete mode 100644 crypto/bn/asm/mips3.s
 delete mode 100644 crypto/bn/asm/pa-risc2.s
 delete mode 100644 crypto/bn/asm/pa-risc2W.s
 create mode 100644 crypto/pem/pem_sm2.c
 create mode 100644 crypto/sms4/sms4_common.c
 create mode 100644 crypto/sms4/sms4_ede.c
 create mode 100644 crypto/sms4/sms4_ede.h
 create mode 100644 crypto/sms4/sms4_enc.c
 create mode 100644 crypto/sms4/sms4_enc_avx2.c
 create mode 100644 crypto/sms4/sms4_enc_knc.c
 create mode 100644 crypto/sms4/sms4_enc_nblks.c
 create mode 100644 crypto/sms4/sms4_lcl.h
 rename demos/gmssl/sms4enc.c => crypto/sms4/sms4speed.c (72%)
 create mode 100644 crypto/sms4/sms4test.c
 create mode 100644 demos/ameth.c
 create mode 100644 demos/gmssl/ec_key.pem
 create mode 100644 demos/gmssl/eckey.pem
 create mode 100644 demos/gmssl/ecparam.pem
 create mode 100644 demos/gmssl/ecpubkey.pem
 rename apps/sm2-gencert.sh => demos/gmssl/gencert.sh (100%)
 rename apps/sm2-initca.sh => demos/gmssl/initca.sh (100%)
 create mode 100644 demos/gmssl/pem.c
 create mode 100644 demos/gmssl/seal.c
 create mode 100755 demos/gmssl/sm2-gencert.sh
 create mode 100755 demos/gmssl/sm2-initca.sh
 create mode 100755 engines/skf/a.out
 rename engines/skf/{skf_impl.c => skf_softtoken.c} (78%)
 create mode 100644 engines/skf/skftest.o

diff --git a/Makefile b/Makefile
index b1c54885..77f8725f 100644
--- a/Makefile
+++ b/Makefile
@@ -182,7 +182,7 @@ SHARED_LIBS_LINK_EXTS=.$(SHLIB_MAJOR).dylib .dylib
 SHARED_LDFLAGS=-arch x86_64 -dynamiclib
 
 GENERAL=        Makefile
-BASENAME=       openssl
+BASENAME=       gmssl
 NAME=           $(BASENAME)-$(VERSION)
 TARFILE=        $(NAME).tar
 WTARFILE=       $(NAME)-win.tar
diff --git a/Makefile.bak b/Makefile.bak
index 9ea59cc2..77f8725f 100644
--- a/Makefile.bak
+++ b/Makefile.bak
@@ -151,7 +151,7 @@ SDIRS=  \
 	buffer bio stack lhash rand err \
 	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
 	cms pqueue ts srp cmac \
-	sm2 sm3 sms4 ecies
+	sm2 sm3 sms4 ecies zuc
 
 # keep in mind that the above list is adjusted by ./Configure
 # according to no-xxx arguments...
@@ -182,7 +182,7 @@ SHARED_LIBS_LINK_EXTS=.$(SHLIB_MAJOR).dylib .dylib
 SHARED_LDFLAGS=-arch x86_64 -dynamiclib
 
 GENERAL=        Makefile
-BASENAME=       openssl
+BASENAME=       gmssl
 NAME=           $(BASENAME)-$(VERSION)
 TARFILE=        $(NAME).tar
 WTARFILE=       $(NAME)-win.tar
diff --git a/Makefile.org b/Makefile.org
index e6b99c24..5521bf4c 100644
--- a/Makefile.org
+++ b/Makefile.org
@@ -180,7 +180,7 @@ SHARED_LIBS_LINK_EXTS=
 SHARED_LDFLAGS=
 
 GENERAL=        Makefile
-BASENAME=       openssl
+BASENAME=       gmssl
 NAME=           $(BASENAME)-$(VERSION)
 TARFILE=        $(NAME).tar
 WTARFILE=       $(NAME)-win.tar
diff --git a/apps/cpk.c b/apps/cpk.c
index 5011c1c6..364f56a9 100644
--- a/apps/cpk.c
+++ b/apps/cpk.c
@@ -1,6 +1,413 @@
-/*
+/* apps/cpk.c */
+/* ====================================================================
+ * Copyright (c) 2016 The GmSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+/*
+ * Written by Nils Larsch for the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
  *
- * gmssl cpkparam
  */
 
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_GMSSL
+# include <stdio.h>
+# include <stdlib.h>
+# include <string.h>
+# include "apps.h"
+# include <openssl/bio.h>
+# include <openssl/err.h>
+# include <openssl/evp.h>
+# include <openssl/pem.h>
 
+# undef PROG
+# define PROG    cpk_main
+
+/*-
+ * -inform arg    - input format - default PEM (one of DER, NET or PEM)
+ * -outform arg   - output format - default PEM
+ * -in arg        - input file - default stdin
+ * -out arg       - output file - default stdout
+ * -des           - encrypt output if PEM format with DES in cbc mode
+ * -text          - print a text version
+ * -param_out     - print the elliptic curve parameters
+ * -conv_form arg - specifies the point encoding form
+ * -param_enc arg - specifies the parameter encoding
+ */
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+{
+    int ret = 1;
+    EC_KEY *eckey = NULL;
+    const EC_GROUP *group;
+    int i, badops = 0;
+    const EVP_CIPHER *enc = NULL;
+    BIO *in = NULL, *out = NULL;
+    int informat, outformat, text = 0, noout = 0;
+    int pubin = 0, pubout = 0, param_out = 0;
+    char *infile, *outfile, *prog, *engine;
+    char *passargin = NULL, *passargout = NULL;
+    char *passin = NULL, *passout = NULL;
+    point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;
+    int new_form = 0;
+    int asn1_flag = OPENSSL_EC_NAMED_CURVE;
+    int new_asn1_flag = 0;
+
+    apps_startup();
+
+    if (bio_err == NULL)
+        if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+            BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+
+    if (!load_config(bio_err, NULL))
+        goto end;
+
+    engine = NULL;
+    infile = NULL;
+    outfile = NULL;
+    informat = FORMAT_PEM;
+    outformat = FORMAT_PEM;
+
+    prog = argv[0];
+    argc--;
+    argv++;
+    while (argc >= 1) {
+        if (strcmp(*argv, "-inform") == 0) {
+            if (--argc < 1)
+                goto bad;
+            informat = str2fmt(*(++argv));
+        } else if (strcmp(*argv, "-outform") == 0) {
+            if (--argc < 1)
+                goto bad;
+            outformat = str2fmt(*(++argv));
+        } else if (strcmp(*argv, "-in") == 0) {
+            if (--argc < 1)
+                goto bad;
+            infile = *(++argv);
+        } else if (strcmp(*argv, "-out") == 0) {
+            if (--argc < 1)
+                goto bad;
+            outfile = *(++argv);
+        } else if (strcmp(*argv, "-passin") == 0) {
+            if (--argc < 1)
+                goto bad;
+            passargin = *(++argv);
+        } else if (strcmp(*argv, "-passout") == 0) {
+            if (--argc < 1)
+                goto bad;
+            passargout = *(++argv);
+        } else if (strcmp(*argv, "-engine") == 0) {
+            if (--argc < 1)
+                goto bad;
+            engine = *(++argv);
+        } else if (strcmp(*argv, "-noout") == 0)
+            noout = 1;
+        else if (strcmp(*argv, "-text") == 0)
+            text = 1;
+        else if (strcmp(*argv, "-conv_form") == 0) {
+            if (--argc < 1)
+                goto bad;
+            ++argv;
+            new_form = 1;
+            if (strcmp(*argv, "compressed") == 0)
+                form = POINT_CONVERSION_COMPRESSED;
+            else if (strcmp(*argv, "uncompressed") == 0)
+                form = POINT_CONVERSION_UNCOMPRESSED;
+            else if (strcmp(*argv, "hybrid") == 0)
+                form = POINT_CONVERSION_HYBRID;
+            else
+                goto bad;
+        } else if (strcmp(*argv, "-param_enc") == 0) {
+            if (--argc < 1)
+                goto bad;
+            ++argv;
+            new_asn1_flag = 1;
+            if (strcmp(*argv, "named_curve") == 0)
+                asn1_flag = OPENSSL_EC_NAMED_CURVE;
+            else if (strcmp(*argv, "explicit") == 0)
+                asn1_flag = 0;
+            else
+                goto bad;
+        } else if (strcmp(*argv, "-param_out") == 0)
+            param_out = 1;
+        else if (strcmp(*argv, "-pubin") == 0)
+            pubin = 1;
+        else if (strcmp(*argv, "-pubout") == 0)
+            pubout = 1;
+        else if ((enc = EVP_get_cipherbyname(&(argv[0][1]))) == NULL) {
+            BIO_printf(bio_err, "unknown option %s\n", *argv);
+            badops = 1;
+            break;
+        }
+        argc--;
+        argv++;
+    }
+
+    if (badops) {
+ bad:
+        BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog);
+        BIO_printf(bio_err, "where options are\n");
+        BIO_printf(bio_err, " -inform arg     input format - "
+                   "DER or PEM\n");
+        BIO_printf(bio_err, " -outform arg    output format - "
+                   "DER or PEM\n");
+        BIO_printf(bio_err, " -in arg         input file\n");
+        BIO_printf(bio_err, " -passin arg     input file pass "
+                   "phrase source\n");
+        BIO_printf(bio_err, " -out arg        output file\n");
+        BIO_printf(bio_err, " -passout arg    output file pass "
+                   "phrase source\n");
+        BIO_printf(bio_err, " -engine e       use engine e, "
+                   "possibly a hardware device.\n");
+        BIO_printf(bio_err, " -des            encrypt PEM output, "
+                   "instead of 'des' every other \n"
+                   "                 cipher "
+                   "supported by OpenSSL can be used\n");
+        BIO_printf(bio_err, " -text           print the key\n");
+        BIO_printf(bio_err, " -noout          don't print key out\n");
+        BIO_printf(bio_err, " -param_out      print the elliptic "
+                   "curve parameters\n");
+        BIO_printf(bio_err, " -conv_form arg  specifies the "
+                   "point conversion form \n");
+        BIO_printf(bio_err, "                 possible values:"
+                   " compressed\n");
+        BIO_printf(bio_err, "                                 "
+                   " uncompressed (default)\n");
+        BIO_printf(bio_err, "                                  " " hybrid\n");
+        BIO_printf(bio_err, " -param_enc arg  specifies the way"
+                   " the ec parameters are encoded\n");
+        BIO_printf(bio_err, "                 in the asn1 der " "encoding\n");
+        BIO_printf(bio_err, "                 possible values:"
+                   " named_curve (default)\n");
+        BIO_printf(bio_err, "                                  "
+                   "explicit\n");
+        goto end;
+    }
+
+    ERR_load_crypto_strings();
+
+# ifndef OPENSSL_NO_ENGINE
+    setup_engine(bio_err, engine, 0);
+# endif
+
+    if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
+        BIO_printf(bio_err, "Error getting passwords\n");
+        goto end;
+    }
+
+    in = BIO_new(BIO_s_file());
+    out = BIO_new(BIO_s_file());
+    if ((in == NULL) || (out == NULL)) {
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    if (infile == NULL)
+        BIO_set_fp(in, stdin, BIO_NOCLOSE);
+    else {
+        if (BIO_read_filename(in, infile) <= 0) {
+            perror(infile);
+            goto end;
+        }
+    }
+
+    BIO_printf(bio_err, "read EC key\n");
+    if (informat == FORMAT_ASN1) {
+        if (pubin)
+            eckey = d2i_EC_PUBKEY_bio(in, NULL);
+        else
+            eckey = d2i_ECPrivateKey_bio(in, NULL);
+    } else if (informat == FORMAT_PEM) {
+        if (pubin)
+            eckey = PEM_read_bio_SM2_PUBKEY(in, NULL, NULL, NULL);
+        else
+            eckey = PEM_read_bio_SM2PrivateKey(in, NULL, NULL, passin);
+    } else {
+        BIO_printf(bio_err, "bad input format specified for key\n");
+        goto end;
+    }
+    if (eckey == NULL) {
+        BIO_printf(bio_err, "unable to load Key\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    if (outfile == NULL) {
+        BIO_set_fp(out, stdout, BIO_NOCLOSE);
+# ifdef OPENSSL_SYS_VMS
+        {
+            BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+            out = BIO_push(tmpbio, out);
+        }
+# endif
+    } else {
+        if (BIO_write_filename(out, outfile) <= 0) {
+            perror(outfile);
+            goto end;
+        }
+    }
+
+    group = EC_KEY_get0_group(eckey);
+
+    if (new_form)
+        EC_KEY_set_conv_form(eckey, form);
+
+    if (new_asn1_flag)
+        EC_KEY_set_asn1_flag(eckey, asn1_flag);
+
+    if (text)
+        if (!EC_KEY_print(out, eckey, 0)) {
+            perror(outfile);
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+
+    if (noout) {
+        ret = 0;
+        goto end;
+    }
+
+    BIO_printf(bio_err, "writing SM2 key\n");
+    if (outformat == FORMAT_ASN1) {
+        if (param_out)
+            i = i2d_ECPKParameters_bio(out, group);
+        else if (pubin || pubout)
+            i = i2d_EC_PUBKEY_bio(out, eckey);
+        else
+            i = i2d_ECPrivateKey_bio(out, eckey);
+    } else if (outformat == FORMAT_PEM) {
+        if (param_out)
+            i = PEM_write_bio_SM2PKParameters(out, group);
+        else if (pubin || pubout)
+            i = PEM_write_bio_SM2_PUBKEY(out, eckey);
+        else
+            i = PEM_write_bio_SM2PrivateKey(out, eckey, enc,
+                                           NULL, 0, NULL, passout);
+    } else {
+        BIO_printf(bio_err, "bad output format specified for " "outfile\n");
+        goto end;
+    }
+
+    if (!i) {
+        BIO_printf(bio_err, "unable to write private key\n");
+        ERR_print_errors(bio_err);
+    } else
+        ret = 0;
+ end:
+    if (in)
+        BIO_free(in);
+    if (out)
+        BIO_free_all(out);
+    if (eckey)
+        EC_KEY_free(eckey);
+    if (passin)
+        OPENSSL_free(passin);
+    if (passout)
+        OPENSSL_free(passout);
+    apps_shutdown();
+    OPENSSL_EXIT(ret);
+}
+#else                           /* !OPENSSL_NO_GMSSL */
+
+# if PEDANTIC
+static void *dummy = &dummy;
+# endif
+
+#endif
diff --git a/apps/cpkparam.c b/apps/cpkparam.c
new file mode 100644
index 00000000..dce0f045
--- /dev/null
+++ b/apps/cpkparam.c
@@ -0,0 +1,594 @@
+/* apps/cpkparam.c */
+/* ====================================================================
+ * Copyright (c) 2016 The GmSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/opensslconf.h> /* for OPENSSL_NO_DH */
+#ifndef OPENSSL_NO_GMSSL
+# include <stdio.h>
+# include <stdlib.h>
+# include <time.h>
+# include <string.h>
+# include "apps.h"
+# include <openssl/bio.h>
+# include <openssl/err.h>
+# include <openssl/bn.h>
+# include <openssl/dh.h>
+# include <openssl/x509.h>
+# include <openssl/pem.h>
+
+# ifndef OPENSSL_NO_DSA
+#  include <openssl/dsa.h>
+# endif
+
+# undef PROG
+# define PROG    cpkparam_main
+
+# define DEFBITS 2048
+
+/*-
+ * -inform arg  - input format - default PEM (DER or PEM)
+ * -outform arg - output format - default PEM
+ * -in arg      - input file - default stdin
+ * -out arg     - output file - default stdout
+ * -dsaparam  - read or generate DSA parameters, convert to DH
+ * -check       - check the parameters are ok
+ * -noout
+ * -text
+ * -C
+ */
+
+static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb);
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+{
+    DH *dh = NULL;
+    int i, badops = 0, text = 0;
+# ifndef OPENSSL_NO_DSA
+    int dsaparam = 0;
+# endif
+    BIO *in = NULL, *out = NULL;
+    int informat, outformat, check = 0, noout = 0, C = 0, ret = 1;
+    char *infile, *outfile, *prog;
+    char *inrand = NULL;
+# ifndef OPENSSL_NO_ENGINE
+    char *engine = NULL;
+# endif
+    int num = 0, g = 0;
+
+    apps_startup();
+
+    if (bio_err == NULL)
+        if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+            BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+
+    if (!load_config(bio_err, NULL))
+        goto end;
+
+    infile = NULL;
+    outfile = NULL;
+    informat = FORMAT_PEM;
+    outformat = FORMAT_PEM;
+
+    prog = argv[0];
+    argc--;
+    argv++;
+    while (argc >= 1) {
+        if (strcmp(*argv, "-inform") == 0) {
+            if (--argc < 1)
+                goto bad;
+            informat = str2fmt(*(++argv));
+        } else if (strcmp(*argv, "-outform") == 0) {
+            if (--argc < 1)
+                goto bad;
+            outformat = str2fmt(*(++argv));
+        } else if (strcmp(*argv, "-in") == 0) {
+            if (--argc < 1)
+                goto bad;
+            infile = *(++argv);
+        } else if (strcmp(*argv, "-out") == 0) {
+            if (--argc < 1)
+                goto bad;
+            outfile = *(++argv);
+        }
+# ifndef OPENSSL_NO_ENGINE
+        else if (strcmp(*argv, "-engine") == 0) {
+            if (--argc < 1)
+                goto bad;
+            engine = *(++argv);
+        }
+# endif
+        else if (strcmp(*argv, "-check") == 0)
+            check = 1;
+        else if (strcmp(*argv, "-text") == 0)
+            text = 1;
+# ifndef OPENSSL_NO_DSA
+        else if (strcmp(*argv, "-dsaparam") == 0)
+            dsaparam = 1;
+# endif
+        else if (strcmp(*argv, "-C") == 0)
+            C = 1;
+        else if (strcmp(*argv, "-noout") == 0)
+            noout = 1;
+        else if (strcmp(*argv, "-2") == 0)
+            g = 2;
+        else if (strcmp(*argv, "-5") == 0)
+            g = 5;
+        else if (strcmp(*argv, "-rand") == 0) {
+            if (--argc < 1)
+                goto bad;
+            inrand = *(++argv);
+        } else if (((sscanf(*argv, "%d", &num) == 0) || (num <= 0)))
+            goto bad;
+        argv++;
+        argc--;
+    }
+
+    if (badops) {
+ bad:
+        BIO_printf(bio_err, "%s [options] [numbits]\n", prog);
+        BIO_printf(bio_err, "where options are\n");
+        BIO_printf(bio_err, " -inform arg   input format - one of DER PEM\n");
+        BIO_printf(bio_err,
+                   " -outform arg  output format - one of DER PEM\n");
+        BIO_printf(bio_err, " -in arg       input file\n");
+        BIO_printf(bio_err, " -out arg      output file\n");
+# ifndef OPENSSL_NO_DSA
+        BIO_printf(bio_err,
+                   " -dsaparam     read or generate DSA parameters, convert to DH\n");
+# endif
+        BIO_printf(bio_err, " -check        check the DH parameters\n");
+        BIO_printf(bio_err,
+                   " -text         print a text form of the DH parameters\n");
+        BIO_printf(bio_err, " -C            Output C code\n");
+        BIO_printf(bio_err,
+                   " -2            generate parameters using  2 as the generator value\n");
+        BIO_printf(bio_err,
+                   " -5            generate parameters using  5 as the generator value\n");
+        BIO_printf(bio_err,
+                   " numbits       number of bits in to generate (default 2048)\n");
+# ifndef OPENSSL_NO_ENGINE
+        BIO_printf(bio_err,
+                   " -engine e     use engine e, possibly a hardware device.\n");
+# endif
+        BIO_printf(bio_err, " -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR,
+                   LIST_SEPARATOR_CHAR);
+        BIO_printf(bio_err,
+                   "               - load the file (or the files in the directory) into\n");
+        BIO_printf(bio_err, "               the random number generator\n");
+        BIO_printf(bio_err, " -noout        no output\n");
+        goto end;
+    }
+
+    ERR_load_crypto_strings();
+
+# ifndef OPENSSL_NO_ENGINE
+    setup_engine(bio_err, engine, 0);
+# endif
+
+    if (g && !num)
+        num = DEFBITS;
+
+# ifndef OPENSSL_NO_DSA
+    if (dsaparam) {
+        if (g) {
+            BIO_printf(bio_err,
+                       "generator may not be chosen for DSA parameters\n");
+            goto end;
+        }
+    } else
+# endif
+    {
+        /* DH parameters */
+        if (num && !g)
+            g = 2;
+    }
+
+    if (num) {
+
+        BN_GENCB cb;
+        BN_GENCB_set(&cb, dh_cb, bio_err);
+        if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) {
+            BIO_printf(bio_err,
+                       "warning, not much extra random data, consider using the -rand option\n");
+        }
+        if (inrand != NULL)
+            BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
+                       app_RAND_load_files(inrand));
+
+# ifndef OPENSSL_NO_DSA
+        if (dsaparam) {
+            DSA *dsa = DSA_new();
+
+            BIO_printf(bio_err,
+                       "Generating DSA parameters, %d bit long prime\n", num);
+            if (!dsa
+                || !DSA_generate_parameters_ex(dsa, num, NULL, 0, NULL, NULL,
+                                               &cb)) {
+                if (dsa)
+                    DSA_free(dsa);
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+
+            dh = DSA_dup_DH(dsa);
+            DSA_free(dsa);
+            if (dh == NULL) {
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+        } else
+# endif
+        {
+            dh = DH_new();
+            BIO_printf(bio_err,
+                       "Generating DH parameters, %d bit long safe prime, generator %d\n",
+                       num, g);
+            BIO_printf(bio_err, "This is going to take a long time\n");
+            if (!dh || !DH_generate_parameters_ex(dh, num, g, &cb)) {
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+        }
+
+        app_RAND_write_file(NULL, bio_err);
+    } else {
+
+        in = BIO_new(BIO_s_file());
+        if (in == NULL) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        if (infile == NULL)
+            BIO_set_fp(in, stdin, BIO_NOCLOSE);
+        else {
+            if (BIO_read_filename(in, infile) <= 0) {
+                perror(infile);
+                goto end;
+            }
+        }
+
+        if (informat != FORMAT_ASN1 && informat != FORMAT_PEM) {
+            BIO_printf(bio_err, "bad input format specified\n");
+            goto end;
+        }
+# ifndef OPENSSL_NO_DSA
+        if (dsaparam) {
+            DSA *dsa;
+
+            if (informat == FORMAT_ASN1)
+                dsa = d2i_DSAparams_bio(in, NULL);
+            else                /* informat == FORMAT_PEM */
+                dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL);
+
+            if (dsa == NULL) {
+                BIO_printf(bio_err, "unable to load DSA parameters\n");
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+
+            dh = DSA_dup_DH(dsa);
+            DSA_free(dsa);
+            if (dh == NULL) {
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+        } else
+# endif
+        {
+            if (informat == FORMAT_ASN1)
+                dh = d2i_DHparams_bio(in, NULL);
+            else                /* informat == FORMAT_PEM */
+                dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
+
+            if (dh == NULL) {
+                BIO_printf(bio_err, "unable to load DH parameters\n");
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+        }
+
+        /* dh != NULL */
+    }
+
+    out = BIO_new(BIO_s_file());
+    if (out == NULL) {
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+    if (outfile == NULL) {
+        BIO_set_fp(out, stdout, BIO_NOCLOSE);
+# ifdef OPENSSL_SYS_VMS
+        {
+            BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+            out = BIO_push(tmpbio, out);
+        }
+# endif
+    } else {
+        if (BIO_write_filename(out, outfile) <= 0) {
+            perror(outfile);
+            goto end;
+        }
+    }
+
+    if (text) {
+        DHparams_print(out, dh);
+    }
+
+    if (check) {
+        if (!DH_check(dh, &i)) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        if (i & DH_CHECK_P_NOT_PRIME)
+            printf("p value is not prime\n");
+        if (i & DH_CHECK_P_NOT_SAFE_PRIME)
+            printf("p value is not a safe prime\n");
+        if (i & DH_UNABLE_TO_CHECK_GENERATOR)
+            printf("unable to check the generator value\n");
+        if (i & DH_NOT_SUITABLE_GENERATOR)
+            printf("the g value is not a generator\n");
+        if (i == 0)
+            printf("DH parameters appear to be ok.\n");
+    }
+    if (C) {
+        unsigned char *data;
+        int len, l, bits;
+
+        len = BN_num_bytes(dh->p);
+        bits = BN_num_bits(dh->p);
+        data = (unsigned char *)OPENSSL_malloc(len);
+        if (data == NULL) {
+            perror("OPENSSL_malloc");
+            goto end;
+        }
+        printf("#ifndef HEADER_DH_H\n"
+               "#include <openssl/dh.h>\n" "#endif\n");
+        printf("DH *get_dh%d()\n\t{\n", bits);
+
+        l = BN_bn2bin(dh->p, data);
+        printf("\tstatic unsigned char dh%d_p[]={", bits);
+        for (i = 0; i < l; i++) {
+            if ((i % 12) == 0)
+                printf("\n\t\t");
+            printf("0x%02X,", data[i]);
+        }
+        printf("\n\t\t};\n");
+
+        l = BN_bn2bin(dh->g, data);
+        printf("\tstatic unsigned char dh%d_g[]={", bits);
+        for (i = 0; i < l; i++) {
+            if ((i % 12) == 0)
+                printf("\n\t\t");
+            printf("0x%02X,", data[i]);
+        }
+        printf("\n\t\t};\n");
+
+        printf("\tDH *dh;\n\n");
+        printf("\tif ((dh=DH_new()) == NULL) return(NULL);\n");
+        printf("\tdh->p=BN_bin2bn(dh%d_p,sizeof(dh%d_p),NULL);\n",
+               bits, bits);
+        printf("\tdh->g=BN_bin2bn(dh%d_g,sizeof(dh%d_g),NULL);\n",
+               bits, bits);
+        printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n");
+        printf("\t\t{ DH_free(dh); return(NULL); }\n");
+        if (dh->length)
+            printf("\tdh->length = %ld;\n", dh->length);
+        printf("\treturn(dh);\n\t}\n");
+        OPENSSL_free(data);
+    }
+
+    if (!noout) {
+        if (outformat == FORMAT_ASN1)
+            i = i2d_DHparams_bio(out, dh);
+        else if (outformat == FORMAT_PEM) {
+            if (dh->q)
+                i = PEM_write_bio_DHxparams(out, dh);
+            else
+                i = PEM_write_bio_DHparams(out, dh);
+        } else {
+            BIO_printf(bio_err, "bad output format specified for outfile\n");
+            goto end;
+        }
+        if (!i) {
+            BIO_printf(bio_err, "unable to write DH parameters\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+    ret = 0;
+ end:
+    if (in != NULL)
+        BIO_free(in);
+    if (out != NULL)
+        BIO_free_all(out);
+    if (dh != NULL)
+        DH_free(dh);
+    apps_shutdown();
+    OPENSSL_EXIT(ret);
+}
+
+/* dh_cb is identical to dsa_cb in apps/dsaparam.c */
+static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb)
+{
+    char c = '*';
+
+    if (p == 0)
+        c = '.';
+    if (p == 1)
+        c = '+';
+    if (p == 2)
+        c = '*';
+    if (p == 3)
+        c = '\n';
+    BIO_write(cb->arg, &c, 1);
+    (void)BIO_flush(cb->arg);
+# ifdef LINT
+    p = n;
+# endif
+    return 1;
+}
+
+#else                           /* !OPENSSL_NO_GMSSL */
+
+# if PEDANTIC
+static void *dummy = &dummy;
+# endif
+
+#endif
diff --git a/apps/enc.c b/apps/enc.c
index 7b7c70b1..b03e42cf 100644
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -344,7 +344,11 @@ int MAIN(int argc, char **argv)
     }
 
     if (dgst == NULL) {
+#ifndef OPENSSL_NO_GMSSL
+        dgst = EVP_sm3();
+#else
         dgst = EVP_md5();
+#endif
     }
 
     if (bufsize != NULL) {
diff --git a/apps/openssl b/apps/openssl
new file mode 120000
index 00000000..4fbc7b0c
--- /dev/null
+++ b/apps/openssl
@@ -0,0 +1 @@
+gmssl
\ No newline at end of file
diff --git a/apps/pkey.c b/apps/pkey.c
index e848049c..e711ba5d 100644
--- a/apps/pkey.c
+++ b/apps/pkey.c
@@ -210,6 +210,8 @@ int MAIN(int argc, char **argv)
     if (!pkey)
         goto end;
 
+printf("GMSSL %s %d\n", __FILE__, __LINE__);
+
     if (!noout) {
         if (outformat == FORMAT_PEM) {
             if (pubout)
diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c
index aaa90740..d066f103 100644
--- a/apps/pkeyutl.c
+++ b/apps/pkeyutl.c
@@ -72,6 +72,10 @@ static void usage(void);
 
 #define PROG pkeyutl_main
 
+#ifndef OPENSSL_NO_GMSSL
+int is_sm2 = 0;
+#endif
+
 static EVP_PKEY_CTX *init_ctx(int *pkeysize,
                               char *keyfile, int keyform, int key_type,
                               char *passargin, int pkey_op, ENGINE *e);
@@ -206,6 +210,14 @@ int MAIN(int argc, char **argv)
                 ERR_print_errors(bio_err);
                 goto end;
             }
+#ifndef OPENSSL_NO_GMSSL
+        } else if (strcmp(*argv, "-algorithm") == 0) {
+            if (!argv[1])
+                goto end;
+            if (strcmp(*(++argv), "SM2"))
+                goto end;
+            is_sm2 = 1;
+#endif
         } else
             badarg = 1;
         if (badarg) {
@@ -396,7 +408,7 @@ static EVP_PKEY_CTX *init_ctx(int *pkeysize,
     switch (key_type) {
     case KEY_PRIVKEY:
         pkey = load_key(bio_err, keyfile, keyform, 0,
-                        passin, e, "Private Key");
+                        passin, e, "Private Key"); //FIXME: GmSSL: we might set PKEY METHOD of EC
         break;
 
     case KEY_PUBKEY:
@@ -419,6 +431,16 @@ static EVP_PKEY_CTX *init_ctx(int *pkeysize,
     if (!pkey)
         goto end;
 
+#ifndef OPENSSL_NO_GMSSL
+    if (is_sm2) {
+        if (!EVP_PKEY_set_type(pkey, EVP_PKEY_SM2)) {
+            fprintf(stderr, "GmSSL: %s %d\n", __FILE__, __LINE__);
+            ERR_print_errors_fp(stderr);
+            goto end;
+        }
+    }
+#endif
+
     ctx = EVP_PKEY_CTX_new(pkey, e);
 
     EVP_PKEY_free(pkey);
diff --git a/apps/progs.pl b/apps/progs.pl
old mode 100644
new mode 100755
diff --git a/certs/sm2/cfca/CFCA_CS_CA/CFCA_ACS_SM2_OCA31.cer b/certs/sm2/CFCA_CS_CA/CFCA_ACS_SM2_OCA31.cer
similarity index 100%
rename from certs/sm2/cfca/CFCA_CS_CA/CFCA_ACS_SM2_OCA31.cer
rename to certs/sm2/CFCA_CS_CA/CFCA_ACS_SM2_OCA31.cer
diff --git a/certs/sm2/cfca/CFCA_CS_CA/CFCA_ACS_SM2_OCA32.cer b/certs/sm2/CFCA_CS_CA/CFCA_ACS_SM2_OCA32.cer
similarity index 100%
rename from certs/sm2/cfca/CFCA_CS_CA/CFCA_ACS_SM2_OCA32.cer
rename to certs/sm2/CFCA_CS_CA/CFCA_ACS_SM2_OCA32.cer
diff --git a/certs/sm2/cfca/CFCA_CS_CA/CFCA_CS_SM2_CA.cer b/certs/sm2/CFCA_CS_CA/CFCA_CS_SM2_CA.cer
similarity index 100%
rename from certs/sm2/cfca/CFCA_CS_CA/CFCA_CS_SM2_CA.cer
rename to certs/sm2/CFCA_CS_CA/CFCA_CS_SM2_CA.cer
diff --git a/certs/sm2/cfca/CFCA_CS_CA/CFCA_CS_SM2_OCA11.cer b/certs/sm2/CFCA_CS_CA/CFCA_CS_SM2_OCA11.cer
similarity index 100%
rename from certs/sm2/cfca/CFCA_CS_CA/CFCA_CS_SM2_OCA11.cer
rename to certs/sm2/CFCA_CS_CA/CFCA_CS_SM2_OCA11.cer
diff --git a/certs/sm2/cfca/CFCA_CS_CA/CFCA_SM2_OCA1.cer b/certs/sm2/CFCA_CS_CA/CFCA_SM2_OCA1.cer
similarity index 100%
rename from certs/sm2/cfca/CFCA_CS_CA/CFCA_SM2_OCA1.cer
rename to certs/sm2/CFCA_CS_CA/CFCA_SM2_OCA1.cer
diff --git a/certs/sm2/cfca/CFCA_EV_CA/CFCA_EV_SM2_CodeSign_OCA.cer b/certs/sm2/CFCA_EV_CA/CFCA_EV_SM2_CodeSign_OCA.cer
similarity index 100%
rename from certs/sm2/cfca/CFCA_EV_CA/CFCA_EV_SM2_CodeSign_OCA.cer
rename to certs/sm2/CFCA_EV_CA/CFCA_EV_SM2_CodeSign_OCA.cer
diff --git a/certs/sm2/cfca/CFCA_EV_CA/CFCA_EV_SM2_OCA.cer b/certs/sm2/CFCA_EV_CA/CFCA_EV_SM2_OCA.cer
similarity index 100%
rename from certs/sm2/cfca/CFCA_EV_CA/CFCA_EV_SM2_OCA.cer
rename to certs/sm2/CFCA_EV_CA/CFCA_EV_SM2_OCA.cer
diff --git a/certs/sm2/cfca/CFCA_EV_CA/CFCA_EV_SM2_ROOT.cer b/certs/sm2/CFCA_EV_CA/CFCA_EV_SM2_ROOT.cer
similarity index 100%
rename from certs/sm2/cfca/CFCA_EV_CA/CFCA_EV_SM2_ROOT.cer
rename to certs/sm2/CFCA_EV_CA/CFCA_EV_SM2_ROOT.cer
diff --git a/certs/sm2/cfca/CFCA_EV_CA/CFCA_OV_SM2_CodeSign_OCA.cer b/certs/sm2/CFCA_EV_CA/CFCA_OV_SM2_CodeSign_OCA.cer
similarity index 100%
rename from certs/sm2/cfca/CFCA_EV_CA/CFCA_OV_SM2_CodeSign_OCA.cer
rename to certs/sm2/CFCA_EV_CA/CFCA_OV_SM2_CodeSign_OCA.cer
diff --git a/certs/sm2/cfca/CFCA_EV_CA/CFCA_OV_SM2_OCA.cer b/certs/sm2/CFCA_EV_CA/CFCA_OV_SM2_OCA.cer
similarity index 100%
rename from certs/sm2/cfca/CFCA_EV_CA/CFCA_OV_SM2_OCA.cer
rename to certs/sm2/CFCA_EV_CA/CFCA_OV_SM2_OCA.cer
diff --git a/certs/sm2/cfca/CFCA_GT_CA/CFCA_GT_SM2_CA.cer b/certs/sm2/CFCA_GT_CA/CFCA_GT_SM2_CA.cer
similarity index 100%
rename from certs/sm2/cfca/CFCA_GT_CA/CFCA_GT_SM2_CA.cer
rename to certs/sm2/CFCA_GT_CA/CFCA_GT_SM2_CA.cer
diff --git a/certs/sm2/cfca/CFCA_GT_CA/CFCA_GT_SM2_OCA21.cer b/certs/sm2/CFCA_GT_CA/CFCA_GT_SM2_OCA21.cer
similarity index 100%
rename from certs/sm2/cfca/CFCA_GT_CA/CFCA_GT_SM2_OCA21.cer
rename to certs/sm2/CFCA_GT_CA/CFCA_GT_SM2_OCA21.cer
diff --git a/certs/sm2/cfca/CFCA_GT_CA/CFCA_SM2_OCA2.cer b/certs/sm2/CFCA_GT_CA/CFCA_SM2_OCA2.cer
similarity index 100%
rename from certs/sm2/cfca/CFCA_GT_CA/CFCA_SM2_OCA2.cer
rename to certs/sm2/CFCA_GT_CA/CFCA_SM2_OCA2.cer
diff --git a/certs/sm2/cfca/CFCA_IDENTITY_CA/CFCA_Identity_SM2_CA.cer b/certs/sm2/CFCA_IDENTITY_CA/CFCA_Identity_SM2_CA.cer
similarity index 100%
rename from certs/sm2/cfca/CFCA_IDENTITY_CA/CFCA_Identity_SM2_CA.cer
rename to certs/sm2/CFCA_IDENTITY_CA/CFCA_Identity_SM2_CA.cer
diff --git a/certs/sm2/cfca/CFCA_IDENTITY_CA/CFCA_Identity_SM2_OCA.cer b/certs/sm2/CFCA_IDENTITY_CA/CFCA_Identity_SM2_OCA.cer
similarity index 100%
rename from certs/sm2/cfca/CFCA_IDENTITY_CA/CFCA_Identity_SM2_OCA.cer
rename to certs/sm2/CFCA_IDENTITY_CA/CFCA_Identity_SM2_OCA.cer
diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c
index 8f815d9b..b6c1f2c8 100644
--- a/crypto/asn1/ameth_lib.c
+++ b/crypto/asn1/ameth_lib.c
@@ -94,14 +94,14 @@ static const EVP_PKEY_ASN1_METHOD *standard_methods[] = {
 #endif
 #ifndef OPENSSL_NO_EC
     &eckey_asn1_meth,
-#endif
-#ifndef OPENSSL_NO_SM2
-    &sm2_asn1_meth,
 #endif
     &hmac_asn1_meth,
     &cmac_asn1_meth,
 #ifndef OPENSSL_NO_DH
-    &dhx_asn1_meth
+    &dhx_asn1_meth,
+#endif
+#ifndef OPENSSL_NO_SM2
+    &sm2_asn1_meth,
 #endif
 };
 
@@ -165,33 +165,6 @@ static const EVP_PKEY_ASN1_METHOD *pkey_asn1_find(int type)
     }
     ret = OBJ_bsearch_ameth(&t, standard_methods, sizeof(standard_methods)
                             / sizeof(EVP_PKEY_ASN1_METHOD *));
-
-#ifndef OPENSSL_NO_SM2
-	//FIXME: i dont know why sm2_asn1_meth can not be found
-	/*
-	{
-    int i;
-    for (i = 0;
-         i < sizeof(standard_methods) / sizeof(EVP_PKEY_ASN1_METHOD *); i++)
-        fprintf(stderr, "Number %d id=%d (%s)\n", i,
-                standard_methods[i]->pkey_id,
-                OBJ_nid2sn(standard_methods[i]->pkey_id));
-	}
-	*/
-	
-	/*
-	fprintf(stderr, "%s:%d: type = %d, NID_sm2 = %d\n", __FILE__, __LINE__, 
-		type, NID_sm2p256v1);
-	if (ret == NULL) {
-		fprintf(stderr, "shit, not found!");
-	}
-	*/
-
-	if (type == EVP_PKEY_SM2) {
-		return &sm2_asn1_meth;
-	}
-#endif
-
     if (!ret || !*ret)
         return NULL;
     return *ret;
@@ -234,8 +207,6 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe,
     int i;
     const EVP_PKEY_ASN1_METHOD *ameth;
 
-	printf("%s:%d: EVP_PKEY_asn1_find_str(%s)\n", __FILE__, __LINE__, str);
-
     if (len == -1)
         len = strlen(str);
     if (pe) {
diff --git a/crypto/asn1/d2i_pr.c b/crypto/asn1/d2i_pr.c
index c96da091..8c1e4cca 100644
--- a/crypto/asn1/d2i_pr.c
+++ b/crypto/asn1/d2i_pr.c
@@ -93,28 +93,38 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
         goto err;
     }
 
+fprintf(stderr, "GMSSL: %s %d\n", __FILE__, __LINE__);
+
     if (!ret->ameth->old_priv_decode ||
         !ret->ameth->old_priv_decode(ret, pp, length)) {
+fprintf(stderr, "GMSSL: %s %d\n", __FILE__, __LINE__);
         if (ret->ameth->priv_decode) {
             PKCS8_PRIV_KEY_INFO *p8 = NULL;
             p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, pp, length);
+fprintf(stderr, "GMSSL: %s %d\n", __FILE__, __LINE__);
             if (!p8)
                 goto err;
             EVP_PKEY_free(ret);
             ret = EVP_PKCS82PKEY(p8);
             PKCS8_PRIV_KEY_INFO_free(p8);
+fprintf(stderr, "GMSSL: %s %d\n", __FILE__, __LINE__);
 
         } else {
             ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB);
+fprintf(stderr, "GMSSL: %s %d\n", __FILE__, __LINE__);
             goto err;
         }
     }
+fprintf(stderr, "GMSSL: %s %d\n", __FILE__, __LINE__);
     if (a != NULL)
         (*a) = ret;
+fprintf(stderr, "GMSSL: %s %d\n", __FILE__, __LINE__);
     return (ret);
  err:
+fprintf(stderr, "GMSSL: %s %d\n", __FILE__, __LINE__);
     if ((ret != NULL) && ((a == NULL) || (*a != ret)))
         EVP_PKEY_free(ret);
+fprintf(stderr, "GMSSL: %s %d\n", __FILE__, __LINE__);
     return (NULL);
 }
 
@@ -140,10 +150,16 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
      * Since we only need to discern "traditional format" RSA and DSA keys we
      * can just count the elements.
      */
+
+fprintf(stderr, "GMSSL %s %d: %s %d\n", __FILE__, __LINE__, __FUNCTION__, sk_ASN1_TYPE_num(inkey));
+
     if (sk_ASN1_TYPE_num(inkey) == 6)
         keytype = EVP_PKEY_DSA;
-    else if (sk_ASN1_TYPE_num(inkey) == 4)
+    else if (sk_ASN1_TYPE_num(inkey) == 4) {
         keytype = EVP_PKEY_EC;
+
+fprintf(stderr, "GMSSL %s %d: %s\n", __FILE__, __LINE__, __FUNCTION__);
+}
     else if (sk_ASN1_TYPE_num(inkey) == 3) { /* This seems to be PKCS8, not
                                               * traditional format */
         PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, pp, length);
diff --git a/crypto/bn/Makefile b/crypto/bn/Makefile
index 215855ec..e524b070 100644
--- a/crypto/bn/Makefile
+++ b/crypto/bn/Makefile
@@ -187,7 +187,7 @@ dclean:
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+	rm -f *.s asm/*.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
diff --git a/crypto/bn/asm/mips3.s b/crypto/bn/asm/mips3.s
deleted file mode 100644
index dca4105c..00000000
--- a/crypto/bn/asm/mips3.s
+++ /dev/null
@@ -1,2201 +0,0 @@
-.rdata
-.asciiz	"mips3.s, Version 1.1"
-.asciiz	"MIPS III/IV ISA artwork by Andy Polyakov <appro@fy.chalmers.se>"
-
-/*
- * ====================================================================
- * Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
- * project.
- *
- * Rights for redistribution and usage in source and binary forms are
- * granted according to the OpenSSL license. Warranty of any kind is
- * disclaimed.
- * ====================================================================
- */
-
-/*
- * This is my modest contributon to the OpenSSL project (see
- * http://www.openssl.org/ for more information about it) and is
- * a drop-in MIPS III/IV ISA replacement for crypto/bn/bn_asm.c
- * module. For updates see http://fy.chalmers.se/~appro/hpe/.
- *
- * The module is designed to work with either of the "new" MIPS ABI(5),
- * namely N32 or N64, offered by IRIX 6.x. It's not ment to work under
- * IRIX 5.x not only because it doesn't support new ABIs but also
- * because 5.x kernels put R4x00 CPU into 32-bit mode and all those
- * 64-bit instructions (daddu, dmultu, etc.) found below gonna only
- * cause illegal instruction exception:-(
- *
- * In addition the code depends on preprocessor flags set up by MIPSpro
- * compiler driver (either as or cc) and therefore (probably?) can't be
- * compiled by the GNU assembler. GNU C driver manages fine though...
- * I mean as long as -mmips-as is specified or is the default option,
- * because then it simply invokes /usr/bin/as which in turn takes
- * perfect care of the preprocessor definitions. Another neat feature
- * offered by the MIPSpro assembler is an optimization pass. This gave
- * me the opportunity to have the code looking more regular as all those
- * architecture dependent instruction rescheduling details were left to
- * the assembler. Cool, huh?
- *
- * Performance improvement is astonishing! 'apps/openssl speed rsa dsa'
- * goes way over 3 times faster!
- *
- *					<appro@fy.chalmers.se>
- */
-#include <asm.h>
-#include <regdef.h>
-
-#if _MIPS_ISA>=4
-#define	MOVNZ(cond,dst,src)	\
-	movn	dst,src,cond
-#else
-#define	MOVNZ(cond,dst,src)	\
-	.set	noreorder;	\
-	bnezl	cond,.+8;	\
-	move	dst,src;	\
-	.set	reorder
-#endif
-
-.text
-
-.set	noat
-.set	reorder
-
-#define	MINUS4	v1
-
-.align	5
-LEAF(bn_mul_add_words)
-	.set	noreorder
-	bgtzl	a2,.L_bn_mul_add_words_proceed
-	ld	t0,0(a1)
-	jr	ra
-	move	v0,zero
-	.set	reorder
-
-.L_bn_mul_add_words_proceed:
-	li	MINUS4,-4
-	and	ta0,a2,MINUS4
-	move	v0,zero
-	beqz	ta0,.L_bn_mul_add_words_tail
-
-.L_bn_mul_add_words_loop:
-	dmultu	t0,a3
-	ld	t1,0(a0)
-	ld	t2,8(a1)
-	ld	t3,8(a0)
-	ld	ta0,16(a1)
-	ld	ta1,16(a0)
-	daddu	t1,v0
-	sltu	v0,t1,v0	/* All manuals say it "compares 32-bit
-				 * values", but it seems to work fine
-				 * even on 64-bit registers. */
-	mflo	AT
-	mfhi	t0
-	daddu	t1,AT
-	daddu	v0,t0
-	sltu	AT,t1,AT
-	sd	t1,0(a0)
-	daddu	v0,AT
-
-	dmultu	t2,a3
-	ld	ta2,24(a1)
-	ld	ta3,24(a0)
-	daddu	t3,v0
-	sltu	v0,t3,v0
-	mflo	AT
-	mfhi	t2
-	daddu	t3,AT
-	daddu	v0,t2
-	sltu	AT,t3,AT
-	sd	t3,8(a0)
-	daddu	v0,AT
-
-	dmultu	ta0,a3
-	subu	a2,4
-	PTR_ADD	a0,32
-	PTR_ADD	a1,32
-	daddu	ta1,v0
-	sltu	v0,ta1,v0
-	mflo	AT
-	mfhi	ta0
-	daddu	ta1,AT
-	daddu	v0,ta0
-	sltu	AT,ta1,AT
-	sd	ta1,-16(a0)
-	daddu	v0,AT
-
-
-	dmultu	ta2,a3
-	and	ta0,a2,MINUS4
-	daddu	ta3,v0
-	sltu	v0,ta3,v0
-	mflo	AT
-	mfhi	ta2
-	daddu	ta3,AT
-	daddu	v0,ta2
-	sltu	AT,ta3,AT
-	sd	ta3,-8(a0)
-	daddu	v0,AT
-	.set	noreorder
-	bgtzl	ta0,.L_bn_mul_add_words_loop
-	ld	t0,0(a1)
-
-	bnezl	a2,.L_bn_mul_add_words_tail
-	ld	t0,0(a1)
-	.set	reorder
-
-.L_bn_mul_add_words_return:
-	jr	ra
-
-.L_bn_mul_add_words_tail:
-	dmultu	t0,a3
-	ld	t1,0(a0)
-	subu	a2,1
-	daddu	t1,v0
-	sltu	v0,t1,v0
-	mflo	AT
-	mfhi	t0
-	daddu	t1,AT
-	daddu	v0,t0
-	sltu	AT,t1,AT
-	sd	t1,0(a0)
-	daddu	v0,AT
-	beqz	a2,.L_bn_mul_add_words_return
-
-	ld	t0,8(a1)
-	dmultu	t0,a3
-	ld	t1,8(a0)
-	subu	a2,1
-	daddu	t1,v0
-	sltu	v0,t1,v0
-	mflo	AT
-	mfhi	t0
-	daddu	t1,AT
-	daddu	v0,t0
-	sltu	AT,t1,AT
-	sd	t1,8(a0)
-	daddu	v0,AT
-	beqz	a2,.L_bn_mul_add_words_return
-
-	ld	t0,16(a1)
-	dmultu	t0,a3
-	ld	t1,16(a0)
-	daddu	t1,v0
-	sltu	v0,t1,v0
-	mflo	AT
-	mfhi	t0
-	daddu	t1,AT
-	daddu	v0,t0
-	sltu	AT,t1,AT
-	sd	t1,16(a0)
-	daddu	v0,AT
-	jr	ra
-END(bn_mul_add_words)
-
-.align	5
-LEAF(bn_mul_words)
-	.set	noreorder
-	bgtzl	a2,.L_bn_mul_words_proceed
-	ld	t0,0(a1)
-	jr	ra
-	move	v0,zero
-	.set	reorder
-
-.L_bn_mul_words_proceed:
-	li	MINUS4,-4
-	and	ta0,a2,MINUS4
-	move	v0,zero
-	beqz	ta0,.L_bn_mul_words_tail
-
-.L_bn_mul_words_loop:
-	dmultu	t0,a3
-	ld	t2,8(a1)
-	ld	ta0,16(a1)
-	ld	ta2,24(a1)
-	mflo	AT
-	mfhi	t0
-	daddu	v0,AT
-	sltu	t1,v0,AT
-	sd	v0,0(a0)
-	daddu	v0,t1,t0
-
-	dmultu	t2,a3
-	subu	a2,4
-	PTR_ADD	a0,32
-	PTR_ADD	a1,32
-	mflo	AT
-	mfhi	t2
-	daddu	v0,AT
-	sltu	t3,v0,AT
-	sd	v0,-24(a0)
-	daddu	v0,t3,t2
-
-	dmultu	ta0,a3
-	mflo	AT
-	mfhi	ta0
-	daddu	v0,AT
-	sltu	ta1,v0,AT
-	sd	v0,-16(a0)
-	daddu	v0,ta1,ta0
-
-
-	dmultu	ta2,a3
-	and	ta0,a2,MINUS4
-	mflo	AT
-	mfhi	ta2
-	daddu	v0,AT
-	sltu	ta3,v0,AT
-	sd	v0,-8(a0)
-	daddu	v0,ta3,ta2
-	.set	noreorder
-	bgtzl	ta0,.L_bn_mul_words_loop
-	ld	t0,0(a1)
-
-	bnezl	a2,.L_bn_mul_words_tail
-	ld	t0,0(a1)
-	.set	reorder
-
-.L_bn_mul_words_return:
-	jr	ra
-
-.L_bn_mul_words_tail:
-	dmultu	t0,a3
-	subu	a2,1
-	mflo	AT
-	mfhi	t0
-	daddu	v0,AT
-	sltu	t1,v0,AT
-	sd	v0,0(a0)
-	daddu	v0,t1,t0
-	beqz	a2,.L_bn_mul_words_return
-
-	ld	t0,8(a1)
-	dmultu	t0,a3
-	subu	a2,1
-	mflo	AT
-	mfhi	t0
-	daddu	v0,AT
-	sltu	t1,v0,AT
-	sd	v0,8(a0)
-	daddu	v0,t1,t0
-	beqz	a2,.L_bn_mul_words_return
-
-	ld	t0,16(a1)
-	dmultu	t0,a3
-	mflo	AT
-	mfhi	t0
-	daddu	v0,AT
-	sltu	t1,v0,AT
-	sd	v0,16(a0)
-	daddu	v0,t1,t0
-	jr	ra
-END(bn_mul_words)
-
-.align	5
-LEAF(bn_sqr_words)
-	.set	noreorder
-	bgtzl	a2,.L_bn_sqr_words_proceed
-	ld	t0,0(a1)
-	jr	ra
-	move	v0,zero
-	.set	reorder
-
-.L_bn_sqr_words_proceed:
-	li	MINUS4,-4
-	and	ta0,a2,MINUS4
-	move	v0,zero
-	beqz	ta0,.L_bn_sqr_words_tail
-
-.L_bn_sqr_words_loop:
-	dmultu	t0,t0
-	ld	t2,8(a1)
-	ld	ta0,16(a1)
-	ld	ta2,24(a1)
-	mflo	t1
-	mfhi	t0
-	sd	t1,0(a0)
-	sd	t0,8(a0)
-
-	dmultu	t2,t2
-	subu	a2,4
-	PTR_ADD	a0,64
-	PTR_ADD	a1,32
-	mflo	t3
-	mfhi	t2
-	sd	t3,-48(a0)
-	sd	t2,-40(a0)
-
-	dmultu	ta0,ta0
-	mflo	ta1
-	mfhi	ta0
-	sd	ta1,-32(a0)
-	sd	ta0,-24(a0)
-
-
-	dmultu	ta2,ta2
-	and	ta0,a2,MINUS4
-	mflo	ta3
-	mfhi	ta2
-	sd	ta3,-16(a0)
-	sd	ta2,-8(a0)
-
-	.set	noreorder
-	bgtzl	ta0,.L_bn_sqr_words_loop
-	ld	t0,0(a1)
-
-	bnezl	a2,.L_bn_sqr_words_tail
-	ld	t0,0(a1)
-	.set	reorder
-
-.L_bn_sqr_words_return:
-	move	v0,zero
-	jr	ra
-
-.L_bn_sqr_words_tail:
-	dmultu	t0,t0
-	subu	a2,1
-	mflo	t1
-	mfhi	t0
-	sd	t1,0(a0)
-	sd	t0,8(a0)
-	beqz	a2,.L_bn_sqr_words_return
-
-	ld	t0,8(a1)
-	dmultu	t0,t0
-	subu	a2,1
-	mflo	t1
-	mfhi	t0
-	sd	t1,16(a0)
-	sd	t0,24(a0)
-	beqz	a2,.L_bn_sqr_words_return
-
-	ld	t0,16(a1)
-	dmultu	t0,t0
-	mflo	t1
-	mfhi	t0
-	sd	t1,32(a0)
-	sd	t0,40(a0)
-	jr	ra
-END(bn_sqr_words)
-
-.align	5
-LEAF(bn_add_words)
-	.set	noreorder
-	bgtzl	a3,.L_bn_add_words_proceed
-	ld	t0,0(a1)
-	jr	ra
-	move	v0,zero
-	.set	reorder
-
-.L_bn_add_words_proceed:
-	li	MINUS4,-4
-	and	AT,a3,MINUS4
-	move	v0,zero
-	beqz	AT,.L_bn_add_words_tail
-
-.L_bn_add_words_loop:
-	ld	ta0,0(a2)
-	subu	a3,4
-	ld	t1,8(a1)
-	and	AT,a3,MINUS4
-	ld	t2,16(a1)
-	PTR_ADD	a2,32
-	ld	t3,24(a1)
-	PTR_ADD	a0,32
-	ld	ta1,-24(a2)
-	PTR_ADD	a1,32
-	ld	ta2,-16(a2)
-	ld	ta3,-8(a2)
-	daddu	ta0,t0
-	sltu	t8,ta0,t0
-	daddu	t0,ta0,v0
-	sltu	v0,t0,ta0
-	sd	t0,-32(a0)
-	daddu	v0,t8
-
-	daddu	ta1,t1
-	sltu	t9,ta1,t1
-	daddu	t1,ta1,v0
-	sltu	v0,t1,ta1
-	sd	t1,-24(a0)
-	daddu	v0,t9
-
-	daddu	ta2,t2
-	sltu	t8,ta2,t2
-	daddu	t2,ta2,v0
-	sltu	v0,t2,ta2
-	sd	t2,-16(a0)
-	daddu	v0,t8
-	
-	daddu	ta3,t3
-	sltu	t9,ta3,t3
-	daddu	t3,ta3,v0
-	sltu	v0,t3,ta3
-	sd	t3,-8(a0)
-	daddu	v0,t9
-	
-	.set	noreorder
-	bgtzl	AT,.L_bn_add_words_loop
-	ld	t0,0(a1)
-
-	bnezl	a3,.L_bn_add_words_tail
-	ld	t0,0(a1)
-	.set	reorder
-
-.L_bn_add_words_return:
-	jr	ra
-
-.L_bn_add_words_tail:
-	ld	ta0,0(a2)
-	daddu	ta0,t0
-	subu	a3,1
-	sltu	t8,ta0,t0
-	daddu	t0,ta0,v0
-	sltu	v0,t0,ta0
-	sd	t0,0(a0)
-	daddu	v0,t8
-	beqz	a3,.L_bn_add_words_return
-
-	ld	t1,8(a1)
-	ld	ta1,8(a2)
-	daddu	ta1,t1
-	subu	a3,1
-	sltu	t9,ta1,t1
-	daddu	t1,ta1,v0
-	sltu	v0,t1,ta1
-	sd	t1,8(a0)
-	daddu	v0,t9
-	beqz	a3,.L_bn_add_words_return
-
-	ld	t2,16(a1)
-	ld	ta2,16(a2)
-	daddu	ta2,t2
-	sltu	t8,ta2,t2
-	daddu	t2,ta2,v0
-	sltu	v0,t2,ta2
-	sd	t2,16(a0)
-	daddu	v0,t8
-	jr	ra
-END(bn_add_words)
-
-.align	5
-LEAF(bn_sub_words)
-	.set	noreorder
-	bgtzl	a3,.L_bn_sub_words_proceed
-	ld	t0,0(a1)
-	jr	ra
-	move	v0,zero
-	.set	reorder
-
-.L_bn_sub_words_proceed:
-	li	MINUS4,-4
-	and	AT,a3,MINUS4
-	move	v0,zero
-	beqz	AT,.L_bn_sub_words_tail
-
-.L_bn_sub_words_loop:
-	ld	ta0,0(a2)
-	subu	a3,4
-	ld	t1,8(a1)
-	and	AT,a3,MINUS4
-	ld	t2,16(a1)
-	PTR_ADD	a2,32
-	ld	t3,24(a1)
-	PTR_ADD	a0,32
-	ld	ta1,-24(a2)
-	PTR_ADD	a1,32
-	ld	ta2,-16(a2)
-	ld	ta3,-8(a2)
-	sltu	t8,t0,ta0
-	dsubu	t0,ta0
-	dsubu	ta0,t0,v0
-	sd	ta0,-32(a0)
-	MOVNZ	(t0,v0,t8)
-
-	sltu	t9,t1,ta1
-	dsubu	t1,ta1
-	dsubu	ta1,t1,v0
-	sd	ta1,-24(a0)
-	MOVNZ	(t1,v0,t9)
-
-
-	sltu	t8,t2,ta2
-	dsubu	t2,ta2
-	dsubu	ta2,t2,v0
-	sd	ta2,-16(a0)
-	MOVNZ	(t2,v0,t8)
-
-	sltu	t9,t3,ta3
-	dsubu	t3,ta3
-	dsubu	ta3,t3,v0
-	sd	ta3,-8(a0)
-	MOVNZ	(t3,v0,t9)
-
-	.set	noreorder
-	bgtzl	AT,.L_bn_sub_words_loop
-	ld	t0,0(a1)
-
-	bnezl	a3,.L_bn_sub_words_tail
-	ld	t0,0(a1)
-	.set	reorder
-
-.L_bn_sub_words_return:
-	jr	ra
-
-.L_bn_sub_words_tail:
-	ld	ta0,0(a2)
-	subu	a3,1
-	sltu	t8,t0,ta0
-	dsubu	t0,ta0
-	dsubu	ta0,t0,v0
-	MOVNZ	(t0,v0,t8)
-	sd	ta0,0(a0)
-	beqz	a3,.L_bn_sub_words_return
-
-	ld	t1,8(a1)
-	subu	a3,1
-	ld	ta1,8(a2)
-	sltu	t9,t1,ta1
-	dsubu	t1,ta1
-	dsubu	ta1,t1,v0
-	MOVNZ	(t1,v0,t9)
-	sd	ta1,8(a0)
-	beqz	a3,.L_bn_sub_words_return
-
-	ld	t2,16(a1)
-	ld	ta2,16(a2)
-	sltu	t8,t2,ta2
-	dsubu	t2,ta2
-	dsubu	ta2,t2,v0
-	MOVNZ	(t2,v0,t8)
-	sd	ta2,16(a0)
-	jr	ra
-END(bn_sub_words)
-
-#undef	MINUS4
-
-.align 5
-LEAF(bn_div_3_words)
-	.set	reorder
-	move	a3,a0		/* we know that bn_div_words doesn't
-				 * touch a3, ta2, ta3 and preserves a2
-				 * so that we can save two arguments
-				 * and return address in registers
-				 * instead of stack:-)
-				 */
-	ld	a0,(a3)
-	move	ta2,a1
-	ld	a1,-8(a3)
-	bne	a0,a2,.L_bn_div_3_words_proceed
-	li	v0,-1
-	jr	ra
-.L_bn_div_3_words_proceed:
-	move	ta3,ra
-	bal	bn_div_words
-	move	ra,ta3
-	dmultu	ta2,v0
-	ld	t2,-16(a3)
-	move	ta0,zero
-	mfhi	t1
-	mflo	t0
-	sltu	t8,t1,v1
-.L_bn_div_3_words_inner_loop:
-	bnez	t8,.L_bn_div_3_words_inner_loop_done
-	sgeu	AT,t2,t0
-	seq	t9,t1,v1
-	and	AT,t9
-	sltu	t3,t0,ta2
-	daddu	v1,a2
-	dsubu	t1,t3
-	dsubu	t0,ta2
-	sltu	t8,t1,v1
-	sltu	ta0,v1,a2
-	or	t8,ta0
-	.set	noreorder
-	beqzl	AT,.L_bn_div_3_words_inner_loop
-	dsubu	v0,1
-	.set	reorder
-.L_bn_div_3_words_inner_loop_done:
-	jr	ra
-END(bn_div_3_words)
-
-.align	5
-LEAF(bn_div_words)
-	.set	noreorder
-	bnezl	a2,.L_bn_div_words_proceed
-	move	v1,zero
-	jr	ra
-	li	v0,-1		/* I'd rather signal div-by-zero
-				 * which can be done with 'break 7' */
-
-.L_bn_div_words_proceed:
-	bltz	a2,.L_bn_div_words_body
-	move	t9,v1
-	dsll	a2,1
-	bgtz	a2,.-4
-	addu	t9,1
-
-	.set	reorder
-	negu	t1,t9
-	li	t2,-1
-	dsll	t2,t1
-	and	t2,a0
-	dsrl	AT,a1,t1
-	.set	noreorder
-	bnezl	t2,.+8
-	break	6		/* signal overflow */
-	.set	reorder
-	dsll	a0,t9
-	dsll	a1,t9
-	or	a0,AT
-
-#define	QT	ta0
-#define	HH	ta1
-#define	DH	v1
-.L_bn_div_words_body:
-	dsrl	DH,a2,32
-	sgeu	AT,a0,a2
-	.set	noreorder
-	bnezl	AT,.+8
-	dsubu	a0,a2
-	.set	reorder
-
-	li	QT,-1
-	dsrl	HH,a0,32
-	dsrl	QT,32	/* q=0xffffffff */
-	beq	DH,HH,.L_bn_div_words_skip_div1
-	ddivu	zero,a0,DH
-	mflo	QT
-.L_bn_div_words_skip_div1:
-	dmultu	a2,QT
-	dsll	t3,a0,32
-	dsrl	AT,a1,32
-	or	t3,AT
-	mflo	t0
-	mfhi	t1
-.L_bn_div_words_inner_loop1:
-	sltu	t2,t3,t0
-	seq	t8,HH,t1
-	sltu	AT,HH,t1
-	and	t2,t8
-	sltu	v0,t0,a2
-	or	AT,t2
-	.set	noreorder
-	beqz	AT,.L_bn_div_words_inner_loop1_done
-	dsubu	t1,v0
-	dsubu	t0,a2
-	b	.L_bn_div_words_inner_loop1
-	dsubu	QT,1
-	.set	reorder
-.L_bn_div_words_inner_loop1_done:
-
-	dsll	a1,32
-	dsubu	a0,t3,t0
-	dsll	v0,QT,32
-
-	li	QT,-1
-	dsrl	HH,a0,32
-	dsrl	QT,32	/* q=0xffffffff */
-	beq	DH,HH,.L_bn_div_words_skip_div2
-	ddivu	zero,a0,DH
-	mflo	QT
-.L_bn_div_words_skip_div2:
-#undef	DH
-	dmultu	a2,QT
-	dsll	t3,a0,32
-	dsrl	AT,a1,32
-	or	t3,AT
-	mflo	t0
-	mfhi	t1
-.L_bn_div_words_inner_loop2:
-	sltu	t2,t3,t0
-	seq	t8,HH,t1
-	sltu	AT,HH,t1
-	and	t2,t8
-	sltu	v1,t0,a2
-	or	AT,t2
-	.set	noreorder
-	beqz	AT,.L_bn_div_words_inner_loop2_done
-	dsubu	t1,v1
-	dsubu	t0,a2
-	b	.L_bn_div_words_inner_loop2
-	dsubu	QT,1
-	.set	reorder
-.L_bn_div_words_inner_loop2_done:	
-#undef	HH
-
-	dsubu	a0,t3,t0
-	or	v0,QT
-	dsrl	v1,a0,t9	/* v1 contains remainder if anybody wants it */
-	dsrl	a2,t9		/* restore a2 */
-	jr	ra
-#undef	QT
-END(bn_div_words)
-
-#define	a_0	t0
-#define	a_1	t1
-#define	a_2	t2
-#define	a_3	t3
-#define	b_0	ta0
-#define	b_1	ta1
-#define	b_2	ta2
-#define	b_3	ta3
-
-#define	a_4	s0
-#define	a_5	s2
-#define	a_6	s4
-#define	a_7	a1	/* once we load a[7] we don't need a anymore */
-#define	b_4	s1
-#define	b_5	s3
-#define	b_6	s5
-#define	b_7	a2	/* once we load b[7] we don't need b anymore */
-
-#define	t_1	t8
-#define	t_2	t9
-
-#define	c_1	v0
-#define	c_2	v1
-#define	c_3	a3
-
-#define	FRAME_SIZE	48
-
-.align	5
-LEAF(bn_mul_comba8)
-	.set	noreorder
-	PTR_SUB	sp,FRAME_SIZE
-	.frame	sp,64,ra
-	.set	reorder
-	ld	a_0,0(a1)	/* If compiled with -mips3 option on
-				 * R5000 box assembler barks on this
-				 * line with "shouldn't have mult/div
-				 * as last instruction in bb (R10K
-				 * bug)" warning. If anybody out there
-				 * has a clue about how to circumvent
-				 * this do send me a note.
-				 *		<appro@fy.chalmers.se>
-				 */
-	ld	b_0,0(a2)
-	ld	a_1,8(a1)
-	ld	a_2,16(a1)
-	ld	a_3,24(a1)
-	ld	b_1,8(a2)
-	ld	b_2,16(a2)
-	ld	b_3,24(a2)
-	dmultu	a_0,b_0		/* mul_add_c(a[0],b[0],c1,c2,c3); */
-	sd	s0,0(sp)
-	sd	s1,8(sp)
-	sd	s2,16(sp)
-	sd	s3,24(sp)
-	sd	s4,32(sp)
-	sd	s5,40(sp)
-	mflo	c_1
-	mfhi	c_2
-
-	dmultu	a_0,b_1		/* mul_add_c(a[0],b[1],c2,c3,c1); */
-	ld	a_4,32(a1)
-	ld	a_5,40(a1)
-	ld	a_6,48(a1)
-	ld	a_7,56(a1)
-	ld	b_4,32(a2)
-	ld	b_5,40(a2)
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_2,t_1
-	sltu	AT,c_2,t_1
-	daddu	c_3,t_2,AT
-	dmultu	a_1,b_0		/* mul_add_c(a[1],b[0],c2,c3,c1); */
-	ld	b_6,48(a2)
-	ld	b_7,56(a2)
-	sd	c_1,0(a0)	/* r[0]=c1; */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_2,t_1
-	sltu	AT,c_2,t_1
-	daddu	t_2,AT
-	daddu	c_3,t_2
-	sltu	c_1,c_3,t_2
-	sd	c_2,8(a0)	/* r[1]=c2; */
-
-	dmultu	a_2,b_0		/* mul_add_c(a[2],b[0],c3,c1,c2); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_3,t_1
-	sltu	AT,c_3,t_1
-	daddu	t_2,AT
-	daddu	c_1,t_2
-	dmultu	a_1,b_1		/* mul_add_c(a[1],b[1],c3,c1,c2); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_3,t_1
-	sltu	AT,c_3,t_1
-	daddu	t_2,AT
-	daddu	c_1,t_2
-	sltu	c_2,c_1,t_2
-	dmultu	a_0,b_2		/* mul_add_c(a[0],b[2],c3,c1,c2); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_3,t_1
-	sltu	AT,c_3,t_1
-	daddu	t_2,AT
-	daddu	c_1,t_2
-	sltu	AT,c_1,t_2
-	daddu	c_2,AT
-	sd	c_3,16(a0)	/* r[2]=c3; */
-
-	dmultu	a_0,b_3		/* mul_add_c(a[0],b[3],c1,c2,c3); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_1,t_1
-	sltu	AT,c_1,t_1
-	daddu	t_2,AT
-	daddu	c_2,t_2
-	sltu	c_3,c_2,t_2
-	dmultu	a_1,b_2		/* mul_add_c(a[1],b[2],c1,c2,c3); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_1,t_1
-	sltu	AT,c_1,t_1
-	daddu	t_2,AT
-	daddu	c_2,t_2
-	sltu	AT,c_2,t_2
-	daddu	c_3,AT
-	dmultu	a_2,b_1		/* mul_add_c(a[2],b[1],c1,c2,c3); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_1,t_1
-	sltu	AT,c_1,t_1
-	daddu	t_2,AT
-	daddu	c_2,t_2
-	sltu	AT,c_2,t_2
-	daddu	c_3,AT
-	dmultu	a_3,b_0		/* mul_add_c(a[3],b[0],c1,c2,c3); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_1,t_1
-	sltu	AT,c_1,t_1
-	daddu	t_2,AT
-	daddu	c_2,t_2
-	sltu	AT,c_2,t_2
-	daddu	c_3,AT
-	sd	c_1,24(a0)	/* r[3]=c1; */
-
-	dmultu	a_4,b_0		/* mul_add_c(a[4],b[0],c2,c3,c1); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_2,t_1
-	sltu	AT,c_2,t_1
-	daddu	t_2,AT
-	daddu	c_3,t_2
-	sltu	c_1,c_3,t_2
-	dmultu	a_3,b_1		/* mul_add_c(a[3],b[1],c2,c3,c1); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_2,t_1
-	sltu	AT,c_2,t_1
-	daddu	t_2,AT
-	daddu	c_3,t_2
-	sltu	AT,c_3,t_2
-	daddu	c_1,AT
-	dmultu	a_2,b_2		/* mul_add_c(a[2],b[2],c2,c3,c1); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_2,t_1
-	sltu	AT,c_2,t_1
-	daddu	t_2,AT
-	daddu	c_3,t_2
-	sltu	AT,c_3,t_2
-	daddu	c_1,AT
-	dmultu	a_1,b_3		/* mul_add_c(a[1],b[3],c2,c3,c1); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_2,t_1
-	sltu	AT,c_2,t_1
-	daddu	t_2,AT
-	daddu	c_3,t_2
-	sltu	AT,c_3,t_2
-	daddu	c_1,AT
-	dmultu	a_0,b_4		/* mul_add_c(a[0],b[4],c2,c3,c1); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_2,t_1
-	sltu	AT,c_2,t_1
-	daddu	t_2,AT
-	daddu	c_3,t_2
-	sltu	AT,c_3,t_2
-	daddu	c_1,AT
-	sd	c_2,32(a0)	/* r[4]=c2; */
-
-	dmultu	a_0,b_5		/* mul_add_c(a[0],b[5],c3,c1,c2); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_3,t_1
-	sltu	AT,c_3,t_1
-	daddu	t_2,AT
-	daddu	c_1,t_2
-	sltu	c_2,c_1,t_2
-	dmultu	a_1,b_4		/* mul_add_c(a[1],b[4],c3,c1,c2); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_3,t_1
-	sltu	AT,c_3,t_1
-	daddu	t_2,AT
-	daddu	c_1,t_2
-	sltu	AT,c_1,t_2
-	daddu	c_2,AT
-	dmultu	a_2,b_3		/* mul_add_c(a[2],b[3],c3,c1,c2); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_3,t_1
-	sltu	AT,c_3,t_1
-	daddu	t_2,AT
-	daddu	c_1,t_2
-	sltu	AT,c_1,t_2
-	daddu	c_2,AT
-	dmultu	a_3,b_2		/* mul_add_c(a[3],b[2],c3,c1,c2); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_3,t_1
-	sltu	AT,c_3,t_1
-	daddu	t_2,AT
-	daddu	c_1,t_2
-	sltu	AT,c_1,t_2
-	daddu	c_2,AT
-	dmultu	a_4,b_1		/* mul_add_c(a[4],b[1],c3,c1,c2); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_3,t_1
-	sltu	AT,c_3,t_1
-	daddu	t_2,AT
-	daddu	c_1,t_2
-	sltu	AT,c_1,t_2
-	daddu	c_2,AT
-	dmultu	a_5,b_0		/* mul_add_c(a[5],b[0],c3,c1,c2); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_3,t_1
-	sltu	AT,c_3,t_1
-	daddu	t_2,AT
-	daddu	c_1,t_2
-	sltu	AT,c_1,t_2
-	daddu	c_2,AT
-	sd	c_3,40(a0)	/* r[5]=c3; */
-
-	dmultu	a_6,b_0		/* mul_add_c(a[6],b[0],c1,c2,c3); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_1,t_1
-	sltu	AT,c_1,t_1
-	daddu	t_2,AT
-	daddu	c_2,t_2
-	sltu	c_3,c_2,t_2
-	dmultu	a_5,b_1		/* mul_add_c(a[5],b[1],c1,c2,c3); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_1,t_1
-	sltu	AT,c_1,t_1
-	daddu	t_2,AT
-	daddu	c_2,t_2
-	sltu	AT,c_2,t_2
-	daddu	c_3,AT
-	dmultu	a_4,b_2		/* mul_add_c(a[4],b[2],c1,c2,c3); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_1,t_1
-	sltu	AT,c_1,t_1
-	daddu	t_2,AT
-	daddu	c_2,t_2
-	sltu	AT,c_2,t_2
-	daddu	c_3,AT
-	dmultu	a_3,b_3		/* mul_add_c(a[3],b[3],c1,c2,c3); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_1,t_1
-	sltu	AT,c_1,t_1
-	daddu	t_2,AT
-	daddu	c_2,t_2
-	sltu	AT,c_2,t_2
-	daddu	c_3,AT
-	dmultu	a_2,b_4		/* mul_add_c(a[2],b[4],c1,c2,c3); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_1,t_1
-	sltu	AT,c_1,t_1
-	daddu	t_2,AT
-	daddu	c_2,t_2
-	sltu	AT,c_2,t_2
-	daddu	c_3,AT
-	dmultu	a_1,b_5		/* mul_add_c(a[1],b[5],c1,c2,c3); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_1,t_1
-	sltu	AT,c_1,t_1
-	daddu	t_2,AT
-	daddu	c_2,t_2
-	sltu	AT,c_2,t_2
-	daddu	c_3,AT
-	dmultu	a_0,b_6		/* mul_add_c(a[0],b[6],c1,c2,c3); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_1,t_1
-	sltu	AT,c_1,t_1
-	daddu	t_2,AT
-	daddu	c_2,t_2
-	sltu	AT,c_2,t_2
-	daddu	c_3,AT
-	sd	c_1,48(a0)	/* r[6]=c1; */
-
-	dmultu	a_0,b_7		/* mul_add_c(a[0],b[7],c2,c3,c1); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_2,t_1
-	sltu	AT,c_2,t_1
-	daddu	t_2,AT
-	daddu	c_3,t_2
-	sltu	c_1,c_3,t_2
-	dmultu	a_1,b_6		/* mul_add_c(a[1],b[6],c2,c3,c1); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_2,t_1
-	sltu	AT,c_2,t_1
-	daddu	t_2,AT
-	daddu	c_3,t_2
-	sltu	AT,c_3,t_2
-	daddu	c_1,AT
-	dmultu	a_2,b_5		/* mul_add_c(a[2],b[5],c2,c3,c1); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_2,t_1
-	sltu	AT,c_2,t_1
-	daddu	t_2,AT
-	daddu	c_3,t_2
-	sltu	AT,c_3,t_2
-	daddu	c_1,AT
-	dmultu	a_3,b_4		/* mul_add_c(a[3],b[4],c2,c3,c1); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_2,t_1
-	sltu	AT,c_2,t_1
-	daddu	t_2,AT
-	daddu	c_3,t_2
-	sltu	AT,c_3,t_2
-	daddu	c_1,AT
-	dmultu	a_4,b_3		/* mul_add_c(a[4],b[3],c2,c3,c1); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_2,t_1
-	sltu	AT,c_2,t_1
-	daddu	t_2,AT
-	daddu	c_3,t_2
-	sltu	AT,c_3,t_2
-	daddu	c_1,AT
-	dmultu	a_5,b_2		/* mul_add_c(a[5],b[2],c2,c3,c1); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_2,t_1
-	sltu	AT,c_2,t_1
-	daddu	t_2,AT
-	daddu	c_3,t_2
-	sltu	AT,c_3,t_2
-	daddu	c_1,AT
-	dmultu	a_6,b_1		/* mul_add_c(a[6],b[1],c2,c3,c1); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_2,t_1
-	sltu	AT,c_2,t_1
-	daddu	t_2,AT
-	daddu	c_3,t_2
-	sltu	AT,c_3,t_2
-	daddu	c_1,AT
-	dmultu	a_7,b_0		/* mul_add_c(a[7],b[0],c2,c3,c1); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_2,t_1
-	sltu	AT,c_2,t_1
-	daddu	t_2,AT
-	daddu	c_3,t_2
-	sltu	AT,c_3,t_2
-	daddu	c_1,AT
-	sd	c_2,56(a0)	/* r[7]=c2; */
-
-	dmultu	a_7,b_1		/* mul_add_c(a[7],b[1],c3,c1,c2); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_3,t_1
-	sltu	AT,c_3,t_1
-	daddu	t_2,AT
-	daddu	c_1,t_2
-	sltu	c_2,c_1,t_2
-	dmultu	a_6,b_2		/* mul_add_c(a[6],b[2],c3,c1,c2); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_3,t_1
-	sltu	AT,c_3,t_1
-	daddu	t_2,AT
-	daddu	c_1,t_2
-	sltu	AT,c_1,t_2
-	daddu	c_2,AT
-	dmultu	a_5,b_3		/* mul_add_c(a[5],b[3],c3,c1,c2); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_3,t_1
-	sltu	AT,c_3,t_1
-	daddu	t_2,AT
-	daddu	c_1,t_2
-	sltu	AT,c_1,t_2
-	daddu	c_2,AT
-	dmultu	a_4,b_4		/* mul_add_c(a[4],b[4],c3,c1,c2); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_3,t_1
-	sltu	AT,c_3,t_1
-	daddu	t_2,AT
-	daddu	c_1,t_2
-	sltu	AT,c_1,t_2
-	daddu	c_2,AT
-	dmultu	a_3,b_5		/* mul_add_c(a[3],b[5],c3,c1,c2); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_3,t_1
-	sltu	AT,c_3,t_1
-	daddu	t_2,AT
-	daddu	c_1,t_2
-	sltu	AT,c_1,t_2
-	daddu	c_2,AT
-	dmultu	a_2,b_6		/* mul_add_c(a[2],b[6],c3,c1,c2); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_3,t_1
-	sltu	AT,c_3,t_1
-	daddu	t_2,AT
-	daddu	c_1,t_2
-	sltu	AT,c_1,t_2
-	daddu	c_2,AT
-	dmultu	a_1,b_7		/* mul_add_c(a[1],b[7],c3,c1,c2); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_3,t_1
-	sltu	AT,c_3,t_1
-	daddu	t_2,AT
-	daddu	c_1,t_2
-	sltu	AT,c_1,t_2
-	daddu	c_2,AT
-	sd	c_3,64(a0)	/* r[8]=c3; */
-
-	dmultu	a_2,b_7		/* mul_add_c(a[2],b[7],c1,c2,c3); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_1,t_1
-	sltu	AT,c_1,t_1
-	daddu	t_2,AT
-	daddu	c_2,t_2
-	sltu	c_3,c_2,t_2
-	dmultu	a_3,b_6		/* mul_add_c(a[3],b[6],c1,c2,c3); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_1,t_1
-	sltu	AT,c_1,t_1
-	daddu	t_2,AT
-	daddu	c_2,t_2
-	sltu	AT,c_2,t_2
-	daddu	c_3,AT
-	dmultu	a_4,b_5		/* mul_add_c(a[4],b[5],c1,c2,c3); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_1,t_1
-	sltu	AT,c_1,t_1
-	daddu	t_2,AT
-	daddu	c_2,t_2
-	sltu	AT,c_2,t_2
-	daddu	c_3,AT
-	dmultu	a_5,b_4		/* mul_add_c(a[5],b[4],c1,c2,c3); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_1,t_1
-	sltu	AT,c_1,t_1
-	daddu	t_2,AT
-	daddu	c_2,t_2
-	sltu	AT,c_2,t_2
-	daddu	c_3,AT
-	dmultu	a_6,b_3		/* mul_add_c(a[6],b[3],c1,c2,c3); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_1,t_1
-	sltu	AT,c_1,t_1
-	daddu	t_2,AT
-	daddu	c_2,t_2
-	sltu	AT,c_2,t_2
-	daddu	c_3,AT
-	dmultu	a_7,b_2		/* mul_add_c(a[7],b[2],c1,c2,c3); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_1,t_1
-	sltu	AT,c_1,t_1
-	daddu	t_2,AT
-	daddu	c_2,t_2
-	sltu	AT,c_2,t_2
-	daddu	c_3,AT
-	sd	c_1,72(a0)	/* r[9]=c1; */
-
-	dmultu	a_7,b_3		/* mul_add_c(a[7],b[3],c2,c3,c1); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_2,t_1
-	sltu	AT,c_2,t_1
-	daddu	t_2,AT
-	daddu	c_3,t_2
-	sltu	c_1,c_3,t_2
-	dmultu	a_6,b_4		/* mul_add_c(a[6],b[4],c2,c3,c1); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_2,t_1
-	sltu	AT,c_2,t_1
-	daddu	t_2,AT
-	daddu	c_3,t_2
-	sltu	AT,c_3,t_2
-	daddu	c_1,AT
-	dmultu	a_5,b_5		/* mul_add_c(a[5],b[5],c2,c3,c1); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_2,t_1
-	sltu	AT,c_2,t_1
-	daddu	t_2,AT
-	daddu	c_3,t_2
-	sltu	AT,c_3,t_2
-	daddu	c_1,AT
-	dmultu	a_4,b_6		/* mul_add_c(a[4],b[6],c2,c3,c1); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_2,t_1
-	sltu	AT,c_2,t_1
-	daddu	t_2,AT
-	daddu	c_3,t_2
-	sltu	AT,c_3,t_2
-	daddu	c_1,AT
-	dmultu	a_3,b_7		/* mul_add_c(a[3],b[7],c2,c3,c1); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_2,t_1
-	sltu	AT,c_2,t_1
-	daddu	t_2,AT
-	daddu	c_3,t_2
-	sltu	AT,c_3,t_2
-	daddu	c_1,AT
-	sd	c_2,80(a0)	/* r[10]=c2; */
-
-	dmultu	a_4,b_7		/* mul_add_c(a[4],b[7],c3,c1,c2); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_3,t_1
-	sltu	AT,c_3,t_1
-	daddu	t_2,AT
-	daddu	c_1,t_2
-	sltu	c_2,c_1,t_2
-	dmultu	a_5,b_6		/* mul_add_c(a[5],b[6],c3,c1,c2); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_3,t_1
-	sltu	AT,c_3,t_1
-	daddu	t_2,AT
-	daddu	c_1,t_2
-	sltu	AT,c_1,t_2
-	daddu	c_2,AT
-	dmultu	a_6,b_5		/* mul_add_c(a[6],b[5],c3,c1,c2); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_3,t_1
-	sltu	AT,c_3,t_1
-	daddu	t_2,AT
-	daddu	c_1,t_2
-	sltu	AT,c_1,t_2
-	daddu	c_2,AT
-	dmultu	a_7,b_4		/* mul_add_c(a[7],b[4],c3,c1,c2); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_3,t_1
-	sltu	AT,c_3,t_1
-	daddu	t_2,AT
-	daddu	c_1,t_2
-	sltu	AT,c_1,t_2
-	daddu	c_2,AT
-	sd	c_3,88(a0)	/* r[11]=c3; */
-
-	dmultu	a_7,b_5		/* mul_add_c(a[7],b[5],c1,c2,c3); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_1,t_1
-	sltu	AT,c_1,t_1
-	daddu	t_2,AT
-	daddu	c_2,t_2
-	sltu	c_3,c_2,t_2
-	dmultu	a_6,b_6		/* mul_add_c(a[6],b[6],c1,c2,c3); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_1,t_1
-	sltu	AT,c_1,t_1
-	daddu	t_2,AT
-	daddu	c_2,t_2
-	sltu	AT,c_2,t_2
-	daddu	c_3,AT
-	dmultu	a_5,b_7		/* mul_add_c(a[5],b[7],c1,c2,c3); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_1,t_1
-	sltu	AT,c_1,t_1
-	daddu	t_2,AT
-	daddu	c_2,t_2
-	sltu	AT,c_2,t_2
-	daddu	c_3,AT
-	sd	c_1,96(a0)	/* r[12]=c1; */
-
-	dmultu	a_6,b_7		/* mul_add_c(a[6],b[7],c2,c3,c1); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_2,t_1
-	sltu	AT,c_2,t_1
-	daddu	t_2,AT
-	daddu	c_3,t_2
-	sltu	c_1,c_3,t_2
-	dmultu	a_7,b_6		/* mul_add_c(a[7],b[6],c2,c3,c1); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_2,t_1
-	sltu	AT,c_2,t_1
-	daddu	t_2,AT
-	daddu	c_3,t_2
-	sltu	AT,c_3,t_2
-	daddu	c_1,AT
-	sd	c_2,104(a0)	/* r[13]=c2; */
-
-	dmultu	a_7,b_7		/* mul_add_c(a[7],b[7],c3,c1,c2); */
-	ld	s0,0(sp)
-	ld	s1,8(sp)
-	ld	s2,16(sp)
-	ld	s3,24(sp)
-	ld	s4,32(sp)
-	ld	s5,40(sp)
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_3,t_1
-	sltu	AT,c_3,t_1
-	daddu	t_2,AT
-	daddu	c_1,t_2
-	sd	c_3,112(a0)	/* r[14]=c3; */
-	sd	c_1,120(a0)	/* r[15]=c1; */
-
-	PTR_ADD	sp,FRAME_SIZE
-
-	jr	ra
-END(bn_mul_comba8)
-
-.align	5
-LEAF(bn_mul_comba4)
-	.set	reorder
-	ld	a_0,0(a1)
-	ld	b_0,0(a2)
-	ld	a_1,8(a1)
-	ld	a_2,16(a1)
-	dmultu	a_0,b_0		/* mul_add_c(a[0],b[0],c1,c2,c3); */
-	ld	a_3,24(a1)
-	ld	b_1,8(a2)
-	ld	b_2,16(a2)
-	ld	b_3,24(a2)
-	mflo	c_1
-	mfhi	c_2
-	sd	c_1,0(a0)
-
-	dmultu	a_0,b_1		/* mul_add_c(a[0],b[1],c2,c3,c1); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_2,t_1
-	sltu	AT,c_2,t_1
-	daddu	c_3,t_2,AT
-	dmultu	a_1,b_0		/* mul_add_c(a[1],b[0],c2,c3,c1); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_2,t_1
-	sltu	AT,c_2,t_1
-	daddu	t_2,AT
-	daddu	c_3,t_2
-	sltu	c_1,c_3,t_2
-	sd	c_2,8(a0)
-
-	dmultu	a_2,b_0		/* mul_add_c(a[2],b[0],c3,c1,c2); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_3,t_1
-	sltu	AT,c_3,t_1
-	daddu	t_2,AT
-	daddu	c_1,t_2
-	dmultu	a_1,b_1		/* mul_add_c(a[1],b[1],c3,c1,c2); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_3,t_1
-	sltu	AT,c_3,t_1
-	daddu	t_2,AT
-	daddu	c_1,t_2
-	sltu	c_2,c_1,t_2
-	dmultu	a_0,b_2		/* mul_add_c(a[0],b[2],c3,c1,c2); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_3,t_1
-	sltu	AT,c_3,t_1
-	daddu	t_2,AT
-	daddu	c_1,t_2
-	sltu	AT,c_1,t_2
-	daddu	c_2,AT
-	sd	c_3,16(a0)
-
-	dmultu	a_0,b_3		/* mul_add_c(a[0],b[3],c1,c2,c3); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_1,t_1
-	sltu	AT,c_1,t_1
-	daddu	t_2,AT
-	daddu	c_2,t_2
-	sltu	c_3,c_2,t_2
-	dmultu	a_1,b_2		/* mul_add_c(a[1],b[2],c1,c2,c3); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_1,t_1
-	sltu	AT,c_1,t_1
-	daddu	t_2,AT
-	daddu	c_2,t_2
-	sltu	AT,c_2,t_2
-	daddu	c_3,AT
-	dmultu	a_2,b_1		/* mul_add_c(a[2],b[1],c1,c2,c3); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_1,t_1
-	sltu	AT,c_1,t_1
-	daddu	t_2,AT
-	daddu	c_2,t_2
-	sltu	AT,c_2,t_2
-	daddu	c_3,AT
-	dmultu	a_3,b_0		/* mul_add_c(a[3],b[0],c1,c2,c3); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_1,t_1
-	sltu	AT,c_1,t_1
-	daddu	t_2,AT
-	daddu	c_2,t_2
-	sltu	AT,c_2,t_2
-	daddu	c_3,AT
-	sd	c_1,24(a0)
-
-	dmultu	a_3,b_1		/* mul_add_c(a[3],b[1],c2,c3,c1); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_2,t_1
-	sltu	AT,c_2,t_1
-	daddu	t_2,AT
-	daddu	c_3,t_2
-	sltu	c_1,c_3,t_2
-	dmultu	a_2,b_2		/* mul_add_c(a[2],b[2],c2,c3,c1); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_2,t_1
-	sltu	AT,c_2,t_1
-	daddu	t_2,AT
-	daddu	c_3,t_2
-	sltu	AT,c_3,t_2
-	daddu	c_1,AT
-	dmultu	a_1,b_3		/* mul_add_c(a[1],b[3],c2,c3,c1); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_2,t_1
-	sltu	AT,c_2,t_1
-	daddu	t_2,AT
-	daddu	c_3,t_2
-	sltu	AT,c_3,t_2
-	daddu	c_1,AT
-	sd	c_2,32(a0)
-
-	dmultu	a_2,b_3		/* mul_add_c(a[2],b[3],c3,c1,c2); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_3,t_1
-	sltu	AT,c_3,t_1
-	daddu	t_2,AT
-	daddu	c_1,t_2
-	sltu	c_2,c_1,t_2
-	dmultu	a_3,b_2		/* mul_add_c(a[3],b[2],c3,c1,c2); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_3,t_1
-	sltu	AT,c_3,t_1
-	daddu	t_2,AT
-	daddu	c_1,t_2
-	sltu	AT,c_1,t_2
-	daddu	c_2,AT
-	sd	c_3,40(a0)
-
-	dmultu	a_3,b_3		/* mul_add_c(a[3],b[3],c1,c2,c3); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_1,t_1
-	sltu	AT,c_1,t_1
-	daddu	t_2,AT
-	daddu	c_2,t_2
-	sd	c_1,48(a0)
-	sd	c_2,56(a0)
-
-	jr	ra
-END(bn_mul_comba4)
-
-#undef	a_4
-#undef	a_5
-#undef	a_6
-#undef	a_7
-#define	a_4	b_0
-#define	a_5	b_1
-#define	a_6	b_2
-#define	a_7	b_3
-
-.align	5
-LEAF(bn_sqr_comba8)
-	.set	reorder
-	ld	a_0,0(a1)
-	ld	a_1,8(a1)
-	ld	a_2,16(a1)
-	ld	a_3,24(a1)
-
-	dmultu	a_0,a_0		/* mul_add_c(a[0],b[0],c1,c2,c3); */
-	ld	a_4,32(a1)
-	ld	a_5,40(a1)
-	ld	a_6,48(a1)
-	ld	a_7,56(a1)
-	mflo	c_1
-	mfhi	c_2
-	sd	c_1,0(a0)
-
-	dmultu	a_0,a_1		/* mul_add_c2(a[0],b[1],c2,c3,c1); */
-	mflo	t_1
-	mfhi	t_2
-	slt	c_1,t_2,zero
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
-	daddu	c_2,t_1
-	sltu	AT,c_2,t_1
-	daddu	c_3,t_2,AT
-	sd	c_2,8(a0)
-
-	dmultu	a_2,a_0		/* mul_add_c2(a[2],b[0],c3,c1,c2); */
-	mflo	t_1
-	mfhi	t_2
-	slt	c_2,t_2,zero
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
-	daddu	c_3,t_1
-	sltu	AT,c_3,t_1
-	daddu	t_2,AT
-	daddu	c_1,t_2
-	sltu	AT,c_1,t_2
-	daddu	c_2,AT
-	dmultu	a_1,a_1		/* mul_add_c(a[1],b[1],c3,c1,c2); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_3,t_1
-	sltu	AT,c_3,t_1
-	daddu	t_2,AT
-	daddu	c_1,t_2
-	sltu	AT,c_1,t_2
-	daddu	c_2,AT
-	sd	c_3,16(a0)
-
-	dmultu	a_0,a_3		/* mul_add_c2(a[0],b[3],c1,c2,c3); */
-	mflo	t_1
-	mfhi	t_2
-	slt	c_3,t_2,zero
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
-	daddu	c_1,t_1
-	sltu	AT,c_1,t_1
-	daddu	t_2,AT
-	daddu	c_2,t_2
-	sltu	AT,c_2,t_2
-	daddu	c_3,AT
-	dmultu	a_1,a_2		/* mul_add_c2(a[1],b[2],c1,c2,c3); */
-	mflo	t_1
-	mfhi	t_2
-	slt	AT,t_2,zero
-	daddu	c_3,AT
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
-	daddu	c_1,t_1
-	sltu	AT,c_1,t_1
-	daddu	t_2,AT
-	daddu	c_2,t_2
-	sltu	AT,c_2,t_2
-	daddu	c_3,AT
-	sd	c_1,24(a0)
-
-	dmultu	a_4,a_0		/* mul_add_c2(a[4],b[0],c2,c3,c1); */
-	mflo	t_1
-	mfhi	t_2
-	slt	c_1,t_2,zero
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
-	daddu	c_2,t_1
-	sltu	AT,c_2,t_1
-	daddu	t_2,AT
-	daddu	c_3,t_2
-	sltu	AT,c_3,t_2
-	daddu	c_1,AT
-	dmultu	a_3,a_1		/* mul_add_c2(a[3],b[1],c2,c3,c1); */
-	mflo	t_1
-	mfhi	t_2
-	slt	AT,t_2,zero
-	daddu	c_1,AT
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
-	daddu	c_2,t_1
-	sltu	AT,c_2,t_1
-	daddu	t_2,AT
-	daddu	c_3,t_2
-	sltu	AT,c_3,t_2
-	daddu	c_1,AT
-	dmultu	a_2,a_2		/* mul_add_c(a[2],b[2],c2,c3,c1); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_2,t_1
-	sltu	AT,c_2,t_1
-	daddu	t_2,AT
-	daddu	c_3,t_2
-	sltu	AT,c_3,t_2
-	daddu	c_1,AT
-	sd	c_2,32(a0)
-
-	dmultu	a_0,a_5		/* mul_add_c2(a[0],b[5],c3,c1,c2); */
-	mflo	t_1
-	mfhi	t_2
-	slt	c_2,t_2,zero
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
-	daddu	c_3,t_1
-	sltu	AT,c_3,t_1
-	daddu	t_2,AT
-	daddu	c_1,t_2
-	sltu	AT,c_1,t_2
-	daddu	c_2,AT
-	dmultu	a_1,a_4		/* mul_add_c2(a[1],b[4],c3,c1,c2); */
-	mflo	t_1
-	mfhi	t_2
-	slt	AT,t_2,zero
-	daddu	c_2,AT
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
-	daddu	c_3,t_1
-	sltu	AT,c_3,t_1
-	daddu	t_2,AT
-	daddu	c_1,t_2
-	sltu	AT,c_1,t_2
-	daddu	c_2,AT
-	dmultu	a_2,a_3		/* mul_add_c2(a[2],b[3],c3,c1,c2); */
-	mflo	t_1
-	mfhi	t_2
-	slt	AT,t_2,zero
-	daddu	c_2,AT
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
-	daddu	c_3,t_1
-	sltu	AT,c_3,t_1
-	daddu	t_2,AT
-	daddu	c_1,t_2
-	sltu	AT,c_1,t_2
-	daddu	c_2,AT
-	sd	c_3,40(a0)
-
-	dmultu	a_6,a_0		/* mul_add_c2(a[6],b[0],c1,c2,c3); */
-	mflo	t_1
-	mfhi	t_2
-	slt	c_3,t_2,zero
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
-	daddu	c_1,t_1
-	sltu	AT,c_1,t_1
-	daddu	t_2,AT
-	daddu	c_2,t_2
-	sltu	AT,c_2,t_2
-	daddu	c_3,AT
-	dmultu	a_5,a_1		/* mul_add_c2(a[5],b[1],c1,c2,c3); */
-	mflo	t_1
-	mfhi	t_2
-	slt	AT,t_2,zero
-	daddu	c_3,AT
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
-	daddu	c_1,t_1
-	sltu	AT,c_1,t_1
-	daddu	t_2,AT
-	daddu	c_2,t_2
-	sltu	AT,c_2,t_2
-	daddu	c_3,AT
-	dmultu	a_4,a_2		/* mul_add_c2(a[4],b[2],c1,c2,c3); */
-	mflo	t_1
-	mfhi	t_2
-	slt	AT,t_2,zero
-	daddu	c_3,AT
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
-	daddu	c_1,t_1
-	sltu	AT,c_1,t_1
-	daddu	t_2,AT
-	daddu	c_2,t_2
-	sltu	AT,c_2,t_2
-	daddu	c_3,AT
-	dmultu	a_3,a_3		/* mul_add_c(a[3],b[3],c1,c2,c3); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_1,t_1
-	sltu	AT,c_1,t_1
-	daddu	t_2,AT
-	daddu	c_2,t_2
-	sltu	AT,c_2,t_2
-	daddu	c_3,AT
-	sd	c_1,48(a0)
-
-	dmultu	a_0,a_7		/* mul_add_c2(a[0],b[7],c2,c3,c1); */
-	mflo	t_1
-	mfhi	t_2
-	slt	c_1,t_2,zero
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
-	daddu	c_2,t_1
-	sltu	AT,c_2,t_1
-	daddu	t_2,AT
-	daddu	c_3,t_2
-	sltu	AT,c_3,t_2
-	daddu	c_1,AT
-	dmultu	a_1,a_6		/* mul_add_c2(a[1],b[6],c2,c3,c1); */
-	mflo	t_1
-	mfhi	t_2
-	slt	AT,t_2,zero
-	daddu	c_1,AT
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
-	daddu	c_2,t_1
-	sltu	AT,c_2,t_1
-	daddu	t_2,AT
-	daddu	c_3,t_2
-	sltu	AT,c_3,t_2
-	daddu	c_1,AT
-	dmultu	a_2,a_5		/* mul_add_c2(a[2],b[5],c2,c3,c1); */
-	mflo	t_1
-	mfhi	t_2
-	slt	AT,t_2,zero
-	daddu	c_1,AT
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
-	daddu	c_2,t_1
-	sltu	AT,c_2,t_1
-	daddu	t_2,AT
-	daddu	c_3,t_2
-	sltu	AT,c_3,t_2
-	daddu	c_1,AT
-	dmultu	a_3,a_4		/* mul_add_c2(a[3],b[4],c2,c3,c1); */
-	mflo	t_1
-	mfhi	t_2
-	slt	AT,t_2,zero
-	daddu	c_1,AT
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
-	daddu	c_2,t_1
-	sltu	AT,c_2,t_1
-	daddu	t_2,AT
-	daddu	c_3,t_2
-	sltu	AT,c_3,t_2
-	daddu	c_1,AT
-	sd	c_2,56(a0)
-
-	dmultu	a_7,a_1		/* mul_add_c2(a[7],b[1],c3,c1,c2); */
-	mflo	t_1
-	mfhi	t_2
-	slt	c_2,t_2,zero
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
-	daddu	c_3,t_1
-	sltu	AT,c_3,t_1
-	daddu	t_2,AT
-	daddu	c_1,t_2
-	sltu	AT,c_1,t_2
-	daddu	c_2,AT
-	dmultu	a_6,a_2		/* mul_add_c2(a[6],b[2],c3,c1,c2); */
-	mflo	t_1
-	mfhi	t_2
-	slt	AT,t_2,zero
-	daddu	c_2,AT
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
-	daddu	c_3,t_1
-	sltu	AT,c_3,t_1
-	daddu	t_2,AT
-	daddu	c_1,t_2
-	sltu	AT,c_1,t_2
-	daddu	c_2,AT
-	dmultu	a_5,a_3		/* mul_add_c2(a[5],b[3],c3,c1,c2); */
-	mflo	t_1
-	mfhi	t_2
-	slt	AT,t_2,zero
-	daddu	c_2,AT
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
-	daddu	c_3,t_1
-	sltu	AT,c_3,t_1
-	daddu	t_2,AT
-	daddu	c_1,t_2
-	sltu	AT,c_1,t_2
-	daddu	c_2,AT
-	dmultu	a_4,a_4		/* mul_add_c(a[4],b[4],c3,c1,c2); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_3,t_1
-	sltu	AT,c_3,t_1
-	daddu	t_2,AT
-	daddu	c_1,t_2
-	sltu	AT,c_1,t_2
-	daddu	c_2,AT
-	sd	c_3,64(a0)
-
-	dmultu	a_2,a_7		/* mul_add_c2(a[2],b[7],c1,c2,c3); */
-	mflo	t_1
-	mfhi	t_2
-	slt	c_3,t_2,zero
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
-	daddu	c_1,t_1
-	sltu	AT,c_1,t_1
-	daddu	t_2,AT
-	daddu	c_2,t_2
-	sltu	AT,c_2,t_2
-	daddu	c_3,AT
-	dmultu	a_3,a_6		/* mul_add_c2(a[3],b[6],c1,c2,c3); */
-	mflo	t_1
-	mfhi	t_2
-	slt	AT,t_2,zero
-	daddu	c_3,AT
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
-	daddu	c_1,t_1
-	sltu	AT,c_1,t_1
-	daddu	t_2,AT
-	daddu	c_2,t_2
-	sltu	AT,c_2,t_2
-	daddu	c_3,AT
-	dmultu	a_4,a_5		/* mul_add_c2(a[4],b[5],c1,c2,c3); */
-	mflo	t_1
-	mfhi	t_2
-	slt	AT,t_2,zero
-	daddu	c_3,AT
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
-	daddu	c_1,t_1
-	sltu	AT,c_1,t_1
-	daddu	t_2,AT
-	daddu	c_2,t_2
-	sltu	AT,c_2,t_2
-	daddu	c_3,AT
-	sd	c_1,72(a0)
-
-	dmultu	a_7,a_3		/* mul_add_c2(a[7],b[3],c2,c3,c1); */
-	mflo	t_1
-	mfhi	t_2
-	slt	c_1,t_2,zero
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
-	daddu	c_2,t_1
-	sltu	AT,c_2,t_1
-	daddu	t_2,AT
-	daddu	c_3,t_2
-	sltu	AT,c_3,t_2
-	daddu	c_1,AT
-	dmultu	a_6,a_4		/* mul_add_c2(a[6],b[4],c2,c3,c1); */
-	mflo	t_1
-	mfhi	t_2
-	slt	AT,t_2,zero
-	daddu	c_1,AT
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
-	daddu	c_2,t_1
-	sltu	AT,c_2,t_1
-	daddu	t_2,AT
-	daddu	c_3,t_2
-	sltu	AT,c_3,t_2
-	daddu	c_1,AT
-	dmultu	a_5,a_5		/* mul_add_c(a[5],b[5],c2,c3,c1); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_2,t_1
-	sltu	AT,c_2,t_1
-	daddu	t_2,AT
-	daddu	c_3,t_2
-	sltu	AT,c_3,t_2
-	daddu	c_1,AT
-	sd	c_2,80(a0)
-
-	dmultu	a_4,a_7		/* mul_add_c2(a[4],b[7],c3,c1,c2); */
-	mflo	t_1
-	mfhi	t_2
-	slt	c_2,t_2,zero
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
-	daddu	c_3,t_1
-	sltu	AT,c_3,t_1
-	daddu	t_2,AT
-	daddu	c_1,t_2
-	sltu	AT,c_1,t_2
-	daddu	c_2,AT
-	dmultu	a_5,a_6		/* mul_add_c2(a[5],b[6],c3,c1,c2); */
-	mflo	t_1
-	mfhi	t_2
-	slt	AT,t_2,zero
-	daddu	c_2,AT
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
-	daddu	c_3,t_1
-	sltu	AT,c_3,t_1
-	daddu	t_2,AT
-	daddu	c_1,t_2
-	sltu	AT,c_1,t_2
-	daddu	c_2,AT
-	sd	c_3,88(a0)
-
-	dmultu	a_7,a_5		/* mul_add_c2(a[7],b[5],c1,c2,c3); */
-	mflo	t_1
-	mfhi	t_2
-	slt	c_3,t_2,zero
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
-	daddu	c_1,t_1
-	sltu	AT,c_1,t_1
-	daddu	t_2,AT
-	daddu	c_2,t_2
-	sltu	AT,c_2,t_2
-	daddu	c_3,AT
-	dmultu	a_6,a_6		/* mul_add_c(a[6],b[6],c1,c2,c3); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_1,t_1
-	sltu	AT,c_1,t_1
-	daddu	t_2,AT
-	daddu	c_2,t_2
-	sltu	AT,c_2,t_2
-	daddu	c_3,AT
-	sd	c_1,96(a0)
-
-	dmultu	a_6,a_7		/* mul_add_c2(a[6],b[7],c2,c3,c1); */
-	mflo	t_1
-	mfhi	t_2
-	slt	c_1,t_2,zero
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
-	daddu	c_2,t_1
-	sltu	AT,c_2,t_1
-	daddu	t_2,AT
-	daddu	c_3,t_2
-	sltu	AT,c_3,t_2
-	daddu	c_1,AT
-	sd	c_2,104(a0)
-
-	dmultu	a_7,a_7		/* mul_add_c(a[7],b[7],c3,c1,c2); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_3,t_1
-	sltu	AT,c_3,t_1
-	daddu	t_2,AT
-	daddu	c_1,t_2
-	sd	c_3,112(a0)
-	sd	c_1,120(a0)
-
-	jr	ra
-END(bn_sqr_comba8)
-
-.align	5
-LEAF(bn_sqr_comba4)
-	.set	reorder
-	ld	a_0,0(a1)
-	ld	a_1,8(a1)
-	ld	a_2,16(a1)
-	ld	a_3,24(a1)
-	dmultu	a_0,a_0		/* mul_add_c(a[0],b[0],c1,c2,c3); */
-	mflo	c_1
-	mfhi	c_2
-	sd	c_1,0(a0)
-
-	dmultu	a_0,a_1		/* mul_add_c2(a[0],b[1],c2,c3,c1); */
-	mflo	t_1
-	mfhi	t_2
-	slt	c_1,t_2,zero
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
-	daddu	c_2,t_1
-	sltu	AT,c_2,t_1
-	daddu	c_3,t_2,AT
-	sd	c_2,8(a0)
-
-	dmultu	a_2,a_0		/* mul_add_c2(a[2],b[0],c3,c1,c2); */
-	mflo	t_1
-	mfhi	t_2
-	slt	c_2,t_2,zero
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
-	daddu	c_3,t_1
-	sltu	AT,c_3,t_1
-	daddu	t_2,AT
-	daddu	c_1,t_2
-	sltu	AT,c_1,t_2
-	daddu	c_2,AT
-	dmultu	a_1,a_1		/* mul_add_c(a[1],b[1],c3,c1,c2); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_3,t_1
-	sltu	AT,c_3,t_1
-	daddu	t_2,AT
-	daddu	c_1,t_2
-	sltu	AT,c_1,t_2
-	daddu	c_2,AT
-	sd	c_3,16(a0)
-
-	dmultu	a_0,a_3		/* mul_add_c2(a[0],b[3],c1,c2,c3); */
-	mflo	t_1
-	mfhi	t_2
-	slt	c_3,t_2,zero
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
-	daddu	c_1,t_1
-	sltu	AT,c_1,t_1
-	daddu	t_2,AT
-	daddu	c_2,t_2
-	sltu	AT,c_2,t_2
-	daddu	c_3,AT
-	dmultu	a_1,a_2		/* mul_add_c(a2[1],b[2],c1,c2,c3); */
-	mflo	t_1
-	mfhi	t_2
-	slt	AT,t_2,zero
-	daddu	c_3,AT
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
-	daddu	c_1,t_1
-	sltu	AT,c_1,t_1
-	daddu	t_2,AT
-	daddu	c_2,t_2
-	sltu	AT,c_2,t_2
-	daddu	c_3,AT
-	sd	c_1,24(a0)
-
-	dmultu	a_3,a_1		/* mul_add_c2(a[3],b[1],c2,c3,c1); */
-	mflo	t_1
-	mfhi	t_2
-	slt	c_1,t_2,zero
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
-	daddu	c_2,t_1
-	sltu	AT,c_2,t_1
-	daddu	t_2,AT
-	daddu	c_3,t_2
-	sltu	AT,c_3,t_2
-	daddu	c_1,AT
-	dmultu	a_2,a_2		/* mul_add_c(a[2],b[2],c2,c3,c1); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_2,t_1
-	sltu	AT,c_2,t_1
-	daddu	t_2,AT
-	daddu	c_3,t_2
-	sltu	AT,c_3,t_2
-	daddu	c_1,AT
-	sd	c_2,32(a0)
-
-	dmultu	a_2,a_3		/* mul_add_c2(a[2],b[3],c3,c1,c2); */
-	mflo	t_1
-	mfhi	t_2
-	slt	c_2,t_2,zero
-	dsll	t_2,1
-	slt	a2,t_1,zero
-	daddu	t_2,a2
-	dsll	t_1,1
-	daddu	c_3,t_1
-	sltu	AT,c_3,t_1
-	daddu	t_2,AT
-	daddu	c_1,t_2
-	sltu	AT,c_1,t_2
-	daddu	c_2,AT
-	sd	c_3,40(a0)
-
-	dmultu	a_3,a_3		/* mul_add_c(a[3],b[3],c1,c2,c3); */
-	mflo	t_1
-	mfhi	t_2
-	daddu	c_1,t_1
-	sltu	AT,c_1,t_1
-	daddu	t_2,AT
-	daddu	c_2,t_2
-	sd	c_1,48(a0)
-	sd	c_2,56(a0)
-
-	jr	ra
-END(bn_sqr_comba4)
diff --git a/crypto/bn/asm/pa-risc2.s b/crypto/bn/asm/pa-risc2.s
deleted file mode 100644
index f3b16290..00000000
--- a/crypto/bn/asm/pa-risc2.s
+++ /dev/null
@@ -1,1618 +0,0 @@
-;
-; PA-RISC 2.0 implementation of bn_asm code, based on the
-; 64-bit version of the code.  This code is effectively the
-; same as the 64-bit version except the register model is
-; slightly different given all values must be 32-bit between
-; function calls.  Thus the 64-bit return values are returned
-; in %ret0 and %ret1 vs just %ret0 as is done in 64-bit
-;
-;
-; This code is approximately 2x faster than the C version
-; for RSA/DSA.
-;
-; See http://devresource.hp.com/  for more details on the PA-RISC
-; architecture.  Also see the book "PA-RISC 2.0 Architecture"
-; by Gerry Kane for information on the instruction set architecture.
-;
-; Code written by Chris Ruemmler (with some help from the HP C
-; compiler).
-;
-; The code compiles with HP's assembler
-;
-
-	.level	2.0N
-	.space	$TEXT$
-	.subspa	$CODE$,QUAD=0,ALIGN=8,ACCESS=0x2c,CODE_ONLY
-
-;
-; Global Register definitions used for the routines.
-;
-; Some information about HP's runtime architecture for 32-bits.
-;
-; "Caller save" means the calling function must save the register
-; if it wants the register to be preserved.
-; "Callee save" means if a function uses the register, it must save
-; the value before using it.
-;
-; For the floating point registers 
-;
-;    "caller save" registers: fr4-fr11, fr22-fr31
-;    "callee save" registers: fr12-fr21
-;    "special" registers: fr0-fr3 (status and exception registers)
-;
-; For the integer registers
-;     value zero             :  r0
-;     "caller save" registers: r1,r19-r26
-;     "callee save" registers: r3-r18
-;     return register        :  r2  (rp)
-;     return values          ; r28,r29  (ret0,ret1)
-;     Stack pointer          ; r30  (sp) 
-;     millicode return ptr   ; r31  (also a caller save register)
-
-
-;
-; Arguments to the routines
-;
-r_ptr       .reg %r26
-a_ptr       .reg %r25
-b_ptr       .reg %r24
-num         .reg %r24
-n           .reg %r23
-
-;
-; Note that the "w" argument for bn_mul_add_words and bn_mul_words
-; is passed on the stack at a delta of -56 from the top of stack
-; as the routine is entered.
-;
-
-;
-; Globals used in some routines
-;
-
-top_overflow .reg %r23
-high_mask    .reg %r22    ; value 0xffffffff80000000L
-
-
-;------------------------------------------------------------------------------
-;
-; bn_mul_add_words
-;
-;BN_ULONG bn_mul_add_words(BN_ULONG *r_ptr, BN_ULONG *a_ptr, 
-;								int num, BN_ULONG w)
-;
-; arg0 = r_ptr
-; arg1 = a_ptr
-; arg3 = num
-; -56(sp) =  w
-;
-; Local register definitions
-;
-
-fm1          .reg %fr22
-fm           .reg %fr23
-ht_temp      .reg %fr24
-ht_temp_1    .reg %fr25
-lt_temp      .reg %fr26
-lt_temp_1    .reg %fr27
-fm1_1        .reg %fr28
-fm_1         .reg %fr29
-
-fw_h         .reg %fr7L
-fw_l         .reg %fr7R
-fw           .reg %fr7
-
-fht_0        .reg %fr8L
-flt_0        .reg %fr8R
-t_float_0    .reg %fr8
-
-fht_1        .reg %fr9L
-flt_1        .reg %fr9R
-t_float_1    .reg %fr9
-
-tmp_0        .reg %r31
-tmp_1        .reg %r21
-m_0          .reg %r20 
-m_1          .reg %r19 
-ht_0         .reg %r1  
-ht_1         .reg %r3
-lt_0         .reg %r4
-lt_1         .reg %r5
-m1_0         .reg %r6 
-m1_1         .reg %r7 
-rp_val       .reg %r8
-rp_val_1     .reg %r9
-
-bn_mul_add_words
-	.export	bn_mul_add_words,entry,NO_RELOCATION,LONG_RETURN
-	.proc
-	.callinfo frame=128
-    .entry
-	.align 64
-
-    STD     %r3,0(%sp)          ; save r3  
-    STD     %r4,8(%sp)          ; save r4  
-	NOP                         ; Needed to make the loop 16-byte aligned
-	NOP                         ; needed to make the loop 16-byte aligned
-
-    STD     %r5,16(%sp)         ; save r5  
-	NOP
-    STD     %r6,24(%sp)         ; save r6  
-    STD     %r7,32(%sp)         ; save r7  
-
-    STD     %r8,40(%sp)         ; save r8  
-    STD     %r9,48(%sp)         ; save r9  
-    COPY    %r0,%ret1           ; return 0 by default
-    DEPDI,Z 1,31,1,top_overflow ; top_overflow = 1 << 32    
-
-    CMPIB,>= 0,num,bn_mul_add_words_exit  ; if (num <= 0) then exit
-	LDO     128(%sp),%sp        ; bump stack
-
-	;
-	; The loop is unrolled twice, so if there is only 1 number
-    ; then go straight to the cleanup code.
-	;
-	CMPIB,= 1,num,bn_mul_add_words_single_top
-	FLDD    -184(%sp),fw        ; (-56-128) load up w into fw (fw_h/fw_l)
-
-	;
-	; This loop is unrolled 2 times (64-byte aligned as well)
-	;
-	; PA-RISC 2.0 chips have two fully pipelined multipliers, thus
-    ; two 32-bit mutiplies can be issued per cycle.
-    ; 
-bn_mul_add_words_unroll2
-
-    FLDD    0(a_ptr),t_float_0       ; load up 64-bit value (fr8L) ht(L)/lt(R)
-    FLDD    8(a_ptr),t_float_1       ; load up 64-bit value (fr8L) ht(L)/lt(R)
-    LDD     0(r_ptr),rp_val          ; rp[0]
-    LDD     8(r_ptr),rp_val_1        ; rp[1]
-
-    XMPYU   fht_0,fw_l,fm1           ; m1[0] = fht_0*fw_l
-    XMPYU   fht_1,fw_l,fm1_1         ; m1[1] = fht_1*fw_l
-    FSTD    fm1,-16(%sp)             ; -16(sp) = m1[0]
-    FSTD    fm1_1,-48(%sp)           ; -48(sp) = m1[1]
-
-    XMPYU   flt_0,fw_h,fm            ; m[0] = flt_0*fw_h
-    XMPYU   flt_1,fw_h,fm_1          ; m[1] = flt_1*fw_h
-    FSTD    fm,-8(%sp)               ; -8(sp) = m[0]
-    FSTD    fm_1,-40(%sp)            ; -40(sp) = m[1]
-
-    XMPYU   fht_0,fw_h,ht_temp       ; ht_temp   = fht_0*fw_h
-    XMPYU   fht_1,fw_h,ht_temp_1     ; ht_temp_1 = fht_1*fw_h
-    FSTD    ht_temp,-24(%sp)         ; -24(sp)   = ht_temp
-    FSTD    ht_temp_1,-56(%sp)       ; -56(sp)   = ht_temp_1
-
-    XMPYU   flt_0,fw_l,lt_temp       ; lt_temp = lt*fw_l
-    XMPYU   flt_1,fw_l,lt_temp_1     ; lt_temp = lt*fw_l
-    FSTD    lt_temp,-32(%sp)         ; -32(sp) = lt_temp 
-    FSTD    lt_temp_1,-64(%sp)       ; -64(sp) = lt_temp_1 
-
-    LDD     -8(%sp),m_0              ; m[0] 
-    LDD     -40(%sp),m_1             ; m[1]
-    LDD     -16(%sp),m1_0            ; m1[0]
-    LDD     -48(%sp),m1_1            ; m1[1]
-
-    LDD     -24(%sp),ht_0            ; ht[0]
-    LDD     -56(%sp),ht_1            ; ht[1]
-    ADD,L   m1_0,m_0,tmp_0           ; tmp_0 = m[0] + m1[0]; 
-    ADD,L   m1_1,m_1,tmp_1           ; tmp_1 = m[1] + m1[1]; 
-
-    LDD     -32(%sp),lt_0            
-    LDD     -64(%sp),lt_1            
-    CMPCLR,*>>= tmp_0,m1_0, %r0      ; if (m[0] < m1[0])
-    ADD,L   ht_0,top_overflow,ht_0   ; ht[0] += (1<<32)
-
-    CMPCLR,*>>= tmp_1,m1_1,%r0       ; if (m[1] < m1[1])
-    ADD,L   ht_1,top_overflow,ht_1   ; ht[1] += (1<<32)
-    EXTRD,U tmp_0,31,32,m_0          ; m[0]>>32  
-    DEPD,Z  tmp_0,31,32,m1_0         ; m1[0] = m[0]<<32 
-
-    EXTRD,U tmp_1,31,32,m_1          ; m[1]>>32  
-    DEPD,Z  tmp_1,31,32,m1_1         ; m1[1] = m[1]<<32 
-    ADD,L   ht_0,m_0,ht_0            ; ht[0]+= (m[0]>>32)
-    ADD,L   ht_1,m_1,ht_1            ; ht[1]+= (m[1]>>32)
-
-    ADD     lt_0,m1_0,lt_0           ; lt[0] = lt[0]+m1[0];
-	ADD,DC  ht_0,%r0,ht_0            ; ht[0]++
-    ADD     lt_1,m1_1,lt_1           ; lt[1] = lt[1]+m1[1];
-    ADD,DC  ht_1,%r0,ht_1            ; ht[1]++
-
-    ADD    %ret1,lt_0,lt_0           ; lt[0] = lt[0] + c;
-	ADD,DC  ht_0,%r0,ht_0            ; ht[0]++
-    ADD     lt_0,rp_val,lt_0         ; lt[0] = lt[0]+rp[0]
-    ADD,DC  ht_0,%r0,ht_0            ; ht[0]++
-
-	LDO    -2(num),num               ; num = num - 2;
-    ADD     ht_0,lt_1,lt_1           ; lt[1] = lt[1] + ht_0 (c);
-    ADD,DC  ht_1,%r0,ht_1            ; ht[1]++
-    STD     lt_0,0(r_ptr)            ; rp[0] = lt[0]
-
-    ADD     lt_1,rp_val_1,lt_1       ; lt[1] = lt[1]+rp[1]
-    ADD,DC  ht_1,%r0,%ret1           ; ht[1]++
-    LDO     16(a_ptr),a_ptr          ; a_ptr += 2
-
-    STD     lt_1,8(r_ptr)            ; rp[1] = lt[1]
-	CMPIB,<= 2,num,bn_mul_add_words_unroll2 ; go again if more to do
-    LDO     16(r_ptr),r_ptr          ; r_ptr += 2
-
-    CMPIB,=,N 0,num,bn_mul_add_words_exit ; are we done, or cleanup last one
-
-	;
-	; Top of loop aligned on 64-byte boundary
-	;
-bn_mul_add_words_single_top
-    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
-    LDD     0(r_ptr),rp_val           ; rp[0]
-    LDO     8(a_ptr),a_ptr            ; a_ptr++
-    XMPYU   fht_0,fw_l,fm1            ; m1 = ht*fw_l
-    FSTD    fm1,-16(%sp)              ; -16(sp) = m1
-    XMPYU   flt_0,fw_h,fm             ; m = lt*fw_h
-    FSTD    fm,-8(%sp)                ; -8(sp) = m
-    XMPYU   fht_0,fw_h,ht_temp        ; ht_temp = ht*fw_h
-    FSTD    ht_temp,-24(%sp)          ; -24(sp) = ht
-    XMPYU   flt_0,fw_l,lt_temp        ; lt_temp = lt*fw_l
-    FSTD    lt_temp,-32(%sp)          ; -32(sp) = lt 
-
-    LDD     -8(%sp),m_0               
-    LDD    -16(%sp),m1_0              ; m1 = temp1 
-    ADD,L   m_0,m1_0,tmp_0            ; tmp_0 = m + m1; 
-    LDD     -24(%sp),ht_0             
-    LDD     -32(%sp),lt_0             
-
-    CMPCLR,*>>= tmp_0,m1_0,%r0        ; if (m < m1)
-    ADD,L   ht_0,top_overflow,ht_0    ; ht += (1<<32)
-
-    EXTRD,U tmp_0,31,32,m_0           ; m>>32  
-    DEPD,Z  tmp_0,31,32,m1_0          ; m1 = m<<32 
-
-    ADD,L   ht_0,m_0,ht_0             ; ht+= (m>>32)
-    ADD     lt_0,m1_0,tmp_0           ; tmp_0 = lt+m1;
-    ADD,DC  ht_0,%r0,ht_0             ; ht++
-    ADD     %ret1,tmp_0,lt_0          ; lt = lt + c;
-    ADD,DC  ht_0,%r0,ht_0             ; ht++
-    ADD     lt_0,rp_val,lt_0          ; lt = lt+rp[0]
-    ADD,DC  ht_0,%r0,%ret1            ; ht++
-    STD     lt_0,0(r_ptr)             ; rp[0] = lt
-
-bn_mul_add_words_exit
-    .EXIT
-	
-    EXTRD,U %ret1,31,32,%ret0         ; for 32-bit, return in ret0/ret1
-    LDD     -80(%sp),%r9              ; restore r9  
-    LDD     -88(%sp),%r8              ; restore r8  
-    LDD     -96(%sp),%r7              ; restore r7  
-    LDD     -104(%sp),%r6             ; restore r6  
-    LDD     -112(%sp),%r5             ; restore r5  
-    LDD     -120(%sp),%r4             ; restore r4  
-    BVE     (%rp)
-    LDD,MB  -128(%sp),%r3             ; restore r3
-	.PROCEND	;in=23,24,25,26,29;out=28;
-
-;----------------------------------------------------------------------------
-;
-;BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
-;
-; arg0 = rp
-; arg1 = ap
-; arg3 = num
-; w on stack at -56(sp)
-
-bn_mul_words
-	.proc
-	.callinfo frame=128
-    .entry
-	.EXPORT	bn_mul_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-	.align 64
-
-    STD     %r3,0(%sp)          ; save r3  
-    STD     %r4,8(%sp)          ; save r4  
-	NOP
-    STD     %r5,16(%sp)         ; save r5  
-
-    STD     %r6,24(%sp)         ; save r6  
-    STD     %r7,32(%sp)         ; save r7  
-    COPY    %r0,%ret1           ; return 0 by default
-    DEPDI,Z 1,31,1,top_overflow ; top_overflow = 1 << 32    
-
-    CMPIB,>= 0,num,bn_mul_words_exit
-	LDO     128(%sp),%sp    ; bump stack
-
-	;
-	; See if only 1 word to do, thus just do cleanup
-	;
-	CMPIB,= 1,num,bn_mul_words_single_top
-	FLDD    -184(%sp),fw        ; (-56-128) load up w into fw (fw_h/fw_l)
-
-	;
-	; This loop is unrolled 2 times (64-byte aligned as well)
-	;
-	; PA-RISC 2.0 chips have two fully pipelined multipliers, thus
-    ; two 32-bit mutiplies can be issued per cycle.
-    ; 
-bn_mul_words_unroll2
-
-    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
-    FLDD    8(a_ptr),t_float_1        ; load up 64-bit value (fr8L) ht(L)/lt(R)
-    XMPYU   fht_0,fw_l,fm1            ; m1[0] = fht_0*fw_l
-    XMPYU   fht_1,fw_l,fm1_1          ; m1[1] = ht*fw_l
-
-    FSTD    fm1,-16(%sp)              ; -16(sp) = m1
-    FSTD    fm1_1,-48(%sp)            ; -48(sp) = m1
-    XMPYU   flt_0,fw_h,fm             ; m = lt*fw_h
-    XMPYU   flt_1,fw_h,fm_1           ; m = lt*fw_h
-
-    FSTD    fm,-8(%sp)                ; -8(sp) = m
-    FSTD    fm_1,-40(%sp)             ; -40(sp) = m
-    XMPYU   fht_0,fw_h,ht_temp        ; ht_temp = fht_0*fw_h
-    XMPYU   fht_1,fw_h,ht_temp_1      ; ht_temp = ht*fw_h
-
-    FSTD    ht_temp,-24(%sp)          ; -24(sp) = ht
-    FSTD    ht_temp_1,-56(%sp)        ; -56(sp) = ht
-    XMPYU   flt_0,fw_l,lt_temp        ; lt_temp = lt*fw_l
-    XMPYU   flt_1,fw_l,lt_temp_1      ; lt_temp = lt*fw_l
-
-    FSTD    lt_temp,-32(%sp)          ; -32(sp) = lt 
-    FSTD    lt_temp_1,-64(%sp)        ; -64(sp) = lt 
-    LDD     -8(%sp),m_0               
-    LDD     -40(%sp),m_1              
-
-    LDD    -16(%sp),m1_0              
-    LDD    -48(%sp),m1_1              
-    LDD     -24(%sp),ht_0             
-    LDD     -56(%sp),ht_1             
-
-    ADD,L   m1_0,m_0,tmp_0            ; tmp_0 = m + m1; 
-    ADD,L   m1_1,m_1,tmp_1            ; tmp_1 = m + m1; 
-    LDD     -32(%sp),lt_0             
-    LDD     -64(%sp),lt_1             
-
-    CMPCLR,*>>= tmp_0,m1_0, %r0       ; if (m < m1)
-    ADD,L   ht_0,top_overflow,ht_0    ; ht += (1<<32)
-    CMPCLR,*>>= tmp_1,m1_1,%r0        ; if (m < m1)
-    ADD,L   ht_1,top_overflow,ht_1    ; ht += (1<<32)
-
-    EXTRD,U tmp_0,31,32,m_0           ; m>>32  
-    DEPD,Z  tmp_0,31,32,m1_0          ; m1 = m<<32 
-    EXTRD,U tmp_1,31,32,m_1           ; m>>32  
-    DEPD,Z  tmp_1,31,32,m1_1          ; m1 = m<<32 
-
-    ADD,L   ht_0,m_0,ht_0             ; ht+= (m>>32)
-    ADD,L   ht_1,m_1,ht_1             ; ht+= (m>>32)
-    ADD     lt_0,m1_0,lt_0            ; lt = lt+m1;
-	ADD,DC  ht_0,%r0,ht_0             ; ht++
-
-    ADD     lt_1,m1_1,lt_1            ; lt = lt+m1;
-    ADD,DC  ht_1,%r0,ht_1             ; ht++
-    ADD    %ret1,lt_0,lt_0            ; lt = lt + c (ret1);
-	ADD,DC  ht_0,%r0,ht_0             ; ht++
-
-    ADD     ht_0,lt_1,lt_1            ; lt = lt + c (ht_0)
-    ADD,DC  ht_1,%r0,ht_1             ; ht++
-    STD     lt_0,0(r_ptr)             ; rp[0] = lt
-    STD     lt_1,8(r_ptr)             ; rp[1] = lt
-
-	COPY    ht_1,%ret1                ; carry = ht
-	LDO    -2(num),num                ; num = num - 2;
-    LDO     16(a_ptr),a_ptr           ; ap += 2
-	CMPIB,<= 2,num,bn_mul_words_unroll2
-    LDO     16(r_ptr),r_ptr           ; rp++
-
-    CMPIB,=,N 0,num,bn_mul_words_exit ; are we done?
-
-	;
-	; Top of loop aligned on 64-byte boundary
-	;
-bn_mul_words_single_top
-    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
-
-    XMPYU   fht_0,fw_l,fm1            ; m1 = ht*fw_l
-    FSTD    fm1,-16(%sp)              ; -16(sp) = m1
-    XMPYU   flt_0,fw_h,fm             ; m = lt*fw_h
-    FSTD    fm,-8(%sp)                ; -8(sp) = m
-    XMPYU   fht_0,fw_h,ht_temp        ; ht_temp = ht*fw_h
-    FSTD    ht_temp,-24(%sp)          ; -24(sp) = ht
-    XMPYU   flt_0,fw_l,lt_temp        ; lt_temp = lt*fw_l
-    FSTD    lt_temp,-32(%sp)          ; -32(sp) = lt 
-
-    LDD     -8(%sp),m_0               
-    LDD    -16(%sp),m1_0              
-    ADD,L   m_0,m1_0,tmp_0            ; tmp_0 = m + m1; 
-    LDD     -24(%sp),ht_0             
-    LDD     -32(%sp),lt_0             
-
-    CMPCLR,*>>= tmp_0,m1_0,%r0        ; if (m < m1)
-    ADD,L   ht_0,top_overflow,ht_0    ; ht += (1<<32)
-
-    EXTRD,U tmp_0,31,32,m_0           ; m>>32  
-    DEPD,Z  tmp_0,31,32,m1_0          ; m1 = m<<32 
-
-    ADD,L   ht_0,m_0,ht_0             ; ht+= (m>>32)
-    ADD     lt_0,m1_0,lt_0            ; lt= lt+m1;
-    ADD,DC  ht_0,%r0,ht_0             ; ht++
-
-    ADD     %ret1,lt_0,lt_0           ; lt = lt + c;
-    ADD,DC  ht_0,%r0,ht_0             ; ht++
-
-    COPY    ht_0,%ret1                ; copy carry
-    STD     lt_0,0(r_ptr)             ; rp[0] = lt
-
-bn_mul_words_exit
-    .EXIT
-    EXTRD,U %ret1,31,32,%ret0           ; for 32-bit, return in ret0/ret1
-    LDD     -96(%sp),%r7              ; restore r7  
-    LDD     -104(%sp),%r6             ; restore r6  
-    LDD     -112(%sp),%r5             ; restore r5  
-    LDD     -120(%sp),%r4             ; restore r4  
-    BVE     (%rp)
-    LDD,MB  -128(%sp),%r3             ; restore r3
-	.PROCEND	
-
-;----------------------------------------------------------------------------
-;
-;void bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num)
-;
-; arg0 = rp
-; arg1 = ap
-; arg2 = num
-;
-
-bn_sqr_words
-	.proc
-	.callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
-	.EXPORT	bn_sqr_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-    .entry
-	.align 64
-
-    STD     %r3,0(%sp)          ; save r3  
-    STD     %r4,8(%sp)          ; save r4  
-	NOP
-    STD     %r5,16(%sp)         ; save r5  
-
-    CMPIB,>= 0,num,bn_sqr_words_exit
-	LDO     128(%sp),%sp       ; bump stack
-
-	;
-	; If only 1, the goto straight to cleanup
-	;
-	CMPIB,= 1,num,bn_sqr_words_single_top
-    DEPDI,Z -1,32,33,high_mask   ; Create Mask 0xffffffff80000000L
-
-	;
-	; This loop is unrolled 2 times (64-byte aligned as well)
-	;
-
-bn_sqr_words_unroll2
-    FLDD    0(a_ptr),t_float_0        ; a[0]
-    FLDD    8(a_ptr),t_float_1        ; a[1]
-    XMPYU   fht_0,flt_0,fm            ; m[0]
-    XMPYU   fht_1,flt_1,fm_1          ; m[1]
-
-    FSTD    fm,-24(%sp)               ; store m[0]
-    FSTD    fm_1,-56(%sp)             ; store m[1]
-    XMPYU   flt_0,flt_0,lt_temp       ; lt[0]
-    XMPYU   flt_1,flt_1,lt_temp_1     ; lt[1]
-
-    FSTD    lt_temp,-16(%sp)          ; store lt[0]
-    FSTD    lt_temp_1,-48(%sp)        ; store lt[1]
-    XMPYU   fht_0,fht_0,ht_temp       ; ht[0]
-    XMPYU   fht_1,fht_1,ht_temp_1     ; ht[1]
-
-    FSTD    ht_temp,-8(%sp)           ; store ht[0]
-    FSTD    ht_temp_1,-40(%sp)        ; store ht[1]
-    LDD     -24(%sp),m_0             
-    LDD     -56(%sp),m_1              
-
-    AND     m_0,high_mask,tmp_0       ; m[0] & Mask
-    AND     m_1,high_mask,tmp_1       ; m[1] & Mask
-    DEPD,Z  m_0,30,31,m_0             ; m[0] << 32+1
-    DEPD,Z  m_1,30,31,m_1             ; m[1] << 32+1
-
-    LDD     -16(%sp),lt_0        
-    LDD     -48(%sp),lt_1        
-    EXTRD,U tmp_0,32,33,tmp_0         ; tmp_0 = m[0]&Mask >> 32-1
-    EXTRD,U tmp_1,32,33,tmp_1         ; tmp_1 = m[1]&Mask >> 32-1
-
-    LDD     -8(%sp),ht_0            
-    LDD     -40(%sp),ht_1           
-    ADD,L   ht_0,tmp_0,ht_0           ; ht[0] += tmp_0
-    ADD,L   ht_1,tmp_1,ht_1           ; ht[1] += tmp_1
-
-    ADD     lt_0,m_0,lt_0             ; lt = lt+m
-    ADD,DC  ht_0,%r0,ht_0             ; ht[0]++
-    STD     lt_0,0(r_ptr)             ; rp[0] = lt[0]
-    STD     ht_0,8(r_ptr)             ; rp[1] = ht[1]
-
-    ADD     lt_1,m_1,lt_1             ; lt = lt+m
-    ADD,DC  ht_1,%r0,ht_1             ; ht[1]++
-    STD     lt_1,16(r_ptr)            ; rp[2] = lt[1]
-    STD     ht_1,24(r_ptr)            ; rp[3] = ht[1]
-
-	LDO    -2(num),num                ; num = num - 2;
-    LDO     16(a_ptr),a_ptr           ; ap += 2
-	CMPIB,<= 2,num,bn_sqr_words_unroll2
-    LDO     32(r_ptr),r_ptr           ; rp += 4
-
-    CMPIB,=,N 0,num,bn_sqr_words_exit ; are we done?
-
-	;
-	; Top of loop aligned on 64-byte boundary
-	;
-bn_sqr_words_single_top
-    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
-
-    XMPYU   fht_0,flt_0,fm            ; m
-    FSTD    fm,-24(%sp)               ; store m
-
-    XMPYU   flt_0,flt_0,lt_temp       ; lt
-    FSTD    lt_temp,-16(%sp)          ; store lt
-
-    XMPYU   fht_0,fht_0,ht_temp       ; ht
-    FSTD    ht_temp,-8(%sp)           ; store ht
-
-    LDD     -24(%sp),m_0              ; load m
-    AND     m_0,high_mask,tmp_0       ; m & Mask
-    DEPD,Z  m_0,30,31,m_0             ; m << 32+1
-    LDD     -16(%sp),lt_0             ; lt
-
-    LDD     -8(%sp),ht_0              ; ht
-    EXTRD,U tmp_0,32,33,tmp_0         ; tmp_0 = m&Mask >> 32-1
-    ADD     m_0,lt_0,lt_0             ; lt = lt+m
-    ADD,L   ht_0,tmp_0,ht_0           ; ht += tmp_0
-    ADD,DC  ht_0,%r0,ht_0             ; ht++
-
-    STD     lt_0,0(r_ptr)             ; rp[0] = lt
-    STD     ht_0,8(r_ptr)             ; rp[1] = ht
-
-bn_sqr_words_exit
-    .EXIT
-    LDD     -112(%sp),%r5       ; restore r5  
-    LDD     -120(%sp),%r4       ; restore r4  
-    BVE     (%rp)
-    LDD,MB  -128(%sp),%r3 
-	.PROCEND	;in=23,24,25,26,29;out=28;
-
-
-;----------------------------------------------------------------------------
-;
-;BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
-;
-; arg0 = rp 
-; arg1 = ap
-; arg2 = bp 
-; arg3 = n
-
-t  .reg %r22
-b  .reg %r21
-l  .reg %r20
-
-bn_add_words
-	.proc
-    .entry
-	.callinfo
-	.EXPORT	bn_add_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-	.align 64
-
-    CMPIB,>= 0,n,bn_add_words_exit
-    COPY    %r0,%ret1           ; return 0 by default
-
-	;
-	; If 2 or more numbers do the loop
-	;
-	CMPIB,= 1,n,bn_add_words_single_top
-	NOP
-
-	;
-	; This loop is unrolled 2 times (64-byte aligned as well)
-	;
-bn_add_words_unroll2
-	LDD     0(a_ptr),t
-	LDD     0(b_ptr),b
-	ADD     t,%ret1,t                    ; t = t+c;
-	ADD,DC  %r0,%r0,%ret1                ; set c to carry
-	ADD     t,b,l                        ; l = t + b[0]
-	ADD,DC  %ret1,%r0,%ret1              ; c+= carry
-	STD     l,0(r_ptr)
-
-	LDD     8(a_ptr),t
-	LDD     8(b_ptr),b
-	ADD     t,%ret1,t                     ; t = t+c;
-	ADD,DC  %r0,%r0,%ret1                 ; set c to carry
-	ADD     t,b,l                         ; l = t + b[0]
-	ADD,DC  %ret1,%r0,%ret1               ; c+= carry
-	STD     l,8(r_ptr)
-
-	LDO     -2(n),n
-	LDO     16(a_ptr),a_ptr
-	LDO     16(b_ptr),b_ptr
-
-	CMPIB,<= 2,n,bn_add_words_unroll2
-	LDO     16(r_ptr),r_ptr
-
-    CMPIB,=,N 0,n,bn_add_words_exit ; are we done?
-
-bn_add_words_single_top
-	LDD     0(a_ptr),t
-	LDD     0(b_ptr),b
-
-	ADD     t,%ret1,t                 ; t = t+c;
-	ADD,DC  %r0,%r0,%ret1             ; set c to carry (could use CMPCLR??)
-	ADD     t,b,l                     ; l = t + b[0]
-	ADD,DC  %ret1,%r0,%ret1           ; c+= carry
-	STD     l,0(r_ptr)
-
-bn_add_words_exit
-    .EXIT
-    BVE     (%rp)
-    EXTRD,U %ret1,31,32,%ret0           ; for 32-bit, return in ret0/ret1
-	.PROCEND	;in=23,24,25,26,29;out=28;
-
-;----------------------------------------------------------------------------
-;
-;BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
-;
-; arg0 = rp 
-; arg1 = ap
-; arg2 = bp 
-; arg3 = n
-
-t1       .reg %r22
-t2       .reg %r21
-sub_tmp1 .reg %r20
-sub_tmp2 .reg %r19
-
-
-bn_sub_words
-	.proc
-	.callinfo 
-	.EXPORT	bn_sub_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-    .entry
-	.align 64
-
-    CMPIB,>=  0,n,bn_sub_words_exit
-    COPY    %r0,%ret1           ; return 0 by default
-
-	;
-	; If 2 or more numbers do the loop
-	;
-	CMPIB,= 1,n,bn_sub_words_single_top
-	NOP
-
-	;
-	; This loop is unrolled 2 times (64-byte aligned as well)
-	;
-bn_sub_words_unroll2
-	LDD     0(a_ptr),t1
-	LDD     0(b_ptr),t2
-	SUB     t1,t2,sub_tmp1           ; t3 = t1-t2; 
-	SUB     sub_tmp1,%ret1,sub_tmp1  ; t3 = t3- c; 
-
-	CMPCLR,*>> t1,t2,sub_tmp2        ; clear if t1 > t2
-	LDO      1(%r0),sub_tmp2
-	
-	CMPCLR,*= t1,t2,%r0
-	COPY    sub_tmp2,%ret1
-	STD     sub_tmp1,0(r_ptr)
-
-	LDD     8(a_ptr),t1
-	LDD     8(b_ptr),t2
-	SUB     t1,t2,sub_tmp1            ; t3 = t1-t2; 
-	SUB     sub_tmp1,%ret1,sub_tmp1   ; t3 = t3- c; 
-	CMPCLR,*>> t1,t2,sub_tmp2         ; clear if t1 > t2
-	LDO      1(%r0),sub_tmp2
-	
-	CMPCLR,*= t1,t2,%r0
-	COPY    sub_tmp2,%ret1
-	STD     sub_tmp1,8(r_ptr)
-
-	LDO     -2(n),n
-	LDO     16(a_ptr),a_ptr
-	LDO     16(b_ptr),b_ptr
-
-	CMPIB,<= 2,n,bn_sub_words_unroll2
-	LDO     16(r_ptr),r_ptr
-
-    CMPIB,=,N 0,n,bn_sub_words_exit ; are we done?
-
-bn_sub_words_single_top
-	LDD     0(a_ptr),t1
-	LDD     0(b_ptr),t2
-	SUB     t1,t2,sub_tmp1            ; t3 = t1-t2; 
-	SUB     sub_tmp1,%ret1,sub_tmp1   ; t3 = t3- c; 
-	CMPCLR,*>> t1,t2,sub_tmp2         ; clear if t1 > t2
-	LDO      1(%r0),sub_tmp2
-	
-	CMPCLR,*= t1,t2,%r0
-	COPY    sub_tmp2,%ret1
-
-	STD     sub_tmp1,0(r_ptr)
-
-bn_sub_words_exit
-    .EXIT
-    BVE     (%rp)
-    EXTRD,U %ret1,31,32,%ret0           ; for 32-bit, return in ret0/ret1
-	.PROCEND	;in=23,24,25,26,29;out=28;
-
-;------------------------------------------------------------------------------
-;
-; unsigned long bn_div_words(unsigned long h, unsigned long l, unsigned long d)
-;
-; arg0 = h
-; arg1 = l
-; arg2 = d
-;
-; This is mainly just output from the HP C compiler.  
-;
-;------------------------------------------------------------------------------
-bn_div_words
-	.PROC
-	.EXPORT	bn_div_words,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR,RTNVAL=GR,LONG_RETURN
-	.IMPORT	BN_num_bits_word,CODE
-	;--- not PIC	.IMPORT	__iob,DATA
-	;--- not PIC	.IMPORT	fprintf,CODE
-	.IMPORT	abort,CODE
-	.IMPORT	$$div2U,MILLICODE
-	.CALLINFO CALLER,FRAME=144,ENTRY_GR=%r9,SAVE_RP,ARGS_SAVED,ORDERING_AWARE
-        .ENTRY
-        STW     %r2,-20(%r30)   ;offset 0x8ec
-        STW,MA  %r3,192(%r30)   ;offset 0x8f0
-        STW     %r4,-188(%r30)  ;offset 0x8f4
-        DEPD    %r5,31,32,%r6   ;offset 0x8f8
-        STD     %r6,-184(%r30)  ;offset 0x8fc
-        DEPD    %r7,31,32,%r8   ;offset 0x900
-        STD     %r8,-176(%r30)  ;offset 0x904
-        STW     %r9,-168(%r30)  ;offset 0x908
-        LDD     -248(%r30),%r3  ;offset 0x90c
-        COPY    %r26,%r4        ;offset 0x910
-        COPY    %r24,%r5        ;offset 0x914
-        DEPD    %r25,31,32,%r4  ;offset 0x918
-        CMPB,*<>        %r3,%r0,$0006000C       ;offset 0x91c
-        DEPD    %r23,31,32,%r5  ;offset 0x920
-        MOVIB,TR        -1,%r29,$00060002       ;offset 0x924
-        EXTRD,U %r29,31,32,%r28 ;offset 0x928
-$0006002A
-        LDO     -1(%r29),%r29   ;offset 0x92c
-        SUB     %r23,%r7,%r23   ;offset 0x930
-$00060024
-        SUB     %r4,%r31,%r25   ;offset 0x934
-        AND     %r25,%r19,%r26  ;offset 0x938
-        CMPB,*<>,N      %r0,%r26,$00060046      ;offset 0x93c
-        DEPD,Z  %r25,31,32,%r20 ;offset 0x940
-        OR      %r20,%r24,%r21  ;offset 0x944
-        CMPB,*<<,N      %r21,%r23,$0006002A     ;offset 0x948
-        SUB     %r31,%r2,%r31   ;offset 0x94c
-$00060046
-$0006002E
-        DEPD,Z  %r23,31,32,%r25 ;offset 0x950
-        EXTRD,U %r23,31,32,%r26 ;offset 0x954
-        AND     %r25,%r19,%r24  ;offset 0x958
-        ADD,L   %r31,%r26,%r31  ;offset 0x95c
-        CMPCLR,*>>=     %r5,%r24,%r0    ;offset 0x960
-        LDO     1(%r31),%r31    ;offset 0x964
-$00060032
-        CMPB,*<<=,N     %r31,%r4,$00060036      ;offset 0x968
-        LDO     -1(%r29),%r29   ;offset 0x96c
-        ADD,L   %r4,%r3,%r4     ;offset 0x970
-$00060036
-        ADDIB,=,N       -1,%r8,$D0      ;offset 0x974
-        SUB     %r5,%r24,%r28   ;offset 0x978
-$0006003A
-        SUB     %r4,%r31,%r24   ;offset 0x97c
-        SHRPD   %r24,%r28,32,%r4        ;offset 0x980
-        DEPD,Z  %r29,31,32,%r9  ;offset 0x984
-        DEPD,Z  %r28,31,32,%r5  ;offset 0x988
-$0006001C
-        EXTRD,U %r4,31,32,%r31  ;offset 0x98c
-        CMPB,*<>,N      %r31,%r2,$00060020      ;offset 0x990
-        MOVB,TR %r6,%r29,$D1    ;offset 0x994
-        STD     %r29,-152(%r30) ;offset 0x998
-$0006000C
-        EXTRD,U %r3,31,32,%r25  ;offset 0x99c
-        COPY    %r3,%r26        ;offset 0x9a0
-        EXTRD,U %r3,31,32,%r9   ;offset 0x9a4
-        EXTRD,U %r4,31,32,%r8   ;offset 0x9a8
-        .CALL   ARGW0=GR,ARGW1=GR,RTNVAL=GR     ;in=25,26;out=28;
-        B,L     BN_num_bits_word,%r2    ;offset 0x9ac
-        EXTRD,U %r5,31,32,%r7   ;offset 0x9b0
-        LDI     64,%r20 ;offset 0x9b4
-        DEPD    %r7,31,32,%r5   ;offset 0x9b8
-        DEPD    %r8,31,32,%r4   ;offset 0x9bc
-        DEPD    %r9,31,32,%r3   ;offset 0x9c0
-        CMPB,=  %r28,%r20,$00060012     ;offset 0x9c4
-        COPY    %r28,%r24       ;offset 0x9c8
-        MTSARCM %r24    ;offset 0x9cc
-        DEPDI,Z -1,%sar,1,%r19  ;offset 0x9d0
-        CMPB,*>>,N      %r4,%r19,$D2    ;offset 0x9d4
-$00060012
-        SUBI    64,%r24,%r31    ;offset 0x9d8
-        CMPCLR,*<<      %r4,%r3,%r0     ;offset 0x9dc
-        SUB     %r4,%r3,%r4     ;offset 0x9e0
-$00060016
-        CMPB,=  %r31,%r0,$0006001A      ;offset 0x9e4
-        COPY    %r0,%r9 ;offset 0x9e8
-        MTSARCM %r31    ;offset 0x9ec
-        DEPD,Z  %r3,%sar,64,%r3 ;offset 0x9f0
-        SUBI    64,%r31,%r26    ;offset 0x9f4
-        MTSAR   %r26    ;offset 0x9f8
-        SHRPD   %r4,%r5,%sar,%r4        ;offset 0x9fc
-        MTSARCM %r31    ;offset 0xa00
-        DEPD,Z  %r5,%sar,64,%r5 ;offset 0xa04
-$0006001A
-        DEPDI,Z -1,31,32,%r19   ;offset 0xa08
-        AND     %r3,%r19,%r29   ;offset 0xa0c
-        EXTRD,U %r29,31,32,%r2  ;offset 0xa10
-        DEPDI,Z -1,63,32,%r6    ;offset 0xa14
-        MOVIB,TR        2,%r8,$0006001C ;offset 0xa18
-        EXTRD,U %r3,63,32,%r7   ;offset 0xa1c
-$D2
-        ;--- not PIC	ADDIL   LR'__iob-$global$,%r27,%r1      ;offset 0xa20
-        ;--- not PIC	LDIL    LR'C$7,%r21     ;offset 0xa24
-        ;--- not PIC	LDO     RR'__iob-$global$+32(%r1),%r26  ;offset 0xa28
-        ;--- not PIC	.CALL   ARGW0=GR,ARGW1=GR,ARGW2=GR,RTNVAL=GR    ;in=24,25,26;out=28;
-        ;--- not PIC	B,L     fprintf,%r2     ;offset 0xa2c
-        ;--- not PIC	LDO     RR'C$7(%r21),%r25       ;offset 0xa30
-        .CALL           ;
-        B,L     abort,%r2       ;offset 0xa34
-        NOP             ;offset 0xa38
-        B       $D3     ;offset 0xa3c
-        LDW     -212(%r30),%r2  ;offset 0xa40
-$00060020
-        COPY    %r4,%r26        ;offset 0xa44
-        EXTRD,U %r4,31,32,%r25  ;offset 0xa48
-        COPY    %r2,%r24        ;offset 0xa4c
-        .CALL   ;in=23,24,25,26;out=20,21,22,28,29; (MILLICALL)
-        B,L     $$div2U,%r31    ;offset 0xa50
-        EXTRD,U %r2,31,32,%r23  ;offset 0xa54
-        DEPD    %r28,31,32,%r29 ;offset 0xa58
-$00060022
-        STD     %r29,-152(%r30) ;offset 0xa5c
-$D1
-        AND     %r5,%r19,%r24   ;offset 0xa60
-        EXTRD,U %r24,31,32,%r24 ;offset 0xa64
-        STW     %r2,-160(%r30)  ;offset 0xa68
-        STW     %r7,-128(%r30)  ;offset 0xa6c
-        FLDD    -152(%r30),%fr4 ;offset 0xa70
-        FLDD    -152(%r30),%fr7 ;offset 0xa74
-        FLDW    -160(%r30),%fr8L        ;offset 0xa78
-        FLDW    -128(%r30),%fr5L        ;offset 0xa7c
-        XMPYU   %fr8L,%fr7L,%fr10       ;offset 0xa80
-        FSTD    %fr10,-136(%r30)        ;offset 0xa84
-        XMPYU   %fr8L,%fr7R,%fr22       ;offset 0xa88
-        FSTD    %fr22,-144(%r30)        ;offset 0xa8c
-        XMPYU   %fr5L,%fr4L,%fr11       ;offset 0xa90
-        XMPYU   %fr5L,%fr4R,%fr23       ;offset 0xa94
-        FSTD    %fr11,-112(%r30)        ;offset 0xa98
-        FSTD    %fr23,-120(%r30)        ;offset 0xa9c
-        LDD     -136(%r30),%r28 ;offset 0xaa0
-        DEPD,Z  %r28,31,32,%r31 ;offset 0xaa4
-        LDD     -144(%r30),%r20 ;offset 0xaa8
-        ADD,L   %r20,%r31,%r31  ;offset 0xaac
-        LDD     -112(%r30),%r22 ;offset 0xab0
-        DEPD,Z  %r22,31,32,%r22 ;offset 0xab4
-        LDD     -120(%r30),%r21 ;offset 0xab8
-        B       $00060024       ;offset 0xabc
-        ADD,L   %r21,%r22,%r23  ;offset 0xac0
-$D0
-        OR      %r9,%r29,%r29   ;offset 0xac4
-$00060040
-        EXTRD,U %r29,31,32,%r28 ;offset 0xac8
-$00060002
-$L2
-        LDW     -212(%r30),%r2  ;offset 0xacc
-$D3
-        LDW     -168(%r30),%r9  ;offset 0xad0
-        LDD     -176(%r30),%r8  ;offset 0xad4
-        EXTRD,U %r8,31,32,%r7   ;offset 0xad8
-        LDD     -184(%r30),%r6  ;offset 0xadc
-        EXTRD,U %r6,31,32,%r5   ;offset 0xae0
-        LDW     -188(%r30),%r4  ;offset 0xae4
-        BVE     (%r2)   ;offset 0xae8
-        .EXIT
-        LDW,MB  -192(%r30),%r3  ;offset 0xaec
-	.PROCEND	;in=23,25;out=28,29;fpin=105,107;
-
-
-
-
-;----------------------------------------------------------------------------
-;
-; Registers to hold 64-bit values to manipulate.  The "L" part
-; of the register corresponds to the upper 32-bits, while the "R"
-; part corresponds to the lower 32-bits
-; 
-; Note, that when using b6 and b7, the code must save these before
-; using them because they are callee save registers 
-; 
-;
-; Floating point registers to use to save values that
-; are manipulated.  These don't collide with ftemp1-6 and
-; are all caller save registers
-;
-a0        .reg %fr22
-a0L       .reg %fr22L
-a0R       .reg %fr22R
-
-a1        .reg %fr23
-a1L       .reg %fr23L
-a1R       .reg %fr23R
-
-a2        .reg %fr24
-a2L       .reg %fr24L
-a2R       .reg %fr24R
-
-a3        .reg %fr25
-a3L       .reg %fr25L
-a3R       .reg %fr25R
-
-a4        .reg %fr26
-a4L       .reg %fr26L
-a4R       .reg %fr26R
-
-a5        .reg %fr27
-a5L       .reg %fr27L
-a5R       .reg %fr27R
-
-a6        .reg %fr28
-a6L       .reg %fr28L
-a6R       .reg %fr28R
-
-a7        .reg %fr29
-a7L       .reg %fr29L
-a7R       .reg %fr29R
-
-b0        .reg %fr30
-b0L       .reg %fr30L
-b0R       .reg %fr30R
-
-b1        .reg %fr31
-b1L       .reg %fr31L
-b1R       .reg %fr31R
-
-;
-; Temporary floating point variables, these are all caller save
-; registers
-;
-ftemp1    .reg %fr4
-ftemp2    .reg %fr5
-ftemp3    .reg %fr6
-ftemp4    .reg %fr7
-
-;
-; The B set of registers when used.
-;
-
-b2        .reg %fr8
-b2L       .reg %fr8L
-b2R       .reg %fr8R
-
-b3        .reg %fr9
-b3L       .reg %fr9L
-b3R       .reg %fr9R
-
-b4        .reg %fr10
-b4L       .reg %fr10L
-b4R       .reg %fr10R
-
-b5        .reg %fr11
-b5L       .reg %fr11L
-b5R       .reg %fr11R
-
-b6        .reg %fr12
-b6L       .reg %fr12L
-b6R       .reg %fr12R
-
-b7        .reg %fr13
-b7L       .reg %fr13L
-b7R       .reg %fr13R
-
-c1           .reg %r21   ; only reg
-temp1        .reg %r20   ; only reg
-temp2        .reg %r19   ; only reg
-temp3        .reg %r31   ; only reg
-
-m1           .reg %r28   
-c2           .reg %r23   
-high_one     .reg %r1
-ht           .reg %r6
-lt           .reg %r5
-m            .reg %r4
-c3           .reg %r3
-
-SQR_ADD_C  .macro  A0L,A0R,C1,C2,C3
-    XMPYU   A0L,A0R,ftemp1       ; m
-    FSTD    ftemp1,-24(%sp)      ; store m
-
-    XMPYU   A0R,A0R,ftemp2       ; lt
-    FSTD    ftemp2,-16(%sp)      ; store lt
-
-    XMPYU   A0L,A0L,ftemp3       ; ht
-    FSTD    ftemp3,-8(%sp)       ; store ht
-
-    LDD     -24(%sp),m           ; load m
-    AND     m,high_mask,temp2    ; m & Mask
-    DEPD,Z  m,30,31,temp3        ; m << 32+1
-    LDD     -16(%sp),lt          ; lt
-
-    LDD     -8(%sp),ht           ; ht
-    EXTRD,U temp2,32,33,temp1    ; temp1 = m&Mask >> 32-1
-    ADD     temp3,lt,lt          ; lt = lt+m
-    ADD,L   ht,temp1,ht          ; ht += temp1
-    ADD,DC  ht,%r0,ht            ; ht++
-
-    ADD     C1,lt,C1             ; c1=c1+lt
-    ADD,DC  ht,%r0,ht            ; ht++
-
-    ADD     C2,ht,C2             ; c2=c2+ht
-    ADD,DC  C3,%r0,C3            ; c3++
-.endm
-
-SQR_ADD_C2 .macro  A0L,A0R,A1L,A1R,C1,C2,C3
-    XMPYU   A0L,A1R,ftemp1          ; m1 = bl*ht
-    FSTD    ftemp1,-16(%sp)         ;
-    XMPYU   A0R,A1L,ftemp2          ; m = bh*lt
-    FSTD    ftemp2,-8(%sp)          ;
-    XMPYU   A0R,A1R,ftemp3          ; lt = bl*lt
-    FSTD    ftemp3,-32(%sp)
-    XMPYU   A0L,A1L,ftemp4          ; ht = bh*ht
-    FSTD    ftemp4,-24(%sp)         ;
-
-    LDD     -8(%sp),m               ; r21 = m
-    LDD     -16(%sp),m1             ; r19 = m1
-    ADD,L   m,m1,m                  ; m+m1
-
-    DEPD,Z  m,31,32,temp3           ; (m+m1<<32)
-    LDD     -24(%sp),ht             ; r24 = ht
-
-    CMPCLR,*>>= m,m1,%r0            ; if (m < m1)
-    ADD,L   ht,high_one,ht          ; ht+=high_one
-
-    EXTRD,U m,31,32,temp1           ; m >> 32
-    LDD     -32(%sp),lt             ; lt
-    ADD,L   ht,temp1,ht             ; ht+= m>>32
-    ADD     lt,temp3,lt             ; lt = lt+m1
-    ADD,DC  ht,%r0,ht               ; ht++
-
-    ADD     ht,ht,ht                ; ht=ht+ht;
-    ADD,DC  C3,%r0,C3               ; add in carry (c3++)
-
-    ADD     lt,lt,lt                ; lt=lt+lt;
-    ADD,DC  ht,%r0,ht               ; add in carry (ht++)
-
-    ADD     C1,lt,C1                ; c1=c1+lt
-    ADD,DC,*NUV ht,%r0,ht           ; add in carry (ht++)
-    LDO     1(C3),C3              ; bump c3 if overflow,nullify otherwise
-
-    ADD     C2,ht,C2                ; c2 = c2 + ht
-    ADD,DC  C3,%r0,C3             ; add in carry (c3++)
-.endm
-
-;
-;void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)
-; arg0 = r_ptr
-; arg1 = a_ptr
-;
-
-bn_sqr_comba8
-	.PROC
-	.CALLINFO FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
-	.EXPORT	bn_sqr_comba8,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-    .ENTRY
-	.align 64
-
-    STD     %r3,0(%sp)          ; save r3
-    STD     %r4,8(%sp)          ; save r4
-    STD     %r5,16(%sp)         ; save r5
-    STD     %r6,24(%sp)         ; save r6
-
-	;
-	; Zero out carries
-	;
-	COPY     %r0,c1
-	COPY     %r0,c2
-	COPY     %r0,c3
-
-	LDO      128(%sp),%sp       ; bump stack
-    DEPDI,Z -1,32,33,high_mask   ; Create Mask 0xffffffff80000000L
-    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
-
-	;
-	; Load up all of the values we are going to use
-	;
-    FLDD     0(a_ptr),a0       
-    FLDD     8(a_ptr),a1       
-    FLDD    16(a_ptr),a2       
-    FLDD    24(a_ptr),a3       
-    FLDD    32(a_ptr),a4       
-    FLDD    40(a_ptr),a5       
-    FLDD    48(a_ptr),a6       
-    FLDD    56(a_ptr),a7       
-
-	SQR_ADD_C a0L,a0R,c1,c2,c3
-	STD     c1,0(r_ptr)          ; r[0] = c1;
-	COPY    %r0,c1
-
-	SQR_ADD_C2 a1L,a1R,a0L,a0R,c2,c3,c1
-	STD     c2,8(r_ptr)          ; r[1] = c2;
-	COPY    %r0,c2
-
-	SQR_ADD_C a1L,a1R,c3,c1,c2
-	SQR_ADD_C2 a2L,a2R,a0L,a0R,c3,c1,c2
-	STD     c3,16(r_ptr)            ; r[2] = c3;
-	COPY    %r0,c3
-
-	SQR_ADD_C2 a3L,a3R,a0L,a0R,c1,c2,c3
-	SQR_ADD_C2 a2L,a2R,a1L,a1R,c1,c2,c3
-	STD     c1,24(r_ptr)           ; r[3] = c1;
-	COPY    %r0,c1
-
-	SQR_ADD_C a2L,a2R,c2,c3,c1
-	SQR_ADD_C2 a3L,a3R,a1L,a1R,c2,c3,c1
-	SQR_ADD_C2 a4L,a4R,a0L,a0R,c2,c3,c1
-	STD     c2,32(r_ptr)          ; r[4] = c2;
-	COPY    %r0,c2
-
-	SQR_ADD_C2 a5L,a5R,a0L,a0R,c3,c1,c2
-	SQR_ADD_C2 a4L,a4R,a1L,a1R,c3,c1,c2
-	SQR_ADD_C2 a3L,a3R,a2L,a2R,c3,c1,c2
-	STD     c3,40(r_ptr)          ; r[5] = c3;
-	COPY    %r0,c3
-
-	SQR_ADD_C a3L,a3R,c1,c2,c3
-	SQR_ADD_C2 a4L,a4R,a2L,a2R,c1,c2,c3
-	SQR_ADD_C2 a5L,a5R,a1L,a1R,c1,c2,c3
-	SQR_ADD_C2 a6L,a6R,a0L,a0R,c1,c2,c3
-	STD     c1,48(r_ptr)          ; r[6] = c1;
-	COPY    %r0,c1
-
-	SQR_ADD_C2 a7L,a7R,a0L,a0R,c2,c3,c1
-	SQR_ADD_C2 a6L,a6R,a1L,a1R,c2,c3,c1
-	SQR_ADD_C2 a5L,a5R,a2L,a2R,c2,c3,c1
-	SQR_ADD_C2 a4L,a4R,a3L,a3R,c2,c3,c1
-	STD     c2,56(r_ptr)          ; r[7] = c2;
-	COPY    %r0,c2
-
-	SQR_ADD_C a4L,a4R,c3,c1,c2
-	SQR_ADD_C2 a5L,a5R,a3L,a3R,c3,c1,c2
-	SQR_ADD_C2 a6L,a6R,a2L,a2R,c3,c1,c2
-	SQR_ADD_C2 a7L,a7R,a1L,a1R,c3,c1,c2
-	STD     c3,64(r_ptr)          ; r[8] = c3;
-	COPY    %r0,c3
-
-	SQR_ADD_C2 a7L,a7R,a2L,a2R,c1,c2,c3
-	SQR_ADD_C2 a6L,a6R,a3L,a3R,c1,c2,c3
-	SQR_ADD_C2 a5L,a5R,a4L,a4R,c1,c2,c3
-	STD     c1,72(r_ptr)          ; r[9] = c1;
-	COPY    %r0,c1
-
-	SQR_ADD_C a5L,a5R,c2,c3,c1
-	SQR_ADD_C2 a6L,a6R,a4L,a4R,c2,c3,c1
-	SQR_ADD_C2 a7L,a7R,a3L,a3R,c2,c3,c1
-	STD     c2,80(r_ptr)          ; r[10] = c2;
-	COPY    %r0,c2
-
-	SQR_ADD_C2 a7L,a7R,a4L,a4R,c3,c1,c2
-	SQR_ADD_C2 a6L,a6R,a5L,a5R,c3,c1,c2
-	STD     c3,88(r_ptr)          ; r[11] = c3;
-	COPY    %r0,c3
-	
-	SQR_ADD_C a6L,a6R,c1,c2,c3
-	SQR_ADD_C2 a7L,a7R,a5L,a5R,c1,c2,c3
-	STD     c1,96(r_ptr)          ; r[12] = c1;
-	COPY    %r0,c1
-
-	SQR_ADD_C2 a7L,a7R,a6L,a6R,c2,c3,c1
-	STD     c2,104(r_ptr)         ; r[13] = c2;
-	COPY    %r0,c2
-
-	SQR_ADD_C a7L,a7R,c3,c1,c2
-	STD     c3, 112(r_ptr)       ; r[14] = c3
-	STD     c1, 120(r_ptr)       ; r[15] = c1
-
-    .EXIT
-    LDD     -104(%sp),%r6        ; restore r6
-    LDD     -112(%sp),%r5        ; restore r5
-    LDD     -120(%sp),%r4        ; restore r4
-    BVE     (%rp)
-    LDD,MB  -128(%sp),%r3
-
-	.PROCEND	
-
-;-----------------------------------------------------------------------------
-;
-;void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)
-; arg0 = r_ptr
-; arg1 = a_ptr
-;
-
-bn_sqr_comba4
-	.proc
-	.callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
-	.EXPORT	bn_sqr_comba4,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-    .entry
-	.align 64
-    STD     %r3,0(%sp)          ; save r3
-    STD     %r4,8(%sp)          ; save r4
-    STD     %r5,16(%sp)         ; save r5
-    STD     %r6,24(%sp)         ; save r6
-
-	;
-	; Zero out carries
-	;
-	COPY     %r0,c1
-	COPY     %r0,c2
-	COPY     %r0,c3
-
-	LDO      128(%sp),%sp       ; bump stack
-    DEPDI,Z -1,32,33,high_mask   ; Create Mask 0xffffffff80000000L
-    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
-
-	;
-	; Load up all of the values we are going to use
-	;
-    FLDD     0(a_ptr),a0       
-    FLDD     8(a_ptr),a1       
-    FLDD    16(a_ptr),a2       
-    FLDD    24(a_ptr),a3       
-    FLDD    32(a_ptr),a4       
-    FLDD    40(a_ptr),a5       
-    FLDD    48(a_ptr),a6       
-    FLDD    56(a_ptr),a7       
-
-	SQR_ADD_C a0L,a0R,c1,c2,c3
-
-	STD     c1,0(r_ptr)          ; r[0] = c1;
-	COPY    %r0,c1
-
-	SQR_ADD_C2 a1L,a1R,a0L,a0R,c2,c3,c1
-
-	STD     c2,8(r_ptr)          ; r[1] = c2;
-	COPY    %r0,c2
-
-	SQR_ADD_C a1L,a1R,c3,c1,c2
-	SQR_ADD_C2 a2L,a2R,a0L,a0R,c3,c1,c2
-
-	STD     c3,16(r_ptr)            ; r[2] = c3;
-	COPY    %r0,c3
-
-	SQR_ADD_C2 a3L,a3R,a0L,a0R,c1,c2,c3
-	SQR_ADD_C2 a2L,a2R,a1L,a1R,c1,c2,c3
-
-	STD     c1,24(r_ptr)           ; r[3] = c1;
-	COPY    %r0,c1
-
-	SQR_ADD_C a2L,a2R,c2,c3,c1
-	SQR_ADD_C2 a3L,a3R,a1L,a1R,c2,c3,c1
-
-	STD     c2,32(r_ptr)           ; r[4] = c2;
-	COPY    %r0,c2
-
-	SQR_ADD_C2 a3L,a3R,a2L,a2R,c3,c1,c2
-	STD     c3,40(r_ptr)           ; r[5] = c3;
-	COPY    %r0,c3
-
-	SQR_ADD_C a3L,a3R,c1,c2,c3
-	STD     c1,48(r_ptr)           ; r[6] = c1;
-	STD     c2,56(r_ptr)           ; r[7] = c2;
-
-    .EXIT
-    LDD     -104(%sp),%r6        ; restore r6
-    LDD     -112(%sp),%r5        ; restore r5
-    LDD     -120(%sp),%r4        ; restore r4
-    BVE     (%rp)
-    LDD,MB  -128(%sp),%r3
-
-	.PROCEND	
-
-
-;---------------------------------------------------------------------------
-
-MUL_ADD_C  .macro  A0L,A0R,B0L,B0R,C1,C2,C3
-    XMPYU   A0L,B0R,ftemp1        ; m1 = bl*ht
-    FSTD    ftemp1,-16(%sp)       ;
-    XMPYU   A0R,B0L,ftemp2        ; m = bh*lt
-    FSTD    ftemp2,-8(%sp)        ;
-    XMPYU   A0R,B0R,ftemp3        ; lt = bl*lt
-    FSTD    ftemp3,-32(%sp)
-    XMPYU   A0L,B0L,ftemp4        ; ht = bh*ht
-    FSTD    ftemp4,-24(%sp)       ;
-
-    LDD     -8(%sp),m             ; r21 = m
-    LDD     -16(%sp),m1           ; r19 = m1
-    ADD,L   m,m1,m                ; m+m1
-
-    DEPD,Z  m,31,32,temp3         ; (m+m1<<32)
-    LDD     -24(%sp),ht           ; r24 = ht
-
-    CMPCLR,*>>= m,m1,%r0          ; if (m < m1)
-    ADD,L   ht,high_one,ht        ; ht+=high_one
-
-    EXTRD,U m,31,32,temp1         ; m >> 32
-    LDD     -32(%sp),lt           ; lt
-    ADD,L   ht,temp1,ht           ; ht+= m>>32
-    ADD     lt,temp3,lt           ; lt = lt+m1
-    ADD,DC  ht,%r0,ht             ; ht++
-
-    ADD     C1,lt,C1              ; c1=c1+lt
-    ADD,DC  ht,%r0,ht             ; bump c3 if overflow,nullify otherwise
-
-    ADD     C2,ht,C2              ; c2 = c2 + ht
-    ADD,DC  C3,%r0,C3             ; add in carry (c3++)
-.endm
-
-
-;
-;void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
-; arg0 = r_ptr
-; arg1 = a_ptr
-; arg2 = b_ptr
-;
-
-bn_mul_comba8
-	.proc
-	.callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
-	.EXPORT	bn_mul_comba8,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-    .entry
-	.align 64
-
-    STD     %r3,0(%sp)          ; save r3
-    STD     %r4,8(%sp)          ; save r4
-    STD     %r5,16(%sp)         ; save r5
-    STD     %r6,24(%sp)         ; save r6
-    FSTD    %fr12,32(%sp)       ; save r6
-    FSTD    %fr13,40(%sp)       ; save r7
-
-	;
-	; Zero out carries
-	;
-	COPY     %r0,c1
-	COPY     %r0,c2
-	COPY     %r0,c3
-
-	LDO      128(%sp),%sp       ; bump stack
-    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
-
-	;
-	; Load up all of the values we are going to use
-	;
-    FLDD      0(a_ptr),a0       
-    FLDD      8(a_ptr),a1       
-    FLDD     16(a_ptr),a2       
-    FLDD     24(a_ptr),a3       
-    FLDD     32(a_ptr),a4       
-    FLDD     40(a_ptr),a5       
-    FLDD     48(a_ptr),a6       
-    FLDD     56(a_ptr),a7       
-
-    FLDD      0(b_ptr),b0       
-    FLDD      8(b_ptr),b1       
-    FLDD     16(b_ptr),b2       
-    FLDD     24(b_ptr),b3       
-    FLDD     32(b_ptr),b4       
-    FLDD     40(b_ptr),b5       
-    FLDD     48(b_ptr),b6       
-    FLDD     56(b_ptr),b7       
-
-	MUL_ADD_C a0L,a0R,b0L,b0R,c1,c2,c3
-	STD       c1,0(r_ptr)
-	COPY      %r0,c1
-
-	MUL_ADD_C a0L,a0R,b1L,b1R,c2,c3,c1
-	MUL_ADD_C a1L,a1R,b0L,b0R,c2,c3,c1
-	STD       c2,8(r_ptr)
-	COPY      %r0,c2
-
-	MUL_ADD_C a2L,a2R,b0L,b0R,c3,c1,c2
-	MUL_ADD_C a1L,a1R,b1L,b1R,c3,c1,c2
-	MUL_ADD_C a0L,a0R,b2L,b2R,c3,c1,c2
-	STD       c3,16(r_ptr)
-	COPY      %r0,c3
-
-	MUL_ADD_C a0L,a0R,b3L,b3R,c1,c2,c3
-	MUL_ADD_C a1L,a1R,b2L,b2R,c1,c2,c3
-	MUL_ADD_C a2L,a2R,b1L,b1R,c1,c2,c3
-	MUL_ADD_C a3L,a3R,b0L,b0R,c1,c2,c3
-	STD       c1,24(r_ptr)
-	COPY      %r0,c1
-
-	MUL_ADD_C a4L,a4R,b0L,b0R,c2,c3,c1
-	MUL_ADD_C a3L,a3R,b1L,b1R,c2,c3,c1
-	MUL_ADD_C a2L,a2R,b2L,b2R,c2,c3,c1
-	MUL_ADD_C a1L,a1R,b3L,b3R,c2,c3,c1
-	MUL_ADD_C a0L,a0R,b4L,b4R,c2,c3,c1
-	STD       c2,32(r_ptr)
-	COPY      %r0,c2
-
-	MUL_ADD_C a0L,a0R,b5L,b5R,c3,c1,c2
-	MUL_ADD_C a1L,a1R,b4L,b4R,c3,c1,c2
-	MUL_ADD_C a2L,a2R,b3L,b3R,c3,c1,c2
-	MUL_ADD_C a3L,a3R,b2L,b2R,c3,c1,c2
-	MUL_ADD_C a4L,a4R,b1L,b1R,c3,c1,c2
-	MUL_ADD_C a5L,a5R,b0L,b0R,c3,c1,c2
-	STD       c3,40(r_ptr)
-	COPY      %r0,c3
-
-	MUL_ADD_C a6L,a6R,b0L,b0R,c1,c2,c3
-	MUL_ADD_C a5L,a5R,b1L,b1R,c1,c2,c3
-	MUL_ADD_C a4L,a4R,b2L,b2R,c1,c2,c3
-	MUL_ADD_C a3L,a3R,b3L,b3R,c1,c2,c3
-	MUL_ADD_C a2L,a2R,b4L,b4R,c1,c2,c3
-	MUL_ADD_C a1L,a1R,b5L,b5R,c1,c2,c3
-	MUL_ADD_C a0L,a0R,b6L,b6R,c1,c2,c3
-	STD       c1,48(r_ptr)
-	COPY      %r0,c1
-	
-	MUL_ADD_C a0L,a0R,b7L,b7R,c2,c3,c1
-	MUL_ADD_C a1L,a1R,b6L,b6R,c2,c3,c1
-	MUL_ADD_C a2L,a2R,b5L,b5R,c2,c3,c1
-	MUL_ADD_C a3L,a3R,b4L,b4R,c2,c3,c1
-	MUL_ADD_C a4L,a4R,b3L,b3R,c2,c3,c1
-	MUL_ADD_C a5L,a5R,b2L,b2R,c2,c3,c1
-	MUL_ADD_C a6L,a6R,b1L,b1R,c2,c3,c1
-	MUL_ADD_C a7L,a7R,b0L,b0R,c2,c3,c1
-	STD       c2,56(r_ptr)
-	COPY      %r0,c2
-
-	MUL_ADD_C a7L,a7R,b1L,b1R,c3,c1,c2
-	MUL_ADD_C a6L,a6R,b2L,b2R,c3,c1,c2
-	MUL_ADD_C a5L,a5R,b3L,b3R,c3,c1,c2
-	MUL_ADD_C a4L,a4R,b4L,b4R,c3,c1,c2
-	MUL_ADD_C a3L,a3R,b5L,b5R,c3,c1,c2
-	MUL_ADD_C a2L,a2R,b6L,b6R,c3,c1,c2
-	MUL_ADD_C a1L,a1R,b7L,b7R,c3,c1,c2
-	STD       c3,64(r_ptr)
-	COPY      %r0,c3
-
-	MUL_ADD_C a2L,a2R,b7L,b7R,c1,c2,c3
-	MUL_ADD_C a3L,a3R,b6L,b6R,c1,c2,c3
-	MUL_ADD_C a4L,a4R,b5L,b5R,c1,c2,c3
-	MUL_ADD_C a5L,a5R,b4L,b4R,c1,c2,c3
-	MUL_ADD_C a6L,a6R,b3L,b3R,c1,c2,c3
-	MUL_ADD_C a7L,a7R,b2L,b2R,c1,c2,c3
-	STD       c1,72(r_ptr)
-	COPY      %r0,c1
-
-	MUL_ADD_C a7L,a7R,b3L,b3R,c2,c3,c1
-	MUL_ADD_C a6L,a6R,b4L,b4R,c2,c3,c1
-	MUL_ADD_C a5L,a5R,b5L,b5R,c2,c3,c1
-	MUL_ADD_C a4L,a4R,b6L,b6R,c2,c3,c1
-	MUL_ADD_C a3L,a3R,b7L,b7R,c2,c3,c1
-	STD       c2,80(r_ptr)
-	COPY      %r0,c2
-
-	MUL_ADD_C a4L,a4R,b7L,b7R,c3,c1,c2
-	MUL_ADD_C a5L,a5R,b6L,b6R,c3,c1,c2
-	MUL_ADD_C a6L,a6R,b5L,b5R,c3,c1,c2
-	MUL_ADD_C a7L,a7R,b4L,b4R,c3,c1,c2
-	STD       c3,88(r_ptr)
-	COPY      %r0,c3
-
-	MUL_ADD_C a7L,a7R,b5L,b5R,c1,c2,c3
-	MUL_ADD_C a6L,a6R,b6L,b6R,c1,c2,c3
-	MUL_ADD_C a5L,a5R,b7L,b7R,c1,c2,c3
-	STD       c1,96(r_ptr)
-	COPY      %r0,c1
-
-	MUL_ADD_C a6L,a6R,b7L,b7R,c2,c3,c1
-	MUL_ADD_C a7L,a7R,b6L,b6R,c2,c3,c1
-	STD       c2,104(r_ptr)
-	COPY      %r0,c2
-
-	MUL_ADD_C a7L,a7R,b7L,b7R,c3,c1,c2
-	STD       c3,112(r_ptr)
-	STD       c1,120(r_ptr)
-
-    .EXIT
-    FLDD    -88(%sp),%fr13 
-    FLDD    -96(%sp),%fr12 
-    LDD     -104(%sp),%r6        ; restore r6
-    LDD     -112(%sp),%r5        ; restore r5
-    LDD     -120(%sp),%r4        ; restore r4
-    BVE     (%rp)
-    LDD,MB  -128(%sp),%r3
-
-	.PROCEND	
-
-;-----------------------------------------------------------------------------
-;
-;void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
-; arg0 = r_ptr
-; arg1 = a_ptr
-; arg2 = b_ptr
-;
-
-bn_mul_comba4
-	.proc
-	.callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
-	.EXPORT	bn_mul_comba4,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-    .entry
-	.align 64
-
-    STD     %r3,0(%sp)          ; save r3
-    STD     %r4,8(%sp)          ; save r4
-    STD     %r5,16(%sp)         ; save r5
-    STD     %r6,24(%sp)         ; save r6
-    FSTD    %fr12,32(%sp)       ; save r6
-    FSTD    %fr13,40(%sp)       ; save r7
-
-	;
-	; Zero out carries
-	;
-	COPY     %r0,c1
-	COPY     %r0,c2
-	COPY     %r0,c3
-
-	LDO      128(%sp),%sp       ; bump stack
-    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
-
-	;
-	; Load up all of the values we are going to use
-	;
-    FLDD      0(a_ptr),a0       
-    FLDD      8(a_ptr),a1       
-    FLDD     16(a_ptr),a2       
-    FLDD     24(a_ptr),a3       
-
-    FLDD      0(b_ptr),b0       
-    FLDD      8(b_ptr),b1       
-    FLDD     16(b_ptr),b2       
-    FLDD     24(b_ptr),b3       
-
-	MUL_ADD_C a0L,a0R,b0L,b0R,c1,c2,c3
-	STD       c1,0(r_ptr)
-	COPY      %r0,c1
-
-	MUL_ADD_C a0L,a0R,b1L,b1R,c2,c3,c1
-	MUL_ADD_C a1L,a1R,b0L,b0R,c2,c3,c1
-	STD       c2,8(r_ptr)
-	COPY      %r0,c2
-
-	MUL_ADD_C a2L,a2R,b0L,b0R,c3,c1,c2
-	MUL_ADD_C a1L,a1R,b1L,b1R,c3,c1,c2
-	MUL_ADD_C a0L,a0R,b2L,b2R,c3,c1,c2
-	STD       c3,16(r_ptr)
-	COPY      %r0,c3
-
-	MUL_ADD_C a0L,a0R,b3L,b3R,c1,c2,c3
-	MUL_ADD_C a1L,a1R,b2L,b2R,c1,c2,c3
-	MUL_ADD_C a2L,a2R,b1L,b1R,c1,c2,c3
-	MUL_ADD_C a3L,a3R,b0L,b0R,c1,c2,c3
-	STD       c1,24(r_ptr)
-	COPY      %r0,c1
-
-	MUL_ADD_C a3L,a3R,b1L,b1R,c2,c3,c1
-	MUL_ADD_C a2L,a2R,b2L,b2R,c2,c3,c1
-	MUL_ADD_C a1L,a1R,b3L,b3R,c2,c3,c1
-	STD       c2,32(r_ptr)
-	COPY      %r0,c2
-
-	MUL_ADD_C a2L,a2R,b3L,b3R,c3,c1,c2
-	MUL_ADD_C a3L,a3R,b2L,b2R,c3,c1,c2
-	STD       c3,40(r_ptr)
-	COPY      %r0,c3
-
-	MUL_ADD_C a3L,a3R,b3L,b3R,c1,c2,c3
-	STD       c1,48(r_ptr)
-	STD       c2,56(r_ptr)
-
-    .EXIT
-    FLDD    -88(%sp),%fr13 
-    FLDD    -96(%sp),%fr12 
-    LDD     -104(%sp),%r6        ; restore r6
-    LDD     -112(%sp),%r5        ; restore r5
-    LDD     -120(%sp),%r4        ; restore r4
-    BVE     (%rp)
-    LDD,MB  -128(%sp),%r3
-
-	.PROCEND	
-
-
-;--- not PIC	.SPACE	$TEXT$
-;--- not PIC	.SUBSPA	$CODE$
-;--- not PIC	.SPACE	$PRIVATE$,SORT=16
-;--- not PIC	.IMPORT	$global$,DATA
-;--- not PIC	.SPACE	$TEXT$
-;--- not PIC	.SUBSPA	$CODE$
-;--- not PIC	.SUBSPA	$LIT$,ACCESS=0x2c
-;--- not PIC	C$7
-;--- not PIC	.ALIGN	8
-;--- not PIC	.STRINGZ	"Division would overflow (%d)\n"
-	.END
diff --git a/crypto/bn/asm/pa-risc2W.s b/crypto/bn/asm/pa-risc2W.s
deleted file mode 100644
index a9954575..00000000
--- a/crypto/bn/asm/pa-risc2W.s
+++ /dev/null
@@ -1,1605 +0,0 @@
-;
-; PA-RISC 64-bit implementation of bn_asm code
-;
-; This code is approximately 2x faster than the C version
-; for RSA/DSA.
-;
-; See http://devresource.hp.com/  for more details on the PA-RISC
-; architecture.  Also see the book "PA-RISC 2.0 Architecture"
-; by Gerry Kane for information on the instruction set architecture.
-;
-; Code written by Chris Ruemmler (with some help from the HP C
-; compiler).
-;
-; The code compiles with HP's assembler
-;
-
-	.level	2.0W
-	.space	$TEXT$
-	.subspa	$CODE$,QUAD=0,ALIGN=8,ACCESS=0x2c,CODE_ONLY
-
-;
-; Global Register definitions used for the routines.
-;
-; Some information about HP's runtime architecture for 64-bits.
-;
-; "Caller save" means the calling function must save the register
-; if it wants the register to be preserved.
-; "Callee save" means if a function uses the register, it must save
-; the value before using it.
-;
-; For the floating point registers 
-;
-;    "caller save" registers: fr4-fr11, fr22-fr31
-;    "callee save" registers: fr12-fr21
-;    "special" registers: fr0-fr3 (status and exception registers)
-;
-; For the integer registers
-;     value zero             :  r0
-;     "caller save" registers: r1,r19-r26
-;     "callee save" registers: r3-r18
-;     return register        :  r2  (rp)
-;     return values          ; r28  (ret0,ret1)
-;     Stack pointer          ; r30  (sp) 
-;     global data pointer    ; r27  (dp)
-;     argument pointer       ; r29  (ap)
-;     millicode return ptr   ; r31  (also a caller save register)
-
-
-;
-; Arguments to the routines
-;
-r_ptr       .reg %r26
-a_ptr       .reg %r25
-b_ptr       .reg %r24
-num         .reg %r24
-w           .reg %r23
-n           .reg %r23
-
-
-;
-; Globals used in some routines
-;
-
-top_overflow .reg %r29
-high_mask    .reg %r22    ; value 0xffffffff80000000L
-
-
-;------------------------------------------------------------------------------
-;
-; bn_mul_add_words
-;
-;BN_ULONG bn_mul_add_words(BN_ULONG *r_ptr, BN_ULONG *a_ptr, 
-;								int num, BN_ULONG w)
-;
-; arg0 = r_ptr
-; arg1 = a_ptr
-; arg2 = num
-; arg3 = w
-;
-; Local register definitions
-;
-
-fm1          .reg %fr22
-fm           .reg %fr23
-ht_temp      .reg %fr24
-ht_temp_1    .reg %fr25
-lt_temp      .reg %fr26
-lt_temp_1    .reg %fr27
-fm1_1        .reg %fr28
-fm_1         .reg %fr29
-
-fw_h         .reg %fr7L
-fw_l         .reg %fr7R
-fw           .reg %fr7
-
-fht_0        .reg %fr8L
-flt_0        .reg %fr8R
-t_float_0    .reg %fr8
-
-fht_1        .reg %fr9L
-flt_1        .reg %fr9R
-t_float_1    .reg %fr9
-
-tmp_0        .reg %r31
-tmp_1        .reg %r21
-m_0          .reg %r20 
-m_1          .reg %r19 
-ht_0         .reg %r1  
-ht_1         .reg %r3
-lt_0         .reg %r4
-lt_1         .reg %r5
-m1_0         .reg %r6 
-m1_1         .reg %r7 
-rp_val       .reg %r8
-rp_val_1     .reg %r9
-
-bn_mul_add_words
-	.export	bn_mul_add_words,entry,NO_RELOCATION,LONG_RETURN
-	.proc
-	.callinfo frame=128
-    .entry
-	.align 64
-
-    STD     %r3,0(%sp)          ; save r3  
-    STD     %r4,8(%sp)          ; save r4  
-	NOP                         ; Needed to make the loop 16-byte aligned
-	NOP                         ; Needed to make the loop 16-byte aligned
-
-    STD     %r5,16(%sp)         ; save r5  
-    STD     %r6,24(%sp)         ; save r6  
-    STD     %r7,32(%sp)         ; save r7  
-    STD     %r8,40(%sp)         ; save r8  
-
-    STD     %r9,48(%sp)         ; save r9  
-    COPY    %r0,%ret0           ; return 0 by default
-    DEPDI,Z 1,31,1,top_overflow ; top_overflow = 1 << 32    
-	STD     w,56(%sp)           ; store w on stack
-
-    CMPIB,>= 0,num,bn_mul_add_words_exit  ; if (num <= 0) then exit
-	LDO     128(%sp),%sp       ; bump stack
-
-	;
-	; The loop is unrolled twice, so if there is only 1 number
-    ; then go straight to the cleanup code.
-	;
-	CMPIB,= 1,num,bn_mul_add_words_single_top
-	FLDD    -72(%sp),fw     ; load up w into fp register fw (fw_h/fw_l)
-
-	;
-	; This loop is unrolled 2 times (64-byte aligned as well)
-	;
-	; PA-RISC 2.0 chips have two fully pipelined multipliers, thus
-    ; two 32-bit mutiplies can be issued per cycle.
-    ; 
-bn_mul_add_words_unroll2
-
-    FLDD    0(a_ptr),t_float_0       ; load up 64-bit value (fr8L) ht(L)/lt(R)
-    FLDD    8(a_ptr),t_float_1       ; load up 64-bit value (fr8L) ht(L)/lt(R)
-    LDD     0(r_ptr),rp_val          ; rp[0]
-    LDD     8(r_ptr),rp_val_1        ; rp[1]
-
-    XMPYU   fht_0,fw_l,fm1           ; m1[0] = fht_0*fw_l
-    XMPYU   fht_1,fw_l,fm1_1         ; m1[1] = fht_1*fw_l
-    FSTD    fm1,-16(%sp)             ; -16(sp) = m1[0]
-    FSTD    fm1_1,-48(%sp)           ; -48(sp) = m1[1]
-
-    XMPYU   flt_0,fw_h,fm            ; m[0] = flt_0*fw_h
-    XMPYU   flt_1,fw_h,fm_1          ; m[1] = flt_1*fw_h
-    FSTD    fm,-8(%sp)               ; -8(sp) = m[0]
-    FSTD    fm_1,-40(%sp)            ; -40(sp) = m[1]
-
-    XMPYU   fht_0,fw_h,ht_temp       ; ht_temp   = fht_0*fw_h
-    XMPYU   fht_1,fw_h,ht_temp_1     ; ht_temp_1 = fht_1*fw_h
-    FSTD    ht_temp,-24(%sp)         ; -24(sp)   = ht_temp
-    FSTD    ht_temp_1,-56(%sp)       ; -56(sp)   = ht_temp_1
-
-    XMPYU   flt_0,fw_l,lt_temp       ; lt_temp = lt*fw_l
-    XMPYU   flt_1,fw_l,lt_temp_1     ; lt_temp = lt*fw_l
-    FSTD    lt_temp,-32(%sp)         ; -32(sp) = lt_temp 
-    FSTD    lt_temp_1,-64(%sp)       ; -64(sp) = lt_temp_1 
-
-    LDD     -8(%sp),m_0              ; m[0] 
-    LDD     -40(%sp),m_1             ; m[1]
-    LDD     -16(%sp),m1_0            ; m1[0]
-    LDD     -48(%sp),m1_1            ; m1[1]
-
-    LDD     -24(%sp),ht_0            ; ht[0]
-    LDD     -56(%sp),ht_1            ; ht[1]
-    ADD,L   m1_0,m_0,tmp_0           ; tmp_0 = m[0] + m1[0]; 
-    ADD,L   m1_1,m_1,tmp_1           ; tmp_1 = m[1] + m1[1]; 
-
-    LDD     -32(%sp),lt_0            
-    LDD     -64(%sp),lt_1            
-    CMPCLR,*>>= tmp_0,m1_0, %r0      ; if (m[0] < m1[0])
-    ADD,L   ht_0,top_overflow,ht_0   ; ht[0] += (1<<32)
-
-    CMPCLR,*>>= tmp_1,m1_1,%r0       ; if (m[1] < m1[1])
-    ADD,L   ht_1,top_overflow,ht_1   ; ht[1] += (1<<32)
-    EXTRD,U tmp_0,31,32,m_0          ; m[0]>>32  
-    DEPD,Z  tmp_0,31,32,m1_0         ; m1[0] = m[0]<<32 
-
-    EXTRD,U tmp_1,31,32,m_1          ; m[1]>>32  
-    DEPD,Z  tmp_1,31,32,m1_1         ; m1[1] = m[1]<<32 
-    ADD,L   ht_0,m_0,ht_0            ; ht[0]+= (m[0]>>32)
-    ADD,L   ht_1,m_1,ht_1            ; ht[1]+= (m[1]>>32)
-
-    ADD     lt_0,m1_0,lt_0           ; lt[0] = lt[0]+m1[0];
-	ADD,DC  ht_0,%r0,ht_0            ; ht[0]++
-    ADD     lt_1,m1_1,lt_1           ; lt[1] = lt[1]+m1[1];
-    ADD,DC  ht_1,%r0,ht_1            ; ht[1]++
-
-    ADD    %ret0,lt_0,lt_0           ; lt[0] = lt[0] + c;
-	ADD,DC  ht_0,%r0,ht_0            ; ht[0]++
-    ADD     lt_0,rp_val,lt_0         ; lt[0] = lt[0]+rp[0]
-    ADD,DC  ht_0,%r0,ht_0            ; ht[0]++
-
-	LDO    -2(num),num               ; num = num - 2;
-    ADD     ht_0,lt_1,lt_1           ; lt[1] = lt[1] + ht_0 (c);
-    ADD,DC  ht_1,%r0,ht_1            ; ht[1]++
-    STD     lt_0,0(r_ptr)            ; rp[0] = lt[0]
-
-    ADD     lt_1,rp_val_1,lt_1       ; lt[1] = lt[1]+rp[1]
-    ADD,DC  ht_1,%r0,%ret0           ; ht[1]++
-    LDO     16(a_ptr),a_ptr          ; a_ptr += 2
-
-    STD     lt_1,8(r_ptr)            ; rp[1] = lt[1]
-	CMPIB,<= 2,num,bn_mul_add_words_unroll2 ; go again if more to do
-    LDO     16(r_ptr),r_ptr          ; r_ptr += 2
-
-    CMPIB,=,N 0,num,bn_mul_add_words_exit ; are we done, or cleanup last one
-
-	;
-	; Top of loop aligned on 64-byte boundary
-	;
-bn_mul_add_words_single_top
-    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
-    LDD     0(r_ptr),rp_val           ; rp[0]
-    LDO     8(a_ptr),a_ptr            ; a_ptr++
-    XMPYU   fht_0,fw_l,fm1            ; m1 = ht*fw_l
-    FSTD    fm1,-16(%sp)              ; -16(sp) = m1
-    XMPYU   flt_0,fw_h,fm             ; m = lt*fw_h
-    FSTD    fm,-8(%sp)                ; -8(sp) = m
-    XMPYU   fht_0,fw_h,ht_temp        ; ht_temp = ht*fw_h
-    FSTD    ht_temp,-24(%sp)          ; -24(sp) = ht
-    XMPYU   flt_0,fw_l,lt_temp        ; lt_temp = lt*fw_l
-    FSTD    lt_temp,-32(%sp)          ; -32(sp) = lt 
-
-    LDD     -8(%sp),m_0               
-    LDD    -16(%sp),m1_0              ; m1 = temp1 
-    ADD,L   m_0,m1_0,tmp_0            ; tmp_0 = m + m1; 
-    LDD     -24(%sp),ht_0             
-    LDD     -32(%sp),lt_0             
-
-    CMPCLR,*>>= tmp_0,m1_0,%r0        ; if (m < m1)
-    ADD,L   ht_0,top_overflow,ht_0    ; ht += (1<<32)
-
-    EXTRD,U tmp_0,31,32,m_0           ; m>>32  
-    DEPD,Z  tmp_0,31,32,m1_0          ; m1 = m<<32 
-
-    ADD,L   ht_0,m_0,ht_0             ; ht+= (m>>32)
-    ADD     lt_0,m1_0,tmp_0           ; tmp_0 = lt+m1;
-    ADD,DC  ht_0,%r0,ht_0             ; ht++
-    ADD     %ret0,tmp_0,lt_0          ; lt = lt + c;
-    ADD,DC  ht_0,%r0,ht_0             ; ht++
-    ADD     lt_0,rp_val,lt_0          ; lt = lt+rp[0]
-    ADD,DC  ht_0,%r0,%ret0            ; ht++
-    STD     lt_0,0(r_ptr)             ; rp[0] = lt
-
-bn_mul_add_words_exit
-    .EXIT
-    LDD     -80(%sp),%r9              ; restore r9  
-    LDD     -88(%sp),%r8              ; restore r8  
-    LDD     -96(%sp),%r7              ; restore r7  
-    LDD     -104(%sp),%r6             ; restore r6  
-    LDD     -112(%sp),%r5             ; restore r5  
-    LDD     -120(%sp),%r4             ; restore r4  
-    BVE     (%rp)
-    LDD,MB  -128(%sp),%r3             ; restore r3
-	.PROCEND	;in=23,24,25,26,29;out=28;
-
-;----------------------------------------------------------------------------
-;
-;BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
-;
-; arg0 = rp
-; arg1 = ap
-; arg2 = num
-; arg3 = w
-
-bn_mul_words
-	.proc
-	.callinfo frame=128
-    .entry
-	.EXPORT	bn_mul_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-	.align 64
-
-    STD     %r3,0(%sp)          ; save r3  
-    STD     %r4,8(%sp)          ; save r4  
-    STD     %r5,16(%sp)         ; save r5  
-    STD     %r6,24(%sp)         ; save r6  
-
-    STD     %r7,32(%sp)         ; save r7  
-    COPY    %r0,%ret0           ; return 0 by default
-    DEPDI,Z 1,31,1,top_overflow ; top_overflow = 1 << 32    
-	STD     w,56(%sp)           ; w on stack
-
-    CMPIB,>= 0,num,bn_mul_words_exit
-	LDO     128(%sp),%sp       ; bump stack
-
-	;
-	; See if only 1 word to do, thus just do cleanup
-	;
-	CMPIB,= 1,num,bn_mul_words_single_top
-	FLDD    -72(%sp),fw     ; load up w into fp register fw (fw_h/fw_l)
-
-	;
-	; This loop is unrolled 2 times (64-byte aligned as well)
-	;
-	; PA-RISC 2.0 chips have two fully pipelined multipliers, thus
-    ; two 32-bit mutiplies can be issued per cycle.
-    ; 
-bn_mul_words_unroll2
-
-    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
-    FLDD    8(a_ptr),t_float_1        ; load up 64-bit value (fr8L) ht(L)/lt(R)
-    XMPYU   fht_0,fw_l,fm1            ; m1[0] = fht_0*fw_l
-    XMPYU   fht_1,fw_l,fm1_1          ; m1[1] = ht*fw_l
-
-    FSTD    fm1,-16(%sp)              ; -16(sp) = m1
-    FSTD    fm1_1,-48(%sp)            ; -48(sp) = m1
-    XMPYU   flt_0,fw_h,fm             ; m = lt*fw_h
-    XMPYU   flt_1,fw_h,fm_1           ; m = lt*fw_h
-
-    FSTD    fm,-8(%sp)                ; -8(sp) = m
-    FSTD    fm_1,-40(%sp)             ; -40(sp) = m
-    XMPYU   fht_0,fw_h,ht_temp        ; ht_temp = fht_0*fw_h
-    XMPYU   fht_1,fw_h,ht_temp_1      ; ht_temp = ht*fw_h
-
-    FSTD    ht_temp,-24(%sp)          ; -24(sp) = ht
-    FSTD    ht_temp_1,-56(%sp)        ; -56(sp) = ht
-    XMPYU   flt_0,fw_l,lt_temp        ; lt_temp = lt*fw_l
-    XMPYU   flt_1,fw_l,lt_temp_1      ; lt_temp = lt*fw_l
-
-    FSTD    lt_temp,-32(%sp)          ; -32(sp) = lt 
-    FSTD    lt_temp_1,-64(%sp)        ; -64(sp) = lt 
-    LDD     -8(%sp),m_0               
-    LDD     -40(%sp),m_1              
-
-    LDD    -16(%sp),m1_0              
-    LDD    -48(%sp),m1_1              
-    LDD     -24(%sp),ht_0             
-    LDD     -56(%sp),ht_1             
-
-    ADD,L   m1_0,m_0,tmp_0            ; tmp_0 = m + m1; 
-    ADD,L   m1_1,m_1,tmp_1            ; tmp_1 = m + m1; 
-    LDD     -32(%sp),lt_0             
-    LDD     -64(%sp),lt_1             
-
-    CMPCLR,*>>= tmp_0,m1_0, %r0       ; if (m < m1)
-    ADD,L   ht_0,top_overflow,ht_0    ; ht += (1<<32)
-    CMPCLR,*>>= tmp_1,m1_1,%r0        ; if (m < m1)
-    ADD,L   ht_1,top_overflow,ht_1    ; ht += (1<<32)
-
-    EXTRD,U tmp_0,31,32,m_0           ; m>>32  
-    DEPD,Z  tmp_0,31,32,m1_0          ; m1 = m<<32 
-    EXTRD,U tmp_1,31,32,m_1           ; m>>32  
-    DEPD,Z  tmp_1,31,32,m1_1          ; m1 = m<<32 
-
-    ADD,L   ht_0,m_0,ht_0             ; ht+= (m>>32)
-    ADD,L   ht_1,m_1,ht_1             ; ht+= (m>>32)
-    ADD     lt_0,m1_0,lt_0            ; lt = lt+m1;
-	ADD,DC  ht_0,%r0,ht_0             ; ht++
-
-    ADD     lt_1,m1_1,lt_1            ; lt = lt+m1;
-    ADD,DC  ht_1,%r0,ht_1             ; ht++
-    ADD    %ret0,lt_0,lt_0            ; lt = lt + c (ret0);
-	ADD,DC  ht_0,%r0,ht_0             ; ht++
-
-    ADD     ht_0,lt_1,lt_1            ; lt = lt + c (ht_0)
-    ADD,DC  ht_1,%r0,ht_1             ; ht++
-    STD     lt_0,0(r_ptr)             ; rp[0] = lt
-    STD     lt_1,8(r_ptr)             ; rp[1] = lt
-
-	COPY    ht_1,%ret0                ; carry = ht
-	LDO    -2(num),num                ; num = num - 2;
-    LDO     16(a_ptr),a_ptr           ; ap += 2
-	CMPIB,<= 2,num,bn_mul_words_unroll2
-    LDO     16(r_ptr),r_ptr           ; rp++
-
-    CMPIB,=,N 0,num,bn_mul_words_exit ; are we done?
-
-	;
-	; Top of loop aligned on 64-byte boundary
-	;
-bn_mul_words_single_top
-    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
-
-    XMPYU   fht_0,fw_l,fm1            ; m1 = ht*fw_l
-    FSTD    fm1,-16(%sp)              ; -16(sp) = m1
-    XMPYU   flt_0,fw_h,fm             ; m = lt*fw_h
-    FSTD    fm,-8(%sp)                ; -8(sp) = m
-    XMPYU   fht_0,fw_h,ht_temp        ; ht_temp = ht*fw_h
-    FSTD    ht_temp,-24(%sp)          ; -24(sp) = ht
-    XMPYU   flt_0,fw_l,lt_temp        ; lt_temp = lt*fw_l
-    FSTD    lt_temp,-32(%sp)          ; -32(sp) = lt 
-
-    LDD     -8(%sp),m_0               
-    LDD    -16(%sp),m1_0              
-    ADD,L   m_0,m1_0,tmp_0            ; tmp_0 = m + m1; 
-    LDD     -24(%sp),ht_0             
-    LDD     -32(%sp),lt_0             
-
-    CMPCLR,*>>= tmp_0,m1_0,%r0        ; if (m < m1)
-    ADD,L   ht_0,top_overflow,ht_0    ; ht += (1<<32)
-
-    EXTRD,U tmp_0,31,32,m_0           ; m>>32  
-    DEPD,Z  tmp_0,31,32,m1_0          ; m1 = m<<32 
-
-    ADD,L   ht_0,m_0,ht_0             ; ht+= (m>>32)
-    ADD     lt_0,m1_0,lt_0            ; lt= lt+m1;
-    ADD,DC  ht_0,%r0,ht_0             ; ht++
-
-    ADD     %ret0,lt_0,lt_0           ; lt = lt + c;
-    ADD,DC  ht_0,%r0,ht_0             ; ht++
-
-    COPY    ht_0,%ret0                ; copy carry
-    STD     lt_0,0(r_ptr)             ; rp[0] = lt
-
-bn_mul_words_exit
-    .EXIT
-    LDD     -96(%sp),%r7              ; restore r7  
-    LDD     -104(%sp),%r6             ; restore r6  
-    LDD     -112(%sp),%r5             ; restore r5  
-    LDD     -120(%sp),%r4             ; restore r4  
-    BVE     (%rp)
-    LDD,MB  -128(%sp),%r3             ; restore r3
-	.PROCEND	;in=23,24,25,26,29;out=28;
-
-;----------------------------------------------------------------------------
-;
-;void bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num)
-;
-; arg0 = rp
-; arg1 = ap
-; arg2 = num
-;
-
-bn_sqr_words
-	.proc
-	.callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
-	.EXPORT	bn_sqr_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-    .entry
-	.align 64
-
-    STD     %r3,0(%sp)          ; save r3  
-    STD     %r4,8(%sp)          ; save r4  
-	NOP
-    STD     %r5,16(%sp)         ; save r5  
-
-    CMPIB,>= 0,num,bn_sqr_words_exit
-	LDO     128(%sp),%sp       ; bump stack
-
-	;
-	; If only 1, the goto straight to cleanup
-	;
-	CMPIB,= 1,num,bn_sqr_words_single_top
-    DEPDI,Z -1,32,33,high_mask   ; Create Mask 0xffffffff80000000L
-
-	;
-	; This loop is unrolled 2 times (64-byte aligned as well)
-	;
-
-bn_sqr_words_unroll2
-    FLDD    0(a_ptr),t_float_0        ; a[0]
-    FLDD    8(a_ptr),t_float_1        ; a[1]
-    XMPYU   fht_0,flt_0,fm            ; m[0]
-    XMPYU   fht_1,flt_1,fm_1          ; m[1]
-
-    FSTD    fm,-24(%sp)               ; store m[0]
-    FSTD    fm_1,-56(%sp)             ; store m[1]
-    XMPYU   flt_0,flt_0,lt_temp       ; lt[0]
-    XMPYU   flt_1,flt_1,lt_temp_1     ; lt[1]
-
-    FSTD    lt_temp,-16(%sp)          ; store lt[0]
-    FSTD    lt_temp_1,-48(%sp)        ; store lt[1]
-    XMPYU   fht_0,fht_0,ht_temp       ; ht[0]
-    XMPYU   fht_1,fht_1,ht_temp_1     ; ht[1]
-
-    FSTD    ht_temp,-8(%sp)           ; store ht[0]
-    FSTD    ht_temp_1,-40(%sp)        ; store ht[1]
-    LDD     -24(%sp),m_0             
-    LDD     -56(%sp),m_1              
-
-    AND     m_0,high_mask,tmp_0       ; m[0] & Mask
-    AND     m_1,high_mask,tmp_1       ; m[1] & Mask
-    DEPD,Z  m_0,30,31,m_0             ; m[0] << 32+1
-    DEPD,Z  m_1,30,31,m_1             ; m[1] << 32+1
-
-    LDD     -16(%sp),lt_0        
-    LDD     -48(%sp),lt_1        
-    EXTRD,U tmp_0,32,33,tmp_0         ; tmp_0 = m[0]&Mask >> 32-1
-    EXTRD,U tmp_1,32,33,tmp_1         ; tmp_1 = m[1]&Mask >> 32-1
-
-    LDD     -8(%sp),ht_0            
-    LDD     -40(%sp),ht_1           
-    ADD,L   ht_0,tmp_0,ht_0           ; ht[0] += tmp_0
-    ADD,L   ht_1,tmp_1,ht_1           ; ht[1] += tmp_1
-
-    ADD     lt_0,m_0,lt_0             ; lt = lt+m
-    ADD,DC  ht_0,%r0,ht_0             ; ht[0]++
-    STD     lt_0,0(r_ptr)             ; rp[0] = lt[0]
-    STD     ht_0,8(r_ptr)             ; rp[1] = ht[1]
-
-    ADD     lt_1,m_1,lt_1             ; lt = lt+m
-    ADD,DC  ht_1,%r0,ht_1             ; ht[1]++
-    STD     lt_1,16(r_ptr)            ; rp[2] = lt[1]
-    STD     ht_1,24(r_ptr)            ; rp[3] = ht[1]
-
-	LDO    -2(num),num                ; num = num - 2;
-    LDO     16(a_ptr),a_ptr           ; ap += 2
-	CMPIB,<= 2,num,bn_sqr_words_unroll2
-    LDO     32(r_ptr),r_ptr           ; rp += 4
-
-    CMPIB,=,N 0,num,bn_sqr_words_exit ; are we done?
-
-	;
-	; Top of loop aligned on 64-byte boundary
-	;
-bn_sqr_words_single_top
-    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
-
-    XMPYU   fht_0,flt_0,fm            ; m
-    FSTD    fm,-24(%sp)               ; store m
-
-    XMPYU   flt_0,flt_0,lt_temp       ; lt
-    FSTD    lt_temp,-16(%sp)          ; store lt
-
-    XMPYU   fht_0,fht_0,ht_temp       ; ht
-    FSTD    ht_temp,-8(%sp)           ; store ht
-
-    LDD     -24(%sp),m_0              ; load m
-    AND     m_0,high_mask,tmp_0       ; m & Mask
-    DEPD,Z  m_0,30,31,m_0             ; m << 32+1
-    LDD     -16(%sp),lt_0             ; lt
-
-    LDD     -8(%sp),ht_0              ; ht
-    EXTRD,U tmp_0,32,33,tmp_0         ; tmp_0 = m&Mask >> 32-1
-    ADD     m_0,lt_0,lt_0             ; lt = lt+m
-    ADD,L   ht_0,tmp_0,ht_0           ; ht += tmp_0
-    ADD,DC  ht_0,%r0,ht_0             ; ht++
-
-    STD     lt_0,0(r_ptr)             ; rp[0] = lt
-    STD     ht_0,8(r_ptr)             ; rp[1] = ht
-
-bn_sqr_words_exit
-    .EXIT
-    LDD     -112(%sp),%r5       ; restore r5  
-    LDD     -120(%sp),%r4       ; restore r4  
-    BVE     (%rp)
-    LDD,MB  -128(%sp),%r3 
-	.PROCEND	;in=23,24,25,26,29;out=28;
-
-
-;----------------------------------------------------------------------------
-;
-;BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
-;
-; arg0 = rp 
-; arg1 = ap
-; arg2 = bp 
-; arg3 = n
-
-t  .reg %r22
-b  .reg %r21
-l  .reg %r20
-
-bn_add_words
-	.proc
-    .entry
-	.callinfo
-	.EXPORT	bn_add_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-	.align 64
-
-    CMPIB,>= 0,n,bn_add_words_exit
-    COPY    %r0,%ret0           ; return 0 by default
-
-	;
-	; If 2 or more numbers do the loop
-	;
-	CMPIB,= 1,n,bn_add_words_single_top
-	NOP
-
-	;
-	; This loop is unrolled 2 times (64-byte aligned as well)
-	;
-bn_add_words_unroll2
-	LDD     0(a_ptr),t
-	LDD     0(b_ptr),b
-	ADD     t,%ret0,t                    ; t = t+c;
-	ADD,DC  %r0,%r0,%ret0                ; set c to carry
-	ADD     t,b,l                        ; l = t + b[0]
-	ADD,DC  %ret0,%r0,%ret0              ; c+= carry
-	STD     l,0(r_ptr)
-
-	LDD     8(a_ptr),t
-	LDD     8(b_ptr),b
-	ADD     t,%ret0,t                     ; t = t+c;
-	ADD,DC  %r0,%r0,%ret0                 ; set c to carry
-	ADD     t,b,l                         ; l = t + b[0]
-	ADD,DC  %ret0,%r0,%ret0               ; c+= carry
-	STD     l,8(r_ptr)
-
-	LDO     -2(n),n
-	LDO     16(a_ptr),a_ptr
-	LDO     16(b_ptr),b_ptr
-
-	CMPIB,<= 2,n,bn_add_words_unroll2
-	LDO     16(r_ptr),r_ptr
-
-    CMPIB,=,N 0,n,bn_add_words_exit ; are we done?
-
-bn_add_words_single_top
-	LDD     0(a_ptr),t
-	LDD     0(b_ptr),b
-
-	ADD     t,%ret0,t                 ; t = t+c;
-	ADD,DC  %r0,%r0,%ret0             ; set c to carry (could use CMPCLR??)
-	ADD     t,b,l                     ; l = t + b[0]
-	ADD,DC  %ret0,%r0,%ret0           ; c+= carry
-	STD     l,0(r_ptr)
-
-bn_add_words_exit
-    .EXIT
-    BVE     (%rp)
-	NOP
-	.PROCEND	;in=23,24,25,26,29;out=28;
-
-;----------------------------------------------------------------------------
-;
-;BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
-;
-; arg0 = rp 
-; arg1 = ap
-; arg2 = bp 
-; arg3 = n
-
-t1       .reg %r22
-t2       .reg %r21
-sub_tmp1 .reg %r20
-sub_tmp2 .reg %r19
-
-
-bn_sub_words
-	.proc
-	.callinfo 
-	.EXPORT	bn_sub_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-    .entry
-	.align 64
-
-    CMPIB,>=  0,n,bn_sub_words_exit
-    COPY    %r0,%ret0           ; return 0 by default
-
-	;
-	; If 2 or more numbers do the loop
-	;
-	CMPIB,= 1,n,bn_sub_words_single_top
-	NOP
-
-	;
-	; This loop is unrolled 2 times (64-byte aligned as well)
-	;
-bn_sub_words_unroll2
-	LDD     0(a_ptr),t1
-	LDD     0(b_ptr),t2
-	SUB     t1,t2,sub_tmp1           ; t3 = t1-t2; 
-	SUB     sub_tmp1,%ret0,sub_tmp1  ; t3 = t3- c; 
-
-	CMPCLR,*>> t1,t2,sub_tmp2        ; clear if t1 > t2
-	LDO      1(%r0),sub_tmp2
-	
-	CMPCLR,*= t1,t2,%r0
-	COPY    sub_tmp2,%ret0
-	STD     sub_tmp1,0(r_ptr)
-
-	LDD     8(a_ptr),t1
-	LDD     8(b_ptr),t2
-	SUB     t1,t2,sub_tmp1            ; t3 = t1-t2; 
-	SUB     sub_tmp1,%ret0,sub_tmp1   ; t3 = t3- c; 
-	CMPCLR,*>> t1,t2,sub_tmp2         ; clear if t1 > t2
-	LDO      1(%r0),sub_tmp2
-	
-	CMPCLR,*= t1,t2,%r0
-	COPY    sub_tmp2,%ret0
-	STD     sub_tmp1,8(r_ptr)
-
-	LDO     -2(n),n
-	LDO     16(a_ptr),a_ptr
-	LDO     16(b_ptr),b_ptr
-
-	CMPIB,<= 2,n,bn_sub_words_unroll2
-	LDO     16(r_ptr),r_ptr
-
-    CMPIB,=,N 0,n,bn_sub_words_exit ; are we done?
-
-bn_sub_words_single_top
-	LDD     0(a_ptr),t1
-	LDD     0(b_ptr),t2
-	SUB     t1,t2,sub_tmp1            ; t3 = t1-t2; 
-	SUB     sub_tmp1,%ret0,sub_tmp1   ; t3 = t3- c; 
-	CMPCLR,*>> t1,t2,sub_tmp2         ; clear if t1 > t2
-	LDO      1(%r0),sub_tmp2
-	
-	CMPCLR,*= t1,t2,%r0
-	COPY    sub_tmp2,%ret0
-
-	STD     sub_tmp1,0(r_ptr)
-
-bn_sub_words_exit
-    .EXIT
-    BVE     (%rp)
-	NOP
-	.PROCEND	;in=23,24,25,26,29;out=28;
-
-;------------------------------------------------------------------------------
-;
-; unsigned long bn_div_words(unsigned long h, unsigned long l, unsigned long d)
-;
-; arg0 = h
-; arg1 = l
-; arg2 = d
-;
-; This is mainly just modified assembly from the compiler, thus the
-; lack of variable names.
-;
-;------------------------------------------------------------------------------
-bn_div_words
-	.proc
-	.callinfo CALLER,FRAME=272,ENTRY_GR=%r10,SAVE_RP,ARGS_SAVED,ORDERING_AWARE
-	.EXPORT	bn_div_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-	.IMPORT	BN_num_bits_word,CODE,NO_RELOCATION
-	.IMPORT	__iob,DATA
-	.IMPORT	fprintf,CODE,NO_RELOCATION
-	.IMPORT	abort,CODE,NO_RELOCATION
-	.IMPORT	$$div2U,MILLICODE
-    .entry
-    STD     %r2,-16(%r30)   
-    STD,MA  %r3,352(%r30)   
-    STD     %r4,-344(%r30)  
-    STD     %r5,-336(%r30)  
-    STD     %r6,-328(%r30)  
-    STD     %r7,-320(%r30)  
-    STD     %r8,-312(%r30)  
-    STD     %r9,-304(%r30)  
-    STD     %r10,-296(%r30)
-
-    STD     %r27,-288(%r30)             ; save gp
-
-    COPY    %r24,%r3           ; save d 
-    COPY    %r26,%r4           ; save h (high 64-bits)
-    LDO      -1(%r0),%ret0     ; return -1 by default	
-
-    CMPB,*=  %r0,%arg2,$D3     ; if (d == 0)
-    COPY    %r25,%r5           ; save l (low 64-bits)
-
-    LDO     -48(%r30),%r29     ; create ap 
-    .CALL   ;in=26,29;out=28;
-    B,L     BN_num_bits_word,%r2 
-    COPY    %r3,%r26        
-    LDD     -288(%r30),%r27    ; restore gp 
-    LDI     64,%r21 
-
-    CMPB,=  %r21,%ret0,$00000012   ;if (i == 64) (forward) 
-    COPY    %ret0,%r24             ; i   
-    MTSARCM %r24    
-    DEPDI,Z -1,%sar,1,%r29  
-    CMPB,*<<,N %r29,%r4,bn_div_err_case ; if (h > 1<<i) (forward) 
-
-$00000012
-    SUBI    64,%r24,%r31                       ; i = 64 - i;
-    CMPCLR,*<< %r4,%r3,%r0                     ; if (h >= d)
-    SUB     %r4,%r3,%r4                        ; h -= d
-    CMPB,=  %r31,%r0,$0000001A                 ; if (i)
-    COPY    %r0,%r10                           ; ret = 0
-    MTSARCM %r31                               ; i to shift
-    DEPD,Z  %r3,%sar,64,%r3                    ; d <<= i;
-    SUBI    64,%r31,%r19                       ; 64 - i; redundent
-    MTSAR   %r19                               ; (64 -i) to shift
-    SHRPD   %r4,%r5,%sar,%r4                   ; l>> (64-i)
-    MTSARCM %r31                               ; i to shift
-    DEPD,Z  %r5,%sar,64,%r5                    ; l <<= i;
-
-$0000001A
-    DEPDI,Z -1,31,32,%r19                      
-    EXTRD,U %r3,31,32,%r6                      ; dh=(d&0xfff)>>32
-    EXTRD,U %r3,63,32,%r8                      ; dl = d&0xffffff
-    LDO     2(%r0),%r9
-    STD    %r3,-280(%r30)                      ; "d" to stack
-
-$0000001C
-    DEPDI,Z -1,63,32,%r29                      ; 
-    EXTRD,U %r4,31,32,%r31                     ; h >> 32
-    CMPB,*=,N  %r31,%r6,$D2     	       ; if ((h>>32) != dh)(forward) div
-    COPY    %r4,%r26       
-    EXTRD,U %r4,31,32,%r25 
-    COPY    %r6,%r24      
-    .CALL   ;in=23,24,25,26;out=20,21,22,28,29; (MILLICALL)
-    B,L     $$div2U,%r2     
-    EXTRD,U %r6,31,32,%r23  
-    DEPD    %r28,31,32,%r29 
-$D2
-    STD     %r29,-272(%r30)                   ; q
-    AND     %r5,%r19,%r24                   ; t & 0xffffffff00000000;
-    EXTRD,U %r24,31,32,%r24                 ; ??? 
-    FLDD    -272(%r30),%fr7                 ; q
-    FLDD    -280(%r30),%fr8                 ; d
-    XMPYU   %fr8L,%fr7L,%fr10  
-    FSTD    %fr10,-256(%r30)   
-    XMPYU   %fr8L,%fr7R,%fr22  
-    FSTD    %fr22,-264(%r30)   
-    XMPYU   %fr8R,%fr7L,%fr11 
-    XMPYU   %fr8R,%fr7R,%fr23
-    FSTD    %fr11,-232(%r30)
-    FSTD    %fr23,-240(%r30)
-    LDD     -256(%r30),%r28
-    DEPD,Z  %r28,31,32,%r2 
-    LDD     -264(%r30),%r20
-    ADD,L   %r20,%r2,%r31   
-    LDD     -232(%r30),%r22 
-    DEPD,Z  %r22,31,32,%r22 
-    LDD     -240(%r30),%r21 
-    B       $00000024       ; enter loop  
-    ADD,L   %r21,%r22,%r23 
-
-$0000002A
-    LDO     -1(%r29),%r29   
-    SUB     %r23,%r8,%r23   
-$00000024
-    SUB     %r4,%r31,%r25   
-    AND     %r25,%r19,%r26  
-    CMPB,*<>,N      %r0,%r26,$00000046  ; (forward)
-    DEPD,Z  %r25,31,32,%r20 
-    OR      %r20,%r24,%r21  
-    CMPB,*<<,N  %r21,%r23,$0000002A ;(backward) 
-    SUB     %r31,%r6,%r31   
-;-------------Break path---------------------
-
-$00000046
-    DEPD,Z  %r23,31,32,%r25              ;tl
-    EXTRD,U %r23,31,32,%r26              ;t
-    AND     %r25,%r19,%r24               ;tl = (tl<<32)&0xfffffff0000000L
-    ADD,L   %r31,%r26,%r31               ;th += t; 
-    CMPCLR,*>>=     %r5,%r24,%r0         ;if (l<tl)
-    LDO     1(%r31),%r31                 ; th++;
-    CMPB,*<<=,N     %r31,%r4,$00000036   ;if (n < th) (forward)
-    LDO     -1(%r29),%r29                ;q--; 
-    ADD,L   %r4,%r3,%r4                  ;h += d;
-$00000036
-    ADDIB,=,N       -1,%r9,$D1 ;if (--count == 0) break (forward) 
-    SUB     %r5,%r24,%r28                ; l -= tl;
-    SUB     %r4,%r31,%r24                ; h -= th;
-    SHRPD   %r24,%r28,32,%r4             ; h = ((h<<32)|(l>>32));
-    DEPD,Z  %r29,31,32,%r10              ; ret = q<<32
-    b      $0000001C
-    DEPD,Z  %r28,31,32,%r5               ; l = l << 32 
-
-$D1
-    OR      %r10,%r29,%r28           ; ret |= q
-$D3
-    LDD     -368(%r30),%r2  
-$D0
-    LDD     -296(%r30),%r10 
-    LDD     -304(%r30),%r9  
-    LDD     -312(%r30),%r8  
-    LDD     -320(%r30),%r7  
-    LDD     -328(%r30),%r6  
-    LDD     -336(%r30),%r5  
-    LDD     -344(%r30),%r4  
-    BVE     (%r2)   
-        .EXIT
-    LDD,MB  -352(%r30),%r3 
-
-bn_div_err_case
-    MFIA    %r6     
-    ADDIL   L'bn_div_words-bn_div_err_case,%r6,%r1 
-    LDO     R'bn_div_words-bn_div_err_case(%r1),%r6  
-    ADDIL   LT'__iob,%r27,%r1       
-    LDD     RT'__iob(%r1),%r26      
-    ADDIL   L'C$4-bn_div_words,%r6,%r1    
-    LDO     R'C$4-bn_div_words(%r1),%r25  
-    LDO     64(%r26),%r26   
-    .CALL           ;in=24,25,26,29;out=28;
-    B,L     fprintf,%r2    
-    LDO     -48(%r30),%r29 
-    LDD     -288(%r30),%r27
-    .CALL           ;in=29;
-    B,L     abort,%r2      
-    LDO     -48(%r30),%r29 
-    LDD     -288(%r30),%r27
-    B       $D0         
-    LDD     -368(%r30),%r2  
-	.PROCEND	;in=24,25,26,29;out=28;
-
-;----------------------------------------------------------------------------
-;
-; Registers to hold 64-bit values to manipulate.  The "L" part
-; of the register corresponds to the upper 32-bits, while the "R"
-; part corresponds to the lower 32-bits
-; 
-; Note, that when using b6 and b7, the code must save these before
-; using them because they are callee save registers 
-; 
-;
-; Floating point registers to use to save values that
-; are manipulated.  These don't collide with ftemp1-6 and
-; are all caller save registers
-;
-a0        .reg %fr22
-a0L       .reg %fr22L
-a0R       .reg %fr22R
-
-a1        .reg %fr23
-a1L       .reg %fr23L
-a1R       .reg %fr23R
-
-a2        .reg %fr24
-a2L       .reg %fr24L
-a2R       .reg %fr24R
-
-a3        .reg %fr25
-a3L       .reg %fr25L
-a3R       .reg %fr25R
-
-a4        .reg %fr26
-a4L       .reg %fr26L
-a4R       .reg %fr26R
-
-a5        .reg %fr27
-a5L       .reg %fr27L
-a5R       .reg %fr27R
-
-a6        .reg %fr28
-a6L       .reg %fr28L
-a6R       .reg %fr28R
-
-a7        .reg %fr29
-a7L       .reg %fr29L
-a7R       .reg %fr29R
-
-b0        .reg %fr30
-b0L       .reg %fr30L
-b0R       .reg %fr30R
-
-b1        .reg %fr31
-b1L       .reg %fr31L
-b1R       .reg %fr31R
-
-;
-; Temporary floating point variables, these are all caller save
-; registers
-;
-ftemp1    .reg %fr4
-ftemp2    .reg %fr5
-ftemp3    .reg %fr6
-ftemp4    .reg %fr7
-
-;
-; The B set of registers when used.
-;
-
-b2        .reg %fr8
-b2L       .reg %fr8L
-b2R       .reg %fr8R
-
-b3        .reg %fr9
-b3L       .reg %fr9L
-b3R       .reg %fr9R
-
-b4        .reg %fr10
-b4L       .reg %fr10L
-b4R       .reg %fr10R
-
-b5        .reg %fr11
-b5L       .reg %fr11L
-b5R       .reg %fr11R
-
-b6        .reg %fr12
-b6L       .reg %fr12L
-b6R       .reg %fr12R
-
-b7        .reg %fr13
-b7L       .reg %fr13L
-b7R       .reg %fr13R
-
-c1           .reg %r21   ; only reg
-temp1        .reg %r20   ; only reg
-temp2        .reg %r19   ; only reg
-temp3        .reg %r31   ; only reg
-
-m1           .reg %r28   
-c2           .reg %r23   
-high_one     .reg %r1
-ht           .reg %r6
-lt           .reg %r5
-m            .reg %r4
-c3           .reg %r3
-
-SQR_ADD_C  .macro  A0L,A0R,C1,C2,C3
-    XMPYU   A0L,A0R,ftemp1       ; m
-    FSTD    ftemp1,-24(%sp)      ; store m
-
-    XMPYU   A0R,A0R,ftemp2       ; lt
-    FSTD    ftemp2,-16(%sp)      ; store lt
-
-    XMPYU   A0L,A0L,ftemp3       ; ht
-    FSTD    ftemp3,-8(%sp)       ; store ht
-
-    LDD     -24(%sp),m           ; load m
-    AND     m,high_mask,temp2    ; m & Mask
-    DEPD,Z  m,30,31,temp3        ; m << 32+1
-    LDD     -16(%sp),lt          ; lt
-
-    LDD     -8(%sp),ht           ; ht
-    EXTRD,U temp2,32,33,temp1    ; temp1 = m&Mask >> 32-1
-    ADD     temp3,lt,lt          ; lt = lt+m
-    ADD,L   ht,temp1,ht          ; ht += temp1
-    ADD,DC  ht,%r0,ht            ; ht++
-
-    ADD     C1,lt,C1             ; c1=c1+lt
-    ADD,DC  ht,%r0,ht            ; ht++
-
-    ADD     C2,ht,C2             ; c2=c2+ht
-    ADD,DC  C3,%r0,C3            ; c3++
-.endm
-
-SQR_ADD_C2 .macro  A0L,A0R,A1L,A1R,C1,C2,C3
-    XMPYU   A0L,A1R,ftemp1          ; m1 = bl*ht
-    FSTD    ftemp1,-16(%sp)         ;
-    XMPYU   A0R,A1L,ftemp2          ; m = bh*lt
-    FSTD    ftemp2,-8(%sp)          ;
-    XMPYU   A0R,A1R,ftemp3          ; lt = bl*lt
-    FSTD    ftemp3,-32(%sp)
-    XMPYU   A0L,A1L,ftemp4          ; ht = bh*ht
-    FSTD    ftemp4,-24(%sp)         ;
-
-    LDD     -8(%sp),m               ; r21 = m
-    LDD     -16(%sp),m1             ; r19 = m1
-    ADD,L   m,m1,m                  ; m+m1
-
-    DEPD,Z  m,31,32,temp3           ; (m+m1<<32)
-    LDD     -24(%sp),ht             ; r24 = ht
-
-    CMPCLR,*>>= m,m1,%r0            ; if (m < m1)
-    ADD,L   ht,high_one,ht          ; ht+=high_one
-
-    EXTRD,U m,31,32,temp1           ; m >> 32
-    LDD     -32(%sp),lt             ; lt
-    ADD,L   ht,temp1,ht             ; ht+= m>>32
-    ADD     lt,temp3,lt             ; lt = lt+m1
-    ADD,DC  ht,%r0,ht               ; ht++
-
-    ADD     ht,ht,ht                ; ht=ht+ht;
-    ADD,DC  C3,%r0,C3               ; add in carry (c3++)
-
-    ADD     lt,lt,lt                ; lt=lt+lt;
-    ADD,DC  ht,%r0,ht               ; add in carry (ht++)
-
-    ADD     C1,lt,C1                ; c1=c1+lt
-    ADD,DC,*NUV ht,%r0,ht           ; add in carry (ht++)
-    LDO     1(C3),C3              ; bump c3 if overflow,nullify otherwise
-
-    ADD     C2,ht,C2                ; c2 = c2 + ht
-    ADD,DC  C3,%r0,C3             ; add in carry (c3++)
-.endm
-
-;
-;void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)
-; arg0 = r_ptr
-; arg1 = a_ptr
-;
-
-bn_sqr_comba8
-	.PROC
-	.CALLINFO FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
-	.EXPORT	bn_sqr_comba8,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-    .ENTRY
-	.align 64
-
-    STD     %r3,0(%sp)          ; save r3
-    STD     %r4,8(%sp)          ; save r4
-    STD     %r5,16(%sp)         ; save r5
-    STD     %r6,24(%sp)         ; save r6
-
-	;
-	; Zero out carries
-	;
-	COPY     %r0,c1
-	COPY     %r0,c2
-	COPY     %r0,c3
-
-	LDO      128(%sp),%sp       ; bump stack
-    DEPDI,Z -1,32,33,high_mask   ; Create Mask 0xffffffff80000000L
-    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
-
-	;
-	; Load up all of the values we are going to use
-	;
-    FLDD     0(a_ptr),a0       
-    FLDD     8(a_ptr),a1       
-    FLDD    16(a_ptr),a2       
-    FLDD    24(a_ptr),a3       
-    FLDD    32(a_ptr),a4       
-    FLDD    40(a_ptr),a5       
-    FLDD    48(a_ptr),a6       
-    FLDD    56(a_ptr),a7       
-
-	SQR_ADD_C a0L,a0R,c1,c2,c3
-	STD     c1,0(r_ptr)          ; r[0] = c1;
-	COPY    %r0,c1
-
-	SQR_ADD_C2 a1L,a1R,a0L,a0R,c2,c3,c1
-	STD     c2,8(r_ptr)          ; r[1] = c2;
-	COPY    %r0,c2
-
-	SQR_ADD_C a1L,a1R,c3,c1,c2
-	SQR_ADD_C2 a2L,a2R,a0L,a0R,c3,c1,c2
-	STD     c3,16(r_ptr)            ; r[2] = c3;
-	COPY    %r0,c3
-
-	SQR_ADD_C2 a3L,a3R,a0L,a0R,c1,c2,c3
-	SQR_ADD_C2 a2L,a2R,a1L,a1R,c1,c2,c3
-	STD     c1,24(r_ptr)           ; r[3] = c1;
-	COPY    %r0,c1
-
-	SQR_ADD_C a2L,a2R,c2,c3,c1
-	SQR_ADD_C2 a3L,a3R,a1L,a1R,c2,c3,c1
-	SQR_ADD_C2 a4L,a4R,a0L,a0R,c2,c3,c1
-	STD     c2,32(r_ptr)          ; r[4] = c2;
-	COPY    %r0,c2
-
-	SQR_ADD_C2 a5L,a5R,a0L,a0R,c3,c1,c2
-	SQR_ADD_C2 a4L,a4R,a1L,a1R,c3,c1,c2
-	SQR_ADD_C2 a3L,a3R,a2L,a2R,c3,c1,c2
-	STD     c3,40(r_ptr)          ; r[5] = c3;
-	COPY    %r0,c3
-
-	SQR_ADD_C a3L,a3R,c1,c2,c3
-	SQR_ADD_C2 a4L,a4R,a2L,a2R,c1,c2,c3
-	SQR_ADD_C2 a5L,a5R,a1L,a1R,c1,c2,c3
-	SQR_ADD_C2 a6L,a6R,a0L,a0R,c1,c2,c3
-	STD     c1,48(r_ptr)          ; r[6] = c1;
-	COPY    %r0,c1
-
-	SQR_ADD_C2 a7L,a7R,a0L,a0R,c2,c3,c1
-	SQR_ADD_C2 a6L,a6R,a1L,a1R,c2,c3,c1
-	SQR_ADD_C2 a5L,a5R,a2L,a2R,c2,c3,c1
-	SQR_ADD_C2 a4L,a4R,a3L,a3R,c2,c3,c1
-	STD     c2,56(r_ptr)          ; r[7] = c2;
-	COPY    %r0,c2
-
-	SQR_ADD_C a4L,a4R,c3,c1,c2
-	SQR_ADD_C2 a5L,a5R,a3L,a3R,c3,c1,c2
-	SQR_ADD_C2 a6L,a6R,a2L,a2R,c3,c1,c2
-	SQR_ADD_C2 a7L,a7R,a1L,a1R,c3,c1,c2
-	STD     c3,64(r_ptr)          ; r[8] = c3;
-	COPY    %r0,c3
-
-	SQR_ADD_C2 a7L,a7R,a2L,a2R,c1,c2,c3
-	SQR_ADD_C2 a6L,a6R,a3L,a3R,c1,c2,c3
-	SQR_ADD_C2 a5L,a5R,a4L,a4R,c1,c2,c3
-	STD     c1,72(r_ptr)          ; r[9] = c1;
-	COPY    %r0,c1
-
-	SQR_ADD_C a5L,a5R,c2,c3,c1
-	SQR_ADD_C2 a6L,a6R,a4L,a4R,c2,c3,c1
-	SQR_ADD_C2 a7L,a7R,a3L,a3R,c2,c3,c1
-	STD     c2,80(r_ptr)          ; r[10] = c2;
-	COPY    %r0,c2
-
-	SQR_ADD_C2 a7L,a7R,a4L,a4R,c3,c1,c2
-	SQR_ADD_C2 a6L,a6R,a5L,a5R,c3,c1,c2
-	STD     c3,88(r_ptr)          ; r[11] = c3;
-	COPY    %r0,c3
-	
-	SQR_ADD_C a6L,a6R,c1,c2,c3
-	SQR_ADD_C2 a7L,a7R,a5L,a5R,c1,c2,c3
-	STD     c1,96(r_ptr)          ; r[12] = c1;
-	COPY    %r0,c1
-
-	SQR_ADD_C2 a7L,a7R,a6L,a6R,c2,c3,c1
-	STD     c2,104(r_ptr)         ; r[13] = c2;
-	COPY    %r0,c2
-
-	SQR_ADD_C a7L,a7R,c3,c1,c2
-	STD     c3, 112(r_ptr)       ; r[14] = c3
-	STD     c1, 120(r_ptr)       ; r[15] = c1
-
-    .EXIT
-    LDD     -104(%sp),%r6        ; restore r6
-    LDD     -112(%sp),%r5        ; restore r5
-    LDD     -120(%sp),%r4        ; restore r4
-    BVE     (%rp)
-    LDD,MB  -128(%sp),%r3
-
-	.PROCEND	
-
-;-----------------------------------------------------------------------------
-;
-;void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)
-; arg0 = r_ptr
-; arg1 = a_ptr
-;
-
-bn_sqr_comba4
-	.proc
-	.callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
-	.EXPORT	bn_sqr_comba4,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-    .entry
-	.align 64
-    STD     %r3,0(%sp)          ; save r3
-    STD     %r4,8(%sp)          ; save r4
-    STD     %r5,16(%sp)         ; save r5
-    STD     %r6,24(%sp)         ; save r6
-
-	;
-	; Zero out carries
-	;
-	COPY     %r0,c1
-	COPY     %r0,c2
-	COPY     %r0,c3
-
-	LDO      128(%sp),%sp       ; bump stack
-    DEPDI,Z -1,32,33,high_mask   ; Create Mask 0xffffffff80000000L
-    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
-
-	;
-	; Load up all of the values we are going to use
-	;
-    FLDD     0(a_ptr),a0       
-    FLDD     8(a_ptr),a1       
-    FLDD    16(a_ptr),a2       
-    FLDD    24(a_ptr),a3       
-    FLDD    32(a_ptr),a4       
-    FLDD    40(a_ptr),a5       
-    FLDD    48(a_ptr),a6       
-    FLDD    56(a_ptr),a7       
-
-	SQR_ADD_C a0L,a0R,c1,c2,c3
-
-	STD     c1,0(r_ptr)          ; r[0] = c1;
-	COPY    %r0,c1
-
-	SQR_ADD_C2 a1L,a1R,a0L,a0R,c2,c3,c1
-
-	STD     c2,8(r_ptr)          ; r[1] = c2;
-	COPY    %r0,c2
-
-	SQR_ADD_C a1L,a1R,c3,c1,c2
-	SQR_ADD_C2 a2L,a2R,a0L,a0R,c3,c1,c2
-
-	STD     c3,16(r_ptr)            ; r[2] = c3;
-	COPY    %r0,c3
-
-	SQR_ADD_C2 a3L,a3R,a0L,a0R,c1,c2,c3
-	SQR_ADD_C2 a2L,a2R,a1L,a1R,c1,c2,c3
-
-	STD     c1,24(r_ptr)           ; r[3] = c1;
-	COPY    %r0,c1
-
-	SQR_ADD_C a2L,a2R,c2,c3,c1
-	SQR_ADD_C2 a3L,a3R,a1L,a1R,c2,c3,c1
-
-	STD     c2,32(r_ptr)           ; r[4] = c2;
-	COPY    %r0,c2
-
-	SQR_ADD_C2 a3L,a3R,a2L,a2R,c3,c1,c2
-	STD     c3,40(r_ptr)           ; r[5] = c3;
-	COPY    %r0,c3
-
-	SQR_ADD_C a3L,a3R,c1,c2,c3
-	STD     c1,48(r_ptr)           ; r[6] = c1;
-	STD     c2,56(r_ptr)           ; r[7] = c2;
-
-    .EXIT
-    LDD     -104(%sp),%r6        ; restore r6
-    LDD     -112(%sp),%r5        ; restore r5
-    LDD     -120(%sp),%r4        ; restore r4
-    BVE     (%rp)
-    LDD,MB  -128(%sp),%r3
-
-	.PROCEND	
-
-
-;---------------------------------------------------------------------------
-
-MUL_ADD_C  .macro  A0L,A0R,B0L,B0R,C1,C2,C3
-    XMPYU   A0L,B0R,ftemp1        ; m1 = bl*ht
-    FSTD    ftemp1,-16(%sp)       ;
-    XMPYU   A0R,B0L,ftemp2        ; m = bh*lt
-    FSTD    ftemp2,-8(%sp)        ;
-    XMPYU   A0R,B0R,ftemp3        ; lt = bl*lt
-    FSTD    ftemp3,-32(%sp)
-    XMPYU   A0L,B0L,ftemp4        ; ht = bh*ht
-    FSTD    ftemp4,-24(%sp)       ;
-
-    LDD     -8(%sp),m             ; r21 = m
-    LDD     -16(%sp),m1           ; r19 = m1
-    ADD,L   m,m1,m                ; m+m1
-
-    DEPD,Z  m,31,32,temp3         ; (m+m1<<32)
-    LDD     -24(%sp),ht           ; r24 = ht
-
-    CMPCLR,*>>= m,m1,%r0          ; if (m < m1)
-    ADD,L   ht,high_one,ht        ; ht+=high_one
-
-    EXTRD,U m,31,32,temp1         ; m >> 32
-    LDD     -32(%sp),lt           ; lt
-    ADD,L   ht,temp1,ht           ; ht+= m>>32
-    ADD     lt,temp3,lt           ; lt = lt+m1
-    ADD,DC  ht,%r0,ht             ; ht++
-
-    ADD     C1,lt,C1              ; c1=c1+lt
-    ADD,DC  ht,%r0,ht             ; bump c3 if overflow,nullify otherwise
-
-    ADD     C2,ht,C2              ; c2 = c2 + ht
-    ADD,DC  C3,%r0,C3             ; add in carry (c3++)
-.endm
-
-
-;
-;void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
-; arg0 = r_ptr
-; arg1 = a_ptr
-; arg2 = b_ptr
-;
-
-bn_mul_comba8
-	.proc
-	.callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
-	.EXPORT	bn_mul_comba8,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-    .entry
-	.align 64
-
-    STD     %r3,0(%sp)          ; save r3
-    STD     %r4,8(%sp)          ; save r4
-    STD     %r5,16(%sp)         ; save r5
-    STD     %r6,24(%sp)         ; save r6
-    FSTD    %fr12,32(%sp)       ; save r6
-    FSTD    %fr13,40(%sp)       ; save r7
-
-	;
-	; Zero out carries
-	;
-	COPY     %r0,c1
-	COPY     %r0,c2
-	COPY     %r0,c3
-
-	LDO      128(%sp),%sp       ; bump stack
-    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
-
-	;
-	; Load up all of the values we are going to use
-	;
-    FLDD      0(a_ptr),a0       
-    FLDD      8(a_ptr),a1       
-    FLDD     16(a_ptr),a2       
-    FLDD     24(a_ptr),a3       
-    FLDD     32(a_ptr),a4       
-    FLDD     40(a_ptr),a5       
-    FLDD     48(a_ptr),a6       
-    FLDD     56(a_ptr),a7       
-
-    FLDD      0(b_ptr),b0       
-    FLDD      8(b_ptr),b1       
-    FLDD     16(b_ptr),b2       
-    FLDD     24(b_ptr),b3       
-    FLDD     32(b_ptr),b4       
-    FLDD     40(b_ptr),b5       
-    FLDD     48(b_ptr),b6       
-    FLDD     56(b_ptr),b7       
-
-	MUL_ADD_C a0L,a0R,b0L,b0R,c1,c2,c3
-	STD       c1,0(r_ptr)
-	COPY      %r0,c1
-
-	MUL_ADD_C a0L,a0R,b1L,b1R,c2,c3,c1
-	MUL_ADD_C a1L,a1R,b0L,b0R,c2,c3,c1
-	STD       c2,8(r_ptr)
-	COPY      %r0,c2
-
-	MUL_ADD_C a2L,a2R,b0L,b0R,c3,c1,c2
-	MUL_ADD_C a1L,a1R,b1L,b1R,c3,c1,c2
-	MUL_ADD_C a0L,a0R,b2L,b2R,c3,c1,c2
-	STD       c3,16(r_ptr)
-	COPY      %r0,c3
-
-	MUL_ADD_C a0L,a0R,b3L,b3R,c1,c2,c3
-	MUL_ADD_C a1L,a1R,b2L,b2R,c1,c2,c3
-	MUL_ADD_C a2L,a2R,b1L,b1R,c1,c2,c3
-	MUL_ADD_C a3L,a3R,b0L,b0R,c1,c2,c3
-	STD       c1,24(r_ptr)
-	COPY      %r0,c1
-
-	MUL_ADD_C a4L,a4R,b0L,b0R,c2,c3,c1
-	MUL_ADD_C a3L,a3R,b1L,b1R,c2,c3,c1
-	MUL_ADD_C a2L,a2R,b2L,b2R,c2,c3,c1
-	MUL_ADD_C a1L,a1R,b3L,b3R,c2,c3,c1
-	MUL_ADD_C a0L,a0R,b4L,b4R,c2,c3,c1
-	STD       c2,32(r_ptr)
-	COPY      %r0,c2
-
-	MUL_ADD_C a0L,a0R,b5L,b5R,c3,c1,c2
-	MUL_ADD_C a1L,a1R,b4L,b4R,c3,c1,c2
-	MUL_ADD_C a2L,a2R,b3L,b3R,c3,c1,c2
-	MUL_ADD_C a3L,a3R,b2L,b2R,c3,c1,c2
-	MUL_ADD_C a4L,a4R,b1L,b1R,c3,c1,c2
-	MUL_ADD_C a5L,a5R,b0L,b0R,c3,c1,c2
-	STD       c3,40(r_ptr)
-	COPY      %r0,c3
-
-	MUL_ADD_C a6L,a6R,b0L,b0R,c1,c2,c3
-	MUL_ADD_C a5L,a5R,b1L,b1R,c1,c2,c3
-	MUL_ADD_C a4L,a4R,b2L,b2R,c1,c2,c3
-	MUL_ADD_C a3L,a3R,b3L,b3R,c1,c2,c3
-	MUL_ADD_C a2L,a2R,b4L,b4R,c1,c2,c3
-	MUL_ADD_C a1L,a1R,b5L,b5R,c1,c2,c3
-	MUL_ADD_C a0L,a0R,b6L,b6R,c1,c2,c3
-	STD       c1,48(r_ptr)
-	COPY      %r0,c1
-	
-	MUL_ADD_C a0L,a0R,b7L,b7R,c2,c3,c1
-	MUL_ADD_C a1L,a1R,b6L,b6R,c2,c3,c1
-	MUL_ADD_C a2L,a2R,b5L,b5R,c2,c3,c1
-	MUL_ADD_C a3L,a3R,b4L,b4R,c2,c3,c1
-	MUL_ADD_C a4L,a4R,b3L,b3R,c2,c3,c1
-	MUL_ADD_C a5L,a5R,b2L,b2R,c2,c3,c1
-	MUL_ADD_C a6L,a6R,b1L,b1R,c2,c3,c1
-	MUL_ADD_C a7L,a7R,b0L,b0R,c2,c3,c1
-	STD       c2,56(r_ptr)
-	COPY      %r0,c2
-
-	MUL_ADD_C a7L,a7R,b1L,b1R,c3,c1,c2
-	MUL_ADD_C a6L,a6R,b2L,b2R,c3,c1,c2
-	MUL_ADD_C a5L,a5R,b3L,b3R,c3,c1,c2
-	MUL_ADD_C a4L,a4R,b4L,b4R,c3,c1,c2
-	MUL_ADD_C a3L,a3R,b5L,b5R,c3,c1,c2
-	MUL_ADD_C a2L,a2R,b6L,b6R,c3,c1,c2
-	MUL_ADD_C a1L,a1R,b7L,b7R,c3,c1,c2
-	STD       c3,64(r_ptr)
-	COPY      %r0,c3
-
-	MUL_ADD_C a2L,a2R,b7L,b7R,c1,c2,c3
-	MUL_ADD_C a3L,a3R,b6L,b6R,c1,c2,c3
-	MUL_ADD_C a4L,a4R,b5L,b5R,c1,c2,c3
-	MUL_ADD_C a5L,a5R,b4L,b4R,c1,c2,c3
-	MUL_ADD_C a6L,a6R,b3L,b3R,c1,c2,c3
-	MUL_ADD_C a7L,a7R,b2L,b2R,c1,c2,c3
-	STD       c1,72(r_ptr)
-	COPY      %r0,c1
-
-	MUL_ADD_C a7L,a7R,b3L,b3R,c2,c3,c1
-	MUL_ADD_C a6L,a6R,b4L,b4R,c2,c3,c1
-	MUL_ADD_C a5L,a5R,b5L,b5R,c2,c3,c1
-	MUL_ADD_C a4L,a4R,b6L,b6R,c2,c3,c1
-	MUL_ADD_C a3L,a3R,b7L,b7R,c2,c3,c1
-	STD       c2,80(r_ptr)
-	COPY      %r0,c2
-
-	MUL_ADD_C a4L,a4R,b7L,b7R,c3,c1,c2
-	MUL_ADD_C a5L,a5R,b6L,b6R,c3,c1,c2
-	MUL_ADD_C a6L,a6R,b5L,b5R,c3,c1,c2
-	MUL_ADD_C a7L,a7R,b4L,b4R,c3,c1,c2
-	STD       c3,88(r_ptr)
-	COPY      %r0,c3
-
-	MUL_ADD_C a7L,a7R,b5L,b5R,c1,c2,c3
-	MUL_ADD_C a6L,a6R,b6L,b6R,c1,c2,c3
-	MUL_ADD_C a5L,a5R,b7L,b7R,c1,c2,c3
-	STD       c1,96(r_ptr)
-	COPY      %r0,c1
-
-	MUL_ADD_C a6L,a6R,b7L,b7R,c2,c3,c1
-	MUL_ADD_C a7L,a7R,b6L,b6R,c2,c3,c1
-	STD       c2,104(r_ptr)
-	COPY      %r0,c2
-
-	MUL_ADD_C a7L,a7R,b7L,b7R,c3,c1,c2
-	STD       c3,112(r_ptr)
-	STD       c1,120(r_ptr)
-
-    .EXIT
-    FLDD    -88(%sp),%fr13 
-    FLDD    -96(%sp),%fr12 
-    LDD     -104(%sp),%r6        ; restore r6
-    LDD     -112(%sp),%r5        ; restore r5
-    LDD     -120(%sp),%r4        ; restore r4
-    BVE     (%rp)
-    LDD,MB  -128(%sp),%r3
-
-	.PROCEND	
-
-;-----------------------------------------------------------------------------
-;
-;void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
-; arg0 = r_ptr
-; arg1 = a_ptr
-; arg2 = b_ptr
-;
-
-bn_mul_comba4
-	.proc
-	.callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
-	.EXPORT	bn_mul_comba4,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-    .entry
-	.align 64
-
-    STD     %r3,0(%sp)          ; save r3
-    STD     %r4,8(%sp)          ; save r4
-    STD     %r5,16(%sp)         ; save r5
-    STD     %r6,24(%sp)         ; save r6
-    FSTD    %fr12,32(%sp)       ; save r6
-    FSTD    %fr13,40(%sp)       ; save r7
-
-	;
-	; Zero out carries
-	;
-	COPY     %r0,c1
-	COPY     %r0,c2
-	COPY     %r0,c3
-
-	LDO      128(%sp),%sp       ; bump stack
-    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
-
-	;
-	; Load up all of the values we are going to use
-	;
-    FLDD      0(a_ptr),a0       
-    FLDD      8(a_ptr),a1       
-    FLDD     16(a_ptr),a2       
-    FLDD     24(a_ptr),a3       
-
-    FLDD      0(b_ptr),b0       
-    FLDD      8(b_ptr),b1       
-    FLDD     16(b_ptr),b2       
-    FLDD     24(b_ptr),b3       
-
-	MUL_ADD_C a0L,a0R,b0L,b0R,c1,c2,c3
-	STD       c1,0(r_ptr)
-	COPY      %r0,c1
-
-	MUL_ADD_C a0L,a0R,b1L,b1R,c2,c3,c1
-	MUL_ADD_C a1L,a1R,b0L,b0R,c2,c3,c1
-	STD       c2,8(r_ptr)
-	COPY      %r0,c2
-
-	MUL_ADD_C a2L,a2R,b0L,b0R,c3,c1,c2
-	MUL_ADD_C a1L,a1R,b1L,b1R,c3,c1,c2
-	MUL_ADD_C a0L,a0R,b2L,b2R,c3,c1,c2
-	STD       c3,16(r_ptr)
-	COPY      %r0,c3
-
-	MUL_ADD_C a0L,a0R,b3L,b3R,c1,c2,c3
-	MUL_ADD_C a1L,a1R,b2L,b2R,c1,c2,c3
-	MUL_ADD_C a2L,a2R,b1L,b1R,c1,c2,c3
-	MUL_ADD_C a3L,a3R,b0L,b0R,c1,c2,c3
-	STD       c1,24(r_ptr)
-	COPY      %r0,c1
-
-	MUL_ADD_C a3L,a3R,b1L,b1R,c2,c3,c1
-	MUL_ADD_C a2L,a2R,b2L,b2R,c2,c3,c1
-	MUL_ADD_C a1L,a1R,b3L,b3R,c2,c3,c1
-	STD       c2,32(r_ptr)
-	COPY      %r0,c2
-
-	MUL_ADD_C a2L,a2R,b3L,b3R,c3,c1,c2
-	MUL_ADD_C a3L,a3R,b2L,b2R,c3,c1,c2
-	STD       c3,40(r_ptr)
-	COPY      %r0,c3
-
-	MUL_ADD_C a3L,a3R,b3L,b3R,c1,c2,c3
-	STD       c1,48(r_ptr)
-	STD       c2,56(r_ptr)
-
-    .EXIT
-    FLDD    -88(%sp),%fr13 
-    FLDD    -96(%sp),%fr12 
-    LDD     -104(%sp),%r6        ; restore r6
-    LDD     -112(%sp),%r5        ; restore r5
-    LDD     -120(%sp),%r4        ; restore r4
-    BVE     (%rp)
-    LDD,MB  -128(%sp),%r3
-
-	.PROCEND	
-
-
-	.SPACE	$TEXT$
-	.SUBSPA	$CODE$
-	.SPACE	$PRIVATE$,SORT=16
-	.IMPORT	$global$,DATA
-	.SPACE	$TEXT$
-	.SUBSPA	$CODE$
-	.SUBSPA	$LIT$,ACCESS=0x2c
-C$4
-	.ALIGN	8
-	.STRINGZ	"Division would overflow (%d)\n"
-	.END
diff --git a/crypto/ec/Makefile b/crypto/ec/Makefile
index 359ef4e4..6749a875 100644
--- a/crypto/ec/Makefile
+++ b/crypto/ec/Makefile
@@ -89,7 +89,7 @@ dclean:
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+	rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak *.s fluff
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c
index cd17c9db..ab2c8d7c 100644
--- a/crypto/ec/ec_ameth.c
+++ b/crypto/ec/ec_ameth.c
@@ -502,6 +502,7 @@ static int eckey_param_decode(EVP_PKEY *pkey,
                               const unsigned char **pder, int derlen)
 {
     EC_KEY *eckey;
+fprintf(stderr, "GMSSL %s %d: %s\n", __FILE__, __LINE__, __FUNCTION__);
     if (!(eckey = d2i_ECParameters(NULL, pder, derlen))) {
         ECerr(EC_F_ECKEY_PARAM_DECODE, ERR_R_EC_LIB);
         return 0;
@@ -641,40 +642,6 @@ const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = {
     old_ec_priv_encode
 };
 
-#ifndef OPENSSL_NO_SM2
-const EVP_PKEY_ASN1_METHOD sm2_asn1_meth = {
-    EVP_PKEY_SM2,
-    EVP_PKEY_SM2,
-    0,
-    "SM2",
-    "GmSSL SM2 algorithm",
-
-    eckey_pub_decode,
-    eckey_pub_encode,
-    eckey_pub_cmp,
-    eckey_pub_print,
-
-    eckey_priv_decode,
-    eckey_priv_encode,
-    eckey_priv_print,
-
-    int_ec_size,
-    ec_bits,
-
-    eckey_param_decode,
-    eckey_param_encode,
-    ec_missing_parameters,
-    ec_copy_parameters,
-    ec_cmp_parameters,
-    eckey_param_print,
-    0,
-
-    int_ec_free,
-    ec_pkey_ctrl,
-    old_ec_priv_decode,
-    old_ec_priv_encode
-};
-#endif
 
 
 #ifndef OPENSSL_NO_CMS
@@ -999,3 +966,174 @@ static int ecdh_cms_encrypt(CMS_RecipientInfo *ri)
 }
 
 #endif
+
+
+#ifndef OPENSSL_NO_GMSSL
+static int sm2_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
+{
+    const unsigned char *p = NULL;
+    void *pval;
+    int ptype, pklen;
+    EC_KEY *eckey = NULL;
+    X509_ALGOR *palg;
+
+fprintf(stderr, "GMSSL %s %d: %s\n", __FILE__, __LINE__, __FUNCTION__);
+
+    if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
+        return 0;
+    X509_ALGOR_get0(NULL, &ptype, &pval, palg);
+
+    eckey = eckey_type2param(ptype, pval);
+
+    if (!eckey) {
+        ECerr(EC_F_ECKEY_PUB_DECODE, ERR_R_EC_LIB);
+        return 0;
+    }
+
+    /* We have parameters now set public key */
+    if (!o2i_ECPublicKey(&eckey, &p, pklen)) {
+        ECerr(EC_F_ECKEY_PUB_DECODE, EC_R_DECODE_ERROR);
+        goto ecerr;
+    }
+
+    EVP_PKEY_assign_EC_KEY(pkey, eckey);
+    return 1;
+
+ ecerr:
+    if (eckey)
+        EC_KEY_free(eckey);
+    return 0;
+}
+
+static int sm2_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
+{
+    const unsigned char *p = NULL;
+    void *pval;
+    int ptype, pklen;
+    EC_KEY *eckey = NULL;
+    X509_ALGOR *palg;
+
+fprintf(stderr, "GMSSL %s %d: %s\n", __FILE__, __LINE__, __FUNCTION__);
+    if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
+        return 0;
+    X509_ALGOR_get0(NULL, &ptype, &pval, palg);
+
+    eckey = eckey_type2param(ptype, pval);
+
+    if (!eckey)
+        goto ecliberr;
+
+    /* We have parameters now set private key */
+    if (!d2i_ECPrivateKey(&eckey, &p, pklen)) {
+        ECerr(EC_F_ECKEY_PRIV_DECODE, EC_R_DECODE_ERROR);
+        goto ecerr;
+    }
+
+    /* calculate public key (if necessary) */
+    if (EC_KEY_get0_public_key(eckey) == NULL) {
+        const BIGNUM *priv_key;
+        const EC_GROUP *group;
+        EC_POINT *pub_key;
+        /*
+         * the public key was not included in the SEC1 private key =>
+         * calculate the public key
+         */
+        group = EC_KEY_get0_group(eckey);
+        pub_key = EC_POINT_new(group);
+        if (pub_key == NULL) {
+            ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);
+            goto ecliberr;
+        }
+        if (!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group))) {
+            EC_POINT_free(pub_key);
+            ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);
+            goto ecliberr;
+        }
+        priv_key = EC_KEY_get0_private_key(eckey);
+        if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, NULL)) {
+            EC_POINT_free(pub_key);
+            ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);
+            goto ecliberr;
+        }
+        if (EC_KEY_set_public_key(eckey, pub_key) == 0) {
+            EC_POINT_free(pub_key);
+            ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);
+            goto ecliberr;
+        }
+        EC_POINT_free(pub_key);
+    }
+
+    EVP_PKEY_assign_SM2(pkey, eckey);
+    return 1;
+
+ ecliberr:
+    ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);
+ ecerr:
+    if (eckey)
+        EC_KEY_free(eckey);
+    return 0;
+}
+
+static int sm2_param_decode(EVP_PKEY *pkey,
+                              const unsigned char **pder, int derlen)
+{
+    EC_KEY *eckey;
+fprintf(stderr, "GMSSL %s %d: %s\n", __FILE__, __LINE__, __FUNCTION__);
+    if (!(eckey = d2i_ECParameters(NULL, pder, derlen))) {
+        ECerr(EC_F_ECKEY_PARAM_DECODE, ERR_R_EC_LIB);
+        return 0;
+    }
+    EVP_PKEY_assign_SM2(pkey, eckey);
+    return 1;
+}
+
+static int old_sm2_priv_decode(EVP_PKEY *pkey,
+                              const unsigned char **pder, int derlen)
+{
+    EC_KEY *ec;
+fprintf(stderr, "GMSSL %s %d: %s\n", __FILE__, __LINE__, __FUNCTION__);
+    if (!(ec = d2i_ECPrivateKey(NULL, pder, derlen))) {
+        ECerr(EC_F_OLD_EC_PRIV_DECODE, EC_R_DECODE_ERROR);
+        return 0;
+    }
+fprintf(stderr, "GMSSL %s %d: %s\n", __FILE__, __LINE__, __FUNCTION__);
+    EVP_PKEY_assign_SM2(pkey, ec);
+fprintf(stderr, "GMSSL %s %d: %s\n", __FILE__, __LINE__, __FUNCTION__);
+
+OPENSSL_assert(EC_KEY_get0_group(ec));
+    return 1;
+}
+
+const EVP_PKEY_ASN1_METHOD sm2_asn1_meth = {
+    EVP_PKEY_SM2,
+    EVP_PKEY_SM2,
+    0,
+    "SM2",
+    "GmSSL SM2 algorithm",
+
+    sm2_pub_decode,
+    eckey_pub_encode,
+    eckey_pub_cmp,
+    eckey_pub_print,
+
+    sm2_priv_decode,
+    eckey_priv_encode,
+    eckey_priv_print,
+
+    int_ec_size,
+    ec_bits,
+
+    sm2_param_decode,
+    eckey_param_encode,
+    ec_missing_parameters,
+    ec_copy_parameters,
+    ec_cmp_parameters,
+    eckey_param_print,
+    0,
+
+    int_ec_free,
+    ec_pkey_ctrl,
+    old_sm2_priv_decode,
+    old_ec_priv_encode
+};
+#endif
diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
index 4ad84949..3b5ce06d 100644
--- a/crypto/ec/ec_asn1.c
+++ b/crypto/ec/ec_asn1.c
@@ -61,6 +61,9 @@
 #include <openssl/err.h>
 #include <openssl/asn1t.h>
 #include <openssl/objects.h>
+#ifndef OPENSSL_NO_GMSSL
+#include <openssl/evp.h>
+#endif
 
 int EC_GROUP_get_basis_type(const EC_GROUP *group)
 {
@@ -970,24 +973,20 @@ EC_GROUP *d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len)
 {
     EC_GROUP *group = NULL;
     ECPKPARAMETERS *params = NULL;
-
     if ((params = d2i_ECPKPARAMETERS(NULL, in, len)) == NULL) {
         ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_D2I_ECPKPARAMETERS_FAILURE);
         ECPKPARAMETERS_free(params);
         return NULL;
     }
-
     if ((group = ec_asn1_pkparameters2group(params)) == NULL) {
         ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_PKPARAMETERS2GROUP_FAILURE);
         ECPKPARAMETERS_free(params);
         return NULL;
     }
-
     if (a && *a)
         EC_GROUP_clear_free(*a);
     if (a)
         *a = group;
-
     ECPKPARAMETERS_free(params);
     return (group);
 }
diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c
index a5134580..2d6ddda7 100644
--- a/crypto/ec/ec_pmeth.c
+++ b/crypto/ec/ec_pmeth.c
@@ -385,6 +385,9 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
             EVP_MD_type((const EVP_MD *)p2) != NID_ecdsa_with_SHA1 &&
             EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
             EVP_MD_type((const EVP_MD *)p2) != NID_sha256 &&
+#ifndef OPENSSL_NO_GMSSL
+            EVP_MD_type((const EVP_MD *)p2) != NID_sm3 &&
+#endif
             EVP_MD_type((const EVP_MD *)p2) != NID_sha384 &&
             EVP_MD_type((const EVP_MD *)p2) != NID_sha512) {
             ECerr(EC_F_PKEY_EC_CTRL, EC_R_INVALID_DIGEST_TYPE);
@@ -562,6 +565,32 @@ const EVP_PKEY_METHOD ec_pkey_meth = {
 };
 
 #ifndef OPENSSL_NO_SM2
+
+static int pkey_sm2_init(EVP_PKEY_CTX *ctx)
+{
+    EC_PKEY_CTX *dctx;
+    dctx = OPENSSL_malloc(sizeof(EC_PKEY_CTX));
+    if (!dctx)
+        return 0;
+    dctx->gen_group = EC_GROUP_new_by_curve_name(NID_sm2p256v1);
+    if (dctx->gen_group == NULL) {
+        return 0;
+    }
+    dctx->md = NULL; //FIXME: sm3
+
+    dctx->cofactor_mode = -1;
+    dctx->co_key = NULL;
+    dctx->kdf_type = EVP_PKEY_ECDH_KDF_NONE;
+    dctx->kdf_md = NULL;
+    dctx->kdf_outlen = 0;
+    dctx->kdf_ukm = NULL;
+    dctx->kdf_ukmlen = 0;
+
+    ctx->data = dctx;
+
+    return 1;
+}
+
 static int pkey_sm2_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
 {
     EC_KEY *ec = NULL;
@@ -593,8 +622,8 @@ static int pkey_sm2_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
 	int ret;
 	EC_PKEY_CTX *ec_ctx = ctx->data;
 	EC_KEY *ec_key = ctx->pkey->pkey.ec;
-	int type;
-	unsigned int len;
+	int type = NID_sm3;
+	size_t len;
 
 	if (!sig) {
 		*siglen = SM2_signature_size(ec_key);
@@ -605,12 +634,11 @@ static int pkey_sm2_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
 		return 0;
 	}
 
-	type = ec_ctx->md ? EVP_MD_type(ec_ctx->md) : NID_sm3;
 	if ((ret = SM2_sign(type, dgst, dgstlen, sig, &len, ec_key)) <= 0) {
 		return ret;
 	}
 
-	*siglen = (size_t)len;
+	*siglen = len;
 	return 1;
 }
 
@@ -632,7 +660,7 @@ static int pkey_sm2_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
 	EC_KEY *ec_key = ctx->pkey->pkey.ec;
 	const EVP_MD *md = EVP_sm3();
 	unsigned char zid[EVP_MAX_MD_SIZE];
-	unsigned int zidlen;
+	unsigned int zidlen = sizeof(zid);
 
 	if (!SM2_compute_id_digest(md, zid, &zidlen, ec_key)) {
         	ECerr(EC_F_PKEY_SM2_SIGNCTX_INIT, ERR_R_SM2_LIB);
@@ -678,12 +706,11 @@ static int pkey_sm2_verifyctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
 	int ret = 0;
 	EC_PKEY_CTX *ec_ctx = ctx->data;
 	EC_KEY *ec_key = ctx->pkey->pkey.ec;
-	const EVP_MD *md = EVP_sm3();
+	const EVP_MD *md = EVP_sm3(); // FIXME: we need to get md from somewhere
 	unsigned char zid[EVP_MAX_MD_SIZE];
 	unsigned int zidlen;
 
-	// FIXME: we need to get md from somewhere
-
+	zidlen = sizeof(zid);
 	if (!SM2_compute_id_digest(md, zid, &zidlen, ec_key)) {
 		goto end;
 	}
@@ -693,25 +720,24 @@ static int pkey_sm2_verifyctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
 
 	ret = 1;
 end:
-	return 0;
+	return ret;
 }
 
 static int pkey_sm2_verifyctx(EVP_PKEY_CTX *ctx,
 	const unsigned char *sig, int siglen, EVP_MD_CTX *mctx)
 {
+	unsigned char dgst[EVP_MAX_MD_SIZE];
+	size_t dgstlen;
 	EC_PKEY_CTX *ec_ctx = ctx->data;
 	EC_KEY *ec_key = ctx->pkey->pkey.ec;
 	int type = ec_ctx->md ? EVP_MD_type(ec_ctx->md) : NID_sm3;
 
-	/*
+	dgstlen = sizeof(dgst);
 	if (!EVP_DigestFinal_ex(mctx, dgst, &dgstlen)) {
-		goto end;
+		return -1;
 	}
 
 	return SM2_verify(type, dgst, dgstlen, sig, siglen, ec_key);
-	*/
-	
-	return 0;
 }
 
 static int pkey_sm2_encrypt(EVP_PKEY_CTX *ctx,
@@ -728,7 +754,9 @@ static int pkey_sm2_encrypt(EVP_PKEY_CTX *ctx,
 	kdf_md = EVP_sm3();
 	mac_md = EVP_sm3();
 	
-	return SM2_encrypt(kdf_md, mac_md, point_form, in, inlen, out, outlen, ec_key);
+
+	//FIXME: where to put the parameters?
+	return SM2_encrypt(in, inlen, out, outlen, ec_key);
 }
 
 static int pkey_sm2_decrypt(EVP_PKEY_CTX *ctx,
@@ -741,12 +769,8 @@ static int pkey_sm2_decrypt(EVP_PKEY_CTX *ctx,
 	const EVP_MD *mac_md = ec_ctx->md;
 	point_conversion_form_t point_form = SM2_DEFAULT_POINT_CONVERSION_FORM;
 
-	//FIXME: the ec_ctx is not work, no one init it
-	kdf_md = EVP_sm3();
-	mac_md = EVP_sm3();
 
-	return SM2_decrypt(kdf_md, mac_md, point_form,
-		in, inlen, out, outlen, ec_key);
+	return SM2_decrypt(in, inlen, out, outlen, ec_key);
 }
 
 static int pkey_sm2_ctrl_digestinit(EVP_PKEY_CTX *pk_ctx, EVP_MD_CTX *md_ctx)
@@ -823,7 +847,7 @@ static int pkey_sm2_ctrl(EVP_PKEY_CTX *pk_ctx, int type, int p1, void *p2)
 const EVP_PKEY_METHOD sm2_pkey_meth = {
 	EVP_PKEY_SM2,
 	0,
-	pkey_ec_init,
+	pkey_sm2_init,
 	pkey_ec_copy,
 	pkey_ec_cleanup,
 	0,
@@ -846,7 +870,7 @@ const EVP_PKEY_METHOD sm2_pkey_meth = {
 	pkey_sm2_decrypt,
 	pkey_sm2_derive_init,
 	pkey_sm2_derive,
-	pkey_sm2_ctrl,
+	pkey_ec_ctrl,
 	pkey_ec_ctrl_str
 };
 #endif
diff --git a/crypto/evp/e_sms4.c b/crypto/evp/e_sms4.c
index 548d11f2..4e967c69 100644
--- a/crypto/evp/e_sms4.c
+++ b/crypto/evp/e_sms4.c
@@ -345,4 +345,10 @@ const EVP_CIPHER *EVP_sms4_wrap(void)
 }
 
 
+//TODO: EVP_sms4_256_xxx();
+
+
+
+
+
 #endif
diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h
index 4fa52df9..8306a2c1 100644
--- a/crypto/evp/evp.h
+++ b/crypto/evp/evp.h
@@ -254,6 +254,14 @@ typedef int evp_verify_method(int type, const unsigned char *m,
 #   define EVP_PKEY_ECDSA_method   EVP_PKEY_NULL_method
 #  endif
 
+#  ifndef OPENSSL_NO_SM2
+#   define EVP_PKEY_SM2_method   (evp_sign_method *)SM2_sign, \
+                                (evp_verify_method *)SM2_verify, \
+                                 {EVP_PKEY_SM2,0,0,0}
+#  else
+#   define EVP_PKEY_SM2_method   EVP_PKEY_NULL_method
+#  endif
+
 #  ifndef OPENSSL_NO_RSA
 #   define EVP_PKEY_RSA_method     (evp_sign_method *)RSA_sign, \
                                 (evp_verify_method *)RSA_verify, \
diff --git a/crypto/evp/evp_pkey.c b/crypto/evp/evp_pkey.c
index 6a456297..ef07f6c7 100644
--- a/crypto/evp/evp_pkey.c
+++ b/crypto/evp/evp_pkey.c
@@ -227,3 +227,15 @@ int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key,
         return 1;
     return 0;
 }
+
+#ifndef OPENSSL_NO_GMSSL
+int EVP_PKEY_ec_to_sm2(EVP_PKEY *pkey, int only_sm2_curve)
+{
+	return 0;
+}
+
+int EVP_PKEY_sm2_to_ec(EVP_PKEY *pkey)
+{
+	return 0;
+}
+#endif
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
index 9a428446..1ed77c35 100644
--- a/crypto/evp/m_sigver.c
+++ b/crypto/evp/m_sigver.c
@@ -87,8 +87,6 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
         }
     }
 
-	//fprintf(stderr, "%s %d\n", __FILE__, __LINE__);
-
     if (ver) {
         if (ctx->pctx->pmeth->verifyctx_init) {
             if (ctx->pctx->pmeth->verifyctx_init(ctx->pctx, ctx) <= 0)
@@ -98,22 +96,21 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
             return 0;
     } else {
         if (ctx->pctx->pmeth->signctx_init) {
-            if (ctx->pctx->pmeth->signctx_init(ctx->pctx, ctx) <= 0)
+            if (ctx->pctx->pmeth->signctx_init(ctx->pctx, ctx) <= 0) {
+fprintf(stderr, "error %s %d\n", __FILE__, __LINE__);
                 return 0;
+            }
             ctx->pctx->operation = EVP_PKEY_OP_SIGNCTX;
         } else if (EVP_PKEY_sign_init(ctx->pctx) <= 0)
             return 0;
     }
-	//fprintf(stderr, "%s %d\n", __FILE__, __LINE__);
+
     if (EVP_PKEY_CTX_set_signature_md(ctx->pctx, type) <= 0)
         return 0;
-	//fprintf(stderr, "%s %d\n", __FILE__, __LINE__);
     if (pctx)
         *pctx = ctx->pctx;
-	//fprintf(stderr, "%s %d\n", __FILE__, __LINE__);
     if (ctx->pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM)
         return 1;
-	//fprintf(stderr, "%s %d\n", __FILE__, __LINE__);
     if (!EVP_DigestInit_ex(ctx, type, e))
         return 0;
     return 1;
diff --git a/crypto/evp/m_sm3.c b/crypto/evp/m_sm3.c
index d388b6c7..1240ad63 100644
--- a/crypto/evp/m_sm3.c
+++ b/crypto/evp/m_sm3.c
@@ -85,7 +85,7 @@ static const EVP_MD sm3_md = {
         final,
         NULL,
         NULL,
-        EVP_PKEY_RSA_method,
+        EVP_PKEY_SM2_method,
         SM3_BLOCK_SIZE,
         sizeof(EVP_MD *) + sizeof(sm3_ctx_t),
 };
diff --git a/crypto/evp/p_dec.c b/crypto/evp/p_dec.c
index 629864bd..4e270316 100644
--- a/crypto/evp/p_dec.c
+++ b/crypto/evp/p_dec.c
@@ -101,10 +101,10 @@ int EVP_PKEY_decrypt_old(unsigned char *out, const unsigned char *in, int inlen,
 		return 0;
 	}
 
-	if (!EVP_PKEY_encrypt_init(ctx)) {
+	if (!EVP_PKEY_decrypt_init(ctx)) {
 		goto end;
 	}
-	if (!EVP_PKEY_encrypt(ctx, out, &outlen, in, inlen)) {
+	if (!EVP_PKEY_decrypt(ctx, out, &outlen, in, inlen)) {
 		goto end;
 	}
 
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index 83929193..c2c6d746 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -80,6 +80,10 @@
 
 #include "asn1_locl.h"
 
+#ifndef OPENSSL_NO_GMSSL
+#include "../ec/ec_lcl.h"
+#endif
+
 static void EVP_PKEY_free_it(EVP_PKEY *x);
 
 int EVP_PKEY_bits(EVP_PKEY *pkey)
@@ -206,7 +210,6 @@ EVP_PKEY *EVP_PKEY_new(void)
  * Setup a public key ASN1 method and ENGINE from a NID or a string. If pkey
  * is NULL just return 1 or 0 if the algorithm exists.
  */
-
 static int pkey_set_type(EVP_PKEY *pkey, int type, const char *str, int len)
 {
     const EVP_PKEY_ASN1_METHOD *ameth;
@@ -247,6 +250,7 @@ static int pkey_set_type(EVP_PKEY *pkey, int type, const char *str, int len)
         pkey->type = pkey->ameth->pkey_id;
         pkey->save_type = type;
     }
+
     return 1;
 }
 
@@ -345,6 +349,7 @@ int EVP_PKEY_set1_SM2(EVP_PKEY *pkey, EC_KEY *key)
 
 EC_KEY *EVP_PKEY_get1_SM2(EVP_PKEY *pkey)
 {
+    /* FIXME: reconsider the SM2 and EC_KEY relationship */
     if (pkey->type != EVP_PKEY_SM2) {
         EVPerr(EVP_F_EVP_PKEY_GET1_EC_KEY, EVP_R_EXPECTING_A_EC_KEY);//FIXME:errno
         return NULL;
diff --git a/crypto/opensslv.h b/crypto/opensslv.h
index c3782300..d4685ea0 100644
--- a/crypto/opensslv.h
+++ b/crypto/opensslv.h
@@ -30,7 +30,7 @@ extern "C" {
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
  *  major minor fix final patch/beta)
  */
-# define OPENSSL_VERSION_NUMBER  0x1000204fL
+# define OPENSSL_VERSION_NUMBER  0x10201000L
 # ifdef OPENSSL_FIPS
 #  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.2d-fips 9 Jul 2015"
 # else
diff --git a/crypto/pem/Makefile b/crypto/pem/Makefile
index 65de60e2..e8173a2c 100644
--- a/crypto/pem/Makefile
+++ b/crypto/pem/Makefile
@@ -18,10 +18,10 @@ APPS=
 
 LIB=$(TOP)/libcrypto.a
 LIBSRC= pem_sign.c pem_seal.c pem_info.c pem_lib.c pem_all.c pem_err.c \
-	pem_x509.c pem_xaux.c pem_oth.c pem_pk8.c pem_pkey.c pvkfmt.c
+	pem_x509.c pem_xaux.c pem_oth.c pem_pk8.c pem_pkey.c pvkfmt.c pem_sm2.c
 
 LIBOBJ=	pem_sign.o pem_seal.o pem_info.o pem_lib.o pem_all.o pem_err.o \
-	pem_x509.o pem_xaux.o pem_oth.o pem_pk8.o pem_pkey.o pvkfmt.o
+	pem_x509.o pem_xaux.o pem_oth.o pem_pk8.o pem_pkey.o pvkfmt.o pem_sm2.o
 
 SRC= $(LIBSRC)
 
diff --git a/crypto/pem/pem.h b/crypto/pem/pem.h
index d3b23fc9..6301930b 100644
--- a/crypto/pem/pem.h
+++ b/crypto/pem/pem.h
@@ -137,6 +137,10 @@ extern "C" {
 # define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY"
 # define PEM_STRING_PARAMETERS   "PARAMETERS"
 # define PEM_STRING_CMS          "CMS"
+# ifndef OPENSSL_NO_GMSSL
+# define PEM_STRING_SM2PARAMETERS "SM2 PARAMETERS"
+# define PEM_STRING_SM2PRIVATEKEY "SM2 PRIVATE KEY"
+# endif
 
   /*
    * Note that this structure is initialised by PEM_SealInit and cleaned up
diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
index a29821aa..87d057d6 100644
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -853,9 +853,14 @@ int pem_check_suffix(const char *pem_str, const char *suffix)
     int pem_len = strlen(pem_str);
     int suffix_len = strlen(suffix);
     const char *p;
+
+fprintf(stderr, "GMSSL: %s %d: pem_str = %s\n", __FILE__, __LINE__, pem_str);
+fprintf(stderr, "GMSSL: %s %d: suffix = %s\n", __FILE__, __LINE__, suffix);
+
     if (suffix_len + 1 >= pem_len)
         return 0;
     p = pem_str + pem_len - suffix_len;
+fprintf(stderr, "GMSSL: %s %d: p = %s\n", __FILE__, __LINE__, suffix);
     if (strcmp(p, suffix))
         return 0;
     p--;
diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c
index 04d6319a..0ac86d7d 100644
--- a/crypto/pem/pem_pkey.c
+++ b/crypto/pem/pem_pkey.c
@@ -89,8 +89,10 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
         return NULL;
     p = data;
 
+fprintf(stderr, "GMSSL: %s %d: nm = %s\n", __FILE__, __LINE__, nm);
     if (strcmp(nm, PEM_STRING_PKCS8INF) == 0) {
         PKCS8_PRIV_KEY_INFO *p8inf;
+fprintf(stderr, "GMSSL: %s %d\n", __FILE__, __LINE__);
         p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len);
         if (!p8inf)
             goto p8err;
@@ -106,6 +108,7 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
         X509_SIG *p8;
         int klen;
         char psbuf[PEM_BUFSIZE];
+fprintf(stderr, "GMSSL: %s %d\n", __FILE__, __LINE__);
         p8 = d2i_X509_SIG(NULL, &p, len);
         if (!p8)
             goto p8err;
@@ -131,11 +134,20 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
         PKCS8_PRIV_KEY_INFO_free(p8inf);
     } else if ((slen = pem_check_suffix(nm, "PRIVATE KEY")) > 0) {
         const EVP_PKEY_ASN1_METHOD *ameth;
+fprintf(stderr, "GMSSL: %s %d\n", __FILE__, __LINE__);
+fprintf(stderr, "GMSSL: %s %d: slen = %d\n", __FILE__, __LINE__, slen);
+
         ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen);
+
+OPENSSL_assert(ameth != NULL);
+
         if (!ameth || !ameth->old_priv_decode)
             goto p8err;
+fprintf(stderr, "GMSSL: %s %d: type id = %d\n", __FILE__, __LINE__, ameth->pkey_id);
         ret = d2i_PrivateKey(ameth->pkey_id, x, &p, len);
+OPENSSL_assert(ret != NULL);
     }
+fprintf(stderr, "GMSSL: %s %d\n", __FILE__, __LINE__);
  p8err:
     if (ret == NULL)
         PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY, ERR_R_ASN1_LIB);
@@ -143,6 +155,7 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
     OPENSSL_free(nm);
     OPENSSL_cleanse(data, len);
     OPENSSL_free(data);
+fprintf(stderr, "GMSSL: %s %d\n", __FILE__, __LINE__);
     return (ret);
 }
 
diff --git a/crypto/pem/pem_sm2.c b/crypto/pem/pem_sm2.c
new file mode 100644
index 00000000..c50d4cdb
--- /dev/null
+++ b/crypto/pem/pem_sm2.c
@@ -0,0 +1,270 @@
+/* crypto/pem/pem_sm2.c */
+/* ====================================================================
+ * Copyright (c) 2016 The GmSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
+#include <openssl/pem.h>
+
+
+#ifndef OPENSSL_NO_SM2
+static EC_KEY *pkey_get_sm2key(EVP_PKEY *key, EC_KEY **eckey)
+{
+    EC_KEY *dtmp;
+    if (!key)
+        return NULL;
+    dtmp = EVP_PKEY_get1_SM2(key);
+    EVP_PKEY_free(key);
+    if (!dtmp)
+        return NULL;
+    if (eckey) {
+        EC_KEY_free(*eckey);
+        *eckey = dtmp;
+    }
+fprintf(stderr, "GMSSL %s %d\n", __FILE__, __LINE__);
+
+    return dtmp;
+}
+
+EC_KEY *PEM_read_bio_SM2PrivateKey(BIO *bp, EC_KEY **key, pem_password_cb *cb,
+                                  void *u)
+{
+    EVP_PKEY *pktmp;
+    pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);
+    return pkey_get_sm2key(pktmp, key); /* will free pktmp */
+}
+
+IMPLEMENT_PEM_rw_const(SM2PKParameters, EC_GROUP, PEM_STRING_SM2PARAMETERS,
+                       ECPKParameters)
+# ifdef OPENSSL_FIPS
+int PEM_write_bio_SM2PrivateKey(BIO *bp, EC_KEY *x, const EVP_CIPHER *enc,
+                               unsigned char *kstr, int klen,
+                               pem_password_cb *cb, void *u)
+{
+    if (FIPS_mode()) {
+        EVP_PKEY *k;
+        int ret;
+        k = EVP_PKEY_new();
+        if (!k)
+            return 0;
+        EVP_PKEY_set1_EC_KEY(k, x);
+
+        ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
+        EVP_PKEY_free(k);
+        return ret;
+    } else
+        return PEM_ASN1_write_bio((i2d_of_void *)i2d_ECPrivateKey,
+                                  PEM_STRING_SM2PRIVATEKEY,
+                                  bp, x, enc, kstr, klen, cb, u);
+}
+
+#  ifndef OPENSSL_NO_FP_API
+int PEM_write_SM2PrivateKey(FILE *fp, EC_KEY *x, const EVP_CIPHER *enc,
+                           unsigned char *kstr, int klen,
+                           pem_password_cb *cb, void *u)
+{
+    if (FIPS_mode()) {
+        EVP_PKEY *k;
+        int ret;
+        k = EVP_PKEY_new();
+        if (!k)
+            return 0;
+        EVP_PKEY_set1_EC_KEY(k, x);
+        ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
+        EVP_PKEY_free(k);
+        return ret;
+    } else
+        return PEM_ASN1_write((i2d_of_void *)i2d_ECPrivateKey,
+                              PEM_STRING_SM2PRIVATEKEY,
+                              fp, x, enc, kstr, klen, cb, u);
+}
+#  endif
+
+# else
+    IMPLEMENT_PEM_write_cb(SM2PrivateKey, EC_KEY, PEM_STRING_SM2PRIVATEKEY,
+                       ECPrivateKey)
+# endif
+IMPLEMENT_PEM_rw(SM2_PUBKEY, EC_KEY, PEM_STRING_PUBLIC, EC_PUBKEY)
+# ifndef OPENSSL_NO_FP_API
+EC_KEY *PEM_read_SM2PrivateKey(FILE *fp, EC_KEY **eckey, pem_password_cb *cb,
+                              void *u)
+{
+    EVP_PKEY *pktmp;
+    pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
+
+	printf("GMSSL %s %d\n", __FILE__, __LINE__);
+
+	BIO *out = BIO_new_fp(stderr, BIO_NOCLOSE);
+	EVP_PKEY_print_public(out, pktmp, 0, NULL);
+	EVP_PKEY_print_private(out, pktmp, 0, NULL);
+	EVP_PKEY_print_params(out, pktmp, 0, NULL);
+
+
+    return pkey_get_sm2key(pktmp, eckey); /* will free pktmp */
+}
+
+# endif
+
+#endif
+
diff --git a/crypto/sm2/sm2.h b/crypto/sm2/sm2.h
index 80beb5f3..dadea245 100644
--- a/crypto/sm2/sm2.h
+++ b/crypto/sm2/sm2.h
@@ -109,21 +109,27 @@ int SM2_do_decrypt(const EVP_MD *kdf_md, const EVP_MD *mac_md,
 	const SM2_CIPHERTEXT_VALUE *cv, unsigned char *out, size_t *outlen,
 	EC_KEY *ec_key);
 
-int SM2_encrypt(const EVP_MD *kdf_md, const EVP_MD *mac_md,
+int SM2_encrypt_ex(const EVP_MD *kdf_md, const EVP_MD *mac_md,
 	point_conversion_form_t point_form,
 	const unsigned char *in, size_t inlen,
 	unsigned char *out, size_t *outlen, EC_KEY *ec_key);
-int SM2_decrypt(const EVP_MD *kdf_md, const EVP_MD *mac_md,
+int SM2_decrypt_ex(const EVP_MD *kdf_md, const EVP_MD *mac_md,
 	point_conversion_form_t point_form,
 	const unsigned char *in, size_t inlen,
 	unsigned char *out, size_t *outlen, EC_KEY *ec_key);
 
-
+int SM2_encrypt(const unsigned char *in, size_t inlen,
+	unsigned char *out, size_t *outlen, EC_KEY *ec_key);
+int SM2_decrypt(const unsigned char *in, size_t inlen,
+	unsigned char *out, size_t *outlen, EC_KEY *ec_key);
 
 
 int SM2_compute_message_digest(const EVP_MD *id_md, const EVP_MD *msg_md,
 	const void *msg, size_t msglen, unsigned char *dgst,
 	unsigned int *dgstlen, EC_KEY *ec_key);
+int SM2_digest(const void *msg, size_t msglen, unsigned char *dgst,
+	unsigned int *dgstlen, EC_KEY *ec_key);
+
 
 #define SM2_signature_size(ec_key)	ECDSA_size(ec_key)
 int SM2_sign_setup(EC_KEY *ec_key, BN_CTX *ctx, BIGNUM **a, BIGNUM **b);
@@ -181,7 +187,6 @@ typedef struct sm2_kap_ctx_st {
 
 int SM2_KAP_CTX_init(SM2_KAP_CTX *ctx, EC_KEY *ec_key,
 	EC_KEY *remote_pubkey, int is_initiator, int do_checksum);
-void SM2_KAP_CTX_cleanup(SM2_KAP_CTX *ctx);
 int SM2_KAP_prepare(SM2_KAP_CTX *ctx, unsigned char *ephem_point,
 	size_t *ephem_point_len);
 int SM2_KAP_compute_key(SM2_KAP_CTX *ctx, const unsigned char *remote_ephem_point,
@@ -189,6 +194,7 @@ int SM2_KAP_compute_key(SM2_KAP_CTX *ctx, const unsigned char *remote_ephem_poin
 	unsigned char *checksum, size_t *checksumlen);
 int SM2_KAP_final_check(SM2_KAP_CTX *ctx, const unsigned char *checksum,
 	size_t checksumlen);
+void SM2_KAP_CTX_cleanup(SM2_KAP_CTX *ctx);
 
 
 
diff --git a/crypto/sm2/sm2_asn1.c b/crypto/sm2/sm2_asn1.c
index acd9fbd6..62c43aef 100644
--- a/crypto/sm2/sm2_asn1.c
+++ b/crypto/sm2/sm2_asn1.c
@@ -110,21 +110,39 @@ IMPLEMENT_ASN1_DUP_FUNCTION(SM2CiphertextValue)
 
 int i2d_SM2_CIPHERTEXT_VALUE(const SM2_CIPHERTEXT_VALUE *c, unsigned char **out)
 {
+	int ret = 0;
 	SM2CiphertextValue *asn1 = NULL;
+	BIGNUM *x = NULL;
+	BIGNUM *y = NULL;
 
-	/*
-	asn1 = SM2CiphertextValue_new();
-	
-	asn1->xCoordinate = BN_to_ASN1_INTEGER(x, NULL);
-	asn1->yCoordinate = BN_to_ASN1_INTEGER(y, NULL);
-	*/
 
-	return 0;
+	if (!(asn1 = SM2CiphertextValue_new())) {
+		goto end;
+	}
+	OPENSSL_assert(asn1->xCoordinate);
+	OPENSSL_assert(asn1->yCoordinate);
+	if (!BN_to_ASN1_INTEGER(x, asn1->xCoordinate)) {
+	}
+
+	if (!BN_to_ASN1_INTEGER(y, asn1->yCoordinate)) {
+	}
+
+	M_ASN1_OCTET_STRING_set(asn1->hash, c->mactag, c->mactag_size);
+	M_ASN1_OCTET_STRING_set(asn1->ciphertext, c->ciphertext, c->ciphertext_size);
+
+	ret = 1;
+end:
+	return ret;
 }
 
 SM2_CIPHERTEXT_VALUE *d2i_SM2_CIPHERTEXT_VALUE(SM2_CIPHERTEXT_VALUE **c,
 	const unsigned char **in, long len)
 {
+	
+
+
+
+
 	return NULL;
 }
 
diff --git a/crypto/sm2/sm2_enc.c b/crypto/sm2/sm2_enc.c
index 8b08044e..29cbedb7 100644
--- a/crypto/sm2/sm2_enc.c
+++ b/crypto/sm2/sm2_enc.c
@@ -239,7 +239,7 @@ end:
 	return 0;
 }
 
-int SM2_encrypt(const EVP_MD *kdf_md, const EVP_MD *mac_md,
+int SM2_encrypt_ex(const EVP_MD *kdf_md, const EVP_MD *mac_md,
 	point_conversion_form_t point_form,
 	const unsigned char *in, size_t inlen,
 	unsigned char *out, size_t *outlen, EC_KEY *ec_key)
@@ -430,7 +430,7 @@ end:
 	return cv;
 }
 
-int SM2_decrypt(const EVP_MD *kdf_md, const EVP_MD *mac_md,
+int SM2_decrypt_ex(const EVP_MD *kdf_md, const EVP_MD *mac_md,
 	point_conversion_form_t point_form,
 	const unsigned char *in, size_t inlen,
 	unsigned char *out, size_t *outlen, EC_KEY *ec_key)
@@ -599,3 +599,26 @@ end:
 	return ret;
 }
 
+
+int SM2_encrypt(const unsigned char *in, size_t inlen,
+	unsigned char *out, size_t *outlen, EC_KEY *ec_key)
+{
+	const EVP_MD *kdf_md = EVP_sm3();
+	const EVP_MD *mac_md = EVP_sm3();
+	point_conversion_form_t point_form = SM2_DEFAULT_POINT_CONVERSION_FORM;
+	
+	return SM2_encrypt_ex(kdf_md, mac_md, point_form,
+		in, inlen, out, outlen, ec_key);
+}
+
+int SM2_decrypt(const unsigned char *in, size_t inlen,
+	unsigned char *out, size_t *outlen, EC_KEY *ec_key)
+{
+	const EVP_MD *kdf_md = EVP_sm3();
+	const EVP_MD *mac_md = EVP_sm3();
+	point_conversion_form_t point_form = SM2_DEFAULT_POINT_CONVERSION_FORM;
+
+	return SM2_decrypt_ex(kdf_md, mac_md, point_form,
+		in, inlen, out, outlen, ec_key);	
+}
+
diff --git a/crypto/sm2/sm2_kap.c b/crypto/sm2/sm2_kap.c
index 35a08b5b..e98aa7b9 100644
--- a/crypto/sm2/sm2_kap.c
+++ b/crypto/sm2/sm2_kap.c
@@ -155,6 +155,102 @@ void SM2_KAP_CTX_cleanup(SM2_KAP_CTX *ctx)
 	memset(ctx, 0, sizeof(*ctx));
 }
 
+#if 0
+int SM2_update_key(EC_KEY *ec_key, EC_POINT **point)
+{
+	EC_KEY *tmp = NULL;
+	BIGNUM *d = EC_KEY_get0_private_key(ec_key);
+
+
+	if (!(tmp = EC_KEY_new())) {
+		goto end;
+	}
+
+	if (!EC_KEY_set_group(tmp, EC_KEY_get0_group(ec_key))) {
+		goto end;
+	}
+
+	if (!EC_KEY_generate_key(tmp)) {
+		goto end;
+	}
+
+	if (!EC_KEY_get_affine_coordinates(tmp, x, y)) {
+		goto end;
+	}
+
+	/* convert x to x' */
+
+	if (**point == NULL) {
+		*point = EC_POINT_dup(EC_KEY_get0_public_key(ec_key), EC_KEY_get0_group(ec_key));
+	} else {
+		EC_POINT_copy(*point, EC_KEY_get0_public_key(ec_key), EC_KEY_get0_group(ec_key));
+	}
+
+end:
+	EC_KEY_free(tmp);
+	return 0;
+}
+
+int SM2_update_public_key(EC_KEY *ec_key, const EC_POINT *pub_key)
+{
+	EC_GROUP *group;
+
+
+	group = EC_KEY_get0_group(ec_key);
+
+
+
+	if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) {
+		if (!EC_POINT_get_affine_coordinates_GFp(group, pub_key, x, NULL, bn_ctx)) {
+			SM2err(SM2_F_SM2_KAP_COMPUTE_KEY, ERR_R_EC_LIB);
+			goto end;
+		}
+	} else {
+		if (!EC_POINT_get_affine_coordinates_GF2m(group, pub_key, x, NULL, bn_ctx)) {
+			SM2err(SM2_F_SM2_KAP_COMPUTE_KEY, ERR_R_EC_LIB);
+			goto end;
+		}
+	}
+
+	if (!BN_nnmod(x, x, ctx->two_pow_w, bn_ctx)) {
+		SM2err(SM2_F_SM2_KAP_PREPARE, ERR_R_BN_LIB);
+		goto end;
+	}
+
+	if (!BN_add(x, x, ctx->two_pow_w)) {
+		SM2err(SM2_F_SM2_KAP_PREPARE, ERR_R_BN_LIB);
+		goto end;
+	}
+
+	if (!BN_mod_mul(ctx->t, x, r, ctx->order, ctx->bn_ctx)) {
+		SM2err(SM2_F_SM2_KAP_PREPARE, ERR_R_BN_LIB);
+		goto end;
+	}
+
+	if (!EC_POINT_mul(group, point, NULL, point, x, ctx->bn_ctx)) {
+		SM2err(SM2_F_SM2_KAP_COMPUTE_KEY, ERR_R_EC_LIB);
+		goto end;
+	}
+
+	if (!EC_POINT_add(group, pubkey, pubkey, point, bn_ctx)) {
+		goto end;
+	}
+
+	ret = 1;
+end:
+	return ret;
+}
+
+int SM2_derive_key(void *out, size_t outlen,
+	const EC_POINT *pub_key, EC_KEY *ec_key,
+	void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen))
+{
+
+
+
+	return 0;
+}
+#endif
 
 /* FIXME: ephem_point_len should be both input and output */
 int SM2_KAP_prepare(SM2_KAP_CTX *ctx, unsigned char *ephem_point,
diff --git a/crypto/sm2/sm2_lib.c b/crypto/sm2/sm2_lib.c
index 7aef7fff..064c457b 100644
--- a/crypto/sm2/sm2_lib.c
+++ b/crypto/sm2/sm2_lib.c
@@ -298,3 +298,13 @@ err:
 	return ret;
 }
 
+int SM2_digest(const void *msg, size_t msglen, unsigned char *dgst,
+	unsigned int *dgstlen, EC_KEY *ec_key)
+{
+	const EVP_MD *id_md = EVP_sm3();
+	const EVP_MD *msg_md = EVP_sm3();
+	
+	return SM2_compute_message_digest(id_md, msg_md,
+		msg, msglen, dgst, dgstlen, ec_key);
+}
+
diff --git a/crypto/sm2/sm2test.c b/crypto/sm2/sm2test.c
index 6a8eeefe..4eab82dc 100644
--- a/crypto/sm2/sm2test.c
+++ b/crypto/sm2/sm2test.c
@@ -523,7 +523,7 @@ int test_sm2_test_vector()
 		"00CDB9CA7F1E6B0441F658343F4B10297C0EF9B6491082400A62E7A7485735FADD",
 		"013DE74DA65951C4D76DC89220D5F7777A611B1C38BAE260B175951DC8060C2B3E",
 		"7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFBC972CF7E6B6F900945B3C6A0CF6161D",
-		"1");
+		"4");
 
 	if (!sm2p192test || !sm2p256test || !sm2b193test || !sm2b257test) {
 		goto end;
diff --git a/crypto/sms4/sms4_common.c b/crypto/sms4/sms4_common.c
new file mode 100644
index 00000000..b7a68cd4
--- /dev/null
+++ b/crypto/sms4/sms4_common.c
@@ -0,0 +1,105 @@
+/* crypto/sms4/sms4_common.c */
+/* ====================================================================
+ * Copyright (c) 2014 - 2016 The GmSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include <stdint.h>
+#include "sms4_lcl.h"
+
+uint8_t SBOX[256] = {
+	0xd6, 0x90, 0xe9, 0xfe, 0xcc, 0xe1, 0x3d, 0xb7,
+	0x16, 0xb6, 0x14, 0xc2, 0x28, 0xfb, 0x2c, 0x05,
+	0x2b, 0x67, 0x9a, 0x76, 0x2a, 0xbe, 0x04, 0xc3,
+	0xaa, 0x44, 0x13, 0x26, 0x49, 0x86, 0x06, 0x99,
+	0x9c, 0x42, 0x50, 0xf4, 0x91, 0xef, 0x98, 0x7a,
+	0x33, 0x54, 0x0b, 0x43, 0xed, 0xcf, 0xac, 0x62,
+	0xe4, 0xb3, 0x1c, 0xa9, 0xc9, 0x08, 0xe8, 0x95,
+	0x80, 0xdf, 0x94, 0xfa, 0x75, 0x8f, 0x3f, 0xa6,
+	0x47, 0x07, 0xa7, 0xfc, 0xf3, 0x73, 0x17, 0xba,
+	0x83, 0x59, 0x3c, 0x19, 0xe6, 0x85, 0x4f, 0xa8,
+	0x68, 0x6b, 0x81, 0xb2, 0x71, 0x64, 0xda, 0x8b,
+	0xf8, 0xeb, 0x0f, 0x4b, 0x70, 0x56, 0x9d, 0x35,
+	0x1e, 0x24, 0x0e, 0x5e, 0x63, 0x58, 0xd1, 0xa2,
+	0x25, 0x22, 0x7c, 0x3b, 0x01, 0x21, 0x78, 0x87,
+	0xd4, 0x00, 0x46, 0x57, 0x9f, 0xd3, 0x27, 0x52,
+	0x4c, 0x36, 0x02, 0xe7, 0xa0, 0xc4, 0xc8, 0x9e,
+	0xea, 0xbf, 0x8a, 0xd2, 0x40, 0xc7, 0x38, 0xb5,
+	0xa3, 0xf7, 0xf2, 0xce, 0xf9, 0x61, 0x15, 0xa1,
+	0xe0, 0xae, 0x5d, 0xa4, 0x9b, 0x34, 0x1a, 0x55,
+	0xad, 0x93, 0x32, 0x30, 0xf5, 0x8c, 0xb1, 0xe3,
+	0x1d, 0xf6, 0xe2, 0x2e, 0x82, 0x66, 0xca, 0x60,
+	0xc0, 0x29, 0x23, 0xab, 0x0d, 0x53, 0x4e, 0x6f,
+	0xd5, 0xdb, 0x37, 0x45, 0xde, 0xfd, 0x8e, 0x2f,
+	0x03, 0xff, 0x6a, 0x72, 0x6d, 0x6c, 0x5b, 0x51,
+	0x8d, 0x1b, 0xaf, 0x92, 0xbb, 0xdd, 0xbc, 0x7f,
+	0x11, 0xd9, 0x5c, 0x41, 0x1f, 0x10, 0x5a, 0xd8,
+	0x0a, 0xc1, 0x31, 0x88, 0xa5, 0xcd, 0x7b, 0xbd,
+	0x2d, 0x74, 0xd0, 0x12, 0xb8, 0xe5, 0xb4, 0xb0,
+	0x89, 0x69, 0x97, 0x4a, 0x0c, 0x96, 0x77, 0x7e,
+	0x65, 0xb9, 0xf1, 0x09, 0xc5, 0x6e, 0xc6, 0x84,
+	0x18, 0xf0, 0x7d, 0xec, 0x3a, 0xdc, 0x4d, 0x20,
+	0x79, 0xee, 0x5f, 0x3e, 0xd7, 0xcb, 0x39, 0x48 
+};
+
+uint32_t SBOX32L[256 * 256];
+uint32_t SBOX32H[256 * 256];
+
+void sms4_init_sbox32(void)
+{
+	int i, j;
+	uint32_t a;
+
+	for (i = 0; i < 256; i++) {
+		for (j = 0; j < 256; j++) {
+			a = SBOX[i] << 8 | SBOX[j];
+			SBOX32L[(i << 8) + j] = a;
+			SBOX32H[(i << 8) + j] = a << 16;
+		}
+	}
+}
+
diff --git a/crypto/sms4/sms4_ede.c b/crypto/sms4/sms4_ede.c
new file mode 100644
index 00000000..a9004fbc
--- /dev/null
+++ b/crypto/sms4/sms4_ede.c
@@ -0,0 +1,67 @@
+/* crypto/sms4/sms4_ede.c */
+/* ====================================================================
+ * Copyright (c) 2014 - 2016 The GmSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include "sms4.h"
+
+void sms4_ede_encrypt(sms4_ede_key_t *key, const unsigned char *in, unsigned char *out)
+{
+	sms4_encrypt(&key->k1, in, out);
+	sms4_decrypt(&key->k2, out, in);
+	sms4_encrypt(&key->k1, in, out);
+}
+
+void sms4_ede_decrypt(sms4_ede_key_t *key, const unsigned char *in, unsigned char *out)
+{
+	sms4_decrypt(&key->k1, in, out);
+	sms4_encrypt(&key->k2, in, out);
+	sms4_decrypt(&key->k1, in, out);
+}
+
+
diff --git a/crypto/sms4/sms4_ede.h b/crypto/sms4/sms4_ede.h
new file mode 100644
index 00000000..1f1e3b9a
--- /dev/null
+++ b/crypto/sms4/sms4_ede.h
@@ -0,0 +1,30 @@
+#ifndef LIBSM_SMS4_EDE_H
+#define LIBSM_SMS4_EDE_H
+
+#define SMS4_EDE_KEY_LENGTH	32
+
+#include "sms4.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct {
+	sms4_key_t k1;
+	sms4_key_t k2;	
+} sms4_ede_key_t;
+
+void sms4_ede_set_encrypt_key(sms4_ede_key_t *key, const unsigned char *user_key);
+void sms4_ede_set_decrypt_key(sms4_ede_key_t *key, const unsigned char *user_key);
+void sms4_ede_encrypt(sms4_ede_key_t *key, const unsigned char *in, unsigned char *out);
+void sms4_ede_encrypt_8blocks(sms4_ede_key_t *key, const unsigned char *in, unsigned char *out);
+void sms4_ede_encrypt_16blocks(sms4_ede_key_t *key, const unsigned char *in, unsigned char *out);
+void sms4_ede_decrypt(sms4_ede_key_t *key, const unsigned char *in, unsigned char *out);
+void sms4_ede_decrypt_8blocks(sms4_ede_key_t *key, const unsigned char *in, unsigned char *out);
+void sms4_ede_decrypt_16blocks(sms4_ede_key_t *key, const unsigned char *in, unsigned char *out);
+
+#ifdef __cplusplus
+}
+#endif
+#endif
+
diff --git a/crypto/sms4/sms4_enc.c b/crypto/sms4/sms4_enc.c
new file mode 100644
index 00000000..949a04b1
--- /dev/null
+++ b/crypto/sms4/sms4_enc.c
@@ -0,0 +1,87 @@
+/* crypto/sms4/sms4_enc.c */
+/* ====================================================================
+ * Copyright (c) 2014 - 2016 The GmSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include "sms4.h"
+#include "sms4_lcl.h"
+
+
+#define L32(x)						\
+	((x) ^						\
+	ROT32((x),  2) ^				\
+	ROT32((x), 10) ^				\
+	ROT32((x), 18) ^				\
+	ROT32((x), 24))
+
+#define ROUND(x0, x1, x2, x3, x4, i)			\
+	x4 = x1 ^ x2 ^ x3 ^ *(rk + i);			\
+	x4 = S32(x4);					\
+	x4 = x0 ^ L32(x4)
+
+
+void sms4_encrypt(sms4_key_t *key, const unsigned char *in, unsigned char *out)
+{
+	uint32_t *rk = key->rk;
+	uint32_t x0, x1, x2, x3, x4;
+
+	x0 = GET32(in     );
+	x1 = GET32(in +  4);
+	x2 = GET32(in +  8);
+	x3 = GET32(in + 12);
+
+	ROUNDS(x0, x1, x2, x3, x4);
+
+	PUT32(x0, out     );
+	PUT32(x4, out +  4);
+	PUT32(x3, out +  8);
+	PUT32(x2, out + 12);
+
+	x0 = x1 = x2 = x3 = x4 = 0;
+}
+
diff --git a/crypto/sms4/sms4_enc_avx2.c b/crypto/sms4/sms4_enc_avx2.c
new file mode 100644
index 00000000..a844431e
--- /dev/null
+++ b/crypto/sms4/sms4_enc_avx2.c
@@ -0,0 +1,150 @@
+/* crypto/sms4/sms4_enc_avx2.c */
+/* ====================================================================
+ * Copyright (c) 2014 - 2016 The GmSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+
+#include "sms4.h"
+#include "sms4_lcl.h"
+#include <immintrin.h>
+
+static __m256i mask_ffff;
+static __m256i vindex_0s;
+static __m256i vindex_4i;
+static __m256i vindex_swap;
+static __m256i vindex_read;
+
+
+void sms4_encrypt_init(sms4_key_t *key)
+{
+	mask_ffff = _mm256_set1_epi32(0xffff);
+	vindex_0s = _mm256_set1_epi32(0);
+	vindex_4i = _mm256_setr_epi32(0,4,8,12,16,20,24,28);
+	vindex_read = _mm256_setr_epi32(0,8,16,24,1,9,17,25);
+	vindex_swap = _mm256_setr_epi8(
+		3,2,1,0,7,6,5,4,11,10,9,8,15,14,13,12,
+		3,2,1,0,7,6,5,4,11,10,9,8,15,14,13,12
+	);
+	sms4_init_sbox32();
+}
+
+#define GET_BLKS(x0, x1, x2, x3, in)					\
+	t0 = _mm256_i32gather_epi32((int *)(in+4*0), vindex_4i, 4);	\
+	t1 = _mm256_i32gather_epi32((int *)(in+4*1), vindex_4i, 4);	\
+	t2 = _mm256_i32gather_epi32((int *)(in+4*2), vindex_4i, 4);	\
+	t3 = _mm256_i32gather_epi32((int *)(in+4*3), vindex_4i, 4);	\
+	x0 = _mm256_shuffle_epi8(t0, vindex_swap);			\
+	x1 = _mm256_shuffle_epi8(t1, vindex_swap);			\
+	x2 = _mm256_shuffle_epi8(t2, vindex_swap);			\
+	x3 = _mm256_shuffle_epi8(t3, vindex_swap)
+
+#define PUT_BLKS(out, x0, x1, x2, x3)					\
+	t0 = _mm256_shuffle_epi8(x0, vindex_swap);			\
+	t1 = _mm256_shuffle_epi8(x1, vindex_swap);			\
+	t2 = _mm256_shuffle_epi8(x2, vindex_swap);			\
+	t3 = _mm256_shuffle_epi8(x3, vindex_swap);			\
+	_mm256_storeu_si256((__m256i *)(out+32*0), t0);			\
+	_mm256_storeu_si256((__m256i *)(out+32*1), t1);			\
+	_mm256_storeu_si256((__m256i *)(out+32*2), t2);			\
+	_mm256_storeu_si256((__m256i *)(out+32*3), t3);			\
+	x0 = _mm256_i32gather_epi32((int *)(in+32*0), vindex_read, 4);	\
+	x1 = _mm256_i32gather_epi32((int *)(in+32*1), vindex_read, 4);	\
+	x2 = _mm256_i32gather_epi32((int *)(in+32*2), vindex_read, 4);	\
+	x3 = _mm256_i32gather_epi32((int *)(in+32*3), vindex_read, 4);	\
+	_mm256_storeu_si256((__m256i *)(out+2*0), x0);			\
+	_mm256_storeu_si256((__m256i *)(out+2*1), x1);			\
+	_mm256_storeu_si256((__m256i *)(out+2*2), x2);			\
+	_mm256_storeu_si256((__m256i *)(out+2*3), x3)
+
+#define S(x0, t0, t1, t2)					\
+	t0 = _mm256_and_si256(x0, mask_ffff);			\
+	t1 = _mm256_i32gather_epi32(SBOX32L, t0, 4);		\
+	t0 = _mm256_srli_epi32(x0, 16);				\
+	t2 = _mm256_i32gather_epi32(SBOX32H, t0, 4);		\
+	x0 = _mm256_xor_si256(t1, t2)
+
+#define ROT(r0, x0, i, t0, t1)					\
+	t0 = _mm256_slli_epi32(x0, i);				\
+	t1 = _mm256_srli_epi32(x0,32-i);			\
+	r0 = _mm256_xor_si256(t0, t1)
+
+#define L(x0, t0, t1, t2, t3, t4)				\
+	ROT(t0, x0,  2, t2, t3);				\
+	ROT(t1, x0, 10, t2, t3);				\
+	t4 = _mm256_xor_si256(t0, t1);				\
+	ROT(t0, x0, 18, t2, t3);				\
+	ROT(t1, x0, 24, t2, t3);				\
+	t3 = _mm256_xor_si256(t0, t1);				\
+	t2 = _mm256_xor_si256(x0, t3);				\
+	x0 = _mm256_xor_si256(t2, t4)
+
+#define ROUND(x0, x1, x2, x3, x4, i)				\
+	t0 = _mm256_i32gather_epi32(rk+i, vindex_0s, 4);	\
+	t1 = _mm256_xor_si256(x1, x2);				\
+	t2 = _mm256_xor_si256(x3, t0);				\
+	t0 = _mm256_xor_si256(t1, t2);				\
+	S(t0, x4, t1, t2);					\
+	L(t0, x4, t1, t2, t3, t4);				\
+	x4 = _mm256_xor_si256(x0, t0);
+
+
+void sms4_encrypt_8blocks(sms4_key_t *key, const unsigned char *in, unsigned char *out)
+{
+	int *rk = (int *)key->rk;
+	__m256i x0, x1, x2, x3, x4;
+	__m256i t0, t1, t2, t3, t4;
+	GET_BLKS(x0, x1, x2, x3, in);
+	ROUNDS(x0, x1, x2, x3, x4);
+	PUT_BLKS(out, x0, x4, x3, x2);
+}
+
+void sms4_encrypt_16blocks(sms4_key_t *key, const unsigned char *in, unsigned char *out)
+{
+	sms4_encrypt_8blocks(key, in, out);
+	sms4_encrypt_8blocks(key, in + 16*8, out + 16*8);
+}
diff --git a/crypto/sms4/sms4_enc_knc.c b/crypto/sms4/sms4_enc_knc.c
new file mode 100644
index 00000000..9e0cdf7e
--- /dev/null
+++ b/crypto/sms4/sms4_enc_knc.c
@@ -0,0 +1,160 @@
+/* crypto/sms4/sms4_enc_knc.c */
+/* ====================================================================
+ * Copyright (c) 2014 - 2016 The GmSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+
+#include <stdint.h>
+#include <zmmintrin.h>
+#include "sms4.h"
+#include "sms4_lcl.h"
+
+
+static __m512i mask_ff00;
+static __m512i mask_ffff;
+static __m512i mask_ff0000;
+static __m512i vindex_0s;
+static __m512i vindex_4i;
+
+
+void sms4_encrypt_init(sms4_key_t *key)
+{
+	uint64_t value[sizeof(__m512i)/sizeof(uint64_t)];
+	int *p = (int *)value;
+
+	for (i = 0; i < 16; i++)
+		p[i] = 0xff00;
+	mask_ff00 = _mm512_load_epi32(value);
+
+	for (i = 0; i < 16; i++)
+		p[i] = 0xffff;
+	mask_ffff = _mm512_load_epi32(value);
+
+	for (i = 0; i < 16; i++)
+		p[i] = 0xff0000;
+	mask_ff0000 = _mm512_load_epi32(value);
+
+	for (i = 0; i < 16; i++)
+		p[i] = 0;
+	vindex_0s = _mm512_load_epi32(value);
+
+	for (i = 0; i < 16; i++)
+		p[i] = 4 * i;
+	vindex_4i = _mm512_load_epi32(value);
+
+	sms4_init_sbox32();
+}
+
+#define SWAP32(x)						\
+	t0 = _mm512_slli_epi32(x, 24);				\
+	t1 = _mm512_srli_epi32(x, 24);				\
+	t2 = _mm512_or_epi32(t0, t1);				\
+	t0 = _mm512_slli_epi32(x, 8);				\
+	t1 = _mm512_and_epi32(t0, mask_ff0000);			\
+	t0 = _mm512_or_epi32(t2, t1);				\
+	t1 = _mm512_srli_epi32(x, 8);				\
+	t2 = _mm512_and_epi32(t1, mask_ff00);			\
+	x  = _mm512_or_epi32(t0, t2)
+
+#define GET_BLKS(x0, x1, x2, x3, in)				\
+	x0 = _mm512_i32gather_epi32(vindex_4i, in+4*0, 4);	\
+	x1 = _mm512_i32gather_epi32(vindex_4i, in+4*1, 4);	\
+	x2 = _mm512_i32gather_epi32(vindex_4i, in+4*2, 4);	\
+	x3 = _mm512_i32gather_epi32(vindex_4i, in+4*3, 4);	\
+	SWAP32(x0); SWAP32(x1); SWAP32(x2); SWAP32(x3)
+
+#define PUT_BLKS(out, x0, x1, x2, x3)				\
+	SWAP32(x0); SWAP32(x1); SWAP32(x2); SWAP32(x3);		\
+	_mm512_i32scatter_epi32(out+4*0, vindex_4i, x0, 4);	\
+	_mm512_i32scatter_epi32(out+4*1, vindex_4i, x1, 4);	\
+	_mm512_i32scatter_epi32(out+4*2, vindex_4i, x2, 4);	\
+	_mm512_i32scatter_epi32(out+4*3, vindex_4i, x3, 4)
+
+#define S(x0, t0, t1, t2)					\
+	t0 = _mm512_and_epi32(x0, mask_ffff);			\
+	t1 = _mm512_i32gather_epi32(t0, SBOX32L, 4);		\
+	t0 = _mm512_srli_epi32(x0, 16);				\
+	t2 = _mm512_i32gather_epi32(t0, SBOX32H, 4);		\
+	x0 = _mm512_xor_epi32(t1, t2)
+
+#define ROT(r0, x0, i, t0, t1)					\
+	t0 = _mm512_slli_epi32(x0, i);				\
+	t1 = _mm512_srli_epi32(x0, 32-i);			\
+	r0 = _mm512_xor_epi32(t0, t1)
+
+#define L(x0, t0, t1, t2, t3, t4)				\
+	ROT(t0, x0,  2, t2, t3);				\
+	ROT(t1, x0, 10, t2, t3);				\
+	t4 = _mm512_xor_epi32(t0, t1);				\
+	ROT(t0, x0, 18, t2, t3);				\
+	ROT(t1, x0, 24, t2, t3);				\
+	t3 = _mm512_xor_epi32(t0, t1);				\
+	t2 = _mm512_xor_epi32(x0, t3);				\
+	x0 = _mm512_xor_epi32(t2, t4)
+
+#define ROUND(x0, x1, x2, x3, x4, i)				\
+	t0 = _mm512_i32gather_epi32(vindex_0s, rk+i*4, 4);	\
+	t1 = _mm512_xor_epi32(x1, x2);				\
+	t2 = _mm512_xor_epi32(x3, t0);				\
+	t0 = _mm512_xor_epi32(t1, t2);				\
+	S(t0, x4, t1, t2);					\
+	L(t0, x4, t1, t2, t3, t4);				\
+	x4 = _mm512_xor_epi32(x0, t0)
+
+
+void sms4_encrypt_16blocks(sms4_key_t *key, const unsigned char *in, unsigned char *out)
+{
+	int *rk = (int *)key->rk;
+	__m512i x0, x1, x2, x3, x4;
+	__m512i t0, t1, t2, t3, t4;
+
+	GET_BLKS(x0, x1, x2, x3, in);	
+	ROUNDS(x0, x1, x2, x3, x4, ROUND);
+	PUT_BLKS(out, x2, x3, x4, x0);
+}
+
diff --git a/crypto/sms4/sms4_enc_nblks.c b/crypto/sms4/sms4_enc_nblks.c
new file mode 100644
index 00000000..77083237
--- /dev/null
+++ b/crypto/sms4/sms4_enc_nblks.c
@@ -0,0 +1,75 @@
+/* crypto/sms4/sms4_enc_nblks.c */
+/* ====================================================================
+ * Copyright (c) 2014 - 2016 The GmSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+
+#include "sms4.h"
+
+void sms4_encrypt_init(sms4_key_t *key)
+{
+}
+
+void sms4_encrypt_8blocks(sms4_key_t *key, const unsigned char *in, unsigned char *out)
+{
+	sms4_encrypt(key, in         , out         );
+	sms4_encrypt(key, in + 16    , out + 16    );
+	sms4_encrypt(key, in + 16 * 2, out + 16 * 2);
+	sms4_encrypt(key, in + 16 * 3, out + 16 * 3);
+	sms4_encrypt(key, in + 16 * 4, out + 16 * 4);
+	sms4_encrypt(key, in + 16 * 5, out + 16 * 5);
+	sms4_encrypt(key, in + 16 * 6, out + 16 * 6);
+	sms4_encrypt(key, in + 16 * 7, out + 16 * 7);
+}
+
+void sms4_encrypt_16blocks(sms4_key_t *key, const unsigned char *in, unsigned char *out)
+{
+	sms4_encrypt_8blocks(key, in, out);
+	sms4_encrypt_8blocks(key, in + 16 * 8, out + 16 * 8);
+}
+
diff --git a/crypto/sms4/sms4_lcl.h b/crypto/sms4/sms4_lcl.h
new file mode 100644
index 00000000..2f6d200e
--- /dev/null
+++ b/crypto/sms4/sms4_lcl.h
@@ -0,0 +1,125 @@
+/* crypto/sms4/sms4_lcl.h */
+/* ====================================================================
+ * Copyright (c) 2014 - 2016 The GmSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+
+#ifndef LIBSM_SMS4_LCL_H
+#define LIBSM_SMS4_LCL_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+extern uint8_t  SBOX[256];
+extern uint32_t SBOX32L[256 * 256];
+extern uint32_t SBOX32H[256 * 256];
+
+
+#define GET32(pc)  (					\
+	((uint32_t)(pc)[0] << 24) ^			\
+	((uint32_t)(pc)[1] << 16) ^			\
+	((uint32_t)(pc)[2] <<  8) ^			\
+	((uint32_t)(pc)[3]))
+
+#define PUT32(st, ct)					\
+	(ct)[0] = (uint8_t)((st) >> 24);		\
+	(ct)[1] = (uint8_t)((st) >> 16);		\
+	(ct)[2] = (uint8_t)((st) >>  8);		\
+	(ct)[3] = (uint8_t)(st)
+
+#define ROT32(x,i)					\
+	(((x) << i) | ((x) >> (32-i)))
+
+#define S32(A)						\
+	((SBOX[((A) >> 24)       ] << 24) ^		\
+	 (SBOX[((A) >> 16) & 0xff] << 16) ^		\
+	 (SBOX[((A) >>  8) & 0xff] <<  8) ^		\
+	 (SBOX[((A))       & 0xff]))
+
+#define ROUNDS(x0, x1, x2, x3, x4)		\
+	ROUND(x0, x1, x2, x3, x4, 0);		\
+	ROUND(x1, x2, x3, x4, x0, 1);		\
+	ROUND(x2, x3, x4, x0, x1, 2);		\
+	ROUND(x3, x4, x0, x1, x2, 3);		\
+	ROUND(x4, x0, x1, x2, x3, 4);		\
+	ROUND(x0, x1, x2, x3, x4, 5);		\
+	ROUND(x1, x2, x3, x4, x0, 6);		\
+	ROUND(x2, x3, x4, x0, x1, 7);		\
+	ROUND(x3, x4, x0, x1, x2, 8);		\
+	ROUND(x4, x0, x1, x2, x3, 9);		\
+	ROUND(x0, x1, x2, x3, x4, 10);		\
+	ROUND(x1, x2, x3, x4, x0, 11);		\
+	ROUND(x2, x3, x4, x0, x1, 12);		\
+	ROUND(x3, x4, x0, x1, x2, 13);		\
+	ROUND(x4, x0, x1, x2, x3, 14);		\
+	ROUND(x0, x1, x2, x3, x4, 15);		\
+	ROUND(x1, x2, x3, x4, x0, 16);		\
+	ROUND(x2, x3, x4, x0, x1, 17);		\
+	ROUND(x3, x4, x0, x1, x2, 18);		\
+	ROUND(x4, x0, x1, x2, x3, 19);		\
+	ROUND(x0, x1, x2, x3, x4, 20);		\
+	ROUND(x1, x2, x3, x4, x0, 21);		\
+	ROUND(x2, x3, x4, x0, x1, 22);		\
+	ROUND(x3, x4, x0, x1, x2, 23);		\
+	ROUND(x4, x0, x1, x2, x3, 24);		\
+	ROUND(x0, x1, x2, x3, x4, 25);		\
+	ROUND(x1, x2, x3, x4, x0, 26);		\
+	ROUND(x2, x3, x4, x0, x1, 27);		\
+	ROUND(x3, x4, x0, x1, x2, 28);		\
+	ROUND(x4, x0, x1, x2, x3, 29);		\
+	ROUND(x0, x1, x2, x3, x4, 30);		\
+	ROUND(x1, x2, x3, x4, x0, 31)
+
+void sms4_init_sbox32(void);
+
+#ifdef __cplusplus
+}
+#endif
+#endif
+
diff --git a/demos/gmssl/sms4enc.c b/crypto/sms4/sms4speed.c
similarity index 72%
rename from demos/gmssl/sms4enc.c
rename to crypto/sms4/sms4speed.c
index fd01239e..2b5da2a9 100644
--- a/demos/gmssl/sms4enc.c
+++ b/crypto/sms4/sms4speed.c
@@ -1,4 +1,4 @@
-/* demo/gmssl/sms4enc.c */
+/* crypto/sms4/sms4speed.c */
 /* ====================================================================
  * Copyright (c) 2014 - 2016 The GmSSL Project.  All rights reserved.
  *
@@ -46,66 +46,42 @@
  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  * OF THE POSSIBILITY OF SUCH DAMAGE.
  * ====================================================================
- *
  */
 
+
 #include <stdio.h>
 #include <stdlib.h>
-#include <openssl/evp.h>
-#include <openssl/err.h>
-#include <openssl/hmac.h>
-#include <openssl/rand.h>
+#include <string.h>
+#include <libgen.h>
+#include <openmp.h>
+#include "sms4.h"
+
 
 int main(int argc, char **argv)
 {
-	int ret = -1;
-	FILE *fp = stdin;
-	unsigned char key[32];
-	unsigned char buf[1024];
-	int len;
-	const EVP_MD *md;
-	HMAC_CTX hmctx;
-	unsigned char mac[EVP_MAX_MD_SIZE];
-	unsigned int maclen, i;
+	sms4_key_t sms4_key;
+	unsigned char user_key[16] = {
+		0x11,  0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88,
+		0x11,  0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88,
+	};
+	size_t buflen = SMS4_BLOCK_SIZE * 8 * 3 * 1000 * 1000;	
+	unsigned char *buf = NULL;
+	unsigned char *p;
+	int i;	
 
-	if (argc == 2) {
-		if (!(fp = fopen(argv[1], "r"))) {
-			fprintf(stderr, "open file %s failed\n", argv[1]);
-			return -1;
-		}
+
+	if (!(buf = (unsigned char *)malloc(buflen))) {
+		fprintf(stderr, "malloc failed\n");
+		return -1;
 	}
 
-	HMAC_CTX_init(&hmctx);
-
-	RAND_bytes(key, sizeof(key));
-
-	OpenSSL_add_all_digests();
-	if (!(md = EVP_get_digestbyname("sm3"))) {
-		ERR_print_errors_fp(stderr);
-		goto end;
-	}
-
-	if (!EVP_DigestSignInit()) {
-		goto end;
+	sms4_set_encrypt_key(&sms4_key, user_key);
+	
+	#pragma omp parallel for
+	for (i = 0, p = buf; i < buflen/(SMS4_BLOCK_SIZE * 16); i++, p += SMS4_BLOCK_SIZE * 16) {
+		sms4_encrypt_16blocks(&sms4_key, p, p);
 	}	
-
-	while ((len = fread(buf, 1, sizeof(buf), fp))) {
-		EVP_DigestSignUpdate(&hmctx, buf, len);
-	}
-
-	if (!EVP_DigestSignFinal()) {
-		goto end;
-	}
-
-	for (i = 0; i < maclen; i++) {
-		printf("%02x", mac[i]);
-	}
-	printf("\n");
-	ret = 0;
-
-end:
-	fclose(fp);
-	EVP_cleanup();
-	return ret;
+	
+	return 0;
 }
 
diff --git a/crypto/sms4/sms4test.c b/crypto/sms4/sms4test.c
new file mode 100644
index 00000000..28325b59
--- /dev/null
+++ b/crypto/sms4/sms4test.c
@@ -0,0 +1,79 @@
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include "sms4.h"
+
+int main(int argc, char **argv)
+{
+	int i;
+	sms4_key_t key;
+	unsigned char buf[16];
+
+	unsigned char user_key[16] = {
+		0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
+		0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
+	};
+
+	uint32_t rk[32] = {
+		0xf12186f9, 0x41662b61, 0x5a6ab19a, 0x7ba92077,
+		0x367360f4, 0x776a0c61, 0xb6bb89b3, 0x24763151,
+		0xa520307c, 0xb7584dbd, 0xc30753ed, 0x7ee55b57,
+		0x6988608c, 0x30d895b7, 0x44ba14af, 0x104495a1,
+		0xd120b428, 0x73b55fa3, 0xcc874966, 0x92244439,
+		0xe89e641f, 0x98ca015a, 0xc7159060, 0x99e1fd2e,
+		0xb79bd80c, 0x1d2115b0, 0x0e228aeb, 0xf1780c81,
+		0x428d3654, 0x62293496, 0x01cf72e5, 0x9124a012,
+	};
+
+	unsigned char plaintext[16] = {
+		0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
+		0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
+	};
+
+	unsigned char ciphertext1[16] = {
+		0x68, 0x1e, 0xdf, 0x34, 0xd2, 0x06, 0x96, 0x5e,
+		0x86, 0xb3, 0xe9, 0x4f, 0x53, 0x6e, 0x42, 0x46,
+	};
+
+	unsigned char ciphertext2[16] = {
+		0x59, 0x52, 0x98, 0xc7, 0xc6, 0xfd, 0x27, 0x1f,
+		0x04, 0x02, 0xf8, 0x04, 0xc3, 0x3d, 0x3f, 0x66,
+	};
+
+	/* test key scheduling */
+	sms4_set_encrypt_key(&key, user_key);
+
+	if (memcmp(key.rk, rk, sizeof(rk)) != 0) {
+		printf("sms4 key scheduling not passed!\n");
+		goto end;
+	}
+	printf("sms4 key scheduling passed!\n");
+	
+	/* test encrypt once */
+	sms4_encrypt(&key, plaintext, buf);
+	
+	if (memcmp(buf, ciphertext1, sizeof(ciphertext1)) != 0) {
+		printf("sms4 encrypt not pass!\n");
+		goto end;
+	}
+	printf("sms4 encrypt pass!\n");
+
+	/* test encrypt 1000000 times */
+	memcpy(buf, plaintext, sizeof(plaintext));
+	for (i = 0; i < 1000000; i++) {
+		sms4_encrypt(&key, buf, buf);
+	}
+
+	if (memcmp(buf, ciphertext2, sizeof(ciphertext2)) != 0) {
+		printf("sms4 encrypt 1000000 times not pass!\n");
+		goto end;
+	}
+	printf("sms4 encrypt 1000000 times pass!\n");
+	printf("sms4 all test vectors pass!\n");
+	
+	return 0;
+end:
+	printf("some test vector failed\n");
+	return -1;
+}
+
diff --git a/demos/ameth.c b/demos/ameth.c
new file mode 100644
index 00000000..2a130d7a
--- /dev/null
+++ b/demos/ameth.c
@@ -0,0 +1,36 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/evp.h>
+#include <openssl/asn1.h>
+
+int main(int argc, char **argv)
+{
+
+	int i;
+	
+/*
+int EVP_PKEY_asn1_get_count(void);
+const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx);
+const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type);
+const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe,
+                                                   const char *str, int len);
+
+*/
+
+	int count = EVP_PKEY_asn1_get_count();
+	printf("EVP_PKEY_asn1_get_count() = %d\n", count);
+
+	for (i = 0; i < count; i++) {
+		const EVP_PKEY_ASN1_METHOD *ameth;
+		ameth = EVP_PKEY_asn1_get0(i);
+		
+		int j;
+		const unsigned char *p = (const unsigned char *)ameth;
+		for (j = 0; j < 64; j++) {
+			printf("%02x", p[j]);
+		}
+		printf("\n");
+	}
+	
+}
diff --git a/demos/gmssl/ec_key.pem b/demos/gmssl/ec_key.pem
new file mode 100644
index 00000000..66a49c29
--- /dev/null
+++ b/demos/gmssl/ec_key.pem
@@ -0,0 +1,8 @@
+-----BEGIN EC PARAMETERS-----
+BggqhkjOPQMBAQ==
+-----END EC PARAMETERS-----
+-----BEGIN EC PRIVATE KEY-----
+MF8CAQEEGFKLikRIH3/XDuvS4Ih6SFr+bWVAnAAv1aAKBggqhkjOPQMBAaE0AzIA
+BP2x9MuZ06z72j1BMoUe6zYbmenKt3RgZZufuTMbAoz2XIeFwlmDk2pX6XS2+uiU
+gA==
+-----END EC PRIVATE KEY-----
diff --git a/demos/gmssl/eckey.pem b/demos/gmssl/eckey.pem
new file mode 100644
index 00000000..c935b625
--- /dev/null
+++ b/demos/gmssl/eckey.pem
@@ -0,0 +1,10 @@
+-----BEGIN PRIVATE KEY-----
+MIIBYQIBADCB7AYHKoZIzj0CATCB4AIBATAsBgcqhkjOPQEBAiEA/////v//////
+//////////////8AAAAA//////////8wRAQg/////v////////////////////8A
+AAAA//////////wEICjp+p6dn140TVqeS89lCafzl4n1FauPkt28vUFNlA6TBEEE
+MsSuLB8ZgRlfmQRGajnJlI/jC7/yZgvhcVpFiTNMdMe8Nzai9PZ3nFm9zuNraSFT
+0KmHfMYqR0AC3zLlITnwoAIhAP////7///////////////9yA99rIcYFK1O79Ak5
+1UEjAgEBBG0wawIBAQQgPiMJOFBUJIqDZgYNyIei38Yknx9O9PpMAcmLGVx4PQqh
+RANCAARZKqeiImjJ27a/49Cquf0Zz8U0429NlCFxY6YmS1Lu9i9ApqUH7UfY7tb0
+9w8CpoqgJk4TjDz9ZQxNJPA2kZlq
+-----END PRIVATE KEY-----
diff --git a/demos/gmssl/ecparam.pem b/demos/gmssl/ecparam.pem
new file mode 100644
index 00000000..9ff67218
--- /dev/null
+++ b/demos/gmssl/ecparam.pem
@@ -0,0 +1,7 @@
+-----BEGIN EC PARAMETERS-----
+MIHgAgEBMCwGByqGSM49AQECIQD////+/////////////////////wAAAAD/////
+/////zBEBCD////+/////////////////////wAAAAD//////////AQgKOn6np2f
+XjRNWp5Lz2UJp/OXifUVq4+S3by9QU2UDpMEQQQyxK4sHxmBGV+ZBEZqOcmUj+ML
+v/JmC+FxWkWJM0x0x7w3NqL09necWb3O42tpIVPQqYd8xipHQALfMuUhOfCgAiEA
+/////v///////////////3ID32shxgUrU7v0CTnVQSMCAQE=
+-----END EC PARAMETERS-----
diff --git a/demos/gmssl/ecpubkey.pem b/demos/gmssl/ecpubkey.pem
new file mode 100644
index 00000000..ff0adbc2
--- /dev/null
+++ b/demos/gmssl/ecpubkey.pem
@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBMzCB7AYHKoZIzj0CATCB4AIBATAsBgcqhkjOPQEBAiEA/////v//////////
+//////////8AAAAA//////////8wRAQg/////v////////////////////8AAAAA
+//////////wEICjp+p6dn140TVqeS89lCafzl4n1FauPkt28vUFNlA6TBEEEMsSu
+LB8ZgRlfmQRGajnJlI/jC7/yZgvhcVpFiTNMdMe8Nzai9PZ3nFm9zuNraSFT0KmH
+fMYqR0AC3zLlITnwoAIhAP////7///////////////9yA99rIcYFK1O79Ak51UEj
+AgEBA0IABFkqp6IiaMnbtr/j0Kq5/RnPxTTjb02UIXFjpiZLUu72L0CmpQftR9ju
+1vT3DwKmiqAmThOMPP1lDE0k8DaRmWo=
+-----END PUBLIC KEY-----
diff --git a/apps/sm2-gencert.sh b/demos/gmssl/gencert.sh
similarity index 100%
rename from apps/sm2-gencert.sh
rename to demos/gmssl/gencert.sh
diff --git a/demos/gmssl/gmssl.sh b/demos/gmssl/gmssl.sh
index 4fc433ed..6290aa52 100755
--- a/demos/gmssl/gmssl.sh
+++ b/demos/gmssl/gmssl.sh
@@ -1,23 +1,27 @@
 #!/bin/bash
 
 
-gmssl=/usr/local/bin/gmssl
+#gmssl=/usr/local/bin/gmssl
+
+gmssl=../../apps/gmssl
 paramfile=ecparam.pem
 keyfile=eckey.pem
 pubkeyfile=ecpubkey.pem
 pkeyopt="-pkeyopt ec_paramgen_curve:sm2p256v1"
 
 
-echo -n abc | $gmssl dgst -sm3
-echo -n abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd | gmssl dgst -sm3
+#echo -n abc | $gmssl dgst -sm3
+#echo -n abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd | gmssl dgst -sm3
 
-#$gmssl version
-#$gmssl ecparam -list_curves | grep sm2
-#$gmssl ecparam -text -noout -name sm2p256v1 -param_enc explicit
+$gmssl version
+$gmssl ecparam -list_curves | grep sm2
+$gmssl ecparam -text -noout -name sm2p256v1 -param_enc explicit
 
 $gmssl genpkey -genparam -algorithm SM2 $ecpkeyopt -out $paramfile
-#$gmssl genpkey -algorithm EC $pkeyopt -out $keyfile
-#$gmssl pkey -text -noout -in $keyfile
-#$gmssl pkey -in $keyfile -pubout -out $pubkeyfile
-#$gmssl pkey -text -noout -pubin -in $pubkeyfile
+$gmssl genpkey -algorithm SM2 $ecpkeyopt -out $keyfile
+$gmssl pkey -text -noout -in $keyfile
 
+$gmssl pkey -in $keyfile -pubout -out $pubkeyfile
+$gmssl pkey -text -noout -pubin -in $pubkeyfile
+
+echo hello | $gmssl pkeyutl -sign -inkey $keyfile -hexdump
diff --git a/apps/sm2-initca.sh b/demos/gmssl/initca.sh
similarity index 100%
rename from apps/sm2-initca.sh
rename to demos/gmssl/initca.sh
diff --git a/demos/gmssl/pem.c b/demos/gmssl/pem.c
new file mode 100644
index 00000000..06aab4db
--- /dev/null
+++ b/demos/gmssl/pem.c
@@ -0,0 +1,32 @@
+#include <stdio.h>
+#include <openssl/bio.h>
+#include <openssl/pem.h>
+#include <openssl/ec.h>
+
+int main(int argc, char **argv)
+{
+	BIO *in = BIO_new_fp(stdin, BIO_NOCLOSE);
+	EC_GROUP *group = NULL;
+	EC_KEY *ec_key = NULL;
+	ERR_load_crypto_strings();
+
+
+
+	group = PEM_read_bio_SM2PKParameters(in, NULL, NULL, NULL);
+	if (!group) {
+		ERR_print_errors_fp(stderr);
+		return 0;
+	}
+
+	if (!EC_GROUP_check(group, NULL)) {
+		ERR_print_errors_fp(stderr);
+		return 0;
+	}
+
+	return 0;
+
+	ec_key = EC_KEY_new();
+	EC_KEY_set_group(ec_key, group);
+
+	return 0;
+}
diff --git a/demos/gmssl/seal.c b/demos/gmssl/seal.c
new file mode 100644
index 00000000..1ef3581f
--- /dev/null
+++ b/demos/gmssl/seal.c
@@ -0,0 +1,111 @@
+#include <stdio.h>
+#include <string.h>
+#include <strings.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/ecies.h>
+#include <openssl/objects.h>
+
+
+
+EVP_PKEY *pkey_new_ec()
+{
+	int rv;
+	ECIES_PARAMS param;
+	EC_KEY *ec_key = NULL;
+	EVP_PKEY *pkey = NULL;
+
+	ec_key = EC_KEY_new_by_curve_name(NID_sm2p256v1);
+	OPENSSL_assert(ec_key);
+	rv = EC_KEY_generate_key(ec_key);
+	OPENSSL_assert(rv == 1);
+	
+	param.mac_nid = NID_hmac_full_ecies;
+	param.kdf_md = EVP_sha1();
+	param.sym_cipher = EVP_aes_128_cbc();
+	param.mac_md = EVP_sha1();
+	rv = ECIES_set_parameters(ec_key, &param);
+	ERR_print_errors_fp(stderr);
+	OPENSSL_assert(rv == 1);	
+	OPENSSL_assert(ECIES_get_parameters(ec_key) != NULL);
+	
+	pkey = EVP_PKEY_new();
+	OPENSSL_assert(pkey);
+
+	const EVP_PKEY_ASN1_METHOD *ameth = EVP_PKEY_asn1_find(NULL, EVP_PKEY_SM2);
+	OPENSSL_assert(ameth);
+	
+
+
+	rv = EVP_PKEY_set1_SM2(pkey, ec_key);
+	ERR_print_errors_fp(stderr);
+	OPENSSL_assert(rv == 1);
+
+	return pkey;		
+}
+
+
+int test_pkey_enc(void)
+{
+	int rv;
+	EVP_PKEY *pkey[2];
+	int num_pkeys = sizeof(pkey)/sizeof(pkey[0]);
+	EVP_CIPHER_CTX ctx;
+	const EVP_CIPHER *cipher = EVP_sms4_cbc();
+	unsigned char iv[16];
+	unsigned char ek[2][256];
+	int eklen[sizeof(pkey)/sizeof(pkey[0])];
+	char *msg1 = "Hello ";
+	char *msg2 = "World!";
+	unsigned char ctbuf[256];
+	unsigned char ptbuf[256];
+	unsigned char *p;
+	int len, ctlen;
+	int i;
+
+	for (i = 0; i < num_pkeys; i++) {
+		pkey[i] = pkey_new_ec();
+	}
+
+	EVP_CIPHER_CTX_init(&ctx);
+
+	RAND_bytes(iv, sizeof(iv));
+
+
+	/* EVP_SealInit/Update/Final() */
+
+	rv = EVP_SealInit(&ctx, cipher, ek, eklen, iv, pkey, num_pkeys);
+	OPENSSL_assert(rv == num_pkeys);
+
+	p = ctbuf;
+
+	rv = EVP_SealUpdate(&ctx, p, &len, (unsigned char *)msg1, strlen(msg1));
+	OPENSSL_assert(rv == 1);
+
+	p += len;
+
+	rv = EVP_SealUpdate(&ctx, p, &len, (unsigned char *)msg2, strlen(msg2));
+	OPENSSL_assert(rv == 1);
+
+	p += len;
+
+	rv = EVP_SealFinal(&ctx, p, &len);
+	OPENSSL_assert(rv == 1);
+
+	p += len;
+
+	ctlen = p - ctbuf;
+
+	
+	/* EVP_OpenInit/Update/Final() */	
+	
+	printf("%s() success!\n", __FUNCTION__);
+	return 0;
+}
+
+int main(int argc, char **argv)
+{
+	test_pkey_enc();
+	return 0;
+}
+
diff --git a/demos/gmssl/sm2-gencert.sh b/demos/gmssl/sm2-gencert.sh
new file mode 100755
index 00000000..7b7c2d73
--- /dev/null
+++ b/demos/gmssl/sm2-gencert.sh
@@ -0,0 +1,11 @@
+#!/bin/bash -x
+
+KEY_FILE=user.key
+REQ_FILE=user.req
+CERT_FILE=user.pem
+
+gmssl ecparam -genkey -name sm2p256v1 -text -out $KEY_FILE
+gmssl req -new -key $KEY_FILE -out $REQ_FILE
+gmssl ca -out $CERT_FILE  -outdir . -infiles $REQ_FILE
+gmssl pkcs12 -export -out user.pfx -in $CERT_FILE -inkey $KEY_FILE -certfile ./demoCA/cacert.pem
+
diff --git a/demos/gmssl/sm2-initca.sh b/demos/gmssl/sm2-initca.sh
new file mode 100755
index 00000000..117f91a2
--- /dev/null
+++ b/demos/gmssl/sm2-initca.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+DIR=demoCA
+
+rm -fr $DIR
+mkdir $DIR
+mkdir $DIR/certs
+mkdir $DIR/crl
+mkdir $DIR/newcerts
+mkdir $DIR/private/
+touch $DIR/index.txt
+touch $DIR/crlnumber
+touch $DIR/private/.rand
+echo 01 > $DIR/serial
+
+gmssl ecparam -genkey -name sm2p256v1 -text -out $DIR/private/cakey.pem
+gmssl req -new -x509 -days 3650 -key $DIR/private/cakey.pem -out $DIR/cacert.pem
+gmssl x509 -text -noout -in $DIR/cacert.pem
+
diff --git a/demos/gmssl/sm2.c b/demos/gmssl/sm2.c
index 3008acc3..7e655c0a 100644
--- a/demos/gmssl/sm2.c
+++ b/demos/gmssl/sm2.c
@@ -59,14 +59,297 @@
 #include <openssl/engine.h>
 #include <openssl/sm2.h>
 
+#define NUM_PKEYS	4
 
 int main()
 {
+	int ret = -1;
+	int verbose = 0;
+	BIO *out = NULL;
+
+	int id = EVP_PKEY_SM2;
+	const EVP_MD *md = EVP_sm3();
 	ENGINE *engine = NULL;
-	EVP_PKEY_CTX *pkctx;
+
+	EVP_PKEY_CTX *pkctx = NULL;
+	EVP_PKEY *pkey = NULL;
+	EVP_MD_CTX *mdctx = NULL;
+	EVP_CIPHER_CTX *cpctx = NULL;
+
+	unsigned char dgst[EVP_MAX_MD_SIZE] = "hello world";
+	size_t dgstlen = 32;
+	unsigned char sig[256];
+	size_t siglen = sizeof(sig);
+
+	unsigned char msg[] = "hello world this is the message";
+	size_t msglen = sizeof(msg);
+	unsigned char cbuf[512];
+	size_t cbuflen = sizeof(cbuf);
+	unsigned char mbuf[512];
+	size_t mbuflen = sizeof(mbuf);
+
+	int len;
+	unsigned int ulen;
+
+	ERR_load_crypto_strings();
+
+	out = BIO_new_fp(stdout, BIO_NOCLOSE);
+
+	if (!(pkctx = EVP_PKEY_CTX_new_id(id, engine))) {
+		fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
+		goto end;
+	}
+
+	if (!EVP_PKEY_keygen_init(pkctx)) {
+		fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
+		goto end;
+	}
+
+	if (!EVP_PKEY_keygen(pkctx, &pkey)) {
+		fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
+		goto end;
+	}
+
+	EVP_PKEY_CTX_free(pkctx);
+
+	if (0) {
+		EVP_PKEY_print_public(out, pkey, 4, NULL);
+		BIO_printf(out, "\n");
+		EVP_PKEY_print_private(out, pkey, 4, NULL);
+		BIO_printf(out, "\n");
+	}
+
+	if (!(pkctx = EVP_PKEY_CTX_new(pkey, engine))) {
+		fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
+		goto end;
+	}
+
+	/* EVP_PKEY_sign() */
+
+	if (!EVP_PKEY_sign_init(pkctx)) {
+		fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
+		goto end;
+	}
+
+	bzero(sig, sizeof(sig));
+	siglen = sizeof(sig);
+	dgstlen = 32;
+
+	if (!EVP_PKEY_sign(pkctx, sig, &siglen, dgst, dgstlen)) {
+		fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
+		goto end;
+	}
+
+	if (verbose) {
+		size_t i;
+		printf("signature (%zu bytes) = ", siglen);
+		for (i = 0; i < siglen; i++) {
+			printf("%02X", sig[i]);
+		}
+		printf("\n");
+	}
+
+	if (!EVP_PKEY_verify_init(pkctx)) {
+		fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
+		goto end;
+	}
+
+	if (EVP_PKEY_verify(pkctx, sig, siglen, dgst, dgstlen) != SM2_VERIFY_SUCCESS) {
+		fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
+		goto end;
+	}
+
+	if (verbose) {
+		printf("signature verification success!\n");
+	}
+
+	/* EVP_PKEY_encrypt() */
+
+	if (!EVP_PKEY_encrypt_init(pkctx)) {
+		fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
+		goto end;
+	}
+
+	cbuflen = sizeof(cbuf);
+	if (!EVP_PKEY_encrypt(pkctx, cbuf, &cbuflen, msg, msglen)) {
+		fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
+		goto end;
+	}
+
+	if (verbose) {
+		size_t i;
+		printf("ciphertext (%zu bytes) = ", cbuflen);
+		for (i = 0; i < cbuflen; i++) {
+			printf("%02X", cbuf[i]);
+		}
+		printf("\n");
+	}
+
+	if (!EVP_PKEY_decrypt_init(pkctx)) {
+		fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
+		goto end;
+	}
+
+	bzero(mbuf, sizeof(mbuf));
+	mbuflen = sizeof(mbuf);
+	if (!EVP_PKEY_decrypt(pkctx, mbuf, &mbuflen, cbuf, cbuflen)) {
+		fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
+		goto end;
+	}
+
+	if (verbose) {
+		printf("original  message = %s\n", msg);
+		printf("decrypted message = %s\n", mbuf);
+	}
 
 
-	pkctx = EVP_PKEY_CTX_new_id(id, engine);
+	/* EVP_PKEY_encrypt_old */
+
+
+	if ((len = EVP_PKEY_encrypt_old(cbuf, msg, (int)msglen, pkey)) <= 0) {
+		fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
+		goto end;
+	}
+
+	if (verbose) {
+		int i;
+		printf("ciphertext (%d bytes) = ", len);
+		for (i = 0; i < len; i++) {
+			printf("%02X", cbuf[i]);
+		}
+		printf("\n");
+	}
+
+	bzero(mbuf, sizeof(mbuf));
+	if ((len = EVP_PKEY_decrypt_old(mbuf, cbuf, len, pkey)) <= 0) {
+		fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
+		goto end;
+	}
+
+	if (verbose) {
+		printf("original  message = %s\n", msg);
+		printf("decrypted message = %s\n", mbuf);
+	}
+
+	if (!(mdctx = EVP_MD_CTX_create())) {
+		fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
+		goto end;
+	}
+
+	
+	/* EVP_SignInit_ex/Update/Final_ex */
+
+	if (!EVP_SignInit_ex(mdctx, EVP_sm3(), engine)) {
+		fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
+		goto end;
+	}
+
+	if (!EVP_SignUpdate(mdctx, msg, msglen)) {
+		fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
+		goto end;
+	}
+
+	if (!EVP_SignFinal(mdctx, sig, &ulen, pkey)) {
+		fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
+		goto end;
+	}
+	siglen = ulen;
+
+	if (verbose) {
+		size_t i;
+		printf("signature (%zu bytes) = ", siglen);
+		for (i = 0; i < siglen; i++) {
+			printf("%02X", sig[i]);
+		}
+		printf("\n");
+	}
+
+	if (!EVP_VerifyInit_ex(mdctx, EVP_sm3(), engine)) {
+		fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
+		goto end;
+	}
+
+	if (!EVP_VerifyUpdate(mdctx, msg, msglen)) {
+		fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
+		goto end;
+	}
+
+	if (EVP_VerifyFinal(mdctx, sig, ulen, pkey) != SM2_VERIFY_SUCCESS) {
+		fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
+		goto end;
+	}
+
+
+	/* EVP_DigestSignInit/Update/Final() */
+	// FIXME: return values might be different, not just 1 or 0
+	if (!EVP_DigestSignInit(mdctx, &pkctx, md, engine, pkey)) {
+		fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
+		goto end;
+	}
+
+	if (!EVP_DigestSignUpdate(mdctx, msg, msglen)) {
+		fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
+		goto end;
+	}
+
+	siglen = sizeof(sig);
+	if (!EVP_DigestSignFinal(mdctx, sig, &siglen)) {
+		fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
+		goto end;
+	}
+
+	pkctx = NULL;	
+	if (!EVP_DigestVerifyInit(mdctx, &pkctx, md, engine, pkey)) {
+		ERR_print_errors_fp(stderr);
+		fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
+		goto end;
+	}
+
+	if (!EVP_DigestVerifyUpdate(mdctx, msg, msglen)) {
+		fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
+		goto end;
+	}
+
+	if (!EVP_DigestVerifyFinal(mdctx, sig, siglen)) {
+		fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
+		goto end;
+	}
+
+
+	/* EVP_SealInit/Update/Final() EVP_OpenInit/Update/Final() */
+	/*
+	EVP_PKEY *pk[NUM_PKEYS] = {0};
+	unsigned char iv[16];
+	unsigned char ek[NUM_PKEYS][256];
+	int eklen[NUM_PKEYS];
+
+	RAND_pseudo_bytes(iv, sizeof(iv));
+
+	int i;
+	for (i = 0; i < NUM_PKEYS; i++) {
+	}
+
+	if (!(cpctx = EVP_CIPHER_CTX_new())) {
+		goto end;
+	}
+
+	if (!EVP_SealInit(cpctx, cipher, ek, &ekl, iv, pubk, npubk)) {
+		goto end;
+	}
+
+	if (!EVP_SealUpdate(cpctx, msg, msglen)) {
+		goto end;
+	}
+
+	if (!EVP_SealFinal(cpctx, cbuf, (int *)&cbuflen)) {
+		goto end;
+	}
+	*/
+
+	printf("test success!\n");
+	ret = 1;
+end:
+	ERR_print_errors_fp(stderr);
+	return ret;
 }
 
-
diff --git a/engines/e_skf.c b/engines/e_skf.c
index 5b8bc3f1..be28525a 100644
--- a/engines/e_skf.c
+++ b/engines/e_skf.c
@@ -1,3 +1,7 @@
+/*
+ * The SKF ENGINE will be released when EC_KEY_METHOD is avaiable
+ */
+
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
@@ -28,74 +32,106 @@ static int skf_destroy(ENGINE *e);
 #define SKF_CMD_LIST_DEVS	ENGINE_CMD_BASE
 
 
+static int skf_open_container(const char *dev,
+	const unsigned char *authkey, size_t authkeylen,
+	const char *app, const char *pin,
+	const char *container, HCONTAINER *phContainer)
+{
+	ULONG rv;
+	DEVINFO devInfo;
+	DEVHANDLE hDev = NULL;
+	HAPPLICATION hApp = NULL;
+	HCONTAINER hContainer = NULL;
 
+	if ((rv = SKF_ConnectDev(dev, &hDev)) != SAR_OK) {
+		goto end;
+	}
+
+	if ((rv = SKF_GetDevInfo(hDev, &devInfo)) != SAR_OK) {
+		goto end;
+	}
+
+	if ((rv = SKF_GenRandom(hDev, authRand, sizeof(authRand))) != SAR_OK) {
+		fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
+		goto end;
+	}
+
+	/* Encrypt(authRand, authData, authKey) */
+
+	if ((rv = SKF_DevAuth(hDev, authData, len)) != SAR_OK) {
+		fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
+		goto end;
+	}
+
+	if ((rv = SKF_OpenApplication(hDev, appName, &hApp)) != SAR_OK) {
+		goto end;
+	}
+	if ((rv = SKF_VerifyPIN(hApp, USER_TYPE, pin, &retryCount)) != SAR_OK) {
+		goto end;
+	}
+
+	if ((rv = SKF_OpenContainer(hApp, containerName, &hContainer)) != SAR_OK) {
+		goto end;
+	}
+	if ((rv = SKF_GetContainerType(hContainer, &containerType)) != SAR_OK) {
+		goto end;
+	}
+	if (containerType != CONTAINER_TYPE_ECC) {
+		goto end;
+	}
+
+end:
+	return 0;
+}
+
+
+static EVP_PKEY *skf_load_pubkey(ENGINE *e, const char *key_id,
+	UI_METHOD *ui_method, void *callback_data)
+{
+	ULONG rv, len;
+	EVP_PKEY *ret = NULL;
+	EC_KEY *ec_key = NULL;
+	ECCPUBLICKEYBLOB blob;
+	BIGNUM *x = NULL;
+	BIGNUM *y = NULL;
+	int nbytes;
+
+	len = sizeof(blob);
+	if ((rv = SKF_ExportPublicKey(hContainer, TRUE, &blob, &len)) != SAR_OK) {
+		goto end;
+	}
+
+	if (!(ec_key = EC_KEY_new_by_curve_name(NID_sm2p256v1))) {
+		goto end;
+	}
+	if (EC_KEY_get_degree(ec_key) != blob.BitLen) {
+		goto end;
+	}
+	nbytes = (blob.BitLen + 7)/8;
+	if (!(x = BN_bin2bn(&(blob.XCoordinate), nbytes, NULL))) {
+		goto end;
+	}
+	if (!(y = BN_bin2bn(&(blob.YCoordinate), nbytes, NULL))) {
+		goto end;
+	}
+	if (!EC_KEY_set_public_key_affine_coordinates(ec_key, x, y)) {
+		goto end;
+	}
+
+	if (!(ret = EVP_PKEY_new())) {
+		goto end;
+	}
+	EVP_PKEY_assign_SM2(ret, ec_key);	
+
+end:
+	EC_KEY_free(ec_key);
+	BN_free(x);
+	BN_free(y)
+	return ret;	
+}
 
 static int skf_init(ENGINE *e)
 {
-	ULONG rv;
-	ULONG len;
-	BOOL bPresent = TRUE;
-	CHAR *devNameList = NULL;
-	LPSTR devName;
-	ULONG devState;
-	DEVINFO devInfo;
-	BYTE authData[16];
-
-	CHAR appNameList[256];
-	LPSTR appName;
-	HAPPLICATION hApp;
-
-	CHAR containerNameList[256];
-	LPSTR containerName; 
-	HCONTAINER hContainer;
-	ULONG containerType;
-
-	if ((rv = SKF_EnumDev(bPresent, NULL, &len)) != SAR_OK) {
-		SKFerr(SKF_F_SKF_INIT, skf_err2openssl(rv));
-		goto end;
-	}
-	if (!(devNameList = OPENSSL_malloc(len))) {
-		goto end;
-	}
-	if ((rv = SKF_EnumDev(bPresent, devNameList, &len)) != SAR_OK) {
-		goto end;
-	}
-	if (devNameList[0] = 0) {
-		return -1;
-	}
-	devName = devNameList;
-
-	if ((rv = SKF_ConnectDev(devName, &hDev)) != SAR_OK) {
-		return -1;
-	}
-	if ((rv = SKF_GetDevInfo(hDev, &devInfo)) != SAR_OK) {
-		return -1;
-	}
-	if ((rv = SKF_DevAuth(hDev, authData, sizeof(authData))) != SAR_OK) {
-		return -1;
-	}
-	
-	if ((rv = SKF_EnumApplication(hDev, NULL, &len)) != SAR_OK) {
-		return -1;
-	}
-	if (!(appNameList = OPENSSL_malloc(len))) {
-		return -1;
-	}
-	if ((rv = SKF_EnumApplication(hDev, appNameList, &len)) != SAR_OK) {
-		return -1;
-	}
-	if (appNameList[0] = 0) {
-		return -1;
-	}
-	appName = appNameList;
-
-	if ((rv = SKF_OpenApplication(hDev, appName, &hApp)) != SAR_OK) {
-		return -1;
-	}
-
-	for (p = containerNameList; p; p += strlen(p)) {
-		// check container type
-	}
 	return 0;
 }
 
@@ -104,12 +140,6 @@ static int skf_finish(ENGINE *e)
 	return 0;
 }
 
-
-typedef struct {
-	HANDLE hKey;
-} EVP_SKF_KEY;
-
-
 static int skf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 	const unsigned char *iv, int enc)
 {
@@ -476,7 +506,7 @@ static ENGINE *engine_skf(void)
 	return ret;
 }
 
-void ENGINE_load_4758cca(void)
+void ENGINE_load_skf(void)
 {
 	ENGINE *e_skf = engine_skf();
 	if (!e_skf) {
@@ -500,9 +530,15 @@ static int bind(ENGINE *e, const char *id)
 
 	if (!ENGINE_set_id(e, engine_skf_id) ||
 		!ENGINE_set_name(e, engine_skf_name) ||
+		!ENGINE_set_init_function(e, skf_init) ||
+		!ENGINE_set_finish_function(e, skf_finish) ||
+		!ENGINE_set_ctrl_function(e, skf_ctrl) ||
+		!ENGINE_set_destroy_function(e, skf_destroy) ||
 		!ENGINE_set_digests(e, skf_digests) ||
 		!ENGINE_set_ciphers(e, skf_ciphers) ||
+		!ENGINE_set_load_pubkey_function(e, skf_load_pubkey) ||
 		!ENGINE_set_RAND(e, &skf_random)) {
+
 		return 0;
 	}
 
diff --git a/engines/skf/a.out b/engines/skf/a.out
new file mode 100755
index 0000000000000000000000000000000000000000..922ed0d852955503257d3e89455f06b73d0979f3
GIT binary patch
literal 17224
zcmeHOeQ;aVmA{tk*l_?Wlq}g6mPaND<||Psfs~SBCsv|N?4U+AVGF4u+t0CxBy06i
z9JbkY2<q}s%%}^2bhe#(=*P0a7SrNv41|h?#wNpuOIgayvQu>mtlR-=S{Bk4lKq`~
z&y${><gh!lGyTVJ=DquV=bU@ax#ymH-+fn4Fa7bIll4N>IE5H;2qBtqj?@W}78>q^
z_)DB#oPmI^b))A?o~_ptwfv|lhgA{j8H9mApwn|>XSs;1ua(o-ynt^4?#PlP0)eDH
zn4~*(*!AV-p)p_$EK+>JwJa-(S}|mWfj}ae>P{3%c749{l)j}bVPdmF1M7nsc_@8>
zemxx1<Dl5}C0SoP%M+%!7mo`6dJ@TaD7upc?D}%7?*Udq*m{)d1|tyY8HgrI0krGu
zzCg8?`il<2r#k|HRP@$Rv^Nln_6<PLuJ5a?&+Kx-cAu>J0|C81&=(IzbVar6n__)#
zu0$BQJL^I1Sc8NJ1ln3VTP<RmYNv294OkwGDep+HsXGveh69P+k?w(TAeM~Js?StM
z`D@lCy_6qjjt~w6b`F$!q0&E>ru;MY5w`1VAVqux0^#84{L?h0&&~3Lt@^0Fjm)E>
zH169sZQ1N;+hlei6x5J_Mi(5c(EBL`Nsr_!D3)Meks`Q|zYQp9J~0m;a10=aQbT|!
zHx}bubF~nEjj~~_5G|lDz`YNr^&m{=d@Ip*KY6VvcCnRp7J!EH44f-diTKKJsC#Aa
z?r<+K9iPETek}Q`z9-NA>UE#~XaDHpOB|E8(LCV7DH;(ioR^rGXgHeDUaFV3b~Z5C
zS%Z^!D*unvQlyHuVc)+yk<=qA)~$dap>7D`SdNqI<*yRrMwAybrufVqpB#ZMukogL
z@7qJ@Z}0Gd2Y+|!ly^8i^8t#?nJy%`H#6UBbexz-KLr-4Gmac4A!BTmiiz|H3QB0)
z9%K>R4)N_ox(#<4_!DVTPPy;R9HB~H<5=PEkn%?Q5g?>79<F!Lqip(33=;3~+EzTG
zOlJ(K+?yFA8>6D|^K*zdwx9H5ju6pEx8Pa`SJikAG-lEyZ9KDY+GV7#rQ6{(xHjEE
zX){gcGm^ZoP-CR8l$=Y;Iq6(e`U@t>J6!iea>9^poxT!ukVY+}3l-^63yDS*r2e%;
zLOUNOlo_Ltp=E!-M1huNfr>420~F$DLuIVSF^(WU`QK8UY8A$-3TCC?S|5zT%01GG
zL`{ce?WRKqo`Vu2eVOv(Z<NF)a&CB7>fieejZClcqLFS^LhVZE+A^VarqEI)bdeHT
zStfM5DWoYOhZ0&+CiH+Qbe<CW&$G#ywTmDGukS*Z!s`qQBfVHjJgFqkQWE=>#ITe&
zM@f7`Nz_9kGnSPcm*V`r;>?$vdnM-##nBaKf#e*NoCd|&tT^w%`^?xkC8t(#Rw>T!
zC1*r(gyNiQt@B;U`RF~__a85m?fb2)^PuFMP@G>Y&O4Ixh~&JlIM0Fe1kHfRg3(eI
z80i`C3m@aTP?j_+rR3_TpvXJC=qQSDT1j{_b(hd^%dA0i+ya$G`fb#o{t_l(bpIec
zr=%?D&m5rE7S6|dxSIZ(mHr;me~Z$89MMzy8>RjN>Hj01u^8h!pm@~><Cj6wIPNtj
z3h$srNPn`M8NQRu8hOLp?9Ch)lEA0oc2M0e#%)a9x^PRn+B4~XDvXu}ui+}(k8xMc
z%R{m!79Bw`9#dW}Eqd7t7mV~9<Ygzklre4}ma`ZlGC~H65hp(jt+QD1DJ$E^N=jLI
zn!+PveNqN6PgdT==z>bAIdg=Daz;+bg%g++tGWN7Oo~M(QH<ZF6zfIB-;;`8C&dS(
z;<b6mp?430QJm_>cD#S;RN2%_c8&CFs8@(#$|$odXXlMd+hfvrn(AW?jG-3hFe+eT
zwKCB!iLxckGt#e+;(x2E_+5H7n9rcG9ly6ZM%oH5RGr%%mo?X}W|vSCF6~e*Q3018
zP!G5pl}pOAG2$8NDROCP)#t`dQt?=)szsFxmsS<L0)m+|$<YJGVWgjjQe$`$*Rlr;
zk>vyCS;?_HV2ERXzzotTFw$PAH6Jj$ETjvm&xh-7wvhM%(@`Q}zT8MCGe&Bt|Iega
z!#N;iTMGp%bA+0fIY7^9Bb|dMg(Mb@m3_Y%77wGT!Z-#M4@wmWW<D&cD7=7GUu89n
zDVSXQbEE|vI2R5W>8D_Y4HqVg`2Y&_P2t~Z-pQ=J8=fn5-pqC0&+j?Wl*WW6R^_~V
zpQR<s_M?TzuyV|n4qDF~#&B))8hcK7jns_S=qhYK+Shc!9jGWok-z<D(*<n`LtVLW
zU*8I=e2KsPDAiY(6tqZvs0}lzf_Lwp0@-Lv(`t6Y^AVcWIE|!4Q#^$UTKf<cSCR32
zRH|>+PwO$rqH7;Q8^@R9-Z+k_XX+$o$>&<fn?dk^k~u$$h<0Q?({5}>TaQeFkA+zd
zMLRmk_|SOKYaBQ%;mgRQQF)hs5Jh1>;&@DItT~qc87S~ka=djI-^jWNWDHfnj7k~`
z*Q0`Wc=clP=q*TKo*q6z9(ngptdlj;BP4f`l3Pe}-?z!#uH+7q+$m%V^nHkA82_40
z?g1s2CAnWfPPP~ZC!RTl16fOUk9q#F=9uRmam;fs$^(e(!3&Tz6P|C1dMAnzOcf};
z>yX3;0e~J+#i%MCrvfQQ5kq|LBzrfJUzsz{f&aAj{d@-^n;rtkntJE}q~28!E#-re
zdVl-TYzbHEU!&`7tfuqrhUc}a`3F976~`?3cRD`oQ?6IhUmOn=B7GKrElk^ZDdneW
zfSfOlr;72A@hoo3bh$jM{=+)3jE*;`;cZ68D{V&Cl-KY~wi$>+MSH#b-gXzql+l$h
zjjO+q{pHC|2&4_VQ;wzSO-#)+7?a+$#A({cBT%CeNbiJ5wR@16hly+a#LT43o<iXk
zOz5l$F1?14>D~9NTZW)weo*7z=35>rZDU@gUTLIP>(5et6#IwfD|E5ZQD`$fZ;(J~
zzA__OC0=FqXPfWL`k%yC_R&$u(hlw&TRxWAgFK}i9DW_HS@Ov;`P%B2@`>YF+22)S
z8bOq+Wdip!b%HGuh*LEa?!&|FFmcN>VF%{xs+lmW{~XM!{8IlG^W_ts4>a+f{`o-m
zFpOk!md0OMe~<`u2$`?Q-|F*6u|7`$P+vCx{9pN&fv&RE7N4R%&iB%krShkY&rLRG
z4pw+t|4e;I;HlHfn<>f;|G&$BQas7Na<F=PEb)O@u|H>v4`k%{EAlN<x_ac;__p>}
z)HnHNK>7Jr)Nk@RezVq}jc@Uf=8xIp-+F@|3#ev1QndEW_Qjd)uGXh{iB~XEZy-Zn
zgNIXS;v`h$jO|ZhK{SeI%p;i4N7{^;n_9no+W1lX${m=!KdOwcVm!D##pd$-U7GKB
zvXsu0#;^VPSs|}Fuh{?pdp<b}W47`4=do9{vu)1{j?d}ZE1Oe3Kb7K9y}iZ$G4s_H
z|1y4=3suGo_^5vR{FqHY#?Pr`$C0|HmOU@8FUsqbyuK{2ui)A~eEu+sR{yDGdr)Tk
z@mvtoZ(-@%Pj6DwuhZRSboVmdwb0!p-Ca+2Pt)CYx_caVZTeS2J-W69KNxA(Xv-3f
zqRn$dpmm+!v!yfO?`-Y#NP=&x$42SevU$t(+gPMI746mgLQ%c<V!;~y$zW1vjmpL*
z{K9ojqtIC320fk#4Ma7K?Dno$)(cigFq-NM_9RnrJr0Is!6j`|B9UT>B(tkpd$3y%
zD@qyNug62du(l-?=~mU0BbqlD@4Yn`*EQ34$@GR$JTeQbHN4ZmJF-3)Gc8@Cxd)fI
z*9^il@LKV+R*6~8^9B?BRe7BQNjT__1rdCCz>^g8ZHVi-l}s%qdPi{3vwr=$R9{~y
zGEBD+p-IW>@%TU-w+V!{Q6zTtCG|vdMUUAzt*K<c9!-XNf=TKEUoer-dsj4y)>tfT
z5-lmQeju6*qIcsmPe^T}=%OAMTm7v9eu-vj@M2Mt?A#sW?)Rs9dh`UUY>fE*?V2w>
zaEsoP)SCN~$=Ee3SMH1?65$mC@tqe7|K<&vf1ocpkldw5g`1950%n4#aPsnCEG7hg
zd{v&fk-&J%66bNLp`=5@N$VsWHS`-2{bocb{q9T$-DAw)_arBNOCk;Uz5Z-bGlSi?
z3x%VG1`r+2+qR0DL066IjQWNw#Ac%_>DjM$z%E(2o6Cb-KEUN8Tpr?bc1?4fxd_Zf
zU@ii45txg>Tm<GKFc*Qj2+T!bE&_8An2W$%1pZtRShz&Hfov~q3DBqO!Jb`#p8j2d
zohj@zi7&=oSw-)~{zyz@Tj&c}`Ne#o8y|h+3-_TsHsRz^lO;WIO=^nhk)GIYQYEq?
z-fYv}7Yv1o?q+)2BD)5(z8JoEPxg^W3m}vw^duoKP?1OGusIRH{{x(XNPj>d)O%7%
z9pByu$+L?h*zysVVoxR@+_a_Q6nXqQde$~ET(e$`)_BCbHEkm2*r<!Q9DeBkk+XfE
zXBT$&#Lt{vQSqv?Gaig4BB7-CofG?Qp}yU|O<Tlx?e#Hi?i{MyDh|xs6p0PQlj6mB
z9l;*)n+3uV3?(-V#G%9U73@!mhil@Yq`n~(*2Tl~oMIFotJejiJ$iVXO>nwqAR5K4
z5?O!J(I1TN)WwI+usB*9*Rc;NepTxf@>BPy__$_J+*OY~tNrtZBNY+*9X;{gv82F<
z1hrKCki)VICX70=o)DRN#jP#z1YF5qfOrgP*lY@k;|^VXy;e995HX$jm18G%+{E|-
zr^u32Qp`A_;&8pP@hvApLHnWN@mkU^Z?h#6w0S0;n<pG{7ghYgDFvQ)I>iVnliQwR
z!iinU$Yy=Fc)1Y{X>e$UE+b1J66UUW$JtG{6#1tSgVCiB$dLe=O1pqmeSa;n9|b!P
zj#JXbL$zTYfxEj-Mdwa5WM~;_r%R45dAbZOhb}!B_ak@Wx^nmR+JS^Feo+TuaGln0
z-XX&&_LiC|MyX?$L)DC3_%S8?HH+{Vgom18(yH|3x>Dc#7y?-clv(}ABJk`yZ!p@6
zg!-p5kP^+*4!R6ojLQgJa`+qoE$Wq7_x*X;;2ds%5V5kC;4(^=DZ1q8lD&**bje}M
zy>`7GPlozv4^<cGdTfs(z`kH8F79l=KB)=*VZI+bqS$(+@V|iG8@e1u<yg4CJ}G|M
zARJajKdSeoy0I}!(vy%LfwXh0I9~4&Z`SK^vUL*4jCKt~M83XcbRRs=k?O&uaz&g(
z=9^yJJ|Atk9G(xYz-43wl=?$Eqiw-tP#kJdLsmT5;29*xEDq<Ob&9IY$a*WGAKHE5
z6>6e*mWEX~Y+#(jH8fJ3Xo!c(2p^M%m1NnC%P3u@u%lZtKQ^DuKQX_;{Ey-G3{}al
zqROifbx%}f>2Kz@>FVyc^QkG~eN)dLP-%+fXXui>f@)p?$6I$|!##qzMz;D}jc{{Y
zDA`X9Ioc>3=KXkMYqZzGdm6nkMM{P~i^~*UhOWeAgf6)&p?Fgi6W^~JMS;d9QD?4n
zbj5mQUo~zBMT23nk0yuJV2!ReE8M$4d;`=eqUKkd6&_unDm+eu@G7uI@NWiX;in74
zaZqza&0l3!$a94^slwG%0e^Q;6+T!X{zMgsn!nnt@bxp4h5IllhSpF8y5!bi%AZ=O
zxipun#Wm`5xzukJnyV#S0}3IxrnyFIK#?rBMw|BXmM(4|-IE-h=7DF4+@o*8#`qMz
zP(vZk$4Phx_TdSCmNE9`C0@r^!w0Oyr;qYUp1xNn9A)grCqRU6XWYX3>i00FKZ6ke
zJB;0|?+Fv*D`(=r#CQkm|0U!6rxpKg#v1<ULh>gWPcff-qm%v!L&Xvkv%b$U_OZP!
zjE9*2WfODzcQM|<`fg=B!uU?cEsPJE^%+0J*v0KX!gzGC^6yo~F~<MJILr70lh5sQ
zVnsmh8)dwR@eanz8D|-Pj&Y3Ry~UL0_6Hf~IUk~oM>rmPOw9dzFJr;_|Ap}k`}-8*
zDaJ1`rvI$KZShOSZpQC1rau@FALBr_Z|YoyFJkOw{xyvA>`yym!SVsdIp#+h53#-b
z82cF0Z_E_WDaQ1hFX0xh{}$sI_umJMHOBR|N<PQ&T5Mv@pJv8GtnWI;K5kDJV~zda
zWnzx+UK6vvyBX&>zwS5rJl?*?ILG`SGNvEwD8A1ycCo*&nwb5YW<0|FIPh&b#ly$=
zQ;cJbmoUz=J~!hX9G@>RZsGQ9F)_F2X2yc^GtAh{{J&+KXM7jqQO?(IGj?%4|3G3G
z$3gA=iCG`NNfMp}MoG8wc-4jrHvA_Wo~QH_>z`x8=iBfy8@}9zeemLoI6HB6;k*Io
zHk>!&#L==97eCI~<TMeWH-+_8SLcc)SLK#vr-e%EPX)uawIoxqptP>|O4QQIuSDYo
zo+6Z%<O<98fl6JHY*!|Uavdn^nrjOyP>)S3MLzhg1b*r>iB{DW=G$~4+srGX)x27n
zD@7sseqp({dLo$?M<g!uBV>J9ky^0isaR^6jN-D;B=G7?L0)`WfyEhKo0Ys_g4G>Q
zG!>}`3K4A~Arif#v8hyqqLW}Km#NlevyzhJ()yW+Ni?^tKRts)G8d8-DY=fc;IgL6
zb+ym7x;2GqQEXcYOV&m`3R753$`^wosklZrDVDc~B1x_BO(@s?WlPxdW$Ns5=EAm2
z!m_|+da~F7@|D!2q7UR7sRgT7Ka)WHQYK-(?@9sn+F#LCifj*!qS|AjsFs%!so30r
zkbw3S%o|HSf?Uc)0Bau7)<i`f60sNtr4im#A1h##j};KC3A5FFv6PNs*F?R_o5*~j
zm$<lnB2ibg_#)5Pe8rbg87a=A_Wcnlv#q$95~#A@6Oj8o*u}E!J(cZg$z7*1irVFp
aB(=dMZ;QK8#eFDq2g=-gs@Me+;(q|T>u4ST

literal 0
HcmV?d00001

diff --git a/engines/skf/skf.h b/engines/skf/skf.h
index 4b95b5ab..b271e666 100644
--- a/engines/skf/skf.h
+++ b/engines/skf/skf.h
@@ -143,9 +143,6 @@ typedef HANDLE HCONTAINER;
 #define SECURE_USER_ACCOUNT		0x00000010
 #define SECURE_ANYONE_ACCOUNT		0x000000FF
 
-#define DEV_ABSENT_STATE		0x00000000
-#define DEV_PRESENT_STATE		0x00000001
-#define DEV_UNKNOW_STATE		0x00000010
 
 
 
@@ -259,6 +256,10 @@ ULONG DEVAPI SKF_EnumDev(BOOL bPresent,
 ULONG DEVAPI SKF_ConnectDev(LPSTR szName,
 	DEVHANDLE *phDev);
 ULONG DEVAPI SKF_DisConnectDev(DEVHANDLE hDev);
+
+#define DEV_ABSENT_STATE		0x00000000
+#define DEV_PRESENT_STATE		0x00000001
+#define DEV_UNKNOW_STATE		0x00000010
 ULONG DEVAPI SKF_GetDevState(LPSTR szDevName,
 	ULONG *pulDevState);
 ULONG DEVAPI SKF_SetLabel(DEVHANDLE hDev,
@@ -354,17 +355,30 @@ ULONG DEVAPI SKF_OpenContainer(HAPPLICATION hApplication,
 	LPSTR szContainerName,
 	HCONTAINER *phContainer);
 ULONG DEVAPI SKF_CloseContainer(HCONTAINER hContainer);
+
+#define CONTAINER_TYPE_UNDEF	0
+#define CONTAINER_TYPE_RSA	1
+#define CONTAINER_TYPE_ECC	2
 ULONG DEVAPI SKF_GetContainerType(HCONTAINER hContainer,
 	ULONG *pulContainerType);
+
 ULONG DEVAPI SKF_ImportCertificate(HCONTAINER hContainer, 
-	BOOL bSignFlag,
+	BOOL bExportSignKey,
 	BYTE *pbCert,
 	ULONG ulCertLen);
+
 ULONG DEVAPI SKF_ExportCertificate(HCONTAINER hContainer,
 	BOOL bSignFlag,
 	BYTE *pbCert,
 	ULONG *pulCertLen);
 
+ULONG DEVAPI SKF_ExportPublicKey(HCONTAINER hContainer, 
+	BOOL bSignFlag,
+	BYTE *pbBlob,
+	ULONG *pulBlobLen);
+
+
+
 ULONG DEVAPI SKF_GenRandom(DEVHANDLE hDev,
 	BYTE *pbRandom,
 	ULONG ulRandomLen);
@@ -409,14 +423,16 @@ ULONG DEVAPI SKF_ExtRSAPriKeyOperation(DEVHANDLE hDev,
 	ULONG ulInputLen,
 	BYTE *pbOutput,
 	ULONG *pulOutputLen);
+
 ULONG DEVAPI SKF_GenECCKeyPair(HCONTAINER hContainer,
 	ULONG ulAlgId,
 	ECCPUBLICKEYBLOB *pBlob);
 ULONG DEVAPI SKF_ImportECCKeyPair(HCONTAINER hContainer,
 	PENVELOPEDKEYBLOB pEnvelopedKeyBlob);
+
 ULONG DEVAPI SKF_ECCSignData(HCONTAINER hContainer,
-	BYTE *pbData,
-	ULONG ulDataLen, 
+	BYTE *pbDigest,
+	ULONG ulDigestLen,
 	PECCSIGNATUREBLOB pSignature);
 
 ULONG DEVAPI SKF_ECCVerify(DEVHANDLE hDev,
@@ -439,7 +455,7 @@ ULONG DEVAPI SKF_ExtECCDecrypt(DEVHANDLE hDev,
 	PECCCIPHERBLOB pCipherText,
 	BYTE *pbPlainText,
 	ULONG *pulPlainTextLen);
-ULONG DEVAPI SKF_ExtECCSign(DEVHANDLE hDev, 
+ULONG DEVAPI SKF_ExtECCSign(DEVHANDLE hDev,
 	ECCPRIVATEKEYBLOB *pECCPriKeyBlob,
 	BYTE *pbData,
 	ULONG ulDataLen,
@@ -449,6 +465,7 @@ ULONG DEVAPI SKF_ExtECCVerify(DEVHANDLE hDev,
 	BYTE *pbData,
 	ULONG ulDataLen,
 	PECCSIGNATUREBLOB pSignature);
+
 ULONG DEVAPI SKF_GenerateAgreementDataWithECC(HCONTAINER hContainer,
 	ULONG ulAlgId,
 	ECCPUBLICKEYBLOB *pTempECCPubKeyBlob,
@@ -471,10 +488,8 @@ ULONG DEVAPI SKF_GenerateKeyWithECC(HANDLE hAgreementHandle,
 	BYTE *pbID,
 	ULONG ulIDLen,
 	HANDLE *phKeyHandle);
-ULONG DEVAPI SKF_ExportPublicKey(HCONTAINER hContainer, 
-	BOOL bSignFlag,
-	BYTE *pbBlob,
-	ULONG *pulBlobLen);
+
+
 ULONG DEVAPI SKF_ImportSessionKey(HCONTAINER hContainer, 
 	ULONG ulAlgId,
 	BYTE *pbWrapedData,
@@ -484,6 +499,7 @@ ULONG DEVAPI SKF_SetSymmKey(DEVHANDLE hDev,
 	BYTE *pbKey,
 	ULONG ulAlgID,
 	HANDLE *phKey);
+
 ULONG DEVAPI SKF_EncryptInit(HANDLE hKey,
 	BLOCKCIPHERPARAM EncryptParam);
 ULONG DEVAPI SKF_Encrypt(HANDLE hKey,
@@ -514,6 +530,7 @@ ULONG DEVAPI SKF_DecryptUpdate(HANDLE hKey,
 ULONG DEVAPI SKF_DecryptFinal(HANDLE hKey, 
 	BYTE *pbDecryptedData,
 	ULONG *pulDecryptedDataLen);
+
 ULONG DEVAPI SKF_DigestInit(DEVHANDLE hDev, 
 	ULONG ulAlgID,
 	ECCPUBLICKEYBLOB *pPubKey,
diff --git a/engines/skf/skf_impl.c b/engines/skf/skf_softtoken.c
similarity index 78%
rename from engines/skf/skf_impl.c
rename to engines/skf/skf_softtoken.c
index 704288f0..a59eaac0 100644
--- a/engines/skf/skf_impl.c
+++ b/engines/skf/skf_softtoken.c
@@ -2,24 +2,14 @@
 #include <string.h>
 #include "skf.h"
 
-#define DEV_NAME		"dev0"
+#define DEV_NAME		"skf-soft-token"
 #define DEV_NAME_LIST		DEV_NAME"\0"
-#define APP_NAME		"app0"
+#define APP_NAME		"default-app"
 #define APP_NAME_LIST		APP_NAME"\0"
 #define CONTAINER_NAME		"container0"
 #define CONTAINER_NAME_LIST	CONTAINER_NAME"\0"
-#define CONTAINER_TYPE_UNDEF	0
-#define CONTAINER_TYPE_RSA	1
-#define CONTAINER_TYPE_ECC	2
 
 
-int default_dev = 1;
-int default_app = 1;
-int default_container = 1;
-DEVHANDLE DEV_HANDLE = &default_dev;
-HAPPLICATION APP_HANDLE = &default_app;
-HCONTAINER CONTAINER_HANDLE = &default_container;
-
 
 ULONG DEVAPI SKF_WaitForDevEvent(LPSTR szDevName,
 	ULONG *pulDevNameLen, ULONG *pulEvent)
@@ -36,39 +26,12 @@ ULONG DEVAPI SKF_EnumDev(BOOL bPresent,
 	LPSTR szNameList,
 	ULONG *pulSize)
 {
-	if (!szNameList) {
-		*pulSize = sizeof(DEV_NAME_LIST);
-		return SAR_OK;
-	}
-
-	if (*pulSize < sizeof(DEV_NAME_LIST)) {
-		return SAR_BUFFER_TOO_SMALL;
-	}
-
-	memcpy(szNameList, DEV_NAME_LIST, sizeof(DEV_NAME_LIST));
-	*pulSize = sizeof(DEV_NAME_LIST);
-
 	return SAR_OK;
 }
 
 ULONG DEVAPI SKF_ConnectDev(LPSTR szName,
 	DEVHANDLE *phDev)
 {
-	printf("%s\n", (char *)szName);
-
-
-	if (!phDev) {
-		printf("shit\n");
-		return SAR_INVALIDPARAMERR;
-	}
-
-	if (memcmp(szName, DEV_NAME, sizeof(DEV_NAME))) {
-		printf("%s  %s\n", szName, DEV_NAME);
-		return SAR_FAIL;
-	}
-
-	*phDev = DEV_HANDLE;
-
 	return SAR_OK;
 }
 
@@ -80,23 +43,17 @@ ULONG DEVAPI SKF_DisConnectDev(DEVHANDLE hDev)
 ULONG DEVAPI SKF_GetDevState(LPSTR szDevName,
 	ULONG *pulDevState)
 {
-	if (!szDevName || !pulDevState) {
+	if (!pulDevState) {
 		return SAR_INVALIDPARAMERR;
 	}
-
-	if (memcmp(szDevName, DEV_NAME, sizeof(DEV_NAME))) {
-		return SAR_FAIL;
-	}
-
 	*pulDevState = DEV_PRESENT_STATE;
-
 	return SAR_OK;
 }
 
 ULONG DEVAPI SKF_SetLabel(DEVHANDLE hDev,
 	LPSTR szLabel)
 {
-	return SAR_NOTSUPPORTYETERR;
+	return SAR_OK;
 }
 
 ULONG DEVAPI SKF_GetDevInfo(DEVHANDLE hDev,
@@ -131,12 +88,12 @@ ULONG DEVAPI SKF_GetDevInfo(DEVHANDLE hDev,
 ULONG DEVAPI SKF_LockDev(DEVHANDLE hDev,
 	ULONG ulTimeOut)
 {
-	return SAR_NOTSUPPORTYETERR;
+	return SAR_OK;
 }
 
 ULONG DEVAPI SKF_UnlockDev(DEVHANDLE hDev)
 {
-	return SAR_NOTSUPPORTYETERR;
+	return SAR_OK;
 }
 
 ULONG DEVAPI SKF_Transmit(DEVHANDLE hDev,
@@ -145,14 +102,14 @@ ULONG DEVAPI SKF_Transmit(DEVHANDLE hDev,
 	BYTE *pbData,
 	ULONG *pulDataLen)
 {
-	return SAR_NOTSUPPORTYETERR;
+	return SAR_OK;
 }
 
 ULONG DEVAPI SKF_ChangeDevAuthKey(DEVHANDLE hDev,
 	BYTE *pbKeyValue,
 	ULONG ulKeyLen)
 {
-	return SAR_NOTSUPPORTYETERR;
+	return SAR_OK;
 }
 
 ULONG DEVAPI SKF_DevAuth(DEVHANDLE hDev,
@@ -168,7 +125,7 @@ ULONG DEVAPI SKF_ChangePIN(HAPPLICATION hApplication,
 	LPSTR szNewPin,
 	ULONG *pulRetryCount)
 {
-	return SAR_NOTSUPPORTYETERR;
+	return SAR_OK;
 }
 
 LONG DEVAPI SKF_GetPINInfo(HAPPLICATION hApplication,
@@ -193,12 +150,12 @@ ULONG DEVAPI SKF_UnblockPIN(HAPPLICATION hApplication,
 	LPSTR szNewUserPIN,
 	ULONG *pulRetryCount)
 {
-	return SAR_NOTSUPPORTYETERR;
+	return SAR_OK;
 }
 
 ULONG DEVAPI SKF_ClearSecureState(HAPPLICATION hApplication)
 {
-	return SAR_NOTSUPPORTYETERR;
+	return SAR_OK;
 }
 
 ULONG DEVAPI SKF_CreateApplication(DEVHANDLE hDev,
@@ -210,7 +167,7 @@ ULONG DEVAPI SKF_CreateApplication(DEVHANDLE hDev,
 	DWORD dwCreateFileRights,
 	HAPPLICATION *phApplication)
 {
-	return SAR_NOTSUPPORTYETERR;
+	return SAR_OK;
 }
 
 ULONG DEVAPI SKF_EnumApplication(DEVHANDLE hDev,
@@ -221,45 +178,31 @@ ULONG DEVAPI SKF_EnumApplication(DEVHANDLE hDev,
 		*pulSize = sizeof(APP_NAME_LIST);
 		return SAR_OK;
 	}
-
 	if (*pulSize < sizeof(APP_NAME_LIST)) {
 		return SAR_BUFFER_TOO_SMALL;
 	}
-
 	memcpy(szAppName, APP_NAME_LIST, sizeof(APP_NAME_LIST));
-
 	return SAR_OK;
 }
 
 ULONG DEVAPI SKF_DeleteApplication(DEVHANDLE hDev,
 	LPSTR szAppName)
 {
-	return SAR_NOTSUPPORTYETERR;
+	return SAR_OK;
 }
 
 ULONG DEVAPI SKF_OpenApplication(DEVHANDLE hDev,
 	LPSTR szAppName,
 	HAPPLICATION *phApplication)
 {
-	if (!szAppName || !phApplication) {
+	if (!phApplication) {
 		return SAR_INVALIDPARAMERR;
 	}
-
-	if (hDev != DEV_HANDLE || memcmp(szAppName, APP_NAME, sizeof(APP_NAME))) {
-		return SAR_FAIL;
-	}
-
-	*phApplication = APP_HANDLE;
-
 	return SAR_OK;
 }
 
 ULONG DEVAPI SKF_CloseApplication(HAPPLICATION hApplication)
 {
-	if (hApplication != APP_HANDLE) {
-		return SAR_FAIL;
-	}
-
 	return SAR_OK;
 }
 
@@ -315,13 +258,13 @@ ULONG DEVAPI SKF_CreateContainer(HAPPLICATION hApplication,
 	LPSTR szContainerName,
 	HCONTAINER *phContainer)
 {
-	return SAR_NOTSUPPORTYETERR;
+	return SAR_OK;
 }
 
 ULONG DEVAPI SKF_DeleteContainer(HAPPLICATION hApplication, 
 	LPSTR szContainerName)
 {
-	return SAR_NOTSUPPORTYETERR;
+	return SAR_OK;
 }
 
 ULONG DEVAPI SKF_EnumContainer(HAPPLICATION hApplication,
@@ -331,22 +274,14 @@ ULONG DEVAPI SKF_EnumContainer(HAPPLICATION hApplication,
 	if (!pulSize) {
 		return SAR_INVALIDPARAMERR;
 	}
-
-	if (hApplication != APP_HANDLE) {
-		return SAR_FAIL;
-	}
-
 	if (!szContainerName) {
 		*pulSize = sizeof(CONTAINER_NAME_LIST);
 		return SAR_OK;
 	}
-
 	if (*pulSize < sizeof(CONTAINER_NAME_LIST)) {
 		return SAR_BUFFER_TOO_SMALL;
 	}
-
 	memcpy(szContainerName, CONTAINER_NAME_LIST, sizeof(CONTAINER_NAME_LIST));
-
 	return SAR_OK;
 }
 
@@ -354,25 +289,11 @@ ULONG DEVAPI SKF_OpenContainer(HAPPLICATION hApplication,
 	LPSTR szContainerName,
 	HCONTAINER *phContainer)
 {
-	if (!szContainerName || !phContainer) {
-		return SAR_INVALIDPARAMERR;
-	}
-
-	if (hApplication != APP_HANDLE || memcmp(szContainerName, CONTAINER_NAME, sizeof(CONTAINER_NAME))) {
-		return SAR_FAIL;
-	}
-
-	*phContainer = CONTAINER_HANDLE;
-
 	return SAR_OK;
 }
 
 ULONG DEVAPI SKF_CloseContainer(HCONTAINER hContainer)
 {
-	if (hContainer != CONTAINER_HANDLE) {
-		return SAR_FAIL;
-	}
-
 	return SAR_OK;
 }
 
@@ -382,13 +303,7 @@ ULONG DEVAPI SKF_GetContainerType(HCONTAINER hContainer,
 	if (!pulContainerType) {
 		return SAR_INVALIDPARAMERR;
 	}
-
-	if (hContainer != CONTAINER_HANDLE) {
-		return SAR_FAIL;
-	}
-
-	*pulContainerType = CONTAINER_TYPE_UNDEF;
-	
+	*pulContainerType = CONTAINER_TYPE_ECC;
 	return SAR_OK;
 }
 
@@ -397,7 +312,7 @@ ULONG DEVAPI SKF_ImportCertificate(HCONTAINER hContainer,
 	BYTE *pbCert,
 	ULONG ulCertLen)
 {
-	return SAR_NOTSUPPORTYETERR;
+	return SAR_OK;
 }
 
 ULONG DEVAPI SKF_ExportCertificate(HCONTAINER hContainer,
@@ -412,19 +327,6 @@ ULONG DEVAPI SKF_GenRandom(DEVHANDLE hDev,
 	BYTE *pbRandom,
 	ULONG ulRandomLen)
 {
-/*
-	if (!pbRandom || ulRandomLen > 100 * 1024 * 1024) {
-		return SAR_INVALIDPARAMERR;
-	}
-
-	if (hDev != DEV_HANDLE) {
-		return SAR_FAIL;
-	}
-
-	if (!RAND_pseudo_bytes(pbRandom, ulRandomLen)) {
-		return SAR_GENRANDERR;
-	}
-*/
 	return SAR_OK;
 }
 
@@ -632,13 +534,13 @@ ULONG DEVAPI SKF_SetSymmKey(DEVHANDLE hDev,
 	ULONG ulAlgID, 
 	HANDLE *phKey)
 {
-	return SAR_NOTSUPPORTYETERR;
+	return SAR_OK;
 }
 
 ULONG DEVAPI SKF_EncryptInit(HANDLE hKey, 
 	BLOCKCIPHERPARAM EncryptParam)
 {
-	return SAR_NOTSUPPORTYETERR;
+	return SAR_OK;
 }
 
 ULONG DEVAPI SKF_Encrypt(HANDLE hKey,
@@ -647,7 +549,7 @@ ULONG DEVAPI SKF_Encrypt(HANDLE hKey,
 	BYTE *pbEncryptedData,
 	ULONG *pulEncryptedLen)
 {
-	return SAR_NOTSUPPORTYETERR;
+	return SAR_OK;
 }
 
 ULONG DEVAPI SKF_EncryptUpdate(HANDLE hKey,
@@ -656,20 +558,20 @@ ULONG DEVAPI SKF_EncryptUpdate(HANDLE hKey,
 	BYTE *pbEncryptedData, 
 	ULONG *pulEncryptedLen)
 {
-	return SAR_NOTSUPPORTYETERR;
+	return SAR_OK;
 }
 
 ULONG DEVAPI SKF_EncryptFinal(HANDLE hKey,
 	BYTE *pbEncryptedData,
 	ULONG *pulEncryptedDataLen)
 {
-	return SAR_NOTSUPPORTYETERR;
+	return SAR_OK;
 }
 
 ULONG DEVAPI SKF_DecryptInit(HANDLE hKey, 
 	BLOCKCIPHERPARAM DecryptParam)
 {
-	return SAR_NOTSUPPORTYETERR;
+	return SAR_OK;
 }
 
 ULONG DEVAPI SKF_Decrypt(HANDLE hKey, 
@@ -678,7 +580,7 @@ ULONG DEVAPI SKF_Decrypt(HANDLE hKey,
 	BYTE *pbData, 
 	ULONG *pulDataLen)
 {
-	return SAR_NOTSUPPORTYETERR;
+	return SAR_OK;
 }
 
 ULONG DEVAPI SKF_DecryptUpdate(HANDLE hKey, 
@@ -687,14 +589,14 @@ ULONG DEVAPI SKF_DecryptUpdate(HANDLE hKey,
 	BYTE *pbData, 
 	ULONG *pulDataLen)
 {
-	return SAR_NOTSUPPORTYETERR;
+	return SAR_OK;
 }
 
 ULONG DEVAPI SKF_DecryptFinal(HANDLE hKey, 
 	BYTE *pbDecryptedData,
 	ULONG *pulDecryptedDataLen)
 {
-	return SAR_NOTSUPPORTYETERR;
+	return SAR_OK;
 }
 
 ULONG DEVAPI SKF_DigestInit(DEVHANDLE hDev,
diff --git a/engines/skf/skftest.c b/engines/skf/skftest.c
index 2361e441..5417d812 100644
--- a/engines/skf/skftest.c
+++ b/engines/skf/skftest.c
@@ -4,45 +4,81 @@
 #include <assert.h>
 #include "skf.h"
 
+#define AUTH_RAND_LEN		16
+#define AUTH_DATA_LEN		16
+#define AUTH_KEY_LEN		16
+
 int main(int argc, char **argv)
 {
 	ULONG rv;
+	BYTE buf[2048];
 	ULONG len;
 
 	BOOL bPresent = TRUE;
 	CHAR devNameList[256];
 	LPSTR devName;
-	DEVHANDLE hDev;
+	DEVHANDLE hDev = NULL;
 	ULONG devState;
+	char *devStateStr;
 	DEVINFO devInfo;
-	BYTE authData[16];
-	
+
+	BYTE authRand[AUTH_RAND_LEN];
+	BYTE authData[AUTH_DATA_LEN];
+	BYTE authKey[AUTH_KEY_LEN];
+	BLOCKCIPHERPARAM authParam;
+	HANDLE hAuthKey = NULL;
+
 	CHAR appNameList[256];
 	LPSTR appName;
-	HAPPLICATION hApp;
+	HAPPLICATION hApp = NULL;
 
 	CHAR containerNameList[256];
 	LPSTR containerName; 
-	HCONTAINER hContainer;
+	HCONTAINER hContainer = NULL;
 	ULONG containerType;
+	char *containerTypeStr;
+
+	BYTE dgst[32];
+	ULONG dgstLen = sizeof(dgst);
+	ECCSIGNATUREBLOB sigblob;
+
 
 	len = sizeof(devNameList);
-	rv = SKF_EnumDev(bPresent, devNameList, &len);
-	assert(rv == SAR_OK);
+	if ((rv = SKF_EnumDev(bPresent, devNameList, &len)) != SAR_OK) {
+		goto end;
+	}
 
 	devName = devNameList;
-	printf(" Device Name : %s\n", devName);
+	printf("Device Name : %s\n", devName);
 
-	rv = SKF_GetDevState(devName, &devState);
-	assert(rv == SAR_OK);
-	printf(" Device State: %ld\n", devState);
-	
-	rv = SKF_ConnectDev(devName, &hDev);
-	assert(rv == SAR_OK);
+	if ((rv = SKF_GetDevState(devName, &devState)) != SAR_OK) {
+		goto end;
+	}
 
-	rv = SKF_GetDevInfo(hDev, &devInfo);
-	assert(rv == SAR_OK);
-	
+	switch (devState) {
+	case DEV_ABSENT_STATE:
+		devStateStr = "DEV_ABSENT_STATE";
+		break;
+	case DEV_PRESENT_STATE:
+		devStateStr = "DEV_PRESENT_STATE";
+		break;
+	case DEV_UNKNOW_STATE:
+		devStateStr = "DEV_UNKNOW_STATE";
+		break;
+	default:
+		devStateStr = "(undefined)";	
+	}
+	printf("Device State: %s\n", devStateStr);
+
+	if ((rv = SKF_ConnectDev(devName, &hDev)) != SAR_OK) {
+		goto end;
+	}
+
+	if ((rv = SKF_GetDevInfo(hDev, &devInfo)) != SAR_OK) {
+		goto end;
+	}
+
+	printf("Device Info:\n");
 	printf(" Device Version   : %d.%d\n", devInfo.Version.major, devInfo.Version.minor);
 	printf(" Manufacturer     : %s\n", devInfo.Manufacturer);
 	printf(" Issuer           : %s\n", devInfo.Issuer);
@@ -54,67 +90,119 @@ int main(int argc, char **argv)
 	printf(" AlgAsymCap       : 0x%08x\n", devInfo.AlgAsymCap);
 	printf(" AlgHashCap       : 0x%08x\n", devInfo.AlgHashCap);
 	printf(" AlgHashCap       : 0x%08x\n", devInfo.DevAuthAlgId);
-	printf(" Total Space      : %ld\n", devInfo.TotalSpace);
-	printf(" Free Space       : %ld\n", devInfo.FreeSpace);
-	printf(" MaxECCBuffer     : %ld\n", devInfo.MaxECCBufferSize);
-	printf(" MaxBuffer        : %ld\n", devInfo.MaxBufferSize);
+	printf(" Total Space      : %u\n", devInfo.TotalSpace);
+	printf(" Free Space       : %u\n", devInfo.FreeSpace);
+	printf(" MaxECCBuffer     : %u\n", devInfo.MaxECCBufferSize);
+	printf(" MaxBuffer        : %u\n", devInfo.MaxBufferSize);
 
 
+	/* Device Authentication */
+	if ((rv = SKF_GenRandom(hDev, authRand, sizeof(authRand))) != SAR_OK) {
+		fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
+		goto end;
+	}
 
-	ULONG ulAuthAlgId = devInfo.DevAuthAlgId;
-	unsigned char pbAuthKey[16] = {0};
+	if ((rv = SKF_SetSymmKey(hDev, authKey, devInfo.DevAuthAlgId, &hAuthKey)) != SAR_OK) {
+		fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
+		goto end;
+	}
+
+	bzero(&authParam, sizeof(authParam));
+	if ((rv = SKF_EncryptInit(hAuthKey, authParam)) != SAR_OK) {
+		fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
+		goto end;
+	}
+
+	if ((rv = SKF_Encrypt(hAuthKey, authRand, sizeof(authRand), authData, &len)) != SAR_OK) {
+		fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
+		goto end;
+	}
+
+	if ((rv = SKF_DevAuth(hDev, authData, len)) != SAR_OK) {
+		fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
+		goto end;
+	}
 	
+	printf("Device Authentication Passed.\n");
 
-	/* get the DevAuth challenge from GenRandom API
-	 * encrypt challenge with DevAuthKey
-	 */
-	rv = SKF_GenRandom(hDev, authRandom, sizeof(authRandom));
-
-
-	rv = SKF_EncryptInit(hKey, param);
-	
-	rv = SKF_Encrypt(hKey, authRandom, 16, authResponse, &ulAuthLen);
-
-
-	rv = SKF_DevAuth(hDev, authData, authDataLen);
-	assert(rv == SAR_OK);
-
-
-	/*
-	 */
+	/* Open Application */
 
 	len = sizeof(appNameList);		
-	rv = SKF_EnumApplication(hDev, appNameList, &len);
-	assert(rv == SAR_OK);
+
+	if ((rv = SKF_EnumApplication(hDev, appNameList, &len)) != SAR_OK) {
+		goto end;
+	}
 
 	appName = appNameList;
 	printf("Application Name : %s\n", appName);
 
-	rv = SKF_OpenApplication(hDev, appName, &hApp);
-	assert(rv == SAR_OK);
-	
+	if ((rv = SKF_OpenApplication(hDev, appName, &hApp)) != SAR_OK) {
+		goto end;
+	}
+
+	/* Open Containter */	
+
 	len = sizeof(containerNameList);
-	rv = SKF_EnumContainer(hApp, containerNameList, &len);
-	assert(rv == SAR_OK);
+
+	if ((rv = SKF_EnumContainer(hApp, containerNameList, &len)) != SAR_OK) {
+		goto end;
+	}
 
 	containerName = containerNameList;
 	printf("Container Name: %s\n", containerName);
 
-	rv = SKF_OpenContainer(hApp, containerName, &hContainer);
-	assert(rv == SAR_OK);
+	if ((rv = SKF_OpenContainer(hApp, containerName, &hContainer)) != SAR_OK) {
+		goto end;
+	}
 
-	rv = SKF_GetContainerType(hContainer, &containerType);
-	assert(rv == SAR_OK);
+	if ((rv = SKF_GetContainerType(hContainer, &containerType)) != SAR_OK) {
+		goto end;
+	}
 
-	printf("Container Type: %ld\n", containerType);
+	switch (containerType) {
+	case CONTAINER_TYPE_UNDEF:
+		containerTypeStr = "Undef";
+		break;
+	case CONTAINER_TYPE_RSA:
+		containerTypeStr = "RSA";
+		break;
+	case CONTAINER_TYPE_ECC:
+		containerTypeStr = "ECC";
+		break;
+	default:
+		containerTypeStr = "(error)";
+	}		
+	printf("Container Type: %s\n", containerTypeStr);
 
 
-	rv = SKF_CloseContainer(hContainer);
-	assert(rv == SAR_OK);
+	/* Sign */
+	if ((rv = SKF_ECCSignData(hContainer, dgst, dgstLen, &sigblob)) != SAR_OK) {
+		goto end;
+	}
 
-	rv = SKF_CloseApplication(hApp);
-	assert(rv == SAR_OK);
+	/* Export Signing Public Key */
+	if ((rv = SKF_ExportPublicKey(hContainer, TRUE, buf, &len)) != SAR_OK) {
+		goto end;
+	}
+
+	printf("Success\n");
+end:
+	//SKF_CloseContainer(hContainer);
+	//SKF_CloseApplication(hApp);
+	return 0;
+}
+
+int open_container(const char *dev, const char *app, const char *container,
+	const unsigned char *authkey, size_t authkeylen)
+{
+	DEVHANDLE hDev = NULL;
+	DEVINFO devInfo;
+	HAPPLICATION hApp = NULL;
+	HCONTAINER hContainer = NULL;
+
+	
 
 	return 0;
 }
 
+
diff --git a/engines/skf/skftest.o b/engines/skf/skftest.o
new file mode 100644
index 0000000000000000000000000000000000000000..278a903110fd0c47899145355eb5fa768351c844
GIT binary patch
literal 4980
zcma)Ae~c7Y9e+ppu|0u1ET`18W=Np9R+iGHHb`A_$KAmY;JDoGRbpF*VRx2Wxt(2i
zXUkrr=4ctiblCI~xdx4Cs6QfUszKYWT+>UhDRPvw)|kdx;~$NR;S#K<EfT85&-cxD
zc4ww+;^byN@B96H-{<?CH*emXy*ID^?V}|^wA~<Z!MPBpSb$TZh7dR7JWNE3<M1au
zLZLo5d>fjAPN@gfG|Q-3Xz-zFse#=o-)iD7V_uu|sPBnoLVT563&jM1e`s2|Y?X56
zK6XU)e4R0_>+N>Gr-$rrIH6a_7xlEIRm=l9Goxuc`Wqw~-Tr;DQ$<}gX2&|caYHjC
zscFWjmM!Ud!|M>OPi4Ixj~1h>$EE;1>bD8k;6y4R+Pxd0WUFu<hx60G&QA)F!E++n
zA)LX39v_{b3OfJK_K517R}WsCST2NGn>z8&YuD78ed#j5Ma6KsH>%FgD|7Zspvd9O
zoT4D7ev)9$J`SMdXijnnn$>1=wAtLv%{jXtEd{;iY)VPhtL_X*sm_@T@C(O&7FL3q
z9fua-I)5J1O|2ysU;_CiI`%Q@;?@aH3fWPu)sIN$3^^UU2iF#g-+`iQQ?&ESWAmMk
z{Y7flHsacGXgB4g^saP2cA?F&?~%;s!i+uJVSmYYskKFAs?)J25IcVl{BV6e;9Bju
ziUAkKo}$dA3->ujmRl#8=AF?9W1ze{+W@1*olP$$#roL~WH|L|5jZIW6DyFckwsb^
zFUZ~<FHF4#5yxH^tRvA*#noz3|KKY$S5@cNj@=y!`mfaXgEsp?YeGSnLP3xEK}sm-
z&!M0n_(8XXf_{e}RQ)*SE~<6`j=d@r@unAX#EYoOh?Sv;vxso(lalESG3O+6R5D9L
z%<GalCYe}>`GsV@FPViQ=6T5+my8H8UY{RH=0E=kJp05++2@30u7sGMN#<F}yx(MA
zr1b=|;AC?aIQAv*AD;_%%E-@u6GCdO>kwd?)-~0oHxICpCx>HSMF07(VCBZ+ucC73
zPd4@4DZ1O1`nP)eYe@fV*Vn&5`d6{?;vL@u;kzzRuS2ABPIcy_E~Y=_b!&$yt@Ey<
zcB}5xgfxZ}G^<{76`Dn_*@-4;?Qrc;0;eaYI-M=6Jb;_VD0~YrUA%skf1xT<s8Wvc
zj+$J>Fe1k(VPnLp&X!qLcv)6amdf?Byh~Z$!`lT(sqD_stL(~Ux~1?b`Ea^k224M4
zec?Zn@RSrzJdL=<tIr!ieb4*Xu7#Fn%Iny_N57Bf#T|(Gt)5y*Cby|S*1#fqVGSc_
zrl9=*50Mm^bL_WT3%^HugTFJ?_xvkT7^$@=>3P{RahWF*dZMH~URr`?NxP+U#;dGO
zoMZo{bx99M;d;vJMV(tza5n;7o8oALS>V{OL)59A#Wl3SkXvprrzI2EV2FusFkhe>
za%>f{{syxy;95=3yte4pfQvVn<xLkhm>5}Zon#s#QJaN@+15jY<<8Kpxl^=PJN7Ip
zX>ps|k?|C6RXAtx4xEq@Q<whTkZ93ur7SdY6f=hlaO{_mrLpP=^}c~C9X5UP+%>Bn
zJWU@d54|eY`i+NkX+s&r_m{FsSzB%w{R8)Fy_=H*gDEYU>P-zu$I$RV#4|FueQ?*8
zIi$N{W{hmkG%~jfR!myDWw4@`W1E>RY-$$@2i$Lz%DIB6D3mv|er*QSPTj0z@oiZt
z86^;sLP^TDa=F4D>E=?E9r|8l%=3i&Nu!k0$CSZJey`WfD@0NCQs#hOG88{~Gxe5S
zDc^$X9ov^2&-dv?Khq{<Lv`(jja5_zuD2W{!<?#@N1Gi3T&iH9z$8ATjYj1a=xr$(
zM$k=nO8%XCb)c_rb0wQ?jtu()PDpw2MyXUN(M@A$+eLYQ)-uZ0`n3OWdMnnbVOqJg
zZqXwc(#vHdv%X#Q7K>xPGcYCk3Z|vw>6YX?A=!2@LQh-_Cwm3z65TT4?V=f(8ZYwW
zPgc@tql_-0gMW9>Y!4kYnd!LUkzvtR?QH8@x+FG<s5S82g7X+wL^}N6EuwdM=eHO1
zEyGqQkLO}StPmppBoLqa2?vPp`S_ziydYf$@J86{fp~G_G3Kx0ON{u7jPEd>VSJ8p
zD-bVI{IkFg;73SI`hNma|6c(?#a$p?v-p1IcQJoA5P$I)``g(6cdY)n_xO3>O{n`F
zAnE;<@kI~gPXa0K2$13?m>*}<f!I6Z8-Nsd8<65Y!~9K*A0i0N_)mddz{i0UKLMn8
z3rP9%j3YpN2gUCIQk(*$xRuN=WBdSviboxP8%X1F8b~@bY(K;H580k%+hO}*whL@O
z$o2@^o7ujP?QXVLvrTI=<y*q`MHpnC$A#)S$M&mi|CsHk*q&f}ob3nLPO*J2+jp|P
zlI>+|FJ^llb9O26%>wZk{|PRX|GPkhbh(UGMuTyf@voT8_~96T14#XT4y1lZfta#!
zdKYMZ14w`ITfh!9{Npw>0;c#dVkbcc`MwBGzm0?Z%Mtq<5&PbVjdw8A{|^!Sj!6FR
zMfjT|{4)_g7qO|<V7>H{Gidij^qz?Du?Vk6_!SXeXvytcw4`BSYsham#yxwWS}c^T
zp~_w?qYWn(Mbk)I*!MWdtmFemx-?$2d`24E%p4qfBVRU{*i|&l#@gz~R`LOtrj@M>
zR^g(@ZZ#+$ZMmLJ0)f@NDG_q!vC8}X&0*cl6!Q3o6qNP!el0z^U(4#bF)sk>w2KHW
sTf~2ttgO&{q;c`m%WnW*&uSD)TSHiOUj-X8*VNaS%<VJ#bxRlj0~QgB!~g&Q

literal 0
HcmV?d00001