diff --git a/src/ltc/ciphers/aes/aes.c b/src/ltc/ciphers/aes/aes.c
index 8ba1bfc..0352d20 100644
--- a/src/ltc/ciphers/aes/aes.c
+++ b/src/ltc/ciphers/aes/aes.c
@@ -295,6 +295,10 @@
     LTC_ARGCHK(skey != NULL);
 
     Nr = skey->rijndael.Nr;
+
+    if (Nr < 2 || Nr > 16)
+        return CRYPT_INVALID_ROUNDS;
+
     rk = skey->rijndael.eK;
 
     /*
@@ -475,6 +479,10 @@
     LTC_ARGCHK(skey != NULL);
 
     Nr = skey->rijndael.Nr;
+
+    if (Nr < 2 || Nr > 16)
+        return CRYPT_INVALID_ROUNDS;
+
     rk = skey->rijndael.dK;
 
     /*
diff --git a/src/ltc/hashes/chc/chc.c b/src/ltc/hashes/chc/chc.c
index 0a526d6..50cc85f 100644
--- a/src/ltc/hashes/chc/chc.c
+++ b/src/ltc/hashes/chc/chc.c
@@ -270,7 +270,7 @@
    16
 }
 };
-   int i, oldhashidx, idx;
+   int i, oldhashidx, idx, err;
    unsigned char tmp[MAXBLOCKSIZE];
    hash_state md;
 
@@ -284,9 +284,15 @@
    chc_register(idx);
 
    for (i = 0; i < (int)(sizeof(tests)/sizeof(tests[0])); i++) {
-       chc_init(&md);
-       chc_process(&md, tests[i].msg, strlen((char *)tests[i].msg));
-       chc_done(&md, tmp);
+       if ((err = chc_init(&md)) != CRYPT_OK) {
+          return err;
+       }
+       if ((err = chc_process(&md, tests[i].msg, strlen((char *)tests[i].msg))) != CRYPT_OK) {
+          return err;
+       }
+       if ((err = chc_done(&md, tmp)) != CRYPT_OK) {
+          return err;
+       }
        if (compare_testvector(tmp, tests[i].len, tests[i].hash, tests[i].len, "CHC", i)) {
           return CRYPT_FAIL_TESTVECTOR;
        }
diff --git a/src/ltc/headers/tomcrypt_cfg.h b/src/ltc/headers/tomcrypt_cfg.h
index 363b631..9c4e00f 100644
--- a/src/ltc/headers/tomcrypt_cfg.h
+++ b/src/ltc/headers/tomcrypt_cfg.h
@@ -243,8 +243,9 @@
    #undef ENDIAN_32BITWORD
    #undef ENDIAN_64BITWORD
    #undef LTC_FAST
+   #define LTC_NO_BSWAP
    #define LTC_NO_ROLC
-   #define LTC_NO_BSWAP
+   #define LTC_NO_ROTATE
 #endif
 
 /* No LTC_FAST if: explicitly disabled OR non-gcc/non-clang compiler OR old gcc OR using -ansi -std=c99 */
@@ -289,6 +290,10 @@
    #define LTC_HAVE_BSWAP_BUILTIN
 #endif
 
+#if !defined(LTC_NO_ROTATE) && (__has_builtin(__builtin_rotateleft32) && __has_builtin(__builtin_rotateright32))
+   #define LTC_HAVE_ROTATE_BUILTIN
+#endif
+
 #if defined(__GNUC__) && (__GNUC__ * 100 + __GNUC_MINOR__ >= 301)
    #define LTC_DEPRECATED __attribute__((deprecated))
 #elif defined(_MSC_VER) && _MSC_VER >= 1500
diff --git a/src/ltc/headers/tomcrypt_macros.h b/src/ltc/headers/tomcrypt_macros.h
index 2e4eb00..862a69a 100644
--- a/src/ltc/headers/tomcrypt_macros.h
+++ b/src/ltc/headers/tomcrypt_macros.h
@@ -241,15 +241,23 @@
 
 /* 32-bit Rotates */
 #if defined(_MSC_VER)
-#define LTC_ROx_ASM
+#define LTC_ROx_BUILTIN
 
 /* instrinsic rotate */
 #include <stdlib.h>
-#pragma intrinsic(_lrotr,_lrotl)
-#define ROR(x,n) _lrotr(x,n)
-#define ROL(x,n) _lrotl(x,n)
-#define RORc(x,n) _lrotr(x,n)
-#define ROLc(x,n) _lrotl(x,n)
+#pragma intrinsic(_rotr,_rotl)
+#define ROR(x,n) _rotr(x,n)
+#define ROL(x,n) _rotl(x,n)
+#define RORc(x,n) ROR(x,n)
+#define ROLc(x,n) ROL(x,n)
+
+#elif defined(LTC_HAVE_ROTATE_BUILTIN)
+#define LTC_ROx_BUILTIN
+
+#define ROR(x,n) __builtin_rotateright32(x,n)
+#define ROL(x,n) __builtin_rotateleft32(x,n)
+#define ROLc(x,n) ROL(x,n)
+#define RORc(x,n) ROR(x,n)
 
 #elif !defined(__STRICT_ANSI__) && defined(__GNUC__) && (defined(__i386__) || defined(__x86_64__)) && !defined(INTEL_CC) && !defined(LTC_NO_ASM)
 #define LTC_ROx_ASM
@@ -353,7 +361,24 @@
 
 
 /* 64-bit Rotates */
-#if !defined(__STRICT_ANSI__) && defined(__GNUC__) && defined(__x86_64__) && !defined(_WIN64) && !defined(LTC_NO_ASM)
+#if defined(_MSC_VER)
+
+/* instrinsic rotate */
+#include <stdlib.h>
+#pragma intrinsic(_rotr64,_rotr64)
+#define ROR64(x,n) _rotr64(x,n)
+#define ROL64(x,n) _rotl64(x,n)
+#define ROR64c(x,n) ROR64(x,n)
+#define ROL64c(x,n) ROL64(x,n)
+
+#elif defined(LTC_HAVE_ROTATE_BUILTIN)
+
+#define ROR64(x,n) __builtin_rotateright64(x,n)
+#define ROL64(x,n) __builtin_rotateleft64(x,n)
+#define ROR64c(x,n) ROR64(x,n)
+#define ROL64c(x,n) ROL64(x,n)
+
+#elif !defined(__STRICT_ANSI__) && defined(__GNUC__) && (defined(__i386__) || defined(__x86_64__)) && !defined(INTEL_CC) && !defined(LTC_NO_ASM)
 
 static inline ulong64 ROL64(ulong64 word, int i)
 {
diff --git a/src/ltc/misc/crypt/crypt.c b/src/ltc/misc/crypt/crypt.c
index 6d40f8c..cc464c6 100644
--- a/src/ltc/misc/crypt/crypt.c
+++ b/src/ltc/misc/crypt/crypt.c
@@ -514,7 +514,9 @@
 #if defined(LTC_NO_ASM)
     " LTC_NO_ASM "
 #endif
-#if defined(LTC_ROx_ASM)
+#if defined(LTC_ROx_BUILTIN)
+    " LTC_ROx_BUILTIN "
+#elif defined(LTC_ROx_ASM)
     " LTC_ROx_ASM "
 #if defined(LTC_NO_ROLC)
     " LTC_NO_ROLC "
diff --git a/src/ltc/pk/asn1/der/utf8/der_decode_utf8_string.c b/src/ltc/pk/asn1/der/utf8/der_decode_utf8_string.c
index 94555b9..d3ed82b 100644
--- a/src/ltc/pk/asn1/der/utf8/der_decode_utf8_string.c
+++ b/src/ltc/pk/asn1/der/utf8/der_decode_utf8_string.c
@@ -65,7 +65,7 @@
       /* count number of bytes */
       for (z = 0; (tmp & 0x80) && (z <= 4); z++, tmp = (tmp << 1) & 0xFF);
 
-      if (z > 4 || (x + (z - 1) > inlen)) {
+      if (z == 1 || z > 4 || (x + (z - 1) > inlen)) {
          return CRYPT_INVALID_PACKET;
       }