diff --git a/Makefile.in b/Makefile.in
index b375312..b40bd83 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -147,12 +147,12 @@ COMMON_CPPFLAGS = -I. -I./lzma -I./lzfx -I./lz4 -I./rabin -I./bsdiff -DNODEFAULT
 	-DFILE_OFFSET_BITS=64 -D_REENTRANT -D__USE_SSE_INTRIN__ -D_LZMA_PROB32 \
 	-I./lzp @LIBBSCCPPFLAGS@ -I./crypto/skein -I./utils -I./crypto/sha2 \
 	-I./crypto/scrypt -I./crypto/aes -I./crypto @KEYLEN@ \
-	-I./crypto/keccak -I./transpose $(EXTRA_CPPFLAGS) -pedantic -Wall -Werror -std=gnu99 \
+	-I./crypto/keccak -I./transpose $(EXTRA_CPPFLAGS) -pedantic -Wall -std=gnu99 \
 	-fno-strict-aliasing -Wno-unused-but-set-variable -Wno-enum-compare
 COMMON_VEC_FLAGS = -ftree-vectorize
 COMMON_LOOP_OPTFLAGS = $(VEC_FLAGS) -floop-interchange -floop-block
-LDLIBS = -ldl -L@LIBBZ2_DIR@ -lbz2 -L@LIBZ_DIR@ -lz -lm @LIBBSCLFLAGS@ \
-	-L@OPENSSL_LIBDIR@ -lcrypto -lrt $(EXTRA_LDFLAGS)
+LDLIBS = -ldl -L./buildtmp -Wl,-R@LIBBZ2_DIR@ -lbz2 -L./buildtmp -Wl,-R@LIBZ_DIR@ -lz -lm @LIBBSCLFLAGS@ \
+	-L./buildtmp -Wl,-R@OPENSSL_LIBDIR@ -lcrypto -lrt $(EXTRA_LDFLAGS)
 OBJS = $(MAINOBJS) $(LZMAOBJS) $(PPMDOBJS) $(LZFXOBJS) $(LZ4OBJS) $(CRCOBJS) \
 $(RABINOBJS) $(BSDIFFOBJS) $(LZPOBJS) $(DELTA2OBJS) @LIBBSCWRAPOBJ@ $(SKEINOBJS) \
 $(SKEIN_BLOCK_OBJ) @SHA256ASM_OBJS@ @SHA256_OBJS@ $(KECCAK_OBJS) $(KECCAK_OBJS_ASM) \
@@ -270,6 +270,7 @@ clean:
 	$(RM) $(PROG) $(OBJS) $(BAKFILES)
 	$(RM) test.log
 	$(RM_RF) test/datafiles
+	$(RM_RF) buildtmp
 
 distclean: clean
 	$(RM) Makefile
diff --git a/config b/config
index 38dd022..94a3322 100755
--- a/config
+++ b/config
@@ -54,6 +54,9 @@ m64_flag=
 zlib_prefix=
 bzlib_prefix=
 
+rm -rf ./buildtmp
+mkdir ./buildtmp
+
 # Try a simple compilation
 cat << _EOF > tst.c
 #include <stdio.h>
@@ -236,12 +239,14 @@ do
 	then
 		if [ -f "${lib}/libcrypto.so" -o -h "${lib}/libcrypto.so" ]
 		then
-			openssl_libdir=${lib}
+			openssl_libdir="${lib}"
+			(cd ./buildtmp; ln -s ${openssl_libdir}/libcrypto.so)
 			break
 		else
 			if [ -f "${lib}/libcrypto.a" ]
 			then
-				openssl_libdir=${lib}
+				openssl_libdir="${lib}"
+				(cd ./buildtmp; ln -s ${openssl_libdir}/libcrypto.a)
 				break
 			fi
 		fi
@@ -280,6 +285,65 @@ then
 fi
 
 
+# Check for OpenSSL version
+cat << __EOF > tst.c
+#include <stdlib.h>
+#include <openssl/opensslv.h>
+
+int
+main(void)
+{
+	if (OPENSSL_VERSION_NUMBER < 0x0090805fL)
+		exit (1);
+	return (0);
+}
+__EOF
+
+gcc ${m64_flag} -I${openssl_incdir} -L${openssl_libdir} tst.c -o tst
+if [ $? -ne 0 ]
+then
+	echo "Unable to compile OpenSSL test program please check OpenSSL installation."
+	exit 1
+fi
+./tst
+if [ $? -ne 0 ]
+then
+	echo "OpenSSL version too old. At least version 0.9.8e is required.\n"
+	exit 1
+fi
+
+# Check for HMAC_CTX_copy function
+cat << __EOF > tst.c
+#include <stdlib.h>
+#include <openssl/sha.h>
+#include <openssl/rand.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+
+int
+main(void)
+{
+	unsigned char key[16];
+	HMAC_CTX *ctx = (HMAC_CTX *)malloc(sizeof (HMAC_CTX));
+	HMAC_CTX *ctx1 = (HMAC_CTX *)malloc(sizeof (HMAC_CTX));
+
+	HMAC_CTX_init(ctx);
+	HMAC_Init_ex(ctx, key, 16, EVP_sha256(), NULL);
+	HMAC_CTX_copy(ctx1, ctx);
+
+	return (0);
+}
+__EOF
+
+gcc ${m64_flag} -I${openssl_incdir} -L${openssl_libdir} -O0 -g tst.c -o tst -lcrypto >/dev/null 2>&1
+if [ $? -ne 0 ]
+then
+	openssl_incdir="${openssl_incdir} -D__OSSL_OLD__"
+fi
+
+rm -f tst*
+openssl_libdir="${openssl_libdir},--enable-new-dtags"
+
 # Detect other library packages
 for libspec in "libbz2:${bzlib_prefix}" "libz:${zlib_prefix}"
 do
@@ -306,12 +370,14 @@ do
 		then
 			if [ -f "${lib}/${libname}.so" -o -h "${lib}/${libname}.so" ]
 			then
-				eval "${libname}_libdir=${lib}"
+				eval "${libname}_libdir=${lib},--enable-new-dtags"
+				(cd ./buildtmp; ln -s ${lib}/${libname}.so)
 				break
 			else
 				if [ -f "${lib}/${libname}.a" ]
 				then
-					eval "${libname}_libdir=${lib}"
+					eval "${libname}_libdir=${lib},--enable-new-dtags"
+					(cd ./buildtmp; ln -s ${lib}/${libname}.a)
 					break
 				fi
 			fi
diff --git a/crypto/aes/crypto_aes.h b/crypto/aes/crypto_aes.h
index 4011341..489a858 100644
--- a/crypto/aes/crypto_aes.h
+++ b/crypto/aes/crypto_aes.h
@@ -38,7 +38,7 @@ extern "C" {
 #ifndef KEYLEN
 #define	KEYLEN 16
 #endif
-#define	PBE_ROUNDS 100
+#define	PBE_ROUNDS 1000
 
 typedef struct {
 	uint64_t nonce;
diff --git a/crypto/crypto_utils.c b/crypto/crypto_utils.c
index 60af04c..7dddf97 100644
--- a/crypto/crypto_utils.c
+++ b/crypto/crypto_utils.c
@@ -73,6 +73,79 @@ extern uint64_t lzma_crc64(const uint8_t *buf, uint64_t size, uint64_t crc);
 extern uint64_t lzma_crc64_8bchk(const uint8_t *buf, uint64_t size,
 	uint64_t crc, uint64_t *cnt);
 
+#ifdef __OSSL_OLD__
+int
+HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx)
+{
+	if (!EVP_MD_CTX_copy(&dctx->i_ctx, &sctx->i_ctx))
+		return (0);
+	if (!EVP_MD_CTX_copy(&dctx->o_ctx, &sctx->o_ctx))
+		return (0);
+	if (!EVP_MD_CTX_copy(&dctx->md_ctx, &sctx->md_ctx))
+		return (0);
+
+	memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK);
+	dctx->key_length = sctx->key_length;
+	dctx->md = sctx->md;
+	return (1);
+}
+
+int
+PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
+	const unsigned char *salt, int saltlen, int iter,
+	const EVP_MD *digest,
+	int keylen, unsigned char *out)
+{
+	unsigned char digtmp[EVP_MAX_MD_SIZE], *p, itmp[4];
+	int cplen, j, k, tkeylen, mdlen;
+	unsigned long i = 1;
+	HMAC_CTX hctx;
+
+	mdlen = EVP_MD_size(digest);
+	if (mdlen < 0)
+		return 0;
+
+	HMAC_CTX_init(&hctx);
+	p = out;
+	tkeylen = keylen;
+	if(!pass)
+		passlen = 0;
+	else if(passlen == -1)
+		passlen = strlen(pass);
+	while(tkeylen)
+	{
+		if(tkeylen > mdlen)
+			cplen = mdlen;
+		else
+			cplen = tkeylen;
+		/* We are unlikely to ever use more than 256 blocks (5120 bits!)
+		 * but just in case...
+		 */
+		itmp[0] = (unsigned char)((i >> 24) & 0xff);
+		itmp[1] = (unsigned char)((i >> 16) & 0xff);
+		itmp[2] = (unsigned char)((i >> 8) & 0xff);
+		itmp[3] = (unsigned char)(i & 0xff);
+		HMAC_Init_ex(&hctx, pass, passlen, digest, NULL);
+		HMAC_Update(&hctx, salt, saltlen);
+		HMAC_Update(&hctx, itmp, 4);
+		HMAC_Final(&hctx, digtmp, NULL);
+		memcpy(p, digtmp, cplen);
+		for(j = 1; j < iter; j++)
+		{
+			HMAC(digest, pass, passlen,
+			     digtmp, mdlen, digtmp, NULL);
+			for(k = 0; k < cplen; k++)
+				p[k] ^= digtmp[k];
+		}
+		tkeylen-= cplen;
+		i++;
+		p+= cplen;
+	}
+	HMAC_CTX_cleanup(&hctx);
+	return (1);
+}
+#endif
+
 int
 compute_checksum(uchar_t *cksum_buf, int cksum, uchar_t *buf, uint64_t bytes)
 {
@@ -360,14 +433,22 @@ hmac_update(mac_ctx_t *mctx, uchar_t *data, uint64_t len)
 
 	} else if (cksum == CKSUM_SHA256 || cksum == CKSUM_CRC64) {
 		if (cksum_provider == PROVIDER_OPENSSL) {
+#ifndef __OSSL_OLD__
 			if (HMAC_Update((HMAC_CTX *)(mctx->mac_ctx), data, len) == 0)
 				return (-1);
+#else
+			HMAC_Update((HMAC_CTX *)(mctx->mac_ctx), data, len);
+#endif
 		} else {
 			opt_HMAC_SHA256_Update((HMAC_SHA256_Context *)(mctx->mac_ctx), data, len);
 		}
 	} else if (cksum == CKSUM_SHA512) {
+#ifndef __OSSL_OLD__
 		if (HMAC_Update((HMAC_CTX *)(mctx->mac_ctx), data, len) == 0)
 			return (-1);
+#else
+		HMAC_Update((HMAC_CTX *)(mctx->mac_ctx), data, len);
+#endif
 
 	} else if (cksum == CKSUM_KECCAK256 || cksum == CKSUM_KECCAK512) {
 		// Keccak takes data length in bits so we have to scale
diff --git a/main.c b/main.c
index 0d5573b..994e1c9 100644
--- a/main.c
+++ b/main.c
@@ -620,7 +620,7 @@ start_decompress(const char *filename, const char *to_filename)
 	struct wdata w;
 	int compfd = -1, i, p;
 	int uncompfd = -1, err, np, bail;
-	int nprocs, thread = 0, level;
+	int nprocs = 1, thread = 0, level;
 	short version, flags;
 	int64_t chunksize, compressed_chunksize;
 	struct cmp_data **dary, *tdat;